| /** |
| * \file ssl_ticket.h |
| * |
| * \brief Internal functions shared by the SSL modules |
| * |
| * Copyright (C) 2015, ARM Limited, All Rights Reserved |
| * |
| * This file is part of mbed TLS (https://tls.mbed.org) |
| * |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of the GNU General Public License as published by |
| * the Free Software Foundation; either version 2 of the License, or |
| * (at your option) any later version. |
| * |
| * This program is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * GNU General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License along |
| * with this program; if not, write to the Free Software Foundation, Inc., |
| * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| */ |
| #ifndef MBEDTLS_SSL_INTERNAL_H |
| #define MBEDTLS_SSL_INTERNAL_H |
| |
| #include "ssl.h" |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); |
| int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); |
| void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); |
| |
| int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); |
| |
| void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); |
| int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); |
| |
| int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ); |
| int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); |
| |
| int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ); |
| int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); |
| |
| int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); |
| int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); |
| |
| int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); |
| int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); |
| |
| int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); |
| int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); |
| |
| void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, |
| const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); |
| |
| #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); |
| #endif |
| |
| #if defined(MBEDTLS_PK_C) |
| unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); |
| mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); |
| #endif |
| |
| mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); |
| |
| #if defined(MBEDTLS_SSL_SET_CURVES) |
| int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); |
| #endif |
| |
| #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) |
| { |
| mbedtls_ssl_key_cert *key_cert; |
| |
| if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) |
| key_cert = ssl->handshake->key_cert; |
| else |
| key_cert = ssl->conf->key_cert; |
| |
| return( key_cert == NULL ? NULL : key_cert->key ); |
| } |
| |
| static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) |
| { |
| mbedtls_ssl_key_cert *key_cert; |
| |
| if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) |
| key_cert = ssl->handshake->key_cert; |
| else |
| key_cert = ssl->conf->key_cert; |
| |
| return( key_cert == NULL ? NULL : key_cert->cert ); |
| } |
| |
| /* |
| * Check usage of a certificate wrt extensions: |
| * keyUsage, extendedKeyUsage (later), and nSCertType (later). |
| * |
| * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we |
| * check a cert we received from them)! |
| * |
| * Return 0 if everything is OK, -1 if not. |
| */ |
| int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, |
| const mbedtls_ssl_ciphersuite_t *ciphersuite, |
| int cert_endpoint, |
| uint32_t *flags ); |
| #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| |
| void mbedtls_ssl_write_version( int major, int minor, int transport, |
| unsigned char ver[2] ); |
| void mbedtls_ssl_read_version( int *major, int *minor, int transport, |
| const unsigned char ver[2] ); |
| |
| static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl ) |
| { |
| #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| return( 13 ); |
| #else |
| ((void) ssl); |
| #endif |
| return( 5 ); |
| } |
| |
| static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) |
| { |
| #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| return( 12 ); |
| #else |
| ((void) ssl); |
| #endif |
| return( 4 ); |
| } |
| |
| #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); |
| void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); |
| int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); |
| #endif |
| |
| /* Visible for testing purposes only */ |
| #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ); |
| void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); |
| #endif |
| |
| /* constant-time buffer comparison */ |
| static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) |
| { |
| size_t i; |
| const unsigned char *A = (const unsigned char *) a; |
| const unsigned char *B = (const unsigned char *) b; |
| unsigned char diff = 0; |
| |
| for( i = 0; i < n; i++ ) |
| diff |= A[i] ^ B[i]; |
| |
| return( diff ); |
| } |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif /* ssl_internal.h */ |