mirror of https://github.com/wolfSSL/wolfssl.git
607 lines
18 KiB
C
607 lines
18 KiB
C
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Callback invoked when secrets are generated during a handshake.
|
|
Since QUIC protocol handlers perform the en-/decryption of packets, they
|
|
need the negotiated secrets for the levels early_data/handshake/application.
|
|
|
|
The callback will be invoked several times during a handshake. Either both
|
|
or only the read or write secret might be provided. This does not mean the
|
|
given encryption level is already in effect.
|
|
|
|
\return 1 on success, 0 on failure.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
\param level - the encryption level the secrets are for
|
|
\param read_secret - the secret used in decryption at the given level, may be NULL.
|
|
\param write_secret - the secret used in encryption at the given level, may be NULL.
|
|
\param secret_len - the length of the secret
|
|
|
|
\sa wolfSSL_set_quic_method
|
|
*/
|
|
int (*set_encryption_secrets)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
|
|
const uint8_t *read_secret,
|
|
const uint8_t *write_secret, size_t secret_len);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Callback invoked for forwarding handshake CRYPTO data to peer.
|
|
The data forwarded this way is not encrypted. It is the job of the QUIC
|
|
protocol implementation to do this. Which secrets are to be used
|
|
is determined by the encryption level specified.
|
|
|
|
This callback may be invoked several times during handshake or post handshake
|
|
processing. The data may cover a complete CRYPTO record, but may also
|
|
be partial. However, the callback will have received all records data before
|
|
using another encryption level.
|
|
|
|
\return 1 on success, 0 on failure.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
\param level - the encryption level to use for encrypting the data
|
|
\param data - the data itself
|
|
\param len - the length of the data
|
|
|
|
\sa wolfSSL_set_quic_method
|
|
*/
|
|
int (*add_handshake_data)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
|
|
const uint8_t *data, size_t len);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Callback invoked for advisory flushing of the data to send.
|
|
|
|
\return 1 on success, 0 on failure.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
|
|
\sa wolfSSL_set_quic_method
|
|
*/
|
|
int (*flush_flight)(WOLFSSL *ssl);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Callback invoked when an SSL alert happened during processing.
|
|
|
|
\return 1 on success, 0 on failure.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
\param level - the encryption level in effect when the alert happened
|
|
\param alert - the error
|
|
|
|
\sa wolfSSL_set_quic_method
|
|
*/
|
|
int (*send_alert)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t alert);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Activate QUIC protocol for a WOLFSSL_CTX and all derived WOLFSSL instances
|
|
by providing the four callbacks required. The CTX needs to be a TLSv1.3 one.
|
|
|
|
The passed quic_method needs to have a lifetime outlasting the SSL instances.
|
|
It is not copied. All callbacks need to be provided.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param ctx - a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
|
|
\param quic_method - the callback structure
|
|
|
|
\sa wolfSSL_is_quic
|
|
\sa wolfSSL_set_quic_method
|
|
*/
|
|
int wolfSSL_CTX_set_quic_method(WOLFSSL_CTX *ctx, const WOLFSSL_QUIC_METHOD *quic_method);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Activate QUIC protocol for a WOLFSSL instance by providing the
|
|
four callbacks required. The WOLFSSL needs to be a TLSv1.3 one.
|
|
|
|
The passed quic_method needs to have a lifetime outlasting the SSL instance.
|
|
It is not copied. All callbacks need to be provided.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
\param quic_method - the callback structure
|
|
|
|
\sa wolfSSL_is_quic
|
|
\sa wolfSSL_CTX_set_quic_method
|
|
*/
|
|
int wolfSSL_set_quic_method(WOLFSSL *ssl, const WOLFSSL_QUIC_METHOD *quic_method);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Check if QUIC has been activated in a WOLFSSL instance.
|
|
|
|
\return 1 if WOLFSSL is using QUIC.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
|
|
\sa wolfSSL_CTX_quic_method
|
|
\sa wolfSSL_CTX_set_quic_method
|
|
*/
|
|
int wolfSSL_is_quic(WOLFSSL *ssl);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Determine the encryption level for reads currently in use. Meaningful only when
|
|
the WOLFSSL instance is using QUIC.
|
|
|
|
Note that the effective level is always a parameter when passing data back and
|
|
forth. Data from a peer might arrive at other levels than reported via this
|
|
function.
|
|
|
|
\return encryption level.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
|
|
\sa wolfSSL_quic_write_level
|
|
*/
|
|
WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_read_level(const WOLFSSL *ssl);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Determine the encryption level for writes currently in use. Meaningful only when
|
|
the WOLFSSL instance is using QUIC.
|
|
|
|
Note that the effective level is always a parameter when passing data back and
|
|
forth. Data from a peer might arrive at other levels than reported via this
|
|
function.
|
|
|
|
\return encryption level.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
|
|
\sa wolfSSL_quic_read_level
|
|
*/
|
|
WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_write_level(const WOLFSSL *ssl);
|
|
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Configure which QUIC version shall be used. Without calling this,
|
|
the WOLFSSL will offer both (draft-27 and v1) to a server, resp. accept
|
|
both from a client and negotiate the most recent one.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
\param use_legacy - true if draft-27 shall be used, 0 if only QUICv1 is used.
|
|
|
|
\sa wolfSSL_set_quic_transport_version
|
|
*/
|
|
void wolfSSL_set_quic_use_legacy_codepoint(WOLFSSL *ssl, int use_legacy);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Configure which QUIC version shall be used.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
\param version - the TLS Extension defined for the QUIC version.
|
|
|
|
\sa wolfSSL_set_quic_use_legacy_codepoint
|
|
*/
|
|
void wolfSSL_set_quic_transport_version(WOLFSSL *ssl, int version);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Get the configured QUIC version.
|
|
|
|
\return TLS Extension of configured version.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
|
|
\sa wolfSSL_set_quic_use_legacy_codepoint
|
|
\sa wolfSSL_set_quic_transport_version
|
|
*/
|
|
int wolfSSL_get_quic_transport_version(const WOLFSSL *ssl);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Set the QUIC transport parameters to use.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
\param params - the parameter bytes to use
|
|
·param params_len - the length of the parameters
|
|
|
|
\sa wolfSSL_set_quic_use_legacy_codepoint
|
|
\sa wolfSSL_set_quic_transport_version
|
|
*/
|
|
int wolfSSL_set_quic_transport_params(WOLFSSL *ssl, const uint8_t *params, size_t params_len);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Get the negotiated QUIC transport version. This will only give
|
|
meaningful results when called after the respective TLS extensions have
|
|
been seen from the peer.
|
|
|
|
\return the negotiated version or -1.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
|
|
\sa wolfSSL_set_quic_use_legacy_codepoint
|
|
\sa wolfSSL_set_quic_transport_version
|
|
*/
|
|
int wolfSSL_get_peer_quic_transport_version(const WOLFSSL *ssl);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Get the negotiated QUIC transport parameters. This will only give
|
|
meaningful results when called after the respective TLS extensions have
|
|
been seen from the peer.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
\param out_params - the parameters sent be the peer, set to NULL if not available.
|
|
\param out_params_len - the length of the parameters sent be the peer, set to 0 if not available
|
|
|
|
\sa wolfSSL_get_peer_quic_transport_version
|
|
*/
|
|
void wolfSSL_get_peer_quic_transport_params(const WOLFSSL *ssl, const uint8_t **out_params, size_t *out_params_len);
|
|
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Configure if Early Data is enabled. Intended for servers to signal
|
|
this to clients.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
\param enabled - != 0 iff early data is enabled
|
|
|
|
*/
|
|
void wolfSSL_set_quic_early_data_enabled(WOLFSSL *ssl, int enabled);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Get advice on the amount of data that shall be "in flight", e.g. unacknowledged
|
|
at the given encryption level. This is the amount of data the WOLFSSL instance
|
|
is prepared to buffer.
|
|
|
|
\return the recommend max data in flight
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
\param level - the encryption level to inquire about
|
|
|
|
*/
|
|
size_t wolfSSL_quic_max_handshake_flight_len(const WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level);
|
|
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Pass decrypted CRYPTO data to the WOLFSSL instance for further processing.
|
|
The encryption level between calls is only every allowed to increase and it is
|
|
also checked that data records are complete before a change in encryption
|
|
level is accepted.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
\param level - the level the data was encrypted at
|
|
\param data - the data itself
|
|
\param len - the length of the data
|
|
|
|
\sa wolfSSL_process_quic_post_handshake
|
|
\sa wolfSSL_quic_read_write
|
|
\sa wolfSSL_accept
|
|
\sa wolfSSL_connect
|
|
*/
|
|
int wolfSSL_provide_quic_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *data, size_t len);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Process any CRYPTO records that have been provided after the handshake
|
|
has completed. Will fail if called before that.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
|
|
\sa wolfSSL_provide_quic_data
|
|
\sa wolfSSL_quic_read_write
|
|
\sa wolfSSL_accept
|
|
\sa wolfSSL_connect
|
|
*/
|
|
WOLFSSL_API int wolfSSL_process_quic_post_handshake(WOLFSSL *ssl);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Process any CRYPTO records that have been provided during or after the handshake.
|
|
Will progress the handshake if not already complete and otherwise work like
|
|
wolfSSL_process_quic_post_handshake().
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
|
|
\sa wolfSSL_provide_quic_data
|
|
\sa wolfSSL_quic_read_write
|
|
\sa wolfSSL_accept
|
|
\sa wolfSSL_connect
|
|
*/
|
|
int wolfSSL_quic_read_write(WOLFSSL *ssl);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Get the AEAD cipher negotiated in the TLS handshake.
|
|
|
|
\return negotiated cipher or NULL if not determined.
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
|
|
\sa wolfSSL_quic_aead_is_gcm
|
|
\sa wolfSSL_quic_aead_is_ccm
|
|
\sa wolfSSL_quic_aead_is_chacha20
|
|
\sa wolfSSL_quic_get_aead_tag_len
|
|
\sa wolfSSL_quic_get_md
|
|
\sa wolfSSL_quic_get_hp
|
|
\sa wolfSSL_quic_crypt_new
|
|
\sa wolfSSL_quic_aead_encrypt
|
|
\sa wolfSSL_quic_aead_decrypt
|
|
*/
|
|
const WOLFSSL_EVP_CIPHER *wolfSSL_quic_get_aead(WOLFSSL *ssl);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Check if the AEAD cipher is GCM.
|
|
|
|
\return != 0 iff the AEAD cipher is GCM.
|
|
|
|
\param cipher - the cipher
|
|
|
|
\sa wolfSSL_quic_get_aead
|
|
\sa wolfSSL_quic_aead_is_ccm
|
|
\sa wolfSSL_quic_aead_is_chacha20
|
|
\sa wolfSSL_quic_get_aead_tag_len
|
|
\sa wolfSSL_quic_get_md
|
|
\sa wolfSSL_quic_get_hp
|
|
\sa wolfSSL_quic_crypt_new
|
|
\sa wolfSSL_quic_aead_encrypt
|
|
\sa wolfSSL_quic_aead_decrypt
|
|
*/
|
|
int wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER *aead_cipher);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Check if the AEAD cipher is CCM.
|
|
|
|
\return != 0 iff the AEAD cipher is CCM.
|
|
|
|
\param cipher - the cipher
|
|
|
|
\sa wolfSSL_quic_get_aead
|
|
\sa wolfSSL_quic_aead_is_gcm
|
|
\sa wolfSSL_quic_aead_is_chacha20
|
|
\sa wolfSSL_quic_get_aead_tag_len
|
|
\sa wolfSSL_quic_get_md
|
|
\sa wolfSSL_quic_get_hp
|
|
\sa wolfSSL_quic_crypt_new
|
|
\sa wolfSSL_quic_aead_encrypt
|
|
\sa wolfSSL_quic_aead_decrypt
|
|
*/
|
|
int wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER *aead_cipher);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Check if the AEAD cipher is CHACHA20.
|
|
|
|
\return != 0 iff the AEAD cipher is CHACHA20.
|
|
|
|
\param cipher - the cipher
|
|
|
|
\sa wolfSSL_quic_get_aead
|
|
\sa wolfSSL_quic_aead_is_ccm
|
|
\sa wolfSSL_quic_aead_is_gcm
|
|
\sa wolfSSL_quic_get_aead_tag_len
|
|
\sa wolfSSL_quic_get_md
|
|
\sa wolfSSL_quic_get_hp
|
|
\sa wolfSSL_quic_crypt_new
|
|
\sa wolfSSL_quic_aead_encrypt
|
|
\sa wolfSSL_quic_aead_decrypt
|
|
*/
|
|
int wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER *aead_cipher);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Determine the tag length for the AEAD cipher.
|
|
|
|
\return tag length of AEAD cipher.
|
|
|
|
\param cipher - the cipher
|
|
|
|
\sa wolfSSL_quic_get_aead
|
|
*/
|
|
WOLFSSL_API size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER *aead_cipher);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Determine the message digest negotiated in the TLS handshake.
|
|
|
|
\return the message digest negotiated in the TLS handshake
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
|
|
\sa wolfSSL_quic_get_aead
|
|
\sa wolfSSL_quic_get_hp
|
|
*/
|
|
WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_quic_get_md(WOLFSSL *ssl);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Determine the header protection cipher negotiated in the TLS handshake.
|
|
|
|
\return the header protection cipher negotiated in the TLS handshake
|
|
|
|
\param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
|
|
|
|
\sa wolfSSL_quic_get_aead
|
|
\sa wolfSSL_quic_get_md
|
|
*/
|
|
const WOLFSSL_EVP_CIPHER *wolfSSL_quic_get_hp(WOLFSSL *ssl);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Create a cipher context for en-/decryption.
|
|
|
|
\return the created context or NULL in case of errors.
|
|
|
|
\param cipher - the cipher to use in the context.
|
|
\param key - the key to use in the context.
|
|
\param iv - the iv to use in the context.
|
|
\param encrypt - != 0 if for encryption, otherwise decryption
|
|
|
|
\sa wolfSSL_quic_get_aead
|
|
\sa wolfSSL_quic_get_hp
|
|
\sa wolfSSL_quic_aead_encrypt
|
|
\sa wolfSSL_quic_aead_decrypt
|
|
*/
|
|
WOLFSSL_EVP_CIPHER_CTX *wolfSSL_quic_crypt_new(const WOLFSSL_EVP_CIPHER *cipher,
|
|
const uint8_t *key, const uint8_t *iv, int encrypt);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Encrypt the plain text in the given context.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param dest - destination where encrypted data is to be written
|
|
\param aead_ctx - the cipher context to use
|
|
\param plain - the plain data to encrypt
|
|
\param plainlen - the length of the plain data
|
|
\param iv - the iv to use
|
|
\param aad - the add to use
|
|
\param aadlen - the length of the aad
|
|
|
|
\sa wolfSSL_quic_get_aead
|
|
\sa wolfSSL_quic_get_hp
|
|
\sa wolfSSL_quic_crypt_new
|
|
\sa wolfSSL_quic_aead_decrypt
|
|
*/
|
|
int wolfSSL_quic_aead_encrypt(uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *aead_ctx,
|
|
const uint8_t *plain, size_t plainlen,
|
|
const uint8_t *iv, const uint8_t *aad, size_t aadlen);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Decrypt the cipher text in the given context.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param dest - destination where plain text is to be written
|
|
\param ctx - the cipher context to use
|
|
\param enc - the encrypted data to decrypt
|
|
\param envlen - the length of the encrypted data
|
|
\param iv - the iv to use
|
|
\param aad - the add to use
|
|
\param aadlen - the length of the aad
|
|
|
|
\sa wolfSSL_quic_get_aead
|
|
\sa wolfSSL_quic_get_hp
|
|
\sa wolfSSL_quic_crypt_new
|
|
\sa wolfSSL_quic_aead_encrypt
|
|
*/
|
|
int wolfSSL_quic_aead_decrypt(uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *ctx,
|
|
const uint8_t *enc, size_t enclen,
|
|
const uint8_t *iv, const uint8_t *aad, size_t aadlen);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Extract a pseudo random key.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param dest - destination where key is to be written
|
|
\param md - message digest to use
|
|
\param secret - the secret to use
|
|
\param secretlen - the length of the secret
|
|
\param salt - the salt to use
|
|
\param saltlen - the length of the salt
|
|
|
|
\sa wolfSSL_quic_hkdf_expand
|
|
\sa wolfSSL_quic_hkdf
|
|
*/
|
|
int wolfSSL_quic_hkdf_extract(uint8_t *dest, const WOLFSSL_EVP_MD *md,
|
|
const uint8_t *secret, size_t secretlen,
|
|
const uint8_t *salt, size_t saltlen);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Expand a pseudo random key into a new key.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param dest - destination where key is to be written
|
|
\param destlen - length of the key to expand
|
|
\param md - message digest to use
|
|
\param secret - the secret to use
|
|
\param secretlen - the length of the secret
|
|
\param info - the info to use
|
|
\param infolen - the length of the info
|
|
|
|
\sa wolfSSL_quic_hkdf_extract
|
|
\sa wolfSSL_quic_hkdf
|
|
*/
|
|
int wolfSSL_quic_hkdf_expand(uint8_t *dest, size_t destlen,
|
|
const WOLFSSL_EVP_MD *md,
|
|
const uint8_t *secret, size_t secretlen,
|
|
const uint8_t *info, size_t infolen);
|
|
|
|
/*!
|
|
\ingroup QUIC
|
|
|
|
\brief Expand and Extract a pseudo random key.
|
|
|
|
\return WOLFSSL_SUCCESS If successful.
|
|
|
|
\param dest - destination where key is to be written
|
|
\param destlen - length of the key
|
|
\param md - message digest to use
|
|
\param secret - the secret to use
|
|
\param secretlen - the length of the secret
|
|
\param salt - the salt to use
|
|
\param saltlen - the length of the salt
|
|
\param info - the info to use
|
|
\param infolen - the length of the info
|
|
|
|
\sa wolfSSL_quic_hkdf_extract
|
|
\sa wolfSSL_quic_hkdf_expand
|
|
*/
|
|
int wolfSSL_quic_hkdf(uint8_t *dest, size_t destlen,
|
|
const WOLFSSL_EVP_MD *md,
|
|
const uint8_t *secret, size_t secretlen,
|
|
const uint8_t *salt, size_t saltlen,
|
|
const uint8_t *info, size_t infolen);
|