Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1 | /** |
Chris Jones | 84a773f | 2021-03-05 18:38:47 +0000 | [diff] [blame] | 2 | * \file ssl_misc.h |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 3 | * |
| 4 | * \brief Internal functions shared by the SSL modules |
Darryl Green | a40a101 | 2018-01-05 15:33:17 +0000 | [diff] [blame] | 5 | */ |
| 6 | /* |
Bence Szépkúti | 1e14827 | 2020-08-07 13:07:28 +0200 | [diff] [blame] | 7 | * Copyright The Mbed TLS Contributors |
Manuel Pégourié-Gonnard | 37ff140 | 2015-09-04 14:21:07 +0200 | [diff] [blame] | 8 | * SPDX-License-Identifier: Apache-2.0 |
| 9 | * |
| 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 11 | * not use this file except in compliance with the License. |
| 12 | * You may obtain a copy of the License at |
| 13 | * |
| 14 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 15 | * |
| 16 | * Unless required by applicable law or agreed to in writing, software |
| 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 19 | * See the License for the specific language governing permissions and |
| 20 | * limitations under the License. |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 21 | */ |
Chris Jones | 84a773f | 2021-03-05 18:38:47 +0000 | [diff] [blame] | 22 | #ifndef MBEDTLS_SSL_MISC_H |
| 23 | #define MBEDTLS_SSL_MISC_H |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 24 | |
Bence Szépkúti | c662b36 | 2021-05-27 11:25:03 +0200 | [diff] [blame] | 25 | #include "mbedtls/build_info.h" |
Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 26 | |
Jaeden Amero | 6609aef | 2019-07-04 20:01:14 +0100 | [diff] [blame] | 27 | #include "mbedtls/ssl.h" |
| 28 | #include "mbedtls/cipher.h" |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 29 | |
Przemyslaw Stekiel | b15f33d | 2022-02-10 10:12:12 +0100 | [diff] [blame] | 30 | #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Andrzej Kurek | eb34224 | 2019-01-29 09:14:33 -0500 | [diff] [blame] | 31 | #include "psa/crypto.h" |
Przemyslaw Stekiel | b15f33d | 2022-02-10 10:12:12 +0100 | [diff] [blame] | 32 | #include "mbedtls/psa_util.h" |
Manuel Pégourié-Gonnard | abac037 | 2022-07-18 13:41:11 +0200 | [diff] [blame] | 33 | #include "hash_info.h" |
Andrzej Kurek | eb34224 | 2019-01-29 09:14:33 -0500 | [diff] [blame] | 34 | #endif |
| 35 | |
Manuel Pégourié-Gonnard | 56273da | 2015-05-26 12:19:45 +0200 | [diff] [blame] | 36 | #if defined(MBEDTLS_MD5_C) |
Jaeden Amero | 6609aef | 2019-07-04 20:01:14 +0100 | [diff] [blame] | 37 | #include "mbedtls/md5.h" |
Manuel Pégourié-Gonnard | 56273da | 2015-05-26 12:19:45 +0200 | [diff] [blame] | 38 | #endif |
| 39 | |
| 40 | #if defined(MBEDTLS_SHA1_C) |
Jaeden Amero | 6609aef | 2019-07-04 20:01:14 +0100 | [diff] [blame] | 41 | #include "mbedtls/sha1.h" |
Manuel Pégourié-Gonnard | 56273da | 2015-05-26 12:19:45 +0200 | [diff] [blame] | 42 | #endif |
| 43 | |
| 44 | #if defined(MBEDTLS_SHA256_C) |
Jaeden Amero | 6609aef | 2019-07-04 20:01:14 +0100 | [diff] [blame] | 45 | #include "mbedtls/sha256.h" |
Manuel Pégourié-Gonnard | 56273da | 2015-05-26 12:19:45 +0200 | [diff] [blame] | 46 | #endif |
| 47 | |
| 48 | #if defined(MBEDTLS_SHA512_C) |
Jaeden Amero | 6609aef | 2019-07-04 20:01:14 +0100 | [diff] [blame] | 49 | #include "mbedtls/sha512.h" |
Manuel Pégourié-Gonnard | 56273da | 2015-05-26 12:19:45 +0200 | [diff] [blame] | 50 | #endif |
| 51 | |
Manuel Pégourié-Gonnard | eef142d | 2015-09-16 10:05:04 +0200 | [diff] [blame] | 52 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
Jaeden Amero | 6609aef | 2019-07-04 20:01:14 +0100 | [diff] [blame] | 53 | #include "mbedtls/ecjpake.h" |
Manuel Pégourié-Gonnard | 76cfd3f | 2015-09-15 12:10:54 +0200 | [diff] [blame] | 54 | #endif |
| 55 | |
Jerry Yu | 1bab301 | 2022-01-19 17:43:22 +0800 | [diff] [blame] | 56 | #include "common.h" |
| 57 | |
Manuel Pégourié-Gonnard | 0223ab9 | 2015-10-05 11:40:01 +0100 | [diff] [blame] | 58 | #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ |
| 59 | !defined(inline) && !defined(__cplusplus) |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 60 | #define inline __inline |
Manuel Pégourié-Gonnard | 20af64d | 2015-07-07 18:33:39 +0200 | [diff] [blame] | 61 | #endif |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 62 | |
Manuel Pégourié-Gonnard | 862cde5 | 2017-05-17 11:56:15 +0200 | [diff] [blame] | 63 | /* Shorthand for restartable ECC */ |
Manuel Pégourié-Gonnard | 2350b4e | 2017-05-16 09:26:48 +0200 | [diff] [blame] | 64 | #if defined(MBEDTLS_ECP_RESTARTABLE) && \ |
| 65 | defined(MBEDTLS_SSL_CLI_C) && \ |
| 66 | defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ |
| 67 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) |
Gilles Peskine | eccd888 | 2020-03-10 12:19:08 +0100 | [diff] [blame] | 68 | #define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED |
Manuel Pégourié-Gonnard | 2350b4e | 2017-05-16 09:26:48 +0200 | [diff] [blame] | 69 | #endif |
| 70 | |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 71 | #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 |
| 72 | #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ |
| 73 | #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ |
| 74 | #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ |
| 75 | |
| 76 | /* |
Jerry Yu | 8e7ca04 | 2021-08-26 15:31:37 +0800 | [diff] [blame] | 77 | * Mask of TLS 1.3 handshake extensions used in extensions_present |
| 78 | * of mbedtls_ssl_handshake_params. |
| 79 | */ |
| 80 | #define MBEDTLS_SSL_EXT_NONE 0 |
| 81 | |
| 82 | #define MBEDTLS_SSL_EXT_SERVERNAME ( 1 << 0 ) |
| 83 | #define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ( 1 << 1 ) |
| 84 | #define MBEDTLS_SSL_EXT_STATUS_REQUEST ( 1 << 2 ) |
| 85 | #define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ( 1 << 3 ) |
| 86 | #define MBEDTLS_SSL_EXT_SIG_ALG ( 1 << 4 ) |
| 87 | #define MBEDTLS_SSL_EXT_USE_SRTP ( 1 << 5 ) |
| 88 | #define MBEDTLS_SSL_EXT_HEARTBEAT ( 1 << 6 ) |
| 89 | #define MBEDTLS_SSL_EXT_ALPN ( 1 << 7 ) |
| 90 | #define MBEDTLS_SSL_EXT_SCT ( 1 << 8 ) |
Jerry Yu | 995ecd3 | 2021-08-30 17:53:49 +0800 | [diff] [blame] | 91 | #define MBEDTLS_SSL_EXT_CLI_CERT_TYPE ( 1 << 9 ) |
| 92 | #define MBEDTLS_SSL_EXT_SERV_CERT_TYPE ( 1 << 10 ) |
Jerry Yu | 8e7ca04 | 2021-08-26 15:31:37 +0800 | [diff] [blame] | 93 | #define MBEDTLS_SSL_EXT_PADDING ( 1 << 11 ) |
| 94 | #define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 12 ) |
| 95 | #define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 13 ) |
| 96 | #define MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ( 1 << 14 ) |
| 97 | #define MBEDTLS_SSL_EXT_COOKIE ( 1 << 15 ) |
| 98 | #define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ( 1 << 16 ) |
| 99 | #define MBEDTLS_SSL_EXT_CERT_AUTH ( 1 << 17 ) |
| 100 | #define MBEDTLS_SSL_EXT_OID_FILTERS ( 1 << 18 ) |
| 101 | #define MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ( 1 << 19 ) |
| 102 | #define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 ) |
| 103 | #define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 ) |
Jerry Yu | 93bcd61 | 2021-08-18 12:47:24 +0800 | [diff] [blame] | 104 | |
Jerry Yu | 5cc8f0a | 2021-08-27 17:21:44 +0800 | [diff] [blame] | 105 | /* |
Jerry Yu | 8c02bb4 | 2021-09-03 21:09:22 +0800 | [diff] [blame] | 106 | * Helper macros for function call with return check. |
Jerry Yu | 5cc8f0a | 2021-08-27 17:21:44 +0800 | [diff] [blame] | 107 | */ |
Jerry Yu | 5cc8f0a | 2021-08-27 17:21:44 +0800 | [diff] [blame] | 108 | /* |
Jerry Yu | 8c02bb4 | 2021-09-03 21:09:22 +0800 | [diff] [blame] | 109 | * Exit when return non-zero value |
Jerry Yu | 5cc8f0a | 2021-08-27 17:21:44 +0800 | [diff] [blame] | 110 | */ |
Jerry Yu | 2c0fbf3 | 2021-09-02 13:53:46 +0800 | [diff] [blame] | 111 | #define MBEDTLS_SSL_PROC_CHK( f ) \ |
Jerry Yu | 65dd2cc | 2021-08-18 16:38:40 +0800 | [diff] [blame] | 112 | do { \ |
Jerry Yu | 2c0fbf3 | 2021-09-02 13:53:46 +0800 | [diff] [blame] | 113 | ret = ( f ); \ |
Jerry Yu | 65dd2cc | 2021-08-18 16:38:40 +0800 | [diff] [blame] | 114 | if( ret != 0 ) \ |
| 115 | { \ |
Jerry Yu | 65dd2cc | 2021-08-18 16:38:40 +0800 | [diff] [blame] | 116 | goto cleanup; \ |
| 117 | } \ |
| 118 | } while( 0 ) |
Jerry Yu | 5cc8f0a | 2021-08-27 17:21:44 +0800 | [diff] [blame] | 119 | /* |
Jerry Yu | 8c02bb4 | 2021-09-03 21:09:22 +0800 | [diff] [blame] | 120 | * Exit when return negative value |
Jerry Yu | 5cc8f0a | 2021-08-27 17:21:44 +0800 | [diff] [blame] | 121 | */ |
Jerry Yu | 2c0fbf3 | 2021-09-02 13:53:46 +0800 | [diff] [blame] | 122 | #define MBEDTLS_SSL_PROC_CHK_NEG( f ) \ |
Jerry Yu | 65dd2cc | 2021-08-18 16:38:40 +0800 | [diff] [blame] | 123 | do { \ |
Jerry Yu | 2c0fbf3 | 2021-09-02 13:53:46 +0800 | [diff] [blame] | 124 | ret = ( f ); \ |
Jerry Yu | 65dd2cc | 2021-08-18 16:38:40 +0800 | [diff] [blame] | 125 | if( ret < 0 ) \ |
| 126 | { \ |
Jerry Yu | 65dd2cc | 2021-08-18 16:38:40 +0800 | [diff] [blame] | 127 | goto cleanup; \ |
| 128 | } \ |
| 129 | } while( 0 ) |
| 130 | |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 131 | /* |
| 132 | * DTLS retransmission states, see RFC 6347 4.2.4 |
| 133 | * |
| 134 | * The SENDING state is merged in PREPARING for initial sends, |
| 135 | * but is distinct for resends. |
| 136 | * |
| 137 | * Note: initial state is wrong for server, but is not used anyway. |
| 138 | */ |
| 139 | #define MBEDTLS_SSL_RETRANS_PREPARING 0 |
| 140 | #define MBEDTLS_SSL_RETRANS_SENDING 1 |
| 141 | #define MBEDTLS_SSL_RETRANS_WAITING 2 |
| 142 | #define MBEDTLS_SSL_RETRANS_FINISHED 3 |
| 143 | |
| 144 | /* |
| 145 | * Allow extra bytes for record, authentication and encryption overhead: |
Mateusz Starzyk | a3a9984 | 2021-02-19 14:27:22 +0100 | [diff] [blame] | 146 | * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256). |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 147 | */ |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 148 | |
TRodziewicz | 4ca18aa | 2021-05-20 14:46:20 +0200 | [diff] [blame] | 149 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Hanno Becker | 0cc4661 | 2020-11-30 08:56:52 +0000 | [diff] [blame] | 150 | |
Manuel Pégourié-Gonnard | 05579c4 | 2020-07-31 12:53:39 +0200 | [diff] [blame] | 151 | /* This macro determines whether CBC is supported. */ |
Manuel Pégourié-Gonnard | 2df1f1f | 2020-07-09 12:11:39 +0200 | [diff] [blame] | 152 | #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ |
| 153 | ( defined(MBEDTLS_AES_C) || \ |
| 154 | defined(MBEDTLS_CAMELLIA_C) || \ |
| 155 | defined(MBEDTLS_ARIA_C) || \ |
| 156 | defined(MBEDTLS_DES_C) ) |
| 157 | #define MBEDTLS_SSL_SOME_SUITES_USE_CBC |
| 158 | #endif |
| 159 | |
Hanno Becker | 0cc4661 | 2020-11-30 08:56:52 +0000 | [diff] [blame] | 160 | /* This macro determines whether a ciphersuite using a |
| 161 | * stream cipher can be used. */ |
| 162 | #if defined(MBEDTLS_CIPHER_NULL_CIPHER) |
| 163 | #define MBEDTLS_SSL_SOME_SUITES_USE_STREAM |
| 164 | #endif |
| 165 | |
TRodziewicz | 0f82ec6 | 2021-05-12 17:49:18 +0200 | [diff] [blame] | 166 | /* This macro determines whether the CBC construct used in TLS 1.2 is supported. */ |
Manuel Pégourié-Gonnard | ed0e864 | 2020-07-21 11:20:30 +0200 | [diff] [blame] | 167 | #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ |
TRodziewicz | 0f82ec6 | 2021-05-12 17:49:18 +0200 | [diff] [blame] | 168 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Manuel Pégourié-Gonnard | ed0e864 | 2020-07-21 11:20:30 +0200 | [diff] [blame] | 169 | #define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC |
| 170 | #endif |
| 171 | |
Hanno Becker | 31351ce | 2021-03-22 11:05:58 +0000 | [diff] [blame] | 172 | #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) || \ |
Manuel Pégourié-Gonnard | 2df1f1f | 2020-07-09 12:11:39 +0200 | [diff] [blame] | 173 | defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) |
Hanno Becker | fd86ca8 | 2020-11-30 08:54:23 +0000 | [diff] [blame] | 174 | #define MBEDTLS_SSL_SOME_SUITES_USE_MAC |
Hanno Becker | 52344c2 | 2018-01-03 15:24:20 +0000 | [diff] [blame] | 175 | #endif |
| 176 | |
Neil Armstrong | f2c82f0 | 2022-04-05 11:16:53 +0200 | [diff] [blame] | 177 | /* This macro determines whether a ciphersuite uses Encrypt-then-MAC with CBC */ |
| 178 | #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ |
| 179 | defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| 180 | #define MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM |
| 181 | #endif |
| 182 | |
TRodziewicz | 4ca18aa | 2021-05-20 14:46:20 +0200 | [diff] [blame] | 183 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Hanno Becker | 0cc4661 | 2020-11-30 08:56:52 +0000 | [diff] [blame] | 184 | |
Hanno Becker | fd86ca8 | 2020-11-30 08:54:23 +0000 | [diff] [blame] | 185 | #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 186 | /* Ciphersuites using HMAC */ |
Mateusz Starzyk | c6d94ab | 2021-05-19 13:31:59 +0200 | [diff] [blame] | 187 | #if defined(MBEDTLS_SHA384_C) |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 188 | #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ |
| 189 | #elif defined(MBEDTLS_SHA256_C) |
| 190 | #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ |
| 191 | #else |
| 192 | #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ |
| 193 | #endif |
Hanno Becker | fd86ca8 | 2020-11-30 08:54:23 +0000 | [diff] [blame] | 194 | #else /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 195 | /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ |
| 196 | #define MBEDTLS_SSL_MAC_ADD 16 |
| 197 | #endif |
| 198 | |
| 199 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
| 200 | #define MBEDTLS_SSL_PADDING_ADD 256 |
| 201 | #else |
| 202 | #define MBEDTLS_SSL_PADDING_ADD 0 |
| 203 | #endif |
| 204 | |
Hanno Becker | a0e20d0 | 2019-05-15 14:03:01 +0100 | [diff] [blame] | 205 | #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
TRodziewicz | e8dd709 | 2021-05-12 14:19:11 +0200 | [diff] [blame] | 206 | #define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY |
Hanno Becker | 6cbad55 | 2019-05-08 15:40:11 +0100 | [diff] [blame] | 207 | #else |
| 208 | #define MBEDTLS_SSL_MAX_CID_EXPANSION 0 |
| 209 | #endif |
| 210 | |
Mateusz Starzyk | a3a9984 | 2021-02-19 14:27:22 +0100 | [diff] [blame] | 211 | #define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_MAX_IV_LENGTH + \ |
Angus Gratton | d8213d0 | 2016-05-25 20:56:48 +1000 | [diff] [blame] | 212 | MBEDTLS_SSL_MAC_ADD + \ |
Hanno Becker | 6cbad55 | 2019-05-08 15:40:11 +0100 | [diff] [blame] | 213 | MBEDTLS_SSL_PADDING_ADD + \ |
| 214 | MBEDTLS_SSL_MAX_CID_EXPANSION \ |
Angus Gratton | d8213d0 | 2016-05-25 20:56:48 +1000 | [diff] [blame] | 215 | ) |
| 216 | |
| 217 | #define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ |
| 218 | ( MBEDTLS_SSL_IN_CONTENT_LEN ) ) |
| 219 | |
| 220 | #define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \ |
| 221 | ( MBEDTLS_SSL_OUT_CONTENT_LEN ) ) |
| 222 | |
Hanno Becker | 0271f96 | 2018-08-16 13:23:47 +0100 | [diff] [blame] | 223 | /* The maximum number of buffered handshake messages. */ |
Hanno Becker | d488b9e | 2018-08-16 16:35:37 +0100 | [diff] [blame] | 224 | #define MBEDTLS_SSL_MAX_BUFFERED_HS 4 |
Hanno Becker | 0271f96 | 2018-08-16 13:23:47 +0100 | [diff] [blame] | 225 | |
Angus Gratton | d8213d0 | 2016-05-25 20:56:48 +1000 | [diff] [blame] | 226 | /* Maximum length we can advertise as our max content length for |
| 227 | RFC 6066 max_fragment_length extension negotiation purposes |
| 228 | (the lesser of both sizes, if they are unequal.) |
| 229 | */ |
| 230 | #define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ( \ |
| 231 | (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN) \ |
| 232 | ? ( MBEDTLS_SSL_OUT_CONTENT_LEN ) \ |
| 233 | : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \ |
| 234 | ) |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 235 | |
Jerry Yu | 4131ec1 | 2022-01-19 10:36:30 +0800 | [diff] [blame] | 236 | /* Maximum size in bytes of list in signature algorithms ext., RFC 5246/8446 */ |
| 237 | #define MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN 65534 |
| 238 | |
Jerry Yu | 8afd6e4 | 2022-01-20 15:54:26 +0800 | [diff] [blame] | 239 | /* Minimum size in bytes of list in signature algorithms ext., RFC 5246/8446 */ |
Jerry Yu | 4131ec1 | 2022-01-19 10:36:30 +0800 | [diff] [blame] | 240 | #define MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN 2 |
Hanno Becker | e131bfe | 2017-04-12 14:54:42 +0100 | [diff] [blame] | 241 | |
| 242 | /* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */ |
| 243 | #define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535 |
| 244 | |
Xiaofei Bai | f5b4d25 | 2022-01-28 06:37:15 +0000 | [diff] [blame] | 245 | #define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20 |
Xiaofei Bai | 82f0a9a | 2022-01-26 09:21:54 +0000 | [diff] [blame] | 246 | |
Gabor Mezei | 15b95a6 | 2022-05-09 16:37:58 +0200 | [diff] [blame] | 247 | #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) |
| 248 | |
Gabor Mezei | 24c7c2b | 2022-05-10 12:51:14 +0200 | [diff] [blame] | 249 | #define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE |
| 250 | |
Gabor Mezei | 15b95a6 | 2022-05-09 16:37:58 +0200 | [diff] [blame] | 251 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Gabor Mezei | 3631cf6 | 2022-05-10 12:59:00 +0200 | [diff] [blame] | 252 | #define MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( sig, hash ) (( hash << 8 ) | sig) |
| 253 | #define MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg & 0xFF) |
| 254 | #define MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg >> 8) |
Gabor Mezei | 15b95a6 | 2022-05-09 16:37:58 +0200 | [diff] [blame] | 255 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| 256 | |
Gabor Mezei | 15b95a6 | 2022-05-09 16:37:58 +0200 | [diff] [blame] | 257 | #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ |
| 258 | |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 259 | /* |
Hanno Becker | a8434e8 | 2017-09-18 10:54:39 +0100 | [diff] [blame] | 260 | * Check that we obey the standard's message size bounds |
| 261 | */ |
| 262 | |
David Horstmann | 95d516f | 2021-05-04 18:36:56 +0100 | [diff] [blame] | 263 | #if MBEDTLS_SSL_IN_CONTENT_LEN > 16384 |
| 264 | #error "Bad configuration - incoming record content too large." |
Hanno Becker | a8434e8 | 2017-09-18 10:54:39 +0100 | [diff] [blame] | 265 | #endif |
| 266 | |
David Horstmann | 95d516f | 2021-05-04 18:36:56 +0100 | [diff] [blame] | 267 | #if MBEDTLS_SSL_OUT_CONTENT_LEN > 16384 |
| 268 | #error "Bad configuration - outgoing record content too large." |
Hanno Becker | a8434e8 | 2017-09-18 10:54:39 +0100 | [diff] [blame] | 269 | #endif |
| 270 | |
David Horstmann | 95d516f | 2021-05-04 18:36:56 +0100 | [diff] [blame] | 271 | #if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_IN_CONTENT_LEN + 2048 |
Angus Gratton | d8213d0 | 2016-05-25 20:56:48 +1000 | [diff] [blame] | 272 | #error "Bad configuration - incoming protected record payload too large." |
| 273 | #endif |
| 274 | |
David Horstmann | 95d516f | 2021-05-04 18:36:56 +0100 | [diff] [blame] | 275 | #if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN + 2048 |
Angus Gratton | d8213d0 | 2016-05-25 20:56:48 +1000 | [diff] [blame] | 276 | #error "Bad configuration - outgoing protected record payload too large." |
| 277 | #endif |
| 278 | |
| 279 | /* Calculate buffer sizes */ |
| 280 | |
Hanno Becker | 25d6d1a | 2017-12-07 08:22:51 +0000 | [diff] [blame] | 281 | /* Note: Even though the TLS record header is only 5 bytes |
| 282 | long, we're internally using 8 bytes to store the |
| 283 | implicit sequence number. */ |
Hanno Becker | d25d444 | 2017-10-04 13:56:42 +0100 | [diff] [blame] | 284 | #define MBEDTLS_SSL_HEADER_LEN 13 |
Hanno Becker | a8434e8 | 2017-09-18 10:54:39 +0100 | [diff] [blame] | 285 | |
Andrzej Kurek | 033c42a | 2020-03-03 05:57:59 -0500 | [diff] [blame] | 286 | #if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
Angus Gratton | d8213d0 | 2016-05-25 20:56:48 +1000 | [diff] [blame] | 287 | #define MBEDTLS_SSL_IN_BUFFER_LEN \ |
| 288 | ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) ) |
Hanno Becker | 6cbad55 | 2019-05-08 15:40:11 +0100 | [diff] [blame] | 289 | #else |
| 290 | #define MBEDTLS_SSL_IN_BUFFER_LEN \ |
| 291 | ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \ |
| 292 | + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) ) |
| 293 | #endif |
Angus Gratton | d8213d0 | 2016-05-25 20:56:48 +1000 | [diff] [blame] | 294 | |
Andrzej Kurek | 033c42a | 2020-03-03 05:57:59 -0500 | [diff] [blame] | 295 | #if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
Angus Gratton | d8213d0 | 2016-05-25 20:56:48 +1000 | [diff] [blame] | 296 | #define MBEDTLS_SSL_OUT_BUFFER_LEN \ |
| 297 | ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) ) |
Hanno Becker | 6cbad55 | 2019-05-08 15:40:11 +0100 | [diff] [blame] | 298 | #else |
| 299 | #define MBEDTLS_SSL_OUT_BUFFER_LEN \ |
| 300 | ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) \ |
| 301 | + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) ) |
| 302 | #endif |
Angus Gratton | d8213d0 | 2016-05-25 20:56:48 +1000 | [diff] [blame] | 303 | |
Jerry Yu | e6d7e5c | 2021-10-26 10:44:32 +0800 | [diff] [blame] | 304 | #define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32 |
| 305 | #define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32 |
| 306 | |
Hanno Becker | 9752aad | 2021-04-21 05:54:33 +0100 | [diff] [blame] | 307 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| 308 | /** |
| 309 | * \brief Return the maximum fragment length (payload, in bytes) for |
| 310 | * the output buffer. For the client, this is the configured |
| 311 | * value. For the server, it is the minimum of two - the |
| 312 | * configured value and the negotiated one. |
| 313 | * |
| 314 | * \sa mbedtls_ssl_conf_max_frag_len() |
| 315 | * \sa mbedtls_ssl_get_max_out_record_payload() |
| 316 | * |
| 317 | * \param ssl SSL context |
| 318 | * |
| 319 | * \return Current maximum fragment length for the output buffer. |
| 320 | */ |
| 321 | size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); |
| 322 | |
| 323 | /** |
| 324 | * \brief Return the maximum fragment length (payload, in bytes) for |
| 325 | * the input buffer. This is the negotiated maximum fragment |
Hanno Becker | df3b863 | 2021-06-08 05:30:45 +0100 | [diff] [blame] | 326 | * length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN. |
Hanno Becker | 9752aad | 2021-04-21 05:54:33 +0100 | [diff] [blame] | 327 | * If it is not defined either, the value is 2^14. This function |
| 328 | * works as its predecessor, \c mbedtls_ssl_get_max_frag_len(). |
| 329 | * |
| 330 | * \sa mbedtls_ssl_conf_max_frag_len() |
| 331 | * \sa mbedtls_ssl_get_max_in_record_payload() |
| 332 | * |
| 333 | * \param ssl SSL context |
| 334 | * |
| 335 | * \return Current maximum fragment length for the output buffer. |
| 336 | */ |
| 337 | size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ); |
| 338 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
| 339 | |
Andrzej Kurek | 0afa2a1 | 2020-03-03 10:39:58 -0500 | [diff] [blame] | 340 | #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) |
Andrzej Kurek | 069fa96 | 2021-01-07 08:02:15 -0500 | [diff] [blame] | 341 | static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx ) |
Andrzej Kurek | 0afa2a1 | 2020-03-03 10:39:58 -0500 | [diff] [blame] | 342 | { |
| 343 | #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) |
Andrzej Kurek | 069fa96 | 2021-01-07 08:02:15 -0500 | [diff] [blame] | 344 | return mbedtls_ssl_get_output_max_frag_len( ctx ) |
Andrzej Kurek | 0afa2a1 | 2020-03-03 10:39:58 -0500 | [diff] [blame] | 345 | + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD |
| 346 | + MBEDTLS_SSL_CID_OUT_LEN_MAX; |
| 347 | #else |
Andrzej Kurek | 069fa96 | 2021-01-07 08:02:15 -0500 | [diff] [blame] | 348 | return mbedtls_ssl_get_output_max_frag_len( ctx ) |
Andrzej Kurek | 0afa2a1 | 2020-03-03 10:39:58 -0500 | [diff] [blame] | 349 | + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; |
| 350 | #endif |
| 351 | } |
| 352 | |
Andrzej Kurek | 069fa96 | 2021-01-07 08:02:15 -0500 | [diff] [blame] | 353 | static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx ) |
Andrzej Kurek | 0afa2a1 | 2020-03-03 10:39:58 -0500 | [diff] [blame] | 354 | { |
| 355 | #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) |
Andrzej Kurek | 069fa96 | 2021-01-07 08:02:15 -0500 | [diff] [blame] | 356 | return mbedtls_ssl_get_input_max_frag_len( ctx ) |
Andrzej Kurek | 0afa2a1 | 2020-03-03 10:39:58 -0500 | [diff] [blame] | 357 | + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD |
| 358 | + MBEDTLS_SSL_CID_IN_LEN_MAX; |
| 359 | #else |
Andrzej Kurek | 069fa96 | 2021-01-07 08:02:15 -0500 | [diff] [blame] | 360 | return mbedtls_ssl_get_input_max_frag_len( ctx ) |
Andrzej Kurek | 0afa2a1 | 2020-03-03 10:39:58 -0500 | [diff] [blame] | 361 | + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; |
| 362 | #endif |
| 363 | } |
| 364 | #endif |
| 365 | |
Hanno Becker | a8434e8 | 2017-09-18 10:54:39 +0100 | [diff] [blame] | 366 | /* |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 367 | * TLS extension flags (for extensions with outgoing ServerHello content |
| 368 | * that need it (e.g. for RENEGOTIATION_INFO the server already knows because |
| 369 | * of state of the renegotiation flag, so no indicator is required) |
| 370 | */ |
| 371 | #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) |
Manuel Pégourié-Gonnard | bf57be6 | 2015-09-16 15:04:01 +0200 | [diff] [blame] | 372 | #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) |
Manuel Pégourié-Gonnard | 065122c | 2015-05-26 12:31:46 +0200 | [diff] [blame] | 373 | |
Hanno Becker | 51018aa | 2017-04-12 14:54:42 +0100 | [diff] [blame] | 374 | /** |
| 375 | * \brief This function checks if the remaining size in a buffer is |
| 376 | * greater or equal than a needed space. |
| 377 | * |
| 378 | * \param cur Pointer to the current position in the buffer. |
| 379 | * \param end Pointer to one past the end of the buffer. |
| 380 | * \param need Needed space in bytes. |
| 381 | * |
Ronald Cron | b7b35e1 | 2020-06-11 09:50:51 +0200 | [diff] [blame] | 382 | * \return Zero if the needed space is available in the buffer, non-zero |
Hanno Becker | 51018aa | 2017-04-12 14:54:42 +0100 | [diff] [blame] | 383 | * otherwise. |
| 384 | */ |
Ronald Cron | ad8c17b | 2022-06-10 17:18:09 +0200 | [diff] [blame] | 385 | #if ! defined(MBEDTLS_TEST_HOOKS) |
Hanno Becker | 51018aa | 2017-04-12 14:54:42 +0100 | [diff] [blame] | 386 | static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, |
| 387 | const uint8_t *end, size_t need ) |
| 388 | { |
Ronald Cron | b7b35e1 | 2020-06-11 09:50:51 +0200 | [diff] [blame] | 389 | return( ( cur > end ) || ( need > (size_t)( end - cur ) ) ); |
Hanno Becker | 51018aa | 2017-04-12 14:54:42 +0100 | [diff] [blame] | 390 | } |
Ronald Cron | ad8c17b | 2022-06-10 17:18:09 +0200 | [diff] [blame] | 391 | #else |
| 392 | typedef struct |
| 393 | { |
| 394 | const uint8_t *cur; |
| 395 | const uint8_t *end; |
| 396 | size_t need; |
| 397 | } mbedtls_ssl_chk_buf_ptr_args; |
| 398 | |
| 399 | void mbedtls_ssl_set_chk_buf_ptr_fail_args( |
| 400 | const uint8_t *cur, const uint8_t *end, size_t need ); |
| 401 | void mbedtls_ssl_reset_chk_buf_ptr_fail_args( void ); |
Ronald Cron | ce7d76e | 2022-07-08 18:56:49 +0200 | [diff] [blame] | 402 | |
| 403 | MBEDTLS_CHECK_RETURN_CRITICAL |
Ronald Cron | ad8c17b | 2022-06-10 17:18:09 +0200 | [diff] [blame] | 404 | int mbedtls_ssl_cmp_chk_buf_ptr_fail_args( mbedtls_ssl_chk_buf_ptr_args *args ); |
| 405 | |
| 406 | static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, |
| 407 | const uint8_t *end, size_t need ) |
| 408 | { |
| 409 | if( ( cur > end ) || ( need > (size_t)( end - cur ) ) ) |
| 410 | { |
| 411 | mbedtls_ssl_set_chk_buf_ptr_fail_args( cur, end, need ); |
| 412 | return( 1 ); |
| 413 | } |
| 414 | return( 0 ); |
| 415 | } |
Ronald Cron | cf600bc | 2022-06-17 15:54:16 +0200 | [diff] [blame] | 416 | #endif /* MBEDTLS_TEST_HOOKS */ |
Hanno Becker | 51018aa | 2017-04-12 14:54:42 +0100 | [diff] [blame] | 417 | |
| 418 | /** |
| 419 | * \brief This macro checks if the remaining size in a buffer is |
| 420 | * greater or equal than a needed space. If it is not the case, |
| 421 | * it returns an SSL_BUFFER_TOO_SMALL error. |
| 422 | * |
| 423 | * \param cur Pointer to the current position in the buffer. |
| 424 | * \param end Pointer to one past the end of the buffer. |
| 425 | * \param need Needed space in bytes. |
| 426 | * |
| 427 | */ |
| 428 | #define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \ |
| 429 | do { \ |
Ronald Cron | b7b35e1 | 2020-06-11 09:50:51 +0200 | [diff] [blame] | 430 | if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \ |
Hanno Becker | 51018aa | 2017-04-12 14:54:42 +0100 | [diff] [blame] | 431 | { \ |
| 432 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \ |
| 433 | } \ |
| 434 | } while( 0 ) |
| 435 | |
Jerry Yu | 34da372 | 2021-09-19 18:05:08 +0800 | [diff] [blame] | 436 | /** |
Jerry Yu | e15e665 | 2021-09-28 21:06:07 +0800 | [diff] [blame] | 437 | * \brief This macro checks if the remaining length in an input buffer is |
| 438 | * greater or equal than a needed length. If it is not the case, it |
Jerry Yu | 205fd82 | 2021-10-08 16:16:24 +0800 | [diff] [blame] | 439 | * returns #MBEDTLS_ERR_SSL_DECODE_ERROR error and pends a |
Jerry Yu | dca3d5d | 2021-10-08 14:19:29 +0800 | [diff] [blame] | 440 | * #MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR alert message. |
Jerry Yu | e4eefc7 | 2021-10-09 10:40:40 +0800 | [diff] [blame] | 441 | * |
| 442 | * This is a function-like macro. It is guaranteed to evaluate each |
| 443 | * argument exactly once. |
Jerry Yu | 34da372 | 2021-09-19 18:05:08 +0800 | [diff] [blame] | 444 | * |
| 445 | * \param cur Pointer to the current position in the buffer. |
| 446 | * \param end Pointer to one past the end of the buffer. |
Jerry Yu | e15e665 | 2021-09-28 21:06:07 +0800 | [diff] [blame] | 447 | * \param need Needed length in bytes. |
Jerry Yu | 34da372 | 2021-09-19 18:05:08 +0800 | [diff] [blame] | 448 | * |
| 449 | */ |
| 450 | #define MBEDTLS_SSL_CHK_BUF_READ_PTR( cur, end, need ) \ |
| 451 | do { \ |
| 452 | if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \ |
| 453 | { \ |
| 454 | MBEDTLS_SSL_DEBUG_MSG( 1, \ |
| 455 | ( "missing input data in %s", __func__ ) ); \ |
| 456 | MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \ |
| 457 | MBEDTLS_ERR_SSL_DECODE_ERROR ); \ |
| 458 | return( MBEDTLS_ERR_SSL_DECODE_ERROR ); \ |
| 459 | } \ |
| 460 | } while( 0 ) |
| 461 | |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 462 | #ifdef __cplusplus |
| 463 | extern "C" { |
| 464 | #endif |
| 465 | |
Ron Eldor | 51d3ab5 | 2019-05-12 14:54:30 +0300 | [diff] [blame] | 466 | typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, |
| 467 | const char *label, |
| 468 | const unsigned char *random, size_t rlen, |
| 469 | unsigned char *dstbuf, size_t dlen ); |
Hanno Becker | 3385a4d | 2020-08-21 13:03:34 +0100 | [diff] [blame] | 470 | |
Hanno Becker | 61baae7 | 2020-09-16 09:24:14 +0100 | [diff] [blame] | 471 | /* cipher.h exports the maximum IV, key and block length from |
Hanno Becker | 1588983 | 2020-09-08 11:29:11 +0100 | [diff] [blame] | 472 | * all ciphers enabled in the config, regardless of whether those |
| 473 | * ciphers are actually usable in SSL/TLS. Notably, XTS is enabled |
| 474 | * in the default configuration and uses 64 Byte keys, but it is |
| 475 | * not used for record protection in SSL/TLS. |
| 476 | * |
| 477 | * In order to prevent unnecessary inflation of key structures, |
| 478 | * we introduce SSL-specific variants of the max-{key,block,IV} |
| 479 | * macros here which are meant to only take those ciphers into |
| 480 | * account which can be negotiated in SSL/TLS. |
| 481 | * |
| 482 | * Since the current definitions of MBEDTLS_MAX_{KEY|BLOCK|IV}_LENGTH |
| 483 | * in cipher.h are rough overapproximations of the real maxima, here |
Hanno Becker | 9a7a2ac | 2020-09-09 09:24:54 +0100 | [diff] [blame] | 484 | * we content ourselves with replicating those overapproximations |
Hanno Becker | 1588983 | 2020-09-08 11:29:11 +0100 | [diff] [blame] | 485 | * for the maximum block and IV length, and excluding XTS from the |
| 486 | * computation of the maximum key length. */ |
| 487 | #define MBEDTLS_SSL_MAX_BLOCK_LENGTH 16 |
| 488 | #define MBEDTLS_SSL_MAX_IV_LENGTH 16 |
| 489 | #define MBEDTLS_SSL_MAX_KEY_LENGTH 32 |
| 490 | |
Hanno Becker | 3385a4d | 2020-08-21 13:03:34 +0100 | [diff] [blame] | 491 | /** |
| 492 | * \brief The data structure holding the cryptographic material (key and IV) |
| 493 | * used for record protection in TLS 1.3. |
| 494 | */ |
| 495 | struct mbedtls_ssl_key_set |
| 496 | { |
| 497 | /*! The key for client->server records. */ |
Hanno Becker | 1588983 | 2020-09-08 11:29:11 +0100 | [diff] [blame] | 498 | unsigned char client_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ]; |
Hanno Becker | 3385a4d | 2020-08-21 13:03:34 +0100 | [diff] [blame] | 499 | /*! The key for server->client records. */ |
Hanno Becker | 1588983 | 2020-09-08 11:29:11 +0100 | [diff] [blame] | 500 | unsigned char server_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ]; |
Hanno Becker | 3385a4d | 2020-08-21 13:03:34 +0100 | [diff] [blame] | 501 | /*! The IV for client->server records. */ |
Hanno Becker | 1588983 | 2020-09-08 11:29:11 +0100 | [diff] [blame] | 502 | unsigned char client_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ]; |
Hanno Becker | 3385a4d | 2020-08-21 13:03:34 +0100 | [diff] [blame] | 503 | /*! The IV for server->client records. */ |
Hanno Becker | 1588983 | 2020-09-08 11:29:11 +0100 | [diff] [blame] | 504 | unsigned char server_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ]; |
Hanno Becker | 3385a4d | 2020-08-21 13:03:34 +0100 | [diff] [blame] | 505 | |
Hanno Becker | 493ea7f | 2020-09-08 11:01:00 +0100 | [diff] [blame] | 506 | size_t key_len; /*!< The length of client_write_key and |
| 507 | * server_write_key, in Bytes. */ |
| 508 | size_t iv_len; /*!< The length of client_write_iv and |
| 509 | * server_write_iv, in Bytes. */ |
Hanno Becker | 3385a4d | 2020-08-21 13:03:34 +0100 | [diff] [blame] | 510 | }; |
| 511 | typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set; |
Hanno Becker | 3385a4d | 2020-08-21 13:03:34 +0100 | [diff] [blame] | 512 | |
Jerry Yu | 61e35e0 | 2021-09-16 18:59:08 +0800 | [diff] [blame] | 513 | typedef struct |
| 514 | { |
Jerry Yu | f532bb2 | 2021-10-13 10:34:03 +0800 | [diff] [blame] | 515 | unsigned char binder_key [ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; |
| 516 | unsigned char client_early_traffic_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; |
| 517 | unsigned char early_exporter_master_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 518 | } mbedtls_ssl_tls13_early_secrets; |
Jerry Yu | 61e35e0 | 2021-09-16 18:59:08 +0800 | [diff] [blame] | 519 | |
| 520 | typedef struct |
| 521 | { |
Jerry Yu | f532bb2 | 2021-10-13 10:34:03 +0800 | [diff] [blame] | 522 | unsigned char client_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; |
| 523 | unsigned char server_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ]; |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 524 | } mbedtls_ssl_tls13_handshake_secrets; |
Jerry Yu | 61e35e0 | 2021-09-16 18:59:08 +0800 | [diff] [blame] | 525 | |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 526 | /* |
| 527 | * This structure contains the parameters only needed during handshake. |
| 528 | */ |
| 529 | struct mbedtls_ssl_handshake_params |
| 530 | { |
Gilles Peskine | ec45c1e | 2021-11-29 12:18:09 +0100 | [diff] [blame] | 531 | /* Frequently-used boolean or byte fields (placed early to take |
| 532 | * advantage of smaller code size for indirect access on Arm Thumb) */ |
Gilles Peskine | ec45c1e | 2021-11-29 12:18:09 +0100 | [diff] [blame] | 533 | uint8_t resume; /*!< session resume indicator*/ |
| 534 | uint8_t cli_exts; /*!< client extension presence*/ |
| 535 | |
Glenn Strauss | bbdc83b | 2022-04-12 07:31:46 -0400 | [diff] [blame] | 536 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| 537 | uint8_t sni_authmode; /*!< authmode from SNI callback */ |
| 538 | #endif |
| 539 | |
XiaokangQian | 189ded2 | 2022-05-10 08:12:17 +0000 | [diff] [blame] | 540 | #if defined(MBEDTLS_SSL_SRV_C) |
XiaokangQian | c3017f6 | 2022-05-13 05:55:41 +0000 | [diff] [blame] | 541 | /* Flag indicating if a CertificateRequest message has been sent |
| 542 | * to the client or not. */ |
XiaokangQian | 63e713e | 2022-05-15 04:26:57 +0000 | [diff] [blame] | 543 | uint8_t certificate_request_sent; |
XiaokangQian | 189ded2 | 2022-05-10 08:12:17 +0000 | [diff] [blame] | 544 | #endif /* MBEDTLS_SSL_SRV_C */ |
| 545 | |
Glenn Strauss | bbdc83b | 2022-04-12 07:31:46 -0400 | [diff] [blame] | 546 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| 547 | uint8_t new_session_ticket; /*!< use NewSessionTicket? */ |
| 548 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
| 549 | |
Ronald Cron | 82c785f | 2022-03-31 15:44:41 +0200 | [diff] [blame] | 550 | #if defined(MBEDTLS_SSL_CLI_C) |
Ronald Cron | 217d699 | 2022-04-04 10:23:22 +0200 | [diff] [blame] | 551 | /** Minimum TLS version to be negotiated. |
Ronald Cron | bdb4f58 | 2022-03-31 15:37:44 +0200 | [diff] [blame] | 552 | * |
Ronald Cron | 217d699 | 2022-04-04 10:23:22 +0200 | [diff] [blame] | 553 | * It is set up in the ClientHello writing preparation stage and used |
| 554 | * throughout the ClientHello writing. Not relevant anymore as soon as |
| 555 | * the protocol version has been negotiated thus as soon as the |
| 556 | * ServerHello is received. |
| 557 | * For a fresh handshake not linked to any previous handshake, it is |
| 558 | * equal to the configured minimum minor version to be negotiated. When |
| 559 | * renegotiating or resuming a session, it is equal to the previously |
| 560 | * negotiated minor version. |
Ronald Cron | bdb4f58 | 2022-03-31 15:37:44 +0200 | [diff] [blame] | 561 | * |
Ronald Cron | 217d699 | 2022-04-04 10:23:22 +0200 | [diff] [blame] | 562 | * There is no maximum TLS version field in this handshake context. |
| 563 | * From the start of the handshake, we need to define a current protocol |
| 564 | * version for the record layer which we define as the maximum TLS |
| 565 | * version to be negotiated. The `tls_version` field of the SSL context is |
| 566 | * used to store this maximum value until it contains the actual |
| 567 | * negotiated value. |
Ronald Cron | bdb4f58 | 2022-03-31 15:37:44 +0200 | [diff] [blame] | 568 | */ |
Glenn Strauss | bbdc83b | 2022-04-12 07:31:46 -0400 | [diff] [blame] | 569 | mbedtls_ssl_protocol_version min_tls_version; |
Ronald Cron | 82c785f | 2022-03-31 15:44:41 +0200 | [diff] [blame] | 570 | #endif |
Ronald Cron | 86a477f | 2022-02-18 17:45:10 +0100 | [diff] [blame] | 571 | |
Gilles Peskine | ec45c1e | 2021-11-29 12:18:09 +0100 | [diff] [blame] | 572 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| 573 | uint8_t extended_ms; /*!< use Extended Master Secret? */ |
| 574 | #endif |
| 575 | |
| 576 | #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) |
| 577 | uint8_t async_in_progress; /*!< an asynchronous operation is in progress */ |
| 578 | #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ |
| 579 | |
| 580 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| 581 | unsigned char retransmit_state; /*!< Retransmission state */ |
| 582 | #endif |
| 583 | |
Gilles Peskine | 41139a2 | 2021-12-08 18:25:39 +0100 | [diff] [blame] | 584 | #if !defined(MBEDTLS_DEPRECATED_REMOVED) |
| 585 | unsigned char group_list_heap_allocated; |
Jerry Yu | f017ee4 | 2022-01-12 15:49:48 +0800 | [diff] [blame] | 586 | unsigned char sig_algs_heap_allocated; |
Gilles Peskine | 41139a2 | 2021-12-08 18:25:39 +0100 | [diff] [blame] | 587 | #endif |
| 588 | |
Gilles Peskine | ec45c1e | 2021-11-29 12:18:09 +0100 | [diff] [blame] | 589 | #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) |
| 590 | uint8_t ecrs_enabled; /*!< Handshake supports EC restart? */ |
Gilles Peskine | ec45c1e | 2021-11-29 12:18:09 +0100 | [diff] [blame] | 591 | enum { /* this complements ssl->state with info on intra-state operations */ |
| 592 | ssl_ecrs_none = 0, /*!< nothing going on (yet) */ |
| 593 | ssl_ecrs_crt_verify, /*!< Certificate: crt_verify() */ |
| 594 | ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: pk_verify() */ |
| 595 | ssl_ecrs_cke_ecdh_calc_secret, /*!< ClientKeyExchange: ECDH step 2 */ |
| 596 | ssl_ecrs_crt_vrfy_sign, /*!< CertificateVerify: pk_sign() */ |
| 597 | } ecrs_state; /*!< current (or last) operation */ |
| 598 | mbedtls_x509_crt *ecrs_peer_cert; /*!< The peer's CRT chain. */ |
| 599 | size_t ecrs_n; /*!< place for saving a length */ |
| 600 | #endif |
| 601 | |
| 602 | size_t pmslen; /*!< premaster length */ |
| 603 | |
| 604 | mbedtls_ssl_ciphersuite_t const *ciphersuite_info; |
| 605 | |
| 606 | void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); |
| 607 | void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *); |
| 608 | void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); |
| 609 | mbedtls_ssl_tls_prf_cb *tls_prf; |
| 610 | |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 611 | /* |
| 612 | * Handshake specific crypto variables |
| 613 | */ |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 614 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Ronald Cron | 8538549 | 2022-07-20 16:44:00 +0200 | [diff] [blame] | 615 | uint8_t key_exchange_mode; /*!< Selected key exchange mode */ |
Hanno Becker | 7e5437a | 2017-04-28 17:15:26 +0100 | [diff] [blame] | 616 | |
Jerry Yu | 6a2cd9e | 2022-05-05 11:14:19 +0800 | [diff] [blame] | 617 | /** Number of HelloRetryRequest messages received/sent from/to the server. */ |
XiaokangQian | d9e068e | 2022-01-18 06:23:32 +0000 | [diff] [blame] | 618 | int hello_retry_request_count; |
Ronald Cron | bc817ba | 2022-07-21 09:35:20 +0200 | [diff] [blame] | 619 | |
XiaokangQian | 0803755 | 2022-04-20 07:16:41 +0000 | [diff] [blame] | 620 | #if defined(MBEDTLS_SSL_SRV_C) |
XiaokangQian | 318dc76 | 2022-04-20 09:43:51 +0000 | [diff] [blame] | 621 | /** selected_group of key_share extension in HelloRetryRequest message. */ |
XiaokangQian | 0803755 | 2022-04-20 07:16:41 +0000 | [diff] [blame] | 622 | uint16_t hrr_selected_group; |
Ronald Cron | bc817ba | 2022-07-21 09:35:20 +0200 | [diff] [blame] | 623 | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) |
| 624 | uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */ |
| 625 | #endif |
XiaokangQian | 0803755 | 2022-04-20 07:16:41 +0000 | [diff] [blame] | 626 | #endif /* MBEDTLS_SSL_SRV_C */ |
Ronald Cron | bc817ba | 2022-07-21 09:35:20 +0200 | [diff] [blame] | 627 | |
Jerry Yu | 582dd06 | 2022-04-22 21:59:01 +0800 | [diff] [blame] | 628 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
XiaokangQian | 0803755 | 2022-04-20 07:16:41 +0000 | [diff] [blame] | 629 | |
Gabor Mezei | 078e803 | 2022-04-27 21:17:56 +0200 | [diff] [blame] | 630 | #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) |
Xiaofei Bai | f5b4d25 | 2022-01-28 06:37:15 +0000 | [diff] [blame] | 631 | uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE]; |
| 632 | #endif |
| 633 | |
Gilles Peskine | 41139a2 | 2021-12-08 18:25:39 +0100 | [diff] [blame] | 634 | #if !defined(MBEDTLS_DEPRECATED_REMOVED) |
| 635 | const uint16_t *group_list; |
Jerry Yu | f017ee4 | 2022-01-12 15:49:48 +0800 | [diff] [blame] | 636 | const uint16_t *sig_algs; |
Gilles Peskine | 41139a2 | 2021-12-08 18:25:39 +0100 | [diff] [blame] | 637 | #endif |
| 638 | |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 639 | #if defined(MBEDTLS_DHM_C) |
| 640 | mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ |
| 641 | #endif |
Gilles Peskine | 8716f17 | 2021-11-16 15:21:44 +0100 | [diff] [blame] | 642 | |
John Durkop | 07cc04a | 2020-11-16 22:08:34 -0800 | [diff] [blame] | 643 | /* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due |
Ronald Cron | de1adee | 2022-03-07 16:20:30 +0100 | [diff] [blame] | 644 | * to guards in client and server code. There is a gap in functionality that |
| 645 | * access to ecdh_ctx structure is needed for MBEDTLS_ECDSA_C which does not |
| 646 | * seem correct. |
John Durkop | 07cc04a | 2020-11-16 22:08:34 -0800 | [diff] [blame] | 647 | */ |
| 648 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) |
Neil Armstrong | 769dc05 | 2022-04-13 15:12:43 +0200 | [diff] [blame] | 649 | #if !defined(MBEDTLS_USE_PSA_CRYPTO) |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 650 | mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ |
Neil Armstrong | 769dc05 | 2022-04-13 15:12:43 +0200 | [diff] [blame] | 651 | #endif /* !MBEDTLS_USE_PSA_CRYPTO */ |
Hanno Becker | df51dbe | 2019-02-18 16:41:55 +0000 | [diff] [blame] | 652 | |
Przemyslaw Stekiel | b15f33d | 2022-02-10 10:12:12 +0100 | [diff] [blame] | 653 | #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Gilles Peskine | 4245980 | 2019-12-19 13:31:53 +0100 | [diff] [blame] | 654 | psa_key_type_t ecdh_psa_type; |
Neil Armstrong | 91477a7 | 2022-03-25 15:42:20 +0100 | [diff] [blame] | 655 | size_t ecdh_bits; |
Andrzej Kurek | 03e0146 | 2022-01-03 12:53:24 +0100 | [diff] [blame] | 656 | mbedtls_svc_key_id_t ecdh_psa_privkey; |
Neil Armstrong | f716a70 | 2022-04-04 11:23:46 +0200 | [diff] [blame] | 657 | uint8_t ecdh_psa_privkey_is_external; |
Hanno Becker | df51dbe | 2019-02-18 16:41:55 +0000 | [diff] [blame] | 658 | unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; |
| 659 | size_t ecdh_psa_peerkey_len; |
Przemyslaw Stekiel | b15f33d | 2022-02-10 10:12:12 +0100 | [diff] [blame] | 660 | #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ |
John Durkop | 07cc04a | 2020-11-16 22:08:34 -0800 | [diff] [blame] | 661 | #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ |
Hanno Becker | df51dbe | 2019-02-18 16:41:55 +0000 | [diff] [blame] | 662 | |
Manuel Pégourié-Gonnard | eef142d | 2015-09-16 10:05:04 +0200 | [diff] [blame] | 663 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
Manuel Pégourié-Gonnard | 76cfd3f | 2015-09-15 12:10:54 +0200 | [diff] [blame] | 664 | mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ |
Manuel Pégourié-Gonnard | 77c0646 | 2015-09-17 13:59:49 +0200 | [diff] [blame] | 665 | #if defined(MBEDTLS_SSL_CLI_C) |
| 666 | unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ |
| 667 | size_t ecjpake_cache_len; /*!< Length of cached data */ |
| 668 | #endif |
Hanno Becker | 1aa267c | 2017-04-28 17:08:27 +0100 | [diff] [blame] | 669 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
Gilles Peskine | 8716f17 | 2021-11-16 15:21:44 +0100 | [diff] [blame] | 670 | |
| 671 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ |
Manuel Pégourié-Gonnard | eef142d | 2015-09-16 10:05:04 +0200 | [diff] [blame] | 672 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 673 | const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ |
| 674 | #endif |
Gilles Peskine | 8716f17 | 2021-11-16 15:21:44 +0100 | [diff] [blame] | 675 | |
Gilles Peskine | eccd888 | 2020-03-10 12:19:08 +0100 | [diff] [blame] | 676 | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) |
Hanno Becker | d9f7d43 | 2018-10-22 15:29:46 +0100 | [diff] [blame] | 677 | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
Andrzej Kurek | 03e0146 | 2022-01-03 12:53:24 +0100 | [diff] [blame] | 678 | mbedtls_svc_key_id_t psk_opaque; /*!< Opaque PSK from the callback */ |
Neil Armstrong | 501c932 | 2022-05-03 09:35:09 +0200 | [diff] [blame] | 679 | uint8_t psk_opaque_is_internal; |
Neil Armstrong | e952a30 | 2022-05-03 10:22:14 +0200 | [diff] [blame] | 680 | #else |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 681 | unsigned char *psk; /*!< PSK from the callback */ |
| 682 | size_t psk_len; /*!< Length of PSK from callback */ |
Neil Armstrong | e952a30 | 2022-05-03 10:22:14 +0200 | [diff] [blame] | 683 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
Jerry Yu | 96a2e36 | 2022-07-21 15:11:34 +0800 | [diff] [blame] | 684 | uint16_t selected_identity; |
Gilles Peskine | eccd888 | 2020-03-10 12:19:08 +0100 | [diff] [blame] | 685 | #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ |
Gilles Peskine | 8716f17 | 2021-11-16 15:21:44 +0100 | [diff] [blame] | 686 | |
Gilles Peskine | cfe74a3 | 2021-12-08 18:38:51 +0100 | [diff] [blame] | 687 | #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) |
| 688 | mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */ |
| 689 | #endif |
| 690 | |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 691 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 692 | mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ |
| 693 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| 694 | mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ |
| 695 | mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ |
| 696 | mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ |
Hanno Becker | 1aa267c | 2017-04-28 17:08:27 +0100 | [diff] [blame] | 697 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 698 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Gilles Peskine | 8716f17 | 2021-11-16 15:21:44 +0100 | [diff] [blame] | 699 | |
Gilles Peskine | 8716f17 | 2021-11-16 15:21:44 +0100 | [diff] [blame] | 700 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ |
Hanno Becker | 7517312 | 2019-02-06 16:18:31 +0000 | [diff] [blame] | 701 | !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) |
| 702 | mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */ |
| 703 | #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ |
Hanno Becker | 2f28c10 | 2019-04-25 15:46:59 +0100 | [diff] [blame] | 704 | |
Hanno Becker | d7f8ae2 | 2018-08-16 09:45:56 +0100 | [diff] [blame] | 705 | struct |
| 706 | { |
Hanno Becker | e0b150f | 2018-08-21 15:51:03 +0100 | [diff] [blame] | 707 | size_t total_bytes_buffered; /*!< Cumulative size of heap allocated |
| 708 | * buffers used for message buffering. */ |
| 709 | |
Hanno Becker | d7f8ae2 | 2018-08-16 09:45:56 +0100 | [diff] [blame] | 710 | uint8_t seen_ccs; /*!< Indicates if a CCS message has |
Hanno Becker | 2ed6bcc | 2018-08-15 15:11:57 +0100 | [diff] [blame] | 711 | * been seen in the current flight. */ |
Hanno Becker | d7f8ae2 | 2018-08-16 09:45:56 +0100 | [diff] [blame] | 712 | |
Hanno Becker | 0271f96 | 2018-08-16 13:23:47 +0100 | [diff] [blame] | 713 | struct mbedtls_ssl_hs_buffer |
| 714 | { |
Hanno Becker | 98081a0 | 2018-08-22 13:32:50 +0100 | [diff] [blame] | 715 | unsigned is_valid : 1; |
| 716 | unsigned is_fragmented : 1; |
| 717 | unsigned is_complete : 1; |
Hanno Becker | 0271f96 | 2018-08-16 13:23:47 +0100 | [diff] [blame] | 718 | unsigned char *data; |
Hanno Becker | e0b150f | 2018-08-21 15:51:03 +0100 | [diff] [blame] | 719 | size_t data_len; |
Hanno Becker | 0271f96 | 2018-08-16 13:23:47 +0100 | [diff] [blame] | 720 | } hs[MBEDTLS_SSL_MAX_BUFFERED_HS]; |
| 721 | |
Hanno Becker | 5f066e7 | 2018-08-16 14:56:31 +0100 | [diff] [blame] | 722 | struct |
| 723 | { |
| 724 | unsigned char *data; |
| 725 | size_t len; |
| 726 | unsigned epoch; |
| 727 | } future_record; |
| 728 | |
Hanno Becker | d7f8ae2 | 2018-08-16 09:45:56 +0100 | [diff] [blame] | 729 | } buffering; |
Hanno Becker | 3546201 | 2018-08-22 10:25:40 +0100 | [diff] [blame] | 730 | |
XiaokangQian | 9b93c0d | 2022-02-09 06:02:25 +0000 | [diff] [blame] | 731 | #if defined(MBEDTLS_SSL_CLI_C) && \ |
| 732 | ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) ) |
| 733 | unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS |
| 734 | * HelloRetryRequest cookie for TLS 1.3 */ |
| 735 | #endif /* MBEDTLS_SSL_CLI_C && |
| 736 | ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */ |
| 737 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| 738 | unsigned char verify_cookie_len; /*!< Cli: HelloVerifyRequest cookie |
| 739 | * length |
XiaokangQian | 3490974 | 2022-01-27 02:25:04 +0000 | [diff] [blame] | 740 | * Srv: flag for sending a cookie */ |
XiaokangQian | 9b93c0d | 2022-02-09 06:02:25 +0000 | [diff] [blame] | 741 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| 742 | #if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| 743 | uint16_t hrr_cookie_len; /*!< HelloRetryRequest cookie length */ |
XiaokangQian | 2043897 | 2022-03-04 08:52:07 +0000 | [diff] [blame] | 744 | #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */ |
XiaokangQian | 52da558 | 2022-01-26 09:49:29 +0000 | [diff] [blame] | 745 | |
| 746 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| 747 | unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ |
| 748 | unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ |
Gilles Peskine | ec45c1e | 2021-11-29 12:18:09 +0100 | [diff] [blame] | 749 | |
| 750 | uint32_t retransmit_timeout; /*!< Current value of timeout */ |
| 751 | mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ |
| 752 | mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ |
| 753 | unsigned char *cur_msg_p; /*!< Position in current message */ |
| 754 | unsigned int in_flight_start_seq; /*!< Minimum message sequence in the |
| 755 | flight being received */ |
| 756 | mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for |
| 757 | resending messages */ |
| 758 | unsigned char alt_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!< Alternative record epoch/counter |
| 759 | for resending messages */ |
| 760 | |
| 761 | #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
| 762 | /* The state of CID configuration in this handshake. */ |
| 763 | |
| 764 | uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension |
| 765 | * has been negotiated. Possible values are |
| 766 | * #MBEDTLS_SSL_CID_ENABLED and |
| 767 | * #MBEDTLS_SSL_CID_DISABLED. */ |
| 768 | unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */ |
| 769 | uint8_t peer_cid_len; /*!< The length of |
| 770 | * \c peer_cid. */ |
| 771 | #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ |
| 772 | |
Manuel Pégourié-Gonnard | f47a4af | 2018-08-22 10:38:52 +0200 | [diff] [blame] | 773 | uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */ |
Hanno Becker | 1aa267c | 2017-04-28 17:08:27 +0100 | [diff] [blame] | 774 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 775 | |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 776 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Hanno Becker | e043d15 | 2021-08-12 06:22:32 +0100 | [diff] [blame] | 777 | /*! TLS 1.3 transforms for 0-RTT and encrypted handshake messages. |
| 778 | * Those pointers own the transforms they reference. */ |
Hanno Becker | 3aa186f | 2021-08-10 09:24:19 +0100 | [diff] [blame] | 779 | mbedtls_ssl_transform *transform_handshake; |
| 780 | mbedtls_ssl_transform *transform_earlydata; |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 781 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
Hanno Becker | 3aa186f | 2021-08-10 09:24:19 +0100 | [diff] [blame] | 782 | |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 783 | /* |
| 784 | * Checksum contexts |
| 785 | */ |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 786 | #if defined(MBEDTLS_SHA256_C) |
Andrzej Kurek | eb34224 | 2019-01-29 09:14:33 -0500 | [diff] [blame] | 787 | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| 788 | psa_hash_operation_t fin_sha256_psa; |
| 789 | #else |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 790 | mbedtls_sha256_context fin_sha256; |
| 791 | #endif |
Andrzej Kurek | eb34224 | 2019-01-29 09:14:33 -0500 | [diff] [blame] | 792 | #endif |
Mateusz Starzyk | c6d94ab | 2021-05-19 13:31:59 +0200 | [diff] [blame] | 793 | #if defined(MBEDTLS_SHA384_C) |
Andrzej Kurek | eb34224 | 2019-01-29 09:14:33 -0500 | [diff] [blame] | 794 | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
Andrzej Kurek | 972fba5 | 2019-01-30 03:29:12 -0500 | [diff] [blame] | 795 | psa_hash_operation_t fin_sha384_psa; |
Andrzej Kurek | eb34224 | 2019-01-29 09:14:33 -0500 | [diff] [blame] | 796 | #else |
Andrzej Kurek | a242e83 | 2022-08-11 10:03:14 -0400 | [diff] [blame] | 797 | mbedtls_sha512_context fin_sha384; |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 798 | #endif |
Andrzej Kurek | eb34224 | 2019-01-29 09:14:33 -0500 | [diff] [blame] | 799 | #endif |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 800 | |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 801 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Jerry Yu | 56fc07f | 2021-09-01 17:48:49 +0800 | [diff] [blame] | 802 | uint16_t offered_group_id; /* The NamedGroup value for the group |
| 803 | * that is being used for ephemeral |
| 804 | * key exchange. |
| 805 | * |
| 806 | * On the client: Defaults to the first |
| 807 | * entry in the client's group list, |
| 808 | * but can be overwritten by the HRR. */ |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 809 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
Jerry Yu | 56fc07f | 2021-09-01 17:48:49 +0800 | [diff] [blame] | 810 | |
Jerry Yu | fb28b88 | 2022-01-28 11:05:58 +0800 | [diff] [blame] | 811 | #if defined(MBEDTLS_SSL_CLI_C) |
Jerry Yu | 2d9a694 | 2022-02-08 21:07:10 +0800 | [diff] [blame] | 812 | uint8_t client_auth; /*!< used to check if CertificateRequest has been |
Jerry Yu | 5c7d1cc | 2022-02-08 21:08:29 +0800 | [diff] [blame] | 813 | received from server side. If CertificateRequest |
Jerry Yu | 0ff8ac8 | 2022-02-08 10:10:48 +0800 | [diff] [blame] | 814 | has been received, Certificate and CertificateVerify |
Jerry Yu | fb28b88 | 2022-01-28 11:05:58 +0800 | [diff] [blame] | 815 | should be sent to server */ |
| 816 | #endif /* MBEDTLS_SSL_CLI_C */ |
XiaokangQian | aa5f5c1 | 2021-09-18 06:20:25 +0000 | [diff] [blame] | 817 | /* |
| 818 | * State-local variables used during the processing |
| 819 | * of a specific handshake state. |
| 820 | */ |
| 821 | union |
| 822 | { |
| 823 | /* Outgoing Finished message */ |
| 824 | struct |
| 825 | { |
| 826 | uint8_t preparation_done; |
| 827 | |
| 828 | /* Buffer holding digest of the handshake up to |
| 829 | * but excluding the outgoing finished message. */ |
XiaokangQian | c5c39d5 | 2021-11-09 11:55:10 +0000 | [diff] [blame] | 830 | unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE]; |
XiaokangQian | aa5f5c1 | 2021-09-18 06:20:25 +0000 | [diff] [blame] | 831 | size_t digest_len; |
| 832 | } finished_out; |
| 833 | |
| 834 | /* Incoming Finished message */ |
| 835 | struct |
| 836 | { |
XiaokangQian | 57b2aff | 2021-11-10 03:12:11 +0000 | [diff] [blame] | 837 | uint8_t preparation_done; |
| 838 | |
XiaokangQian | aa5f5c1 | 2021-09-18 06:20:25 +0000 | [diff] [blame] | 839 | /* Buffer holding digest of the handshake up to but |
| 840 | * excluding the peer's incoming finished message. */ |
XiaokangQian | c5c39d5 | 2021-11-09 11:55:10 +0000 | [diff] [blame] | 841 | unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE]; |
XiaokangQian | aa5f5c1 | 2021-09-18 06:20:25 +0000 | [diff] [blame] | 842 | size_t digest_len; |
| 843 | } finished_in; |
| 844 | |
XiaokangQian | aa5f5c1 | 2021-09-18 06:20:25 +0000 | [diff] [blame] | 845 | } state_local; |
| 846 | |
| 847 | /* End of state-local variables. */ |
| 848 | |
Jerry Yu | e6d7e5c | 2021-10-26 10:44:32 +0800 | [diff] [blame] | 849 | unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN + |
| 850 | MBEDTLS_SERVER_HELLO_RANDOM_LEN]; |
| 851 | /*!< random bytes */ |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 852 | unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; |
| 853 | /*!< premaster secret */ |
| 854 | |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 855 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Jerry Yu | 8e7ca04 | 2021-08-26 15:31:37 +0800 | [diff] [blame] | 856 | int extensions_present; /*!< extension presence; Each bitfield |
| 857 | represents an extension and defined |
| 858 | as \c MBEDTLS_SSL_EXT_XXX */ |
Jerry Yu | 89ea321 | 2021-09-09 14:31:24 +0800 | [diff] [blame] | 859 | |
Xiaofei Bai | a0ab777 | 2022-01-16 12:14:45 +0000 | [diff] [blame] | 860 | #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) |
| 861 | unsigned char certificate_request_context_len; |
| 862 | unsigned char *certificate_request_context; |
Xiaofei Bai | e1e3442 | 2021-12-23 12:09:05 +0000 | [diff] [blame] | 863 | #endif |
| 864 | |
Jerry Yu | 89ea321 | 2021-09-09 14:31:24 +0800 | [diff] [blame] | 865 | union |
| 866 | { |
Jerry Yu | d1ab262 | 2021-10-08 15:36:57 +0800 | [diff] [blame] | 867 | unsigned char early [MBEDTLS_TLS1_3_MD_MAX_SIZE]; |
| 868 | unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE]; |
| 869 | unsigned char app [MBEDTLS_TLS1_3_MD_MAX_SIZE]; |
Xiaofei Bai | d25fab6 | 2021-12-02 06:36:27 +0000 | [diff] [blame] | 870 | } tls13_master_secrets; |
Jerry Yu | 61e35e0 | 2021-09-16 18:59:08 +0800 | [diff] [blame] | 871 | |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 872 | mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets; |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 873 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 874 | |
Gilles Peskine | df13d5c | 2018-04-25 20:39:48 +0200 | [diff] [blame] | 875 | #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) |
| 876 | /** Asynchronous operation context. This field is meant for use by the |
| 877 | * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start, |
| 878 | * mbedtls_ssl_config::f_async_decrypt_start, |
| 879 | * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel). |
| 880 | * The library does not use it internally. */ |
| 881 | void *user_async_ctx; |
| 882 | #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ |
Glenn Strauss | 6989407 | 2022-01-24 12:58:00 -0500 | [diff] [blame] | 883 | |
| 884 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| 885 | const unsigned char *sni_name; /*!< raw SNI */ |
| 886 | size_t sni_name_len; /*!< raw SNI len */ |
Glenn Strauss | 999ef70 | 2022-03-11 01:37:23 -0500 | [diff] [blame] | 887 | #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) |
| 888 | const mbedtls_x509_crt *dn_hints; /*!< acceptable client cert issuers */ |
| 889 | #endif |
Glenn Strauss | 6989407 | 2022-01-24 12:58:00 -0500 | [diff] [blame] | 890 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 891 | }; |
| 892 | |
Hanno Becker | 0271f96 | 2018-08-16 13:23:47 +0100 | [diff] [blame] | 893 | typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; |
| 894 | |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 895 | /* |
Hanno Becker | d362dc5 | 2018-01-03 15:23:11 +0000 | [diff] [blame] | 896 | * Representation of decryption/encryption transformations on records |
| 897 | * |
| 898 | * There are the following general types of record transformations: |
TRodziewicz | 2abf03c | 2021-06-25 14:40:09 +0200 | [diff] [blame] | 899 | * - Stream transformations (TLS versions == 1.2 only) |
Hanno Becker | d362dc5 | 2018-01-03 15:23:11 +0000 | [diff] [blame] | 900 | * Transformation adding a MAC and applying a stream-cipher |
| 901 | * to the authenticated message. |
TRodziewicz | 2abf03c | 2021-06-25 14:40:09 +0200 | [diff] [blame] | 902 | * - CBC block cipher transformations ([D]TLS versions == 1.2 only) |
| 903 | * For TLS 1.2, no IV is generated at key extraction time, but every |
| 904 | * encrypted record is explicitly prefixed by the IV with which it was |
| 905 | * encrypted. |
| 906 | * - AEAD transformations ([D]TLS versions == 1.2 only) |
Hanno Becker | d362dc5 | 2018-01-03 15:23:11 +0000 | [diff] [blame] | 907 | * These come in two fundamentally different versions, the first one |
| 908 | * used in TLS 1.2, excluding ChaChaPoly ciphersuites, and the second |
| 909 | * one used for ChaChaPoly ciphersuites in TLS 1.2 as well as for TLS 1.3. |
| 910 | * In the first transformation, the IV to be used for a record is obtained |
| 911 | * as the concatenation of an explicit, static 4-byte IV and the 8-byte |
| 912 | * record sequence number, and explicitly prepending this sequence number |
| 913 | * to the encrypted record. In contrast, in the second transformation |
| 914 | * the IV is obtained by XOR'ing a static IV obtained at key extraction |
| 915 | * time with the 8-byte record sequence number, without prepending the |
| 916 | * latter to the encrypted record. |
| 917 | * |
Hanno Becker | 7d343ec | 2020-05-04 12:29:05 +0100 | [diff] [blame] | 918 | * Additionally, DTLS 1.2 + CID as well as TLS 1.3 use an inner plaintext |
| 919 | * which allows to add flexible length padding and to hide a record's true |
| 920 | * content type. |
| 921 | * |
Hanno Becker | d362dc5 | 2018-01-03 15:23:11 +0000 | [diff] [blame] | 922 | * In addition to type and version, the following parameters are relevant: |
| 923 | * - The symmetric cipher algorithm to be used. |
| 924 | * - The (static) encryption/decryption keys for the cipher. |
| 925 | * - For stream/CBC, the type of message digest to be used. |
| 926 | * - For stream/CBC, (static) encryption/decryption keys for the digest. |
Hanno Becker | 0db7e0c | 2018-10-18 15:39:53 +0100 | [diff] [blame] | 927 | * - For AEAD transformations, the size (potentially 0) of an explicit, |
| 928 | * random initialization vector placed in encrypted records. |
TRodziewicz | 299510e | 2021-07-09 16:55:11 +0200 | [diff] [blame] | 929 | * - For some transformations (currently AEAD) an implicit IV. It is static |
Hanno Becker | d362dc5 | 2018-01-03 15:23:11 +0000 | [diff] [blame] | 930 | * and (if present) is combined with the explicit IV in a transformation- |
TRodziewicz | 299510e | 2021-07-09 16:55:11 +0200 | [diff] [blame] | 931 | * -dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3). |
Hanno Becker | d362dc5 | 2018-01-03 15:23:11 +0000 | [diff] [blame] | 932 | * - For stream/CBC, a flag determining the order of encryption and MAC. |
| 933 | * - The details of the transformation depend on the SSL/TLS version. |
| 934 | * - The length of the authentication tag. |
| 935 | * |
| 936 | * The struct below refines this abstract view as follows: |
| 937 | * - The cipher underlying the transformation is managed in |
| 938 | * cipher contexts cipher_ctx_{enc/dec}, which must have the |
| 939 | * same cipher type. The mode of these cipher contexts determines |
| 940 | * the type of the transformation in the sense above: e.g., if |
| 941 | * the type is MBEDTLS_CIPHER_AES_256_CBC resp. MBEDTLS_CIPHER_AES_192_GCM |
| 942 | * then the transformation has type CBC resp. AEAD. |
| 943 | * - The cipher keys are never stored explicitly but |
| 944 | * are maintained within cipher_ctx_{enc/dec}. |
| 945 | * - For stream/CBC transformations, the message digest contexts |
| 946 | * used for the MAC's are stored in md_ctx_{enc/dec}. These contexts |
| 947 | * are unused for AEAD transformations. |
TRodziewicz | 2abf03c | 2021-06-25 14:40:09 +0200 | [diff] [blame] | 948 | * - For stream/CBC transformations, the MAC keys are not stored explicitly |
| 949 | * but maintained within md_ctx_{enc/dec}. |
| 950 | * - The mac_enc and mac_dec fields are unused for EAD transformations. |
Hanno Becker | d362dc5 | 2018-01-03 15:23:11 +0000 | [diff] [blame] | 951 | * - For transformations using an implicit IV maintained within |
| 952 | * the transformation context, its contents are stored within |
| 953 | * iv_{enc/dec}. |
| 954 | * - The value of ivlen indicates the length of the IV. |
| 955 | * This is redundant in case of stream/CBC transformations |
| 956 | * which always use 0 resp. the cipher's block length as the |
| 957 | * IV length, but is needed for AEAD ciphers and may be |
| 958 | * different from the underlying cipher's block length |
| 959 | * in this case. |
| 960 | * - The field fixed_ivlen is nonzero for AEAD transformations only |
| 961 | * and indicates the length of the static part of the IV which is |
| 962 | * constant throughout the communication, and which is stored in |
| 963 | * the first fixed_ivlen bytes of the iv_{enc/dec} arrays. |
Glenn Strauss | 07c6416 | 2022-03-14 12:34:51 -0400 | [diff] [blame] | 964 | * - tls_version denotes the 2-byte TLS version |
Hanno Becker | d362dc5 | 2018-01-03 15:23:11 +0000 | [diff] [blame] | 965 | * - For stream/CBC transformations, maclen denotes the length of the |
| 966 | * authentication tag, while taglen is unused and 0. |
| 967 | * - For AEAD transformations, taglen denotes the length of the |
| 968 | * authentication tag, while maclen is unused and 0. |
| 969 | * - For CBC transformations, encrypt_then_mac determines the |
| 970 | * order of encryption and authentication. This field is unused |
| 971 | * in other transformations. |
| 972 | * |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 973 | */ |
| 974 | struct mbedtls_ssl_transform |
| 975 | { |
| 976 | /* |
| 977 | * Session specific crypto layer |
| 978 | */ |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 979 | size_t minlen; /*!< min. ciphertext length */ |
| 980 | size_t ivlen; /*!< IV length */ |
| 981 | size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ |
Hanno Becker | e694c3e | 2017-12-27 21:34:08 +0000 | [diff] [blame] | 982 | size_t maclen; /*!< MAC(CBC) len */ |
| 983 | size_t taglen; /*!< TAG(AEAD) len */ |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 984 | |
| 985 | unsigned char iv_enc[16]; /*!< IV (encryption) */ |
| 986 | unsigned char iv_dec[16]; /*!< IV (decryption) */ |
| 987 | |
Hanno Becker | fd86ca8 | 2020-11-30 08:54:23 +0000 | [diff] [blame] | 988 | #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) |
Hanno Becker | d56ed24 | 2018-01-03 15:32:51 +0000 | [diff] [blame] | 989 | |
Neil Armstrong | 39b8e7d | 2022-02-23 09:24:45 +0100 | [diff] [blame] | 990 | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| 991 | mbedtls_svc_key_id_t psa_mac_enc; /*!< MAC (encryption) */ |
| 992 | mbedtls_svc_key_id_t psa_mac_dec; /*!< MAC (decryption) */ |
| 993 | psa_algorithm_t psa_mac_alg; /*!< psa MAC algorithm */ |
Neil Armstrong | cf8841a | 2022-02-24 11:17:45 +0100 | [diff] [blame] | 994 | #else |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 995 | mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ |
| 996 | mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ |
Neil Armstrong | cf8841a | 2022-02-24 11:17:45 +0100 | [diff] [blame] | 997 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 998 | |
Hanno Becker | 9eddaeb | 2017-12-27 21:37:21 +0000 | [diff] [blame] | 999 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| 1000 | int encrypt_then_mac; /*!< flag for EtM activation */ |
| 1001 | #endif |
| 1002 | |
Hanno Becker | fd86ca8 | 2020-11-30 08:54:23 +0000 | [diff] [blame] | 1003 | #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ |
Hanno Becker | d56ed24 | 2018-01-03 15:32:51 +0000 | [diff] [blame] | 1004 | |
Glenn Strauss | 07c6416 | 2022-03-14 12:34:51 -0400 | [diff] [blame] | 1005 | mbedtls_ssl_protocol_version tls_version; |
Hanno Becker | 9eddaeb | 2017-12-27 21:37:21 +0000 | [diff] [blame] | 1006 | |
Przemyslaw Stekiel | 44187d7 | 2022-01-11 08:25:29 +0100 | [diff] [blame] | 1007 | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| 1008 | mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */ |
| 1009 | mbedtls_svc_key_id_t psa_key_dec; /*!< psa decryption key */ |
| 1010 | psa_algorithm_t psa_alg; /*!< psa algorithm */ |
Przemyslaw Stekiel | 6be9cf5 | 2022-01-19 16:00:22 +0100 | [diff] [blame] | 1011 | #else |
| 1012 | mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ |
| 1013 | mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ |
Przemyslaw Stekiel | 44187d7 | 2022-01-11 08:25:29 +0100 | [diff] [blame] | 1014 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| 1015 | |
Hanno Becker | a0e20d0 | 2019-05-15 14:03:01 +0100 | [diff] [blame] | 1016 | #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
Hanno Becker | 1327fa7 | 2019-04-25 15:54:02 +0100 | [diff] [blame] | 1017 | uint8_t in_cid_len; |
| 1018 | uint8_t out_cid_len; |
| 1019 | unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; |
| 1020 | unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; |
Hanno Becker | a0e20d0 | 2019-05-15 14:03:01 +0100 | [diff] [blame] | 1021 | #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ |
Hanno Becker | 1327fa7 | 2019-04-25 15:54:02 +0100 | [diff] [blame] | 1022 | |
Manuel Pégourié-Gonnard | 96fb0ee | 2019-07-09 12:54:17 +0200 | [diff] [blame] | 1023 | #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) |
| 1024 | /* We need the Hello random bytes in order to re-derive keys from the |
Hanno Becker | bd25755 | 2021-03-22 06:59:27 +0000 | [diff] [blame] | 1025 | * Master Secret and other session info, |
| 1026 | * see ssl_tls12_populate_transform() */ |
Jerry Yu | e6d7e5c | 2021-10-26 10:44:32 +0800 | [diff] [blame] | 1027 | unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + |
| 1028 | MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; |
| 1029 | /*!< ServerHello.random+ClientHello.random */ |
Manuel Pégourié-Gonnard | 96fb0ee | 2019-07-09 12:54:17 +0200 | [diff] [blame] | 1030 | #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 1031 | }; |
| 1032 | |
Hanno Becker | 12a3a86 | 2018-01-05 15:42:50 +0000 | [diff] [blame] | 1033 | /* |
Manuel Pégourié-Gonnard | 1aaf669 | 2019-07-10 14:14:05 +0200 | [diff] [blame] | 1034 | * Return 1 if the transform uses an AEAD cipher, 0 otherwise. |
| 1035 | * Equivalently, return 0 if a separate MAC is used, 1 otherwise. |
| 1036 | */ |
| 1037 | static inline int mbedtls_ssl_transform_uses_aead( |
| 1038 | const mbedtls_ssl_transform *transform ) |
| 1039 | { |
Hanno Becker | fd86ca8 | 2020-11-30 08:54:23 +0000 | [diff] [blame] | 1040 | #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) |
Manuel Pégourié-Gonnard | 1aaf669 | 2019-07-10 14:14:05 +0200 | [diff] [blame] | 1041 | return( transform->maclen == 0 && transform->taglen != 0 ); |
| 1042 | #else |
| 1043 | (void) transform; |
| 1044 | return( 1 ); |
| 1045 | #endif |
| 1046 | } |
| 1047 | |
| 1048 | /* |
Hanno Becker | 12a3a86 | 2018-01-05 15:42:50 +0000 | [diff] [blame] | 1049 | * Internal representation of record frames |
| 1050 | * |
Hanno Becker | 12a3a86 | 2018-01-05 15:42:50 +0000 | [diff] [blame] | 1051 | * Instances come in two flavors: |
| 1052 | * (1) Encrypted |
| 1053 | * These always have data_offset = 0 |
| 1054 | * (2) Unencrypted |
Hanno Becker | cd430bc | 2019-04-04 16:29:48 +0100 | [diff] [blame] | 1055 | * These have data_offset set to the amount of |
| 1056 | * pre-expansion during record protection. Concretely, |
| 1057 | * this is the length of the fixed part of the explicit IV |
| 1058 | * used for encryption, or 0 if no explicit IV is used |
TRodziewicz | 2abf03c | 2021-06-25 14:40:09 +0200 | [diff] [blame] | 1059 | * (e.g. for stream ciphers). |
Hanno Becker | 12a3a86 | 2018-01-05 15:42:50 +0000 | [diff] [blame] | 1060 | * |
| 1061 | * The reason for the data_offset in the unencrypted case |
| 1062 | * is to allow for in-place conversion of an unencrypted to |
| 1063 | * an encrypted record. If the offset wasn't included, the |
| 1064 | * encrypted content would need to be shifted afterwards to |
| 1065 | * make space for the fixed IV. |
| 1066 | * |
| 1067 | */ |
Hanno Becker | f2ed448 | 2019-04-29 13:45:54 +0100 | [diff] [blame] | 1068 | #if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX |
Hanno Becker | 75f080f | 2019-04-30 15:01:51 +0100 | [diff] [blame] | 1069 | #define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX |
Hanno Becker | f2ed448 | 2019-04-29 13:45:54 +0100 | [diff] [blame] | 1070 | #else |
Hanno Becker | 75f080f | 2019-04-30 15:01:51 +0100 | [diff] [blame] | 1071 | #define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX |
Hanno Becker | f2ed448 | 2019-04-29 13:45:54 +0100 | [diff] [blame] | 1072 | #endif |
| 1073 | |
Hanno Becker | 12a3a86 | 2018-01-05 15:42:50 +0000 | [diff] [blame] | 1074 | typedef struct |
| 1075 | { |
Jerry Yu | ae0b2e2 | 2021-10-08 15:21:19 +0800 | [diff] [blame] | 1076 | uint8_t ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /* In TLS: The implicit record sequence number. |
| 1077 | * In DTLS: The 2-byte epoch followed by |
| 1078 | * the 6-byte sequence number. |
| 1079 | * This is stored as a raw big endian byte array |
| 1080 | * as opposed to a uint64_t because we rarely |
| 1081 | * need to perform arithmetic on this, but do |
| 1082 | * need it as a Byte array for the purpose of |
| 1083 | * MAC computations. */ |
Hanno Becker | d840cea | 2019-07-11 09:24:36 +0100 | [diff] [blame] | 1084 | uint8_t type; /* The record content type. */ |
| 1085 | uint8_t ver[2]; /* SSL/TLS version as present on the wire. |
| 1086 | * Convert to internal presentation of versions |
| 1087 | * using mbedtls_ssl_read_version() and |
| 1088 | * mbedtls_ssl_write_version(). |
| 1089 | * Keep wire-format for MAC computations. */ |
Hanno Becker | 12a3a86 | 2018-01-05 15:42:50 +0000 | [diff] [blame] | 1090 | |
Hanno Becker | d840cea | 2019-07-11 09:24:36 +0100 | [diff] [blame] | 1091 | unsigned char *buf; /* Memory buffer enclosing the record content */ |
| 1092 | size_t buf_len; /* Buffer length */ |
| 1093 | size_t data_offset; /* Offset of record content */ |
| 1094 | size_t data_len; /* Length of record content */ |
Hanno Becker | 12a3a86 | 2018-01-05 15:42:50 +0000 | [diff] [blame] | 1095 | |
Hanno Becker | a0e20d0 | 2019-05-15 14:03:01 +0100 | [diff] [blame] | 1096 | #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) |
Hanno Becker | d840cea | 2019-07-11 09:24:36 +0100 | [diff] [blame] | 1097 | uint8_t cid_len; /* Length of the CID (0 if not present) */ |
| 1098 | unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */ |
Hanno Becker | a0e20d0 | 2019-05-15 14:03:01 +0100 | [diff] [blame] | 1099 | #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ |
Hanno Becker | 12a3a86 | 2018-01-05 15:42:50 +0000 | [diff] [blame] | 1100 | } mbedtls_record; |
| 1101 | |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 1102 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 1103 | /* |
| 1104 | * List of certificate + private key pairs |
| 1105 | */ |
| 1106 | struct mbedtls_ssl_key_cert |
| 1107 | { |
| 1108 | mbedtls_x509_crt *cert; /*!< cert */ |
| 1109 | mbedtls_pk_context *key; /*!< private key */ |
| 1110 | mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ |
| 1111 | }; |
| 1112 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| 1113 | |
| 1114 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| 1115 | /* |
| 1116 | * List of handshake messages kept around for resending |
| 1117 | */ |
| 1118 | struct mbedtls_ssl_flight_item |
| 1119 | { |
| 1120 | unsigned char *p; /*!< message, including handshake headers */ |
| 1121 | size_t len; /*!< length of p */ |
| 1122 | unsigned char type; /*!< type of the message: handshake or CCS */ |
| 1123 | mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ |
| 1124 | }; |
| 1125 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| 1126 | |
Ronald Cron | 4079abc | 2022-02-20 10:35:26 +0100 | [diff] [blame] | 1127 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| 1128 | /** |
| 1129 | * \brief Given an SSL context and its associated configuration, write the TLS |
| 1130 | * 1.2 specific extensions of the ClientHello message. |
| 1131 | * |
| 1132 | * \param[in] ssl SSL context |
| 1133 | * \param[in] buf Base address of the buffer where to write the extensions |
| 1134 | * \param[in] end End address of the buffer where to write the extensions |
| 1135 | * \param uses_ec Whether one proposed ciphersuite uses an elliptic curve |
| 1136 | * (<> 0) or not ( 0 ). |
| 1137 | * \param[out] out_len Length of the data written into the buffer \p buf |
| 1138 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1139 | MBEDTLS_CHECK_RETURN_CRITICAL |
Ronald Cron | 4079abc | 2022-02-20 10:35:26 +0100 | [diff] [blame] | 1140 | int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl, |
| 1141 | unsigned char *buf, |
| 1142 | const unsigned char *end, |
| 1143 | int uses_ec, |
| 1144 | size_t *out_len ); |
| 1145 | #endif |
| 1146 | |
Hanno Becker | 7e5437a | 2017-04-28 17:15:26 +0100 | [diff] [blame] | 1147 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ |
Gilles Peskine | eccd888 | 2020-03-10 12:19:08 +0100 | [diff] [blame] | 1148 | defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) |
Hanno Becker | 7e5437a | 2017-04-28 17:15:26 +0100 | [diff] [blame] | 1149 | |
Gabor Mezei | a3d016c | 2022-05-10 12:44:09 +0200 | [diff] [blame] | 1150 | /** |
| 1151 | * \brief Find the preferred hash for a given signature algorithm. |
| 1152 | * |
| 1153 | * \param[in] ssl SSL context |
| 1154 | * \param[in] sig_alg A signature algorithm identifier as defined in the |
| 1155 | * TLS 1.2 SignatureAlgorithm enumeration. |
| 1156 | * |
| 1157 | * \return The preferred hash algorithm for \p sig_alg. It is a hash algorithm |
| 1158 | * identifier as defined in the TLS 1.2 HashAlgorithm enumeration. |
| 1159 | */ |
| 1160 | unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( |
| 1161 | mbedtls_ssl_context *ssl, |
| 1162 | unsigned int sig_alg ); |
Hanno Becker | 7e5437a | 2017-04-28 17:15:26 +0100 | [diff] [blame] | 1163 | |
Gabor Mezei | 078e803 | 2022-04-27 21:17:56 +0200 | [diff] [blame] | 1164 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && |
Gilles Peskine | eccd888 | 2020-03-10 12:19:08 +0100 | [diff] [blame] | 1165 | MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 1166 | |
| 1167 | /** |
| 1168 | * \brief Free referenced items in an SSL transform context and clear |
| 1169 | * memory |
| 1170 | * |
| 1171 | * \param transform SSL transform context |
| 1172 | */ |
| 1173 | void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); |
| 1174 | |
| 1175 | /** |
| 1176 | * \brief Free referenced items in an SSL handshake context and clear |
| 1177 | * memory |
| 1178 | * |
Gilles Peskine | 9b562d5 | 2018-04-25 20:32:43 +0200 | [diff] [blame] | 1179 | * \param ssl SSL context |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 1180 | */ |
Gilles Peskine | 9b562d5 | 2018-04-25 20:32:43 +0200 | [diff] [blame] | 1181 | void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | cd4fcc6 | 2015-05-26 12:11:48 +0200 | [diff] [blame] | 1182 | |
Jerry Yu | c7875b5 | 2021-09-05 21:05:50 +0800 | [diff] [blame] | 1183 | /* set inbound transform of ssl context */ |
| 1184 | void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl, |
| 1185 | mbedtls_ssl_transform *transform ); |
| 1186 | |
| 1187 | /* set outbound transform of ssl context */ |
| 1188 | void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl, |
| 1189 | mbedtls_ssl_transform *transform ); |
| 1190 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1191 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1192 | int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1193 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1194 | int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); |
| 1195 | void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); |
Ronald Cron | 8f6d39a | 2022-03-10 18:56:50 +0100 | [diff] [blame] | 1196 | static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl, |
| 1197 | mbedtls_ssl_states state ) |
| 1198 | { |
| 1199 | ssl->state = ( int ) state; |
| 1200 | } |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1201 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1202 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1203 | int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); |
| 1204 | |
| 1205 | void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); |
Jerry Yu | bef175d | 2022-01-28 10:52:05 +0800 | [diff] [blame] | 1206 | |
| 1207 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1208 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1209 | int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); |
Jerry Yu | bef175d | 2022-01-28 10:52:05 +0800 | [diff] [blame] | 1210 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1211 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1212 | MBEDTLS_CHECK_RETURN_CRITICAL |
Simon Butcher | 9900014 | 2016-10-13 17:21:01 +0100 | [diff] [blame] | 1213 | int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1214 | MBEDTLS_CHECK_RETURN_CRITICAL |
Simon Butcher | 9900014 | 2016-10-13 17:21:01 +0100 | [diff] [blame] | 1215 | int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); |
| 1216 | void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); |
| 1217 | |
Hanno Becker | 4a810fb | 2017-05-24 16:27:30 +0100 | [diff] [blame] | 1218 | /** |
| 1219 | * \brief Update record layer |
| 1220 | * |
| 1221 | * This function roughly separates the implementation |
| 1222 | * of the logic of (D)TLS from the implementation |
| 1223 | * of the secure transport. |
| 1224 | * |
Hanno Becker | 3a0aad1 | 2018-08-20 09:44:02 +0100 | [diff] [blame] | 1225 | * \param ssl The SSL context to use. |
| 1226 | * \param update_hs_digest This indicates if the handshake digest |
| 1227 | * should be automatically updated in case |
| 1228 | * a handshake message is found. |
Hanno Becker | 4a810fb | 2017-05-24 16:27:30 +0100 | [diff] [blame] | 1229 | * |
| 1230 | * \return 0 or non-zero error code. |
| 1231 | * |
| 1232 | * \note A clarification on what is called 'record layer' here |
| 1233 | * is in order, as many sensible definitions are possible: |
| 1234 | * |
| 1235 | * The record layer takes as input an untrusted underlying |
| 1236 | * transport (stream or datagram) and transforms it into |
| 1237 | * a serially multiplexed, secure transport, which |
| 1238 | * conceptually provides the following: |
| 1239 | * |
| 1240 | * (1) Three datagram based, content-agnostic transports |
| 1241 | * for handshake, alert and CCS messages. |
| 1242 | * (2) One stream- or datagram-based transport |
| 1243 | * for application data. |
| 1244 | * (3) Functionality for changing the underlying transform |
| 1245 | * securing the contents. |
| 1246 | * |
| 1247 | * The interface to this functionality is given as follows: |
| 1248 | * |
| 1249 | * a Updating |
| 1250 | * [Currently implemented by mbedtls_ssl_read_record] |
| 1251 | * |
| 1252 | * Check if and on which of the four 'ports' data is pending: |
| 1253 | * Nothing, a controlling datagram of type (1), or application |
| 1254 | * data (2). In any case data is present, internal buffers |
| 1255 | * provide access to the data for the user to process it. |
| 1256 | * Consumption of type (1) datagrams is done automatically |
| 1257 | * on the next update, invalidating that the internal buffers |
| 1258 | * for previous datagrams, while consumption of application |
| 1259 | * data (2) is user-controlled. |
| 1260 | * |
| 1261 | * b Reading of application data |
| 1262 | * [Currently manual adaption of ssl->in_offt pointer] |
| 1263 | * |
| 1264 | * As mentioned in the last paragraph, consumption of data |
| 1265 | * is different from the automatic consumption of control |
| 1266 | * datagrams (1) because application data is treated as a stream. |
| 1267 | * |
| 1268 | * c Tracking availability of application data |
| 1269 | * [Currently manually through decreasing ssl->in_msglen] |
| 1270 | * |
| 1271 | * For efficiency and to retain datagram semantics for |
| 1272 | * application data in case of DTLS, the record layer |
| 1273 | * provides functionality for checking how much application |
| 1274 | * data is still available in the internal buffer. |
| 1275 | * |
| 1276 | * d Changing the transformation securing the communication. |
| 1277 | * |
| 1278 | * Given an opaque implementation of the record layer in the |
| 1279 | * above sense, it should be possible to implement the logic |
| 1280 | * of (D)TLS on top of it without the need to know anything |
| 1281 | * about the record layer's internals. This is done e.g. |
| 1282 | * in all the handshake handling functions, and in the |
| 1283 | * application data reading function mbedtls_ssl_read. |
| 1284 | * |
| 1285 | * \note The above tries to give a conceptual picture of the |
| 1286 | * record layer, but the current implementation deviates |
| 1287 | * from it in some places. For example, our implementation of |
| 1288 | * the update functionality through mbedtls_ssl_read_record |
| 1289 | * discards datagrams depending on the current state, which |
| 1290 | * wouldn't fall under the record layer's responsibility |
| 1291 | * following the above definition. |
| 1292 | * |
| 1293 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1294 | MBEDTLS_CHECK_RETURN_CRITICAL |
Hanno Becker | 3a0aad1 | 2018-08-20 09:44:02 +0100 | [diff] [blame] | 1295 | int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, |
| 1296 | unsigned update_hs_digest ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1297 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1298 | int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); |
| 1299 | |
Ronald Cron | 8f6d39a | 2022-03-10 18:56:50 +0100 | [diff] [blame] | 1300 | /* |
| 1301 | * Write handshake message header |
| 1302 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1303 | MBEDTLS_CHECK_RETURN_CRITICAL |
Ronald Cron | 8f6d39a | 2022-03-10 18:56:50 +0100 | [diff] [blame] | 1304 | int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, |
| 1305 | unsigned char **buf, size_t *buf_len ); |
| 1306 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1307 | MBEDTLS_CHECK_RETURN_CRITICAL |
Hanno Becker | f3cce8b | 2021-08-07 14:29:49 +0100 | [diff] [blame] | 1308 | int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl, |
Ronald Cron | 66dbf91 | 2022-02-02 15:33:46 +0100 | [diff] [blame] | 1309 | int update_checksum, |
Ronald Cron | 00d012f2 | 2022-03-08 15:57:12 +0100 | [diff] [blame] | 1310 | int force_flush ); |
Hanno Becker | f3cce8b | 2021-08-07 14:29:49 +0100 | [diff] [blame] | 1311 | static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) |
| 1312 | { |
Ronald Cron | 66dbf91 | 2022-02-02 15:33:46 +0100 | [diff] [blame] | 1313 | return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */, 1 /* force flush */ ) ); |
Hanno Becker | f3cce8b | 2021-08-07 14:29:49 +0100 | [diff] [blame] | 1314 | } |
| 1315 | |
Ronald Cron | 8f6d39a | 2022-03-10 18:56:50 +0100 | [diff] [blame] | 1316 | /* |
| 1317 | * Write handshake message tail |
| 1318 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1319 | MBEDTLS_CHECK_RETURN_CRITICAL |
Ronald Cron | 8f6d39a | 2022-03-10 18:56:50 +0100 | [diff] [blame] | 1320 | int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl, |
| 1321 | size_t buf_len, size_t msg_len ); |
| 1322 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1323 | MBEDTLS_CHECK_RETURN_CRITICAL |
Ronald Cron | 00d012f2 | 2022-03-08 15:57:12 +0100 | [diff] [blame] | 1324 | int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1325 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1326 | int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); |
| 1327 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1328 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1329 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1330 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1331 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); |
| 1332 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1333 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1334 | int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1335 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1336 | int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); |
| 1337 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1338 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1339 | int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1340 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1341 | int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); |
| 1342 | |
| 1343 | void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, |
| 1344 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); |
| 1345 | |
Ronald Cron | 8f6d39a | 2022-03-10 18:56:50 +0100 | [diff] [blame] | 1346 | /* |
| 1347 | * Update checksum of handshake messages. |
| 1348 | */ |
| 1349 | void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl, |
| 1350 | unsigned hs_type, |
| 1351 | unsigned char const *msg, |
| 1352 | size_t msg_len ); |
| 1353 | |
XiaokangQian | 8698195 | 2022-07-19 09:51:50 +0000 | [diff] [blame] | 1354 | void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, |
| 1355 | unsigned hs_type, |
| 1356 | size_t total_hs_len ); |
| 1357 | |
Gilles Peskine | eccd888 | 2020-03-10 12:19:08 +0100 | [diff] [blame] | 1358 | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) |
Neil Armstrong | 80f6f32 | 2022-05-03 17:56:38 +0200 | [diff] [blame] | 1359 | #if !defined(MBEDTLS_USE_PSA_CRYPTO) |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1360 | MBEDTLS_CHECK_RETURN_CRITICAL |
Ronald Cron | 8f6d39a | 2022-03-10 18:56:50 +0100 | [diff] [blame] | 1361 | int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, |
| 1362 | mbedtls_key_exchange_type_t key_ex ); |
Neil Armstrong | 80f6f32 | 2022-05-03 17:56:38 +0200 | [diff] [blame] | 1363 | #endif /* !MBEDTLS_USE_PSA_CRYPTO */ |
Ronald Cron | d491c2d | 2022-02-19 18:30:46 +0100 | [diff] [blame] | 1364 | #if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1365 | MBEDTLS_CHECK_RETURN_CRITICAL |
Ronald Cron | d491c2d | 2022-02-19 18:30:46 +0100 | [diff] [blame] | 1366 | int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ); |
| 1367 | #endif |
Guilhem Bryant | d511ac3 | 2020-03-25 17:06:37 +0000 | [diff] [blame] | 1368 | |
Neil Armstrong | 044a32c | 2022-05-03 10:35:56 +0200 | [diff] [blame] | 1369 | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| 1370 | /** |
| 1371 | * Get the first defined opaque PSK by order of precedence: |
| 1372 | * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK |
| 1373 | * callback |
| 1374 | * 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque() |
| 1375 | * Return an opaque PSK |
| 1376 | */ |
| 1377 | static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( |
| 1378 | const mbedtls_ssl_context *ssl ) |
| 1379 | { |
| 1380 | if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) |
| 1381 | return( ssl->handshake->psk_opaque ); |
| 1382 | |
| 1383 | if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) |
| 1384 | return( ssl->conf->psk_opaque ); |
| 1385 | |
| 1386 | return( MBEDTLS_SVC_KEY_ID_INIT ); |
| 1387 | } |
| 1388 | #else |
Guilhem Bryant | 8a69ddd | 2020-03-27 11:13:39 +0000 | [diff] [blame] | 1389 | /** |
Guilhem Bryant | d511ac3 | 2020-03-25 17:06:37 +0000 | [diff] [blame] | 1390 | * Get the first defined PSK by order of precedence: |
| 1391 | * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback |
| 1392 | * 2. static PSK configured by \c mbedtls_ssl_conf_psk() |
| 1393 | * Return a code and update the pair (PSK, PSK length) passed to this function |
| 1394 | */ |
| 1395 | static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, |
| 1396 | const unsigned char **psk, size_t *psk_len ) |
| 1397 | { |
| 1398 | if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 ) |
| 1399 | { |
| 1400 | *psk = ssl->handshake->psk; |
| 1401 | *psk_len = ssl->handshake->psk_len; |
| 1402 | } |
| 1403 | |
| 1404 | else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 ) |
| 1405 | { |
| 1406 | *psk = ssl->conf->psk; |
| 1407 | *psk_len = ssl->conf->psk_len; |
| 1408 | } |
| 1409 | |
| 1410 | else |
| 1411 | { |
Guilhem Bryant | b5f04e4 | 2020-04-01 11:23:58 +0100 | [diff] [blame] | 1412 | *psk = NULL; |
| 1413 | *psk_len = 0; |
Guilhem Bryant | d511ac3 | 2020-03-25 17:06:37 +0000 | [diff] [blame] | 1414 | return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); |
| 1415 | } |
| 1416 | |
| 1417 | return( 0 ); |
| 1418 | } |
Guilhem Bryant | d511ac3 | 2020-03-25 17:06:37 +0000 | [diff] [blame] | 1419 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| 1420 | |
| 1421 | #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1422 | |
| 1423 | #if defined(MBEDTLS_PK_C) |
| 1424 | unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); |
Hanno Becker | 7e5437a | 2017-04-28 17:15:26 +0100 | [diff] [blame] | 1425 | unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ); |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1426 | mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); |
| 1427 | #endif |
| 1428 | |
| 1429 | mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); |
Manuel Pégourié-Gonnard | 7bfc122 | 2015-06-17 14:34:48 +0200 | [diff] [blame] | 1430 | unsigned char mbedtls_ssl_hash_from_md_alg( int md ); |
Ronald Cron | 4dcbca9 | 2022-03-07 10:21:40 +0100 | [diff] [blame] | 1431 | |
| 1432 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1433 | MBEDTLS_CHECK_RETURN_CRITICAL |
Simon Butcher | 9900014 | 2016-10-13 17:21:01 +0100 | [diff] [blame] | 1434 | int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); |
Ronald Cron | 4dcbca9 | 2022-03-07 10:21:40 +0100 | [diff] [blame] | 1435 | #endif |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1436 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1437 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 0d63b84 | 2022-01-18 13:10:56 +0100 | [diff] [blame] | 1438 | int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id ); |
Manuel Pégourié-Gonnard | b541da6 | 2015-06-17 11:43:30 +0200 | [diff] [blame] | 1439 | #if defined(MBEDTLS_ECP_C) |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1440 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 9d412d8 | 2015-06-17 12:10:46 +0200 | [diff] [blame] | 1441 | int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1442 | #endif |
| 1443 | |
Ron Eldor | 089c9fe | 2018-12-06 17:12:49 +0200 | [diff] [blame] | 1444 | #if defined(MBEDTLS_SSL_DTLS_SRTP) |
Johan Pascal | 43f9490 | 2020-09-22 12:25:52 +0200 | [diff] [blame] | 1445 | static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value |
| 1446 | ( const uint16_t srtp_profile_value ) |
Ron Eldor | 089c9fe | 2018-12-06 17:12:49 +0200 | [diff] [blame] | 1447 | { |
Johan Pascal | 43f9490 | 2020-09-22 12:25:52 +0200 | [diff] [blame] | 1448 | switch( srtp_profile_value ) |
Ron Eldor | 089c9fe | 2018-12-06 17:12:49 +0200 | [diff] [blame] | 1449 | { |
Johan Pascal | 8526957 | 2020-08-25 10:01:54 +0200 | [diff] [blame] | 1450 | case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: |
Johan Pascal | 8526957 | 2020-08-25 10:01:54 +0200 | [diff] [blame] | 1451 | case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: |
Johan Pascal | 8526957 | 2020-08-25 10:01:54 +0200 | [diff] [blame] | 1452 | case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: |
Johan Pascal | 8526957 | 2020-08-25 10:01:54 +0200 | [diff] [blame] | 1453 | case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: |
Johan Pascal | 43f9490 | 2020-09-22 12:25:52 +0200 | [diff] [blame] | 1454 | return srtp_profile_value; |
Ron Eldor | 089c9fe | 2018-12-06 17:12:49 +0200 | [diff] [blame] | 1455 | default: break; |
| 1456 | } |
Johan Pascal | 43f9490 | 2020-09-22 12:25:52 +0200 | [diff] [blame] | 1457 | return( MBEDTLS_TLS_SRTP_UNSET ); |
Ron Eldor | 089c9fe | 2018-12-06 17:12:49 +0200 | [diff] [blame] | 1458 | } |
| 1459 | #endif |
| 1460 | |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1461 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 1462 | static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) |
| 1463 | { |
| 1464 | mbedtls_ssl_key_cert *key_cert; |
| 1465 | |
| 1466 | if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) |
| 1467 | key_cert = ssl->handshake->key_cert; |
| 1468 | else |
| 1469 | key_cert = ssl->conf->key_cert; |
| 1470 | |
| 1471 | return( key_cert == NULL ? NULL : key_cert->key ); |
| 1472 | } |
| 1473 | |
| 1474 | static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) |
| 1475 | { |
| 1476 | mbedtls_ssl_key_cert *key_cert; |
| 1477 | |
| 1478 | if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) |
| 1479 | key_cert = ssl->handshake->key_cert; |
| 1480 | else |
| 1481 | key_cert = ssl->conf->key_cert; |
| 1482 | |
| 1483 | return( key_cert == NULL ? NULL : key_cert->cert ); |
| 1484 | } |
| 1485 | |
| 1486 | /* |
| 1487 | * Check usage of a certificate wrt extensions: |
| 1488 | * keyUsage, extendedKeyUsage (later), and nSCertType (later). |
| 1489 | * |
| 1490 | * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we |
| 1491 | * check a cert we received from them)! |
| 1492 | * |
| 1493 | * Return 0 if everything is OK, -1 if not. |
| 1494 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1495 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1496 | int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, |
| 1497 | const mbedtls_ssl_ciphersuite_t *ciphersuite, |
| 1498 | int cert_endpoint, |
| 1499 | uint32_t *flags ); |
| 1500 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| 1501 | |
Glenn Strauss | e3af4cb | 2022-03-15 03:23:42 -0400 | [diff] [blame] | 1502 | void mbedtls_ssl_write_version( unsigned char version[2], int transport, |
| 1503 | mbedtls_ssl_protocol_version tls_version ); |
| 1504 | uint16_t mbedtls_ssl_read_version( const unsigned char version[2], |
| 1505 | int transport ); |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1506 | |
Hanno Becker | 5903de4 | 2019-05-03 14:46:38 +0100 | [diff] [blame] | 1507 | static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl ) |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1508 | { |
Hanno Becker | 47be768 | 2019-07-12 09:55:46 +0100 | [diff] [blame] | 1509 | #if !defined(MBEDTLS_SSL_PROTO_DTLS) |
| 1510 | ((void) ssl); |
| 1511 | #endif |
| 1512 | |
| 1513 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| 1514 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| 1515 | { |
| 1516 | return( 13 ); |
| 1517 | } |
| 1518 | else |
| 1519 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| 1520 | { |
| 1521 | return( 5 ); |
| 1522 | } |
Hanno Becker | 5903de4 | 2019-05-03 14:46:38 +0100 | [diff] [blame] | 1523 | } |
| 1524 | |
| 1525 | static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl ) |
| 1526 | { |
Hanno Becker | 3b154c1 | 2019-05-03 15:05:27 +0100 | [diff] [blame] | 1527 | return( (size_t) ( ssl->out_iv - ssl->out_hdr ) ); |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1528 | } |
| 1529 | |
| 1530 | static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) |
| 1531 | { |
| 1532 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| 1533 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| 1534 | return( 12 ); |
| 1535 | #else |
| 1536 | ((void) ssl); |
| 1537 | #endif |
| 1538 | return( 4 ); |
| 1539 | } |
| 1540 | |
| 1541 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| 1542 | void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); |
| 1543 | void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1544 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1545 | int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1546 | MBEDTLS_CHECK_RETURN_CRITICAL |
Manuel Pégourié-Gonnard | 87a346f | 2017-09-13 12:45:21 +0200 | [diff] [blame] | 1547 | int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1548 | #endif |
| 1549 | |
| 1550 | /* Visible for testing purposes only */ |
| 1551 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1552 | MBEDTLS_CHECK_RETURN_CRITICAL |
Hanno Becker | 0183d69 | 2019-07-12 08:50:37 +0100 | [diff] [blame] | 1553 | int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl ); |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1554 | void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); |
| 1555 | #endif |
| 1556 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1557 | MBEDTLS_CHECK_RETURN_CRITICAL |
Hanno Becker | 52055ae | 2019-02-06 14:30:46 +0000 | [diff] [blame] | 1558 | int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, |
| 1559 | const mbedtls_ssl_session *src ); |
| 1560 | |
TRodziewicz | 0f82ec6 | 2021-05-12 17:49:18 +0200 | [diff] [blame] | 1561 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Andrzej Kurek | 814feff | 2019-01-14 04:35:19 -0500 | [diff] [blame] | 1562 | /* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1563 | MBEDTLS_CHECK_RETURN_CRITICAL |
Andres Amaya Garcia | 46f5a3e | 2017-07-20 16:17:51 +0100 | [diff] [blame] | 1564 | int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, |
Gilles Peskine | ca1d742 | 2018-04-24 11:53:22 +0200 | [diff] [blame] | 1565 | unsigned char *hash, size_t *hashlen, |
| 1566 | unsigned char *data, size_t data_len, |
| 1567 | mbedtls_md_type_t md_alg ); |
TRodziewicz | 0f82ec6 | 2021-05-12 17:49:18 +0200 | [diff] [blame] | 1568 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Andres Amaya Garcia | 46f5a3e | 2017-07-20 16:17:51 +0100 | [diff] [blame] | 1569 | |
Manuel Pégourié-Gonnard | 5e94dde | 2015-05-26 11:57:05 +0200 | [diff] [blame] | 1570 | #ifdef __cplusplus |
| 1571 | } |
| 1572 | #endif |
| 1573 | |
Hanno Becker | a18d132 | 2018-01-03 14:27:32 +0000 | [diff] [blame] | 1574 | void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1575 | MBEDTLS_CHECK_RETURN_CRITICAL |
Hanno Becker | a18d132 | 2018-01-03 14:27:32 +0000 | [diff] [blame] | 1576 | int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, |
| 1577 | mbedtls_ssl_transform *transform, |
| 1578 | mbedtls_record *rec, |
| 1579 | int (*f_rng)(void *, unsigned char *, size_t), |
| 1580 | void *p_rng ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1581 | MBEDTLS_CHECK_RETURN_CRITICAL |
Hanno Becker | 605949f | 2019-07-12 08:23:59 +0100 | [diff] [blame] | 1582 | int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, |
Hanno Becker | a18d132 | 2018-01-03 14:27:32 +0000 | [diff] [blame] | 1583 | mbedtls_ssl_transform *transform, |
| 1584 | mbedtls_record *rec ); |
| 1585 | |
Hanno Becker | dd77229 | 2020-02-05 10:38:31 +0000 | [diff] [blame] | 1586 | /* Length of the "epoch" field in the record header */ |
| 1587 | static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl ) |
| 1588 | { |
| 1589 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| 1590 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| 1591 | return( 2 ); |
| 1592 | #else |
| 1593 | ((void) ssl); |
| 1594 | #endif |
| 1595 | return( 0 ); |
| 1596 | } |
| 1597 | |
Hanno Becker | 08f0913 | 2020-02-11 15:40:07 +0000 | [diff] [blame] | 1598 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1599 | MBEDTLS_CHECK_RETURN_CRITICAL |
Hanno Becker | 786300f | 2020-02-05 10:46:40 +0000 | [diff] [blame] | 1600 | int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ); |
Hanno Becker | 08f0913 | 2020-02-11 15:40:07 +0000 | [diff] [blame] | 1601 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Hanno Becker | 0f57a65 | 2020-02-05 10:37:26 +0000 | [diff] [blame] | 1602 | |
| 1603 | void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1604 | MBEDTLS_CHECK_RETURN_CRITICAL |
Hanno Becker | 7876d12 | 2020-02-05 10:39:31 +0000 | [diff] [blame] | 1605 | int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ); |
| 1606 | |
Hanno Becker | 3e6f8ab | 2020-02-05 10:40:57 +0000 | [diff] [blame] | 1607 | void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ); |
| 1608 | void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, |
| 1609 | mbedtls_ssl_transform *transform ); |
| 1610 | void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ); |
| 1611 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1612 | MBEDTLS_CHECK_RETURN_CRITICAL |
Hanno Becker | 43aefe2 | 2020-02-05 10:44:56 +0000 | [diff] [blame] | 1613 | int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); |
XiaokangQian | 78b1fa7 | 2022-01-19 06:56:30 +0000 | [diff] [blame] | 1614 | void mbedtls_ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl, |
| 1615 | int partial ); |
Hanno Becker | 43aefe2 | 2020-02-05 10:44:56 +0000 | [diff] [blame] | 1616 | |
Jerry Yu | e704781 | 2021-09-13 19:26:39 +0800 | [diff] [blame] | 1617 | /* |
Jerry Yu | 394ece6 | 2021-09-14 22:17:21 +0800 | [diff] [blame] | 1618 | * Send pending alert |
Jerry Yu | e704781 | 2021-09-13 19:26:39 +0800 | [diff] [blame] | 1619 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1620 | MBEDTLS_CHECK_RETURN_CRITICAL |
Jerry Yu | e704781 | 2021-09-13 19:26:39 +0800 | [diff] [blame] | 1621 | int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl ); |
| 1622 | |
Jerry Yu | 394ece6 | 2021-09-14 22:17:21 +0800 | [diff] [blame] | 1623 | /* |
| 1624 | * Set pending fatal alert flag. |
| 1625 | */ |
| 1626 | void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl, |
| 1627 | unsigned char alert_type, |
| 1628 | int alert_reason ); |
| 1629 | |
| 1630 | /* Alias of mbedtls_ssl_pend_fatal_alert */ |
| 1631 | #define MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value ) \ |
| 1632 | mbedtls_ssl_pend_fatal_alert( ssl, type, user_return_value ) |
| 1633 | |
Hanno Becker | 7e8e6a6 | 2020-02-05 10:45:48 +0000 | [diff] [blame] | 1634 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| 1635 | void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ); |
| 1636 | #endif |
| 1637 | |
Hanno Becker | ce5f5fd | 2020-02-05 10:47:44 +0000 | [diff] [blame] | 1638 | void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); |
| 1639 | |
Hanno Becker | 08f0913 | 2020-02-11 15:40:07 +0000 | [diff] [blame] | 1640 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1641 | MBEDTLS_CHECK_RETURN_CRITICAL |
Hanno Becker | 40cdaa1 | 2020-02-05 10:48:27 +0000 | [diff] [blame] | 1642 | int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl ); |
Hanno Becker | 08f0913 | 2020-02-11 15:40:07 +0000 | [diff] [blame] | 1643 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
Hanno Becker | 8949071 | 2020-02-05 10:50:12 +0000 | [diff] [blame] | 1644 | |
Hanno Becker | 533ab5f | 2020-02-05 10:49:13 +0000 | [diff] [blame] | 1645 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Hanno Becker | 08f0913 | 2020-02-11 15:40:07 +0000 | [diff] [blame] | 1646 | size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl ); |
Hanno Becker | 533ab5f | 2020-02-05 10:49:13 +0000 | [diff] [blame] | 1647 | void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl ); |
| 1648 | void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ); |
| 1649 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| 1650 | |
Jerry Yu | 60835a8 | 2021-08-04 10:13:52 +0800 | [diff] [blame] | 1651 | /** |
| 1652 | * ssl utils functions for checking configuration. |
| 1653 | */ |
| 1654 | |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 1655 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Jerry Yu | 60835a8 | 2021-08-04 10:13:52 +0800 | [diff] [blame] | 1656 | static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf ) |
| 1657 | { |
Glenn Strauss | 2dfcea2 | 2022-03-14 17:26:42 -0400 | [diff] [blame] | 1658 | return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && |
| 1659 | conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ); |
Jerry Yu | 60835a8 | 2021-08-04 10:13:52 +0800 | [diff] [blame] | 1660 | } |
Jerry Yu | 3ad14ac | 2022-01-11 17:13:16 +0800 | [diff] [blame] | 1661 | |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 1662 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
Jerry Yu | 60835a8 | 2021-08-04 10:13:52 +0800 | [diff] [blame] | 1663 | |
| 1664 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| 1665 | static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf ) |
| 1666 | { |
Glenn Strauss | 2dfcea2 | 2022-03-14 17:26:42 -0400 | [diff] [blame] | 1667 | return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && |
| 1668 | conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 ); |
Jerry Yu | 60835a8 | 2021-08-04 10:13:52 +0800 | [diff] [blame] | 1669 | } |
Jerry Yu | 3ad14ac | 2022-01-11 17:13:16 +0800 | [diff] [blame] | 1670 | |
Jerry Yu | 60835a8 | 2021-08-04 10:13:52 +0800 | [diff] [blame] | 1671 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| 1672 | |
Jerry Yu | 3ad14ac | 2022-01-11 17:13:16 +0800 | [diff] [blame] | 1673 | static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *conf ) |
| 1674 | { |
| 1675 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Glenn Strauss | 2dfcea2 | 2022-03-14 17:26:42 -0400 | [diff] [blame] | 1676 | return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 && |
| 1677 | conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3 ); |
Jerry Yu | 3ad14ac | 2022-01-11 17:13:16 +0800 | [diff] [blame] | 1678 | #else |
| 1679 | ((void) conf); |
| 1680 | return( 0 ); |
| 1681 | #endif |
| 1682 | } |
| 1683 | |
| 1684 | static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *conf ) |
| 1685 | { |
| 1686 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Glenn Strauss | 2dfcea2 | 2022-03-14 17:26:42 -0400 | [diff] [blame] | 1687 | return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 && |
| 1688 | conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_2 ); |
Jerry Yu | 3ad14ac | 2022-01-11 17:13:16 +0800 | [diff] [blame] | 1689 | #else |
| 1690 | ((void) conf); |
| 1691 | return( 0 ); |
| 1692 | #endif |
| 1693 | } |
| 1694 | |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 1695 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Jerry Yu | 60835a8 | 2021-08-04 10:13:52 +0800 | [diff] [blame] | 1696 | static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf ) |
| 1697 | { |
Glenn Strauss | 2dfcea2 | 2022-03-14 17:26:42 -0400 | [diff] [blame] | 1698 | return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && |
| 1699 | conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ); |
Jerry Yu | 60835a8 | 2021-08-04 10:13:52 +0800 | [diff] [blame] | 1700 | } |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 1701 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */ |
Jerry Yu | 60835a8 | 2021-08-04 10:13:52 +0800 | [diff] [blame] | 1702 | |
Ronald Cron | 6f135e1 | 2021-12-08 16:57:54 +0100 | [diff] [blame] | 1703 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Jerry Yu | fbe3e64 | 2022-04-25 19:31:51 +0800 | [diff] [blame] | 1704 | extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ |
| 1705 | MBEDTLS_SERVER_HELLO_RANDOM_LEN ]; |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1706 | MBEDTLS_CHECK_RETURN_CRITICAL |
Jerry Yu | a6e6c27 | 2021-11-17 17:54:13 +0800 | [diff] [blame] | 1707 | int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1708 | MBEDTLS_CHECK_RETURN_CRITICAL |
Jerry Yu | a6e6c27 | 2021-11-17 17:54:13 +0800 | [diff] [blame] | 1709 | int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl ); |
| 1710 | void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ); |
| 1711 | |
| 1712 | /** |
Ronald Cron | 3d580bf | 2022-02-18 17:24:56 +0100 | [diff] [blame] | 1713 | * \brief Given an SSL context and its associated configuration, write the TLS |
| 1714 | * 1.3 specific extensions of the ClientHello message. |
| 1715 | * |
| 1716 | * \param[in] ssl SSL context |
| 1717 | * \param[in] buf Base address of the buffer where to write the extensions |
| 1718 | * \param[in] end End address of the buffer where to write the extensions |
| 1719 | * \param[out] out_len Length of the data written into the buffer \p buf |
| 1720 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1721 | MBEDTLS_CHECK_RETURN_CRITICAL |
Ronald Cron | 3d580bf | 2022-02-18 17:24:56 +0100 | [diff] [blame] | 1722 | int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, |
| 1723 | unsigned char *buf, |
| 1724 | unsigned char *end, |
| 1725 | size_t *out_len ); |
| 1726 | |
| 1727 | /** |
Jerry Yu | a6e6c27 | 2021-11-17 17:54:13 +0800 | [diff] [blame] | 1728 | * \brief TLS 1.3 client side state machine entry |
| 1729 | * |
| 1730 | * \param ssl SSL context |
| 1731 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1732 | MBEDTLS_CHECK_RETURN_CRITICAL |
Jerry Yu | a6e6c27 | 2021-11-17 17:54:13 +0800 | [diff] [blame] | 1733 | int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ); |
| 1734 | |
| 1735 | /** |
| 1736 | * \brief TLS 1.3 server side state machine entry |
| 1737 | * |
| 1738 | * \param ssl SSL context |
| 1739 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1740 | MBEDTLS_CHECK_RETURN_CRITICAL |
Jerry Yu | a6e6c27 | 2021-11-17 17:54:13 +0800 | [diff] [blame] | 1741 | int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ); |
| 1742 | |
Jerry Yu | 26f4d15 | 2021-08-23 17:42:37 +0800 | [diff] [blame] | 1743 | |
| 1744 | /* |
| 1745 | * Helper functions around key exchange modes. |
| 1746 | */ |
Jerry Yu | b60e3cf | 2021-09-08 16:41:02 +0800 | [diff] [blame] | 1747 | static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes( mbedtls_ssl_context *ssl, |
Jerry Yu | 26f4d15 | 2021-08-23 17:42:37 +0800 | [diff] [blame] | 1748 | int kex_mode_mask ) |
| 1749 | { |
| 1750 | return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 ); |
| 1751 | } |
| 1752 | |
Jerry Yu | b60e3cf | 2021-09-08 16:41:02 +0800 | [diff] [blame] | 1753 | static inline int mbedtls_ssl_conf_tls13_psk_enabled( mbedtls_ssl_context *ssl ) |
Jerry Yu | 26f4d15 | 2021-08-23 17:42:37 +0800 | [diff] [blame] | 1754 | { |
Jerry Yu | b60e3cf | 2021-09-08 16:41:02 +0800 | [diff] [blame] | 1755 | return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1756 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ) ); |
Jerry Yu | 26f4d15 | 2021-08-23 17:42:37 +0800 | [diff] [blame] | 1757 | } |
| 1758 | |
| 1759 | static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl ) |
| 1760 | { |
Jerry Yu | b60e3cf | 2021-09-08 16:41:02 +0800 | [diff] [blame] | 1761 | return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1762 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) ); |
Jerry Yu | 26f4d15 | 2021-08-23 17:42:37 +0800 | [diff] [blame] | 1763 | } |
| 1764 | |
Jerry Yu | b60e3cf | 2021-09-08 16:41:02 +0800 | [diff] [blame] | 1765 | static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl ) |
Jerry Yu | 26f4d15 | 2021-08-23 17:42:37 +0800 | [diff] [blame] | 1766 | { |
Jerry Yu | b60e3cf | 2021-09-08 16:41:02 +0800 | [diff] [blame] | 1767 | return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1768 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) ); |
Jerry Yu | 26f4d15 | 2021-08-23 17:42:37 +0800 | [diff] [blame] | 1769 | } |
| 1770 | |
| 1771 | static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl ) |
| 1772 | { |
Jerry Yu | b60e3cf | 2021-09-08 16:41:02 +0800 | [diff] [blame] | 1773 | return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1774 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) ); |
Jerry Yu | 26f4d15 | 2021-08-23 17:42:37 +0800 | [diff] [blame] | 1775 | } |
| 1776 | |
| 1777 | static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) |
| 1778 | { |
Jerry Yu | b60e3cf | 2021-09-08 16:41:02 +0800 | [diff] [blame] | 1779 | return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl, |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1780 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) ); |
Jerry Yu | 26f4d15 | 2021-08-23 17:42:37 +0800 | [diff] [blame] | 1781 | } |
| 1782 | |
Ronald Cron | bc817ba | 2022-07-21 09:35:20 +0200 | [diff] [blame] | 1783 | #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) |
Jerry Yu | adf861a | 2021-09-29 21:22:08 +0800 | [diff] [blame] | 1784 | /** |
| 1785 | * Given a list of key exchange modes, check if at least one of them is |
| 1786 | * supported. |
| 1787 | * |
| 1788 | * \param[in] ssl SSL context |
Jerry Yu | 0cabad3 | 2021-09-30 09:52:35 +0800 | [diff] [blame] | 1789 | * \param kex_modes_mask Mask of the key exchange modes to check |
Jerry Yu | adf861a | 2021-09-29 21:22:08 +0800 | [diff] [blame] | 1790 | * |
| 1791 | * \return 0 if at least one of the key exchange modes is supported, |
Jerry Yu | dca3d5d | 2021-10-08 14:19:29 +0800 | [diff] [blame] | 1792 | * !=0 otherwise. |
Jerry Yu | adf861a | 2021-09-29 21:22:08 +0800 | [diff] [blame] | 1793 | */ |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1794 | static inline unsigned mbedtls_ssl_tls13_check_kex_modes( mbedtls_ssl_context *ssl, |
| 1795 | int kex_modes_mask ) |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1796 | { |
Xiaofei Bai | d25fab6 | 2021-12-02 06:36:27 +0000 | [diff] [blame] | 1797 | return( ( ssl->handshake->tls13_kex_modes & kex_modes_mask ) == 0 ); |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1798 | } |
| 1799 | |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1800 | static inline int mbedtls_ssl_tls13_psk_enabled( mbedtls_ssl_context *ssl ) |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1801 | { |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1802 | return( ! mbedtls_ssl_tls13_check_kex_modes( ssl, |
| 1803 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ) ); |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1804 | } |
| 1805 | |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1806 | static inline int mbedtls_ssl_tls13_psk_ephemeral_enabled( |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1807 | mbedtls_ssl_context *ssl ) |
| 1808 | { |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1809 | return( ! mbedtls_ssl_tls13_check_kex_modes( ssl, |
| 1810 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) ); |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1811 | } |
| 1812 | |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1813 | static inline int mbedtls_ssl_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl ) |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1814 | { |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1815 | return( ! mbedtls_ssl_tls13_check_kex_modes( ssl, |
| 1816 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) ); |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1817 | } |
| 1818 | |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1819 | static inline int mbedtls_ssl_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl ) |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1820 | { |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1821 | return( ! mbedtls_ssl_tls13_check_kex_modes( ssl, |
| 1822 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) ); |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1823 | } |
| 1824 | |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1825 | static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1826 | { |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1827 | return( ! mbedtls_ssl_tls13_check_kex_modes( ssl, |
| 1828 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) ); |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1829 | } |
Ronald Cron | bc817ba | 2022-07-21 09:35:20 +0200 | [diff] [blame] | 1830 | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ |
Jerry Yu | 1b7c4a4 | 2021-09-09 17:09:12 +0800 | [diff] [blame] | 1831 | |
Jerry Yu | 5cc8f0a | 2021-08-27 17:21:44 +0800 | [diff] [blame] | 1832 | /* |
Ronald Cron | 8538549 | 2022-07-20 16:44:00 +0200 | [diff] [blame] | 1833 | * Helper functions to check the selected key exchange mode. |
| 1834 | */ |
| 1835 | static inline int mbedtls_ssl_tls13_key_exchange_mode_check( |
| 1836 | mbedtls_ssl_context *ssl, int kex_mask ) |
| 1837 | { |
| 1838 | return( ( ssl->handshake->key_exchange_mode & kex_mask ) != 0 ); |
| 1839 | } |
| 1840 | |
| 1841 | static inline int mbedtls_ssl_tls13_key_exchange_mode_with_psk( |
| 1842 | mbedtls_ssl_context *ssl ) |
| 1843 | { |
| 1844 | return( mbedtls_ssl_tls13_key_exchange_mode_check( ssl, |
| 1845 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) ); |
| 1846 | } |
| 1847 | |
| 1848 | static inline int mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral( |
| 1849 | mbedtls_ssl_context *ssl ) |
| 1850 | { |
| 1851 | return( mbedtls_ssl_tls13_key_exchange_mode_check( ssl, |
| 1852 | MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) ); |
| 1853 | } |
| 1854 | |
| 1855 | /* |
XiaokangQian | 6b226b0 | 2021-09-24 07:51:16 +0000 | [diff] [blame] | 1856 | * Fetch TLS 1.3 handshake message header |
| 1857 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1858 | MBEDTLS_CHECK_RETURN_CRITICAL |
Xiaofei Bai | 746f948 | 2021-11-12 08:53:56 +0000 | [diff] [blame] | 1859 | int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl, |
| 1860 | unsigned hs_type, |
| 1861 | unsigned char **buf, |
| 1862 | size_t *buf_len ); |
XiaokangQian | 6b226b0 | 2021-09-24 07:51:16 +0000 | [diff] [blame] | 1863 | |
| 1864 | /* |
Xiaofei Bai | 947571e | 2021-09-29 09:12:03 +0000 | [diff] [blame] | 1865 | * Handler of TLS 1.3 server certificate message |
| 1866 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1867 | MBEDTLS_CHECK_RETURN_CRITICAL |
Xiaofei Bai | 947571e | 2021-09-29 09:12:03 +0000 | [diff] [blame] | 1868 | int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl ); |
| 1869 | |
Jerry Yu | 90f152d | 2022-01-29 22:12:42 +0800 | [diff] [blame] | 1870 | #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) |
Jerry Yu | 5cc8f0a | 2021-08-27 17:21:44 +0800 | [diff] [blame] | 1871 | /* |
Jerry Yu | 3e53644 | 2022-02-15 11:05:59 +0800 | [diff] [blame] | 1872 | * Handler of TLS 1.3 write Certificate message |
Jerry Yu | 5cc3506 | 2022-01-28 16:16:08 +0800 | [diff] [blame] | 1873 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1874 | MBEDTLS_CHECK_RETURN_CRITICAL |
Jerry Yu | 5cc3506 | 2022-01-28 16:16:08 +0800 | [diff] [blame] | 1875 | int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl ); |
| 1876 | |
| 1877 | /* |
Jerry Yu | 3e53644 | 2022-02-15 11:05:59 +0800 | [diff] [blame] | 1878 | * Handler of TLS 1.3 write Certificate Verify message |
Jerry Yu | 8511f12 | 2022-01-29 10:01:04 +0800 | [diff] [blame] | 1879 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1880 | MBEDTLS_CHECK_RETURN_CRITICAL |
Jerry Yu | 8511f12 | 2022-01-29 10:01:04 +0800 | [diff] [blame] | 1881 | int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ); |
Jerry Yu | 90f152d | 2022-01-29 22:12:42 +0800 | [diff] [blame] | 1882 | |
| 1883 | #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ |
| 1884 | |
Jerry Yu | 8511f12 | 2022-01-29 10:01:04 +0800 | [diff] [blame] | 1885 | /* |
Jerry Yu | 30b071c | 2021-09-12 20:16:03 +0800 | [diff] [blame] | 1886 | * Generic handler of Certificate Verify |
| 1887 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1888 | MBEDTLS_CHECK_RETURN_CRITICAL |
Jerry Yu | 30b071c | 2021-09-12 20:16:03 +0800 | [diff] [blame] | 1889 | int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl ); |
| 1890 | |
| 1891 | /* |
Ronald Cron | 49ad619 | 2021-11-24 16:25:31 +0100 | [diff] [blame] | 1892 | * Write of dummy-CCS's for middlebox compatibility |
| 1893 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1894 | MBEDTLS_CHECK_RETURN_CRITICAL |
Ronald Cron | 49ad619 | 2021-11-24 16:25:31 +0100 | [diff] [blame] | 1895 | int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl ); |
| 1896 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1897 | MBEDTLS_CHECK_RETURN_CRITICAL |
XiaokangQian | 647719a | 2021-12-07 09:16:29 +0000 | [diff] [blame] | 1898 | int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl ); |
| 1899 | |
Jerry Yu | 89e103c | 2022-03-30 22:43:29 +0800 | [diff] [blame] | 1900 | #if defined(MBEDTLS_ECDH_C) |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1901 | MBEDTLS_CHECK_RETURN_CRITICAL |
Jerry Yu | 89e103c | 2022-03-30 22:43:29 +0800 | [diff] [blame] | 1902 | int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( |
| 1903 | mbedtls_ssl_context *ssl, |
| 1904 | uint16_t named_group, |
| 1905 | unsigned char *buf, |
| 1906 | unsigned char *end, |
| 1907 | size_t *out_len ); |
| 1908 | #endif /* MBEDTLS_ECDH_C */ |
| 1909 | |
| 1910 | |
Jerry Yu | f017ee4 | 2022-01-12 15:49:48 +0800 | [diff] [blame] | 1911 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
| 1912 | |
Jerry Yu | bc20bdd | 2021-08-24 15:59:48 +0800 | [diff] [blame] | 1913 | #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) |
Jerry Yu | 5cc8f0a | 2021-08-27 17:21:44 +0800 | [diff] [blame] | 1914 | /* |
Gabor Mezei | 53a3b14 | 2022-05-10 13:20:55 +0200 | [diff] [blame] | 1915 | * Parse TLS Signature Algorithm extension |
Xiaofei Bai | 69fcd39 | 2022-01-20 08:25:00 +0000 | [diff] [blame] | 1916 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1917 | MBEDTLS_CHECK_RETURN_CRITICAL |
Gabor Mezei | 078e803 | 2022-04-27 21:17:56 +0200 | [diff] [blame] | 1918 | int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl, |
| 1919 | const unsigned char *buf, |
| 1920 | const unsigned char *end ); |
Jerry Yu | bc20bdd | 2021-08-24 15:59:48 +0800 | [diff] [blame] | 1921 | #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ |
Jerry Yu | 65dd2cc | 2021-08-18 16:38:40 +0800 | [diff] [blame] | 1922 | |
Jerry Yu | 000f976 | 2021-09-14 11:12:51 +0800 | [diff] [blame] | 1923 | /* Get handshake transcript */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 1924 | MBEDTLS_CHECK_RETURN_CRITICAL |
Jerry Yu | 000f976 | 2021-09-14 11:12:51 +0800 | [diff] [blame] | 1925 | int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, |
| 1926 | const mbedtls_md_type_t md, |
| 1927 | unsigned char *dst, |
| 1928 | size_t dst_len, |
| 1929 | size_t *olen ); |
| 1930 | |
Brett Warren | e0edc84 | 2021-08-17 09:53:13 +0100 | [diff] [blame] | 1931 | /* |
| 1932 | * Return supported groups. |
| 1933 | * |
| 1934 | * In future, invocations can be changed to ssl->conf->group_list |
| 1935 | * when mbedtls_ssl_conf_curves() is deleted. |
| 1936 | * |
| 1937 | * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group |
| 1938 | * identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to |
| 1939 | * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked. |
| 1940 | * |
| 1941 | */ |
| 1942 | static inline const void *mbedtls_ssl_get_groups( const mbedtls_ssl_context *ssl ) |
| 1943 | { |
| 1944 | #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C) |
| 1945 | return( ssl->conf->group_list ); |
| 1946 | #else |
| 1947 | if( ( ssl->handshake != NULL ) && ( ssl->handshake->group_list != NULL ) ) |
| 1948 | return( ssl->handshake->group_list ); |
| 1949 | else |
| 1950 | return( ssl->conf->group_list ); |
| 1951 | #endif |
| 1952 | } |
| 1953 | |
Jerry Yu | ba07342 | 2021-12-20 22:22:15 +0800 | [diff] [blame] | 1954 | /* |
| 1955 | * Helper functions for NamedGroup. |
| 1956 | */ |
Jerry Yu | 3ad14ac | 2022-01-11 17:13:16 +0800 | [diff] [blame] | 1957 | static inline int mbedtls_ssl_tls12_named_group_is_ecdhe( uint16_t named_group ) |
Jerry Yu | ba07342 | 2021-12-20 22:22:15 +0800 | [diff] [blame] | 1958 | { |
| 1959 | /* |
Jerry Yu | 3ad14ac | 2022-01-11 17:13:16 +0800 | [diff] [blame] | 1960 | * RFC 8422 section 5.1.1 |
Jerry Yu | ba07342 | 2021-12-20 22:22:15 +0800 | [diff] [blame] | 1961 | */ |
Jerry Yu | f0fede5 | 2022-01-12 10:57:47 +0800 | [diff] [blame] | 1962 | return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 || |
| 1963 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1 || |
| 1964 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 || |
| 1965 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 || |
| 1966 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 || |
Andrzej Kurek | 5c65c57 | 2022-04-13 14:28:52 -0400 | [diff] [blame] | 1967 | /* Below deprecated curves should be removed with notice to users */ |
Jerry Yu | f0fede5 | 2022-01-12 10:57:47 +0800 | [diff] [blame] | 1968 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 || |
Jerry Yu | 3ad14ac | 2022-01-11 17:13:16 +0800 | [diff] [blame] | 1969 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 || |
| 1970 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 || |
| 1971 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 || |
| 1972 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 || |
| 1973 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || |
| 1974 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || |
Jerry Yu | f0fede5 | 2022-01-12 10:57:47 +0800 | [diff] [blame] | 1975 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ); |
Jerry Yu | ba07342 | 2021-12-20 22:22:15 +0800 | [diff] [blame] | 1976 | } |
| 1977 | |
| 1978 | static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group ) |
| 1979 | { |
Jerry Yu | f0fede5 | 2022-01-12 10:57:47 +0800 | [diff] [blame] | 1980 | return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 || |
| 1981 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || |
Jerry Yu | ba07342 | 2021-12-20 22:22:15 +0800 | [diff] [blame] | 1982 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || |
| 1983 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 || |
Jerry Yu | ba07342 | 2021-12-20 22:22:15 +0800 | [diff] [blame] | 1984 | named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 ); |
| 1985 | } |
| 1986 | |
| 1987 | static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group ) |
| 1988 | { |
| 1989 | return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 && |
| 1990 | named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 ); |
| 1991 | } |
| 1992 | |
XiaokangQian | 0803755 | 2022-04-20 07:16:41 +0000 | [diff] [blame] | 1993 | static inline int mbedtls_ssl_named_group_is_offered( |
| 1994 | const mbedtls_ssl_context *ssl, uint16_t named_group ) |
| 1995 | { |
| 1996 | const uint16_t *group_list = mbedtls_ssl_get_groups( ssl ); |
| 1997 | |
| 1998 | if( group_list == NULL ) |
| 1999 | return( 0 ); |
| 2000 | |
| 2001 | for( ; *group_list != 0; group_list++ ) |
| 2002 | { |
| 2003 | if( *group_list == named_group ) |
| 2004 | return( 1 ); |
| 2005 | } |
| 2006 | |
| 2007 | return( 0 ); |
| 2008 | } |
| 2009 | |
| 2010 | static inline int mbedtls_ssl_named_group_is_supported( uint16_t named_group ) |
| 2011 | { |
| 2012 | #if defined(MBEDTLS_ECDH_C) |
| 2013 | if( mbedtls_ssl_tls13_named_group_is_ecdhe( named_group ) ) |
| 2014 | { |
| 2015 | const mbedtls_ecp_curve_info *curve_info = |
| 2016 | mbedtls_ecp_curve_info_from_tls_id( named_group ); |
| 2017 | if( curve_info != NULL ) |
| 2018 | return( 1 ); |
| 2019 | } |
| 2020 | #else |
| 2021 | ((void) named_group); |
| 2022 | #endif /* MBEDTLS_ECDH_C */ |
| 2023 | return( 0 ); |
| 2024 | } |
| 2025 | |
Jerry Yu | afdfed1 | 2021-12-22 10:49:02 +0800 | [diff] [blame] | 2026 | /* |
Jerry Yu | 713013f | 2022-01-17 18:16:35 +0800 | [diff] [blame] | 2027 | * Return supported signature algorithms. |
| 2028 | * |
| 2029 | * In future, invocations can be changed to ssl->conf->sig_algs when |
| 2030 | * mbedtls_ssl_conf_sig_hashes() is deleted. |
| 2031 | * |
Jerry Yu | 7ddc38c | 2022-01-19 11:08:05 +0800 | [diff] [blame] | 2032 | * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS |
| 2033 | * signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been |
| 2034 | * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has |
| 2035 | * been more recently invoked. |
| 2036 | * |
Jerry Yu | afdfed1 | 2021-12-22 10:49:02 +0800 | [diff] [blame] | 2037 | */ |
Jerry Yu | 713013f | 2022-01-17 18:16:35 +0800 | [diff] [blame] | 2038 | static inline const void *mbedtls_ssl_get_sig_algs( |
| 2039 | const mbedtls_ssl_context *ssl ) |
Jerry Yu | afdfed1 | 2021-12-22 10:49:02 +0800 | [diff] [blame] | 2040 | { |
| 2041 | #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) |
Manuel Pégourié-Gonnard | f7d704d | 2022-01-28 10:05:56 +0100 | [diff] [blame] | 2042 | |
Jerry Yu | 6106fdc | 2022-01-12 16:36:14 +0800 | [diff] [blame] | 2043 | #if !defined(MBEDTLS_DEPRECATED_REMOVED) |
Jerry Yu | cc53910 | 2022-06-27 16:27:35 +0800 | [diff] [blame] | 2044 | if( ssl->handshake != NULL && |
| 2045 | ssl->handshake->sig_algs_heap_allocated == 1 && |
Jerry Yu | ee28e7a | 2022-06-24 19:35:40 +0800 | [diff] [blame] | 2046 | ssl->handshake->sig_algs != NULL ) |
| 2047 | { |
Jerry Yu | 6106fdc | 2022-01-12 16:36:14 +0800 | [diff] [blame] | 2048 | return( ssl->handshake->sig_algs ); |
Jerry Yu | ee28e7a | 2022-06-24 19:35:40 +0800 | [diff] [blame] | 2049 | } |
Jerry Yu | 6106fdc | 2022-01-12 16:36:14 +0800 | [diff] [blame] | 2050 | #endif |
| 2051 | return( ssl->conf->sig_algs ); |
Manuel Pégourié-Gonnard | f7d704d | 2022-01-28 10:05:56 +0100 | [diff] [blame] | 2052 | |
| 2053 | #else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ |
Jerry Yu | afdfed1 | 2021-12-22 10:49:02 +0800 | [diff] [blame] | 2054 | |
Jerry Yu | 6106fdc | 2022-01-12 16:36:14 +0800 | [diff] [blame] | 2055 | ((void) ssl); |
Jerry Yu | 713013f | 2022-01-17 18:16:35 +0800 | [diff] [blame] | 2056 | return( NULL ); |
Manuel Pégourié-Gonnard | f7d704d | 2022-01-28 10:05:56 +0100 | [diff] [blame] | 2057 | #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ |
Jerry Yu | afdfed1 | 2021-12-22 10:49:02 +0800 | [diff] [blame] | 2058 | } |
Jerry Yu | ba07342 | 2021-12-20 22:22:15 +0800 | [diff] [blame] | 2059 | |
Jerry Yu | a23b9d9 | 2022-02-09 19:57:53 +0800 | [diff] [blame] | 2060 | |
Jerry Yu | 1bab301 | 2022-01-19 17:43:22 +0800 | [diff] [blame] | 2061 | #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) |
Jerry Yu | 24811fb | 2022-01-19 18:02:15 +0800 | [diff] [blame] | 2062 | |
Jerry Yu | a23b9d9 | 2022-02-09 19:57:53 +0800 | [diff] [blame] | 2063 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Jerry Yu | 8511f12 | 2022-01-29 10:01:04 +0800 | [diff] [blame] | 2064 | static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ssl, |
| 2065 | uint16_t own_sig_alg ) |
| 2066 | { |
Jerry Yu | 1bb5a1f | 2022-01-30 10:52:11 +0800 | [diff] [blame] | 2067 | const uint16_t *sig_alg = ssl->handshake->received_sig_algs; |
| 2068 | if( sig_alg == NULL ) |
| 2069 | return( 0 ); |
| 2070 | |
Gabor Mezei | 15b95a6 | 2022-05-09 16:37:58 +0200 | [diff] [blame] | 2071 | for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ ) |
Jerry Yu | 1bb5a1f | 2022-01-30 10:52:11 +0800 | [diff] [blame] | 2072 | { |
| 2073 | if( *sig_alg == own_sig_alg ) |
| 2074 | return( 1 ); |
| 2075 | } |
| 2076 | return( 0 ); |
Jerry Yu | 8511f12 | 2022-01-29 10:01:04 +0800 | [diff] [blame] | 2077 | } |
Jerry Yu | a23b9d9 | 2022-02-09 19:57:53 +0800 | [diff] [blame] | 2078 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
Jerry Yu | 8511f12 | 2022-01-29 10:01:04 +0800 | [diff] [blame] | 2079 | |
Jerry Yu | 24811fb | 2022-01-19 18:02:15 +0800 | [diff] [blame] | 2080 | static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl, |
| 2081 | uint16_t proposed_sig_alg ) |
| 2082 | { |
| 2083 | const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl ); |
| 2084 | if( sig_alg == NULL ) |
| 2085 | return( 0 ); |
| 2086 | |
Gabor Mezei | 15b95a6 | 2022-05-09 16:37:58 +0200 | [diff] [blame] | 2087 | for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ ) |
Jerry Yu | 24811fb | 2022-01-19 18:02:15 +0800 | [diff] [blame] | 2088 | { |
| 2089 | if( *sig_alg == proposed_sig_alg ) |
| 2090 | return( 1 ); |
| 2091 | } |
| 2092 | return( 0 ); |
| 2093 | } |
| 2094 | |
Jerry Yu | 95b743c | 2022-07-23 11:37:50 +0800 | [diff] [blame] | 2095 | static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( |
Jerry Yu | f8aa9a4 | 2022-03-23 20:40:28 +0800 | [diff] [blame] | 2096 | uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg ) |
Jerry Yu | 8c33886 | 2022-03-23 13:34:04 +0800 | [diff] [blame] | 2097 | { |
Jerry Yu | 96ee23e | 2022-06-21 16:34:57 +0800 | [diff] [blame] | 2098 | *pk_type = mbedtls_ssl_pk_alg_from_sig( sig_alg & 0xff ); |
| 2099 | *md_alg = mbedtls_ssl_md_alg_from_hash( ( sig_alg >> 8 ) & 0xff ); |
| 2100 | |
| 2101 | if( *pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE ) |
| 2102 | return( 0 ); |
Jerry Yu | f8aa9a4 | 2022-03-23 20:40:28 +0800 | [diff] [blame] | 2103 | |
Jerry Yu | 8c33886 | 2022-03-23 13:34:04 +0800 | [diff] [blame] | 2104 | switch( sig_alg ) |
| 2105 | { |
Jerry Yu | 52b7d92 | 2022-07-01 18:03:31 +0800 | [diff] [blame] | 2106 | #if defined(MBEDTLS_PKCS1_V21) |
Jerry Yu | e26acee | 2022-03-23 21:01:33 +0800 | [diff] [blame] | 2107 | #if defined(MBEDTLS_SHA256_C) |
Jerry Yu | 8c33886 | 2022-03-23 13:34:04 +0800 | [diff] [blame] | 2108 | case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: |
| 2109 | *md_alg = MBEDTLS_MD_SHA256; |
| 2110 | *pk_type = MBEDTLS_PK_RSASSA_PSS; |
| 2111 | break; |
Jerry Yu | e26acee | 2022-03-23 21:01:33 +0800 | [diff] [blame] | 2112 | #endif /* MBEDTLS_SHA256_C */ |
Jerry Yu | e26acee | 2022-03-23 21:01:33 +0800 | [diff] [blame] | 2113 | #if defined(MBEDTLS_SHA384_C) |
Jerry Yu | 8c33886 | 2022-03-23 13:34:04 +0800 | [diff] [blame] | 2114 | case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: |
| 2115 | *md_alg = MBEDTLS_MD_SHA384; |
| 2116 | *pk_type = MBEDTLS_PK_RSASSA_PSS; |
| 2117 | break; |
Jerry Yu | e26acee | 2022-03-23 21:01:33 +0800 | [diff] [blame] | 2118 | #endif /* MBEDTLS_SHA384_C */ |
Jerry Yu | e26acee | 2022-03-23 21:01:33 +0800 | [diff] [blame] | 2119 | #if defined(MBEDTLS_SHA512_C) |
Jerry Yu | 8c33886 | 2022-03-23 13:34:04 +0800 | [diff] [blame] | 2120 | case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: |
| 2121 | *md_alg = MBEDTLS_MD_SHA512; |
| 2122 | *pk_type = MBEDTLS_PK_RSASSA_PSS; |
| 2123 | break; |
Jerry Yu | e26acee | 2022-03-23 21:01:33 +0800 | [diff] [blame] | 2124 | #endif /* MBEDTLS_SHA512_C */ |
Jerry Yu | 52b7d92 | 2022-07-01 18:03:31 +0800 | [diff] [blame] | 2125 | #endif /* MBEDTLS_PKCS1_V21 */ |
Jerry Yu | 8c33886 | 2022-03-23 13:34:04 +0800 | [diff] [blame] | 2126 | default: |
Jerry Yu | f8aa9a4 | 2022-03-23 20:40:28 +0800 | [diff] [blame] | 2127 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
Jerry Yu | 8c33886 | 2022-03-23 13:34:04 +0800 | [diff] [blame] | 2128 | } |
Jerry Yu | f8aa9a4 | 2022-03-23 20:40:28 +0800 | [diff] [blame] | 2129 | return( 0 ); |
Jerry Yu | 8c33886 | 2022-03-23 13:34:04 +0800 | [diff] [blame] | 2130 | } |
Jerry Yu | f249ef7 | 2022-06-15 17:23:33 +0800 | [diff] [blame] | 2131 | |
Jerry Yu | 96ee23e | 2022-06-21 16:34:57 +0800 | [diff] [blame] | 2132 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Jerry Yu | a1255e6 | 2022-06-24 10:10:47 +0800 | [diff] [blame] | 2133 | static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( |
Jerry Yu | 0ebce95 | 2022-06-16 13:54:47 +0800 | [diff] [blame] | 2134 | const uint16_t sig_alg ) |
| 2135 | { |
Jerry Yu | 96ee23e | 2022-06-21 16:34:57 +0800 | [diff] [blame] | 2136 | switch( sig_alg ) |
| 2137 | { |
| 2138 | #if defined(MBEDTLS_ECDSA_C) |
| 2139 | #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) |
| 2140 | case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: |
| 2141 | break; |
| 2142 | #endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ |
| 2143 | #if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) |
| 2144 | case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: |
| 2145 | break; |
| 2146 | #endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ |
| 2147 | #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) |
| 2148 | case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: |
| 2149 | break; |
| 2150 | #endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ |
| 2151 | #endif /* MBEDTLS_ECDSA_C */ |
| 2152 | |
Jerry Yu | 52b7d92 | 2022-07-01 18:03:31 +0800 | [diff] [blame] | 2153 | #if defined(MBEDTLS_PKCS1_V21) |
Jerry Yu | 96ee23e | 2022-06-21 16:34:57 +0800 | [diff] [blame] | 2154 | #if defined(MBEDTLS_SHA256_C) |
| 2155 | case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: |
| 2156 | break; |
| 2157 | #endif /* MBEDTLS_SHA256_C */ |
| 2158 | #if defined(MBEDTLS_SHA384_C) |
| 2159 | case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: |
| 2160 | break; |
| 2161 | #endif /* MBEDTLS_SHA384_C */ |
| 2162 | #if defined(MBEDTLS_SHA512_C) |
| 2163 | case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: |
| 2164 | break; |
| 2165 | #endif /* MBEDTLS_SHA512_C */ |
Jerry Yu | 52b7d92 | 2022-07-01 18:03:31 +0800 | [diff] [blame] | 2166 | #endif /* MBEDTLS_PKCS1_V21 */ |
Jerry Yu | 96ee23e | 2022-06-21 16:34:57 +0800 | [diff] [blame] | 2167 | default: |
| 2168 | return( 0 ); |
| 2169 | } |
| 2170 | return( 1 ); |
Jerry Yu | 80dd5db | 2022-06-22 19:30:32 +0800 | [diff] [blame] | 2171 | |
| 2172 | } |
| 2173 | |
| 2174 | static inline int mbedtls_ssl_tls13_sig_alg_is_supported( |
| 2175 | const uint16_t sig_alg ) |
| 2176 | { |
| 2177 | switch( sig_alg ) |
| 2178 | { |
Jerry Yu | 52b7d92 | 2022-07-01 18:03:31 +0800 | [diff] [blame] | 2179 | #if defined(MBEDTLS_PKCS1_V15) |
Jerry Yu | 80dd5db | 2022-06-22 19:30:32 +0800 | [diff] [blame] | 2180 | #if defined(MBEDTLS_SHA256_C) |
| 2181 | case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: |
| 2182 | break; |
| 2183 | #endif /* MBEDTLS_SHA256_C */ |
| 2184 | #if defined(MBEDTLS_SHA384_C) |
| 2185 | case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: |
| 2186 | break; |
| 2187 | #endif /* MBEDTLS_SHA384_C */ |
| 2188 | #if defined(MBEDTLS_SHA512_C) |
| 2189 | case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: |
| 2190 | break; |
| 2191 | #endif /* MBEDTLS_SHA512_C */ |
Jerry Yu | 52b7d92 | 2022-07-01 18:03:31 +0800 | [diff] [blame] | 2192 | #endif /* MBEDTLS_PKCS1_V15 */ |
Jerry Yu | 80dd5db | 2022-06-22 19:30:32 +0800 | [diff] [blame] | 2193 | default: |
Jerry Yu | a1255e6 | 2022-06-24 10:10:47 +0800 | [diff] [blame] | 2194 | return( mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( |
Jerry Yu | 80dd5db | 2022-06-22 19:30:32 +0800 | [diff] [blame] | 2195 | sig_alg ) ); |
| 2196 | } |
| 2197 | return( 1 ); |
Jerry Yu | 0ebce95 | 2022-06-16 13:54:47 +0800 | [diff] [blame] | 2198 | } |
Jerry Yu | f249ef7 | 2022-06-15 17:23:33 +0800 | [diff] [blame] | 2199 | |
Jerry Yu | 8c33886 | 2022-03-23 13:34:04 +0800 | [diff] [blame] | 2200 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
| 2201 | |
Jerry Yu | 0ebce95 | 2022-06-16 13:54:47 +0800 | [diff] [blame] | 2202 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| 2203 | static inline int mbedtls_ssl_tls12_sig_alg_is_supported( |
| 2204 | const uint16_t sig_alg ) |
| 2205 | { |
| 2206 | /* High byte is hash */ |
| 2207 | unsigned char hash = MBEDTLS_BYTE_1( sig_alg ); |
| 2208 | unsigned char sig = MBEDTLS_BYTE_0( sig_alg ); |
| 2209 | |
| 2210 | switch( hash ) |
| 2211 | { |
| 2212 | #if defined(MBEDTLS_MD5_C) |
| 2213 | case MBEDTLS_SSL_HASH_MD5: |
| 2214 | break; |
| 2215 | #endif |
| 2216 | |
| 2217 | #if defined(MBEDTLS_SHA1_C) |
| 2218 | case MBEDTLS_SSL_HASH_SHA1: |
| 2219 | break; |
| 2220 | #endif |
| 2221 | |
| 2222 | #if defined(MBEDTLS_SHA224_C) |
| 2223 | case MBEDTLS_SSL_HASH_SHA224: |
| 2224 | break; |
| 2225 | #endif |
| 2226 | |
| 2227 | #if defined(MBEDTLS_SHA256_C) |
| 2228 | case MBEDTLS_SSL_HASH_SHA256: |
| 2229 | break; |
| 2230 | #endif |
| 2231 | |
| 2232 | #if defined(MBEDTLS_SHA384_C) |
| 2233 | case MBEDTLS_SSL_HASH_SHA384: |
| 2234 | break; |
| 2235 | #endif |
| 2236 | |
| 2237 | #if defined(MBEDTLS_SHA512_C) |
| 2238 | case MBEDTLS_SSL_HASH_SHA512: |
| 2239 | break; |
| 2240 | #endif |
| 2241 | |
| 2242 | default: |
| 2243 | return( 0 ); |
| 2244 | } |
| 2245 | |
| 2246 | switch( sig ) |
| 2247 | { |
| 2248 | #if defined(MBEDTLS_RSA_C) |
| 2249 | case MBEDTLS_SSL_SIG_RSA: |
| 2250 | break; |
| 2251 | #endif |
| 2252 | |
| 2253 | #if defined(MBEDTLS_ECDSA_C) |
| 2254 | case MBEDTLS_SSL_SIG_ECDSA: |
| 2255 | break; |
| 2256 | #endif |
| 2257 | |
| 2258 | default: |
| 2259 | return( 0 ); |
| 2260 | } |
| 2261 | |
| 2262 | return( 1 ); |
| 2263 | } |
| 2264 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| 2265 | |
Jerry Yu | 1bab301 | 2022-01-19 17:43:22 +0800 | [diff] [blame] | 2266 | static inline int mbedtls_ssl_sig_alg_is_supported( |
| 2267 | const mbedtls_ssl_context *ssl, |
| 2268 | const uint16_t sig_alg ) |
| 2269 | { |
| 2270 | |
| 2271 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
Glenn Strauss | 60bfe60 | 2022-03-14 19:04:24 -0400 | [diff] [blame] | 2272 | if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 ) |
Jerry Yu | 1bab301 | 2022-01-19 17:43:22 +0800 | [diff] [blame] | 2273 | { |
Jerry Yu | 0ebce95 | 2022-06-16 13:54:47 +0800 | [diff] [blame] | 2274 | return( mbedtls_ssl_tls12_sig_alg_is_supported( sig_alg ) ); |
Jerry Yu | 1bab301 | 2022-01-19 17:43:22 +0800 | [diff] [blame] | 2275 | } |
| 2276 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| 2277 | |
| 2278 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Glenn Strauss | 60bfe60 | 2022-03-14 19:04:24 -0400 | [diff] [blame] | 2279 | if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) |
Jerry Yu | 1bab301 | 2022-01-19 17:43:22 +0800 | [diff] [blame] | 2280 | { |
Jerry Yu | 7ab7f2b | 2022-06-16 19:07:10 +0800 | [diff] [blame] | 2281 | return( mbedtls_ssl_tls13_sig_alg_is_supported( sig_alg ) ); |
Jerry Yu | 1bab301 | 2022-01-19 17:43:22 +0800 | [diff] [blame] | 2282 | } |
| 2283 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
| 2284 | ((void) ssl); |
| 2285 | ((void) sig_alg); |
| 2286 | return( 0 ); |
| 2287 | } |
Jerry Yu | f249ef7 | 2022-06-15 17:23:33 +0800 | [diff] [blame] | 2288 | |
| 2289 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| 2290 | |
Ronald Cron | ce7d76e | 2022-07-08 18:56:49 +0200 | [diff] [blame] | 2291 | MBEDTLS_CHECK_RETURN_CRITICAL |
Jerry Yu | cc53910 | 2022-06-27 16:27:35 +0800 | [diff] [blame] | 2292 | int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg, |
| 2293 | mbedtls_pk_context *key ); |
Jerry Yu | f249ef7 | 2022-06-15 17:23:33 +0800 | [diff] [blame] | 2294 | |
| 2295 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
| 2296 | |
Jerry Yu | 1bab301 | 2022-01-19 17:43:22 +0800 | [diff] [blame] | 2297 | #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ |
| 2298 | |
Neil Armstrong | 8395d7a | 2022-05-18 11:44:56 +0200 | [diff] [blame] | 2299 | #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) |
Przemyslaw Stekiel | e5c2238 | 2022-01-25 00:56:34 +0100 | [diff] [blame] | 2300 | /* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL. |
Andrzej Kurek | 5c65c57 | 2022-04-13 14:28:52 -0400 | [diff] [blame] | 2301 | * Same value is used for PSA_ALG_CATEGORY_CIPHER, hence it is |
Przemyslaw Stekiel | e5c2238 | 2022-01-25 00:56:34 +0100 | [diff] [blame] | 2302 | * guaranteed to not be a valid PSA algorithm identifier. |
| 2303 | */ |
| 2304 | #define MBEDTLS_SSL_NULL_CIPHER 0x04000000 |
| 2305 | |
| 2306 | /** |
| 2307 | * \brief Translate mbedtls cipher type/taglen pair to psa: |
| 2308 | * algorithm, key type and key size. |
| 2309 | * |
| 2310 | * \param mbedtls_cipher_type [in] given mbedtls cipher type |
| 2311 | * \param taglen [in] given tag length |
| 2312 | * 0 - default tag length |
| 2313 | * \param alg [out] corresponding PSA alg |
| 2314 | * There is no corresponding PSA |
Przemyslaw Stekiel | 8c010eb | 2022-02-03 10:44:02 +0100 | [diff] [blame] | 2315 | * alg for MBEDTLS_CIPHER_NULL, so |
| 2316 | * in this case MBEDTLS_SSL_NULL_CIPHER |
| 2317 | * is returned via this parameter |
Przemyslaw Stekiel | e5c2238 | 2022-01-25 00:56:34 +0100 | [diff] [blame] | 2318 | * \param key_type [out] corresponding PSA key type |
| 2319 | * \param key_size [out] corresponding PSA key size |
| 2320 | * |
| 2321 | * \return PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if |
| 2322 | * conversion is not supported. |
| 2323 | */ |
| 2324 | psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, |
| 2325 | size_t taglen, |
| 2326 | psa_algorithm_t *alg, |
| 2327 | psa_key_type_t *key_type, |
| 2328 | size_t *key_size ); |
| 2329 | |
| 2330 | /** |
| 2331 | * \brief Convert given PSA status to mbedtls error code. |
| 2332 | * |
| 2333 | * \param status [in] given PSA status |
| 2334 | * |
| 2335 | * \return corresponding mbedtls error code |
| 2336 | */ |
Przemyslaw Stekiel | 77aec8d | 2022-01-31 20:22:53 +0100 | [diff] [blame] | 2337 | static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) |
Przemyslaw Stekiel | e5c2238 | 2022-01-25 00:56:34 +0100 | [diff] [blame] | 2338 | { |
| 2339 | switch( status ) |
| 2340 | { |
| 2341 | case PSA_SUCCESS: |
| 2342 | return( 0 ); |
| 2343 | case PSA_ERROR_INSUFFICIENT_MEMORY: |
Gabor Mezei | 1bf075f | 2022-03-21 12:19:52 +0100 | [diff] [blame] | 2344 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
Przemyslaw Stekiel | e5c2238 | 2022-01-25 00:56:34 +0100 | [diff] [blame] | 2345 | case PSA_ERROR_NOT_SUPPORTED: |
Gabor Mezei | 1bf075f | 2022-03-21 12:19:52 +0100 | [diff] [blame] | 2346 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
Przemyslaw Stekiel | 89dad93 | 2022-01-31 09:18:07 +0100 | [diff] [blame] | 2347 | case PSA_ERROR_INVALID_SIGNATURE: |
| 2348 | return( MBEDTLS_ERR_SSL_INVALID_MAC ); |
Gabor Mezei | adfeadc | 2022-03-21 12:17:49 +0100 | [diff] [blame] | 2349 | case PSA_ERROR_INVALID_ARGUMENT: |
| 2350 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| 2351 | case PSA_ERROR_BAD_STATE: |
| 2352 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
Przemek Stekiel | 8583627 | 2022-04-05 10:50:53 +0200 | [diff] [blame] | 2353 | case PSA_ERROR_BUFFER_TOO_SMALL: |
| 2354 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
Przemyslaw Stekiel | e5c2238 | 2022-01-25 00:56:34 +0100 | [diff] [blame] | 2355 | default: |
| 2356 | return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); |
| 2357 | } |
| 2358 | } |
Przemyslaw Stekiel | b15f33d | 2022-02-10 10:12:12 +0100 | [diff] [blame] | 2359 | #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ |
Jerry Yu | 1bab301 | 2022-01-19 17:43:22 +0800 | [diff] [blame] | 2360 | |
Neil Armstrong | 8a0f3e8 | 2022-03-30 10:57:37 +0200 | [diff] [blame] | 2361 | /** |
| 2362 | * \brief TLS record protection modes |
| 2363 | */ |
| 2364 | typedef enum { |
| 2365 | MBEDTLS_SSL_MODE_STREAM = 0, |
| 2366 | MBEDTLS_SSL_MODE_CBC, |
| 2367 | MBEDTLS_SSL_MODE_CBC_ETM, |
| 2368 | MBEDTLS_SSL_MODE_AEAD |
| 2369 | } mbedtls_ssl_mode_t; |
| 2370 | |
Neil Armstrong | ab555e0 | 2022-04-04 11:07:59 +0200 | [diff] [blame] | 2371 | mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( |
Neil Armstrong | 8a0f3e8 | 2022-03-30 10:57:37 +0200 | [diff] [blame] | 2372 | const mbedtls_ssl_transform *transform ); |
| 2373 | |
Neil Armstrong | f2c82f0 | 2022-04-05 11:16:53 +0200 | [diff] [blame] | 2374 | #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) |
Neil Armstrong | ab555e0 | 2022-04-04 11:07:59 +0200 | [diff] [blame] | 2375 | mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( |
Neil Armstrong | 4bf4c86 | 2022-04-01 10:35:48 +0200 | [diff] [blame] | 2376 | int encrypt_then_mac, |
| 2377 | const mbedtls_ssl_ciphersuite_t *suite ); |
| 2378 | #else |
Neil Armstrong | ab555e0 | 2022-04-04 11:07:59 +0200 | [diff] [blame] | 2379 | mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( |
Neil Armstrong | 4bf4c86 | 2022-04-01 10:35:48 +0200 | [diff] [blame] | 2380 | const mbedtls_ssl_ciphersuite_t *suite ); |
Neil Armstrong | f2c82f0 | 2022-04-05 11:16:53 +0200 | [diff] [blame] | 2381 | #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ |
Neil Armstrong | 4bf4c86 | 2022-04-01 10:35:48 +0200 | [diff] [blame] | 2382 | |
XiaokangQian | 9b5d04b | 2022-04-10 10:20:43 +0000 | [diff] [blame] | 2383 | #if defined(MBEDTLS_ECDH_C) |
| 2384 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 2385 | MBEDTLS_CHECK_RETURN_CRITICAL |
XiaokangQian | 9b5d04b | 2022-04-10 10:20:43 +0000 | [diff] [blame] | 2386 | int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl, |
| 2387 | const unsigned char *buf, |
| 2388 | size_t buf_len ); |
| 2389 | |
| 2390 | #endif /* MBEDTLS_ECDH_C */ |
| 2391 | |
XiaokangQian | 0a1b54e | 2022-04-21 03:01:38 +0000 | [diff] [blame] | 2392 | static inline int mbedtls_ssl_tls13_cipher_suite_is_offered( |
| 2393 | mbedtls_ssl_context *ssl, int cipher_suite ) |
| 2394 | { |
| 2395 | const int *ciphersuite_list = ssl->conf->ciphersuite_list; |
| 2396 | |
| 2397 | /* Check whether we have offered this ciphersuite */ |
| 2398 | for ( size_t i = 0; ciphersuite_list[i] != 0; i++ ) |
| 2399 | { |
| 2400 | if( ciphersuite_list[i] == cipher_suite ) |
| 2401 | { |
| 2402 | return( 1 ); |
| 2403 | } |
| 2404 | } |
| 2405 | return( 0 ); |
| 2406 | } |
| 2407 | |
| 2408 | /** |
| 2409 | * \brief Validate cipher suite against config in SSL context. |
| 2410 | * |
| 2411 | * \param ssl SSL context |
| 2412 | * \param suite_info Cipher suite to validate |
| 2413 | * \param min_tls_version Minimal TLS version to accept a cipher suite |
| 2414 | * \param max_tls_version Maximal TLS version to accept a cipher suite |
| 2415 | * |
| 2416 | * \return 0 if valid, negative value otherwise. |
| 2417 | */ |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 2418 | MBEDTLS_CHECK_RETURN_CRITICAL |
XiaokangQian | 0a1b54e | 2022-04-21 03:01:38 +0000 | [diff] [blame] | 2419 | int mbedtls_ssl_validate_ciphersuite( |
| 2420 | const mbedtls_ssl_context *ssl, |
| 2421 | const mbedtls_ssl_ciphersuite_t *suite_info, |
| 2422 | mbedtls_ssl_protocol_version min_tls_version, |
| 2423 | mbedtls_ssl_protocol_version max_tls_version ); |
XiaokangQian | 0803755 | 2022-04-20 07:16:41 +0000 | [diff] [blame] | 2424 | |
Manuel Pégourié-Gonnard | a82a8b9 | 2022-06-17 10:53:58 +0200 | [diff] [blame] | 2425 | MBEDTLS_CHECK_RETURN_CRITICAL |
XiaokangQian | eaf3651 | 2022-04-24 09:07:44 +0000 | [diff] [blame] | 2426 | int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, |
| 2427 | const unsigned char *end, size_t *out_len ); |
| 2428 | |
XiaokangQian | 40a3523 | 2022-05-07 09:02:40 +0000 | [diff] [blame] | 2429 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
Ronald Cron | ce7d76e | 2022-07-08 18:56:49 +0200 | [diff] [blame] | 2430 | MBEDTLS_CHECK_RETURN_CRITICAL |
XiaokangQian | 9b2b771 | 2022-05-17 02:57:00 +0000 | [diff] [blame] | 2431 | int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl, |
| 2432 | const unsigned char *buf, |
| 2433 | const unsigned char *end ); |
XiaokangQian | 40a3523 | 2022-05-07 09:02:40 +0000 | [diff] [blame] | 2434 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
| 2435 | |
XiaokangQian | acb3992 | 2022-06-17 10:18:48 +0000 | [diff] [blame] | 2436 | #if defined(MBEDTLS_SSL_ALPN) |
Ronald Cron | ce7d76e | 2022-07-08 18:56:49 +0200 | [diff] [blame] | 2437 | MBEDTLS_CHECK_RETURN_CRITICAL |
XiaokangQian | acb3992 | 2022-06-17 10:18:48 +0000 | [diff] [blame] | 2438 | int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, |
| 2439 | const unsigned char *buf, |
| 2440 | const unsigned char *end ); |
| 2441 | |
| 2442 | |
Ronald Cron | ce7d76e | 2022-07-08 18:56:49 +0200 | [diff] [blame] | 2443 | MBEDTLS_CHECK_RETURN_CRITICAL |
XiaokangQian | acb3992 | 2022-06-17 10:18:48 +0000 | [diff] [blame] | 2444 | int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl, |
| 2445 | unsigned char *buf, |
| 2446 | unsigned char *end, |
XiaokangQian | c740345 | 2022-06-23 03:24:12 +0000 | [diff] [blame] | 2447 | size_t *out_len ); |
XiaokangQian | acb3992 | 2022-06-17 10:18:48 +0000 | [diff] [blame] | 2448 | #endif /* MBEDTLS_SSL_ALPN */ |
| 2449 | |
Andrzej Kurek | cfb0194 | 2022-06-06 13:08:23 -0400 | [diff] [blame] | 2450 | #if defined(MBEDTLS_TEST_HOOKS) |
Andrzej Kurek | 078e9bc | 2022-06-08 11:47:33 -0400 | [diff] [blame] | 2451 | int mbedtls_ssl_check_dtls_clihlo_cookie( |
Andrzej Kurek | cfb0194 | 2022-06-06 13:08:23 -0400 | [diff] [blame] | 2452 | mbedtls_ssl_context *ssl, |
| 2453 | const unsigned char *cli_id, size_t cli_id_len, |
| 2454 | const unsigned char *in, size_t in_len, |
| 2455 | unsigned char *obuf, size_t buf_len, size_t *olen ); |
| 2456 | #endif |
| 2457 | |
XiaokangQian | eb69aee | 2022-07-05 08:21:43 +0000 | [diff] [blame] | 2458 | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) |
| 2459 | /* Check if we have any PSK to offer, returns 0 if PSK is available. |
| 2460 | * Assign the psk and ticket if pointers are present. |
| 2461 | */ |
XiaokangQian | 8698195 | 2022-07-19 09:51:50 +0000 | [diff] [blame] | 2462 | MBEDTLS_CHECK_RETURN_CRITICAL |
XiaokangQian | 008d2bf | 2022-07-14 07:54:01 +0000 | [diff] [blame] | 2463 | int mbedtls_ssl_get_psk_to_offer( |
XiaokangQian | eb69aee | 2022-07-05 08:21:43 +0000 | [diff] [blame] | 2464 | const mbedtls_ssl_context *ssl, |
XiaokangQian | 008d2bf | 2022-07-14 07:54:01 +0000 | [diff] [blame] | 2465 | int *psk_type, |
XiaokangQian | eb69aee | 2022-07-05 08:21:43 +0000 | [diff] [blame] | 2466 | const unsigned char **psk, size_t *psk_len, |
XiaokangQian | 008d2bf | 2022-07-14 07:54:01 +0000 | [diff] [blame] | 2467 | const unsigned char **psk_identity, size_t *psk_identity_len ); |
XiaokangQian | eb69aee | 2022-07-05 08:21:43 +0000 | [diff] [blame] | 2468 | |
| 2469 | /** |
| 2470 | * \brief Given an SSL context and its associated configuration, write the TLS |
| 2471 | * 1.3 specific Pre-Shared key extension. |
| 2472 | * |
| 2473 | * \param[in] ssl SSL context |
| 2474 | * \param[in] buf Base address of the buffer where to write the extension |
| 2475 | * \param[in] end End address of the buffer where to write the extension |
XiaokangQian | 008d2bf | 2022-07-14 07:54:01 +0000 | [diff] [blame] | 2476 | * \param[out] out_len Length in bytes of the Pre-Shared key extension: data |
| 2477 | * written into the buffer \p buf by this function plus |
| 2478 | * the length of the binders to be written. |
XiaokangQian | eb69aee | 2022-07-05 08:21:43 +0000 | [diff] [blame] | 2479 | * \param[out] binders_len Length of the binders to be written at the end of |
XiaokangQian | 008d2bf | 2022-07-14 07:54:01 +0000 | [diff] [blame] | 2480 | * the extension. |
XiaokangQian | eb69aee | 2022-07-05 08:21:43 +0000 | [diff] [blame] | 2481 | */ |
XiaokangQian | 8698195 | 2022-07-19 09:51:50 +0000 | [diff] [blame] | 2482 | MBEDTLS_CHECK_RETURN_CRITICAL |
XiaokangQian | 3ad67bf | 2022-07-21 02:26:21 +0000 | [diff] [blame] | 2483 | int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( |
XiaokangQian | eb69aee | 2022-07-05 08:21:43 +0000 | [diff] [blame] | 2484 | mbedtls_ssl_context *ssl, |
| 2485 | unsigned char *buf, unsigned char *end, |
| 2486 | size_t *out_len, size_t *binders_len ); |
| 2487 | |
| 2488 | /** |
| 2489 | * \brief Given an SSL context and its associated configuration, write the TLS |
| 2490 | * 1.3 specific Pre-Shared key extension binders at the end of the |
| 2491 | * ClientHello. |
| 2492 | * |
| 2493 | * \param[in] ssl SSL context |
XiaokangQian | 008d2bf | 2022-07-14 07:54:01 +0000 | [diff] [blame] | 2494 | * \param[in] buf Base address of the buffer where to write the binders |
| 2495 | * \param[in] end End address of the buffer where to write the binders |
XiaokangQian | eb69aee | 2022-07-05 08:21:43 +0000 | [diff] [blame] | 2496 | */ |
XiaokangQian | 8698195 | 2022-07-19 09:51:50 +0000 | [diff] [blame] | 2497 | MBEDTLS_CHECK_RETURN_CRITICAL |
| 2498 | int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( |
XiaokangQian | eb69aee | 2022-07-05 08:21:43 +0000 | [diff] [blame] | 2499 | mbedtls_ssl_context *ssl, |
| 2500 | unsigned char *buf, unsigned char *end ); |
| 2501 | #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ |
| 2502 | |
Chris Jones | 84a773f | 2021-03-05 18:38:47 +0000 | [diff] [blame] | 2503 | #endif /* ssl_misc.h */ |