diff --git a/Makefile.in b/Makefile.in index d084fca..9d61685 100644 --- a/Makefile.in +++ b/Makefile.in @@ -46,12 +46,18 @@ SOURCES:= dtls.c crypto.c ccm.c hmac.c netq.c peer.c dtls_time.c ifneq ("@NDEBUG@", "1") SOURCES += debug.c endif -OBJECTS:= $(patsubst %.c, %.o, $(SOURCES)) aes/rijndael.o ecc/ecc.o @OPT_OBJS@ +OBJECTS:= $(patsubst %.c, %.o, $(SOURCES)) aes/rijndael.o @OPT_OBJS@ +ifeq ("@DTLS_ECC@", "1") +OBJECTS += ecc/ecc.o +endif HEADERS:=dtls.h hmac.h debug.h config.h uthash.h numeric.h crypto.h global.h ccm.h \ netq.h t_list.h alert.h utlist.h prng.h peer.h state.h dtls_time.h CFLAGS:=-Wall -pedantic -std=c99 @CFLAGS@ CPPFLAGS:=@CPPFLAGS@ -DDTLS_CHECK_CONTENTTYPE -SUBDIRS:=tests doc sha2 aes ecc +SUBDIRS:=tests doc sha2 aes +ifeq ("@DTLS_ECC@", "1") +SUBDIRS += ecc +endif DISTDIR=$(top_builddir)/$(package) FILES:=Makefile.in configure configure.in config.h.in $(SOURCES) $(HEADERS) LIB:=libtinydtls.a diff --git a/Makefile.tinydtls b/Makefile.tinydtls index 5b68995..3a684a2 100644 --- a/Makefile.tinydtls +++ b/Makefile.tinydtls @@ -21,5 +21,16 @@ CFLAGS += -DSHA2_USE_INTTYPES_H=1 endif CFLAGS += -DDTLSv12 -DWITH_SHA256 +tinydtls_src = dtls.c crypto.c hmac.c rijndael.c sha2.c ccm.c netq.c ecc.c dtls_time.c peer.c + +# This adds support for TLS_PSK_WITH_AES_128_CCM_8 +CFLAGS += -DDTLS_PSK + +# This adds support for TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 +CFLAGS += -DDTLS_ECC +tinydtls_src += ecc.c + +# This activates debugging support +# CFLAGS += -DNDEBUG +tinydtls_src += debug.c -tinydtls_src = dtls.c crypto.c hmac.c rijndael.c sha2.c ccm.c netq.c debug.c ecc.c dtls_time.c peer.c diff --git a/configure.in b/configure.in index 04a5603..374e470 100644 --- a/configure.in +++ b/configure.in @@ -58,11 +58,26 @@ AC_ARG_WITH(debug, NDEBUG=1], []) + +AC_ARG_WITH(ecc, + [AS_HELP_STRING([--without-ecc],[disable support for TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8])], + [], + [CPPFLAGS="${CPPFLAGS} -DDTLS_ECC" + DTLS_ECC=1]) + +AC_ARG_WITH(psk, + [AS_HELP_STRING([--without-psk],[disable support for TLS_PSK_WITH_AES_128_CCM_8])], + [], + [CPPFLAGS="${CPPFLAGS} -DDTLS_PSK" + DTLS_PSK=1]) + CPPFLAGS="${CPPFLAGS} -DDTLSv12 -DWITH_SHA256" OPT_OBJS="${OPT_OBJS} sha2/sha2.o" AC_SUBST(OPT_OBJS) AC_SUBST(NDEBUG) +AC_SUBST(DTLS_ECC) +AC_SUBST(DTLS_PSK) # Checks for header files. AC_CHECK_HEADERS([assert.h arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stddef.h stdint.h stdlib.h string.h strings.h sys/param.h sys/socket.h sys/time.h time.h unistd.h]) diff --git a/crypto.c b/crypto.c index 474daca..6293bd3 100644 --- a/crypto.c +++ b/crypto.c @@ -307,6 +307,7 @@ dtls_ccm_decrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src, return len; } +#ifdef DTLS_PSK int dtls_psk_pre_master_secret(unsigned char *key, size_t keylen, unsigned char *result, size_t result_len) { @@ -329,7 +330,9 @@ dtls_psk_pre_master_secret(unsigned char *key, size_t keylen, return 2 * (sizeof(uint16) + keylen); } +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC static void dtls_ec_key_to_uint32(const unsigned char *key, size_t key_size, uint32_t *result) { int i; @@ -509,6 +512,7 @@ dtls_ecdsa_verify_sig(const unsigned char *pub_key_x, return dtls_ecdsa_verify_sig_hash(pub_key_x, pub_key_y, key_size, sha256hash, sizeof(sha256hash), result_r, result_s); } +#endif /* DTLS_ECC */ int dtls_encrypt(const unsigned char *src, size_t length, diff --git a/crypto.h b/crypto.h index 14fbe1f..f516a7a 100644 --- a/crypto.h +++ b/crypto.h @@ -121,8 +121,12 @@ typedef struct { dtls_cipher_t cipher; /**< cipher type */ unsigned int do_client_auth:1; union { +#ifdef DTLS_ECC dtls_handshake_parameters_ecdsa_t ecdsa; +#endif /* DTLS_ECC */ +#ifdef DTLS_PSK dtls_handshake_parameters_psk_t psk; +#endif /* DTLS_PSK */ } keyx; } dtls_handshake_parameters_t; diff --git a/dtls-client.c b/dtls-client.c index 43bb1d2..dab3008 100644 --- a/dtls-client.c +++ b/dtls-client.c @@ -115,6 +115,7 @@ send_to_peer(struct dtls_context_t *ctx, return len; } +#ifdef DTLS_PSK static int get_psk_key(struct dtls_context_t *ctx, const session_t *session, @@ -131,7 +132,9 @@ get_psk_key(struct dtls_context_t *ctx, *result = &psk; return 0; } +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC static int get_ecdsa_key(struct dtls_context_t *ctx, const session_t *session, @@ -155,6 +158,7 @@ verify_ecdsa_key(struct dtls_context_t *ctx, size_t key_size) { return 0; } +#endif /* DTLS_ECC */ PROCESS(udp_server_process, "UDP server process"); AUTOSTART_PROCESSES(&udp_server_process); @@ -216,9 +220,13 @@ init_dtls(session_t *dst) { .write = send_to_peer, .read = read_from_peer, .event = NULL, +#ifdef DTLS_PSK .get_psk_key = get_psk_key, +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC .get_ecdsa_key = get_ecdsa_key, .verify_ecdsa_key = verify_ecdsa_key +#endif /* DTLS_ECC */ }; PRINTF("DTLS client started\n"); diff --git a/dtls-server.c b/dtls-server.c index 1ba53bb..bb6d83d 100644 --- a/dtls-server.c +++ b/dtls-server.c @@ -106,6 +106,7 @@ send_to_peer(struct dtls_context_t *ctx, return len; } +#ifdef DTLS_PSK static int get_psk_key(struct dtls_context_t *ctx, const session_t *session, @@ -122,7 +123,9 @@ get_psk_key(struct dtls_context_t *ctx, *result = &psk; return 0; } +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC static int get_ecdsa_key(struct dtls_context_t *ctx, const session_t *session, @@ -146,6 +149,7 @@ verify_ecdsa_key(struct dtls_context_t *ctx, size_t key_size) { return 0; } +#endif /* DTLS_ECC */ PROCESS(udp_server_process, "UDP server process"); AUTOSTART_PROCESSES(&udp_server_process); @@ -208,9 +212,13 @@ init_dtls() { .write = send_to_peer, .read = read_from_peer, .event = NULL, +#ifdef DTLS_PSK .get_psk_key = get_psk_key, +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC .get_ecdsa_key = get_ecdsa_key, .verify_ecdsa_key = verify_ecdsa_key +#endif /* DTLS_ECC */ }; #if UIP_CONF_ROUTER uip_ipaddr_t ipaddr; diff --git a/dtls.c b/dtls.c index 53a04da..37eca92 100644 --- a/dtls.c +++ b/dtls.c @@ -433,25 +433,48 @@ static uint8 compression_methods[] = { static inline int is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(dtls_cipher_t cipher) { +#ifdef DTLS_ECC return cipher == TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8; +#else + return 0; +#endif /* DTLS_ECC */ } static inline int is_tls_psk_with_aes_128_ccm_8(dtls_cipher_t cipher) { +#ifdef DTLS_PSK return cipher == TLS_PSK_WITH_AES_128_CCM_8; +#else + return 0; +#endif /* DTLS_PSK */ } -static inline int is_psk_supported(dtls_context_t *ctx){ +static inline int is_psk_supported(dtls_context_t *ctx) +{ +#ifdef DTLS_PSK return ctx && ctx->h && ctx->h->get_psk_key; +#else + return 0; +#endif /* DTLS_PSK */ } -static inline int is_ecdsa_supported(dtls_context_t *ctx, int is_client){ +static inline int is_ecdsa_supported(dtls_context_t *ctx, int is_client) +{ +#ifdef DTLS_ECC return ctx && ctx->h && ((!is_client && ctx->h->get_ecdsa_key) || (is_client && ctx->h->verify_ecdsa_key)); +#else + return 0; +#endif /* DTLS_ECC */ } -static inline int is_ecdsa_client_auth_supported(dtls_context_t *ctx) { +static inline int is_ecdsa_client_auth_supported(dtls_context_t *ctx) +{ +#ifdef DTLS_ECC return ctx && ctx->h && ctx->h->get_ecdsa_key && ctx->h->verify_ecdsa_key; +#else + return 0; +#endif /* DTLS_ECC */ } /** @@ -512,7 +535,6 @@ calculate_key_block(dtls_context_t *ctx, int pre_master_len = 0; dtls_security_parameters_t *security = dtls_security_params_next(peer); uint8 master_secret[DTLS_MASTER_SECRET_LENGTH]; - int err; if (!security) { return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR); @@ -521,8 +543,10 @@ calculate_key_block(dtls_context_t *ctx, pre_master_secret = security->key_block; switch (handshake->cipher) { +#ifdef DTLS_PSK case TLS_PSK_WITH_AES_128_CCM_8: { const dtls_psk_key_t *psk; + int err; err = CALL(ctx, get_psk_key, session, handshake->keyx.psk.identity, handshake->keyx.psk.id_length, &psk); @@ -542,6 +566,8 @@ calculate_key_block(dtls_context_t *ctx, break; } +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: { pre_master_len = dtls_ecdh_pre_master_secret(handshake->keyx.ecdsa.own_eph_priv, handshake->keyx.ecdsa.other_eph_pub_x, @@ -555,6 +581,7 @@ calculate_key_block(dtls_context_t *ctx, } break; } +#endif /* DTLS_ECC */ default: dtls_crit("calculate_key_block: unknown cipher\n"); return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR); @@ -896,6 +923,7 @@ check_client_keyexchange(dtls_context_t *ctx, dtls_handshake_parameters_t *handshake, uint8 *data, size_t length) { +#ifdef DTLS_ECC if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(handshake->cipher)) { if (length < DTLS_HS_LENGTH + DTLS_CKXEC_LENGTH) { @@ -923,7 +951,10 @@ check_client_keyexchange(dtls_context_t *ctx, memcpy(handshake->keyx.ecdsa.other_eph_pub_y, data, sizeof(handshake->keyx.ecdsa.other_eph_pub_y)); data += sizeof(handshake->keyx.ecdsa.other_eph_pub_y); - } else { + } +#endif /* DTLS_ECC */ +#ifdef DTLS_PSK + if (is_tls_psk_with_aes_128_ccm_8(handshake->cipher)) { int id_length; if (length < DTLS_HS_LENGTH + DTLS_CKXPSK_LENGTH_MIN) { @@ -948,6 +979,7 @@ check_client_keyexchange(dtls_context_t *ctx, handshake->keyx.psk.id_length = id_length; memcpy(handshake->keyx.psk.identity, data, id_length); } +#endif /* DTLS_PSK */ return 0; } @@ -1462,6 +1494,7 @@ dtls_verify_peer(dtls_context_t *ctx, #undef mycookie } +#ifdef DTLS_ECC static int dtls_check_ecdsa_signature_elem(uint8 *data, size_t data_length, unsigned char **result_r, @@ -1585,6 +1618,7 @@ check_client_certificate_verify(dtls_context_t *ctx, } return 0; } +#endif /* DTLS_ECC */ static int dtls_send_server_hello(dtls_context_t *ctx, dtls_peer_t *peer) @@ -1684,6 +1718,7 @@ dtls_send_server_hello(dtls_context_t *ctx, dtls_peer_t *peer) buf, p - buf); } +#ifdef DTLS_ECC static int dtls_send_certificate_ecdsa(dtls_context_t *ctx, dtls_peer_t *peer, const dtls_ecdsa_key_t *key) @@ -1836,7 +1871,9 @@ dtls_send_server_key_exchange_ecdh(dtls_context_t *ctx, dtls_peer_t *peer, return dtls_send_handshake_msg(ctx, peer, DTLS_HT_SERVER_KEY_EXCHANGE, buf, p - buf); } +#endif /* DTLS_ECC */ +#ifdef DTLS_PSK static int dtls_send_server_key_exchange_psk(dtls_context_t *ctx, dtls_peer_t *peer, const dtls_psk_key_t *key) @@ -1862,7 +1899,9 @@ dtls_send_server_key_exchange_psk(dtls_context_t *ctx, dtls_peer_t *peer, return dtls_send_handshake_msg(ctx, peer, DTLS_HT_SERVER_KEY_EXCHANGE, buf, p - buf); } +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC static int dtls_send_server_certificate_request(dtls_context_t *ctx, dtls_peer_t *peer) { @@ -1903,6 +1942,7 @@ dtls_send_server_certificate_request(dtls_context_t *ctx, dtls_peer_t *peer) return dtls_send_handshake_msg(ctx, peer, DTLS_HT_CERTIFICATE_REQUEST, buf, p - buf); } +#endif /* DTLS_ECC */ static int dtls_send_server_hello_done(dtls_context_t *ctx, dtls_peer_t *peer) @@ -1928,6 +1968,7 @@ dtls_send_server_hello_msgs(dtls_context_t *ctx, dtls_peer_t *peer) return res; } +#ifdef DTLS_ECC if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher)) { const dtls_ecdsa_key_t *ecdsa_key; @@ -1960,7 +2001,11 @@ dtls_send_server_hello_msgs(dtls_context_t *ctx, dtls_peer_t *peer) return res; } } - } else if (is_tls_psk_with_aes_128_ccm_8(peer->handshake_params->cipher)) { + } +#endif /* DTLS_ECC */ + +#ifdef DTLS_PSK + if (is_tls_psk_with_aes_128_ccm_8(peer->handshake_params->cipher)) { const dtls_psk_key_t *psk; res = CALL(ctx, get_psk_key, &peer->session, NULL, 0, &psk); @@ -1978,6 +2023,7 @@ dtls_send_server_hello_msgs(dtls_context_t *ctx, dtls_peer_t *peer) } } } +#endif /* DTLS_PSK */ res = dtls_send_server_hello_done(ctx, peer); @@ -2001,14 +2047,15 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer) { uint8 buf[DTLS_CKXEC_LENGTH]; uint8 *p; - int err; dtls_handshake_parameters_t *handshake = peer->handshake_params; p = buf; switch (handshake->cipher) { +#ifdef DTLS_PSK case TLS_PSK_WITH_AES_128_CCM_8: { const dtls_psk_key_t *psk; + int err; err = CALL(ctx, get_psk_key, &peer->session, handshake->keyx.psk.identity, handshake->keyx.psk.id_length, &psk); @@ -2030,6 +2077,8 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer) break; } +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: { uint8 *ephemeral_pub_x; uint8 *ephemeral_pub_y; @@ -2052,6 +2101,7 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer) break; } +#endif /* DTLS_ECC */ default: dtls_crit("cipher not supported\n"); return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR); @@ -2063,6 +2113,7 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer) buf, p - buf); } +#ifdef DTLS_ECC static int dtls_send_certificate_verify_ecdh(dtls_context_t *ctx, dtls_peer_t *peer, const dtls_ecdsa_key_t *key) @@ -2097,6 +2148,7 @@ dtls_send_certificate_verify_ecdh(dtls_context_t *ctx, dtls_peer_t *peer, return dtls_send_handshake_msg(ctx, peer, DTLS_HT_CERTIFICATE_VERIFY, buf, p - buf); } +#endif /* DTLS_ECC */ static int dtls_send_finished(dtls_context_t *ctx, dtls_peer_t *peer, @@ -2372,6 +2424,7 @@ check_server_hello_verify_request(dtls_context_t *ctx, return res; } +#ifdef DTLS_ECC static int check_server_certificate(dtls_context_t *ctx, dtls_peer_t *peer, @@ -2504,7 +2557,9 @@ check_server_key_exchange_ecdsa(dtls_context_t *ctx, } return 0; } +#endif /* DTLS_ECC */ +#ifdef DTLS_PSK static int check_server_key_exchange_psk(dtls_context_t *ctx, dtls_peer_t *peer, @@ -2541,6 +2596,7 @@ check_server_key_exchange_psk(dtls_context_t *ctx, memcpy(config->keyx.psk.identity, data, len); return 0; } +#endif /* DTLS_PSK */ static int check_certificate_request(dtls_context_t *ctx, @@ -2626,13 +2682,17 @@ check_server_hellodone(dtls_context_t *ctx, uint8 *data, size_t data_length) { int res; +#ifdef DTLS_ECC const dtls_ecdsa_key_t *ecdsa_key; +#endif /* DTLS_ECC */ + dtls_handshake_parameters_t *handshake = peer->handshake_params; /* calculate master key, send CCS */ update_hs_hash(peer, data, data_length); +#ifdef DTLS_ECC if (handshake->do_client_auth) { res = CALL(ctx, get_ecdsa_key, &peer->session, &ecdsa_key); @@ -2648,6 +2708,7 @@ check_server_hellodone(dtls_context_t *ctx, return res; } } +#endif /* DTLS_ECC */ /* send ClientKeyExchange */ res = dtls_send_client_key_exchange(ctx, peer); @@ -2657,6 +2718,7 @@ check_server_hellodone(dtls_context_t *ctx, return res; } +#ifdef DTLS_ECC if (handshake->do_client_auth) { res = dtls_send_certificate_verify_ecdh(ctx, peer, ecdsa_key); @@ -2666,6 +2728,7 @@ check_server_hellodone(dtls_context_t *ctx, return res; } } +#endif /* DTLS_ECC */ res = calculate_key_block(ctx, handshake, peer, &peer->session, peer->role); @@ -2852,6 +2915,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session, break; +#ifdef DTLS_ECC case DTLS_HT_CERTIFICATE: dtls_debug("DTLS_HT_CERTIFICATE\n"); @@ -2872,24 +2936,28 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session, /* update_hs_hash(peer, data, data_length); */ break; +#endif /* DTLS_ECC */ case DTLS_HT_SERVER_KEY_EXCHANGE: dtls_debug("DTLS_HT_SERVER_KEY_EXCHANGE\n"); +#ifdef DTLS_ECC if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher)) { if (state != DTLS_STATE_WAIT_SERVERKEYEXCHANGE) { return dtls_alert_fatal_create(DTLS_ALERT_UNEXPECTED_MESSAGE); } err = check_server_key_exchange_ecdsa(ctx, peer, data, data_length); - } else if (is_tls_psk_with_aes_128_ccm_8(peer->handshake_params->cipher)) { + } +#endif /* DTLS_ECC */ +#ifdef DTLS_PSK + if (is_tls_psk_with_aes_128_ccm_8(peer->handshake_params->cipher)) { if (state != DTLS_STATE_WAIT_SERVERHELLODONE) { return dtls_alert_fatal_create(DTLS_ALERT_UNEXPECTED_MESSAGE); } err = check_server_key_exchange_psk(ctx, peer, data, data_length); - } else { - assert(0); } +#endif /* DTLS_PSK */ if (err < 0) { dtls_warn("error in check_server_key_exchange err: %i\n", err); @@ -2999,6 +3067,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session, peer->state = DTLS_STATE_WAIT_CHANGECIPHERSPEC; break; +#ifdef DTLS_ECC case DTLS_HT_CERTIFICATE_VERIFY: dtls_debug("DTLS_HT_CERTIFICATE_VERIFY\n"); @@ -3015,6 +3084,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session, update_hs_hash(peer, data, data_length); peer->state = DTLS_STATE_WAIT_CHANGECIPHERSPEC; break; +#endif /* DTLS_ECC */ case DTLS_HT_CLIENT_HELLO: /* At this point, we have a good relationship with this peer. This diff --git a/dtls.h b/dtls.h index 3cfb732..e74a80b 100644 --- a/dtls.h +++ b/dtls.h @@ -136,6 +136,7 @@ typedef struct { int (*event)(struct dtls_context_t *ctx, session_t *session, dtls_alert_level_t level, unsigned short code); +#ifdef DTLS_PSK /** * Called during handshake to lookup the key for @p id in @p * session. If found, the key must be stored in @p result and @@ -158,6 +159,9 @@ typedef struct { const unsigned char *id, size_t id_len, const dtls_psk_key_t **result); +#endif /* DTLS_PSK */ + +#ifdef DTLS_ECC /** * Called during handshake to get the server's or client's ecdsa * key used to authenticate this server or client in this @@ -213,6 +217,7 @@ typedef struct { const unsigned char *other_pub_x, const unsigned char *other_pub_y, size_t key_size); +#endif /* DTLS_ECC */ } dtls_handler_t; /** Holds global information of the DTLS engine. */ diff --git a/global.h b/global.h index b82bbc5..99685b0 100644 --- a/global.h +++ b/global.h @@ -134,7 +134,11 @@ typedef unsigned char uint48[6]; /** Maximum size of DTLS message. When Peers are sending bigger messages this causes problems. Californium with ECDSA needs at least 220 */ +#ifdef DTLS_ECC #define DTLS_MAX_BUF 200 +#else /* DTLS_ECC */ +#define DTLS_MAX_BUF 100 +#endif /* DTLS_ECC */ #endif #ifndef DTLS_DEFAULT_MAX_RETRANSMIT diff --git a/netq.h b/netq.h index 6ba095f..6715e25 100644 --- a/netq.h +++ b/netq.h @@ -23,7 +23,11 @@ */ #ifndef NETQ_MAXCNT -#define NETQ_MAXCNT 4 /**< maximum number of elements in netq structure */ +#ifdef DTLS_ECC +#define NETQ_MAXCNT 5 /**< maximum number of elements in netq structure */ +#elif defined(DTLS_PSK) +#define NETQ_MAXCNT 3 /**< maximum number of elements in netq structure */ +#endif #endif /** diff --git a/tests/dtls-client.c b/tests/dtls-client.c index 5e1186d..d130a68 100644 --- a/tests/dtls-client.c +++ b/tests/dtls-client.c @@ -53,6 +53,7 @@ static const unsigned char ecdsa_pub_key_y[] = { 0xE9, 0x3F, 0x98, 0x72, 0x09, 0xDA, 0xED, 0x0B, 0x4F, 0xAB, 0xC3, 0x6F, 0xC7, 0x72, 0xF8, 0x29}; +#ifdef DTLS_PSK /* This function is the "key store" for tinyDTLS. It is called to * retrieve a key for the given identiy within this particular * session. */ @@ -71,7 +72,9 @@ get_psk_key(struct dtls_context_t *ctx, *result = &psk; return 0; } +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC static int get_ecdsa_key(struct dtls_context_t *ctx, const session_t *session, @@ -95,6 +98,7 @@ verify_ecdsa_key(struct dtls_context_t *ctx, size_t key_size) { return 0; } +#endif /* DTLS_ECC */ static void try_send(struct dtls_context_t *ctx, session_t *dst) { @@ -231,9 +235,13 @@ static dtls_handler_t cb = { .write = send_to_peer, .read = read_from_peer, .event = NULL, +#ifdef DTLS_PSK .get_psk_key = get_psk_key, +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC .get_ecdsa_key = get_ecdsa_key, .verify_ecdsa_key = verify_ecdsa_key +#endif /* DTLS_ECC */ }; #define DTLS_CLIENT_CMD_CLOSE "client:close" diff --git a/tests/dtls-server.c b/tests/dtls-server.c index b6a788c..0c76c53 100644 --- a/tests/dtls-server.c +++ b/tests/dtls-server.c @@ -46,6 +46,7 @@ handle_sigint(int signum) { } #endif +#ifdef DTLS_PSK /* This function is the "key store" for tinyDTLS. It is called to * retrieve a key for the given identiy within this particular * session. */ @@ -64,7 +65,9 @@ get_psk_key(struct dtls_context_t *ctx, *result = &psk; return 0; } +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC static int get_ecdsa_key(struct dtls_context_t *ctx, const session_t *session, @@ -88,6 +91,7 @@ verify_ecdsa_key(struct dtls_context_t *ctx, size_t key_size) { return 0; } +#endif /* DTLS_ECC */ #define DTLS_SERVER_CMD_CLOSE "server:close" #define DTLS_SERVER_CMD_RENEGOTIATE "server:renegotiate" @@ -211,9 +215,13 @@ static dtls_handler_t cb = { .write = send_to_peer, .read = read_from_peer, .event = NULL, +#ifdef DTLS_PSK .get_psk_key = get_psk_key, +#endif /* DTLS_PSK */ +#ifdef DTLS_ECC .get_ecdsa_key = get_ecdsa_key, .verify_ecdsa_key = verify_ecdsa_key +#endif /* DTLS_ECC */ }; int