1 From bdfe0e312f9c2cd34df7bfff070dfe8a9e82d147 Mon Sep 17 00:00:00 2001
2 From: leechul <chuls.lee@samsung.com>
3 Date: Thu, 9 Apr 2015 16:25:43 +0900
4 Subject: [PATCH 1/1] Added anonymous ecdh cipher suite into tinydtls
6 Change-Id: I80fa2985587618ebe7debdacba45996614c4cf1b
7 Signed-off-by: leechul <chuls.lee@samsung.com>
8 Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
10 extlibs/tinydtls/aes/rijndael.h | 1 +
11 extlibs/tinydtls/crypto.c | 173 ++++++++++++++++---
12 extlibs/tinydtls/crypto.h | 15 +-
13 extlibs/tinydtls/dtls.c | 301 +++++++++++++++++++++++++---------
14 extlibs/tinydtls/dtls.h | 28 +++-
15 extlibs/tinydtls/global.h | 6 +
16 extlibs/tinydtls/tests/dtls-client.c | 42 ++++-
17 extlibs/tinydtls/tests/dtls-server.c | 21 ++-
18 8 files changed, 468 insertions(+), 119 deletions(-)
19 mode change 100755 => 100644 extlibs/tinydtls/crypto.c
21 diff --git a/extlibs/tinydtls/aes/rijndael.h b/extlibs/tinydtls/aes/rijndael.h
22 index 60e9bef..712798b 100755
23 --- a/extlibs/tinydtls/aes/rijndael.h
24 +++ b/extlibs/tinydtls/aes/rijndael.h
29 +#define WITH_AES_DECRYPT 1
30 #define AES_MAXKEYBITS (256)
31 #define AES_MAXKEYBYTES (AES_MAXKEYBITS>>3)
32 /* for 256-bit keys we need 14 rounds for a 128 we only need 10 round */
33 diff --git a/extlibs/tinydtls/crypto.c b/extlibs/tinydtls/crypto.c
36 index 0113342..0ea1546
37 --- a/extlibs/tinydtls/crypto.c
38 +++ b/extlibs/tinydtls/crypto.c
43 +#include "aes/rijndael.h"
44 +#include "sha2/sha2.h"
48 @@ -292,7 +294,7 @@ dtls_mac(dtls_hmac_context_t *hmac_ctx,
52 -dtls_ccm_encrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src, size_t srclen,
53 +dtls_ccm_encrypt(aes128_t *ccm_ctx, const unsigned char *src, size_t srclen,
55 unsigned char *nounce,
56 const unsigned char *aad, size_t la) {
57 @@ -309,7 +311,7 @@ dtls_ccm_encrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src, size_t srclen,
61 -dtls_ccm_decrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src,
62 +dtls_ccm_decrypt(aes128_t *ccm_ctx, const unsigned char *src,
63 size_t srclen, unsigned char *buf,
64 unsigned char *nounce,
65 const unsigned char *aad, size_t la) {
66 @@ -325,6 +327,95 @@ dtls_ccm_decrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src,
71 +dtls_cbc_encrypt(aes128_t *aes_ctx,
72 + const unsigned char *iv,
73 + const unsigned char *src, size_t srclen,
74 + unsigned char *buf) {
76 + unsigned char cbc[DTLS_BLK_LENGTH];
77 + unsigned char tmp[DTLS_BLK_LENGTH];
79 + dtls_hash_ctx shactx;
85 + dtls_hash_init(&shactx);
86 + dtls_hash_update(&shactx, src, srclen);
87 + dtls_hash_finalize(pos + srclen, &shactx);
89 + memcpy(cbc, iv, DTLS_BLK_LENGTH);
90 + blocks = (srclen + SHA256_DIGEST_LENGTH) / DTLS_BLK_LENGTH;
92 + for (i = 0; i < blocks; i++) {
93 + for (j = 0; j < DTLS_BLK_LENGTH; j++) {
97 + rijndael_encrypt(&aes_ctx->ctx, cbc, tmp);
98 + memcpy(cbc, tmp, DTLS_BLK_LENGTH);
99 + memcpy(pos, cbc, DTLS_BLK_LENGTH);
100 + pos += DTLS_BLK_LENGTH;
103 + dtls_debug_dump("Encrypted Data:", buf, srclen + SHA256_DIGEST_LENGTH);
105 + return srclen + SHA256_DIGEST_LENGTH;
110 +dtls_cbc_decrypt(aes128_t *aes_ctx,
111 + const unsigned char *iv,
112 + const unsigned char *src, size_t srclen,
113 + unsigned char *buf) {
115 + unsigned char cbc[DTLS_BLK_LENGTH];
116 + unsigned char tmp[DTLS_BLK_LENGTH];
117 + unsigned char tmp2[DTLS_BLK_LENGTH];
118 + unsigned char msg_hash[SHA256_DIGEST_LENGTH];
119 + unsigned char *pos;
120 + dtls_hash_ctx shactx;
125 + memcpy(pos, src, srclen);
127 + memcpy(cbc, iv, DTLS_BLK_LENGTH);
128 + blocks = srclen / DTLS_BLK_LENGTH;
130 + for (i = 0; i < blocks; i++)
132 + memcpy(tmp, pos, DTLS_BLK_LENGTH);
133 + rijndael_decrypt(&aes_ctx->ctx, pos, tmp2);
134 + memcpy(pos, tmp2, DTLS_BLK_LENGTH);
136 + for (j = 0; j < DTLS_BLK_LENGTH; j++) {
140 + memcpy(cbc, tmp, DTLS_BLK_LENGTH);
141 + pos += DTLS_BLK_LENGTH;
144 + dtls_hash_init(&shactx);
145 + dtls_hash_update(&shactx, buf, srclen - SHA256_DIGEST_LENGTH);
146 + dtls_hash_finalize(msg_hash, &shactx);
148 + dtls_debug_dump("decrypted data:", buf, srclen);
150 + if(memcmp(msg_hash, buf + (srclen - SHA256_DIGEST_LENGTH), SHA256_DIGEST_LENGTH) != 0)
152 + dtls_warn("message is broken\n");
156 + return srclen - SHA256_DIGEST_LENGTH;
161 dtls_psk_pre_master_secret(unsigned char *key, size_t keylen,
162 @@ -432,13 +523,10 @@ void
163 dtls_ecdsa_create_sig_hash(const unsigned char *priv_key, size_t key_size,
164 const unsigned char *sign_hash, size_t sign_hash_size,
165 uint32_t point_r[9], uint32_t point_s[9]) {
168 uint8_t privateKey[32];
169 uint8_t hashValue[32];
173 uECC_sign(privateKey, hashValue, sign);
174 memcpy(point_r, sign, 32);
175 memcpy(point_s, sign + 32, 32);
176 @@ -505,21 +593,37 @@ dtls_encrypt(const unsigned char *src, size_t length,
178 unsigned char *nounce,
179 unsigned char *key, size_t keylen,
180 - const unsigned char *aad, size_t la)
181 + const unsigned char *aad, size_t la,
182 + const dtls_cipher_t cipher)
186 struct dtls_cipher_context_t *ctx = dtls_cipher_context_get();
188 - ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen);
190 - /* cleanup everything in case the key has the wrong size */
191 - dtls_warn("cannot set rijndael key\n");
193 + if(cipher == TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ||
194 + cipher == TLS_PSK_WITH_AES_128_CCM_8) {
195 + ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen);
197 + /* cleanup everything in case the key has the wrong size */
198 + dtls_warn("cannot set rijndael key\n");
203 + memmove(buf, src, length);
204 + ret = dtls_ccm_encrypt(&ctx->data, src, length, buf, nounce, aad, la);
206 + if(cipher == TLS_ECDH_anon_WITH_AES_128_CBC_SHA) {
207 + ret = rijndael_set_key(&ctx->data.ctx, key, 8 * keylen);
209 + /* cleanup everything in case the key has the wrong size */
210 + dtls_warn("cannot set rijndael key\n");
215 + memmove(buf, src, length);
216 + ret = dtls_cbc_encrypt(&ctx->data, nounce, src, length, buf);
220 - memmove(buf, src, length);
221 - ret = dtls_ccm_encrypt(&ctx->data, src, length, buf, nounce, aad, la);
224 dtls_cipher_context_release();
225 @@ -531,21 +635,38 @@ dtls_decrypt(const unsigned char *src, size_t length,
227 unsigned char *nounce,
228 unsigned char *key, size_t keylen,
229 - const unsigned char *aad, size_t la)
230 + const unsigned char *aad, size_t la,
231 + const dtls_cipher_t cipher)
235 struct dtls_cipher_context_t *ctx = dtls_cipher_context_get();
237 - ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen);
239 - /* cleanup everything in case the key has the wrong size */
240 - dtls_warn("cannot set rijndael key\n");
242 + if(cipher == TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ||
243 + cipher == TLS_PSK_WITH_AES_128_CCM_8) {
244 + ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen);
246 + /* cleanup everything in case the key has the wrong size */
247 + dtls_warn("cannot set rijndael key\n");
252 + memmove(buf, src, length);
253 + ret = dtls_ccm_decrypt(&ctx->data, src, length, buf, nounce, aad, la);
257 - memmove(buf, src, length);
258 - ret = dtls_ccm_decrypt(&ctx->data, src, length, buf, nounce, aad, la);
259 + if(cipher == TLS_ECDH_anon_WITH_AES_128_CBC_SHA) {
260 + ret = rijndael_set_key(&ctx->data.ctx, key, 8 * keylen);
262 + /* cleanup everything in case the key has the wrong size */
263 + dtls_warn("cannot set rijndael key\n");
268 + memmove(buf, src, length);
269 + ret = dtls_cbc_decrypt(&ctx->data, nounce, src, length, buf);
273 dtls_cipher_context_release();
274 diff --git a/extlibs/tinydtls/crypto.h b/extlibs/tinydtls/crypto.h
275 index 972a174..dd13ffa 100644
276 --- a/extlibs/tinydtls/crypto.h
277 +++ b/extlibs/tinydtls/crypto.h
278 @@ -69,11 +69,11 @@ typedef enum {
279 /** Crypto context for TLS_PSK_WITH_AES_128_CCM_8 cipher suite. */
281 rijndael_ctx ctx; /**< AES-128 encryption context */
285 typedef struct dtls_cipher_context_t {
286 /** numeric identifier of this cipher suite in host byte order. */
287 - aes128_ccm_t data; /**< The crypto context */
288 + aes128_t data; /**< The crypto context */
289 } dtls_cipher_context_t;
292 @@ -82,7 +82,8 @@ typedef struct {
293 uint8 other_eph_pub_y[32];
294 uint8 other_pub_x[32];
295 uint8 other_pub_y[32];
296 -} dtls_handshake_parameters_ecdsa_t;
297 +} dtls_handshake_parameters_ecc_t;
300 /* This is the maximal supported length of the psk client identity and psk
301 * server identity hint */
302 @@ -129,7 +130,7 @@ typedef struct {
303 unsigned int do_client_auth:1;
306 - dtls_handshake_parameters_ecdsa_t ecdsa;
307 + dtls_handshake_parameters_ecc_t ecc;
308 #endif /* DTLS_ECC */
310 dtls_handshake_parameters_psk_t psk;
311 @@ -265,7 +266,8 @@ int dtls_encrypt(const unsigned char *src, size_t length,
313 unsigned char *nounce,
314 unsigned char *key, size_t keylen,
315 - const unsigned char *aad, size_t aad_length);
316 + const unsigned char *aad, size_t aad_length,
317 + const dtls_cipher_t cipher);
320 * Decrypts the given buffer \p src of given \p length, writing the
321 @@ -289,7 +291,8 @@ int dtls_decrypt(const unsigned char *src, size_t length,
323 unsigned char *nounce,
324 unsigned char *key, size_t keylen,
325 - const unsigned char *a_data, size_t a_data_length);
326 + const unsigned char *a_data, size_t a_data_length,
327 + const dtls_cipher_t cipher);
329 /* helper functions */
331 diff --git a/extlibs/tinydtls/dtls.c b/extlibs/tinydtls/dtls.c
332 index a87d7f1..f9a9a0b 100644
333 --- a/extlibs/tinydtls/dtls.c
334 +++ b/extlibs/tinydtls/dtls.c
336 #define DTLS_SH_LENGTH (2 + DTLS_RANDOM_LENGTH + 1 + 2 + 1)
337 #define DTLS_CE_LENGTH (3 + 3 + 27 + DTLS_EC_KEY_SIZE + DTLS_EC_KEY_SIZE)
338 #define DTLS_SKEXEC_LENGTH (1 + 2 + 1 + 1 + DTLS_EC_KEY_SIZE + DTLS_EC_KEY_SIZE + 1 + 1 + 2 + 70)
339 +#define DTLS_SKEXEC_ECDH_ANON_LENGTH (1 + 2 + 1 + 1 + DTLS_EC_KEY_SIZE + DTLS_EC_KEY_SIZE)
340 #define DTLS_SKEXECPSK_LENGTH_MIN 2
341 #define DTLS_SKEXECPSK_LENGTH_MAX 2 + DTLS_PSK_MAX_CLIENT_IDENTITY_LEN
342 #define DTLS_CKXPSK_LENGTH_MIN 2
343 @@ -167,6 +168,24 @@ dtls_init() {
348 + dtls_enables_anon_ecdh(dtls_context_t* ctx, dtls_cipher_enable_t is_enable)
352 + ctx->is_anon_ecdh_eabled = is_enable;
357 +dtls_select_cipher(dtls_context_t* ctx, const dtls_cipher_t cipher)
361 + ctx->selected_cipher = cipher;
365 /* Calls cb_alert() with given arguments if defined, otherwise an
366 * error message is logged and the result is -1. This is just an
368 @@ -477,6 +496,17 @@ static inline int is_tls_psk_with_aes_128_ccm_8(dtls_cipher_t cipher)
369 #endif /* DTLS_PSK */
372 +/** returns true if the cipher matches TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
373 +static inline int is_tls_ecdh_anon_with_aes_128_cbc_sha(dtls_cipher_t cipher)
376 + return cipher == TLS_ECDH_anon_WITH_AES_128_CBC_SHA;
383 /** returns true if the application is configured for psk */
384 static inline int is_psk_supported(dtls_context_t *ctx)
386 @@ -509,6 +539,16 @@ static inline int is_ecdsa_client_auth_supported(dtls_context_t *ctx)
387 #endif /* DTLS_ECC */
390 +/** returns true if ecdh_anon_with_aes_128_cbc_sha is supported */
391 +static inline int is_ecdh_anon_supported(dtls_context_t *ctx)
394 + return ctx && (ctx->is_anon_ecdh_eabled == DTLS_CIPHER_ENABLE);
401 * Returns @c 1 if @p code is a cipher suite other than @c
402 * TLS_NULL_WITH_NULL_NULL that we recognize.
403 @@ -522,11 +562,15 @@ static int
404 known_cipher(dtls_context_t *ctx, dtls_cipher_t code, int is_client) {
409 psk = is_psk_supported(ctx);
410 ecdsa = is_ecdsa_supported(ctx, is_client);
411 + ecdh_anon = is_ecdh_anon_supported(ctx);
413 return (psk && is_tls_psk_with_aes_128_ccm_8(code)) ||
414 - (ecdsa && is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(code));
415 + (ecdsa && is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(code)) ||
416 + (ecdh_anon && is_tls_ecdh_anon_with_aes_128_cbc_sha(code));
420 @@ -674,11 +718,12 @@ calculate_key_block(dtls_context_t *ctx,
422 #endif /* DTLS_PSK */
424 - case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: {
425 - pre_master_len = dtls_ecdh_pre_master_secret(handshake->keyx.ecdsa.own_eph_priv,
426 - handshake->keyx.ecdsa.other_eph_pub_x,
427 - handshake->keyx.ecdsa.other_eph_pub_y,
428 - sizeof(handshake->keyx.ecdsa.own_eph_priv),
429 + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
430 + case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: {
431 + pre_master_len = dtls_ecdh_pre_master_secret(handshake->keyx.ecc.own_eph_priv,
432 + handshake->keyx.ecc.other_eph_pub_x,
433 + handshake->keyx.ecc.other_eph_pub_y,
434 + sizeof(handshake->keyx.ecc.own_eph_priv),
436 MAX_KEYBLOCK_LENGTH);
437 if (pre_master_len < 0) {
438 @@ -1038,7 +1083,8 @@ check_client_keyexchange(dtls_context_t *ctx,
439 uint8 *data, size_t length) {
442 - if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(handshake->cipher)) {
443 + if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(handshake->cipher) ||
444 + is_tls_ecdh_anon_with_aes_128_cbc_sha(handshake->cipher) ) {
446 if (length < DTLS_HS_LENGTH + DTLS_CKXEC_LENGTH) {
447 dtls_debug("The client key exchange is too short\n");
448 @@ -1058,13 +1104,13 @@ check_client_keyexchange(dtls_context_t *ctx,
450 data += sizeof(uint8);
452 - memcpy(handshake->keyx.ecdsa.other_eph_pub_x, data,
453 - sizeof(handshake->keyx.ecdsa.other_eph_pub_x));
454 - data += sizeof(handshake->keyx.ecdsa.other_eph_pub_x);
455 + memcpy(handshake->keyx.ecc.other_eph_pub_x, data,
456 + sizeof(handshake->keyx.ecc.other_eph_pub_x));
457 + data += sizeof(handshake->keyx.ecc.other_eph_pub_x);
459 - memcpy(handshake->keyx.ecdsa.other_eph_pub_y, data,
460 - sizeof(handshake->keyx.ecdsa.other_eph_pub_y));
461 - data += sizeof(handshake->keyx.ecdsa.other_eph_pub_y);
462 + memcpy(handshake->keyx.ecc.other_eph_pub_y, data,
463 + sizeof(handshake->keyx.ecc.other_eph_pub_y));
464 + data += sizeof(handshake->keyx.ecc.other_eph_pub_y);
466 #endif /* DTLS_ECC */
468 @@ -1253,6 +1299,8 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security,
469 dtls_debug("dtls_prepare_record(): encrypt using TLS_PSK_WITH_AES_128_CCM_8\n");
470 } else if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(security->cipher)) {
471 dtls_debug("dtls_prepare_record(): encrypt using TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8\n");
472 + } else if (is_tls_ecdh_anon_with_aes_128_cbc_sha(security->cipher)) {
473 + dtls_debug("dtls_prepare_record() : encrypt using TLS_ECDH_anon_WITH_AES_128_CBC_SHA\n");
475 dtls_debug("dtls_prepare_record(): encrypt using unknown cipher\n");
477 @@ -1332,9 +1380,10 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security,
478 dtls_int_to_uint16(A_DATA + 11, res - 8); /* length */
480 res = dtls_encrypt(start + 8, res - 8, start + 8, nonce,
481 - dtls_kb_local_write_key(security, peer->role),
482 - dtls_kb_key_size(security, peer->role),
483 - A_DATA, A_DATA_LEN);
484 + dtls_kb_local_write_key(security, peer->role),
485 + dtls_kb_key_size(security, peer->role),
486 + A_DATA, A_DATA_LEN,
491 @@ -1753,8 +1802,8 @@ check_client_certificate_verify(dtls_context_t *ctx,
493 dtls_hash_finalize(sha256hash, &hs_hash);
495 - ret = dtls_ecdsa_verify_sig_hash(config->keyx.ecdsa.other_pub_x, config->keyx.ecdsa.other_pub_y,
496 - sizeof(config->keyx.ecdsa.other_pub_x),
497 + ret = dtls_ecdsa_verify_sig_hash(config->keyx.ecc.other_pub_x, config->keyx.ecc.other_pub_y,
498 + sizeof(config->keyx.ecc.other_pub_x),
499 sha256hash, sizeof(sha256hash),
502 @@ -1866,7 +1915,7 @@ dtls_send_server_hello(dtls_context_t *ctx, dtls_peer_t *peer)
505 dtls_send_certificate_ecdsa(dtls_context_t *ctx, dtls_peer_t *peer,
506 - const dtls_ecdsa_key_t *key)
507 + const dtls_ecc_key_t *key)
509 uint8 buf[DTLS_CE_LENGTH];
511 @@ -1956,7 +2005,7 @@ dtls_add_ecdsa_signature_elem(uint8 *p, uint32_t *point_r, uint32_t *point_s)
514 dtls_send_server_key_exchange_ecdh(dtls_context_t *ctx, dtls_peer_t *peer,
515 - const dtls_ecdsa_key_t *key)
516 + const dtls_ecc_key_t *key)
518 /* The ASN.1 Integer representation of an 32 byte unsigned int could be
519 * 33 bytes long add space for that */
520 @@ -1967,9 +2016,11 @@ dtls_send_server_key_exchange_ecdh(dtls_context_t *ctx, dtls_peer_t *peer,
521 uint8 *ephemeral_pub_y;
525 dtls_handshake_parameters_t *config = peer->handshake_params;
527 - /* ServerKeyExchange
528 + ecdsa = is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher);
529 + /* ServerKeyExchange
531 * Start message construction at beginning of buffer. */
533 @@ -1998,18 +2049,20 @@ dtls_send_server_key_exchange_ecdh(dtls_context_t *ctx, dtls_peer_t *peer,
535 p += DTLS_EC_KEY_SIZE;
537 - dtls_ecdsa_generate_key(config->keyx.ecdsa.own_eph_priv,
538 - ephemeral_pub_x, ephemeral_pub_y,
540 + dtls_ecdsa_generate_key(config->keyx.ecc.own_eph_priv,
541 + ephemeral_pub_x, ephemeral_pub_y,
544 - /* sign the ephemeral and its paramaters */
545 - dtls_ecdsa_create_sig(key->priv_key, DTLS_EC_KEY_SIZE,
546 - config->tmp.random.client, DTLS_RANDOM_LENGTH,
547 - config->tmp.random.server, DTLS_RANDOM_LENGTH,
548 - key_params, p - key_params,
551 + /* sign the ephemeral and its paramaters */
552 + dtls_ecdsa_create_sig(key->priv_key, DTLS_EC_KEY_SIZE,
553 + config->tmp.random.client, DTLS_RANDOM_LENGTH,
554 + config->tmp.random.server, DTLS_RANDOM_LENGTH,
555 + key_params, p - key_params,
558 - p = dtls_add_ecdsa_signature_elem(p, point_r, point_s);
559 + p = dtls_add_ecdsa_signature_elem(p, point_r, point_s);
562 assert(p - buf <= sizeof(buf));
564 @@ -2107,6 +2160,8 @@ static int
565 dtls_send_server_hello_msgs(dtls_context_t *ctx, dtls_peer_t *peer)
571 res = dtls_send_server_hello(ctx, peer);
573 @@ -2115,9 +2170,20 @@ dtls_send_server_hello_msgs(dtls_context_t *ctx, dtls_peer_t *peer)
577 + ecdsa = is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher);
578 + ecdh_anon = is_tls_ecdh_anon_with_aes_128_cbc_sha(peer->handshake_params->cipher);
581 - if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher)) {
582 - const dtls_ecdsa_key_t *ecdsa_key;
584 + res = dtls_send_server_key_exchange_ecdh(ctx, peer, NULL);
587 + dtls_debug("dtls_server_hello(with ECDH): cannot prepare Server Key Exchange record\n");
592 + const dtls_ecc_key_t *ecdsa_key;
594 res = CALL(ctx, get_ecdsa_key, &peer->session, &ecdsa_key);
596 @@ -2144,7 +2210,7 @@ dtls_send_server_hello_msgs(dtls_context_t *ctx, dtls_peer_t *peer)
597 res = dtls_send_server_certificate_request(ctx, peer);
600 - dtls_debug("dtls_server_hello: cannot prepare certificate Request record\n");
601 + dtls_debug("dtls_server_hello(with ECDSA): cannot prepare certificate Request record\n");
605 @@ -2233,7 +2299,8 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer)
607 #endif /* DTLS_PSK */
609 - case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: {
610 + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
611 + case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: {
612 uint8 *ephemeral_pub_x;
613 uint8 *ephemeral_pub_y;
615 @@ -2249,7 +2316,7 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer)
617 p += DTLS_EC_KEY_SIZE;
619 - dtls_ecdsa_generate_key(peer->handshake_params->keyx.ecdsa.own_eph_priv,
620 + dtls_ecdsa_generate_key(peer->handshake_params->keyx.ecc.own_eph_priv,
621 ephemeral_pub_x, ephemeral_pub_y,
624 @@ -2270,7 +2337,7 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer)
627 dtls_send_certificate_verify_ecdh(dtls_context_t *ctx, dtls_peer_t *peer,
628 - const dtls_ecdsa_key_t *key)
629 + const dtls_ecc_key_t *key)
631 /* The ASN.1 Integer representation of an 32 byte unsigned int could be
632 * 33 bytes long add space for that */
633 @@ -2342,16 +2409,32 @@ dtls_send_client_hello(dtls_context_t *ctx, dtls_peer_t *peer,
636 uint8_t extension_size;
642 dtls_handshake_parameters_t *handshake = peer->handshake_params;
645 - psk = is_psk_supported(ctx);
646 - ecdsa = is_ecdsa_supported(ctx, 1);
647 + switch(ctx->selected_cipher)
649 + case TLS_PSK_WITH_AES_128_CCM_8:
650 + psk = is_psk_supported(ctx);
652 + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
653 + ecdsa = is_ecdsa_supported(ctx, 1);
655 + case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
656 + ecdh_anon = is_ecdh_anon_supported(ctx);
659 + psk = is_psk_supported(ctx);
660 + ecdsa = is_ecdsa_supported(ctx, 1);
661 + ecdh_anon = is_ecdh_anon_supported(ctx);
665 - cipher_size = 2 + ((ecdsa) ? 2 : 0) + ((psk) ? 2 : 0);
666 - extension_size = (ecdsa) ? 2 + 6 + 6 + 8 + 6: 0;
667 + cipher_size = 2 + (ecdsa ? 2 : 0) + (psk ? 2 : 0) + (ecdh_anon ? 2 : 0);
668 + extension_size = (ecdsa) ? (2 + 6 + 6 + 8 + 6) : 0;
670 if (cipher_size == 0) {
671 dtls_crit("no cipher callbacks implemented\n");
672 @@ -2393,14 +2476,18 @@ dtls_send_client_hello(dtls_context_t *ctx, dtls_peer_t *peer,
673 dtls_int_to_uint16(p, cipher_size - 2);
677 - dtls_int_to_uint16(p, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
679 + dtls_int_to_uint16(p, TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
683 dtls_int_to_uint16(p, TLS_PSK_WITH_AES_128_CCM_8);
687 + dtls_int_to_uint16(p, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
688 + p += sizeof(uint16);
691 /* compression method */
692 dtls_int_to_uint8(p, 1);
693 @@ -2611,18 +2698,18 @@ check_server_certificate(dtls_context_t *ctx,
695 data += sizeof(cert_asn1_header);
697 - memcpy(config->keyx.ecdsa.other_pub_x, data,
698 - sizeof(config->keyx.ecdsa.other_pub_x));
699 - data += sizeof(config->keyx.ecdsa.other_pub_x);
700 + memcpy(config->keyx.ecc.other_pub_x, data,
701 + sizeof(config->keyx.ecc.other_pub_x));
702 + data += sizeof(config->keyx.ecc.other_pub_x);
704 - memcpy(config->keyx.ecdsa.other_pub_y, data,
705 - sizeof(config->keyx.ecdsa.other_pub_y));
706 - data += sizeof(config->keyx.ecdsa.other_pub_y);
707 + memcpy(config->keyx.ecc.other_pub_y, data,
708 + sizeof(config->keyx.ecc.other_pub_y));
709 + data += sizeof(config->keyx.ecc.other_pub_y);
711 err = CALL(ctx, verify_ecdsa_key, &peer->session,
712 - config->keyx.ecdsa.other_pub_x,
713 - config->keyx.ecdsa.other_pub_y,
714 - sizeof(config->keyx.ecdsa.other_pub_x));
715 + config->keyx.ecc.other_pub_x,
716 + config->keyx.ecc.other_pub_y,
717 + sizeof(config->keyx.ecc.other_pub_x));
719 dtls_warn("The certificate was not accepted\n");
721 @@ -2682,13 +2769,13 @@ check_server_key_exchange_ecdsa(dtls_context_t *ctx,
722 data += sizeof(uint8);
723 data_length -= sizeof(uint8);
725 - memcpy(config->keyx.ecdsa.other_eph_pub_x, data, sizeof(config->keyx.ecdsa.other_eph_pub_y));
726 - data += sizeof(config->keyx.ecdsa.other_eph_pub_y);
727 - data_length -= sizeof(config->keyx.ecdsa.other_eph_pub_y);
728 + memcpy(config->keyx.ecc.other_eph_pub_x, data, sizeof(config->keyx.ecc.other_eph_pub_y));
729 + data += sizeof(config->keyx.ecc.other_eph_pub_y);
730 + data_length -= sizeof(config->keyx.ecc.other_eph_pub_y);
732 - memcpy(config->keyx.ecdsa.other_eph_pub_y, data, sizeof(config->keyx.ecdsa.other_eph_pub_y));
733 - data += sizeof(config->keyx.ecdsa.other_eph_pub_y);
734 - data_length -= sizeof(config->keyx.ecdsa.other_eph_pub_y);
735 + memcpy(config->keyx.ecc.other_eph_pub_y, data, sizeof(config->keyx.ecc.other_eph_pub_y));
736 + data += sizeof(config->keyx.ecc.other_eph_pub_y);
737 + data_length -= sizeof(config->keyx.ecc.other_eph_pub_y);
739 ret = dtls_check_ecdsa_signature_elem(data, data_length, &result_r, &result_s);
741 @@ -2697,8 +2784,8 @@ check_server_key_exchange_ecdsa(dtls_context_t *ctx,
745 - ret = dtls_ecdsa_verify_sig(config->keyx.ecdsa.other_pub_x, config->keyx.ecdsa.other_pub_y,
746 - sizeof(config->keyx.ecdsa.other_pub_x),
747 + ret = dtls_ecdsa_verify_sig(config->keyx.ecc.other_pub_x, config->keyx.ecc.other_pub_y,
748 + sizeof(config->keyx.ecc.other_pub_x),
749 config->tmp.random.client, DTLS_RANDOM_LENGTH,
750 config->tmp.random.server, DTLS_RANDOM_LENGTH,
752 @@ -2711,6 +2798,64 @@ check_server_key_exchange_ecdsa(dtls_context_t *ctx,
758 +check_server_key_exchange_ecdh(dtls_context_t *ctx,
760 + uint8 *data, size_t data_length)
762 + dtls_handshake_parameters_t *config = peer->handshake_params;
764 + update_hs_hash(peer, data, data_length);
766 + assert(is_tls_ecdh_anon_with_aes_128_cbc_sha(config->cipher));
768 + data += DTLS_HS_LENGTH;
770 + if (data_length < DTLS_HS_LENGTH + DTLS_SKEXEC_ECDH_ANON_LENGTH) {
771 + dtls_alert("the packet length does not match the expected\n");
772 + return dtls_alert_fatal_create(DTLS_ALERT_DECODE_ERROR);
775 + if (dtls_uint8_to_int(data) != TLS_EC_CURVE_TYPE_NAMED_CURVE) {
776 + dtls_alert("Only named curves supported\n");
777 + return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
779 + data += sizeof(uint8);
780 + data_length -= sizeof(uint8);
782 + if (dtls_uint16_to_int(data) != TLS_EXT_ELLIPTIC_CURVES_SECP256R1) {
783 + dtls_alert("secp256r1 supported\n");
784 + return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
786 + data += sizeof(uint16);
787 + data_length -= sizeof(uint16);
789 + if (dtls_uint8_to_int(data) != 1 + 2 * DTLS_EC_KEY_SIZE) {
790 + dtls_alert("expected 65 bytes long public point\n");
791 + return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
793 + data += sizeof(uint8);
794 + data_length -= sizeof(uint8);
796 + if (dtls_uint8_to_int(data) != 4) {
797 + dtls_alert("expected uncompressed public point\n");
798 + return dtls_alert_fatal_create(DTLS_ALERT_DECODE_ERROR);
800 + data += sizeof(uint8);
801 + data_length -= sizeof(uint8);
803 + memcpy(config->keyx.ecc.other_eph_pub_x, data, sizeof(config->keyx.ecc.other_eph_pub_x));
804 + data += sizeof(config->keyx.ecc.other_eph_pub_x);
805 + data_length -= sizeof(config->keyx.ecc.other_eph_pub_x);
807 + memcpy(config->keyx.ecc.other_eph_pub_y, data, sizeof(config->keyx.ecc.other_eph_pub_y));
808 + data += sizeof(config->keyx.ecc.other_eph_pub_y);
809 + data_length -= sizeof(config->keyx.ecc.other_eph_pub_y);
814 #endif /* DTLS_ECC */
817 @@ -2838,7 +2983,7 @@ check_server_hellodone(dtls_context_t *ctx,
821 - const dtls_ecdsa_key_t *ecdsa_key;
822 + const dtls_ecc_key_t *ecdsa_key;
823 #endif /* DTLS_ECC */
825 dtls_handshake_parameters_t *handshake = peer->handshake_params;
826 @@ -2848,7 +2993,7 @@ check_server_hellodone(dtls_context_t *ctx,
827 update_hs_hash(peer, data, data_length);
830 - if (handshake->do_client_auth) {
831 + if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(handshake->cipher) && handshake->do_client_auth) {
833 res = CALL(ctx, get_ecdsa_key, &peer->session, &ecdsa_key);
835 @@ -2874,7 +3019,7 @@ check_server_hellodone(dtls_context_t *ctx,
839 - if (handshake->do_client_auth) {
840 + if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(handshake->cipher) && handshake->do_client_auth) {
842 res = dtls_send_certificate_verify_ecdh(ctx, peer, ecdsa_key);
844 @@ -2961,12 +3106,13 @@ decrypt_verify(dtls_peer_t *peer, uint8 *packet, size_t length,
845 clen = dtls_decrypt(*cleartext, clen, *cleartext, nonce,
846 dtls_kb_remote_write_key(security, peer->role),
847 dtls_kb_key_size(security, peer->role),
848 - A_DATA, A_DATA_LEN);
849 + A_DATA, A_DATA_LEN,
852 dtls_warn("decryption failed\n");
855 - printf("decrypt_verify(): found %i bytes cleartext\n", clen);
856 + dtls_debug("decrypt_verify(): found %i bytes cleartext\n", clen);
858 dtls_security_params_free_other(peer);
859 dtls_debug_dump("cleartext", *cleartext, clen);
860 @@ -3071,9 +3217,11 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session,
863 if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher))
864 - peer->state = DTLS_STATE_WAIT_SERVERCERTIFICATE;
865 + peer->state = DTLS_STATE_WAIT_SERVERCERTIFICATE; //ecdsa
866 + else if (is_tls_ecdh_anon_with_aes_128_cbc_sha(peer->handshake_params->cipher))
867 + peer->state = DTLS_STATE_WAIT_SERVERKEYEXCHANGE; //ecdh
869 - peer->state = DTLS_STATE_WAIT_SERVERHELLODONE;
870 + peer->state = DTLS_STATE_WAIT_SERVERHELLODONE; //psk
871 /* update_hs_hash(peer, data, data_length); */
874 @@ -3109,6 +3257,13 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session,
876 err = check_server_key_exchange_ecdsa(ctx, peer, data, data_length);
879 + if (is_tls_ecdh_anon_with_aes_128_cbc_sha(peer->handshake_params->cipher)) {
880 + if (state != DTLS_STATE_WAIT_SERVERKEYEXCHANGE) {
881 + return dtls_alert_fatal_create(DTLS_ALERT_UNEXPECTED_MESSAGE);
883 + err = check_server_key_exchange_ecdh(ctx, peer, data, data_length);
885 #endif /* DTLS_ECC */
887 if (is_tls_psk_with_aes_128_ccm_8(peer->handshake_params->cipher)) {
888 @@ -3218,9 +3373,9 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session,
890 if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher) &&
891 is_ecdsa_client_auth_supported(ctx))
892 - peer->state = DTLS_STATE_WAIT_CERTIFICATEVERIFY;
893 + peer->state = DTLS_STATE_WAIT_CERTIFICATEVERIFY; //ecdsa
895 - peer->state = DTLS_STATE_WAIT_CHANGECIPHERSPEC;
896 + peer->state = DTLS_STATE_WAIT_CHANGECIPHERSPEC; //psk || ecdh_anon
900 @@ -3341,9 +3496,9 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session,
902 if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher) &&
903 is_ecdsa_client_auth_supported(ctx))
904 - peer->state = DTLS_STATE_WAIT_CLIENTCERTIFICATE;
905 + peer->state = DTLS_STATE_WAIT_CLIENTCERTIFICATE; //ecdhe
907 - peer->state = DTLS_STATE_WAIT_CLIENTKEYEXCHANGE;
908 + peer->state = DTLS_STATE_WAIT_CLIENTKEYEXCHANGE; //psk, ecdh_anon
910 /* after sending the ServerHelloDone, we expect the
911 * ClientKeyExchange (possibly containing the PSK id),
912 diff --git a/extlibs/tinydtls/dtls.h b/extlibs/tinydtls/dtls.h
913 index 7ebde6b..4d82f72 100644
914 --- a/extlibs/tinydtls/dtls.h
915 +++ b/extlibs/tinydtls/dtls.h
916 @@ -60,12 +60,12 @@ typedef enum dtls_credentials_type_t {
917 DTLS_PSK_HINT, DTLS_PSK_IDENTITY, DTLS_PSK_KEY
918 } dtls_credentials_type_t;
920 -typedef struct dtls_ecdsa_key_t {
921 +typedef struct dtls_ecc_key_t {
922 dtls_ecdh_curve curve;
923 const unsigned char *priv_key; /** < private key as bytes > */
924 const unsigned char *pub_key_x; /** < x part of the public key for the given private key > */
925 const unsigned char *pub_key_y; /** < y part of the public key for the given private key > */
929 /** Length of the secret that is used for generating Hello Verify cookies. */
930 #define DTLS_COOKIE_SECRET_LENGTH 12
931 @@ -183,7 +183,7 @@ typedef struct {
933 int (*get_ecdsa_key)(struct dtls_context_t *ctx,
934 const session_t *session,
935 - const dtls_ecdsa_key_t **result);
936 + const dtls_ecc_key_t **result);
939 * Called during handshake to check the peer's pubic key in this
940 @@ -238,6 +238,10 @@ typedef struct dtls_context_t {
942 dtls_handler_t *h; /**< callback handlers */
944 + dtls_cipher_enable_t is_anon_ecdh_eabled; /**< enable/disable the TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
946 + dtls_cipher_t selected_cipher; /**< selected ciper suite for handshake */
948 unsigned char readbuf[DTLS_MAX_BUF];
951 @@ -263,6 +267,24 @@ static inline void dtls_set_handler(dtls_context_t *ctx, dtls_handler_t *h) {
956 + * @brief Enabling the TLS_ECDH_anon_WITH_AES_128_CBC_SHA
958 + * @param ctx The DTLS context to use.
959 + * @param is_enable DTLS_CIPHER_ENABLE(1) or DTLS_CIPHER_DISABLE(0)
961 +void dtls_enables_anon_ecdh(dtls_context_t* ctx, dtls_cipher_enable_t is_enable);
964 + * @brief Select the cipher suite for handshake
966 + * @param ctx The DTLS context to use.
967 + * @param cipher TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xC018)
968 + * TLS_PSK_WITH_AES_128_CCM_8 (0xX0A8)
969 + * TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xC0AE)
971 +void dtls_select_cipher(dtls_context_t* ctx, const dtls_cipher_t cipher);
974 * Establishes a DTLS channel with the specified remote peer @p dst.
975 * This function returns @c 0 if that channel already exists, a value
976 diff --git a/extlibs/tinydtls/global.h b/extlibs/tinydtls/global.h
977 index f0977c8..441710f 100644
978 --- a/extlibs/tinydtls/global.h
979 +++ b/extlibs/tinydtls/global.h
980 @@ -73,10 +73,16 @@ typedef unsigned char uint48[6];
981 /** Known cipher suites.*/
983 TLS_NULL_WITH_NULL_NULL = 0x0000, /**< NULL cipher */
984 + TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018, /**< see RFC 4492 */
985 TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8, /**< see RFC 6655 */
986 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE /**< see RFC 7251 */
990 + DTLS_CIPHER_DISABLE = 0,
991 + DTLS_CIPHER_ENABLE = 1
992 +} dtls_cipher_enable_t;
994 /** Known compression suites.*/
996 TLS_COMPRESSION_NULL = 0x0000 /* NULL compression */
997 diff --git a/extlibs/tinydtls/tests/dtls-client.c b/extlibs/tinydtls/tests/dtls-client.c
998 index 65b0275..3a3e4ca 100644
999 --- a/extlibs/tinydtls/tests/dtls-client.c
1000 +++ b/extlibs/tinydtls/tests/dtls-client.c
1001 @@ -147,8 +147,8 @@ get_psk_info(struct dtls_context_t *ctx UNUSED_PARAM,
1003 get_ecdsa_key(struct dtls_context_t *ctx,
1004 const session_t *session,
1005 - const dtls_ecdsa_key_t **result) {
1006 - static const dtls_ecdsa_key_t ecdsa_key = {
1007 + const dtls_ecc_key_t **result) {
1008 + static const dtls_ecc_key_t ecdsa_key = {
1009 .curve = DTLS_ECDH_CURVE_SECP256R1,
1010 .priv_key = ecdsa_priv_key,
1011 .pub_key_x = ecdsa_pub_key_x,
1012 @@ -294,9 +294,9 @@ usage( const char *program, const char *version) {
1013 fprintf(stderr, "%s v%s -- DTLS client implementation\n"
1014 "(c) 2011-2014 Olaf Bergmann <bergmann@tzi.org>\n\n"
1016 - "usage: %s [-i file] [-s file] [-k file] [-o file] [-p port] [-v num] addr [port]\n"
1017 + "usage: %s [-i file] [-s file] [-k file] [-o file] [-p port] [-v num] [-c num] addr [port]\n"
1018 #else /* DTLS_PSK */
1019 - "usage: %s [-o file] [-p port] [-v num] addr [port]\n"
1020 + "usage: %s [-o file] [-p port] [-v num] [-c num] addr [port]\n"
1021 #endif /* DTLS_PSK */
1023 "\t-i file\t\tread PSK Client identity from file\n"
1024 @@ -305,7 +305,11 @@ usage( const char *program, const char *version) {
1025 #endif /* DTLS_PSK */
1026 "\t-o file\t\toutput received data to this file (use '-' for STDOUT)\n"
1027 "\t-p port\t\tlisten on specified port (default is %d)\n"
1028 - "\t-v num\t\tverbosity level (default: 3)\n",
1029 + "\t-v num\t\tverbosity level (default: 3)\n"
1030 + "\t-c num\t\tcipher suite (default: 1)\n"
1031 + "\t\t\t1: TLS_ECDH_anon_WITH_AES_128_CBC_SHA \n"
1032 + "\t\t\t2: TLS_PSK_WITH_AES_128_CCM_8\n"
1033 + "\t\t\t3: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8\n",
1034 program, version, program, DEFAULT_PORT);
1037 @@ -334,6 +338,8 @@ main(int argc, char **argv) {
1038 log_t log_level = DTLS_LOG_WARN;
1041 + dtls_cipher_t selected_cipher = TLS_ECDH_anon_WITH_AES_128_CBC_SHA;
1042 + dtls_cipher_enable_t ecdh_anon_enalbe = DTLS_CIPHER_ENABLE;
1046 @@ -349,7 +355,7 @@ main(int argc, char **argv) {
1047 memcpy(psk_key, PSK_DEFAULT_KEY, psk_key_length);
1048 #endif /* DTLS_PSK */
1050 - while ((opt = getopt(argc, argv, "p:o:v:" PSK_OPTIONS)) != -1) {
1051 + while ((opt = getopt(argc, argv, "p:o:v:c:" PSK_OPTIONS)) != -1) {
1055 @@ -399,6 +405,23 @@ main(int argc, char **argv) {
1057 log_level = strtol(optarg, NULL, 10);
1060 + if( strcmp(optarg, "1") == 0)
1062 + selected_cipher = TLS_ECDH_anon_WITH_AES_128_CBC_SHA;
1063 + ecdh_anon_enalbe = DTLS_CIPHER_ENABLE;
1065 + else if( strcmp(optarg, "2") == 0)
1067 + selected_cipher = TLS_PSK_WITH_AES_128_CCM_8 ;
1068 + ecdh_anon_enalbe = DTLS_CIPHER_DISABLE;
1070 + else if( strcmp(optarg, "3") == 0)
1072 + selected_cipher = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ;
1073 + ecdh_anon_enalbe = DTLS_CIPHER_DISABLE;
1077 usage(argv[0], dtls_package_version());
1079 @@ -464,6 +487,13 @@ main(int argc, char **argv) {
1084 + /* select cipher suite */
1085 + dtls_select_cipher(dtls_context, selected_cipher);
1087 + /* enable/disable tls_ecdh_anon_with_aes_128_cbc_sha */
1088 + dtls_enables_anon_ecdh(dtls_context, ecdh_anon_enalbe);
1090 dtls_set_handler(dtls_context, &cb);
1092 dtls_connect(dtls_context, &dst);
1093 diff --git a/extlibs/tinydtls/tests/dtls-server.c b/extlibs/tinydtls/tests/dtls-server.c
1094 index ae1283e..d3da1a7 100644
1095 --- a/extlibs/tinydtls/tests/dtls-server.c
1096 +++ b/extlibs/tinydtls/tests/dtls-server.c
1097 @@ -113,8 +113,8 @@ get_psk_info(struct dtls_context_t *ctx, const session_t *session,
1099 get_ecdsa_key(struct dtls_context_t *ctx,
1100 const session_t *session,
1101 - const dtls_ecdsa_key_t **result) {
1102 - static const dtls_ecdsa_key_t ecdsa_key = {
1103 + const dtls_ecc_key_t **result) {
1104 + static const dtls_ecc_key_t ecdsa_key = {
1105 .curve = DTLS_ECDH_CURVE_SECP256R1,
1106 .priv_key = ecdsa_priv_key,
1107 .pub_key_x = ecdsa_pub_key_x,
1108 @@ -249,10 +249,13 @@ usage(const char *program, const char *version) {
1110 fprintf(stderr, "%s v%s -- DTLS server implementation\n"
1111 "(c) 2011-2014 Olaf Bergmann <bergmann@tzi.org>\n\n"
1112 - "usage: %s [-A address] [-p port] [-v num]\n"
1113 + "usage: %s [-A address] [-p port] [-v num] [-a enable|disable]\n"
1114 "\t-A address\t\tlisten on specified address (default is ::)\n"
1115 "\t-p port\t\tlisten on specified port (default is %d)\n"
1116 - "\t-v num\t\tverbosity level (default: 3)\n",
1117 + "\t-v num\t\tverbosity level (default: 3)\n"
1118 + "\t-a enable|disable\t(default: disable)\n"
1119 + "\t\t\t\tenable:enable TLS_ECDH_anon_with_AES_128_CBC_SHA\n"
1120 + "\t\t\t\tdisable:disable TLS_ECDH_anon_with_AES_128_CBC_SHA\n",
1121 program, version, program, DEFAULT_PORT);
1124 @@ -277,6 +280,7 @@ main(int argc, char **argv) {
1125 struct timeval timeout;
1126 int fd, opt, result;
1128 + int ecdh_anon_enalbe = DTLS_CIPHER_DISABLE;
1129 struct sockaddr_in6 listen_addr;
1131 memset(&listen_addr, 0, sizeof(struct sockaddr_in6));
1132 @@ -290,7 +294,7 @@ main(int argc, char **argv) {
1133 listen_addr.sin6_port = htons(DEFAULT_PORT);
1134 listen_addr.sin6_addr = in6addr_any;
1136 - while ((opt = getopt(argc, argv, "A:p:v:")) != -1) {
1137 + while ((opt = getopt(argc, argv, "A:p:v:a:")) != -1) {
1140 if (resolve_address(optarg, (struct sockaddr *)&listen_addr) < 0) {
1141 @@ -304,6 +308,10 @@ main(int argc, char **argv) {
1143 log_level = strtol(optarg, NULL, 10);
1146 + if( strcmp(optarg, "enable") == 0)
1147 + ecdh_anon_enalbe = DTLS_CIPHER_ENABLE;
1150 usage(argv[0], dtls_package_version());
1152 @@ -348,6 +356,9 @@ main(int argc, char **argv) {
1154 the_context = dtls_new_context(&fd);
1156 + /* enable/disable tls_ecdh_anon_with_aes_128_cbc_sha */
1157 + dtls_enables_anon_ecdh(the_context, ecdh_anon_enalbe);
1159 dtls_set_handler(the_context, &cb);