tls13_server.c
Go to the documentation of this file.
1 /**
2  * @file tls13_server.c
3  * @brief Handshake message processing (TLS 1.3 server)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2026 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.6.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL TLS_TRACE_LEVEL
33 
34 //Dependencies
35 #include "tls.h"
36 #include "tls_handshake.h"
37 #include "tls_server_extensions.h"
38 #include "tls_server_misc.h"
39 #include "tls_extensions.h"
40 #include "tls_transcript_hash.h"
41 #include "tls_ffdhe.h"
42 #include "tls_misc.h"
43 #include "tls13_server.h"
44 #include "tls13_server_extensions.h"
45 #include "tls13_server_misc.h"
46 #include "tls13_ticket.h"
47 #include "tls13_misc.h"
48 #include "debug.h"
49 
50 //Check TLS library configuration
51 #if (TLS_SUPPORT == ENABLED && TLS_SERVER_SUPPORT == ENABLED && \
52  TLS_MAX_VERSION >= TLS_VERSION_1_3)
53 
54 
55 /**
56  * @brief Send HelloRetryRequest message
57  *
58  * The server will send this message in response to a ClientHello message if it
59  * is able to find an acceptable set of parameters but the ClientHello does not
60  * contain sufficient information to proceed with the handshake
61  *
62  * @param[in] context Pointer to the TLS context
63  * @return Error code
64  **/
65 
66 error_t tls13SendHelloRetryRequest(TlsContext *context)
67 {
68  error_t error;
69  size_t length;
70  Tls13HelloRetryRequest *message;
71 
72  //Point to the buffer where to format the message
73  message = (Tls13HelloRetryRequest *) (context->txBuffer + context->txBufferLen);
74 
75  //When the server responds to a ClientHello with a HelloRetryRequest, the
76  //value of ClientHello1 is replaced with a special synthetic handshake
77  //message of handshake type MessageHash containing Hash(ClientHello1)
78  error = tls13DigestClientHello1(context);
79 
80  //Check status code
81  if(!error)
82  {
83  //Format HelloRetryRequest message
84  error = tls13FormatHelloRetryRequest(context, message, &length);
85  }
86 
87  //Check status code
88  if(!error)
89  {
90  //Debug message
91  TRACE_INFO("Sending HelloRetryRequest message (%" PRIuSIZE " bytes)...\r\n", length);
92  TRACE_DEBUG_ARRAY(" ", message, length);
93 
94  //For reasons of backward compatibility with middleboxes the
95  //HelloRetryRequest message uses the same format as the ServerHello
96  error = tlsSendHandshakeMessage(context, message, length,
97  TLS_TYPE_SERVER_HELLO);
98  }
99 
100  //Check status code
101  if(error == NO_ERROR || error == ERROR_WOULD_BLOCK || error == ERROR_TIMEOUT)
102  {
103 #if (TLS13_MIDDLEBOX_COMPAT_SUPPORT == ENABLED)
104  //DTLS implementations do not use the "compatibility mode" and must
105  //not send ChangeCipherSpec messages (refer to RFC 9147, section 5)
106  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_STREAM)
107  {
108  //In middlebox compatibility mode, the server sends a dummy
109  //ChangeCipherSpec record immediately after its first handshake
110  //message. This may either be after a ServerHello or a
111  //HelloRetryRequest
112  tlsChangeState(context, TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2);
113  }
114  else
115 #endif
116  {
117  //Wait for the second updated ClientHello
118  tlsChangeState(context, TLS_STATE_CLIENT_HELLO_3);
119  }
120  }
121 
122  //Return status code
123  return error;
124 }
125 
126 
127 /**
128  * @brief Send EncryptedExtensions message
129  *
130  * The server sends the EncryptedExtensions message immediately after the
131  * ServerHello message. The EncryptedExtensions message contains extensions
132  * that can be protected
133  *
134  * @param[in] context Pointer to the TLS context
135  * @return Error code
136  **/
137 
138 error_t tls13SendEncryptedExtensions(TlsContext *context)
139 {
140  error_t error;
141  size_t length;
142  Tls13EncryptedExtensions *message;
143 
144  //Point to the buffer where to format the message
145  message = (Tls13EncryptedExtensions *) (context->txBuffer + context->txBufferLen);
146 
147  //Format EncryptedExtensions message
148  error = tls13FormatEncryptedExtensions(context, message, &length);
149 
150  //Check status code
151  if(!error)
152  {
153  //Debug message
154  TRACE_INFO("Sending EncryptedExtensions message (%" PRIuSIZE " bytes)...\r\n", length);
155  TRACE_DEBUG_ARRAY(" ", message, length);
156 
157  //Send handshake message
158  error = tlsSendHandshakeMessage(context, message, length,
159  TLS_TYPE_ENCRYPTED_EXTENSIONS);
160  }
161 
162  //Check status code
163  if(error == NO_ERROR || error == ERROR_WOULD_BLOCK || error == ERROR_TIMEOUT)
164  {
165  //PSK key exchange method?
166  if(context->keyExchMethod == TLS13_KEY_EXCH_PSK ||
167  context->keyExchMethod == TLS13_KEY_EXCH_PSK_DHE ||
168  context->keyExchMethod == TLS13_KEY_EXCH_PSK_ECDHE ||
169  context->keyExchMethod == TLS13_KEY_EXCH_PSK_HYBRID)
170  {
171  //As the server is authenticating via a PSK, it does not send a
172  //Certificate or a CertificateVerify message
173  tlsChangeState(context, TLS_STATE_SERVER_FINISHED);
174  }
175  else
176  {
177  //A server can optionally request a certificate from the client
178  tlsChangeState(context, TLS_STATE_CERTIFICATE_REQUEST);
179  }
180  }
181 
182  //Return status code
183  return error;
184 }
185 
186 
187 /**
188  * @brief Send NewSessionTicket message
189  *
190  * At any time after the server has received the client Finished message, it
191  * may send a NewSessionTicket message
192  *
193  * @param[in] context Pointer to the TLS context
194  * @return Error code
195  **/
196 
197 error_t tls13SendNewSessionTicket(TlsContext *context)
198 {
199  error_t error;
200  size_t length;
201  Tls13NewSessionTicket *message;
202 
203  //Initialize status code
204  error = NO_ERROR;
205 
206  //Send as many NewSessionTicket messages as requested
207  if(context->newSessionTicketCount < TLS13_NEW_SESSION_TICKET_COUNT)
208  {
209  //Point to the buffer where to format the message
210  message = (Tls13NewSessionTicket *) (context->txBuffer + context->txBufferLen);
211 
212  //Format NewSessionTicket message
213  error = tls13FormatNewSessionTicket(context, message, &length);
214 
215  //Check status code
216  if(!error)
217  {
218  //Increment the number of NewSessionTicket messages that have been sent
219  context->newSessionTicketCount++;
220 
221  //Debug message
222  TRACE_INFO("Sending NewSessionTicket message (%" PRIuSIZE " bytes)...\r\n", length);
223  TRACE_DEBUG_ARRAY(" ", message, length);
224 
225  //Send handshake message
226  error = tlsSendHandshakeMessage(context, message, length,
227  TLS_TYPE_NEW_SESSION_TICKET);
228  }
229  }
230  else
231  {
232  //The client and server can now exchange application-layer data
233  tlsChangeState(context, TLS_STATE_APPLICATION_DATA);
234  }
235 
236  //Return status code
237  return error;
238 }
239 
240 
241 /**
242  * @brief Format HelloRetryRequest message
243  * @param[in] context Pointer to the TLS context
244  * @param[out] message Buffer where to format the HelloRetryRequest message
245  * @param[out] length Length of the resulting HelloRetryRequest message
246  * @return Error code
247  **/
248 
249 error_t tls13FormatHelloRetryRequest(TlsContext *context,
250  Tls13HelloRetryRequest *message, size_t *length)
251 {
252  error_t error;
253  size_t n;
254  uint8_t *p;
255  TlsExtensionList *extensionList;
256 
257  //In TLS 1.3, the client indicates its version preferences in the
258  //SupportedVersions extension and the legacy_version field must be set
259  //to 0x0303, which is the version number for TLS 1.2
260  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_DATAGRAM)
261  {
262  message->serverVersion = HTONS(DTLS_VERSION_1_2);
263  }
264  else
265  {
266  message->serverVersion = HTONS(TLS_VERSION_1_2);
267  }
268 
269  //For backward compatibility with middleboxes the HelloRetryRequest message
270  //uses the same structure as the ServerHello, but with Random field set to
271  //a special value
272  osMemcpy(message->random, tls13HelloRetryRequestRandom, 32);
273 
274  //Point to the session ID
275  p = message->sessionId;
276  //Length of the handshake message
277  *length = sizeof(Tls13HelloRetryRequest);
278 
279  //The legacy_session_id_echo echoes the contents of the client's
280  //legacy_session_id field
281  osMemcpy(message->sessionId, context->sessionId, context->sessionIdLen);
282  message->sessionIdLen = (uint8_t) context->sessionIdLen;
283 
284  //Debug message
285  TRACE_INFO("Session ID (%" PRIu8 " bytes):\r\n", message->sessionIdLen);
286  TRACE_INFO_ARRAY(" ", message->sessionId, message->sessionIdLen);
287 
288  //Advance data pointer
289  p += message->sessionIdLen;
290  //Adjust the length of the message
291  *length += message->sessionIdLen;
292 
293  //The cipher_suite field contains the cipher suite selected by the server
294  STORE16BE(context->cipherSuite.identifier, p);
295 
296  //Advance data pointer
297  p += sizeof(uint16_t);
298  //Adjust the length of the message
299  *length += sizeof(uint16_t);
300 
301  //The legacy_compression_method field must have the value 0
302  *p = TLS_COMPRESSION_METHOD_NULL;
303 
304  //Advance data pointer
305  p += sizeof(uint8_t);
306  //Adjust the length of the message
307  *length += sizeof(uint8_t);
308 
309  //Point to the list of extensions
310  extensionList = (TlsExtensionList *) p;
311  //Total length of the extension list
312  extensionList->length = 0;
313 
314  //Point to the first extension of the list
315  p += sizeof(TlsExtensionList);
316  //Adjust the length of the message
317  *length += sizeof(TlsExtensionList);
318 
319  //The HelloRetryRequest message must contain a SupportedVersions extension
320  error = tls13FormatServerSupportedVersionsExtension(context, p, &n);
321  //Any error to report?
322  if(error)
323  return error;
324 
325  //Fix the length of the extension list
326  extensionList->length += (uint16_t) n;
327  //Point to the next field
328  p += n;
329 
330  //The KeyShare extension contains the mutually supported group the server
331  //intends to negotiate
332  error = tls13FormatSelectedGroupExtension(context, p, &n);
333  //Any error to report?
334  if(error)
335  return error;
336 
337 #if(DTLS_SUPPORT == ENABLED)
338  //When sending a HelloRetryRequest, the server may provide a cookie
339  //extension to the client (refer to RFC 8446, section 4.2.2)
340  error = tls13FormatCookieExtension(context, p, &n);
341  //Any error to report?
342  if(error)
343  return error;
344 #endif
345 
346  //Fix the length of the extension list
347  extensionList->length += (uint16_t) n;
348  //Point to the next field
349  p += n;
350 
351  //Convert the length of the extension list to network byte order
352  extensionList->length = htons(extensionList->length);
353  //Total length of the message
354  *length += htons(extensionList->length);
355 
356  //Successful processing
357  return NO_ERROR;
358 }
359 
360 
361 /**
362  * @brief Format EncryptedExtensions message
363  * @param[in] context Pointer to the TLS context
364  * @param[out] message Buffer where to format the EncryptedExtensions message
365  * @param[out] length Length of the resulting EncryptedExtensions message
366  * @return Error code
367  **/
368 
369 error_t tls13FormatEncryptedExtensions(TlsContext *context,
370  Tls13EncryptedExtensions *message, size_t *length)
371 {
372  error_t error;
373  size_t n;
374  uint8_t *p;
375 
376  //Point to the extension of the list
377  p = message->extensions;
378  //Length of the handshake message
379  *length = sizeof(Tls13EncryptedExtensions);
380 
381  //Total length of the extension list
382  message->extensionsLen = 0;
383 
384 #if (TLS_SNI_SUPPORT == ENABLED)
385  //The server may include a SNI extension in the ServerHello
386  error = tlsFormatServerSniExtension(context, p, &n);
387  //Any error to report?
388  if(error)
389  return error;
390 
391  //Fix the length of the extension list
392  message->extensionsLen += (uint16_t) n;
393  //Point to the next field
394  p += n;
395 #endif
396 
397 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
398  //Servers that receive an ClientHello containing a MaxFragmentLength
399  //extension may accept the requested maximum fragment length by including
400  //an extension of type MaxFragmentLength in the ServerHello
401  error = tlsFormatServerMaxFragLenExtension(context, p, &n);
402  //Any error to report?
403  if(error)
404  return error;
405 
406  //Fix the length of the extension list
407  message->extensionsLen += (uint16_t) n;
408  //Point to the next field
409  p += n;
410 #endif
411 
412 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
413  //The value of RecordSizeLimit is the maximum size of record in octets
414  //that the endpoint is willing to receive
415  error = tlsFormatServerRecordSizeLimitExtension(context, p, &n);
416  //Any error to report?
417  if(error)
418  return error;
419 
420  //Fix the length of the extension list
421  message->extensionsLen += (uint16_t) n;
422  //Point to the next field
423  p += n;
424 #endif
425 
426 #if (TLS_ALPN_SUPPORT == ENABLED)
427  //The ALPN extension contains the name of the selected protocol
428  error = tlsFormatServerAlpnExtension(context, p, &n);
429  //Any error to report?
430  if(error)
431  return error;
432 
433  //Fix the length of the extension list
434  message->extensionsLen += (uint16_t) n;
435  //Point to the next field
436  p += n;
437 #endif
438 
439 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
440  //The ClientCertType extension in the ServerHello indicates the type
441  //of certificates the client is requested to provide in a subsequent
442  //certificate payload
443  error = tlsFormatClientCertTypeExtension(context, p, &n);
444  //Any error to report?
445  if(error)
446  return error;
447 
448  //Fix the length of the extension list
449  message->extensionsLen += (uint16_t) n;
450  //Point to the next field
451  p += n;
452 
453  //With the ServerCertType extension in the ServerHello, the TLS server
454  //indicates the certificate type carried in the certificate payload
455  error = tlsFormatServerCertTypeExtension(context, p, &n);
456  //Any error to report?
457  if(error)
458  return error;
459 
460  //Fix the length of the extension list
461  message->extensionsLen += (uint16_t) n;
462  //Point to the next field
463  p += n;
464 #endif
465 
466 #if (TLS13_EARLY_DATA_SUPPORT == ENABLED)
467  //If the server intends to process the early data, then it returns its
468  //own EarlyData extension in the EncryptedExtensions message
469  error = tls13FormatServerEarlyDataExtension(context,
470  TLS_TYPE_ENCRYPTED_EXTENSIONS, p, &n);
471  //Any error to report?
472  if(error)
473  return error;
474 
475  //Fix the length of the extension list
476  message->extensionsLen += (uint16_t) n;
477  //Point to the next field
478  p += n;
479 #endif
480 
481  //Convert the length of the extension list to network byte order
482  message->extensionsLen = htons(message->extensionsLen);
483  //Total length of the message
484  *length += htons(message->extensionsLen);
485 
486  //Successful processing
487  return NO_ERROR;
488 }
489 
490 
491 /**
492  * @brief Format NewSessionTicket message
493  * @param[in] context Pointer to the TLS context
494  * @param[out] message Buffer where to format the NewSessionTicket message
495  * @param[out] length Length of the resulting NewSessionTicket message
496  * @return Error code
497  **/
498 
499 error_t tls13FormatNewSessionTicket(TlsContext *context,
500  Tls13NewSessionTicket *message, size_t *length)
501 {
502 #if (TLS_TICKET_SUPPORT == ENABLED)
503  error_t error;
504  size_t n;
505  uint8_t *p;
506  Tls13Ticket *ticket;
507  TlsExtensionList *extensionList;
508 
509  //Set the lifetime of the ticket, in seconds
510  message->ticketLifetime = HTONL(TLS_TICKET_LIFETIME / 1000);
511 
512  //The ticket_age_add field is used to obscure the age of the ticket
513  error = context->prngAlgo->generate(context->prngContext,
514  (uint8_t *) &message->ticketAgeAdd, sizeof(uint32_t));
515  //Any error to report?
516  if(error)
517  return error;
518 
519  //Point to ticket nonce
520  p = message->ticketNonce;
521  //Length of the handshake message
522  *length = sizeof(Tls13NewSessionTicket);
523 
524  //The ticket nonce is a per-ticket value that is unique across all tickets
525  //issued on this connection
526  context->ticketNonce++;
527 
528  //Copy ticket nonce
529  STORE32BE(context->ticketNonce, message->ticketNonce);
530  //Set the length of the nonce
531  message->ticketNonceLen = sizeof(uint32_t);
532 
533  //Advance data pointer
534  p += message->ticketNonceLen;
535  //Adjust the length of the message
536  *length += message->ticketNonceLen;
537 
538  //Point to the value of the ticket
539  ticket = (Tls13Ticket *) p;
540 
541  //The ticket itself is an opaque label. It may be either a database lookup
542  //key or a self-encrypted and self-authenticated value
543  error = tls13GenerateTicket(context, message, ticket->data, &n);
544  //Any error to report?
545  if(error)
546  return error;
547 
548  //Fix the length of the ticket
549  ticket->length = htons(n);
550 
551  //Advance data pointer
552  p += sizeof(Tls13Ticket) + n;
553  //Adjust the length of the message
554  *length += sizeof(Tls13Ticket) + n;
555 
556  //Point to the list of extensions
557  extensionList = (TlsExtensionList *) p;
558  //Total length of the extension list
559  extensionList->length = 0;
560 
561  //Point to the first extension of the list
562  p += sizeof(TlsExtensionList);
563  //Adjust the length of the message
564  *length += sizeof(TlsExtensionList);
565 
566 #if (TLS13_EARLY_DATA_SUPPORT == ENABLED)
567  //The sole extension currently defined for NewSessionTicket is EarlyData
568  //indicating that the ticket may be used to send 0-RTT data
569  error = tls13FormatServerEarlyDataExtension(context,
570  TLS_TYPE_NEW_SESSION_TICKET, p, &n);
571  //Any error to report?
572  if(error)
573  return error;
574 
575  //Fix the length of the extension list
576  extensionList->length += (uint16_t) n;
577  //Point to the next field
578  p += n;
579 #endif
580 
581  //Convert the length of the extension list to network byte order
582  extensionList->length = htons(extensionList->length);
583  //Total length of the message
584  *length += htons(extensionList->length);
585 
586  //Successful processing
587  return NO_ERROR;
588 #else
589  //Session ticket mechanism is not implemented
590  return ERROR_NOT_IMPLEMENTED;
591 #endif
592 }
593 
594 #endif
TLS13_KEY_EXCH_PSK
@ TLS13_KEY_EXCH_PSK
Definition: tls.h:1207
htons
#define htons(value)
Definition: cpu_endian.h:413
tls_extensions.h
Parsing and checking of TLS extensions.
tls_misc.h
TLS helper functions.
TRACE_INFO_ARRAY
#define TRACE_INFO_ARRAY(p, a, n)
Definition: debug.h:106
tls13_server.h
Handshake message processing (TLS 1.3 server)
ERROR_WOULD_BLOCK
@ ERROR_WOULD_BLOCK
Definition: error.h:96
TLS13_KEY_EXCH_PSK_DHE
@ TLS13_KEY_EXCH_PSK_DHE
Definition: tls.h:1208
tls_handshake.h
TLS handshake.
TLS_COMPRESSION_METHOD_NULL
@ TLS_COMPRESSION_METHOD_NULL
Definition: tls.h:1173
tls13SendEncryptedExtensions
error_t tls13SendEncryptedExtensions(TlsContext *context)
Send EncryptedExtensions message.
Definition: tls13_server.c:138
ERROR_NOT_IMPLEMENTED
@ ERROR_NOT_IMPLEMENTED
Definition: error.h:66
tls13SendHelloRetryRequest
error_t tls13SendHelloRetryRequest(TlsContext *context)
Send HelloRetryRequest message.
Definition: tls13_server.c:66
p
uint8_t p
Definition: ndp.h:300
message
uint8_t message[]
Definition: chap.h:154
TLS_STATE_CERTIFICATE_REQUEST
@ TLS_STATE_CERTIFICATE_REQUEST
Definition: tls.h:1556
tls13_ticket.h
TLS 1.3 session tickets.
TLS_TRANSPORT_PROTOCOL_DATAGRAM
@ TLS_TRANSPORT_PROTOCOL_DATAGRAM
Definition: tls.h:1000
TLS_STATE_APPLICATION_DATA
@ TLS_STATE_APPLICATION_DATA
Definition: tls.h:1572
tls13FormatCookieExtension
error_t tls13FormatCookieExtension(TlsContext *context, uint8_t *p, size_t *written)
Format Cookie extension.
Definition: tls13_client_extensions.c:54
tlsSendHandshakeMessage
error_t tlsSendHandshakeMessage(TlsContext *context, const void *data, size_t length, TlsMessageType type)
Send handshake message.
Definition: tls_handshake.c:158
tlsFormatServerSniExtension
error_t tlsFormatServerSniExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SNI extension.
Definition: tls_server_extensions.c:54
TLS13_KEY_EXCH_PSK_HYBRID
@ TLS13_KEY_EXCH_PSK_HYBRID
Definition: tls.h:1211
tls13_misc.h
TLS 1.3 helper functions.
TlsExtensionList
TlsExtensionList
Definition: tls.h:1706
tlsFormatServerRecordSizeLimitExtension
error_t tlsFormatServerRecordSizeLimitExtension(TlsContext *context, uint8_t *p, size_t *written)
Format RecordSizeLimit extension.
Definition: tls_server_extensions.c:192
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:144
HTONL
#define HTONL(value)
Definition: cpu_endian.h:411
TlsContext
#define TlsContext
Definition: tls.h:36
error_t
error_t
Error codes.
Definition: error.h:43
TLS_VERSION_1_2
#define TLS_VERSION_1_2
Definition: tls.h:96
Tls13HelloRetryRequest
Tls13HelloRetryRequest
Definition: tls13_misc.h:311
tls13_server_extensions.h
Formatting and parsing of extensions (TLS 1.3 server)
STORE16BE
#define STORE16BE(a, p)
Definition: cpu_endian.h:262
TLS_STATE_SERVER_FINISHED
@ TLS_STATE_SERVER_FINISHED
Definition: tls.h:1567
tlsFormatClientCertTypeExtension
error_t tlsFormatClientCertTypeExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ClientCertType extension.
Definition: tls_server_extensions.c:386
TLS_TYPE_SERVER_HELLO
@ TLS_TYPE_SERVER_HELLO
Definition: tls.h:1086
TLS_TYPE_ENCRYPTED_EXTENSIONS
@ TLS_TYPE_ENCRYPTED_EXTENSIONS
Definition: tls.h:1091
tls13SendNewSessionTicket
error_t tls13SendNewSessionTicket(TlsContext *context)
Send NewSessionTicket message.
Definition: tls13_server.c:197
TRACE_INFO
#define TRACE_INFO(...)
Definition: debug.h:105
length
uint8_t length
Definition: tcp.h:375
tls13FormatSelectedGroupExtension
error_t tls13FormatSelectedGroupExtension(TlsContext *context, uint8_t *p, size_t *written)
Format KeyShare extension (HelloRetryRequest message)
Definition: tls13_server_extensions.c:108
tls13HelloRetryRequestRandom
const uint8_t tls13HelloRetryRequestRandom[32]
Definition: tls13_misc.c:65
tls13FormatServerSupportedVersionsExtension
error_t tls13FormatServerSupportedVersionsExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SupportedVersions extension.
Definition: tls13_server_extensions.c:55
tls13_server_misc.h
Helper functions for TLS 1.3 server.
tlsFormatServerMaxFragLenExtension
error_t tlsFormatServerMaxFragLenExtension(TlsContext *context, uint8_t *p, size_t *written)
Format MaxFragmentLength extension.
Definition: tls_server_extensions.c:121
tls_transcript_hash.h
Transcript hash calculation.
Tls13Ticket
Tls13Ticket
Definition: tls13_misc.h:363
ERROR_TIMEOUT
@ ERROR_TIMEOUT
Definition: error.h:95
ticket
uint8_t ticket[]
Definition: tls.h:1966
TLS13_KEY_EXCH_PSK_ECDHE
@ TLS13_KEY_EXCH_PSK_ECDHE
Definition: tls.h:1209
TRACE_DEBUG_ARRAY
#define TRACE_DEBUG_ARRAY(p, a, n)
Definition: debug.h:120
TLS_TICKET_LIFETIME
#define TLS_TICKET_LIFETIME
Definition: tls.h:178
HTONS
#define HTONS(value)
Definition: cpu_endian.h:410
n
uint8_t n
Definition: dhcpv6_common.h:416
Tls13NewSessionTicket
Tls13NewSessionTicket
Definition: tls13_misc.h:342
tls13FormatServerEarlyDataExtension
error_t tls13FormatServerEarlyDataExtension(TlsContext *context, TlsMessageType msgType, uint8_t *p, size_t *written)
Format EarlyData extension.
Definition: tls13_server_extensions.c:404
tls.h
TLS (Transport Layer Security)
tls13FormatEncryptedExtensions
error_t tls13FormatEncryptedExtensions(TlsContext *context, Tls13EncryptedExtensions *message, size_t *length)
Format EncryptedExtensions message.
Definition: tls13_server.c:369
tls13GenerateTicket
error_t tls13GenerateTicket(TlsContext *context, const Tls13NewSessionTicket *message, uint8_t *ticket, size_t *length)
Session ticket generation.
Definition: tls13_ticket.c:306
TLS_TRANSPORT_PROTOCOL_STREAM
@ TLS_TRANSPORT_PROTOCOL_STREAM
Definition: tls.h:999
TLS_STATE_CLIENT_HELLO_3
@ TLS_STATE_CLIENT_HELLO_3
Definition: tls.h:1544
tls_ffdhe.h
FFDHE key exchange.
tls_server_misc.h
Helper functions for TLS server.
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2
Definition: tls.h:1566
tls_server_extensions.h
Formatting and parsing of extensions (TLS server)
TLS_TYPE_NEW_SESSION_TICKET
@ TLS_TYPE_NEW_SESSION_TICKET
Definition: tls.h:1088
tlsChangeState
void tlsChangeState(TlsContext *context, TlsState newState)
Update TLS state.
Definition: tls_misc.c:54
PRIuSIZE
#define PRIuSIZE
Definition: compiler_port.h:162
tlsFormatServerCertTypeExtension
error_t tlsFormatServerCertTypeExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ServerCertType extension.
Definition: tls_server_extensions.c:434
tls13DigestClientHello1
error_t tls13DigestClientHello1(TlsContext *context)
Hash ClientHello1 in the transcript when HelloRetryRequest is used.
Definition: tls13_misc.c:870
tlsFormatServerAlpnExtension
error_t tlsFormatServerAlpnExtension(TlsContext *context, uint8_t *p, size_t *written)
Format ALPN extension.
Definition: tls_server_extensions.c:319
DTLS_VERSION_1_2
#define DTLS_VERSION_1_2
Definition: dtls_misc.h:36
STORE32BE
#define STORE32BE(a, p)
Definition: cpu_endian.h:286
tls13FormatNewSessionTicket
error_t tls13FormatNewSessionTicket(TlsContext *context, Tls13NewSessionTicket *message, size_t *length)
Format NewSessionTicket message.
Definition: tls13_server.c:499
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
debug.h
Debugging facilities.
TLS13_NEW_SESSION_TICKET_COUNT
#define TLS13_NEW_SESSION_TICKET_COUNT
Definition: tls13_misc.h:141
tls13FormatHelloRetryRequest
error_t tls13FormatHelloRetryRequest(TlsContext *context, Tls13HelloRetryRequest *message, size_t *length)
Format HelloRetryRequest message.
Definition: tls13_server.c:249
Tls13EncryptedExtensions
Tls13EncryptedExtensions
Definition: tls13_misc.h:329