projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[CRT] Massively improve performance of rand_s
[reactos.git] / sdk / include / reactos / libs / mbedtls / ssl_internal.h
1 /**
2 * \file ssl_internal.h
3 *
4 * \brief Internal functions shared by the SSL modules
5 */
6 /*
7 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 *
10 * This file is provided under the Apache License 2.0, or the
11 * GNU General Public License v2.0 or later.
12 *
13 * **********
14 * Apache License 2.0:
15 *
16 * Licensed under the Apache License, Version 2.0 (the "License"); you may
17 * not use this file except in compliance with the License.
18 * You may obtain a copy of the License at
19 *
20 * http://www.apache.org/licenses/LICENSE-2.0
21 *
22 * Unless required by applicable law or agreed to in writing, software
23 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
24 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25 * See the License for the specific language governing permissions and
26 * limitations under the License.
27 *
28 * **********
29 *
30 * **********
31 * GNU General Public License v2.0 or later:
32 *
33 * This program is free software; you can redistribute it and/or modify
34 * it under the terms of the GNU General Public License as published by
35 * the Free Software Foundation; either version 2 of the License, or
36 * (at your option) any later version.
37 *
38 * This program is distributed in the hope that it will be useful,
39 * but WITHOUT ANY WARRANTY; without even the implied warranty of
40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41 * GNU General Public License for more details.
42 *
43 * You should have received a copy of the GNU General Public License along
44 * with this program; if not, write to the Free Software Foundation, Inc.,
45 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
46 *
47 * **********
48 *
49 * This file is part of mbed TLS (https://tls.mbed.org)
50 */
51 #ifndef MBEDTLS_SSL_INTERNAL_H
52 #define MBEDTLS_SSL_INTERNAL_H
53
54 #if !defined(MBEDTLS_CONFIG_FILE)
55 #include "config.h"
56 #else
57 #include MBEDTLS_CONFIG_FILE
58 #endif
59
60 #include "ssl.h"
61 #include "cipher.h"
62
63 #if defined(MBEDTLS_MD5_C)
64 #include "md5.h"
65 #endif
66
67 #if defined(MBEDTLS_SHA1_C)
68 #include "sha1.h"
69 #endif
70
71 #if defined(MBEDTLS_SHA256_C)
72 #include "sha256.h"
73 #endif
74
75 #if defined(MBEDTLS_SHA512_C)
76 #include "sha512.h"
77 #endif
78
79 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
80 #include "ecjpake.h"
81 #endif
82
83 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
84 !defined(inline) && !defined(__cplusplus)
85 #define inline __inline
86 #endif
87
88 /* Determine minimum supported version */
89 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
90
91 #if defined(MBEDTLS_SSL_PROTO_SSL3)
92 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
93 #else
94 #if defined(MBEDTLS_SSL_PROTO_TLS1)
95 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
96 #else
97 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
98 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
99 #else
100 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
101 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
102 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
103 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
104 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
105 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
106
107 #define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
108 #define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
109
110 /* Determine maximum supported version */
111 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
112
113 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
114 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
115 #else
116 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
117 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
118 #else
119 #if defined(MBEDTLS_SSL_PROTO_TLS1)
120 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
121 #else
122 #if defined(MBEDTLS_SSL_PROTO_SSL3)
123 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
124 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
125 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
126 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
127 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
128
129 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
130 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
131 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
132 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
133
134 /*
135 * DTLS retransmission states, see RFC 6347 4.2.4
136 *
137 * The SENDING state is merged in PREPARING for initial sends,
138 * but is distinct for resends.
139 *
140 * Note: initial state is wrong for server, but is not used anyway.
141 */
142 #define MBEDTLS_SSL_RETRANS_PREPARING 0
143 #define MBEDTLS_SSL_RETRANS_SENDING 1
144 #define MBEDTLS_SSL_RETRANS_WAITING 2
145 #define MBEDTLS_SSL_RETRANS_FINISHED 3
146
147 /*
148 * Allow extra bytes for record, authentication and encryption overhead:
149 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
150 * and allow for a maximum of 1024 of compression expansion if
151 * enabled.
152 */
153 #if defined(MBEDTLS_ZLIB_SUPPORT)
154 #define MBEDTLS_SSL_COMPRESSION_ADD 1024
155 #else
156 #define MBEDTLS_SSL_COMPRESSION_ADD 0
157 #endif
158
159 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
160 /* Ciphersuites using HMAC */
161 #if defined(MBEDTLS_SHA512_C)
162 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
163 #elif defined(MBEDTLS_SHA256_C)
164 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
165 #else
166 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
167 #endif
168 #else
169 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
170 #define MBEDTLS_SSL_MAC_ADD 16
171 #endif
172
173 #if defined(MBEDTLS_CIPHER_MODE_CBC)
174 #define MBEDTLS_SSL_PADDING_ADD 256
175 #else
176 #define MBEDTLS_SSL_PADDING_ADD 0
177 #endif
178
179 #define MBEDTLS_SSL_PAYLOAD_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
180 + MBEDTLS_SSL_COMPRESSION_ADD \
181 + MBEDTLS_MAX_IV_LENGTH \
182 + MBEDTLS_SSL_MAC_ADD \
183 + MBEDTLS_SSL_PADDING_ADD \
184 )
185
186 /* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
187 #define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534
188
189 /* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
190 #define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
191
192 /*
193 * Check that we obey the standard's message size bounds
194 */
195
196 #if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
197 #error Bad configuration - record content too large.
198 #endif
199
200 #if MBEDTLS_SSL_PAYLOAD_LEN > 16384 + 2048
201 #error Bad configuration - protected record payload too large.
202 #endif
203
204 /* Note: Even though the TLS record header is only 5 bytes
205 long, we're internally using 8 bytes to store the
206 implicit sequence number. */
207 #define MBEDTLS_SSL_HEADER_LEN 13
208
209 #define MBEDTLS_SSL_BUFFER_LEN \
210 ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) )
211
212 /*
213 * TLS extension flags (for extensions with outgoing ServerHello content
214 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
215 * of state of the renegotiation flag, so no indicator is required)
216 */
217 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
218 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
219
220 /**
221 * \brief This function checks if the remaining size in a buffer is
222 * greater or equal than a needed space.
223 *
224 * \param cur Pointer to the current position in the buffer.
225 * \param end Pointer to one past the end of the buffer.
226 * \param need Needed space in bytes.
227 *
228 * \return Zero if the needed space is available in the buffer, non-zero
229 * otherwise.
230 */
231 static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
232 const uint8_t *end, size_t need )
233 {
234 return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
235 }
236
237 /**
238 * \brief This macro checks if the remaining size in a buffer is
239 * greater or equal than a needed space. If it is not the case,
240 * it returns an SSL_BUFFER_TOO_SMALL error.
241 *
242 * \param cur Pointer to the current position in the buffer.
243 * \param end Pointer to one past the end of the buffer.
244 * \param need Needed space in bytes.
245 *
246 */
247 #define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \
248 do { \
249 if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
250 { \
251 return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \
252 } \
253 } while( 0 )
254
255 #ifdef __cplusplus
256 extern "C" {
257 #endif
258
259 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
260 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
261 /*
262 * Abstraction for a grid of allowed signature-hash-algorithm pairs.
263 */
264 struct mbedtls_ssl_sig_hash_set_t
265 {
266 /* At the moment, we only need to remember a single suitable
267 * hash algorithm per signature algorithm. As long as that's
268 * the case - and we don't need a general lookup function -
269 * we can implement the sig-hash-set as a map from signatures
270 * to hash algorithms. */
271 mbedtls_md_type_t rsa;
272 mbedtls_md_type_t ecdsa;
273 };
274 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
275 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
276
277 /*
278 * This structure contains the parameters only needed during handshake.
279 */
280 struct mbedtls_ssl_handshake_params
281 {
282 /*
283 * Handshake specific crypto variables
284 */
285
286 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
287 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
288 mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
289 #endif
290 #if defined(MBEDTLS_DHM_C)
291 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
292 #endif
293 #if defined(MBEDTLS_ECDH_C)
294 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
295 #endif
296 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
297 mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
298 #if defined(MBEDTLS_SSL_CLI_C)
299 unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */
300 size_t ecjpake_cache_len; /*!< Length of cached data */
301 #endif
302 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
303 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
304 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
305 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
306 #endif
307 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
308 unsigned char *psk; /*!< PSK from the callback */
309 size_t psk_len; /*!< Length of PSK from callback */
310 #endif
311 #if defined(MBEDTLS_X509_CRT_PARSE_C)
312 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
313 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
314 int sni_authmode; /*!< authmode from SNI callback */
315 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
316 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
317 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
318 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
319 #endif /* MBEDTLS_X509_CRT_PARSE_C */
320 #if defined(MBEDTLS_SSL_PROTO_DTLS)
321 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
322 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
323
324 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
325 Srv: unused */
326 unsigned char verify_cookie_len; /*!< Cli: cookie length
327 Srv: flag for sending a cookie */
328
329 unsigned char *hs_msg; /*!< Reassembled handshake message */
330
331 uint32_t retransmit_timeout; /*!< Current value of timeout */
332 unsigned char retransmit_state; /*!< Retransmission state */
333 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
334 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
335 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
336 flight being received */
337 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
338 resending messages */
339 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
340 for resending messages */
341 #endif /* MBEDTLS_SSL_PROTO_DTLS */
342
343 /*
344 * Checksum contexts
345 */
346 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
347 defined(MBEDTLS_SSL_PROTO_TLS1_1)
348 mbedtls_md5_context fin_md5;
349 mbedtls_sha1_context fin_sha1;
350 #endif
351 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
352 #if defined(MBEDTLS_SHA256_C)
353 mbedtls_sha256_context fin_sha256;
354 #endif
355 #if defined(MBEDTLS_SHA512_C)
356 mbedtls_sha512_context fin_sha512;
357 #endif
358 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
359
360 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
361 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
362 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
363 int (*tls_prf)(const unsigned char *, size_t, const char *,
364 const unsigned char *, size_t,
365 unsigned char *, size_t);
366
367 size_t pmslen; /*!< premaster length */
368
369 unsigned char randbytes[64]; /*!< random bytes */
370 unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
371 /*!< premaster secret */
372
373 int resume; /*!< session resume indicator*/
374 int max_major_ver; /*!< max. major version client*/
375 int max_minor_ver; /*!< max. minor version client*/
376 int cli_exts; /*!< client extension presence*/
377
378 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
379 int new_session_ticket; /*!< use NewSessionTicket? */
380 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
381 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
382 int extended_ms; /*!< use Extended Master Secret? */
383 #endif
384 };
385
386 /*
387 * This structure contains a full set of runtime transform parameters
388 * either in negotiation or active.
389 */
390 struct mbedtls_ssl_transform
391 {
392 /*
393 * Session specific crypto layer
394 */
395 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
396 /*!< Chosen cipersuite_info */
397 unsigned int keylen; /*!< symmetric key length (bytes) */
398 size_t minlen; /*!< min. ciphertext length */
399 size_t ivlen; /*!< IV length */
400 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
401 size_t maclen; /*!< MAC length */
402
403 unsigned char iv_enc[16]; /*!< IV (encryption) */
404 unsigned char iv_dec[16]; /*!< IV (decryption) */
405
406 #if defined(MBEDTLS_SSL_PROTO_SSL3)
407 /* Needed only for SSL v3.0 secret */
408 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
409 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
410 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
411
412 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
413 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
414
415 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
416 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
417
418 /*
419 * Session specific compression layer
420 */
421 #if defined(MBEDTLS_ZLIB_SUPPORT)
422 z_stream ctx_deflate; /*!< compression context */
423 z_stream ctx_inflate; /*!< decompression context */
424 #endif
425 };
426
427 #if defined(MBEDTLS_X509_CRT_PARSE_C)
428 /*
429 * List of certificate + private key pairs
430 */
431 struct mbedtls_ssl_key_cert
432 {
433 mbedtls_x509_crt *cert; /*!< cert */
434 mbedtls_pk_context *key; /*!< private key */
435 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
436 };
437 #endif /* MBEDTLS_X509_CRT_PARSE_C */
438
439 #if defined(MBEDTLS_SSL_PROTO_DTLS)
440 /*
441 * List of handshake messages kept around for resending
442 */
443 struct mbedtls_ssl_flight_item
444 {
445 unsigned char *p; /*!< message, including handshake headers */
446 size_t len; /*!< length of p */
447 unsigned char type; /*!< type of the message: handshake or CCS */
448 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
449 };
450 #endif /* MBEDTLS_SSL_PROTO_DTLS */
451
452 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
453 defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
454
455 /* Find an entry in a signature-hash set matching a given hash algorithm. */
456 mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
457 mbedtls_pk_type_t sig_alg );
458 /* Add a signature-hash-pair to a signature-hash set */
459 void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
460 mbedtls_pk_type_t sig_alg,
461 mbedtls_md_type_t md_alg );
462 /* Allow exactly one hash algorithm for each signature. */
463 void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
464 mbedtls_md_type_t md_alg );
465
466 /* Setup an empty signature-hash set */
467 static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set )
468 {
469 mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE );
470 }
471
472 #endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
473 MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
474
475 /**
476 * \brief Free referenced items in an SSL transform context and clear
477 * memory
478 *
479 * \param transform SSL transform context
480 */
481 void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
482
483 /**
484 * \brief Free referenced items in an SSL handshake context and clear
485 * memory
486 *
487 * \param handshake SSL handshake context
488 */
489 void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
490
491 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
492 int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
493 void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
494
495 int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
496
497 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
498 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
499
500 int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl );
501 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
502 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
503 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
504
505 /**
506 * \brief Update record layer
507 *
508 * This function roughly separates the implementation
509 * of the logic of (D)TLS from the implementation
510 * of the secure transport.
511 *
512 * \param ssl SSL context to use
513 *
514 * \return 0 or non-zero error code.
515 *
516 * \note A clarification on what is called 'record layer' here
517 * is in order, as many sensible definitions are possible:
518 *
519 * The record layer takes as input an untrusted underlying
520 * transport (stream or datagram) and transforms it into
521 * a serially multiplexed, secure transport, which
522 * conceptually provides the following:
523 *
524 * (1) Three datagram based, content-agnostic transports
525 * for handshake, alert and CCS messages.
526 * (2) One stream- or datagram-based transport
527 * for application data.
528 * (3) Functionality for changing the underlying transform
529 * securing the contents.
530 *
531 * The interface to this functionality is given as follows:
532 *
533 * a Updating
534 * [Currently implemented by mbedtls_ssl_read_record]
535 *
536 * Check if and on which of the four 'ports' data is pending:
537 * Nothing, a controlling datagram of type (1), or application
538 * data (2). In any case data is present, internal buffers
539 * provide access to the data for the user to process it.
540 * Consumption of type (1) datagrams is done automatically
541 * on the next update, invalidating that the internal buffers
542 * for previous datagrams, while consumption of application
543 * data (2) is user-controlled.
544 *
545 * b Reading of application data
546 * [Currently manual adaption of ssl->in_offt pointer]
547 *
548 * As mentioned in the last paragraph, consumption of data
549 * is different from the automatic consumption of control
550 * datagrams (1) because application data is treated as a stream.
551 *
552 * c Tracking availability of application data
553 * [Currently manually through decreasing ssl->in_msglen]
554 *
555 * For efficiency and to retain datagram semantics for
556 * application data in case of DTLS, the record layer
557 * provides functionality for checking how much application
558 * data is still available in the internal buffer.
559 *
560 * d Changing the transformation securing the communication.
561 *
562 * Given an opaque implementation of the record layer in the
563 * above sense, it should be possible to implement the logic
564 * of (D)TLS on top of it without the need to know anything
565 * about the record layer's internals. This is done e.g.
566 * in all the handshake handling functions, and in the
567 * application data reading function mbedtls_ssl_read.
568 *
569 * \note The above tries to give a conceptual picture of the
570 * record layer, but the current implementation deviates
571 * from it in some places. For example, our implementation of
572 * the update functionality through mbedtls_ssl_read_record
573 * discards datagrams depending on the current state, which
574 * wouldn't fall under the record layer's responsibility
575 * following the above definition.
576 *
577 */
578 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
579 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
580
581 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
582 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
583
584 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
585 int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
586
587 int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
588 int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
589
590 int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
591 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
592
593 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
594 const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
595
596 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
597 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
598 #endif
599
600 #if defined(MBEDTLS_PK_C)
601 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
602 unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
603 mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
604 #endif
605
606 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
607 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
608 int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
609
610 #if defined(MBEDTLS_ECP_C)
611 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
612 #endif
613
614 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
615 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
616 mbedtls_md_type_t md );
617 #endif
618
619 #if defined(MBEDTLS_X509_CRT_PARSE_C)
620 static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
621 {
622 mbedtls_ssl_key_cert *key_cert;
623
624 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
625 key_cert = ssl->handshake->key_cert;
626 else
627 key_cert = ssl->conf->key_cert;
628
629 return( key_cert == NULL ? NULL : key_cert->key );
630 }
631
632 static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
633 {
634 mbedtls_ssl_key_cert *key_cert;
635
636 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
637 key_cert = ssl->handshake->key_cert;
638 else
639 key_cert = ssl->conf->key_cert;
640
641 return( key_cert == NULL ? NULL : key_cert->cert );
642 }
643
644 /*
645 * Check usage of a certificate wrt extensions:
646 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
647 *
648 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
649 * check a cert we received from them)!
650 *
651 * Return 0 if everything is OK, -1 if not.
652 */
653 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
654 const mbedtls_ssl_ciphersuite_t *ciphersuite,
655 int cert_endpoint,
656 uint32_t *flags );
657 #endif /* MBEDTLS_X509_CRT_PARSE_C */
658
659 void mbedtls_ssl_write_version( int major, int minor, int transport,
660 unsigned char ver[2] );
661 void mbedtls_ssl_read_version( int *major, int *minor, int transport,
662 const unsigned char ver[2] );
663
664 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
665 {
666 #if defined(MBEDTLS_SSL_PROTO_DTLS)
667 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
668 return( 13 );
669 #else
670 ((void) ssl);
671 #endif
672 return( 5 );
673 }
674
675 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
676 {
677 #if defined(MBEDTLS_SSL_PROTO_DTLS)
678 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
679 return( 12 );
680 #else
681 ((void) ssl);
682 #endif
683 return( 4 );
684 }
685
686 #if defined(MBEDTLS_SSL_PROTO_DTLS)
687 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
688 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
689 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
690 #endif
691
692 /* Visible for testing purposes only */
693 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
694 int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
695 void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
696 #endif
697
698 /* constant-time buffer comparison */
699 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
700 {
701 size_t i;
702 volatile const unsigned char *A = (volatile const unsigned char *) a;
703 volatile const unsigned char *B = (volatile const unsigned char *) b;
704 volatile unsigned char diff = 0;
705
706 for( i = 0; i < n; i++ )
707 {
708 /* Read volatile data in order before computing diff.
709 * This avoids IAR compiler warning:
710 * 'the order of volatile accesses is undefined ..' */
711 unsigned char x = A[i], y = B[i];
712 diff |= x ^ y;
713 }
714
715 return( diff );
716 }
717
718 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
719 defined(MBEDTLS_SSL_PROTO_TLS1_1)
720 int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
721 unsigned char *output,
722 unsigned char *data, size_t data_len );
723 #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
724 MBEDTLS_SSL_PROTO_TLS1_1 */
725
726 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
727 defined(MBEDTLS_SSL_PROTO_TLS1_2)
728 int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
729 unsigned char *output,
730 unsigned char *data, size_t data_len,
731 mbedtls_md_type_t md_alg );
732 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
733 MBEDTLS_SSL_PROTO_TLS1_2 */
734
735 #ifdef __cplusplus
736 }
737 #endif
738
739 #endif /* ssl_internal.h */
A free Windows-compatible Operating System