projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[MBEDTLS] Missed these files in svn. Addendum to r69512. CORE-10318
[reactos.git] / reactos / include / reactos / libs / mbedtls / ssl_internal.h
1 /**
2 * \file ssl_ticket.h
3 *
4 * \brief Internal functions shared by the SSL modules
5 *
6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23 #ifndef MBEDTLS_SSL_INTERNAL_H
24 #define MBEDTLS_SSL_INTERNAL_H
25
26 #include "ssl.h"
27
28 #if defined(MBEDTLS_MD5_C)
29 #include "md5.h"
30 #endif
31
32 #if defined(MBEDTLS_SHA1_C)
33 #include "sha1.h"
34 #endif
35
36 #if defined(MBEDTLS_SHA256_C)
37 #include "sha256.h"
38 #endif
39
40 #if defined(MBEDTLS_SHA512_C)
41 #include "sha512.h"
42 #endif
43
44 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
45 !defined(inline) && !defined(__cplusplus)
46 #define inline __inline
47 #endif
48
49 /* Determine minimum supported version */
50 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
51
52 #if defined(MBEDTLS_SSL_PROTO_SSL3)
53 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
54 #else
55 #if defined(MBEDTLS_SSL_PROTO_TLS1)
56 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
57 #else
58 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
59 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
60 #else
61 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
62 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
63 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
64 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
65 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
66 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
67
68 /* Determine maximum supported version */
69 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
70
71 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
72 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
73 #else
74 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
75 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
76 #else
77 #if defined(MBEDTLS_SSL_PROTO_TLS1)
78 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
79 #else
80 #if defined(MBEDTLS_SSL_PROTO_SSL3)
81 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
82 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
83 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
84 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
85 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
86
87 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
88 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
89 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
90 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
91
92 /*
93 * DTLS retransmission states, see RFC 6347 4.2.4
94 *
95 * The SENDING state is merged in PREPARING for initial sends,
96 * but is distinct for resends.
97 *
98 * Note: initial state is wrong for server, but is not used anyway.
99 */
100 #define MBEDTLS_SSL_RETRANS_PREPARING 0
101 #define MBEDTLS_SSL_RETRANS_SENDING 1
102 #define MBEDTLS_SSL_RETRANS_WAITING 2
103 #define MBEDTLS_SSL_RETRANS_FINISHED 3
104
105 /*
106 * Allow extra bytes for record, authentication and encryption overhead:
107 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
108 * and allow for a maximum of 1024 of compression expansion if
109 * enabled.
110 */
111 #if defined(MBEDTLS_ZLIB_SUPPORT)
112 #define MBEDTLS_SSL_COMPRESSION_ADD 1024
113 #else
114 #define MBEDTLS_SSL_COMPRESSION_ADD 0
115 #endif
116
117 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
118 /* Ciphersuites using HMAC */
119 #if defined(MBEDTLS_SHA512_C)
120 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
121 #elif defined(MBEDTLS_SHA256_C)
122 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
123 #else
124 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
125 #endif
126 #else
127 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
128 #define MBEDTLS_SSL_MAC_ADD 16
129 #endif
130
131 #if defined(MBEDTLS_CIPHER_MODE_CBC)
132 #define MBEDTLS_SSL_PADDING_ADD 256
133 #else
134 #define MBEDTLS_SSL_PADDING_ADD 0
135 #endif
136
137 #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
138 + MBEDTLS_SSL_COMPRESSION_ADD \
139 + 29 /* counter + header + IV */ \
140 + MBEDTLS_SSL_MAC_ADD \
141 + MBEDTLS_SSL_PADDING_ADD \
142 )
143
144 /*
145 * TLS extension flags (for extensions with outgoing ServerHello content
146 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
147 * of state of the renegotiation flag, so no indicator is required)
148 */
149 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
150
151 #ifdef __cplusplus
152 extern "C" {
153 #endif
154
155 /*
156 * This structure contains the parameters only needed during handshake.
157 */
158 struct mbedtls_ssl_handshake_params
159 {
160 /*
161 * Handshake specific crypto variables
162 */
163 int sig_alg; /*!< Hash algorithm for signature */
164 int cert_type; /*!< Requested cert type */
165 int verify_sig_alg; /*!< Signature algorithm for verify */
166 #if defined(MBEDTLS_DHM_C)
167 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
168 #endif
169 #if defined(MBEDTLS_ECDH_C)
170 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
171 #endif
172 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
173 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
174 #endif
175 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
176 unsigned char *psk; /*!< PSK from the callback */
177 size_t psk_len; /*!< Length of PSK from callback */
178 #endif
179 #if defined(MBEDTLS_X509_CRT_PARSE_C)
180 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
181 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
182 int sni_authmode; /*!< authmode from SNI callback */
183 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
184 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
185 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
186 #endif
187 #endif /* MBEDTLS_X509_CRT_PARSE_C */
188 #if defined(MBEDTLS_SSL_PROTO_DTLS)
189 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
190 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
191
192 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
193 Srv: unused */
194 unsigned char verify_cookie_len; /*!< Cli: cookie length
195 Srv: flag for sending a cookie */
196
197 unsigned char *hs_msg; /*!< Reassembled handshake message */
198
199 uint32_t retransmit_timeout; /*!< Current value of timeout */
200 unsigned char retransmit_state; /*!< Retransmission state */
201 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
202 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
203 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
204 flight being received */
205 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
206 resending messages */
207 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
208 for resending messages */
209 #endif
210
211 /*
212 * Checksum contexts
213 */
214 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
215 defined(MBEDTLS_SSL_PROTO_TLS1_1)
216 mbedtls_md5_context fin_md5;
217 mbedtls_sha1_context fin_sha1;
218 #endif
219 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
220 #if defined(MBEDTLS_SHA256_C)
221 mbedtls_sha256_context fin_sha256;
222 #endif
223 #if defined(MBEDTLS_SHA512_C)
224 mbedtls_sha512_context fin_sha512;
225 #endif
226 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
227
228 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
229 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
230 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
231 int (*tls_prf)(const unsigned char *, size_t, const char *,
232 const unsigned char *, size_t,
233 unsigned char *, size_t);
234
235 size_t pmslen; /*!< premaster length */
236
237 unsigned char randbytes[64]; /*!< random bytes */
238 unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
239 /*!< premaster secret */
240
241 int resume; /*!< session resume indicator*/
242 int max_major_ver; /*!< max. major version client*/
243 int max_minor_ver; /*!< max. minor version client*/
244 int cli_exts; /*!< client extension presence*/
245
246 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
247 int new_session_ticket; /*!< use NewSessionTicket? */
248 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
249 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
250 int extended_ms; /*!< use Extended Master Secret? */
251 #endif
252 };
253
254 /*
255 * This structure contains a full set of runtime transform parameters
256 * either in negotiation or active.
257 */
258 struct mbedtls_ssl_transform
259 {
260 /*
261 * Session specific crypto layer
262 */
263 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
264 /*!< Chosen cipersuite_info */
265 unsigned int keylen; /*!< symmetric key length (bytes) */
266 size_t minlen; /*!< min. ciphertext length */
267 size_t ivlen; /*!< IV length */
268 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
269 size_t maclen; /*!< MAC length */
270
271 unsigned char iv_enc[16]; /*!< IV (encryption) */
272 unsigned char iv_dec[16]; /*!< IV (decryption) */
273
274 #if defined(MBEDTLS_SSL_PROTO_SSL3)
275 /* Needed only for SSL v3.0 secret */
276 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
277 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
278 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
279
280 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
281 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
282
283 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
284 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
285
286 /*
287 * Session specific compression layer
288 */
289 #if defined(MBEDTLS_ZLIB_SUPPORT)
290 z_stream ctx_deflate; /*!< compression context */
291 z_stream ctx_inflate; /*!< decompression context */
292 #endif
293 };
294
295 #if defined(MBEDTLS_X509_CRT_PARSE_C)
296 /*
297 * List of certificate + private key pairs
298 */
299 struct mbedtls_ssl_key_cert
300 {
301 mbedtls_x509_crt *cert; /*!< cert */
302 mbedtls_pk_context *key; /*!< private key */
303 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
304 };
305 #endif /* MBEDTLS_X509_CRT_PARSE_C */
306
307 #if defined(MBEDTLS_SSL_PROTO_DTLS)
308 /*
309 * List of handshake messages kept around for resending
310 */
311 struct mbedtls_ssl_flight_item
312 {
313 unsigned char *p; /*!< message, including handshake headers */
314 size_t len; /*!< length of p */
315 unsigned char type; /*!< type of the message: handshake or CCS */
316 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
317 };
318 #endif /* MBEDTLS_SSL_PROTO_DTLS */
319
320
321 /**
322 * \brief Free referenced items in an SSL transform context and clear
323 * memory
324 *
325 * \param transform SSL transform context
326 */
327 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
328
329 /**
330 * \brief Free referenced items in an SSL handshake context and clear
331 * memory
332 *
333 * \param handshake SSL handshake context
334 */
335 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
336
337 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
338 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
339 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
340
341 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
342
343 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
344 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
345
346 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
347 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
348
349 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
350 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
351
352 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
353 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
354
355 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
356 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
357
358 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
359 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
360
361 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
362 const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
363
364 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
365 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
366 #endif
367
368 #if defined(MBEDTLS_PK_C)
369 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
370 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
371 #endif
372
373 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
374 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
375
376 #if defined(MBEDTLS_ECP_C)
377 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
378 #endif
379
380 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
381 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
382 mbedtls_md_type_t md );
383 #endif
384
385 #if defined(MBEDTLS_X509_CRT_PARSE_C)
386 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
387 {
388 mbedtls_ssl_key_cert *key_cert;
389
390 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
391 key_cert = ssl->handshake->key_cert;
392 else
393 key_cert = ssl->conf->key_cert;
394
395 return( key_cert == NULL ? NULL : key_cert->key );
396 }
397
398 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
399 {
400 mbedtls_ssl_key_cert *key_cert;
401
402 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
403 key_cert = ssl->handshake->key_cert;
404 else
405 key_cert = ssl->conf->key_cert;
406
407 return( key_cert == NULL ? NULL : key_cert->cert );
408 }
409
410 /*
411 * Check usage of a certificate wrt extensions:
412 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
413 *
414 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
415 * check a cert we received from them)!
416 *
417 * Return 0 if everything is OK, -1 if not.
418 */
419 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
420 const mbedtls_ssl_ciphersuite_t *ciphersuite,
421 int cert_endpoint,
422 uint32_t *flags );
423 #endif /* MBEDTLS_X509_CRT_PARSE_C */
424
425 void mbedtls_ssl_write_version( int major, int minor, int transport,
426 unsigned char ver[2] );
427 void mbedtls_ssl_read_version( int *major, int *minor, int transport,
428 const unsigned char ver[2] );
429
430 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
431 {
432 #if defined(MBEDTLS_SSL_PROTO_DTLS)
433 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
434 return( 13 );
435 #else
436 ((void) ssl);
437 #endif
438 return( 5 );
439 }
440
441 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
442 {
443 #if defined(MBEDTLS_SSL_PROTO_DTLS)
444 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
445 return( 12 );
446 #else
447 ((void) ssl);
448 #endif
449 return( 4 );
450 }
451
452 #if defined(MBEDTLS_SSL_PROTO_DTLS)
453 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
454 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
455 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
456 #endif
457
458 /* Visible for testing purposes only */
459 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
460 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
461 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
462 #endif
463
464 /* constant-time buffer comparison */
465 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
466 {
467 size_t i;
468 const unsigned char *A = (const unsigned char *) a;
469 const unsigned char *B = (const unsigned char *) b;
470 unsigned char diff = 0;
471
472 for( i = 0; i < n; i++ )
473 diff |= A[i] ^ B[i];
474
475 return( diff );
476 }
477
478 #ifdef __cplusplus
479 }
480 #endif
481
482 #endif /* ssl_internal.h */
A free Windows-compatible Operating System