TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 56273daea0bb911024790503154c17812b12ce9b / . / include / mbedtls / ssl_internal.h
blob: 310e283a8577e6de1585bde0a07ac29f65794d6a [file] [log] [blame]
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]1/**
2 * \file ssl_ticket.h
3 *
4 * \brief Internal functions shared by the SSL modules
5 *
6 * Copyright (C) 2015, ARM Limited, All Rights Reserved
7 *
8 * This file is part of mbed TLS (https://tls.mbed.org)
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
24#ifndef MBEDTLS_SSL_INTERNAL_H
25#define MBEDTLS_SSL_INTERNAL_H
26
27#include "ssl.h"
28
Manuel Pégourié-Gonnard56273da2015-05-26 12:19:45 +0200[diff] [blame^]29#if defined(MBEDTLS_MD5_C)
30#include "md5.h"
31#endif
32
33#if defined(MBEDTLS_SHA1_C)
34#include "sha1.h"
35#endif
36
37#if defined(MBEDTLS_SHA256_C)
38#include "sha256.h"
39#endif
40
41#if defined(MBEDTLS_SHA512_C)
42#include "sha512.h"
43#endif
44
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]45#ifdef __cplusplus
46extern "C" {
47#endif
48
Manuel Pégourié-Gonnardcd4fcc62015-05-26 12:11:48 +0200[diff] [blame]49/*
50 * This structure contains the parameters only needed during handshake.
51 */
52struct mbedtls_ssl_handshake_params
53{
54 /*
55 * Handshake specific crypto variables
56 */
57 int sig_alg; /*!< Hash algorithm for signature */
58 int cert_type; /*!< Requested cert type */
59 int verify_sig_alg; /*!< Signature algorithm for verify */
60#if defined(MBEDTLS_DHM_C)
61 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
62#endif
63#if defined(MBEDTLS_ECDH_C)
64 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
65#endif
66#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
67 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
68#endif
69#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
70 unsigned char *psk; /*!< PSK from the callback */
71 size_t psk_len; /*!< Length of PSK from callback */
72#endif
73#if defined(MBEDTLS_X509_CRT_PARSE_C)
74 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
75#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
76 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
77 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
78 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
79#endif
80#endif /* MBEDTLS_X509_CRT_PARSE_C */
81#if defined(MBEDTLS_SSL_PROTO_DTLS)
82 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
83 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
84
85 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
86 Srv: unused */
87 unsigned char verify_cookie_len; /*!< Cli: cookie length
88 Srv: flag for sending a cookie */
89
90 unsigned char *hs_msg; /*!< Reassembled handshake message */
91
92 uint32_t retransmit_timeout; /*!< Current value of timeout */
93 unsigned char retransmit_state; /*!< Retransmission state */
94 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
95 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
96 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
97 flight being received */
98 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
99 resending messages */
100 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
101 for resending messages */
102#endif
103
104 /*
105 * Checksum contexts
106 */
107#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
108 defined(MBEDTLS_SSL_PROTO_TLS1_1)
109 mbedtls_md5_context fin_md5;
110 mbedtls_sha1_context fin_sha1;
111#endif
112#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
113#if defined(MBEDTLS_SHA256_C)
114 mbedtls_sha256_context fin_sha256;
115#endif
116#if defined(MBEDTLS_SHA512_C)
117 mbedtls_sha512_context fin_sha512;
118#endif
119#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
120
121 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
122 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
123 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
124 int (*tls_prf)(const unsigned char *, size_t, const char *,
125 const unsigned char *, size_t,
126 unsigned char *, size_t);
127
128 size_t pmslen; /*!< premaster length */
129
130 unsigned char randbytes[64]; /*!< random bytes */
131 unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
132 /*!< premaster secret */
133
134 int resume; /*!< session resume indicator*/
135 int max_major_ver; /*!< max. major version client*/
136 int max_minor_ver; /*!< max. minor version client*/
137 int cli_exts; /*!< client extension presence*/
138
139#if defined(MBEDTLS_SSL_SESSION_TICKETS)
140 int new_session_ticket; /*!< use NewSessionTicket? */
141#endif /* MBEDTLS_SSL_SESSION_TICKETS */
142#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
143 int extended_ms; /*!< use Extended Master Secret? */
144#endif
145};
146
147/*
148 * This structure contains a full set of runtime transform parameters
149 * either in negotiation or active.
150 */
151struct mbedtls_ssl_transform
152{
153 /*
154 * Session specific crypto layer
155 */
156 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
157 /*!< Chosen cipersuite_info */
158 unsigned int keylen; /*!< symmetric key length */
159 size_t minlen; /*!< min. ciphertext length */
160 size_t ivlen; /*!< IV length */
161 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
162 size_t maclen; /*!< MAC length */
163
164 unsigned char iv_enc[16]; /*!< IV (encryption) */
165 unsigned char iv_dec[16]; /*!< IV (decryption) */
166
167#if defined(MBEDTLS_SSL_PROTO_SSL3)
168 /* Needed only for SSL v3.0 secret */
169 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
170 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
171#endif /* MBEDTLS_SSL_PROTO_SSL3 */
172
173 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
174 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
175
176 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
177 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
178
179 /*
180 * Session specific compression layer
181 */
182#if defined(MBEDTLS_ZLIB_SUPPORT)
183 z_stream ctx_deflate; /*!< compression context */
184 z_stream ctx_inflate; /*!< decompression context */
185#endif
186};
187
188#if defined(MBEDTLS_X509_CRT_PARSE_C)
189/*
190 * List of certificate + private key pairs
191 */
192struct mbedtls_ssl_key_cert
193{
194 mbedtls_x509_crt *cert; /*!< cert */
195 mbedtls_pk_context *key; /*!< private key */
196 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
197};
198#endif /* MBEDTLS_X509_CRT_PARSE_C */
199
200#if defined(MBEDTLS_SSL_PROTO_DTLS)
201/*
202 * List of handshake messages kept around for resending
203 */
204struct mbedtls_ssl_flight_item
205{
206 unsigned char *p; /*!< message, including handshake headers */
207 size_t len; /*!< length of p */
208 unsigned char type; /*!< type of the message: handshake or CCS */
209 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
210};
211#endif /* MBEDTLS_SSL_PROTO_DTLS */
212
213
214/**
215 * \brief Free referenced items in an SSL transform context and clear
216 * memory
217 *
218 * \param transform SSL transform context
219 */
220void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
221
222/**
223 * \brief Free referenced items in an SSL handshake context and clear
224 * memory
225 *
226 * \param handshake SSL handshake context
227 */
228void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
229
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]230int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
231int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
232void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
233
234int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
235
236void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
237int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
238
239int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
240int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
241
242int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
243int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
244
245int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
246int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
247
248int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
249int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
250
251int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
252int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
253
254void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
255 const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
256
257#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
258int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
259#endif
260
261#if defined(MBEDTLS_PK_C)
262unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
263mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
264#endif
265
266mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
267
268#if defined(MBEDTLS_SSL_SET_CURVES)
269int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
270#endif
271
272#if defined(MBEDTLS_X509_CRT_PARSE_C)
273static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
274{
275 mbedtls_ssl_key_cert *key_cert;
276
277 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
278 key_cert = ssl->handshake->key_cert;
279 else
280 key_cert = ssl->conf->key_cert;
281
282 return( key_cert == NULL ? NULL : key_cert->key );
283}
284
285static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
286{
287 mbedtls_ssl_key_cert *key_cert;
288
289 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
290 key_cert = ssl->handshake->key_cert;
291 else
292 key_cert = ssl->conf->key_cert;
293
294 return( key_cert == NULL ? NULL : key_cert->cert );
295}
296
297/*
298 * Check usage of a certificate wrt extensions:
299 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
300 *
301 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
302 * check a cert we received from them)!
303 *
304 * Return 0 if everything is OK, -1 if not.
305 */
306int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
307 const mbedtls_ssl_ciphersuite_t *ciphersuite,
308 int cert_endpoint,
309 uint32_t *flags );
310#endif /* MBEDTLS_X509_CRT_PARSE_C */
311
312void mbedtls_ssl_write_version( int major, int minor, int transport,
313 unsigned char ver[2] );
314void mbedtls_ssl_read_version( int *major, int *minor, int transport,
315 const unsigned char ver[2] );
316
317static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
318{
319#if defined(MBEDTLS_SSL_PROTO_DTLS)
320 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
321 return( 13 );
322#else
323 ((void) ssl);
324#endif
325 return( 5 );
326}
327
328static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
329{
330#if defined(MBEDTLS_SSL_PROTO_DTLS)
331 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
332 return( 12 );
333#else
334 ((void) ssl);
335#endif
336 return( 4 );
337}
338
339#if defined(MBEDTLS_SSL_PROTO_DTLS)
340void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
341void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
342int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
343#endif
344
345/* Visible for testing purposes only */
346#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
347int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
348void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
349#endif
350
351/* constant-time buffer comparison */
352static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
353{
354 size_t i;
355 const unsigned char *A = (const unsigned char *) a;
356 const unsigned char *B = (const unsigned char *) b;
357 unsigned char diff = 0;
358
359 for( i = 0; i < n; i++ )
360 diff |= A[i] ^ B[i];
361
362 return( diff );
363}
364
365#ifdef __cplusplus
366}
367#endif
368
369#endif /* ssl_internal.h */