TLS 1.3 handshake framing and compact handshake-body codec helpers. More...

#include "qsccommon.h"
#include "tlscert.h"
#include "tlserrors.h"
#include "tlstypes.h"

Functions
QSC_EXPORT_API qsc_tls_status	qsc_tls_handshake_write_header (uint8_t output, size_t outlen, size_t offset, qsc_tls_handshake_type type, size_t bodylen)
	Write a TLS handshake header.
QSC_EXPORT_API qsc_tls_status	qsc_tls_handshake_read_header (const uint8_t input, size_t inlen, size_t offset, qsc_tls_handshake_type type, size_t bodylen)
	Read a TLS handshake header.
QSC_EXPORT_API qsc_tls_status	qsc_tls_handshake_send_change_cipher_spec_compat (uint8_t output, size_t outlen, size_t written)
	Encode the compatibility ChangeCipherSpec record used by TLS 1.3 middlebox mode.
QSC_EXPORT_API qsc_tls_status	qsc_tls_handshake_encode_finished (uint8_t output, size_t outlen, size_t offset, const uint8_t *verifydata, size_t verifydatalen)
	Encode the body of a Finished handshake message.
QSC_EXPORT_API qsc_tls_status	qsc_tls_handshake_decode_finished (const uint8_t input, size_t inlen, const uint8_t verifydata, size_t verifydatalen)
	Decode the body of a Finished handshake message.
QSC_EXPORT_API qsc_tls_status	qsc_tls_handshake_encode_certificate_verify (uint8_t output, size_t outlen, size_t offset, qsc_tls_signature_scheme scheme, const uint8_t *signature, size_t signaturelen)
	Encode the body of a CertificateVerify handshake message.
QSC_EXPORT_API qsc_tls_status	qsc_tls_handshake_decode_certificate_verify (const uint8_t input, size_t inlen, qsc_tls_signature_scheme scheme, const uint8_t *signature, size_t signaturelen)
	Decode the body of a CertificateVerify handshake message.
QSC_EXPORT_API qsc_tls_status	qsc_tls_handshake_encode_encrypted_extensions (uint8_t output, size_t outlen, size_t offset, const uint8_t *extensions, size_t extensionslen)
	Encode the body of an EncryptedExtensions handshake message.
QSC_EXPORT_API qsc_tls_status	qsc_tls_handshake_encode_key_update (uint8_t output, size_t outlen, size_t offset, bool requestupdate)
	Encode the body of a KeyUpdate handshake message.
QSC_EXPORT_API qsc_tls_status	qsc_tls_handshake_decode_key_update (const uint8_t input, size_t inlen, bool requestupdate)
	Decode the body of a KeyUpdate handshake message.

Detailed Description

TLS 1.3 handshake framing and compact handshake-body codec helpers.

This header contains helpers for writing and parsing the TLS 1.3 4-byte handshake header and for encoding or decoding a small set of compact handshake message bodies used by the current client and server state machines. It does not duplicate the full extension or certificate logic; those concerns remain in their dedicated modules.

Function Documentation

◆ qsc_tls_handshake_decode_certificate_verify()

QSC_EXPORT_API qsc_tls_status qsc_tls_handshake_decode_certificate_verify	(	const uint8_t *	input,
		size_t	inlen,
		qsc_tls_signature_scheme *	scheme,
		const uint8_t **	signature,
		size_t *	signaturelen )

Decode the body of a CertificateVerify handshake message.

The returned signature span aliases the input buffer.

Parameters

input	[const uint8_t*] The CertificateVerify message body.
inlen	[size_t] The body length in bytes.
scheme	[enum*] Receives the signature scheme identifier.
signature	[const uint8_t**] Receives a pointer to the encoded signature span.
signaturelen	[size_t*] Receives the signature length in bytes.

Returns: [qsc_tls_status] Returns qsc_tls_status_success on success.

◆ qsc_tls_handshake_decode_finished()

QSC_EXPORT_API qsc_tls_status qsc_tls_handshake_decode_finished	(	const uint8_t *	input,
		size_t	inlen,
		const uint8_t **	verifydata,
		size_t *	verifydatalen )

Decode the body of a Finished handshake message.

The returned verify-data span aliases the input buffer.

Parameters

input	[const uint8_t*] The Finished message body.
inlen	[size_t] The body length in bytes.
verifydata	[const uint8_t**] Receives a pointer to the verify_data span.
verifydatalen	[size_t*] Receives the verify_data length in bytes.

Returns: [qsc_tls_status] Returns qsc_tls_status_success on success.

◆ qsc_tls_handshake_decode_key_update()

QSC_EXPORT_API qsc_tls_status qsc_tls_handshake_decode_key_update	(	const uint8_t *	input,
		size_t	inlen,
		bool *	requestupdate )

Decode the body of a KeyUpdate handshake message.

Parameters

input	[const uint8_t*] The KeyUpdate message body.
inlen	[size_t] The body length in bytes.
requestupdate	[bool*] Receives true when the peer requests a reciprocal key update.

Returns: [qsc_tls_status] Returns qsc_tls_status_success on success.

◆ qsc_tls_handshake_encode_certificate_verify()

QSC_EXPORT_API qsc_tls_status qsc_tls_handshake_encode_certificate_verify	(	uint8_t *	output,
		size_t	outlen,
		size_t *	offset,
		qsc_tls_signature_scheme	scheme,
		const uint8_t *	signature,
		size_t	signaturelen )

Encode the body of a CertificateVerify handshake message.

Parameters

output	[uint8_t*] The destination output buffer.
outlen	[size_t] The destination buffer length in bytes.
offset	[size_t*] On input, the starting write offset; on success, advanced past the encoded body.
scheme	[enum] The signature scheme identifier.
signature	[const uint8_t*] The encoded signature bytes.
signaturelen	[size_t] The signature length in bytes.

Returns: [qsc_tls_status] Returns qsc_tls_status_success on success.

◆ qsc_tls_handshake_encode_encrypted_extensions()

QSC_EXPORT_API qsc_tls_status qsc_tls_handshake_encode_encrypted_extensions	(	uint8_t *	output,
		size_t	outlen,
		size_t *	offset,
		const uint8_t *	extensions,
		size_t	extensionslen )

Encode the body of an EncryptedExtensions handshake message.

Writes the supplied extensions block as the TLS vector carried by the message body. The caller is responsible for constructing the extension block contents.

Parameters

output	[uint8_t*] The destination output buffer.
outlen	[size_t] The destination buffer length in bytes.
offset	[size_t*] On input, the starting write offset; on success, advanced past the encoded body.
extensions	[const uint8_t*] The raw encoded extension block.
extensionslen	[size_t] The extension block length in bytes.

Returns: [qsc_tls_status] Returns qsc_tls_status_success on success.

◆ qsc_tls_handshake_encode_finished()

QSC_EXPORT_API qsc_tls_status qsc_tls_handshake_encode_finished	(	uint8_t *	output,
		size_t	outlen,
		size_t *	offset,
		const uint8_t *	verifydata,
		size_t	verifydatalen )

Encode the body of a Finished handshake message.

Parameters

output	[uint8_t*] The destination output buffer.
outlen	[size_t] The destination buffer length in bytes.
offset	[size_t*] On input, the starting write offset; on success, advanced past the encoded body.
verifydata	[const uint8_t*] The computed Finished verify_data bytes.
verifydatalen	[size_t] The verify_data length in bytes.

Returns: [qsc_tls_status] Returns qsc_tls_status_success on success.

◆ qsc_tls_handshake_encode_key_update()

QSC_EXPORT_API qsc_tls_status qsc_tls_handshake_encode_key_update	(	uint8_t *	output,
		size_t	outlen,
		size_t *	offset,
		bool	requestupdate )

Encode the body of a KeyUpdate handshake message.

Parameters

output	[uint8_t*] The destination output buffer.
outlen	[size_t] The destination buffer length in bytes.
offset	[size_t*] On input, the starting write offset; on success, advanced past the encoded body.
requestupdate	[bool] True to request that the peer also update its sending traffic keys.

Returns: [qsc_tls_status] Returns qsc_tls_status_success on success.

◆ qsc_tls_handshake_read_header()

QSC_EXPORT_API qsc_tls_status qsc_tls_handshake_read_header	(	const uint8_t *	input,
		size_t	inlen,
		size_t *	offset,
		qsc_tls_handshake_type *	type,
		size_t *	bodylen )

Read a TLS handshake header.

Parameters

input	[const uint8_t*] The input buffer containing the handshake header.
inlen	[size_t] The number of bytes available in input.
offset	[size_t*] On input, the starting read offset; on success, advanced by four bytes.
type	[enum*] Receives the decoded handshake type.
bodylen	[size_t*] Receives the decoded handshake body length in bytes.

Returns: [qsc_tls_status] Returns qsc_tls_status_success on success.

◆ qsc_tls_handshake_send_change_cipher_spec_compat()

QSC_EXPORT_API qsc_tls_status qsc_tls_handshake_send_change_cipher_spec_compat	(	uint8_t *	output,
		size_t	outlen,
		size_t *	written )

Encode the compatibility ChangeCipherSpec record used by TLS 1.3 middlebox mode.

Emits a plaintext TLS record carrying a one-byte ChangeCipherSpec fragment with value 0x01. This helper produces the full TLSPlaintext record rather than a handshake message body.

Parameters

output	[uint8_t*] The destination output buffer.
outlen	[size_t] The destination buffer length in bytes.
written	[size_t*] Receives the number of bytes written.

Returns: [qsc_tls_status] Returns qsc_tls_status_success on success.

◆ qsc_tls_handshake_write_header()

QSC_EXPORT_API qsc_tls_status qsc_tls_handshake_write_header	(	uint8_t *	output,
		size_t	outlen,
		size_t *	offset,
		qsc_tls_handshake_type	type,
		size_t	bodylen )

Write a TLS handshake header.

Writes the 1-byte handshake type followed by the 24-bit body length field. The function emits only the header and does not append the message body.

Parameters

output	[uint8_t*] The destination output buffer.
outlen	[size_t] The destination buffer length in bytes.
offset	[size_t*] On input, the starting write offset; on success, advanced by four bytes.
type	[enum] The handshake message type.
bodylen	[size_t] The handshake body length in bytes.

Returns: [qsc_tls_status] Returns qsc_tls_status_success on success.

Functions

Detailed Description

Function Documentation

◆ qsc_tls_handshake_decode_certificate_verify()

◆ qsc_tls_handshake_decode_finished()

◆ qsc_tls_handshake_decode_key_update()

◆ qsc_tls_handshake_encode_certificate_verify()

◆ qsc_tls_handshake_encode_encrypted_extensions()

◆ qsc_tls_handshake_encode_finished()

◆ qsc_tls_handshake_encode_key_update()

◆ qsc_tls_handshake_read_header()

◆ qsc_tls_handshake_send_change_cipher_spec_compat()

◆ qsc_tls_handshake_write_header()