|
DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
|
TLS 1.3 key schedule (RFC 8446 sec 7.1) for the QUIC handshake. More...
#include "ServerConfig.h"Go to the source code of this file.
TLS 1.3 key schedule (RFC 8446 sec 7.1) for the QUIC handshake.
QUIC runs TLS 1.3 as its handshake protocol (RFC 9001), and mbedTLS exposes no QUIC-TLS callback API, so the handshake is hand-rolled here. This module is the key schedule: the chain of HKDF-Extract and Derive-Secret steps (RFC 8446 sec 7.1) that turns the (EC)DHE shared secret and the running handshake transcript hash into the traffic secrets for each encryption level, plus the per-message Finished MAC (sec 4.4.4). It is cipher-suite TLS_AES_128_GCM_SHA256 only, so the hash is SHA-256 throughout and every secret is 32 bytes.
The schedule is transcript-hash-driven: each step takes a Transcript-Hash the caller computed over the handshake messages so far, so this module has no dependency on the message wire formats and is host-testable in isolation against the RFC 8448 sec 3 worked trace (which lists every intermediate secret and the (EC)DHE input directly). The QUIC packet-protection keys ({key, iv, hp}) are then derived from these traffic secrets by quic_keys_from_secret() (RFC 9001 sec 5.1).
Pure, zero heap, host-tested against RFC 8448 sec 3.
Definition in file tls13_kdf.h.