From 0a537e488c3eafa2ea0bf8dacdcb4db1769a86f5 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 8 Nov 2018 23:54:59 +0000
Subject: First skeleton of the TLS 1.3 state machine. Based on RFC 8446 and
 inspired by s2n's state machine. Lots of help and input from jsing.

ok beck, jsing
---
 src/lib/libssl/tls13_internal.h | 69 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 67 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/tls13_internal.h')

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 6172ac25c9..0c48c87c89 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,5 +1,7 @@
-/* $OpenBSD: tls13_internal.h,v 1.2 2018/11/08 20:38:25 tb Exp $ */
-/* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
+/* $OpenBSD: tls13_internal.h,v 1.3 2018/11/08 23:54:59 tb Exp $ */
+/*
+ * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2018, Theo Buehler <tb@openbsd.org>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -58,3 +60,66 @@ int tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
     const struct tls13_secret *context);
 int tls13_derive_application_secrets(struct tls13_secrets *secrets,
     const EVP_MD *digest, const struct tls13_secret *context);
+
+struct tls13_ctx;
+
+/*
+ * RFC 8446, Section B.3
+ *
+ * Values listed as "_RESERVED" were used in previous versions of TLS and are
+ * listed here for completeness.  TLS 1.3 implementations MUST NOT send them but
+ * might receive them from older TLS implementations.
+ */
+#define	TLS13_MT_HELLO_REQUEST_RESERVED		0
+#define	TLS13_MT_CLIENT_HELLO			1
+#define	TLS13_MT_SERVER_HELLO			2
+#define	TLS13_MT_HELLO_VERIFY_REQUEST_RESERVED	3
+#define	TLS13_MT_NEW_SESSION_TICKET		4
+#define	TLS13_MT_END_OF_EARLY_DATA		5
+#define	TLS13_MT_HELLO_RETRY_REQUEST_RESERVED	6
+#define	TLS13_MT_ENCRYPTED_EXTENSIONS		8
+#define	TLS13_MT_CERTIFICATE			11
+#define	TLS13_MT_SERVER_KEY_EXCHANGE_RESERVED	12
+#define	TLS13_MT_CERTIFICATE_REQUEST		13
+#define	TLS13_MT_SERVER_HELLO_DONE_RESERVED	14
+#define	TLS13_MT_CERTIFICATE_VERIFY		15
+#define	TLS13_MT_CLIENT_KEY_EXCHANGE_RESERVED	16
+#define	TLS13_MT_FINISHED			20
+#define	TLS13_MT_CERTIFICATE_URL_RESERVED	21
+#define	TLS13_MT_CERTIFICATE_STATUS_RESERVED	22
+#define	TLS13_MT_SUPPLEMENTAL_DATA_RESERVED	23
+#define	TLS13_MT_KEY_UPDATE			24
+#define	TLS13_MT_MESSAGE_HASH			254
+
+int tls13_client_hello_send(struct tls13_ctx *ctx);
+int tls13_client_hello_recv(struct tls13_ctx *ctx);
+int tls13_client_hello_retry_send(struct tls13_ctx *ctx);
+int tls13_client_hello_retry_recv(struct tls13_ctx *ctx);
+int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx);
+int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx);
+int tls13_client_certificate_send(struct tls13_ctx *ctx);
+int tls13_client_certificate_recv(struct tls13_ctx *ctx);
+int tls13_client_certificate_verify_send(struct tls13_ctx *ctx);
+int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx);
+int tls13_client_finished_recv(struct tls13_ctx *ctx);
+int tls13_client_finished_send(struct tls13_ctx *ctx);
+int tls13_client_key_update_send(struct tls13_ctx *ctx);
+int tls13_client_key_update_recv(struct tls13_ctx *ctx);
+int tls13_server_hello_recv(struct tls13_ctx *ctx);
+int tls13_server_hello_send(struct tls13_ctx *ctx);
+int tls13_server_new_session_ticket_recv(struct tls13_ctx *ctx);
+int tls13_server_new_session_ticket_send(struct tls13_ctx *ctx);
+int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx);
+int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_recv(struct tls13_ctx *ctx);
+int tls13_server_certificate_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_request_recv(struct tls13_ctx *ctx);
+int tls13_server_certificate_request_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_verify_send(struct tls13_ctx *ctx);
+int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx);
+int tls13_server_finished_recv(struct tls13_ctx *ctx);
+int tls13_server_finished_send(struct tls13_ctx *ctx);
+int tls13_server_key_update_recv(struct tls13_ctx *ctx);
+int tls13_server_key_update_send(struct tls13_ctx *ctx);
+int tls13_server_message_hash_recv(struct tls13_ctx *ctx);
+int tls13_server_message_hash_send(struct tls13_ctx *ctx);
-- 
cgit v1.2.3-55-g6feb