forked from nachaphon-phontree/TrustTunnelClient
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtls13_utils.cpp
More file actions
51 lines (39 loc) · 1.62 KB
/
tls13_utils.cpp
File metadata and controls
51 lines (39 loc) · 1.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#include "net/tls13_utils.h"
#include <span>
#include <ngtcp2/ngtcp2_crypto.h>
#include <openssl/evp.h>
#include "common/defs.h"
extern "C" void ngtcp2_crypto_ctx_initial(ngtcp2_crypto_ctx *ctx);
namespace ag::tls13_utils {
bool hkdf_extract(std::span<uint8_t> dest, std::span<const uint8_t> secret, std::span<const uint8_t> salt) {
// SHA256 is used for QUIC [rfc 9001 5.2]
const EVP_MD *prf = EVP_sha256();
size_t dest_len = EVP_MD_size(prf);
if (dest.size() < dest_len) {
return false;
}
ngtcp2_crypto_ctx ctx;
ngtcp2_crypto_ctx_initial(&ctx);
return ngtcp2_crypto_hkdf_extract(dest.data(), &ctx.md, secret.data(), secret.size(), salt.data(), salt.size())
== 0;
}
bool hkdf_expand_label(std::span<uint8_t> dest, std::span<const uint8_t> secret, std::string_view label,
std::span<const uint8_t> context) {
std::string full_label = std::string("tls13 ") + label.data();
Uint8Vector info;
// 2 first bytes store out key length
info.push_back((uint8_t) (dest.size() >> CHAR_BIT));
info.push_back((uint8_t) dest.size());
// 3rd byte stores label length
info.push_back((uint8_t) full_label.size());
info.insert(info.end(), full_label.begin(), full_label.end());
// Context length
info.push_back((uint8_t) context.size());
info.insert(info.end(), context.begin(), context.end());
ngtcp2_crypto_ctx ctx;
ngtcp2_crypto_ctx_initial(&ctx);
return ngtcp2_crypto_hkdf_expand(
dest.data(), dest.size(), &ctx.md, secret.data(), secret.size(), info.data(), info.size())
== 0;
}
} // namespace ag::tls13_utils