This structure contains callback functions used by tinydtls to
communicate with the application. At least the write function must
be provided. It is called by the DTLS state machine to send packets
over the network. The read function is invoked to deliver decrypted
and verfified application data. The third callback is an event
handler function that is called when alert messages are encountered
or events generated by the library have occured.
Context for HMAC generation. This object is initialized with
dtls_hmac_init() and must be passed to dtls_hmac_update() and
dtls_hmac_finalize(). Once, finalized, the component \c H is
invalid and must be initialized again with dtls_hmac_init() before
the structure can be used again.
List of known hash functions for use in dtls_hmac_init(). The
identifiers are the same as the HashAlgorithm defined in
<a href=“http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1”
Establishes a DTLS channel with the specified remote peer @p dst.
This function returns @c 0 if that channel already exists, a value
greater than zero when a new ClientHello message was sent, and
a value less than zero on error.
Establishes a DTLS channel with the specified remote peer.
This function returns @c 0 if that channel already exists and a renegotiate
was initiated, a value greater than zero when a new ClientHello message was
sent, and a value less than zero on error.
Decrypts the given buffer \p src of given \p length, writing the
result to \p buf. The function returns \c -1 in case of an error,
or the number of bytes written. Note that for block ciphers, \p
length must be a multiple of the cipher’s block size. A return
value between \c 0 and the actual length indicates that only \c n-1
block have been processed. The provided \p src and \p buf may overlap.
Decrypts the given buffer \p src of given \p length, writing the
result to \p buf. The function returns \c -1 in case of an error,
or the number of bytes written. Note that for block ciphers, \p
length must be a multiple of the cipher’s block size. A return
value between \c 0 and the actual length indicates that only \c n-1
block have been processed. The provided \p src and \p buf may overlap.
Encrypts the specified \p src of given \p length, writing the
result to \p buf. The cipher implementation may add more data to
the result buffer such as an initialization vector or padding
(e.g. for block ciphers in CBC mode). The caller therefore must
ensure that \p buf provides sufficient storage to hold the result.
Usually this means ( 2 + \p length / blocksize ) * blocksize. The
function returns a value less than zero on error or otherwise the
number of bytes written. The provided \p src and \p buf may overlap.
Encrypts the specified \p src of given \p length, writing the
result to \p buf. The cipher implementation may add more data to
the result buffer such as an initialization vector or padding
(e.g. for block ciphers in CBC mode). The caller therefore must
ensure that \p buf provides sufficient storage to hold the result.
Usually this means ( 2 + \p length / blocksize ) * blocksize. The
function returns a value less than zero on error or otherwise the
number of bytes written. The provided \p src and \p buf may overlap.
Completes the HMAC generation and writes the result to the given
output parameter \c result. The buffer must be large enough to hold
the message digest created by the actual hash function. If in
doubt, use \c DTLS_HMAC_MAX. The function returns the number of
bytes written to \c result.
Calculates MAC for record + cleartext packet and places the result
in \p buf. The given \p hmac_ctx must be initialized with the HMAC
function to use and the proper secret. As the DTLS mac calculation
requires data from the record header, \p record must point to a
buffer of at least \c sizeof(dtls_record_header_t) bytes. Usually,
the remaining packet will be encrypted, therefore, the cleartext
is passed separately in \p packet.
Creates a new peer for given @p session. The current configuration
is initialized with the cipher suite TLS_NULL_WITH_NULL_NULL (i.e.
no security at all). This function returns a pointer to the new
peer or NULL on error. The caller is responsible for releasing the
storage allocated for this peer using dtls_free_peer().
This function implements the TLS PRF for DTLS_VERSION. For version
1.0, the PRF is P_MD5 ^ P_SHA1 while version 1.2 uses
P_SHA256. Currently, the actual PRF is selected at compile time.
Generates pre_master_sercet from given PSK and fills the result
according to the “plain PSK” case in section 2 of RFC 4279.
Diffie-Hellman and RSA key exchange are currently not supported.
Resets the given session_t object @p sess to its default
values. In particular, the member rlen must be initialized to the
available size for storing addresses.