takashi kadono
/
Nucleo446_SSD1331
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
ssl_internal.h
Go to the documentation of this file.
00001 /** 00002 * \file ssl_internal.h 00003 * 00004 * \brief Internal functions shared by the SSL modules 00005 */ 00006 /* 00007 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00008 * SPDX-License-Identifier: Apache-2.0 00009 * 00010 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00011 * not use this file except in compliance with the License. 00012 * You may obtain a copy of the License at 00013 * 00014 * http://www.apache.org/licenses/LICENSE-2.0 00015 * 00016 * Unless required by applicable law or agreed to in writing, software 00017 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00018 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00019 * See the License for the specific language governing permissions and 00020 * limitations under the License. 00021 * 00022 * This file is part of mbed TLS (https://tls.mbed.org) 00023 */ 00024 #ifndef MBEDTLS_SSL_INTERNAL_H 00025 #define MBEDTLS_SSL_INTERNAL_H 00026 00027 #include "ssl.h" 00028 #include "cipher.h" 00029 00030 #if defined(MBEDTLS_MD5_C) 00031 #include "md5.h" 00032 #endif 00033 00034 #if defined(MBEDTLS_SHA1_C) 00035 #include "sha1.h" 00036 #endif 00037 00038 #if defined(MBEDTLS_SHA256_C) 00039 #include "sha256.h" 00040 #endif 00041 00042 #if defined(MBEDTLS_SHA512_C) 00043 #include "sha512.h" 00044 #endif 00045 00046 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00047 #include "ecjpake.h" 00048 #endif 00049 00050 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00051 !defined(inline) && !defined(__cplusplus) 00052 #define inline __inline 00053 #endif 00054 00055 /* Determine minimum supported version */ 00056 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00057 00058 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00059 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00060 #else 00061 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00062 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00063 #else 00064 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00065 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00066 #else 00067 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00068 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00069 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00070 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00071 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00072 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00073 00074 #define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00075 #define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00076 00077 /* Determine maximum supported version */ 00078 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00079 00080 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00081 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00082 #else 00083 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00084 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00085 #else 00086 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00087 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00088 #else 00089 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00090 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00091 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00092 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00093 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00094 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00095 00096 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 00097 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ 00098 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ 00099 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ 00100 00101 /* 00102 * DTLS retransmission states, see RFC 6347 4.2.4 00103 * 00104 * The SENDING state is merged in PREPARING for initial sends, 00105 * but is distinct for resends. 00106 * 00107 * Note: initial state is wrong for server, but is not used anyway. 00108 */ 00109 #define MBEDTLS_SSL_RETRANS_PREPARING 0 00110 #define MBEDTLS_SSL_RETRANS_SENDING 1 00111 #define MBEDTLS_SSL_RETRANS_WAITING 2 00112 #define MBEDTLS_SSL_RETRANS_FINISHED 3 00113 00114 /* 00115 * Allow extra bytes for record, authentication and encryption overhead: 00116 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) 00117 * and allow for a maximum of 1024 of compression expansion if 00118 * enabled. 00119 */ 00120 #if defined(MBEDTLS_ZLIB_SUPPORT) 00121 #define MBEDTLS_SSL_COMPRESSION_ADD 1024 00122 #else 00123 #define MBEDTLS_SSL_COMPRESSION_ADD 0 00124 #endif 00125 00126 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) 00127 /* Ciphersuites using HMAC */ 00128 #if defined(MBEDTLS_SHA512_C) 00129 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ 00130 #elif defined(MBEDTLS_SHA256_C) 00131 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ 00132 #else 00133 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ 00134 #endif 00135 #else 00136 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ 00137 #define MBEDTLS_SSL_MAC_ADD 16 00138 #endif 00139 00140 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00141 #define MBEDTLS_SSL_PADDING_ADD 256 00142 #else 00143 #define MBEDTLS_SSL_PADDING_ADD 0 00144 #endif 00145 00146 #define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \ 00147 MBEDTLS_MAX_IV_LENGTH + \ 00148 MBEDTLS_SSL_MAC_ADD + \ 00149 MBEDTLS_SSL_PADDING_ADD \ 00150 ) 00151 00152 #define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ 00153 ( MBEDTLS_SSL_IN_CONTENT_LEN ) ) 00154 00155 #define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ 00156 ( MBEDTLS_SSL_OUT_CONTENT_LEN ) ) 00157 00158 /* The maximum number of buffered handshake messages. */ 00159 #define MBEDTLS_SSL_MAX_BUFFERED_HS 4 00160 00161 /* Maximum length we can advertise as our max content length for 00162 RFC 6066 max_fragment_length extension negotiation purposes 00163 (the lesser of both sizes, if they are unequal.) 00164 */ 00165 #define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \ 00166 (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \ 00167 ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \ 00168 : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \ 00169 ) 00170 00171 /* 00172 * Check that we obey the standard's message size bounds 00173 */ 00174 00175 #if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384 00176 #error "Bad configuration - record content too large." 00177 #endif 00178 00179 #if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN 00180 #error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN." 00181 #endif 00182 00183 #if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN 00184 #error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN." 00185 #endif 00186 00187 #if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048 00188 #error "Bad configuration - incoming protected record payload too large." 00189 #endif 00190 00191 #if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048 00192 #error "Bad configuration - outgoing protected record payload too large." 00193 #endif 00194 00195 /* Calculate buffer sizes */ 00196 00197 /* Note: Even though the TLS record header is only 5 bytes 00198 long, we're internally using 8 bytes to store the 00199 implicit sequence number. */ 00200 #define MBEDTLS_SSL_HEADER_LEN 13 00201 00202 #define MBEDTLS_SSL_IN_BUFFER_LEN \ 00203 ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) ) 00204 00205 #define MBEDTLS_SSL_OUT_BUFFER_LEN \ 00206 ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) ) 00207 00208 #ifdef MBEDTLS_ZLIB_SUPPORT 00209 /* Compression buffer holds both IN and OUT buffers, so should be size of the larger */ 00210 #define MBEDTLS_SSL_COMPRESS_BUFFER_LEN ( \ 00211 ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN ) \ 00212 ? MBEDTLS_SSL_IN_BUFFER_LEN \ 00213 : MBEDTLS_SSL_OUT_BUFFER_LEN \ 00214 ) 00215 #endif 00216 00217 /* 00218 * TLS extension flags (for extensions with outgoing ServerHello content 00219 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because 00220 * of state of the renegotiation flag, so no indicator is required) 00221 */ 00222 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) 00223 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) 00224 00225 #ifdef __cplusplus 00226 extern "C" { 00227 #endif 00228 00229 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00230 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00231 /* 00232 * Abstraction for a grid of allowed signature-hash-algorithm pairs. 00233 */ 00234 struct mbedtls_ssl_sig_hash_set_t 00235 { 00236 /* At the moment, we only need to remember a single suitable 00237 * hash algorithm per signature algorithm. As long as that's 00238 * the case - and we don't need a general lookup function - 00239 * we can implement the sig-hash-set as a map from signatures 00240 * to hash algorithms. */ 00241 mbedtls_md_type_t rsa; 00242 mbedtls_md_type_t ecdsa; 00243 }; 00244 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && 00245 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ 00246 00247 /* 00248 * This structure contains the parameters only needed during handshake. 00249 */ 00250 struct mbedtls_ssl_handshake_params 00251 { 00252 /* 00253 * Handshake specific crypto variables 00254 */ 00255 00256 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00257 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00258 mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */ 00259 #endif 00260 #if defined(MBEDTLS_DHM_C) 00261 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ 00262 #endif 00263 #if defined(MBEDTLS_ECDH_C) 00264 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ 00265 #endif 00266 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00267 mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ 00268 #if defined(MBEDTLS_SSL_CLI_C) 00269 unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ 00270 size_t ecjpake_cache_len; /*!< Length of cached data */ 00271 #endif 00272 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 00273 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 00274 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00275 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ 00276 #endif 00277 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00278 unsigned char *psk; /*!< PSK from the callback */ 00279 size_t psk_len; /*!< Length of PSK from callback */ 00280 #endif 00281 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00282 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ 00283 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 00284 int sni_authmode; /*!< authmode from SNI callback */ 00285 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ 00286 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ 00287 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ 00288 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ 00289 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00290 00291 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00292 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ 00293 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ 00294 00295 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie 00296 Srv: unused */ 00297 unsigned char verify_cookie_len; /*!< Cli: cookie length 00298 Srv: flag for sending a cookie */ 00299 00300 uint32_t retransmit_timeout; /*!< Current value of timeout */ 00301 unsigned char retransmit_state; /*!< Retransmission state */ 00302 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ 00303 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ 00304 unsigned char *cur_msg_p; /*!< Position in current message */ 00305 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the 00306 flight being received */ 00307 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for 00308 resending messages */ 00309 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter 00310 for resending messages */ 00311 00312 struct 00313 { 00314 size_t total_bytes_buffered; /*!< Cumulative size of heap allocated 00315 * buffers used for message buffering. */ 00316 00317 uint8_t seen_ccs; /*!< Indicates if a CCS message has 00318 * been seen in the current flight. */ 00319 00320 struct mbedtls_ssl_hs_buffer 00321 { 00322 unsigned is_valid : 1; 00323 unsigned is_fragmented : 1; 00324 unsigned is_complete : 1; 00325 unsigned char *data; 00326 size_t data_len; 00327 } hs[MBEDTLS_SSL_MAX_BUFFERED_HS]; 00328 00329 struct 00330 { 00331 unsigned char *data; 00332 size_t len; 00333 unsigned epoch; 00334 } future_record; 00335 00336 } buffering; 00337 00338 uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */ 00339 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00340 00341 /* 00342 * Checksum contexts 00343 */ 00344 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 00345 defined(MBEDTLS_SSL_PROTO_TLS1_1) 00346 mbedtls_md5_context fin_md5; 00347 mbedtls_sha1_context fin_sha1; 00348 #endif 00349 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00350 #if defined(MBEDTLS_SHA256_C) 00351 mbedtls_sha256_context fin_sha256; 00352 #endif 00353 #if defined(MBEDTLS_SHA512_C) 00354 mbedtls_sha512_context fin_sha512; 00355 #endif 00356 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00357 00358 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); 00359 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *); 00360 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); 00361 int (*tls_prf)(const unsigned char *, size_t, const char *, 00362 const unsigned char *, size_t, 00363 unsigned char *, size_t); 00364 00365 size_t pmslen; /*!< premaster length */ 00366 00367 unsigned char randbytes[64]; /*!< random bytes */ 00368 unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; 00369 /*!< premaster secret */ 00370 00371 int resume; /*!< session resume indicator*/ 00372 int max_major_ver; /*!< max. major version client*/ 00373 int max_minor_ver; /*!< max. minor version client*/ 00374 int cli_exts; /*!< client extension presence*/ 00375 00376 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 00377 int new_session_ticket; /*!< use NewSessionTicket? */ 00378 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 00379 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 00380 int extended_ms; /*!< use Extended Master Secret? */ 00381 #endif 00382 00383 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) 00384 unsigned int async_in_progress : 1; /*!< an asynchronous operation is in progress */ 00385 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ 00386 00387 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) 00388 /** Asynchronous operation context. This field is meant for use by the 00389 * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start, 00390 * mbedtls_ssl_config::f_async_decrypt_start, 00391 * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel). 00392 * The library does not use it internally. */ 00393 void *user_async_ctx; 00394 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ 00395 }; 00396 00397 typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; 00398 00399 /* 00400 * This structure contains a full set of runtime transform parameters 00401 * either in negotiation or active. 00402 */ 00403 struct mbedtls_ssl_transform 00404 { 00405 /* 00406 * Session specific crypto layer 00407 */ 00408 const mbedtls_ssl_ciphersuite_t *ciphersuite_info; 00409 /*!< Chosen cipersuite_info */ 00410 unsigned int keylen; /*!< symmetric key length (bytes) */ 00411 size_t minlen; /*!< min. ciphertext length */ 00412 size_t ivlen; /*!< IV length */ 00413 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ 00414 size_t maclen; /*!< MAC length */ 00415 00416 unsigned char iv_enc[16]; /*!< IV (encryption) */ 00417 unsigned char iv_dec[16]; /*!< IV (decryption) */ 00418 00419 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00420 /* Needed only for SSL v3.0 secret */ 00421 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ 00422 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */ 00423 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00424 00425 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ 00426 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ 00427 00428 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ 00429 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ 00430 00431 /* 00432 * Session specific compression layer 00433 */ 00434 #if defined(MBEDTLS_ZLIB_SUPPORT) 00435 z_stream ctx_deflate; /*!< compression context */ 00436 z_stream ctx_inflate; /*!< decompression context */ 00437 #endif 00438 }; 00439 00440 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00441 /* 00442 * List of certificate + private key pairs 00443 */ 00444 struct mbedtls_ssl_key_cert 00445 { 00446 mbedtls_x509_crt *cert; /*!< cert */ 00447 mbedtls_pk_context *key; /*!< private key */ 00448 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ 00449 }; 00450 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00451 00452 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00453 /* 00454 * List of handshake messages kept around for resending 00455 */ 00456 struct mbedtls_ssl_flight_item 00457 { 00458 unsigned char *p; /*!< message, including handshake headers */ 00459 size_t len; /*!< length of p */ 00460 unsigned char type; /*!< type of the message: handshake or CCS */ 00461 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ 00462 }; 00463 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00464 00465 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00466 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00467 00468 /* Find an entry in a signature-hash set matching a given hash algorithm. */ 00469 mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, 00470 mbedtls_pk_type_t sig_alg ); 00471 /* Add a signature-hash-pair to a signature-hash set */ 00472 void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, 00473 mbedtls_pk_type_t sig_alg, 00474 mbedtls_md_type_t md_alg ); 00475 /* Allow exactly one hash algorithm for each signature. */ 00476 void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, 00477 mbedtls_md_type_t md_alg ); 00478 00479 /* Setup an empty signature-hash set */ 00480 static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set ) 00481 { 00482 mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE ); 00483 } 00484 00485 #endif /* MBEDTLS_SSL_PROTO_TLS1_2) && 00486 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ 00487 00488 /** 00489 * \brief Free referenced items in an SSL transform context and clear 00490 * memory 00491 * 00492 * \param transform SSL transform context 00493 */ 00494 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); 00495 00496 /** 00497 * \brief Free referenced items in an SSL handshake context and clear 00498 * memory 00499 * 00500 * \param ssl SSL context 00501 */ 00502 void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ); 00503 00504 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); 00505 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); 00506 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); 00507 00508 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); 00509 00510 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); 00511 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); 00512 00513 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); 00514 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); 00515 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); 00516 00517 /** 00518 * \brief Update record layer 00519 * 00520 * This function roughly separates the implementation 00521 * of the logic of (D)TLS from the implementation 00522 * of the secure transport. 00523 * 00524 * \param ssl The SSL context to use. 00525 * \param update_hs_digest This indicates if the handshake digest 00526 * should be automatically updated in case 00527 * a handshake message is found. 00528 * 00529 * \return 0 or non-zero error code. 00530 * 00531 * \note A clarification on what is called 'record layer' here 00532 * is in order, as many sensible definitions are possible: 00533 * 00534 * The record layer takes as input an untrusted underlying 00535 * transport (stream or datagram) and transforms it into 00536 * a serially multiplexed, secure transport, which 00537 * conceptually provides the following: 00538 * 00539 * (1) Three datagram based, content-agnostic transports 00540 * for handshake, alert and CCS messages. 00541 * (2) One stream- or datagram-based transport 00542 * for application data. 00543 * (3) Functionality for changing the underlying transform 00544 * securing the contents. 00545 * 00546 * The interface to this functionality is given as follows: 00547 * 00548 * a Updating 00549 * [Currently implemented by mbedtls_ssl_read_record] 00550 * 00551 * Check if and on which of the four 'ports' data is pending: 00552 * Nothing, a controlling datagram of type (1), or application 00553 * data (2). In any case data is present, internal buffers 00554 * provide access to the data for the user to process it. 00555 * Consumption of type (1) datagrams is done automatically 00556 * on the next update, invalidating that the internal buffers 00557 * for previous datagrams, while consumption of application 00558 * data (2) is user-controlled. 00559 * 00560 * b Reading of application data 00561 * [Currently manual adaption of ssl->in_offt pointer] 00562 * 00563 * As mentioned in the last paragraph, consumption of data 00564 * is different from the automatic consumption of control 00565 * datagrams (1) because application data is treated as a stream. 00566 * 00567 * c Tracking availability of application data 00568 * [Currently manually through decreasing ssl->in_msglen] 00569 * 00570 * For efficiency and to retain datagram semantics for 00571 * application data in case of DTLS, the record layer 00572 * provides functionality for checking how much application 00573 * data is still available in the internal buffer. 00574 * 00575 * d Changing the transformation securing the communication. 00576 * 00577 * Given an opaque implementation of the record layer in the 00578 * above sense, it should be possible to implement the logic 00579 * of (D)TLS on top of it without the need to know anything 00580 * about the record layer's internals. This is done e.g. 00581 * in all the handshake handling functions, and in the 00582 * application data reading function mbedtls_ssl_read. 00583 * 00584 * \note The above tries to give a conceptual picture of the 00585 * record layer, but the current implementation deviates 00586 * from it in some places. For example, our implementation of 00587 * the update functionality through mbedtls_ssl_read_record 00588 * discards datagrams depending on the current state, which 00589 * wouldn't fall under the record layer's responsibility 00590 * following the above definition. 00591 * 00592 */ 00593 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, 00594 unsigned update_hs_digest ); 00595 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); 00596 00597 int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ); 00598 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ); 00599 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); 00600 00601 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); 00602 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); 00603 00604 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); 00605 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); 00606 00607 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); 00608 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); 00609 00610 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, 00611 const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); 00612 00613 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00614 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); 00615 #endif 00616 00617 #if defined(MBEDTLS_PK_C) 00618 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); 00619 unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ); 00620 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); 00621 #endif 00622 00623 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); 00624 unsigned char mbedtls_ssl_hash_from_md_alg( int md ); 00625 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); 00626 00627 #if defined(MBEDTLS_ECP_C) 00628 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); 00629 #endif 00630 00631 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00632 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, 00633 mbedtls_md_type_t md ); 00634 #endif 00635 00636 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00637 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) 00638 { 00639 mbedtls_ssl_key_cert *key_cert; 00640 00641 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00642 key_cert = ssl->handshake->key_cert; 00643 else 00644 key_cert = ssl->conf->key_cert; 00645 00646 return( key_cert == NULL ? NULL : key_cert->key ); 00647 } 00648 00649 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) 00650 { 00651 mbedtls_ssl_key_cert *key_cert; 00652 00653 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00654 key_cert = ssl->handshake->key_cert; 00655 else 00656 key_cert = ssl->conf->key_cert; 00657 00658 return( key_cert == NULL ? NULL : key_cert->cert ); 00659 } 00660 00661 /* 00662 * Check usage of a certificate wrt extensions: 00663 * keyUsage, extendedKeyUsage (later), and nSCertType (later). 00664 * 00665 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we 00666 * check a cert we received from them)! 00667 * 00668 * Return 0 if everything is OK, -1 if not. 00669 */ 00670 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, 00671 const mbedtls_ssl_ciphersuite_t *ciphersuite, 00672 int cert_endpoint, 00673 uint32_t *flags ); 00674 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00675 00676 void mbedtls_ssl_write_version( int major, int minor, int transport, 00677 unsigned char ver[2] ); 00678 void mbedtls_ssl_read_version( int *major, int *minor, int transport, 00679 const unsigned char ver[2] ); 00680 00681 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl ) 00682 { 00683 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00684 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00685 return( 13 ); 00686 #else 00687 ((void) ssl); 00688 #endif 00689 return( 5 ); 00690 } 00691 00692 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) 00693 { 00694 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00695 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00696 return( 12 ); 00697 #else 00698 ((void) ssl); 00699 #endif 00700 return( 4 ); 00701 } 00702 00703 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00704 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); 00705 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); 00706 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); 00707 int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ); 00708 #endif 00709 00710 /* Visible for testing purposes only */ 00711 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 00712 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ); 00713 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); 00714 #endif 00715 00716 /* constant-time buffer comparison */ 00717 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) 00718 { 00719 size_t i; 00720 volatile const unsigned char *A = (volatile const unsigned char *) a; 00721 volatile const unsigned char *B = (volatile const unsigned char *) b; 00722 volatile unsigned char diff = 0; 00723 00724 for( i = 0; i < n; i++ ) 00725 { 00726 /* Read volatile data in order before computing diff. 00727 * This avoids IAR compiler warning: 00728 * 'the order of volatile accesses is undefined ..' */ 00729 unsigned char x = A[i], y = B[i]; 00730 diff |= x ^ y; 00731 } 00732 00733 return( diff ); 00734 } 00735 00736 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 00737 defined(MBEDTLS_SSL_PROTO_TLS1_1) 00738 int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, 00739 unsigned char *output, 00740 unsigned char *data, size_t data_len ); 00741 #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ 00742 MBEDTLS_SSL_PROTO_TLS1_1 */ 00743 00744 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ 00745 defined(MBEDTLS_SSL_PROTO_TLS1_2) 00746 int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, 00747 unsigned char *hash, size_t *hashlen, 00748 unsigned char *data, size_t data_len, 00749 mbedtls_md_type_t md_alg ); 00750 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ 00751 MBEDTLS_SSL_PROTO_TLS1_2 */ 00752 00753 #ifdef __cplusplus 00754 } 00755 #endif 00756 00757 #endif /* ssl_internal.h */
Generated on Tue Jul 12 2022 13:53:35 by
1.7.2