tls13_server.c
Go to the documentation of this file.
1 /**
2  * @file tls13_server.c
3  * @brief Handshake message processing (TLS 1.3 server)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2026 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.6.2
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL TLS_TRACE_LEVEL
33 
34 //Dependencies
35 #include "tls/tls.h"
36 #include "tls/tls_handshake.h"
37 #include "tls/tls_server_extensions.h"
38 #include "tls/tls_server_misc.h"
39 #include "tls/tls_extensions.h"
40 #include "tls/tls_transcript_hash.h"
41 #include "tls/tls_ffdhe.h"
42 #include "tls/tls_misc.h"
43 #include "tls13/tls13_server.h"
44 #include "tls13/tls13_server_extensions.h"
45 #include "tls13/tls13_server_misc.h"
46 #include "tls13/tls13_ticket.h"
47 #include "tls13/tls13_misc.h"
48 #include "dtls13/dtls13_server_extensions.h"
49 #include "debug.h"
50 
51 //Check TLS library configuration
52 #if (TLS_SUPPORT == ENABLED && TLS_SERVER_SUPPORT == ENABLED && \
53  TLS_MAX_VERSION >= TLS_VERSION_1_3)
54 
55 
56 /**
57  * @brief Send HelloRetryRequest message
58  *
59  * The server will send this message in response to a ClientHello message if it
60  * is able to find an acceptable set of parameters but the ClientHello does not
61  * contain sufficient information to proceed with the handshake
62  *
63  * @param[in] context Pointer to the TLS context
64  * @return Error code
65  **/
66 
67 error_t tls13SendHelloRetryRequest(TlsContext *context)
68 {
69  error_t error;
70  size_t length;
71  Tls13HelloRetryRequest *message;
72 
73  //Point to the buffer where to format the message
74  message = (Tls13HelloRetryRequest *) (context->txBuffer + context->txBufferLen);
75 
76  //When the server responds to a ClientHello with a HelloRetryRequest, the
77  //value of ClientHello1 is replaced with a special synthetic handshake
78  //message of handshake type MessageHash containing Hash(ClientHello1)
79  error = tls13DigestClientHello1(context);
80 
81 #if (DTLS_SUPPORT == ENABLED)
82  //Check status code
83  if(!error)
84  {
85  //DTLS protocol?
86  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_DATAGRAM)
87  {
88  //Generate a cookie
89  error = dtls13GenerateCookie(context);
90  }
91  }
92 #endif
93 
94  //Check status code
95  if(!error)
96  {
97  //Format HelloRetryRequest message
98  error = tls13FormatHelloRetryRequest(context, message, &length);
99  }
100 
101  //Check status code
102  if(!error)
103  {
104  //Debug message
105  TRACE_INFO("Sending HelloRetryRequest message (%" PRIuSIZE " bytes)...\r\n", length);
106  TRACE_DEBUG_ARRAY(" ", message, length);
107 
108  //For reasons of backward compatibility with middleboxes the
109  //HelloRetryRequest message uses the same format as the ServerHello
110  error = tlsSendHandshakeMessage(context, message, length,
111  TLS_TYPE_SERVER_HELLO);
112  }
113 
114  //Check status code
115  if(error == NO_ERROR || error == ERROR_WOULD_BLOCK || error == ERROR_TIMEOUT)
116  {
117 #if (TLS13_MIDDLEBOX_COMPAT_SUPPORT == ENABLED)
118  //DTLS implementations do not use the "compatibility mode" and must
119  //not send ChangeCipherSpec messages (refer to RFC 9147, section 5)
120  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_STREAM)
121  {
122  //In middlebox compatibility mode, the server sends a dummy
123  //ChangeCipherSpec record immediately after its first handshake
124  //message. This may either be after a ServerHello or a
125  //HelloRetryRequest
126  tlsChangeState(context, TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2);
127  }
128  else
129 #endif
130  {
131  //Wait for the second updated ClientHello
132  tlsChangeState(context, TLS_STATE_CLIENT_HELLO_2);
133  }
134  }
135 
136  //Return status code
137  return error;
138 }
139 
140 
141 /**
142  * @brief Send EncryptedExtensions message
143  *
144  * The server sends the EncryptedExtensions message immediately after the
145  * ServerHello message. The EncryptedExtensions message contains extensions
146  * that can be protected
147  *
148  * @param[in] context Pointer to the TLS context
149  * @return Error code
150  **/
151 
152 error_t tls13SendEncryptedExtensions(TlsContext *context)
153 {
154  error_t error;
155  size_t length;
156  Tls13EncryptedExtensions *message;
157 
158  //Point to the buffer where to format the message
159  message = (Tls13EncryptedExtensions *) (context->txBuffer + context->txBufferLen);
160 
161  //Format EncryptedExtensions message
162  error = tls13FormatEncryptedExtensions(context, message, &length);
163 
164  //Check status code
165  if(!error)
166  {
167  //Debug message
168  TRACE_INFO("Sending EncryptedExtensions message (%" PRIuSIZE " bytes)...\r\n", length);
169  TRACE_DEBUG_ARRAY(" ", message, length);
170 
171  //Send handshake message
172  error = tlsSendHandshakeMessage(context, message, length,
173  TLS_TYPE_ENCRYPTED_EXTENSIONS);
174  }
175 
176  //Check status code
177  if(error == NO_ERROR || error == ERROR_WOULD_BLOCK || error == ERROR_TIMEOUT)
178  {
179  //PSK key exchange method?
180  if(context->keyExchMethod == TLS13_KEY_EXCH_PSK ||
181  context->keyExchMethod == TLS13_KEY_EXCH_PSK_DHE ||
182  context->keyExchMethod == TLS13_KEY_EXCH_PSK_ECDHE ||
183  context->keyExchMethod == TLS13_KEY_EXCH_PSK_HYBRID)
184  {
185  //As the server is authenticating via a PSK, it does not send a
186  //Certificate or a CertificateVerify message
187  tlsChangeState(context, TLS_STATE_SERVER_FINISHED);
188  }
189  else
190  {
191  //A server can optionally request a certificate from the client
192  tlsChangeState(context, TLS_STATE_CERTIFICATE_REQUEST);
193  }
194  }
195 
196  //Return status code
197  return error;
198 }
199 
200 
201 /**
202  * @brief Send NewSessionTicket message
203  *
204  * At any time after the server has received the client Finished message, it
205  * may send a NewSessionTicket message
206  *
207  * @param[in] context Pointer to the TLS context
208  * @return Error code
209  **/
210 
211 error_t tls13SendNewSessionTicket(TlsContext *context)
212 {
213  error_t error;
214  size_t length;
215  Tls13NewSessionTicket *message;
216 
217  //Initialize status code
218  error = NO_ERROR;
219 
220  //Send as many NewSessionTicket messages as requested
221  if(context->newSessionTicketCount < TLS13_NEW_SESSION_TICKET_COUNT)
222  {
223  //Point to the buffer where to format the message
224  message = (Tls13NewSessionTicket *) (context->txBuffer + context->txBufferLen);
225 
226  //Format NewSessionTicket message
227  error = tls13FormatNewSessionTicket(context, message, &length);
228 
229  //Check status code
230  if(!error)
231  {
232  //Increment the number of NewSessionTicket messages that have been sent
233  context->newSessionTicketCount++;
234 
235  //Debug message
236  TRACE_INFO("Sending NewSessionTicket message (%" PRIuSIZE " bytes)...\r\n", length);
237  TRACE_DEBUG_ARRAY(" ", message, length);
238 
239  //Send handshake message
240  error = tlsSendHandshakeMessage(context, message, length,
241  TLS_TYPE_NEW_SESSION_TICKET);
242  }
243  }
244  else
245  {
246  //DTLS protocol?
247  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_DATAGRAM)
248  {
249  //When a handshake flight is sent without any expected response, as is
250  //the case with the NewSessionTicket message, the flight must be
251  //acknowledged with an ACK message (refer to RFC 9147, section 5.7)
252  tlsChangeState(context, TLS_STATE_NEW_SESSION_TICKET_ACK);
253  }
254  else
255  {
256  //The client and server can now exchange application-layer data
257  tlsChangeState(context, TLS_STATE_APPLICATION_DATA);
258  }
259  }
260 
261  //Return status code
262  return error;
263 }
264 
265 
266 /**
267  * @brief Format HelloRetryRequest message
268  * @param[in] context Pointer to the TLS context
269  * @param[out] message Buffer where to format the HelloRetryRequest message
270  * @param[out] length Length of the resulting HelloRetryRequest message
271  * @return Error code
272  **/
273 
274 error_t tls13FormatHelloRetryRequest(TlsContext *context,
275  Tls13HelloRetryRequest *message, size_t *length)
276 {
277  error_t error;
278  size_t n;
279  uint8_t *p;
280  TlsExtensionList *extensionList;
281 
282  //In TLS 1.3, the client indicates its version preferences in the
283  //SupportedVersions extension and the legacy_version field must be set
284  //to 0x0303, which is the version number for TLS 1.2
285  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_DATAGRAM)
286  {
287  message->serverVersion = HTONS(DTLS_VERSION_1_2);
288  }
289  else
290  {
291  message->serverVersion = HTONS(TLS_VERSION_1_2);
292  }
293 
294  //For backward compatibility with middleboxes the HelloRetryRequest message
295  //uses the same structure as the ServerHello, but with Random field set to
296  //a special value
297  osMemcpy(message->random, tls13HelloRetryRequestRandom, 32);
298 
299  //Point to the session ID
300  p = message->sessionId;
301  //Length of the handshake message
302  *length = sizeof(Tls13HelloRetryRequest);
303 
304  //DTLS protocol?
305  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_DATAGRAM)
306  {
307  //DTLS servers must not echo the legacy_session_id value from the
308  //client (refer to RFC 9147, section 5)
309  message->sessionIdLen = 0;
310  }
311  else
312  {
313  //The legacy_session_id_echo echoes the contents of the client's
314  //legacy_session_id field
315  osMemcpy(message->sessionId, context->sessionId, context->sessionIdLen);
316  message->sessionIdLen = (uint8_t) context->sessionIdLen;
317  }
318 
319  //Debug message
320  TRACE_INFO("Session ID (%" PRIu8 " bytes):\r\n", message->sessionIdLen);
321  TRACE_INFO_ARRAY(" ", message->sessionId, message->sessionIdLen);
322 
323  //Advance data pointer
324  p += message->sessionIdLen;
325  //Adjust the length of the message
326  *length += message->sessionIdLen;
327 
328  //The cipher_suite field contains the cipher suite selected by the server
329  STORE16BE(context->cipherSuite.identifier, p);
330 
331  //Advance data pointer
332  p += sizeof(uint16_t);
333  //Adjust the length of the message
334  *length += sizeof(uint16_t);
335 
336  //The legacy_compression_method field must have the value 0
337  *p = TLS_COMPRESSION_METHOD_NULL;
338 
339  //Advance data pointer
340  p += sizeof(uint8_t);
341  //Adjust the length of the message
342  *length += sizeof(uint8_t);
343 
344  //Point to the list of extensions
345  extensionList = (TlsExtensionList *) p;
346  //Total length of the extension list
347  extensionList->length = 0;
348 
349  //Point to the first extension of the list
350  p += sizeof(TlsExtensionList);
351  //Adjust the length of the message
352  *length += sizeof(TlsExtensionList);
353 
354  //The HelloRetryRequest message must contain a SupportedVersions extension
355  error = tls13FormatServerSupportedVersionsExtension(context, p, &n);
356  //Any error to report?
357  if(error)
358  return error;
359 
360  //Fix the length of the extension list
361  extensionList->length += (uint16_t) n;
362  //Point to the next field
363  p += n;
364 
365  //Incorrect (EC)DHE share?
366  if(context->wrongKeyShare)
367  {
368  //The KeyShare extension contains the mutually supported group the server
369  //intends to negotiate
370  error = tls13FormatSelectedGroupExtension(context, p, &n);
371  //Any error to report?
372  if(error)
373  return error;
374 
375  //Fix the length of the extension list
376  extensionList->length += (uint16_t) n;
377  //Point to the next field
378  p += n;
379  }
380 
381 #if (DTLS_SUPPORT == ENABLED)
382  //When sending a HelloRetryRequest, the server may provide a Cookie extension
383  //to the client (refer to RFC 8446, section 4.2.2)
384  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_DATAGRAM &&
385  context->wrongCookie)
386  {
387  //The cookie provides a measure of DoS protection and allows the server to
388  //offload state to the client
389  error = dtls13FormatServerCookieExtension(context, p, &n);
390  //Any error to report?
391  if(error)
392  return error;
393 
394  //Fix the length of the extension list
395  extensionList->length += (uint16_t) n;
396  //Point to the next field
397  p += n;
398  }
399 #endif
400 
401  //Convert the length of the extension list to network byte order
402  extensionList->length = htons(extensionList->length);
403  //Total length of the message
404  *length += htons(extensionList->length);
405 
406  //Successful processing
407  return NO_ERROR;
408 }
409 
410 
411 /**
412  * @brief Format EncryptedExtensions message
413  * @param[in] context Pointer to the TLS context
414  * @param[out] message Buffer where to format the EncryptedExtensions message
415  * @param[out] length Length of the resulting EncryptedExtensions message
416  * @return Error code
417  **/
418 
419 error_t tls13FormatEncryptedExtensions(TlsContext *context,
420  Tls13EncryptedExtensions *message, size_t *length)
421 {
422  error_t error;
423  size_t n;
424  uint8_t *p;
425 
426  //Point to the extension of the list
427  p = message->extensions;
428  //Length of the handshake message
429  *length = sizeof(Tls13EncryptedExtensions);
430 
431  //Total length of the extension list
432  message->extensionsLen = 0;
433 
434 #if (TLS_SNI_SUPPORT == ENABLED)
435  //The server may include a SNI extension in the ServerHello
436  error = tlsFormatServerSniExtension(context, p, &n);
437  //Any error to report?
438  if(error)
439  return error;
440 
441  //Fix the length of the extension list
442  message->extensionsLen += (uint16_t) n;
443  //Point to the next field
444  p += n;
445 #endif
446 
447 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
448  //Servers that receive an ClientHello containing a MaxFragmentLength
449  //extension may accept the requested maximum fragment length by including
450  //an extension of type MaxFragmentLength in the ServerHello
451  error = tlsFormatServerMaxFragLenExtension(context, p, &n);
452  //Any error to report?
453  if(error)
454  return error;
455 
456  //Fix the length of the extension list
457  message->extensionsLen += (uint16_t) n;
458  //Point to the next field
459  p += n;
460 #endif
461 
462 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
463  //The value of RecordSizeLimit is the maximum size of record in octets
464  //that the endpoint is willing to receive
465  error = tlsFormatServerRecordSizeLimitExtension(context, p, &n);
466  //Any error to report?
467  if(error)
468  return error;
469 
470  //Fix the length of the extension list
471  message->extensionsLen += (uint16_t) n;
472  //Point to the next field
473  p += n;
474 #endif
475 
476 #if (TLS_ALPN_SUPPORT == ENABLED)
477  //The ALPN extension contains the name of the selected protocol
478  error = tlsFormatServerAlpnExtension(context, p, &n);
479  //Any error to report?
480  if(error)
481  return error;
482 
483  //Fix the length of the extension list
484  message->extensionsLen += (uint16_t) n;
485  //Point to the next field
486  p += n;
487 #endif
488 
489 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
490  //The ClientCertType extension in the ServerHello indicates the type
491  //of certificates the client is requested to provide in a subsequent
492  //certificate payload
493  error = tlsFormatClientCertTypeExtension(context, p, &n);
494  //Any error to report?
495  if(error)
496  return error;
497 
498  //Fix the length of the extension list
499  message->extensionsLen += (uint16_t) n;
500  //Point to the next field
501  p += n;
502 
503  //With the ServerCertType extension in the ServerHello, the TLS server
504  //indicates the certificate type carried in the certificate payload
505  error = tlsFormatServerCertTypeExtension(context, p, &n);
506  //Any error to report?
507  if(error)
508  return error;
509 
510  //Fix the length of the extension list
511  message->extensionsLen += (uint16_t) n;
512  //Point to the next field
513  p += n;
514 #endif
515 
516 #if (TLS13_EARLY_DATA_SUPPORT == ENABLED)
517  //If the server intends to process the early data, then it returns its
518  //own EarlyData extension in the EncryptedExtensions message
519  error = tls13FormatServerEarlyDataExtension(context,
520  TLS_TYPE_ENCRYPTED_EXTENSIONS, p, &n);
521  //Any error to report?
522  if(error)
523  return error;
524 
525  //Fix the length of the extension list
526  message->extensionsLen += (uint16_t) n;
527  //Point to the next field
528  p += n;
529 #endif
530 
531  //Convert the length of the extension list to network byte order
532  message->extensionsLen = htons(message->extensionsLen);
533  //Total length of the message
534  *length += htons(message->extensionsLen);
535 
536  //Successful processing
537  return NO_ERROR;
538 }
539 
540 
541 /**
542  * @brief Format NewSessionTicket message
543  * @param[in] context Pointer to the TLS context
544  * @param[out] message Buffer where to format the NewSessionTicket message
545  * @param[out] length Length of the resulting NewSessionTicket message
546  * @return Error code
547  **/
548 
549 error_t tls13FormatNewSessionTicket(TlsContext *context,
550  Tls13NewSessionTicket *message, size_t *length)
551 {
552 #if (TLS_TICKET_SUPPORT == ENABLED)
553  error_t error;
554  size_t n;
555  uint8_t *p;
556  Tls13Ticket *ticket;
557  TlsExtensionList *extensionList;
558 
559  //Set the lifetime of the ticket, in seconds
560  message->ticketLifetime = HTONL(TLS_TICKET_LIFETIME / 1000);
561 
562  //The ticket_age_add field is used to obscure the age of the ticket
563  error = context->prngAlgo->generate(context->prngContext,
564  (uint8_t *) &message->ticketAgeAdd, sizeof(uint32_t));
565  //Any error to report?
566  if(error)
567  return error;
568 
569  //Point to ticket nonce
570  p = message->ticketNonce;
571  //Length of the handshake message
572  *length = sizeof(Tls13NewSessionTicket);
573 
574  //The ticket nonce is a per-ticket value that is unique across all tickets
575  //issued on this connection
576  context->ticketNonce++;
577 
578  //Copy ticket nonce
579  STORE32BE(context->ticketNonce, message->ticketNonce);
580  //Set the length of the nonce
581  message->ticketNonceLen = sizeof(uint32_t);
582 
583  //Advance data pointer
584  p += message->ticketNonceLen;
585  //Adjust the length of the message
586  *length += message->ticketNonceLen;
587 
588  //Point to the value of the ticket
589  ticket = (Tls13Ticket *) p;
590 
591  //The ticket itself is an opaque label. It may be either a database lookup
592  //key or a self-encrypted and self-authenticated value
593  error = tls13GenerateTicket(context, message, ticket->data, &n);
594  //Any error to report?
595  if(error)
596  return error;
597 
598  //Fix the length of the ticket
599  ticket->length = htons(n);
600 
601  //Advance data pointer
602  p += sizeof(Tls13Ticket) + n;
603  //Adjust the length of the message
604  *length += sizeof(Tls13Ticket) + n;
605 
606  //Point to the list of extensions
607  extensionList = (TlsExtensionList *) p;
608  //Total length of the extension list
609  extensionList->length = 0;
610 
611  //Point to the first extension of the list
612  p += sizeof(TlsExtensionList);
613  //Adjust the length of the message
614  *length += sizeof(TlsExtensionList);
615 
616 #if (TLS13_EARLY_DATA_SUPPORT == ENABLED)
617  //The sole extension currently defined for NewSessionTicket is EarlyData
618  //indicating that the ticket may be used to send 0-RTT data
619  error = tls13FormatServerEarlyDataExtension(context,
620  TLS_TYPE_NEW_SESSION_TICKET, p, &n);
621  //Any error to report?
622  if(error)
623  return error;
624 
625  //Fix the length of the extension list
626  extensionList->length += (uint16_t) n;
627  //Point to the next field
628  p += n;
629 #endif
630 
631  //Convert the length of the extension list to network byte order
632  extensionList->length = htons(extensionList->length);
633  //Total length of the message
634  *length += htons(extensionList->length);
635 
636  //Successful processing
637  return NO_ERROR;
638 #else
639  //Session ticket mechanism is not implemented
640  return ERROR_NOT_IMPLEMENTED;
641 #endif
642 }
643 
644 #endif
dtls13FormatServerCookieExtension
error_t dtls13FormatServerCookieExtension(TlsContext *context, uint8_t *p, size_t *written)
Format Cookie extension.
Definition: dtls13_server_extensions.c:54
TLS13_KEY_EXCH_PSK
@ TLS13_KEY_EXCH_PSK
Definition: tls.h:1224
htons
#define htons(value)
Definition: cpu_endian.h:413
tls_extensions.h
Parsing and checking of TLS extensions.
tls_misc.h
TLS helper functions.
TRACE_INFO_ARRAY
#define TRACE_INFO_ARRAY(p, a, n)
Definition: debug.h:106
tls13_server.h
Handshake message processing (TLS 1.3 server)
ERROR_WOULD_BLOCK
@ ERROR_WOULD_BLOCK
Definition: error.h:96
TLS13_KEY_EXCH_PSK_DHE
@ TLS13_KEY_EXCH_PSK_DHE
Definition: tls.h:1225
tls_handshake.h
TLS handshake.
TLS_COMPRESSION_METHOD_NULL
@ TLS_COMPRESSION_METHOD_NULL
Definition: tls.h:1190
tls13SendEncryptedExtensions
error_t tls13SendEncryptedExtensions(TlsContext *context)
Send EncryptedExtensions message.
Definition: tls13_server.c:152
ERROR_NOT_IMPLEMENTED
@ ERROR_NOT_IMPLEMENTED
Definition: error.h:66
tls13SendHelloRetryRequest
error_t tls13SendHelloRetryRequest(TlsContext *context)
Send HelloRetryRequest message.
Definition: tls13_server.c:67
p
uint8_t p
Definition: ndp.h:300
message
uint8_t message[]
Definition: chap.h:154
TLS_STATE_CERTIFICATE_REQUEST
@ TLS_STATE_CERTIFICATE_REQUEST
Definition: tls.h:1572
dtls13GenerateCookie
error_t dtls13GenerateCookie(TlsContext *context)
Cookie generation.
Definition: dtls13_server_extensions.c:223
tls13_ticket.h
TLS 1.3 session tickets.
TLS_TRANSPORT_PROTOCOL_DATAGRAM
@ TLS_TRANSPORT_PROTOCOL_DATAGRAM
Definition: tls.h:1017
TLS_STATE_APPLICATION_DATA
@ TLS_STATE_APPLICATION_DATA
Definition: tls.h:1589
tlsSendHandshakeMessage
error_t tlsSendHandshakeMessage(TlsContext *context, const void *data, size_t length, TlsMessageType type)
Send handshake message.
Definition: tls_handshake.c:158
tlsFormatServerSniExtension
error_t tlsFormatServerSniExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SNI extension.
Definition: tls_server_extensions.c:54
TLS13_KEY_EXCH_PSK_HYBRID
@ TLS13_KEY_EXCH_PSK_HYBRID
Definition: tls.h:1228
tls13_misc.h
TLS 1.3 helper functions.
TlsExtensionList
TlsExtensionList
Definition: tls.h:1727
tlsFormatServerRecordSizeLimitExtension
error_t tlsFormatServerRecordSizeLimitExtension(TlsContext *context, uint8_t *p, size_t *written)
Format RecordSizeLimit extension.
Definition: tls_server_extensions.c:192
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:144
HTONL
#define HTONL(value)
Definition: cpu_endian.h:411
TlsContext
#define TlsContext
Definition: tls.h:36
error_t
error_t
Error codes.
Definition: error.h:43
TLS_VERSION_1_2
#define TLS_VERSION_1_2
Definition: tls.h:97
Tls13HelloRetryRequest
Tls13HelloRetryRequest
Definition: tls13_misc.h:311
tls13_server_extensions.h
Formatting and parsing of extensions (TLS 1.3 server)
STORE16BE
#define STORE16BE(a, p)
Definition: cpu_endian.h:262
TLS_STATE_SERVER_FINISHED
@ TLS_STATE_SERVER_FINISHED
Definition: tls.h:1585
tlsFormatClientCertTypeExtension
error_t tlsFormatClientCertTypeExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ClientCertType extension.
Definition: tls_server_extensions.c:386
TLS_TYPE_SERVER_HELLO
@ TLS_TYPE_SERVER_HELLO
Definition: tls.h:1103
TLS_TYPE_ENCRYPTED_EXTENSIONS
@ TLS_TYPE_ENCRYPTED_EXTENSIONS
Definition: tls.h:1108
tls13SendNewSessionTicket
error_t tls13SendNewSessionTicket(TlsContext *context)
Send NewSessionTicket message.
Definition: tls13_server.c:211
TRACE_INFO
#define TRACE_INFO(...)
Definition: debug.h:105
length
uint8_t length
Definition: tcp.h:375
tls13FormatSelectedGroupExtension
error_t tls13FormatSelectedGroupExtension(TlsContext *context, uint8_t *p, size_t *written)
Format KeyShare extension (HelloRetryRequest message)
Definition: tls13_server_extensions.c:108
tls13HelloRetryRequestRandom
const uint8_t tls13HelloRetryRequestRandom[32]
Definition: tls13_misc.c:65
tls13FormatServerSupportedVersionsExtension
error_t tls13FormatServerSupportedVersionsExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SupportedVersions extension.
Definition: tls13_server_extensions.c:55
tls13_server_misc.h
Helper functions for TLS 1.3 server.
tlsFormatServerMaxFragLenExtension
error_t tlsFormatServerMaxFragLenExtension(TlsContext *context, uint8_t *p, size_t *written)
Format MaxFragmentLength extension.
Definition: tls_server_extensions.c:121
tls_transcript_hash.h
Transcript hash calculation.
Tls13Ticket
Tls13Ticket
Definition: tls13_misc.h:363
ERROR_TIMEOUT
@ ERROR_TIMEOUT
Definition: error.h:95
ticket
uint8_t ticket[]
Definition: tls.h:1987
TLS13_KEY_EXCH_PSK_ECDHE
@ TLS13_KEY_EXCH_PSK_ECDHE
Definition: tls.h:1226
TLS_STATE_CLIENT_HELLO_2
@ TLS_STATE_CLIENT_HELLO_2
Definition: tls.h:1560
TRACE_DEBUG_ARRAY
#define TRACE_DEBUG_ARRAY(p, a, n)
Definition: debug.h:120
TLS_TICKET_LIFETIME
#define TLS_TICKET_LIFETIME
Definition: tls.h:179
HTONS
#define HTONS(value)
Definition: cpu_endian.h:410
n
uint8_t n
Definition: dhcpv6_common.h:416
Tls13NewSessionTicket
Tls13NewSessionTicket
Definition: tls13_misc.h:342
dtls13_server_extensions.h
Formatting and parsing of extensions (DTLS 1.3 server)
tls13FormatServerEarlyDataExtension
error_t tls13FormatServerEarlyDataExtension(TlsContext *context, TlsMessageType msgType, uint8_t *p, size_t *written)
Format EarlyData extension.
Definition: tls13_server_extensions.c:404
tls.h
TLS (Transport Layer Security)
tls13FormatEncryptedExtensions
error_t tls13FormatEncryptedExtensions(TlsContext *context, Tls13EncryptedExtensions *message, size_t *length)
Format EncryptedExtensions message.
Definition: tls13_server.c:419
tls13GenerateTicket
error_t tls13GenerateTicket(TlsContext *context, const Tls13NewSessionTicket *message, uint8_t *ticket, size_t *length)
Session ticket generation.
Definition: tls13_ticket.c:306
TLS_TRANSPORT_PROTOCOL_STREAM
@ TLS_TRANSPORT_PROTOCOL_STREAM
Definition: tls.h:1016
tls_ffdhe.h
FFDHE key exchange.
tls_server_misc.h
Helper functions for TLS server.
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2
Definition: tls.h:1584
tls_server_extensions.h
Formatting and parsing of extensions (TLS server)
TLS_TYPE_NEW_SESSION_TICKET
@ TLS_TYPE_NEW_SESSION_TICKET
Definition: tls.h:1105
tlsChangeState
void tlsChangeState(TlsContext *context, TlsState newState)
Update TLS state.
Definition: tls_misc.c:54
PRIuSIZE
#define PRIuSIZE
Definition: compiler_port.h:162
tlsFormatServerCertTypeExtension
error_t tlsFormatServerCertTypeExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ServerCertType extension.
Definition: tls_server_extensions.c:434
tls13DigestClientHello1
error_t tls13DigestClientHello1(TlsContext *context)
Hash ClientHello1 in the transcript when HelloRetryRequest is used.
Definition: tls13_misc.c:844
tlsFormatServerAlpnExtension
error_t tlsFormatServerAlpnExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ALPN extension.
Definition: tls_server_extensions.c:319
DTLS_VERSION_1_2
#define DTLS_VERSION_1_2
Definition: dtls_misc.h:36
STORE32BE
#define STORE32BE(a, p)
Definition: cpu_endian.h:286
tls13FormatNewSessionTicket
error_t tls13FormatNewSessionTicket(TlsContext *context, Tls13NewSessionTicket *message, size_t *length)
Format NewSessionTicket message.
Definition: tls13_server.c:549
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
debug.h
Debugging facilities.
TLS_STATE_NEW_SESSION_TICKET_ACK
@ TLS_STATE_NEW_SESSION_TICKET_ACK
Definition: tls.h:1591
TLS13_NEW_SESSION_TICKET_COUNT
#define TLS13_NEW_SESSION_TICKET_COUNT
Definition: tls13_misc.h:141
tls13FormatHelloRetryRequest
error_t tls13FormatHelloRetryRequest(TlsContext *context, Tls13HelloRetryRequest *message, size_t *length)
Format HelloRetryRequest message.
Definition: tls13_server.c:274
Tls13EncryptedExtensions
Tls13EncryptedExtensions
Definition: tls13_misc.h:329