diff options
| author | beck <> | 2018-11-07 19:43:12 +0000 |
|---|---|---|
| committer | beck <> | 2018-11-07 19:43:12 +0000 |
| commit | 225cffb5dfc81ab7d9943801bd3eb4495d985dd2 (patch) | |
| tree | 8118d73fc7e25abac8b6e6dcc785da60672d75c6 /src/lib/libssl/tls13_internal.h | |
| parent | 8f0e5908a3eda97ad8aa14cba6eae080ee759006 (diff) | |
| download | openbsd-225cffb5dfc81ab7d9943801bd3eb4495d985dd2.tar.gz openbsd-225cffb5dfc81ab7d9943801bd3eb4495d985dd2.tar.bz2 openbsd-225cffb5dfc81ab7d9943801bd3eb4495d985dd2.zip | |
Add initial TLS 1.3 key schedule support with basic regress tests
ok jsing@ tb@
Diffstat (limited to 'src/lib/libssl/tls13_internal.h')
| -rw-r--r-- | src/lib/libssl/tls13_internal.h | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h new file mode 100644 index 0000000000..b1d24ef02b --- /dev/null +++ b/src/lib/libssl/tls13_internal.h | |||
| @@ -0,0 +1,58 @@ | |||
| 1 | /* $OpenBSD: tls13_internal.h,v 1.1 2018/11/07 19:43:12 beck Exp $ */ | ||
| 2 | /* Copyright (c) 2018, Bob Beck <beck@openbsd.org> | ||
| 3 | * | ||
| 4 | * Permission to use, copy, modify, and/or distribute this software for any | ||
| 5 | * purpose with or without fee is hereby granted, provided that the above | ||
| 6 | * copyright notice and this permission notice appear in all copies. | ||
| 7 | * | ||
| 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | ||
| 11 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION | ||
| 13 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | ||
| 14 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 15 | */ | ||
| 16 | |||
| 17 | struct tls13_secret { | ||
| 18 | uint8_t *data; | ||
| 19 | size_t len; | ||
| 20 | }; | ||
| 21 | |||
| 22 | /* RFC 8446 Section 7.1 Page 92 */ | ||
| 23 | struct tls13_secrets { | ||
| 24 | int resumption; | ||
| 25 | int init_done; | ||
| 26 | int early_done; | ||
| 27 | int handshake_done; | ||
| 28 | int schedule_done; | ||
| 29 | int insecure; /* Set by tests */ | ||
| 30 | struct tls13_secret zeros; | ||
| 31 | struct tls13_secret extracted_early; | ||
| 32 | struct tls13_secret binder_key; | ||
| 33 | struct tls13_secret client_early_traffic; | ||
| 34 | struct tls13_secret early_exporter_master; | ||
| 35 | struct tls13_secret derived_early; | ||
| 36 | struct tls13_secret extracted_handshake; | ||
| 37 | struct tls13_secret client_handshake_traffic; | ||
| 38 | struct tls13_secret server_handshake_traffic; | ||
| 39 | struct tls13_secret derived_handshake; | ||
| 40 | struct tls13_secret extracted_master; | ||
| 41 | struct tls13_secret client_application_traffic; | ||
| 42 | struct tls13_secret server_application_traffic; | ||
| 43 | struct tls13_secret exporter_master; | ||
| 44 | struct tls13_secret resumption_master; | ||
| 45 | }; | ||
| 46 | |||
| 47 | struct tls13_secrets *tls13_secrets_new(size_t hash_length); | ||
| 48 | void tls13_secrets_init(struct tls13_secrets *secrets, int resumption); | ||
| 49 | void tls13_secrets_destroy(struct tls13_secrets *secrets); | ||
| 50 | |||
| 51 | int tls13_derive_early_secrets(struct tls13_secrets *secrets, | ||
| 52 | const EVP_MD *digest,uint8_t *psk, size_t psk_len, | ||
| 53 | const struct tls13_secret *context); | ||
| 54 | int tls13_derive_handshake_secrets(struct tls13_secrets *secrets, | ||
| 55 | const EVP_MD *digest, const uint8_t *ecdhe, size_t ecdhe_len, | ||
| 56 | const struct tls13_secret *context); | ||
| 57 | int tls13_derive_application_secrets(struct tls13_secrets *secrets, | ||
| 58 | const EVP_MD *digest, const struct tls13_secret *context); | ||