From f2ed4482d75e6390583f110b321a93ac52d90a38 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 29 Apr 2019 13:45:54 +0100 Subject: [PATCH] Add CID field to internal structure representing TLS records This commit adds a static array `cid` to the internal structure `mbedtls_record` representing encrypted and decrypted TLS records. The expected evolution of state of this field is as follows: - When handling an incoming record, the caller of `mbedtls_decrypt_buf()` has to make sure the CID array field in `mbedtls_record` has been properly set. Concretely, it will be copied from the CID from the record header during record parsing. - During decryption in `mbedtls_decrypt_buf()`, the transforms incoming CID is compared to the CID in the `mbedtls_record` structure representing the record to be decrypted. - For an outgoing TLS record, the caller of `mbedtls_encrypt_buf()` clears the CID in the `mbedtls_record` structure. - During encryption in `mbedtls_encrypt_buf()`, the CID field in `mbedtls_record` will be copied from the out-CID in the transform. --- include/mbedtls/ssl_internal.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index e5da547c7..01458c52f 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -645,6 +645,12 @@ struct mbedtls_ssl_transform * make space for the fixed IV. * */ +#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX +#define SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX +#else +#define SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX +#endif + typedef struct { uint8_t ctr[8]; /*!< Record sequence number */ @@ -656,6 +662,11 @@ typedef struct size_t data_offset; /*!< Offset of record content */ size_t data_len; /*!< Length of record content */ +#if defined(MBEDTLS_SSL_CID) + uint8_t cid_len; + unsigned char cid[ SSL_CID_LEN_MAX ]; +#endif /* MBEDTLS_SSL_CID */ + } mbedtls_record; #if defined(MBEDTLS_X509_CRT_PARSE_C)