TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / cd4fcc6c8bfc158427e0f273566713780370484e / . / include / mbedtls / ssl_internal.h
blob: 26a8879ddc4d0bb629ff3f5ff79c8ec36c52ecfa [file] [log] [blame]
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]1/**
2 * \file ssl_ticket.h
3 *
4 * \brief Internal functions shared by the SSL modules
5 *
6 * Copyright (C) 2015, ARM Limited, All Rights Reserved
7 *
8 * This file is part of mbed TLS (https://tls.mbed.org)
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
24#ifndef MBEDTLS_SSL_INTERNAL_H
25#define MBEDTLS_SSL_INTERNAL_H
26
27#include "ssl.h"
28
29#ifdef __cplusplus
30extern "C" {
31#endif
32
Manuel Pégourié-Gonnardcd4fcc62015-05-26 12:11:48 +0200[diff] [blame^]33/*
34 * This structure contains the parameters only needed during handshake.
35 */
36struct mbedtls_ssl_handshake_params
37{
38 /*
39 * Handshake specific crypto variables
40 */
41 int sig_alg; /*!< Hash algorithm for signature */
42 int cert_type; /*!< Requested cert type */
43 int verify_sig_alg; /*!< Signature algorithm for verify */
44#if defined(MBEDTLS_DHM_C)
45 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
46#endif
47#if defined(MBEDTLS_ECDH_C)
48 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
49#endif
50#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
51 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
52#endif
53#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
54 unsigned char *psk; /*!< PSK from the callback */
55 size_t psk_len; /*!< Length of PSK from callback */
56#endif
57#if defined(MBEDTLS_X509_CRT_PARSE_C)
58 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
59#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
60 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
61 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
62 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
63#endif
64#endif /* MBEDTLS_X509_CRT_PARSE_C */
65#if defined(MBEDTLS_SSL_PROTO_DTLS)
66 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
67 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
68
69 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
70 Srv: unused */
71 unsigned char verify_cookie_len; /*!< Cli: cookie length
72 Srv: flag for sending a cookie */
73
74 unsigned char *hs_msg; /*!< Reassembled handshake message */
75
76 uint32_t retransmit_timeout; /*!< Current value of timeout */
77 unsigned char retransmit_state; /*!< Retransmission state */
78 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
79 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
80 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
81 flight being received */
82 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
83 resending messages */
84 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
85 for resending messages */
86#endif
87
88 /*
89 * Checksum contexts
90 */
91#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
92 defined(MBEDTLS_SSL_PROTO_TLS1_1)
93 mbedtls_md5_context fin_md5;
94 mbedtls_sha1_context fin_sha1;
95#endif
96#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
97#if defined(MBEDTLS_SHA256_C)
98 mbedtls_sha256_context fin_sha256;
99#endif
100#if defined(MBEDTLS_SHA512_C)
101 mbedtls_sha512_context fin_sha512;
102#endif
103#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
104
105 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
106 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
107 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
108 int (*tls_prf)(const unsigned char *, size_t, const char *,
109 const unsigned char *, size_t,
110 unsigned char *, size_t);
111
112 size_t pmslen; /*!< premaster length */
113
114 unsigned char randbytes[64]; /*!< random bytes */
115 unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
116 /*!< premaster secret */
117
118 int resume; /*!< session resume indicator*/
119 int max_major_ver; /*!< max. major version client*/
120 int max_minor_ver; /*!< max. minor version client*/
121 int cli_exts; /*!< client extension presence*/
122
123#if defined(MBEDTLS_SSL_SESSION_TICKETS)
124 int new_session_ticket; /*!< use NewSessionTicket? */
125#endif /* MBEDTLS_SSL_SESSION_TICKETS */
126#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
127 int extended_ms; /*!< use Extended Master Secret? */
128#endif
129};
130
131/*
132 * This structure contains a full set of runtime transform parameters
133 * either in negotiation or active.
134 */
135struct mbedtls_ssl_transform
136{
137 /*
138 * Session specific crypto layer
139 */
140 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
141 /*!< Chosen cipersuite_info */
142 unsigned int keylen; /*!< symmetric key length */
143 size_t minlen; /*!< min. ciphertext length */
144 size_t ivlen; /*!< IV length */
145 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
146 size_t maclen; /*!< MAC length */
147
148 unsigned char iv_enc[16]; /*!< IV (encryption) */
149 unsigned char iv_dec[16]; /*!< IV (decryption) */
150
151#if defined(MBEDTLS_SSL_PROTO_SSL3)
152 /* Needed only for SSL v3.0 secret */
153 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
154 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
155#endif /* MBEDTLS_SSL_PROTO_SSL3 */
156
157 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
158 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
159
160 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
161 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
162
163 /*
164 * Session specific compression layer
165 */
166#if defined(MBEDTLS_ZLIB_SUPPORT)
167 z_stream ctx_deflate; /*!< compression context */
168 z_stream ctx_inflate; /*!< decompression context */
169#endif
170};
171
172#if defined(MBEDTLS_X509_CRT_PARSE_C)
173/*
174 * List of certificate + private key pairs
175 */
176struct mbedtls_ssl_key_cert
177{
178 mbedtls_x509_crt *cert; /*!< cert */
179 mbedtls_pk_context *key; /*!< private key */
180 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
181};
182#endif /* MBEDTLS_X509_CRT_PARSE_C */
183
184#if defined(MBEDTLS_SSL_PROTO_DTLS)
185/*
186 * List of handshake messages kept around for resending
187 */
188struct mbedtls_ssl_flight_item
189{
190 unsigned char *p; /*!< message, including handshake headers */
191 size_t len; /*!< length of p */
192 unsigned char type; /*!< type of the message: handshake or CCS */
193 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
194};
195#endif /* MBEDTLS_SSL_PROTO_DTLS */
196
197
198/**
199 * \brief Free referenced items in an SSL transform context and clear
200 * memory
201 *
202 * \param transform SSL transform context
203 */
204void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
205
206/**
207 * \brief Free referenced items in an SSL handshake context and clear
208 * memory
209 *
210 * \param handshake SSL handshake context
211 */
212void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
213
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]214int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
215int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
216void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
217
218int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
219
220void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
221int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
222
223int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
224int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
225
226int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
227int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
228
229int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
230int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
231
232int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
233int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
234
235int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
236int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
237
238void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
239 const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
240
241#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
242int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
243#endif
244
245#if defined(MBEDTLS_PK_C)
246unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
247mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
248#endif
249
250mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
251
252#if defined(MBEDTLS_SSL_SET_CURVES)
253int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
254#endif
255
256#if defined(MBEDTLS_X509_CRT_PARSE_C)
257static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
258{
259 mbedtls_ssl_key_cert *key_cert;
260
261 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
262 key_cert = ssl->handshake->key_cert;
263 else
264 key_cert = ssl->conf->key_cert;
265
266 return( key_cert == NULL ? NULL : key_cert->key );
267}
268
269static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
270{
271 mbedtls_ssl_key_cert *key_cert;
272
273 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
274 key_cert = ssl->handshake->key_cert;
275 else
276 key_cert = ssl->conf->key_cert;
277
278 return( key_cert == NULL ? NULL : key_cert->cert );
279}
280
281/*
282 * Check usage of a certificate wrt extensions:
283 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
284 *
285 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
286 * check a cert we received from them)!
287 *
288 * Return 0 if everything is OK, -1 if not.
289 */
290int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
291 const mbedtls_ssl_ciphersuite_t *ciphersuite,
292 int cert_endpoint,
293 uint32_t *flags );
294#endif /* MBEDTLS_X509_CRT_PARSE_C */
295
296void mbedtls_ssl_write_version( int major, int minor, int transport,
297 unsigned char ver[2] );
298void mbedtls_ssl_read_version( int *major, int *minor, int transport,
299 const unsigned char ver[2] );
300
301static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
302{
303#if defined(MBEDTLS_SSL_PROTO_DTLS)
304 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
305 return( 13 );
306#else
307 ((void) ssl);
308#endif
309 return( 5 );
310}
311
312static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
313{
314#if defined(MBEDTLS_SSL_PROTO_DTLS)
315 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
316 return( 12 );
317#else
318 ((void) ssl);
319#endif
320 return( 4 );
321}
322
323#if defined(MBEDTLS_SSL_PROTO_DTLS)
324void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
325void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
326int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
327#endif
328
329/* Visible for testing purposes only */
330#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
331int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
332void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
333#endif
334
335/* constant-time buffer comparison */
336static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
337{
338 size_t i;
339 const unsigned char *A = (const unsigned char *) a;
340 const unsigned char *B = (const unsigned char *) b;
341 unsigned char diff = 0;
342
343 for( i = 0; i < n; i++ )
344 diff |= A[i] ^ B[i];
345
346 return( diff );
347}
348
349#ifdef __cplusplus
350}
351#endif
352
353#endif /* ssl_internal.h */