TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / cdc26ae099ff89a6184eebfcffd7414acd54c424 / . / include / mbedtls / ssl_internal.h
blob: 8d3a3805e76b6b40095d016e4e194336565c1c83 [file] [log] [blame]
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]1/**
2 * \file ssl_ticket.h
3 *
4 * \brief Internal functions shared by the SSL modules
5 *
6 * Copyright (C) 2015, ARM Limited, All Rights Reserved
7 *
8 * This file is part of mbed TLS (https://tls.mbed.org)
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
24#ifndef MBEDTLS_SSL_INTERNAL_H
25#define MBEDTLS_SSL_INTERNAL_H
26
27#include "ssl.h"
28
Manuel Pégourié-Gonnard56273da2015-05-26 12:19:45 +0200[diff] [blame]29#if defined(MBEDTLS_MD5_C)
30#include "md5.h"
31#endif
32
33#if defined(MBEDTLS_SHA1_C)
34#include "sha1.h"
35#endif
36
37#if defined(MBEDTLS_SHA256_C)
38#include "sha256.h"
39#endif
40
41#if defined(MBEDTLS_SHA512_C)
42#include "sha512.h"
43#endif
44
Manuel Pégourié-Gonnard065122c2015-05-26 12:31:46 +0200[diff] [blame]45#if defined(_MSC_VER) && !defined(inline)
46#define inline _inline
47#else
48#if defined(__ARMCC_VERSION) && !defined(inline)
49#define inline __inline
50#endif /* __ARMCC_VERSION */
51#endif /*_MSC_VER */
52
53/* Determine minimum supported version */
54#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
55
56#if defined(MBEDTLS_SSL_PROTO_SSL3)
57#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
58#else
59#if defined(MBEDTLS_SSL_PROTO_TLS1)
60#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
61#else
62#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
63#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
64#else
65#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
66#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
67#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
68#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
69#endif /* MBEDTLS_SSL_PROTO_TLS1 */
70#endif /* MBEDTLS_SSL_PROTO_SSL3 */
71
72/* Determine maximum supported version */
73#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
74
75#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
76#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
77#else
78#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
79#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
80#else
81#if defined(MBEDTLS_SSL_PROTO_TLS1)
82#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
83#else
84#if defined(MBEDTLS_SSL_PROTO_SSL3)
85#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
86#endif /* MBEDTLS_SSL_PROTO_SSL3 */
87#endif /* MBEDTLS_SSL_PROTO_TLS1 */
88#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
89#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
90
91#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
92#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
93#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
94#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
95
96/*
97 * DTLS retransmission states, see RFC 6347 4.2.4
98 *
99 * The SENDING state is merged in PREPARING for initial sends,
100 * but is distinct for resends.
101 *
102 * Note: initial state is wrong for server, but is not used anyway.
103 */
104#define MBEDTLS_SSL_RETRANS_PREPARING 0
105#define MBEDTLS_SSL_RETRANS_SENDING 1
106#define MBEDTLS_SSL_RETRANS_WAITING 2
107#define MBEDTLS_SSL_RETRANS_FINISHED 3
108
109/*
110 * Allow extra bytes for record, authentication and encryption overhead:
111 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
112 * and allow for a maximum of 1024 of compression expansion if
113 * enabled.
114 */
115#if defined(MBEDTLS_ZLIB_SUPPORT)
116#define MBEDTLS_SSL_COMPRESSION_ADD 1024
117#else
118#define MBEDTLS_SSL_COMPRESSION_ADD 0
119#endif
120
121#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
122/* Ciphersuites using HMAC */
123#if defined(MBEDTLS_SHA512_C)
124#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
125#elif defined(MBEDTLS_SHA256_C)
126#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
127#else
128#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
129#endif
130#else
131/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
132#define MBEDTLS_SSL_MAC_ADD 16
133#endif
134
135#if defined(MBEDTLS_CIPHER_MODE_CBC)
136#define MBEDTLS_SSL_PADDING_ADD 256
137#else
138#define MBEDTLS_SSL_PADDING_ADD 0
139#endif
140
141#define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
142 + MBEDTLS_SSL_COMPRESSION_ADD \
143 + 29 /* counter + header + IV */ \
144 + MBEDTLS_SSL_MAC_ADD \
145 + MBEDTLS_SSL_PADDING_ADD \
146 )
147
148/*
149 * TLS extension flags (for extensions with outgoing ServerHello content
150 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
151 * of state of the renegotiation flag, so no indicator is required)
152 */
153#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
154
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]155#ifdef __cplusplus
156extern "C" {
157#endif
158
Manuel Pégourié-Gonnardcd4fcc62015-05-26 12:11:48 +0200[diff] [blame]159/*
160 * This structure contains the parameters only needed during handshake.
161 */
162struct mbedtls_ssl_handshake_params
163{
164 /*
165 * Handshake specific crypto variables
166 */
167 int sig_alg; /*!< Hash algorithm for signature */
168 int cert_type; /*!< Requested cert type */
169 int verify_sig_alg; /*!< Signature algorithm for verify */
170#if defined(MBEDTLS_DHM_C)
171 mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
172#endif
173#if defined(MBEDTLS_ECDH_C)
174 mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
175#endif
176#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
177 const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
178#endif
179#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
180 unsigned char *psk; /*!< PSK from the callback */
181 size_t psk_len; /*!< Length of PSK from callback */
182#endif
183#if defined(MBEDTLS_X509_CRT_PARSE_C)
184 mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
185#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
Manuel Pégourié-Gonnardcdc26ae2015-06-19 12:16:31 +0200[diff] [blame^]186 int sni_authmode; /*!< authmode from SNI callback */
Manuel Pégourié-Gonnardcd4fcc62015-05-26 12:11:48 +0200[diff] [blame]187 mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
188 mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
189 mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
190#endif
191#endif /* MBEDTLS_X509_CRT_PARSE_C */
192#if defined(MBEDTLS_SSL_PROTO_DTLS)
193 unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
194 unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
195
196 unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
197 Srv: unused */
198 unsigned char verify_cookie_len; /*!< Cli: cookie length
199 Srv: flag for sending a cookie */
200
201 unsigned char *hs_msg; /*!< Reassembled handshake message */
202
203 uint32_t retransmit_timeout; /*!< Current value of timeout */
204 unsigned char retransmit_state; /*!< Retransmission state */
205 mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
206 mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
207 unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
208 flight being received */
209 mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
210 resending messages */
211 unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
212 for resending messages */
213#endif
214
215 /*
216 * Checksum contexts
217 */
218#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
219 defined(MBEDTLS_SSL_PROTO_TLS1_1)
220 mbedtls_md5_context fin_md5;
221 mbedtls_sha1_context fin_sha1;
222#endif
223#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
224#if defined(MBEDTLS_SHA256_C)
225 mbedtls_sha256_context fin_sha256;
226#endif
227#if defined(MBEDTLS_SHA512_C)
228 mbedtls_sha512_context fin_sha512;
229#endif
230#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
231
232 void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
233 void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
234 void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
235 int (*tls_prf)(const unsigned char *, size_t, const char *,
236 const unsigned char *, size_t,
237 unsigned char *, size_t);
238
239 size_t pmslen; /*!< premaster length */
240
241 unsigned char randbytes[64]; /*!< random bytes */
242 unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
243 /*!< premaster secret */
244
245 int resume; /*!< session resume indicator*/
246 int max_major_ver; /*!< max. major version client*/
247 int max_minor_ver; /*!< max. minor version client*/
248 int cli_exts; /*!< client extension presence*/
249
250#if defined(MBEDTLS_SSL_SESSION_TICKETS)
251 int new_session_ticket; /*!< use NewSessionTicket? */
252#endif /* MBEDTLS_SSL_SESSION_TICKETS */
253#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
254 int extended_ms; /*!< use Extended Master Secret? */
255#endif
256};
257
258/*
259 * This structure contains a full set of runtime transform parameters
260 * either in negotiation or active.
261 */
262struct mbedtls_ssl_transform
263{
264 /*
265 * Session specific crypto layer
266 */
267 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
268 /*!< Chosen cipersuite_info */
Manuel Pégourié-Gonnard39a48f42015-06-18 16:06:55 +0200[diff] [blame]269 unsigned int keylen; /*!< symmetric key length (bytes) */
Manuel Pégourié-Gonnardcd4fcc62015-05-26 12:11:48 +0200[diff] [blame]270 size_t minlen; /*!< min. ciphertext length */
271 size_t ivlen; /*!< IV length */
272 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
273 size_t maclen; /*!< MAC length */
274
275 unsigned char iv_enc[16]; /*!< IV (encryption) */
276 unsigned char iv_dec[16]; /*!< IV (decryption) */
277
278#if defined(MBEDTLS_SSL_PROTO_SSL3)
279 /* Needed only for SSL v3.0 secret */
280 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
281 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
282#endif /* MBEDTLS_SSL_PROTO_SSL3 */
283
284 mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
285 mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
286
287 mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
288 mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
289
290 /*
291 * Session specific compression layer
292 */
293#if defined(MBEDTLS_ZLIB_SUPPORT)
294 z_stream ctx_deflate; /*!< compression context */
295 z_stream ctx_inflate; /*!< decompression context */
296#endif
297};
298
299#if defined(MBEDTLS_X509_CRT_PARSE_C)
300/*
301 * List of certificate + private key pairs
302 */
303struct mbedtls_ssl_key_cert
304{
305 mbedtls_x509_crt *cert; /*!< cert */
306 mbedtls_pk_context *key; /*!< private key */
307 mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
308};
309#endif /* MBEDTLS_X509_CRT_PARSE_C */
310
311#if defined(MBEDTLS_SSL_PROTO_DTLS)
312/*
313 * List of handshake messages kept around for resending
314 */
315struct mbedtls_ssl_flight_item
316{
317 unsigned char *p; /*!< message, including handshake headers */
318 size_t len; /*!< length of p */
319 unsigned char type; /*!< type of the message: handshake or CCS */
320 mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
321};
322#endif /* MBEDTLS_SSL_PROTO_DTLS */
323
324
325/**
326 * \brief Free referenced items in an SSL transform context and clear
327 * memory
328 *
329 * \param transform SSL transform context
330 */
331void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
332
333/**
334 * \brief Free referenced items in an SSL handshake context and clear
335 * memory
336 *
337 * \param handshake SSL handshake context
338 */
339void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
340
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]341int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
342int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
343void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
344
345int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
346
347void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
348int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
349
350int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
351int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
352
353int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
354int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
355
356int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
357int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
358
359int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
360int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
361
362int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
363int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
364
365void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
366 const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
367
368#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
369int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
370#endif
371
372#if defined(MBEDTLS_PK_C)
373unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
374mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
375#endif
376
377mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
Manuel Pégourié-Gonnard7bfc1222015-06-17 14:34:48 +0200[diff] [blame]378unsigned char mbedtls_ssl_hash_from_md_alg( int md );
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]379
Manuel Pégourié-Gonnardb541da62015-06-17 11:43:30 +0200[diff] [blame]380#if defined(MBEDTLS_ECP_C)
Manuel Pégourié-Gonnard9d412d82015-06-17 12:10:46 +0200[diff] [blame]381int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]382#endif
383
Manuel Pégourié-Gonnard7bfc1222015-06-17 14:34:48 +0200[diff] [blame]384#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
385int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
386 mbedtls_md_type_t md );
387#endif
388
Manuel Pégourié-Gonnard5e94dde2015-05-26 11:57:05 +0200[diff] [blame]389#if defined(MBEDTLS_X509_CRT_PARSE_C)
390static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
391{
392 mbedtls_ssl_key_cert *key_cert;
393
394 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
395 key_cert = ssl->handshake->key_cert;
396 else
397 key_cert = ssl->conf->key_cert;
398
399 return( key_cert == NULL ? NULL : key_cert->key );
400}
401
402static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
403{
404 mbedtls_ssl_key_cert *key_cert;
405
406 if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
407 key_cert = ssl->handshake->key_cert;
408 else
409 key_cert = ssl->conf->key_cert;
410
411 return( key_cert == NULL ? NULL : key_cert->cert );
412}
413
414/*
415 * Check usage of a certificate wrt extensions:
416 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
417 *
418 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
419 * check a cert we received from them)!
420 *
421 * Return 0 if everything is OK, -1 if not.
422 */
423int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
424 const mbedtls_ssl_ciphersuite_t *ciphersuite,
425 int cert_endpoint,
426 uint32_t *flags );
427#endif /* MBEDTLS_X509_CRT_PARSE_C */
428
429void mbedtls_ssl_write_version( int major, int minor, int transport,
430 unsigned char ver[2] );
431void mbedtls_ssl_read_version( int *major, int *minor, int transport,
432 const unsigned char ver[2] );
433
434static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
435{
436#if defined(MBEDTLS_SSL_PROTO_DTLS)
437 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
438 return( 13 );
439#else
440 ((void) ssl);
441#endif
442 return( 5 );
443}
444
445static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
446{
447#if defined(MBEDTLS_SSL_PROTO_DTLS)
448 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
449 return( 12 );
450#else
451 ((void) ssl);
452#endif
453 return( 4 );
454}
455
456#if defined(MBEDTLS_SSL_PROTO_DTLS)
457void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
458void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
459int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
460#endif
461
462/* Visible for testing purposes only */
463#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
464int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
465void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
466#endif
467
468/* constant-time buffer comparison */
469static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
470{
471 size_t i;
472 const unsigned char *A = (const unsigned char *) a;
473 const unsigned char *B = (const unsigned char *) b;
474 unsigned char diff = 0;
475
476 for( i = 0; i < n; i++ )
477 diff |= A[i] ^ B[i];
478
479 return( diff );
480}
481
482#ifdef __cplusplus
483}
484#endif
485
486#endif /* ssl_internal.h */