mbed TLS v2.1.2
ssl_internal.h
Go to the documentation of this file.
1 
23 #ifndef MBEDTLS_SSL_INTERNAL_H
24 #define MBEDTLS_SSL_INTERNAL_H
25 
26 #include "ssl.h"
27 
28 #if defined(MBEDTLS_MD5_C)
29 #include "md5.h"
30 #endif
31 
32 #if defined(MBEDTLS_SHA1_C)
33 #include "sha1.h"
34 #endif
35 
36 #if defined(MBEDTLS_SHA256_C)
37 #include "sha256.h"
38 #endif
39 
40 #if defined(MBEDTLS_SHA512_C)
41 #include "sha512.h"
42 #endif
43 
44 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
45  !defined(inline) && !defined(__cplusplus)
46 #define inline __inline
47 #endif
48 
49 /* Determine minimum supported version */
50 #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
51 
52 #if defined(MBEDTLS_SSL_PROTO_SSL3)
53 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
54 #else
55 #if defined(MBEDTLS_SSL_PROTO_TLS1)
56 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
57 #else
58 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
59 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
60 #else
61 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
62 #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
63 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
64 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
65 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
66 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
67 
68 /* Determine maximum supported version */
69 #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
70 
71 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
72 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
73 #else
74 #if defined(MBEDTLS_SSL_PROTO_TLS1_1)
75 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
76 #else
77 #if defined(MBEDTLS_SSL_PROTO_TLS1)
78 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
79 #else
80 #if defined(MBEDTLS_SSL_PROTO_SSL3)
81 #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
82 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
83 #endif /* MBEDTLS_SSL_PROTO_TLS1 */
84 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
85 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
86 
87 #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
88 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
89 #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
90 #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
91 
92 /*
93  * DTLS retransmission states, see RFC 6347 4.2.4
94  *
95  * The SENDING state is merged in PREPARING for initial sends,
96  * but is distinct for resends.
97  *
98  * Note: initial state is wrong for server, but is not used anyway.
99  */
100 #define MBEDTLS_SSL_RETRANS_PREPARING 0
101 #define MBEDTLS_SSL_RETRANS_SENDING 1
102 #define MBEDTLS_SSL_RETRANS_WAITING 2
103 #define MBEDTLS_SSL_RETRANS_FINISHED 3
104 
105 /*
106  * Allow extra bytes for record, authentication and encryption overhead:
107  * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
108  * and allow for a maximum of 1024 of compression expansion if
109  * enabled.
110  */
111 #if defined(MBEDTLS_ZLIB_SUPPORT)
112 #define MBEDTLS_SSL_COMPRESSION_ADD 1024
113 #else
114 #define MBEDTLS_SSL_COMPRESSION_ADD 0
115 #endif
116 
117 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
118 /* Ciphersuites using HMAC */
119 #if defined(MBEDTLS_SHA512_C)
120 #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
121 #elif defined(MBEDTLS_SHA256_C)
122 #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
123 #else
124 #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
125 #endif
126 #else
127 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
128 #define MBEDTLS_SSL_MAC_ADD 16
129 #endif
130 
131 #if defined(MBEDTLS_CIPHER_MODE_CBC)
132 #define MBEDTLS_SSL_PADDING_ADD 256
133 #else
134 #define MBEDTLS_SSL_PADDING_ADD 0
135 #endif
136 
137 #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
138  + MBEDTLS_SSL_COMPRESSION_ADD \
139  + 29 /* counter + header + IV */ \
140  + MBEDTLS_SSL_MAC_ADD \
141  + MBEDTLS_SSL_PADDING_ADD \
142  )
143 
144 /*
145  * TLS extension flags (for extensions with outgoing ServerHello content
146  * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
147  * of state of the renegotiation flag, so no indicator is required)
148  */
149 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
150 
151 #ifdef __cplusplus
152 extern "C" {
153 #endif
154 
155 /*
156  * This structure contains the parameters only needed during handshake.
157  */
159 {
160  /*
161  * Handshake specific crypto variables
162  */
163  int sig_alg;
164  int cert_type;
166 #if defined(MBEDTLS_DHM_C)
168 #endif
169 #if defined(MBEDTLS_ECDH_C)
171 #endif
172 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
174 #endif
175 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
176  unsigned char *psk;
177  size_t psk_len;
178 #endif
179 #if defined(MBEDTLS_X509_CRT_PARSE_C)
181 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
186 #endif
187 #endif /* MBEDTLS_X509_CRT_PARSE_C */
188 #if defined(MBEDTLS_SSL_PROTO_DTLS)
189  unsigned int out_msg_seq;
190  unsigned int in_msg_seq;
192  unsigned char *verify_cookie;
194  unsigned char verify_cookie_len;
197  unsigned char *hs_msg;
200  unsigned char retransmit_state;
203  unsigned int in_flight_start_seq;
207  unsigned char alt_out_ctr[8];
209 #endif
210 
211  /*
212  * Checksum contexts
213  */
214 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
215  defined(MBEDTLS_SSL_PROTO_TLS1_1)
218 #endif
219 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
220 #if defined(MBEDTLS_SHA256_C)
222 #endif
223 #if defined(MBEDTLS_SHA512_C)
225 #endif
226 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
227 
228  void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
229  void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
230  void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
231  int (*tls_prf)(const unsigned char *, size_t, const char *,
232  const unsigned char *, size_t,
233  unsigned char *, size_t);
234 
235  size_t pmslen;
237  unsigned char randbytes[64];
241  int resume;
244  int cli_exts;
246 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
248 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
249 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
251 #endif
252 };
253 
254 /*
255  * This structure contains a full set of runtime transform parameters
256  * either in negotiation or active.
257  */
259 {
260  /*
261  * Session specific crypto layer
262  */
265  unsigned int keylen;
266  size_t minlen;
267  size_t ivlen;
268  size_t fixed_ivlen;
269  size_t maclen;
271  unsigned char iv_enc[16];
272  unsigned char iv_dec[16];
274 #if defined(MBEDTLS_SSL_PROTO_SSL3)
275  /* Needed only for SSL v3.0 secret */
276  unsigned char mac_enc[20];
277  unsigned char mac_dec[20];
278 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
279 
286  /*
287  * Session specific compression layer
288  */
289 #if defined(MBEDTLS_ZLIB_SUPPORT)
290  z_stream ctx_deflate;
291  z_stream ctx_inflate;
292 #endif
293 };
294 
295 #if defined(MBEDTLS_X509_CRT_PARSE_C)
296 /*
297  * List of certificate + private key pairs
298  */
300 {
304 };
305 #endif /* MBEDTLS_X509_CRT_PARSE_C */
306 
307 #if defined(MBEDTLS_SSL_PROTO_DTLS)
308 /*
309  * List of handshake messages kept around for resending
310  */
312 {
313  unsigned char *p;
314  size_t len;
315  unsigned char type;
317 };
318 #endif /* MBEDTLS_SSL_PROTO_DTLS */
319 
320 
328 
336 
340 
342 
345 
347 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
348 
351 
354 
357 
360 
362  const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
363 
364 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
366 #endif
367 
368 #if defined(MBEDTLS_PK_C)
369 unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
371 #endif
372 
373 mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
374 unsigned char mbedtls_ssl_hash_from_md_alg( int md );
375 
376 #if defined(MBEDTLS_ECP_C)
378 #endif
379 
380 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
383 #endif
384 
385 #if defined(MBEDTLS_X509_CRT_PARSE_C)
387 {
388  mbedtls_ssl_key_cert *key_cert;
389 
390  if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
391  key_cert = ssl->handshake->key_cert;
392  else
393  key_cert = ssl->conf->key_cert;
394 
395  return( key_cert == NULL ? NULL : key_cert->key );
396 }
397 
399 {
400  mbedtls_ssl_key_cert *key_cert;
401 
402  if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
403  key_cert = ssl->handshake->key_cert;
404  else
405  key_cert = ssl->conf->key_cert;
406 
407  return( key_cert == NULL ? NULL : key_cert->cert );
408 }
409 
410 /*
411  * Check usage of a certificate wrt extensions:
412  * keyUsage, extendedKeyUsage (later), and nSCertType (later).
413  *
414  * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
415  * check a cert we received from them)!
416  *
417  * Return 0 if everything is OK, -1 if not.
418  */
420  const mbedtls_ssl_ciphersuite_t *ciphersuite,
421  int cert_endpoint,
422  uint32_t *flags );
423 #endif /* MBEDTLS_X509_CRT_PARSE_C */
424 
425 void mbedtls_ssl_write_version( int major, int minor, int transport,
426  unsigned char ver[2] );
427 void mbedtls_ssl_read_version( int *major, int *minor, int transport,
428  const unsigned char ver[2] );
429 
430 static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
431 {
432 #if defined(MBEDTLS_SSL_PROTO_DTLS)
434  return( 13 );
435 #else
436  ((void) ssl);
437 #endif
438  return( 5 );
439 }
440 
441 static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
442 {
443 #if defined(MBEDTLS_SSL_PROTO_DTLS)
445  return( 12 );
446 #else
447  ((void) ssl);
448 #endif
449  return( 4 );
450 }
451 
452 #if defined(MBEDTLS_SSL_PROTO_DTLS)
456 #endif
457 
458 /* Visible for testing purposes only */
459 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
462 #endif
463 
464 /* constant-time buffer comparison */
465 static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
466 {
467  size_t i;
468  const unsigned char *A = (const unsigned char *) a;
469  const unsigned char *B = (const unsigned char *) b;
470  unsigned char diff = 0;
471 
472  for( i = 0; i < n; i++ )
473  diff |= A[i] ^ B[i];
474 
475  return( diff );
476 }
477 
478 #ifdef __cplusplus
479 }
480 #endif
481 
482 #endif /* ssl_internal.h */
void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl)
unsigned int transport
Definition: ssl.h:613
int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_hash_from_md_alg(int md)
Public key container.
Definition: pk.h:126
mbedtls_sha1_context fin_sha1
Definition: ssl_internal.h:217
void(* update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t)
Definition: ssl_internal.h:228
void mbedtls_ssl_read_version(int *major, int *minor, int transport, const unsigned char ver[2])
mbedtls_ssl_key_cert * key_cert
Definition: ssl_internal.h:180
int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
unsigned char alt_out_ctr[8]
Definition: ssl_internal.h:207
unsigned char randbytes[64]
Definition: ssl_internal.h:237
int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
mbedtls_ssl_flight_item * cur_msg
Definition: ssl_internal.h:202
mbedtls_sha256_context fin_sha256
Definition: ssl_internal.h:221
int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
Certificate revocation list structure.
Definition: x509_crl.h:69
mbedtls_ecdh_context ecdh_ctx
Definition: ssl_internal.h:170
Generic cipher context.
Definition: cipher.h:213
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
Definition: ssl_internal.h:465
mbedtls_sha512_context fin_sha512
Definition: ssl_internal.h:224
mbedtls_pk_type_t
Public key types.
Definition: pk.h:74
int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
mbedtls_cipher_context_t cipher_ctx_enc
Definition: ssl_internal.h:283
static size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:441
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM
Definition: ssl.h:140
Curve information for use by other modules.
Definition: ecp.h:80
int mbedtls_ssl_resend(mbedtls_ssl_context *ssl)
unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
Generic message digest context.
Definition: md.h:66
mbedtls_x509_crt * sni_ca_chain
Definition: ssl_internal.h:184
mbedtls_md_context_t md_ctx_dec
Definition: ssl_internal.h:281
void mbedtls_ssl_handshake_free(mbedtls_ssl_handshake_params *handshake)
Free referenced items in an SSL handshake context and clear memory.
const mbedtls_ssl_ciphersuite_t * ciphersuite_info
Definition: ssl_internal.h:263
mbedtls_md5_context fin_md5
Definition: ssl_internal.h:216
unsigned char iv_dec[16]
Definition: ssl_internal.h:272
int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
mbedtls_ssl_handshake_params * handshake
Definition: ssl.h:688
int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context *ssl)
const mbedtls_ecp_curve_info ** curves
Definition: ssl_internal.h:173
mbedtls_ssl_transform * alt_transform_out
Definition: ssl_internal.h:205
int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl)
unsigned char iv_enc[16]
Definition: ssl_internal.h:271
mbedtls_ssl_flight_item * next
Definition: ssl_internal.h:316
mbedtls_ssl_key_cert * key_cert
Definition: ssl.h:547
void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
SHA-512 context structure.
Definition: sha512.h:46
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, uint32_t *flags)
int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex)
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
void(* calc_verify)(mbedtls_ssl_context *, unsigned char *)
Definition: ssl_internal.h:229
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
mbedtls_key_exchange_type_t
unsigned char * verify_cookie
Definition: ssl_internal.h:192
static mbedtls_x509_crt * mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:398
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
mbedtls_ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
Definition: ecp.h:53
DHM context structure.
Definition: dhm.h:149
const mbedtls_ssl_config * conf
Definition: ssl.h:652
SHA-256 context structure.
Definition: sha256.h:46
ECDH context structure.
Definition: ecdh.h:44
int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
This structure is used for storing ciphersuite information.
#define MBEDTLS_PREMASTER_SIZE
Definition: ssl.h:395
int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
void mbedtls_ssl_write_version(int major, int minor, int transport, unsigned char ver[2])
mbedtls_cipher_context_t cipher_ctx_dec
Definition: ssl_internal.h:284
mbedtls_ssl_key_cert * next
Definition: ssl_internal.h:303
void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl)
int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
MD5 context structure.
Definition: md5.h:46
void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl)
void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
Container for an X.509 certificate.
Definition: x509_crt.h:52
SHA-1 context structure.
Definition: sha1.h:46
int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, mbedtls_md_type_t md)
mbedtls_ssl_key_cert * sni_key_cert
Definition: ssl_internal.h:183
SSL/TLS functions.
mbedtls_pk_context * key
Definition: ssl_internal.h:302
int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
unsigned char premaster[MBEDTLS_PREMASTER_SIZE]
Definition: ssl_internal.h:238
void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
void(* calc_finished)(mbedtls_ssl_context *, unsigned char *, int)
Definition: ssl_internal.h:230
mbedtls_ssl_flight_item * flight
Definition: ssl_internal.h:201
mbedtls_x509_crl * sni_ca_crl
Definition: ssl_internal.h:185
int(* tls_prf)(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t)
Definition: ssl_internal.h:231
void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl)
mbedtls_md_type_t
Definition: md.h:39
mbedtls_md_context_t md_ctx_enc
Definition: ssl_internal.h:280
#define md
Definition: compat-1.3.h:2030
mbedtls_x509_crt * cert
Definition: ssl_internal.h:301
mbedtls_dhm_context dhm_ctx
Definition: ssl_internal.h:167
static mbedtls_pk_context * mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:386
static size_t mbedtls_ssl_hdr_len(const mbedtls_ssl_context *ssl)
Definition: ssl_internal.h:430