#include <stdlib.h>
#include <stdint.h>
#include "t_list.h"
#include "aes/rijndael.h"
#include "global.h"
#include "state.h"
#include "numeric.h"
#include "hmac.h"
#include "ccm.h"

Data Structures
struct	aes128_ccm_t

struct	dtls_cipher_context_t

struct	dtls_handshake_parameters_ecdsa_t

struct	dtls_handshake_parameters_psk_t

struct	dtls_security_parameters_t

struct	dtls_handshake_parameters_t

Macros
#define	DTLS_MAC_KEY_LENGTH 0

#define	DTLS_KEY_LENGTH 16 /* AES-128 */

#define	DTLS_BLK_LENGTH 16 /* AES-128 */

#define	DTLS_MAC_LENGTH DTLS_HMAC_DIGEST_SIZE

#define	DTLS_IV_LENGTH 4 /* length of nonce_explicit */

#define	MAX_KEYBLOCK_LENGTH (2 * DTLS_MAC_KEY_LENGTH + 2 * DTLS_KEY_LENGTH + 2 * DTLS_IV_LENGTH)

#define	DTLS_MASTER_SECRET_LENGTH 48

#define	DTLS_RANDOM_LENGTH 32

#define	DTLS_PSK_MAX_CLIENT_IDENTITY_LEN 32

#define	DTLS_PSK_MAX_KEY_LEN 32

#define	dtls_kb_client_mac_secret(Param, Role) ((Param)->key_block)

#define	dtls_kb_server_mac_secret(Param, Role) (dtls_kb_client_mac_secret(Param, Role) + DTLS_MAC_KEY_LENGTH)

#define	dtls_kb_remote_mac_secret(Param, Role)

#define	dtls_kb_local_mac_secret(Param, Role)

#define	dtls_kb_mac_secret_size(Param, Role) DTLS_MAC_KEY_LENGTH

#define	dtls_kb_client_write_key(Param, Role) (dtls_kb_server_mac_secret(Param, Role) + DTLS_MAC_KEY_LENGTH)

#define	dtls_kb_server_write_key(Param, Role) (dtls_kb_client_write_key(Param, Role) + DTLS_KEY_LENGTH)

#define	dtls_kb_remote_write_key(Param, Role)

#define	dtls_kb_local_write_key(Param, Role)

#define	dtls_kb_key_size(Param, Role) DTLS_KEY_LENGTH

#define	dtls_kb_client_iv(Param, Role) (dtls_kb_server_write_key(Param, Role) + DTLS_KEY_LENGTH)

#define	dtls_kb_server_iv(Param, Role) (dtls_kb_client_iv(Param, Role) + DTLS_IV_LENGTH)

#define	dtls_kb_remote_iv(Param, Role)

#define	dtls_kb_local_iv(Param, Role)

#define	dtls_kb_iv_size(Param, Role) DTLS_IV_LENGTH

#define	dtls_kb_size(Param, Role)

#define	dtls_kb_digest_size(Param, Role) DTLS_MAC_LENGTH

#define	DTLS_EC_KEY_SIZE 32

Typedefs
typedef struct dtls_cipher_context_t	dtls_cipher_context_t

Enumerations
enum	dtls_crypto_alg { AES128 =0 }

enum	dtls_ecdh_curve { DTLS_ECDH_CURVE_SECP256R1 }

Functions
size_t	dtls_p_hash (dtls_hashfunc_t h, const unsigned char key, size_t keylen, const unsigned char label, size_t labellen, const unsigned char random1, size_t random1len, const unsigned char random2, size_t random2len, unsigned char *buf, size_t buflen)

size_t	dtls_prf (const unsigned char key, size_t keylen, const unsigned char label, size_t labellen, const unsigned char random1, size_t random1len, const unsigned char random2, size_t random2len, unsigned char *buf, size_t buflen)

void	dtls_mac (dtls_hmac_context_t hmac_ctx, const unsigned char record, const unsigned char packet, size_t length, unsigned char buf)

int	dtls_encrypt (const unsigned char src, size_t length, unsigned char buf, unsigned char nounce, unsigned char key, size_t keylen, const unsigned char *aad, size_t aad_length)

int	dtls_decrypt (const unsigned char src, size_t length, unsigned char buf, unsigned char nounce, unsigned char key, size_t keylen, const unsigned char *a_data, size_t a_data_length)

int	dtls_psk_pre_master_secret (unsigned char key, size_t keylen, unsigned char result, size_t result_len)

int	dtls_ecdh_pre_master_secret (unsigned char priv_key, unsigned char pub_key_x, unsigned char pub_key_y, size_t key_size, unsigned char result, size_t result_len)

void	dtls_ecdsa_generate_key (unsigned char priv_key, unsigned char pub_key_x, unsigned char *pub_key_y, size_t key_size)

void	dtls_ecdsa_create_sig_hash (const unsigned char priv_key, size_t key_size, const unsigned char sign_hash, size_t sign_hash_size, uint32_t point_r[9], uint32_t point_s[9])

void	dtls_ecdsa_create_sig (const unsigned char priv_key, size_t key_size, const unsigned char client_random, size_t client_random_size, const unsigned char server_random, size_t server_random_size, const unsigned char keyx_params, size_t keyx_params_size, uint32_t point_r[9], uint32_t point_s[9])

int	dtls_ecdsa_verify_sig_hash (const unsigned char pub_key_x, const unsigned char pub_key_y, size_t key_size, const unsigned char sign_hash, size_t sign_hash_size, unsigned char result_r, unsigned char *result_s)

int	dtls_ecdsa_verify_sig (const unsigned char pub_key_x, const unsigned char pub_key_y, size_t key_size, const unsigned char client_random, size_t client_random_size, const unsigned char server_random, size_t server_random_size, const unsigned char keyx_params, size_t keyx_params_size, unsigned char result_r, unsigned char *result_s)

int	dtls_ec_key_from_uint32_asn1 (const uint32_t key, size_t key_size, unsigned char buf)

dtls_handshake_parameters_t *	dtls_handshake_new ()

void	dtls_handshake_free (dtls_handshake_parameters_t *handshake)

dtls_security_parameters_t *	dtls_security_new ()

void	dtls_security_free (dtls_security_parameters_t *security)

void	crypto_init ()

Macro Definition Documentation

#define DTLS_BLK_LENGTH 16 /* AES-128 */

Definition at line 46 of file crypto.h.

#define DTLS_EC_KEY_SIZE 32

Definition at line 309 of file crypto.h.

#define DTLS_IV_LENGTH 4 /* length of nonce_explicit */

Definition at line 48 of file crypto.h.

#define dtls_kb_client_iv	(	Param,
		Role
	)	(dtls_kb_server_write_key(Param, Role) + DTLS_KEY_LENGTH)

Definition at line 168 of file crypto.h.

#define dtls_kb_client_mac_secret	(	Param,
		Role
	)	((Param)->key_block)

Definition at line 143 of file crypto.h.

#define dtls_kb_client_write_key	(	Param,
		Role
	)	(dtls_kb_server_mac_secret(Param, Role) + DTLS_MAC_KEY_LENGTH)

Definition at line 155 of file crypto.h.

#define dtls_kb_digest_size	(	Param,
		Role
	)	DTLS_MAC_LENGTH

Definition at line 187 of file crypto.h.

#define dtls_kb_iv_size	(	Param,
		Role
	)	DTLS_IV_LENGTH

Definition at line 180 of file crypto.h.

#define dtls_kb_key_size	(	Param,
		Role
	)	DTLS_KEY_LENGTH

Definition at line 167 of file crypto.h.

#define dtls_kb_local_iv	(	Param,
		Role
	)

Value:

((Role) == DTLS_CLIENT                      \
   ? dtls_kb_client_iv(Param, Role)                 \
   : dtls_kb_server_iv(Param, Role))

Definition at line 176 of file crypto.h.

#define dtls_kb_local_mac_secret	(	Param,
		Role
	)

Value:

((Role) == DTLS_CLIENT                      \
   ? dtls_kb_client_mac_secret(Param, Role)             \
   : dtls_kb_server_mac_secret(Param, Role))

Definition at line 150 of file crypto.h.

#define dtls_kb_local_write_key	(	Param,
		Role
	)

Value:

((Role) == DTLS_CLIENT                      \
   ? dtls_kb_client_write_key(Param, Role)              \
   : dtls_kb_server_write_key(Param, Role))

Definition at line 163 of file crypto.h.

#define dtls_kb_mac_secret_size	(	Param,
		Role
	)	DTLS_MAC_KEY_LENGTH

Definition at line 154 of file crypto.h.

#define dtls_kb_remote_iv	(	Param,
		Role
	)

Value:

((Role) == DTLS_SERVER                      \
   ? dtls_kb_client_iv(Param, Role)                 \
   : dtls_kb_server_iv(Param, Role))

Definition at line 172 of file crypto.h.

#define dtls_kb_remote_mac_secret	(	Param,
		Role
	)

Value:

((Role) == DTLS_SERVER                      \
   ? dtls_kb_client_mac_secret(Param, Role)             \
   : dtls_kb_server_mac_secret(Param, Role))

Definition at line 146 of file crypto.h.

#define dtls_kb_remote_write_key	(	Param,
		Role
	)

Value:

((Role) == DTLS_SERVER                      \
   ? dtls_kb_client_write_key(Param, Role)              \
   : dtls_kb_server_write_key(Param, Role))

Definition at line 159 of file crypto.h.

#define dtls_kb_server_iv	(	Param,
		Role
	)	(dtls_kb_client_iv(Param, Role) + DTLS_IV_LENGTH)

Definition at line 170 of file crypto.h.

#define dtls_kb_server_mac_secret	(	Param,
		Role
	)	(dtls_kb_client_mac_secret(Param, Role) + DTLS_MAC_KEY_LENGTH)

Definition at line 144 of file crypto.h.

#define dtls_kb_server_write_key	(	Param,
		Role
	)	(dtls_kb_client_write_key(Param, Role) + DTLS_KEY_LENGTH)

Definition at line 157 of file crypto.h.

#define dtls_kb_size	(	Param,
		Role
	)

Value:

(2 * (dtls_kb_mac_secret_size(Param, Role) + \

dtls_kb_key_size(Param, Role) + dtls_kb_iv_size(Param, Role)))

dtls_kb_iv_size

#define dtls_kb_iv_size(Param, Role)

Definition: crypto.h:180

dtls_kb_mac_secret_size

#define dtls_kb_mac_secret_size(Param, Role)

Definition: crypto.h:154

dtls_kb_key_size

#define dtls_kb_key_size(Param, Role)

Definition: crypto.h:167

Definition at line 182 of file crypto.h.

#define DTLS_KEY_LENGTH 16 /* AES-128 */

Definition at line 45 of file crypto.h.

#define DTLS_MAC_KEY_LENGTH 0

Definition at line 44 of file crypto.h.

#define DTLS_MAC_LENGTH DTLS_HMAC_DIGEST_SIZE

Definition at line 47 of file crypto.h.

#define DTLS_MASTER_SECRET_LENGTH 48

Length of DTLS master_secret

Definition at line 59 of file crypto.h.

#define DTLS_PSK_MAX_CLIENT_IDENTITY_LEN 32

Definition at line 89 of file crypto.h.

#define DTLS_PSK_MAX_KEY_LEN 32

Definition at line 92 of file crypto.h.

#define DTLS_RANDOM_LENGTH 32

Definition at line 60 of file crypto.h.

#define MAX_KEYBLOCK_LENGTH (2 * DTLS_MAC_KEY_LENGTH + 2 * DTLS_KEY_LENGTH + 2 * DTLS_IV_LENGTH)

Maximum size of the generated keyblock. Note that MAX_KEYBLOCK_LENGTH must be large enough to hold the pre_master_secret, i.e. twice the length of the pre-shared key + 1.

Definition at line 55 of file crypto.h.

Typedef Documentation

typedef struct dtls_cipher_context_t dtls_cipher_context_t

Enumeration Type Documentation

enum dtls_crypto_alg

Enumerator
AES128

Definition at line 62 of file crypto.h.

enum dtls_ecdh_curve

Enumerator
DTLS_ECDH_CURVE_SECP256R1

Definition at line 65 of file crypto.h.

Function Documentation

void crypto_init ( )

Definition at line 76 of file crypto.c.

int dtls_decrypt	(	const unsigned char *	src,
		size_t	length,
		unsigned char *	buf,
		unsigned char *	nounce,
		unsigned char *	key,
		size_t	keylen,
		const unsigned char *	a_data,
		size_t	a_data_length
	)

Decrypts the given buffer src of given length, writing the result to buf. The function returns -1 in case of an error, or the number of bytes written. Note that for block ciphers, length must be a multiple of the cipher's block size. A return value between 0 and the actual length indicates that only n-1 block have been processed. Unlike dtls_encrypt(), the source and destination of dtls_decrypt() may overlap.

Parameters

ctx	The cipher context to use.
src	The buffer to decrypt.
length	The length of the input buffer.
buf	The result buffer.
aad	additional authentication data for AEAD ciphers
aad_length	actual size of `aad`

Returns: Less than zero on error, the number of decrypted bytes otherwise.

Definition at line 550 of file crypto.c.

int dtls_ec_key_from_uint32_asn1	(	const uint32_t *	key,
		size_t	key_size,
		unsigned char *	buf
	)

Definition at line 362 of file crypto.c.

int dtls_ecdh_pre_master_secret	(	unsigned char *	priv_key,
		unsigned char *	pub_key_x,
		unsigned char *	pub_key_y,
		size_t	key_size,
		unsigned char *	result,
		size_t	result_len
	)

Definition at line 398 of file crypto.c.

void dtls_ecdsa_create_sig	(	const unsigned char *	priv_key,
		size_t	key_size,
		const unsigned char *	client_random,
		size_t	client_random_size,
		const unsigned char *	server_random,
		size_t	server_random_size,
		const unsigned char *	keyx_params,
		size_t	keyx_params_size,
		uint32_t	point_r[9],
		uint32_t	point_s[9]
	)

Definition at line 463 of file crypto.c.

void dtls_ecdsa_create_sig_hash	(	const unsigned char *	priv_key,
		size_t	key_size,
		const unsigned char *	sign_hash,
		size_t	sign_hash_size,
		uint32_t	point_r[9],
		uint32_t	point_s[9]
	)

Definition at line 446 of file crypto.c.

void dtls_ecdsa_generate_key	(	unsigned char *	priv_key,
		unsigned char *	pub_key_x,
		unsigned char *	pub_key_y,
		size_t	key_size
	)

Definition at line 425 of file crypto.c.

int dtls_ecdsa_verify_sig	(	const unsigned char *	pub_key_x,
		const unsigned char *	pub_key_y,
		size_t	key_size,
		const unsigned char *	client_random,
		size_t	client_random_size,
		const unsigned char *	server_random,
		size_t	server_random_size,
		const unsigned char *	keyx_params,
		size_t	keyx_params_size,
		unsigned char *	result_r,
		unsigned char *	result_s
	)

Definition at line 503 of file crypto.c.

int dtls_ecdsa_verify_sig_hash	(	const unsigned char *	pub_key_x,
		const unsigned char *	pub_key_y,
		size_t	key_size,
		const unsigned char *	sign_hash,
		size_t	sign_hash_size,
		unsigned char *	result_r,
		unsigned char *	result_s
	)

Definition at line 483 of file crypto.c.

int dtls_encrypt	(	const unsigned char *	src,
		size_t	length,
		unsigned char *	buf,
		unsigned char *	nounce,
		unsigned char *	key,
		size_t	keylen,
		const unsigned char *	aad,
		size_t	aad_length
	)

Encrypts the specified src of given length, writing the result to buf. The cipher implementation may add more data to the result buffer such as an initialization vector or padding (e.g. for block cipers in CBC mode). The caller therefore must ensure that buf provides sufficient storage to hold the result. Usually this means ( 2 + length / blocksize ) * blocksize. The function returns a value less than zero on error or otherwise the number of bytes written.

Parameters

ctx	The cipher context to use.
src	The data to encrypt.
length	The actual size of of `src`.
buf	The result buffer. `src` and `buf` must not overlap.
aad	additional data for AEAD ciphers
aad_length	actual size of `aad`

Returns: The number of encrypted bytes on success, less than zero otherwise.

Definition at line 524 of file crypto.c.

void dtls_handshake_free ( dtls_handshake_parameters_t * handshake )

Definition at line 146 of file crypto.c.

dtls_handshake_parameters_t* dtls_handshake_new ( )

Definition at line 123 of file crypto.c.

void dtls_mac	(	dtls_hmac_context_t *	hmac_ctx,
		const unsigned char *	record,
		const unsigned char *	packet,
		size_t	length,
		unsigned char *	buf
	)

Calculates MAC for record + cleartext packet and places the result in buf. The given hmac_ctx must be initialized with the HMAC function to use and the proper secret. As the DTLS mac calculation requires data from the record header, record must point to a buffer of at least sizeof(dtls_record_header_t) bytes. Usually, the remaining packet will be encrypted, therefore, the cleartext is passed separately in packet.

Parameters

hmac_ctx	The HMAC context to use for MAC calculation.
record	The record header.
packet	Cleartext payload to apply the MAC to.
length	Size of `packet`.
buf	A result buffer that is large enough to hold the generated digest.

Definition at line 266 of file crypto.c.

size_t dtls_p_hash	(	dtls_hashfunc_t	h,
		const unsigned char *	key,
		size_t	keylen,
		const unsigned char *	label,
		size_t	labellen,
		const unsigned char *	random1,
		size_t	random1len,
		const unsigned char *	random2,
		size_t	random2len,
		unsigned char *	buf,
		size_t	buflen
	)

Expands the secret and key to a block of DTLS_HMAC_MAX size according to the algorithm specified in section 5 of RFC 4346.

Parameters

h	Identifier of the hash function to use.
key	The secret.
keylen	Length of `key`.
seed	The seed.
seedlen	Length of `seed`.
buf	Output buffer where the result is XORed into The buffe must be capable to hold at least `buflen` bytes.

Returns: The actual number of bytes written to buf or 0 on error.

Definition at line 183 of file crypto.c.

size_t dtls_prf	(	const unsigned char *	key,
		size_t	keylen,
		const unsigned char *	label,
		size_t	labellen,
		const unsigned char *	random1,
		size_t	random1len,
		const unsigned char *	random2,
		size_t	random2len,
		unsigned char *	buf,
		size_t	buflen
	)

This function implements the TLS PRF for DTLS_VERSION. For version 1.0, the PRF is P_MD5 ^ P_SHA1 while version 1.2 uses P_SHA256. Currently, the actual PRF is selected at compile time.

Definition at line 249 of file crypto.c.

int dtls_psk_pre_master_secret	(	unsigned char *	key,
		size_t	keylen,
		unsigned char *	result,
		size_t	result_len
	)

Generates pre_master_sercet from given PSK and fills the result according to the "plain PSK" case in section 2 of RFC 4279. Diffie-Hellman and RSA key exchange are currently not supported.

Parameters

key	The shared key.
keylen	Length of `key` in bytes.
result	The derived pre master secret.

Returns: The actual length of result.

Definition at line 318 of file crypto.c.

void dtls_security_free ( dtls_security_parameters_t * security )

Definition at line 174 of file crypto.c.

dtls_security_parameters_t* dtls_security_new ( )

Definition at line 155 of file crypto.c.

Data Structures

Macros

Typedefs

Enumerations

Functions

Macro Definition Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation