Expand description
TLS 1.3 Protocol Implementation (RFC 8446)
Provides a complete TLS 1.3 client implementation for VeridianOS, including:
- Record layer with fragmentation and encrypted record wrapping
- Full handshake state machine (ClientHello through Finished)
- Crypto primitives: ChaCha20-Poly1305, AES-128-GCM, X25519, HKDF-SHA256
- Simplified X.509 certificate parsing and chain validation
- Session ticket resumption and 0-RTT stubs
- Connection API: connect(), send(), recv(), close()
Cipher suites supported:
- TLS_AES_128_GCM_SHA256 (0x1301)
- TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Re-exports§
pub use certificate::TrustStore;pub use certificate::X509Certificate;pub use cipher::hkdf_expand;pub use cipher::hkdf_expand_label;pub use cipher::hkdf_extract;pub use cipher::hmac_sha256;pub use cipher::x25519_keypair;pub use handshake::ClientHello;pub use handshake::HandshakeEngine;pub use handshake::HandshakeState;pub use handshake::HandshakeType;pub use handshake::NamedGroup;pub use handshake::ServerHello;pub use handshake::SignatureScheme;pub use record::decrypt_record;pub use record::encrypt_record;pub use record::ContentType;pub use record::FragmentBuffer;pub use record::RecordHeader;pub use record::TlsRecord;
Modules§
- certificate
- X.509 Certificate Parsing and Validation
- cipher
- TLS 1.3 Cipher Suites and Cryptographic Primitives
- handshake
- TLS 1.3 Handshake State Machine (RFC 8446 Section 4)
- record
- TLS 1.3 Record Layer (RFC 8446 Section 5)
Structs§
- Session
Store - Session ticket store (limited size, FIFO eviction)
- Session
Ticket - Session ticket for TLS 1.3 resumption (PSK-based)
- TlsAlert
- TLS alert message
- TlsConnection
- TLS 1.3 connection state
Enums§
- Alert
Description - TLS 1.3 alert descriptions
- Alert
Level - TLS 1.3 alert levels
- Cipher
Suite - Cipher suites supported by this implementation
- Early
Data State - Early data configuration
- TlsError
- TLS connection errors