DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
Loading...
Searching...
No Matches
dtls_record.h File Reference

DTLS 1.3 record layer (RFC 9147 §4). More...

#include "ServerConfig.h"

Go to the source code of this file.

Detailed Description

DTLS 1.3 record layer (RFC 9147 §4).

The datagram counterpart to the TLS 1.3 record layer: it protects and unprotects individual UDP-carried records. This is the transport-specific half of DTLS 1.3; the handshake it carries reuses the TLS 1.3 crypto that already backs HTTP/3 (tls13_*, quic_hkdf, quic_aead).

Two record shapes (RFC 9147 §4):

  • DTLSPlaintext - the classic 13-byte header (type, legacy_version, epoch, 48-bit sequence number, length, fragment). Used unencrypted for the first handshake flight and for alerts sent in epoch 0.
  • DTLSCiphertext - the compact "unified header" plus an AEAD-sealed body, used once record keys exist. The record's sequence number is itself encrypted (RFC 9147 §4.2.3), and the AEAD nonce is the TLS 1.3 construction over the full 64-bit sequence number (§4.2.2, epoch excluded).

─ Reuse ─ AEAD (AEAD_AES_128_GCM) and the AES-128 block used for sequence-number encryption come from quic_aead; key/iv/sn derivation from quic_hkdf (HKDF-Expand-Label). Phase 1 supports the one cipher suite the whole hand-rolled TLS 1.3 stack uses: TLS_AES_128_GCM_SHA256.

Pure, zero heap, host-tested. Not the mbedTLS TCP-TLS engine (network_drivers/tls) - this is the self-contained datagram record layer.

Author
Douglas Quigg (dstroy0)
Date
2026

Definition in file dtls_record.h.