|
tinydtls
0.8.1
|
|
tinydtls
0.8.1
|
#include <stdio.h>#include "tinydtls.h"#include "dtls_config.h"#include <assert.h>#include "global.h"#include "debug.h"#include "numeric.h"#include "dtls.h"#include "crypto.h"#include "ccm.h"#include "ecc/ecc.h"#include "prng.h"#include "netq.h"#include <pthread.h>Go to the source code of this file.
Macros | |
| #define | HMAC_UPDATE_SEED(Context, Seed, Length) if (Seed) dtls_hmac_update(Context, (Seed), (Length)) |
Functions | |
| static struct dtls_cipher_context_t * | dtls_cipher_context_get (void) |
| static void | dtls_cipher_context_release (void) |
| void | crypto_init () |
| static dtls_handshake_parameters_t * | dtls_handshake_malloc () |
| static void | dtls_handshake_dealloc (dtls_handshake_parameters_t *handshake) |
| static dtls_security_parameters_t * | dtls_security_malloc () |
| static void | dtls_security_dealloc (dtls_security_parameters_t *security) |
| dtls_handshake_parameters_t * | dtls_handshake_new () |
| void | dtls_handshake_free (dtls_handshake_parameters_t *handshake) |
| dtls_security_parameters_t * | dtls_security_new () |
| void | dtls_security_free (dtls_security_parameters_t *security) |
| size_t | dtls_p_hash (dtls_hashfunc_t h, const unsigned char *key, size_t keylen, const unsigned char *label, size_t labellen, const unsigned char *random1, size_t random1len, const unsigned char *random2, size_t random2len, unsigned char *buf, size_t buflen) |
| size_t | dtls_prf (const unsigned char *key, size_t keylen, const unsigned char *label, size_t labellen, const unsigned char *random1, size_t random1len, const unsigned char *random2, size_t random2len, unsigned char *buf, size_t buflen) |
| void | dtls_mac (dtls_hmac_context_t *hmac_ctx, const unsigned char *record, const unsigned char *packet, size_t length, unsigned char *buf) |
| static size_t | dtls_ccm_encrypt (aes128_ccm_t *ccm_ctx, const unsigned char *src, size_t srclen, unsigned char *buf, unsigned char *nounce, const unsigned char *aad, size_t la) |
| static size_t | dtls_ccm_decrypt (aes128_ccm_t *ccm_ctx, const unsigned char *src, size_t srclen, unsigned char *buf, unsigned char *nounce, const unsigned char *aad, size_t la) |
| int | dtls_psk_pre_master_secret (unsigned char *key, size_t keylen, unsigned char *result, size_t result_len) |
| static void | dtls_ec_key_to_uint32 (const unsigned char *key, size_t key_size, uint32_t *result) |
| static void | dtls_ec_key_from_uint32 (const uint32_t *key, size_t key_size, unsigned char *result) |
| int | dtls_ec_key_from_uint32_asn1 (const uint32_t *key, size_t key_size, unsigned char *buf) |
| int | dtls_ecdh_pre_master_secret (unsigned char *priv_key, unsigned char *pub_key_x, unsigned char *pub_key_y, size_t key_size, unsigned char *result, size_t result_len) |
| void | dtls_ecdsa_generate_key (unsigned char *priv_key, unsigned char *pub_key_x, unsigned char *pub_key_y, size_t key_size) |
| void | dtls_ecdsa_create_sig_hash (const unsigned char *priv_key, size_t key_size, const unsigned char *sign_hash, size_t sign_hash_size, uint32_t point_r[9], uint32_t point_s[9]) |
| void | dtls_ecdsa_create_sig (const unsigned char *priv_key, size_t key_size, const unsigned char *client_random, size_t client_random_size, const unsigned char *server_random, size_t server_random_size, const unsigned char *keyx_params, size_t keyx_params_size, uint32_t point_r[9], uint32_t point_s[9]) |
| int | dtls_ecdsa_verify_sig_hash (const unsigned char *pub_key_x, const unsigned char *pub_key_y, size_t key_size, const unsigned char *sign_hash, size_t sign_hash_size, unsigned char *result_r, unsigned char *result_s) |
| int | dtls_ecdsa_verify_sig (const unsigned char *pub_key_x, const unsigned char *pub_key_y, size_t key_size, const unsigned char *client_random, size_t client_random_size, const unsigned char *server_random, size_t server_random_size, const unsigned char *keyx_params, size_t keyx_params_size, unsigned char *result_r, unsigned char *result_s) |
| int | dtls_encrypt (const unsigned char *src, size_t length, unsigned char *buf, unsigned char *nounce, unsigned char *key, size_t keylen, const unsigned char *aad, size_t la) |
| int | dtls_decrypt (const unsigned char *src, size_t length, unsigned char *buf, unsigned char *nounce, unsigned char *key, size_t keylen, const unsigned char *aad, size_t la) |
Variables | |
| static struct dtls_cipher_context_t | cipher_context |
| static pthread_mutex_t | cipher_context_mutex = PTHREAD_MUTEX_INITIALIZER |
| #define HMAC_UPDATE_SEED | ( | Context, | |
| Seed, | |||
| Length | |||
| ) | if (Seed) dtls_hmac_update(Context, (Seed), (Length)) |
|
static |
|
static |
|
static |
| int dtls_decrypt | ( | const unsigned char * | src, |
| size_t | length, | ||
| unsigned char * | buf, | ||
| unsigned char * | nounce, | ||
| unsigned char * | key, | ||
| size_t | keylen, | ||
| const unsigned char * | a_data, | ||
| size_t | a_data_length | ||
| ) |
Decrypts the given buffer src of given length, writing the result to buf. The function returns -1 in case of an error, or the number of bytes written. Note that for block ciphers, length must be a multiple of the cipher's block size. A return value between 0 and the actual length indicates that only n-1 block have been processed. Unlike dtls_encrypt(), the source and destination of dtls_decrypt() may overlap.
| ctx | The cipher context to use. |
| src | The buffer to decrypt. |
| length | The length of the input buffer. |
| buf | The result buffer. |
| aad | additional authentication data for AEAD ciphers |
| aad_length | actual size of aad |
|
static |
| int dtls_ec_key_from_uint32_asn1 | ( | const uint32_t * | key, |
| size_t | key_size, | ||
| unsigned char * | buf | ||
| ) |
|
static |
| int dtls_ecdh_pre_master_secret | ( | unsigned char * | priv_key, |
| unsigned char * | pub_key_x, | ||
| unsigned char * | pub_key_y, | ||
| size_t | key_size, | ||
| unsigned char * | result, | ||
| size_t | result_len | ||
| ) |
| void dtls_ecdsa_create_sig | ( | const unsigned char * | priv_key, |
| size_t | key_size, | ||
| const unsigned char * | client_random, | ||
| size_t | client_random_size, | ||
| const unsigned char * | server_random, | ||
| size_t | server_random_size, | ||
| const unsigned char * | keyx_params, | ||
| size_t | keyx_params_size, | ||
| uint32_t | point_r[9], | ||
| uint32_t | point_s[9] | ||
| ) |
| void dtls_ecdsa_create_sig_hash | ( | const unsigned char * | priv_key, |
| size_t | key_size, | ||
| const unsigned char * | sign_hash, | ||
| size_t | sign_hash_size, | ||
| uint32_t | point_r[9], | ||
| uint32_t | point_s[9] | ||
| ) |
| void dtls_ecdsa_generate_key | ( | unsigned char * | priv_key, |
| unsigned char * | pub_key_x, | ||
| unsigned char * | pub_key_y, | ||
| size_t | key_size | ||
| ) |
| int dtls_ecdsa_verify_sig | ( | const unsigned char * | pub_key_x, |
| const unsigned char * | pub_key_y, | ||
| size_t | key_size, | ||
| const unsigned char * | client_random, | ||
| size_t | client_random_size, | ||
| const unsigned char * | server_random, | ||
| size_t | server_random_size, | ||
| const unsigned char * | keyx_params, | ||
| size_t | keyx_params_size, | ||
| unsigned char * | result_r, | ||
| unsigned char * | result_s | ||
| ) |
| int dtls_ecdsa_verify_sig_hash | ( | const unsigned char * | pub_key_x, |
| const unsigned char * | pub_key_y, | ||
| size_t | key_size, | ||
| const unsigned char * | sign_hash, | ||
| size_t | sign_hash_size, | ||
| unsigned char * | result_r, | ||
| unsigned char * | result_s | ||
| ) |
| int dtls_encrypt | ( | const unsigned char * | src, |
| size_t | length, | ||
| unsigned char * | buf, | ||
| unsigned char * | nounce, | ||
| unsigned char * | key, | ||
| size_t | keylen, | ||
| const unsigned char * | aad, | ||
| size_t | aad_length | ||
| ) |
Encrypts the specified src of given length, writing the result to buf. The cipher implementation may add more data to the result buffer such as an initialization vector or padding (e.g. for block cipers in CBC mode). The caller therefore must ensure that buf provides sufficient storage to hold the result. Usually this means ( 2 + length / blocksize ) * blocksize. The function returns a value less than zero on error or otherwise the number of bytes written.
| ctx | The cipher context to use. |
| src | The data to encrypt. |
| length | The actual size of of src. |
| buf | The result buffer. src and buf must not overlap. |
| aad | additional data for AEAD ciphers |
| aad_length | actual size of aad |
|
static |
| void dtls_handshake_free | ( | dtls_handshake_parameters_t * | handshake | ) |
|
static |
| dtls_handshake_parameters_t* dtls_handshake_new | ( | ) |
| void dtls_mac | ( | dtls_hmac_context_t * | hmac_ctx, |
| const unsigned char * | record, | ||
| const unsigned char * | packet, | ||
| size_t | length, | ||
| unsigned char * | buf | ||
| ) |
Calculates MAC for record + cleartext packet and places the result in buf. The given hmac_ctx must be initialized with the HMAC function to use and the proper secret. As the DTLS mac calculation requires data from the record header, record must point to a buffer of at least sizeof(dtls_record_header_t) bytes. Usually, the remaining packet will be encrypted, therefore, the cleartext is passed separately in packet.
| hmac_ctx | The HMAC context to use for MAC calculation. |
| record | The record header. |
| packet | Cleartext payload to apply the MAC to. |
| length | Size of packet. |
| buf | A result buffer that is large enough to hold the generated digest. |
| size_t dtls_p_hash | ( | dtls_hashfunc_t | h, |
| const unsigned char * | key, | ||
| size_t | keylen, | ||
| const unsigned char * | label, | ||
| size_t | labellen, | ||
| const unsigned char * | random1, | ||
| size_t | random1len, | ||
| const unsigned char * | random2, | ||
| size_t | random2len, | ||
| unsigned char * | buf, | ||
| size_t | buflen | ||
| ) |
Expands the secret and key to a block of DTLS_HMAC_MAX size according to the algorithm specified in section 5 of RFC 4346.
| h | Identifier of the hash function to use. |
| key | The secret. |
| keylen | Length of key. |
| seed | The seed. |
| seedlen | Length of seed. |
| buf | Output buffer where the result is XORed into The buffe must be capable to hold at least buflen bytes. |
buf or 0 on error. | size_t dtls_prf | ( | const unsigned char * | key, |
| size_t | keylen, | ||
| const unsigned char * | label, | ||
| size_t | labellen, | ||
| const unsigned char * | random1, | ||
| size_t | random1len, | ||
| const unsigned char * | random2, | ||
| size_t | random2len, | ||
| unsigned char * | buf, | ||
| size_t | buflen | ||
| ) |
| int dtls_psk_pre_master_secret | ( | unsigned char * | key, |
| size_t | keylen, | ||
| unsigned char * | result, | ||
| size_t | result_len | ||
| ) |
Generates pre_master_sercet from given PSK and fills the result according to the "plain PSK" case in section 2 of RFC 4279. Diffie-Hellman and RSA key exchange are currently not supported.
| key | The shared key. |
| keylen | Length of key in bytes. |
| result | The derived pre master secret. |
result.
|
static |
| void dtls_security_free | ( | dtls_security_parameters_t * | security | ) |
|
static |
| dtls_security_parameters_t* dtls_security_new | ( | ) |
|
static |
1.8.6