mbedtls - Modified mbed TLS headers for AES functionality o…

Users » electronichamsters » Code » mbedtls

Modified mbed TLS headers for AES functionality only to reduce build size

Dependents: BLE_Gateway_Linker_fix BLE_Gateway

mbedtls/ssl_internal.h@5:f09f5ed830ca, 2017-07-10 (annotated)

Committer:: electronichamsters
Date:: Mon Jul 10 04:00:25 2017 +0000
Revision:: 5:f09f5ed830ca
Parent:: 1:24750b9ad5ef

working gateway

Who changed what in which revision?

User	Revision	Line number	New contents of line
Christopher Haster	1:24750b9ad5ef	1	/**
Christopher Haster	1:24750b9ad5ef	2	* \file ssl_ticket.h
Christopher Haster	1:24750b9ad5ef	3	*
Christopher Haster	1:24750b9ad5ef	4	* \brief Internal functions shared by the SSL modules
Christopher Haster	1:24750b9ad5ef	5	*
Christopher Haster	1:24750b9ad5ef	6	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Christopher Haster	1:24750b9ad5ef	7	* SPDX-License-Identifier: Apache-2.0
Christopher Haster	1:24750b9ad5ef	8	*
Christopher Haster	1:24750b9ad5ef	9	* Licensed under the Apache License, Version 2.0 (the "License"); you may
Christopher Haster	1:24750b9ad5ef	10	* not use this file except in compliance with the License.
Christopher Haster	1:24750b9ad5ef	11	* You may obtain a copy of the License at
Christopher Haster	1:24750b9ad5ef	12	*
Christopher Haster	1:24750b9ad5ef	13	* http://www.apache.org/licenses/LICENSE-2.0
Christopher Haster	1:24750b9ad5ef	14	*
Christopher Haster	1:24750b9ad5ef	15	* Unless required by applicable law or agreed to in writing, software
Christopher Haster	1:24750b9ad5ef	16	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
Christopher Haster	1:24750b9ad5ef	17	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Christopher Haster	1:24750b9ad5ef	18	* See the License for the specific language governing permissions and
Christopher Haster	1:24750b9ad5ef	19	* limitations under the License.
Christopher Haster	1:24750b9ad5ef	20	*
Christopher Haster	1:24750b9ad5ef	21	* This file is part of mbed TLS (https://tls.mbed.org)
Christopher Haster	1:24750b9ad5ef	22	*/
Christopher Haster	1:24750b9ad5ef	23	#ifndef MBEDTLS_SSL_INTERNAL_H
Christopher Haster	1:24750b9ad5ef	24	#define MBEDTLS_SSL_INTERNAL_H
Christopher Haster	1:24750b9ad5ef	25
Christopher Haster	1:24750b9ad5ef	26	#include "ssl.h"
Christopher Haster	1:24750b9ad5ef	27
Christopher Haster	1:24750b9ad5ef	28	#if defined(MBEDTLS_MD5_C)
Christopher Haster	1:24750b9ad5ef	29	#include "md5.h"
Christopher Haster	1:24750b9ad5ef	30	#endif
Christopher Haster	1:24750b9ad5ef	31
Christopher Haster	1:24750b9ad5ef	32	#if defined(MBEDTLS_SHA1_C)
Christopher Haster	1:24750b9ad5ef	33	#include "sha1.h"
Christopher Haster	1:24750b9ad5ef	34	#endif
Christopher Haster	1:24750b9ad5ef	35
Christopher Haster	1:24750b9ad5ef	36	#if defined(MBEDTLS_SHA256_C)
Christopher Haster	1:24750b9ad5ef	37	#include "sha256.h"
Christopher Haster	1:24750b9ad5ef	38	#endif
Christopher Haster	1:24750b9ad5ef	39
Christopher Haster	1:24750b9ad5ef	40	#if defined(MBEDTLS_SHA512_C)
Christopher Haster	1:24750b9ad5ef	41	#include "sha512.h"
Christopher Haster	1:24750b9ad5ef	42	#endif
Christopher Haster	1:24750b9ad5ef	43
Christopher Haster	1:24750b9ad5ef	44	#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Christopher Haster	1:24750b9ad5ef	45	#include "ecjpake.h"
Christopher Haster	1:24750b9ad5ef	46	#endif
Christopher Haster	1:24750b9ad5ef	47
Christopher Haster	1:24750b9ad5ef	48	#if ( defined(__ARMCC_VERSION) \|\| defined(_MSC_VER) ) && \
Christopher Haster	1:24750b9ad5ef	49	!defined(inline) && !defined(__cplusplus)
Christopher Haster	1:24750b9ad5ef	50	#define inline __inline
Christopher Haster	1:24750b9ad5ef	51	#endif
Christopher Haster	1:24750b9ad5ef	52
Christopher Haster	1:24750b9ad5ef	53	/* Determine minimum supported version */
Christopher Haster	1:24750b9ad5ef	54	#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
Christopher Haster	1:24750b9ad5ef	55
Christopher Haster	1:24750b9ad5ef	56	#if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster	1:24750b9ad5ef	57	#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
Christopher Haster	1:24750b9ad5ef	58	#else
Christopher Haster	1:24750b9ad5ef	59	#if defined(MBEDTLS_SSL_PROTO_TLS1)
Christopher Haster	1:24750b9ad5ef	60	#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
Christopher Haster	1:24750b9ad5ef	61	#else
Christopher Haster	1:24750b9ad5ef	62	#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster	1:24750b9ad5ef	63	#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
Christopher Haster	1:24750b9ad5ef	64	#else
Christopher Haster	1:24750b9ad5ef	65	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster	1:24750b9ad5ef	66	#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
Christopher Haster	1:24750b9ad5ef	67	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster	1:24750b9ad5ef	68	#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
Christopher Haster	1:24750b9ad5ef	69	#endif /* MBEDTLS_SSL_PROTO_TLS1 */
Christopher Haster	1:24750b9ad5ef	70	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster	1:24750b9ad5ef	71
Christopher Haster	1:24750b9ad5ef	72	/* Determine maximum supported version */
Christopher Haster	1:24750b9ad5ef	73	#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
Christopher Haster	1:24750b9ad5ef	74
Christopher Haster	1:24750b9ad5ef	75	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster	1:24750b9ad5ef	76	#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
Christopher Haster	1:24750b9ad5ef	77	#else
Christopher Haster	1:24750b9ad5ef	78	#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster	1:24750b9ad5ef	79	#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
Christopher Haster	1:24750b9ad5ef	80	#else
Christopher Haster	1:24750b9ad5ef	81	#if defined(MBEDTLS_SSL_PROTO_TLS1)
Christopher Haster	1:24750b9ad5ef	82	#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
Christopher Haster	1:24750b9ad5ef	83	#else
Christopher Haster	1:24750b9ad5ef	84	#if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster	1:24750b9ad5ef	85	#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
Christopher Haster	1:24750b9ad5ef	86	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster	1:24750b9ad5ef	87	#endif /* MBEDTLS_SSL_PROTO_TLS1 */
Christopher Haster	1:24750b9ad5ef	88	#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
Christopher Haster	1:24750b9ad5ef	89	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster	1:24750b9ad5ef	90
Christopher Haster	1:24750b9ad5ef	91	#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
Christopher Haster	1:24750b9ad5ef	92	#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
Christopher Haster	1:24750b9ad5ef	93	#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
Christopher Haster	1:24750b9ad5ef	94	#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
Christopher Haster	1:24750b9ad5ef	95
Christopher Haster	1:24750b9ad5ef	96	/*
Christopher Haster	1:24750b9ad5ef	97	* DTLS retransmission states, see RFC 6347 4.2.4
Christopher Haster	1:24750b9ad5ef	98	*
Christopher Haster	1:24750b9ad5ef	99	* The SENDING state is merged in PREPARING for initial sends,
Christopher Haster	1:24750b9ad5ef	100	* but is distinct for resends.
Christopher Haster	1:24750b9ad5ef	101	*
Christopher Haster	1:24750b9ad5ef	102	* Note: initial state is wrong for server, but is not used anyway.
Christopher Haster	1:24750b9ad5ef	103	*/
Christopher Haster	1:24750b9ad5ef	104	#define MBEDTLS_SSL_RETRANS_PREPARING 0
Christopher Haster	1:24750b9ad5ef	105	#define MBEDTLS_SSL_RETRANS_SENDING 1
Christopher Haster	1:24750b9ad5ef	106	#define MBEDTLS_SSL_RETRANS_WAITING 2
Christopher Haster	1:24750b9ad5ef	107	#define MBEDTLS_SSL_RETRANS_FINISHED 3
Christopher Haster	1:24750b9ad5ef	108
Christopher Haster	1:24750b9ad5ef	109	/*
Christopher Haster	1:24750b9ad5ef	110	* Allow extra bytes for record, authentication and encryption overhead:
Christopher Haster	1:24750b9ad5ef	111	* counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
Christopher Haster	1:24750b9ad5ef	112	* and allow for a maximum of 1024 of compression expansion if
Christopher Haster	1:24750b9ad5ef	113	* enabled.
Christopher Haster	1:24750b9ad5ef	114	*/
Christopher Haster	1:24750b9ad5ef	115	#if defined(MBEDTLS_ZLIB_SUPPORT)
Christopher Haster	1:24750b9ad5ef	116	#define MBEDTLS_SSL_COMPRESSION_ADD 1024
Christopher Haster	1:24750b9ad5ef	117	#else
Christopher Haster	1:24750b9ad5ef	118	#define MBEDTLS_SSL_COMPRESSION_ADD 0
Christopher Haster	1:24750b9ad5ef	119	#endif
Christopher Haster	1:24750b9ad5ef	120
Christopher Haster	1:24750b9ad5ef	121	#if defined(MBEDTLS_ARC4_C) \|\| defined(MBEDTLS_CIPHER_MODE_CBC)
Christopher Haster	1:24750b9ad5ef	122	/* Ciphersuites using HMAC */
Christopher Haster	1:24750b9ad5ef	123	#if defined(MBEDTLS_SHA512_C)
Christopher Haster	1:24750b9ad5ef	124	#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
Christopher Haster	1:24750b9ad5ef	125	#elif defined(MBEDTLS_SHA256_C)
Christopher Haster	1:24750b9ad5ef	126	#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
Christopher Haster	1:24750b9ad5ef	127	#else
Christopher Haster	1:24750b9ad5ef	128	#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
Christopher Haster	1:24750b9ad5ef	129	#endif
Christopher Haster	1:24750b9ad5ef	130	#else
Christopher Haster	1:24750b9ad5ef	131	/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
Christopher Haster	1:24750b9ad5ef	132	#define MBEDTLS_SSL_MAC_ADD 16
Christopher Haster	1:24750b9ad5ef	133	#endif
Christopher Haster	1:24750b9ad5ef	134
Christopher Haster	1:24750b9ad5ef	135	#if defined(MBEDTLS_CIPHER_MODE_CBC)
Christopher Haster	1:24750b9ad5ef	136	#define MBEDTLS_SSL_PADDING_ADD 256
Christopher Haster	1:24750b9ad5ef	137	#else
Christopher Haster	1:24750b9ad5ef	138	#define MBEDTLS_SSL_PADDING_ADD 0
Christopher Haster	1:24750b9ad5ef	139	#endif
Christopher Haster	1:24750b9ad5ef	140
Christopher Haster	1:24750b9ad5ef	141	#define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
Christopher Haster	1:24750b9ad5ef	142	+ MBEDTLS_SSL_COMPRESSION_ADD \
Christopher Haster	1:24750b9ad5ef	143	+ 29 /* counter + header + IV */ \
Christopher Haster	1:24750b9ad5ef	144	+ MBEDTLS_SSL_MAC_ADD \
Christopher Haster	1:24750b9ad5ef	145	+ MBEDTLS_SSL_PADDING_ADD \
Christopher Haster	1:24750b9ad5ef	146	)
Christopher Haster	1:24750b9ad5ef	147
Christopher Haster	1:24750b9ad5ef	148	/*
Christopher Haster	1:24750b9ad5ef	149	* TLS extension flags (for extensions with outgoing ServerHello content
Christopher Haster	1:24750b9ad5ef	150	* that need it (e.g. for RENEGOTIATION_INFO the server already knows because
Christopher Haster	1:24750b9ad5ef	151	* of state of the renegotiation flag, so no indicator is required)
Christopher Haster	1:24750b9ad5ef	152	*/
Christopher Haster	1:24750b9ad5ef	153	#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
Christopher Haster	1:24750b9ad5ef	154	#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
Christopher Haster	1:24750b9ad5ef	155
Christopher Haster	1:24750b9ad5ef	156	#ifdef __cplusplus
Christopher Haster	1:24750b9ad5ef	157	extern "C" {
Christopher Haster	1:24750b9ad5ef	158	#endif
Christopher Haster	1:24750b9ad5ef	159
Christopher Haster	1:24750b9ad5ef	160	/*
Christopher Haster	1:24750b9ad5ef	161	* This structure contains the parameters only needed during handshake.
Christopher Haster	1:24750b9ad5ef	162	*/
Christopher Haster	1:24750b9ad5ef	163	struct mbedtls_ssl_handshake_params
Christopher Haster	1:24750b9ad5ef	164	{
Christopher Haster	1:24750b9ad5ef	165	/*
Christopher Haster	1:24750b9ad5ef	166	* Handshake specific crypto variables
Christopher Haster	1:24750b9ad5ef	167	*/
Christopher Haster	1:24750b9ad5ef	168	int sig_alg; /!< Hash algorithm for signature /
Christopher Haster	1:24750b9ad5ef	169	int cert_type; /!< Requested cert type /
Christopher Haster	1:24750b9ad5ef	170	int verify_sig_alg; /!< Signature algorithm for verify /
Christopher Haster	1:24750b9ad5ef	171	#if defined(MBEDTLS_DHM_C)
Christopher Haster	1:24750b9ad5ef	172	mbedtls_dhm_context dhm_ctx; /!< DHM key exchange /
Christopher Haster	1:24750b9ad5ef	173	#endif
Christopher Haster	1:24750b9ad5ef	174	#if defined(MBEDTLS_ECDH_C)
Christopher Haster	1:24750b9ad5ef	175	mbedtls_ecdh_context ecdh_ctx; /!< ECDH key exchange /
Christopher Haster	1:24750b9ad5ef	176	#endif
Christopher Haster	1:24750b9ad5ef	177	#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Christopher Haster	1:24750b9ad5ef	178	mbedtls_ecjpake_context ecjpake_ctx; /!< EC J-PAKE key exchange /
Christopher Haster	1:24750b9ad5ef	179	#if defined(MBEDTLS_SSL_CLI_C)
Christopher Haster	1:24750b9ad5ef	180	unsigned char ecjpake_cache; /!< Cache for ClientHello ext */
Christopher Haster	1:24750b9ad5ef	181	size_t ecjpake_cache_len; /!< Length of cached data /
Christopher Haster	1:24750b9ad5ef	182	#endif
Christopher Haster	1:24750b9ad5ef	183	#endif
Christopher Haster	1:24750b9ad5ef	184	#if defined(MBEDTLS_ECDH_C) \|\| defined(MBEDTLS_ECDSA_C) \|\| \
Christopher Haster	1:24750b9ad5ef	185	defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Christopher Haster	1:24750b9ad5ef	186	const mbedtls_ecp_curve_info *curves; /!< Supported elliptic curves */
Christopher Haster	1:24750b9ad5ef	187	#endif
Christopher Haster	1:24750b9ad5ef	188	#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
Christopher Haster	1:24750b9ad5ef	189	unsigned char psk; /!< PSK from the callback */
Christopher Haster	1:24750b9ad5ef	190	size_t psk_len; /!< Length of PSK from callback /
Christopher Haster	1:24750b9ad5ef	191	#endif
Christopher Haster	1:24750b9ad5ef	192	#if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster	1:24750b9ad5ef	193	mbedtls_ssl_key_cert key_cert; /!< chosen key/cert pair (server) */
Christopher Haster	1:24750b9ad5ef	194	#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
Christopher Haster	1:24750b9ad5ef	195	int sni_authmode; /!< authmode from SNI callback /
Christopher Haster	1:24750b9ad5ef	196	mbedtls_ssl_key_cert sni_key_cert; /!< key/cert list from SNI */
Christopher Haster	1:24750b9ad5ef	197	mbedtls_x509_crt sni_ca_chain; /!< trusted CAs from SNI callback */
Christopher Haster	1:24750b9ad5ef	198	mbedtls_x509_crl sni_ca_crl; /!< trusted CAs CRLs from SNI */
Christopher Haster	1:24750b9ad5ef	199	#endif
Christopher Haster	1:24750b9ad5ef	200	#endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster	1:24750b9ad5ef	201	#if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster	1:24750b9ad5ef	202	unsigned int out_msg_seq; /!< Outgoing handshake sequence number /
Christopher Haster	1:24750b9ad5ef	203	unsigned int in_msg_seq; /!< Incoming handshake sequence number /
Christopher Haster	1:24750b9ad5ef	204
Christopher Haster	1:24750b9ad5ef	205	unsigned char verify_cookie; /!< Cli: HelloVerifyRequest cookie
Christopher Haster	1:24750b9ad5ef	206	Srv: unused */
Christopher Haster	1:24750b9ad5ef	207	unsigned char verify_cookie_len; /*!< Cli: cookie length
Christopher Haster	1:24750b9ad5ef	208	Srv: flag for sending a cookie */
Christopher Haster	1:24750b9ad5ef	209
Christopher Haster	1:24750b9ad5ef	210	unsigned char hs_msg; /!< Reassembled handshake message */
Christopher Haster	1:24750b9ad5ef	211
Christopher Haster	1:24750b9ad5ef	212	uint32_t retransmit_timeout; /!< Current value of timeout /
Christopher Haster	1:24750b9ad5ef	213	unsigned char retransmit_state; /!< Retransmission state /
Christopher Haster	1:24750b9ad5ef	214	mbedtls_ssl_flight_item flight; /!< Current outgoing flight */
Christopher Haster	1:24750b9ad5ef	215	mbedtls_ssl_flight_item cur_msg; /!< Current message in flight */
Christopher Haster	1:24750b9ad5ef	216	unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
Christopher Haster	1:24750b9ad5ef	217	flight being received */
Christopher Haster	1:24750b9ad5ef	218	mbedtls_ssl_transform alt_transform_out; /!< Alternative transform for
Christopher Haster	1:24750b9ad5ef	219	resending messages */
Christopher Haster	1:24750b9ad5ef	220	unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
Christopher Haster	1:24750b9ad5ef	221	for resending messages */
Christopher Haster	1:24750b9ad5ef	222	#endif
Christopher Haster	1:24750b9ad5ef	223
Christopher Haster	1:24750b9ad5ef	224	/*
Christopher Haster	1:24750b9ad5ef	225	* Checksum contexts
Christopher Haster	1:24750b9ad5ef	226	*/
Christopher Haster	1:24750b9ad5ef	227	#if defined(MBEDTLS_SSL_PROTO_SSL3) \|\| defined(MBEDTLS_SSL_PROTO_TLS1) \|\| \
Christopher Haster	1:24750b9ad5ef	228	defined(MBEDTLS_SSL_PROTO_TLS1_1)
Christopher Haster	1:24750b9ad5ef	229	mbedtls_md5_context fin_md5;
Christopher Haster	1:24750b9ad5ef	230	mbedtls_sha1_context fin_sha1;
Christopher Haster	1:24750b9ad5ef	231	#endif
Christopher Haster	1:24750b9ad5ef	232	#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
Christopher Haster	1:24750b9ad5ef	233	#if defined(MBEDTLS_SHA256_C)
Christopher Haster	1:24750b9ad5ef	234	mbedtls_sha256_context fin_sha256;
Christopher Haster	1:24750b9ad5ef	235	#endif
Christopher Haster	1:24750b9ad5ef	236	#if defined(MBEDTLS_SHA512_C)
Christopher Haster	1:24750b9ad5ef	237	mbedtls_sha512_context fin_sha512;
Christopher Haster	1:24750b9ad5ef	238	#endif
Christopher Haster	1:24750b9ad5ef	239	#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
Christopher Haster	1:24750b9ad5ef	240
Christopher Haster	1:24750b9ad5ef	241	void (update_checksum)(mbedtls_ssl_context , const unsigned char *, size_t);
Christopher Haster	1:24750b9ad5ef	242	void (calc_verify)(mbedtls_ssl_context , unsigned char *);
Christopher Haster	1:24750b9ad5ef	243	void (calc_finished)(mbedtls_ssl_context , unsigned char *, int);
Christopher Haster	1:24750b9ad5ef	244	int (tls_prf)(const unsigned char , size_t, const char *,
Christopher Haster	1:24750b9ad5ef	245	const unsigned char *, size_t,
Christopher Haster	1:24750b9ad5ef	246	unsigned char *, size_t);
Christopher Haster	1:24750b9ad5ef	247
Christopher Haster	1:24750b9ad5ef	248	size_t pmslen; /!< premaster length /
Christopher Haster	1:24750b9ad5ef	249
Christopher Haster	1:24750b9ad5ef	250	unsigned char randbytes[64]; /!< random bytes /
Christopher Haster	1:24750b9ad5ef	251	unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
Christopher Haster	1:24750b9ad5ef	252	/!< premaster secret /
Christopher Haster	1:24750b9ad5ef	253
Christopher Haster	1:24750b9ad5ef	254	int resume; /!< session resume indicator/
Christopher Haster	1:24750b9ad5ef	255	int max_major_ver; /!< max. major version client/
Christopher Haster	1:24750b9ad5ef	256	int max_minor_ver; /!< max. minor version client/
Christopher Haster	1:24750b9ad5ef	257	int cli_exts; /!< client extension presence/
Christopher Haster	1:24750b9ad5ef	258
Christopher Haster	1:24750b9ad5ef	259	#if defined(MBEDTLS_SSL_SESSION_TICKETS)
Christopher Haster	1:24750b9ad5ef	260	int new_session_ticket; /!< use NewSessionTicket? /
Christopher Haster	1:24750b9ad5ef	261	#endif /* MBEDTLS_SSL_SESSION_TICKETS */
Christopher Haster	1:24750b9ad5ef	262	#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
Christopher Haster	1:24750b9ad5ef	263	int extended_ms; /!< use Extended Master Secret? /
Christopher Haster	1:24750b9ad5ef	264	#endif
Christopher Haster	1:24750b9ad5ef	265	};
Christopher Haster	1:24750b9ad5ef	266
Christopher Haster	1:24750b9ad5ef	267	/*
Christopher Haster	1:24750b9ad5ef	268	* This structure contains a full set of runtime transform parameters
Christopher Haster	1:24750b9ad5ef	269	* either in negotiation or active.
Christopher Haster	1:24750b9ad5ef	270	*/
Christopher Haster	1:24750b9ad5ef	271	struct mbedtls_ssl_transform
Christopher Haster	1:24750b9ad5ef	272	{
Christopher Haster	1:24750b9ad5ef	273	/*
Christopher Haster	1:24750b9ad5ef	274	* Session specific crypto layer
Christopher Haster	1:24750b9ad5ef	275	*/
Christopher Haster	1:24750b9ad5ef	276	const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
Christopher Haster	1:24750b9ad5ef	277	/!< Chosen cipersuite_info /
Christopher Haster	1:24750b9ad5ef	278	unsigned int keylen; /!< symmetric key length (bytes) /
Christopher Haster	1:24750b9ad5ef	279	size_t minlen; /!< min. ciphertext length /
Christopher Haster	1:24750b9ad5ef	280	size_t ivlen; /!< IV length /
Christopher Haster	1:24750b9ad5ef	281	size_t fixed_ivlen; /!< Fixed part of IV (AEAD) /
Christopher Haster	1:24750b9ad5ef	282	size_t maclen; /!< MAC length /
Christopher Haster	1:24750b9ad5ef	283
Christopher Haster	1:24750b9ad5ef	284	unsigned char iv_enc[16]; /!< IV (encryption) /
Christopher Haster	1:24750b9ad5ef	285	unsigned char iv_dec[16]; /!< IV (decryption) /
Christopher Haster	1:24750b9ad5ef	286
Christopher Haster	1:24750b9ad5ef	287	#if defined(MBEDTLS_SSL_PROTO_SSL3)
Christopher Haster	1:24750b9ad5ef	288	/* Needed only for SSL v3.0 secret */
Christopher Haster	1:24750b9ad5ef	289	unsigned char mac_enc[20]; /!< SSL v3.0 secret (enc) /
Christopher Haster	1:24750b9ad5ef	290	unsigned char mac_dec[20]; /!< SSL v3.0 secret (dec) /
Christopher Haster	1:24750b9ad5ef	291	#endif /* MBEDTLS_SSL_PROTO_SSL3 */
Christopher Haster	1:24750b9ad5ef	292
Christopher Haster	1:24750b9ad5ef	293	mbedtls_md_context_t md_ctx_enc; /!< MAC (encryption) /
Christopher Haster	1:24750b9ad5ef	294	mbedtls_md_context_t md_ctx_dec; /!< MAC (decryption) /
Christopher Haster	1:24750b9ad5ef	295
Christopher Haster	1:24750b9ad5ef	296	mbedtls_cipher_context_t cipher_ctx_enc; /!< encryption context /
Christopher Haster	1:24750b9ad5ef	297	mbedtls_cipher_context_t cipher_ctx_dec; /!< decryption context /
Christopher Haster	1:24750b9ad5ef	298
Christopher Haster	1:24750b9ad5ef	299	/*
Christopher Haster	1:24750b9ad5ef	300	* Session specific compression layer
Christopher Haster	1:24750b9ad5ef	301	*/
Christopher Haster	1:24750b9ad5ef	302	#if defined(MBEDTLS_ZLIB_SUPPORT)
Christopher Haster	1:24750b9ad5ef	303	z_stream ctx_deflate; /!< compression context /
Christopher Haster	1:24750b9ad5ef	304	z_stream ctx_inflate; /!< decompression context /
Christopher Haster	1:24750b9ad5ef	305	#endif
Christopher Haster	1:24750b9ad5ef	306	};
Christopher Haster	1:24750b9ad5ef	307
Christopher Haster	1:24750b9ad5ef	308	#if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster	1:24750b9ad5ef	309	/*
Christopher Haster	1:24750b9ad5ef	310	* List of certificate + private key pairs
Christopher Haster	1:24750b9ad5ef	311	*/
Christopher Haster	1:24750b9ad5ef	312	struct mbedtls_ssl_key_cert
Christopher Haster	1:24750b9ad5ef	313	{
Christopher Haster	1:24750b9ad5ef	314	mbedtls_x509_crt cert; /!< cert */
Christopher Haster	1:24750b9ad5ef	315	mbedtls_pk_context key; /!< private key */
Christopher Haster	1:24750b9ad5ef	316	mbedtls_ssl_key_cert next; /!< next key/cert pair */
Christopher Haster	1:24750b9ad5ef	317	};
Christopher Haster	1:24750b9ad5ef	318	#endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster	1:24750b9ad5ef	319
Christopher Haster	1:24750b9ad5ef	320	#if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster	1:24750b9ad5ef	321	/*
Christopher Haster	1:24750b9ad5ef	322	* List of handshake messages kept around for resending
Christopher Haster	1:24750b9ad5ef	323	*/
Christopher Haster	1:24750b9ad5ef	324	struct mbedtls_ssl_flight_item
Christopher Haster	1:24750b9ad5ef	325	{
Christopher Haster	1:24750b9ad5ef	326	unsigned char p; /!< message, including handshake headers */
Christopher Haster	1:24750b9ad5ef	327	size_t len; /!< length of p /
Christopher Haster	1:24750b9ad5ef	328	unsigned char type; /!< type of the message: handshake or CCS /
Christopher Haster	1:24750b9ad5ef	329	mbedtls_ssl_flight_item next; /!< next handshake message(s) */
Christopher Haster	1:24750b9ad5ef	330	};
Christopher Haster	1:24750b9ad5ef	331	#endif /* MBEDTLS_SSL_PROTO_DTLS */
Christopher Haster	1:24750b9ad5ef	332
Christopher Haster	1:24750b9ad5ef	333
Christopher Haster	1:24750b9ad5ef	334	/**
Christopher Haster	1:24750b9ad5ef	335	* \brief Free referenced items in an SSL transform context and clear
Christopher Haster	1:24750b9ad5ef	336	* memory
Christopher Haster	1:24750b9ad5ef	337	*
Christopher Haster	1:24750b9ad5ef	338	* \param transform SSL transform context
Christopher Haster	1:24750b9ad5ef	339	*/
Christopher Haster	1:24750b9ad5ef	340	void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
Christopher Haster	1:24750b9ad5ef	341
Christopher Haster	1:24750b9ad5ef	342	/**
Christopher Haster	1:24750b9ad5ef	343	* \brief Free referenced items in an SSL handshake context and clear
Christopher Haster	1:24750b9ad5ef	344	* memory
Christopher Haster	1:24750b9ad5ef	345	*
Christopher Haster	1:24750b9ad5ef	346	* \param handshake SSL handshake context
Christopher Haster	1:24750b9ad5ef	347	*/
Christopher Haster	1:24750b9ad5ef	348	void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
Christopher Haster	1:24750b9ad5ef	349
Christopher Haster	1:24750b9ad5ef	350	int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	351	int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	352	void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	353
Christopher Haster	1:24750b9ad5ef	354	int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	355
Christopher Haster	1:24750b9ad5ef	356	void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	357	int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	358
Christopher Haster	1:24750b9ad5ef	359	int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	360	int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
Christopher Haster	1:24750b9ad5ef	361
Christopher Haster	1:24750b9ad5ef	362	int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	363	int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	364
Christopher Haster	1:24750b9ad5ef	365	int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	366	int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	367
Christopher Haster	1:24750b9ad5ef	368	int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	369	int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	370
Christopher Haster	1:24750b9ad5ef	371	int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	372	int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	373
Christopher Haster	1:24750b9ad5ef	374	void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
Christopher Haster	1:24750b9ad5ef	375	const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
Christopher Haster	1:24750b9ad5ef	376
Christopher Haster	1:24750b9ad5ef	377	#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
Christopher Haster	1:24750b9ad5ef	378	int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
Christopher Haster	1:24750b9ad5ef	379	#endif
Christopher Haster	1:24750b9ad5ef	380
Christopher Haster	1:24750b9ad5ef	381	#if defined(MBEDTLS_PK_C)
Christopher Haster	1:24750b9ad5ef	382	unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
Christopher Haster	1:24750b9ad5ef	383	mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
Christopher Haster	1:24750b9ad5ef	384	#endif
Christopher Haster	1:24750b9ad5ef	385
Christopher Haster	1:24750b9ad5ef	386	mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
Christopher Haster	1:24750b9ad5ef	387	unsigned char mbedtls_ssl_hash_from_md_alg( int md );
Christopher Haster	1:24750b9ad5ef	388
Christopher Haster	1:24750b9ad5ef	389	#if defined(MBEDTLS_ECP_C)
Christopher Haster	1:24750b9ad5ef	390	int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
Christopher Haster	1:24750b9ad5ef	391	#endif
Christopher Haster	1:24750b9ad5ef	392
Christopher Haster	1:24750b9ad5ef	393	#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
Christopher Haster	1:24750b9ad5ef	394	int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
Christopher Haster	1:24750b9ad5ef	395	mbedtls_md_type_t md );
Christopher Haster	1:24750b9ad5ef	396	#endif
Christopher Haster	1:24750b9ad5ef	397
Christopher Haster	1:24750b9ad5ef	398	#if defined(MBEDTLS_X509_CRT_PARSE_C)
Christopher Haster	1:24750b9ad5ef	399	static inline mbedtls_pk_context mbedtls_ssl_own_key( mbedtls_ssl_context ssl )
Christopher Haster	1:24750b9ad5ef	400	{
Christopher Haster	1:24750b9ad5ef	401	mbedtls_ssl_key_cert *key_cert;
Christopher Haster	1:24750b9ad5ef	402
Christopher Haster	1:24750b9ad5ef	403	if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
Christopher Haster	1:24750b9ad5ef	404	key_cert = ssl->handshake->key_cert;
Christopher Haster	1:24750b9ad5ef	405	else
Christopher Haster	1:24750b9ad5ef	406	key_cert = ssl->conf->key_cert;
Christopher Haster	1:24750b9ad5ef	407
Christopher Haster	1:24750b9ad5ef	408	return( key_cert == NULL ? NULL : key_cert->key );
Christopher Haster	1:24750b9ad5ef	409	}
Christopher Haster	1:24750b9ad5ef	410
Christopher Haster	1:24750b9ad5ef	411	static inline mbedtls_x509_crt mbedtls_ssl_own_cert( mbedtls_ssl_context ssl )
Christopher Haster	1:24750b9ad5ef	412	{
Christopher Haster	1:24750b9ad5ef	413	mbedtls_ssl_key_cert *key_cert;
Christopher Haster	1:24750b9ad5ef	414
Christopher Haster	1:24750b9ad5ef	415	if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
Christopher Haster	1:24750b9ad5ef	416	key_cert = ssl->handshake->key_cert;
Christopher Haster	1:24750b9ad5ef	417	else
Christopher Haster	1:24750b9ad5ef	418	key_cert = ssl->conf->key_cert;
Christopher Haster	1:24750b9ad5ef	419
Christopher Haster	1:24750b9ad5ef	420	return( key_cert == NULL ? NULL : key_cert->cert );
Christopher Haster	1:24750b9ad5ef	421	}
Christopher Haster	1:24750b9ad5ef	422
Christopher Haster	1:24750b9ad5ef	423	/*
Christopher Haster	1:24750b9ad5ef	424	* Check usage of a certificate wrt extensions:
Christopher Haster	1:24750b9ad5ef	425	* keyUsage, extendedKeyUsage (later), and nSCertType (later).
Christopher Haster	1:24750b9ad5ef	426	*
Christopher Haster	1:24750b9ad5ef	427	* Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
Christopher Haster	1:24750b9ad5ef	428	* check a cert we received from them)!
Christopher Haster	1:24750b9ad5ef	429	*
Christopher Haster	1:24750b9ad5ef	430	* Return 0 if everything is OK, -1 if not.
Christopher Haster	1:24750b9ad5ef	431	*/
Christopher Haster	1:24750b9ad5ef	432	int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
Christopher Haster	1:24750b9ad5ef	433	const mbedtls_ssl_ciphersuite_t *ciphersuite,
Christopher Haster	1:24750b9ad5ef	434	int cert_endpoint,
Christopher Haster	1:24750b9ad5ef	435	uint32_t *flags );
Christopher Haster	1:24750b9ad5ef	436	#endif /* MBEDTLS_X509_CRT_PARSE_C */
Christopher Haster	1:24750b9ad5ef	437
Christopher Haster	1:24750b9ad5ef	438	void mbedtls_ssl_write_version( int major, int minor, int transport,
Christopher Haster	1:24750b9ad5ef	439	unsigned char ver[2] );
Christopher Haster	1:24750b9ad5ef	440	void mbedtls_ssl_read_version( int major, int minor, int transport,
Christopher Haster	1:24750b9ad5ef	441	const unsigned char ver[2] );
Christopher Haster	1:24750b9ad5ef	442
Christopher Haster	1:24750b9ad5ef	443	static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
Christopher Haster	1:24750b9ad5ef	444	{
Christopher Haster	1:24750b9ad5ef	445	#if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster	1:24750b9ad5ef	446	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster	1:24750b9ad5ef	447	return( 13 );
Christopher Haster	1:24750b9ad5ef	448	#else
Christopher Haster	1:24750b9ad5ef	449	((void) ssl);
Christopher Haster	1:24750b9ad5ef	450	#endif
Christopher Haster	1:24750b9ad5ef	451	return( 5 );
Christopher Haster	1:24750b9ad5ef	452	}
Christopher Haster	1:24750b9ad5ef	453
Christopher Haster	1:24750b9ad5ef	454	static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
Christopher Haster	1:24750b9ad5ef	455	{
Christopher Haster	1:24750b9ad5ef	456	#if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster	1:24750b9ad5ef	457	if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
Christopher Haster	1:24750b9ad5ef	458	return( 12 );
Christopher Haster	1:24750b9ad5ef	459	#else
Christopher Haster	1:24750b9ad5ef	460	((void) ssl);
Christopher Haster	1:24750b9ad5ef	461	#endif
Christopher Haster	1:24750b9ad5ef	462	return( 4 );
Christopher Haster	1:24750b9ad5ef	463	}
Christopher Haster	1:24750b9ad5ef	464
Christopher Haster	1:24750b9ad5ef	465	#if defined(MBEDTLS_SSL_PROTO_DTLS)
Christopher Haster	1:24750b9ad5ef	466	void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	467	void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	468	int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	469	#endif
Christopher Haster	1:24750b9ad5ef	470
Christopher Haster	1:24750b9ad5ef	471	/* Visible for testing purposes only */
Christopher Haster	1:24750b9ad5ef	472	#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
Christopher Haster	1:24750b9ad5ef	473	int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	474	void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
Christopher Haster	1:24750b9ad5ef	475	#endif
Christopher Haster	1:24750b9ad5ef	476
Christopher Haster	1:24750b9ad5ef	477	/* constant-time buffer comparison */
Christopher Haster	1:24750b9ad5ef	478	static inline int mbedtls_ssl_safer_memcmp( const void a, const void b, size_t n )
Christopher Haster	1:24750b9ad5ef	479	{
Christopher Haster	1:24750b9ad5ef	480	size_t i;
Christopher Haster	1:24750b9ad5ef	481	const unsigned char A = (const unsigned char ) a;
Christopher Haster	1:24750b9ad5ef	482	const unsigned char B = (const unsigned char ) b;
Christopher Haster	1:24750b9ad5ef	483	unsigned char diff = 0;
Christopher Haster	1:24750b9ad5ef	484
Christopher Haster	1:24750b9ad5ef	485	for( i = 0; i < n; i++ )
Christopher Haster	1:24750b9ad5ef	486	diff \|= A[i] ^ B[i];
Christopher Haster	1:24750b9ad5ef	487
Christopher Haster	1:24750b9ad5ef	488	return( diff );
Christopher Haster	1:24750b9ad5ef	489	}
Christopher Haster	1:24750b9ad5ef	490
Christopher Haster	1:24750b9ad5ef	491	#ifdef __cplusplus
Christopher Haster	1:24750b9ad5ef	492	}
Christopher Haster	1:24750b9ad5ef	493	#endif
Christopher Haster	1:24750b9ad5ef	494
Christopher Haster	1:24750b9ad5ef	495	#endif /* ssl_internal.h */

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	10 Jul 2017
Imports:	1
Forks:	0
Commits:	6
Dependents:	2
Dependencies:	0
Followers:	1

The code in this repository is Apache licensed.

mbedtls/ssl_internal.h@5:f09f5ed830ca, 2017-07-10 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning