Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
ssl_internal.h
00001 /** 00002 * \file ssl_internal.h 00003 * 00004 * \brief Internal functions shared by the SSL modules 00005 */ 00006 /* 00007 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00008 * SPDX-License-Identifier: Apache-2.0 00009 * 00010 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00011 * not use this file except in compliance with the License. 00012 * You may obtain a copy of the License at 00013 * 00014 * http://www.apache.org/licenses/LICENSE-2.0 00015 * 00016 * Unless required by applicable law or agreed to in writing, software 00017 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00018 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00019 * See the License for the specific language governing permissions and 00020 * limitations under the License. 00021 * 00022 * This file is part of mbed TLS (https://tls.mbed.org) 00023 */ 00024 #ifndef MBEDTLS_SSL_INTERNAL_H 00025 #define MBEDTLS_SSL_INTERNAL_H 00026 00027 #include "ssl.h" 00028 #include "cipher.h" 00029 00030 #if defined(MBEDTLS_MD5_C) 00031 #include "md5.h" 00032 #endif 00033 00034 #if defined(MBEDTLS_SHA1_C) 00035 #include "sha1.h" 00036 #endif 00037 00038 #if defined(MBEDTLS_SHA256_C) 00039 #include "sha256.h" 00040 #endif 00041 00042 #if defined(MBEDTLS_SHA512_C) 00043 #include "sha512.h" 00044 #endif 00045 00046 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00047 #include "ecjpake.h" 00048 #endif 00049 00050 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00051 !defined(inline) && !defined(__cplusplus) 00052 #define inline __inline 00053 #endif 00054 00055 /* Determine minimum supported version */ 00056 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00057 00058 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00059 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00060 #else 00061 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00062 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00063 #else 00064 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00065 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00066 #else 00067 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00068 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00069 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00070 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00071 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00072 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00073 00074 /* Determine maximum supported version */ 00075 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00076 00077 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00078 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00079 #else 00080 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00081 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00082 #else 00083 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00084 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00085 #else 00086 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00087 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00088 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00089 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00090 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00091 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00092 00093 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 00094 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ 00095 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ 00096 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ 00097 00098 /* 00099 * DTLS retransmission states, see RFC 6347 4.2.4 00100 * 00101 * The SENDING state is merged in PREPARING for initial sends, 00102 * but is distinct for resends. 00103 * 00104 * Note: initial state is wrong for server, but is not used anyway. 00105 */ 00106 #define MBEDTLS_SSL_RETRANS_PREPARING 0 00107 #define MBEDTLS_SSL_RETRANS_SENDING 1 00108 #define MBEDTLS_SSL_RETRANS_WAITING 2 00109 #define MBEDTLS_SSL_RETRANS_FINISHED 3 00110 00111 /* 00112 * Allow extra bytes for record, authentication and encryption overhead: 00113 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) 00114 * and allow for a maximum of 1024 of compression expansion if 00115 * enabled. 00116 */ 00117 #if defined(MBEDTLS_ZLIB_SUPPORT) 00118 #define MBEDTLS_SSL_COMPRESSION_ADD 1024 00119 #else 00120 #define MBEDTLS_SSL_COMPRESSION_ADD 0 00121 #endif 00122 00123 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) 00124 /* Ciphersuites using HMAC */ 00125 #if defined(MBEDTLS_SHA512_C) 00126 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ 00127 #elif defined(MBEDTLS_SHA256_C) 00128 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ 00129 #else 00130 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ 00131 #endif 00132 #else 00133 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ 00134 #define MBEDTLS_SSL_MAC_ADD 16 00135 #endif 00136 00137 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00138 #define MBEDTLS_SSL_PADDING_ADD 256 00139 #else 00140 #define MBEDTLS_SSL_PADDING_ADD 0 00141 #endif 00142 00143 #define MBEDTLS_SSL_PAYLOAD_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ 00144 + MBEDTLS_SSL_COMPRESSION_ADD \ 00145 + MBEDTLS_MAX_IV_LENGTH \ 00146 + MBEDTLS_SSL_MAC_ADD \ 00147 + MBEDTLS_SSL_PADDING_ADD \ 00148 ) 00149 00150 /* 00151 * Check that we obey the standard's message size bounds 00152 */ 00153 00154 #if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384 00155 #error Bad configuration - record content too large. 00156 #endif 00157 00158 #if MBEDTLS_SSL_PAYLOAD_LEN > 16384 + 2048 00159 #error Bad configuration - protected record payload too large. 00160 #endif 00161 00162 /* Note: Even though the TLS record header is only 5 bytes 00163 long, we're internally using 8 bytes to store the 00164 implicit sequence number. */ 00165 #define MBEDTLS_SSL_HEADER_LEN 13 00166 00167 #define MBEDTLS_SSL_BUFFER_LEN \ 00168 ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) ) 00169 00170 /* 00171 * TLS extension flags (for extensions with outgoing ServerHello content 00172 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because 00173 * of state of the renegotiation flag, so no indicator is required) 00174 */ 00175 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) 00176 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) 00177 00178 #ifdef __cplusplus 00179 extern "C" { 00180 #endif 00181 00182 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00183 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00184 /* 00185 * Abstraction for a grid of allowed signature-hash-algorithm pairs. 00186 */ 00187 struct mbedtls_ssl_sig_hash_set_t 00188 { 00189 /* At the moment, we only need to remember a single suitable 00190 * hash algorithm per signature algorithm. As long as that's 00191 * the case - and we don't need a general lookup function - 00192 * we can implement the sig-hash-set as a map from signatures 00193 * to hash algorithms. */ 00194 mbedtls_md_type_t rsa; 00195 mbedtls_md_type_t ecdsa; 00196 }; 00197 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && 00198 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ 00199 00200 /* 00201 * This structure contains the parameters only needed during handshake. 00202 */ 00203 struct mbedtls_ssl_handshake_params 00204 { 00205 /* 00206 * Handshake specific crypto variables 00207 */ 00208 00209 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00210 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00211 mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */ 00212 #endif 00213 #if defined(MBEDTLS_DHM_C) 00214 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ 00215 #endif 00216 #if defined(MBEDTLS_ECDH_C) 00217 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ 00218 #endif 00219 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00220 mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ 00221 #if defined(MBEDTLS_SSL_CLI_C) 00222 unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ 00223 size_t ecjpake_cache_len; /*!< Length of cached data */ 00224 #endif 00225 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 00226 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 00227 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00228 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ 00229 #endif 00230 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00231 unsigned char *psk; /*!< PSK from the callback */ 00232 size_t psk_len; /*!< Length of PSK from callback */ 00233 #endif 00234 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00235 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ 00236 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 00237 int sni_authmode; /*!< authmode from SNI callback */ 00238 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ 00239 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ 00240 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ 00241 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ 00242 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00243 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00244 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ 00245 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ 00246 00247 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie 00248 Srv: unused */ 00249 unsigned char verify_cookie_len; /*!< Cli: cookie length 00250 Srv: flag for sending a cookie */ 00251 00252 unsigned char *hs_msg; /*!< Reassembled handshake message */ 00253 00254 uint32_t retransmit_timeout; /*!< Current value of timeout */ 00255 unsigned char retransmit_state; /*!< Retransmission state */ 00256 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ 00257 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ 00258 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the 00259 flight being received */ 00260 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for 00261 resending messages */ 00262 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter 00263 for resending messages */ 00264 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00265 00266 /* 00267 * Checksum contexts 00268 */ 00269 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 00270 defined(MBEDTLS_SSL_PROTO_TLS1_1) 00271 mbedtls_md5_context fin_md5; 00272 mbedtls_sha1_context fin_sha1; 00273 #endif 00274 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00275 #if defined(MBEDTLS_SHA256_C) 00276 mbedtls_sha256_context fin_sha256; 00277 #endif 00278 #if defined(MBEDTLS_SHA512_C) 00279 mbedtls_sha512_context fin_sha512; 00280 #endif 00281 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00282 00283 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); 00284 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *); 00285 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); 00286 int (*tls_prf)(const unsigned char *, size_t, const char *, 00287 const unsigned char *, size_t, 00288 unsigned char *, size_t); 00289 00290 size_t pmslen; /*!< premaster length */ 00291 00292 unsigned char randbytes[64]; /*!< random bytes */ 00293 unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; 00294 /*!< premaster secret */ 00295 00296 int resume; /*!< session resume indicator*/ 00297 int max_major_ver; /*!< max. major version client*/ 00298 int max_minor_ver; /*!< max. minor version client*/ 00299 int cli_exts; /*!< client extension presence*/ 00300 00301 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 00302 int new_session_ticket; /*!< use NewSessionTicket? */ 00303 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 00304 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 00305 int extended_ms; /*!< use Extended Master Secret? */ 00306 #endif 00307 }; 00308 00309 /* 00310 * This structure contains a full set of runtime transform parameters 00311 * either in negotiation or active. 00312 */ 00313 struct mbedtls_ssl_transform 00314 { 00315 /* 00316 * Session specific crypto layer 00317 */ 00318 const mbedtls_ssl_ciphersuite_t *ciphersuite_info; 00319 /*!< Chosen cipersuite_info */ 00320 unsigned int keylen; /*!< symmetric key length (bytes) */ 00321 size_t minlen; /*!< min. ciphertext length */ 00322 size_t ivlen; /*!< IV length */ 00323 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ 00324 size_t maclen; /*!< MAC length */ 00325 00326 unsigned char iv_enc[16]; /*!< IV (encryption) */ 00327 unsigned char iv_dec[16]; /*!< IV (decryption) */ 00328 00329 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00330 /* Needed only for SSL v3.0 secret */ 00331 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ 00332 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */ 00333 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00334 00335 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ 00336 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ 00337 00338 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ 00339 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ 00340 00341 /* 00342 * Session specific compression layer 00343 */ 00344 #if defined(MBEDTLS_ZLIB_SUPPORT) 00345 z_stream ctx_deflate; /*!< compression context */ 00346 z_stream ctx_inflate; /*!< decompression context */ 00347 #endif 00348 }; 00349 00350 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00351 /* 00352 * List of certificate + private key pairs 00353 */ 00354 struct mbedtls_ssl_key_cert 00355 { 00356 mbedtls_x509_crt *cert; /*!< cert */ 00357 mbedtls_pk_context *key; /*!< private key */ 00358 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ 00359 }; 00360 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00361 00362 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00363 /* 00364 * List of handshake messages kept around for resending 00365 */ 00366 struct mbedtls_ssl_flight_item 00367 { 00368 unsigned char *p; /*!< message, including handshake headers */ 00369 size_t len; /*!< length of p */ 00370 unsigned char type; /*!< type of the message: handshake or CCS */ 00371 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ 00372 }; 00373 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00374 00375 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00376 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00377 00378 /* Find an entry in a signature-hash set matching a given hash algorithm. */ 00379 mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, 00380 mbedtls_pk_type_t sig_alg ); 00381 /* Add a signature-hash-pair to a signature-hash set */ 00382 void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, 00383 mbedtls_pk_type_t sig_alg, 00384 mbedtls_md_type_t md_alg ); 00385 /* Allow exactly one hash algorithm for each signature. */ 00386 void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, 00387 mbedtls_md_type_t md_alg ); 00388 00389 /* Setup an empty signature-hash set */ 00390 static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set ) 00391 { 00392 mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE ); 00393 } 00394 00395 #endif /* MBEDTLS_SSL_PROTO_TLS1_2) && 00396 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ 00397 00398 /** 00399 * \brief Free referenced items in an SSL transform context and clear 00400 * memory 00401 * 00402 * \param transform SSL transform context 00403 */ 00404 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); 00405 00406 /** 00407 * \brief Free referenced items in an SSL handshake context and clear 00408 * memory 00409 * 00410 * \param handshake SSL handshake context 00411 */ 00412 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ); 00413 00414 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); 00415 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); 00416 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); 00417 00418 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); 00419 00420 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); 00421 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); 00422 00423 int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ); 00424 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); 00425 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); 00426 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); 00427 00428 /** 00429 * \brief Update record layer 00430 * 00431 * This function roughly separates the implementation 00432 * of the logic of (D)TLS from the implementation 00433 * of the secure transport. 00434 * 00435 * \param ssl SSL context to use 00436 * 00437 * \return 0 or non-zero error code. 00438 * 00439 * \note A clarification on what is called 'record layer' here 00440 * is in order, as many sensible definitions are possible: 00441 * 00442 * The record layer takes as input an untrusted underlying 00443 * transport (stream or datagram) and transforms it into 00444 * a serially multiplexed, secure transport, which 00445 * conceptually provides the following: 00446 * 00447 * (1) Three datagram based, content-agnostic transports 00448 * for handshake, alert and CCS messages. 00449 * (2) One stream- or datagram-based transport 00450 * for application data. 00451 * (3) Functionality for changing the underlying transform 00452 * securing the contents. 00453 * 00454 * The interface to this functionality is given as follows: 00455 * 00456 * a Updating 00457 * [Currently implemented by mbedtls_ssl_read_record] 00458 * 00459 * Check if and on which of the four 'ports' data is pending: 00460 * Nothing, a controlling datagram of type (1), or application 00461 * data (2). In any case data is present, internal buffers 00462 * provide access to the data for the user to process it. 00463 * Consumption of type (1) datagrams is done automatically 00464 * on the next update, invalidating that the internal buffers 00465 * for previous datagrams, while consumption of application 00466 * data (2) is user-controlled. 00467 * 00468 * b Reading of application data 00469 * [Currently manual adaption of ssl->in_offt pointer] 00470 * 00471 * As mentioned in the last paragraph, consumption of data 00472 * is different from the automatic consumption of control 00473 * datagrams (1) because application data is treated as a stream. 00474 * 00475 * c Tracking availability of application data 00476 * [Currently manually through decreasing ssl->in_msglen] 00477 * 00478 * For efficiency and to retain datagram semantics for 00479 * application data in case of DTLS, the record layer 00480 * provides functionality for checking how much application 00481 * data is still available in the internal buffer. 00482 * 00483 * d Changing the transformation securing the communication. 00484 * 00485 * Given an opaque implementation of the record layer in the 00486 * above sense, it should be possible to implement the logic 00487 * of (D)TLS on top of it without the need to know anything 00488 * about the record layer's internals. This is done e.g. 00489 * in all the handshake handling functions, and in the 00490 * application data reading function mbedtls_ssl_read. 00491 * 00492 * \note The above tries to give a conceptual picture of the 00493 * record layer, but the current implementation deviates 00494 * from it in some places. For example, our implementation of 00495 * the update functionality through mbedtls_ssl_read_record 00496 * discards datagrams depending on the current state, which 00497 * wouldn't fall under the record layer's responsibility 00498 * following the above definition. 00499 * 00500 */ 00501 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ); 00502 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); 00503 00504 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ); 00505 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); 00506 00507 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); 00508 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); 00509 00510 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); 00511 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); 00512 00513 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); 00514 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); 00515 00516 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, 00517 const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); 00518 00519 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00520 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); 00521 #endif 00522 00523 #if defined(MBEDTLS_PK_C) 00524 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); 00525 unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ); 00526 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); 00527 #endif 00528 00529 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); 00530 unsigned char mbedtls_ssl_hash_from_md_alg( int md ); 00531 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); 00532 00533 #if defined(MBEDTLS_ECP_C) 00534 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); 00535 #endif 00536 00537 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00538 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, 00539 mbedtls_md_type_t md ); 00540 #endif 00541 00542 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00543 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) 00544 { 00545 mbedtls_ssl_key_cert *key_cert; 00546 00547 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00548 key_cert = ssl->handshake->key_cert; 00549 else 00550 key_cert = ssl->conf->key_cert; 00551 00552 return( key_cert == NULL ? NULL : key_cert->key ); 00553 } 00554 00555 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) 00556 { 00557 mbedtls_ssl_key_cert *key_cert; 00558 00559 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00560 key_cert = ssl->handshake->key_cert; 00561 else 00562 key_cert = ssl->conf->key_cert; 00563 00564 return( key_cert == NULL ? NULL : key_cert->cert ); 00565 } 00566 00567 /* 00568 * Check usage of a certificate wrt extensions: 00569 * keyUsage, extendedKeyUsage (later), and nSCertType (later). 00570 * 00571 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we 00572 * check a cert we received from them)! 00573 * 00574 * Return 0 if everything is OK, -1 if not. 00575 */ 00576 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, 00577 const mbedtls_ssl_ciphersuite_t *ciphersuite, 00578 int cert_endpoint, 00579 uint32_t *flags ); 00580 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00581 00582 void mbedtls_ssl_write_version( int major, int minor, int transport, 00583 unsigned char ver[2] ); 00584 void mbedtls_ssl_read_version( int *major, int *minor, int transport, 00585 const unsigned char ver[2] ); 00586 00587 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl ) 00588 { 00589 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00590 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00591 return( 13 ); 00592 #else 00593 ((void) ssl); 00594 #endif 00595 return( 5 ); 00596 } 00597 00598 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) 00599 { 00600 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00601 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00602 return( 12 ); 00603 #else 00604 ((void) ssl); 00605 #endif 00606 return( 4 ); 00607 } 00608 00609 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00610 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); 00611 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); 00612 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); 00613 #endif 00614 00615 /* Visible for testing purposes only */ 00616 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 00617 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ); 00618 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); 00619 #endif 00620 00621 /* constant-time buffer comparison */ 00622 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) 00623 { 00624 size_t i; 00625 volatile const unsigned char *A = (volatile const unsigned char *) a; 00626 volatile const unsigned char *B = (volatile const unsigned char *) b; 00627 volatile unsigned char diff = 0; 00628 00629 for( i = 0; i < n; i++ ) 00630 diff |= A[i] ^ B[i]; 00631 00632 return( diff ); 00633 } 00634 00635 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 00636 defined(MBEDTLS_SSL_PROTO_TLS1_1) 00637 int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, 00638 unsigned char *output, 00639 unsigned char *data, size_t data_len ); 00640 #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ 00641 MBEDTLS_SSL_PROTO_TLS1_1 */ 00642 00643 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ 00644 defined(MBEDTLS_SSL_PROTO_TLS1_2) 00645 int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, 00646 unsigned char *output, 00647 unsigned char *data, size_t data_len, 00648 mbedtls_md_type_t md_alg ); 00649 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ 00650 MBEDTLS_SSL_PROTO_TLS1_2 */ 00651 00652 #ifdef __cplusplus 00653 } 00654 #endif 00655 00656 #endif /* ssl_internal.h */
Generated on Tue Jul 12 2022 18:18:50 by
