tls13_misc.h File Reference

TLS 1.3 helper functions. More...

Go to the source code of this file.

Macros

#define TLS13_DHE_KE_SUPPORT   ENABLED
 
#define TLS13_ECDHE_KE_SUPPORT   ENABLED
 
#define TLS13_PSK_KE_SUPPORT   DISABLED
 
#define TLS13_PSK_DHE_KE_SUPPORT   ENABLED
 
#define TLS13_PSK_ECDHE_KE_SUPPORT   ENABLED
 
#define TLS13_EARLY_DATA_SUPPORT   DISABLED
 
#define TLS13_MIDDLEBOX_COMPAT_SUPPORT   ENABLED
 
#define TLS13_MAX_COOKIE_SIZE   256
 
#define TLS13_MAX_TICKET_SIZE   1024
 
#define TLS13_MAX_TICKET_LIFETIME   604800
 
#define TLS13_TICKET_AGE_TOLERANCE   5000
 
#define TLS13_NEW_SESSION_TICKET_COUNT   2
 
#define TLS13_MAX_HKDF_DIGEST_SIZE   48
 

Typedefs

struct {
   char_t   type
 
   uint32_t   dataStart
 
   uint32_t   dataLength
 
   uint8_t   nameLength
 
   char_t   name []
 
   uint8_t   tokenLen: 4
 
   uint8_t   type: 2
 
   uint8_t   version: 2
 
   uint8_t   code
 
   uint16_t   mid
 
   uint8_t   token []
 
   union {
      uint8_t   b [6]
 
      uint16_t   w [3]
 
   } 
 
   uint16_t   srcPort
 
   uint16_t   destPort
 
   uint32_t   seqNum
 
   uint32_t   ackNum
 
   uint8_t   reserved1: 4
 
   uint8_t   dataOffset: 4
 
   uint8_t   flags: 6
 
   uint8_t   reserved2: 2
 
   uint16_t   window
 
   uint16_t   checksum
 
   uint16_t   urgentPointer
 
   uint8_t   options []
 
   uint16_t   length
 
   uint8_t   data []
 
   uint8_t   op
 
   uint8_t   htype
 
   uint8_t   hlen
 
   uint8_t   hops
 
   uint32_t   xid
 
   uint16_t   secs
 
   uint16_t   flags
 
   Ipv4Addr   ciaddr
 
   Ipv4Addr   yiaddr
 
   Ipv4Addr   siaddr
 
   Ipv4Addr   giaddr
 
   MacAddr   chaddr
 
   uint8_t   unused [10]
 
   uint8_t   sname [64]
 
   uint8_t   file [128]
 
   uint32_t   magicCookie
 
   uint16_t   type
 
   uint16_t   hardwareType
 
   uint32_t   time
 
   MacAddr   linkLayerAddr
 
   uint16_t   id
 
   uint8_t   rd: 1
 
   uint8_t   tc: 1
 
   uint8_t   aa: 1
 
   uint8_t   opcode: 4
 
   uint8_t   qr: 1
 
   uint8_t   rcode: 4
 
   uint8_t   z: 3
 
   uint8_t   ra: 1
 
   uint16_t   qdcount
 
   uint16_t   ancount
 
   uint16_t   nscount
 
   uint16_t   arcount
 
   uint8_t   questions []
 
   uint16_t   controlWord
 
   uint16_t   byteCount
 
   uint8_t   bLength
 
   uint8_t   bDescriptorType
 
   uint16_t   bcdUsb
 
   uint8_t   bDeviceClass
 
   uint8_t   bDeviceSubClass
 
   uint8_t   bDeviceProtocol
 
   uint8_t   bMaxPacketSize0
 
   uint16_t   idVendor
 
   uint16_t   idProduct
 
   uint16_t   bcdDevice
 
   uint8_t   iManufacturer
 
   uint8_t   iProduct
 
   uint8_t   iSerialNumber
 
   uint8_t   bNumConfigurations
 
   uint8_t   maxRespTime
 
   Ipv4Addr   groupAddr
 
   uint16_t   hrd
 
   uint16_t   pro
 
   uint8_t   hln
 
   uint8_t   pln
 
   uint16_t   op
 
   MacAddr   sha
 
   Ipv4Addr   spa
 
   MacAddr   tha
 
   Ipv4Addr   tpa
 
   uint8_t   length
 
   uint8_t   value []
 
   uint16_t   first
 
   uint16_t   last
 
   uint16_t   next
 
   union {
      uint8_t   b [16]
 
      uint16_t   w [8]
 
      uint32_t   dw [4]
 
   } 
 
   uint16_t   maxRespDelay
 
   uint16_t   reserved
 
   Ipv6Addr   multicastAddr
 
   uint32_t   reserved
 
   uint16_t   pvid
 
   uint8_t   autoNegSupportStatus
 
   uint16_t   pmdAutoNegAdvCap
 
   uint16_t   operationalMauType
 
   uint16_t   capabilities
 
   uint8_t   deviceType
 
   uint8_t   lengthH: 1
 
   uint8_t   lengthL
 
   uint8_t   t: 1
 
   uint8_t   c: 1
 
   union {
      int32_t   integer
 
      uint8_t   octetString [1]
 
      uint8_t   oid [1]
 
      uint8_t   ipAddr [4]
 
      uint32_t   counter32
 
      uint32_t   gauge32
 
      uint32_t   unsigned32
 
      uint32_t   timeTicks
 
      uint64_t   counter64
 
   } 
 
   uint16_t   transactionId
 
   uint16_t   protocolId
 
   uint8_t   unitId
 
   uint8_t   pdu []
 
   uint8_t   retain: 1
 
   uint8_t   qos: 2
 
   uint8_t   dup: 1
 
   union {
      uint8_t   all
 
      struct {
         uint8_t   topicIdType: 2
 
         uint8_t   cleanSession: 1
 
         uint8_t   will: 1
 
         uint8_t   retain: 1
 
         uint8_t   qos: 2
 
         uint8_t   dup: 1
 
      } 
 
   } 
 
   uint8_t   b: 1
 
   uint8_t   identifier
 
   uint8_t   valueSize
 
   Ipv4Addr   srcIpAddr
 
   Ipv4Addr   destIpAddr
 
   Eui64   interfaceId
 
   uint16_t   mru
 
   uint8_t   peerIdLength
 
   uint8_t   peerId []
 
   uint32_t   seconds
 
   uint32_t   fraction
 
   uint16_t   opcode
 
   char_t   filename []
 
   uint8_t   reserved: 3
 
   uint8_t   fin: 1
 
   uint8_t   payloadLen: 7
 
   uint8_t   mask: 1
 
   uint8_t   extPayloadLen []
 
   uint32_t   length
 
   uint8_t   payload []
 
   uint32_t   packetLen
 
   uint8_t   paddingLen
 
   uint8_t   protocolVersionId
 
   uint8_t   bpduType
 
   StpBridgeId   rootId
 
   uint32_t   rootPathCost
 
   StpBridgeId   bridgeId
 
   uint16_t   portId
 
   uint16_t   messageAge
 
   uint16_t   maxAge
 
   uint16_t   helloTime
 
   uint16_t   forwardDelay
 
   uint8_t   version1Length
 
   uint16_t   priority
 
   MacAddr   addr
 
Tls13Cookie
 Cookie. More...
 
struct {
   char_t   type
 
   uint32_t   dataStart
 
   uint32_t   dataLength
 
   uint8_t   nameLength
 
   uint8_t   length: 4
 
   uint8_t   delta: 4
 
   union {
      uint8_t   b [8]
 
      uint16_t   w [4]
 
      uint32_t   dw [2]
 
   } 
 
   uint8_t   kind
 
   uint8_t   value []
 
   uint8_t   code
 
   uint16_t   type
 
   uint32_t   enterpriseNumber
 
   uint8_t   identifier []
 
   uint16_t   qtype
 
   uint16_t   qclass
 
   uint16_t   statusWord
 
   uint16_t   byteCount
 
   uint8_t   bLength
 
   uint8_t   bDescriptorType
 
   uint16_t   wTotalLength
 
   uint8_t   bNumInterfaces
 
   uint8_t   bConfigurationValue
 
   uint8_t   iConfiguration
 
   uint8_t   bmAttributes
 
   uint8_t   bMaxPower
 
   uint8_t   type
 
   uint16_t   checksum
 
   uint8_t   parameter
 
   uint8_t   unused [3]
 
   uint8_t   data []
 
   uint32_t   parameter
 
   uint8_t   nextHeader
 
   uint8_t   hdrExtLen
 
   uint8_t   options []
 
   uint8_t   curHopLimit
 
   uint8_t   reserved: 2
 
   uint8_t   p: 1
 
   uint8_t   prf: 2
 
   uint8_t   h: 1
 
   uint8_t   o: 1
 
   uint8_t   m: 1
 
   uint16_t   routerLifetime
 
   uint32_t   reachableTime
 
   uint32_t   retransTimer
 
   uint8_t   flags
 
   uint16_t   ppvid
 
   uint8_t   mdiPowerSupport
 
   uint8_t   psePowerPair
 
   uint8_t   powerClass
 
   uint8_t   appType
 
   uint8_t   vlanIdH: 5
 
   uint8_t   x: 1
 
   uint8_t   t: 1
 
   uint8_t   u: 1
 
   uint8_t   l2PriorityH: 1
 
   uint8_t   vlanIdL: 7
 
   uint8_t   dscpValue: 6
 
   uint8_t   l2PriorityL: 2
 
   uint8_t   chassisIdSubtype
 
   uint8_t   chassisId []
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfCoils
 
   uint16_t   length
 
   uint8_t   msgType
 
   uint16_t   flags
 
   Ipv4Addr   addr
 
   uint8_t   valueSize
 
   uint16_t   protocol
 
   uint32_t   accm
 
   uint8_t   msgLength
 
   uint8_t   message []
 
   uint8_t   mode: 3
 
   uint8_t   vn: 3
 
   uint8_t   li: 2
 
   uint8_t   stratum
 
   uint8_t   poll
 
   int8_t   precision
 
   uint32_t   rootDelay
 
   uint32_t   rootDispersion
 
   uint32_t   referenceId
 
   NtpTimestamp   referenceTimestamp
 
   NtpTimestamp   originateTimestamp
 
   NtpTimestamp   receiveTimestamp
 
   NtpTimestamp   transmitTimestamp
 
   uint16_t   opcode
 
   char_t   filename []
 
   uint16_t   value []
 
   uint16_t   group
 
   uint8_t   keyExchange []
 
   uint32_t   id
 
   uint32_t   dataLen
 
Tls13KeyShareEntry
 Key share entry. More...
 
struct {
   uint32_t   totalSize
 
   ResRootEntry   rootEntry
 
   MacAddr   destAddr
 
   MacAddr   srcAddr
 
   uint16_t   type
 
   uint8_t   data []
 
   uint16_t   hardwareType
 
   MacAddr   linkLayerAddr
 
   uint16_t   rtype
 
   uint16_t   rclass
 
   uint32_t   ttl
 
   uint16_t   rdlength
 
   uint8_t   rdata []
 
   uint8_t   bLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bInterfaceNumber
 
   uint8_t   bAlternateSetting
 
   uint8_t   bNumEndpoints
 
   uint8_t   bInterfaceClass
 
   uint8_t   bInterfaceSubClass
 
   uint8_t   bInterfaceProtocol
 
   uint8_t   iInterface
 
   uint8_t   type
 
   uint8_t   code
 
   uint16_t   checksum
 
   uint32_t   unused
 
   uint8_t   nextHeader
 
   uint8_t   hdrExtLen
 
   uint8_t   options []
 
   uint32_t   reserved
 
   Ipv6Addr   targetAddr
 
   uint16_t   vlanId
 
   uint8_t   vlanNameLen
 
   char_t   vlanName []
 
   uint8_t   aggregationStatus
 
   uint32_t   aggregatedPortId
 
   uint8_t   locationDataFormat
 
   uint8_t   locationId []
 
   uint8_t   portIdSubtype
 
   uint8_t   portId []
 
   uint8_t   functionCode
 
   uint8_t   byteCount
 
   uint8_t   coilStatus []
 
   uint8_t   prefix
 
   uint16_t   length
 
   uint8_t   msgType
 
   uint8_t   identifier
 
   uint8_t   message []
 
   uint8_t   length
 
   Ipv4Addr   ipAddr
 
   uint16_t   protocol
 
   uint8_t   msgLength
 
   uint8_t   rejectedPacket []
 
   uint32_t   keyId
 
   uint8_t   messageDigest [16]
 
   uint16_t   opcode
 
   uint16_t   block
 
   uint16_t   value []
 
   uint8_t   value []
 
Tls13KeyShareList
 List of key shares. More...
 
struct {
   uint8_t   dsap
 
   uint8_t   ssap
 
   uint8_t   control
 
   uint8_t   msgType
 
   uint8_t   transactionId [3]
 
   uint8_t   options []
 
   uint16_t   rtype
 
   uint16_t   rclass
 
   uint32_t   ttl
 
   uint16_t   rdlength
 
   uint8_t   rdata [4]
 
   uint8_t   bLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bEndpointAddress
 
   uint8_t   bmAttributes
 
   uint16_t   wMaxPacketSize
 
   uint8_t   bInterval
 
   uint8_t   type
 
   uint8_t   code
 
   uint16_t   checksum
 
   uint32_t   unused
 
   uint8_t   data []
 
   uint32_t   mtu
 
   uint8_t   nextHeader
 
   uint8_t   hdrExtLen
 
   uint8_t   routingType
 
   uint8_t   segmentsLeft
 
   uint32_t   reserved
 
   Ipv6Addr   address []
 
   uint8_t   reserved1: 5
 
   uint8_t   o: 1
 
   uint8_t   s: 1
 
   uint8_t   r: 1
 
   uint8_t   reserved2 [3]
 
   Ipv6Addr   targetAddr
 
   uint8_t   protocolIdLen
 
   uint8_t   protocolId []
 
   uint16_t   maxFrameSize
 
   uint8_t   powerPriority: 4
 
   uint8_t   powerSource: 2
 
   uint8_t   powerType: 2
 
   uint16_t   powerValue
 
   uint16_t   ttl
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfInputs
 
   uint8_t   gwId
 
   uint16_t   duration
 
   uint8_t   identifier
 
   uint16_t   length
 
   uint8_t   message []
 
   uint8_t   length
 
   Ipv4Addr   ipAddr
 
   uint16_t   protocol
 
   uint16_t   rejectedProtocol
 
   uint8_t   rejectedInfo []
 
   uint16_t   opcode
 
   uint16_t   block
 
   uint16_t   version
 
   uint16_t   epoch
 
   DtlsSequenceNumber   seqNum
 
   uint8_t   hash
 
   uint8_t   signature
 
   uint8_t   value []
 
Tls13PskKeModeList
 List of PSK key exchange modes. More...
 
struct {
   uint16_t   tci
 
   uint16_t   type
 
   uint8_t   msgType
 
   uint8_t   hopCount
 
   Ipv6Addr   linkAddress
 
   Ipv6Addr   peerAddress
 
   uint8_t   options []
 
   uint16_t   rtype
 
   uint16_t   rclass
 
   uint32_t   ttl
 
   uint16_t   rdlength
 
   uint8_t   rdata [16]
 
   uint8_t   bLength
 
   uint8_t   bDescriptorType
 
   uint16_t   bString []
 
   uint8_t   type
 
   uint8_t   code
 
   uint16_t   checksum
 
   uint8_t   pointer
 
   uint8_t   unused [3]
 
   uint8_t   data []
 
   uint32_t   unused
 
   uint8_t   nextHeader
 
   uint8_t   payloadLen
 
   uint16_t   reserved
 
   uint32_t   securityParamIndex
 
   uint32_t   sequenceNumber
 
   uint8_t   authData []
 
   uint32_t   reserved
 
   Ipv6Addr   targetAddr
 
   Ipv6Addr   destAddr
 
   uint8_t   measurements [20]
 
   uint16_t   psePowerPriceIndex
 
   uint16_t   supportedCap
 
   uint16_t   enabledCap
 
   uint8_t   functionCode
 
   uint8_t   byteCount
 
   uint8_t   inputStatus []
 
   uint8_t   radius
 
   uint8_t   length
 
   Ipv4Addr   ipAddr
 
   uint32_t   magicNumber
 
   uint8_t   identifier
 
   uint16_t   length
 
   uint16_t   opcode
 
   uint16_t   errorCode
 
   char_t   errorMsg []
 
   uint16_t   msgSeq
 
   uint8_t   fragOffset [3]
 
   uint8_t   fragLength [3]
 
   TlsSignHashAlgo   value []
 
   uint8_t   value []
 
Tls13PskIdentity
 PSK identity. More...
 
struct {
   uint16_t   code
 
   uint16_t   length
 
   uint8_t   value []
 
   uint16_t   rtype
 
   uint16_t   rclass
 
   uint32_t   ttl
 
   uint16_t   rdlength
 
   uint16_t   priority
 
   uint16_t   weight
 
   uint16_t   port
 
   uint8_t   target []
 
   uint8_t   bFunctionLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bDescriptorSubtype
 
   uint16_t   bcdCdc
 
   uint8_t   type
 
   uint8_t   code
 
   uint16_t   checksum
 
   uint16_t   identifier
 
   uint16_t   sequenceNumber
 
   uint8_t   data []
 
   uint32_t   pointer
 
   uint32_t   securityParamIndex
 
   uint32_t   sequenceNumber
 
   uint8_t   payloadData []
 
   uint8_t   length
 
   uint8_t   powerPriority: 2
 
   uint8_t   pd4pid: 1
 
   uint8_t   reserved: 1
 
   uint8_t   powerSource: 2
 
   uint8_t   powerType: 2
 
   uint16_t   pdRequestedPower
 
   uint16_t   pseAllocatedPower
 
   uint8_t   mgmtAddrLen
 
   uint8_t   mgmtAddrSubtype
 
   uint8_t   mgmtAddr []
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfRegs
 
   uint8_t   gwId
 
   uint8_t   gwAdd []
 
   Ipv4Addr   ipAddr
 
   uint8_t   identifier
 
   uint32_t   magicNumber
 
   uint16_t   serverVersion
 
   uint8_t   cookieLength
 
   uint8_t   cookie []
 
Tls13PskIdentityList
 List of PSK identities. More...
 
struct {
   uint32_t   iaId
 
   uint32_t   t1
 
   uint32_t   t2
 
   uint8_t   options []
 
   uint8_t   bFunctionLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bDescriptorSubtype
 
   uint8_t   bmCapabilities
 
   uint8_t   bDataInterface
 
   uint8_t   type
 
   uint8_t   code
 
   uint16_t   checksum
 
   uint16_t   identifier
 
   uint16_t   sequenceNumber
 
   uint8_t   data []
 
   uint8_t   length
 
   MacAddr   linkLayerAddr
 
   uint16_t   pdRequestedPowerA
 
   uint16_t   pdRequestedPowerB
 
   uint16_t   pseAllocatedPowerA
 
   uint16_t   pseAllocatedPowerB
 
   uint16_t   powerStatus
 
   uint8_t   systemSetup
 
   uint16_t   pseMaxAvailablePower
 
   uint8_t   autoclass
 
   uint8_t   powerDown [3]
 
   uint8_t   ifNumSubtype
 
   uint32_t   ifNum
 
   uint8_t   oidLen
 
   uint8_t   oid []
 
   uint8_t   functionCode
 
   uint8_t   byteCount
 
   uint16_t   regValue []
 
   MqttSnFlags   flags
 
   uint8_t   protocolId
 
   uint16_t   duration
 
   char_t   clientId []
 
   Ipv4Addr   ipAddr
 
   uint16_t   length
 
   uint8_t   value []
 
Tls13PskBinder
 PSK binder. More...
 
struct {
   uint32_t   iaId
 
   uint8_t   options []
 
   uint8_t   bFunctionLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bDescriptorSubtype
 
   uint8_t   bmCapabilities
 
   uint8_t   type
 
   uint8_t   length
 
   uint8_t   prefixLength
 
   uint8_t   reserved1: 5
 
   uint8_t   r: 1
 
   uint8_t   a: 1
 
   uint8_t   l: 1
 
   uint32_t   validLifetime
 
   uint32_t   preferredLifetime
 
   uint32_t   reserved2
 
   Ipv6Addr   prefix
 
   uint8_t   oui [LLDP_OUI_SIZE]
 
   uint8_t   subtype
 
   uint8_t   value []
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfRegs
 
   uint8_t   returnCode
 
   uint16_t   type
 
   uint16_t   length
 
Tls13PskBinderList
 List of PSK binders. More...
 
struct {
   Ipv6Addr   address
 
   uint32_t   preferredLifetime
 
   uint32_t   validLifetime
 
   uint8_t   options []
 
   uint8_t   bFunctionLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bDescriptorSubtype
 
   uint8_t   bMasterInterface
 
   uint8_t   bSlaveInterface0
 
   uint8_t   type
 
   uint8_t   length
 
   uint16_t   reserved1
 
   uint32_t   reserved2
 
   uint8_t   ipPacket []
 
   uint8_t   functionCode
 
   uint8_t   byteCount
 
   uint16_t   regValue []
 
   MqttSnFlags   flags
 
   char_t   willTopic []
 
   uint16_t   length
 
   uint8_t   value []
 
Tls13CertRequestContext
 Certificate request context. More...
 
struct {
   uint16_t   requestedOption [1]
 
   UsbConfigDescriptor   configDescriptor
 
   UsbInterfaceDescriptor   communicationInterfaceDescriptor
 
   CdcHeaderDescriptor   cdcHeaderDescriptor
 
   CdcCallManagementDescriptor   cdcCallManagementDescriptor
 
   CdcAcmDescriptor   cdcAcmDescriptor
 
   CdcUnionDescriptor   cdcUnionDescriptor
 
   UsbEndpointDescriptor   notificationEndpointDescriptor
 
   UsbInterfaceDescriptor   dataInterfaceDescriptor
 
   UsbEndpointDescriptor   dataOutEndpointDescriptor
 
   UsbEndpointDescriptor   dataInEndpointDescriptor
 
   uint8_t   type
 
   uint8_t   length
 
   uint16_t   reserved
 
   uint32_t   mtu
 
   uint8_t   functionCode
 
   uint16_t   outputAddr
 
   uint16_t   outputValue
 
   uint16_t   topicId
 
   uint16_t   msgId
 
   char_t   topicName []
 
   uint16_t   value []
 
   uint16_t   algorithm
 
   uint16_t   length
 
   uint8_t   value []
 
Tls13DigitalSignature
 Digitally-signed element (TLS 1.3) More...
 
struct {
   uint8_t   value
 
   uint8_t   type
 
   uint8_t   length
 
   uint8_t   prefixLength
 
   uint8_t   reserved2: 3
 
   uint8_t   prf: 2
 
   uint8_t   reserved1: 3
 
   uint32_t   routeLifetime
 
   Ipv6Addr   prefix
 
   uint8_t   functionCode
 
   uint16_t   outputAddr
 
   uint16_t   outputValue
 
   uint16_t   topicId
 
   uint16_t   msgId
 
   uint8_t   returnCode
 
   uint16_t   length
 
   char_t   hostname []
 
   uint16_t   serverVersion
 
   uint8_t   random [32]
 
   uint8_t   sessionIdLen
 
   uint8_t   sessionId []
 
Tls13HelloRetryRequest
 HelloRetryRequest message. More...
 
typedef void * Tls13EndOfEarlyData
 EndOfEarlyData message. More...
 
struct {
   uint16_t   value
 
   uint8_t   type
 
   uint8_t   length
 
   uint16_t   reserved
 
   uint32_t   lifetime
 
   Ipv6Addr   address []
 
   uint8_t   functionCode
 
   uint16_t   regAddr
 
   uint16_t   regValue
 
   MqttSnFlags   flags
 
   uint16_t   topicId
 
   uint16_t   msgId
 
   uint8_t   data []
 
   uint16_t   length
 
   uint8_t   value []
 
   uint16_t   extensionsLen
 
   uint8_t   extensions []
 
Tls13EncryptedExtensions
 EncryptedExtensions message. More...
 
struct {
   uint8_t   protocol
 
   uint8_t   algorithm
 
   uint8_t   rdm
 
   uint8_t   replayDetection [8]
 
   uint8_t   authInfo []
 
   uint8_t   type
 
   uint8_t   length
 
   uint16_t   reserved
 
   uint32_t   lifetime
 
   uint8_t   domainNames []
 
   uint8_t   functionCode
 
   uint16_t   regAddr
 
   uint16_t   regValue
 
   uint16_t   topicId
 
   uint16_t   msgId
 
   uint8_t   returnCode
 
   char_t   value []
 
   uint32_t   ticketLifetime
 
   uint32_t   ticketAgeAdd
 
   uint8_t   ticketNonceLen
 
   uint8_t   ticketNonce []
 
Tls13NewSessionTicket
 NewSessionTicket message (TLS 1.3) More...
 
struct {
   Ipv6Addr   serverAddr
 
   uint8_t   type
 
   uint8_t   length
 
   uint8_t   contextLength
 
   uint8_t   cid: 4
 
   uint8_t   c: 1
 
   uint8_t   reserved1: 3
 
   uint16_t   reserved2
 
   uint16_t   validLifetime
 
   Ipv6Addr   contextPrefix
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfOutputs
 
   uint8_t   byteCount
 
   uint8_t   outputValue []
 
   uint16_t   msgId
 
   uint16_t   length
 
   uint8_t   value []
 
   uint8_t   requestUpdate
 
Tls13KeyUpdate
 KeyUpdate message. More...
 
struct {
   uint16_t   statusCode
 
   char_t   statusMessage []
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfOutputs
 
   uint16_t   msgId
 
   uint16_t   length
 
   uint16_t   value []
 
   uint8_t   data []
 
Tls13Ticket
 Session ticket. More...
 
struct {
   uint8_t   msgType
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfRegs
 
   uint8_t   byteCount
 
   uint16_t   regValue []
 
   uint16_t   msgId
 
   uint8_t   length
 
   uint8_t   value []
 
   uint16_t   version
 Protocol version. More...
 
   uint16_t   cipherSuite
 Cipher suite identifier. More...
 
   systime_t   ticketTimestamp
 Timestamp to manage ticket lifetime. More...
 
   uint32_t   ticketLifetime
 Lifetime of the ticket. More...
 
   uint32_t   ticketAgeAdd
 Random value used to obscure the age of the ticket. More...
 
   uint8_t   ticketNonce [4]
 A per-ticket value that is unique across all tickets issued. More...
 
   size_t   ticketPskLen
 Length of the PSK associated with the ticket. More...
 
   uint8_t   ticketPsk [TLS13_MAX_HKDF_DIGEST_SIZE]
 PSK associated with the ticket. More...
 
Tls13PlaintextSessionState
 Session state information. More...
 

Enumerations

enum  Tls13SignatureScheme {
  TLS_SIGN_SCHEME_NONE = 0x0000, TLS_SIGN_SCHEME_RSA_PKCS1_SHA1 = 0x0201, TLS_SIGN_SCHEME_RSA_PKCS1_SHA256 = 0x0401, TLS_SIGN_SCHEME_RSA_PKCS1_SHA384 = 0x0501,
  TLS_SIGN_SCHEME_RSA_PKCS1_SHA512 = 0x0601, TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256 = 0x0804, TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384 = 0x0805, TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512 = 0x0806,
  TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256 = 0x0809, TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384 = 0x080A, TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512 = 0x080B, TLS_SIGN_SCHEME_ECDSA_SHA1 = 0x0203,
  TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256 = 0x0403, TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384 = 0x0503, TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512 = 0x0603, TLS_SIGN_SCHEME_SM2_SM3 = 0x0708,
  TLS_SIGN_SCHEME_ECDSA_BRAINPOOLP256R1_TLS13_SHA256 = 0x081A, TLS_SIGN_SCHEME_ECDSA_BRAINPOOLP384R1_TLS13_SHA384 = 0x081B, TLS_SIGN_SCHEME_ECDSA_BRAINPOOLP512R1_TLS13_SHA512 = 0x081C, TLS_SIGN_SCHEME_ED25519 = 0x0807,
  TLS_SIGN_SCHEME_ED448 = 0x0808
}
 Signature schemes (TLS 1.3) More...
 
enum  Tls13PskKeyExchMode { TLS_PSK_KEY_EXCH_MODE_PSK_KE = 0, TLS_PSK_KEY_EXCH_MODE_PSK_DHE_KE = 1 }
 PSK key exchange modes. More...
 
enum  Tls13KeyUpdateRequest { TLS_KEY_UPDATE_NOT_REQUESTED = 0, TLS_KEY_UPDATE_REQUESTED = 1 }
 Key update requests. More...
 

Functions

error_t tls13ComputePskBinder (TlsContext *context, const void *clientHello, size_t clientHelloLen, size_t truncatedClientHelloLen, const Tls13PskIdentity *identity, uint8_t *binder, size_t binderLen)
 Compute PSK binder value. More...
 
error_t tls13GenerateKeyShare (TlsContext *context, uint16_t namedGroup)
 Key share generation. More...
 
error_t tls13GenerateSharedSecret (TlsContext *context, const uint8_t *keyShare, size_t length)
 (EC)DHE shared secret generation More...
 
error_t tls13ComputeMac (TlsContext *context, TlsEncryptionEngine *encryptionEngine, void *record, const uint8_t *data, size_t dataLen, uint8_t *mac)
 Compute message authentication code. More...
 
error_t tls13DigestClientHello1 (TlsContext *context)
 Hash ClientHello1 in the transcript when HelloRetryRequest is used. More...
 
bool_t tls13IsPskValid (TlsContext *context)
 Check whether an externally established PSK is valid. More...
 
bool_t tls13IsGroupSupported (TlsContext *context, uint16_t namedGroup)
 Check whether a given named group is supported. More...
 
bool_t tls13IsEcdheGroupSupported (TlsContext *context, uint16_t namedGroup)
 Check whether a given ECDHE group is supported. More...
 
bool_t tls13IsFfdheGroupSupported (TlsContext *context, uint16_t namedGroup)
 Check whether a given FFDHE group is supported. More...
 
error_t tls13CheckDuplicateKeyShare (uint16_t namedGroup, const uint8_t *p, size_t length)
 Check whether the specified key share group is a duplicate. More...
 
error_t tls13FormatCertExtensions (uint8_t *p, size_t *written)
 Format certificate extensions. More...
 
error_t tls13ParseCertExtensions (const uint8_t *p, size_t length, size_t *consumed)
 Parse certificate extensions. More...
 

Variables

const uint8_t tls11DowngradeRandom [8]
 
const uint8_t tls12DowngradeRandom [8]
 
const uint8_t tls13HelloRetryRequestRandom [32]
 

Detailed Description

TLS 1.3 helper functions.

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2010-2022 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneSSL Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.1.6

Definition in file tls13_misc.h.

Macro Definition Documentation

◆ TLS13_DHE_KE_SUPPORT

#define TLS13_DHE_KE_SUPPORT   ENABLED

Definition at line 36 of file tls13_misc.h.

◆ TLS13_EARLY_DATA_SUPPORT

#define TLS13_EARLY_DATA_SUPPORT   DISABLED

Definition at line 71 of file tls13_misc.h.

◆ TLS13_ECDHE_KE_SUPPORT

#define TLS13_ECDHE_KE_SUPPORT   ENABLED

Definition at line 43 of file tls13_misc.h.

◆ TLS13_MAX_COOKIE_SIZE

#define TLS13_MAX_COOKIE_SIZE   256

Definition at line 85 of file tls13_misc.h.

◆ TLS13_MAX_HKDF_DIGEST_SIZE

#define TLS13_MAX_HKDF_DIGEST_SIZE   48

Definition at line 120 of file tls13_misc.h.

◆ TLS13_MAX_TICKET_LIFETIME

#define TLS13_MAX_TICKET_LIFETIME   604800

Definition at line 99 of file tls13_misc.h.

◆ TLS13_MAX_TICKET_SIZE

#define TLS13_MAX_TICKET_SIZE   1024

Definition at line 92 of file tls13_misc.h.

◆ TLS13_MIDDLEBOX_COMPAT_SUPPORT

#define TLS13_MIDDLEBOX_COMPAT_SUPPORT   ENABLED

Definition at line 78 of file tls13_misc.h.

◆ TLS13_NEW_SESSION_TICKET_COUNT

#define TLS13_NEW_SESSION_TICKET_COUNT   2

Definition at line 113 of file tls13_misc.h.

◆ TLS13_PSK_DHE_KE_SUPPORT

#define TLS13_PSK_DHE_KE_SUPPORT   ENABLED

Definition at line 57 of file tls13_misc.h.

◆ TLS13_PSK_ECDHE_KE_SUPPORT

#define TLS13_PSK_ECDHE_KE_SUPPORT   ENABLED

Definition at line 64 of file tls13_misc.h.

◆ TLS13_PSK_KE_SUPPORT

#define TLS13_PSK_KE_SUPPORT   DISABLED

Definition at line 50 of file tls13_misc.h.

◆ TLS13_TICKET_AGE_TOLERANCE

#define TLS13_TICKET_AGE_TOLERANCE   5000

Definition at line 106 of file tls13_misc.h.

Typedef Documentation

◆ Tls13CertRequestContext

typedef { ... } Tls13CertRequestContext

Certificate request context.

◆ Tls13Cookie

typedef { ... } Tls13Cookie

Cookie.

◆ Tls13DigitalSignature

typedef { ... } Tls13DigitalSignature

Digitally-signed element (TLS 1.3)

◆ Tls13EncryptedExtensions

typedef { ... } Tls13EncryptedExtensions

EncryptedExtensions message.

◆ Tls13EndOfEarlyData

typedef void* Tls13EndOfEarlyData

EndOfEarlyData message.

Definition at line 318 of file tls13_misc.h.

◆ Tls13HelloRetryRequest

typedef { ... } Tls13HelloRetryRequest

HelloRetryRequest message.

◆ Tls13KeyShareEntry

typedef { ... } Tls13KeyShareEntry

Key share entry.

◆ Tls13KeyShareList

typedef { ... } Tls13KeyShareList

List of key shares.

◆ Tls13KeyUpdate

typedef { ... } Tls13KeyUpdate

KeyUpdate message.

◆ Tls13NewSessionTicket

typedef { ... } Tls13NewSessionTicket

NewSessionTicket message (TLS 1.3)

◆ Tls13PlaintextSessionState

typedef { ... } Tls13PlaintextSessionState

Session state information.

◆ Tls13PskBinder

typedef { ... } Tls13PskBinder

PSK binder.

◆ Tls13PskBinderList

typedef { ... } Tls13PskBinderList

List of PSK binders.

◆ Tls13PskIdentity

typedef { ... } Tls13PskIdentity

PSK identity.

◆ Tls13PskIdentityList

typedef { ... } Tls13PskIdentityList

List of PSK identities.

◆ Tls13PskKeModeList

typedef { ... } Tls13PskKeModeList

List of PSK key exchange modes.

◆ Tls13Ticket

typedef { ... } Tls13Ticket

Session ticket.

Enumeration Type Documentation

◆ Tls13KeyUpdateRequest

Key update requests.

Enumerator
TLS_KEY_UPDATE_NOT_REQUESTED 
TLS_KEY_UPDATE_REQUESTED 

Definition at line 176 of file tls13_misc.h.

◆ Tls13PskKeyExchMode

PSK key exchange modes.

Enumerator
TLS_PSK_KEY_EXCH_MODE_PSK_KE 
TLS_PSK_KEY_EXCH_MODE_PSK_DHE_KE 

Definition at line 165 of file tls13_misc.h.

◆ Tls13SignatureScheme

Signature schemes (TLS 1.3)

Enumerator
TLS_SIGN_SCHEME_NONE 
TLS_SIGN_SCHEME_RSA_PKCS1_SHA1 
TLS_SIGN_SCHEME_RSA_PKCS1_SHA256 
TLS_SIGN_SCHEME_RSA_PKCS1_SHA384 
TLS_SIGN_SCHEME_RSA_PKCS1_SHA512 
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256 
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384 
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512 
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256 
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384 
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512 
TLS_SIGN_SCHEME_ECDSA_SHA1 
TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256 
TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384 
TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512 
TLS_SIGN_SCHEME_SM2_SM3 
TLS_SIGN_SCHEME_ECDSA_BRAINPOOLP256R1_TLS13_SHA256 
TLS_SIGN_SCHEME_ECDSA_BRAINPOOLP384R1_TLS13_SHA384 
TLS_SIGN_SCHEME_ECDSA_BRAINPOOLP512R1_TLS13_SHA512 
TLS_SIGN_SCHEME_ED25519 
TLS_SIGN_SCHEME_ED448 

Definition at line 135 of file tls13_misc.h.

Function Documentation

◆ tls13CheckDuplicateKeyShare()

error_t tls13CheckDuplicateKeyShare ( uint16_t  namedGroup,
const uint8_t *  p,
size_t  length 
)

Check whether the specified key share group is a duplicate.

Parameters
[in]namedGroupNamed group
[in]pList of key share entries
[in]lengthLength of the list, in bytes
Returns
Error code

Definition at line 677 of file tls13_misc.c.

◆ tls13ComputeMac()

error_t tls13ComputeMac ( TlsContext context,
TlsEncryptionEngine encryptionEngine,
void *  record,
const uint8_t *  data,
size_t  dataLen,
uint8_t *  mac 
)

Compute message authentication code.

Parameters
[in]contextPointer to the TLS context
[in]encryptionEnginePointer to the encryption/decryption engine
[in]recordPointer to the TLS record
[in]dataPointer to the record data
[in]dataLenLength of the data
[out]macThe computed MAC value
Returns
Error code

Definition at line 443 of file tls13_misc.c.

◆ tls13ComputePskBinder()

error_t tls13ComputePskBinder ( TlsContext context,
const void *  clientHello,
size_t  clientHelloLen,
size_t  truncatedClientHelloLen,
const Tls13PskIdentity identity,
uint8_t *  binder,
size_t  binderLen 
)

Compute PSK binder value.

Parameters
[in]contextPointer to the TLS context
[in]clientHelloPointer to the ClientHello message
[in]clientHelloLenLength of the ClientHello message
[in]truncatedClientHelloLenLength of the partial ClientHello message
[in]identityPointer to the PSK identity
[out]binderBuffer where to store the resulting PSK binder
[in]binderLenExpected length of the PSK binder
Returns
Error code

Definition at line 87 of file tls13_misc.c.

◆ tls13DigestClientHello1()

error_t tls13DigestClientHello1 ( TlsContext context)

Hash ClientHello1 in the transcript when HelloRetryRequest is used.

Parameters
[in]contextPointer to the TLS context
Returns
Error code

Definition at line 485 of file tls13_misc.c.

◆ tls13FormatCertExtensions()

error_t tls13FormatCertExtensions ( uint8_t *  p,
size_t *  written 
)

Format certificate extensions.

Parameters
[in]pOutput stream where to write the list of extensions
[out]writtenTotal number of bytes that have been written
Returns
Error code

Definition at line 723 of file tls13_misc.c.

◆ tls13GenerateKeyShare()

error_t tls13GenerateKeyShare ( TlsContext context,
uint16_t  namedGroup 
)

Key share generation.

Parameters
[in]contextPointer to the TLS context
[in]namedGroupNamed group
Returns
Error code

Definition at line 261 of file tls13_misc.c.

◆ tls13GenerateSharedSecret()

error_t tls13GenerateSharedSecret ( TlsContext context,
const uint8_t *  keyShare,
size_t  length 
)

(EC)DHE shared secret generation

Parameters
[in]contextPointer to the TLS context
[in]keySharePointer to the peer's (EC)DHE parameters
[in]lengthLength of the (EC)DHE parameters, in bytes
Returns
Error code

Definition at line 354 of file tls13_misc.c.

◆ tls13IsEcdheGroupSupported()

bool_t tls13IsEcdheGroupSupported ( TlsContext context,
uint16_t  namedGroup 
)

Check whether a given ECDHE group is supported.

Parameters
[in]contextPointer to the TLS context
[in]namedGroupNamed group
Returns
TRUE is the ECDHE group is supported, else FALSE

Definition at line 601 of file tls13_misc.c.

◆ tls13IsFfdheGroupSupported()

bool_t tls13IsFfdheGroupSupported ( TlsContext context,
uint16_t  namedGroup 
)

Check whether a given FFDHE group is supported.

Parameters
[in]contextPointer to the TLS context
[in]namedGroupNamed group
Returns
TRUE is the FFDHE group is supported, else FALSE

Definition at line 639 of file tls13_misc.c.

◆ tls13IsGroupSupported()

bool_t tls13IsGroupSupported ( TlsContext context,
uint16_t  namedGroup 
)

Check whether a given named group is supported.

Parameters
[in]contextPointer to the TLS context
[in]namedGroupNamed group
Returns
TRUE is the named group is supported, else FALSE

Definition at line 568 of file tls13_misc.c.

◆ tls13IsPskValid()

bool_t tls13IsPskValid ( TlsContext context)

Check whether an externally established PSK is valid.

Parameters
[in]contextPointer to the TLS context
Returns
TRUE is the PSK is valid, else FALSE

Definition at line 530 of file tls13_misc.c.

◆ tls13ParseCertExtensions()

error_t tls13ParseCertExtensions ( const uint8_t *  p,
size_t  length,
size_t *  consumed 
)

Parse certificate extensions.

Parameters
[in]pInput stream where to read the list of extensions
[in]lengthNumber of bytes available in the input stream
[out]consumedTotal number of bytes that have been consumed
Returns
Error code

Definition at line 752 of file tls13_misc.c.

Variable Documentation

◆ algorithm

uint16_t algorithm

Definition at line 295 of file tls13_misc.h.

◆ cipherSuite

uint16_t cipherSuite

Cipher suite identifier.

Definition at line 373 of file tls13_misc.h.

◆ data

uint8_t data[]

Definition at line 362 of file tls13_misc.h.

◆ extensions

uint8_t extensions[]

Definition at line 328 of file tls13_misc.h.

◆ extensionsLen

uint16_t extensionsLen

Definition at line 327 of file tls13_misc.h.

◆ group

uint16_t group

Definition at line 206 of file tls13_misc.h.

◆ keyExchange

uint8_t keyExchange[]

Definition at line 208 of file tls13_misc.h.

◆ length

uint16_t length

Definition at line 195 of file tls13_misc.h.

◆ random

uint8_t random[32]

Definition at line 308 of file tls13_misc.h.

◆ requestUpdate

uint8_t requestUpdate

Definition at line 351 of file tls13_misc.h.

◆ serverVersion

uint16_t serverVersion

Definition at line 307 of file tls13_misc.h.

◆ sessionId

uint8_t sessionId[]

Definition at line 310 of file tls13_misc.h.

◆ sessionIdLen

uint8_t sessionIdLen

Definition at line 309 of file tls13_misc.h.

◆ ticketAgeAdd

uint32_t ticketAgeAdd

Random value used to obscure the age of the ticket.

Definition at line 339 of file tls13_misc.h.

◆ ticketLifetime

uint32_t ticketLifetime

Lifetime of the ticket.

Definition at line 338 of file tls13_misc.h.

◆ ticketNonce

uint8_t ticketNonce[4]

A per-ticket value that is unique across all tickets issued.

Definition at line 341 of file tls13_misc.h.

◆ ticketNonceLen

uint8_t ticketNonceLen

Definition at line 340 of file tls13_misc.h.

◆ ticketPsk

uint8_t ticketPsk[TLS13_MAX_HKDF_DIGEST_SIZE]

PSK associated with the ticket.

Definition at line 379 of file tls13_misc.h.

◆ ticketPskLen

size_t ticketPskLen

Length of the PSK associated with the ticket.

Definition at line 378 of file tls13_misc.h.

◆ ticketTimestamp

systime_t ticketTimestamp

Timestamp to manage ticket lifetime.

Definition at line 374 of file tls13_misc.h.

◆ tls11DowngradeRandom

const uint8_t tls11DowngradeRandom[8]
extern

Definition at line 54 of file tls13_misc.c.

◆ tls12DowngradeRandom

const uint8_t tls12DowngradeRandom[8]
extern

Definition at line 60 of file tls13_misc.c.

◆ tls13HelloRetryRequestRandom

const uint8_t tls13HelloRetryRequestRandom[32]
extern

Definition at line 66 of file tls13_misc.c.

◆ value

uint8_t value[]

Definition at line 196 of file tls13_misc.h.

◆ version

uint16_t version

Protocol version.

Definition at line 372 of file tls13_misc.h.