Version 0.5.0 of tinydtls
Dependents: tinydtls_test_cellular tinydtls_test_ethernet tiny-dtls
crypto.h@1:598a56fe116e, 2014-02-12 (annotated)
- Committer:
- ashleymills
- Date:
- Wed Feb 12 09:30:16 2014 +0000
- Revision:
- 1:598a56fe116e
- Parent:
- 0:ff9ebe0cf0e9
Explicitly removed something instead of relying on MACRO to disable it. Mbed can't use it.
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
ashleymills | 0:ff9ebe0cf0e9 | 1 | /* dtls -- a very basic DTLS implementation |
ashleymills | 0:ff9ebe0cf0e9 | 2 | * |
ashleymills | 0:ff9ebe0cf0e9 | 3 | * Copyright (C) 2011--2012 Olaf Bergmann <bergmann@tzi.org> |
ashleymills | 0:ff9ebe0cf0e9 | 4 | * Copyright (C) 2013 Hauke Mehrtens <hauke@hauke-m.de> |
ashleymills | 0:ff9ebe0cf0e9 | 5 | * |
ashleymills | 0:ff9ebe0cf0e9 | 6 | * Permission is hereby granted, free of charge, to any person |
ashleymills | 0:ff9ebe0cf0e9 | 7 | * obtaining a copy of this software and associated documentation |
ashleymills | 0:ff9ebe0cf0e9 | 8 | * files (the "Software"), to deal in the Software without |
ashleymills | 0:ff9ebe0cf0e9 | 9 | * restriction, including without limitation the rights to use, copy, |
ashleymills | 0:ff9ebe0cf0e9 | 10 | * modify, merge, publish, distribute, sublicense, and/or sell copies |
ashleymills | 0:ff9ebe0cf0e9 | 11 | * of the Software, and to permit persons to whom the Software is |
ashleymills | 0:ff9ebe0cf0e9 | 12 | * furnished to do so, subject to the following conditions: |
ashleymills | 0:ff9ebe0cf0e9 | 13 | * |
ashleymills | 0:ff9ebe0cf0e9 | 14 | * The above copyright notice and this permission notice shall be |
ashleymills | 0:ff9ebe0cf0e9 | 15 | * included in all copies or substantial portions of the Software. |
ashleymills | 0:ff9ebe0cf0e9 | 16 | * |
ashleymills | 0:ff9ebe0cf0e9 | 17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
ashleymills | 0:ff9ebe0cf0e9 | 18 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
ashleymills | 0:ff9ebe0cf0e9 | 19 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
ashleymills | 0:ff9ebe0cf0e9 | 20 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
ashleymills | 0:ff9ebe0cf0e9 | 21 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
ashleymills | 0:ff9ebe0cf0e9 | 22 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
ashleymills | 0:ff9ebe0cf0e9 | 23 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
ashleymills | 0:ff9ebe0cf0e9 | 24 | * SOFTWARE. |
ashleymills | 0:ff9ebe0cf0e9 | 25 | */ |
ashleymills | 0:ff9ebe0cf0e9 | 26 | |
ashleymills | 0:ff9ebe0cf0e9 | 27 | #ifndef _CRYPTO_H_ |
ashleymills | 0:ff9ebe0cf0e9 | 28 | #define _CRYPTO_H_ |
ashleymills | 0:ff9ebe0cf0e9 | 29 | |
ashleymills | 0:ff9ebe0cf0e9 | 30 | #include "config.h" |
ashleymills | 0:ff9ebe0cf0e9 | 31 | |
ashleymills | 0:ff9ebe0cf0e9 | 32 | #include <stdlib.h> /* for rand() and srand() */ |
ashleymills | 0:ff9ebe0cf0e9 | 33 | |
ashleymills | 0:ff9ebe0cf0e9 | 34 | #include "aes/rijndael.h" |
ashleymills | 0:ff9ebe0cf0e9 | 35 | |
ashleymills | 0:ff9ebe0cf0e9 | 36 | #include "prng.h" |
ashleymills | 0:ff9ebe0cf0e9 | 37 | #include "global.h" |
ashleymills | 0:ff9ebe0cf0e9 | 38 | #include "numeric.h" |
ashleymills | 0:ff9ebe0cf0e9 | 39 | #include "hmac.h" |
ashleymills | 0:ff9ebe0cf0e9 | 40 | #include "ccm.h" |
ashleymills | 0:ff9ebe0cf0e9 | 41 | |
ashleymills | 0:ff9ebe0cf0e9 | 42 | /* TLS_PSK_WITH_AES_128_CCM_8 */ |
ashleymills | 0:ff9ebe0cf0e9 | 43 | #define DTLS_MAC_KEY_LENGTH 0 |
ashleymills | 0:ff9ebe0cf0e9 | 44 | #define DTLS_KEY_LENGTH 16 /* AES-128 */ |
ashleymills | 0:ff9ebe0cf0e9 | 45 | #define DTLS_BLK_LENGTH 16 /* AES-128 */ |
ashleymills | 0:ff9ebe0cf0e9 | 46 | #define DTLS_MAC_LENGTH DTLS_HMAC_DIGEST_SIZE |
ashleymills | 0:ff9ebe0cf0e9 | 47 | #define DTLS_IV_LENGTH 4 /* length of nonce_explicit */ |
ashleymills | 0:ff9ebe0cf0e9 | 48 | |
ashleymills | 0:ff9ebe0cf0e9 | 49 | /** |
ashleymills | 0:ff9ebe0cf0e9 | 50 | * Maximum size of the generated keyblock. Note that MAX_KEYBLOCK_LENGTH must |
ashleymills | 0:ff9ebe0cf0e9 | 51 | * be large enough to hold the pre_master_secret, i.e. twice the length of the |
ashleymills | 0:ff9ebe0cf0e9 | 52 | * pre-shared key + 1. |
ashleymills | 0:ff9ebe0cf0e9 | 53 | */ |
ashleymills | 0:ff9ebe0cf0e9 | 54 | #define MAX_KEYBLOCK_LENGTH \ |
ashleymills | 0:ff9ebe0cf0e9 | 55 | (2 * DTLS_MAC_KEY_LENGTH + 2 * DTLS_KEY_LENGTH + 2 * DTLS_IV_LENGTH) |
ashleymills | 0:ff9ebe0cf0e9 | 56 | |
ashleymills | 0:ff9ebe0cf0e9 | 57 | /** Length of DTLS master_secret */ |
ashleymills | 0:ff9ebe0cf0e9 | 58 | #define DTLS_MASTER_SECRET_LENGTH 48 |
ashleymills | 0:ff9ebe0cf0e9 | 59 | #define DTLS_RANDOM_LENGTH 32 |
ashleymills | 0:ff9ebe0cf0e9 | 60 | |
ashleymills | 0:ff9ebe0cf0e9 | 61 | #ifndef DTLS_CIPHER_CONTEXT_MAX |
ashleymills | 0:ff9ebe0cf0e9 | 62 | #define DTLS_CIPHER_CONTEXT_MAX 4 |
ashleymills | 0:ff9ebe0cf0e9 | 63 | #endif |
ashleymills | 0:ff9ebe0cf0e9 | 64 | |
ashleymills | 0:ff9ebe0cf0e9 | 65 | typedef enum { AES128=0 |
ashleymills | 0:ff9ebe0cf0e9 | 66 | } dtls_crypto_alg; |
ashleymills | 0:ff9ebe0cf0e9 | 67 | |
ashleymills | 0:ff9ebe0cf0e9 | 68 | typedef enum { |
ashleymills | 0:ff9ebe0cf0e9 | 69 | DTLS_ECDH_CURVE_SECP256R1 |
ashleymills | 0:ff9ebe0cf0e9 | 70 | } dtls_ecdh_curve; |
ashleymills | 0:ff9ebe0cf0e9 | 71 | |
ashleymills | 0:ff9ebe0cf0e9 | 72 | /** Crypto context for TLS_PSK_WITH_AES_128_CCM_8 cipher suite. */ |
ashleymills | 0:ff9ebe0cf0e9 | 73 | typedef struct { |
ashleymills | 0:ff9ebe0cf0e9 | 74 | rijndael_ctx ctx; /**< AES-128 encryption context */ |
ashleymills | 0:ff9ebe0cf0e9 | 75 | } aes128_ccm_t; |
ashleymills | 0:ff9ebe0cf0e9 | 76 | |
ashleymills | 0:ff9ebe0cf0e9 | 77 | typedef struct dtls_cipher_context_t { |
ashleymills | 0:ff9ebe0cf0e9 | 78 | /** numeric identifier of this cipher suite in host byte order. */ |
ashleymills | 0:ff9ebe0cf0e9 | 79 | aes128_ccm_t data; /**< The crypto context */ |
ashleymills | 0:ff9ebe0cf0e9 | 80 | } dtls_cipher_context_t; |
ashleymills | 0:ff9ebe0cf0e9 | 81 | |
ashleymills | 0:ff9ebe0cf0e9 | 82 | typedef struct { |
ashleymills | 0:ff9ebe0cf0e9 | 83 | uint8 own_eph_priv[32]; |
ashleymills | 0:ff9ebe0cf0e9 | 84 | uint8 other_eph_pub_x[32]; |
ashleymills | 0:ff9ebe0cf0e9 | 85 | uint8 other_eph_pub_y[32]; |
ashleymills | 0:ff9ebe0cf0e9 | 86 | uint8 other_pub_x[32]; |
ashleymills | 0:ff9ebe0cf0e9 | 87 | uint8 other_pub_y[32]; |
ashleymills | 0:ff9ebe0cf0e9 | 88 | } dtls_handshake_parameters_ecdsa_t; |
ashleymills | 0:ff9ebe0cf0e9 | 89 | |
ashleymills | 0:ff9ebe0cf0e9 | 90 | typedef struct { |
ashleymills | 0:ff9ebe0cf0e9 | 91 | uint16_t id_length; |
ashleymills | 0:ff9ebe0cf0e9 | 92 | unsigned char identity[32]; |
ashleymills | 0:ff9ebe0cf0e9 | 93 | } dtls_handshake_parameters_psk_t; |
ashleymills | 0:ff9ebe0cf0e9 | 94 | |
ashleymills | 0:ff9ebe0cf0e9 | 95 | typedef struct { |
ashleymills | 0:ff9ebe0cf0e9 | 96 | dtls_compression_t compression; /**< compression method */ |
ashleymills | 0:ff9ebe0cf0e9 | 97 | |
ashleymills | 0:ff9ebe0cf0e9 | 98 | dtls_cipher_t cipher; /**< cipher type */ |
ashleymills | 0:ff9ebe0cf0e9 | 99 | |
ashleymills | 0:ff9ebe0cf0e9 | 100 | /** |
ashleymills | 0:ff9ebe0cf0e9 | 101 | * The key block generated from PRF applied to client and server |
ashleymills | 0:ff9ebe0cf0e9 | 102 | * random bytes. The actual size is given by the selected cipher and |
ashleymills | 0:ff9ebe0cf0e9 | 103 | * can be calculated using dtls_kb_size(). Use \c dtls_kb_ macros to |
ashleymills | 0:ff9ebe0cf0e9 | 104 | * access the components of the key block. |
ashleymills | 0:ff9ebe0cf0e9 | 105 | */ |
ashleymills | 0:ff9ebe0cf0e9 | 106 | uint8 key_block[MAX_KEYBLOCK_LENGTH]; |
ashleymills | 0:ff9ebe0cf0e9 | 107 | |
ashleymills | 0:ff9ebe0cf0e9 | 108 | dtls_cipher_context_t *read_cipher; /**< decryption context */ |
ashleymills | 0:ff9ebe0cf0e9 | 109 | dtls_cipher_context_t *write_cipher; /**< encryption context */ |
ashleymills | 0:ff9ebe0cf0e9 | 110 | } dtls_security_parameters_t; |
ashleymills | 0:ff9ebe0cf0e9 | 111 | |
ashleymills | 0:ff9ebe0cf0e9 | 112 | typedef struct { |
ashleymills | 0:ff9ebe0cf0e9 | 113 | union { |
ashleymills | 0:ff9ebe0cf0e9 | 114 | struct random_t { |
ashleymills | 0:ff9ebe0cf0e9 | 115 | uint8 client[DTLS_RANDOM_LENGTH]; /**< client random gmt and bytes */ |
ashleymills | 0:ff9ebe0cf0e9 | 116 | uint8 server[DTLS_RANDOM_LENGTH]; /**< server random gmt and bytes */ |
ashleymills | 0:ff9ebe0cf0e9 | 117 | } random; |
ashleymills | 0:ff9ebe0cf0e9 | 118 | /** the session's master secret */ |
ashleymills | 0:ff9ebe0cf0e9 | 119 | uint8 master_secret[DTLS_MASTER_SECRET_LENGTH]; |
ashleymills | 0:ff9ebe0cf0e9 | 120 | } tmp; |
ashleymills | 0:ff9ebe0cf0e9 | 121 | |
ashleymills | 0:ff9ebe0cf0e9 | 122 | dtls_compression_t compression; /**< compression method */ |
ashleymills | 0:ff9ebe0cf0e9 | 123 | dtls_cipher_t cipher; /**< cipher type */ |
ashleymills | 0:ff9ebe0cf0e9 | 124 | unsigned int do_client_auth:1; |
ashleymills | 0:ff9ebe0cf0e9 | 125 | union { |
ashleymills | 0:ff9ebe0cf0e9 | 126 | dtls_handshake_parameters_ecdsa_t ecdsa; |
ashleymills | 0:ff9ebe0cf0e9 | 127 | dtls_handshake_parameters_psk_t psk; |
ashleymills | 0:ff9ebe0cf0e9 | 128 | } keyx; |
ashleymills | 0:ff9ebe0cf0e9 | 129 | } dtls_handshake_parameters_t; |
ashleymills | 0:ff9ebe0cf0e9 | 130 | |
ashleymills | 0:ff9ebe0cf0e9 | 131 | /* The following macros provide access to the components of the |
ashleymills | 0:ff9ebe0cf0e9 | 132 | * key_block in the security parameters. */ |
ashleymills | 0:ff9ebe0cf0e9 | 133 | |
ashleymills | 0:ff9ebe0cf0e9 | 134 | #define dtls_kb_client_mac_secret(Param, Role) ((Param)->key_block) |
ashleymills | 0:ff9ebe0cf0e9 | 135 | #define dtls_kb_server_mac_secret(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 136 | (dtls_kb_client_mac_secret(Param, Role) + DTLS_MAC_KEY_LENGTH) |
ashleymills | 0:ff9ebe0cf0e9 | 137 | #define dtls_kb_remote_mac_secret(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 138 | ((Role) == DTLS_SERVER \ |
ashleymills | 0:ff9ebe0cf0e9 | 139 | ? dtls_kb_client_mac_secret(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 140 | : dtls_kb_server_mac_secret(Param, Role)) |
ashleymills | 0:ff9ebe0cf0e9 | 141 | #define dtls_kb_local_mac_secret(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 142 | ((Role) == DTLS_CLIENT \ |
ashleymills | 0:ff9ebe0cf0e9 | 143 | ? dtls_kb_client_mac_secret(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 144 | : dtls_kb_server_mac_secret(Param, Role)) |
ashleymills | 0:ff9ebe0cf0e9 | 145 | #define dtls_kb_mac_secret_size(Param, Role) DTLS_MAC_KEY_LENGTH |
ashleymills | 0:ff9ebe0cf0e9 | 146 | #define dtls_kb_client_write_key(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 147 | (dtls_kb_server_mac_secret(Param, Role) + DTLS_MAC_KEY_LENGTH) |
ashleymills | 0:ff9ebe0cf0e9 | 148 | #define dtls_kb_server_write_key(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 149 | (dtls_kb_client_write_key(Param, Role) + DTLS_KEY_LENGTH) |
ashleymills | 0:ff9ebe0cf0e9 | 150 | #define dtls_kb_remote_write_key(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 151 | ((Role) == DTLS_SERVER \ |
ashleymills | 0:ff9ebe0cf0e9 | 152 | ? dtls_kb_client_write_key(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 153 | : dtls_kb_server_write_key(Param, Role)) |
ashleymills | 0:ff9ebe0cf0e9 | 154 | #define dtls_kb_local_write_key(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 155 | ((Role) == DTLS_CLIENT \ |
ashleymills | 0:ff9ebe0cf0e9 | 156 | ? dtls_kb_client_write_key(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 157 | : dtls_kb_server_write_key(Param, Role)) |
ashleymills | 0:ff9ebe0cf0e9 | 158 | #define dtls_kb_key_size(Param, Role) DTLS_KEY_LENGTH |
ashleymills | 0:ff9ebe0cf0e9 | 159 | #define dtls_kb_client_iv(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 160 | (dtls_kb_server_write_key(Param, Role) + DTLS_KEY_LENGTH) |
ashleymills | 0:ff9ebe0cf0e9 | 161 | #define dtls_kb_server_iv(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 162 | (dtls_kb_client_iv(Param, Role) + DTLS_IV_LENGTH) |
ashleymills | 0:ff9ebe0cf0e9 | 163 | #define dtls_kb_remote_iv(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 164 | ((Role) == DTLS_SERVER \ |
ashleymills | 0:ff9ebe0cf0e9 | 165 | ? dtls_kb_client_iv(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 166 | : dtls_kb_server_iv(Param, Role)) |
ashleymills | 0:ff9ebe0cf0e9 | 167 | #define dtls_kb_local_iv(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 168 | ((Role) == DTLS_CLIENT \ |
ashleymills | 0:ff9ebe0cf0e9 | 169 | ? dtls_kb_client_iv(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 170 | : dtls_kb_server_iv(Param, Role)) |
ashleymills | 0:ff9ebe0cf0e9 | 171 | #define dtls_kb_iv_size(Param, Role) DTLS_IV_LENGTH |
ashleymills | 0:ff9ebe0cf0e9 | 172 | |
ashleymills | 0:ff9ebe0cf0e9 | 173 | #define dtls_kb_size(Param, Role) \ |
ashleymills | 0:ff9ebe0cf0e9 | 174 | (2 * (dtls_kb_mac_secret_size(Param, Role) + \ |
ashleymills | 0:ff9ebe0cf0e9 | 175 | dtls_kb_key_size(Param, Role) + dtls_kb_iv_size(Param, Role))) |
ashleymills | 0:ff9ebe0cf0e9 | 176 | |
ashleymills | 0:ff9ebe0cf0e9 | 177 | /* just for consistency */ |
ashleymills | 0:ff9ebe0cf0e9 | 178 | #define dtls_kb_digest_size(Param, Role) DTLS_MAC_LENGTH |
ashleymills | 0:ff9ebe0cf0e9 | 179 | |
ashleymills | 0:ff9ebe0cf0e9 | 180 | void crypto_init(); |
ashleymills | 0:ff9ebe0cf0e9 | 181 | |
ashleymills | 0:ff9ebe0cf0e9 | 182 | /** |
ashleymills | 0:ff9ebe0cf0e9 | 183 | * Expands the secret and key to a block of DTLS_HMAC_MAX |
ashleymills | 0:ff9ebe0cf0e9 | 184 | * size according to the algorithm specified in section 5 of |
ashleymills | 0:ff9ebe0cf0e9 | 185 | * RFC 4346. |
ashleymills | 0:ff9ebe0cf0e9 | 186 | * |
ashleymills | 0:ff9ebe0cf0e9 | 187 | * \param h Identifier of the hash function to use. |
ashleymills | 0:ff9ebe0cf0e9 | 188 | * \param key The secret. |
ashleymills | 0:ff9ebe0cf0e9 | 189 | * \param keylen Length of \p key. |
ashleymills | 0:ff9ebe0cf0e9 | 190 | * \param seed The seed. |
ashleymills | 0:ff9ebe0cf0e9 | 191 | * \param seedlen Length of \p seed. |
ashleymills | 0:ff9ebe0cf0e9 | 192 | * \param buf Output buffer where the result is XORed into |
ashleymills | 0:ff9ebe0cf0e9 | 193 | * The buffe must be capable to hold at least |
ashleymills | 0:ff9ebe0cf0e9 | 194 | * \p buflen bytes. |
ashleymills | 0:ff9ebe0cf0e9 | 195 | * \return The actual number of bytes written to \p buf or 0 |
ashleymills | 0:ff9ebe0cf0e9 | 196 | * on error. |
ashleymills | 0:ff9ebe0cf0e9 | 197 | */ |
ashleymills | 0:ff9ebe0cf0e9 | 198 | size_t dtls_p_hash(dtls_hashfunc_t h, |
ashleymills | 0:ff9ebe0cf0e9 | 199 | const unsigned char *key, size_t keylen, |
ashleymills | 0:ff9ebe0cf0e9 | 200 | const unsigned char *label, size_t labellen, |
ashleymills | 0:ff9ebe0cf0e9 | 201 | const unsigned char *random1, size_t random1len, |
ashleymills | 0:ff9ebe0cf0e9 | 202 | const unsigned char *random2, size_t random2len, |
ashleymills | 0:ff9ebe0cf0e9 | 203 | unsigned char *buf, size_t buflen); |
ashleymills | 0:ff9ebe0cf0e9 | 204 | |
ashleymills | 0:ff9ebe0cf0e9 | 205 | /** |
ashleymills | 0:ff9ebe0cf0e9 | 206 | * This function implements the TLS PRF for DTLS_VERSION. For version |
ashleymills | 0:ff9ebe0cf0e9 | 207 | * 1.0, the PRF is P_MD5 ^ P_SHA1 while version 1.2 uses |
ashleymills | 0:ff9ebe0cf0e9 | 208 | * P_SHA256. Currently, the actual PRF is selected at compile time. |
ashleymills | 0:ff9ebe0cf0e9 | 209 | */ |
ashleymills | 0:ff9ebe0cf0e9 | 210 | size_t dtls_prf(const unsigned char *key, size_t keylen, |
ashleymills | 0:ff9ebe0cf0e9 | 211 | const unsigned char *label, size_t labellen, |
ashleymills | 0:ff9ebe0cf0e9 | 212 | const unsigned char *random1, size_t random1len, |
ashleymills | 0:ff9ebe0cf0e9 | 213 | const unsigned char *random2, size_t random2len, |
ashleymills | 0:ff9ebe0cf0e9 | 214 | unsigned char *buf, size_t buflen); |
ashleymills | 0:ff9ebe0cf0e9 | 215 | |
ashleymills | 0:ff9ebe0cf0e9 | 216 | /** |
ashleymills | 0:ff9ebe0cf0e9 | 217 | * Calculates MAC for record + cleartext packet and places the result |
ashleymills | 0:ff9ebe0cf0e9 | 218 | * in \p buf. The given \p hmac_ctx must be initialized with the HMAC |
ashleymills | 0:ff9ebe0cf0e9 | 219 | * function to use and the proper secret. As the DTLS mac calculation |
ashleymills | 0:ff9ebe0cf0e9 | 220 | * requires data from the record header, \p record must point to a |
ashleymills | 0:ff9ebe0cf0e9 | 221 | * buffer of at least \c sizeof(dtls_record_header_t) bytes. Usually, |
ashleymills | 0:ff9ebe0cf0e9 | 222 | * the remaining packet will be encrypted, therefore, the cleartext |
ashleymills | 0:ff9ebe0cf0e9 | 223 | * is passed separately in \p packet. |
ashleymills | 0:ff9ebe0cf0e9 | 224 | * |
ashleymills | 0:ff9ebe0cf0e9 | 225 | * \param hmac_ctx The HMAC context to use for MAC calculation. |
ashleymills | 0:ff9ebe0cf0e9 | 226 | * \param record The record header. |
ashleymills | 0:ff9ebe0cf0e9 | 227 | * \param packet Cleartext payload to apply the MAC to. |
ashleymills | 0:ff9ebe0cf0e9 | 228 | * \param length Size of \p packet. |
ashleymills | 0:ff9ebe0cf0e9 | 229 | * \param buf A result buffer that is large enough to hold |
ashleymills | 0:ff9ebe0cf0e9 | 230 | * the generated digest. |
ashleymills | 0:ff9ebe0cf0e9 | 231 | */ |
ashleymills | 0:ff9ebe0cf0e9 | 232 | void dtls_mac(dtls_hmac_context_t *hmac_ctx, |
ashleymills | 0:ff9ebe0cf0e9 | 233 | const unsigned char *record, |
ashleymills | 0:ff9ebe0cf0e9 | 234 | const unsigned char *packet, size_t length, |
ashleymills | 0:ff9ebe0cf0e9 | 235 | unsigned char *buf); |
ashleymills | 0:ff9ebe0cf0e9 | 236 | |
ashleymills | 0:ff9ebe0cf0e9 | 237 | /** |
ashleymills | 0:ff9ebe0cf0e9 | 238 | * Encrypts the specified \p src of given \p length, writing the |
ashleymills | 0:ff9ebe0cf0e9 | 239 | * result to \p buf. The cipher implementation may add more data to |
ashleymills | 0:ff9ebe0cf0e9 | 240 | * the result buffer such as an initialization vector or padding |
ashleymills | 0:ff9ebe0cf0e9 | 241 | * (e.g. for block cipers in CBC mode). The caller therefore must |
ashleymills | 0:ff9ebe0cf0e9 | 242 | * ensure that \p buf provides sufficient storage to hold the result. |
ashleymills | 0:ff9ebe0cf0e9 | 243 | * Usually this means ( 2 + \p length / blocksize ) * blocksize. The |
ashleymills | 0:ff9ebe0cf0e9 | 244 | * function returns a value less than zero on error or otherwise the |
ashleymills | 0:ff9ebe0cf0e9 | 245 | * number of bytes written. |
ashleymills | 0:ff9ebe0cf0e9 | 246 | * |
ashleymills | 0:ff9ebe0cf0e9 | 247 | * \param ctx The cipher context to use. |
ashleymills | 0:ff9ebe0cf0e9 | 248 | * \param src The data to encrypt. |
ashleymills | 0:ff9ebe0cf0e9 | 249 | * \param length The actual size of of \p src. |
ashleymills | 0:ff9ebe0cf0e9 | 250 | * \param buf The result buffer. \p src and \p buf must not |
ashleymills | 0:ff9ebe0cf0e9 | 251 | * overlap. |
ashleymills | 0:ff9ebe0cf0e9 | 252 | * \param aad additional data for AEAD ciphers |
ashleymills | 0:ff9ebe0cf0e9 | 253 | * \param aad_length actual size of @p aad |
ashleymills | 0:ff9ebe0cf0e9 | 254 | * \return The number of encrypted bytes on success, less than zero |
ashleymills | 0:ff9ebe0cf0e9 | 255 | * otherwise. |
ashleymills | 0:ff9ebe0cf0e9 | 256 | */ |
ashleymills | 0:ff9ebe0cf0e9 | 257 | int dtls_encrypt(dtls_cipher_context_t *ctx, |
ashleymills | 0:ff9ebe0cf0e9 | 258 | const unsigned char *src, size_t length, |
ashleymills | 0:ff9ebe0cf0e9 | 259 | unsigned char *buf, |
ashleymills | 0:ff9ebe0cf0e9 | 260 | unsigned char *nounce, |
ashleymills | 0:ff9ebe0cf0e9 | 261 | const unsigned char *aad, size_t aad_length); |
ashleymills | 0:ff9ebe0cf0e9 | 262 | |
ashleymills | 0:ff9ebe0cf0e9 | 263 | /** |
ashleymills | 0:ff9ebe0cf0e9 | 264 | * Decrypts the given buffer \p src of given \p length, writing the |
ashleymills | 0:ff9ebe0cf0e9 | 265 | * result to \p buf. The function returns \c -1 in case of an error, |
ashleymills | 0:ff9ebe0cf0e9 | 266 | * or the number of bytes written. Note that for block ciphers, \p |
ashleymills | 0:ff9ebe0cf0e9 | 267 | * length must be a multiple of the cipher's block size. A return |
ashleymills | 0:ff9ebe0cf0e9 | 268 | * value between \c 0 and the actual length indicates that only \c n-1 |
ashleymills | 0:ff9ebe0cf0e9 | 269 | * block have been processed. Unlike dtls_encrypt(), the source |
ashleymills | 0:ff9ebe0cf0e9 | 270 | * and destination of dtls_decrypt() may overlap. |
ashleymills | 0:ff9ebe0cf0e9 | 271 | * |
ashleymills | 0:ff9ebe0cf0e9 | 272 | * \param ctx The cipher context to use. |
ashleymills | 0:ff9ebe0cf0e9 | 273 | * \param src The buffer to decrypt. |
ashleymills | 0:ff9ebe0cf0e9 | 274 | * \param length The length of the input buffer. |
ashleymills | 0:ff9ebe0cf0e9 | 275 | * \param buf The result buffer. |
ashleymills | 0:ff9ebe0cf0e9 | 276 | * \param aad additional authentication data for AEAD ciphers |
ashleymills | 0:ff9ebe0cf0e9 | 277 | * \param aad_length actual size of @p aad |
ashleymills | 0:ff9ebe0cf0e9 | 278 | * \return Less than zero on error, the number of decrypted bytes |
ashleymills | 0:ff9ebe0cf0e9 | 279 | * otherwise. |
ashleymills | 0:ff9ebe0cf0e9 | 280 | */ |
ashleymills | 0:ff9ebe0cf0e9 | 281 | int dtls_decrypt(dtls_cipher_context_t *ctx, |
ashleymills | 0:ff9ebe0cf0e9 | 282 | const unsigned char *src, size_t length, |
ashleymills | 0:ff9ebe0cf0e9 | 283 | unsigned char *buf, |
ashleymills | 0:ff9ebe0cf0e9 | 284 | unsigned char *nounce, |
ashleymills | 0:ff9ebe0cf0e9 | 285 | const unsigned char *a_data, size_t a_data_length); |
ashleymills | 0:ff9ebe0cf0e9 | 286 | |
ashleymills | 0:ff9ebe0cf0e9 | 287 | /* helper functions */ |
ashleymills | 0:ff9ebe0cf0e9 | 288 | |
ashleymills | 0:ff9ebe0cf0e9 | 289 | /** |
ashleymills | 0:ff9ebe0cf0e9 | 290 | * Generates pre_master_sercet from given PSK and fills the result |
ashleymills | 0:ff9ebe0cf0e9 | 291 | * according to the "plain PSK" case in section 2 of RFC 4279. |
ashleymills | 0:ff9ebe0cf0e9 | 292 | * Diffie-Hellman and RSA key exchange are currently not supported. |
ashleymills | 0:ff9ebe0cf0e9 | 293 | * |
ashleymills | 0:ff9ebe0cf0e9 | 294 | * @param key The shared key. |
ashleymills | 0:ff9ebe0cf0e9 | 295 | * @param keylen Length of @p key in bytes. |
ashleymills | 0:ff9ebe0cf0e9 | 296 | * @param result The derived pre master secret. |
ashleymills | 0:ff9ebe0cf0e9 | 297 | * @return The actual length of @p result. |
ashleymills | 0:ff9ebe0cf0e9 | 298 | */ |
ashleymills | 0:ff9ebe0cf0e9 | 299 | size_t dtls_psk_pre_master_secret(unsigned char *key, size_t keylen, |
ashleymills | 0:ff9ebe0cf0e9 | 300 | unsigned char *result); |
ashleymills | 0:ff9ebe0cf0e9 | 301 | |
ashleymills | 0:ff9ebe0cf0e9 | 302 | #define DTLS_EC_KEY_SIZE 32 |
ashleymills | 0:ff9ebe0cf0e9 | 303 | |
ashleymills | 0:ff9ebe0cf0e9 | 304 | size_t dtls_ecdh_pre_master_secret(unsigned char *priv_key, |
ashleymills | 0:ff9ebe0cf0e9 | 305 | unsigned char *pub_key_x, |
ashleymills | 0:ff9ebe0cf0e9 | 306 | unsigned char *pub_key_y, |
ashleymills | 0:ff9ebe0cf0e9 | 307 | size_t key_size, |
ashleymills | 0:ff9ebe0cf0e9 | 308 | unsigned char *result); |
ashleymills | 0:ff9ebe0cf0e9 | 309 | |
ashleymills | 0:ff9ebe0cf0e9 | 310 | void dtls_ecdsa_generate_key(unsigned char *priv_key, |
ashleymills | 0:ff9ebe0cf0e9 | 311 | unsigned char *pub_key_x, |
ashleymills | 0:ff9ebe0cf0e9 | 312 | unsigned char *pub_key_y, |
ashleymills | 0:ff9ebe0cf0e9 | 313 | size_t key_size); |
ashleymills | 0:ff9ebe0cf0e9 | 314 | |
ashleymills | 0:ff9ebe0cf0e9 | 315 | void dtls_ecdsa_create_sig_hash(const unsigned char *priv_key, size_t key_size, |
ashleymills | 0:ff9ebe0cf0e9 | 316 | const unsigned char *sign_hash, size_t sign_hash_size, |
ashleymills | 0:ff9ebe0cf0e9 | 317 | uint32_t point_r[9], uint32_t point_s[9]); |
ashleymills | 0:ff9ebe0cf0e9 | 318 | |
ashleymills | 0:ff9ebe0cf0e9 | 319 | void dtls_ecdsa_create_sig(const unsigned char *priv_key, size_t key_size, |
ashleymills | 0:ff9ebe0cf0e9 | 320 | const unsigned char *client_random, size_t client_random_size, |
ashleymills | 0:ff9ebe0cf0e9 | 321 | const unsigned char *server_random, size_t server_random_size, |
ashleymills | 0:ff9ebe0cf0e9 | 322 | const unsigned char *keyx_params, size_t keyx_params_size, |
ashleymills | 0:ff9ebe0cf0e9 | 323 | uint32_t point_r[9], uint32_t point_s[9]); |
ashleymills | 0:ff9ebe0cf0e9 | 324 | |
ashleymills | 0:ff9ebe0cf0e9 | 325 | int dtls_ecdsa_verify_sig_hash(const unsigned char *pub_key_x, |
ashleymills | 0:ff9ebe0cf0e9 | 326 | const unsigned char *pub_key_y, size_t key_size, |
ashleymills | 0:ff9ebe0cf0e9 | 327 | const unsigned char *sign_hash, size_t sign_hash_size, |
ashleymills | 0:ff9ebe0cf0e9 | 328 | unsigned char *result_r, unsigned char *result_s); |
ashleymills | 0:ff9ebe0cf0e9 | 329 | |
ashleymills | 0:ff9ebe0cf0e9 | 330 | int dtls_ecdsa_verify_sig(const unsigned char *pub_key_x, |
ashleymills | 0:ff9ebe0cf0e9 | 331 | const unsigned char *pub_key_y, size_t key_size, |
ashleymills | 0:ff9ebe0cf0e9 | 332 | const unsigned char *client_random, size_t client_random_size, |
ashleymills | 0:ff9ebe0cf0e9 | 333 | const unsigned char *server_random, size_t server_random_size, |
ashleymills | 0:ff9ebe0cf0e9 | 334 | const unsigned char *keyx_params, size_t keyx_params_size, |
ashleymills | 0:ff9ebe0cf0e9 | 335 | unsigned char *result_r, unsigned char *result_s); |
ashleymills | 0:ff9ebe0cf0e9 | 336 | |
ashleymills | 0:ff9ebe0cf0e9 | 337 | int dtls_ec_key_from_uint32_asn1(const uint32_t *key, size_t key_size, |
ashleymills | 0:ff9ebe0cf0e9 | 338 | unsigned char *buf); |
ashleymills | 0:ff9ebe0cf0e9 | 339 | |
ashleymills | 0:ff9ebe0cf0e9 | 340 | /** |
ashleymills | 0:ff9ebe0cf0e9 | 341 | * Creates a new dtls_cipher_context_t object for given @c cipher. |
ashleymills | 0:ff9ebe0cf0e9 | 342 | * The storage allocated for this object must be released using |
ashleymills | 0:ff9ebe0cf0e9 | 343 | * dtls_cipher_free(). |
ashleymills | 0:ff9ebe0cf0e9 | 344 | * |
ashleymills | 0:ff9ebe0cf0e9 | 345 | * @param code Code of the requested cipher (host byte order) |
ashleymills | 0:ff9ebe0cf0e9 | 346 | * @param key The encryption and decryption key. |
ashleymills | 0:ff9ebe0cf0e9 | 347 | * @param keylen Actual length of @p key. |
ashleymills | 0:ff9ebe0cf0e9 | 348 | * @return A new dtls_cipher_context_t object or @c NULL in case |
ashleymills | 0:ff9ebe0cf0e9 | 349 | * something went wrong (e.g. insufficient memory or wrong |
ashleymills | 0:ff9ebe0cf0e9 | 350 | * key length) |
ashleymills | 0:ff9ebe0cf0e9 | 351 | */ |
ashleymills | 0:ff9ebe0cf0e9 | 352 | dtls_cipher_context_t *dtls_cipher_new(dtls_cipher_t code, |
ashleymills | 0:ff9ebe0cf0e9 | 353 | unsigned char *key, size_t keylen); |
ashleymills | 0:ff9ebe0cf0e9 | 354 | |
ashleymills | 0:ff9ebe0cf0e9 | 355 | /** |
ashleymills | 0:ff9ebe0cf0e9 | 356 | * Releases the storage allocated by dtls_cipher_new() for @p cipher_context |
ashleymills | 0:ff9ebe0cf0e9 | 357 | */ |
ashleymills | 0:ff9ebe0cf0e9 | 358 | void dtls_cipher_free(dtls_cipher_context_t *cipher_context); |
ashleymills | 0:ff9ebe0cf0e9 | 359 | |
ashleymills | 0:ff9ebe0cf0e9 | 360 | #endif /* _CRYPTO_H_ */ |
ashleymills | 0:ff9ebe0cf0e9 | 361 |