Add structure representing TLS records

This commit adds a structure `mbedtls_record` whose instances
represent (D)TLS records. This structure will be used in the
subsequent adaptions of the record encryption and decryption
routines `ssl_decrypt_buf` and `ssl_encrypt_buf`, which currently
take the entire SSL context as input, but should only use the
record to be acted on as well as the record transformation to use.
This commit is contained in:
Hanno Becker 2018-01-05 15:42:50 +00:00
parent 34f88afdf1
commit 12a3a86b2d

View file

@ -504,6 +504,42 @@ struct mbedtls_ssl_transform
#endif
};
/*
* Internal representation of record frames
*
* The header layout is chosen to facilitate the computation of
* authentication tags which often use the header bytes laid out
* exactly as in the struct; note that it does not match what's
* transferred on the wire.
*
* Instances come in two flavors:
* (1) Encrypted
* These always have data_offset = 0
* (2) Unencrypted
* These have data_offset set to the length of the
* fixed part of the IV used for encryption.
*
* The reason for the data_offset in the unencrypted case
* is to allow for in-place conversion of an unencrypted to
* an encrypted record. If the offset wasn't included, the
* encrypted content would need to be shifted afterwards to
* make space for the fixed IV.
*
*/
typedef struct
{
uint8_t ctr[8]; /*!< Record sequence number */
uint8_t type; /*!< Record type */
uint8_t ver[2]; /*!< SSL/TLS version */
uint8_t len[2]; /*!< Content length, little endian */
unsigned char *buf; /*!< Memory buffer enclosing the record content */
size_t buf_len; /*!< Buffer length */
size_t data_offset; /*!< Offset of record content */
size_t data_len; /*!< Length of record content */
} mbedtls_record;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/*
* List of certificate + private key pairs