19#if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H)
20#define MBEDTLS_SSL_TLS1_3_KEYS_H
25#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \
26 MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \
27 MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \
28 MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \
29 MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \
30 MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \
31 MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \
32 MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \
33 MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \
34 MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \
35 MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \
36 MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \
37 MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \
38 MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master" ) \
39 MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \
40 MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \
41 MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \
42 MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \
43 MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" )
45#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
46 const unsigned char name [ sizeof(string) - 1 ];
50 MBEDTLS_SSL_TLS1_3_LABEL_LIST
54 MBEDTLS_SSL_TLS1_3_LABEL_LIST
56#undef MBEDTLS_SSL_TLS1_3_LABEL
60#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL ) \
61 mbedtls_ssl_tls1_3_labels.LABEL, \
62 sizeof(mbedtls_ssl_tls1_3_labels.LABEL)
64#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \
65 sizeof( union mbedtls_ssl_tls1_3_labels_union )
70#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \
80#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255
109int mbedtls_ssl_tls1_3_hkdf_expand_label(
111 const unsigned char *secret,
size_t slen,
112 const unsigned char *label,
size_t llen,
113 const unsigned char *ctx,
size_t clen,
114 unsigned char *buf,
size_t blen );
145int mbedtls_ssl_tls1_3_make_traffic_keys(
147 const unsigned char *client_secret,
148 const unsigned char *server_secret,
149 size_t slen,
size_t key_len,
size_t iv_len,
153#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0
154#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED 1
193int mbedtls_ssl_tls1_3_derive_secret(
195 const unsigned char *secret,
size_t slen,
196 const unsigned char *label,
size_t llen,
197 const unsigned char *ctx,
size_t clen,
199 unsigned char *dstbuf,
size_t buflen );
268int mbedtls_ssl_tls1_3_evolve_secret(
270 const unsigned char *secret_old,
271 const unsigned char *input,
size_t input_len,
272 unsigned char *secret_new );
mbedtls_md_type_t
Supported message digests.
The data structure holding the cryptographic material (key and IV) used for record protection in TLS ...