Knight KE
/
Game_Master
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
ssl_internal.h
Go to the documentation of this file.
00001 /** 00002 * \file ssl_internal.h 00003 * 00004 * \brief Internal functions shared by the SSL modules 00005 */ 00006 /* 00007 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00008 * SPDX-License-Identifier: Apache-2.0 00009 * 00010 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00011 * not use this file except in compliance with the License. 00012 * You may obtain a copy of the License at 00013 * 00014 * http://www.apache.org/licenses/LICENSE-2.0 00015 * 00016 * Unless required by applicable law or agreed to in writing, software 00017 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00018 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00019 * See the License for the specific language governing permissions and 00020 * limitations under the License. 00021 * 00022 * This file is part of mbed TLS (https://tls.mbed.org) 00023 */ 00024 #ifndef MBEDTLS_SSL_INTERNAL_H 00025 #define MBEDTLS_SSL_INTERNAL_H 00026 00027 #include "ssl.h" 00028 #include "cipher.h" 00029 00030 #if defined(MBEDTLS_MD5_C) 00031 #include "md5.h" 00032 #endif 00033 00034 #if defined(MBEDTLS_SHA1_C) 00035 #include "sha1.h" 00036 #endif 00037 00038 #if defined(MBEDTLS_SHA256_C) 00039 #include "sha256.h" 00040 #endif 00041 00042 #if defined(MBEDTLS_SHA512_C) 00043 #include "sha512.h" 00044 #endif 00045 00046 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00047 #include "ecjpake.h" 00048 #endif 00049 00050 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00051 !defined(inline) && !defined(__cplusplus) 00052 #define inline __inline 00053 #endif 00054 00055 /* Determine minimum supported version */ 00056 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00057 00058 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00059 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00060 #else 00061 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00062 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00063 #else 00064 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00065 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00066 #else 00067 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00068 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00069 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00070 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00071 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00072 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00073 00074 #define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00075 #define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00076 00077 /* Determine maximum supported version */ 00078 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00079 00080 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00081 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00082 #else 00083 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00084 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00085 #else 00086 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00087 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00088 #else 00089 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00090 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00091 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00092 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00093 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00094 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00095 00096 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 00097 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ 00098 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ 00099 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ 00100 00101 /* 00102 * DTLS retransmission states, see RFC 6347 4.2.4 00103 * 00104 * The SENDING state is merged in PREPARING for initial sends, 00105 * but is distinct for resends. 00106 * 00107 * Note: initial state is wrong for server, but is not used anyway. 00108 */ 00109 #define MBEDTLS_SSL_RETRANS_PREPARING 0 00110 #define MBEDTLS_SSL_RETRANS_SENDING 1 00111 #define MBEDTLS_SSL_RETRANS_WAITING 2 00112 #define MBEDTLS_SSL_RETRANS_FINISHED 3 00113 00114 /* 00115 * Allow extra bytes for record, authentication and encryption overhead: 00116 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) 00117 * and allow for a maximum of 1024 of compression expansion if 00118 * enabled. 00119 */ 00120 #if defined(MBEDTLS_ZLIB_SUPPORT) 00121 #define MBEDTLS_SSL_COMPRESSION_ADD 1024 00122 #else 00123 #define MBEDTLS_SSL_COMPRESSION_ADD 0 00124 #endif 00125 00126 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) 00127 /* Ciphersuites using HMAC */ 00128 #if defined(MBEDTLS_SHA512_C) 00129 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ 00130 #elif defined(MBEDTLS_SHA256_C) 00131 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ 00132 #else 00133 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ 00134 #endif 00135 #else 00136 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ 00137 #define MBEDTLS_SSL_MAC_ADD 16 00138 #endif 00139 00140 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00141 #define MBEDTLS_SSL_PADDING_ADD 256 00142 #else 00143 #define MBEDTLS_SSL_PADDING_ADD 0 00144 #endif 00145 00146 #define MBEDTLS_SSL_PAYLOAD_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ 00147 + MBEDTLS_SSL_COMPRESSION_ADD \ 00148 + MBEDTLS_MAX_IV_LENGTH \ 00149 + MBEDTLS_SSL_MAC_ADD \ 00150 + MBEDTLS_SSL_PADDING_ADD \ 00151 ) 00152 00153 /* 00154 * Check that we obey the standard's message size bounds 00155 */ 00156 00157 #if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384 00158 #error Bad configuration - record content too large. 00159 #endif 00160 00161 #if MBEDTLS_SSL_PAYLOAD_LEN > 16384 + 2048 00162 #error Bad configuration - protected record payload too large. 00163 #endif 00164 00165 /* Note: Even though the TLS record header is only 5 bytes 00166 long, we're internally using 8 bytes to store the 00167 implicit sequence number. */ 00168 #define MBEDTLS_SSL_HEADER_LEN 13 00169 00170 #define MBEDTLS_SSL_BUFFER_LEN \ 00171 ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) ) 00172 00173 /* 00174 * TLS extension flags (for extensions with outgoing ServerHello content 00175 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because 00176 * of state of the renegotiation flag, so no indicator is required) 00177 */ 00178 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) 00179 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) 00180 00181 #ifdef __cplusplus 00182 extern "C" { 00183 #endif 00184 00185 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00186 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00187 /* 00188 * Abstraction for a grid of allowed signature-hash-algorithm pairs. 00189 */ 00190 struct mbedtls_ssl_sig_hash_set_t 00191 { 00192 /* At the moment, we only need to remember a single suitable 00193 * hash algorithm per signature algorithm. As long as that's 00194 * the case - and we don't need a general lookup function - 00195 * we can implement the sig-hash-set as a map from signatures 00196 * to hash algorithms. */ 00197 mbedtls_md_type_t rsa; 00198 mbedtls_md_type_t ecdsa; 00199 }; 00200 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && 00201 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ 00202 00203 /* 00204 * This structure contains the parameters only needed during handshake. 00205 */ 00206 struct mbedtls_ssl_handshake_params 00207 { 00208 /* 00209 * Handshake specific crypto variables 00210 */ 00211 00212 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00213 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00214 mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */ 00215 #endif 00216 #if defined(MBEDTLS_DHM_C) 00217 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ 00218 #endif 00219 #if defined(MBEDTLS_ECDH_C) 00220 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ 00221 #endif 00222 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00223 mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ 00224 #if defined(MBEDTLS_SSL_CLI_C) 00225 unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ 00226 size_t ecjpake_cache_len; /*!< Length of cached data */ 00227 #endif 00228 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 00229 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 00230 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00231 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ 00232 #endif 00233 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00234 unsigned char *psk; /*!< PSK from the callback */ 00235 size_t psk_len; /*!< Length of PSK from callback */ 00236 #endif 00237 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00238 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ 00239 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 00240 int sni_authmode; /*!< authmode from SNI callback */ 00241 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ 00242 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ 00243 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ 00244 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ 00245 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00246 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00247 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ 00248 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ 00249 00250 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie 00251 Srv: unused */ 00252 unsigned char verify_cookie_len; /*!< Cli: cookie length 00253 Srv: flag for sending a cookie */ 00254 00255 unsigned char *hs_msg; /*!< Reassembled handshake message */ 00256 00257 uint32_t retransmit_timeout; /*!< Current value of timeout */ 00258 unsigned char retransmit_state; /*!< Retransmission state */ 00259 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ 00260 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ 00261 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the 00262 flight being received */ 00263 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for 00264 resending messages */ 00265 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter 00266 for resending messages */ 00267 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00268 00269 /* 00270 * Checksum contexts 00271 */ 00272 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 00273 defined(MBEDTLS_SSL_PROTO_TLS1_1) 00274 mbedtls_md5_context fin_md5; 00275 mbedtls_sha1_context fin_sha1; 00276 #endif 00277 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00278 #if defined(MBEDTLS_SHA256_C) 00279 mbedtls_sha256_context fin_sha256; 00280 #endif 00281 #if defined(MBEDTLS_SHA512_C) 00282 mbedtls_sha512_context fin_sha512; 00283 #endif 00284 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00285 00286 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); 00287 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *); 00288 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); 00289 int (*tls_prf)(const unsigned char *, size_t, const char *, 00290 const unsigned char *, size_t, 00291 unsigned char *, size_t); 00292 00293 size_t pmslen; /*!< premaster length */ 00294 00295 unsigned char randbytes[64]; /*!< random bytes */ 00296 unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; 00297 /*!< premaster secret */ 00298 00299 int resume; /*!< session resume indicator*/ 00300 int max_major_ver; /*!< max. major version client*/ 00301 int max_minor_ver; /*!< max. minor version client*/ 00302 int cli_exts; /*!< client extension presence*/ 00303 00304 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 00305 int new_session_ticket; /*!< use NewSessionTicket? */ 00306 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 00307 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 00308 int extended_ms; /*!< use Extended Master Secret? */ 00309 #endif 00310 }; 00311 00312 /* 00313 * This structure contains a full set of runtime transform parameters 00314 * either in negotiation or active. 00315 */ 00316 struct mbedtls_ssl_transform 00317 { 00318 /* 00319 * Session specific crypto layer 00320 */ 00321 const mbedtls_ssl_ciphersuite_t *ciphersuite_info; 00322 /*!< Chosen cipersuite_info */ 00323 unsigned int keylen; /*!< symmetric key length (bytes) */ 00324 size_t minlen; /*!< min. ciphertext length */ 00325 size_t ivlen; /*!< IV length */ 00326 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ 00327 size_t maclen; /*!< MAC length */ 00328 00329 unsigned char iv_enc[16]; /*!< IV (encryption) */ 00330 unsigned char iv_dec[16]; /*!< IV (decryption) */ 00331 00332 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00333 /* Needed only for SSL v3.0 secret */ 00334 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ 00335 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */ 00336 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00337 00338 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ 00339 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ 00340 00341 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ 00342 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ 00343 00344 /* 00345 * Session specific compression layer 00346 */ 00347 #if defined(MBEDTLS_ZLIB_SUPPORT) 00348 z_stream ctx_deflate; /*!< compression context */ 00349 z_stream ctx_inflate; /*!< decompression context */ 00350 #endif 00351 }; 00352 00353 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00354 /* 00355 * List of certificate + private key pairs 00356 */ 00357 struct mbedtls_ssl_key_cert 00358 { 00359 mbedtls_x509_crt *cert; /*!< cert */ 00360 mbedtls_pk_context *key; /*!< private key */ 00361 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ 00362 }; 00363 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00364 00365 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00366 /* 00367 * List of handshake messages kept around for resending 00368 */ 00369 struct mbedtls_ssl_flight_item 00370 { 00371 unsigned char *p; /*!< message, including handshake headers */ 00372 size_t len; /*!< length of p */ 00373 unsigned char type; /*!< type of the message: handshake or CCS */ 00374 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ 00375 }; 00376 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00377 00378 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00379 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00380 00381 /* Find an entry in a signature-hash set matching a given hash algorithm. */ 00382 mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, 00383 mbedtls_pk_type_t sig_alg ); 00384 /* Add a signature-hash-pair to a signature-hash set */ 00385 void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, 00386 mbedtls_pk_type_t sig_alg, 00387 mbedtls_md_type_t md_alg ); 00388 /* Allow exactly one hash algorithm for each signature. */ 00389 void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, 00390 mbedtls_md_type_t md_alg ); 00391 00392 /* Setup an empty signature-hash set */ 00393 static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set ) 00394 { 00395 mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE ); 00396 } 00397 00398 #endif /* MBEDTLS_SSL_PROTO_TLS1_2) && 00399 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ 00400 00401 /** 00402 * \brief Free referenced items in an SSL transform context and clear 00403 * memory 00404 * 00405 * \param transform SSL transform context 00406 */ 00407 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); 00408 00409 /** 00410 * \brief Free referenced items in an SSL handshake context and clear 00411 * memory 00412 * 00413 * \param handshake SSL handshake context 00414 */ 00415 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ); 00416 00417 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); 00418 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); 00419 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); 00420 00421 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); 00422 00423 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); 00424 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); 00425 00426 int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ); 00427 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); 00428 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); 00429 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); 00430 00431 /** 00432 * \brief Update record layer 00433 * 00434 * This function roughly separates the implementation 00435 * of the logic of (D)TLS from the implementation 00436 * of the secure transport. 00437 * 00438 * \param ssl SSL context to use 00439 * 00440 * \return 0 or non-zero error code. 00441 * 00442 * \note A clarification on what is called 'record layer' here 00443 * is in order, as many sensible definitions are possible: 00444 * 00445 * The record layer takes as input an untrusted underlying 00446 * transport (stream or datagram) and transforms it into 00447 * a serially multiplexed, secure transport, which 00448 * conceptually provides the following: 00449 * 00450 * (1) Three datagram based, content-agnostic transports 00451 * for handshake, alert and CCS messages. 00452 * (2) One stream- or datagram-based transport 00453 * for application data. 00454 * (3) Functionality for changing the underlying transform 00455 * securing the contents. 00456 * 00457 * The interface to this functionality is given as follows: 00458 * 00459 * a Updating 00460 * [Currently implemented by mbedtls_ssl_read_record] 00461 * 00462 * Check if and on which of the four 'ports' data is pending: 00463 * Nothing, a controlling datagram of type (1), or application 00464 * data (2). In any case data is present, internal buffers 00465 * provide access to the data for the user to process it. 00466 * Consumption of type (1) datagrams is done automatically 00467 * on the next update, invalidating that the internal buffers 00468 * for previous datagrams, while consumption of application 00469 * data (2) is user-controlled. 00470 * 00471 * b Reading of application data 00472 * [Currently manual adaption of ssl->in_offt pointer] 00473 * 00474 * As mentioned in the last paragraph, consumption of data 00475 * is different from the automatic consumption of control 00476 * datagrams (1) because application data is treated as a stream. 00477 * 00478 * c Tracking availability of application data 00479 * [Currently manually through decreasing ssl->in_msglen] 00480 * 00481 * For efficiency and to retain datagram semantics for 00482 * application data in case of DTLS, the record layer 00483 * provides functionality for checking how much application 00484 * data is still available in the internal buffer. 00485 * 00486 * d Changing the transformation securing the communication. 00487 * 00488 * Given an opaque implementation of the record layer in the 00489 * above sense, it should be possible to implement the logic 00490 * of (D)TLS on top of it without the need to know anything 00491 * about the record layer's internals. This is done e.g. 00492 * in all the handshake handling functions, and in the 00493 * application data reading function mbedtls_ssl_read. 00494 * 00495 * \note The above tries to give a conceptual picture of the 00496 * record layer, but the current implementation deviates 00497 * from it in some places. For example, our implementation of 00498 * the update functionality through mbedtls_ssl_read_record 00499 * discards datagrams depending on the current state, which 00500 * wouldn't fall under the record layer's responsibility 00501 * following the above definition. 00502 * 00503 */ 00504 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ); 00505 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); 00506 00507 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ); 00508 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); 00509 00510 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); 00511 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); 00512 00513 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); 00514 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); 00515 00516 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); 00517 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); 00518 00519 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, 00520 const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); 00521 00522 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00523 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); 00524 #endif 00525 00526 #if defined(MBEDTLS_PK_C) 00527 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); 00528 unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ); 00529 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); 00530 #endif 00531 00532 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); 00533 unsigned char mbedtls_ssl_hash_from_md_alg( int md ); 00534 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); 00535 00536 #if defined(MBEDTLS_ECP_C) 00537 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); 00538 #endif 00539 00540 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00541 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, 00542 mbedtls_md_type_t md ); 00543 #endif 00544 00545 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00546 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) 00547 { 00548 mbedtls_ssl_key_cert *key_cert; 00549 00550 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00551 key_cert = ssl->handshake->key_cert; 00552 else 00553 key_cert = ssl->conf->key_cert; 00554 00555 return( key_cert == NULL ? NULL : key_cert->key ); 00556 } 00557 00558 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) 00559 { 00560 mbedtls_ssl_key_cert *key_cert; 00561 00562 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00563 key_cert = ssl->handshake->key_cert; 00564 else 00565 key_cert = ssl->conf->key_cert; 00566 00567 return( key_cert == NULL ? NULL : key_cert->cert ); 00568 } 00569 00570 /* 00571 * Check usage of a certificate wrt extensions: 00572 * keyUsage, extendedKeyUsage (later), and nSCertType (later). 00573 * 00574 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we 00575 * check a cert we received from them)! 00576 * 00577 * Return 0 if everything is OK, -1 if not. 00578 */ 00579 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, 00580 const mbedtls_ssl_ciphersuite_t *ciphersuite, 00581 int cert_endpoint, 00582 uint32_t *flags ); 00583 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00584 00585 void mbedtls_ssl_write_version( int major, int minor, int transport, 00586 unsigned char ver[2] ); 00587 void mbedtls_ssl_read_version( int *major, int *minor, int transport, 00588 const unsigned char ver[2] ); 00589 00590 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl ) 00591 { 00592 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00593 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00594 return( 13 ); 00595 #else 00596 ((void) ssl); 00597 #endif 00598 return( 5 ); 00599 } 00600 00601 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) 00602 { 00603 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00604 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00605 return( 12 ); 00606 #else 00607 ((void) ssl); 00608 #endif 00609 return( 4 ); 00610 } 00611 00612 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00613 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); 00614 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); 00615 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); 00616 #endif 00617 00618 /* Visible for testing purposes only */ 00619 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 00620 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ); 00621 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); 00622 #endif 00623 00624 /* constant-time buffer comparison */ 00625 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) 00626 { 00627 size_t i; 00628 volatile const unsigned char *A = (volatile const unsigned char *) a; 00629 volatile const unsigned char *B = (volatile const unsigned char *) b; 00630 volatile unsigned char diff = 0; 00631 00632 for( i = 0; i < n; i++ ) 00633 diff |= A[i] ^ B[i]; 00634 00635 return( diff ); 00636 } 00637 00638 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 00639 defined(MBEDTLS_SSL_PROTO_TLS1_1) 00640 int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, 00641 unsigned char *output, 00642 unsigned char *data, size_t data_len ); 00643 #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ 00644 MBEDTLS_SSL_PROTO_TLS1_1 */ 00645 00646 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ 00647 defined(MBEDTLS_SSL_PROTO_TLS1_2) 00648 int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, 00649 unsigned char *output, 00650 unsigned char *data, size_t data_len, 00651 mbedtls_md_type_t md_alg ); 00652 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ 00653 MBEDTLS_SSL_PROTO_TLS1_2 */ 00654 00655 #ifdef __cplusplus 00656 } 00657 #endif 00658 00659 #endif /* ssl_internal.h */
Generated on Tue Jul 12 2022 12:45:48 by
1.7.2