TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 065122cfe9d60032ea499bf10fd3cf488fd8bd52 / . / include / mbedtls / ssl_internal.h
blob: 122c1ee839abf17c9a2c071527a08d3282497253 [file] [log] [blame]
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]1/**
2 * \file ssl_ticket.h
3 *
4 * \brief Internal functions shared by the SSL modules
5 *
6 * Copyright (C) 2015, ARM Limited, All Rights Reserved
7 *
8 * This file is part of mbed TLS (https://tls.mbed.org)
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
24#ifndef MBEDTLS_SSL_INTERNAL_H
25#define MBEDTLS_SSL_INTERNAL_H
26
27#include "ssl.h"
28
Manuel Pégourié-Gonnard56273da2015-05-26 12:19:45 +0200[diff] [blame]29#if defined(MBEDTLS_MD5_C)
30#include "md5.h"
31#endif
32
33#if defined(MBEDTLS_SHA1_C)
34#include "sha1.h"
35#endif
36
37#if defined(MBEDTLS_SHA256_C)
38#include "sha256.h"
39#endif
40
41#if defined(MBEDTLS_SHA512_C)
42#include "sha512.h"
43#endif
44
Manuel Pégourié-Gonnard065122c2015-05-26 12:31:46 +0200[diff] [blame^]45#if defined(_MSC_VER) && !defined(inline)
46#define inline _inline
47#else
48#if defined(__ARMCC_VERSION) && !defined(inline)
49#define inline __inline
50#endif /* __ARMCC_VERSION */
51#endif /*_MSC_VER */
52
53/* Determine minimum supported version */
54#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
55
56#if defined(MBEDTLS_SSL_PROTO_SSL3)
57#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
58#else
59#if defined(MBEDTLS_SSL_PROTO_TLS1)
60#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
61#else
62#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
63#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
64#else
65#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
66#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
67#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
68#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
69#endif /* MBEDTLS_SSL_PROTO_TLS1 */
70#endif /* MBEDTLS_SSL_PROTO_SSL3 */
71
72/* Determine maximum supported version */
73#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
74
75#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
76#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
77#else
78#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
79#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
80#else
81#if defined(MBEDTLS_SSL_PROTO_TLS1)
82#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
83#else
84#if defined(MBEDTLS_SSL_PROTO_SSL3)
85#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
86#endif /* MBEDTLS_SSL_PROTO_SSL3 */
87#endif /* MBEDTLS_SSL_PROTO_TLS1 */
88#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
89#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
90
91#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
92#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
93#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
94#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
95
96/*
97 * DTLS retransmission states, see RFC 6347 4.2.4
98 *
99 * The SENDING state is merged in PREPARING for initial sends,
100 * but is distinct for resends.
101 *
102 * Note: initial state is wrong for server, but is not used anyway.
103 */
104#define MBEDTLS_SSL_RETRANS_PREPARING 0
105#define MBEDTLS_SSL_RETRANS_SENDING 1
106#define MBEDTLS_SSL_RETRANS_WAITING 2
107#define MBEDTLS_SSL_RETRANS_FINISHED 3
108
109/*
110 * Allow extra bytes for record, authentication and encryption overhead:
111 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
112 * and allow for a maximum of 1024 of compression expansion if
113 * enabled.
114 */
115#if defined(MBEDTLS_ZLIB_SUPPORT)
116#define MBEDTLS_SSL_COMPRESSION_ADD 1024
117#else
118#define MBEDTLS_SSL_COMPRESSION_ADD 0
119#endif
120
121#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
122/* Ciphersuites using HMAC */
123#if defined(MBEDTLS_SHA512_C)
124#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
125#elif defined(MBEDTLS_SHA256_C)
126#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
127#else
128#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
129#endif
130#else
131/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
132#define MBEDTLS_SSL_MAC_ADD 16
133#endif
134
135#if defined(MBEDTLS_CIPHER_MODE_CBC)
136#define MBEDTLS_SSL_PADDING_ADD 256
137#else
138#define MBEDTLS_SSL_PADDING_ADD 0
139#endif
140
141#define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
142 + MBEDTLS_SSL_COMPRESSION_ADD \
143 + 29 /* counter + header + IV */ \
144 + MBEDTLS_SSL_MAC_ADD \
145 + MBEDTLS_SSL_PADDING_ADD \
146 )
147
148/*
149 * TLS extension flags (for extensions with outgoing ServerHello content
150 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
151 * of state of the renegotiation flag, so no indicator is required)
152 */
153#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
154
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]155#ifdef __cplusplus
156extern "C" {
157#endif
158
Manuel Pégourié-Gonnardcd4fcc62015-05-26 12:11:48 +0200[diff] [blame]159/*
160 * This structure contains the parameters only needed during handshake.
161 */
162struct mbedtls_ssl_handshake_params
163{
164 /*
165 * Handshake specific crypto variables
166 */
167 int sig_alg; /*!< Hash algorithm for signature */
168 int cert_type; /*!< Requested cert type */
169 int verify_sig_alg; /*!< Signature algorithm for verify */
170#if defined(MBEDTLS_DHM_C)
171 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
172#endif
173#if defined(MBEDTLS_ECDH_C)
174 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
175#endif
176#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
177 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
178#endif
179#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
180 unsigned char *psk; /*!< PSK from the callback */
181 size_t psk_len; /*!< Length of PSK from callback */
182#endif
183#if defined(MBEDTLS_X509_CRT_PARSE_C)
184 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
185#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
186 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
187 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
188 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
189#endif
190#endif /* MBEDTLS_X509_CRT_PARSE_C */
191#if defined(MBEDTLS_SSL_PROTO_DTLS)
192 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
193 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
194
195 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
196 Srv: unused */
197 unsigned char verify_cookie_len; /*!< Cli: cookie length
198 Srv: flag for sending a cookie */
199
200 unsigned char *hs_msg; /*!< Reassembled handshake message */
201
202 uint32_t retransmit_timeout; /*!< Current value of timeout */
203 unsigned char retransmit_state; /*!< Retransmission state */
204 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
205 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
206 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
207 flight being received */
208 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
209 resending messages */
210 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
211 for resending messages */
212#endif
213
214 /*
215 * Checksum contexts
216 */
217#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
218 defined(MBEDTLS_SSL_PROTO_TLS1_1)
219 mbedtls_md5_context fin_md5;
220 mbedtls_sha1_context fin_sha1;
221#endif
222#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
223#if defined(MBEDTLS_SHA256_C)
224 mbedtls_sha256_context fin_sha256;
225#endif
226#if defined(MBEDTLS_SHA512_C)
227 mbedtls_sha512_context fin_sha512;
228#endif
229#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
230
231 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
232 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
233 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
234 int (*tls_prf)(const unsigned char *, size_t, const char *,
235 const unsigned char *, size_t,
236 unsigned char *, size_t);
237
238 size_t pmslen; /*!< premaster length */
239
240 unsigned char randbytes[64]; /*!< random bytes */
241 unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
242 /*!< premaster secret */
243
244 int resume; /*!< session resume indicator*/
245 int max_major_ver; /*!< max. major version client*/
246 int max_minor_ver; /*!< max. minor version client*/
247 int cli_exts; /*!< client extension presence*/
248
249#if defined(MBEDTLS_SSL_SESSION_TICKETS)
250 int new_session_ticket; /*!< use NewSessionTicket? */
251#endif /* MBEDTLS_SSL_SESSION_TICKETS */
252#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
253 int extended_ms; /*!< use Extended Master Secret? */
254#endif
255};
256
257/*
258 * This structure contains a full set of runtime transform parameters
259 * either in negotiation or active.
260 */
261struct mbedtls_ssl_transform
262{
263 /*
264 * Session specific crypto layer
265 */
266 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
267 /*!< Chosen cipersuite_info */
268 unsigned int keylen; /*!< symmetric key length */
269 size_t minlen; /*!< min. ciphertext length */
270 size_t ivlen; /*!< IV length */
271 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
272 size_t maclen; /*!< MAC length */
273
274 unsigned char iv_enc[16]; /*!< IV (encryption) */
275 unsigned char iv_dec[16]; /*!< IV (decryption) */
276
277#if defined(MBEDTLS_SSL_PROTO_SSL3)
278 /* Needed only for SSL v3.0 secret */
279 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
280 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
281#endif /* MBEDTLS_SSL_PROTO_SSL3 */
282
283 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
284 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
285
286 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
287 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
288
289 /*
290 * Session specific compression layer
291 */
292#if defined(MBEDTLS_ZLIB_SUPPORT)
293 z_stream ctx_deflate; /*!< compression context */
294 z_stream ctx_inflate; /*!< decompression context */
295#endif
296};
297
298#if defined(MBEDTLS_X509_CRT_PARSE_C)
299/*
300 * List of certificate + private key pairs
301 */
302struct mbedtls_ssl_key_cert
303{
304 mbedtls_x509_crt *cert; /*!< cert */
305 mbedtls_pk_context *key; /*!< private key */
306 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
307};
308#endif /* MBEDTLS_X509_CRT_PARSE_C */
309
310#if defined(MBEDTLS_SSL_PROTO_DTLS)
311/*
312 * List of handshake messages kept around for resending
313 */
314struct mbedtls_ssl_flight_item
315{
316 unsigned char *p; /*!< message, including handshake headers */
317 size_t len; /*!< length of p */
318 unsigned char type; /*!< type of the message: handshake or CCS */
319 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
320};
321#endif /* MBEDTLS_SSL_PROTO_DTLS */
322
323
324/**
325 * \brief Free referenced items in an SSL transform context and clear
326 * memory
327 *
328 * \param transform SSL transform context
329 */
330void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
331
332/**
333 * \brief Free referenced items in an SSL handshake context and clear
334 * memory
335 *
336 * \param handshake SSL handshake context
337 */
338void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
339
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]340int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
341int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
342void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
343
344int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
345
346void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
347int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
348
349int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
350int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
351
352int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
353int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
354
355int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
356int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
357
358int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
359int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
360
361int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
362int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
363
364void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
365 const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
366
367#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
368int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
369#endif
370
371#if defined(MBEDTLS_PK_C)
372unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
373mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
374#endif
375
376mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
377
378#if defined(MBEDTLS_SSL_SET_CURVES)
379int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
380#endif
381
382#if defined(MBEDTLS_X509_CRT_PARSE_C)
383static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
384{
385 mbedtls_ssl_key_cert *key_cert;
386
387 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
388 key_cert = ssl->handshake->key_cert;
389 else
390 key_cert = ssl->conf->key_cert;
391
392 return( key_cert == NULL ? NULL : key_cert->key );
393}
394
395static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
396{
397 mbedtls_ssl_key_cert *key_cert;
398
399 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
400 key_cert = ssl->handshake->key_cert;
401 else
402 key_cert = ssl->conf->key_cert;
403
404 return( key_cert == NULL ? NULL : key_cert->cert );
405}
406
407/*
408 * Check usage of a certificate wrt extensions:
409 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
410 *
411 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
412 * check a cert we received from them)!
413 *
414 * Return 0 if everything is OK, -1 if not.
415 */
416int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
417 const mbedtls_ssl_ciphersuite_t *ciphersuite,
418 int cert_endpoint,
419 uint32_t *flags );
420#endif /* MBEDTLS_X509_CRT_PARSE_C */
421
422void mbedtls_ssl_write_version( int major, int minor, int transport,
423 unsigned char ver[2] );
424void mbedtls_ssl_read_version( int *major, int *minor, int transport,
425 const unsigned char ver[2] );
426
427static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
428{
429#if defined(MBEDTLS_SSL_PROTO_DTLS)
430 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
431 return( 13 );
432#else
433 ((void) ssl);
434#endif
435 return( 5 );
436}
437
438static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
439{
440#if defined(MBEDTLS_SSL_PROTO_DTLS)
441 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
442 return( 12 );
443#else
444 ((void) ssl);
445#endif
446 return( 4 );
447}
448
449#if defined(MBEDTLS_SSL_PROTO_DTLS)
450void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
451void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
452int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
453#endif
454
455/* Visible for testing purposes only */
456#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
457int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
458void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
459#endif
460
461/* constant-time buffer comparison */
462static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
463{
464 size_t i;
465 const unsigned char *A = (const unsigned char *) a;
466 const unsigned char *B = (const unsigned char *) b;
467 unsigned char diff = 0;
468
469 for( i = 0; i < n; i++ )
470 diff |= A[i] ^ B[i];
471
472 return( diff );
473}
474
475#ifdef __cplusplus
476}
477#endif
478
479#endif /* ssl_internal.h */