dtls_misc.h
Go to the documentation of this file.
1 /**
2  * @file dtls_misc.h
3  * @brief DTLS (Datagram Transport Layer Security)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.0
29  **/
30 
31 #ifndef _DTLS_MISC_H
32 #define _DTLS_MISC_H
33 
34 //DTLS version numbers
35 #define DTLS_VERSION_1_0 0xFEFF
36 #define DTLS_VERSION_1_2 0xFEFD
37 #define DTLS_VERSION_1_3 0xFEFC
38 
39 //DTLS support
40 #ifndef DTLS_SUPPORT
41  #define DTLS_SUPPORT DISABLED
42 #elif (DTLS_SUPPORT != ENABLED && DTLS_SUPPORT != DISABLED)
43  #error DTLS_SUPPORT parameter is not valid
44 #endif
45 
46 //Default PMTU value
47 #ifndef DTLS_DEFAULT_PMTU
48  #define DTLS_DEFAULT_PMTU 1452
49 #elif (DTLS_DEFAULT_PMTU < 64)
50  #error DTLS_DEFAULT_PMTU parameter is not valid
51 #endif
52 
53 //Minimum PMTU value
54 #ifndef DTLS_MIN_PMTU
55  #define DTLS_MIN_PMTU 528
56 #elif (DTLS_MIN_PMTU < 64)
57  #error DTLS_MIN_PMTU parameter is not valid
58 #endif
59 
60 //Replay protection
61 #ifndef DTLS_REPLAY_DETECTION_SUPPORT
62  #define DTLS_REPLAY_DETECTION_SUPPORT ENABLED
63 #elif (DTLS_REPLAY_DETECTION_SUPPORT != ENABLED && DTLS_REPLAY_DETECTION_SUPPORT != DISABLED)
64  #error DTLS_REPLAY_DETECTION_SUPPORT parameter is not valid
65 #endif
66 
67 //Size of the sliding window for replay protection
68 #ifndef DTLS_REPLAY_WINDOW_SIZE
69  #define DTLS_REPLAY_WINDOW_SIZE 64
70 #elif (DTLS_REPLAY_WINDOW_SIZE < 1)
71  #error DTLS_REPLAY_WINDOW_SIZE parameter is not valid
72 #endif
73 
74 //Maximum size for cookies
75 #ifndef DTLS_MAX_COOKIE_SIZE
76  #define DTLS_MAX_COOKIE_SIZE 32
77 #elif (DTLS_MAX_COOKIE_SIZE < 32)
78  #error DTLS_MAX_COOKIE_SIZE parameter is not valid
79 #endif
80 
81 //Maximum number of retransmissions
82 #ifndef DTLS_MAX_RETRIES
83  #define DTLS_MAX_RETRIES 5
84 #elif (DTLS_MAX_RETRIES < 1)
85  #error DTLS_MAX_RETRIES parameter is not valid
86 #endif
87 
88 //Initial retransmission timeout
89 #ifndef DTLS_INIT_TIMEOUT
90  #define DTLS_INIT_TIMEOUT 1000
91 #elif (DTLS_INIT_TIMEOUT < 100)
92  #error DTLS_INIT_TIMEOUT parameter is not valid
93 #endif
94 
95 //Minimum retransmission timeout
96 #ifndef DTLS_MIN_TIMEOUT
97  #define DTLS_MIN_TIMEOUT 500
98 #elif (DTLS_MIN_TIMEOUT < 100)
99  #error DTLS_MIN_TIMEOUT parameter is not valid
100 #endif
101 
102 //Maximum retransmission timeout
103 #ifndef DTLS_MAX_TIMEOUT
104  #define DTLS_MAX_TIMEOUT 60000
105 #elif (DTLS_MAX_TIMEOUT < 1000)
106  #error DTLS_MAX_TIMEOUT parameter is not valid
107 #endif
108 
109 //C++ guard
110 #ifdef __cplusplus
111 extern "C" {
112 #endif
113 
114 
115 /**
116  * @brief DTLS retransmission states
117  **/
118 
119 typedef enum
120 {
121  DTLS_RETRANSMIT_STATE_PREPARING = 0,
122  DTLS_RETRANSMIT_STATE_SENDING = 1,
123  DTLS_RETRANSMIT_STATE_WAITING = 2,
124  DTLS_RETRANSMIT_STATE_FINISHED = 3
125 } DtlsRetransmitState;
126 
127 
128 //CC-RX, CodeWarrior or Win32 compiler?
129 #if defined(__CCRX__)
130  #pragma pack
131 #elif defined(__CWCC__) || defined(_WIN32)
132  #pragma pack(push, 1)
133 #endif
134 
135 
136 /**
137  * @brief Sequence number
138  **/
139 
140 typedef __packed_struct
141 {
142  uint8_t b[6];
143 } DtlsSequenceNumber;
144 
145 
146 /**
147  * @brief Cookie
148  **/
149 
150 typedef __packed_struct
151 {
152  uint8_t length; //0
153  uint8_t value[]; //1
154 } DtlsCookie;
155 
156 
157 /**
158  * @brief List of supported versions
159  **/
160 
161 typedef __packed_struct
162 {
163  uint8_t length; //0
164  uint16_t value[]; //1
165 } DtlsSupportedVersionList;
166 
167 
168 /**
169  * @brief DTLS record
170  **/
171 
172 typedef __packed_struct
173 {
174  uint8_t type; //0
175  uint16_t version; //1-2
176  uint16_t epoch; //3-4
177  DtlsSequenceNumber seqNum; //5-10
178  uint16_t length; //11-12
179  uint8_t data[]; //13
180 } DtlsRecord;
181 
182 
183 /**
184  * @brief DTLS handshake message
185  **/
186 
187 typedef __packed_struct
188 {
189  uint8_t msgType; //0
190  uint8_t length[3]; //1-3
191  uint16_t msgSeq; //4-5
192  uint8_t fragOffset[3]; //6-8
193  uint8_t fragLength[3]; //9-11
194  uint8_t data[]; //12
195 } DtlsHandshake;
196 
197 
198 /**
199  * @brief HelloVerifyRequest message
200  **/
201 
202 typedef __packed_struct
203 {
204  uint16_t serverVersion; //0-1
205  uint8_t cookieLength; //2
206  uint8_t cookie[]; //3
207 } DtlsHelloVerifyRequest;
208 
209 
210 //CC-RX, CodeWarrior or Win32 compiler?
211 #if defined(__CCRX__)
212  #pragma unpack
213 #elif defined(__CWCC__) || defined(_WIN32)
214  #pragma pack(pop)
215 #endif
216 
217 
218 /**
219  * @brief Client parameters
220  **/
221 
222 typedef struct
223 {
224  uint16_t version;
225  const uint8_t *random;
226  size_t randomLen;
227  const uint8_t *sessionId;
228  size_t sessionIdLen;
229  const uint8_t *cipherSuites;
230  size_t cipherSuitesLen;
231  const uint8_t *compressMethods;
232  size_t compressMethodsLen;
233 } DtlsClientParameters;
234 
235 
236 /**
237  * @brief DTLS cookie generation callback function
238  **/
239 
240 typedef error_t (*DtlsCookieGenerateCallback)(TlsContext *context,
241  const DtlsClientParameters *clientParams, uint8_t *cookie,
242  size_t *length, void *param);
243 
244 
245 /**
246  * @brief DTLS cookie verification callback function
247  **/
248 
249 typedef error_t (*DtlsCookieVerifyCallback)(TlsContext *context,
250  const DtlsClientParameters *clientParams, const uint8_t *cookie,
251  size_t length, void *param);
252 
253 
254 //DTLS specific functions
255 error_t dtlsSelectVersion(TlsContext *context, uint16_t version);
256 uint16_t dtlsTranslateVersion(uint16_t version);
257 
258 error_t dtlsFormatCookie(TlsContext *context, uint8_t *p, size_t *written);
259 
260 error_t dtlsVerifyCookie(TlsContext *context, const DtlsCookie *cookie,
261  const DtlsClientParameters *clientParams);
262 
263 error_t dtlsSendHelloVerifyRequest(TlsContext *context);
264 
265 error_t dtlsFormatHelloVerifyRequest(TlsContext *context,
266  DtlsHelloVerifyRequest *message, size_t *length);
267 
268 error_t dtlsParseHelloVerifyRequest(TlsContext *context,
269  const DtlsHelloVerifyRequest *message, size_t length);
270 
271 error_t dtlsParseClientSupportedVersionsExtension(TlsContext *context,
272  const DtlsSupportedVersionList *supportedVersionList);
273 
274 void dtlsInitReplayWindow(TlsContext *context);
275 error_t dtlsCheckReplayWindow(TlsContext *context, DtlsSequenceNumber *seqNum);
276 void dtlsUpdateReplayWindow(TlsContext *context, DtlsSequenceNumber *seqNum);
277 
278 //C++ guard
279 #ifdef __cplusplus
280 }
281 #endif
282 
283 #endif
message
uint8_t message[]
Definition: chap.h:154
type
uint8_t type
Definition: coap_common.h:176
dtlsUpdateReplayWindow
void dtlsUpdateReplayWindow(TlsContext *context, DtlsSequenceNumber *seqNum)
Update sliding window.
Definition: dtls_misc.c:550
cookie
uint8_t cookie[]
Definition: dtls_misc.h:206
DtlsCookie
DtlsCookie
Definition: dtls_misc.h:154
fragLength
uint8_t fragLength[3]
Definition: dtls_misc.h:193
DtlsCookieGenerateCallback
error_t(* DtlsCookieGenerateCallback)(TlsContext *context, const DtlsClientParameters *clientParams, uint8_t *cookie, size_t *length, void *param)
DTLS cookie generation callback function.
Definition: dtls_misc.h:240
dtlsSelectVersion
error_t dtlsSelectVersion(TlsContext *context, uint16_t version)
Set the DTLS version to be used.
Definition: dtls_misc.c:53
dtlsTranslateVersion
uint16_t dtlsTranslateVersion(uint16_t version)
Translate TLS version into DTLS version.
Definition: dtls_misc.c:112
msgSeq
uint16_t msgSeq
Definition: dtls_misc.h:191
seqNum
DtlsSequenceNumber seqNum
Definition: dtls_misc.h:177
dtlsParseClientSupportedVersionsExtension
error_t dtlsParseClientSupportedVersionsExtension(TlsContext *context, const DtlsSupportedVersionList *supportedVersionList)
Parse SupportedVersions extension.
Definition: dtls_misc.c:401
DtlsHelloVerifyRequest
DtlsHelloVerifyRequest
Definition: dtls_misc.h:207
data
uint8_t data[]
Definition: dtls_misc.h:179
dtlsParseHelloVerifyRequest
error_t dtlsParseHelloVerifyRequest(TlsContext *context, const DtlsHelloVerifyRequest *message, size_t length)
Parse HelloVerifyRequest message.
Definition: dtls_misc.c:329
value
uint8_t value[]
Definition: dtls_misc.h:153
DtlsRecord
DtlsRecord
Definition: dtls_misc.h:180
DtlsRetransmitState
DtlsRetransmitState
DTLS retransmission states.
Definition: dtls_misc.h:120
DTLS_RETRANSMIT_STATE_FINISHED
@ DTLS_RETRANSMIT_STATE_FINISHED
Definition: dtls_misc.h:124
DTLS_RETRANSMIT_STATE_SENDING
@ DTLS_RETRANSMIT_STATE_SENDING
Definition: dtls_misc.h:122
DTLS_RETRANSMIT_STATE_WAITING
@ DTLS_RETRANSMIT_STATE_WAITING
Definition: dtls_misc.h:123
DTLS_RETRANSMIT_STATE_PREPARING
@ DTLS_RETRANSMIT_STATE_PREPARING
Definition: dtls_misc.h:121
DtlsSequenceNumber
DtlsSequenceNumber
Definition: dtls_misc.h:143
fragOffset
uint8_t fragOffset[3]
Definition: dtls_misc.h:192
length
uint16_t length
Definition: dtls_misc.h:178
dtlsInitReplayWindow
void dtlsInitReplayWindow(TlsContext *context)
Initialize sliding window.
Definition: dtls_misc.c:448
version
uint16_t version
Definition: dtls_misc.h:175
__packed_struct
typedef __packed_struct
Sequence number.
Definition: dtls_misc.h:141
DtlsSupportedVersionList
DtlsSupportedVersionList
Definition: dtls_misc.h:165
DtlsHandshake
DtlsHandshake
Definition: dtls_misc.h:195
dtlsSendHelloVerifyRequest
error_t dtlsSendHelloVerifyRequest(TlsContext *context)
Send HelloVerifyRequest message.
Definition: dtls_misc.c:247
DtlsCookieVerifyCallback
error_t(* DtlsCookieVerifyCallback)(TlsContext *context, const DtlsClientParameters *clientParams, const uint8_t *cookie, size_t length, void *param)
DTLS cookie verification callback function.
Definition: dtls_misc.h:249
dtlsCheckReplayWindow
error_t dtlsCheckReplayWindow(TlsContext *context, DtlsSequenceNumber *seqNum)
Perform replay detection.
Definition: dtls_misc.c:469
dtlsVerifyCookie
error_t dtlsVerifyCookie(TlsContext *context, const DtlsCookie *cookie, const DtlsClientParameters *clientParams)
Cookie verification.
Definition: dtls_misc.c:178
dtlsFormatHelloVerifyRequest
error_t dtlsFormatHelloVerifyRequest(TlsContext *context, DtlsHelloVerifyRequest *message, size_t *length)
Format HelloVerifyRequest message.
Definition: dtls_misc.c:291
epoch
uint16_t epoch
Definition: dtls_misc.h:176
cookieLength
uint8_t cookieLength
Definition: dtls_misc.h:205
dtlsFormatCookie
error_t dtlsFormatCookie(TlsContext *context, uint8_t *p, size_t *written)
Format Cookie field.
Definition: dtls_misc.c:144
error_t
error_t
Error codes.
Definition: error.h:43
msgType
uint8_t msgType
Definition: mqtt_sn_common.h:183
b
uint8_t b
Definition: nbns_common.h:104
p
uint8_t p
Definition: ndp.h:300
DtlsClientParameters
Client parameters.
Definition: dtls_misc.h:223
DtlsClientParameters::compressMethods
const uint8_t * compressMethods
Definition: dtls_misc.h:231
DtlsClientParameters::cipherSuites
const uint8_t * cipherSuites
Definition: dtls_misc.h:229
DtlsClientParameters::compressMethodsLen
size_t compressMethodsLen
Definition: dtls_misc.h:232
DtlsClientParameters::random
const uint8_t * random
Definition: dtls_misc.h:225
DtlsClientParameters::sessionId
const uint8_t * sessionId
Definition: dtls_misc.h:227
TlsContext
#define TlsContext
Definition: tls.h:36