TLS 1.3 helper functions. More...
#include "tls.h"#include "tls_cipher_suites.h"#include "tls_extensions.h"#include "tls_certificate.h"#include "tls_transcript_hash.h"#include "tls_ffdhe.h"#include "tls_record.h"#include "tls_misc.h"#include "tls13_key_material.h"#include "tls13_ticket.h"#include "tls13_misc.h"#include "kdf/hkdf.h"#include "debug.h"Go to the source code of this file.
Macros | |
| #define | TRACE_LEVEL TLS_TRACE_LEVEL |
Functions | |
| error_t | tls13ComputePskBinder (TlsContext *context, const void *clientHello, size_t clientHelloLen, size_t truncatedClientHelloLen, const Tls13PskIdentity *identity, uint8_t *binder, size_t binderLen) |
| Compute PSK binder value. More... | |
| error_t | tls13GenerateKeyShare (TlsContext *context, uint16_t namedGroup) |
| Key share generation. More... | |
| error_t | tls13GenerateSharedSecret (TlsContext *context, const uint8_t *keyShare, size_t length) |
| (EC)DHE shared secret generation More... | |
| error_t | tls13Encapsulate (TlsContext *context, uint16_t namedGroup, const uint8_t *keyShare, size_t length) |
| Encapsulation algorithm. More... | |
| error_t | tls13Decapsulate (TlsContext *context, const uint8_t *keyShare, size_t length) |
| Decapsulation algorithm. More... | |
| error_t | tls13ComputeMac (TlsContext *context, TlsEncryptionEngine *encryptionEngine, void *record, const uint8_t *data, size_t dataLen, uint8_t *mac) |
| Compute message authentication code. More... | |
| error_t | tls13DigestClientHello1 (TlsContext *context) |
| Hash ClientHello1 in the transcript when HelloRetryRequest is used. More... | |
| bool_t | tls13IsPskValid (TlsContext *context) |
| Check whether an externally established PSK is valid. More... | |
| bool_t | tls13IsGroupSupported (TlsContext *context, uint16_t namedGroup) |
| Check whether a given named group is supported. More... | |
| bool_t | tls13IsFfdheGroupSupported (TlsContext *context, uint16_t namedGroup) |
| Check whether a given FFDHE group is supported. More... | |
| bool_t | tls13IsEcdheGroupSupported (TlsContext *context, uint16_t namedGroup) |
| Check whether a given ECDHE group is supported. More... | |
| bool_t | tls13IsHybridKeMethodSupported (TlsContext *context, uint16_t namedGroup) |
| Check whether a given hybrid key exchange method is supported. More... | |
| const EcCurveInfo * | tls13GetTraditionalAlgo (TlsContext *context, uint16_t namedGroup) |
| Get the traditional algorithm used by the hybrid key exchange method. More... | |
| const KemAlgo * | tls13GetNextGenAlgo (TlsContext *context, uint16_t namedGroup) |
| Get the next-gen algorithm used by the hybrid key exchange method. More... | |
| error_t | tls13CheckDuplicateKeyShare (uint16_t namedGroup, const uint8_t *p, size_t length) |
| Check whether the specified key share group is a duplicate. More... | |
| error_t | tls13FormatCertExtensions (uint8_t *p, size_t *written) |
| Format certificate extensions. More... | |
| error_t | tls13ParseCertExtensions (const uint8_t *p, size_t length, size_t *consumed) |
| Parse certificate extensions. More... | |
Variables | |
| const uint8_t | tls11DowngradeRandom [8] |
| const uint8_t | tls12DowngradeRandom [8] |
| const uint8_t | tls13HelloRetryRequestRandom [32] |
Detailed Description
TLS 1.3 helper functions.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneSSL Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.4.4
Definition in file tls13_misc.c.
Macro Definition Documentation
◆ TRACE_LEVEL
| #define TRACE_LEVEL TLS_TRACE_LEVEL |
Definition at line 32 of file tls13_misc.c.
Function Documentation
◆ tls13CheckDuplicateKeyShare()
| error_t tls13CheckDuplicateKeyShare | ( | uint16_t | namedGroup, |
| const uint8_t * | p, | ||
| size_t | length | ||
| ) |
Check whether the specified key share group is a duplicate.
- Parameters
-
[in] namedGroup Named group [in] p List of key share entries [in] length Length of the list, in bytes
- Returns
- Error code
Definition at line 1106 of file tls13_misc.c.
◆ tls13ComputeMac()
| error_t tls13ComputeMac | ( | TlsContext * | context, |
| TlsEncryptionEngine * | encryptionEngine, | ||
| void * | record, | ||
| const uint8_t * | data, | ||
| size_t | dataLen, | ||
| uint8_t * | mac | ||
| ) |
Compute message authentication code.
- Parameters
-
[in] context Pointer to the TLS context [in] encryptionEngine Pointer to the encryption/decryption engine [in] record Pointer to the TLS record [in] data Pointer to the record data [in] dataLen Length of the data [out] mac The computed MAC value
- Returns
- Error code
Definition at line 683 of file tls13_misc.c.
◆ tls13ComputePskBinder()
| error_t tls13ComputePskBinder | ( | TlsContext * | context, |
| const void * | clientHello, | ||
| size_t | clientHelloLen, | ||
| size_t | truncatedClientHelloLen, | ||
| const Tls13PskIdentity * | identity, | ||
| uint8_t * | binder, | ||
| size_t | binderLen | ||
| ) |
Compute PSK binder value.
- Parameters
-
[in] context Pointer to the TLS context [in] clientHello Pointer to the ClientHello message [in] clientHelloLen Length of the ClientHello message [in] truncatedClientHelloLen Length of the partial ClientHello message [in] identity Pointer to the PSK identity [out] binder Buffer where to store the resulting PSK binder [in] binderLen Expected length of the PSK binder
- Returns
- Error code
Definition at line 86 of file tls13_misc.c.
◆ tls13Decapsulate()
| error_t tls13Decapsulate | ( | TlsContext * | context, |
| const uint8_t * | keyShare, | ||
| size_t | length | ||
| ) |
Decapsulation algorithm.
- Parameters
-
[in] context Pointer to the TLS context [in] keyShare Pointer to the server's key share [in] length Length of the client's key share, in bytes
- Returns
- Error code
Definition at line 603 of file tls13_misc.c.
◆ tls13DigestClientHello1()
| error_t tls13DigestClientHello1 | ( | TlsContext * | context | ) |
Hash ClientHello1 in the transcript when HelloRetryRequest is used.
- Parameters
-
[in] context Pointer to the TLS context
- Returns
- Error code
Definition at line 725 of file tls13_misc.c.
◆ tls13Encapsulate()
| error_t tls13Encapsulate | ( | TlsContext * | context, |
| uint16_t | namedGroup, | ||
| const uint8_t * | keyShare, | ||
| size_t | length | ||
| ) |
Encapsulation algorithm.
- Parameters
-
[in] context Pointer to the TLS context [in] keyShare Pointer to the client's key share [in] length Length of the client's key share, in bytes
- Returns
- Error code
Definition at line 498 of file tls13_misc.c.
◆ tls13FormatCertExtensions()
| error_t tls13FormatCertExtensions | ( | uint8_t * | p, |
| size_t * | written | ||
| ) |
Format certificate extensions.
- Parameters
-
[in] p Output stream where to write the list of extensions [out] written Total number of bytes that have been written
- Returns
- Error code
Definition at line 1152 of file tls13_misc.c.
◆ tls13GenerateKeyShare()
| error_t tls13GenerateKeyShare | ( | TlsContext * | context, |
| uint16_t | namedGroup | ||
| ) |
Key share generation.
- Parameters
-
[in] context Pointer to the TLS context [in] namedGroup Named group
- Returns
- Error code
Definition at line 260 of file tls13_misc.c.
◆ tls13GenerateSharedSecret()
| error_t tls13GenerateSharedSecret | ( | TlsContext * | context, |
| const uint8_t * | keyShare, | ||
| size_t | length | ||
| ) |
(EC)DHE shared secret generation
- Parameters
-
[in] context Pointer to the TLS context [in] keyShare Pointer to the peer's (EC)DHE parameters [in] length Length of the (EC)DHE parameters, in bytes
- Returns
- Error code
Definition at line 402 of file tls13_misc.c.
◆ tls13GetNextGenAlgo()
| const KemAlgo* tls13GetNextGenAlgo | ( | TlsContext * | context, |
| uint16_t | namedGroup | ||
| ) |
Get the next-gen algorithm used by the hybrid key exchange method.
- Parameters
-
[in] context Pointer to the TLS context [in] namedGroup Hybrid key exchange method
- Returns
- Next-gen algorithm
Definition at line 1047 of file tls13_misc.c.
◆ tls13GetTraditionalAlgo()
| const EcCurveInfo* tls13GetTraditionalAlgo | ( | TlsContext * | context, |
| uint16_t | namedGroup | ||
| ) |
Get the traditional algorithm used by the hybrid key exchange method.
- Parameters
-
[in] context Pointer to the TLS context [in] namedGroup Hybrid key exchange method
- Returns
- Traditional algorithm
Definition at line 984 of file tls13_misc.c.
◆ tls13IsEcdheGroupSupported()
| bool_t tls13IsEcdheGroupSupported | ( | TlsContext * | context, |
| uint16_t | namedGroup | ||
| ) |
Check whether a given ECDHE group is supported.
- Parameters
-
[in] context Pointer to the TLS context [in] namedGroup Named group
- Returns
- TRUE is the ECDHE group is supported, else FALSE
Definition at line 885 of file tls13_misc.c.
◆ tls13IsFfdheGroupSupported()
| bool_t tls13IsFfdheGroupSupported | ( | TlsContext * | context, |
| uint16_t | namedGroup | ||
| ) |
Check whether a given FFDHE group is supported.
- Parameters
-
[in] context Pointer to the TLS context [in] namedGroup Named group
- Returns
- TRUE is the FFDHE group is supported, else FALSE
Definition at line 845 of file tls13_misc.c.
◆ tls13IsGroupSupported()
| bool_t tls13IsGroupSupported | ( | TlsContext * | context, |
| uint16_t | namedGroup | ||
| ) |
Check whether a given named group is supported.
- Parameters
-
[in] context Pointer to the TLS context [in] namedGroup Named group
- Returns
- TRUE is the named group is supported, else FALSE
Definition at line 808 of file tls13_misc.c.
◆ tls13IsHybridKeMethodSupported()
| bool_t tls13IsHybridKeMethodSupported | ( | TlsContext * | context, |
| uint16_t | namedGroup | ||
| ) |
Check whether a given hybrid key exchange method is supported.
- Parameters
-
[in] context Pointer to the TLS context [in] namedGroup Named group
- Returns
- TRUE is the hybrid key exchange is supported, else FALSE
Definition at line 943 of file tls13_misc.c.
◆ tls13IsPskValid()
| bool_t tls13IsPskValid | ( | TlsContext * | context | ) |
Check whether an externally established PSK is valid.
- Parameters
-
[in] context Pointer to the TLS context
- Returns
- TRUE is the PSK is valid, else FALSE
Definition at line 770 of file tls13_misc.c.
◆ tls13ParseCertExtensions()
| error_t tls13ParseCertExtensions | ( | const uint8_t * | p, |
| size_t | length, | ||
| size_t * | consumed | ||
| ) |
Parse certificate extensions.
- Parameters
-
[in] p Input stream where to read the list of extensions [in] length Number of bytes available in the input stream [out] consumed Total number of bytes that have been consumed
- Returns
- Error code
Definition at line 1181 of file tls13_misc.c.
Variable Documentation
◆ tls11DowngradeRandom
| const uint8_t tls11DowngradeRandom[8] |
Definition at line 53 of file tls13_misc.c.
◆ tls12DowngradeRandom
| const uint8_t tls12DowngradeRandom[8] |
Definition at line 59 of file tls13_misc.c.
◆ tls13HelloRetryRequestRandom
| const uint8_t tls13HelloRetryRequestRandom[32] |
Definition at line 65 of file tls13_misc.c.