tinydtls  0.8.6
crypto.h
Go to the documentation of this file.
1 /*******************************************************************************
2  *
3  * Copyright (c) 2011, 2012, 2013, 2014, 2015 Olaf Bergmann (TZI) and others.
4  * All rights reserved. This program and the accompanying materials
5  * are made available under the terms of the Eclipse Public License v1.0
6  * and Eclipse Distribution License v. 1.0 which accompanies this distribution.
7  *
8  * The Eclipse Public License is available at http://www.eclipse.org/legal/epl-v10.html
9  * and the Eclipse Distribution License is available at
10  * http://www.eclipse.org/org/documents/edl-v10.php.
11  *
12  * Contributors:
13  * Olaf Bergmann - initial API and implementation
14  * Hauke Mehrtens - memory optimization, ECC integration
15  *
16  *******************************************************************************/
17 
18 #ifndef _DTLS_CRYPTO_H_
19 #define _DTLS_CRYPTO_H_
20 
21 #include <stdlib.h> /* for rand() and srand() */
22 #include <stdint.h>
23 
24 #include "aes/rijndael.h"
25 
26 #include "tinydtls.h"
27 #include "global.h"
28 #include "state.h"
29 #include "numeric.h"
30 #include "hmac.h"
31 #include "ccm.h"
32 
33 /* TLS_PSK_WITH_AES_128_CCM_8 */
34 #define DTLS_MAC_KEY_LENGTH 0
35 #define DTLS_KEY_LENGTH 16 /* AES-128 */
36 #define DTLS_BLK_LENGTH 16 /* AES-128 */
37 #define DTLS_MAC_LENGTH DTLS_HMAC_DIGEST_SIZE
38 #define DTLS_IV_LENGTH 4 /* length of nonce_explicit */
39 
45 #define MAX_KEYBLOCK_LENGTH \
46  (2 * DTLS_MAC_KEY_LENGTH + 2 * DTLS_KEY_LENGTH + 2 * DTLS_IV_LENGTH)
47 
49 #define DTLS_MASTER_SECRET_LENGTH 48
50 #define DTLS_RANDOM_LENGTH 32
51 
52 typedef enum { AES128=0
54 
55 typedef enum {
58 
60 typedef struct {
61  rijndael_ctx ctx;
62 } aes128_ccm_t;
63 
64 typedef struct dtls_cipher_context_t {
68 
69 typedef struct {
70  uint8 own_eph_priv[32];
71  uint8 other_eph_pub_x[32];
72  uint8 other_eph_pub_y[32];
73  uint8 other_pub_x[32];
74  uint8 other_pub_y[32];
76 
77 /* This is the maximal supported length of the psk client identity and psk
78  * server identity hint */
79 #define DTLS_PSK_MAX_CLIENT_IDENTITY_LEN 32
80 
81 /* This is the maximal supported length of the pre-shared key. */
82 #define DTLS_PSK_MAX_KEY_LEN DTLS_KEY_LENGTH
83 
84 typedef struct {
85  uint16_t id_length;
86  unsigned char identity[DTLS_PSK_MAX_CLIENT_IDENTITY_LEN];
88 
89 typedef struct {
90  uint64_t cseq;
91  uint64_t bitfield;
92 } seqnum_t;
93 
94 typedef struct {
98  uint16_t epoch;
99  uint64_t rseq;
108 
111 
112 struct netq_t;
113 
114 typedef struct {
115  union {
116  struct random_t {
119  } random;
122  } tmp;
128  unsigned int do_client_auth:1;
129  union {
130 #ifdef DTLS_ECC
132 #endif /* DTLS_ECC */
133 #ifdef DTLS_PSK
135 #endif /* DTLS_PSK */
136  } keyx;
138 
139 /* The following macros provide access to the components of the
140  * key_block in the security parameters. */
141 
142 #define dtls_kb_client_mac_secret(Param, Role) ((Param)->key_block)
143 #define dtls_kb_server_mac_secret(Param, Role) \
144  (dtls_kb_client_mac_secret(Param, Role) + DTLS_MAC_KEY_LENGTH)
145 #define dtls_kb_remote_mac_secret(Param, Role) \
146  ((Role) == DTLS_SERVER \
147  ? dtls_kb_client_mac_secret(Param, Role) \
148  : dtls_kb_server_mac_secret(Param, Role))
149 #define dtls_kb_local_mac_secret(Param, Role) \
150  ((Role) == DTLS_CLIENT \
151  ? dtls_kb_client_mac_secret(Param, Role) \
152  : dtls_kb_server_mac_secret(Param, Role))
153 #define dtls_kb_mac_secret_size(Param, Role) DTLS_MAC_KEY_LENGTH
154 #define dtls_kb_client_write_key(Param, Role) \
155  (dtls_kb_server_mac_secret(Param, Role) + DTLS_MAC_KEY_LENGTH)
156 #define dtls_kb_server_write_key(Param, Role) \
157  (dtls_kb_client_write_key(Param, Role) + DTLS_KEY_LENGTH)
158 #define dtls_kb_remote_write_key(Param, Role) \
159  ((Role) == DTLS_SERVER \
160  ? dtls_kb_client_write_key(Param, Role) \
161  : dtls_kb_server_write_key(Param, Role))
162 #define dtls_kb_local_write_key(Param, Role) \
163  ((Role) == DTLS_CLIENT \
164  ? dtls_kb_client_write_key(Param, Role) \
165  : dtls_kb_server_write_key(Param, Role))
166 #define dtls_kb_key_size(Param, Role) DTLS_KEY_LENGTH
167 #define dtls_kb_client_iv(Param, Role) \
168  (dtls_kb_server_write_key(Param, Role) + DTLS_KEY_LENGTH)
169 #define dtls_kb_server_iv(Param, Role) \
170  (dtls_kb_client_iv(Param, Role) + DTLS_IV_LENGTH)
171 #define dtls_kb_remote_iv(Param, Role) \
172  ((Role) == DTLS_SERVER \
173  ? dtls_kb_client_iv(Param, Role) \
174  : dtls_kb_server_iv(Param, Role))
175 #define dtls_kb_local_iv(Param, Role) \
176  ((Role) == DTLS_CLIENT \
177  ? dtls_kb_client_iv(Param, Role) \
178  : dtls_kb_server_iv(Param, Role))
179 #define dtls_kb_iv_size(Param, Role) DTLS_IV_LENGTH
180 
181 #define dtls_kb_size(Param, Role) \
182  (2 * (dtls_kb_mac_secret_size(Param, Role) + \
183  dtls_kb_key_size(Param, Role) + dtls_kb_iv_size(Param, Role)))
184 
185 /* just for consistency */
186 #define dtls_kb_digest_size(Param, Role) DTLS_MAC_LENGTH
187 
204 size_t dtls_p_hash(dtls_hashfunc_t h,
205  const unsigned char *key, size_t keylen,
206  const unsigned char *label, size_t labellen,
207  const unsigned char *random1, size_t random1len,
208  const unsigned char *random2, size_t random2len,
209  unsigned char *buf, size_t buflen);
210 
216 size_t dtls_prf(const unsigned char *key, size_t keylen,
217  const unsigned char *label, size_t labellen,
218  const unsigned char *random1, size_t random1len,
219  const unsigned char *random2, size_t random2len,
220  unsigned char *buf, size_t buflen);
221 
238 void dtls_mac(dtls_hmac_context_t *hmac_ctx,
239  const unsigned char *record,
240  const unsigned char *packet, size_t length,
241  unsigned char *buf);
242 
263 int dtls_encrypt(const unsigned char *src, size_t length,
264  unsigned char *buf,
265  unsigned char *nounce,
266  unsigned char *key, size_t keylen,
267  const unsigned char *aad, size_t aad_length);
268 
287 int dtls_decrypt(const unsigned char *src, size_t length,
288  unsigned char *buf,
289  unsigned char *nounce,
290  unsigned char *key, size_t keylen,
291  const unsigned char *a_data, size_t a_data_length);
292 
293 /* helper functions */
294 
305 int dtls_psk_pre_master_secret(unsigned char *key, size_t keylen,
306  unsigned char *result, size_t result_len);
307 
308 #define DTLS_EC_KEY_SIZE 32
309 
310 int dtls_ecdh_pre_master_secret(unsigned char *priv_key,
311  unsigned char *pub_key_x,
312  unsigned char *pub_key_y,
313  size_t key_size,
314  unsigned char *result,
315  size_t result_len);
316 
317 void dtls_ecdsa_generate_key(unsigned char *priv_key,
318  unsigned char *pub_key_x,
319  unsigned char *pub_key_y,
320  size_t key_size);
321 
322 void dtls_ecdsa_create_sig_hash(const unsigned char *priv_key, size_t key_size,
323  const unsigned char *sign_hash, size_t sign_hash_size,
324  uint32_t point_r[9], uint32_t point_s[9]);
325 
326 void dtls_ecdsa_create_sig(const unsigned char *priv_key, size_t key_size,
327  const unsigned char *client_random, size_t client_random_size,
328  const unsigned char *server_random, size_t server_random_size,
329  const unsigned char *keyx_params, size_t keyx_params_size,
330  uint32_t point_r[9], uint32_t point_s[9]);
331 
332 int dtls_ecdsa_verify_sig_hash(const unsigned char *pub_key_x,
333  const unsigned char *pub_key_y, size_t key_size,
334  const unsigned char *sign_hash, size_t sign_hash_size,
335  unsigned char *result_r, unsigned char *result_s);
336 
337 int dtls_ecdsa_verify_sig(const unsigned char *pub_key_x,
338  const unsigned char *pub_key_y, size_t key_size,
339  const unsigned char *client_random, size_t client_random_size,
340  const unsigned char *server_random, size_t server_random_size,
341  const unsigned char *keyx_params, size_t keyx_params_size,
342  unsigned char *result_r, unsigned char *result_s);
343 
344 int dtls_ec_key_from_uint32_asn1(const uint32_t *key, size_t key_size,
345  unsigned char *buf);
346 
347 
349 
351 
353 
355 void crypto_init(void);
356 
357 #endif /* _DTLS_CRYPTO_H_ */
358 
int dtls_ecdh_pre_master_secret(unsigned char *priv_key, unsigned char *pub_key_x, unsigned char *pub_key_y, size_t key_size, unsigned char *result, size_t result_len)
Definition: crypto.c:391
dtls_hs_state_t hs_state
Definition: crypto.h:124
public tinydtls API
void dtls_security_free(dtls_security_parameters_t *security)
Definition: crypto.c:164
size_t dtls_prf(const unsigned char *key, size_t keylen, const unsigned char *label, size_t labellen, const unsigned char *random1, size_t random1len, const unsigned char *random2, size_t random2len, unsigned char *buf, size_t buflen)
Definition: crypto.c:240
rijndael_ctx ctx
Definition: crypto.h:61
void crypto_init(void)
Definition: crypto.c:66
dtls_cipher_t cipher
Definition: crypto.h:127
dtls_compression_t
Definition: global.h:73
int dtls_encrypt(const unsigned char *src, size_t length, unsigned char *buf, unsigned char *nounce, unsigned char *key, size_t keylen, const unsigned char *aad, size_t aad_length)
Definition: crypto.c:517
void dtls_mac(dtls_hmac_context_t *hmac_ctx, const unsigned char *record, const unsigned char *packet, size_t length, unsigned char *buf)
Definition: crypto.c:257
Definition: netq.h:47
int dtls_psk_pre_master_secret(unsigned char *key, size_t keylen, unsigned char *result, size_t result_len)
Definition: crypto.c:311
void dtls_ecdsa_generate_key(unsigned char *priv_key, unsigned char *pub_key_x, unsigned char *pub_key_y, size_t key_size)
Definition: crypto.c:418
int dtls_decrypt(const unsigned char *src, size_t length, unsigned char *buf, unsigned char *nounce, unsigned char *key, size_t keylen, const unsigned char *a_data, size_t a_data_length)
Definition: crypto.c:543
aes128_ccm_t data
Definition: crypto.h:66
size_t dtls_p_hash(dtls_hashfunc_t h, const unsigned char *key, size_t keylen, const unsigned char *label, size_t labellen, const unsigned char *random1, size_t random1len, const unsigned char *random2, size_t random2len, unsigned char *buf, size_t buflen)
Definition: crypto.c:173
#define DTLS_PSK_MAX_CLIENT_IDENTITY_LEN
Definition: crypto.h:79
#define MAX_KEYBLOCK_LENGTH
Definition: crypto.h:45
void dtls_handshake_free(dtls_handshake_parameters_t *handshake)
Definition: crypto.c:136
dtls_handshake_parameters_psk_t psk
Definition: crypto.h:134
struct netq_t * reorder_queue
Definition: crypto.h:123
#define DTLS_RANDOM_LENGTH
Definition: crypto.h:50
dtls_ecdh_curve
Definition: crypto.h:55
unsigned char uint8
Definition: global.h:39
dtls_compression_t compression
Definition: crypto.h:126
uint64_t cseq
Definition: crypto.h:90
dtls_security_parameters_t * dtls_security_new(void)
Definition: crypto.c:145
unsigned int uint32_t
Definition: uthash.h:78
dtls_compression_t compression
Definition: crypto.h:95
dtls_cipher_t cipher
Definition: crypto.h:97
#define DTLS_MASTER_SECRET_LENGTH
Definition: crypto.h:49
void dtls_ecdsa_create_sig(const unsigned char *priv_key, size_t key_size, const unsigned char *client_random, size_t client_random_size, const unsigned char *server_random, size_t server_random_size, const unsigned char *keyx_params, size_t keyx_params_size, uint32_t point_r[9], uint32_t point_s[9])
Definition: crypto.c:456
int dtls_ecdsa_verify_sig_hash(const unsigned char *pub_key_x, const unsigned char *pub_key_y, size_t key_size, const unsigned char *sign_hash, size_t sign_hash_size, unsigned char *result_r, unsigned char *result_s)
Definition: crypto.c:476
state information for DTLS FSM
int dtls_ec_key_from_uint32_asn1(const uint32_t *key, size_t key_size, unsigned char *buf)
Definition: crypto.c:355
dtls_handshake_parameters_t * dtls_handshake_new(void)
Definition: crypto.c:113
dtls_hashfunc_t
Definition: hmac.h:71
dtls_cipher_t
Definition: global.h:66
Definition: crypto.h:52
dtls_handshake_parameters_ecdsa_t ecdsa
Definition: crypto.h:131
dtls_crypto_alg
Definition: crypto.h:52
struct dtls_cipher_context_t dtls_cipher_context_t
int dtls_ecdsa_verify_sig(const unsigned char *pub_key_x, const unsigned char *pub_key_y, size_t key_size, const unsigned char *client_random, size_t client_random_size, const unsigned char *server_random, size_t server_random_size, const unsigned char *keyx_params, size_t keyx_params_size, unsigned char *result_r, unsigned char *result_s)
Definition: crypto.c:496
uint64_t bitfield
Definition: crypto.h:91
void dtls_ecdsa_create_sig_hash(const unsigned char *priv_key, size_t key_size, const unsigned char *sign_hash, size_t sign_hash_size, uint32_t point_r[9], uint32_t point_s[9])
Definition: crypto.c:439