tls_key_material.h File Reference

Key material generation. More...

#include "tls.h"

Go to the source code of this file.

Functions

error_t tlsGenerateSessionKeys (TlsContext *context)
 Generate session keys. More...
 
error_t tlsGenerateMasterSecret (TlsContext *context)
 Master secret computation. More...
 
error_t tlsGenerateExtendedMasterSecret (TlsContext *context)
 Extended master secret computation. More...
 
error_t tlsGeneratePskPremasterSecret (TlsContext *context)
 Premaster secret generation (for PSK cipher suites) More...
 
error_t tlsGenerateKeyBlock (TlsContext *context, size_t keyBlockLen)
 Key expansion function. More...
 
error_t tlsExportKeyingMaterial (TlsContext *context, const char_t *label, bool_t useContextValue, const uint8_t *contextValue, size_t contextValueLen, uint8_t *output, size_t outputLen)
 Export keying material per RFC 5705 standard. More...
 
error_t tlsPrf (const uint8_t *secret, size_t secretLen, const char_t *label, const uint8_t *seed, size_t seedLen, uint8_t *output, size_t outputLen)
 Pseudorandom function (TLS 1.0 and 1.1) More...
 
error_t tls12Prf (const HashAlgo *hash, const uint8_t *secret, size_t secretLen, const char_t *label, const uint8_t *seed, size_t seedLen, uint8_t *output, size_t outputLen)
 Pseudorandom function (TLS 1.2) More...
 
void tlsDumpSecret (TlsContext *context, const char_t *label, const uint8_t *secret, size_t secretLen)
 Dump secret key (for debugging purpose only) More...
 

Detailed Description

Key material generation.

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneSSL Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.4.4

Definition in file tls_key_material.h.

Function Documentation

◆ tls12Prf()

error_t tls12Prf ( const HashAlgo hash,
const uint8_t *  secret,
size_t  secretLen,
const char_t label,
const uint8_t *  seed,
size_t  seedLen,
uint8_t *  output,
size_t  outputLen 
)

Pseudorandom function (TLS 1.2)

The pseudorandom function (PRF) takes as input a secret, a seed, and an identifying label and produces an output of arbitrary length. This function is used to expand secrets into blocks of data for the purpose of key generation

Parameters
[in]hashHash function used to compute PRF
[in]secretPointer to the secret
[in]secretLenLength of the secret
[in]labelIdentifying label (NULL-terminated string)
[in]seedPointer to the seed
[in]seedLenLength of the seed
[out]outputPointer to the output
[in]outputLenDesired output length
Returns
Error code

Definition at line 729 of file tls_key_material.c.

◆ tlsDumpSecret()

void tlsDumpSecret ( TlsContext context,
const char_t label,
const uint8_t *  secret,
size_t  secretLen 
)

Dump secret key (for debugging purpose only)

Parameters
[in]contextPointer to the TLS context
[in]labelIdentifying label (NULL-terminated string)
[in]secretPointer to the secret key
[in]secretLenLength of the secret key, in bytes

Definition at line 810 of file tls_key_material.c.

◆ tlsExportKeyingMaterial()

error_t tlsExportKeyingMaterial ( TlsContext context,
const char_t label,
bool_t  useContextValue,
const uint8_t *  contextValue,
size_t  contextValueLen,
uint8_t *  output,
size_t  outputLen 
)

Export keying material per RFC 5705 standard.

Parameters
[in]contextPointer to the TLS context
[in]labelIdentifying label (NULL-terminated string)
[in]useContextValueSpecifies whether upper-layer context should be used when exporting keying material
[in]contextValuePointer to the upper-layer context
[in]contextValueLenLength of the upper-layer context
[out]outputPointer to the output
[in]outputLenDesired output length
Returns
Error code

Definition at line 448 of file tls_key_material.c.

◆ tlsGenerateExtendedMasterSecret()

error_t tlsGenerateExtendedMasterSecret ( TlsContext context)

Extended master secret computation.

Parameters
[in]contextPointer to the TLS context
Returns
Error code

Definition at line 193 of file tls_key_material.c.

◆ tlsGenerateKeyBlock()

error_t tlsGenerateKeyBlock ( TlsContext context,
size_t  keyBlockLen 
)

Key expansion function.

Parameters
[in]contextPointer to the TLS context
[in]keyBlockLenDesired length for the resulting key block
Returns
Error code

Definition at line 392 of file tls_key_material.c.

◆ tlsGenerateMasterSecret()

error_t tlsGenerateMasterSecret ( TlsContext context)

Master secret computation.

Parameters
[in]contextPointer to the TLS context
Returns
Error code

Definition at line 143 of file tls_key_material.c.

◆ tlsGeneratePskPremasterSecret()

error_t tlsGeneratePskPremasterSecret ( TlsContext context)

Premaster secret generation (for PSK cipher suites)

Parameters
[in]contextPointer to the TLS context
Returns
Error code

Definition at line 290 of file tls_key_material.c.

◆ tlsGenerateSessionKeys()

error_t tlsGenerateSessionKeys ( TlsContext context)

Generate session keys.

Parameters
[in]contextPointer to the TLS context
Returns
Error code

Definition at line 51 of file tls_key_material.c.

◆ tlsPrf()

error_t tlsPrf ( const uint8_t *  secret,
size_t  secretLen,
const char_t label,
const uint8_t *  seed,
size_t  seedLen,
uint8_t *  output,
size_t  outputLen 
)

Pseudorandom function (TLS 1.0 and 1.1)

The pseudorandom function (PRF) takes as input a secret, a seed, and an identifying label and produces an output of arbitrary length. This function is used to expand secrets into blocks of data for the purpose of key generation

Parameters
[in]secretPointer to the secret
[in]secretLenLength of the secret
[in]labelIdentifying label (NULL-terminated string)
[in]seedPointer to the seed
[in]seedLenLength of the seed
[out]outputPointer to the output
[in]outputLenDesired output length
Returns
Error code

Definition at line 602 of file tls_key_material.c.