51#if !defined(MBEDTLS_CONFIG_FILE)
54#include MBEDTLS_CONFIG_FILE
57#if defined(MBEDTLS_SSL_COOKIE_C)
59#if defined(MBEDTLS_PLATFORM_C)
62#define mbedtls_calloc calloc
63#define mbedtls_free free
77#if defined(MBEDTLS_SHA256_C)
78#define COOKIE_MD MBEDTLS_MD_SHA224
79#define COOKIE_MD_OUTLEN 32
80#define COOKIE_HMAC_LEN 28
81#elif defined(MBEDTLS_SHA512_C)
82#define COOKIE_MD MBEDTLS_MD_SHA384
83#define COOKIE_MD_OUTLEN 48
84#define COOKIE_HMAC_LEN 28
85#elif defined(MBEDTLS_SHA1_C)
86#define COOKIE_MD MBEDTLS_MD_SHA1
87#define COOKIE_MD_OUTLEN 20
88#define COOKIE_HMAC_LEN 20
90#error "DTLS hello verify needs SHA-1 or SHA-2"
97#define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN )
102#if !defined(MBEDTLS_HAVE_TIME)
107#if defined(MBEDTLS_THREADING_C)
108 mbedtls_mutex_init( &
ctx->mutex );
114 ctx->timeout = delay;
121#if defined(MBEDTLS_THREADING_C)
122 mbedtls_mutex_free( &
ctx->mutex );
129 int (*f_rng)(
void *,
unsigned char *,
size_t),
133 unsigned char key[COOKIE_MD_OUTLEN];
135 if( (
ret = f_rng( p_rng,
key,
sizeof(
key ) ) ) != 0 )
155 const unsigned char time[4],
156 unsigned char **
p,
unsigned char *
end,
157 const unsigned char *cli_id,
size_t cli_id_len )
159 unsigned char hmac_out[COOKIE_MD_OUTLEN];
171 memcpy( *
p, hmac_out, COOKIE_HMAC_LEN );
172 *
p += COOKIE_HMAC_LEN;
181 unsigned char **
p,
unsigned char *
end,
182 const unsigned char *cli_id,
size_t cli_id_len )
193#if defined(MBEDTLS_HAVE_TIME)
199 (*p)[0] = (
unsigned char)(
t >> 24 );
200 (*p)[1] = (
unsigned char)(
t >> 16 );
201 (*p)[2] = (
unsigned char)(
t >> 8 );
202 (*p)[3] = (
unsigned char)(
t );
205#if defined(MBEDTLS_THREADING_C)
206 if( (
ret = mbedtls_mutex_lock( &
ctx->mutex ) ) != 0 )
210 ret = ssl_cookie_hmac( &
ctx->hmac_ctx, *
p - 4,
211 p,
end, cli_id, cli_id_len );
213#if defined(MBEDTLS_THREADING_C)
214 if( mbedtls_mutex_unlock( &
ctx->mutex ) != 0 )
226 const unsigned char *
cookie,
size_t cookie_len,
227 const unsigned char *cli_id,
size_t cli_id_len )
229 unsigned char ref_hmac[COOKIE_HMAC_LEN];
231 unsigned char *
p = ref_hmac;
233 unsigned long cur_time, cookie_time;
238 if( cookie_len != COOKIE_LEN )
241#if defined(MBEDTLS_THREADING_C)
242 if( (
ret = mbedtls_mutex_lock( &
ctx->mutex ) ) != 0 )
246 if( ssl_cookie_hmac( &
ctx->hmac_ctx,
cookie,
247 &
p,
p +
sizeof( ref_hmac ),
248 cli_id, cli_id_len ) != 0 )
251#if defined(MBEDTLS_THREADING_C)
252 if( mbedtls_mutex_unlock( &
ctx->mutex ) != 0 )
263#if defined(MBEDTLS_HAVE_TIME)
269 cookie_time = ( (
unsigned long)
cookie[0] << 24 ) |
int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
This function selects the message digest algorithm to use, and allocates internal structures.
int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx)
This function prepares to authenticate a new message with the same key as the previous HMAC operation...
int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
This function finishes the HMAC operation, and writes the result to the output buffer.
int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing HMAC computation.
int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
This function sets the HMAC key and prepares to authenticate a new message.
void mbedtls_md_init(mbedtls_md_context_t *ctx)
This function initializes a message-digest context without binding it to a particular message-digest ...
void mbedtls_md_free(mbedtls_md_context_t *ctx)
This function clears the internal structure of ctx and frees any embedded internal structure,...
#define memcpy(s1, s2, n)
#define mbedtls_md_info_from_type
Configuration options (set of defines)
#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA
#define MBEDTLS_ERR_SSL_INTERNAL_ERROR
DTLS cookie callbacks implementation.
mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write
Generate cookie, see mbedtls_ssl_cookie_write_t.
void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay)
Set expiration delay for cookies (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx)
Free cookie context.
int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Setup cookie context (generate keys)
mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check
Verify cookie, see mbedtls_ssl_cookie_write_t.
#define MBEDTLS_SSL_COOKIE_TIMEOUT
void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx)
Initialize cookie context.
Internal functions shared by the SSL modules.
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
#define MBEDTLS_SSL_CHK_BUF_PTR(cur, end, need)
This macro checks if the remaining size in a buffer is greater or equal than a needed space....
Context for the default cookie functions.
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR