tls_misc.c
Go to the documentation of this file.
1 /**
2  * @file tls_misc.c
3  * @brief TLS helper functions
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneSSL Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @author Oryx Embedded SARL (www.oryx-embedded.com)
26  * @version 1.9.0
27  **/
28 
29 //Switch to the appropriate trace level
30 #define TRACE_LEVEL TLS_TRACE_LEVEL
31 
32 //Dependencies
33 #include <string.h>
34 #include "tls.h"
35 #include "tls_cipher_suites.h"
36 #include "tls_common.h"
37 #include "tls_ffdhe.h"
38 #include "tls_misc.h"
39 #include "tls13_key_material.h"
40 #include "encoding/oid.h"
41 #include "debug.h"
42 
43 //Check TLS library configuration
44 #if (TLS_SUPPORT == ENABLED)
45 
46 
47 /**
48  * @brief Translate an error code to an alert message
49  * @param[in] context Pointer to the TLS context
50  * @param[in] errorCode Internal error code
51  * @return Error code
52  **/
53 
55 {
56  //Check current state
57  if(context->state != TLS_STATE_INIT &&
58  context->state != TLS_STATE_CLOSED)
59  {
60  //Check status code
61  switch(errorCode)
62  {
63  //The timeout interval has elapsed
64  case ERROR_TIMEOUT:
65  break;
66  //The read/write operation would have blocked
67  case ERROR_WOULD_BLOCK:
68  break;
69  //Failed to allocate memory
71  break;
72  //The read/write operation has failed
73  case ERROR_WRITE_FAILED:
74  case ERROR_READ_FAILED:
75  context->state = TLS_STATE_CLOSED;
76  break;
77  //An inappropriate message was received
80  break;
81  //A record is received with an incorrect MAC
84  break;
85  //Invalid record length
88  break;
89  //Unable to negotiate an acceptable set of security parameters
92  break;
93  //A certificate was corrupt
96  break;
97  //A certificate was of an unsupported type
100  break;
101  //A certificate has expired or is not currently valid
104  break;
105  //A field in the handshake was out of range or inconsistent with other fields
108  break;
109  //The certificate could not be matched with a known, trusted CA
110  case ERROR_UNKNOWN_CA:
112  break;
113  //A message could not be decoded because some field was incorrect
116  break;
117  //A handshake cryptographic operation failed
121  break;
122  //The protocol version the client has attempted to negotiate is not supported
125  break;
126  //Inappropriate fallback detected by the server
129  break;
130  //Handshake message not containing an extension that is mandatory
133  break;
134  //The ServerHello contains an extension not present in the ClientHello
137  break;
138  //No application protocol supported by the server
141  break;
142  //Internal error
143  default:
145  break;
146  }
147  }
148 }
149 
150 
151 /**
152  * @brief Generate client or server random value
153  * @param[in] context Pointer to the TLS context
154  * @param[out] random Pointer to the random value
155  * @return Error code
156  **/
157 
159 {
160  error_t error;
161 
162  //Verify that the pseudorandom number generator is properly configured
163  if(context->prngAlgo != NULL && context->prngContext != NULL)
164  {
165  //Generate a 32-byte random value using a cryptographically-safe
166  //pseudorandom number generator
167  error = context->prngAlgo->read(context->prngContext, random, 32);
168  }
169  else
170  {
171  //Report an error
172  error = ERROR_NOT_CONFIGURED;
173  }
174 
175 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
176  //Check status code
177  if(!error)
178  {
179  //TLS 1.3 has a downgrade protection mechanism embedded in the server's
180  //random value
181  if(context->entity == TLS_CONNECTION_END_SERVER)
182  {
183  //Check negotiated version
184  if(context->version <= TLS_VERSION_1_1 &&
185  context->versionMax >= TLS_VERSION_1_2)
186  {
187  //If negotiating TLS 1.1 or below, TLS 1.3 servers must, and TLS 1.2
188  //servers should, set the last eight bytes of their random value to
189  //the bytes 44 4F 57 4E 47 52 44 00
190  memcpy(random + 24, tls11DowngradeRandom, 8);
191  }
192  else if(context->version == TLS_VERSION_1_2 &&
193  context->versionMax >= TLS_VERSION_1_3)
194  {
195  //If negotiating TLS 1.2, TLS 1.3 servers must set the last eight
196  //bytes of their random value to the bytes 44 4F 57 4E 47 52 44 01
197  memcpy(random + 24, tls12DowngradeRandom, 8);
198  }
199  else
200  {
201  //No downgrade protection mechanism
202  }
203  }
204  }
205 #endif
206 
207  //Return status code
208  return error;
209 }
210 
211 
212 /**
213  * @brief Set the TLS version to be used
214  * @param[in] context Pointer to the TLS context
215  * @param[in] version TLS version
216  * @return Error code
217  **/
218 
220 {
221  error_t error;
222 
223  //Initialize status code
225 
226  //Check TLS version
227  if(version >= context->versionMin && version <= context->versionMax)
228  {
229  //Save the TLS protocol version to be used
230  context->version = version;
231  //The specified TLS version is acceptable
232  error = NO_ERROR;
233  }
234 
235  //Return status code
236  return error;
237 }
238 
239 
240 /**
241  * @brief Set cipher suite
242  * @param[in] context Pointer to the TLS context
243  * @param[in] identifier Cipher suite identifier
244  * @return Error code
245  **/
246 
248 {
249  error_t error;
250  uint_t i;
251  uint_t n;
253 
254  //Initialize status code
255  error = ERROR_HANDSHAKE_FAILED;
256 
257  //Determine the number of supported cipher suites
259 
260  //Loop through the list of supported cipher suites
261  for(cipherSuite = NULL, i = 0; i < n; i++)
262  {
263  //Compare cipher suite identifiers
265  {
266  //The cipher suite is supported
268  break;
269  }
270  }
271 
272  //Restrict the use of certain cipher suites
273  if(context->numCipherSuites > 0)
274  {
275  //Loop through the list of allowed cipher suites
276  for(i = 0; i < context->numCipherSuites; i++)
277  {
278  //Compare cipher suite identifiers
279  if(context->cipherSuites[i] == identifier)
280  break;
281  }
282 
283  //Check whether the use of the cipher suite is restricted
284  if(i >= context->numCipherSuites)
285  cipherSuite = NULL;
286  }
287 
288  //Acceptable cipher suite?
289  if(cipherSuite != NULL)
290  {
291  //Check whether the cipher suite can be negotiated with the negotiated
292  //protocol version
293  if(!tlsIsCipherSuiteAcceptable(cipherSuite, context->version,
294  context->version, context->transportProtocol))
295  {
296  cipherSuite = NULL;
297  }
298  }
299 
300  //Ensure that the selected cipher suite matches all the criteria
301  if(cipherSuite != NULL)
302  {
303  //Save the negotiated cipher suite
304  context->cipherSuite = *cipherSuite;
305  //Set the key exchange method to be used
306  context->keyExchMethod = cipherSuite->keyExchMethod;
307 
308  //PRF with the SHA-256 is used for all cipher suites published prior
309  //than TLS 1.2 when TLS 1.2 is negotiated
310  if(context->cipherSuite.prfHashAlgo == NULL)
311  context->cipherSuite.prfHashAlgo = SHA256_HASH_ALGO;
312 
313  //The length of the verify data depends on the TLS version currently used
314  if(context->version == SSL_VERSION_3_0)
315  {
316  //Verify data is always 36-byte long for SSL 3.0
317  context->cipherSuite.verifyDataLen = 36;
318  }
319  else if(context->version <= TLS_VERSION_1_1)
320  {
321  //Verify data is always 12-byte long for TLS 1.0 and 1.1
322  context->cipherSuite.verifyDataLen = 12;
323  }
324  else
325  {
326  //The length of the verify data depends on the cipher suite for TLS 1.2
327  }
328 
329  //The specified cipher suite is acceptable
330  error = NO_ERROR;
331  }
332 
333  //Return status code
334  return error;
335 }
336 
337 
338 /**
339  * @brief Set compression method
340  * @param[in] context Pointer to the TLS context
341  * @param[in] identifier Compression method identifier
342  * @return Error code
343  **/
344 
346 {
347  error_t error;
348 
349  //Initialize status code
350  error = ERROR_ILLEGAL_PARAMETER;
351 
352  //Null compression method?
354  {
355  //Save compression method identifier
356  context->compressMethod = identifier;
357  //The requested compression algorithm is supported
358  error = NO_ERROR;
359  }
360 
361  //Return status code
362  return error;
363 }
364 
365 
366 /**
367  * @brief Initialize encryption engine
368  * @param[in] context Pointer to the TLS context
369  * @param[in] encryptionEngine Pointer to the encryption/decryption engine to
370  * be initialized
371  * @param[in] entity Specifies whether client or server write keys shall be used
372  * @param[in] secret Pointer to the secret value
373  * @return Error code
374  **/
375 
377  TlsEncryptionEngine *encryptionEngine, TlsConnectionEnd entity,
378  const uint8_t *secret)
379 {
380  error_t error;
381  const CipherAlgo *cipherAlgo;
383 
384  //Point to the negotiated cipher suite
385  cipherSuite = &context->cipherSuite;
386  //Point to the cipher algorithm
387  cipherAlgo = cipherSuite->cipherAlgo;
388 
389  //Save the negotiated TLS version
390  encryptionEngine->version = context->version;
391 
392  //The sequence number is set to zero at the beginning of a connection
393  //and whenever the key is changed
394  memset(&encryptionEngine->seqNum, 0, sizeof(TlsSequenceNumber));
395 
396 #if (DTLS_SUPPORT == ENABLED)
397  //The epoch number is initially zero and is incremented each time a
398  //ChangeCipherSpec message is sent
399  encryptionEngine->epoch++;
400 
401  //Sequence numbers are maintained separately for each epoch, with each
402  //sequence number initially being 0 for each epoch
403  memset(&encryptionEngine->dtlsSeqNum, 0, sizeof(DtlsSequenceNumber));
404 #endif
405 
406  //Set appropriate length for MAC key, encryption key, authentication
407  //tag and IV
408  encryptionEngine->macKeyLen = cipherSuite->macKeyLen;
409  encryptionEngine->encKeyLen = cipherSuite->encKeyLen;
410  encryptionEngine->fixedIvLen = cipherSuite->fixedIvLen;
411  encryptionEngine->recordIvLen = cipherSuite->recordIvLen;
412  encryptionEngine->authTagLen = cipherSuite->authTagLen;
413 
414  //Set cipher and hash algorithms
415  encryptionEngine->cipherAlgo = cipherSuite->cipherAlgo;
416  encryptionEngine->cipherMode = cipherSuite->cipherMode;
417  encryptionEngine->hashAlgo = cipherSuite->hashAlgo;
418 
419  //Initialize cipher context
420  encryptionEngine->cipherContext = NULL;
421 
422 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
423  //Initialize HMAC context
424  encryptionEngine->hmacContext = &context->hmacContext;
425 #endif
426 
427 #if (TLS_GCM_CIPHER_SUPPORT == ENABLED)
428  //Initialize GCM context
429  encryptionEngine->gcmContext = NULL;
430 #endif
431 
432 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
433  //SSL 3.0, TLS 1.0, TLS 1.1 or TLS 1.2 currently selected?
434  if(context->version <= TLS_VERSION_1_2)
435  {
436  const uint8_t *p;
437 
438  //Check whether client or server write keys shall be used
439  if(entity == TLS_CONNECTION_END_CLIENT)
440  {
441  //Point to the key material
442  p = context->keyBlock;
443  //Save MAC key
444  memcpy(encryptionEngine->macKey, p, cipherSuite->macKeyLen);
445 
446  //Advance current position in the key block
447  p += 2 * cipherSuite->macKeyLen;
448  //Save encryption key
449  memcpy(encryptionEngine->encKey, p, cipherSuite->encKeyLen);
450 
451  //Advance current position in the key block
452  p += 2 * cipherSuite->encKeyLen;
453  //Save initialization vector
454  memcpy(encryptionEngine->iv, p, cipherSuite->fixedIvLen);
455  }
456  else
457  {
458  //Point to the key material
459  p = context->keyBlock + cipherSuite->macKeyLen;
460  //Save MAC key
461  memcpy(encryptionEngine->macKey, p, cipherSuite->macKeyLen);
462 
463  //Advance current position in the key block
464  p += cipherSuite->macKeyLen + cipherSuite->encKeyLen;
465  //Save encryption key
466  memcpy(encryptionEngine->encKey, p, cipherSuite->encKeyLen);
467 
468  //Advance current position in the key block
469  p += cipherSuite->encKeyLen + cipherSuite->fixedIvLen;
470  //Save initialization vector
471  memcpy(encryptionEngine->iv, p, cipherSuite->fixedIvLen);
472  }
473 
474  //Successful processing
475  error = NO_ERROR;
476  }
477  else
478 #endif
479 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
480  //TLS 1.3 currently selected?
481  if(context->version == TLS_VERSION_1_3)
482  {
483  const HashAlgo *hashAlgo;
484 
485  //The hash function used by HKDF is the cipher suite hash algorithm
486  hashAlgo = cipherSuite->prfHashAlgo;
487 
488  //Make sure the hash algorithm is valid
489  if(hashAlgo != NULL)
490  {
491  //Calculate the write key
492  error = tls13HkdfExpandLabel(hashAlgo, secret, hashAlgo->digestSize,
493  "key", NULL, 0, encryptionEngine->encKey, cipherSuite->encKeyLen);
494 
495  //Debug message
496  TRACE_DEBUG("Write Key:\r\n");
497  TRACE_DEBUG_ARRAY(" ", encryptionEngine->encKey, cipherSuite->encKeyLen);
498 
499  //Check status code
500  if(!error)
501  {
502  //Calculate the write IV
503  error = tls13HkdfExpandLabel(hashAlgo, secret, hashAlgo->digestSize,
504  "iv", NULL, 0, encryptionEngine->iv, cipherSuite->fixedIvLen);
505  }
506 
507  //Debug message
508  TRACE_DEBUG("Write IV:\r\n");
509  TRACE_DEBUG_ARRAY(" ", encryptionEngine->iv, cipherSuite->fixedIvLen);
510  }
511  else
512  {
513  //Invalid HKDF hash algorithm
514  error = ERROR_FAILURE;
515  }
516  }
517  else
518 #endif
519  //Invalid TLS version?
520  {
521  //Report an error
522  error = ERROR_INVALID_VERSION;
523  }
524 
525  //Check status code
526  if(!error)
527  {
528  //Check cipher mode of operation
529  if(encryptionEngine->cipherMode == CIPHER_MODE_STREAM ||
530  encryptionEngine->cipherMode == CIPHER_MODE_CBC ||
531  encryptionEngine->cipherMode == CIPHER_MODE_CCM ||
532  encryptionEngine->cipherMode == CIPHER_MODE_GCM)
533  {
534  //Allocate encryption context
535  encryptionEngine->cipherContext = tlsAllocMem(cipherAlgo->contextSize);
536 
537  //Successful memory allocation?
538  if(encryptionEngine->cipherContext != NULL)
539  {
540  //Configure the encryption engine with the write key
541  error = cipherAlgo->init(encryptionEngine->cipherContext,
542  encryptionEngine->encKey, cipherSuite->encKeyLen);
543  }
544  else
545  {
546  //Failed to allocate memory
547  error = ERROR_OUT_OF_MEMORY;
548  }
549  }
550  else if(encryptionEngine->cipherMode == CIPHER_MODE_NULL ||
551  encryptionEngine->cipherMode == CIPHER_MODE_CHACHA20_POLY1305)
552  {
553  //No need to allocate an encryption context
554  error = NO_ERROR;
555  }
556  else
557  {
558  //Unsupported mode of operation
559  error = ERROR_FAILURE;
560  }
561  }
562 
563 #if (TLS_GCM_CIPHER_SUPPORT == ENABLED)
564  //Check status code
565  if(!error)
566  {
567  //GCM cipher mode?
568  if(encryptionEngine->cipherMode == CIPHER_MODE_GCM)
569  {
570  //Allocate a memory buffer to hold the GCM context
571  encryptionEngine->gcmContext = tlsAllocMem(sizeof(GcmContext));
572 
573  //Successful memory allocation?
574  if(encryptionEngine->gcmContext != NULL)
575  {
576  //Initialize GCM context
577  error = gcmInit(encryptionEngine->gcmContext, cipherAlgo,
578  encryptionEngine->cipherContext);
579  }
580  else
581  {
582  //Failed to allocate memory
583  error = ERROR_OUT_OF_MEMORY;
584  }
585  }
586  }
587 #endif
588 
589  //Return status code
590  return error;
591 }
592 
593 
594 /**
595  * @brief Release encryption engine
596  * @param[in] encryptionEngine Pointer to the encryption/decryption engine
597  **/
598 
600 {
601  //Valid cipher context?
602  if(encryptionEngine->cipherContext != NULL)
603  {
604  //Erase cipher context
605  memset(encryptionEngine->cipherContext, 0,
606  encryptionEngine->cipherAlgo->contextSize);
607 
608  //Release memory
609  tlsFreeMem(encryptionEngine->cipherContext);
610  encryptionEngine->cipherContext = NULL;
611  }
612 
613 #if (TLS_GCM_CIPHER_SUPPORT == ENABLED)
614  //Valid GCM context?
615  if(encryptionEngine->gcmContext != NULL)
616  {
617  //Erase GCM context
618  memset(encryptionEngine->gcmContext, 0, sizeof(GcmContext));
619 
620  //Release memory
621  tlsFreeMem(encryptionEngine->gcmContext);
622  encryptionEngine->gcmContext = NULL;
623  }
624 #endif
625 
626  //Reset encryption parameters
627  encryptionEngine->cipherAlgo = NULL;
628  encryptionEngine->cipherMode = CIPHER_MODE_NULL;
629  encryptionEngine->hashAlgo = NULL;
630 }
631 
632 
633 /**
634  * @brief Encode a multiple precision integer to an opaque vector
635  * @param[in] a Pointer to a multiple precision integer
636  * @param[out] data Buffer where to store the opaque vector
637  * @param[out] length Total number of bytes that have been written
638  * @return Error code
639  **/
640 
641 error_t tlsWriteMpi(const Mpi *a, uint8_t *data, size_t *length)
642 {
643  error_t error;
644  size_t n;
645 
646  //Retrieve the actual size of the integer
647  n = mpiGetByteLength(a);
648 
649  //The data is preceded by a 2-byte length field
650  STORE16BE(n, data);
651 
652  //Convert the integer to an octet string
653  error = mpiExport(a, data + 2, n, MPI_FORMAT_BIG_ENDIAN);
654  //Conversion failed?
655  if(error)
656  return error;
657 
658  //Return the total number of bytes that have been written
659  *length = n + 2;
660  //Successful processing
661  return NO_ERROR;
662 }
663 
664 
665 /**
666  * @brief Read a multiple precision integer from an opaque vector
667  * @param[out] a Resulting multiple precision integer
668  * @param[in] data Buffer where to read the opaque vector
669  * @param[in] size Total number of bytes available in the buffer
670  * @param[out] length Total number of bytes that have been read
671  * @return Error code
672  **/
673 
674 error_t tlsReadMpi(Mpi *a, const uint8_t *data, size_t size, size_t *length)
675 {
676  error_t error;
677  size_t n;
678 
679  //Buffer underrun?
680  if(size < 2)
681  return ERROR_DECODING_FAILED;
682 
683  //Decode the length field
684  n = LOAD16BE(data);
685 
686  //Buffer underrun?
687  if(size < (n + 2))
688  return ERROR_DECODING_FAILED;
689 
690  //Convert the octet string to a multiple precision integer
691  error = mpiImport(a, data + 2, n, MPI_FORMAT_BIG_ENDIAN);
692  //Any error to report?
693  if(error)
694  return error;
695 
696  //Return the total number of bytes that have been read
697  *length = n + 2;
698  //Successful processing
699  return NO_ERROR;
700 }
701 
702 
703 /**
704  * @brief Encode an EC point to an opaque vector
705  * @param[in] params EC domain parameters
706  * @param[in] a Pointer to an EC point
707  * @param[out] data Buffer where to store the opaque vector
708  * @param[out] length Total number of bytes that have been written
709  * @return Error code
710  **/
711 
713  const EcPoint *a, uint8_t *data, size_t *length)
714 {
715 #if (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
716  TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED)
717  error_t error;
718 
719  //Convert the EC point to an octet string
720  error = ecExport(params, a, data + 1, length);
721  //Any error to report?
722  if(error)
723  return error;
724 
725  //Set the length of the opaque vector
726  data[0] = (uint8_t) (*length);
727 
728  //Return the total number of bytes that have been written
729  *length += 1;
730  //Successful processing
731  return NO_ERROR;
732 #else
733  //Not implemented
734  return ERROR_NOT_IMPLEMENTED;
735 #endif
736 }
737 
738 
739 /**
740  * @brief Read an EC point from an opaque vector
741  * @param[in] params EC domain parameters
742  * @param[out] a Resulting EC point
743  * @param[in] data Buffer where to read the opaque vector
744  * @param[in] size Total number of bytes available in the buffer
745  * @param[out] length Total number of bytes that have been read
746  * @return Error code
747  **/
748 
750  EcPoint *a, const uint8_t *data, size_t size, size_t *length)
751 {
752 #if (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
753  TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED)
754  error_t error;
755  size_t n;
756 
757  //Buffer underrun?
758  if(size < 1)
759  return ERROR_DECODING_FAILED;
760 
761  //The EC point representation is preceded by a length field
762  n = data[0];
763 
764  //Invalid EC point representation?
765  if(n == 0)
766  return ERROR_DECODING_FAILED;
767 
768  //Buffer underrun?
769  if(size < (n + 1))
770  return ERROR_DECODING_FAILED;
771 
772  //Convert the octet string to an EC point
773  error = ecImport(params, a, data + 1, n);
774  //Any error to report?
775  if(error)
776  return error;
777 
778  //Return the total number of bytes that have been read
779  *length = n + 1;
780  //Successful processing
781  return NO_ERROR;
782 #else
783  //Not implemented
784  return ERROR_NOT_IMPLEMENTED;
785 #endif
786 }
787 
788 
789 /**
790  * @brief Convert TLS version to string representation
791  * @param[in] version Version number
792  * @return Cipher suite name
793  **/
794 
796 {
797  //TLS versions
798  static const char_t *label[] =
799  {
800  "SSL 3.0",
801  "TLS 1.0",
802  "TLS 1.1",
803  "TLS 1.2",
804  "TLS 1.3",
805  "DTLS 1.0",
806  "DTLS 1.2",
807  "Unknown"
808  };
809 
810  //Check current version
811  if(version == SSL_VERSION_3_0)
812  return label[0];
813  else if(version == TLS_VERSION_1_0)
814  return label[1];
815  else if(version == TLS_VERSION_1_1)
816  return label[2];
817  else if(version == TLS_VERSION_1_2)
818  return label[3];
819  else if(version == TLS_VERSION_1_3)
820  return label[4];
821  else if(version == DTLS_VERSION_1_0)
822  return label[5];
823  else if(version == DTLS_VERSION_1_2)
824  return label[6];
825  else
826  return label[7];
827 }
828 
829 
830 /**
831  * @brief Get the hash algorithm that matches the specified identifier
832  * @param[in] hashAlgoId Hash algorithm identifier
833  * @return Pointer to the hash algorithm
834  **/
835 
836 const HashAlgo *tlsGetHashAlgo(uint8_t hashAlgoId)
837 {
838  const HashAlgo *hashAlgo;
839 
840  //Check hash algorithm identifier
841  switch(hashAlgoId)
842  {
843 #if (TLS_MD5_SUPPORT == ENABLED)
844  //MD5 hash identifier?
845  case TLS_HASH_ALGO_MD5:
846  hashAlgo = MD5_HASH_ALGO;
847  break;
848 #endif
849 #if (TLS_SHA1_SUPPORT == ENABLED)
850  //SHA-1 hash identifier?
851  case TLS_HASH_ALGO_SHA1:
852  hashAlgo = SHA1_HASH_ALGO;
853  break;
854 #endif
855 #if (TLS_SHA224_SUPPORT == ENABLED)
856  //SHA-224 hash identifier?
858  hashAlgo = SHA224_HASH_ALGO;
859  break;
860 #endif
861 #if (TLS_SHA256_SUPPORT == ENABLED)
862  //SHA-256 hash identifier?
864  hashAlgo = SHA256_HASH_ALGO;
865  break;
866 #endif
867 #if (TLS_SHA384_SUPPORT == ENABLED)
868  //SHA-384 hash identifier?
870  hashAlgo = SHA384_HASH_ALGO;
871  break;
872 #endif
873 #if (TLS_SHA512_SUPPORT == ENABLED)
874  //SHA-512 hash identifier?
876  hashAlgo = SHA512_HASH_ALGO;
877  break;
878 #endif
879  //Unknown hash identifier?
880  default:
881  hashAlgo = NULL;
882  break;
883  }
884 
885  //Return a pointer to the corresponding hash algorithm
886  return hashAlgo;
887 }
888 
889 
890 /**
891  * @brief Get the EC domain parameters that match the specified named curve
892  * @param[in] context Pointer to the TLS context
893  * @param[in] namedCurve Elliptic curve identifier
894  * @return Elliptic curve domain parameters
895  **/
896 
897 const EcCurveInfo *tlsGetCurveInfo(TlsContext *context, uint16_t namedCurve)
898 {
899  uint_t i;
900  const EcCurveInfo *curveInfo;
901 
902  //Default elliptic curve domain parameters
903  curveInfo = NULL;
904 
905 #if (TLS_ECDH_SUPPORT == ENABLED)
906  //Check named curve
907  switch(namedCurve)
908  {
909 #if (TLS_SECP160K1_SUPPORT == ENABLED)
910  //secp160k1 elliptic curve?
911  case TLS_GROUP_SECP160K1:
912  curveInfo = ecGetCurveInfo(SECP160K1_OID, sizeof(SECP160K1_OID));
913  break;
914 #endif
915 #if (TLS_SECP160R1_SUPPORT == ENABLED)
916  //secp160r1 elliptic curve?
917  case TLS_GROUP_SECP160R1:
918  curveInfo = ecGetCurveInfo(SECP160R1_OID, sizeof(SECP160R1_OID));
919  break;
920 #endif
921 #if (TLS_SECP160R2_SUPPORT == ENABLED)
922  //secp160r2 elliptic curve?
923  case TLS_GROUP_SECP160R2:
924  curveInfo = ecGetCurveInfo(SECP160R2_OID, sizeof(SECP160R2_OID));
925  break;
926 #endif
927 #if (TLS_SECP192K1_SUPPORT == ENABLED)
928  //secp192k1 elliptic curve?
929  case TLS_GROUP_SECP192K1:
930  curveInfo = ecGetCurveInfo(SECP192K1_OID, sizeof(SECP192K1_OID));
931  break;
932 #endif
933 #if (TLS_SECP192R1_SUPPORT == ENABLED)
934  //secp192r1 elliptic curve?
935  case TLS_GROUP_SECP192R1:
936  curveInfo = ecGetCurveInfo(SECP192R1_OID, sizeof(SECP192R1_OID));
937  break;
938 #endif
939 #if (TLS_SECP224K1_SUPPORT == ENABLED)
940  //secp224k1 elliptic curve?
941  case TLS_GROUP_SECP224K1:
942  curveInfo = ecGetCurveInfo(SECP224K1_OID, sizeof(SECP224K1_OID));
943  break;
944 #endif
945 #if (TLS_SECP224R1_SUPPORT == ENABLED)
946  //secp224r1 elliptic curve?
947  case TLS_GROUP_SECP224R1:
948  curveInfo = ecGetCurveInfo(SECP224R1_OID, sizeof(SECP224R1_OID));
949  break;
950 #endif
951 #if (TLS_SECP256K1_SUPPORT == ENABLED)
952  //secp256k1 elliptic curve?
953  case TLS_GROUP_SECP256K1:
954  curveInfo = ecGetCurveInfo(SECP256K1_OID, sizeof(SECP256K1_OID));
955  break;
956 #endif
957 #if (TLS_SECP256R1_SUPPORT == ENABLED)
958  //secp256r1 elliptic curve?
959  case TLS_GROUP_SECP256R1:
960  curveInfo = ecGetCurveInfo(SECP256R1_OID, sizeof(SECP256R1_OID));
961  break;
962 #endif
963 #if (TLS_SECP384R1_SUPPORT == ENABLED)
964  //secp384r1 elliptic curve?
965  case TLS_GROUP_SECP384R1:
966  curveInfo = ecGetCurveInfo(SECP384R1_OID, sizeof(SECP384R1_OID));
967  break;
968 #endif
969 #if (TLS_SECP521R1_SUPPORT == ENABLED)
970  //secp521r1 elliptic curve?
971  case TLS_GROUP_SECP521R1:
972  curveInfo = ecGetCurveInfo(SECP521R1_OID, sizeof(SECP521R1_OID));
973  break;
974 #endif
975 #if (TLS_BRAINPOOLP256R1_SUPPORT == ENABLED)
976  //brainpoolP256r1 elliptic curve?
979  break;
980 #endif
981 #if (TLS_BRAINPOOLP384R1_SUPPORT == ENABLED)
982  //brainpoolP384r1 elliptic curve?
985  break;
986 #endif
987 #if (TLS_BRAINPOOLP512R1_SUPPORT == ENABLED)
988  //brainpoolP512r1 elliptic curve?
991  break;
992 #endif
993 #if (TLS_X25519_SUPPORT == ENABLED)
994  //Curve25519 elliptic curve?
996  curveInfo = ecGetCurveInfo(X25519_OID, sizeof(X25519_OID));
997  break;
998 #endif
999 #if (TLS_X448_SUPPORT == ENABLED)
1000  //Curve448 elliptic curve?
1001  case TLS_GROUP_ECDH_X448:
1002  curveInfo = ecGetCurveInfo(X448_OID, sizeof(X448_OID));
1003  break;
1004 #endif
1005  //Unknown elliptic curve identifier?
1006  default:
1007  curveInfo = NULL;
1008  break;
1009  }
1010 #endif
1011 
1012  //Restrict the use of certain elliptic curves
1013  if(context->numSupportedGroups > 0)
1014  {
1015  //Loop through the list of allowed named groups
1016  for(i = 0; i < context->numSupportedGroups; i++)
1017  {
1018  //Compare named groups
1019  if(context->supportedGroups[i] == namedCurve)
1020  break;
1021  }
1022 
1023  //Check whether the use of the elliptic curve is restricted
1024  if(i >= context->numSupportedGroups)
1025  curveInfo = NULL;
1026  }
1027 
1028  //Return elliptic curve domain parameters, if any
1029  return curveInfo;
1030 }
1031 
1032 
1033 /**
1034  * @brief Get the named curve that matches the specified OID
1035  * @param[in] oid Object identifier
1036  * @param[in] length OID length
1037  * @return Named curve
1038  **/
1039 
1040 TlsNamedGroup tlsGetNamedCurve(const uint8_t *oid, size_t length)
1041 {
1042  TlsNamedGroup namedCurve;
1043 
1044  //Default named curve
1045  namedCurve = TLS_GROUP_NONE;
1046 
1047 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED)
1048  //Invalid parameters?
1049  if(oid == NULL || length == 0)
1050  {
1051  namedCurve = TLS_GROUP_NONE;
1052  }
1053 #if (TLS_SECP160K1_SUPPORT == ENABLED)
1054  //secp160k1 elliptic curve?
1055  else if(!oidComp(oid, length, SECP160K1_OID, sizeof(SECP160K1_OID)))
1056  {
1057  namedCurve = TLS_GROUP_SECP160K1;
1058  }
1059 #endif
1060 #if (TLS_SECP160R1_SUPPORT == ENABLED)
1061  //secp160r1 elliptic curve?
1062  else if(!oidComp(oid, length, SECP160R1_OID, sizeof(SECP160R1_OID)))
1063  {
1064  namedCurve = TLS_GROUP_SECP160R1;
1065  }
1066 #endif
1067 #if (TLS_SECP160R2_SUPPORT == ENABLED)
1068  //secp160r2 elliptic curve?
1069  else if(!oidComp(oid, length, SECP160R2_OID, sizeof(SECP160R2_OID)))
1070  {
1071  namedCurve = TLS_GROUP_SECP160R2;
1072  }
1073 #endif
1074 #if (TLS_SECP192K1_SUPPORT == ENABLED)
1075  //secp192k1 elliptic curve?
1076  else if(!oidComp(oid, length, SECP192K1_OID, sizeof(SECP192K1_OID)))
1077  {
1078  namedCurve = TLS_GROUP_SECP192K1;
1079  }
1080 #endif
1081 #if (TLS_SECP192R1_SUPPORT == ENABLED)
1082  //secp192r1 elliptic curve?
1083  else if(!oidComp(oid, length, SECP192R1_OID, sizeof(SECP192R1_OID)))
1084  {
1085  namedCurve = TLS_GROUP_SECP192R1;
1086  }
1087 #endif
1088 #if (TLS_SECP224K1_SUPPORT == ENABLED)
1089  //secp224k1 elliptic curve?
1090  else if(!oidComp(oid, length, SECP224K1_OID, sizeof(SECP224K1_OID)))
1091  {
1092  namedCurve = TLS_GROUP_SECP224K1;
1093  }
1094 #endif
1095 #if (TLS_SECP224R1_SUPPORT == ENABLED)
1096  //secp224r1 elliptic curve?
1097  else if(!oidComp(oid, length, SECP224R1_OID, sizeof(SECP224R1_OID)))
1098  {
1099  namedCurve = TLS_GROUP_SECP224R1;
1100  }
1101 #endif
1102 #if (TLS_SECP256K1_SUPPORT == ENABLED)
1103  //secp256k1 elliptic curve?
1104  else if(!oidComp(oid, length, SECP256K1_OID, sizeof(SECP256K1_OID)))
1105  {
1106  namedCurve = TLS_GROUP_SECP256K1;
1107  }
1108 #endif
1109 #if (TLS_SECP256R1_SUPPORT == ENABLED)
1110  //secp256r1 elliptic curve?
1111  else if(!oidComp(oid, length, SECP256R1_OID, sizeof(SECP256R1_OID)))
1112  {
1113  namedCurve = TLS_GROUP_SECP256R1;
1114  }
1115 #endif
1116 #if (TLS_SECP384R1_SUPPORT == ENABLED)
1117  //secp384r1 elliptic curve?
1118  else if(!oidComp(oid, length, SECP384R1_OID, sizeof(SECP384R1_OID)))
1119  {
1120  namedCurve = TLS_GROUP_SECP384R1;
1121  }
1122 #endif
1123 #if (TLS_SECP521R1_SUPPORT == ENABLED)
1124  //secp521r1 elliptic curve?
1125  else if(!oidComp(oid, length, SECP521R1_OID, sizeof(SECP521R1_OID)))
1126  {
1127  namedCurve = TLS_GROUP_SECP521R1;
1128  }
1129 #endif
1130 #if (TLS_BRAINPOOLP256R1_SUPPORT == ENABLED)
1131  //brainpoolP256r1 elliptic curve?
1133  {
1134  namedCurve = TLS_GROUP_BRAINPOOLP256R1;
1135  }
1136 #endif
1137 #if (TLS_BRAINPOOLP384R1_SUPPORT == ENABLED)
1138  //brainpoolP384r1 elliptic curve?
1140  {
1141  namedCurve = TLS_GROUP_BRAINPOOLP384R1;
1142  }
1143 #endif
1144 #if (TLS_BRAINPOOLP512R1_SUPPORT == ENABLED)
1145  //brainpoolP512r1 elliptic curve?
1147  {
1148  namedCurve = TLS_GROUP_BRAINPOOLP512R1;
1149  }
1150 #endif
1151  //Unknown identifier?
1152  else
1153  {
1154  namedCurve = TLS_GROUP_NONE;
1155  }
1156 #endif
1157 
1158  //Return the corresponding named curve
1159  return namedCurve;
1160 }
1161 
1162 
1163 /**
1164  * @brief Compute overhead caused by encryption
1165  * @param[in] encryptionEngine Pointer to the encryption engine
1166  * @param[in] payloadLen Length of the payload, in bytes
1167  * @return Overhead, in bytes, caused by encryption
1168  **/
1169 
1171  size_t payloadLen)
1172 {
1173  size_t n;
1174 
1175  //Initialize variable
1176  n = 0;
1177 
1178  //Message authentication?
1179  if(encryptionEngine->hashAlgo != NULL)
1180  n += encryptionEngine->hashAlgo->digestSize;
1181 
1182  //Check cipher mode
1183  if(encryptionEngine->cipherMode == CIPHER_MODE_CBC)
1184  {
1185  //TLS 1.1 and 1.2 use an explicit IV
1186  if(encryptionEngine->version >= TLS_VERSION_1_1)
1187  n += encryptionEngine->recordIvLen;
1188 
1189  //Padding is added to force the length of the plaintext to be an
1190  //integral multiple of the cipher's block length
1191  n += encryptionEngine->cipherAlgo->blockSize -
1192  ((payloadLen + n) % encryptionEngine->cipherAlgo->blockSize);
1193  }
1194  else if(encryptionEngine->cipherMode == CIPHER_MODE_CCM ||
1195  encryptionEngine->cipherMode == CIPHER_MODE_GCM)
1196  {
1197  //Consider the explicit nonce and the authentication tag
1198  n += encryptionEngine->recordIvLen + encryptionEngine->authTagLen;
1199  }
1200  else if(encryptionEngine->cipherMode == CIPHER_MODE_CHACHA20_POLY1305)
1201  {
1202  //Consider the authentication tag only
1203  n += encryptionEngine->authTagLen;
1204  }
1205  else
1206  {
1207  //Stream ciphers do not cause any overhead
1208  }
1209 
1210  //Return the total overhead caused by encryption
1211  return n;
1212 }
1213 
1214 #endif
const uint8_t X25519_OID[3]
Definition: ec_curves.c:90
TLS (Transport Layer Security)
uint16_t version
Definition: dtls_misc.h:163
uint8_t payloadLen
Definition: ipv6.h:341
DtlsSequenceNumber dtlsSeqNum
Record sequence number.
Definition: tls.h:1948
EC domain parameters.
Definition: ec.h:61
Arbitrary precision integer.
Definition: mpi.h:67
const uint8_t SECP256R1_OID[8]
Definition: ec_curves.c:70
char char_t
Definition: compiler_port.h:41
size_t contextSize
Definition: crypto.h:1076
size_t fixedIvLen
Length of the fixed part of the IV.
Definition: tls.h:1934
error_t tlsSelectVersion(TlsContext *context, uint16_t version)
Set the TLS version to be used.
Definition: tls_misc.c:219
size_t encKeyLen
Length of the encryption key.
Definition: tls.h:1932
error_t tlsWriteEcPoint(const EcDomainParameters *params, const EcPoint *a, uint8_t *data, size_t *length)
Encode an EC point to an opaque vector.
Definition: tls_misc.c:712
FFDHE key exchange.
Debugging facilities.
#define tlsFreeMem(p)
Definition: tls.h:760
uint8_t p
Definition: ndp.h:295
size_t tlsComputeEncryptionOverhead(TlsEncryptionEngine *encryptionEngine, size_t payloadLen)
Compute overhead caused by encryption.
Definition: tls_misc.c:1170
error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo, void *cipherContext)
Initialize GCM context.
Definition: gcm.c:76
TLS 1.3 key schedule.
Generic error code.
Definition: error.h:43
const uint8_t SECP256K1_OID[5]
Definition: ec_curves.c:68
#define SHA224_HASH_ALGO
Definition: sha224.h:43
const HashAlgo * tlsGetHashAlgo(uint8_t hashAlgoId)
Get the hash algorithm that matches the specified identifier.
Definition: tls_misc.c:836
Elliptic curve parameters.
Definition: ec_curves.h:290
Common interface for encryption algorithms.
Definition: crypto.h:1073
size_t authTagLen
Length of the authentication tag.
Definition: tls.h:1936
size_t recordIvLen
Length of the IV.
Definition: tls.h:1935
#define TLS_VERSION_1_3
Definition: tls.h:90
error_t ecImport(const EcDomainParameters *params, EcPoint *r, const uint8_t *data, size_t length)
Convert an octet string to an EC point.
Definition: ec.c:208
const uint8_t SECP160K1_OID[5]
Definition: ec_curves.c:54
HmacContext * hmacContext
HMAC context.
Definition: tls.h:1941
#define TRACE_DEBUG_ARRAY(p, a, n)
Definition: debug.h:99
error_t tlsSelectCompressMethod(TlsContext *context, uint8_t identifier)
Set compression method.
Definition: tls_misc.c:345
const uint8_t SECP224K1_OID[5]
Definition: ec_curves.c:64
const uint8_t SECP224R1_OID[5]
Definition: ec_curves.c:66
error_t mpiImport(Mpi *r, const uint8_t *data, uint_t length, MpiFormat format)
Octet string to integer conversion.
Definition: mpi.c:511
const uint8_t SECP521R1_OID[5]
Definition: ec_curves.c:74
const uint8_t BRAINPOOLP384R1_OID[9]
Definition: ec_curves.c:86
uint8_t a
Definition: ndp.h:407
#define DTLS_VERSION_1_0
Definition: dtls_misc.h:33
OID (Object Identifier)
error_t tlsWriteMpi(const Mpi *a, uint8_t *data, size_t *length)
Encode a multiple precision integer to an opaque vector.
Definition: tls_misc.c:641
const uint8_t tls12DowngradeRandom[8]
size_t blockSize
Definition: crypto.h:1078
error_t tlsReadEcPoint(const EcDomainParameters *params, EcPoint *a, const uint8_t *data, size_t size, size_t *length)
Read an EC point from an opaque vector.
Definition: tls_misc.c:749
CipherAlgoInit init
Definition: crypto.h:1079
TlsNamedGroup
Named groups.
Definition: tls.h:1195
TlsSequenceNumber seqNum
TLS sequence number.
Definition: tls.h:1945
Elliptic curve point.
Definition: ec.h:49
#define SHA256_HASH_ALGO
Definition: sha256.h:42
TLS helper functions.
GCM context.
Definition: gcm.h:45
const uint8_t SECP192K1_OID[5]
Definition: ec_curves.c:60
error_t tlsReadMpi(Mpi *a, const uint8_t *data, size_t size, size_t *length)
Read a multiple precision integer from an opaque vector.
Definition: tls_misc.c:674
uint8_t encKey[32]
Encryption key.
Definition: tls.h:1931
void tlsProcessError(TlsContext *context, error_t errorCode)
Translate an error code to an alert message.
Definition: tls_misc.c:54
uint16_t version
Negotiated TLS version.
Definition: tls.h:1928
error_t tlsInitEncryptionEngine(TlsContext *context, TlsEncryptionEngine *encryptionEngine, TlsConnectionEnd entity, const uint8_t *secret)
Initialize encryption engine.
Definition: tls_misc.c:376
uint16_t errorCode
Definition: tftp_common.h:134
error_t tlsGenerateRandomValue(TlsContext *context, uint8_t *random)
Generate client or server random value.
Definition: tls_misc.c:158
#define SHA384_HASH_ALGO
Definition: sha384.h:43
uint16_t epoch
Counter value incremented on every cipher state change.
Definition: tls.h:1947
error_t tlsSendAlert(TlsContext *context, uint8_t level, uint8_t description)
Send Alert message.
Definition: tls_common.c:478
__start_packed struct @55 DtlsSequenceNumber
Sequence number.
const HashAlgo * hashAlgo
Hash algorithm for MAC operations.
Definition: tls.h:1940
#define LOAD16BE(p)
Definition: cpu_endian.h:168
Handshake message processing (TLS client and server)
bool_t tlsIsCipherSuiteAcceptable(const TlsCipherSuiteInfo *cipherSuite, uint16_t minVersion, uint16_t maxVersion, TlsTransportProtocol transportProtocol)
Check whether a cipher suite can be used with a given protocol version.
Encryption engine.
Definition: tls.h:1926
Structure describing a cipher suite.
Definition: tls.h:1798
uint8_t macKey[48]
MAC key.
Definition: tls.h:1929
uint8_t identifier[]
uint16_t cipherSuite
Cipher suite identifier.
Definition: tls13_misc.h:367
const uint8_t X448_OID[3]
Definition: ec_curves.c:92
error_t tls13HkdfExpandLabel(const HashAlgo *hash, const uint8_t *secret, size_t secretLen, const char_t *label, const uint8_t *context, size_t contextLen, uint8_t *output, size_t outputLen)
#define TLS_VERSION_1_2
Definition: tls.h:83
int_t oidComp(const uint8_t *oid1, size_t oidLen1, const uint8_t *oid2, size_t oidLen2)
Compare object identifiers.
Definition: oid.c:99
#define TLS_VERSION_1_1
Definition: tls.h:82
uint8_t iv[16]
Initialization vector.
Definition: tls.h:1933
const uint8_t SECP160R1_OID[5]
Definition: ec_curves.c:56
error_t ecExport(const EcDomainParameters *params, const EcPoint *a, uint8_t *data, size_t *length)
Convert an EC point to an octet string.
Definition: ec.c:281
TLS cipher suites.
Success.
Definition: error.h:42
error_t tlsSelectCipherSuite(TlsContext *context, uint16_t identifier)
Set cipher suite.
Definition: tls_misc.c:247
const char_t * tlsGetVersionName(uint16_t version)
Convert TLS version to string representation.
Definition: tls_misc.c:795
const TlsCipherSuiteInfo tlsSupportedCipherSuites[]
error_t
Error codes.
Definition: error.h:40
error_t mpiExport(const Mpi *a, uint8_t *data, uint_t length, MpiFormat format)
Integer to octet string conversion.
Definition: mpi.c:596
const uint8_t SECP160R2_OID[5]
Definition: ec_curves.c:58
unsigned int uint_t
Definition: compiler_port.h:43
const uint8_t SECP192R1_OID[8]
Definition: ec_curves.c:62
#define STORE16BE(a, p)
Definition: cpu_endian.h:244
void * cipherContext
Cipher context.
Definition: tls.h:1938
#define TLS_VERSION_1_0
Definition: tls.h:81
const uint8_t SECP384R1_OID[5]
Definition: ec_curves.c:72
uint8_t data[]
Definition: dtls_misc.h:167
__start_packed struct @61 TlsSequenceNumber
Sequence number.
size_t macKeyLen
Length of the MAC key.
Definition: tls.h:1930
#define SHA1_HASH_ALGO
Definition: sha1.h:42
#define SHA512_HASH_ALGO
Definition: sha512.h:42
uint8_t random[32]
Definition: tls.h:1608
GcmContext * gcmContext
GCM context.
Definition: tls.h:1943
TlsConnectionEnd
TLS connection end.
Definition: tls.h:855
void tlsFreeEncryptionEngine(TlsEncryptionEngine *encryptionEngine)
Release encryption engine.
Definition: tls_misc.c:599
const EcCurveInfo * ecGetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: ec_curves.c:2170
#define tlsAllocMem(size)
Definition: tls.h:755
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: tls.h:1937
TlsNamedGroup tlsGetNamedCurve(const uint8_t *oid, size_t length)
Get the named curve that matches the specified OID.
Definition: tls_misc.c:1040
size_t digestSize
Definition: crypto.h:1061
Common interface for hash algorithms.
Definition: crypto.h:1054
uint8_t length
Definition: dtls_misc.h:140
uint8_t n
const uint8_t BRAINPOOLP256R1_OID[9]
Definition: ec_curves.c:82
uint8_t oid[1]
Definition: mib_common.h:184
#define DTLS_VERSION_1_2
Definition: dtls_misc.h:34
const EcCurveInfo * tlsGetCurveInfo(TlsContext *context, uint16_t namedCurve)
Get the EC domain parameters that match the specified named curve.
Definition: tls_misc.c:897
uint_t tlsGetNumSupportedCipherSuites(void)
Determine the number of cipher suites supported.
uint_t mpiGetByteLength(const Mpi *a)
Get the actual length in bytes.
Definition: mpi.c:154
#define TlsContext
Definition: tls.h:34
const uint8_t tls11DowngradeRandom[8]
const uint8_t BRAINPOOLP512R1_OID[9]
Definition: ec_curves.c:88
#define MD5_HASH_ALGO
Definition: md5.h:42
#define SSL_VERSION_3_0
Definition: tls.h:80
#define TRACE_DEBUG(...)
Definition: debug.h:98
CipherMode cipherMode
Cipher mode of operation.
Definition: tls.h:1939