tls_record_encryption.c
Go to the documentation of this file.
1 /**
2  * @file tls_record_encryption.c
3  * @brief TLS record encryption
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.2
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL TLS_TRACE_LEVEL
33 
34 //Dependencies
35 #include <string.h>
36 #include "tls.h"
37 #include "tls_record.h"
38 #include "tls_record_encryption.h"
39 #include "tls_misc.h"
40 #include "ssl_misc.h"
41 #include "cipher_mode/cbc.h"
42 #include "aead/ccm.h"
43 #include "aead/gcm.h"
44 #include "aead/chacha20_poly1305.h"
45 #include "debug.h"
46 
47 //Check TLS library configuration
48 #if (TLS_SUPPORT == ENABLED)
49 
50 
51 /**
52  * @brief Encrypt an outgoing TLS record
53  * @param[in] context Pointer to the TLS context
54  * @param[in] encryptionEngine Pointer to the encryption engine
55  * @param[in,out] record TLS record to be encrypted
56  * @return Error code
57  **/
58 
60  TlsEncryptionEngine *encryptionEngine, void *record)
61 {
62  error_t error;
63 
64 #if (TLS_CCM_CIPHER_SUPPORT == ENABLED || TLS_CCM_8_CIPHER_SUPPORT == ENABLED || \
65  TLS_GCM_CIPHER_SUPPORT == ENABLED || TLS_CHACHA20_POLY1305_SUPPORT == ENABLED)
66  //AEAD cipher?
67  if(encryptionEngine->cipherMode == CIPHER_MODE_CCM ||
68  encryptionEngine->cipherMode == CIPHER_MODE_GCM ||
69  encryptionEngine->cipherMode == CIPHER_MODE_CHACHA20_POLY1305)
70  {
71  //Perform authenticated encryption
72  error = tlsEncryptAeadRecord(context, encryptionEngine, record);
73  }
74  else
75 #endif
76 #if (TLS_CBC_CIPHER_SUPPORT == ENABLED)
77  //CBC block cipher?
78  if(encryptionEngine->cipherMode == CIPHER_MODE_CBC)
79  {
80  //Compute message authentication code
81  error = tlsAppendMessageAuthCode(context, encryptionEngine, record);
82 
83  //Check status code
84  if(!error)
85  {
86  //Encrypt the contents of the record
87  error = tlsEncryptCbcRecord(context, encryptionEngine, record);
88  }
89  }
90  else
91 #endif
92 #if (TLS_STREAM_CIPHER_SUPPORT == ENABLED)
93  //Stream cipher?
94  if(encryptionEngine->cipherMode == CIPHER_MODE_STREAM)
95  {
96  //Compute message authentication code
97  error = tlsAppendMessageAuthCode(context, encryptionEngine, record);
98 
99  //Check status code
100  if(!error)
101  {
102  //Encrypt the contents of the record
103  error = tlsEncryptStreamRecord(context, encryptionEngine, record);
104  }
105  }
106  else
107 #endif
108 #if (TLS_NULL_CIPHER_SUPPORT == ENABLED)
109  //NULL cipher?
110  if(encryptionEngine->cipherMode == CIPHER_MODE_NULL)
111  {
112  //Compute message authentication code
113  error = tlsAppendMessageAuthCode(context, encryptionEngine, record);
114  }
115  else
116 #endif
117  //Invalid cipher mode?
118  {
119  //The specified cipher mode is not supported
121  }
122 
123  //Return status code
124  return error;
125 }
126 
127 
128 /**
129  * @brief Record encryption (AEAD cipher)
130  * @param[in] context Pointer to the TLS context
131  * @param[in] encryptionEngine Pointer to the encryption engine
132  * @param[in,out] record TLS record to be encrypted
133  * @return Error code
134  **/
135 
137  TlsEncryptionEngine *encryptionEngine, void *record)
138 {
139 #if (TLS_CCM_CIPHER_SUPPORT == ENABLED || TLS_CCM_8_CIPHER_SUPPORT == ENABLED || \
140  TLS_GCM_CIPHER_SUPPORT == ENABLED || TLS_CHACHA20_POLY1305_SUPPORT == ENABLED)
141  error_t error;
142  size_t length;
143  size_t aadLen;
144  size_t nonceLen;
145  uint8_t *tag;
146  uint8_t *data;
147  uint8_t aad[13];
148  uint8_t nonce[12];
149 
150  //Get the length of the TLS record
151  length = tlsGetRecordLength(context, record);
152  //Point to the payload
153  data = tlsGetRecordData(context, record);
154 
155  //Debug message
156  TRACE_DEBUG("Record to be encrypted (%" PRIuSIZE " bytes):\r\n", length);
157  TRACE_DEBUG_ARRAY(" ", record, length + sizeof(TlsRecord));
158 
159  //TLS 1.3 currently selected?
160  if(encryptionEngine->version == TLS_VERSION_1_3)
161  {
162  //The type field indicates the higher-level protocol used to process
163  //the enclosed fragment
164  data[length++] = tlsGetRecordType(context, record);
165 
166  //In TLS 1.3, the outer opaque_type field of a TLS record is always
167  //set to the value 23 (application data)
169 
170  //Fix the length field of the TLS record
171  tlsSetRecordLength(context, record, length +
172  encryptionEngine->authTagLen);
173  }
174 
175  //Additional data to be authenticated
176  tlsFormatAad(context, encryptionEngine, record, aad, &aadLen);
177 
178  //Check the length of the nonce explicit part
179  if(encryptionEngine->recordIvLen != 0)
180  {
181  //Make room for the explicit nonce at the beginning of the record
182  memmove(data + encryptionEngine->recordIvLen, data, length);
183 
184  //The explicit part of the nonce is chosen by the sender and is
185  //carried in each TLS record
186  error = context->prngAlgo->read(context->prngContext, data,
187  encryptionEngine->recordIvLen);
188  //Any error to report?
189  if(error)
190  return error;
191  }
192 
193  //Generate the nonce
194  tlsFormatNonce(context, encryptionEngine, record, data, nonce,
195  &nonceLen);
196 
197  //Point to the plaintext
198  data += encryptionEngine->recordIvLen;
199  //Point to the buffer where to store the authentication tag
200  tag = data + length;
201 
202 #if (TLS_CCM_CIPHER_SUPPORT == ENABLED || TLS_CCM_8_CIPHER_SUPPORT == ENABLED)
203  //CCM AEAD cipher?
204  if(encryptionEngine->cipherMode == CIPHER_MODE_CCM)
205  {
206  //Authenticated encryption using CCM
207  error = ccmEncrypt(encryptionEngine->cipherAlgo,
208  encryptionEngine->cipherContext, nonce, nonceLen, aad, aadLen,
209  data, data, length, tag, encryptionEngine->authTagLen);
210  }
211  else
212 #endif
213 #if (TLS_GCM_CIPHER_SUPPORT == ENABLED)
214  //GCM AEAD cipher?
215  if(encryptionEngine->cipherMode == CIPHER_MODE_GCM)
216  {
217  //Authenticated encryption using GCM
218  error = gcmEncrypt(encryptionEngine->gcmContext, nonce, nonceLen,
219  aad, aadLen, data, data, length, tag, encryptionEngine->authTagLen);
220  }
221  else
222 #endif
223 #if (TLS_CHACHA20_POLY1305_SUPPORT == ENABLED)
224  //ChaCha20Poly1305 AEAD cipher?
225  if(encryptionEngine->cipherMode == CIPHER_MODE_CHACHA20_POLY1305)
226  {
227  //Authenticated encryption using ChaCha20Poly1305
228  error = chacha20Poly1305Encrypt(encryptionEngine->encKey,
229  encryptionEngine->encKeyLen, nonce, nonceLen, aad, aadLen,
230  data, data, length, tag, encryptionEngine->authTagLen);
231  }
232  else
233 #endif
234  //Invalid cipher mode?
235  {
236  //The specified cipher mode is not supported
238  }
239 
240  //Failed to encrypt data?
241  if(error)
242  return error;
243 
244  //Compute the length of the resulting message
245  length += encryptionEngine->recordIvLen + encryptionEngine->authTagLen;
246  //Fix length field
247  tlsSetRecordLength(context, record, length);
248 
249  //Increment sequence number
250  tlsIncSequenceNumber(&encryptionEngine->seqNum);
251 
252  //Debug message
253  TRACE_DEBUG("Encrypted record (%" PRIuSIZE " bytes):\r\n", length);
254  TRACE_DEBUG_ARRAY(" ", record, length + sizeof(TlsRecord));
255 
256  //Successful processing
257  return NO_ERROR;
258 #else
259  //AEAD ciphers are not supported
261 #endif
262 }
263 
264 
265 /**
266  * @brief Record encryption (CBC block cipher)
267  * @param[in] context Pointer to the TLS context
268  * @param[in] encryptionEngine Pointer to the encryption engine
269  * @param[in,out] record TLS record to be encrypted
270  * @return Error code
271  **/
272 
274  TlsEncryptionEngine *encryptionEngine, void *record)
275 {
276 #if (TLS_CBC_CIPHER_SUPPORT == ENABLED)
277  error_t error;
278  size_t i;
279  size_t length;
280  size_t paddingLen;
281  uint8_t *data;
282  const CipherAlgo *cipherAlgo;
283 
284  //Point to the cipher algorithm
285  cipherAlgo = encryptionEngine->cipherAlgo;
286 
287  //Get the length of the TLS record
288  length = tlsGetRecordLength(context, record);
289  //Point to the payload
290  data = tlsGetRecordData(context, record);
291 
292  //Debug message
293  TRACE_DEBUG("Record to be encrypted (%" PRIuSIZE " bytes):\r\n", length);
294  TRACE_DEBUG_ARRAY(" ", record, length + sizeof(TlsRecord));
295 
296 #if (TLS_MAX_VERSION >= TLS_VERSION_1_1 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
297  //TLS 1.1 and 1.2 use an explicit IV
298  if(encryptionEngine->version >= TLS_VERSION_1_1)
299  {
300  //Make room for the IV at the beginning of the data
301  memmove(data + encryptionEngine->recordIvLen, data, length);
302 
303  //The initialization vector should be chosen at random
304  error = context->prngAlgo->read(context->prngContext, data,
305  encryptionEngine->recordIvLen);
306  //Any error to report?
307  if(error)
308  return error;
309 
310  //Adjust the length of the message
311  length += encryptionEngine->recordIvLen;
312  }
313 #endif
314 
315  //Get the actual amount of bytes in the last block
316  paddingLen = (length + 1) % cipherAlgo->blockSize;
317 
318  //Padding is added to force the length of the plaintext to be an
319  //integral multiple of the cipher's block length
320  if(paddingLen > 0)
321  paddingLen = cipherAlgo->blockSize - paddingLen;
322 
323  //Write padding bytes
324  for(i = 0; i <= paddingLen; i++)
325  {
326  data[length + i] = (uint8_t) paddingLen;
327  }
328 
329  //Compute the length of the resulting message
330  length += paddingLen + 1;
331  //Fix length field
332  tlsSetRecordLength(context, record, length);
333 
334  //Debug message
335  TRACE_DEBUG("Record with padding (%" PRIuSIZE " bytes):\r\n", length);
336  TRACE_DEBUG_ARRAY(" ", record, length + sizeof(TlsRecord));
337 
338  //CBC encryption
339  error = cbcEncrypt(cipherAlgo, encryptionEngine->cipherContext,
340  encryptionEngine->iv, data, data, length);
341  //Any error to report?
342  if(error)
343  return error;
344 
345  //Debug message
346  TRACE_DEBUG("Encrypted record (%" PRIuSIZE " bytes):\r\n", length);
347  TRACE_DEBUG_ARRAY(" ", record, length + sizeof(TlsRecord));
348 
349  //Successful processing
350  return NO_ERROR;
351 #else
352  //CBC cipher mode is not supported
354 #endif
355 }
356 
357 
358 /**
359  * @brief Record encryption (stream cipher)
360  * @param[in] context Pointer to the TLS context
361  * @param[in] encryptionEngine Pointer to the encryption engine
362  * @param[in,out] record TLS record to be encrypted
363  * @return Error code
364  **/
365 
367  TlsEncryptionEngine *encryptionEngine, void *record)
368 {
369 #if (TLS_STREAM_CIPHER_SUPPORT == ENABLED)
370  size_t length;
371  uint8_t *data;
372 
373  //Get the length of the TLS record
374  length = tlsGetRecordLength(context, record);
375  //Point to the payload
376  data = tlsGetRecordData(context, record);
377 
378  //Debug message
379  TRACE_DEBUG("Record to be encrypted (%" PRIuSIZE " bytes):\r\n", length);
380  TRACE_DEBUG_ARRAY(" ", record, length + sizeof(TlsRecord));
381 
382  //Encrypt record contents
383  encryptionEngine->cipherAlgo->encryptStream(
384  encryptionEngine->cipherContext, data, data, length);
385 
386  //Debug message
387  TRACE_DEBUG("Encrypted record (%" PRIuSIZE " bytes):\r\n", length);
388  TRACE_DEBUG_ARRAY(" ", record, length + sizeof(TlsRecord));
389 
390  //Successful processing
391  return NO_ERROR;
392 #else
393  //Stream ciphers are not supported
395 #endif
396 }
397 
398 
399 /**
400  * @brief Append message authentication code
401  * @param[in] context Pointer to the TLS context
402  * @param[in] encryptionEngine Pointer to the encryption engine
403  * @param[in,out] record TLS record to be authenticated
404  * @return Error code
405  **/
406 
408  TlsEncryptionEngine *encryptionEngine, void *record)
409 {
410  error_t error;
411  size_t length;
412  uint8_t *data;
413 
414  //Get the length of the TLS record
415  length = tlsGetRecordLength(context, record);
416  //Point to the payload
417  data = tlsGetRecordData(context, record);
418 
419 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= SSL_VERSION_3_0)
420  //SSL 3.0 currently selected?
421  if(encryptionEngine->version == SSL_VERSION_3_0)
422  {
423  //SSL 3.0 uses an older obsolete version of the HMAC construction
424  error = sslComputeMac(encryptionEngine, record, data, length,
425  data + length);
426  }
427  else
428 #endif
429 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
430  //TLS 1.0, TLS 1.1 or TLS 1.2 currently selected?
431  if(encryptionEngine->version >= TLS_VERSION_1_0)
432  {
433  //TLS uses a HMAC construction
434  error = tlsComputeMac(context, encryptionEngine, record, data,
435  length, data + length);
436  }
437  else
438 #endif
439  //Invalid TLS version?
440  {
441  //Report an error
442  error = ERROR_INVALID_VERSION;
443  }
444 
445  //Any error to report?
446  if(error)
447  return error;
448 
449  //Debug message
450  TRACE_DEBUG("Write sequence number:\r\n");
451  TRACE_DEBUG_ARRAY(" ", &encryptionEngine->seqNum, sizeof(TlsSequenceNumber));
452  TRACE_DEBUG("Computed MAC:\r\n");
453  TRACE_DEBUG_ARRAY(" ", data + length, encryptionEngine->hashAlgo->digestSize);
454 
455  //Adjust the length of the message
456  length += encryptionEngine->hashAlgo->digestSize;
457  //Fix length field
458  tlsSetRecordLength(context, record, length);
459 
460  //Increment sequence number
461  tlsIncSequenceNumber(&encryptionEngine->seqNum);
462 
463  //Successful processing
464  return NO_ERROR;
465 }
466 
467 
468 /**
469  * @brief Compute message authentication code
470  * @param[in] context Pointer to the TLS context
471  * @param[in] encryptionEngine Pointer to the encryption/decryption engine
472  * @param[in] record Pointer to the TLS record
473  * @param[in] data Pointer to the record data
474  * @param[in] dataLen Length of the data
475  * @param[out] mac The computed MAC value
476  * @return Error code
477  **/
478 
480  void *record, const uint8_t *data, size_t dataLen, uint8_t *mac)
481 {
482  HmacContext *hmacContext;
483 
484  //Point to the HMAC context
485  hmacContext = encryptionEngine->hmacContext;
486 
487  //Initialize HMAC calculation
488  hmacInit(hmacContext, encryptionEngine->hashAlgo,
489  encryptionEngine->macKey, encryptionEngine->macKeyLen);
490 
491 #if (DTLS_SUPPORT == ENABLED)
492  //DTLS protocol?
493  if(context->transportProtocol == TLS_TRANSPORT_PROTOCOL_DATAGRAM)
494  {
495  const DtlsRecord *dtlsRecord;
496 
497  //Point to the DTLS record
498  dtlsRecord = (DtlsRecord *) record;
499 
500  //Compute the MAC over the 64-bit value formed by concatenating the
501  //epoch and the sequence number in the order they appear on the wire
502  hmacUpdate(hmacContext, (void *) &dtlsRecord->epoch, 2);
503  hmacUpdate(hmacContext, &dtlsRecord->seqNum, 6);
504 
505  //Compute MAC over the record contents
506  hmacUpdate(hmacContext, &dtlsRecord->type, 3);
507  hmacUpdate(hmacContext, (void *) &dtlsRecord->length, 2);
508  hmacUpdate(hmacContext, data, dataLen);
509  }
510  else
511 #endif
512  //TLS protocol?
513  {
514  const TlsRecord *tlsRecord;
515 
516  //Point to the TLS record
517  tlsRecord = (TlsRecord *) record;
518 
519  //Compute MAC over the implicit sequence number
520  hmacUpdate(hmacContext, &encryptionEngine->seqNum,
521  sizeof(TlsSequenceNumber));
522 
523  //Compute MAC over the record contents
524  hmacUpdate(hmacContext, tlsRecord, sizeof(TlsRecord));
525  hmacUpdate(hmacContext, data, dataLen);
526  }
527 
528  //Finalize HMAC computation
529  hmacFinal(hmacContext, mac);
530 
531  //Successful processing
532  return NO_ERROR;
533 }
534 
535 #endif
TLS (Transport Layer Security)
__start_packed struct @83 TlsRecord
TLS record.
size_t encKeyLen
Length of the encryption key.
Definition: tls.h:1933
Debugging facilities.
void tlsFormatNonce(TlsContext *context, TlsEncryptionEngine *encryptionEngine, const void *record, const uint8_t *recordIv, uint8_t *nonce, size_t *nonceLen)
Format nonce.
Definition: tls_record.c:958
void hmacFinal(HmacContext *context, uint8_t *digest)
Finish the HMAC calculation.
Definition: hmac.c:185
Common interface for encryption algorithms.
Definition: crypto.h:1092
void tlsSetRecordType(TlsContext *context, void *record, uint8_t type)
Set TLS record type.
Definition: tls_record.c:753
void tlsFormatAad(TlsContext *context, TlsEncryptionEngine *encryptionEngine, const void *record, uint8_t *aad, size_t *aadLen)
Format additional authenticated data (AAD)
Definition: tls_record.c:900
size_t authTagLen
Length of the authentication tag.
Definition: tls.h:1937
size_t recordIvLen
Length of the IV.
Definition: tls.h:1936
#define TLS_VERSION_1_3
Definition: tls.h:94
error_t ccmEncrypt(const CipherAlgo *cipher, void *context, const uint8_t *n, size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c, size_t length, uint8_t *t, size_t tLen)
Authenticated encryption using CCM.
Definition: ccm.c:67
error_t chacha20Poly1305Encrypt(const uint8_t *k, size_t kLen, const uint8_t *n, size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c, size_t length, uint8_t *t, size_t tLen)
Authenticated encryption using ChaCha20Poly1305.
HmacContext * hmacContext
HMAC context.
Definition: tls.h:1942
#define TRACE_DEBUG_ARRAY(p, a, n)
Definition: debug.h:107
__start_packed struct @58 DtlsRecord
DTLS record.
error_t gcmEncrypt(GcmContext *context, const uint8_t *iv, size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c, size_t length, uint8_t *t, size_t tLen)
Authenticated encryption using GCM.
Definition: gcm.c:190
TLS record protocol.
size_t blockSize
Definition: crypto.h:1097
TlsSequenceNumber seqNum
TLS sequence number.
Definition: tls.h:1946
HMAC algorithm context.
Definition: hmac.h:182
TLS helper functions.
TLS record encryption.
size_t tlsGetRecordLength(TlsContext *context, void *record)
Get TLS record length.
Definition: tls_record.c:836
uint8_t encKey[32]
Encryption key.
Definition: tls.h:1932
uint16_t version
Negotiated TLS version.
Definition: tls.h:1929
error_t tlsAppendMessageAuthCode(TlsContext *context, TlsEncryptionEngine *encryptionEngine, void *record)
Append message authentication code.
const HashAlgo * hashAlgo
Hash algorithm for MAC operations.
Definition: tls.h:1941
ChaCha20Poly1305 AEAD.
uint8_t * tlsGetRecordData(TlsContext *context, void *record)
Get TLS record payload.
Definition: tls_record.c:867
Encryption engine.
Definition: tls.h:1927
void tlsIncSequenceNumber(TlsSequenceNumber *seqNum)
Increment sequence number.
Definition: tls_record.c:1025
uint8_t macKey[48]
MAC key.
Definition: tls.h:1930
error_t tlsEncryptRecord(TlsContext *context, TlsEncryptionEngine *encryptionEngine, void *record)
Encrypt an outgoing TLS record.
#define TLS_VERSION_1_1
Definition: tls.h:92
uint8_t iv[16]
Initialization vector.
Definition: tls.h:1934
Cipher Block Chaining (CBC) mode.
SSL 3.0 helper functions.
Success.
Definition: error.h:44
error_t
Error codes.
Definition: error.h:42
uint8_t tlsGetRecordType(TlsContext *context, void *record)
Get TLS record type.
Definition: tls_record.c:779
void * cipherContext
Cipher context.
Definition: tls.h:1939
CipherAlgoEncryptStream encryptStream
Definition: crypto.h:1099
#define TLS_VERSION_1_0
Definition: tls.h:91
uint8_t data[]
Definition: dtls_misc.h:169
#define PRIuSIZE
Definition: compiler_port.h:74
error_t tlsComputeMac(TlsContext *context, TlsEncryptionEngine *encryptionEngine, void *record, const uint8_t *data, size_t dataLen, uint8_t *mac)
Compute message authentication code.
__start_packed struct @61 TlsSequenceNumber
Sequence number.
error_t tlsEncryptAeadRecord(TlsContext *context, TlsEncryptionEngine *encryptionEngine, void *record)
Record encryption (AEAD cipher)
void tlsSetRecordLength(TlsContext *context, void *record, size_t length)
Set TLS record length.
Definition: tls_record.c:810
size_t macKeyLen
Length of the MAC key.
Definition: tls.h:1931
Galois/Counter Mode (GCM)
GcmContext * gcmContext
GCM context.
Definition: tls.h:1944
error_t sslComputeMac(TlsEncryptionEngine *encryptionEngine, const TlsRecord *record, const uint8_t *data, size_t dataLen, uint8_t *mac)
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: tls.h:1938
void hmacInit(HmacContext *context, const HashAlgo *hash, const void *key, size_t keyLen)
Initialize HMAC calculation.
Definition: hmac.c:118
error_t tlsEncryptCbcRecord(TlsContext *context, TlsEncryptionEngine *encryptionEngine, void *record)
Record encryption (CBC block cipher)
void hmacUpdate(HmacContext *context, const void *data, size_t length)
Update the HMAC context with a portion of the message being hashed.
Definition: hmac.c:168
size_t digestSize
Definition: crypto.h:1077
uint8_t length
Definition: dtls_misc.h:142
error_t cbcEncrypt(const CipherAlgo *cipher, void *context, uint8_t *iv, const uint8_t *p, uint8_t *c, size_t length)
CBC encryption.
Definition: cbc.c:61
#define TlsContext
Definition: tls.h:36
error_t tlsEncryptStreamRecord(TlsContext *context, TlsEncryptionEngine *encryptionEngine, void *record)
Record encryption (stream cipher)
Cipher Block Chaining-Message Authentication Code (CCM)
#define SSL_VERSION_3_0
Definition: tls.h:90
#define TRACE_DEBUG(...)
Definition: debug.h:106
CipherMode cipherMode
Cipher mode of operation.
Definition: tls.h:1940