diff options
| author | tb <> | 2018-11-08 23:54:59 +0000 |
|---|---|---|
| committer | tb <> | 2018-11-08 23:54:59 +0000 |
| commit | 0a537e488c3eafa2ea0bf8dacdcb4db1769a86f5 (patch) | |
| tree | 89025c593b3d17a75f7836f1027ac2276a10c4f5 /src/lib/libssl/tls13_internal.h | |
| parent | 07d5b8a2c40a37c07684f5ad25a2550bd0cc6b9d (diff) | |
| download | openbsd-0a537e488c3eafa2ea0bf8dacdcb4db1769a86f5.tar.gz openbsd-0a537e488c3eafa2ea0bf8dacdcb4db1769a86f5.tar.bz2 openbsd-0a537e488c3eafa2ea0bf8dacdcb4db1769a86f5.zip | |
First skeleton of the TLS 1.3 state machine. Based on RFC 8446 and
inspired by s2n's state machine. Lots of help and input from jsing.
ok beck, jsing
Diffstat (limited to 'src/lib/libssl/tls13_internal.h')
| -rw-r--r-- | src/lib/libssl/tls13_internal.h | 69 |
1 files changed, 67 insertions, 2 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 6172ac25c9..0c48c87c89 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h | |||
| @@ -1,5 +1,7 @@ | |||
| 1 | /* $OpenBSD: tls13_internal.h,v 1.2 2018/11/08 20:38:25 tb Exp $ */ | 1 | /* $OpenBSD: tls13_internal.h,v 1.3 2018/11/08 23:54:59 tb Exp $ */ |
| 2 | /* Copyright (c) 2018, Bob Beck <beck@openbsd.org> | 2 | /* |
| 3 | * Copyright (c) 2018, Bob Beck <beck@openbsd.org> | ||
| 4 | * Copyright (c) 2018, Theo Buehler <tb@openbsd.org> | ||
| 3 | * | 5 | * |
| 4 | * Permission to use, copy, modify, and/or distribute this software for any | 6 | * Permission to use, copy, modify, and/or distribute this software for any |
| 5 | * purpose with or without fee is hereby granted, provided that the above | 7 | * purpose with or without fee is hereby granted, provided that the above |
| @@ -58,3 +60,66 @@ int tls13_derive_handshake_secrets(struct tls13_secrets *secrets, | |||
| 58 | const struct tls13_secret *context); | 60 | const struct tls13_secret *context); |
| 59 | int tls13_derive_application_secrets(struct tls13_secrets *secrets, | 61 | int tls13_derive_application_secrets(struct tls13_secrets *secrets, |
| 60 | const EVP_MD *digest, const struct tls13_secret *context); | 62 | const EVP_MD *digest, const struct tls13_secret *context); |
| 63 | |||
| 64 | struct tls13_ctx; | ||
| 65 | |||
| 66 | /* | ||
| 67 | * RFC 8446, Section B.3 | ||
| 68 | * | ||
| 69 | * Values listed as "_RESERVED" were used in previous versions of TLS and are | ||
| 70 | * listed here for completeness. TLS 1.3 implementations MUST NOT send them but | ||
| 71 | * might receive them from older TLS implementations. | ||
| 72 | */ | ||
| 73 | #define TLS13_MT_HELLO_REQUEST_RESERVED 0 | ||
| 74 | #define TLS13_MT_CLIENT_HELLO 1 | ||
| 75 | #define TLS13_MT_SERVER_HELLO 2 | ||
| 76 | #define TLS13_MT_HELLO_VERIFY_REQUEST_RESERVED 3 | ||
| 77 | #define TLS13_MT_NEW_SESSION_TICKET 4 | ||
| 78 | #define TLS13_MT_END_OF_EARLY_DATA 5 | ||
| 79 | #define TLS13_MT_HELLO_RETRY_REQUEST_RESERVED 6 | ||
| 80 | #define TLS13_MT_ENCRYPTED_EXTENSIONS 8 | ||
| 81 | #define TLS13_MT_CERTIFICATE 11 | ||
| 82 | #define TLS13_MT_SERVER_KEY_EXCHANGE_RESERVED 12 | ||
| 83 | #define TLS13_MT_CERTIFICATE_REQUEST 13 | ||
| 84 | #define TLS13_MT_SERVER_HELLO_DONE_RESERVED 14 | ||
| 85 | #define TLS13_MT_CERTIFICATE_VERIFY 15 | ||
| 86 | #define TLS13_MT_CLIENT_KEY_EXCHANGE_RESERVED 16 | ||
| 87 | #define TLS13_MT_FINISHED 20 | ||
| 88 | #define TLS13_MT_CERTIFICATE_URL_RESERVED 21 | ||
| 89 | #define TLS13_MT_CERTIFICATE_STATUS_RESERVED 22 | ||
| 90 | #define TLS13_MT_SUPPLEMENTAL_DATA_RESERVED 23 | ||
| 91 | #define TLS13_MT_KEY_UPDATE 24 | ||
| 92 | #define TLS13_MT_MESSAGE_HASH 254 | ||
| 93 | |||
| 94 | int tls13_client_hello_send(struct tls13_ctx *ctx); | ||
| 95 | int tls13_client_hello_recv(struct tls13_ctx *ctx); | ||
| 96 | int tls13_client_hello_retry_send(struct tls13_ctx *ctx); | ||
| 97 | int tls13_client_hello_retry_recv(struct tls13_ctx *ctx); | ||
| 98 | int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx); | ||
| 99 | int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx); | ||
| 100 | int tls13_client_certificate_send(struct tls13_ctx *ctx); | ||
| 101 | int tls13_client_certificate_recv(struct tls13_ctx *ctx); | ||
| 102 | int tls13_client_certificate_verify_send(struct tls13_ctx *ctx); | ||
| 103 | int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx); | ||
| 104 | int tls13_client_finished_recv(struct tls13_ctx *ctx); | ||
| 105 | int tls13_client_finished_send(struct tls13_ctx *ctx); | ||
| 106 | int tls13_client_key_update_send(struct tls13_ctx *ctx); | ||
| 107 | int tls13_client_key_update_recv(struct tls13_ctx *ctx); | ||
| 108 | int tls13_server_hello_recv(struct tls13_ctx *ctx); | ||
| 109 | int tls13_server_hello_send(struct tls13_ctx *ctx); | ||
| 110 | int tls13_server_new_session_ticket_recv(struct tls13_ctx *ctx); | ||
| 111 | int tls13_server_new_session_ticket_send(struct tls13_ctx *ctx); | ||
| 112 | int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx); | ||
| 113 | int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx); | ||
| 114 | int tls13_server_certificate_recv(struct tls13_ctx *ctx); | ||
| 115 | int tls13_server_certificate_send(struct tls13_ctx *ctx); | ||
| 116 | int tls13_server_certificate_request_recv(struct tls13_ctx *ctx); | ||
| 117 | int tls13_server_certificate_request_send(struct tls13_ctx *ctx); | ||
| 118 | int tls13_server_certificate_verify_send(struct tls13_ctx *ctx); | ||
| 119 | int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx); | ||
| 120 | int tls13_server_finished_recv(struct tls13_ctx *ctx); | ||
| 121 | int tls13_server_finished_send(struct tls13_ctx *ctx); | ||
| 122 | int tls13_server_key_update_recv(struct tls13_ctx *ctx); | ||
| 123 | int tls13_server_key_update_send(struct tls13_ctx *ctx); | ||
| 124 | int tls13_server_message_hash_recv(struct tls13_ctx *ctx); | ||
| 125 | int tls13_server_message_hash_send(struct tls13_ctx *ctx); | ||