1*8699d7a9Stb /* $OpenBSD: tls13_internal.h,v 1.104 2024/09/09 03:32:29 tb Exp $ */ 214355f8fStb /* 3b928de21Sjsing * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 4b928de21Sjsing * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 566f37b82Sjsing * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 6af2a35e9Sbeck * 7af2a35e9Sbeck * Permission to use, copy, modify, and/or distribute this software for any 8af2a35e9Sbeck * purpose with or without fee is hereby granted, provided that the above 9af2a35e9Sbeck * copyright notice and this permission notice appear in all copies. 10af2a35e9Sbeck * 11af2a35e9Sbeck * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12af2a35e9Sbeck * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13af2a35e9Sbeck * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 14af2a35e9Sbeck * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15af2a35e9Sbeck * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 16af2a35e9Sbeck * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 17af2a35e9Sbeck * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18af2a35e9Sbeck */ 19af2a35e9Sbeck 20aa90ddb0Sjsing #ifndef HEADER_TLS13_INTERNAL_H 21aa90ddb0Sjsing #define HEADER_TLS13_INTERNAL_H 22aa90ddb0Sjsing 239e0e67a2Stb #include <openssl/evp.h> 249b64ae44Sjsing #include <openssl/ssl.h> 259e0e67a2Stb 26a80e02e1Sjsing #include "bytestring.h" 27f6184395Sjsing #include "tls_internal.h" 28a80e02e1Sjsing 29aa90ddb0Sjsing __BEGIN_HIDDEN_DECLS 30aa90ddb0Sjsing 3120290792Sjsing #define TLS13_HS_CLIENT 1 3220290792Sjsing #define TLS13_HS_SERVER 2 3320290792Sjsing 34ddf39511Sjsing #define TLS13_IO_SUCCESS 1 35a80e02e1Sjsing #define TLS13_IO_EOF 0 36a80e02e1Sjsing #define TLS13_IO_FAILURE -1 3752e1fd77Sjsing #define TLS13_IO_ALERT -2 3852e1fd77Sjsing #define TLS13_IO_WANT_POLLIN -3 3952e1fd77Sjsing #define TLS13_IO_WANT_POLLOUT -4 40c9e61bceSbeck #define TLS13_IO_WANT_RETRY -5 /* Retry the previous call immediately. */ 41c9e61bceSbeck #define TLS13_IO_USE_LEGACY -6 42204f36c2Sjsing #define TLS13_IO_RECORD_VERSION -7 436423e56fSjsing #define TLS13_IO_RECORD_OVERFLOW -8 44a80e02e1Sjsing 45c9989395Sjsing #define TLS13_ERR_VERIFY_FAILED 16 46aee99653Sbeck #define TLS13_ERR_HRR_FAILED 17 470571c2d6Sjsing #define TLS13_ERR_TRAILING_DATA 18 4810361718Sjsing #define TLS13_ERR_NO_SHARED_CIPHER 19 493290fa22Sjsing #define TLS13_ERR_NO_CERTIFICATE 20 503290fa22Sjsing #define TLS13_ERR_NO_PEER_CERTIFICATE 21 51c9989395Sjsing 52c957d00cSjsing #define TLS13_ALERT_LEVEL_WARNING 1 53c957d00cSjsing #define TLS13_ALERT_LEVEL_FATAL 2 54c957d00cSjsing 55c957d00cSjsing #define TLS13_ALERT_CLOSE_NOTIFY 0 56c957d00cSjsing #define TLS13_ALERT_UNEXPECTED_MESSAGE 10 57c957d00cSjsing #define TLS13_ALERT_BAD_RECORD_MAC 20 58c957d00cSjsing #define TLS13_ALERT_RECORD_OVERFLOW 22 59c957d00cSjsing #define TLS13_ALERT_HANDSHAKE_FAILURE 40 60c957d00cSjsing #define TLS13_ALERT_BAD_CERTIFICATE 42 61c957d00cSjsing #define TLS13_ALERT_UNSUPPORTED_CERTIFICATE 43 62c957d00cSjsing #define TLS13_ALERT_CERTIFICATE_REVOKED 44 63c957d00cSjsing #define TLS13_ALERT_CERTIFICATE_EXPIRED 45 64c957d00cSjsing #define TLS13_ALERT_CERTIFICATE_UNKNOWN 46 65c957d00cSjsing #define TLS13_ALERT_ILLEGAL_PARAMETER 47 66c957d00cSjsing #define TLS13_ALERT_UNKNOWN_CA 48 67c957d00cSjsing #define TLS13_ALERT_ACCESS_DENIED 49 68c957d00cSjsing #define TLS13_ALERT_DECODE_ERROR 50 69c957d00cSjsing #define TLS13_ALERT_DECRYPT_ERROR 51 70c957d00cSjsing #define TLS13_ALERT_PROTOCOL_VERSION 70 71c957d00cSjsing #define TLS13_ALERT_INSUFFICIENT_SECURITY 71 72c957d00cSjsing #define TLS13_ALERT_INTERNAL_ERROR 80 73c957d00cSjsing #define TLS13_ALERT_INAPPROPRIATE_FALLBACK 86 74c957d00cSjsing #define TLS13_ALERT_USER_CANCELED 90 75c957d00cSjsing #define TLS13_ALERT_MISSING_EXTENSION 109 76c957d00cSjsing #define TLS13_ALERT_UNSUPPORTED_EXTENSION 110 77c957d00cSjsing #define TLS13_ALERT_UNRECOGNIZED_NAME 112 78c957d00cSjsing #define TLS13_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 113 79c957d00cSjsing #define TLS13_ALERT_UNKNOWN_PSK_IDENTITY 115 80c957d00cSjsing #define TLS13_ALERT_CERTIFICATE_REQUIRED 116 81c957d00cSjsing #define TLS13_ALERT_NO_APPLICATION_PROTOCOL 120 82c957d00cSjsing 8308d6ed5eStb #define TLS13_INFO_HANDSHAKE_STARTED SSL_CB_HANDSHAKE_START 8408d6ed5eStb #define TLS13_INFO_HANDSHAKE_COMPLETED SSL_CB_HANDSHAKE_DONE 852d0d1bb8Stb #define TLS13_INFO_ACCEPT_LOOP SSL_CB_ACCEPT_LOOP 862d0d1bb8Stb #define TLS13_INFO_CONNECT_LOOP SSL_CB_CONNECT_LOOP 87d6a7e173Stb #define TLS13_INFO_ACCEPT_EXIT SSL_CB_ACCEPT_EXIT 88d6a7e173Stb #define TLS13_INFO_CONNECT_EXIT SSL_CB_CONNECT_EXIT 8908d6ed5eStb 909c83d710Sjsing typedef void (*tls13_alert_cb)(uint8_t _alert_level, uint8_t _alert_desc, 919c83d710Sjsing void *_cb_arg); 92fc718d1dSjsing typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg); 9389458272Sbeck typedef void (*tls13_phh_sent_cb)(void *_cb_arg); 94753de96bStb typedef void (*tls13_handshake_message_cb)(void *_cb_arg); 9508d6ed5eStb typedef void (*tls13_info_cb)(void *_cb_arg, int _state, int _ret); 964770065fSbeck typedef int (*tls13_ocsp_status_cb)(void *_cb_arg); 97a80e02e1Sjsing 984673309bSjsing /* 994b4fb912Stb * PSK support. 1004b4fb912Stb */ 1014b4fb912Stb 1024b4fb912Stb /* 1034b4fb912Stb * Known PskKeyExchangeMode values. 1044b4fb912Stb * https://www.iana.org/assignments/tls-parameters/#tls-pskkeyexchangemode 1054b4fb912Stb */ 1064b4fb912Stb #define TLS13_PSK_KE 0 1074b4fb912Stb #define TLS13_PSK_DHE_KE 1 1084b4fb912Stb 1094b4fb912Stb /* 1104673309bSjsing * Secrets. 1114673309bSjsing */ 112af2a35e9Sbeck struct tls13_secret { 113af2a35e9Sbeck uint8_t *data; 114af2a35e9Sbeck size_t len; 115af2a35e9Sbeck }; 116af2a35e9Sbeck 117af2a35e9Sbeck /* RFC 8446 Section 7.1 Page 92 */ 118af2a35e9Sbeck struct tls13_secrets { 119b928de21Sjsing const EVP_MD *digest; 120af2a35e9Sbeck int resumption; 121af2a35e9Sbeck int init_done; 122af2a35e9Sbeck int early_done; 123af2a35e9Sbeck int handshake_done; 124af2a35e9Sbeck int schedule_done; 125af2a35e9Sbeck int insecure; /* Set by tests */ 126af2a35e9Sbeck struct tls13_secret zeros; 127b928de21Sjsing struct tls13_secret empty_hash; 128af2a35e9Sbeck struct tls13_secret extracted_early; 129af2a35e9Sbeck struct tls13_secret binder_key; 130af2a35e9Sbeck struct tls13_secret client_early_traffic; 131af2a35e9Sbeck struct tls13_secret early_exporter_master; 132af2a35e9Sbeck struct tls13_secret derived_early; 133af2a35e9Sbeck struct tls13_secret extracted_handshake; 134af2a35e9Sbeck struct tls13_secret client_handshake_traffic; 135af2a35e9Sbeck struct tls13_secret server_handshake_traffic; 136af2a35e9Sbeck struct tls13_secret derived_handshake; 137af2a35e9Sbeck struct tls13_secret extracted_master; 138af2a35e9Sbeck struct tls13_secret client_application_traffic; 139af2a35e9Sbeck struct tls13_secret server_application_traffic; 140af2a35e9Sbeck struct tls13_secret exporter_master; 141af2a35e9Sbeck struct tls13_secret resumption_master; 142af2a35e9Sbeck }; 143af2a35e9Sbeck 144631a1dd7Stb int tls13_secret_init(struct tls13_secret *secret, size_t len); 145631a1dd7Stb void tls13_secret_cleanup(struct tls13_secret *secret); 146b928de21Sjsing struct tls13_secrets *tls13_secrets_create(const EVP_MD *digest, 147b928de21Sjsing int resumption); 148af2a35e9Sbeck void tls13_secrets_destroy(struct tls13_secrets *secrets); 149af2a35e9Sbeck 150b928de21Sjsing int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, 151b928de21Sjsing const struct tls13_secret *secret, const char *label, 152af2a35e9Sbeck const struct tls13_secret *context); 153607bf314Sjsing int tls13_hkdf_expand_label_with_length(struct tls13_secret *out, 154607bf314Sjsing const EVP_MD *digest, const struct tls13_secret *secret, 155607bf314Sjsing const uint8_t *label, size_t label_len, const struct tls13_secret *context); 156607bf314Sjsing 157607bf314Sjsing int tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, 158607bf314Sjsing const struct tls13_secret *secret, const char *label, 159607bf314Sjsing const struct tls13_secret *context); 160607bf314Sjsing int tls13_derive_secret_with_label_length(struct tls13_secret *out, 161607bf314Sjsing const EVP_MD *digest, const struct tls13_secret *secret, 162607bf314Sjsing const uint8_t *label, size_t label_len, const struct tls13_secret *context); 163b928de21Sjsing 164b928de21Sjsing int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk, 165b928de21Sjsing size_t psk_len, const struct tls13_secret *context); 166af2a35e9Sbeck int tls13_derive_handshake_secrets(struct tls13_secrets *secrets, 167b928de21Sjsing const uint8_t *ecdhe, size_t ecdhe_len, const struct tls13_secret *context); 168af2a35e9Sbeck int tls13_derive_application_secrets(struct tls13_secrets *secrets, 169b928de21Sjsing const struct tls13_secret *context); 1700f1cc3e0Sbeck int tls13_update_client_traffic_secret(struct tls13_secrets *secrets); 1710f1cc3e0Sbeck int tls13_update_server_traffic_secret(struct tls13_secrets *secrets); 17214355f8fStb 1739673436aSjsing /* 1749673436aSjsing * Record Layer. 1759673436aSjsing */ 1762502d49fSjsing struct tls13_record_layer; 1772502d49fSjsing 178a234fc1eSjsing struct tls13_record_layer_callbacks { 179f7e8f89fSjsing /* Wire callbacks. */ 180f6184395Sjsing tls_read_cb wire_read; 181f6184395Sjsing tls_write_cb wire_write; 182f6184395Sjsing tls_flush_cb wire_flush; 183f7e8f89fSjsing 184f7e8f89fSjsing /* Interceptors. */ 185f7e8f89fSjsing tls_handshake_read_cb handshake_read; 186f7e8f89fSjsing tls_handshake_write_cb handshake_write; 187f7e8f89fSjsing tls_traffic_key_cb set_read_traffic_key; 188f7e8f89fSjsing tls_traffic_key_cb set_write_traffic_key; 189f7e8f89fSjsing tls_alert_send_cb alert_send; 190f7e8f89fSjsing 191f7e8f89fSjsing /* Notification callbacks. */ 192a234fc1eSjsing tls13_alert_cb alert_recv; 1934af36d07Sjsing tls13_alert_cb alert_sent; 194a234fc1eSjsing tls13_phh_recv_cb phh_recv; 195a234fc1eSjsing tls13_phh_sent_cb phh_sent; 196a234fc1eSjsing }; 197a234fc1eSjsing 198a234fc1eSjsing struct tls13_record_layer *tls13_record_layer_new( 199a234fc1eSjsing const struct tls13_record_layer_callbacks *callbacks, void *cb_arg); 2002502d49fSjsing void tls13_record_layer_free(struct tls13_record_layer *rl); 201f7e8f89fSjsing void tls13_record_layer_set_callbacks(struct tls13_record_layer *rl, 202f7e8f89fSjsing const struct tls13_record_layer_callbacks *callbacks, void *cb_arg); 203138e3c44Stb void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow); 204781d0746Sjsing void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow); 2058ccc3944Sjsing void tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs); 2062502d49fSjsing void tls13_record_layer_set_aead(struct tls13_record_layer *rl, 2072502d49fSjsing const EVP_AEAD *aead); 2082502d49fSjsing void tls13_record_layer_set_hash(struct tls13_record_layer *rl, 2092502d49fSjsing const EVP_MD *hash); 21094ab85a5Stb void tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl, 21194ab85a5Stb uint16_t version); 2123aebe440Sjsing void tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry); 213*8699d7a9Stb void tls13_record_layer_alert_sent(struct tls13_record_layer *rl, 214*8699d7a9Stb uint8_t alert_level, uint8_t alert_desc); 2152502d49fSjsing void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl); 21646f83330Sjsing int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl, 2176ea83a9dSjsing struct tls13_secret *read_key, enum ssl_encryption_level_t read_level); 21846f83330Sjsing int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl, 2196ea83a9dSjsing struct tls13_secret *write_key, enum ssl_encryption_level_t write_level); 220828ae560Sjsing ssize_t tls13_record_layer_send_pending(struct tls13_record_layer *rl); 221c1274f4dSjsing ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs); 2221e0f72feSjsing ssize_t tls13_record_layer_flush(struct tls13_record_layer *rl); 2232502d49fSjsing 2242502d49fSjsing ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n); 2252502d49fSjsing ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf, 2262502d49fSjsing size_t n); 2277003a9ccSjsing ssize_t tls13_pending_application_data(struct tls13_record_layer *rl); 228373302c0Sjsing ssize_t tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n); 2292502d49fSjsing ssize_t tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n); 2302502d49fSjsing ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf, 2312502d49fSjsing size_t n); 2322502d49fSjsing 23330168b12Sjsing ssize_t tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc); 234ef59065fSjsing ssize_t tls13_send_dummy_ccs(struct tls13_record_layer *rl); 23530168b12Sjsing 23614355f8fStb /* 2379673436aSjsing * Handshake Messages. 2389673436aSjsing */ 2399673436aSjsing struct tls13_handshake_msg; 2409673436aSjsing 2419673436aSjsing struct tls13_handshake_msg *tls13_handshake_msg_new(void); 2429673436aSjsing void tls13_handshake_msg_free(struct tls13_handshake_msg *msg); 2439673436aSjsing void tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs); 2449673436aSjsing uint8_t tls13_handshake_msg_type(struct tls13_handshake_msg *msg); 2459673436aSjsing int tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs); 2469673436aSjsing int tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body, 2479673436aSjsing uint8_t msg_type); 2489673436aSjsing int tls13_handshake_msg_finish(struct tls13_handshake_msg *msg); 2499673436aSjsing int tls13_handshake_msg_recv(struct tls13_handshake_msg *msg, 2509673436aSjsing struct tls13_record_layer *rl); 2519673436aSjsing int tls13_handshake_msg_send(struct tls13_handshake_msg *msg, 2529673436aSjsing struct tls13_record_layer *rl); 2539673436aSjsing 2548c6a3df3Sjsing struct tls13_handshake_stage { 2558c6a3df3Sjsing uint8_t hs_type; 2568c6a3df3Sjsing uint8_t message_number; 2578c6a3df3Sjsing }; 2588c6a3df3Sjsing 25963f8261cStb struct ssl_handshake_tls13_st; 260313fa7fbSjsing 261c9989395Sjsing struct tls13_error { 262c9989395Sjsing int code; 263c9989395Sjsing int subcode; 264c9989395Sjsing int errnum; 265c9989395Sjsing const char *file; 266c9989395Sjsing int line; 267c9989395Sjsing char *msg; 268c9989395Sjsing }; 269c9989395Sjsing 2708c6a3df3Sjsing struct tls13_ctx { 271c9989395Sjsing struct tls13_error error; 272c9989395Sjsing 2738c6a3df3Sjsing SSL *ssl; 274d4edc922Sjsing struct ssl_handshake_st *hs; 2758c6a3df3Sjsing uint8_t mode; 2768c6a3df3Sjsing struct tls13_handshake_stage handshake_stage; 27708d6ed5eStb int handshake_started; 27889433ab5Sjsing int handshake_completed; 2791e0f72feSjsing int need_flush; 2800e548c8fSjsing int middlebox_compat; 281ef59065fSjsing int send_dummy_ccs; 282e0a52b2dStb int send_dummy_ccs_after; 28366f37b82Sjsing 284828ae560Sjsing int close_notify_sent; 285828ae560Sjsing int close_notify_recv; 286828ae560Sjsing 2879b64ae44Sjsing const EVP_AEAD *aead; 2889b64ae44Sjsing const EVP_MD *hash; 2899b64ae44Sjsing 290389212baSjsing struct tls13_record_layer *rl; 29166f37b82Sjsing struct tls13_handshake_msg *hs_msg; 29289458272Sbeck uint8_t key_update_request; 2932bd6a703Sbeck uint8_t alert; 29489458272Sbeck int phh_count; 29589458272Sbeck time_t phh_last_seen; 2966b92931aStb 2979c83d710Sjsing tls13_alert_cb alert_sent_cb; 2989c83d710Sjsing tls13_alert_cb alert_recv_cb; 2996b92931aStb tls13_handshake_message_cb handshake_message_sent_cb; 3006b92931aStb tls13_handshake_message_cb handshake_message_recv_cb; 30108d6ed5eStb tls13_info_cb info_cb; 3024770065fSbeck tls13_ocsp_status_cb ocsp_status_recv_cb; 3038c6a3df3Sjsing }; 30489458272Sbeck #ifndef TLS13_PHH_LIMIT_TIME 30589458272Sbeck #define TLS13_PHH_LIMIT_TIME 3600 30689458272Sbeck #endif 30789458272Sbeck #ifndef TLS13_PHH_LIMIT 30889458272Sbeck #define TLS13_PHH_LIMIT 100 30989458272Sbeck #endif 3108c6a3df3Sjsing 3116a3d21eeSjsing struct tls13_ctx *tls13_ctx_new(int mode, SSL *ssl); 31220290792Sjsing void tls13_ctx_free(struct tls13_ctx *ctx); 31320290792Sjsing 3149b64ae44Sjsing const EVP_AEAD *tls13_cipher_aead(const SSL_CIPHER *cipher); 3159b64ae44Sjsing const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher); 3169b64ae44Sjsing 3179c83d710Sjsing void tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg); 3189c83d710Sjsing void tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg); 319f7e8f89fSjsing ssize_t tls13_phh_received_cb(void *cb_arg); 320f7e8f89fSjsing void tls13_phh_done_cb(void *cb_arg); 321f7e8f89fSjsing 322f7e8f89fSjsing int tls13_quic_init(struct tls13_ctx *ctx); 323f7e8f89fSjsing 3249673436aSjsing /* 325389212baSjsing * Legacy interfaces. 326389212baSjsing */ 3278a834dadSjsing int tls13_use_legacy_client(struct tls13_ctx *ctx); 3288a834dadSjsing int tls13_use_legacy_server(struct tls13_ctx *ctx); 3298630be86Sjsing int tls13_legacy_accept(SSL *ssl); 330efee3f2fSjsing int tls13_legacy_connect(SSL *ssl); 331389212baSjsing ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg); 332389212baSjsing ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg); 3331e0f72feSjsing ssize_t tls13_legacy_wire_flush_cb(void *arg); 3347003a9ccSjsing int tls13_legacy_pending(const SSL *ssl); 335389212baSjsing int tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, 336389212baSjsing int peek); 337389212baSjsing int tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len); 338828ae560Sjsing int tls13_legacy_shutdown(SSL *ssl); 339e4de2a75Sjsing int tls13_legacy_servername_process(struct tls13_ctx *ctx, uint8_t *alert); 340389212baSjsing 341389212baSjsing /* 3429673436aSjsing * Message Types - RFC 8446, Section B.3. 34314355f8fStb * 34414355f8fStb * Values listed as "_RESERVED" were used in previous versions of TLS and are 34514355f8fStb * listed here for completeness. TLS 1.3 implementations MUST NOT send them but 34614355f8fStb * might receive them from older TLS implementations. 34714355f8fStb */ 34814355f8fStb #define TLS13_MT_HELLO_REQUEST_RESERVED 0 34914355f8fStb #define TLS13_MT_CLIENT_HELLO 1 35014355f8fStb #define TLS13_MT_SERVER_HELLO 2 35114355f8fStb #define TLS13_MT_HELLO_VERIFY_REQUEST_RESERVED 3 35214355f8fStb #define TLS13_MT_NEW_SESSION_TICKET 4 35314355f8fStb #define TLS13_MT_END_OF_EARLY_DATA 5 35414355f8fStb #define TLS13_MT_HELLO_RETRY_REQUEST_RESERVED 6 35514355f8fStb #define TLS13_MT_ENCRYPTED_EXTENSIONS 8 35614355f8fStb #define TLS13_MT_CERTIFICATE 11 35714355f8fStb #define TLS13_MT_SERVER_KEY_EXCHANGE_RESERVED 12 35814355f8fStb #define TLS13_MT_CERTIFICATE_REQUEST 13 35914355f8fStb #define TLS13_MT_SERVER_HELLO_DONE_RESERVED 14 36014355f8fStb #define TLS13_MT_CERTIFICATE_VERIFY 15 36114355f8fStb #define TLS13_MT_CLIENT_KEY_EXCHANGE_RESERVED 16 36214355f8fStb #define TLS13_MT_FINISHED 20 36314355f8fStb #define TLS13_MT_CERTIFICATE_URL_RESERVED 21 36414355f8fStb #define TLS13_MT_CERTIFICATE_STATUS_RESERVED 22 36514355f8fStb #define TLS13_MT_SUPPLEMENTAL_DATA_RESERVED 23 36614355f8fStb #define TLS13_MT_KEY_UPDATE 24 36714355f8fStb #define TLS13_MT_MESSAGE_HASH 254 36814355f8fStb 3695559e140Sjsing int tls13_handshake_msg_record(struct tls13_ctx *ctx); 37078909457Sjsing int tls13_handshake_perform(struct tls13_ctx *ctx); 37178909457Sjsing 3728a834dadSjsing int tls13_client_init(struct tls13_ctx *ctx); 3738a834dadSjsing int tls13_server_init(struct tls13_ctx *ctx); 3748a834dadSjsing int tls13_client_connect(struct tls13_ctx *ctx); 3758a834dadSjsing int tls13_server_accept(struct tls13_ctx *ctx); 3768a834dadSjsing 377dc02d6edSjsing int tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb); 37894ab85a5Stb int tls13_client_hello_sent(struct tls13_ctx *ctx); 3790571c2d6Sjsing int tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs); 380dc02d6edSjsing int tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb); 3810571c2d6Sjsing int tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs); 382dc02d6edSjsing int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb); 3830571c2d6Sjsing int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs); 384dc02d6edSjsing int tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb); 3850571c2d6Sjsing int tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs); 386dc02d6edSjsing int tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb); 3870571c2d6Sjsing int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs); 3880571c2d6Sjsing int tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs); 389dc02d6edSjsing int tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb); 3901f2fb0dbSjsing int tls13_client_finished_sent(struct tls13_ctx *ctx); 3910571c2d6Sjsing int tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs); 392dc02d6edSjsing int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb); 393be8ffa84Sjsing int tls13_server_hello_sent(struct tls13_ctx *ctx); 394bb4189d7Sjsing int tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs); 395bb4189d7Sjsing int tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb); 396e0a52b2dStb int tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx); 3970571c2d6Sjsing int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs); 398dc02d6edSjsing int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb); 3990571c2d6Sjsing int tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs); 400dc02d6edSjsing int tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb); 4010571c2d6Sjsing int tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs); 402dc02d6edSjsing int tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb); 403dc02d6edSjsing int tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb); 4040571c2d6Sjsing int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs); 4050571c2d6Sjsing int tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs); 406dc02d6edSjsing int tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb); 40718f4ffe1Sjsing int tls13_server_finished_sent(struct tls13_ctx *ctx); 408aa90ddb0Sjsing 409c9989395Sjsing void tls13_error_clear(struct tls13_error *error); 41017fca910Sbeck int tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert, 4119b8a142fStb int(*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb)); 412c9989395Sjsing 41370bdc49bSjsing int tls13_synthetic_handshake_message(struct tls13_ctx *ctx); 414095832a3Sbeck int tls13_clienthello_hash_init(struct tls13_ctx *ctx); 415095832a3Sbeck void tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs); 416095832a3Sbeck int tls13_clienthello_hash_update_bytes(struct tls13_ctx *ctx, void *data, 417095832a3Sbeck size_t len); 418095832a3Sbeck int tls13_clienthello_hash_update(struct tls13_ctx *ctx, CBS *cbs); 419095832a3Sbeck int tls13_clienthello_hash_finalize(struct tls13_ctx *ctx); 420095832a3Sbeck int tls13_clienthello_hash_validate(struct tls13_ctx *ctx); 4212a0f8bf3Sbeck 422c9989395Sjsing int tls13_error_set(struct tls13_error *error, int code, int subcode, 423c9989395Sjsing const char *file, int line, const char *fmt, ...); 424c9989395Sjsing int tls13_error_setx(struct tls13_error *error, int code, int subcode, 425c9989395Sjsing const char *file, int line, const char *fmt, ...); 426c9989395Sjsing 427c9989395Sjsing #define tls13_set_error(ctx, code, subcode, fmt, ...) \ 428c9989395Sjsing tls13_error_set(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \ 429c9989395Sjsing (fmt), __VA_ARGS__) 430c9989395Sjsing #define tls13_set_errorx(ctx, code, subcode, fmt, ...) \ 431c9989395Sjsing tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \ 432c9989395Sjsing (fmt), __VA_ARGS__) 433c9989395Sjsing 434607bf314Sjsing int tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len, 435607bf314Sjsing const uint8_t *context_value, size_t context_value_len, uint8_t *out, 436607bf314Sjsing size_t out_len); 437607bf314Sjsing 43841b6c22cSjsing extern const uint8_t tls13_downgrade_12[8]; 43941b6c22cSjsing extern const uint8_t tls13_downgrade_11[8]; 44041b6c22cSjsing extern const uint8_t tls13_hello_retry_request_hash[32]; 44141b6c22cSjsing extern const uint8_t tls13_cert_verify_pad[64]; 44241b6c22cSjsing extern const uint8_t tls13_cert_client_verify_context[]; 44341b6c22cSjsing extern const uint8_t tls13_cert_server_verify_context[]; 444709e85ffSbeck 445aa90ddb0Sjsing __END_HIDDEN_DECLS 446aa90ddb0Sjsing 447aa90ddb0Sjsing #endif 448