32 #define TRACE_LEVEL TLS_TRACE_LEVEL
46 #if (TLS_SUPPORT == ENABLED && DTLS_SUPPORT == ENABLED)
77 context->retransmitCount = 0;
92 context->retransmitCount = 0;
103 context->retransmitCount = 0;
111 context->txBufferLen = 0;
141 if(context->rxBufferLen > 0)
146 else if(context->rxRecordLen > 0)
162 else if(context->rxDatagramLen > 0)
180 error =
dtlsReadDatagram(context, context->rxBuffer + context->rxFragQueueLen,
181 context->rxBufferSize - context->rxFragQueueLen, &context->rxDatagramLen);
187 context->rxDatagramPos = context->rxBufferSize - context->rxDatagramLen;
190 osMemmove(context->rxBuffer + context->rxDatagramPos,
191 context->rxBuffer + context->rxFragQueueLen, context->rxDatagramLen);
199 #if (TLS_MAX_WARNING_ALERTS > 0)
202 context->alertCount = 0;
206 *
data = context->rxBuffer + context->rxBufferPos;
208 *
length = context->rxBufferLen;
210 *contentType = context->rxBufferType;
239 if((context->txBufferLen +
n) > context->txBufferSize)
243 encryptionEngine = &context->encryptionEngine;
246 record = (
DtlsRecord *) (context->txBuffer + context->txBufferLen);
252 record->type = contentType;
254 record->epoch =
htons(encryptionEngine->epoch);
265 context->txBufferLen +=
n;
270 record->seqNum = encryptionEngine->dtlsSeqNum;
276 if((context->txBufferLen +
n) > context->txBufferSize)
281 encryptionEngine->hashAlgo != NULL)
304 error = context->socketSendCallback(context->socketHandle, record,
n, &
n, 0);
329 decryptionEngine = &context->decryptionEngine;
332 if(context->rxDatagramLen <
sizeof(
DtlsRecord))
335 context->rxDatagramLen = 0;
341 record = (
DtlsRecord *) (context->rxBuffer + context->rxDatagramPos);
343 recordLen =
ntohs(record->length);
346 if((recordLen +
sizeof(
DtlsRecord)) > context->rxDatagramLen)
349 context->rxDatagramLen = 0;
359 context->rxRecordPos = context->rxDatagramPos +
sizeof(
DtlsRecord);
362 context->rxDatagramPos += recordLen +
sizeof(
DtlsRecord);
363 context->rxDatagramLen -= recordLen +
sizeof(
DtlsRecord);
371 if(
ntohs(record->epoch) != context->decryptionEngine.epoch)
382 decryptionEngine->hashAlgo != NULL)
399 recordLen =
ntohs(record->length);
406 context->rxRecordVersion =
ntohs(record->version);
410 context->rxRecordLen = recordLen;
438 context->rxRecordLen = 0;
462 context->rxRecordLen = 0;
488 context->txMsgSeq = 0;
498 if(context->decryptionEngine.epoch == 0)
503 context->encryptionEngine.dtlsSeqNum = context->decryptionEngine.dtlsSeqNum;
525 if(context->txBufferLen > 0)
580 context->rxFragQueueLen = 0;
594 context->rxFragQueueLen = 0;
599 context->rxBufferPos = 0;
611 context->txBufferLen = 0;
624 context->rxRecordLen = 0;
636 context->rxRecordLen = 0;
647 context->rxRecordLen = 0;
661 if(context->rxRecordLen <
sizeof(
TlsAlert))
664 context->rxRecordLen = 0;
676 context->txBufferLen = 0;
681 context->rxRecordLen = 0;
694 context->rxRecordLen = 0;
700 context->rxBufferLen = context->rxRecordLen;
702 context->rxBufferPos = 0;
705 osMemcpy(context->rxBuffer, context->rxBuffer + context->rxRecordPos,
706 context->rxRecordLen);
709 context->rxRecordLen = 0;
711 context->rxFragQueueLen = 0;
736 pmtu =
MIN(context->pmtu, context->txBufferSize - context->txBufferLen);
743 datagram = context->txBuffer + context->txBufferLen;
745 context->txDatagramLen = 0;
747 context->txBufferPos = 0;
751 while(context->txBufferPos < context->txBufferLen)
754 record = (
DtlsRecord *) (context->txBuffer + context->txBufferPos);
760 if(
ntohs(record->epoch) == context->encryptionEngine.epoch)
762 encryptionEngine = &context->encryptionEngine;
766 encryptionEngine = &context->prevEncryptionEngine;
785 if(context->txDatagramLen > 0)
793 if((context->txDatagramLen +
n) > pmtu)
797 context->txDatagramLen);
800 error = context->socketSendCallback(context->socketHandle,
801 datagram, context->txDatagramLen, &
n, 0);
807 context->txDatagramLen = 0;
817 if((context->txBufferLen + context->txDatagramLen +
n) > context->txBufferSize)
822 osMemcpy(datagram + context->txDatagramLen, record,
826 record = (
DtlsRecord *) (datagram + context->txDatagramLen);
830 record->seqNum = encryptionEngine->dtlsSeqNum;
834 encryptionEngine->hashAlgo != NULL)
856 if(context->txDatagramLen > 0)
860 context->txDatagramLen);
863 error = context->socketSendCallback(context->socketHandle, datagram,
864 context->txDatagramLen, &
n, 0);
870 context->txDatagramLen = 0;
876 context->retransmitCount++;
907 pmtu =
MIN(context->pmtu, context->txBufferSize - context->txBufferLen);
919 maxFragSize = pmtu -
n;
922 datagram = context->txBuffer + context->txBufferLen;
935 if(context->txDatagramLen > 0)
943 if((context->txDatagramLen +
n) > pmtu)
947 context->txDatagramLen);
950 error = context->socketSendCallback(context->socketHandle,
951 datagram, context->txDatagramLen, &
n, 0);
957 context->txDatagramLen = 0;
963 record = (
DtlsRecord *) (datagram + context->txDatagramLen);
968 record->epoch =
htons(encryptionEngine->epoch);
969 record->seqNum = encryptionEngine->dtlsSeqNum;
976 fragment->msgType =
message->msgType;
980 fragment->msgSeq =
message->msgSeq;
992 TRACE_DEBUG(
" msgType = %u\r\n", fragment->msgType);
1000 encryptionEngine->hashAlgo != NULL)
1044 size_t prevFragOffset;
1045 size_t prevFragLength;
1058 while(pos < context->rxFragQueueLen)
1064 if(
message->msgType != fragment->msgType)
1080 if((context->rxFragQueueLen +
fragLength) > (context->rxBufferSize - context->rxDatagramLen))
1088 context->rxFragQueueLen - pos);
1098 prevFragOffset =
LOAD24BE(prevFragment->fragOffset);
1100 prevFragLength =
LOAD24BE(prevFragment->fragLength);
1106 while(pos < context->rxFragQueueLen)
1117 if(
fragOffset <= (prevFragOffset + prevFragLength))
1134 prevFragLength +=
n;
1136 STORE24BE(prevFragLength, prevFragment->fragLength);
1157 prevFragment = fragment;
1178 size_t size,
size_t *
length)
1190 error = context->socketReceiveCallback(context->socketHandle,
data,
1268 if(context->txBufferLen > 0)
1275 context->retransmitTimeout) >= 0)
1287 context->retransmitTimeout =
MIN(context->retransmitTimeout * 2,
1315 seqNum->b[5] = temp & 0xFF;
1316 temp = (temp >> 8) +
seqNum->b[4];
1317 seqNum->b[4] = temp & 0xFF;
1318 temp = (temp >> 8) +
seqNum->b[3];
1319 seqNum->b[3] = temp & 0xFF;
1320 temp = (temp >> 8) +
seqNum->b[2];
1321 seqNum->b[2] = temp & 0xFF;
1322 temp = (temp >> 8) +
seqNum->b[1];
1323 seqNum->b[1] = temp & 0xFF;
1324 temp = (temp >> 8) +
seqNum->b[0];
1325 seqNum->b[0] = temp & 0xFF;
#define TRACE_DEBUG_ARRAY(p, a, n)
#define TRACE_WARNING(...)
void dtlsUpdateReplayWindow(TlsContext *context, DtlsSequenceNumber *seqNum)
Update sliding window.
uint16_t dtlsTranslateVersion(uint16_t version)
Translate TLS version into DTLS version.
error_t dtlsCheckReplayWindow(TlsContext *context, DtlsSequenceNumber *seqNum)
Perform replay detection.
DTLS (Datagram Transport Layer Security)
#define DTLS_INIT_TIMEOUT
error_t dtlsProcessRecord(TlsContext *context)
Process incoming DTLS record.
error_t dtlsTick(TlsContext *context)
Manage retransmission timer.
error_t dtlsReassembleHandshakeMessage(TlsContext *context, const DtlsHandshake *message)
Handshake message reassembly algorithm.
error_t dtlsReadDatagram(TlsContext *context, uint8_t *data, size_t size, size_t *length)
Receive a datagram.
error_t dtlsFragmentHandshakeMessage(TlsContext *context, uint16_t version, TlsEncryptionEngine *encryptionEngine, const DtlsHandshake *message)
Handshake message fragmentation.
error_t dtlsWriteProtocolData(TlsContext *context, const uint8_t *data, size_t length, TlsContentType contentType)
Write protocol data.
error_t dtlsWriteRecord(TlsContext *context, const uint8_t *data, size_t length, TlsContentType contentType)
Send a DTLS record.
error_t dtlsReadProtocolData(TlsContext *context, uint8_t **data, size_t *length, TlsContentType *contentType)
Read protocol data.
error_t dtlsSendFlight(TlsContext *context)
Send the buffered flight of messages.
void dtlsIncSequenceNumber(DtlsSequenceNumber *seqNum)
Increment sequence number.
error_t dtlsReadRecord(TlsContext *context)
Receive a DTLS record.
@ ERROR_INVALID_SEQUENCE_NUMBER
@ ERROR_VERSION_NOT_SUPPORTED
@ ERROR_UNEXPECTED_MESSAGE
#define osMemset(p, value, length)
#define osMemmove(dest, src, length)
#define osMemcpy(dest, src, length)
#define timeCompare(t1, t2)
systime_t osGetSystemTime(void)
Retrieve system time.
uint32_t systime_t
System time.
TLS (Transport Layer Security)
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC
@ TLS_STATE_HELLO_VERIFY_REQUEST
@ TLS_STATE_CLIENT_FINISHED
@ TLS_STATE_SERVER_FINISHED
@ TLS_STATE_APPLICATION_DATA
@ TLS_STATE_HELLO_RETRY_REQUEST
@ TLS_STATE_SERVER_HELLO_DONE
@ TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC
TlsContentType
Content type.
@ TLS_TYPE_CHANGE_CIPHER_SPEC
@ TLS_TYPE_APPLICATION_DATA
#define TLS_MAX_RECORD_LENGTH
@ TLS_CONNECTION_END_CLIENT
#define TlsEncryptionEngine
@ TLS_TYPE_SERVER_HELLO_DONE
@ TLS_TYPE_HELLO_VERIFY_REQUEST
Handshake message processing (TLS client and server)
size_t tlsComputeEncryptionOverhead(TlsEncryptionEngine *encryptionEngine, size_t payloadLen)
Compute overhead caused by encryption.
error_t tlsDecryptRecord(TlsContext *context, TlsEncryptionEngine *decryptionEngine, void *record)
Decrypt an incoming TLS record.
error_t tlsEncryptRecord(TlsContext *context, TlsEncryptionEngine *encryptionEngine, void *record)
Encrypt an outgoing TLS record.