Skip to content

Commit

Permalink
dtls.c: add cipher_suite_param_t
Browse files Browse the repository at this point in the history
Use cipher_suite_param_t for cipher-suite specific mac_len and
key_exchange_algorithm. Introduce dtls_cipher_index_t for simplified
cipher-suite parameter lookup. Cleanup old functions.

Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
  • Loading branch information
boaks committed Nov 29, 2022
1 parent b1a794c commit 304fa0f
Show file tree
Hide file tree
Showing 3 changed files with 220 additions and 181 deletions.
16 changes: 9 additions & 7 deletions crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -157,12 +157,14 @@ dtls_handshake_parameters_t *dtls_handshake_new(void)

memset(handshake, 0, sizeof(*handshake));

/* initialize the handshake hash wrt. the hard-coded DTLS version */
dtls_debug("DTLSv12: initialize HASH_SHA256\n");
/* TLS 1.2: PRF(secret, label, seed) = P_<hash>(secret, label + seed) */
/* FIXME: we use the default SHA256 here, might need to support other
hash functions as well */
dtls_hash_init(&handshake->hs_state.hs_hash);
if (handshake) {
/* initialize the handshake hash wrt. the hard-coded DTLS version */
dtls_debug("DTLSv12: initialize HASH_SHA256\n");
/* TLS 1.2: PRF(secret, label, seed) = P_<hash>(secret, label + seed) */
/* FIXME: we use the default SHA256 here, might need to support other
hash functions as well */
dtls_hash_init(&handshake->hs_state.hs_hash);
}
return handshake;
}

Expand All @@ -187,7 +189,7 @@ dtls_security_parameters_t *dtls_security_new(void)

memset(security, 0, sizeof(*security));

security->cipher = TLS_NULL_WITH_NULL_NULL;
security->cipher_index = DTLS_CIPHER_INDEX_NULL;
security->compression = TLS_COMPRESSION_NULL;

return security;
Expand Down
10 changes: 8 additions & 2 deletions crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,12 @@
#define DTLS_MASTER_SECRET_LENGTH 48
#define DTLS_RANDOM_LENGTH 32

/** Type of index in cipher parameter table */
typedef uint8_t dtls_cipher_index_t;
/** Index in cipher parameter table for NULL cipher */
#define DTLS_CIPHER_INDEX_NULL 0


typedef enum { AES128=0
} dtls_crypto_alg;

Expand Down Expand Up @@ -105,7 +111,7 @@ typedef struct {
typedef struct {
dtls_compression_t compression; /**< compression method */

dtls_cipher_t cipher; /**< cipher type */
dtls_cipher_index_t cipher_index; /**< internal index for cipher_suite_params, DTLS_CIPHER_INDEX_NULL for TLS_NULL_WITH_NULL_NULL */
uint16_t epoch; /**< counter for cipher state changes*/
uint64_t rseq; /**< sequence number of last record sent */

Expand Down Expand Up @@ -135,7 +141,7 @@ typedef struct {
dtls_hs_state_t hs_state; /**< handshake protocol status */

dtls_compression_t compression; /**< compression method */
dtls_cipher_t cipher; /**< cipher type */
dtls_cipher_index_t cipher_index; /**< internal index for cipher_suite_params, DTLS_CIPHER_INDEX_NULL for TLS_NULL_WITH_NULL_NULL */
unsigned int do_client_auth:1;
unsigned int extended_master_secret:1;
union {
Expand Down
Loading

0 comments on commit 304fa0f

Please sign in to comment.