dtls_misc.h
Go to the documentation of this file.
1 /**
2  * @file dtls_misc.h
3  * @brief DTLS (Datagram Transport Layer Security)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2026 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.6.2
29  **/
30 
31 #ifndef _DTLS_MISC_H
32 #define _DTLS_MISC_H
33 
34 //DTLS version numbers
35 #define DTLS_VERSION_1_0 0xFEFF
36 #define DTLS_VERSION_1_2 0xFEFD
37 #define DTLS_VERSION_1_3 0xFEFC
38 
39 //DTLS support
40 #ifndef DTLS_SUPPORT
41  #define DTLS_SUPPORT DISABLED
42 #elif (DTLS_SUPPORT != ENABLED && DTLS_SUPPORT != DISABLED)
43  #error DTLS_SUPPORT parameter is not valid
44 #endif
45 
46 //Default PMTU value
47 #ifndef DTLS_DEFAULT_PMTU
48  #define DTLS_DEFAULT_PMTU 1452
49 #elif (DTLS_DEFAULT_PMTU < 64)
50  #error DTLS_DEFAULT_PMTU parameter is not valid
51 #endif
52 
53 //Minimum PMTU value
54 #ifndef DTLS_MIN_PMTU
55  #define DTLS_MIN_PMTU 528
56 #elif (DTLS_MIN_PMTU < 64)
57  #error DTLS_MIN_PMTU parameter is not valid
58 #endif
59 
60 //Replay protection
61 #ifndef DTLS_REPLAY_DETECTION_SUPPORT
62  #define DTLS_REPLAY_DETECTION_SUPPORT ENABLED
63 #elif (DTLS_REPLAY_DETECTION_SUPPORT != ENABLED && DTLS_REPLAY_DETECTION_SUPPORT != DISABLED)
64  #error DTLS_REPLAY_DETECTION_SUPPORT parameter is not valid
65 #endif
66 
67 //Size of the sliding window for replay protection
68 #ifndef DTLS_REPLAY_WINDOW_SIZE
69  #define DTLS_REPLAY_WINDOW_SIZE 64
70 #elif (DTLS_REPLAY_WINDOW_SIZE < 1)
71  #error DTLS_REPLAY_WINDOW_SIZE parameter is not valid
72 #endif
73 
74 //Maximum size for cookies
75 #ifndef DTLS_MAX_COOKIE_SIZE
76  #define DTLS_MAX_COOKIE_SIZE 32
77 #elif (DTLS_MAX_COOKIE_SIZE < 32)
78  #error DTLS_MAX_COOKIE_SIZE parameter is not valid
79 #endif
80 
81 //Maximum number of retransmissions
82 #ifndef DTLS_MAX_RETRIES
83  #define DTLS_MAX_RETRIES 5
84 #elif (DTLS_MAX_RETRIES < 1)
85  #error DTLS_MAX_RETRIES parameter is not valid
86 #endif
87 
88 //Initial retransmission timeout
89 #ifndef DTLS_INIT_TIMEOUT
90  #define DTLS_INIT_TIMEOUT 1000
91 #elif (DTLS_INIT_TIMEOUT < 100)
92  #error DTLS_INIT_TIMEOUT parameter is not valid
93 #endif
94 
95 //Minimum retransmission timeout
96 #ifndef DTLS_MIN_TIMEOUT
97  #define DTLS_MIN_TIMEOUT 500
98 #elif (DTLS_MIN_TIMEOUT < 0)
99  #error DTLS_MIN_TIMEOUT parameter is not valid
100 #endif
101 
102 //Maximum retransmission timeout
103 #ifndef DTLS_MAX_TIMEOUT
104  #define DTLS_MAX_TIMEOUT 60000
105 #elif (DTLS_MAX_TIMEOUT < 1000)
106  #error DTLS_MAX_TIMEOUT parameter is not valid
107 #endif
108 
109 //Maximum epoch
110 #define DTLS_MAX_EPOCH 0xFFFF
111 //Maximum sequence number
112 #define DTLS_MAX_SEQUENCE_NUMBER 0xFFFFFFFFFFFFULL
113 
114 //C++ guard
115 #ifdef __cplusplus
116 extern "C" {
117 #endif
118 
119 
120 /**
121  * @brief DTLS retransmission states
122  **/
123 
124 typedef enum
125 {
126  DTLS_RETRANSMIT_STATE_PREPARING = 0,
127  DTLS_RETRANSMIT_STATE_SENDING = 1,
128  DTLS_RETRANSMIT_STATE_WAITING = 2,
129  DTLS_RETRANSMIT_STATE_FINISHED = 3
130 } DtlsRetransmitState;
131 
132 
133 //CC-RX, CodeWarrior or Win32 compiler?
134 #if defined(__CCRX__)
135  #pragma pack
136 #elif defined(__CWCC__) || defined(_WIN32)
137  #pragma pack(push, 1)
138 #endif
139 
140 
141 /**
142  * @brief Sequence number
143  **/
144 
145 typedef __packed_struct
146 {
147  uint8_t b[6];
148 } DtlsSequenceNumber;
149 
150 
151 /**
152  * @brief Cookie
153  **/
154 
155 typedef __packed_struct
156 {
157  uint8_t length; //0
158  uint8_t value[]; //1
159 } DtlsCookie;
160 
161 
162 /**
163  * @brief List of supported versions
164  **/
165 
166 typedef __packed_struct
167 {
168  uint8_t length; //0
169  uint16_t value[]; //1
170 } DtlsSupportedVersionList;
171 
172 
173 /**
174  * @brief DTLS record
175  **/
176 
177 typedef __packed_struct
178 {
179  uint8_t type; //0
180  uint16_t version; //1-2
181  uint16_t epoch; //3-4
182  DtlsSequenceNumber seqNum; //5-10
183  uint16_t length; //11-12
184  uint8_t data[]; //13
185 } DtlsRecord;
186 
187 
188 /**
189  * @brief DTLS handshake message
190  **/
191 
192 typedef __packed_struct
193 {
194  uint8_t msgType; //0
195  uint8_t length[3]; //1-3
196  uint16_t msgSeq; //4-5
197  uint8_t fragOffset[3]; //6-8
198  uint8_t fragLength[3]; //9-11
199  uint8_t data[]; //12
200 } DtlsHandshake;
201 
202 
203 /**
204  * @brief HelloVerifyRequest message
205  **/
206 
207 typedef __packed_struct
208 {
209  uint16_t serverVersion; //0-1
210  uint8_t cookieLength; //2
211  uint8_t cookie[]; //3
212 } DtlsHelloVerifyRequest;
213 
214 
215 //CC-RX, CodeWarrior or Win32 compiler?
216 #if defined(__CCRX__)
217  #pragma unpack
218 #elif defined(__CWCC__) || defined(_WIN32)
219  #pragma pack(pop)
220 #endif
221 
222 
223 /**
224  * @brief Client parameters
225  **/
226 
227 typedef struct
228 {
229  uint16_t version;
230  const uint8_t *random;
231  size_t randomLen;
232  const uint8_t *sessionId;
233  size_t sessionIdLen;
234  const uint8_t *cipherSuites;
235  size_t cipherSuitesLen;
236  const uint8_t *compressMethods;
237  size_t compressMethodsLen;
238  const uint8_t *state;
239  size_t stateLen;
240 } DtlsClientParameters;
241 
242 
243 /**
244  * @brief DTLS cookie generation callback function
245  **/
246 
247 typedef error_t (*DtlsCookieGenerateCallback)(TlsContext *context,
248  const DtlsClientParameters *clientParams, uint8_t *cookie,
249  size_t *length, void *param);
250 
251 
252 /**
253  * @brief DTLS cookie verification callback function
254  **/
255 
256 typedef error_t (*DtlsCookieVerifyCallback)(TlsContext *context,
257  const DtlsClientParameters *clientParams, const uint8_t *cookie,
258  size_t length, void *param);
259 
260 
261 //DTLS specific functions
262 error_t dtlsSelectVersion(TlsContext *context, uint16_t version);
263 uint16_t dtlsTranslateVersion(uint16_t version);
264 
265 error_t dtlsFormatCookie(TlsContext *context, uint8_t *p, size_t *written);
266 
267 error_t dtlsVerifyCookie(TlsContext *context, const DtlsCookie *cookie,
268  const DtlsClientParameters *clientParams);
269 
270 error_t dtlsSendHelloVerifyRequest(TlsContext *context);
271 
272 error_t dtlsFormatHelloVerifyRequest(TlsContext *context,
273  DtlsHelloVerifyRequest *message, size_t *length);
274 
275 error_t dtlsParseHelloVerifyRequest(TlsContext *context,
276  const DtlsHelloVerifyRequest *message, size_t length);
277 
278 error_t dtlsParseClientSupportedVersionsExtension(TlsContext *context,
279  const DtlsSupportedVersionList *supportedVersionList);
280 
281 void dtlsInitReplayWindow(TlsEncryptionEngine *decryptionEngine);
282 
283 error_t dtlsCheckReplayWindow(TlsEncryptionEngine *decryptionEngine,
284  const DtlsSequenceNumber *seqNum);
285 
286 void dtlsUpdateReplayWindow(TlsEncryptionEngine *decryptionEngine,
287  const DtlsSequenceNumber *seqNum);
288 
289 //C++ guard
290 #ifdef __cplusplus
291 }
292 #endif
293 
294 #endif
DTLS_RETRANSMIT_STATE_WAITING
@ DTLS_RETRANSMIT_STATE_WAITING
Definition: dtls_misc.h:128
DtlsClientParameters::random
const uint8_t * random
Definition: dtls_misc.h:230
length
uint16_t length
Definition: dtls_misc.h:183
b
uint8_t b
Definition: nbns_common.h:122
dtlsFormatCookie
error_t dtlsFormatCookie(TlsContext *context, uint8_t *p, size_t *written)
Format Cookie field.
Definition: dtls_misc.c:156
DtlsRecord
DtlsRecord
Definition: dtls_misc.h:185
p
uint8_t p
Definition: ndp.h:300
message
uint8_t message[]
Definition: chap.h:154
DtlsCookieGenerateCallback
error_t(* DtlsCookieGenerateCallback)(TlsContext *context, const DtlsClientParameters *clientParams, uint8_t *cookie, size_t *length, void *param)
DTLS cookie generation callback function.
Definition: dtls_misc.h:247
version
uint16_t version
Definition: dtls_misc.h:180
type
uint8_t type
Definition: coap_common.h:176
DTLS_RETRANSMIT_STATE_FINISHED
@ DTLS_RETRANSMIT_STATE_FINISHED
Definition: dtls_misc.h:129
dtlsSelectVersion
error_t dtlsSelectVersion(TlsContext *context, uint16_t version)
Set the DTLS version to be used.
Definition: dtls_misc.c:53
TlsContext
#define TlsContext
Definition: tls.h:36
error_t
error_t
Error codes.
Definition: error.h:43
dtlsUpdateReplayWindow
void dtlsUpdateReplayWindow(TlsEncryptionEngine *decryptionEngine, const DtlsSequenceNumber *seqNum)
Update sliding window.
Definition: dtls_misc.c:581
DtlsClientParameters
Client parameters.
Definition: dtls_misc.h:228
DtlsClientParameters::cipherSuites
const uint8_t * cipherSuites
Definition: dtls_misc.h:234
DTLS_RETRANSMIT_STATE_SENDING
@ DTLS_RETRANSMIT_STATE_SENDING
Definition: dtls_misc.h:127
fragLength
uint8_t fragLength[3]
Definition: dtls_misc.h:198
dtlsParseClientSupportedVersionsExtension
error_t dtlsParseClientSupportedVersionsExtension(TlsContext *context, const DtlsSupportedVersionList *supportedVersionList)
Parse SupportedVersions extension.
Definition: dtls_misc.c:437
epoch
uint16_t epoch
Definition: dtls_misc.h:181
fragOffset
uint8_t fragOffset[3]
Definition: dtls_misc.h:197
dtlsTranslateVersion
uint16_t dtlsTranslateVersion(uint16_t version)
Translate TLS version into DTLS version.
Definition: dtls_misc.c:124
dtlsVerifyCookie
error_t dtlsVerifyCookie(TlsContext *context, const DtlsCookie *cookie, const DtlsClientParameters *clientParams)
Cookie verification.
Definition: dtls_misc.c:210
msgType
uint8_t msgType
Definition: mqtt_sn_common.h:183
DtlsHandshake
DtlsHandshake
Definition: dtls_misc.h:200
DtlsCookieVerifyCallback
error_t(* DtlsCookieVerifyCallback)(TlsContext *context, const DtlsClientParameters *clientParams, const uint8_t *cookie, size_t length, void *param)
DTLS cookie verification callback function.
Definition: dtls_misc.h:256
DtlsClientParameters::sessionId
const uint8_t * sessionId
Definition: dtls_misc.h:232
dtlsInitReplayWindow
void dtlsInitReplayWindow(TlsEncryptionEngine *decryptionEngine)
Initialize sliding window.
Definition: dtls_misc.c:485
dtlsSendHelloVerifyRequest
error_t dtlsSendHelloVerifyRequest(TlsContext *context)
Send HelloVerifyRequest message.
Definition: dtls_misc.c:281
__packed_struct
typedef __packed_struct
Sequence number.
Definition: dtls_misc.h:146
DtlsSequenceNumber
DtlsSequenceNumber
Definition: dtls_misc.h:148
DtlsClientParameters::compressMethods
const uint8_t * compressMethods
Definition: dtls_misc.h:236
cookie
uint8_t cookie[]
Definition: dtls_misc.h:211
dtlsFormatHelloVerifyRequest
error_t dtlsFormatHelloVerifyRequest(TlsContext *context, DtlsHelloVerifyRequest *message, size_t *length)
Format HelloVerifyRequest message.
Definition: dtls_misc.c:325
DtlsSupportedVersionList
DtlsSupportedVersionList
Definition: dtls_misc.h:170
seqNum
DtlsSequenceNumber seqNum
Definition: dtls_misc.h:182
DtlsClientParameters::compressMethodsLen
size_t compressMethodsLen
Definition: dtls_misc.h:237
DtlsRetransmitState
DtlsRetransmitState
DTLS retransmission states.
Definition: dtls_misc.h:125
value
uint8_t value[]
Definition: dtls_misc.h:158
dtlsParseHelloVerifyRequest
error_t dtlsParseHelloVerifyRequest(TlsContext *context, const DtlsHelloVerifyRequest *message, size_t length)
Parse HelloVerifyRequest message.
Definition: dtls_misc.c:363
data
uint8_t data[]
Definition: dtls_misc.h:184
DTLS_RETRANSMIT_STATE_PREPARING
@ DTLS_RETRANSMIT_STATE_PREPARING
Definition: dtls_misc.h:126
msgSeq
uint16_t msgSeq
Definition: dtls_misc.h:196
dtlsCheckReplayWindow
error_t dtlsCheckReplayWindow(TlsEncryptionEngine *decryptionEngine, const DtlsSequenceNumber *seqNum)
Perform replay detection.
Definition: dtls_misc.c:506
DtlsCookie
DtlsCookie
Definition: dtls_misc.h:159
DtlsHelloVerifyRequest
DtlsHelloVerifyRequest
Definition: dtls_misc.h:212
TlsEncryptionEngine
#define TlsEncryptionEngine
Definition: tls.h:40
DtlsClientParameters::state
const uint8_t * state
Definition: dtls_misc.h:238
cookieLength
uint8_t cookieLength
Definition: dtls_misc.h:210