tls 1.3 init

include/gmssl/aes.h

@@ -46,7 +46,6 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef NO_AES
 
 #ifndef GMSSL_AES_H
 #define GMSSL_AES_H
@@ -83,11 +82,33 @@ typedef struct {
 int aes_set_encrypt_key(AES_KEY *aes_key, const uint8_t *key, size_t keylen);
 int aes_set_decrypt_key(AES_KEY *aes_key, const uint8_t *key, size_t keylen);
 void aes_encrypt(const AES_KEY *aes_key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
+
 void aes_decrypt(const AES_KEY *aes_key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
 
+void aes_cbc_encrypt(const AES_KEY *key, const uint8_t iv[16], const uint8_t *in, size_t nblocks, uint8_t *out);
+void aes_cbc_decrypt(const AES_KEY *key, const uint8_t iv[16], const uint8_t *in, size_t nblocks, uint8_t *out);
+
+int aes_cbc_padding_encrypt(const AES_KEY *key, const uint8_t iv[16],
+	const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t *outlen);
+
+int aes_cbc_padding_decrypt(const AES_KEY *key, const uint8_t iv[16],
+	const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t *outlen);
+
+void aes_ctr_encrypt(const AES_KEY *key, uint8_t ctr[16],
+	const uint8_t *in, size_t inlen, uint8_t *out);
+
+int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	uint8_t *out, const size_t taglen, uint8_t *tag);
+
+int aes_gcm_decrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	const uint8_t *tag, size_t taglen, uint8_t *out);
+
 
 #ifdef  __cplusplus
 }
 #endif
 #endif
-#endif

include/gmssl/asn1.h

@@ -49,9 +49,11 @@
 #ifndef GMSSL_ASN1_H
 #define GMSSL_ASN1_H
 
-#include <stdint.h>
-#include <stdlib.h>
+
 #include <time.h>
+#include <stdlib.h>
+#include <stdint.h>
+
 
 #if __cplusplus
 extern "C" {

include/gmssl/block_cipher.h

@@ -58,10 +58,12 @@
 #include <gmssl/aes.h>
 #include <gmssl/sm4.h>
 
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
+
 typedef struct BLOCK_CIPHER BLOCK_CIPHER;
 typedef struct BLOCK_CIPHER_KEY BLOCK_CIPHER_KEY;
 
@@ -73,15 +75,13 @@ struct BLOCK_CIPHER_KEY {
 	const BLOCK_CIPHER *cipher;
 };
 
-typedef int (*block_cipher_set_encrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *user_key, size_t keylen);
-typedef int (*block_cipher_set_decrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *user_key, size_t keylen);
+typedef void (*block_cipher_set_encrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
+typedef void (*block_cipher_set_decrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
 typedef void (*block_cipher_encrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
 typedef void (*block_cipher_decrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
 
 struct BLOCK_CIPHER {
-	int oid;
-	size_t key_min_size;
-	size_t key_max_size;
+	size_t key_size;
 	size_t block_size;
 	block_cipher_set_encrypt_key_func set_encrypt_key;
 	block_cipher_set_decrypt_key_func set_decrypt_key;
@@ -89,23 +89,13 @@ struct BLOCK_CIPHER {
 	block_cipher_decrypt_func decrypt;
 };
 
-int block_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const uint8_t *user_key, size_t keylen);
-int block_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const uint8_t *user_key, size_t keylen);
-void block_cipher_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
-void block_cipher_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+int block_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
+int block_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
+int block_cipher_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+int block_cipher_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
 
-const BLOCK_CIPHER *BLOCK_CIPHER_aes(void);
 const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void);
-const BLOCK_CIPHER *block_cipher_from_name(const char *name);
-
-void block_cipher_ecb_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, size_t nblocks, uint8_t *out);
-void block_cipher_ecb_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, size_t nblocks, uint8_t *out);
-void block_cipher_cbc_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv,
-	const uint8_t *in, size_t nblocks, uint8_t *out);
-void block_cipher_cbc_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv,
-	const uint8_t *in, size_t nblocks, uint8_t *out);
-void block_cipher_ctr_encrypt(const BLOCK_CIPHER_KEY *key, uint8_t *counter,
-	const uint8_t *in, size_t nblocks, uint8_t *out);
+const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void);
 
 
 

include/gmssl/chacha20.h

@@ -46,8 +46,6 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef NO_CHACHA20
-
 /* RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols" */
 
 #ifndef GMSSL_CHACHA20_H
@@ -97,4 +95,3 @@ void chacha20_generate_keystream(CHACHA20_STATE *state,
 }
 #endif
 #endif
-#endif

include/gmssl/crl.h

@@ -71,16 +71,6 @@ typedef enum X509_CRLReason {
 	X509_cr_aACompromise,
 } CRL_REASON;
 
-
-
-
-
-
-
-
-
-
-
 typedef struct {
 	uint8_t serial_number[20];
 	size_t serial_number_len;

include/gmssl/des.h

@@ -46,8 +46,6 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef NO_DES
-
 /* FIPS PUB 46-3 "Data Encryption Standard (DES)" */
 
 #ifndef GMSSL_DES_H
@@ -95,4 +93,3 @@ void des_ede_encrypt(DES_EDE_KEY *key, const unsigned char in[8], unsigned char
 }
 #endif
 #endif
-#endif

include/gmssl/error.h

@@ -53,10 +53,9 @@
 
 #include <stdio.h>
 #include <stdarg.h>
-#include <libgen.h>
 
 #define error_print(fmt, args...) \
-	fprintf(stderr, "error: %s %d: %s: " fmt "\n", basename(__FILE__), __LINE__, __FUNCTION__, ##args)
+	fprintf(stderr, "error: %s %d: %s: " fmt "\n", __FILE__, __LINE__, __FUNCTION__, ##args)
 
 
 

include/gmssl/gcm.h

@@ -50,6 +50,13 @@
 #define GMSSL_GCM_H
 
 
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <gmssl/gf128.h>
+#include <gmssl/block_cipher.h>
+
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -72,27 +79,20 @@ extern "C" {
 #define GCM_IS_LITTLE_ENDIAN 1
 
 
-typedef struct {
-	__uint128_t H;
-	__uint128_t X;
-	size_t aadlen;
-	size_t cipherlen;
-	uint8_t block[16];
-	unsigned int num;
-} GHASH_CTX;
-
-void ghash_init(GHASH_CTX *ctx, const uint8_t h[16], const uint8_t *aad, size_t aadlen);
-void ghash_update(GHASH_CTX *ctx, const uint8_t *c, size_t clen);
-void ghash_finish(GHASH_CTX *ctx, uint8_t out[16]);
+void ghash(const uint8_t h[16], const uint8_t *aad, size_t aadlen,
+	const uint8_t *c, size_t clen, uint8_t out[16]);
+
+
+int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t taglen, uint8_t *tag);
+
+int gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	const uint8_t *tag, size_t taglen, uint8_t *out);
+
 
 
-typedef struct {
-	BLOCK_CIPHER *cipher;
-	BLOCK_CIPHER_KEY key;
-	uint8_t counter[16];
-	uint8_t enced_iv[16];
-	GHASH_CTX ghash_ctx;
-} GCM_CTX;
 
 #ifdef __cplusplus
 }

include/gmssl/gf128.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014 - 2021 The GmSSL Project.  All rights reserved.
+ * Copyright (c) 2014 - 2020 The GmSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -46,41 +46,47 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/* NIST SP 800-38B "Recommendation for Block Cipher Modes of Operation:
- * The CMAC Mode for Authentication"
+/* GF(2^128) defined by f(x) = x^128 + x^7 + x^2 + x + 1
+ * A + B mod f(x) = a xor b
+ * A * 2 mod f(x)
  */
 
-#ifndef GMSSL_CMAC_H
-#define GMSSL_CMAC_H
+#ifndef GMSSL_GF128_H
+#define GMSSL_GF128_H
 
 
 #include <stdint.h>
-#include <stdlib.h>
-#include <gmssl/block_cipher.h>
 
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-
+#define GMSSL_HAVE_UINT128
+#ifdef GMSSL_HAVE_UINT128
+typedef unsigned __int128 gf128_t;
+#else
 typedef struct {
-	const BLOCK_CIPHER *cipher;
-	BLOCK_CIPHER_KEY cipher_key;
-	uint8_t k1[16];
-	uint8_t k2[16];
-	uint8_t temp_block[16];
-	uint8_t last_block[16];
-	int last_block_nbytes; /* -1 means context not initialised */
-} CMAC_CTX;
+	uint64_t hi;
+	uint64_t lo;
+} gf128_t;
+#endif
 
-int cmac_init(CMAC_CTX *ctx, const BLOCK_CIPHER *cipher, const uint8_t *key, size_t keylen);
-int cmac_update(CMAC_CTX *ctx, const uint8_t *in, size_t inlen);
-int cmac_finish(CMAC_CTX *ctx, uint8_t *out, size_t *outlen);
-int cmac_finish_and_verify(CMAC_CTX *ctx, const uint8_t *mac, size_t maclen);
+gf128_t gf128_from_hex(const char *s);
+int gf128_equ_hex(gf128_t a, const char *s);
+
+gf128_t gf128_zero(void);
+
+gf128_t gf128_add(gf128_t a, gf128_t b);
+gf128_t gf128_mul(gf128_t a, gf128_t b);
+gf128_t gf128_mul2(gf128_t a);
+gf128_t gf128_from_bytes(const uint8_t p[16]);
+void gf128_to_bytes(gf128_t a, uint8_t p[16]);
+
+void gf128_print(const char *s, gf128_t a);
 
 
-#ifdef  __cplusplus
+#ifdef __cplusplus
 }
 #endif
 #endif

include/gmssl/hex.h

@@ -50,14 +50,19 @@
 #ifndef GMSSL_HEX_H
 #define GMSSL_HEX_H
 
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
+int hex_to_bytes(const char *in, size_t inlen, uint8_t *out, size_t *outlen);
+
 
 int hex2bin(const char *in, size_t inlen, uint8_t *out);
 int OPENSSL_hexchar2int(unsigned char c);

include/gmssl/oid.h

@@ -50,13 +50,15 @@ OCSPSigning * Redistribution and use in source and binary forms, with or without
 #ifndef GMSSL_OID_H
 #define GMSSL_OID_H
 
+
+#include <stdint.h>
+
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 
-#include <stdint.h>
-
 enum {
 	OID_undef = 0,
 	//OID_aes,
@@ -258,6 +260,9 @@ enum {
 	OID_sm4_ecb, // 1 2 156 10197 1 104 1
 	OID_sm4_cbc, // 1 2 156 10197 1 104 2
 
+
+	OID_aes,
+
 };
 
 typedef struct {

include/gmssl/rc4.h

@@ -46,23 +46,24 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef NO_RC4
 
 #ifndef GMSSL_RC4_H
 #define GMSSL_RC4_H
 
 
-#define RC4_MIN_KEY_BITS	40
-#define RC4_STATE_NUM_WORDS	256
-
-#include <stdint.h>
 #include <string.h>
+#include <stdint.h>
+
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 
+#define RC4_MIN_KEY_BITS	40
+#define RC4_STATE_NUM_WORDS	256
+
+
 typedef struct {
 	unsigned char d[256];
 } RC4_STATE;
@@ -75,5 +76,3 @@ void rc4_generate_keystream(RC4_STATE *state, size_t outlen, uint8_t *out);
 }
 #endif
 #endif
-
-#endif

include/gmssl/sm4.h

@@ -49,12 +49,6 @@
 #ifndef GMSSL_SM4_H
 #define GMSSL_SM4_H
 
-#define SM4_KEY_SIZE		16
-
-#define SM4_KEY_LENGTH		16
-#define SM4_BLOCK_SIZE		16
-#define SM4_IV_LENGTH		(SM4_BLOCK_SIZE)
-#define SM4_NUM_ROUNDS		32
 
 #include <sys/types.h>
 #include <stdint.h>
@@ -65,39 +59,50 @@
 extern "C" {
 #endif
 
+
+#define SM4_KEY_SIZE		16
+#define SM4_KEY_LENGTH		16
+#define SM4_BLOCK_SIZE		16
+#define SM4_IV_LENGTH		(SM4_BLOCK_SIZE)
+#define SM4_NUM_ROUNDS		32
+
+
 typedef struct {
 	uint32_t rk[SM4_NUM_ROUNDS];
 } SM4_KEY;
 
+
 void sm4_set_encrypt_key(SM4_KEY *key, const unsigned char user_key[16]);
 void sm4_set_decrypt_key(SM4_KEY *key, const unsigned char user_key[16]);
 void sm4_encrypt(const SM4_KEY *key, const unsigned char in[16], unsigned char out[16]);
 #define sm4_decrypt(key,in,out)  sm4_encrypt(key,in,out)
 
 
-# define SM4_EDE_KEY_LENGTH	(SM4_KEY_LENGTH * 3)
+void sm4_cbc_encrypt(const SM4_KEY *key, const uint8_t iv[16],
+	const uint8_t *in, size_t nblocks, uint8_t *out);
 
-typedef struct {
-	SM4_KEY k1;
-	SM4_KEY k2;
-	SM4_KEY k3;
-} SM4_EDE_KEY;
-
-void sm4_ede_set_encrypt_key(SM4_EDE_KEY *key, const unsigned char user_key[48]);
-void sm4_ede_set_decrypt_key(SM4_EDE_KEY *key, const unsigned char user_key[48]);
-void sm4_ede_encrypt(const SM4_EDE_KEY *key, const unsigned char in[16], unsigned char out[16]);
-# define sm4_ede_decrypt(key,in,out)  sm4_ede_encrypt(key,in,out)
-
-void sm4_cbc_encrypt(const SM4_KEY *key, const uint8_t iv[16], const uint8_t *in, size_t nblocks, uint8_t *out);
-void sm4_cbc_decrypt(const SM4_KEY *key, const uint8_t iv[16], const uint8_t *in, size_t nblocks, uint8_t *out);
+void sm4_cbc_decrypt(const SM4_KEY *key, const uint8_t iv[16],
+	const uint8_t *in, size_t nblocks, uint8_t *out);
 
 int sm4_cbc_padding_encrypt(const SM4_KEY *key, const uint8_t iv[16],
 	const uint8_t *in, size_t inlen,
 	uint8_t *out, size_t *outlen);
+
 int sm4_cbc_padding_decrypt(const SM4_KEY *key, const uint8_t iv[16],
 	const uint8_t *in, size_t inlen,
 	uint8_t *out, size_t *outlen);
 
+void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[16],
+	const uint8_t *in, size_t inlen, uint8_t *out);
+
+int sm4_gcm_encrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	uint8_t *out, const size_t taglen, uint8_t *tag);
+
+int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	const uint8_t *tag, size_t taglen, uint8_t *out);
+
 
 #ifdef __cplusplus
 }

include/gmssl/tls.h

@@ -55,6 +55,8 @@
 #include <gmssl/sm2.h>
 #include <gmssl/sm3.h>
 #include <gmssl/sm4.h>
+#include <gmssl/digest.h>
+#include <gmssl/block_cipher.h>
 
 
 #ifdef __cplusplus
@@ -105,7 +107,7 @@ typedef enum {
 	TLS_cipher_null_with_null_null		= 0x0000,
 	TLS_cipher_sm4_gcm_sm3			= 0x00c6,
 	TLS_cipher_sm4_ccm_sm3			= 0x00c7,
-	TLCP_cipher_ecdhe_sm4_cbc_sm3		= 0xe011,
+	TLCP_cipher_ecdhe_sm4_cbc_sm3		= 0xe011, // TLCP, TLS 1.2
 	TLCP_cipher_ecdhe_sm4_gcm_sm3		= 0xe051,
 	TLCP_cipher_ecc_sm4_cbc_sm3		= 0xe013,
 	TLCP_cipher_ecc_sm4_gcm_sm3		= 0xe053,
@@ -122,9 +124,18 @@ typedef enum {
 	GMSSL_cipher_ecdhe_sm2_with_sm4_ccm_sm3	= 0xe108,
 	GMSSL_cipher_ecdhe_sm2_with_zuc_sm3	= 0xe10d,
 	TLS_cipher_empty_renegotiation_info_scsv = 0x00ff,
+
+	// TLS 1.3 ciphers (rfc 8446 p.133)
+	TLS_cipher_aes_128_gcm_sha256		= 0x1301, // mandatory-to-implement
+	TLS_cipher_aes_256_gcm_sha384		= 0x1302, // SHOULD implement
+	TLS_cipher_chacha20_poly1305_sha256	= 0x1303, // SHOULD implement
+	TLS_cipher_aes_128_ccm_sha256		= 0x1304,
+	TLS_cipher_aes_128_ccm_8_sha256		= 0x1305,
+
 } TLS_CIPHER_SUITE;
 
 typedef enum {
+	TLS_record_invalid		= 0, // TLS 1.3
 	TLS_record_change_cipher_spec	= 20,
 	TLS_record_alert		= 21,
 	TLS_record_handshake		= 22,
@@ -180,7 +191,7 @@ typedef enum {
 } TLS_CERTIFICATE_TYPE;
 
 typedef enum {
-	TLS_extension_server_name		= 0,
+	TLS_extension_server_name		= 0, // tls 1.3 mandatory-to-implement
 	TLS_extension_max_fragment_length	= 1,
 	TLS_extension_client_certificate_url	= 2,
 	TLS_extension_trusted_ca_keys		= 3,
@@ -193,7 +204,7 @@ typedef enum {
 	TLS_extension_supported_groups		= 10, // 必须支持
 	TLS_extension_ec_point_formats		= 11, // 必须支持
 	TLS_extension_srp			= 12,
-	TLS_extension_signature_algorithms	= 13, // 必须支持
+	TLS_extension_signature_algorithms	= 13, // // tls 1.3 mandatory-to-implement
 	TLS_extension_use_srtp			= 14,
 	TLS_extension_heartbeat			= 15,
 	TLS_extension_application_layer_protocol_negotiation= 16,
@@ -222,13 +233,13 @@ typedef enum {
 	TLS_extension_supported_ekt_ciphers	= 39,
 	TLS_extension_pre_shared_key		= 41,
 	TLS_extension_early_data		= 42,
-	TLS_extension_supported_versions	= 43,
-	TLS_extension_cookie			= 44,
+	TLS_extension_supported_versions	= 43, // tls 1.3 mandatory-to-implement
+	TLS_extension_cookie			= 44, // tls 1.3 mandatory-to-implement
 	TLS_extension_psk_key_exchange_modes	= 46,
 	TLS_extension_certificate_authorities	= 47,
 	TLS_extension_oid_filters		= 48,
 	TLS_extension_post_handshake_auth	= 49,
-	TLS_extension_signature_algorithms_cert	= 50,
+	TLS_extension_signature_algorithms_cert	= 50, // tls 1.3 mandatory-to-implement
 	TLS_extension_key_share			= 51,
 	TLS_extension_transparency_info		= 52,
 	TLS_extension_connection_id		= 53,
@@ -400,9 +411,31 @@ typedef struct {
 	uint8_t handshakes[TLS_MAX_HANDSHAKES_SIZE];
 	size_t handshakes_len;
 
+	uint8_t client_write_iv[12];
+	uint8_t server_write_iv[12];
+
+
+
+	BLOCK_CIPHER_KEY client_write_key;
+	BLOCK_CIPHER_KEY server_write_key;
+
 } TLS_CONNECT;
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 // 有可能在连接建立之后，客户端还是想获得一些这个连接的有关信息呢？比如random中有时间信息？
 // 服务器的证书一定是需要的吧
 
@@ -617,12 +650,31 @@ int tls_record_set_handshake_client_key_exchange_ecdhe(uint8_t *record, size_t *
 int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM2_POINT *point);
 int tls_client_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
 	int format, int indent);
+
+
+int tls12_record_recv(uint8_t *record, size_t *recordlen, int sock);
+
+
 int tls12_connect(TLS_CONNECT *conn, const char *hostname, int port,
 	FILE *ca_certs_fp, FILE *client_certs_fp, const SM2_KEY *client_sign_key);
+
 int tls12_accept(TLS_CONNECT *conn, int port,
 	FILE *certs_fp, const SM2_KEY *server_sign_key,
 	FILE *client_cacerts_fp, uint8_t *handshakes_buf, size_t handshakes_buflen);
 
+
+
+
+
+int tls13_connect(TLS_CONNECT *conn, const char *hostname, int port,
+	FILE *ca_certs_fp, FILE *client_certs_fp, const SM2_KEY *client_sign_key);
+
+
+int tls13_accept(TLS_CONNECT *conn, int port,
+	FILE *certs_fp, const SM2_KEY *server_sign_key,
+	FILE *client_cacerts_fp);
+
+
 int tls_secrets_print(FILE *fp,
 	const uint8_t *pre_master_secret, size_t pre_master_secret_len,
 	const uint8_t client_random[32], const uint8_t server_random[32],
@@ -631,6 +683,22 @@ int tls_secrets_print(FILE *fp,
 	int format, int indent);
 
 
+
+int tls_ext_signature_algors_to_bytes(const int *algors, size_t algors_count,
+	uint8_t **out, size_t *outlen);
+
+int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t padding_len);
+int tls13_recv(TLS_CONNECT *conn, uint8_t *data, size_t *datalen);
+
+
+int tls13_hkdf_extract(const DIGEST *digest, const uint8_t salt[32], const uint8_t in[32], uint8_t out[32]);
+int tls13_hkdf_expand_label(const DIGEST *digest, const uint8_t secret[32],
+	const char *label, const uint8_t *context, size_t context_len,
+	size_t outlen, uint8_t *out);
+int tls13_derive_secret(const uint8_t secret[32], const char *label, const DIGEST_CTX *dgst_ctx, uint8_t out[32]);
+
+
+
 #define tls_trace printf