Arcola
/
mbedtls
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
mbedtls
by 
Mark Radbourne
Embed:
(wiki syntax)
Show/hide line numbers
ssl_internal.h
00001 /** 00002 * \file ssl_ticket.h 00003 * 00004 * \brief Internal functions shared by the SSL modules 00005 * 00006 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 #ifndef MBEDTLS_SSL_INTERNAL_H 00024 #define MBEDTLS_SSL_INTERNAL_H 00025 00026 #include "ssl.h" 00027 00028 #if defined(MBEDTLS_MD5_C) 00029 #include "md5.h" 00030 #endif 00031 00032 #if defined(MBEDTLS_SHA1_C) 00033 #include "sha1.h" 00034 #endif 00035 00036 #if defined(MBEDTLS_SHA256_C) 00037 #include "sha256.h" 00038 #endif 00039 00040 #if defined(MBEDTLS_SHA512_C) 00041 #include "sha512.h" 00042 #endif 00043 00044 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00045 #include "ecjpake.h" 00046 #endif 00047 00048 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00049 !defined(inline) && !defined(__cplusplus) 00050 #define inline __inline 00051 #endif 00052 00053 /* Determine minimum supported version */ 00054 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00055 00056 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00057 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00058 #else 00059 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00060 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00061 #else 00062 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00063 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00064 #else 00065 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00066 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00067 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00068 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00069 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00070 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00071 00072 /* Determine maximum supported version */ 00073 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00074 00075 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00076 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00077 #else 00078 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00079 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00080 #else 00081 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00082 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00083 #else 00084 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00085 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00086 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00087 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00088 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00089 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00090 00091 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 00092 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ 00093 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ 00094 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ 00095 00096 /* 00097 * DTLS retransmission states, see RFC 6347 4.2.4 00098 * 00099 * The SENDING state is merged in PREPARING for initial sends, 00100 * but is distinct for resends. 00101 * 00102 * Note: initial state is wrong for server, but is not used anyway. 00103 */ 00104 #define MBEDTLS_SSL_RETRANS_PREPARING 0 00105 #define MBEDTLS_SSL_RETRANS_SENDING 1 00106 #define MBEDTLS_SSL_RETRANS_WAITING 2 00107 #define MBEDTLS_SSL_RETRANS_FINISHED 3 00108 00109 /* 00110 * Allow extra bytes for record, authentication and encryption overhead: 00111 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) 00112 * and allow for a maximum of 1024 of compression expansion if 00113 * enabled. 00114 */ 00115 #if defined(MBEDTLS_ZLIB_SUPPORT) 00116 #define MBEDTLS_SSL_COMPRESSION_ADD 1024 00117 #else 00118 #define MBEDTLS_SSL_COMPRESSION_ADD 0 00119 #endif 00120 00121 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) 00122 /* Ciphersuites using HMAC */ 00123 #if defined(MBEDTLS_SHA512_C) 00124 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ 00125 #elif defined(MBEDTLS_SHA256_C) 00126 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ 00127 #else 00128 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ 00129 #endif 00130 #else 00131 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ 00132 #define MBEDTLS_SSL_MAC_ADD 16 00133 #endif 00134 00135 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00136 #define MBEDTLS_SSL_PADDING_ADD 256 00137 #else 00138 #define MBEDTLS_SSL_PADDING_ADD 0 00139 #endif 00140 00141 #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ 00142 + MBEDTLS_SSL_COMPRESSION_ADD \ 00143 + 29 /* counter + header + IV */ \ 00144 + MBEDTLS_SSL_MAC_ADD \ 00145 + MBEDTLS_SSL_PADDING_ADD \ 00146 ) 00147 00148 /* 00149 * TLS extension flags (for extensions with outgoing ServerHello content 00150 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because 00151 * of state of the renegotiation flag, so no indicator is required) 00152 */ 00153 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) 00154 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) 00155 00156 #ifdef __cplusplus 00157 extern "C" { 00158 #endif 00159 00160 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00161 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00162 /* 00163 * Abstraction for a grid of allowed signature-hash-algorithm pairs. 00164 */ 00165 struct mbedtls_ssl_sig_hash_set_t 00166 { 00167 /* At the moment, we only need to remember a single suitable 00168 * hash algorithm per signature algorithm. As long as that's 00169 * the case - and we don't need a general lookup function - 00170 * we can implement the sig-hash-set as a map from signatures 00171 * to hash algorithms. */ 00172 mbedtls_md_type_t rsa; 00173 mbedtls_md_type_t ecdsa; 00174 }; 00175 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && 00176 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ 00177 00178 /* 00179 * This structure contains the parameters only needed during handshake. 00180 */ 00181 struct mbedtls_ssl_handshake_params 00182 { 00183 /* 00184 * Handshake specific crypto variables 00185 */ 00186 00187 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00188 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00189 mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */ 00190 #endif 00191 #if defined(MBEDTLS_DHM_C) 00192 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ 00193 #endif 00194 #if defined(MBEDTLS_ECDH_C) 00195 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ 00196 #endif 00197 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00198 mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ 00199 #if defined(MBEDTLS_SSL_CLI_C) 00200 unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ 00201 size_t ecjpake_cache_len; /*!< Length of cached data */ 00202 #endif 00203 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 00204 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 00205 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00206 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ 00207 #endif 00208 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00209 unsigned char *psk; /*!< PSK from the callback */ 00210 size_t psk_len; /*!< Length of PSK from callback */ 00211 #endif 00212 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00213 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ 00214 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 00215 int sni_authmode; /*!< authmode from SNI callback */ 00216 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ 00217 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ 00218 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ 00219 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ 00220 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00221 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00222 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ 00223 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ 00224 00225 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie 00226 Srv: unused */ 00227 unsigned char verify_cookie_len; /*!< Cli: cookie length 00228 Srv: flag for sending a cookie */ 00229 00230 unsigned char *hs_msg; /*!< Reassembled handshake message */ 00231 00232 uint32_t retransmit_timeout; /*!< Current value of timeout */ 00233 unsigned char retransmit_state; /*!< Retransmission state */ 00234 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ 00235 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ 00236 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the 00237 flight being received */ 00238 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for 00239 resending messages */ 00240 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter 00241 for resending messages */ 00242 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00243 00244 /* 00245 * Checksum contexts 00246 */ 00247 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 00248 defined(MBEDTLS_SSL_PROTO_TLS1_1) 00249 mbedtls_md5_context fin_md5; 00250 mbedtls_sha1_context fin_sha1; 00251 #endif 00252 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00253 #if defined(MBEDTLS_SHA256_C) 00254 mbedtls_sha256_context fin_sha256; 00255 #endif 00256 #if defined(MBEDTLS_SHA512_C) 00257 mbedtls_sha512_context fin_sha512; 00258 #endif 00259 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00260 00261 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); 00262 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *); 00263 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); 00264 int (*tls_prf)(const unsigned char *, size_t, const char *, 00265 const unsigned char *, size_t, 00266 unsigned char *, size_t); 00267 00268 size_t pmslen; /*!< premaster length */ 00269 00270 unsigned char randbytes[64]; /*!< random bytes */ 00271 unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; 00272 /*!< premaster secret */ 00273 00274 int resume; /*!< session resume indicator*/ 00275 int max_major_ver; /*!< max. major version client*/ 00276 int max_minor_ver; /*!< max. minor version client*/ 00277 int cli_exts; /*!< client extension presence*/ 00278 00279 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 00280 int new_session_ticket; /*!< use NewSessionTicket? */ 00281 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 00282 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 00283 int extended_ms; /*!< use Extended Master Secret? */ 00284 #endif 00285 }; 00286 00287 /* 00288 * This structure contains a full set of runtime transform parameters 00289 * either in negotiation or active. 00290 */ 00291 struct mbedtls_ssl_transform 00292 { 00293 /* 00294 * Session specific crypto layer 00295 */ 00296 const mbedtls_ssl_ciphersuite_t *ciphersuite_info; 00297 /*!< Chosen cipersuite_info */ 00298 unsigned int keylen; /*!< symmetric key length (bytes) */ 00299 size_t minlen; /*!< min. ciphertext length */ 00300 size_t ivlen; /*!< IV length */ 00301 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ 00302 size_t maclen; /*!< MAC length */ 00303 00304 unsigned char iv_enc[16]; /*!< IV (encryption) */ 00305 unsigned char iv_dec[16]; /*!< IV (decryption) */ 00306 00307 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00308 /* Needed only for SSL v3.0 secret */ 00309 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ 00310 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */ 00311 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00312 00313 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ 00314 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ 00315 00316 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ 00317 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ 00318 00319 /* 00320 * Session specific compression layer 00321 */ 00322 #if defined(MBEDTLS_ZLIB_SUPPORT) 00323 z_stream ctx_deflate; /*!< compression context */ 00324 z_stream ctx_inflate; /*!< decompression context */ 00325 #endif 00326 }; 00327 00328 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00329 /* 00330 * List of certificate + private key pairs 00331 */ 00332 struct mbedtls_ssl_key_cert 00333 { 00334 mbedtls_x509_crt *cert; /*!< cert */ 00335 mbedtls_pk_context *key; /*!< private key */ 00336 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ 00337 }; 00338 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00339 00340 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00341 /* 00342 * List of handshake messages kept around for resending 00343 */ 00344 struct mbedtls_ssl_flight_item 00345 { 00346 unsigned char *p; /*!< message, including handshake headers */ 00347 size_t len; /*!< length of p */ 00348 unsigned char type; /*!< type of the message: handshake or CCS */ 00349 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ 00350 }; 00351 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00352 00353 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00354 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00355 00356 /* Find an entry in a signature-hash set matching a given hash algorithm. */ 00357 mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, 00358 mbedtls_pk_type_t sig_alg ); 00359 /* Add a signature-hash-pair to a signature-hash set */ 00360 void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, 00361 mbedtls_pk_type_t sig_alg, 00362 mbedtls_md_type_t md_alg ); 00363 /* Allow exactly one hash algorithm for each signature. */ 00364 void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, 00365 mbedtls_md_type_t md_alg ); 00366 00367 /* Setup an empty signature-hash set */ 00368 static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set ) 00369 { 00370 mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE ); 00371 } 00372 00373 #endif /* MBEDTLS_SSL_PROTO_TLS1_2) && 00374 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ 00375 00376 /** 00377 * \brief Free referenced items in an SSL transform context and clear 00378 * memory 00379 * 00380 * \param transform SSL transform context 00381 */ 00382 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); 00383 00384 /** 00385 * \brief Free referenced items in an SSL handshake context and clear 00386 * memory 00387 * 00388 * \param handshake SSL handshake context 00389 */ 00390 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ); 00391 00392 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); 00393 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); 00394 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); 00395 00396 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); 00397 00398 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); 00399 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); 00400 00401 int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ); 00402 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); 00403 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); 00404 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); 00405 00406 /** 00407 * \brief Update record layer 00408 * 00409 * This function roughly separates the implementation 00410 * of the logic of (D)TLS from the implementation 00411 * of the secure transport. 00412 * 00413 * \param ssl SSL context to use 00414 * 00415 * \return 0 or non-zero error code. 00416 * 00417 * \note A clarification on what is called 'record layer' here 00418 * is in order, as many sensible definitions are possible: 00419 * 00420 * The record layer takes as input an untrusted underlying 00421 * transport (stream or datagram) and transforms it into 00422 * a serially multiplexed, secure transport, which 00423 * conceptually provides the following: 00424 * 00425 * (1) Three datagram based, content-agnostic transports 00426 * for handshake, alert and CCS messages. 00427 * (2) One stream- or datagram-based transport 00428 * for application data. 00429 * (3) Functionality for changing the underlying transform 00430 * securing the contents. 00431 * 00432 * The interface to this functionality is given as follows: 00433 * 00434 * a Updating 00435 * [Currently implemented by mbedtls_ssl_read_record] 00436 * 00437 * Check if and on which of the four 'ports' data is pending: 00438 * Nothing, a controlling datagram of type (1), or application 00439 * data (2). In any case data is present, internal buffers 00440 * provide access to the data for the user to process it. 00441 * Consumption of type (1) datagrams is done automatically 00442 * on the next update, invalidating that the internal buffers 00443 * for previous datagrams, while consumption of application 00444 * data (2) is user-controlled. 00445 * 00446 * b Reading of application data 00447 * [Currently manual adaption of ssl->in_offt pointer] 00448 * 00449 * As mentioned in the last paragraph, consumption of data 00450 * is different from the automatic consumption of control 00451 * datagrams (1) because application data is treated as a stream. 00452 * 00453 * c Tracking availability of application data 00454 * [Currently manually through decreasing ssl->in_msglen] 00455 * 00456 * For efficiency and to retain datagram semantics for 00457 * application data in case of DTLS, the record layer 00458 * provides functionality for checking how much application 00459 * data is still available in the internal buffer. 00460 * 00461 * d Changing the transformation securing the communication. 00462 * 00463 * Given an opaque implementation of the record layer in the 00464 * above sense, it should be possible to implement the logic 00465 * of (D)TLS on top of it without the need to know anything 00466 * about the record layer's internals. This is done e.g. 00467 * in all the handshake handling functions, and in the 00468 * application data reading function mbedtls_ssl_read. 00469 * 00470 * \note The above tries to give a conceptual picture of the 00471 * record layer, but the current implementation deviates 00472 * from it in some places. For example, our implementation of 00473 * the update functionality through mbedtls_ssl_read_record 00474 * discards datagrams depending on the current state, which 00475 * wouldn't fall under the record layer's responsibility 00476 * following the above definition. 00477 * 00478 */ 00479 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ); 00480 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); 00481 00482 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ); 00483 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); 00484 00485 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); 00486 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); 00487 00488 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); 00489 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); 00490 00491 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); 00492 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); 00493 00494 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, 00495 const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); 00496 00497 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00498 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); 00499 #endif 00500 00501 #if defined(MBEDTLS_PK_C) 00502 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); 00503 unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ); 00504 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); 00505 #endif 00506 00507 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); 00508 unsigned char mbedtls_ssl_hash_from_md_alg( int md ); 00509 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); 00510 00511 #if defined(MBEDTLS_ECP_C) 00512 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); 00513 #endif 00514 00515 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00516 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, 00517 mbedtls_md_type_t md ); 00518 #endif 00519 00520 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00521 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) 00522 { 00523 mbedtls_ssl_key_cert *key_cert; 00524 00525 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00526 key_cert = ssl->handshake->key_cert; 00527 else 00528 key_cert = ssl->conf->key_cert; 00529 00530 return( key_cert == NULL ? NULL : key_cert->key ); 00531 } 00532 00533 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) 00534 { 00535 mbedtls_ssl_key_cert *key_cert; 00536 00537 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00538 key_cert = ssl->handshake->key_cert; 00539 else 00540 key_cert = ssl->conf->key_cert; 00541 00542 return( key_cert == NULL ? NULL : key_cert->cert ); 00543 } 00544 00545 /* 00546 * Check usage of a certificate wrt extensions: 00547 * keyUsage, extendedKeyUsage (later), and nSCertType (later). 00548 * 00549 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we 00550 * check a cert we received from them)! 00551 * 00552 * Return 0 if everything is OK, -1 if not. 00553 */ 00554 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, 00555 const mbedtls_ssl_ciphersuite_t *ciphersuite, 00556 int cert_endpoint, 00557 uint32_t *flags ); 00558 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00559 00560 void mbedtls_ssl_write_version( int major, int minor, int transport, 00561 unsigned char ver[2] ); 00562 void mbedtls_ssl_read_version( int *major, int *minor, int transport, 00563 const unsigned char ver[2] ); 00564 00565 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl ) 00566 { 00567 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00568 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00569 return( 13 ); 00570 #else 00571 ((void) ssl); 00572 #endif 00573 return( 5 ); 00574 } 00575 00576 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) 00577 { 00578 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00579 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00580 return( 12 ); 00581 #else 00582 ((void) ssl); 00583 #endif 00584 return( 4 ); 00585 } 00586 00587 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00588 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); 00589 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); 00590 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); 00591 #endif 00592 00593 /* Visible for testing purposes only */ 00594 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 00595 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ); 00596 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); 00597 #endif 00598 00599 /* constant-time buffer comparison */ 00600 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) 00601 { 00602 size_t i; 00603 const unsigned char *A = (const unsigned char *) a; 00604 const unsigned char *B = (const unsigned char *) b; 00605 unsigned char diff = 0; 00606 00607 for( i = 0; i < n; i++ ) 00608 diff |= A[i] ^ B[i]; 00609 00610 return( diff ); 00611 } 00612 00613 #ifdef __cplusplus 00614 } 00615 #endif 00616 00617 #endif /* ssl_internal.h */
Generated on Tue Jul 12 2022 17:25:43 by
1.7.2