QSC/tlskeyschedule_8h_source.html

/* 2020-2026 Quantum Resistant Cryptographic Solutions Corporation

 * All Rights Reserved.

 *

 * NOTICE:

 * This software and all accompanying materials are the exclusive property of

 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual

 * and technical concepts contained herein are proprietary to QRCS and are

 * protected under applicable Canadian, U.S., and international copyright,

 * patent, and trade secret laws.

 *

 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:

 * - This software includes implementations of cryptographic primitives and

 *   algorithms that are standardized or in the public domain, such as AES

 *   and SHA-3, which are not proprietary to QRCS.

 * - This software also includes cryptographic primitives, constructions, and

 *   algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and

 *   related components, which are proprietary to QRCS.

 * - All source code, implementations, protocol compositions, optimizations,

 *   parameter selections, and engineering work contained in this software are

 *   original works of QRCS and are protected under this license.

 *

 * LICENSE AND USE RESTRICTIONS:

 * - This software is licensed under the Quantum Resistant Cryptographic Solutions

 *   Public Research and Evaluation License (QRCS-PREL), 2025-2026.

 * - Permission is granted solely for non-commercial evaluation, academic research,

 *   cryptographic analysis, interoperability testing, and feasibility assessment.

 * - Commercial use, production deployment, commercial redistribution, or

 *   integration into products or services is strictly prohibited without a

 *   separate written license agreement executed with QRCS.

 * - Licensing and authorized distribution are solely at the discretion of QRCS.

 *

 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:

 * Portions of this software may include experimental, novel, or evolving

 * cryptographic designs. Use of this software is entirely at the user's risk.

 *

 * DISCLAIMER:

 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS

 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL

 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES

 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.

 *

 * FULL LICENSE:

 * This software is subject to the Quantum Resistant Cryptographic Solutions

 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms

 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.

 *

 * Written by: John G. Underhill

 * Contact: contact@qrcscorp.ca

 */


#ifndef QSC_TLS_KEYSCHEDULE_H

#define QSC_TLS_KEYSCHEDULE_H


#include "qsccommon.h"

#include "tlserrors.h"

#include "tlstypes.h"

#include "tlsstate.h"


QSC_CPLUSPLUS_ENABLED_START


    typedef struct qsc_tls_key_schedule_state

{

    uint8_t binderkey[QSC_TLS_HASH_MAX_SIZE];

    uint8_t clientapplicationtrafficsecret[QSC_TLS_HASH_MAX_SIZE];

    uint8_t clientearlytrafficsecret[QSC_TLS_HASH_MAX_SIZE];

    uint8_t clienthandshaketrafficsecret[QSC_TLS_HASH_MAX_SIZE];

    uint8_t earlyexportermastersecret[QSC_TLS_HASH_MAX_SIZE];

    uint8_t exportermastersecret[QSC_TLS_HASH_MAX_SIZE];

    uint8_t earlysecret[QSC_TLS_HASH_MAX_SIZE];

    uint8_t handshakesecret[QSC_TLS_HASH_MAX_SIZE];

    uint8_t mastersecret[QSC_TLS_HASH_MAX_SIZE];

    uint8_t resumptionmastersecret[QSC_TLS_HASH_MAX_SIZE];

    uint8_t serverhandshaketrafficsecret[QSC_TLS_HASH_MAX_SIZE];

    uint8_t serverapplicationtrafficsecret[QSC_TLS_HASH_MAX_SIZE];

    size_t digestsize;

    qsc_tls_hash_algorithm hash;

    bool binderderived;

    bool earlydone;

    bool earlytrafficderived;

    bool handshakedone;

    bool initialized;

    bool masterdone;

} qsc_tls_key_schedule_state;


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_state_initialize(qsc_tls_key_schedule_state* state, qsc_tls_hash_algorithm hash);


QSC_EXPORT_API void qsc_tls_keyschedule_state_dispose(qsc_tls_key_schedule_state* state);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_hkdf_extract(qsc_tls_hash_algorithm hash, const uint8_t* salt, size_t saltlen, const uint8_t* ikm,

    size_t ikmlen, uint8_t* output, size_t outlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_hkdf_expand(qsc_tls_hash_algorithm hash, const uint8_t* prk, size_t prklen, const uint8_t* info,

    size_t infolen, uint8_t* output, size_t outlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_hkdf_expand_label(qsc_tls_hash_algorithm hash, const uint8_t* secret, size_t secretlen,

    const char* label, size_t labellen, const uint8_t* context, size_t contextlen, uint8_t* output, size_t outlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_secret_with_hash(qsc_tls_hash_algorithm hash, const uint8_t* secret, size_t secretlen,

    const char* label, size_t labellen, const uint8_t* transcripthash, size_t transcripthashlen, uint8_t* output, size_t outlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_secret_empty(qsc_tls_hash_algorithm hash, const uint8_t* secret, size_t secretlen,

    const char* label, size_t labellen, uint8_t* output, size_t outlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_extract_early_secret(qsc_tls_key_schedule_state* state, const uint8_t* psk, size_t psklen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_extract_handshake_secret(qsc_tls_key_schedule_state* state, const uint8_t* dhe, size_t dhelen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_extract_master_secret(qsc_tls_key_schedule_state* state);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_handshake_traffic_secrets(qsc_tls_key_schedule_state* state, const uint8_t* transcripthash, size_t transcripthashlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_application_traffic_secrets(qsc_tls_key_schedule_state* state, const uint8_t* transcripthash, size_t transcripthashlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_exporter_master_secret(qsc_tls_key_schedule_state* state, const uint8_t* transcripthash, size_t transcripthashlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_resumption_master_secret(qsc_tls_key_schedule_state* state, const uint8_t* transcripthash, size_t transcripthashlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_traffic_keys(qsc_tls_hash_algorithm hash,

    const uint8_t* trafficsecret, size_t trafficsecretlen, size_t keylen, size_t ivlen, uint8_t* keyoutput, uint8_t* ivoutput);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_advance_traffic_secret(qsc_tls_hash_algorithm hash, const uint8_t* currenttrafficsecret,

    size_t trafficsecretlen, uint8_t* nexttrafficsecret);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_compute_finished(qsc_tls_hash_algorithm hash, const uint8_t* basekey, size_t basekeylen,

    const uint8_t* transcripthash, size_t transcripthashlen, uint8_t* output, size_t outlen, size_t* written);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_verify_finished(qsc_tls_hash_algorithm hash, const uint8_t* basekey, size_t basekeylen,

    const uint8_t* transcripthash, size_t transcripthashlen, const uint8_t* candidate, size_t candidatelen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_build_certificate_verify_input(const char* contextstring, const uint8_t* transcripthash,

    size_t transcripthashlen, uint8_t* output, size_t outlen, size_t* written);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_suite_record_sizes(qsc_tls_cipher_suite suite, size_t* keylen, size_t* ivlen);


QSC_EXPORT_API qsc_tls_hash_algorithm qsc_tls_keyschedule_suite_hash(qsc_tls_cipher_suite suite);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_resumption_psk(const qsc_tls_key_schedule_state* state, const uint8_t* nonce,

    size_t noncelen, uint8_t* output, size_t outlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_binder_key(qsc_tls_key_schedule_state* state, bool external);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_client_early_traffic_secret(qsc_tls_key_schedule_state* state, const uint8_t* transcripthash, size_t transcripthashlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_early_exporter_secret(qsc_tls_key_schedule_state* state, const uint8_t* transcripthash, size_t transcripthashlen);


QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_compute_psk_binder(qsc_tls_hash_algorithm hash, const uint8_t* binderkey, size_t binderkeylen,

    const uint8_t* partialtranshash, size_t transcripthashlen, uint8_t* output, size_t outlen, size_t* written);


QSC_CPLUSPLUS_ENABLED_END


#endif

qsccommon.h
Contains common definitions for the Quantum Secure Cryptographic (QSC) library.

QSC_EXPORT_API
#define QSC_EXPORT_API
API export macro for Microsoft compilers when importing from a DLL.
Definition qsccommon.h:645

qsc_tls_key_schedule_state
TLS 1.3 key schedule state and derived secret container.
Definition tlskeyschedule.h:129

qsc_tls_key_schedule_state::clienthandshaketrafficsecret
uint8_t clienthandshaketrafficsecret[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:133

qsc_tls_key_schedule_state::handshakedone
bool handshakedone
Definition tlskeyschedule.h:147

qsc_tls_key_schedule_state::mastersecret
uint8_t mastersecret[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:138

qsc_tls_key_schedule_state::earlyexportermastersecret
uint8_t earlyexportermastersecret[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:134

qsc_tls_key_schedule_state::masterdone
bool masterdone
Definition tlskeyschedule.h:149

qsc_tls_key_schedule_state::hash
qsc_tls_hash_algorithm hash
Definition tlskeyschedule.h:143

qsc_tls_key_schedule_state::digestsize
size_t digestsize
Definition tlskeyschedule.h:142

qsc_tls_key_schedule_state::earlydone
bool earlydone
Definition tlskeyschedule.h:145

qsc_tls_key_schedule_state::binderderived
bool binderderived
Definition tlskeyschedule.h:144

qsc_tls_key_schedule_state::earlysecret
uint8_t earlysecret[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:136

qsc_tls_key_schedule_state::earlytrafficderived
bool earlytrafficderived
Definition tlskeyschedule.h:146

qsc_tls_key_schedule_state::clientapplicationtrafficsecret
uint8_t clientapplicationtrafficsecret[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:131

qsc_tls_key_schedule_state::handshakesecret
uint8_t handshakesecret[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:137

qsc_tls_key_schedule_state::resumptionmastersecret
uint8_t resumptionmastersecret[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:139

qsc_tls_key_schedule_state::serverapplicationtrafficsecret
uint8_t serverapplicationtrafficsecret[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:141

qsc_tls_key_schedule_state::clientearlytrafficsecret
uint8_t clientearlytrafficsecret[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:132

qsc_tls_key_schedule_state::exportermastersecret
uint8_t exportermastersecret[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:135

qsc_tls_key_schedule_state::binderkey
uint8_t binderkey[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:130

qsc_tls_key_schedule_state::initialized
bool initialized
Definition tlskeyschedule.h:148

qsc_tls_key_schedule_state::serverhandshaketrafficsecret
uint8_t serverhandshaketrafficsecret[QSC_TLS_HASH_MAX_SIZE]
Definition tlskeyschedule.h:140

QSC_TLS_HASH_MAX_SIZE
#define QSC_TLS_HASH_MAX_SIZE
Defines the maximum supported transcript hash size in bytes.
Definition tlsdefs.h:120

tlserrors.h
TLS status code definitions and diagnostic string conversion.

qsc_tls_status
qsc_tls_status
Definition tlserrors.h:65

qsc_tls_keyschedule_extract_handshake_secret
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_extract_handshake_secret(qsc_tls_key_schedule_state *state, const uint8_t *dhe, size_t dhelen)
Extract the TLS 1.3 handshake secret.
Definition tlskeyschedule.c:461

qsc_tls_keyschedule_extract_master_secret
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_extract_master_secret(qsc_tls_key_schedule_state *state)
Extract the TLS 1.3 master secret.
Definition tlskeyschedule.c:500

qsc_tls_keyschedule_derive_early_exporter_secret
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_early_exporter_secret(qsc_tls_key_schedule_state *state, const uint8_t *transcripthash, size_t transcripthashlen)
Derive the early exporter master secret.
Definition tlskeyschedule.c:915

qsc_tls_keyschedule_state_initialize
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_state_initialize(qsc_tls_key_schedule_state *state, qsc_tls_hash_algorithm hash)
Initialize a TLS key schedule state.
Definition tlskeyschedule.c:383

qsc_tls_keyschedule_hkdf_expand
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_hkdf_expand(qsc_tls_hash_algorithm hash, const uint8_t *prk, size_t prklen, const uint8_t *info, size_t infolen, uint8_t *output, size_t outlen)
Perform HKDF-Expand for the selected TLS hash algorithm.
Definition tlskeyschedule.c:144

qsc_tls_keyschedule_derive_application_traffic_secrets
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_application_traffic_secrets(qsc_tls_key_schedule_state *state, const uint8_t *transcripthash, size_t transcripthashlen)
Derive the client and server application traffic secrets.
Definition tlskeyschedule.c:556

qsc_tls_keyschedule_suite_hash
QSC_EXPORT_API qsc_tls_hash_algorithm qsc_tls_keyschedule_suite_hash(qsc_tls_cipher_suite suite)
Resolve the hash algorithm associated with a TLS cipher suite.
Definition tlskeyschedule.c:807

qsc_tls_keyschedule_derive_binder_key
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_binder_key(qsc_tls_key_schedule_state *state, bool external)
Derive the TLS 1.3 PSK binder key.
Definition tlskeyschedule.c:859

qsc_tls_keyschedule_suite_record_sizes
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_suite_record_sizes(qsc_tls_cipher_suite suite, size_t *keylen, size_t *ivlen)
Resolve record protection key and IV lengths for a TLS cipher suite.
Definition tlskeyschedule.c:757

qsc_tls_keyschedule_derive_resumption_master_secret
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_resumption_master_secret(qsc_tls_key_schedule_state *state, const uint8_t *transcripthash, size_t transcripthashlen)
Derive the resumption master secret.
Definition tlskeyschedule.c:597

qsc_tls_keyschedule_extract_early_secret
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_extract_early_secret(qsc_tls_key_schedule_state *state, const uint8_t *psk, size_t psklen)
Extract the TLS 1.3 early secret.
Definition tlskeyschedule.c:426

qsc_tls_keyschedule_derive_exporter_master_secret
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_exporter_master_secret(qsc_tls_key_schedule_state *state, const uint8_t *transcripthash, size_t transcripthashlen)
Derive the exporter master secret.
Definition tlskeyschedule.c:579

qsc_tls_keyschedule_verify_finished
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_verify_finished(qsc_tls_hash_algorithm hash, const uint8_t *basekey, size_t basekeylen, const uint8_t *transcripthash, size_t transcripthashlen, const uint8_t *candidate, size_t candidatelen)
Verify a TLS 1.3 Finished verify_data value.
Definition tlskeyschedule.c:724

qsc_tls_keyschedule_derive_handshake_traffic_secrets
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_handshake_traffic_secrets(qsc_tls_key_schedule_state *state, const uint8_t *transcripthash, size_t transcripthashlen)
Derive the client and server handshake traffic secrets.
Definition tlskeyschedule.c:533

qsc_tls_keyschedule_hkdf_extract
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_hkdf_extract(qsc_tls_hash_algorithm hash, const uint8_t *salt, size_t saltlen, const uint8_t *ikm, size_t ikmlen, uint8_t *output, size_t outlen)
Perform HKDF-Extract for the selected TLS hash algorithm.
Definition tlskeyschedule.c:102

qsc_tls_keyschedule_hkdf_expand_label
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_hkdf_expand_label(qsc_tls_hash_algorithm hash, const uint8_t *secret, size_t secretlen, const char *label, size_t labellen, const uint8_t *context, size_t contextlen, uint8_t *output, size_t outlen)
Perform TLS 1.3 HKDF-Expand-Label.
Definition tlskeyschedule.c:166

qsc_tls_keyschedule_build_certificate_verify_input
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_build_certificate_verify_input(const char *contextstring, const uint8_t *transcripthash, size_t transcripthashlen, uint8_t *output, size_t outlen, size_t *written)
Build the TLS 1.3 CertificateVerify signature input.
Definition tlskeyschedule.c:312

qsc_tls_keyschedule_derive_client_early_traffic_secret
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_client_early_traffic_secret(qsc_tls_key_schedule_state *state, const uint8_t *transcripthash, size_t transcripthashlen)
Derive the client early traffic secret for 0-RTT data.
Definition tlskeyschedule.c:894

qsc_tls_keyschedule_derive_secret_with_hash
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_secret_with_hash(qsc_tls_hash_algorithm hash, const uint8_t *secret, size_t secretlen, const char *label, size_t labellen, const uint8_t *transcripthash, size_t transcripthashlen, uint8_t *output, size_t outlen)
Derive a TLS 1.3 secret using a supplied transcript hash.
Definition tlskeyschedule.c:231

qsc_tls_keyschedule_derive_secret_empty
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_secret_empty(qsc_tls_hash_algorithm hash, const uint8_t *secret, size_t secretlen, const char *label, size_t labellen, uint8_t *output, size_t outlen)
Derive a TLS 1.3 secret using the hash of the empty string.
Definition tlskeyschedule.c:258

qsc_tls_keyschedule_derive_traffic_keys
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_traffic_keys(qsc_tls_hash_algorithm hash, const uint8_t *trafficsecret, size_t trafficsecretlen, size_t keylen, size_t ivlen, uint8_t *keyoutput, uint8_t *ivoutput)
Derive record protection key and IV material from a traffic secret.
Definition tlskeyschedule.c:615

qsc_tls_keyschedule_derive_resumption_psk
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_derive_resumption_psk(const qsc_tls_key_schedule_state *state, const uint8_t *nonce, size_t noncelen, uint8_t *output, size_t outlen)
Derive a resumption PSK from the resumption master secret.
Definition tlskeyschedule.c:834

qsc_tls_keyschedule_state_dispose
QSC_EXPORT_API void qsc_tls_keyschedule_state_dispose(qsc_tls_key_schedule_state *state)
Dispose of a TLS key schedule state.
Definition tlskeyschedule.c:416

qsc_tls_keyschedule_compute_finished
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_compute_finished(qsc_tls_hash_algorithm hash, const uint8_t *basekey, size_t basekeylen, const uint8_t *transcripthash, size_t transcripthashlen, uint8_t *output, size_t outlen, size_t *written)
Compute a TLS 1.3 Finished verify_data value.
Definition tlskeyschedule.c:645

qsc_tls_keyschedule_advance_traffic_secret
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_advance_traffic_secret(qsc_tls_hash_algorithm hash, const uint8_t *currenttrafficsecret, size_t trafficsecretlen, uint8_t *nexttrafficsecret)
Advance an application traffic secret for TLS KeyUpdate.
Definition tlskeyschedule.c:640

qsc_tls_keyschedule_compute_psk_binder
QSC_EXPORT_API qsc_tls_status qsc_tls_keyschedule_compute_psk_binder(qsc_tls_hash_algorithm hash, const uint8_t *binderkey, size_t binderkeylen, const uint8_t *partialtranshash, size_t transcripthashlen, uint8_t *output, size_t outlen, size_t *written)
Compute a TLS 1.3 PSK binder MAC.
Definition tlskeyschedule.c:931

tlsstate.h
TLS internal state container type definitions shared across the record and handshake layers.

tlstypes.h
Public TLS type definitions.

qsc_tls_cipher_suite
qsc_tls_cipher_suite
TLS 1.3 cipher-suite identifiers.
Definition tlstypes.h:129

qsc_tls_hash_algorithm
qsc_tls_hash_algorithm
Identifies the transcript and HKDF hash algorithm associated with a TLS cipher suite.
Definition tlstypes.h:69