BA / Mbed OS BaBoRo_test2

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

mbed-os/features/mbedtls/inc/mbedtls/ssl_internal.h@0:02dd72d1d465, 2018-04-24 (annotated)

Committer:
borlanic
Date:
Tue Apr 24 11:45:18 2018 +0000
Revision:
0:02dd72d1d465
BaBoRo_test2 - backup 1

Who changed what in which revision?

UserRevisionLine numberNew contents of line
borlanic 0:02dd72d1d465 1 /**
borlanic 0:02dd72d1d465 2 * \file ssl_internal.h
borlanic 0:02dd72d1d465 3 *
borlanic 0:02dd72d1d465 4 * \brief Internal functions shared by the SSL modules
borlanic 0:02dd72d1d465 5 */
borlanic 0:02dd72d1d465 6 /*
borlanic 0:02dd72d1d465 7 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
borlanic 0:02dd72d1d465 8 * SPDX-License-Identifier: Apache-2.0
borlanic 0:02dd72d1d465 9 *
borlanic 0:02dd72d1d465 10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
borlanic 0:02dd72d1d465 11 * not use this file except in compliance with the License.
borlanic 0:02dd72d1d465 12 * You may obtain a copy of the License at
borlanic 0:02dd72d1d465 13 *
borlanic 0:02dd72d1d465 14 * http://www.apache.org/licenses/LICENSE-2.0
borlanic 0:02dd72d1d465 15 *
borlanic 0:02dd72d1d465 16 * Unless required by applicable law or agreed to in writing, software
borlanic 0:02dd72d1d465 17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
borlanic 0:02dd72d1d465 18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
borlanic 0:02dd72d1d465 19 * See the License for the specific language governing permissions and
borlanic 0:02dd72d1d465 20 * limitations under the License.
borlanic 0:02dd72d1d465 21 *
borlanic 0:02dd72d1d465 22 * This file is part of mbed TLS (https://tls.mbed.org)
borlanic 0:02dd72d1d465 23 */
borlanic 0:02dd72d1d465 24 #ifndef MBEDTLS_SSL_INTERNAL_H
borlanic 0:02dd72d1d465 25 #define MBEDTLS_SSL_INTERNAL_H
borlanic 0:02dd72d1d465 26
borlanic 0:02dd72d1d465 27 #include "ssl.h"
borlanic 0:02dd72d1d465 28 #include "cipher.h"
borlanic 0:02dd72d1d465 29
borlanic 0:02dd72d1d465 30 #if defined(MBEDTLS_MD5_C)
borlanic 0:02dd72d1d465 31 #include "md5.h"
borlanic 0:02dd72d1d465 32 #endif
borlanic 0:02dd72d1d465 33
borlanic 0:02dd72d1d465 34 #if defined(MBEDTLS_SHA1_C)
borlanic 0:02dd72d1d465 35 #include "sha1.h"
borlanic 0:02dd72d1d465 36 #endif
borlanic 0:02dd72d1d465 37
borlanic 0:02dd72d1d465 38 #if defined(MBEDTLS_SHA256_C)
borlanic 0:02dd72d1d465 39 #include "sha256.h"
borlanic 0:02dd72d1d465 40 #endif
borlanic 0:02dd72d1d465 41
borlanic 0:02dd72d1d465 42 #if defined(MBEDTLS_SHA512_C)
borlanic 0:02dd72d1d465 43 #include "sha512.h"
borlanic 0:02dd72d1d465 44 #endif
borlanic 0:02dd72d1d465 45
borlanic 0:02dd72d1d465 46 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
borlanic 0:02dd72d1d465 47 #include "ecjpake.h"
borlanic 0:02dd72d1d465 48 #endif
borlanic 0:02dd72d1d465 49
borlanic 0:02dd72d1d465 50 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
borlanic 0:02dd72d1d465 51 !defined(inline) && !defined(__cplusplus)
borlanic 0:02dd72d1d465 52 #define inline __inline
borlanic 0:02dd72d1d465 53 #endif
borlanic 0:02dd72d1d465 54
borlanic 0:02dd72d1d465 55 /* Determine minimum supported version */
borlanic 0:02dd72d1d465 56 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
borlanic 0:02dd72d1d465 57
borlanic 0:02dd72d1d465 58 #if defined(MBEDTLS_SSL_PROTO_SSL3)
borlanic 0:02dd72d1d465 59 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
borlanic 0:02dd72d1d465 60 #else
borlanic 0:02dd72d1d465 61 #if defined(MBEDTLS_SSL_PROTO_TLS1)
borlanic 0:02dd72d1d465 62 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
borlanic 0:02dd72d1d465 63 #else
borlanic 0:02dd72d1d465 64 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
borlanic 0:02dd72d1d465 65 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
borlanic 0:02dd72d1d465 66 #else
borlanic 0:02dd72d1d465 67 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
borlanic 0:02dd72d1d465 68 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
borlanic 0:02dd72d1d465 69 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
borlanic 0:02dd72d1d465 70 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
borlanic 0:02dd72d1d465 71 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
borlanic 0:02dd72d1d465 72 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
borlanic 0:02dd72d1d465 73
borlanic 0:02dd72d1d465 74 /* Determine maximum supported version */
borlanic 0:02dd72d1d465 75 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
borlanic 0:02dd72d1d465 76
borlanic 0:02dd72d1d465 77 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
borlanic 0:02dd72d1d465 78 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
borlanic 0:02dd72d1d465 79 #else
borlanic 0:02dd72d1d465 80 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
borlanic 0:02dd72d1d465 81 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
borlanic 0:02dd72d1d465 82 #else
borlanic 0:02dd72d1d465 83 #if defined(MBEDTLS_SSL_PROTO_TLS1)
borlanic 0:02dd72d1d465 84 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
borlanic 0:02dd72d1d465 85 #else
borlanic 0:02dd72d1d465 86 #if defined(MBEDTLS_SSL_PROTO_SSL3)
borlanic 0:02dd72d1d465 87 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
borlanic 0:02dd72d1d465 88 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
borlanic 0:02dd72d1d465 89 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
borlanic 0:02dd72d1d465 90 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
borlanic 0:02dd72d1d465 91 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
borlanic 0:02dd72d1d465 92
borlanic 0:02dd72d1d465 93 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
borlanic 0:02dd72d1d465 94 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
borlanic 0:02dd72d1d465 95 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
borlanic 0:02dd72d1d465 96 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
borlanic 0:02dd72d1d465 97
borlanic 0:02dd72d1d465 98 /*
borlanic 0:02dd72d1d465 99 * DTLS retransmission states, see RFC 6347 4.2.4
borlanic 0:02dd72d1d465 100 *
borlanic 0:02dd72d1d465 101 * The SENDING state is merged in PREPARING for initial sends,
borlanic 0:02dd72d1d465 102 * but is distinct for resends.
borlanic 0:02dd72d1d465 103 *
borlanic 0:02dd72d1d465 104 * Note: initial state is wrong for server, but is not used anyway.
borlanic 0:02dd72d1d465 105 */
borlanic 0:02dd72d1d465 106 #define MBEDTLS_SSL_RETRANS_PREPARING 0
borlanic 0:02dd72d1d465 107 #define MBEDTLS_SSL_RETRANS_SENDING 1
borlanic 0:02dd72d1d465 108 #define MBEDTLS_SSL_RETRANS_WAITING 2
borlanic 0:02dd72d1d465 109 #define MBEDTLS_SSL_RETRANS_FINISHED 3
borlanic 0:02dd72d1d465 110
borlanic 0:02dd72d1d465 111 /*
borlanic 0:02dd72d1d465 112 * Allow extra bytes for record, authentication and encryption overhead:
borlanic 0:02dd72d1d465 113 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
borlanic 0:02dd72d1d465 114 * and allow for a maximum of 1024 of compression expansion if
borlanic 0:02dd72d1d465 115 * enabled.
borlanic 0:02dd72d1d465 116 */
borlanic 0:02dd72d1d465 117 #if defined(MBEDTLS_ZLIB_SUPPORT)
borlanic 0:02dd72d1d465 118 #define MBEDTLS_SSL_COMPRESSION_ADD 1024
borlanic 0:02dd72d1d465 119 #else
borlanic 0:02dd72d1d465 120 #define MBEDTLS_SSL_COMPRESSION_ADD 0
borlanic 0:02dd72d1d465 121 #endif
borlanic 0:02dd72d1d465 122
borlanic 0:02dd72d1d465 123 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
borlanic 0:02dd72d1d465 124 /* Ciphersuites using HMAC */
borlanic 0:02dd72d1d465 125 #if defined(MBEDTLS_SHA512_C)
borlanic 0:02dd72d1d465 126 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
borlanic 0:02dd72d1d465 127 #elif defined(MBEDTLS_SHA256_C)
borlanic 0:02dd72d1d465 128 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
borlanic 0:02dd72d1d465 129 #else
borlanic 0:02dd72d1d465 130 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
borlanic 0:02dd72d1d465 131 #endif
borlanic 0:02dd72d1d465 132 #else
borlanic 0:02dd72d1d465 133 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
borlanic 0:02dd72d1d465 134 #define MBEDTLS_SSL_MAC_ADD 16
borlanic 0:02dd72d1d465 135 #endif
borlanic 0:02dd72d1d465 136
borlanic 0:02dd72d1d465 137 #if defined(MBEDTLS_CIPHER_MODE_CBC)
borlanic 0:02dd72d1d465 138 #define MBEDTLS_SSL_PADDING_ADD 256
borlanic 0:02dd72d1d465 139 #else
borlanic 0:02dd72d1d465 140 #define MBEDTLS_SSL_PADDING_ADD 0
borlanic 0:02dd72d1d465 141 #endif
borlanic 0:02dd72d1d465 142
borlanic 0:02dd72d1d465 143 #define MBEDTLS_SSL_PAYLOAD_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
borlanic 0:02dd72d1d465 144 + MBEDTLS_SSL_COMPRESSION_ADD \
borlanic 0:02dd72d1d465 145 + MBEDTLS_MAX_IV_LENGTH \
borlanic 0:02dd72d1d465 146 + MBEDTLS_SSL_MAC_ADD \
borlanic 0:02dd72d1d465 147 + MBEDTLS_SSL_PADDING_ADD \
borlanic 0:02dd72d1d465 148 )
borlanic 0:02dd72d1d465 149
borlanic 0:02dd72d1d465 150 /*
borlanic 0:02dd72d1d465 151 * Check that we obey the standard's message size bounds
borlanic 0:02dd72d1d465 152 */
borlanic 0:02dd72d1d465 153
borlanic 0:02dd72d1d465 154 #if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
borlanic 0:02dd72d1d465 155 #error Bad configuration - record content too large.
borlanic 0:02dd72d1d465 156 #endif
borlanic 0:02dd72d1d465 157
borlanic 0:02dd72d1d465 158 #if MBEDTLS_SSL_PAYLOAD_LEN > 16384 + 2048
borlanic 0:02dd72d1d465 159 #error Bad configuration - protected record payload too large.
borlanic 0:02dd72d1d465 160 #endif
borlanic 0:02dd72d1d465 161
borlanic 0:02dd72d1d465 162 /* Note: Even though the TLS record header is only 5 bytes
borlanic 0:02dd72d1d465 163 long, we're internally using 8 bytes to store the
borlanic 0:02dd72d1d465 164 implicit sequence number. */
borlanic 0:02dd72d1d465 165 #define MBEDTLS_SSL_HEADER_LEN 13
borlanic 0:02dd72d1d465 166
borlanic 0:02dd72d1d465 167 #define MBEDTLS_SSL_BUFFER_LEN \
borlanic 0:02dd72d1d465 168 ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) )
borlanic 0:02dd72d1d465 169
borlanic 0:02dd72d1d465 170 /*
borlanic 0:02dd72d1d465 171 * TLS extension flags (for extensions with outgoing ServerHello content
borlanic 0:02dd72d1d465 172 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
borlanic 0:02dd72d1d465 173 * of state of the renegotiation flag, so no indicator is required)
borlanic 0:02dd72d1d465 174 */
borlanic 0:02dd72d1d465 175 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
borlanic 0:02dd72d1d465 176 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
borlanic 0:02dd72d1d465 177
borlanic 0:02dd72d1d465 178 #ifdef __cplusplus
borlanic 0:02dd72d1d465 179 extern "C" {
borlanic 0:02dd72d1d465 180 #endif
borlanic 0:02dd72d1d465 181
borlanic 0:02dd72d1d465 182 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
borlanic 0:02dd72d1d465 183 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
borlanic 0:02dd72d1d465 184 /*
borlanic 0:02dd72d1d465 185 * Abstraction for a grid of allowed signature-hash-algorithm pairs.
borlanic 0:02dd72d1d465 186 */
borlanic 0:02dd72d1d465 187 struct mbedtls_ssl_sig_hash_set_t
borlanic 0:02dd72d1d465 188 {
borlanic 0:02dd72d1d465 189 /* At the moment, we only need to remember a single suitable
borlanic 0:02dd72d1d465 190 * hash algorithm per signature algorithm. As long as that's
borlanic 0:02dd72d1d465 191 * the case - and we don't need a general lookup function -
borlanic 0:02dd72d1d465 192 * we can implement the sig-hash-set as a map from signatures
borlanic 0:02dd72d1d465 193 * to hash algorithms. */
borlanic 0:02dd72d1d465 194 mbedtls_md_type_t rsa;
borlanic 0:02dd72d1d465 195 mbedtls_md_type_t ecdsa;
borlanic 0:02dd72d1d465 196 };
borlanic 0:02dd72d1d465 197 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
borlanic 0:02dd72d1d465 198 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
borlanic 0:02dd72d1d465 199
borlanic 0:02dd72d1d465 200 /*
borlanic 0:02dd72d1d465 201 * This structure contains the parameters only needed during handshake.
borlanic 0:02dd72d1d465 202 */
borlanic 0:02dd72d1d465 203 struct mbedtls_ssl_handshake_params
borlanic 0:02dd72d1d465 204 {
borlanic 0:02dd72d1d465 205 /*
borlanic 0:02dd72d1d465 206 * Handshake specific crypto variables
borlanic 0:02dd72d1d465 207 */
borlanic 0:02dd72d1d465 208
borlanic 0:02dd72d1d465 209 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
borlanic 0:02dd72d1d465 210 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
borlanic 0:02dd72d1d465 211 mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
borlanic 0:02dd72d1d465 212 #endif
borlanic 0:02dd72d1d465 213 #if defined(MBEDTLS_DHM_C)
borlanic 0:02dd72d1d465 214 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
borlanic 0:02dd72d1d465 215 #endif
borlanic 0:02dd72d1d465 216 #if defined(MBEDTLS_ECDH_C)
borlanic 0:02dd72d1d465 217 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
borlanic 0:02dd72d1d465 218 #endif
borlanic 0:02dd72d1d465 219 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
borlanic 0:02dd72d1d465 220 mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
borlanic 0:02dd72d1d465 221 #if defined(MBEDTLS_SSL_CLI_C)
borlanic 0:02dd72d1d465 222 unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */
borlanic 0:02dd72d1d465 223 size_t ecjpake_cache_len; /*!< Length of cached data */
borlanic 0:02dd72d1d465 224 #endif
borlanic 0:02dd72d1d465 225 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
borlanic 0:02dd72d1d465 226 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
borlanic 0:02dd72d1d465 227 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
borlanic 0:02dd72d1d465 228 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
borlanic 0:02dd72d1d465 229 #endif
borlanic 0:02dd72d1d465 230 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
borlanic 0:02dd72d1d465 231 unsigned char *psk; /*!< PSK from the callback */
borlanic 0:02dd72d1d465 232 size_t psk_len; /*!< Length of PSK from callback */
borlanic 0:02dd72d1d465 233 #endif
borlanic 0:02dd72d1d465 234 #if defined(MBEDTLS_X509_CRT_PARSE_C)
borlanic 0:02dd72d1d465 235 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
borlanic 0:02dd72d1d465 236 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
borlanic 0:02dd72d1d465 237 int sni_authmode; /*!< authmode from SNI callback */
borlanic 0:02dd72d1d465 238 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
borlanic 0:02dd72d1d465 239 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
borlanic 0:02dd72d1d465 240 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
borlanic 0:02dd72d1d465 241 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
borlanic 0:02dd72d1d465 242 #endif /* MBEDTLS_X509_CRT_PARSE_C */
borlanic 0:02dd72d1d465 243 #if defined(MBEDTLS_SSL_PROTO_DTLS)
borlanic 0:02dd72d1d465 244 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
borlanic 0:02dd72d1d465 245 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
borlanic 0:02dd72d1d465 246
borlanic 0:02dd72d1d465 247 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
borlanic 0:02dd72d1d465 248 Srv: unused */
borlanic 0:02dd72d1d465 249 unsigned char verify_cookie_len; /*!< Cli: cookie length
borlanic 0:02dd72d1d465 250 Srv: flag for sending a cookie */
borlanic 0:02dd72d1d465 251
borlanic 0:02dd72d1d465 252 unsigned char *hs_msg; /*!< Reassembled handshake message */
borlanic 0:02dd72d1d465 253
borlanic 0:02dd72d1d465 254 uint32_t retransmit_timeout; /*!< Current value of timeout */
borlanic 0:02dd72d1d465 255 unsigned char retransmit_state; /*!< Retransmission state */
borlanic 0:02dd72d1d465 256 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
borlanic 0:02dd72d1d465 257 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
borlanic 0:02dd72d1d465 258 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
borlanic 0:02dd72d1d465 259 flight being received */
borlanic 0:02dd72d1d465 260 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
borlanic 0:02dd72d1d465 261 resending messages */
borlanic 0:02dd72d1d465 262 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
borlanic 0:02dd72d1d465 263 for resending messages */
borlanic 0:02dd72d1d465 264 #endif /* MBEDTLS_SSL_PROTO_DTLS */
borlanic 0:02dd72d1d465 265
borlanic 0:02dd72d1d465 266 /*
borlanic 0:02dd72d1d465 267 * Checksum contexts
borlanic 0:02dd72d1d465 268 */
borlanic 0:02dd72d1d465 269 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
borlanic 0:02dd72d1d465 270 defined(MBEDTLS_SSL_PROTO_TLS1_1)
borlanic 0:02dd72d1d465 271 mbedtls_md5_context fin_md5;
borlanic 0:02dd72d1d465 272 mbedtls_sha1_context fin_sha1;
borlanic 0:02dd72d1d465 273 #endif
borlanic 0:02dd72d1d465 274 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
borlanic 0:02dd72d1d465 275 #if defined(MBEDTLS_SHA256_C)
borlanic 0:02dd72d1d465 276 mbedtls_sha256_context fin_sha256;
borlanic 0:02dd72d1d465 277 #endif
borlanic 0:02dd72d1d465 278 #if defined(MBEDTLS_SHA512_C)
borlanic 0:02dd72d1d465 279 mbedtls_sha512_context fin_sha512;
borlanic 0:02dd72d1d465 280 #endif
borlanic 0:02dd72d1d465 281 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
borlanic 0:02dd72d1d465 282
borlanic 0:02dd72d1d465 283 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
borlanic 0:02dd72d1d465 284 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
borlanic 0:02dd72d1d465 285 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
borlanic 0:02dd72d1d465 286 int (*tls_prf)(const unsigned char *, size_t, const char *,
borlanic 0:02dd72d1d465 287 const unsigned char *, size_t,
borlanic 0:02dd72d1d465 288 unsigned char *, size_t);
borlanic 0:02dd72d1d465 289
borlanic 0:02dd72d1d465 290 size_t pmslen; /*!< premaster length */
borlanic 0:02dd72d1d465 291
borlanic 0:02dd72d1d465 292 unsigned char randbytes[64]; /*!< random bytes */
borlanic 0:02dd72d1d465 293 unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
borlanic 0:02dd72d1d465 294 /*!< premaster secret */
borlanic 0:02dd72d1d465 295
borlanic 0:02dd72d1d465 296 int resume; /*!< session resume indicator*/
borlanic 0:02dd72d1d465 297 int max_major_ver; /*!< max. major version client*/
borlanic 0:02dd72d1d465 298 int max_minor_ver; /*!< max. minor version client*/
borlanic 0:02dd72d1d465 299 int cli_exts; /*!< client extension presence*/
borlanic 0:02dd72d1d465 300
borlanic 0:02dd72d1d465 301 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
borlanic 0:02dd72d1d465 302 int new_session_ticket; /*!< use NewSessionTicket? */
borlanic 0:02dd72d1d465 303 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
borlanic 0:02dd72d1d465 304 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
borlanic 0:02dd72d1d465 305 int extended_ms; /*!< use Extended Master Secret? */
borlanic 0:02dd72d1d465 306 #endif
borlanic 0:02dd72d1d465 307 };
borlanic 0:02dd72d1d465 308
borlanic 0:02dd72d1d465 309 /*
borlanic 0:02dd72d1d465 310 * This structure contains a full set of runtime transform parameters
borlanic 0:02dd72d1d465 311 * either in negotiation or active.
borlanic 0:02dd72d1d465 312 */
borlanic 0:02dd72d1d465 313 struct mbedtls_ssl_transform
borlanic 0:02dd72d1d465 314 {
borlanic 0:02dd72d1d465 315 /*
borlanic 0:02dd72d1d465 316 * Session specific crypto layer
borlanic 0:02dd72d1d465 317 */
borlanic 0:02dd72d1d465 318 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
borlanic 0:02dd72d1d465 319 /*!< Chosen cipersuite_info */
borlanic 0:02dd72d1d465 320 unsigned int keylen; /*!< symmetric key length (bytes) */
borlanic 0:02dd72d1d465 321 size_t minlen; /*!< min. ciphertext length */
borlanic 0:02dd72d1d465 322 size_t ivlen; /*!< IV length */
borlanic 0:02dd72d1d465 323 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
borlanic 0:02dd72d1d465 324 size_t maclen; /*!< MAC length */
borlanic 0:02dd72d1d465 325
borlanic 0:02dd72d1d465 326 unsigned char iv_enc[16]; /*!< IV (encryption) */
borlanic 0:02dd72d1d465 327 unsigned char iv_dec[16]; /*!< IV (decryption) */
borlanic 0:02dd72d1d465 328
borlanic 0:02dd72d1d465 329 #if defined(MBEDTLS_SSL_PROTO_SSL3)
borlanic 0:02dd72d1d465 330 /* Needed only for SSL v3.0 secret */
borlanic 0:02dd72d1d465 331 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
borlanic 0:02dd72d1d465 332 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
borlanic 0:02dd72d1d465 333 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
borlanic 0:02dd72d1d465 334
borlanic 0:02dd72d1d465 335 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
borlanic 0:02dd72d1d465 336 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
borlanic 0:02dd72d1d465 337
borlanic 0:02dd72d1d465 338 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
borlanic 0:02dd72d1d465 339 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
borlanic 0:02dd72d1d465 340
borlanic 0:02dd72d1d465 341 /*
borlanic 0:02dd72d1d465 342 * Session specific compression layer
borlanic 0:02dd72d1d465 343 */
borlanic 0:02dd72d1d465 344 #if defined(MBEDTLS_ZLIB_SUPPORT)
borlanic 0:02dd72d1d465 345 z_stream ctx_deflate; /*!< compression context */
borlanic 0:02dd72d1d465 346 z_stream ctx_inflate; /*!< decompression context */
borlanic 0:02dd72d1d465 347 #endif
borlanic 0:02dd72d1d465 348 };
borlanic 0:02dd72d1d465 349
borlanic 0:02dd72d1d465 350 #if defined(MBEDTLS_X509_CRT_PARSE_C)
borlanic 0:02dd72d1d465 351 /*
borlanic 0:02dd72d1d465 352 * List of certificate + private key pairs
borlanic 0:02dd72d1d465 353 */
borlanic 0:02dd72d1d465 354 struct mbedtls_ssl_key_cert
borlanic 0:02dd72d1d465 355 {
borlanic 0:02dd72d1d465 356 mbedtls_x509_crt *cert; /*!< cert */
borlanic 0:02dd72d1d465 357 mbedtls_pk_context *key; /*!< private key */
borlanic 0:02dd72d1d465 358 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
borlanic 0:02dd72d1d465 359 };
borlanic 0:02dd72d1d465 360 #endif /* MBEDTLS_X509_CRT_PARSE_C */
borlanic 0:02dd72d1d465 361
borlanic 0:02dd72d1d465 362 #if defined(MBEDTLS_SSL_PROTO_DTLS)
borlanic 0:02dd72d1d465 363 /*
borlanic 0:02dd72d1d465 364 * List of handshake messages kept around for resending
borlanic 0:02dd72d1d465 365 */
borlanic 0:02dd72d1d465 366 struct mbedtls_ssl_flight_item
borlanic 0:02dd72d1d465 367 {
borlanic 0:02dd72d1d465 368 unsigned char *p; /*!< message, including handshake headers */
borlanic 0:02dd72d1d465 369 size_t len; /*!< length of p */
borlanic 0:02dd72d1d465 370 unsigned char type; /*!< type of the message: handshake or CCS */
borlanic 0:02dd72d1d465 371 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
borlanic 0:02dd72d1d465 372 };
borlanic 0:02dd72d1d465 373 #endif /* MBEDTLS_SSL_PROTO_DTLS */
borlanic 0:02dd72d1d465 374
borlanic 0:02dd72d1d465 375 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
borlanic 0:02dd72d1d465 376 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
borlanic 0:02dd72d1d465 377
borlanic 0:02dd72d1d465 378 /* Find an entry in a signature-hash set matching a given hash algorithm. */
borlanic 0:02dd72d1d465 379 mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
borlanic 0:02dd72d1d465 380 mbedtls_pk_type_t sig_alg );
borlanic 0:02dd72d1d465 381 /* Add a signature-hash-pair to a signature-hash set */
borlanic 0:02dd72d1d465 382 void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
borlanic 0:02dd72d1d465 383 mbedtls_pk_type_t sig_alg,
borlanic 0:02dd72d1d465 384 mbedtls_md_type_t md_alg );
borlanic 0:02dd72d1d465 385 /* Allow exactly one hash algorithm for each signature. */
borlanic 0:02dd72d1d465 386 void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
borlanic 0:02dd72d1d465 387 mbedtls_md_type_t md_alg );
borlanic 0:02dd72d1d465 388
borlanic 0:02dd72d1d465 389 /* Setup an empty signature-hash set */
borlanic 0:02dd72d1d465 390 static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set )
borlanic 0:02dd72d1d465 391 {
borlanic 0:02dd72d1d465 392 mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE );
borlanic 0:02dd72d1d465 393 }
borlanic 0:02dd72d1d465 394
borlanic 0:02dd72d1d465 395 #endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
borlanic 0:02dd72d1d465 396 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
borlanic 0:02dd72d1d465 397
borlanic 0:02dd72d1d465 398 /**
borlanic 0:02dd72d1d465 399 * \brief Free referenced items in an SSL transform context and clear
borlanic 0:02dd72d1d465 400 * memory
borlanic 0:02dd72d1d465 401 *
borlanic 0:02dd72d1d465 402 * \param transform SSL transform context
borlanic 0:02dd72d1d465 403 */
borlanic 0:02dd72d1d465 404 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
borlanic 0:02dd72d1d465 405
borlanic 0:02dd72d1d465 406 /**
borlanic 0:02dd72d1d465 407 * \brief Free referenced items in an SSL handshake context and clear
borlanic 0:02dd72d1d465 408 * memory
borlanic 0:02dd72d1d465 409 *
borlanic 0:02dd72d1d465 410 * \param handshake SSL handshake context
borlanic 0:02dd72d1d465 411 */
borlanic 0:02dd72d1d465 412 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
borlanic 0:02dd72d1d465 413
borlanic 0:02dd72d1d465 414 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 415 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 416 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 417
borlanic 0:02dd72d1d465 418 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 419
borlanic 0:02dd72d1d465 420 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 421 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 422
borlanic 0:02dd72d1d465 423 int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 424 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 425 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 426 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 427
borlanic 0:02dd72d1d465 428 /**
borlanic 0:02dd72d1d465 429 * \brief Update record layer
borlanic 0:02dd72d1d465 430 *
borlanic 0:02dd72d1d465 431 * This function roughly separates the implementation
borlanic 0:02dd72d1d465 432 * of the logic of (D)TLS from the implementation
borlanic 0:02dd72d1d465 433 * of the secure transport.
borlanic 0:02dd72d1d465 434 *
borlanic 0:02dd72d1d465 435 * \param ssl SSL context to use
borlanic 0:02dd72d1d465 436 *
borlanic 0:02dd72d1d465 437 * \return 0 or non-zero error code.
borlanic 0:02dd72d1d465 438 *
borlanic 0:02dd72d1d465 439 * \note A clarification on what is called 'record layer' here
borlanic 0:02dd72d1d465 440 * is in order, as many sensible definitions are possible:
borlanic 0:02dd72d1d465 441 *
borlanic 0:02dd72d1d465 442 * The record layer takes as input an untrusted underlying
borlanic 0:02dd72d1d465 443 * transport (stream or datagram) and transforms it into
borlanic 0:02dd72d1d465 444 * a serially multiplexed, secure transport, which
borlanic 0:02dd72d1d465 445 * conceptually provides the following:
borlanic 0:02dd72d1d465 446 *
borlanic 0:02dd72d1d465 447 * (1) Three datagram based, content-agnostic transports
borlanic 0:02dd72d1d465 448 * for handshake, alert and CCS messages.
borlanic 0:02dd72d1d465 449 * (2) One stream- or datagram-based transport
borlanic 0:02dd72d1d465 450 * for application data.
borlanic 0:02dd72d1d465 451 * (3) Functionality for changing the underlying transform
borlanic 0:02dd72d1d465 452 * securing the contents.
borlanic 0:02dd72d1d465 453 *
borlanic 0:02dd72d1d465 454 * The interface to this functionality is given as follows:
borlanic 0:02dd72d1d465 455 *
borlanic 0:02dd72d1d465 456 * a Updating
borlanic 0:02dd72d1d465 457 * [Currently implemented by mbedtls_ssl_read_record]
borlanic 0:02dd72d1d465 458 *
borlanic 0:02dd72d1d465 459 * Check if and on which of the four 'ports' data is pending:
borlanic 0:02dd72d1d465 460 * Nothing, a controlling datagram of type (1), or application
borlanic 0:02dd72d1d465 461 * data (2). In any case data is present, internal buffers
borlanic 0:02dd72d1d465 462 * provide access to the data for the user to process it.
borlanic 0:02dd72d1d465 463 * Consumption of type (1) datagrams is done automatically
borlanic 0:02dd72d1d465 464 * on the next update, invalidating that the internal buffers
borlanic 0:02dd72d1d465 465 * for previous datagrams, while consumption of application
borlanic 0:02dd72d1d465 466 * data (2) is user-controlled.
borlanic 0:02dd72d1d465 467 *
borlanic 0:02dd72d1d465 468 * b Reading of application data
borlanic 0:02dd72d1d465 469 * [Currently manual adaption of ssl->in_offt pointer]
borlanic 0:02dd72d1d465 470 *
borlanic 0:02dd72d1d465 471 * As mentioned in the last paragraph, consumption of data
borlanic 0:02dd72d1d465 472 * is different from the automatic consumption of control
borlanic 0:02dd72d1d465 473 * datagrams (1) because application data is treated as a stream.
borlanic 0:02dd72d1d465 474 *
borlanic 0:02dd72d1d465 475 * c Tracking availability of application data
borlanic 0:02dd72d1d465 476 * [Currently manually through decreasing ssl->in_msglen]
borlanic 0:02dd72d1d465 477 *
borlanic 0:02dd72d1d465 478 * For efficiency and to retain datagram semantics for
borlanic 0:02dd72d1d465 479 * application data in case of DTLS, the record layer
borlanic 0:02dd72d1d465 480 * provides functionality for checking how much application
borlanic 0:02dd72d1d465 481 * data is still available in the internal buffer.
borlanic 0:02dd72d1d465 482 *
borlanic 0:02dd72d1d465 483 * d Changing the transformation securing the communication.
borlanic 0:02dd72d1d465 484 *
borlanic 0:02dd72d1d465 485 * Given an opaque implementation of the record layer in the
borlanic 0:02dd72d1d465 486 * above sense, it should be possible to implement the logic
borlanic 0:02dd72d1d465 487 * of (D)TLS on top of it without the need to know anything
borlanic 0:02dd72d1d465 488 * about the record layer's internals. This is done e.g.
borlanic 0:02dd72d1d465 489 * in all the handshake handling functions, and in the
borlanic 0:02dd72d1d465 490 * application data reading function mbedtls_ssl_read.
borlanic 0:02dd72d1d465 491 *
borlanic 0:02dd72d1d465 492 * \note The above tries to give a conceptual picture of the
borlanic 0:02dd72d1d465 493 * record layer, but the current implementation deviates
borlanic 0:02dd72d1d465 494 * from it in some places. For example, our implementation of
borlanic 0:02dd72d1d465 495 * the update functionality through mbedtls_ssl_read_record
borlanic 0:02dd72d1d465 496 * discards datagrams depending on the current state, which
borlanic 0:02dd72d1d465 497 * wouldn't fall under the record layer's responsibility
borlanic 0:02dd72d1d465 498 * following the above definition.
borlanic 0:02dd72d1d465 499 *
borlanic 0:02dd72d1d465 500 */
borlanic 0:02dd72d1d465 501 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 502 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
borlanic 0:02dd72d1d465 503
borlanic 0:02dd72d1d465 504 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 505 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 506
borlanic 0:02dd72d1d465 507 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 508 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 509
borlanic 0:02dd72d1d465 510 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 511 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 512
borlanic 0:02dd72d1d465 513 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 514 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 515
borlanic 0:02dd72d1d465 516 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
borlanic 0:02dd72d1d465 517 const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
borlanic 0:02dd72d1d465 518
borlanic 0:02dd72d1d465 519 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
borlanic 0:02dd72d1d465 520 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
borlanic 0:02dd72d1d465 521 #endif
borlanic 0:02dd72d1d465 522
borlanic 0:02dd72d1d465 523 #if defined(MBEDTLS_PK_C)
borlanic 0:02dd72d1d465 524 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
borlanic 0:02dd72d1d465 525 unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
borlanic 0:02dd72d1d465 526 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
borlanic 0:02dd72d1d465 527 #endif
borlanic 0:02dd72d1d465 528
borlanic 0:02dd72d1d465 529 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
borlanic 0:02dd72d1d465 530 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
borlanic 0:02dd72d1d465 531 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
borlanic 0:02dd72d1d465 532
borlanic 0:02dd72d1d465 533 #if defined(MBEDTLS_ECP_C)
borlanic 0:02dd72d1d465 534 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
borlanic 0:02dd72d1d465 535 #endif
borlanic 0:02dd72d1d465 536
borlanic 0:02dd72d1d465 537 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
borlanic 0:02dd72d1d465 538 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
borlanic 0:02dd72d1d465 539 mbedtls_md_type_t md );
borlanic 0:02dd72d1d465 540 #endif
borlanic 0:02dd72d1d465 541
borlanic 0:02dd72d1d465 542 #if defined(MBEDTLS_X509_CRT_PARSE_C)
borlanic 0:02dd72d1d465 543 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
borlanic 0:02dd72d1d465 544 {
borlanic 0:02dd72d1d465 545 mbedtls_ssl_key_cert *key_cert;
borlanic 0:02dd72d1d465 546
borlanic 0:02dd72d1d465 547 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
borlanic 0:02dd72d1d465 548 key_cert = ssl->handshake->key_cert;
borlanic 0:02dd72d1d465 549 else
borlanic 0:02dd72d1d465 550 key_cert = ssl->conf->key_cert;
borlanic 0:02dd72d1d465 551
borlanic 0:02dd72d1d465 552 return( key_cert == NULL ? NULL : key_cert->key );
borlanic 0:02dd72d1d465 553 }
borlanic 0:02dd72d1d465 554
borlanic 0:02dd72d1d465 555 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
borlanic 0:02dd72d1d465 556 {
borlanic 0:02dd72d1d465 557 mbedtls_ssl_key_cert *key_cert;
borlanic 0:02dd72d1d465 558
borlanic 0:02dd72d1d465 559 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
borlanic 0:02dd72d1d465 560 key_cert = ssl->handshake->key_cert;
borlanic 0:02dd72d1d465 561 else
borlanic 0:02dd72d1d465 562 key_cert = ssl->conf->key_cert;
borlanic 0:02dd72d1d465 563
borlanic 0:02dd72d1d465 564 return( key_cert == NULL ? NULL : key_cert->cert );
borlanic 0:02dd72d1d465 565 }
borlanic 0:02dd72d1d465 566
borlanic 0:02dd72d1d465 567 /*
borlanic 0:02dd72d1d465 568 * Check usage of a certificate wrt extensions:
borlanic 0:02dd72d1d465 569 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
borlanic 0:02dd72d1d465 570 *
borlanic 0:02dd72d1d465 571 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
borlanic 0:02dd72d1d465 572 * check a cert we received from them)!
borlanic 0:02dd72d1d465 573 *
borlanic 0:02dd72d1d465 574 * Return 0 if everything is OK, -1 if not.
borlanic 0:02dd72d1d465 575 */
borlanic 0:02dd72d1d465 576 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
borlanic 0:02dd72d1d465 577 const mbedtls_ssl_ciphersuite_t *ciphersuite,
borlanic 0:02dd72d1d465 578 int cert_endpoint,
borlanic 0:02dd72d1d465 579 uint32_t *flags );
borlanic 0:02dd72d1d465 580 #endif /* MBEDTLS_X509_CRT_PARSE_C */
borlanic 0:02dd72d1d465 581
borlanic 0:02dd72d1d465 582 void mbedtls_ssl_write_version( int major, int minor, int transport,
borlanic 0:02dd72d1d465 583 unsigned char ver[2] );
borlanic 0:02dd72d1d465 584 void mbedtls_ssl_read_version( int *major, int *minor, int transport,
borlanic 0:02dd72d1d465 585 const unsigned char ver[2] );
borlanic 0:02dd72d1d465 586
borlanic 0:02dd72d1d465 587 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
borlanic 0:02dd72d1d465 588 {
borlanic 0:02dd72d1d465 589 #if defined(MBEDTLS_SSL_PROTO_DTLS)
borlanic 0:02dd72d1d465 590 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
borlanic 0:02dd72d1d465 591 return( 13 );
borlanic 0:02dd72d1d465 592 #else
borlanic 0:02dd72d1d465 593 ((void) ssl);
borlanic 0:02dd72d1d465 594 #endif
borlanic 0:02dd72d1d465 595 return( 5 );
borlanic 0:02dd72d1d465 596 }
borlanic 0:02dd72d1d465 597
borlanic 0:02dd72d1d465 598 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
borlanic 0:02dd72d1d465 599 {
borlanic 0:02dd72d1d465 600 #if defined(MBEDTLS_SSL_PROTO_DTLS)
borlanic 0:02dd72d1d465 601 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
borlanic 0:02dd72d1d465 602 return( 12 );
borlanic 0:02dd72d1d465 603 #else
borlanic 0:02dd72d1d465 604 ((void) ssl);
borlanic 0:02dd72d1d465 605 #endif
borlanic 0:02dd72d1d465 606 return( 4 );
borlanic 0:02dd72d1d465 607 }
borlanic 0:02dd72d1d465 608
borlanic 0:02dd72d1d465 609 #if defined(MBEDTLS_SSL_PROTO_DTLS)
borlanic 0:02dd72d1d465 610 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 611 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 612 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 613 #endif
borlanic 0:02dd72d1d465 614
borlanic 0:02dd72d1d465 615 /* Visible for testing purposes only */
borlanic 0:02dd72d1d465 616 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
borlanic 0:02dd72d1d465 617 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 618 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
borlanic 0:02dd72d1d465 619 #endif
borlanic 0:02dd72d1d465 620
borlanic 0:02dd72d1d465 621 /* constant-time buffer comparison */
borlanic 0:02dd72d1d465 622 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
borlanic 0:02dd72d1d465 623 {
borlanic 0:02dd72d1d465 624 size_t i;
borlanic 0:02dd72d1d465 625 volatile const unsigned char *A = (volatile const unsigned char *) a;
borlanic 0:02dd72d1d465 626 volatile const unsigned char *B = (volatile const unsigned char *) b;
borlanic 0:02dd72d1d465 627 volatile unsigned char diff = 0;
borlanic 0:02dd72d1d465 628
borlanic 0:02dd72d1d465 629 for( i = 0; i < n; i++ )
borlanic 0:02dd72d1d465 630 diff |= A[i] ^ B[i];
borlanic 0:02dd72d1d465 631
borlanic 0:02dd72d1d465 632 return( diff );
borlanic 0:02dd72d1d465 633 }
borlanic 0:02dd72d1d465 634
borlanic 0:02dd72d1d465 635 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
borlanic 0:02dd72d1d465 636 defined(MBEDTLS_SSL_PROTO_TLS1_1)
borlanic 0:02dd72d1d465 637 int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
borlanic 0:02dd72d1d465 638 unsigned char *output,
borlanic 0:02dd72d1d465 639 unsigned char *data, size_t data_len );
borlanic 0:02dd72d1d465 640 #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
borlanic 0:02dd72d1d465 641 MBEDTLS_SSL_PROTO_TLS1_1 */
borlanic 0:02dd72d1d465 642
borlanic 0:02dd72d1d465 643 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
borlanic 0:02dd72d1d465 644 defined(MBEDTLS_SSL_PROTO_TLS1_2)
borlanic 0:02dd72d1d465 645 int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
borlanic 0:02dd72d1d465 646 unsigned char *output,
borlanic 0:02dd72d1d465 647 unsigned char *data, size_t data_len,
borlanic 0:02dd72d1d465 648 mbedtls_md_type_t md_alg );
borlanic 0:02dd72d1d465 649 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
borlanic 0:02dd72d1d465 650 MBEDTLS_SSL_PROTO_TLS1_2 */
borlanic 0:02dd72d1d465 651
borlanic 0:02dd72d1d465 652 #ifdef __cplusplus
borlanic 0:02dd72d1d465 653 }
borlanic 0:02dd72d1d465 654 #endif
borlanic 0:02dd72d1d465 655
borlanic 0:02dd72d1d465 656 #endif /* ssl_internal.h */