Marco Zecchini
/
Example_RTOS
Rtos API example
Embed:
(wiki syntax)
Show/hide line numbers
ssl_internal.h
00001 /** 00002 * \file ssl_ticket.h 00003 * 00004 * \brief Internal functions shared by the SSL modules 00005 * 00006 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 #ifndef MBEDTLS_SSL_INTERNAL_H 00024 #define MBEDTLS_SSL_INTERNAL_H 00025 00026 #include "ssl.h" 00027 00028 #if defined(MBEDTLS_MD5_C) 00029 #include "md5.h" 00030 #endif 00031 00032 #if defined(MBEDTLS_SHA1_C) 00033 #include "sha1.h" 00034 #endif 00035 00036 #if defined(MBEDTLS_SHA256_C) 00037 #include "sha256.h" 00038 #endif 00039 00040 #if defined(MBEDTLS_SHA512_C) 00041 #include "sha512.h" 00042 #endif 00043 00044 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00045 #include "ecjpake.h" 00046 #endif 00047 00048 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00049 !defined(inline) && !defined(__cplusplus) 00050 #define inline __inline 00051 #endif 00052 00053 /* Determine minimum supported version */ 00054 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00055 00056 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00057 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00058 #else 00059 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00060 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00061 #else 00062 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00063 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00064 #else 00065 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00066 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00067 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00068 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00069 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00070 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00071 00072 /* Determine maximum supported version */ 00073 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 00074 00075 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00076 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 00077 #else 00078 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) 00079 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 00080 #else 00081 #if defined(MBEDTLS_SSL_PROTO_TLS1) 00082 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 00083 #else 00084 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00085 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 00086 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00087 #endif /* MBEDTLS_SSL_PROTO_TLS1 */ 00088 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ 00089 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00090 00091 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 00092 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ 00093 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ 00094 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ 00095 00096 /* 00097 * DTLS retransmission states, see RFC 6347 4.2.4 00098 * 00099 * The SENDING state is merged in PREPARING for initial sends, 00100 * but is distinct for resends. 00101 * 00102 * Note: initial state is wrong for server, but is not used anyway. 00103 */ 00104 #define MBEDTLS_SSL_RETRANS_PREPARING 0 00105 #define MBEDTLS_SSL_RETRANS_SENDING 1 00106 #define MBEDTLS_SSL_RETRANS_WAITING 2 00107 #define MBEDTLS_SSL_RETRANS_FINISHED 3 00108 00109 /* 00110 * Allow extra bytes for record, authentication and encryption overhead: 00111 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) 00112 * and allow for a maximum of 1024 of compression expansion if 00113 * enabled. 00114 */ 00115 #if defined(MBEDTLS_ZLIB_SUPPORT) 00116 #define MBEDTLS_SSL_COMPRESSION_ADD 1024 00117 #else 00118 #define MBEDTLS_SSL_COMPRESSION_ADD 0 00119 #endif 00120 00121 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) 00122 /* Ciphersuites using HMAC */ 00123 #if defined(MBEDTLS_SHA512_C) 00124 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ 00125 #elif defined(MBEDTLS_SHA256_C) 00126 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ 00127 #else 00128 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ 00129 #endif 00130 #else 00131 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ 00132 #define MBEDTLS_SSL_MAC_ADD 16 00133 #endif 00134 00135 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00136 #define MBEDTLS_SSL_PADDING_ADD 256 00137 #else 00138 #define MBEDTLS_SSL_PADDING_ADD 0 00139 #endif 00140 00141 #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ 00142 + MBEDTLS_SSL_COMPRESSION_ADD \ 00143 + 29 /* counter + header + IV */ \ 00144 + MBEDTLS_SSL_MAC_ADD \ 00145 + MBEDTLS_SSL_PADDING_ADD \ 00146 ) 00147 00148 /* 00149 * TLS extension flags (for extensions with outgoing ServerHello content 00150 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because 00151 * of state of the renegotiation flag, so no indicator is required) 00152 */ 00153 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) 00154 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) 00155 00156 #ifdef __cplusplus 00157 extern "C" { 00158 #endif 00159 00160 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00161 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00162 /* 00163 * Abstraction for a grid of allowed signature-hash-algorithm pairs. 00164 */ 00165 struct mbedtls_ssl_sig_hash_set_t 00166 { 00167 /* At the moment, we only need to remember a single suitable 00168 * hash algorithm per signature algorithm. As long as that's 00169 * the case - and we don't need a general lookup function - 00170 * we can implement the sig-hash-set as a map from signatures 00171 * to hash algorithms. */ 00172 mbedtls_md_type_t rsa; 00173 mbedtls_md_type_t ecdsa; 00174 }; 00175 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && 00176 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ 00177 00178 /* 00179 * This structure contains the parameters only needed during handshake. 00180 */ 00181 struct mbedtls_ssl_handshake_params 00182 { 00183 /* 00184 * Handshake specific crypto variables 00185 */ 00186 00187 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00188 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00189 mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */ 00190 #endif 00191 #if defined(MBEDTLS_DHM_C) 00192 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ 00193 #endif 00194 #if defined(MBEDTLS_ECDH_C) 00195 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ 00196 #endif 00197 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00198 mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ 00199 #if defined(MBEDTLS_SSL_CLI_C) 00200 unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ 00201 size_t ecjpake_cache_len; /*!< Length of cached data */ 00202 #endif 00203 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 00204 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 00205 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00206 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ 00207 #endif 00208 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00209 unsigned char *psk; /*!< PSK from the callback */ 00210 size_t psk_len; /*!< Length of PSK from callback */ 00211 #endif 00212 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00213 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ 00214 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 00215 int sni_authmode; /*!< authmode from SNI callback */ 00216 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ 00217 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ 00218 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ 00219 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ 00220 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00221 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00222 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ 00223 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ 00224 00225 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie 00226 Srv: unused */ 00227 unsigned char verify_cookie_len; /*!< Cli: cookie length 00228 Srv: flag for sending a cookie */ 00229 00230 unsigned char *hs_msg; /*!< Reassembled handshake message */ 00231 00232 uint32_t retransmit_timeout; /*!< Current value of timeout */ 00233 unsigned char retransmit_state; /*!< Retransmission state */ 00234 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ 00235 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ 00236 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the 00237 flight being received */ 00238 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for 00239 resending messages */ 00240 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter 00241 for resending messages */ 00242 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00243 00244 /* 00245 * Checksum contexts 00246 */ 00247 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ 00248 defined(MBEDTLS_SSL_PROTO_TLS1_1) 00249 mbedtls_md5_context fin_md5; 00250 mbedtls_sha1_context fin_sha1; 00251 #endif 00252 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) 00253 #if defined(MBEDTLS_SHA256_C) 00254 mbedtls_sha256_context fin_sha256; 00255 #endif 00256 #if defined(MBEDTLS_SHA512_C) 00257 mbedtls_sha512_context fin_sha512; 00258 #endif 00259 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ 00260 00261 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); 00262 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *); 00263 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); 00264 int (*tls_prf)(const unsigned char *, size_t, const char *, 00265 const unsigned char *, size_t, 00266 unsigned char *, size_t); 00267 00268 size_t pmslen; /*!< premaster length */ 00269 00270 unsigned char randbytes[64]; /*!< random bytes */ 00271 unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; 00272 /*!< premaster secret */ 00273 00274 int resume; /*!< session resume indicator*/ 00275 int max_major_ver; /*!< max. major version client*/ 00276 int max_minor_ver; /*!< max. minor version client*/ 00277 int cli_exts; /*!< client extension presence*/ 00278 00279 #if defined(MBEDTLS_SSL_SESSION_TICKETS) 00280 int new_session_ticket; /*!< use NewSessionTicket? */ 00281 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ 00282 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 00283 int extended_ms; /*!< use Extended Master Secret? */ 00284 #endif 00285 }; 00286 00287 /* 00288 * This structure contains a full set of runtime transform parameters 00289 * either in negotiation or active. 00290 */ 00291 struct mbedtls_ssl_transform 00292 { 00293 /* 00294 * Session specific crypto layer 00295 */ 00296 const mbedtls_ssl_ciphersuite_t *ciphersuite_info; 00297 /*!< Chosen cipersuite_info */ 00298 unsigned int keylen; /*!< symmetric key length (bytes) */ 00299 size_t minlen; /*!< min. ciphertext length */ 00300 size_t ivlen; /*!< IV length */ 00301 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ 00302 size_t maclen; /*!< MAC length */ 00303 00304 unsigned char iv_enc[16]; /*!< IV (encryption) */ 00305 unsigned char iv_dec[16]; /*!< IV (decryption) */ 00306 00307 #if defined(MBEDTLS_SSL_PROTO_SSL3) 00308 /* Needed only for SSL v3.0 secret */ 00309 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ 00310 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */ 00311 #endif /* MBEDTLS_SSL_PROTO_SSL3 */ 00312 00313 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ 00314 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ 00315 00316 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ 00317 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ 00318 00319 /* 00320 * Session specific compression layer 00321 */ 00322 #if defined(MBEDTLS_ZLIB_SUPPORT) 00323 z_stream ctx_deflate; /*!< compression context */ 00324 z_stream ctx_inflate; /*!< decompression context */ 00325 #endif 00326 }; 00327 00328 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00329 /* 00330 * List of certificate + private key pairs 00331 */ 00332 struct mbedtls_ssl_key_cert 00333 { 00334 mbedtls_x509_crt *cert; /*!< cert */ 00335 mbedtls_pk_context *key; /*!< private key */ 00336 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ 00337 }; 00338 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00339 00340 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00341 /* 00342 * List of handshake messages kept around for resending 00343 */ 00344 struct mbedtls_ssl_flight_item 00345 { 00346 unsigned char *p; /*!< message, including handshake headers */ 00347 size_t len; /*!< length of p */ 00348 unsigned char type; /*!< type of the message: handshake or CCS */ 00349 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ 00350 }; 00351 #endif /* MBEDTLS_SSL_PROTO_DTLS */ 00352 00353 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ 00354 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00355 00356 /* Find an entry in a signature-hash set matching a given hash algorithm. */ 00357 mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, 00358 mbedtls_pk_type_t sig_alg ); 00359 /* Add a signature-hash-pair to a signature-hash set */ 00360 void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, 00361 mbedtls_pk_type_t sig_alg, 00362 mbedtls_md_type_t md_alg ); 00363 /* Allow exactly one hash algorithm for each signature. */ 00364 void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, 00365 mbedtls_md_type_t md_alg ); 00366 00367 /* Setup an empty signature-hash set */ 00368 static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set ) 00369 { 00370 mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE ); 00371 } 00372 00373 #endif /* MBEDTLS_SSL_PROTO_TLS1_2) && 00374 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ 00375 00376 /** 00377 * \brief Free referenced items in an SSL transform context and clear 00378 * memory 00379 * 00380 * \param transform SSL transform context 00381 */ 00382 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); 00383 00384 /** 00385 * \brief Free referenced items in an SSL handshake context and clear 00386 * memory 00387 * 00388 * \param handshake SSL handshake context 00389 */ 00390 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ); 00391 00392 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); 00393 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); 00394 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); 00395 00396 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); 00397 00398 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); 00399 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); 00400 00401 int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl ); 00402 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); 00403 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); 00404 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); 00405 00406 /** 00407 * \brief Update record layer 00408 * 00409 * This function roughly separates the implementation 00410 * of the logic of (D)TLS from the implementation 00411 * of the secure transport. 00412 * 00413 * \param ssl SSL context to use 00414 * 00415 * \return 0 or non-zero error code. 00416 * 00417 * \note A clarification on what is called 'record layer' here 00418 * is in order, as many sensible definitions are possible: 00419 * 00420 * The record layer takes as input an untrusted underlying 00421 * transport (stream or datagram) and transforms it into 00422 * a serially multiplexed, secure transport, which 00423 * conceptually provides the following: 00424 * 00425 * (1) Three datagram based, content-agnostic transports 00426 * for handshake, alert and CCS messages. 00427 * (2) One stream- or datagram-based transport 00428 * for application data. 00429 * (3) Functionality for changing the underlying transform 00430 * securing the contents. 00431 * 00432 * The interface to this functionality is given as follows: 00433 * 00434 * a Updating 00435 * [Currently implemented by mbedtls_ssl_read_record] 00436 * 00437 * Check if and on which of the four 'ports' data is pending: 00438 * Nothing, a controlling datagram of type (1), or application 00439 * data (2). In any case data is present, internal buffers 00440 * provide access to the data for the user to process it. 00441 * Consumption of type (1) datagrams is done automatically 00442 * on the next update, invalidating that the internal buffers 00443 * for previous datagrams, while consumption of application 00444 * data (2) is user-controlled. 00445 * 00446 * b Reading of application data 00447 * [Currently manual adaption of ssl->in_offt pointer] 00448 * 00449 * As mentioned in the last paragraph, consumption of data 00450 * is different from the automatic consumption of control 00451 * datagrams (1) because application data is treated as a stream. 00452 * 00453 * c Tracking availability of application data 00454 * [Currently manually through decreasing ssl->in_msglen] 00455 * 00456 * For efficiency and to retain datagram semantics for 00457 * application data in case of DTLS, the record layer 00458 * provides functionality for checking how much application 00459 * data is still available in the internal buffer. 00460 * 00461 * d Changing the transformation securing the communication. 00462 * 00463 * Given an opaque implementation of the record layer in the 00464 * above sense, it should be possible to implement the logic 00465 * of (D)TLS on top of it without the need to know anything 00466 * about the record layer's internals. This is done e.g. 00467 * in all the handshake handling functions, and in the 00468 * application data reading function mbedtls_ssl_read. 00469 * 00470 * \note The above tries to give a conceptual picture of the 00471 * record layer, but the current implementation deviates 00472 * from it in some places. For example, our implementation of 00473 * the update functionality through mbedtls_ssl_read_record 00474 * discards datagrams depending on the current state, which 00475 * wouldn't fall under the record layer's responsibility 00476 * following the above definition. 00477 * 00478 */ 00479 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ); 00480 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); 00481 00482 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ); 00483 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); 00484 00485 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); 00486 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); 00487 00488 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); 00489 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); 00490 00491 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); 00492 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); 00493 00494 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, 00495 const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); 00496 00497 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 00498 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); 00499 #endif 00500 00501 #if defined(MBEDTLS_PK_C) 00502 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); 00503 unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ); 00504 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); 00505 #endif 00506 00507 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); 00508 unsigned char mbedtls_ssl_hash_from_md_alg( int md ); 00509 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); 00510 00511 #if defined(MBEDTLS_ECP_C) 00512 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); 00513 #endif 00514 00515 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 00516 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, 00517 mbedtls_md_type_t md ); 00518 #endif 00519 00520 #if defined(MBEDTLS_X509_CRT_PARSE_C) 00521 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) 00522 { 00523 mbedtls_ssl_key_cert *key_cert; 00524 00525 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00526 key_cert = ssl->handshake->key_cert; 00527 else 00528 key_cert = ssl->conf->key_cert; 00529 00530 return( key_cert == NULL ? NULL : key_cert->key ); 00531 } 00532 00533 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) 00534 { 00535 mbedtls_ssl_key_cert *key_cert; 00536 00537 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) 00538 key_cert = ssl->handshake->key_cert; 00539 else 00540 key_cert = ssl->conf->key_cert; 00541 00542 return( key_cert == NULL ? NULL : key_cert->cert ); 00543 } 00544 00545 /* 00546 * Check usage of a certificate wrt extensions: 00547 * keyUsage, extendedKeyUsage (later), and nSCertType (later). 00548 * 00549 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we 00550 * check a cert we received from them)! 00551 * 00552 * Return 0 if everything is OK, -1 if not. 00553 */ 00554 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, 00555 const mbedtls_ssl_ciphersuite_t *ciphersuite, 00556 int cert_endpoint, 00557 uint32_t *flags ); 00558 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 00559 00560 void mbedtls_ssl_write_version( int major, int minor, int transport, 00561 unsigned char ver[2] ); 00562 void mbedtls_ssl_read_version( int *major, int *minor, int transport, 00563 const unsigned char ver[2] ); 00564 00565 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl ) 00566 { 00567 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00568 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00569 return( 13 ); 00570 #else 00571 ((void) ssl); 00572 #endif 00573 return( 5 ); 00574 } 00575 00576 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) 00577 { 00578 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00579 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) 00580 return( 12 ); 00581 #else 00582 ((void) ssl); 00583 #endif 00584 return( 4 ); 00585 } 00586 00587 #if defined(MBEDTLS_SSL_PROTO_DTLS) 00588 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); 00589 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); 00590 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); 00591 #endif 00592 00593 /* Visible for testing purposes only */ 00594 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 00595 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ); 00596 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); 00597 #endif 00598 00599 /* constant-time buffer comparison */ 00600 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) 00601 { 00602 size_t i; 00603 const unsigned char *A = (const unsigned char *) a; 00604 const unsigned char *B = (const unsigned char *) b; 00605 unsigned char diff = 0; 00606 00607 for( i = 0; i < n; i++ ) 00608 diff |= A[i] ^ B[i]; 00609 00610 return( diff ); 00611 } 00612 00613 #ifdef __cplusplus 00614 } 00615 #endif 00616 00617 #endif /* ssl_internal.h */
Generated on Sun Jul 17 2022 08:25:31 by 1.7.2