TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5e94ddebbc8074ef917c623837258f85ceb5adc9 / . / include / mbedtls / ssl_internal.h
blob: f868f4706e2458b2a212d159ba208bde370b6355 [file] [log] [blame]
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame^]1/**
2 * \file ssl_ticket.h
3 *
4 * \brief Internal functions shared by the SSL modules
5 *
6 * Copyright (C) 2015, ARM Limited, All Rights Reserved
7 *
8 * This file is part of mbed TLS (https://tls.mbed.org)
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
24#ifndef MBEDTLS_SSL_INTERNAL_H
25#define MBEDTLS_SSL_INTERNAL_H
26
27#include "ssl.h"
28
29#ifdef __cplusplus
30extern "C" {
31#endif
32
33int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
34int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
35void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
36
37int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
38
39void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
40int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
41
42int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
43int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
44
45int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
46int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
47
48int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
49int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
50
51int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
52int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
53
54int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
55int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
56
57void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
58 const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
59
60#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
61int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
62#endif
63
64#if defined(MBEDTLS_PK_C)
65unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
66mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
67#endif
68
69mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
70
71#if defined(MBEDTLS_SSL_SET_CURVES)
72int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
73#endif
74
75#if defined(MBEDTLS_X509_CRT_PARSE_C)
76static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
77{
78 mbedtls_ssl_key_cert *key_cert;
79
80 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
81 key_cert = ssl->handshake->key_cert;
82 else
83 key_cert = ssl->conf->key_cert;
84
85 return( key_cert == NULL ? NULL : key_cert->key );
86}
87
88static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
89{
90 mbedtls_ssl_key_cert *key_cert;
91
92 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
93 key_cert = ssl->handshake->key_cert;
94 else
95 key_cert = ssl->conf->key_cert;
96
97 return( key_cert == NULL ? NULL : key_cert->cert );
98}
99
100/*
101 * Check usage of a certificate wrt extensions:
102 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
103 *
104 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
105 * check a cert we received from them)!
106 *
107 * Return 0 if everything is OK, -1 if not.
108 */
109int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
110 const mbedtls_ssl_ciphersuite_t *ciphersuite,
111 int cert_endpoint,
112 uint32_t *flags );
113#endif /* MBEDTLS_X509_CRT_PARSE_C */
114
115void mbedtls_ssl_write_version( int major, int minor, int transport,
116 unsigned char ver[2] );
117void mbedtls_ssl_read_version( int *major, int *minor, int transport,
118 const unsigned char ver[2] );
119
120static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
121{
122#if defined(MBEDTLS_SSL_PROTO_DTLS)
123 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
124 return( 13 );
125#else
126 ((void) ssl);
127#endif
128 return( 5 );
129}
130
131static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
132{
133#if defined(MBEDTLS_SSL_PROTO_DTLS)
134 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
135 return( 12 );
136#else
137 ((void) ssl);
138#endif
139 return( 4 );
140}
141
142#if defined(MBEDTLS_SSL_PROTO_DTLS)
143void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
144void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
145int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
146#endif
147
148/* Visible for testing purposes only */
149#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
150int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
151void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
152#endif
153
154/* constant-time buffer comparison */
155static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
156{
157 size_t i;
158 const unsigned char *A = (const unsigned char *) a;
159 const unsigned char *B = (const unsigned char *) b;
160 unsigned char diff = 0;
161
162 for( i = 0; i < n; i++ )
163 diff |= A[i] ^ B[i];
164
165 return( diff );
166}
167
168#ifdef __cplusplus
169}
170#endif
171
172#endif /* ssl_internal.h */