tls_transcript_hash.c
Go to the documentation of this file.
1 /**
2  * @file tls_transcript_hash.c
3  * @brief Transcript hash calculation
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.6
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL TLS_TRACE_LEVEL
33 
34 //Dependencies
35 #include <string.h>
36 #include "tls.h"
37 #include "tls_client.h"
38 #include "tls_key_material.h"
39 #include "tls_transcript_hash.h"
40 #include "tls13_key_material.h"
41 #include "ssl_misc.h"
42 #include "debug.h"
43 
44 //Check TLS library configuration
45 #if (TLS_SUPPORT == ENABLED)
46 
47 
48 /**
49  * @brief Initialize handshake message hashing
50  * @param[in] context Pointer to the TLS context
51  * @return Error code
52  **/
53 
55 {
56 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
57  //MD5 context already instantiated?
58  if(context->transcriptMd5Context != NULL)
59  {
60  tlsFreeMem(context->transcriptMd5Context);
61  context->transcriptMd5Context = NULL;
62  }
63 #endif
64 
65 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
66  //SHA-1 context already instantiated?
67  if(context->transcriptSha1Context != NULL)
68  {
69  tlsFreeMem(context->transcriptSha1Context);
70  context->transcriptSha1Context = NULL;
71  }
72 #endif
73 
74 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
75  //Hash algorithm context already instantiated?
76  if(context->transcriptHashContext != NULL)
77  {
78  tlsFreeMem(context->transcriptHashContext);
79  context->transcriptHashContext = NULL;
80  }
81 #endif
82 
83 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
84  //SSL 3.0, TLS 1.0 or TLS 1.1 currently selected?
85  if(context->version <= TLS_VERSION_1_1)
86  {
87  //Allocate MD5 context
88  context->transcriptMd5Context = tlsAllocMem(sizeof(Md5Context));
89  //Failed to allocate memory?
90  if(context->transcriptMd5Context == NULL)
91  return ERROR_OUT_OF_MEMORY;
92 
93  //Initialize MD5 context
94  md5Init(context->transcriptMd5Context);
95  }
96 #endif
97 
98 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
99  //SSL 3.0, TLS 1.0, TLS 1.1 or TLS 1.2 currently selected?
100  if(context->version <= TLS_VERSION_1_2)
101  {
102  //Allocate SHA-1 context
103  context->transcriptSha1Context = tlsAllocMem(sizeof(Sha1Context));
104  //Failed to allocate memory?
105  if(context->transcriptSha1Context == NULL)
106  return ERROR_OUT_OF_MEMORY;
107 
108  //Initialize SHA-1 context
109  sha1Init(context->transcriptSha1Context);
110  }
111 #endif
112 
113 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
114  //TLS 1.2 or 1.3 currently selected?
115  if(context->version >= TLS_VERSION_1_2)
116  {
117  const HashAlgo *hashAlgo;
118 
119  //Point to the hash algorithm to be used
120  hashAlgo = context->cipherSuite.prfHashAlgo;
121  //Make sure the hash algorithm is valid
122  if(hashAlgo == NULL)
123  return ERROR_FAILURE;
124 
125  //Allocate hash algorithm context
126  context->transcriptHashContext = tlsAllocMem(hashAlgo->contextSize);
127  //Failed to allocate memory?
128  if(context->transcriptHashContext == NULL)
129  return ERROR_OUT_OF_MEMORY;
130 
131  //Initialize the hash algorithm context
132  hashAlgo->init(context->transcriptHashContext);
133  }
134 #endif
135 
136 #if (TLS_CLIENT_SUPPORT == ENABLED)
137  //Client mode?
138  if(context->entity == TLS_CONNECTION_END_CLIENT)
139  {
140 #if (DTLS_SUPPORT == ENABLED)
141  //DTLS protocol?
142  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_DATAGRAM)
143  {
144  size_t length;
145  DtlsRecord *record;
146 
147  //Point to the DTLS record that holds the ClientHello message
148  record = (DtlsRecord *) context->txBuffer;
149 
150  //Sanity check
151  if(context->txBufferLen > sizeof(DtlsRecord))
152  {
153  //Retrieve the length of the handshake message
154  length = context->txBufferLen - sizeof(DtlsRecord);
155 
156  //Update the hash value with the ClientHello message
157  tlsUpdateTranscriptHash(context, record->data, length);
158  }
159  }
160  else
161 #endif
162  //TLS protocol?
163  {
164  size_t length;
165  TlsRecord *record;
166 
167  //Point to the TLS record that holds the ClientHello message
168  record = (TlsRecord *) context->txBuffer;
169 
170  //Retrieve the length of the handshake message
171  length = ntohs(record->length);
172 
173  //Sanity check
174  if((length + sizeof(TlsRecord)) <= context->txBufferSize)
175  {
176  //Update the hash value with the ClientHello message
177  tlsUpdateTranscriptHash(context, record->data, length);
178  }
179  }
180  }
181 #endif
182 
183  //Successful initialization
184  return NO_ERROR;
185 }
186 
187 
188 /**
189  * @brief Update hash value with a handshake message
190  * @param[in] context Pointer to the TLS context
191  * @param[in] data Pointer to the handshake message being hashed
192  * @param[in] length Length of the message
193  **/
194 
195 void tlsUpdateTranscriptHash(TlsContext *context, const void *data,
196  size_t length)
197 {
198 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
199  //SSL 3.0, TLS 1.0 or TLS 1.1 currently selected?
200  if(context->version <= TLS_VERSION_1_1)
201  {
202  //Valid MD5 context?
203  if(context->transcriptMd5Context != NULL)
204  {
205  //Update MD5 hash value with message contents
206  md5Update(context->transcriptMd5Context, data, length);
207  }
208  }
209 #endif
210 
211 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
212  //SSL 3.0, TLS 1.0, TLS 1.1 or TLS 1.2 currently selected?
213  if(context->version <= TLS_VERSION_1_2)
214  {
215  //Valid SHA-1 context?
216  if(context->transcriptSha1Context != NULL)
217  {
218  //Update SHA-1 hash value with message contents
219  sha1Update(context->transcriptSha1Context, data, length);
220  }
221  }
222 #endif
223 
224 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
225  //TLS 1.2 or TLS 1.3 currently selected?
226  if(context->version >= TLS_VERSION_1_2)
227  {
228  const HashAlgo *hashAlgo;
229 
230  //Point to the PRF hash algorithm to be used
231  hashAlgo = context->cipherSuite.prfHashAlgo;
232 
233  //Valid hash algorithm?
234  if(hashAlgo != NULL && context->transcriptHashContext != NULL)
235  {
236  //Update hash value with message contents
237  hashAlgo->update(context->transcriptHashContext, data, length);
238  }
239  }
240 #endif
241 }
242 
243 
244 /**
245  * @brief Finalize hash calculation from previous handshake messages
246  * @param[in] context Pointer to the TLS context
247  * @param[in] hash Hash function used to digest the handshake messages
248  * @param[in] hashContext Pointer to the hash context
249  * @param[in] label NULL-terminated string
250  * @param[out] output Buffer where to store the resulting hash value
251  * @return Error code
252  **/
253 
255  const void *hashContext, const char_t *label, uint8_t *output)
256 {
257  error_t error;
258  HashContext *tempHashContext;
259 
260  //Make sure the hash context is valid
261  if(hash == NULL || hashContext == NULL)
263 
264  //Allocate a temporary hash context
265  tempHashContext = tlsAllocMem(hash->contextSize);
266 
267  //Successful memory allocation?
268  if(tempHashContext != NULL)
269  {
270  //The original hash context must be preserved
271  memcpy(tempHashContext, hashContext, hash->contextSize);
272 
273 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= SSL_VERSION_3_0)
274  //SSL 3.0 currently selected?
275  if(context->version == SSL_VERSION_3_0)
276  {
277  size_t labelLen;
278  size_t padLen;
279 
280  //Retrieve the length of the label
281  labelLen = strlen(label);
282 
283  //The pad character is repeated 48 times for MD5 or 40 times for SHA-1
284  padLen = (hash == MD5_HASH_ALGO) ? 48 : 40;
285 
286  //hash(handshakeMessages + label + masterSecret + pad1)
287  hash->update(tempHashContext, label, labelLen);
288  hash->update(tempHashContext, context->masterSecret, TLS_MASTER_SECRET_SIZE);
289  hash->update(tempHashContext, sslPad1, padLen);
290  hash->final(tempHashContext, output);
291 
292  //hash(masterSecret + pad2 + hash(handshakeMessages + label +
293  //masterSecret + pad1))
294  hash->init(tempHashContext);
295  hash->update(tempHashContext, context->masterSecret, TLS_MASTER_SECRET_SIZE);
296  hash->update(tempHashContext, sslPad2, padLen);
297  hash->update(tempHashContext, output, hash->digestSize);
298  hash->final(tempHashContext, output);
299 
300  //Successful processing
301  error = NO_ERROR;
302  }
303  else
304 #endif
305 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
306  //TLS 1.0, TLS 1.1, TLS 1.2 or TLS 1.3 currently selected?
307  if(context->version >= TLS_VERSION_1_0 && context->version <= TLS_VERSION_1_3)
308  {
309  //Compute hash(handshakeMessages)
310  hash->final(tempHashContext, output);
311  //Successful processing
312  error = NO_ERROR;
313  }
314  else
315 #endif
316  //Invalid TLS version?
317  {
318  //Report an error
319  error = ERROR_INVALID_VERSION;
320  }
321 
322  //Release previously allocated resources
323  tlsFreeMem(tempHashContext);
324  }
325  else
326  {
327  //Failed to allocate memory
328  error = ERROR_OUT_OF_MEMORY;
329  }
330 
331  //Return status code
332  return error;
333 }
334 
335 
336 /**
337  * @brief Release transcript hash context
338  * @param[in] context Pointer to the TLS context
339  * @return Error code
340  **/
341 
343 {
344 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
345  //Release MD5 hash context
346  if(context->transcriptMd5Context != NULL)
347  {
348  memset(context->transcriptMd5Context, 0, sizeof(Md5Context));
349  tlsFreeMem(context->transcriptMd5Context);
350  context->transcriptMd5Context = NULL;
351  }
352 #endif
353 
354 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
355  //Release SHA-1 hash context
356  if(context->transcriptSha1Context != NULL)
357  {
358  memset(context->transcriptSha1Context, 0, sizeof(Sha1Context));
359  tlsFreeMem(context->transcriptSha1Context);
360  context->transcriptSha1Context = NULL;
361  }
362 #endif
363 
364 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
365  //Release transcript hash context
366  if(context->transcriptHashContext != NULL)
367  {
368  tlsFreeMem(context->transcriptHashContext);
369  context->transcriptHashContext = NULL;
370  }
371 #endif
372 }
373 
374 
375 /**
376  * @brief Compute verify data from previous handshake messages
377  * @param[in] context Pointer to the TLS context
378  * @param[in] entity Specifies whether the computation is performed at client
379  * or server side
380  * @param[out] verifyData Pointer to the buffer where to store the verify data
381  * @param[out] verifyDataLen Length of the verify data
382  * @return Error code
383  **/
384 
386  uint8_t *verifyData, size_t *verifyDataLen)
387 {
388  error_t error;
389 
390 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= SSL_VERSION_3_0)
391  //SSL 3.0 currently selected?
392  if(context->version == SSL_VERSION_3_0)
393  {
394  const char_t *label;
395 
396  //Check whether the computation is performed at client or server side
397  if(entity == TLS_CONNECTION_END_CLIENT)
398  label = "CLNT";
399  else
400  label = "SRVR";
401 
402  //Compute MD5(masterSecret + pad2 + MD5(handshakeMessages + label +
403  //masterSecret + pad1))
404  error = tlsFinalizeTranscriptHash(context, MD5_HASH_ALGO,
405  context->transcriptMd5Context, label, verifyData);
406 
407  //Check status code
408  if(!error)
409  {
410  //Compute SHA(masterSecret + pad2 + SHA(handshakeMessages + label +
411  //masterSecret + pad1))
412  error = tlsFinalizeTranscriptHash(context, SHA1_HASH_ALGO,
413  context->transcriptSha1Context, label, verifyData + MD5_DIGEST_SIZE);
414  }
415  }
416  else
417 #endif
418 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
419  //TLS 1.0 or 1.1 currently selected?
420  if(context->version == TLS_VERSION_1_0 || context->version == TLS_VERSION_1_1)
421  {
422  const char_t *label;
423  uint8_t digest[MD5_DIGEST_SIZE + SHA1_DIGEST_SIZE];
424 
425  //Finalize MD5 hash computation
426  error = tlsFinalizeTranscriptHash(context, MD5_HASH_ALGO,
427  context->transcriptMd5Context, "", digest);
428 
429  //Check status code
430  if(!error)
431  {
432  //Finalize SHA-1 hash computation
433  error = tlsFinalizeTranscriptHash(context, SHA1_HASH_ALGO,
434  context->transcriptSha1Context, "", digest + MD5_DIGEST_SIZE);
435  }
436 
437  //Check status code
438  if(!error)
439  {
440  //Check whether the computation is performed at client or server side
441  if(entity == TLS_CONNECTION_END_CLIENT)
442  label = "client finished";
443  else
444  label = "server finished";
445 
446  //The verify data is always 12-byte long for TLS 1.0 and 1.1
447  error = tlsPrf(context->masterSecret, TLS_MASTER_SECRET_SIZE,
448  label, digest, sizeof(digest), verifyData, 12);
449  }
450  }
451  else
452 #endif
453 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
454  //TLS 1.2 currently selected?
455  if(context->version == TLS_VERSION_1_2)
456  {
457  const char_t *label;
458  const HashAlgo *hashAlgo;
459  HashContext *hashContext;
460 
461  //Point to the hash algorithm to be used
462  hashAlgo = context->cipherSuite.prfHashAlgo;
463 
464  //Valid hash algorithm?
465  if(hashAlgo != NULL && context->transcriptHashContext != NULL)
466  {
467  //Allocate hash algorithm context
468  hashContext = tlsAllocMem(hashAlgo->contextSize);
469 
470  //Successful memory allocation?
471  if(hashContext != NULL)
472  {
473  //The original hash context must be preserved
474  memcpy(hashContext, context->transcriptHashContext,
475  hashAlgo->contextSize);
476 
477  //Finalize hash computation
478  hashAlgo->final(hashContext, NULL);
479 
480  //Check whether the computation is performed at client or server side
481  if(entity == TLS_CONNECTION_END_CLIENT)
482  label = "client finished";
483  else
484  label = "server finished";
485 
486  //Compute the verify data
487  error = tls12Prf(hashAlgo, context->masterSecret, TLS_MASTER_SECRET_SIZE,
488  label, hashContext->digest, hashAlgo->digestSize,
489  verifyData, context->cipherSuite.verifyDataLen);
490 
491  //Release previously allocated memory
492  tlsFreeMem(hashContext);
493  }
494  else
495  {
496  //Failed to allocate memory
497  error = ERROR_OUT_OF_MEMORY;
498  }
499  }
500  else
501  {
502  //Invalid hash algorithm
503  error = ERROR_FAILURE;
504  }
505  }
506  else
507 #endif
508 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
509  //TLS 1.3 currently selected?
510  if(context->version == TLS_VERSION_1_3)
511  {
512  uint8_t *baseKey;
513  const HashAlgo *hashAlgo;
514  uint8_t digest[TLS_MAX_HKDF_DIGEST_SIZE];
515  uint8_t finishedKey[TLS_MAX_HKDF_DIGEST_SIZE];
516 
517  //The hash function used by HKDF is the cipher suite hash algorithm
518  hashAlgo = context->cipherSuite.prfHashAlgo;
519 
520  //Valid hash algorithm?
521  if(hashAlgo != NULL && context->transcriptHashContext != NULL)
522  {
523  //Check whether the computation is performed at client or server side
524  if(entity == TLS_CONNECTION_END_CLIENT)
525  baseKey = context->clientHsTrafficSecret;
526  else
527  baseKey = context->serverHsTrafficSecret;
528 
529  //The key used to compute the Finished message is computed from the
530  //base key using HKDF
531  error = tls13HkdfExpandLabel(hashAlgo, baseKey, hashAlgo->digestSize,
532  "finished", NULL, 0, finishedKey, hashAlgo->digestSize);
533 
534  //Check status code
535  if(!error)
536  {
537  //Compute the transcript hash
538  error = tlsFinalizeTranscriptHash(context, hashAlgo,
539  context->transcriptHashContext, "", digest);
540  }
541 
542  //Check status code
543  if(!error)
544  {
545  //Compute the verify data
546  error = hmacCompute(hashAlgo, finishedKey, hashAlgo->digestSize,
547  digest, hashAlgo->digestSize, verifyData);
548  }
549  }
550  else
551  {
552  //Invalid hash algorithm
553  error = ERROR_FAILURE;
554  }
555  }
556  else
557 #endif
558  //Invalid TLS version?
559  {
560  //Report an error
561  error = ERROR_INVALID_VERSION;
562  }
563 
564  //Check status code
565  if(!error)
566  {
567  //Save the length of the verify data
568  *verifyDataLen = context->cipherSuite.verifyDataLen;
569 
570  //Debug message
571  TRACE_DEBUG("Verify data:\r\n");
572  TRACE_DEBUG_ARRAY(" ", verifyData, *verifyDataLen);
573  }
574 
575  //Return status code
576  return error;
577 }
578 
579 #endif
#define tlsAllocMem(size)
Definition: tls.h:757
void sha1Update(Sha1Context *context, const void *data, size_t length)
Update the SHA-1 context with a portion of the message being hashed.
Definition: sha1.c:152
uint8_t length
Definition: dtls_misc.h:149
HashAlgoInit init
Definition: crypto.h:1139
#define SHA1_HASH_ALGO
Definition: sha1.h:46
Key material generation.
error_t tlsFinalizeTranscriptHash(TlsContext *context, const HashAlgo *hash, const void *hashContext, const char_t *label, uint8_t *output)
Finalize hash calculation from previous handshake messages.
error_t tlsPrf(const uint8_t *secret, size_t secretLen, const char_t *label, const uint8_t *seed, size_t seedLen, uint8_t *output, size_t outputLen)
Pseudorandom function (TLS 1.0 and 1.1)
TlsConnectionEnd
TLS connection end.
Definition: tls.h:859
size_t digestSize
Definition: crypto.h:1135
void md5Init(Md5Context *context)
Initialize MD5 message digest context.
Definition: md5.c:136
@ TLS_TRANSPORT_PROTOCOL_DATAGRAM
Definition: tls.h:851
HashAlgoUpdate update
Definition: crypto.h:1140
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
SSL 3.0 helper functions.
@ ERROR_INVALID_VERSION
Definition: error.h:116
size_t contextSize
Definition: crypto.h:1133
void md5Update(Md5Context *context, const void *data, size_t length)
Update the MD5 context with a portion of the message being hashed.
Definition: md5.c:158
__start_packed struct @58 DtlsRecord
DTLS record.
void sha1Init(Sha1Context *context)
Initialize SHA-1 message digest context.
Definition: sha1.c:129
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
error_t tlsComputeVerifyData(TlsContext *context, TlsConnectionEnd entity, uint8_t *verifyData, size_t *verifyDataLen)
Compute verify data from previous handshake messages.
#define TlsContext
Definition: tls.h:36
error_t
Error codes.
Definition: error.h:42
#define TLS_VERSION_1_2
Definition: tls.h:94
@ ERROR_FAILURE
Generic error code.
Definition: error.h:45
#define MD5_HASH_ALGO
Definition: md5.h:46
#define TLS_VERSION_1_3
Definition: tls.h:95
const uint8_t sslPad1[48]
MD5 algorithm context.
Definition: md5.h:58
#define SSL_VERSION_3_0
Definition: tls.h:91
#define MD5_DIGEST_SIZE
Definition: md5.h:40
const uint8_t sslPad2[48]
error_t hmacCompute(const HashAlgo *hash, const void *key, size_t keyLen, const void *data, size_t dataLen, uint8_t *digest)
Compute HMAC using the specified hash function.
Definition: hmac.c:85
error_t tls12Prf(const HashAlgo *hash, const uint8_t *secret, size_t secretLen, const char_t *label, const uint8_t *seed, size_t seedLen, uint8_t *output, size_t outputLen)
Pseudorandom function (TLS 1.2)
error_t tls13HkdfExpandLabel(const HashAlgo *hash, const uint8_t *secret, size_t secretLen, const char_t *label, const uint8_t *context, size_t contextLen, uint8_t *output, size_t outputLen)
#define TLS_MASTER_SECRET_SIZE
Definition: tls.h:836
void tlsUpdateTranscriptHash(TlsContext *context, const void *data, size_t length)
Update hash value with a handshake message.
Transcript hash calculation.
HashAlgoFinal final
Definition: crypto.h:1141
uint8_t hash
Definition: tls.h:1369
#define ntohs(value)
Definition: cpu_endian.h:398
#define TRACE_DEBUG(...)
Definition: debug.h:106
char char_t
Definition: compiler_port.h:43
#define TLS_VERSION_1_1
Definition: tls.h:93
#define SHA1_DIGEST_SIZE
Definition: sha1.h:40
#define TRACE_DEBUG_ARRAY(p, a, n)
Definition: debug.h:107
uint8_t digest[1]
Definition: crypto.h:1120
#define TLS_VERSION_1_0
Definition: tls.h:92
error_t tlsInitTranscriptHash(TlsContext *context)
Initialize handshake message hashing.
#define TLS_MAX_HKDF_DIGEST_SIZE
Definition: tls.h:817
@ TLS_CONNECTION_END_CLIENT
Definition: tls.h:861
__start_packed struct @83 TlsRecord
TLS record.
TLS (Transport Layer Security)
SHA-1 algorithm context.
Definition: sha1.h:58
TLS 1.3 key schedule.
Common interface for hash algorithms.
Definition: crypto.h:1128
Handshake message processing (TLS client)
uint8_t data[]
Definition: dtls_misc.h:176
#define tlsFreeMem(p)
Definition: tls.h:762
Generic hash algorithm context.
Definition: crypto.h:1118
@ NO_ERROR
Success.
Definition: error.h:44
Debugging facilities.
void tlsFreeTranscriptHash(TlsContext *context)
Release transcript hash context.