Lines Matching refs:peer
180 dtls_send_multi(dtls_context_t *ctx, dtls_peer_t *peer,
200 dtls_send(dtls_context_t *ctx, dtls_peer_t *peer, unsigned char type, in dtls_send() argument
202 return dtls_send_multi(ctx, peer, dtls_security_params(peer), &peer->session, in dtls_send()
209 static void dtls_stop_retransmission(dtls_context_t *context, dtls_peer_t *peer);
227 dtls_add_peer(dtls_context_t *ctx, dtls_peer_t *peer) { in dtls_add_peer() argument
229 HASH_ADD_PEER(ctx->peers, session, peer); in dtls_add_peer()
231 list_add(ctx->peers, peer); in dtls_add_peer()
239 dtls_peer_t *peer = dtls_get_peer(ctx, dst); in dtls_write() local
242 if (!peer) { /* no ==> create one */ in dtls_write()
252 if (peer->state != DTLS_STATE_CONNECTED) { in dtls_write()
255 return dtls_send(ctx, peer, DTLS_CT_APPLICATION_DATA, buf, len); in dtls_write()
424 dtls_set_handshake_header(uint8 type, dtls_peer_t *peer, in dtls_set_handshake_header() argument
435 if (peer && peer->handshake_params) { in dtls_set_handshake_header()
437 dtls_int_to_uint16(buf, peer->handshake_params->hs_state.mseq_s); in dtls_set_handshake_header()
440 peer->handshake_params->hs_state.mseq_s++; in dtls_set_handshake_header()
535 dtls_debug("key_block (%d bytes):\n", dtls_kb_size(config, peer->role)); in dtls_debug_keyblock()
537 dtls_kb_client_mac_secret(config, peer->role), in dtls_debug_keyblock()
538 dtls_kb_mac_secret_size(config, peer->role)); in dtls_debug_keyblock()
541 dtls_kb_server_mac_secret(config, peer->role), in dtls_debug_keyblock()
542 dtls_kb_mac_secret_size(config, peer->role)); in dtls_debug_keyblock()
545 dtls_kb_client_write_key(config, peer->role), in dtls_debug_keyblock()
546 dtls_kb_key_size(config, peer->role)); in dtls_debug_keyblock()
549 dtls_kb_server_write_key(config, peer->role), in dtls_debug_keyblock()
550 dtls_kb_key_size(config, peer->role)); in dtls_debug_keyblock()
553 dtls_kb_client_iv(config, peer->role), in dtls_debug_keyblock()
554 dtls_kb_iv_size(config, peer->role)); in dtls_debug_keyblock()
557 dtls_kb_server_iv(config, peer->role), in dtls_debug_keyblock()
558 dtls_kb_iv_size(config, peer->role)); in dtls_debug_keyblock()
601 dtls_peer_t *peer, in calculate_key_block() argument
606 dtls_security_parameters_t *security = dtls_security_params_next(peer); in calculate_key_block()
777 dtls_check_tls_extension(dtls_peer_t *peer, in dtls_check_tls_extension() argument
785 dtls_handshake_parameters_t *handshake = peer->handshake_params; in dtls_check_tls_extension()
880 if (client_hello && peer->state == DTLS_STATE_CONNECTED) { in dtls_check_tls_extension()
901 dtls_peer_t *peer, in dtls_update_parameters() argument
905 dtls_handshake_parameters_t *config = peer->handshake_params; in dtls_update_parameters()
906 dtls_security_parameters_t *security = dtls_security_params(peer); in dtls_update_parameters()
991 return dtls_check_tls_extension(peer, data, data_length, 1); in dtls_update_parameters()
993 if (peer->state == DTLS_STATE_CONNECTED) { in dtls_update_parameters()
1070 update_hs_hash(dtls_peer_t *peer, uint8 *data, size_t length) { in update_hs_hash() argument
1072 dtls_hash_update(&peer->handshake_params->hs_state.hs_hash, data, length); in update_hs_hash()
1076 copy_hs_hash(dtls_peer_t *peer, dtls_hash_ctx *hs_hash) { in copy_hs_hash() argument
1077 memcpy(hs_hash, &peer->handshake_params->hs_state.hs_hash, in copy_hs_hash()
1078 sizeof(peer->handshake_params->hs_state.hs_hash)); in copy_hs_hash()
1082 finalize_hs_hash(dtls_peer_t *peer, uint8 *buf) { in finalize_hs_hash() argument
1083 return dtls_hash_finalize(buf, &peer->handshake_params->hs_state.hs_hash); in finalize_hs_hash()
1087 clear_hs_hash(dtls_peer_t *peer) { in clear_hs_hash() argument
1088 assert(peer); in clear_hs_hash()
1090 dtls_hash_init(&peer->handshake_params->hs_state.hs_hash); in clear_hs_hash()
1104 check_finished(dtls_context_t *ctx, dtls_peer_t *peer, in check_finished() argument
1123 memcpy(b.statebuf, &peer->handshake_params->hs_state.hs_hash, DTLS_HASH_CTX_SIZE); in check_finished()
1125 digest_length = finalize_hs_hash(peer, buf); in check_finished()
1129 memcpy(&peer->handshake_params->hs_state.hs_hash, b.statebuf, DTLS_HASH_CTX_SIZE); in check_finished()
1131 if (peer->role == DTLS_CLIENT) { in check_finished()
1139 dtls_prf(peer->handshake_params->tmp.master_secret, in check_finished()
1180 dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security, in dtls_prepare_record() argument
1286 memcpy(nonce, dtls_kb_local_iv(security, peer->role), in dtls_prepare_record()
1287 dtls_kb_iv_size(security, peer->role)); in dtls_prepare_record()
1288 memcpy(nonce + dtls_kb_iv_size(security, peer->role), start, 8); /* epoch + seq_num */ in dtls_prepare_record()
1291 dtls_debug_dump("key:", dtls_kb_local_write_key(security, peer->role), in dtls_prepare_record()
1292 dtls_kb_key_size(security, peer->role)); in dtls_prepare_record()
1304 dtls_kb_local_write_key(security, peer->role), in dtls_prepare_record()
1305 dtls_kb_key_size(security, peer->role), in dtls_prepare_record()
1324 dtls_peer_t *peer, in dtls_send_handshake_msg_hash() argument
1334 dtls_security_parameters_t *security = peer ? dtls_security_params(peer) : NULL; in dtls_send_handshake_msg_hash()
1336 dtls_set_handshake_header(header_type, peer, data_length, 0, in dtls_send_handshake_msg_hash()
1340 update_hs_hash(peer, buf, sizeof(buf)); in dtls_send_handshake_msg_hash()
1348 update_hs_hash(peer, data, data_length); in dtls_send_handshake_msg_hash()
1356 return dtls_send_multi(ctx, peer, security, session, DTLS_CT_HANDSHAKE, in dtls_send_handshake_msg_hash()
1362 dtls_peer_t *peer, in dtls_send_handshake_msg() argument
1366 return dtls_send_handshake_msg_hash(ctx, peer, &peer->session, in dtls_send_handshake_msg()
1407 dtls_send_multi(dtls_context_t *ctx, dtls_peer_t *peer, in dtls_send_multi() argument
1424 …res = dtls_prepare_record(peer, security, type, buf_array, buf_len_array, buf_array_len, sendbuf, … in dtls_send_multi()
1448 n->peer = peer; in dtls_send_multi()
1485 dtls_send_alert(dtls_context_t *ctx, dtls_peer_t *peer, dtls_alert_level_t level, in dtls_send_alert() argument
1489 dtls_send(ctx, peer, DTLS_CT_ALERT, msg, sizeof(msg)); in dtls_send_alert()
1496 dtls_peer_t *peer; in dtls_close() local
1498 peer = dtls_get_peer(ctx, remote); in dtls_close()
1500 if (peer) { in dtls_close()
1501 res = dtls_send_alert(ctx, peer, DTLS_ALERT_LEVEL_FATAL, DTLS_ALERT_CLOSE_NOTIFY); in dtls_close()
1503 peer->state = DTLS_STATE_CLOSING; in dtls_close()
1508 static void dtls_destroy_peer(dtls_context_t *ctx, dtls_peer_t *peer, int unlink) in dtls_destroy_peer() argument
1510 if (peer->state != DTLS_STATE_CLOSED && peer->state != DTLS_STATE_CLOSING) in dtls_destroy_peer()
1511 dtls_close(ctx, &peer->session); in dtls_destroy_peer()
1514 HASH_DEL_PEER(ctx->peers, peer); in dtls_destroy_peer()
1516 list_remove(ctx->peers, peer); in dtls_destroy_peer()
1519 dtls_dsrv_log_addr(DTLS_LOG_DEBUG, "removed peer", &peer->session); in dtls_destroy_peer()
1521 dtls_free_peer(peer); in dtls_destroy_peer()
1541 dtls_peer_t *peer, in dtls_verify_peer() argument
1598 err = dtls_send_handshake_msg_hash(ctx, peer, session, in dtls_verify_peer()
1692 dtls_peer_t *peer, in check_client_certificate_verify() argument
1695 dtls_handshake_parameters_t *config = peer->handshake_params; in check_client_certificate_verify()
1718 copy_hs_hash(peer, &hs_hash); in check_client_certificate_verify()
1736 dtls_send_server_hello(dtls_context_t *ctx, dtls_peer_t *peer) in dtls_send_server_hello() argument
1745 dtls_handshake_parameters_t *handshake = peer->handshake_params; in dtls_send_server_hello()
1828 return dtls_send_handshake_msg(ctx, peer, DTLS_HT_SERVER_HELLO, in dtls_send_server_hello()
1834 dtls_send_certificate_ecdsa(dtls_context_t *ctx, dtls_peer_t *peer, in dtls_send_certificate_ecdsa() argument
1862 return dtls_send_handshake_msg(ctx, peer, DTLS_HT_CERTIFICATE, in dtls_send_certificate_ecdsa()
1924 dtls_send_server_key_exchange_ecdh(dtls_context_t *ctx, dtls_peer_t *peer, in dtls_send_server_key_exchange_ecdh() argument
1936 dtls_handshake_parameters_t *config = peer->handshake_params; in dtls_send_server_key_exchange_ecdh()
1982 return dtls_send_handshake_msg(ctx, peer, DTLS_HT_SERVER_KEY_EXCHANGE, in dtls_send_server_key_exchange_ecdh()
1989 dtls_send_server_key_exchange_psk(dtls_context_t *ctx, dtls_peer_t *peer, in dtls_send_server_key_exchange_psk() argument
2012 return dtls_send_handshake_msg(ctx, peer, DTLS_HT_SERVER_KEY_EXCHANGE, in dtls_send_server_key_exchange_psk()
2019 dtls_send_server_certificate_request(dtls_context_t *ctx, dtls_peer_t *peer) in dtls_send_server_certificate_request() argument
2055 return dtls_send_handshake_msg(ctx, peer, DTLS_HT_CERTIFICATE_REQUEST, in dtls_send_server_certificate_request()
2061 dtls_send_server_hello_done(dtls_context_t *ctx, dtls_peer_t *peer) in dtls_send_server_hello_done() argument
2068 return dtls_send_handshake_msg(ctx, peer, DTLS_HT_SERVER_HELLO_DONE, in dtls_send_server_hello_done()
2073 dtls_send_server_hello_msgs(dtls_context_t *ctx, dtls_peer_t *peer) in dtls_send_server_hello_msgs() argument
2077 res = dtls_send_server_hello(ctx, peer); in dtls_send_server_hello_msgs()
2085 if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher)) { in dtls_send_server_hello_msgs()
2088 res = CALL(ctx, get_ecdsa_key, &peer->session, &ecdsa_key); in dtls_send_server_hello_msgs()
2094 res = dtls_send_certificate_ecdsa(ctx, peer, ecdsa_key); in dtls_send_server_hello_msgs()
2101 res = dtls_send_server_key_exchange_ecdh(ctx, peer, ecdsa_key); in dtls_send_server_hello_msgs()
2108 if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher) && in dtls_send_server_hello_msgs()
2110 res = dtls_send_server_certificate_request(ctx, peer); in dtls_send_server_hello_msgs()
2121 if (is_tls_psk_with_aes_128_ccm_8(peer->handshake_params->cipher)) { in dtls_send_server_hello_msgs()
2127 len = CALL(ctx, get_psk_info, &peer->session, DTLS_PSK_HINT, in dtls_send_server_hello_msgs()
2136 res = dtls_send_server_key_exchange_psk(ctx, peer, psk_hint, (size_t)len); in dtls_send_server_hello_msgs()
2146 res = dtls_send_server_hello_done(ctx, peer); in dtls_send_server_hello_msgs()
2156 dtls_send_ccs(dtls_context_t *ctx, dtls_peer_t *peer) { in dtls_send_ccs() argument
2159 return dtls_send(ctx, peer, DTLS_CT_CHANGE_CIPHER_SPEC, buf, 1); in dtls_send_ccs()
2164 dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer) in dtls_send_client_key_exchange() argument
2168 dtls_handshake_parameters_t *handshake = peer->handshake_params; in dtls_send_client_key_exchange()
2177 len = CALL(ctx, get_psk_info, &peer->session, DTLS_PSK_IDENTITY, in dtls_send_client_key_exchange()
2221 dtls_ecdsa_generate_key(peer->handshake_params->keyx.ecdsa.own_eph_priv, in dtls_send_client_key_exchange()
2235 return dtls_send_handshake_msg(ctx, peer, DTLS_HT_CLIENT_KEY_EXCHANGE, in dtls_send_client_key_exchange()
2241 dtls_send_certificate_verify_ecdh(dtls_context_t *ctx, dtls_peer_t *peer, in dtls_send_certificate_verify_ecdh() argument
2258 copy_hs_hash(peer, &hs_hash); in dtls_send_certificate_verify_ecdh()
2271 return dtls_send_handshake_msg(ctx, peer, DTLS_HT_CERTIFICATE_VERIFY, in dtls_send_certificate_verify_ecdh()
2277 dtls_send_finished(dtls_context_t *ctx, dtls_peer_t *peer, in dtls_send_finished() argument
2286 copy_hs_hash(peer, &hs_hash); in dtls_send_finished()
2290 dtls_prf(peer->handshake_params->tmp.master_secret, in dtls_send_finished()
2303 return dtls_send_handshake_msg(ctx, peer, DTLS_HT_FINISHED, in dtls_send_finished()
2308 dtls_send_client_hello(dtls_context_t *ctx, dtls_peer_t *peer, in dtls_send_client_hello() argument
2316 dtls_handshake_parameters_t *handshake = peer->handshake_params; in dtls_send_client_hello()
2452 clear_hs_hash(peer); in dtls_send_client_hello()
2454 return dtls_send_handshake_msg_hash(ctx, peer, &peer->session, in dtls_send_client_hello()
2461 dtls_peer_t *peer, in check_server_hello() argument
2464 dtls_handshake_parameters_t *handshake = peer->handshake_params; in check_server_hello()
2474 update_hs_hash(peer, data, data_length); in check_server_hello()
2523 return dtls_check_tls_extension(peer, data, data_length, 0); in check_server_hello()
2531 dtls_peer_t *peer, in check_server_hello_verify_request() argument
2542 res = dtls_send_client_hello(ctx, peer, hv->cookie, hv->cookie_length); in check_server_hello_verify_request()
2553 dtls_peer_t *peer, in check_server_certificate() argument
2557 dtls_handshake_parameters_t *config = peer->handshake_params; in check_server_certificate()
2559 update_hs_hash(peer, data, data_length); in check_server_certificate()
2591 err = CALL(ctx, verify_ecdsa_key, &peer->session, in check_server_certificate()
2605 dtls_peer_t *peer, in check_server_key_exchange_ecdsa() argument
2608 dtls_handshake_parameters_t *config = peer->handshake_params; in check_server_key_exchange_ecdsa()
2614 update_hs_hash(peer, data, data_length); in check_server_key_exchange_ecdsa()
2688 dtls_peer_t *peer, in check_server_key_exchange_psk() argument
2691 dtls_handshake_parameters_t *config = peer->handshake_params; in check_server_key_exchange_psk()
2694 update_hs_hash(peer, data, data_length); in check_server_key_exchange_psk()
2727 dtls_peer_t *peer, in check_certificate_request() argument
2735 update_hs_hash(peer, data, data_length); in check_certificate_request()
2737 assert(is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher)); in check_certificate_request()
2799 peer->handshake_params->do_client_auth = 1; in check_certificate_request()
2805 dtls_peer_t *peer, in check_server_hellodone() argument
2813 dtls_handshake_parameters_t *handshake = peer->handshake_params; in check_server_hellodone()
2817 update_hs_hash(peer, data, data_length); in check_server_hellodone()
2822 res = CALL(ctx, get_ecdsa_key, &peer->session, &ecdsa_key); in check_server_hellodone()
2828 res = dtls_send_certificate_ecdsa(ctx, peer, ecdsa_key); in check_server_hellodone()
2838 res = dtls_send_client_key_exchange(ctx, peer); in check_server_hellodone()
2848 res = dtls_send_certificate_verify_ecdh(ctx, peer, ecdsa_key); in check_server_hellodone()
2857 res = calculate_key_block(ctx, handshake, peer, in check_server_hellodone()
2858 &peer->session, peer->role); in check_server_hellodone()
2863 res = dtls_send_ccs(ctx, peer); in check_server_hellodone()
2870 dtls_security_params_switch(peer); in check_server_hellodone()
2873 return dtls_send_finished(ctx, peer, PRF_LABEL(client), PRF_LABEL_SIZE(client)); in check_server_hellodone()
2877 decrypt_verify(dtls_peer_t *peer, uint8 *packet, size_t length, in decrypt_verify() argument
2881 dtls_security_parameters_t *security = dtls_security_params_epoch(peer, dtls_get_epoch(header)); in decrypt_verify()
2908 memcpy(nonce, dtls_kb_remote_iv(security, peer->role), in decrypt_verify()
2909 dtls_kb_iv_size(security, peer->role)); in decrypt_verify()
2912 memcpy(nonce + dtls_kb_iv_size(security, peer->role), *cleartext, 8); in decrypt_verify()
2917 dtls_debug_dump("key", dtls_kb_remote_write_key(security, peer->role), in decrypt_verify()
2918 dtls_kb_key_size(security, peer->role)); in decrypt_verify()
2931 dtls_kb_remote_write_key(security, peer->role), in decrypt_verify()
2932 dtls_kb_key_size(security, peer->role), in decrypt_verify()
2940 dtls_security_params_free_other(peer); in decrypt_verify()
2948 dtls_send_hello_request(dtls_context_t *ctx, dtls_peer_t *peer) in dtls_send_hello_request() argument
2950 return dtls_send_handshake_msg_hash(ctx, peer, &peer->session, in dtls_send_hello_request()
2958 dtls_peer_t *peer = NULL; in dtls_renegotiate() local
2961 peer = dtls_get_peer(ctx, dst); in dtls_renegotiate()
2963 if (!peer) { in dtls_renegotiate()
2966 if (peer->state != DTLS_STATE_CONNECTED) in dtls_renegotiate()
2969 peer->handshake_params = dtls_handshake_new(); in dtls_renegotiate()
2970 if (!peer->handshake_params) in dtls_renegotiate()
2973 peer->handshake_params->hs_state.mseq_r = 0; in dtls_renegotiate()
2974 peer->handshake_params->hs_state.mseq_s = 0; in dtls_renegotiate()
2976 if (peer->role == DTLS_CLIENT) { in dtls_renegotiate()
2978 err = dtls_send_client_hello(ctx, peer, NULL, 0); in dtls_renegotiate()
2982 peer->state = DTLS_STATE_CLIENTHELLO; in dtls_renegotiate()
2984 } else if (peer->role == DTLS_SERVER) { in dtls_renegotiate()
2985 return dtls_send_hello_request(ctx, peer); in dtls_renegotiate()
2992 handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session, in handle_handshake_msg() argument
3003 if (peer) { in handle_handshake_msg()
3004 dtls_stop_retransmission(ctx, peer); in handle_handshake_msg()
3024 err = check_server_hello_verify_request(ctx, peer, data, data_length); in handle_handshake_msg()
3037 err = check_server_hello(ctx, peer, data, data_length); in handle_handshake_msg()
3042 if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher)) in handle_handshake_msg()
3043 peer->state = DTLS_STATE_WAIT_SERVERCERTIFICATE; in handle_handshake_msg()
3045 peer->state = DTLS_STATE_WAIT_SERVERHELLODONE; in handle_handshake_msg()
3057 err = check_server_certificate(ctx, peer, data, data_length); in handle_handshake_msg()
3063 peer->state = DTLS_STATE_WAIT_SERVERKEYEXCHANGE; in handle_handshake_msg()
3065 peer->state = DTLS_STATE_WAIT_CLIENTKEYEXCHANGE; in handle_handshake_msg()
3075 if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher)) { in handle_handshake_msg()
3079 err = check_server_key_exchange_ecdsa(ctx, peer, data, data_length); in handle_handshake_msg()
3083 if (is_tls_psk_with_aes_128_ccm_8(peer->handshake_params->cipher)) { in handle_handshake_msg()
3087 err = check_server_key_exchange_psk(ctx, peer, data, data_length); in handle_handshake_msg()
3095 peer->state = DTLS_STATE_WAIT_SERVERHELLODONE; in handle_handshake_msg()
3106 err = check_server_hellodone(ctx, peer, data, data_length); in handle_handshake_msg()
3111 peer->state = DTLS_STATE_WAIT_CHANGECIPHERSPEC; in handle_handshake_msg()
3122 err = check_certificate_request(ctx, peer, data, data_length); in handle_handshake_msg()
3137 err = check_finished(ctx, peer, data, data_length); in handle_handshake_msg()
3144 update_hs_hash(peer, data, data_length); in handle_handshake_msg()
3147 err = dtls_send_ccs(ctx, peer); in handle_handshake_msg()
3153 dtls_security_params_switch(peer); in handle_handshake_msg()
3155 err = dtls_send_finished(ctx, peer, PRF_LABEL(server), PRF_LABEL_SIZE(server)); in handle_handshake_msg()
3161 dtls_handshake_free(peer->handshake_params); in handle_handshake_msg()
3162 peer->handshake_params = NULL; in handle_handshake_msg()
3165 peer->state = DTLS_STATE_CONNECTED; in handle_handshake_msg()
3181 err = check_client_keyexchange(ctx, peer->handshake_params, data, data_length); in handle_handshake_msg()
3186 update_hs_hash(peer, data, data_length); in handle_handshake_msg()
3188 if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher) && in handle_handshake_msg()
3190 peer->state = DTLS_STATE_WAIT_CERTIFICATEVERIFY; in handle_handshake_msg()
3192 peer->state = DTLS_STATE_WAIT_CHANGECIPHERSPEC; in handle_handshake_msg()
3202 err = check_client_certificate_verify(ctx, peer, data, data_length); in handle_handshake_msg()
3208 update_hs_hash(peer, data, data_length); in handle_handshake_msg()
3209 peer->state = DTLS_STATE_WAIT_CHANGECIPHERSPEC; in handle_handshake_msg()
3215 if ((peer && state != DTLS_STATE_CONNECTED) || in handle_handshake_msg()
3216 (!peer && state != DTLS_STATE_WAIT_CLIENTHELLO)) { in handle_handshake_msg()
3229 err = dtls_verify_peer(ctx, peer, session, data, data_length); in handle_handshake_msg()
3242 if (!peer) { in handle_handshake_msg()
3248 peer = dtls_new_peer(session); in handle_handshake_msg()
3249 if (!peer) { in handle_handshake_msg()
3253 peer->role = DTLS_SERVER; in handle_handshake_msg()
3258 security = dtls_security_params(peer); in handle_handshake_msg()
3260 dtls_add_peer(ctx, peer); in handle_handshake_msg()
3262 if (peer && !peer->handshake_params) { in handle_handshake_msg()
3265 peer->handshake_params = dtls_handshake_new(); in handle_handshake_msg()
3266 if (!peer->handshake_params) in handle_handshake_msg()
3269 LIST_STRUCT_INIT(peer->handshake_params, reorder_queue); in handle_handshake_msg()
3270 peer->handshake_params->hs_state.mseq_r = dtls_uint16_to_int(hs_header->message_seq); in handle_handshake_msg()
3271 peer->handshake_params->hs_state.mseq_s = 1; in handle_handshake_msg()
3274 clear_hs_hash(peer); in handle_handshake_msg()
3282 err = dtls_update_parameters(ctx, peer, data, data_length); in handle_handshake_msg()
3289 update_hs_hash(peer, data, data_length); in handle_handshake_msg()
3291 err = dtls_send_server_hello_msgs(ctx, peer); in handle_handshake_msg()
3295 if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher) && in handle_handshake_msg()
3297 peer->state = DTLS_STATE_WAIT_CLIENTCERTIFICATE; in handle_handshake_msg()
3299 peer->state = DTLS_STATE_WAIT_CLIENTKEYEXCHANGE; in handle_handshake_msg()
3315 if (peer && !peer->handshake_params) { in handle_handshake_msg()
3316 peer->handshake_params = dtls_handshake_new(); in handle_handshake_msg()
3317 if (!peer->handshake_params) in handle_handshake_msg()
3320 LIST_STRUCT_INIT(peer->handshake_params, reorder_queue); in handle_handshake_msg()
3321 peer->handshake_params->hs_state.mseq_r = 0; in handle_handshake_msg()
3322 peer->handshake_params->hs_state.mseq_s = 0; in handle_handshake_msg()
3326 err = dtls_send_client_hello(ctx, peer, NULL, 0); in handle_handshake_msg()
3331 peer->state = DTLS_STATE_CLIENTHELLO; in handle_handshake_msg()
3339 if (peer && peer->handshake_params && err >= 0) { in handle_handshake_msg()
3340 peer->handshake_params->hs_state.mseq_r++; in handle_handshake_msg()
3347 handle_handshake(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session, in handle_handshake() argument
3363 if (!peer || !peer->handshake_params) { in handle_handshake()
3365 if (hs_header->msg_type != DTLS_HT_CLIENT_HELLO && !peer) { in handle_handshake()
3373 return handle_handshake_msg(ctx, peer, session, role, state, data, in handle_handshake()
3381 if (dtls_uint16_to_int(hs_header->message_seq) < peer->handshake_params->hs_state.mseq_r) { in handle_handshake()
3383 peer->handshake_params->hs_state.mseq_r, dtls_uint16_to_int(hs_header->message_seq)); in handle_handshake()
3385 } else if (dtls_uint16_to_int(hs_header->message_seq) > peer->handshake_params->hs_state.mseq_r) { in handle_handshake()
3395 netq_t *node = netq_head(peer->handshake_params->reorder_queue); in handle_handshake()
3411 n->peer = peer; in handle_handshake()
3415 if (!netq_insert_node(peer->handshake_params->reorder_queue, n)) { in handle_handshake()
3421 …} else if (dtls_uint16_to_int(hs_header->message_seq) == peer->handshake_params->hs_state.mseq_r) { in handle_handshake()
3425 res = handle_handshake_msg(ctx, peer, session, role, state, data, data_length); in handle_handshake()
3430 while (next && peer->handshake_params) { in handle_handshake()
3432 netq_t *node = netq_head(peer->handshake_params->reorder_queue); in handle_handshake()
3436 … if (dtls_uint16_to_int(node_header->message_seq) == peer->handshake_params->hs_state.mseq_r) { in handle_handshake()
3437 netq_remove(peer->handshake_params->reorder_queue, node); in handle_handshake()
3439 … res = handle_handshake_msg(ctx, peer, session, role, peer->state, node->data, node->length); in handle_handshake()
3457 handle_ccs(dtls_context_t *ctx, dtls_peer_t *peer, in handle_ccs() argument
3461 dtls_handshake_parameters_t *handshake = peer->handshake_params; in handle_ccs()
3469 if (!peer || peer->state != DTLS_STATE_WAIT_CHANGECIPHERSPEC) { in handle_ccs()
3478 if (peer->role == DTLS_SERVER) { in handle_ccs()
3479 err = calculate_key_block(ctx, handshake, peer, in handle_ccs()
3480 &peer->session, peer->role); in handle_ccs()
3486 peer->state = DTLS_STATE_WAIT_FINISHED; in handle_ccs()
3496 handle_alert(dtls_context_t *ctx, dtls_peer_t *peer, in handle_alert() argument
3505 if (!peer) { in handle_alert()
3520 HASH_DEL_PEER(ctx->peers, peer); in handle_alert()
3522 list_remove(ctx->peers, peer); in handle_alert()
3526 PRINT6ADDR(&peer->session.addr); in handle_alert()
3527 PRINTF("]:%d\n", uip_ntohs(peer->session.port)); in handle_alert()
3535 (void)CALL(ctx, event, &peer->session, in handle_alert()
3541 if (peer->state != DTLS_STATE_CLOSING) { in handle_alert()
3542 peer->state = DTLS_STATE_CLOSING; in handle_alert()
3543 dtls_send_alert(ctx, peer, DTLS_ALERT_LEVEL_FATAL, DTLS_ALERT_CLOSE_NOTIFY); in handle_alert()
3545 peer->state = DTLS_STATE_CLOSED; in handle_alert()
3552 dtls_stop_retransmission(ctx, peer); in handle_alert()
3553 dtls_destroy_peer(ctx, peer, 0); in handle_alert()
3559 static int dtls_alert_send_from_err(dtls_context_t *ctx, dtls_peer_t *peer, in dtls_alert_send_from_err() argument
3568 if (!peer) { in dtls_alert_send_from_err()
3569 peer = dtls_get_peer(ctx, session); in dtls_alert_send_from_err()
3571 if (peer) { in dtls_alert_send_from_err()
3572 peer->state = DTLS_STATE_CLOSING; in dtls_alert_send_from_err()
3573 return dtls_send_alert(ctx, peer, level, desc); in dtls_alert_send_from_err()
3576 if (!peer) { in dtls_alert_send_from_err()
3577 peer = dtls_get_peer(ctx, session); in dtls_alert_send_from_err()
3579 if (peer) { in dtls_alert_send_from_err()
3580 peer->state = DTLS_STATE_CLOSING; in dtls_alert_send_from_err()
3581 return dtls_send_alert(ctx, peer, DTLS_ALERT_LEVEL_FATAL, DTLS_ALERT_INTERNAL_ERROR); in dtls_alert_send_from_err()
3594 dtls_peer_t *peer = NULL; in dtls_handle_message() local
3602 peer = dtls_get_peer(ctx, session); in dtls_handle_message()
3604 if (!peer) { in dtls_handle_message()
3616 if (peer) { in dtls_handle_message()
3617 data_length = decrypt_verify(peer, msg, rlen, &data); in dtls_handle_message()
3621 if (peer->state < DTLS_STATE_CONNECTED) { in dtls_handle_message()
3622 dtls_alert_send_from_err(ctx, peer, &peer->session, err); in dtls_handle_message()
3623 peer->state = DTLS_STATE_CLOSED; in dtls_handle_message()
3625 dtls_destroy_peer(ctx, peer, 1); in dtls_handle_message()
3629 role = peer->role; in dtls_handle_message()
3630 state = peer->state; in dtls_handle_message()
3650 if (peer) { in dtls_handle_message()
3651 dtls_stop_retransmission(ctx, peer); in dtls_handle_message()
3653 err = handle_ccs(ctx, peer, msg, data, data_length); in dtls_handle_message()
3656 dtls_alert_send_from_err(ctx, peer, session, err); in dtls_handle_message()
3659 dtls_destroy_peer(ctx, peer, 1); in dtls_handle_message()
3660 peer = NULL; in dtls_handle_message()
3667 if (peer) { in dtls_handle_message()
3668 dtls_stop_retransmission(ctx, peer); in dtls_handle_message()
3670 err = handle_alert(ctx, peer, msg, data, data_length); in dtls_handle_message()
3674 peer = NULL; in dtls_handle_message()
3683 if (peer) { in dtls_handle_message()
3684 uint16_t expected_epoch = dtls_security_params(peer)->epoch; in dtls_handle_message()
3704 err = handle_handshake(ctx, peer, session, role, state, data, data_length); in dtls_handle_message()
3707 dtls_alert_send_from_err(ctx, peer, session, err); in dtls_handle_message()
3710 if (peer && peer->state == DTLS_STATE_CONNECTED) { in dtls_handle_message()
3712 dtls_stop_retransmission(ctx, peer); in dtls_handle_message()
3713 CALL(ctx, event, &peer->session, 0, DTLS_EVENT_CONNECTED); in dtls_handle_message()
3719 if (!peer) { in dtls_handle_message()
3724 dtls_stop_retransmission(ctx, peer); in dtls_handle_message()
3725 CALL(ctx, read, &peer->session, data, data_length); in dtls_handle_message()
3826 dtls_connect_peer(dtls_context_t *ctx, dtls_peer_t *peer) { in dtls_connect_peer() argument
3829 assert(peer); in dtls_connect_peer()
3830 if (!peer) in dtls_connect_peer()
3834 if (peer == dtls_get_peer(ctx, &peer->session)) { in dtls_connect_peer()
3836 return dtls_renegotiate(ctx, &peer->session); in dtls_connect_peer()
3840 peer->role = DTLS_CLIENT; in dtls_connect_peer()
3842 dtls_add_peer(ctx, peer); in dtls_connect_peer()
3845 peer->handshake_params = dtls_handshake_new(); in dtls_connect_peer()
3846 if (!peer->handshake_params) in dtls_connect_peer()
3849 peer->handshake_params->hs_state.mseq_r = 0; in dtls_connect_peer()
3850 peer->handshake_params->hs_state.mseq_s = 0; in dtls_connect_peer()
3851 LIST_STRUCT_INIT(peer->handshake_params, reorder_queue); in dtls_connect_peer()
3852 res = dtls_send_client_hello(ctx, peer, NULL, 0); in dtls_connect_peer()
3856 peer->state = DTLS_STATE_CLIENTHELLO; in dtls_connect_peer()
3863 dtls_peer_t *peer; in dtls_connect() local
3866 peer = dtls_get_peer(ctx, dst); in dtls_connect()
3868 if (!peer) in dtls_connect()
3869 peer = dtls_new_peer(dst); in dtls_connect()
3871 if (!peer) { in dtls_connect()
3876 res = dtls_connect_peer(ctx, peer); in dtls_connect()
3881 CALL(ctx, event, &peer->session, 0, DTLS_EVENT_CONNECT); in dtls_connect()
3883 CALL(ctx, event, &peer->session, 0, DTLS_EVENT_RENEGOTIATE); in dtls_connect()
3902 dtls_security_parameters_t *security = dtls_security_params_epoch(node->peer, node->epoch); in dtls_retransmit()
3918 err = dtls_prepare_record(node->peer, security, node->type, &data, &length, in dtls_retransmit()
3928 (void)CALL(context, write, &node->peer->session, sendbuf, len); in dtls_retransmit()
3941 dtls_stop_retransmission(dtls_context_t *context, dtls_peer_t *peer) { in dtls_stop_retransmission() argument
3946 if (dtls_session_equals(&node->peer->session, &peer->session)) { in dtls_stop_retransmission()