mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-28 00:21:48 +03:00
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module
This commit is contained in:
Gabor Mezei
@ -102,6 +102,61 @@
|
||||
#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
|
||||
#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
|
||||
|
||||
/*
|
||||
* Mask of TLS 1.3 handshake extensions used in extensions_present
|
||||
* of mbedtls_ssl_handshake_params.
|
||||
*/
|
||||
#define MBEDTLS_SSL_EXT_NONE 0
|
||||
|
||||
#define MBEDTLS_SSL_EXT_SERVERNAME ( 1 << 0 )
|
||||
#define MBEDTLS_SSL_EXT_MAX_FRAGMENT_LENGTH ( 1 << 1 )
|
||||
#define MBEDTLS_SSL_EXT_STATUS_REQUEST ( 1 << 2 )
|
||||
#define MBEDTLS_SSL_EXT_SUPPORTED_GROUPS ( 1 << 3 )
|
||||
#define MBEDTLS_SSL_EXT_SIG_ALG ( 1 << 4 )
|
||||
#define MBEDTLS_SSL_EXT_USE_SRTP ( 1 << 5 )
|
||||
#define MBEDTLS_SSL_EXT_HEARTBEAT ( 1 << 6 )
|
||||
#define MBEDTLS_SSL_EXT_ALPN ( 1 << 7 )
|
||||
#define MBEDTLS_SSL_EXT_SCT ( 1 << 8 )
|
||||
#define MBEDTLS_SSL_EXT_CLI_CERT_TYPE ( 1 << 9 )
|
||||
#define MBEDTLS_SSL_EXT_SERV_CERT_TYPE ( 1 << 10 )
|
||||
#define MBEDTLS_SSL_EXT_PADDING ( 1 << 11 )
|
||||
#define MBEDTLS_SSL_EXT_PRE_SHARED_KEY ( 1 << 12 )
|
||||
#define MBEDTLS_SSL_EXT_EARLY_DATA ( 1 << 13 )
|
||||
#define MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ( 1 << 14 )
|
||||
#define MBEDTLS_SSL_EXT_COOKIE ( 1 << 15 )
|
||||
#define MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ( 1 << 16 )
|
||||
#define MBEDTLS_SSL_EXT_CERT_AUTH ( 1 << 17 )
|
||||
#define MBEDTLS_SSL_EXT_OID_FILTERS ( 1 << 18 )
|
||||
#define MBEDTLS_SSL_EXT_POST_HANDSHAKE_AUTH ( 1 << 19 )
|
||||
#define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 )
|
||||
#define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 )
|
||||
|
||||
/*
|
||||
* Helper macros for function call with return check.
|
||||
*/
|
||||
/*
|
||||
* Exit when return non-zero value
|
||||
*/
|
||||
#define MBEDTLS_SSL_PROC_CHK( f ) \
|
||||
do { \
|
||||
ret = ( f ); \
|
||||
if( ret != 0 ) \
|
||||
{ \
|
||||
goto cleanup; \
|
||||
} \
|
||||
} while( 0 )
|
||||
/*
|
||||
* Exit when return negative value
|
||||
*/
|
||||
#define MBEDTLS_SSL_PROC_CHK_NEG( f ) \
|
||||
do { \
|
||||
ret = ( f ); \
|
||||
if( ret < 0 ) \
|
||||
{ \
|
||||
goto cleanup; \
|
||||
} \
|
||||
} while( 0 )
|
||||
|
||||
/*
|
||||
* DTLS retransmission states, see RFC 6347 4.2.4
|
||||
*
|
||||
@ -252,6 +307,9 @@
|
||||
+ ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32
|
||||
#define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
/**
|
||||
* \brief Return the maximum fragment length (payload, in bytes) for
|
||||
@ -354,6 +412,32 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
|
||||
} \
|
||||
} while( 0 )
|
||||
|
||||
/**
|
||||
* \brief This macro checks if the remaining length in an input buffer is
|
||||
* greater or equal than a needed length. If it is not the case, it
|
||||
* returns #MBEDTLS_ERR_SSL_DECODE_ERROR error and pends a
|
||||
* #MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR alert message.
|
||||
*
|
||||
* This is a function-like macro. It is guaranteed to evaluate each
|
||||
* argument exactly once.
|
||||
*
|
||||
* \param cur Pointer to the current position in the buffer.
|
||||
* \param end Pointer to one past the end of the buffer.
|
||||
* \param need Needed length in bytes.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_SSL_CHK_BUF_READ_PTR( cur, end, need ) \
|
||||
do { \
|
||||
if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
|
||||
{ \
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, \
|
||||
( "missing input data in %s", __func__ ) ); \
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
|
||||
MBEDTLS_ERR_SSL_DECODE_ERROR ); \
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); \
|
||||
} \
|
||||
} while( 0 )
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
@ -423,6 +507,19 @@ struct mbedtls_ssl_key_set
|
||||
};
|
||||
typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned char binder_key [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
|
||||
unsigned char client_early_traffic_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
|
||||
unsigned char early_exporter_master_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
|
||||
} mbedtls_ssl_tls1_3_early_secrets;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned char client_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
|
||||
unsigned char server_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
|
||||
} mbedtls_ssl_tls1_3_handshake_secrets;
|
||||
|
||||
/*
|
||||
* This structure contains the parameters only needed during handshake.
|
||||
*/
|
||||
@ -431,6 +528,14 @@ struct mbedtls_ssl_handshake_params
|
||||
/*
|
||||
* Handshake specific crypto variables
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
const uint16_t *group_list;
|
||||
unsigned char group_list_heap_allocated;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
@ -518,8 +623,8 @@ struct mbedtls_ssl_handshake_params
|
||||
flight being received */
|
||||
mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
|
||||
resending messages */
|
||||
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
|
||||
for resending messages */
|
||||
unsigned char alt_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!< Alternative record epoch/counter
|
||||
for resending messages */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
/* The state of CID configuration in this handshake. */
|
||||
@ -562,6 +667,13 @@ struct mbedtls_ssl_handshake_params
|
||||
uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
/*! TLS 1.3 transforms for 0-RTT and encrypted handshake messages.
|
||||
* Those pointers own the transforms they reference. */
|
||||
mbedtls_ssl_transform *transform_handshake;
|
||||
mbedtls_ssl_transform *transform_earlydata;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
/*
|
||||
* Checksum contexts
|
||||
*/
|
||||
@ -587,11 +699,55 @@ struct mbedtls_ssl_handshake_params
|
||||
void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
|
||||
mbedtls_ssl_tls_prf_cb *tls_prf;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
uint16_t offered_group_id; /* The NamedGroup value for the group
|
||||
* that is being used for ephemeral
|
||||
* key exchange.
|
||||
*
|
||||
* On the client: Defaults to the first
|
||||
* entry in the client's group list,
|
||||
* but can be overwritten by the HRR. */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
/*
|
||||
* State-local variables used during the processing
|
||||
* of a specific handshake state.
|
||||
*/
|
||||
union
|
||||
{
|
||||
/* Outgoing Finished message */
|
||||
struct
|
||||
{
|
||||
uint8_t preparation_done;
|
||||
|
||||
/* Buffer holding digest of the handshake up to
|
||||
* but excluding the outgoing finished message. */
|
||||
unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE];
|
||||
size_t digest_len;
|
||||
} finished_out;
|
||||
|
||||
/* Incoming Finished message */
|
||||
struct
|
||||
{
|
||||
uint8_t preparation_done;
|
||||
|
||||
/* Buffer holding digest of the handshake up to but
|
||||
* excluding the peer's incoming finished message. */
|
||||
unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE];
|
||||
size_t digest_len;
|
||||
} finished_in;
|
||||
|
||||
} state_local;
|
||||
|
||||
/* End of state-local variables. */
|
||||
|
||||
mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
|
||||
|
||||
size_t pmslen; /*!< premaster length */
|
||||
|
||||
unsigned char randbytes[64]; /*!< random bytes */
|
||||
unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN +
|
||||
MBEDTLS_SERVER_HELLO_RANDOM_LEN];
|
||||
/*!< random bytes */
|
||||
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
||||
/*!< premaster secret */
|
||||
|
||||
@ -599,6 +755,20 @@ struct mbedtls_ssl_handshake_params
|
||||
int max_major_ver; /*!< max. major version client*/
|
||||
int max_minor_ver; /*!< max. minor version client*/
|
||||
int cli_exts; /*!< client extension presence*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
int extensions_present; /*!< extension presence; Each bitfield
|
||||
represents an extension and defined
|
||||
as \c MBEDTLS_SSL_EXT_XXX */
|
||||
|
||||
union
|
||||
{
|
||||
unsigned char early [MBEDTLS_TLS1_3_MD_MAX_SIZE];
|
||||
unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE];
|
||||
unsigned char app [MBEDTLS_TLS1_3_MD_MAX_SIZE];
|
||||
} tls1_3_master_secrets;
|
||||
|
||||
mbedtls_ssl_tls1_3_handshake_secrets tls13_hs_secrets;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
int new_session_ticket; /*!< use NewSessionTicket? */
|
||||
@ -740,8 +910,11 @@ struct mbedtls_ssl_transform
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||
/* We need the Hello random bytes in order to re-derive keys from the
|
||||
* Master Secret and other session info, see ssl_populate_transform() */
|
||||
unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */
|
||||
* Master Secret and other session info,
|
||||
* see ssl_tls12_populate_transform() */
|
||||
unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN +
|
||||
MBEDTLS_CLIENT_HELLO_RANDOM_LEN];
|
||||
/*!< ServerHello.random+ClientHello.random */
|
||||
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
|
||||
};
|
||||
|
||||
@ -788,14 +961,14 @@ static inline int mbedtls_ssl_transform_uses_aead(
|
||||
|
||||
typedef struct
|
||||
{
|
||||
uint8_t ctr[8]; /* In TLS: The implicit record sequence number.
|
||||
* In DTLS: The 2-byte epoch followed by
|
||||
* the 6-byte sequence number.
|
||||
* This is stored as a raw big endian byte array
|
||||
* as opposed to a uint64_t because we rarely
|
||||
* need to perform arithmetic on this, but do
|
||||
* need it as a Byte array for the purpose of
|
||||
* MAC computations. */
|
||||
uint8_t ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /* In TLS: The implicit record sequence number.
|
||||
* In DTLS: The 2-byte epoch followed by
|
||||
* the 6-byte sequence number.
|
||||
* This is stored as a raw big endian byte array
|
||||
* as opposed to a uint64_t because we rarely
|
||||
* need to perform arithmetic on this, but do
|
||||
* need it as a Byte array for the purpose of
|
||||
* MAC computations. */
|
||||
uint8_t type; /* The record content type. */
|
||||
uint8_t ver[2]; /* SSL/TLS version as present on the wire.
|
||||
* Convert to internal presentation of versions
|
||||
@ -878,13 +1051,24 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
|
||||
*/
|
||||
void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
|
||||
|
||||
/* set inbound transform of ssl context */
|
||||
void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
|
||||
mbedtls_ssl_transform *transform );
|
||||
|
||||
/* set outbound transform of ssl context */
|
||||
void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
|
||||
mbedtls_ssl_transform *transform );
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
size_t *olen );
|
||||
#endif
|
||||
|
||||
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
int mbedtls_ssl_handshake_client_step_tls1_3( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_handshake_server_step_tls1_3( mbedtls_ssl_context *ssl );
|
||||
#endif
|
||||
|
||||
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
|
||||
|
||||
@ -975,7 +1159,13 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
||||
unsigned update_hs_digest );
|
||||
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
||||
|
||||
int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
|
||||
int update_checksum );
|
||||
static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */ ) );
|
||||
}
|
||||
|
||||
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
|
||||
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
||||
|
||||
@ -1227,6 +1417,22 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
|
||||
|
||||
int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
|
||||
|
||||
/*
|
||||
* Send pending alert
|
||||
*/
|
||||
int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl );
|
||||
|
||||
/*
|
||||
* Set pending fatal alert flag.
|
||||
*/
|
||||
void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl,
|
||||
unsigned char alert_type,
|
||||
int alert_reason );
|
||||
|
||||
/* Alias of mbedtls_ssl_pend_fatal_alert */
|
||||
#define MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value ) \
|
||||
mbedtls_ssl_pend_fatal_alert( ssl, type, user_return_value )
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
|
||||
#endif
|
||||
@ -1289,4 +1495,223 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
|
||||
|
||||
int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief TLS 1.3 client side state machine entry
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*/
|
||||
int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief TLS 1.3 server side state machine entry
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*/
|
||||
int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl );
|
||||
|
||||
|
||||
/*
|
||||
* Helper functions around key exchange modes.
|
||||
*/
|
||||
static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes( mbedtls_ssl_context *ssl,
|
||||
int kex_mode_mask )
|
||||
{
|
||||
return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_conf_tls13_psk_enabled( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Given a list of key exchange modes, check if at least one of them is
|
||||
* supported.
|
||||
*
|
||||
* \param[in] ssl SSL context
|
||||
* \param kex_modes_mask Mask of the key exchange modes to check
|
||||
*
|
||||
* \return 0 if at least one of the key exchange modes is supported,
|
||||
* !=0 otherwise.
|
||||
*/
|
||||
static inline unsigned mbedtls_ssl_tls1_3_check_kex_modes( mbedtls_ssl_context *ssl,
|
||||
int kex_modes_mask )
|
||||
{
|
||||
return( ( ssl->handshake->tls1_3_kex_modes & kex_modes_mask ) == 0 );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_tls1_3_psk_enabled( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_tls1_3_psk_ephemeral_enabled(
|
||||
mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_tls1_3_ephemeral_enabled( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_tls1_3_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_tls1_3_some_psk_enabled( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
|
||||
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Helper functions for NamedGroup.
|
||||
*/
|
||||
static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
|
||||
{
|
||||
return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519 ||
|
||||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
|
||||
{
|
||||
return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
|
||||
named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
|
||||
}
|
||||
|
||||
static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
|
||||
mbedtls_ssl_states state )
|
||||
{
|
||||
ssl->state = ( int ) state;
|
||||
}
|
||||
|
||||
/*
|
||||
* Fetch TLS 1.3 handshake message header
|
||||
*/
|
||||
int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
|
||||
unsigned hs_type,
|
||||
unsigned char **buf,
|
||||
size_t *buf_len );
|
||||
|
||||
/*
|
||||
* Write TLS 1.3 handshake message header
|
||||
*/
|
||||
int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
|
||||
unsigned hs_type,
|
||||
unsigned char **buf,
|
||||
size_t *buflen );
|
||||
|
||||
/*
|
||||
* Handler of TLS 1.3 server certificate message
|
||||
*/
|
||||
int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
|
||||
|
||||
/*
|
||||
* Generic handler of Certificate Verify
|
||||
*/
|
||||
int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl );
|
||||
|
||||
/*
|
||||
* Write TLS 1.3 handshake message tail
|
||||
*/
|
||||
int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
|
||||
size_t buf_len,
|
||||
size_t msg_len );
|
||||
|
||||
void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
|
||||
unsigned hs_type,
|
||||
size_t total_hs_len );
|
||||
|
||||
/*
|
||||
* Update checksum of handshake messages.
|
||||
*/
|
||||
void mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
|
||||
unsigned hs_type,
|
||||
unsigned char const *msg,
|
||||
size_t msg_len );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/*
|
||||
* Write TLS 1.3 Signature Algorithm extension
|
||||
*/
|
||||
int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
unsigned char *end,
|
||||
size_t *olen);
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
/* Get handshake transcript */
|
||||
int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
|
||||
const mbedtls_md_type_t md,
|
||||
unsigned char *dst,
|
||||
size_t dst_len,
|
||||
size_t *olen );
|
||||
|
||||
/*
|
||||
* Return supported groups.
|
||||
*
|
||||
* In future, invocations can be changed to ssl->conf->group_list
|
||||
* when mbedtls_ssl_conf_curves() is deleted.
|
||||
*
|
||||
* ssl->handshake->group_list is either a translation of curve_list to IANA TLS group
|
||||
* identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to
|
||||
* ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked.
|
||||
*
|
||||
*/
|
||||
static inline const void *mbedtls_ssl_get_groups( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C)
|
||||
return( ssl->conf->group_list );
|
||||
#else
|
||||
if( ( ssl->handshake != NULL ) && ( ssl->handshake->group_list != NULL ) )
|
||||
return( ssl->handshake->group_list );
|
||||
else
|
||||
return( ssl->conf->group_list );
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* ssl_misc.h */
|
||||
|
||||
Reference in New Issue
Block a user