forked from contiki-ng/tinydtls
-
Notifications
You must be signed in to change notification settings - Fork 0
/
tinydtls.h
150 lines (125 loc) · 4.04 KB
/
tinydtls.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
/* tinydtls.h. Generated from tinydtls.h.in by configure. */
/*******************************************************************************
*
* Copyright (c) 2011, 2012, 2013, 2014, 2015 Olaf Bergmann (TZI) and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* and Eclipse Distribution License v. 1.0 which accompanies this distribution.
*
* The Eclipse Public License is available at http://www.eclipse.org/legal/epl-v10.html
* and the Eclipse Distribution License is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* Contributors:
* Olaf Bergmann - initial API and implementation
* Hauke Mehrtens - memory optimization, ECC integration
*
*******************************************************************************/
/**
* @file tinydtls.h
* @brief public tinydtls API
*/
#ifndef _DTLS_TINYDTLS_H_
#define _DTLS_TINYDTLS_H_
#include <string.h>
#ifdef DTLS_CONFIG_CONF_H
#include DTLS_CONFIG_CONF_H
#else /* DTLS_CONFIG_CONF_H */
#include "dtls_config.h"
#endif /* DTLS_CONFIG_CONF_H */
#include "dtls-support-conf.h"
#ifndef DTLSv12
/* The current version of tinyDTLS supports DTLSv1.2 only. */
#define DTLSv12 1
#endif
#ifndef WITH_SHA256
/* The current version of tinyDTLS supports DTLSv1.2 with SHA256 PRF
only. */
#define WITH_SHA256 1
#endif
#include <stdint.h>
#include <stddef.h>
/* Define our own types as at least uint32_t does not work on my amd64. */
#ifndef DTLS_MAX_BUF
/** Maximum size of DTLS message.
When Peers are sending bigger messages this causes problems. Californium
with ECDSA needs at least 220 */
#ifdef CONTIKI
#ifdef DTLS_ECC
#define DTLS_MAX_BUF 200
#else /* DTLS_ECC */
#define DTLS_MAX_BUF 100
#endif /* DTLS_ECC */
#else /* CONTIKI */
#define DTLS_MAX_BUF 1400
#endif /* CONTIKI */
#endif
#ifndef DTLS_DEFAULT_MAX_RETRANSMIT
/** Number of message retransmissions. */
#define DTLS_DEFAULT_MAX_RETRANSMIT 7
#endif
/** Known cipher suites.*/
typedef enum {
TLS_NULL_WITH_NULL_NULL = 0x0000, /**< NULL cipher */
TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8, /**< see RFC 6655 */
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE /**< see RFC 7251 */
} dtls_cipher_t;
/** Known compression suites.*/
typedef enum {
TLS_COMPRESSION_NULL = 0x0000 /* NULL compression */
} dtls_compression_t;
#define TLS_EXT_ELLIPTIC_CURVES 10 /* see RFC 4492 */
#define TLS_EXT_EC_POINT_FORMATS 11 /* see RFC 4492 */
#define TLS_EXT_SIG_HASH_ALGO 13 /* see RFC 5246 */
#define TLS_EXT_CLIENT_CERTIFICATE_TYPE 19 /* see RFC 7250 */
#define TLS_EXT_SERVER_CERTIFICATE_TYPE 20 /* see RFC 7250 */
#define TLS_EXT_ENCRYPT_THEN_MAC 22 /* see RFC 7366 */
#define TLS_CERT_TYPE_RAW_PUBLIC_KEY 2 /* see RFC 7250 */
#define TLS_EXT_ELLIPTIC_CURVES_SECP256R1 23 /* see RFC 4492 */
#define TLS_EXT_EC_POINT_FORMATS_UNCOMPRESSED 0 /* see RFC 4492 */
#define TLS_EC_CURVE_TYPE_NAMED_CURVE 3 /* see RFC 4492 */
#define TLS_CLIENT_CERTIFICATE_TYPE_ECDSA_SIGN 64 /* see RFC 4492 */
#define TLS_EXT_SIG_HASH_ALGO_SHA256 4 /* see RFC 5246 */
#define TLS_EXT_SIG_HASH_ALGO_ECDSA 3 /* see RFC 5246 */
/**
* XORs \p n bytes byte-by-byte starting at \p y to the memory area
* starting at \p x. */
static inline void
memxor(unsigned char *x, const unsigned char *y, size_t n) {
while(n--) {
*x ^= *y;
x++; y++;
}
}
/**
* Compares \p len bytes from @p a with @p b in constant time. This
* functions always traverses the entire length to prevent timing
* attacks.
*
* \param a Byte sequence to compare
* \param b Byte sequence to compare
* \param len Number of bytes to compare.
* \return \c 1 if \p a and \p b are equal, \c 0 otherwise.
*/
static inline int
dtls_equals(unsigned char *a, unsigned char *b, size_t len)
{
int result = 1;
while (len--) {
result &= (*a++ == *b++);
}
return result;
}
#ifdef HAVE_FLS
#define dtls_fls(i) fls(i)
#else
static inline int
dtls_fls(unsigned int i) {
int n;
for (n = 0; i; n++)
i >>= 1;
return n;
}
#endif /* HAVE_FLS */
#include "dtls-support.h"
#endif /* _DTLS_TINYDTLS_H_ */