1 From 1ee27820ccad59423711c83fb01ff58939511f3b Mon Sep 17 00:00:00 2001
2 From: Sachin Agrawal <sachin.agrawal@intel.com>
3 Date: Mon, 29 Jun 2015 22:26:21 -0700
4 Subject: [PATCH 1/1] Fix the wrong implementation about the anonymous cipher
5 suite of tinydtls. (NOTE : This patch has been modified
8 1. IV for CBC block operation
9 - Apply the random IV for CBC block operations according to section 6.2.3.2 of RFC 5246.
12 - Apply HMAC for DTLS MAC calculation according to section 6.2.3.1 of RFC 5246.
15 - Apply PKCS#5 padding for CBC block cipher accroding to section 6.2.3.2 of RFC 5246.
17 4. Change the cipher suite name TLS_ECDH_anon_WITH_AES_128_CBC_SHA
18 to TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256.
20 5. Fix the minor bug in dtls sample.
22 Change-Id: I8783caa6ac04fe2d46e242efe56e3205646b1038
23 Signed-off-by: leechul <chuls.lee@samsung.com>
24 Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
26 extlibs/tinydtls/crypto.c | 100 +++++++++++++-----
27 extlibs/tinydtls/crypto.h | 1 +
28 extlibs/tinydtls/dtls.c | 111 +++++++++++++++-----
29 extlibs/tinydtls/dtls.h | 6 +-
30 extlibs/tinydtls/global.h | 2 +-
31 extlibs/tinydtls/tests/dtls-client.c | 8 +-
32 extlibs/tinydtls/tests/dtls-server.c | 8 +-
33 resource/csdk/connectivity/api/cainterface.h | 4 +-
34 resource/csdk/connectivity/inc/caadapternetdtls.h | 2 +-
35 .../src/adapter_util/caadapternetdtls.c | 2 +-
36 .../provisioning/src/provisioningmanager.c | 2 +-
37 11 files changed, 180 insertions(+), 66 deletions(-)
39 diff --git a/extlibs/tinydtls/crypto.c b/extlibs/tinydtls/crypto.c
40 index 5082535..3fbb993 100644
41 --- a/extlibs/tinydtls/crypto.c
42 +++ b/extlibs/tinydtls/crypto.c
44 #include "sha2/sha2.h"
51 @@ -329,6 +330,7 @@ dtls_ccm_decrypt(aes128_t *ccm_ctx, const unsigned char *src,
54 dtls_cbc_encrypt(aes128_t *aes_ctx,
55 + unsigned char *key, size_t keylen,
56 const unsigned char *iv,
57 const unsigned char *src, size_t srclen,
59 @@ -336,18 +338,35 @@ dtls_cbc_encrypt(aes128_t *aes_ctx,
60 unsigned char cbc[DTLS_BLK_LENGTH];
61 unsigned char tmp[DTLS_BLK_LENGTH];
63 - dtls_hash_ctx shactx;
64 + const unsigned char *dtls_hdr = NULL;
67 + dtls_hmac_context_t* hmac_ctx = NULL;
72 - dtls_hash_init(&shactx);
73 - dtls_hash_update(&shactx, src, srclen);
74 - dtls_hash_finalize(pos + srclen, &shactx);
75 + dtls_hdr = src - DTLS_CBC_IV_LENGTH - sizeof(dtls_record_header_t);
77 + //Calculate MAC : Append the MAC code to end of content
78 + hmac_ctx = dtls_hmac_new(key, keylen);
83 + dtls_hmac_free(hmac_ctx);
85 + dtls_debug_dump("[MAC]",
87 + DTLS_HMAC_DIGEST_SIZE);
89 + paddinglen = DTLS_BLK_LENGTH - ((srclen + DTLS_HMAC_DIGEST_SIZE) % DTLS_BLK_LENGTH);
92 + memset(buf + (srclen + DTLS_HMAC_DIGEST_SIZE), paddinglen - 1, paddinglen);
94 memcpy(cbc, iv, DTLS_BLK_LENGTH);
95 - blocks = (srclen + SHA256_DIGEST_LENGTH) / DTLS_BLK_LENGTH;
96 + blocks = (srclen + DTLS_HMAC_DIGEST_SIZE + paddinglen) / DTLS_BLK_LENGTH;
98 for (i = 0; i < blocks; i++) {
99 for (j = 0; j < DTLS_BLK_LENGTH; j++) {
100 @@ -360,14 +379,17 @@ dtls_cbc_encrypt(aes128_t *aes_ctx,
101 pos += DTLS_BLK_LENGTH;
104 - dtls_debug_dump("Encrypted Data:", buf, srclen + SHA256_DIGEST_LENGTH);
106 - return srclen + SHA256_DIGEST_LENGTH;
107 + dtls_debug_dump("[Encrypted Data]",
109 + srclen + DTLS_HMAC_DIGEST_SIZE + paddinglen);
111 + return srclen + DTLS_HMAC_DIGEST_SIZE + paddinglen;
116 dtls_cbc_decrypt(aes128_t *aes_ctx,
117 + unsigned char *key, size_t keylen,
118 const unsigned char *iv,
119 const unsigned char *src, size_t srclen,
120 unsigned char *buf) {
121 @@ -375,14 +397,17 @@ dtls_cbc_decrypt(aes128_t *aes_ctx,
122 unsigned char cbc[DTLS_BLK_LENGTH];
123 unsigned char tmp[DTLS_BLK_LENGTH];
124 unsigned char tmp2[DTLS_BLK_LENGTH];
125 - unsigned char msg_hash[SHA256_DIGEST_LENGTH];
126 + unsigned char mac_buf[DTLS_HMAC_DIGEST_SIZE] = {0,};
127 + const unsigned char *dtls_hdr = NULL;
129 - dtls_hash_ctx shactx;
132 + int depaddinglen = 0;
133 + dtls_hmac_context_t* hmac_ctx = NULL;
136 - memcpy(pos, src, srclen);
138 + dtls_hdr = src - DTLS_CBC_IV_LENGTH - sizeof(dtls_record_header_t);
140 memcpy(cbc, iv, DTLS_BLK_LENGTH);
141 blocks = srclen / DTLS_BLK_LENGTH;
142 @@ -401,19 +426,46 @@ dtls_cbc_decrypt(aes128_t *aes_ctx,
143 pos += DTLS_BLK_LENGTH;
146 - dtls_hash_init(&shactx);
147 - dtls_hash_update(&shactx, buf, srclen - SHA256_DIGEST_LENGTH);
148 - dtls_hash_finalize(msg_hash, &shactx);
150 - dtls_debug_dump("decrypted data:", buf, srclen);
152 + depaddinglen = buf[srclen -1];
154 - if(memcmp(msg_hash, buf + (srclen - SHA256_DIGEST_LENGTH), SHA256_DIGEST_LENGTH) != 0)
156 + hmac_ctx = dtls_hmac_new(key, keylen);
160 + dtls_mac(hmac_ctx, dtls_hdr, buf,
161 + srclen - DTLS_HMAC_DIGEST_SIZE - depaddinglen - 1,
163 + dtls_hmac_free(hmac_ctx);
165 + dtls_debug_dump("[MAC]",
167 + DTLS_HMAC_DIGEST_SIZE);
168 + dtls_debug_dump("[Decrypted data]",
170 + srclen - DTLS_HMAC_DIGEST_SIZE - depaddinglen - 1);
174 + buf + (srclen - DTLS_HMAC_DIGEST_SIZE - depaddinglen - 1),
175 + DTLS_HMAC_DIGEST_SIZE) != 0)
177 - dtls_warn("message is broken\n");
178 + dtls_crit("Failed to verification of MAC\n");
182 - return srclen - SHA256_DIGEST_LENGTH;
183 + //verify the padding bytes
184 + for (i =0; i < depaddinglen; i++)
186 + if (buf[srclen - depaddinglen - 1 + i] != depaddinglen)
188 + dtls_crit("Failed to verify padding bytes\n");
193 + return srclen - DTLS_HMAC_DIGEST_SIZE - depaddinglen - 1;
197 @@ -523,8 +575,6 @@ void
198 dtls_ecdsa_create_sig_hash(const unsigned char *priv_key, size_t key_size,
199 const unsigned char *sign_hash, size_t sign_hash_size,
200 uint32_t point_r[9], uint32_t point_s[9]) {
203 uint8_t privateKey[32];
204 uint8_t hashValue[32];
206 @@ -615,7 +665,7 @@ dtls_encrypt(const unsigned char *src, size_t length,
207 memmove(buf, src, length);
208 ret = dtls_ccm_encrypt(&ctx->data, src, length, buf, nounce, aad, la);
210 - if(cipher == TLS_ECDH_anon_WITH_AES_128_CBC_SHA) {
211 + if(cipher == TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256) {
212 ret = rijndael_set_key(&ctx->data.ctx, key, 8 * keylen);
214 /* cleanup everything in case the key has the wrong size */
215 @@ -625,7 +675,7 @@ dtls_encrypt(const unsigned char *src, size_t length,
218 memmove(buf, src, length);
219 - ret = dtls_cbc_encrypt(&ctx->data, nounce, src, length, buf);
220 + ret = dtls_cbc_encrypt(&ctx->data, key, keylen, nounce, src, length, buf);
224 @@ -658,7 +708,7 @@ dtls_decrypt(const unsigned char *src, size_t length,
225 ret = dtls_ccm_decrypt(&ctx->data, src, length, buf, nounce, aad, la);
228 - if(cipher == TLS_ECDH_anon_WITH_AES_128_CBC_SHA) {
229 + if(cipher == TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256) {
230 ret = rijndael_set_key(&ctx->data.ctx, key, 8 * keylen);
232 /* cleanup everything in case the key has the wrong size */
233 @@ -668,7 +718,7 @@ dtls_decrypt(const unsigned char *src, size_t length,
236 memmove(buf, src, length);
237 - ret = dtls_cbc_decrypt(&ctx->data, nounce, src, length, buf);
238 + ret = dtls_cbc_decrypt(&ctx->data, key, keylen, nounce, src, length, buf);
242 diff --git a/extlibs/tinydtls/crypto.h b/extlibs/tinydtls/crypto.h
243 index dd13ffa..a81d306 100644
244 --- a/extlibs/tinydtls/crypto.h
245 +++ b/extlibs/tinydtls/crypto.h
247 #define DTLS_BLK_LENGTH 16 /* AES-128 */
248 #define DTLS_MAC_LENGTH DTLS_HMAC_DIGEST_SIZE
249 #define DTLS_IV_LENGTH 4 /* length of nonce_explicit */
250 +#define DTLS_CBC_IV_LENGTH 16
253 * Maximum size of the generated keyblock. Note that MAX_KEYBLOCK_LENGTH must
254 diff --git a/extlibs/tinydtls/dtls.c b/extlibs/tinydtls/dtls.c
255 index 41e68a5..b5b8fd1 100644
256 --- a/extlibs/tinydtls/dtls.c
257 +++ b/extlibs/tinydtls/dtls.c
258 @@ -496,11 +496,11 @@ static inline int is_tls_psk_with_aes_128_ccm_8(dtls_cipher_t cipher)
259 #endif /* DTLS_PSK */
262 -/** returns true if the cipher matches TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
263 -static inline int is_tls_ecdh_anon_with_aes_128_cbc_sha(dtls_cipher_t cipher)
264 +/** returns true if the cipher matches TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256 */
265 +static inline int is_tls_ecdh_anon_with_aes_128_cbc_sha_256(dtls_cipher_t cipher)
268 - return cipher == TLS_ECDH_anon_WITH_AES_128_CBC_SHA;
269 + return cipher == TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256;
273 @@ -570,7 +570,7 @@ known_cipher(dtls_context_t *ctx, dtls_cipher_t code, int is_client) {
275 return (psk && is_tls_psk_with_aes_128_ccm_8(code)) ||
276 (ecdsa && is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(code)) ||
277 - (ecdh_anon && is_tls_ecdh_anon_with_aes_128_cbc_sha(code));
278 + (ecdh_anon && is_tls_ecdh_anon_with_aes_128_cbc_sha_256(code));
282 @@ -719,7 +719,7 @@ calculate_key_block(dtls_context_t *ctx,
283 #endif /* DTLS_PSK */
285 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
286 - case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: {
287 + case TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256: {
288 pre_master_len = dtls_ecdh_pre_master_secret(handshake->keyx.ecc.own_eph_priv,
289 handshake->keyx.ecc.other_eph_pub_x,
290 handshake->keyx.ecc.other_eph_pub_y,
291 @@ -1084,7 +1084,7 @@ check_client_keyexchange(dtls_context_t *ctx,
294 if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(handshake->cipher) ||
295 - is_tls_ecdh_anon_with_aes_128_cbc_sha(handshake->cipher) ) {
296 + is_tls_ecdh_anon_with_aes_128_cbc_sha_256(handshake->cipher) ) {
298 if (length < DTLS_HS_LENGTH + DTLS_CKXEC_LENGTH) {
299 dtls_debug("The client key exchange is too short\n");
300 @@ -1286,6 +1286,51 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security,
301 p += data_len_array[i];
302 res += data_len_array[i];
304 + } else if (is_tls_ecdh_anon_with_aes_128_cbc_sha_256(security->cipher)) {
306 + unsigned char nonce[DTLS_CBC_IV_LENGTH];
308 + /** Add IV into body of packet in case of AES CBC mode according to RFC 5246, Section 6.2.3.2
310 + * opaque IV[SecurityParameters.record_iv_length];
311 + * block-ciphered struct {
312 + * opaque content[TLSCompressed.length];
313 + * opaque MAC[SecurityParameters.mac_length];
314 + * uint8 padding[GenericBlockCipher.padding_length];
315 + * uint8 padding_length;
321 + dtls_prng(nonce, DTLS_CBC_IV_LENGTH);
322 + memcpy(p , nonce, DTLS_CBC_IV_LENGTH);
323 + p += DTLS_CBC_IV_LENGTH;
324 + res += DTLS_CBC_IV_LENGTH;
326 + for (i = 0; i < data_array_len; i++) {
327 + /* check the minimum that we need for packets that are not encrypted */
328 + if (*rlen < res + DTLS_RH_LENGTH + data_len_array[i]) {
329 + dtls_debug("dtls_prepare_record: send buffer too small\n");
330 + return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR);
333 + memcpy(p, data_array[i], data_len_array[i]);
334 + p += data_len_array[i];
335 + res += data_len_array[i];
338 + res = dtls_encrypt(start + DTLS_CBC_IV_LENGTH, res - DTLS_CBC_IV_LENGTH,
339 + start + DTLS_CBC_IV_LENGTH, nonce,
340 + dtls_kb_local_write_key(security, peer->role),
341 + dtls_kb_key_size(security, peer->role),
347 + res += DTLS_CBC_IV_LENGTH;
349 } else { /* TLS_PSK_WITH_AES_128_CCM_8 or TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */
351 * length of additional_data for the AEAD cipher which consists of
352 @@ -1299,8 +1344,6 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security,
353 dtls_debug("dtls_prepare_record(): encrypt using TLS_PSK_WITH_AES_128_CCM_8\n");
354 } else if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(security->cipher)) {
355 dtls_debug("dtls_prepare_record(): encrypt using TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8\n");
356 - } else if (is_tls_ecdh_anon_with_aes_128_cbc_sha(security->cipher)) {
357 - dtls_debug("dtls_prepare_record() : encrypt using TLS_ECDH_anon_WITH_AES_128_CBC_SHA\n");
359 dtls_debug("dtls_prepare_record(): encrypt using unknown cipher\n");
361 @@ -1363,7 +1406,7 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security,
363 memset(nonce, 0, DTLS_CCM_BLOCKSIZE);
364 memcpy(nonce, dtls_kb_local_iv(security, peer->role),
365 - dtls_kb_iv_size(security, peer->role));
366 + dtls_kb_iv_size(security, peer->role));
367 memcpy(nonce + dtls_kb_iv_size(security, peer->role), start, 8); /* epoch + seq_num */
369 dtls_debug_dump("nonce:", nonce, DTLS_CCM_BLOCKSIZE);
370 @@ -1378,7 +1421,8 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security,
371 memcpy(A_DATA, &DTLS_RECORD_HEADER(sendbuf)->epoch, 8); /* epoch and seq_num */
372 memcpy(A_DATA + 8, &DTLS_RECORD_HEADER(sendbuf)->content_type, 3); /* type and version */
373 dtls_int_to_uint16(A_DATA + 11, res - 8); /* length */
377 res = dtls_encrypt(start + 8, res - 8, start + 8, nonce,
378 dtls_kb_local_write_key(security, peer->role),
379 dtls_kb_key_size(security, peer->role),
380 @@ -1388,7 +1432,7 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security,
384 - res += 8; /* increment res by size of nonce_explicit */
385 + res += 8; /* increment res by size of nonce_explicit */
386 dtls_debug_dump("message:", start, res);
389 @@ -2172,7 +2216,7 @@ dtls_send_server_hello_msgs(dtls_context_t *ctx, dtls_peer_t *peer)
392 ecdsa = is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher);
393 - ecdh_anon = is_tls_ecdh_anon_with_aes_128_cbc_sha(peer->handshake_params->cipher);
394 + ecdh_anon = is_tls_ecdh_anon_with_aes_128_cbc_sha_256(peer->handshake_params->cipher);
398 @@ -2301,7 +2345,7 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer)
399 #endif /* DTLS_PSK */
401 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
402 - case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: {
403 + case TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256: {
404 uint8 *ephemeral_pub_x;
405 uint8 *ephemeral_pub_y;
407 @@ -2424,7 +2468,7 @@ dtls_send_client_hello(dtls_context_t *ctx, dtls_peer_t *peer,
408 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
409 ecdsa = is_ecdsa_supported(ctx, 1);
411 - case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
412 + case TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256:
413 ecdh_anon = is_ecdh_anon_supported(ctx);
416 @@ -2478,7 +2522,7 @@ dtls_send_client_hello(dtls_context_t *ctx, dtls_peer_t *peer,
420 - dtls_int_to_uint16(p, TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
421 + dtls_int_to_uint16(p, TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256);
425 @@ -2809,7 +2853,7 @@ check_server_key_exchange_ecdh(dtls_context_t *ctx,
427 update_hs_hash(peer, data, data_length);
429 - assert(is_tls_ecdh_anon_with_aes_128_cbc_sha(config->cipher));
430 + assert(is_tls_ecdh_anon_with_aes_128_cbc_sha_256(config->cipher));
432 data += DTLS_HS_LENGTH;
434 @@ -3069,6 +3113,23 @@ decrypt_verify(dtls_peer_t *peer, uint8 *packet, size_t length,
435 if (security->cipher == TLS_NULL_WITH_NULL_NULL) {
436 /* no cipher suite selected */
438 + } else if (is_tls_ecdh_anon_with_aes_128_cbc_sha_256(security->cipher)) {
440 + unsigned char nonce[DTLS_CBC_IV_LENGTH];
442 + if (clen < (DTLS_CBC_IV_LENGTH + DTLS_HMAC_DIGEST_SIZE)) /* need at least IV and MAC */
445 + memcpy(nonce, *cleartext , DTLS_CBC_IV_LENGTH);
446 + clen -= DTLS_CBC_IV_LENGTH;
447 + *cleartext += DTLS_CBC_IV_LENGTH ;
449 + clen = dtls_decrypt(*cleartext, clen, *cleartext, nonce,
450 + dtls_kb_remote_write_key(security, peer->role),
451 + dtls_kb_key_size(security, peer->role),
455 } else { /* TLS_PSK_WITH_AES_128_CCM_8 or TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */
457 * length of additional_data for the AEAD cipher which consists of
458 @@ -3083,7 +3144,7 @@ decrypt_verify(dtls_peer_t *peer, uint8 *packet, size_t length,
460 memset(nonce, 0, DTLS_CCM_BLOCKSIZE);
461 memcpy(nonce, dtls_kb_remote_iv(security, peer->role),
462 - dtls_kb_iv_size(security, peer->role));
463 + dtls_kb_iv_size(security, peer->role));
465 /* read epoch and seq_num from message */
466 memcpy(nonce + dtls_kb_iv_size(security, peer->role), *cleartext, 8);
467 @@ -3108,17 +3169,19 @@ decrypt_verify(dtls_peer_t *peer, uint8 *packet, size_t length,
468 dtls_kb_remote_write_key(security, peer->role),
469 dtls_kb_key_size(security, peer->role),
473 - dtls_warn("decryption failed\n");
479 + dtls_warn("decryption failed\n");
482 dtls_debug("decrypt_verify(): found %i bytes cleartext\n", clen);
484 dtls_security_params_free_other(peer);
485 dtls_debug_dump("cleartext", *cleartext, clen);
492 @@ -3219,7 +3282,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session,
494 if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher))
495 peer->state = DTLS_STATE_WAIT_SERVERCERTIFICATE; //ecdsa
496 - else if (is_tls_ecdh_anon_with_aes_128_cbc_sha(peer->handshake_params->cipher))
497 + else if (is_tls_ecdh_anon_with_aes_128_cbc_sha_256(peer->handshake_params->cipher))
498 peer->state = DTLS_STATE_WAIT_SERVERKEYEXCHANGE; //ecdh
500 peer->state = DTLS_STATE_WAIT_SERVERHELLODONE; //psk
501 @@ -3259,7 +3322,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session,
502 err = check_server_key_exchange_ecdsa(ctx, peer, data, data_length);
505 - if (is_tls_ecdh_anon_with_aes_128_cbc_sha(peer->handshake_params->cipher)) {
506 + if (is_tls_ecdh_anon_with_aes_128_cbc_sha_256(peer->handshake_params->cipher)) {
507 if (state != DTLS_STATE_WAIT_SERVERKEYEXCHANGE) {
508 return dtls_alert_fatal_create(DTLS_ALERT_UNEXPECTED_MESSAGE);
510 diff --git a/extlibs/tinydtls/dtls.h b/extlibs/tinydtls/dtls.h
511 index a2ab86e..7d2bc19 100644
512 --- a/extlibs/tinydtls/dtls.h
513 +++ b/extlibs/tinydtls/dtls.h
514 @@ -238,7 +238,7 @@ typedef struct dtls_context_t {
516 dtls_handler_t *h; /**< callback handlers */
518 - dtls_cipher_enable_t is_anon_ecdh_eabled; /**< enable/disable the TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
519 + dtls_cipher_enable_t is_anon_ecdh_eabled; /**< enable/disable the TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256 */
521 dtls_cipher_t selected_cipher; /**< selected ciper suite for handshake */
523 @@ -268,7 +268,7 @@ static inline void dtls_set_handler(dtls_context_t *ctx, dtls_handler_t *h) {
527 - * @brief Enabling the TLS_ECDH_anon_WITH_AES_128_CBC_SHA
528 + * @brief Enabling the TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256
530 * @param ctx The DTLS context to use.
531 * @param is_enable DTLS_CIPHER_ENABLE(1) or DTLS_CIPHER_DISABLE(0)
532 @@ -279,7 +279,7 @@ void dtls_enables_anon_ecdh(dtls_context_t* ctx, dtls_cipher_enable_t is_enable)
533 * @brief Select the cipher suite for handshake
535 * @param ctx The DTLS context to use.
536 - * @param cipher TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xC018)
537 + * @param cipher TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256 (0xC018)
538 * TLS_PSK_WITH_AES_128_CCM_8 (0xX0A8)
539 * TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xC0AE)
541 diff --git a/extlibs/tinydtls/global.h b/extlibs/tinydtls/global.h
542 index 441710f..169c726 100644
543 --- a/extlibs/tinydtls/global.h
544 +++ b/extlibs/tinydtls/global.h
545 @@ -73,7 +73,7 @@ typedef unsigned char uint48[6];
546 /** Known cipher suites.*/
548 TLS_NULL_WITH_NULL_NULL = 0x0000, /**< NULL cipher */
549 - TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018, /**< see RFC 4492 */
550 + TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256 = 0xC018, /**< see RFC 4492 */
551 TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8, /**< see RFC 6655 */
552 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE /**< see RFC 7251 */
554 diff --git a/extlibs/tinydtls/tests/dtls-client.c b/extlibs/tinydtls/tests/dtls-client.c
555 index 35521e9..dfc822a 100644
556 --- a/extlibs/tinydtls/tests/dtls-client.c
557 +++ b/extlibs/tinydtls/tests/dtls-client.c
558 @@ -309,7 +309,7 @@ usage( const char *program, const char *version) {
559 "\t-p port\t\tlisten on specified port (default is %d)\n"
560 "\t-v num\t\tverbosity level (default: 3)\n"
561 "\t-c num\t\tcipher suite (default: 1)\n"
562 - "\t\t\t1: TLS_ECDH_anon_WITH_AES_128_CBC_SHA \n"
563 + "\t\t\t1: TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256 \n"
564 "\t\t\t2: TLS_PSK_WITH_AES_128_CCM_8\n"
565 "\t\t\t3: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8\n",
566 program, version, program, DEFAULT_PORT);
567 @@ -347,7 +347,7 @@ main(int argc, char **argv) {
568 log_t log_level = DTLS_LOG_WARN;
571 - dtls_cipher_t selected_cipher = TLS_ECDH_anon_WITH_AES_128_CBC_SHA;
572 + dtls_cipher_t selected_cipher = TLS_NULL_WITH_NULL_NULL;
573 dtls_cipher_enable_t ecdh_anon_enalbe = DTLS_CIPHER_ENABLE;
576 @@ -417,7 +417,7 @@ main(int argc, char **argv) {
578 if( strcmp(optarg, "1") == 0)
580 - selected_cipher = TLS_ECDH_anon_WITH_AES_128_CBC_SHA;
581 + selected_cipher = TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256;
582 ecdh_anon_enalbe = DTLS_CIPHER_ENABLE;
584 else if( strcmp(optarg, "2") == 0)
585 @@ -500,7 +500,7 @@ main(int argc, char **argv) {
586 /* select cipher suite */
587 dtls_select_cipher(dtls_context, selected_cipher);
589 - /* enable/disable tls_ecdh_anon_with_aes_128_cbc_sha */
590 + /* enable/disable tls_ecdh_anon_with_aes_128_cbc_sha_256 */
591 dtls_enables_anon_ecdh(dtls_context, ecdh_anon_enalbe);
593 dtls_set_handler(dtls_context, &cb);
594 diff --git a/extlibs/tinydtls/tests/dtls-server.c b/extlibs/tinydtls/tests/dtls-server.c
595 index d3da1a7..5893084 100644
596 --- a/extlibs/tinydtls/tests/dtls-server.c
597 +++ b/extlibs/tinydtls/tests/dtls-server.c
598 @@ -254,8 +254,8 @@ usage(const char *program, const char *version) {
599 "\t-p port\t\tlisten on specified port (default is %d)\n"
600 "\t-v num\t\tverbosity level (default: 3)\n"
601 "\t-a enable|disable\t(default: disable)\n"
602 - "\t\t\t\tenable:enable TLS_ECDH_anon_with_AES_128_CBC_SHA\n"
603 - "\t\t\t\tdisable:disable TLS_ECDH_anon_with_AES_128_CBC_SHA\n",
604 + "\t\t\t\tenable:enable TLS_ECDH_anon_with_AES_128_CBC_SHA_256\n"
605 + "\t\t\t\tdisable:disable TLS_ECDH_anon_with_AES_128_CBC_SHA_256\n",
606 program, version, program, DEFAULT_PORT);
609 @@ -280,7 +280,7 @@ main(int argc, char **argv) {
610 struct timeval timeout;
613 - int ecdh_anon_enalbe = DTLS_CIPHER_DISABLE;
614 + dtls_cipher_enable_t ecdh_anon_enalbe = DTLS_CIPHER_DISABLE;
615 struct sockaddr_in6 listen_addr;
617 memset(&listen_addr, 0, sizeof(struct sockaddr_in6));
618 @@ -356,7 +356,7 @@ main(int argc, char **argv) {
620 the_context = dtls_new_context(&fd);
622 - /* enable/disable tls_ecdh_anon_with_aes_128_cbc_sha */
623 + /* enable/disable tls_ecdh_anon_with_aes_128_cbc_sha_256 */
624 dtls_enables_anon_ecdh(the_context, ecdh_anon_enalbe);
626 dtls_set_handler(the_context, &cb);
627 diff --git a/resource/csdk/connectivity/api/cainterface.h b/resource/csdk/connectivity/api/cainterface.h
628 index 760df09..2f10fd5 100644
629 --- a/resource/csdk/connectivity/api/cainterface.h
630 +++ b/resource/csdk/connectivity/api/cainterface.h
631 @@ -290,7 +290,7 @@ CAResult_t CAHandleRequestResponse();
632 * Select the cipher suite for dtls handshake
634 * @param[IN] cipher cipher suite (Note : Make sure endianness)
635 - * 0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA
636 + * 0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256
637 * 0xC0A8 : TLS_PSK_WITH_AES_128_CCM_8
638 * 0xC0AE : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
640 @@ -301,7 +301,7 @@ CAResult_t CAHandleRequestResponse();
641 CAResult_t CASelectCipherSuite(const uint16_t cipher);
644 - * Enable TLS_ECDH_anon_WITH_AES_128_CBC_SHA cipher suite in dtls
645 + * Enable TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256 cipher suite in dtls
647 * @param[IN] enable TRUE/FALSE enables/disables anonymous cipher suite
649 diff --git a/resource/csdk/connectivity/inc/caadapternetdtls.h b/resource/csdk/connectivity/inc/caadapternetdtls.h
650 index f9f99d8..274321e 100644
651 --- a/resource/csdk/connectivity/inc/caadapternetdtls.h
652 +++ b/resource/csdk/connectivity/inc/caadapternetdtls.h
653 @@ -160,7 +160,7 @@ void CADTLSSetCredentialsCallback(CAGetDTLSCredentialsHandler credCallback);
654 * Select the cipher suite for dtls handshake
656 * @param[in] cipher cipher suite
657 - * 0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA
658 + * 0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256
659 * 0xC0A8 : TLS_PSK_WITH_AES_128_CCM_8
660 * 0xC0AE : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
662 diff --git a/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c b/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c
663 index 8f01c06..6fd83e8 100644
664 --- a/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c
665 +++ b/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c
666 @@ -598,7 +598,7 @@ CAResult_t CADtlsEnableAnonECDHCipherSuite(const bool enable)
667 dtls_enables_anon_ecdh(g_caDtlsContext->dtlsContext,
668 enable == true ? DTLS_CIPHER_ENABLE : DTLS_CIPHER_DISABLE);
669 ca_mutex_unlock(g_dtlsContextMutex);
670 - OIC_LOG_V(DEBUG, NET_DTLS_TAG, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA is %s",
671 + OIC_LOG_V(DEBUG, NET_DTLS_TAG, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256 is %s",
672 enable ? "enabled" : "disabled");
674 OIC_LOG(DEBUG, NET_DTLS_TAG, "OUT CADtlsEnablesAnonEcdh");
675 diff --git a/resource/csdk/security/provisioning/src/provisioningmanager.c b/resource/csdk/security/provisioning/src/provisioningmanager.c
676 index defe4e6..301614d 100644
677 --- a/resource/csdk/security/provisioning/src/provisioningmanager.c
678 +++ b/resource/csdk/security/provisioning/src/provisioningmanager.c
679 @@ -1031,7 +1031,7 @@ static SPResult updateOperationMode(unsigned short timeout, SPTargetDeviceInfo_t
681 static SPResult initiateDtlsHandshake(const SPTargetDeviceInfo_t *deviceInfo)
683 - CAResult_t caresult = CASelectCipherSuite(TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
684 + CAResult_t caresult = CASelectCipherSuite(TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256);
686 if (CA_STATUS_OK != caresult)