27#ifndef DETERMINISTICESPASYNCWEBSERVER_TLS13_KDF_H
28#define DETERMINISTICESPASYNCWEBSERVER_TLS13_KDF_H
34#if (DETWS_ENABLE_HTTP3 || DETWS_ENABLE_DTLS)
40#define TLS13_SECRET_LEN 32
50 const char *label_prefix;
54extern const Tls13Kdf TLS13_KDF;
56extern const Tls13Kdf DTLS13_KDF;
67struct Tls13KeySchedule
70 uint8_t early_secret[TLS13_SECRET_LEN];
71 uint8_t handshake_secret[TLS13_SECRET_LEN];
72 uint8_t master_secret[TLS13_SECRET_LEN];
73 uint8_t client_hs_traffic[TLS13_SECRET_LEN];
74 uint8_t server_hs_traffic[TLS13_SECRET_LEN];
75 uint8_t client_ap_traffic[TLS13_SECRET_LEN];
76 uint8_t server_ap_traffic[TLS13_SECRET_LEN];
85void tls13_kdf_expand_label(
const Tls13Kdf *kdf,
const uint8_t secret[TLS13_SECRET_LEN],
const char *label,
86 uint8_t *out,
size_t out_len);
97void tls13_derive_secret(
const Tls13Kdf *kdf,
const uint8_t secret[TLS13_SECRET_LEN],
const char *label,
98 const uint8_t transcript_hash[TLS13_SECRET_LEN], uint8_t out[TLS13_SECRET_LEN]);
101void tls13_ks_early(
const Tls13Kdf *kdf, Tls13KeySchedule *ks);
115void tls13_ks_handshake(Tls13KeySchedule *ks,
const uint8_t *ecdhe,
const uint8_t ch_sh_hash[TLS13_SECRET_LEN],
116 size_t ecdhe_len = TLS13_SECRET_LEN);
126void tls13_ks_master(Tls13KeySchedule *ks,
const uint8_t ch_sfin_hash[TLS13_SECRET_LEN]);
140void tls13_finished_mac(
const Tls13Kdf *kdf,
const uint8_t base_secret[TLS13_SECRET_LEN],
141 const uint8_t transcript_hash[TLS13_SECRET_LEN], uint8_t out[TLS13_SECRET_LEN]);
User-facing configuration for DeterministicESPAsyncWebServer.