RetroArch
Classes | Macros | Functions
ssl_internal.h File Reference
#include "ssl.h"
#include "md5.h"
#include "sha1.h"
#include "sha256.h"
#include "sha512.h"
Include dependency graph for ssl_internal.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  mbedtls_ssl_sig_hash_set_t
 
struct  mbedtls_ssl_handshake_params
 
struct  mbedtls_ssl_transform
 
struct  mbedtls_ssl_key_cert
 
struct  mbedtls_ssl_flight_item
 

Macros

#define MBEDTLS_SSL_MIN_MAJOR_VERSION   MBEDTLS_SSL_MAJOR_VERSION_3
 
#define MBEDTLS_SSL_MIN_MINOR_VERSION   MBEDTLS_SSL_MINOR_VERSION_1
 
#define MBEDTLS_SSL_MAX_MAJOR_VERSION   MBEDTLS_SSL_MAJOR_VERSION_3
 
#define MBEDTLS_SSL_MAX_MINOR_VERSION   MBEDTLS_SSL_MINOR_VERSION_3
 
#define MBEDTLS_SSL_INITIAL_HANDSHAKE   0
 
#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1 /* In progress */
 
#define MBEDTLS_SSL_RENEGOTIATION_DONE   2 /* Done or aborted */
 
#define MBEDTLS_SSL_RENEGOTIATION_PENDING   3 /* Requested (server only) */
 
#define MBEDTLS_SSL_RETRANS_PREPARING   0
 
#define MBEDTLS_SSL_RETRANS_SENDING   1
 
#define MBEDTLS_SSL_RETRANS_WAITING   2
 
#define MBEDTLS_SSL_RETRANS_FINISHED   3
 
#define MBEDTLS_SSL_COMPRESSION_ADD   0
 
#define MBEDTLS_SSL_MAC_ADD   48 /* SHA-384 used for HMAC */
 
#define MBEDTLS_SSL_PADDING_ADD   256
 
#define MBEDTLS_SSL_BUFFER_LEN
 
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT   (1 << 0)
 
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK   (1 << 1)
 

Functions

mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find (mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg)
 
void mbedtls_ssl_sig_hash_set_add (mbedtls_ssl_sig_hash_set_t *set, mbedtls_pk_type_t sig_alg, mbedtls_md_type_t md_alg)
 
void mbedtls_ssl_sig_hash_set_const_hash (mbedtls_ssl_sig_hash_set_t *set, mbedtls_md_type_t md_alg)
 
static void mbedtls_ssl_sig_hash_set_init (mbedtls_ssl_sig_hash_set_t *set)
 
void mbedtls_ssl_transform_free (mbedtls_ssl_transform *transform)
 Free referenced items in an SSL transform context and clear memory. More...
 
void mbedtls_ssl_handshake_free (mbedtls_ssl_handshake_params *handshake)
 Free referenced items in an SSL handshake context and clear memory. More...
 
int mbedtls_ssl_handshake_client_step (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_handshake_server_step (mbedtls_ssl_context *ssl)
 
void mbedtls_ssl_handshake_wrapup (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_send_fatal_handshake_failure (mbedtls_ssl_context *ssl)
 
void mbedtls_ssl_reset_checksum (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_derive_keys (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_read_record_layer (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_handle_message_type (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_prepare_handshake_record (mbedtls_ssl_context *ssl)
 
void mbedtls_ssl_update_handshake_status (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_read_record (mbedtls_ssl_context *ssl)
 Update record layer. More...
 
int mbedtls_ssl_fetch_input (mbedtls_ssl_context *ssl, size_t nb_want)
 
int mbedtls_ssl_write_record (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_flush_output (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_parse_certificate (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_write_certificate (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_parse_change_cipher_spec (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_write_change_cipher_spec (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_parse_finished (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_write_finished (mbedtls_ssl_context *ssl)
 
void mbedtls_ssl_optimize_checksum (mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
 
int mbedtls_ssl_psk_derive_premaster (mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex)
 
unsigned char mbedtls_ssl_sig_from_pk (mbedtls_pk_context *pk)
 
unsigned char mbedtls_ssl_sig_from_pk_alg (mbedtls_pk_type_t type)
 
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig (unsigned char sig)
 
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash (unsigned char hash)
 
unsigned char mbedtls_ssl_hash_from_md_alg (int md)
 
int mbedtls_ssl_set_calc_verify_md (mbedtls_ssl_context *ssl, int md)
 
int mbedtls_ssl_check_curve (const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
 
int mbedtls_ssl_check_sig_hash (const mbedtls_ssl_context *ssl, mbedtls_md_type_t md)
 
static mbedtls_pk_contextmbedtls_ssl_own_key (mbedtls_ssl_context *ssl)
 
static mbedtls_x509_crtmbedtls_ssl_own_cert (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_check_cert_usage (const mbedtls_x509_crt *cert, const mbedtls_ssl_ciphersuite_t *ciphersuite, int cert_endpoint, uint32_t *flags)
 
void mbedtls_ssl_write_version (int major, int minor, int transport, unsigned char ver[2])
 
void mbedtls_ssl_read_version (int *major, int *minor, int transport, const unsigned char ver[2])
 
static size_t mbedtls_ssl_hdr_len (const mbedtls_ssl_context *ssl)
 
static size_t mbedtls_ssl_hs_hdr_len (const mbedtls_ssl_context *ssl)
 
void mbedtls_ssl_send_flight_completed (mbedtls_ssl_context *ssl)
 
void mbedtls_ssl_recv_flight_completed (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_resend (mbedtls_ssl_context *ssl)
 
int mbedtls_ssl_dtls_replay_check (mbedtls_ssl_context *ssl)
 
void mbedtls_ssl_dtls_replay_update (mbedtls_ssl_context *ssl)
 
static int mbedtls_ssl_safer_memcmp (const void *a, const void *b, size_t n)
 

Macro Definition Documentation

◆ MBEDTLS_SSL_BUFFER_LEN

#define MBEDTLS_SSL_BUFFER_LEN
Value:
( MBEDTLS_SSL_MAX_CONTENT_LEN \
+ MBEDTLS_SSL_COMPRESSION_ADD \
+ 29 /* counter + header + IV */ \
+ MBEDTLS_SSL_MAC_ADD \
+ MBEDTLS_SSL_PADDING_ADD \
)
MBEDTLS_SSL_MAC_ADD
#define MBEDTLS_SSL_MAC_ADD
Definition: ssl_internal.h:124
MBEDTLS_SSL_PADDING_ADD
#define MBEDTLS_SSL_PADDING_ADD
Definition: ssl_internal.h:136
MBEDTLS_SSL_COMPRESSION_ADD
#define MBEDTLS_SSL_COMPRESSION_ADD
Definition: ssl_internal.h:118
MBEDTLS_SSL_MAX_CONTENT_LEN
#define MBEDTLS_SSL_MAX_CONTENT_LEN
Definition: ssl.h:222

◆ MBEDTLS_SSL_COMPRESSION_ADD

#define MBEDTLS_SSL_COMPRESSION_ADD   0

◆ MBEDTLS_SSL_INITIAL_HANDSHAKE

#define MBEDTLS_SSL_INITIAL_HANDSHAKE   0

◆ MBEDTLS_SSL_MAC_ADD

#define MBEDTLS_SSL_MAC_ADD   48 /* SHA-384 used for HMAC */

◆ MBEDTLS_SSL_MAX_MAJOR_VERSION

#define MBEDTLS_SSL_MAX_MAJOR_VERSION   MBEDTLS_SSL_MAJOR_VERSION_3

◆ MBEDTLS_SSL_MAX_MINOR_VERSION

#define MBEDTLS_SSL_MAX_MINOR_VERSION   MBEDTLS_SSL_MINOR_VERSION_3

◆ MBEDTLS_SSL_MIN_MAJOR_VERSION

#define MBEDTLS_SSL_MIN_MAJOR_VERSION   MBEDTLS_SSL_MAJOR_VERSION_3

◆ MBEDTLS_SSL_MIN_MINOR_VERSION

#define MBEDTLS_SSL_MIN_MINOR_VERSION   MBEDTLS_SSL_MINOR_VERSION_1

◆ MBEDTLS_SSL_PADDING_ADD

#define MBEDTLS_SSL_PADDING_ADD   256

◆ MBEDTLS_SSL_RENEGOTIATION_DONE

#define MBEDTLS_SSL_RENEGOTIATION_DONE   2 /* Done or aborted */

◆ MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS

#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1 /* In progress */

◆ MBEDTLS_SSL_RENEGOTIATION_PENDING

#define MBEDTLS_SSL_RENEGOTIATION_PENDING   3 /* Requested (server only) */

◆ MBEDTLS_SSL_RETRANS_FINISHED

#define MBEDTLS_SSL_RETRANS_FINISHED   3

◆ MBEDTLS_SSL_RETRANS_PREPARING

#define MBEDTLS_SSL_RETRANS_PREPARING   0

◆ MBEDTLS_SSL_RETRANS_SENDING

#define MBEDTLS_SSL_RETRANS_SENDING   1

◆ MBEDTLS_SSL_RETRANS_WAITING

#define MBEDTLS_SSL_RETRANS_WAITING   2

◆ MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK

#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK   (1 << 1)

◆ MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT

#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT   (1 << 0)

Function Documentation

◆ mbedtls_ssl_check_cert_usage()

int mbedtls_ssl_check_cert_usage ( const mbedtls_x509_crt cert,
const mbedtls_ssl_ciphersuite_t ciphersuite,
int  cert_endpoint,
uint32_t flags 
)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_check_curve()

int mbedtls_ssl_check_curve ( const mbedtls_ssl_context ssl,
mbedtls_ecp_group_id  grp_id 
)
Here is the caller graph for this function:

◆ mbedtls_ssl_check_sig_hash()

int mbedtls_ssl_check_sig_hash ( const mbedtls_ssl_context ssl,
mbedtls_md_type_t  md 
)
Here is the caller graph for this function:

◆ mbedtls_ssl_derive_keys()

int mbedtls_ssl_derive_keys ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_dtls_replay_check()

int mbedtls_ssl_dtls_replay_check ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_dtls_replay_update()

void mbedtls_ssl_dtls_replay_update ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_fetch_input()

int mbedtls_ssl_fetch_input ( mbedtls_ssl_context ssl,
size_t  nb_want 
)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_flush_output()

int mbedtls_ssl_flush_output ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_handle_message_type()

int mbedtls_ssl_handle_message_type ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_handshake_client_step()

int mbedtls_ssl_handshake_client_step ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_handshake_free()

void mbedtls_ssl_handshake_free ( mbedtls_ssl_handshake_params handshake)

Free referenced items in an SSL handshake context and clear memory.

Parameters
handshakeSSL handshake context
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_handshake_server_step()

int mbedtls_ssl_handshake_server_step ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_handshake_wrapup()

void mbedtls_ssl_handshake_wrapup ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_hash_from_md_alg()

unsigned char mbedtls_ssl_hash_from_md_alg ( int  md)
Here is the caller graph for this function:

◆ mbedtls_ssl_hdr_len()

static size_t mbedtls_ssl_hdr_len ( const mbedtls_ssl_context ssl)
inlinestatic
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_hs_hdr_len()

static size_t mbedtls_ssl_hs_hdr_len ( const mbedtls_ssl_context ssl)
inlinestatic
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_md_alg_from_hash()

mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash ( unsigned char  hash)
Here is the caller graph for this function:

◆ mbedtls_ssl_optimize_checksum()

void mbedtls_ssl_optimize_checksum ( mbedtls_ssl_context ssl,
const mbedtls_ssl_ciphersuite_t ciphersuite_info 
)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_own_cert()

static mbedtls_x509_crt* mbedtls_ssl_own_cert ( mbedtls_ssl_context ssl)
inlinestatic
Here is the caller graph for this function:

◆ mbedtls_ssl_own_key()

static mbedtls_pk_context* mbedtls_ssl_own_key ( mbedtls_ssl_context ssl)
inlinestatic
Here is the caller graph for this function:

◆ mbedtls_ssl_parse_certificate()

int mbedtls_ssl_parse_certificate ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_parse_change_cipher_spec()

int mbedtls_ssl_parse_change_cipher_spec ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_parse_finished()

int mbedtls_ssl_parse_finished ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_pk_alg_from_sig()

mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig ( unsigned char  sig)
Here is the caller graph for this function:

◆ mbedtls_ssl_prepare_handshake_record()

int mbedtls_ssl_prepare_handshake_record ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_psk_derive_premaster()

int mbedtls_ssl_psk_derive_premaster ( mbedtls_ssl_context ssl,
mbedtls_key_exchange_type_t  key_ex 
)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_read_record()

int mbedtls_ssl_read_record ( mbedtls_ssl_context ssl)

Update record layer. 

         This function roughly separates the implementation
         of the logic of (D)TLS from the implementation
         of the secure transport.
Parameters
sslSSL context to use
Returns
0 or non-zero error code.
Note
A clarification on what is called 'record layer' here is in order, as many sensible definitions are possible:

The record layer takes as input an untrusted underlying transport (stream or datagram) and transforms it into a serially multiplexed, secure transport, which conceptually provides the following:

(1) Three datagram based, content-agnostic transports for handshake, alert and CCS messages. (2) One stream- or datagram-based transport for application data. (3) Functionality for changing the underlying transform securing the contents.

The interface to this functionality is given as follows:

a Updating [Currently implemented by mbedtls_ssl_read_record]

Check if and on which of the four 'ports' data is pending: Nothing, a controlling datagram of type (1), or application data (2). In any case data is present, internal buffers provide access to the data for the user to process it. Consumption of type (1) datagrams is done automatically on the next update, invalidating that the internal buffers for previous datagrams, while consumption of application data (2) is user-controlled.

b Reading of application data [Currently manual adaption of ssl->in_offt pointer]

As mentioned in the last paragraph, consumption of data is different from the automatic consumption of control datagrams (1) because application data is treated as a stream.

c Tracking availability of application data [Currently manually through decreasing ssl->in_msglen]

For efficiency and to retain datagram semantics for application data in case of DTLS, the record layer provides functionality for checking how much application data is still available in the internal buffer.

d Changing the transformation securing the communication.

Given an opaque implementation of the record layer in the above sense, it should be possible to implement the logic of (D)TLS on top of it without the need to know anything about the record layer's internals. This is done e.g. in all the handshake handling functions, and in the application data reading function mbedtls_ssl_read.

Note
The above tries to give a conceptual picture of the record layer, but the current implementation deviates from it in some places. For example, our implementation of the update functionality through mbedtls_ssl_read_record discards datagrams depending on the current state, which wouldn't fall under the record layer's responsibility following the above definition.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_read_record_layer()

int mbedtls_ssl_read_record_layer ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_read_version()

void mbedtls_ssl_read_version ( int *  major,
int *  minor,
int  transport,
const unsigned char  ver[2] 
)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_recv_flight_completed()

void mbedtls_ssl_recv_flight_completed ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_resend()

int mbedtls_ssl_resend ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_reset_checksum()

void mbedtls_ssl_reset_checksum ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_safer_memcmp()

static int mbedtls_ssl_safer_memcmp ( const void a,
const void b,
size_t  n 
)
inlinestatic
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_send_fatal_handshake_failure()

int mbedtls_ssl_send_fatal_handshake_failure ( mbedtls_ssl_context ssl)
Here is the call graph for this function:

◆ mbedtls_ssl_send_flight_completed()

void mbedtls_ssl_send_flight_completed ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_set_calc_verify_md()

int mbedtls_ssl_set_calc_verify_md ( mbedtls_ssl_context ssl,
int  md 
)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_sig_from_pk()

unsigned char mbedtls_ssl_sig_from_pk ( mbedtls_pk_context pk)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_sig_from_pk_alg()

unsigned char mbedtls_ssl_sig_from_pk_alg ( mbedtls_pk_type_t  type)
Here is the caller graph for this function:

◆ mbedtls_ssl_sig_hash_set_add()

void mbedtls_ssl_sig_hash_set_add ( mbedtls_ssl_sig_hash_set_t set,
mbedtls_pk_type_t  sig_alg,
mbedtls_md_type_t  md_alg 
)
Here is the caller graph for this function:

◆ mbedtls_ssl_sig_hash_set_const_hash()

void mbedtls_ssl_sig_hash_set_const_hash ( mbedtls_ssl_sig_hash_set_t set,
mbedtls_md_type_t  md_alg 
)
Here is the caller graph for this function:

◆ mbedtls_ssl_sig_hash_set_find()

mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find ( mbedtls_ssl_sig_hash_set_t set,
mbedtls_pk_type_t  sig_alg 
)
Here is the caller graph for this function:

◆ mbedtls_ssl_sig_hash_set_init()

static void mbedtls_ssl_sig_hash_set_init ( mbedtls_ssl_sig_hash_set_t set)
inlinestatic
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_transform_free()

void mbedtls_ssl_transform_free ( mbedtls_ssl_transform transform)

Free referenced items in an SSL transform context and clear memory.

Parameters
transformSSL transform context
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_update_handshake_status()

void mbedtls_ssl_update_handshake_status ( mbedtls_ssl_context ssl)
Here is the caller graph for this function:

◆ mbedtls_ssl_write_certificate()

int mbedtls_ssl_write_certificate ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_write_change_cipher_spec()

int mbedtls_ssl_write_change_cipher_spec ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_write_finished()

int mbedtls_ssl_write_finished ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_write_record()

int mbedtls_ssl_write_record ( mbedtls_ssl_context ssl)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mbedtls_ssl_write_version()

void mbedtls_ssl_write_version ( int  major,
int  minor,
int  transport,
unsigned char  ver[2] 
)
Here is the call graph for this function:
Here is the caller graph for this function:
Generated by   doxygen 1.8.15