Use cipher_suite_param_t for cipher-suite specific mac_len and
key_exchange_algorithm. Introduce dtls_cipher_index_t for simplified
cipher-suite parameter lookup. Cleanup old functions.
Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
Dynamically build DoxygenLayout.xml to get the latest layout for the current
version of doxygen.
Update Doxyfile.in to the Ubuntu20 version.
Signed-off-by: Jon Shallow <supjps-libcoap@jpshallow.com>
The implementation allows both, encrypt and decrypt, to use overlapping
src and buf.
Add missing documentation for src to dtls_decrypt_params.
Fixes: Issue #24
Signed-off-by: Achim Kraus <achim.kraus@bosch.io>
Rename dtls_ec_key_from_uint32_asn1() to dtls_ec_key_asn1_from_uint32()
to better describe what the function does, as well as add in the ASN.1
header defining it is a ASN.1 positive integer.
Rename dtls_asn1_integer_ec_key() to dtls_asn1_integer_to_ec_key to better
describe what it is actually doing.
Update dtls_add_ecdsa_signature_elem() to handle the updated
dtls_ec_key_asn1_from_uint32() function which now becomes more readable.
Signed-off-by: Jon Shallow <supjps-libcoap@jpshallow.com>
Needed to enable EC interopability with GnuTLS and Californium.
crypto.h:
Track extended_master_secret in dtls_handshake_parameters_t.
state.h:
Extended master secret hash info in dtls_hs_state_t.
global.h:
Add in #define for TLS_EXT_EXTENDED_MASTER_SECRET.
dtls.c:
Send out signature/hash algorithm in client hello so gnutls does not choose
SHA1. Verify signature/hash algorithm is supported in client hello.
Add in support for extended master secret as per RFC7627.
Allow server not to include client certificate type in server hello.
Define p before buf in stack so assert checking of buf overflow works.
Support servers that do not send back a hello verify request triggering
a second client hello.
Signed-off-by: Jon Shallow <supjps-libcoap@jpshallow.com>
The key and nonce argument of the (deprecated) functions dtls_encrypt()
and dtls_decrypt() should be const as noted in [1]. This change requires
nonce also to be const in dtls_ccm_params_t.
[1] https://github.com/eclipse/tinydtls/issues/25Closes#25
Change-Id: Ic6a0801d48eb88c726eee232c8971449c459be29
The new functions dtls_encrypt_params() and dtls_decrypt_params()
provide an improved interface for AEAD crypto compared to
dtls_encrypt() and dtls_decrypt(). The former take a parameter
set of type dtls_ccm_params_t as first argument, containing the
nonce as well as the M and L values.
The new functions deprecate dtls_encrypt() and dtls_decrypt().
Change-Id: I4bded5da5c433b3192e361d70f23fa563399ae91
Fixes dtls_config.h not visible in headers
Include dtls_config.h in tinydtls.h and include tinydtls.h in all necessary
headers.
Remaining headers do not use 'ifdef', but they may require it too.
Change-Id: I39c86dffc8bbc8bd7551e74386994f92f49d00ec
Signed-off-by: Gaëtan Harter <gaetan.harter@inria.fr>
