ReactOS 0.4.15-dev-8632-gbc8c7d1
|
Internal functions shared by the SSL modules. More...
#include "config.h"
#include "ssl.h"
#include "cipher.h"
#include "md5.h"
#include "sha1.h"
#include "sha256.h"
#include "sha512.h"
Go to the source code of this file.
Classes | |
struct | mbedtls_ssl_sig_hash_set_t |
struct | mbedtls_ssl_handshake_params |
struct | mbedtls_ssl_transform |
struct | mbedtls_ssl_key_cert |
Typedefs | |
typedef struct mbedtls_ssl_hs_buffer | mbedtls_ssl_hs_buffer |
Internal functions shared by the SSL modules.
Definition in file ssl_internal.h.
This macro checks if the remaining size in a buffer is greater or equal than a needed space. If it is not the case, it returns an SSL_BUFFER_TOO_SMALL error.
cur | Pointer to the current position in the buffer. |
end | Pointer to one past the end of the buffer. |
need | Needed space in bytes. |
Definition at line 315 of file ssl_internal.h.
#define MBEDTLS_SSL_COMPRESSION_ADD 0 |
Definition at line 180 of file ssl_internal.h.
#define MBEDTLS_SSL_HEADER_LEN 13 |
Definition at line 263 of file ssl_internal.h.
#define MBEDTLS_SSL_IN_BUFFER_LEN ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) ) |
Definition at line 265 of file ssl_internal.h.
#define MBEDTLS_SSL_IN_PAYLOAD_LEN |
Definition at line 209 of file ssl_internal.h.
#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 |
Definition at line 135 of file ssl_internal.h.
Definition at line 186 of file ssl_internal.h.
#define MBEDTLS_SSL_MAX_BUFFERED_HS 4 |
Definition at line 216 of file ssl_internal.h.
#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535 |
Definition at line 232 of file ssl_internal.h.
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 |
Definition at line 109 of file ssl_internal.h.
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 |
Definition at line 112 of file ssl_internal.h.
#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534 |
Definition at line 229 of file ssl_internal.h.
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 |
Definition at line 87 of file ssl_internal.h.
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 |
Definition at line 93 of file ssl_internal.h.
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 |
Definition at line 106 of file ssl_internal.h.
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 |
Definition at line 105 of file ssl_internal.h.
#define MBEDTLS_SSL_OUT_BUFFER_LEN ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) ) |
Definition at line 268 of file ssl_internal.h.
#define MBEDTLS_SSL_OUT_PAYLOAD_LEN |
Definition at line 212 of file ssl_internal.h.
#define MBEDTLS_SSL_PADDING_ADD 256 |
Definition at line 198 of file ssl_internal.h.
#define MBEDTLS_SSL_PAYLOAD_OVERHEAD |
Definition at line 203 of file ssl_internal.h.
#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ |
Definition at line 137 of file ssl_internal.h.
Definition at line 136 of file ssl_internal.h.
Definition at line 138 of file ssl_internal.h.
#define MBEDTLS_SSL_RETRANS_FINISHED 3 |
Definition at line 151 of file ssl_internal.h.
#define MBEDTLS_SSL_RETRANS_PREPARING 0 |
Definition at line 148 of file ssl_internal.h.
#define MBEDTLS_SSL_RETRANS_SENDING 1 |
Definition at line 149 of file ssl_internal.h.
#define MBEDTLS_SSL_RETRANS_WAITING 2 |
Definition at line 150 of file ssl_internal.h.
#define MBEDTLS_SSL_SOME_SUITES_USE_CBC |
Definition at line 159 of file ssl_internal.h.
#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC |
Definition at line 168 of file ssl_internal.h.
#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN |
Definition at line 222 of file ssl_internal.h.
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) |
Definition at line 286 of file ssl_internal.h.
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) |
Definition at line 285 of file ssl_internal.h.
Definition at line 506 of file ssl_internal.h.
int mbedtls_ssl_cf_hmac | ( | mbedtls_md_context_t * | ctx, |
const unsigned char * | add_data, | ||
size_t | add_data_len, | ||
const unsigned char * | data, | ||
size_t | data_len_secret, | ||
size_t | min_data_len, | ||
size_t | max_data_len, | ||
unsigned char * | output | ||
) |
Compute the HMAC of variable-length data with constant flow.
This function computes the HMAC of the concatenation of add_data
and data
, and does with a code flow and memory access pattern that does not depend on data_len_secret
, but only on min_data_len
and max_data_len
. In particular, this function always reads exactly max_data_len
bytes from data
.
ctx | The HMAC context. It must have keys configured with mbedtls_md_hmac_starts() and use one of the following hashes: SHA-384, SHA-256, SHA-1 or MD-5. It is reset using mbedtls_md_hmac_reset() after the computation is complete to prepare for the next computation. |
add_data | The additional data prepended to data . This must point to a readable buffer of add_data_len bytes. |
add_data_len | The length of add_data in bytes. |
data | The data appended to add_data . This must point to a readable buffer of max_data_len bytes. |
data_len_secret | The length of the data to process in data . This must be no less than min_data_len and no greater than max_data_len . |
min_data_len | The minimal length of data in bytes. |
max_data_len | The maximal length of data in bytes. |
output | The HMAC will be written here. This must point to a writable buffer of sufficient size to hold the HMAC value. |
0 | Success. |
MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED | The hardware accelerator failed. |
void mbedtls_ssl_cf_memcpy_offset | ( | unsigned char * | dst, |
const unsigned char * | src_base, | ||
size_t | offset_secret, | ||
size_t | offset_min, | ||
size_t | offset_max, | ||
size_t | len | ||
) |
Copy data from a secret position with constant flow.
This function copies len
bytes from src_base
+ offset_secret
to dst
, with a code flow and memory access pattern that does not depend on offset_secret
, but only on offset_min
, offset_max
and len
.
dst | The destination buffer. This must point to a writable buffer of at least len bytes. |
src_base | The base of the source buffer. This must point to a readable buffer of at least offset_max + len bytes. |
offset_secret | The offset in the source buffer from which to copy. This must be no less than offset_min and no greater than offset_max . |
offset_min | The minimal value of offset_secret . |
offset_max | The maximal value of offset_secret . |
len | The number of bytes to copy. |
int mbedtls_ssl_check_cert_usage | ( | const mbedtls_x509_crt * | cert, |
const mbedtls_ssl_ciphersuite_t * | ciphersuite, | ||
int | cert_endpoint, | ||
uint32_t * | flags | ||
) |
int mbedtls_ssl_check_curve | ( | const mbedtls_ssl_context * | ssl, |
mbedtls_ecp_group_id | grp_id | ||
) |
int mbedtls_ssl_check_sig_hash | ( | const mbedtls_ssl_context * | ssl, |
mbedtls_md_type_t | md | ||
) |
|
inlinestatic |
This function checks if the remaining size in a buffer is greater or equal than a needed space.
cur | Pointer to the current position in the buffer. |
end | Pointer to one past the end of the buffer. |
need | Needed space in bytes. |
Definition at line 299 of file ssl_internal.h.
int mbedtls_ssl_derive_keys | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_fetch_input | ( | mbedtls_ssl_context * | ssl, |
size_t | nb_want | ||
) |
int mbedtls_ssl_flush_output | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_get_key_exchange_md_ssl_tls | ( | mbedtls_ssl_context * | ssl, |
unsigned char * | output, | ||
unsigned char * | data, | ||
size_t | data_len | ||
) |
int mbedtls_ssl_get_key_exchange_md_tls1_2 | ( | mbedtls_ssl_context * | ssl, |
unsigned char * | hash, | ||
size_t * | hashlen, | ||
unsigned char * | data, | ||
size_t | data_len, | ||
mbedtls_md_type_t | md_alg | ||
) |
int mbedtls_ssl_handle_message_type | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_handshake_client_step | ( | mbedtls_ssl_context * | ssl | ) |
void mbedtls_ssl_handshake_free | ( | mbedtls_ssl_context * | ssl | ) |
Free referenced items in an SSL handshake context and clear memory.
ssl | SSL context |
int mbedtls_ssl_handshake_server_step | ( | mbedtls_ssl_context * | ssl | ) |
void mbedtls_ssl_handshake_wrapup | ( | mbedtls_ssl_context * | ssl | ) |
|
inlinestatic |
Definition at line 790 of file ssl_internal.h.
|
inlinestatic |
Definition at line 801 of file ssl_internal.h.
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash | ( | unsigned char | hash | ) |
void mbedtls_ssl_optimize_checksum | ( | mbedtls_ssl_context * | ssl, |
const mbedtls_ssl_ciphersuite_t * | ciphersuite_info | ||
) |
|
inlinestatic |
Definition at line 758 of file ssl_internal.h.
|
inlinestatic |
Definition at line 746 of file ssl_internal.h.
int mbedtls_ssl_parse_certificate | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_parse_change_cipher_spec | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_parse_finished | ( | mbedtls_ssl_context * | ssl | ) |
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig | ( | unsigned char | sig | ) |
int mbedtls_ssl_prepare_handshake_record | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_read_record | ( | mbedtls_ssl_context * | ssl, |
unsigned | update_hs_digest | ||
) |
Update record layer.
This function roughly separates the implementation of the logic of (D)TLS from the implementation of the secure transport.
ssl | The SSL context to use. |
update_hs_digest | This indicates if the handshake digest should be automatically updated in case a handshake message is found. |
The record layer takes as input an untrusted underlying transport (stream or datagram) and transforms it into a serially multiplexed, secure transport, which conceptually provides the following:
(1) Three datagram based, content-agnostic transports for handshake, alert and CCS messages. (2) One stream- or datagram-based transport for application data. (3) Functionality for changing the underlying transform securing the contents.
The interface to this functionality is given as follows:
a Updating [Currently implemented by mbedtls_ssl_read_record]
Check if and on which of the four 'ports' data is pending: Nothing, a controlling datagram of type (1), or application data (2). In any case data is present, internal buffers provide access to the data for the user to process it. Consumption of type (1) datagrams is done automatically on the next update, invalidating that the internal buffers for previous datagrams, while consumption of application data (2) is user-controlled.
b Reading of application data [Currently manual adaption of ssl->in_offt pointer]
As mentioned in the last paragraph, consumption of data is different from the automatic consumption of control datagrams (1) because application data is treated as a stream.
c Tracking availability of application data [Currently manually through decreasing ssl->in_msglen]
For efficiency and to retain datagram semantics for application data in case of DTLS, the record layer provides functionality for checking how much application data is still available in the internal buffer.
d Changing the transformation securing the communication.
Given an opaque implementation of the record layer in the above sense, it should be possible to implement the logic of (D)TLS on top of it without the need to know anything about the record layer's internals. This is done e.g. in all the handshake handling functions, and in the application data reading function mbedtls_ssl_read.
void mbedtls_ssl_read_version | ( | int * | major, |
int * | minor, | ||
int | transport, | ||
const unsigned char | ver[2] | ||
) |
void mbedtls_ssl_reset_checksum | ( | mbedtls_ssl_context * | ssl | ) |
Definition at line 826 of file ssl_internal.h.
int mbedtls_ssl_send_fatal_handshake_failure | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_set_calc_verify_md | ( | mbedtls_ssl_context * | ssl, |
int | md | ||
) |
unsigned char mbedtls_ssl_sig_from_pk | ( | mbedtls_pk_context * | pk | ) |
unsigned char mbedtls_ssl_sig_from_pk_alg | ( | mbedtls_pk_type_t | type | ) |
void mbedtls_ssl_sig_hash_set_add | ( | mbedtls_ssl_sig_hash_set_t * | set, |
mbedtls_pk_type_t | sig_alg, | ||
mbedtls_md_type_t | md_alg | ||
) |
void mbedtls_ssl_sig_hash_set_const_hash | ( | mbedtls_ssl_sig_hash_set_t * | set, |
mbedtls_md_type_t | md_alg | ||
) |
Referenced by mbedtls_ssl_sig_hash_set_init().
mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find | ( | mbedtls_ssl_sig_hash_set_t * | set, |
mbedtls_pk_type_t | sig_alg | ||
) |
|
inlinestatic |
Definition at line 589 of file ssl_internal.h.
void mbedtls_ssl_transform_free | ( | mbedtls_ssl_transform * | transform | ) |
Free referenced items in an SSL transform context and clear memory.
transform | SSL transform context |
void mbedtls_ssl_update_handshake_status | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_write_certificate | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_write_change_cipher_spec | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_write_finished | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_write_handshake_msg | ( | mbedtls_ssl_context * | ssl | ) |
int mbedtls_ssl_write_record | ( | mbedtls_ssl_context * | ssl, |
uint8_t | force_flush | ||
) |