18 #ifndef _DTLS_CRYPTO_H_ 19 #define _DTLS_CRYPTO_H_ 24 #include "aes/rijndael.h" 34 #define DTLS_MAC_KEY_LENGTH 0 35 #define DTLS_KEY_LENGTH 16 36 #define DTLS_BLK_LENGTH 16 37 #define DTLS_MAC_LENGTH DTLS_HMAC_DIGEST_SIZE 38 #define DTLS_IV_LENGTH 4 45 #define MAX_KEYBLOCK_LENGTH \ 46 (2 * DTLS_MAC_KEY_LENGTH + 2 * DTLS_KEY_LENGTH + 2 * DTLS_IV_LENGTH) 49 #define DTLS_MASTER_SECRET_LENGTH 48 50 #define DTLS_RANDOM_LENGTH 32 79 #define DTLS_PSK_MAX_CLIENT_IDENTITY_LEN 32 82 #define DTLS_PSK_MAX_KEY_LEN DTLS_KEY_LENGTH 128 unsigned int do_client_auth:1;
142 #define dtls_kb_client_mac_secret(Param, Role) ((Param)->key_block) 143 #define dtls_kb_server_mac_secret(Param, Role) \ 144 (dtls_kb_client_mac_secret(Param, Role) + DTLS_MAC_KEY_LENGTH) 145 #define dtls_kb_remote_mac_secret(Param, Role) \ 146 ((Role) == DTLS_SERVER \ 147 ? dtls_kb_client_mac_secret(Param, Role) \ 148 : dtls_kb_server_mac_secret(Param, Role)) 149 #define dtls_kb_local_mac_secret(Param, Role) \ 150 ((Role) == DTLS_CLIENT \ 151 ? dtls_kb_client_mac_secret(Param, Role) \ 152 : dtls_kb_server_mac_secret(Param, Role)) 153 #define dtls_kb_mac_secret_size(Param, Role) DTLS_MAC_KEY_LENGTH 154 #define dtls_kb_client_write_key(Param, Role) \ 155 (dtls_kb_server_mac_secret(Param, Role) + DTLS_MAC_KEY_LENGTH) 156 #define dtls_kb_server_write_key(Param, Role) \ 157 (dtls_kb_client_write_key(Param, Role) + DTLS_KEY_LENGTH) 158 #define dtls_kb_remote_write_key(Param, Role) \ 159 ((Role) == DTLS_SERVER \ 160 ? dtls_kb_client_write_key(Param, Role) \ 161 : dtls_kb_server_write_key(Param, Role)) 162 #define dtls_kb_local_write_key(Param, Role) \ 163 ((Role) == DTLS_CLIENT \ 164 ? dtls_kb_client_write_key(Param, Role) \ 165 : dtls_kb_server_write_key(Param, Role)) 166 #define dtls_kb_key_size(Param, Role) DTLS_KEY_LENGTH 167 #define dtls_kb_client_iv(Param, Role) \ 168 (dtls_kb_server_write_key(Param, Role) + DTLS_KEY_LENGTH) 169 #define dtls_kb_server_iv(Param, Role) \ 170 (dtls_kb_client_iv(Param, Role) + DTLS_IV_LENGTH) 171 #define dtls_kb_remote_iv(Param, Role) \ 172 ((Role) == DTLS_SERVER \ 173 ? dtls_kb_client_iv(Param, Role) \ 174 : dtls_kb_server_iv(Param, Role)) 175 #define dtls_kb_local_iv(Param, Role) \ 176 ((Role) == DTLS_CLIENT \ 177 ? dtls_kb_client_iv(Param, Role) \ 178 : dtls_kb_server_iv(Param, Role)) 179 #define dtls_kb_iv_size(Param, Role) DTLS_IV_LENGTH 181 #define dtls_kb_size(Param, Role) \ 182 (2 * (dtls_kb_mac_secret_size(Param, Role) + \ 183 dtls_kb_key_size(Param, Role) + dtls_kb_iv_size(Param, Role))) 186 #define dtls_kb_digest_size(Param, Role) DTLS_MAC_LENGTH 205 const unsigned char *key,
size_t keylen,
206 const unsigned char *label,
size_t labellen,
207 const unsigned char *random1,
size_t random1len,
208 const unsigned char *random2,
size_t random2len,
209 unsigned char *buf,
size_t buflen);
216 size_t dtls_prf(
const unsigned char *key,
size_t keylen,
217 const unsigned char *label,
size_t labellen,
218 const unsigned char *random1,
size_t random1len,
219 const unsigned char *random2,
size_t random2len,
220 unsigned char *buf,
size_t buflen);
239 const unsigned char *record,
240 const unsigned char *packet,
size_t length,
263 int dtls_encrypt(
const unsigned char *src,
size_t length,
265 unsigned char *nounce,
266 unsigned char *key,
size_t keylen,
267 const unsigned char *aad,
size_t aad_length);
287 int dtls_decrypt(
const unsigned char *src,
size_t length,
289 unsigned char *nounce,
290 unsigned char *key,
size_t keylen,
291 const unsigned char *a_data,
size_t a_data_length);
306 unsigned char *result,
size_t result_len);
308 #define DTLS_EC_KEY_SIZE 32 311 unsigned char *pub_key_x,
312 unsigned char *pub_key_y,
314 unsigned char *result,
318 unsigned char *pub_key_x,
319 unsigned char *pub_key_y,
323 const unsigned char *sign_hash,
size_t sign_hash_size,
327 const unsigned char *client_random,
size_t client_random_size,
328 const unsigned char *server_random,
size_t server_random_size,
329 const unsigned char *keyx_params,
size_t keyx_params_size,
333 const unsigned char *pub_key_y,
size_t key_size,
334 const unsigned char *sign_hash,
size_t sign_hash_size,
335 unsigned char *result_r,
unsigned char *result_s);
338 const unsigned char *pub_key_y,
size_t key_size,
339 const unsigned char *client_random,
size_t client_random_size,
340 const unsigned char *server_random,
size_t server_random_size,
341 const unsigned char *keyx_params,
size_t keyx_params_size,
342 unsigned char *result_r,
unsigned char *result_s);
int dtls_ecdh_pre_master_secret(unsigned char *priv_key, unsigned char *pub_key_x, unsigned char *pub_key_y, size_t key_size, unsigned char *result, size_t result_len)
void dtls_security_free(dtls_security_parameters_t *security)
size_t dtls_prf(const unsigned char *key, size_t keylen, const unsigned char *label, size_t labellen, const unsigned char *random1, size_t random1len, const unsigned char *random2, size_t random2len, unsigned char *buf, size_t buflen)
int dtls_encrypt(const unsigned char *src, size_t length, unsigned char *buf, unsigned char *nounce, unsigned char *key, size_t keylen, const unsigned char *aad, size_t aad_length)
void dtls_mac(dtls_hmac_context_t *hmac_ctx, const unsigned char *record, const unsigned char *packet, size_t length, unsigned char *buf)
int dtls_psk_pre_master_secret(unsigned char *key, size_t keylen, unsigned char *result, size_t result_len)
void dtls_ecdsa_generate_key(unsigned char *priv_key, unsigned char *pub_key_x, unsigned char *pub_key_y, size_t key_size)
int dtls_decrypt(const unsigned char *src, size_t length, unsigned char *buf, unsigned char *nounce, unsigned char *key, size_t keylen, const unsigned char *a_data, size_t a_data_length)
size_t dtls_p_hash(dtls_hashfunc_t h, const unsigned char *key, size_t keylen, const unsigned char *label, size_t labellen, const unsigned char *random1, size_t random1len, const unsigned char *random2, size_t random2len, unsigned char *buf, size_t buflen)
#define DTLS_PSK_MAX_CLIENT_IDENTITY_LEN
#define MAX_KEYBLOCK_LENGTH
void dtls_handshake_free(dtls_handshake_parameters_t *handshake)
dtls_handshake_parameters_psk_t psk
struct netq_t * reorder_queue
#define DTLS_RANDOM_LENGTH
dtls_compression_t compression
dtls_security_parameters_t * dtls_security_new(void)
dtls_compression_t compression
#define DTLS_MASTER_SECRET_LENGTH
void dtls_ecdsa_create_sig(const unsigned char *priv_key, size_t key_size, const unsigned char *client_random, size_t client_random_size, const unsigned char *server_random, size_t server_random_size, const unsigned char *keyx_params, size_t keyx_params_size, uint32_t point_r[9], uint32_t point_s[9])
int dtls_ecdsa_verify_sig_hash(const unsigned char *pub_key_x, const unsigned char *pub_key_y, size_t key_size, const unsigned char *sign_hash, size_t sign_hash_size, unsigned char *result_r, unsigned char *result_s)
state information for DTLS FSM
int dtls_ec_key_from_uint32_asn1(const uint32_t *key, size_t key_size, unsigned char *buf)
dtls_handshake_parameters_t * dtls_handshake_new(void)
dtls_handshake_parameters_ecdsa_t ecdsa
struct dtls_cipher_context_t dtls_cipher_context_t
int dtls_ecdsa_verify_sig(const unsigned char *pub_key_x, const unsigned char *pub_key_y, size_t key_size, const unsigned char *client_random, size_t client_random_size, const unsigned char *server_random, size_t server_random_size, const unsigned char *keyx_params, size_t keyx_params_size, unsigned char *result_r, unsigned char *result_s)
void dtls_ecdsa_create_sig_hash(const unsigned char *priv_key, size_t key_size, const unsigned char *sign_hash, size_t sign_hash_size, uint32_t point_r[9], uint32_t point_s[9])