cosmopolitan/third_party/mbedtls/ssl_tls13_keys.h

#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_SSL_TLS13_KEYS_H_
#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_SSL_TLS13_KEYS_H_
#include "third_party/mbedtls/md.h"
#include "third_party/mbedtls/ssl_internal.h"
COSMOPOLITAN_C_START_

#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0
#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED   1

/* The maximum length of HKDF contexts used in the TLS 1.3 standard.
 * Since contexts are always hashes of message transcripts, this can
 * be approximated from above by the maximum hash size. */
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN MBEDTLS_MD_MAX_SIZE

/* Maximum desired length for expanded key material generated
 * by HKDF-Expand-Label.
 *
 * Warning: If this ever needs to be increased, the implementation
 * ssl_tls1_3_hkdf_encode_label() in ssl_tls13_keys.c needs to be
 * adjusted since it currently assumes that HKDF key expansion
 * is never used with more than 255 Bytes of output. */
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255

/* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at
 * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union
 * below. */
#define MBEDTLS_SSL_TLS1_3_LABEL_LIST                    \
  MBEDTLS_SSL_TLS1_3_LABEL(finished, "finished")         \
  MBEDTLS_SSL_TLS1_3_LABEL(resumption, "resumption")     \
  MBEDTLS_SSL_TLS1_3_LABEL(traffic_upd, "traffic upd")   \
  MBEDTLS_SSL_TLS1_3_LABEL(exporter, "exporter")         \
  MBEDTLS_SSL_TLS1_3_LABEL(key, "key")                   \
  MBEDTLS_SSL_TLS1_3_LABEL(iv, "iv")                     \
  MBEDTLS_SSL_TLS1_3_LABEL(c_hs_traffic, "c hs traffic") \
  MBEDTLS_SSL_TLS1_3_LABEL(c_ap_traffic, "c ap traffic") \
  MBEDTLS_SSL_TLS1_3_LABEL(c_e_traffic, "c e traffic")   \
  MBEDTLS_SSL_TLS1_3_LABEL(s_hs_traffic, "s hs traffic") \
  MBEDTLS_SSL_TLS1_3_LABEL(s_ap_traffic, "s ap traffic") \
  MBEDTLS_SSL_TLS1_3_LABEL(s_e_traffic, "s e traffic")   \
  MBEDTLS_SSL_TLS1_3_LABEL(e_exp_master, "e exp master") \
  MBEDTLS_SSL_TLS1_3_LABEL(res_master, "res master")     \
  MBEDTLS_SSL_TLS1_3_LABEL(exp_master, "exp master")     \
  MBEDTLS_SSL_TLS1_3_LABEL(ext_binder, "ext binder")     \
  MBEDTLS_SSL_TLS1_3_LABEL(res_binder, "res binder")     \
  MBEDTLS_SSL_TLS1_3_LABEL(derived, "derived")

#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(LABEL) \
  mbedtls_ssl_tls1_3_labels.LABEL, sizeof(mbedtls_ssl_tls1_3_labels.LABEL)

#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \
  sizeof(union mbedtls_ssl_tls1_3_labels_union)

#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
  const unsigned char name[sizeof(string) - 1];
union mbedtls_ssl_tls1_3_labels_union {
  MBEDTLS_SSL_TLS1_3_LABEL_LIST
};
struct mbedtls_ssl_tls1_3_labels_struct {
  MBEDTLS_SSL_TLS1_3_LABEL_LIST
};
#undef MBEDTLS_SSL_TLS1_3_LABEL

extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;

int mbedtls_ssl_tls1_3_hkdf_expand_label(mbedtls_md_type_t,
                                         const unsigned char *, size_t,
                                         const unsigned char *, size_t,
                                         const unsigned char *, size_t,
                                         unsigned char *, size_t);
int mbedtls_ssl_tls1_3_make_traffic_keys(mbedtls_md_type_t,
                                         const unsigned char *,
                                         const unsigned char *, size_t, size_t,
                                         size_t, mbedtls_ssl_key_set *);
int mbedtls_ssl_tls1_3_derive_secret(mbedtls_md_type_t, const unsigned char *,
                                     size_t, const unsigned char *, size_t,
                                     const unsigned char *, size_t, int,
                                     unsigned char *, size_t);
int mbedtls_ssl_tls1_3_evolve_secret(mbedtls_md_type_t, const unsigned char *,
                                     const unsigned char *, size_t,
                                     unsigned char *);

COSMOPOLITAN_C_END_
#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_SSL_TLS13_KEYS_H_ */
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_SSL_TLS13_KEYS_H_`
			`#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_SSL_TLS13_KEYS_H_`
Flatten Mbed TLS directory structure 2021-06-16 03:18:59 +00:00			`#include "third_party/mbedtls/md.h"`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`#include "third_party/mbedtls/ssl_internal.h"`
			`COSMOPOLITAN_C_START_`
Get Mbed TLS to build This change configures Mbed TLS to support the fewest number of things possible required to run an HTTPS server that caters to the sweet spot of being legacy enough to support the vast majority of user agents but modern enough that Chrome and Firefox remain happy. That should entail - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_128_CBC_SHA Even though other suites still get included so what usually happens in practice is ECDHE-RSA-AES256-GCM-SHA384 under TLS 1.2 will be selected and the binary footprint is reasonable, and should cost us about 200kb 2021-06-16 02:52:02 +00:00
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0`
			`#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED 1`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/* The maximum length of HKDF contexts used in the TLS 1.3 standard.`
			`* Since contexts are always hashes of message transcripts, this can`
			`* be approximated from above by the maximum hash size. */`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN MBEDTLS_MD_MAX_SIZE`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/* Maximum desired length for expanded key material generated`
			`* by HKDF-Expand-Label.`
			`*`
			`* Warning: If this ever needs to be increased, the implementation`
			`* ssl_tls1_3_hkdf_encode_label() in ssl_tls13_keys.c needs to be`
			`* adjusted since it currently assumes that HKDF key expansion`
			`* is never used with more than 255 Bytes of output. */`
			`#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255`

Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`/* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at`
			`* the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union`
			`* below. */`
			`#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \`
			`MBEDTLS_SSL_TLS1_3_LABEL(finished, "finished") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(resumption, "resumption") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(traffic_upd, "traffic upd") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(exporter, "exporter") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(key, "key") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(iv, "iv") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(c_hs_traffic, "c hs traffic") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(c_ap_traffic, "c ap traffic") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(c_e_traffic, "c e traffic") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(s_hs_traffic, "s hs traffic") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(s_ap_traffic, "s ap traffic") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(s_e_traffic, "s e traffic") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(e_exp_master, "e exp master") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(res_master, "res master") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(exp_master, "exp master") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(ext_binder, "ext binder") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(res_binder, "res binder") \`
			`MBEDTLS_SSL_TLS1_3_LABEL(derived, "derived")`

			`#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(LABEL) \`
			`mbedtls_ssl_tls1_3_labels.LABEL, sizeof(mbedtls_ssl_tls1_3_labels.LABEL)`

			`#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \`
			`sizeof(union mbedtls_ssl_tls1_3_labels_union)`

			`#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \`
			`const unsigned char name[sizeof(string) - 1];`
			`union mbedtls_ssl_tls1_3_labels_union {`
			`MBEDTLS_SSL_TLS1_3_LABEL_LIST`
			`};`
			`struct mbedtls_ssl_tls1_3_labels_struct {`
			`MBEDTLS_SSL_TLS1_3_LABEL_LIST`
			`};`
			`#undef MBEDTLS_SSL_TLS1_3_LABEL`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`int mbedtls_ssl_tls1_3_hkdf_expand_label(mbedtls_md_type_t,`
			`const unsigned char *, size_t,`
			`const unsigned char *, size_t,`
			`const unsigned char *, size_t,`
			`unsigned char *, size_t);`
			`int mbedtls_ssl_tls1_3_make_traffic_keys(mbedtls_md_type_t,`
			`const unsigned char *,`
			`const unsigned char *, size_t, size_t,`
			`size_t, mbedtls_ssl_key_set *);`
			`int mbedtls_ssl_tls1_3_derive_secret(mbedtls_md_type_t, const unsigned char *,`
			`size_t, const unsigned char *, size_t,`
			`const unsigned char *, size_t, int,`
			`unsigned char *, size_t);`
			`int mbedtls_ssl_tls1_3_evolve_secret(mbedtls_md_type_t, const unsigned char *,`
			`const unsigned char *, size_t,`
			`unsigned char *);`

			`COSMOPOLITAN_C_END_`
			`#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_SSL_TLS13_KEYS_H_ */`