source: azure_iot_hub_mbedtls/trunk/mbedtls-2.16.1/include/mbedtls/ssl_internal.h@ 398

Last change on this file since 398 was 398, checked in by coas-nagasima, 5 years ago

mbedTLS版Azure IoT Hub接続サンプルのソースコードを追加
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-chdr;charset=UTF-8
File size: 30.2 KB
Line 
1/**
2 * \file ssl_internal.h
3 *
4 * \brief Internal functions shared by the SSL modules
5 */
6/*
7 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
21 *
22 * This file is part of mbed TLS (https://tls.mbed.org)
23 */
24#ifndef MBEDTLS_SSL_INTERNAL_H
25#define MBEDTLS_SSL_INTERNAL_H
26
27#if !defined(MBEDTLS_CONFIG_FILE)
28#include "config.h"
29#else
30#include MBEDTLS_CONFIG_FILE
31#endif
32
33#include "ssl.h"
34#include "cipher.h"
35
36#if defined(MBEDTLS_MD5_C)
37#include "md5.h"
38#endif
39
40#if defined(MBEDTLS_SHA1_C)
41#include "sha1.h"
42#endif
43
44#if defined(MBEDTLS_SHA256_C)
45#include "sha256.h"
46#endif
47
48#if defined(MBEDTLS_SHA512_C)
49#include "sha512.h"
50#endif
51
52#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
53#include "ecjpake.h"
54#endif
55
56#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
57 !defined(inline) && !defined(__cplusplus)
58#define inline __inline
59#endif
60
61/* Determine minimum supported version */
62#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
63
64#if defined(MBEDTLS_SSL_PROTO_SSL3)
65#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
66#else
67#if defined(MBEDTLS_SSL_PROTO_TLS1)
68#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
69#else
70#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
71#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
72#else
73#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
74#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
75#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
76#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
77#endif /* MBEDTLS_SSL_PROTO_TLS1 */
78#endif /* MBEDTLS_SSL_PROTO_SSL3 */
79
80#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
81#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
82
83/* Determine maximum supported version */
84#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
85
86#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
87#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
88#else
89#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
90#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
91#else
92#if defined(MBEDTLS_SSL_PROTO_TLS1)
93#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
94#else
95#if defined(MBEDTLS_SSL_PROTO_SSL3)
96#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
97#endif /* MBEDTLS_SSL_PROTO_SSL3 */
98#endif /* MBEDTLS_SSL_PROTO_TLS1 */
99#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
100#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
101
102/* Shorthand for restartable ECC */
103#if defined(MBEDTLS_ECP_RESTARTABLE) && \
104 defined(MBEDTLS_SSL_CLI_C) && \
105 defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
106 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
107#define MBEDTLS_SSL__ECP_RESTARTABLE
108#endif
109
110#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
111#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
112#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
113#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
114
115/*
116 * DTLS retransmission states, see RFC 6347 4.2.4
117 *
118 * The SENDING state is merged in PREPARING for initial sends,
119 * but is distinct for resends.
120 *
121 * Note: initial state is wrong for server, but is not used anyway.
122 */
123#define MBEDTLS_SSL_RETRANS_PREPARING 0
124#define MBEDTLS_SSL_RETRANS_SENDING 1
125#define MBEDTLS_SSL_RETRANS_WAITING 2
126#define MBEDTLS_SSL_RETRANS_FINISHED 3
127
128/*
129 * Allow extra bytes for record, authentication and encryption overhead:
130 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
131 * and allow for a maximum of 1024 of compression expansion if
132 * enabled.
133 */
134#if defined(MBEDTLS_ZLIB_SUPPORT)
135#define MBEDTLS_SSL_COMPRESSION_ADD 1024
136#else
137#define MBEDTLS_SSL_COMPRESSION_ADD 0
138#endif
139
140#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
141/* Ciphersuites using HMAC */
142#if defined(MBEDTLS_SHA512_C)
143#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
144#elif defined(MBEDTLS_SHA256_C)
145#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
146#else
147#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
148#endif
149#else
150/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
151#define MBEDTLS_SSL_MAC_ADD 16
152#endif
153
154#if defined(MBEDTLS_CIPHER_MODE_CBC)
155#define MBEDTLS_SSL_PADDING_ADD 256
156#else
157#define MBEDTLS_SSL_PADDING_ADD 0
158#endif
159
160#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \
161 MBEDTLS_MAX_IV_LENGTH + \
162 MBEDTLS_SSL_MAC_ADD + \
163 MBEDTLS_SSL_PADDING_ADD \
164 )
165
166#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
167 ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
168
169#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
170 ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
171
172/* The maximum number of buffered handshake messages. */
173#define MBEDTLS_SSL_MAX_BUFFERED_HS 4
174
175/* Maximum length we can advertise as our max content length for
176 RFC 6066 max_fragment_length extension negotiation purposes
177 (the lesser of both sizes, if they are unequal.)
178 */
179#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \
180 (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \
181 ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \
182 : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
183 )
184
185/*
186 * Check that we obey the standard's message size bounds
187 */
188
189#if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
190#error "Bad configuration - record content too large."
191#endif
192
193#if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
194#error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
195#endif
196
197#if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
198#error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
199#endif
200
201#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
202#error "Bad configuration - incoming protected record payload too large."
203#endif
204
205#if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
206#error "Bad configuration - outgoing protected record payload too large."
207#endif
208
209/* Calculate buffer sizes */
210
211/* Note: Even though the TLS record header is only 5 bytes
212 long, we're internally using 8 bytes to store the
213 implicit sequence number. */
214#define MBEDTLS_SSL_HEADER_LEN 13
215
216#define MBEDTLS_SSL_IN_BUFFER_LEN \
217 ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
218
219#define MBEDTLS_SSL_OUT_BUFFER_LEN \
220 ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
221
222#ifdef MBEDTLS_ZLIB_SUPPORT
223/* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
224#define MBEDTLS_SSL_COMPRESS_BUFFER_LEN ( \
225 ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN ) \
226 ? MBEDTLS_SSL_IN_BUFFER_LEN \
227 : MBEDTLS_SSL_OUT_BUFFER_LEN \
228 )
229#endif
230
231/*
232 * TLS extension flags (for extensions with outgoing ServerHello content
233 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
234 * of state of the renegotiation flag, so no indicator is required)
235 */
236#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
237#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
238
239#ifdef __cplusplus
240extern "C" {
241#endif
242
243#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
244 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
245/*
246 * Abstraction for a grid of allowed signature-hash-algorithm pairs.
247 */
248struct mbedtls_ssl_sig_hash_set_t
249{
250 /* At the moment, we only need to remember a single suitable
251 * hash algorithm per signature algorithm. As long as that's
252 * the case - and we don't need a general lookup function -
253 * we can implement the sig-hash-set as a map from signatures
254 * to hash algorithms. */
255 mbedtls_md_type_t rsa;
256 mbedtls_md_type_t ecdsa;
257};
258#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
259 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
260
261/*
262 * This structure contains the parameters only needed during handshake.
263 */
264struct mbedtls_ssl_handshake_params
265{
266 /*
267 * Handshake specific crypto variables
268 */
269
270#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
271 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
272 mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
273#endif
274#if defined(MBEDTLS_DHM_C)
275 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
276#endif
277#if defined(MBEDTLS_ECDH_C)
278 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
279#endif
280#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
281 mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
282#if defined(MBEDTLS_SSL_CLI_C)
283 unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */
284 size_t ecjpake_cache_len; /*!< Length of cached data */
285#endif
286#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
287#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
288 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
289 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
290#endif
291#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
292 unsigned char *psk; /*!< PSK from the callback */
293 size_t psk_len; /*!< Length of PSK from callback */
294#endif
295#if defined(MBEDTLS_X509_CRT_PARSE_C)
296 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
297#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
298 int sni_authmode; /*!< authmode from SNI callback */
299 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
300 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
301 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
302#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
303#endif /* MBEDTLS_X509_CRT_PARSE_C */
304#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
305 int ecrs_enabled; /*!< Handshake supports EC restart? */
306 mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
307 enum { /* this complements ssl->state with info on intra-state operations */
308 ssl_ecrs_none = 0, /*!< nothing going on (yet) */
309 ssl_ecrs_crt_verify, /*!< Certificate: crt_verify() */
310 ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: pk_verify() */
311 ssl_ecrs_cke_ecdh_calc_secret, /*!< ClientKeyExchange: ECDH step 2 */
312 ssl_ecrs_crt_vrfy_sign, /*!< CertificateVerify: pk_sign() */
313 } ecrs_state; /*!< current (or last) operation */
314 size_t ecrs_n; /*!< place for saving a length */
315#endif
316#if defined(MBEDTLS_SSL_PROTO_DTLS)
317 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
318 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
319
320 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
321 Srv: unused */
322 unsigned char verify_cookie_len; /*!< Cli: cookie length
323 Srv: flag for sending a cookie */
324
325 uint32_t retransmit_timeout; /*!< Current value of timeout */
326 unsigned char retransmit_state; /*!< Retransmission state */
327 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
328 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
329 unsigned char *cur_msg_p; /*!< Position in current message */
330 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
331 flight being received */
332 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
333 resending messages */
334 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
335 for resending messages */
336
337 struct
338 {
339 size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
340 * buffers used for message buffering. */
341
342 uint8_t seen_ccs; /*!< Indicates if a CCS message has
343 * been seen in the current flight. */
344
345 struct mbedtls_ssl_hs_buffer
346 {
347 unsigned is_valid : 1;
348 unsigned is_fragmented : 1;
349 unsigned is_complete : 1;
350 unsigned char *data;
351 size_t data_len;
352 } hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
353
354 struct
355 {
356 unsigned char *data;
357 size_t len;
358 unsigned epoch;
359 } future_record;
360
361 } buffering;
362
363 uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
364#endif /* MBEDTLS_SSL_PROTO_DTLS */
365
366 /*
367 * Checksum contexts
368 */
369#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
370 defined(MBEDTLS_SSL_PROTO_TLS1_1)
371 mbedtls_md5_context fin_md5;
372 mbedtls_sha1_context fin_sha1;
373#endif
374#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
375#if defined(MBEDTLS_SHA256_C)
376 mbedtls_sha256_context fin_sha256;
377#endif
378#if defined(MBEDTLS_SHA512_C)
379 mbedtls_sha512_context fin_sha512;
380#endif
381#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
382
383 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
384 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
385 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
386 int (*tls_prf)(const unsigned char *, size_t, const char *,
387 const unsigned char *, size_t,
388 unsigned char *, size_t);
389
390 size_t pmslen; /*!< premaster length */
391
392 unsigned char randbytes[64]; /*!< random bytes */
393 unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
394 /*!< premaster secret */
395
396 int resume; /*!< session resume indicator*/
397 int max_major_ver; /*!< max. major version client*/
398 int max_minor_ver; /*!< max. minor version client*/
399 int cli_exts; /*!< client extension presence*/
400
401#if defined(MBEDTLS_SSL_SESSION_TICKETS)
402 int new_session_ticket; /*!< use NewSessionTicket? */
403#endif /* MBEDTLS_SSL_SESSION_TICKETS */
404#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
405 int extended_ms; /*!< use Extended Master Secret? */
406#endif
407
408#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
409 unsigned int async_in_progress : 1; /*!< an asynchronous operation is in progress */
410#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
411
412#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
413 /** Asynchronous operation context. This field is meant for use by the
414 * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start,
415 * mbedtls_ssl_config::f_async_decrypt_start,
416 * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel).
417 * The library does not use it internally. */
418 void *user_async_ctx;
419#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
420};
421
422typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
423
424/*
425 * This structure contains a full set of runtime transform parameters
426 * either in negotiation or active.
427 */
428struct mbedtls_ssl_transform
429{
430 /*
431 * Session specific crypto layer
432 */
433 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
434 /*!< Chosen cipersuite_info */
435 unsigned int keylen; /*!< symmetric key length (bytes) */
436 size_t minlen; /*!< min. ciphertext length */
437 size_t ivlen; /*!< IV length */
438 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
439 size_t maclen; /*!< MAC length */
440
441 unsigned char iv_enc[16]; /*!< IV (encryption) */
442 unsigned char iv_dec[16]; /*!< IV (decryption) */
443
444#if defined(MBEDTLS_SSL_PROTO_SSL3)
445 /* Needed only for SSL v3.0 secret */
446 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
447 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
448#endif /* MBEDTLS_SSL_PROTO_SSL3 */
449
450 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
451 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
452
453 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
454 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
455
456 /*
457 * Session specific compression layer
458 */
459#if defined(MBEDTLS_ZLIB_SUPPORT)
460 z_stream ctx_deflate; /*!< compression context */
461 z_stream ctx_inflate; /*!< decompression context */
462#endif
463};
464
465#if defined(MBEDTLS_X509_CRT_PARSE_C)
466/*
467 * List of certificate + private key pairs
468 */
469struct mbedtls_ssl_key_cert
470{
471 mbedtls_x509_crt *cert; /*!< cert */
472 mbedtls_pk_context *key; /*!< private key */
473 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
474};
475#endif /* MBEDTLS_X509_CRT_PARSE_C */
476
477#if defined(MBEDTLS_SSL_PROTO_DTLS)
478/*
479 * List of handshake messages kept around for resending
480 */
481struct mbedtls_ssl_flight_item
482{
483 unsigned char *p; /*!< message, including handshake headers */
484 size_t len; /*!< length of p */
485 unsigned char type; /*!< type of the message: handshake or CCS */
486 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
487};
488#endif /* MBEDTLS_SSL_PROTO_DTLS */
489
490#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
491 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
492
493/* Find an entry in a signature-hash set matching a given hash algorithm. */
494mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
495 mbedtls_pk_type_t sig_alg );
496/* Add a signature-hash-pair to a signature-hash set */
497void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
498 mbedtls_pk_type_t sig_alg,
499 mbedtls_md_type_t md_alg );
500/* Allow exactly one hash algorithm for each signature. */
501void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
502 mbedtls_md_type_t md_alg );
503
504/* Setup an empty signature-hash set */
505static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set )
506{
507 mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE );
508}
509
510#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
511 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
512
513/**
514 * \brief Free referenced items in an SSL transform context and clear
515 * memory
516 *
517 * \param transform SSL transform context
518 */
519void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
520
521/**
522 * \brief Free referenced items in an SSL handshake context and clear
523 * memory
524 *
525 * \param ssl SSL context
526 */
527void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
528
529int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
530int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
531void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
532
533int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
534
535void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
536int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
537
538int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
539int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
540void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
541
542/**
543 * \brief Update record layer
544 *
545 * This function roughly separates the implementation
546 * of the logic of (D)TLS from the implementation
547 * of the secure transport.
548 *
549 * \param ssl The SSL context to use.
550 * \param update_hs_digest This indicates if the handshake digest
551 * should be automatically updated in case
552 * a handshake message is found.
553 *
554 * \return 0 or non-zero error code.
555 *
556 * \note A clarification on what is called 'record layer' here
557 * is in order, as many sensible definitions are possible:
558 *
559 * The record layer takes as input an untrusted underlying
560 * transport (stream or datagram) and transforms it into
561 * a serially multiplexed, secure transport, which
562 * conceptually provides the following:
563 *
564 * (1) Three datagram based, content-agnostic transports
565 * for handshake, alert and CCS messages.
566 * (2) One stream- or datagram-based transport
567 * for application data.
568 * (3) Functionality for changing the underlying transform
569 * securing the contents.
570 *
571 * The interface to this functionality is given as follows:
572 *
573 * a Updating
574 * [Currently implemented by mbedtls_ssl_read_record]
575 *
576 * Check if and on which of the four 'ports' data is pending:
577 * Nothing, a controlling datagram of type (1), or application
578 * data (2). In any case data is present, internal buffers
579 * provide access to the data for the user to process it.
580 * Consumption of type (1) datagrams is done automatically
581 * on the next update, invalidating that the internal buffers
582 * for previous datagrams, while consumption of application
583 * data (2) is user-controlled.
584 *
585 * b Reading of application data
586 * [Currently manual adaption of ssl->in_offt pointer]
587 *
588 * As mentioned in the last paragraph, consumption of data
589 * is different from the automatic consumption of control
590 * datagrams (1) because application data is treated as a stream.
591 *
592 * c Tracking availability of application data
593 * [Currently manually through decreasing ssl->in_msglen]
594 *
595 * For efficiency and to retain datagram semantics for
596 * application data in case of DTLS, the record layer
597 * provides functionality for checking how much application
598 * data is still available in the internal buffer.
599 *
600 * d Changing the transformation securing the communication.
601 *
602 * Given an opaque implementation of the record layer in the
603 * above sense, it should be possible to implement the logic
604 * of (D)TLS on top of it without the need to know anything
605 * about the record layer's internals. This is done e.g.
606 * in all the handshake handling functions, and in the
607 * application data reading function mbedtls_ssl_read.
608 *
609 * \note The above tries to give a conceptual picture of the
610 * record layer, but the current implementation deviates
611 * from it in some places. For example, our implementation of
612 * the update functionality through mbedtls_ssl_read_record
613 * discards datagrams depending on the current state, which
614 * wouldn't fall under the record layer's responsibility
615 * following the above definition.
616 *
617 */
618int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
619 unsigned update_hs_digest );
620int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
621
622int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
623int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
624int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
625
626int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
627int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
628
629int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
630int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
631
632int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
633int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
634
635void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
636 const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
637
638#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
639int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
640#endif
641
642#if defined(MBEDTLS_PK_C)
643unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
644unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
645mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
646#endif
647
648mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
649unsigned char mbedtls_ssl_hash_from_md_alg( int md );
650int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
651
652#if defined(MBEDTLS_ECP_C)
653int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
654#endif
655
656#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
657int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
658 mbedtls_md_type_t md );
659#endif
660
661#if defined(MBEDTLS_X509_CRT_PARSE_C)
662static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
663{
664 mbedtls_ssl_key_cert *key_cert;
665
666 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
667 key_cert = ssl->handshake->key_cert;
668 else
669 key_cert = ssl->conf->key_cert;
670
671 return( key_cert == NULL ? NULL : key_cert->key );
672}
673
674static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
675{
676 mbedtls_ssl_key_cert *key_cert;
677
678 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
679 key_cert = ssl->handshake->key_cert;
680 else
681 key_cert = ssl->conf->key_cert;
682
683 return( key_cert == NULL ? NULL : key_cert->cert );
684}
685
686/*
687 * Check usage of a certificate wrt extensions:
688 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
689 *
690 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
691 * check a cert we received from them)!
692 *
693 * Return 0 if everything is OK, -1 if not.
694 */
695int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
696 const mbedtls_ssl_ciphersuite_t *ciphersuite,
697 int cert_endpoint,
698 uint32_t *flags );
699#endif /* MBEDTLS_X509_CRT_PARSE_C */
700
701void mbedtls_ssl_write_version( int major, int minor, int transport,
702 unsigned char ver[2] );
703void mbedtls_ssl_read_version( int *major, int *minor, int transport,
704 const unsigned char ver[2] );
705
706static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
707{
708#if defined(MBEDTLS_SSL_PROTO_DTLS)
709 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
710 return( 13 );
711#else
712 ((void) ssl);
713#endif
714 return( 5 );
715}
716
717static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
718{
719#if defined(MBEDTLS_SSL_PROTO_DTLS)
720 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
721 return( 12 );
722#else
723 ((void) ssl);
724#endif
725 return( 4 );
726}
727
728#if defined(MBEDTLS_SSL_PROTO_DTLS)
729void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
730void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
731int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
732int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
733#endif
734
735/* Visible for testing purposes only */
736#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
737int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
738void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
739#endif
740
741/* constant-time buffer comparison */
742static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
743{
744 size_t i;
745 volatile const unsigned char *A = (volatile const unsigned char *) a;
746 volatile const unsigned char *B = (volatile const unsigned char *) b;
747 volatile unsigned char diff = 0;
748
749 for( i = 0; i < n; i++ )
750 {
751 /* Read volatile data in order before computing diff.
752 * This avoids IAR compiler warning:
753 * 'the order of volatile accesses is undefined ..' */
754 unsigned char x = A[i], y = B[i];
755 diff |= x ^ y;
756 }
757
758 return( diff );
759}
760
761#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
762 defined(MBEDTLS_SSL_PROTO_TLS1_1)
763int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
764 unsigned char *output,
765 unsigned char *data, size_t data_len );
766#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
767 MBEDTLS_SSL_PROTO_TLS1_1 */
768
769#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
770 defined(MBEDTLS_SSL_PROTO_TLS1_2)
771int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
772 unsigned char *hash, size_t *hashlen,
773 unsigned char *data, size_t data_len,
774 mbedtls_md_type_t md_alg );
775#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
776 MBEDTLS_SSL_PROTO_TLS1_2 */
777
778#ifdef __cplusplus
779}
780#endif
781
782#endif /* ssl_internal.h */
Note: See TracBrowser for help on using the repository browser.