diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 082a69174..cb575213b 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -283,17 +283,17 @@ typedef struct mbedtls_cipher_info_t */ typedef struct mbedtls_cipher_context_t { + /** Operation that the key of the context has been + * initialized for. + */ + mbedtls_operation_t operation; + /** Information about the associated cipher. */ const mbedtls_cipher_info_t *cipher_info; /** Key length to use. */ int key_bitlen; - /** Operation that the key of the context has been - * initialized for. - */ - mbedtls_operation_t operation; - #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) /** Padding functions to use, if relevant for * the specific cipher mode. @@ -302,16 +302,9 @@ typedef struct mbedtls_cipher_context_t int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len ); #endif - /** Buffer for input that has not been processed yet. */ - unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]; - /** Number of Bytes that have not been processed yet. */ size_t unprocessed_len; - /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number - * for XTS-mode. */ - unsigned char iv[MBEDTLS_MAX_IV_LENGTH]; - /** IV size in Bytes, for ciphers with variable-length IVs. */ size_t iv_size; @@ -322,6 +315,13 @@ typedef struct mbedtls_cipher_context_t /** CMAC-specific context. */ mbedtls_cmac_context_t *cmac_ctx; #endif + + /** Buffer for input that has not been processed yet. */ + unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]; + + /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number + * for XTS-mode. */ + unsigned char iv[MBEDTLS_MAX_IV_LENGTH]; } mbedtls_cipher_context_t; /** diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 79c68681c..40ad4b114 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1249,10 +1249,26 @@ struct mbedtls_ssl_config struct mbedtls_ssl_context { - const mbedtls_ssl_config *conf; /*!< configuration information */ +#if defined(MBEDTLS_SSL_PROTO_DTLS) + uint8_t disable_datagram_packing; /*!< Disable packing multiple records + * within a single datagram. */ +#endif /* MBEDTLS_SSL_PROTO_DTLS */ +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + /* CID configuration to use in subsequent handshakes. */ + uint8_t own_cid_len; /*!< The length of \c own_cid. */ + uint8_t negotiate_cid; /*!< This indicates whether the CID extension should + * be negotiated in the next handshake or not. + * Possible values are #MBEDTLS_SSL_CID_ENABLED + * and #MBEDTLS_SSL_CID_DISABLED. */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ unsigned char pending_fatal_alert_msg; /*!< Type of a fatal alert * pending to be delivered. */ +#if defined(MBEDTLS_SSL_PROTO_DTLS) + uint16_t in_epoch; /*!< DTLS epoch for incoming records */ + uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */ +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + const mbedtls_ssl_config *conf; /*!< configuration information */ /* * Miscellaneous @@ -1340,14 +1356,9 @@ struct mbedtls_ssl_context size_t in_msglen; /*!< record header: message length */ size_t in_left; /*!< amount of data read so far */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - uint16_t in_epoch; /*!< DTLS epoch for incoming records */ size_t next_record_offset; /*!< offset of the next record in datagram (equal to in_left if none) */ #endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - uint64_t in_window_top; /*!< last validated record seq_num */ - uint64_t in_window; /*!< bitmask for replay detection */ -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ size_t in_hslen; /*!< current handshake message length, including the handshake header */ @@ -1356,11 +1367,6 @@ struct mbedtls_ssl_context int keep_current_message; /*!< drop or reuse current message on next call to record layer? */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint8_t disable_datagram_packing; /*!< Disable packing multiple records - * within a single datagram. */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - /* * Record layer (outgoing data) */ @@ -1379,12 +1385,6 @@ struct mbedtls_ssl_context size_t out_msglen; /*!< record header: message length */ size_t out_left; /*!< amount of data not yet written */ - unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */ -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - #if defined(MBEDTLS_ZLIB_SUPPORT) unsigned char *compress_buf; /*!< zlib data buffer */ #endif /* MBEDTLS_ZLIB_SUPPORT */ @@ -1429,6 +1429,13 @@ struct mbedtls_ssl_context char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ #endif /* MBEDTLS_SSL_RENEGOTIATION */ + unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */ + +#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) + uint64_t in_window_top; /*!< last validated record seq_num */ + uint64_t in_window; /*!< bitmask for replay detection */ +#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ + #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* CID configuration to use in subsequent handshakes. */ @@ -1437,11 +1444,6 @@ struct mbedtls_ssl_context * CID currently used in case the user has re-configured the CID * after an initial handshake. */ unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ]; - uint8_t own_cid_len; /*!< The length of \c own_cid. */ - uint8_t negotiate_cid; /*!< This indicates whether the CID extension should - * be negotiated in the next handshake or not. - * Possible values are #MBEDTLS_SSL_CID_ENABLED - * and #MBEDTLS_SSL_CID_DISABLED. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ }; diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 64138c53c..d9690cb40 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -385,17 +385,28 @@ struct mbedtls_ssl_handshake_params /* * Handshake specific crypto variables */ +#if defined(MBEDTLS_SSL_PROTO_DTLS) + unsigned char verify_cookie_len; /*!< Cli: cookie length + Srv: flag for sending a cookie */ + unsigned char retransmit_state; /*!< Retransmission state */ +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + /* The state of CID configuration in this handshake. */ + + uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension + * has been negotiated. Possible values are + * #MBEDTLS_SSL_CID_ENABLED and + * #MBEDTLS_SSL_CID_DISABLED. */ + uint8_t peer_cid_len; /*!< The length of + * \c peer_cid. */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */ + +#endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */ #endif -#if defined(MBEDTLS_DHM_C) - mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ -#endif -#if defined(MBEDTLS_ECDH_C) - mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ #if defined(MBEDTLS_SSL_CLI_C) @@ -409,12 +420,20 @@ struct mbedtls_ssl_handshake_params defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) uint16_t curve_tls_id; /*!< TLS ID of EC for ECDHE. */ #endif + + size_t pmslen; /*!< premaster length */ + int cli_exts; /*!< client extension presence*/ + #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) unsigned char *psk; /*!< PSK from the callback */ size_t psk_len; /*!< Length of PSK from callback */ #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ +#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */ +#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) int sni_authmode; /*!< authmode from SNI callback */ mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ @@ -433,21 +452,13 @@ struct mbedtls_ssl_handshake_params } ecrs_state; /*!< current (or last) operation */ mbedtls_x509_crt *ecrs_peer_cert; /*!< The peer's CRT chain. */ #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */ -#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #if defined(MBEDTLS_SSL_PROTO_DTLS) unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie Srv: unused */ - unsigned char verify_cookie_len; /*!< Cli: cookie length - Srv: flag for sending a cookie */ - uint32_t retransmit_timeout; /*!< Current value of timeout */ - unsigned char retransmit_state; /*!< Retransmission state */ mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ unsigned char *cur_msg_p; /*!< Position in current message */ @@ -457,27 +468,21 @@ struct mbedtls_ssl_handshake_params resending messages */ unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter for resending messages */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - /* The state of CID configuration in this handshake. */ - - uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension - * has been negotiated. Possible values are - * #MBEDTLS_SSL_CID_ENABLED and - * #MBEDTLS_SSL_CID_DISABLED. */ - unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */ - uint8_t peer_cid_len; /*!< The length of - * \c peer_cid. */ -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - struct { - size_t total_bytes_buffered; /*!< Cumulative size of heap allocated - * buffers used for message buffering. */ - uint8_t seen_ccs; /*!< Indicates if a CCS message has * been seen in the current flight. */ + size_t total_bytes_buffered; /*!< Cumulative size of heap allocated + * buffers used for message buffering. */ + + struct + { + unsigned char *data; + size_t len; + unsigned epoch; + } future_record; + struct mbedtls_ssl_hs_buffer { unsigned is_valid : 1; @@ -486,46 +491,20 @@ struct mbedtls_ssl_handshake_params unsigned char *data; size_t data_len; } hs[MBEDTLS_SSL_MAX_BUFFERED_HS]; - - struct - { - unsigned char *data; - size_t len; - unsigned epoch; - } future_record; - } buffering; - - uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */ +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + /* The state of CID configuration in this handshake. */ + unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_PROTO_DTLS */ - - /* - * Checksum contexts - */ -#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ - defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_context fin_md5; - mbedtls_sha1_context fin_sha1; -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_context fin_sha256; -#endif -#if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_context fin_sha512; -#endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + unsigned char randbytes[64]; /*!< random bytes */ + unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; + /*!< premaster secret */ #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) mbedtls_ssl_ciphersuite_handle_t ciphersuite_info; #endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ - size_t pmslen; /*!< premaster length */ - - unsigned char randbytes[64]; /*!< random bytes */ - unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; - /*!< premaster secret */ - #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) int resume; /*!< session resume indicator*/ #endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ @@ -537,7 +516,6 @@ struct mbedtls_ssl_handshake_params int max_minor_ver; /*!< max. minor version client*/ #endif /* MBEDTLS_SSL_SRV_C && ( MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ) */ - int cli_exts; /*!< client extension presence*/ #if defined(MBEDTLS_SSL_SESSION_TICKETS) int new_session_ticket; /*!< use NewSessionTicket? */ @@ -564,6 +542,30 @@ struct mbedtls_ssl_handshake_params uint8_t ecdh_privkey[NUM_ECC_BYTES]; uint8_t ecdh_peerkey[2*NUM_ECC_BYTES]; #endif /* MBEDTLS_USE_TINYCRYPT */ + + /* + * Checksum contexts + */ +#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_1) + mbedtls_md5_context fin_md5; + mbedtls_sha1_context fin_sha1; +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SHA256_C) + mbedtls_sha256_context fin_sha256; +#endif +#if defined(MBEDTLS_SHA512_C) + mbedtls_sha512_context fin_sha512; +#endif +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + +#if defined(MBEDTLS_DHM_C) + mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ +#endif +#if defined(MBEDTLS_ECDH_C) + mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ +#endif }; /* @@ -698,6 +700,10 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; */ struct mbedtls_ssl_transform { +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + uint8_t in_cid_len; + uint8_t out_cid_len; +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /* * Session specific crypto layer */ @@ -726,16 +732,11 @@ struct mbedtls_ssl_transform #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ - mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ - mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ - #if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER) int minor_ver; #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - uint8_t in_cid_len; - uint8_t out_cid_len; unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -748,6 +749,9 @@ struct mbedtls_ssl_transform z_stream ctx_inflate; /*!< decompression context */ #endif + mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ + mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ + #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) /* We need the Hello random bytes in order to re-derive keys from the * Master Secret and other session info, see ssl_populate_transform() */ @@ -808,14 +812,9 @@ static inline int mbedtls_ssl_transform_uses_aead( typedef struct { - uint8_t ctr[8]; /* In TLS: The implicit record sequence number. - * In DTLS: The 2-byte epoch followed by - * the 6-byte sequence number. - * This is stored as a raw big endian byte array - * as opposed to a uint64_t because we rarely - * need to perform arithmetic on this, but do - * need it as a Byte array for the purpose of - * MAC computations. */ +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + uint8_t cid_len; /* Length of the CID (0 if not present) */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ uint8_t type; /* The record content type. */ uint8_t ver[2]; /* SSL/TLS version as present on the wire. * Convert to internal presentation of versions @@ -827,9 +826,15 @@ typedef struct size_t buf_len; /* Buffer length */ size_t data_offset; /* Offset of record content */ size_t data_len; /* Length of record content */ - + uint8_t ctr[8]; /* In TLS: The implicit record sequence number. + * In DTLS: The 2-byte epoch followed by + * the 6-byte sequence number. + * This is stored as a raw big endian byte array + * as opposed to a uint64_t because we rarely + * need to perform arithmetic on this, but do + * need it as a Byte array for the purpose of + * MAC computations. */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - uint8_t cid_len; /* Length of the CID (0 if not present) */ unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ } mbedtls_record; diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 774a007a9..bb6cfe321 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -63,15 +63,15 @@ mbedtls_ssl_ticket_key; */ typedef struct mbedtls_ssl_ticket_context { - mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */ unsigned char active; /*!< index of the currently active key */ - uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */ /** Callback for getting (pseudo-)random numbers */ int (*f_rng)(void *, unsigned char *, size_t); void *p_rng; /*!< context for the RNG function */ + mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */ + #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; #endif diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index bf9e3befa..e4e22332a 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -69,13 +69,21 @@ mbedtls_x509_crl_entry; */ typedef struct mbedtls_x509_crl { + mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ + mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ + + int version; /**< CRL version (1=v1, 2=v2) */ + void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ + + struct mbedtls_x509_crl *next; + + mbedtls_x509_buf_raw issuer_raw; /**< The raw issuer data (DER). */ + mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ - int version; /**< CRL version (1=v1, 2=v2) */ - mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ - mbedtls_x509_buf_raw issuer_raw; /**< The raw issuer data (DER). */ + mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ @@ -88,11 +96,6 @@ typedef struct mbedtls_x509_crl mbedtls_x509_buf sig_oid2; mbedtls_x509_buf sig; - mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ - - struct mbedtls_x509_crl *next; } mbedtls_x509_crl; diff --git a/library/x509_crt.c b/library/x509_crt.c index 00d40db1f..0089ef2a3 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2070,10 +2070,10 @@ typedef struct mbedtls_x509_crt_sig_info mbedtls_md_type_t sig_md; mbedtls_pk_type_t sig_pk; void *sig_opts; - uint8_t crt_hash[MBEDTLS_MD_MAX_SIZE]; size_t crt_hash_len; mbedtls_x509_buf_raw sig; mbedtls_x509_buf_raw issuer_raw; + uint8_t crt_hash[MBEDTLS_MD_MAX_SIZE]; } mbedtls_x509_crt_sig_info; static void x509_crt_free_sig_info( mbedtls_x509_crt_sig_info *info )