Welcome to the wolfSSL Forums!

cxenof03 · 2021-05-04 15:33:27

cxenof03
Member
Offline

From: Denmark
Registered: 2021-03-02
Posts: 10

Topic: Where and when does the wc_AesGcmEncrypt_ex key gets initialized ?

Hello everyone,
I am working in the client/server example using TLS 1.3
I want to change the encryption key of the early_data that are sent during the resumption session.
I am running my examples with:

./client -v 4 -r -s -t -0

both client and server.

Therefore, as the documentation says, https://tools.ietf.org/html/rfc8446#section-2.3, "The client uses the PSK to authenticate the server and to encrypt the early data".
I would like to find the exact point where the client uses the PSK to encrypt the early data. I observed that this is done in the function EncryptTLS13 in the tls.c file using the function wc_AesGcmEncrypt_ex, but going there I could observe that the aes->key was already initialized.
So where does the PSK encrypt the early data or how is it used in the aes function?
Additionally, what is the relation of the aadwith the PSK ?

dgarske · 2021-05-05 09:39:50

dgarske
Moderator
Offline

Registered: 2015-10-07
Posts: 430

Re: Where and when does the wc_AesGcmEncrypt_ex key gets initialized ?

Hi cxenof03,

The encryption algorithm is initialized with the call to keys.c:SetKeysSide(). Actually the internal function SetKeys() is making the calls to wc_AesInit() and wc_AesGcmSetKey().

WritePSKBinders sets the keys for early data on the client. DoPreSharedKeys sets the keys on the server.

* The PSK establishes a master secret. See SetupPskKey() and DoPreSharedKeys().
* DeriveEarlySecret() derives the secret for creating the keys. See "Early Secret" in diagram in TLS 1.3 spec, page 93.
* DeriveTls13Keys() calls DeriveEarlySecret() and then derives the key that is placed in the 'Key data' that is used in SetKeysSide. See "client_early_secret_traffic_secret" in TLS 1.3 spec, page 93.
* SetKeysSide takes the 'Key data' and extracts out the key to use.

Thanks,
David Garske, wolfSSL

embhorn · 2021-05-05 13:12:43

embhorn
Moderator
Offline

From: Mobile, AL
Registered: 2013-12-11
Posts: 352

Re: Where and when does the wc_AesGcmEncrypt_ex key gets initialized ?

EDIT: Thanks, David, for answering!

Hello Chris,

I've asked Sean to review this post.

Thanks,
Eric @ wolfSSL Support

Welcome to the wolfSSL Forums!

Where and when does the wc_AesGcmEncrypt_ex key gets initialized ?

Posts: 3

1 Topic by cxenof03 2021-05-04 15:33:27

Topic: Where and when does the wc_AesGcmEncrypt_ex key gets initialized ?

2 Reply by dgarske 2021-05-05 09:39:50

Re: Where and when does the wc_AesGcmEncrypt_ex key gets initialized ?

3 Reply by embhorn 2021-05-05 13:12:43

Re: Where and when does the wc_AesGcmEncrypt_ex key gets initialized ?

Posts: 3