Add CID field to internal structure representing TLS records
This commit adds a static array `cid` to the internal structure
`mbedtls_record` representing encrypted and decrypted TLS records.
The expected evolution of state of this field is as follows:
- When handling an incoming record, the caller of `mbedtls_decrypt_buf()`
has to make sure the CID array field in `mbedtls_record` has been
properly set. Concretely, it will be copied from the CID from the record
header during record parsing.
- During decryption in `mbedtls_decrypt_buf()`, the transforms
incoming CID is compared to the CID in the `mbedtls_record`
structure representing the record to be decrypted.
- For an outgoing TLS record, the caller of `mbedtls_encrypt_buf()`
clears the CID in the `mbedtls_record` structure.
- During encryption in `mbedtls_encrypt_buf()`, the CID field in
`mbedtls_record` will be copied from the out-CID in the transform.
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 5f3e27b..162f235 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -610,6 +610,12 @@
* make space for the fixed IV.
*
*/
+#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
+#define SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX
+#else
+#define SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
+#endif
+
typedef struct
{
uint8_t ctr[8]; /*!< Record sequence number */
@@ -621,6 +627,11 @@
size_t data_offset; /*!< Offset of record content */
size_t data_len; /*!< Length of record content */
+#if defined(MBEDTLS_SSL_CID)
+ uint8_t cid_len;
+ unsigned char cid[ SSL_CID_LEN_MAX ];
+#endif /* MBEDTLS_SSL_CID */
+
} mbedtls_record;
#if defined(MBEDTLS_X509_CRT_PARSE_C)