ec_err_t ec_channel_init(ec_channel_t *ch, ec_cert_t *c, ec_ctx_t *ctx, unsigned char *dh);
ec_channel_clean()
.ctx
should point to a context where the remote certificate can be found, and will be used for validation purposes - if trust chain checks are performed, then those certificates will also need to be available.c
is the certificate used as the local endpoint. This certificate does not need to be available in ctx
.dh
, which should be a buffer of at least EC_CHANNEL_DH_BYTES
bytes. The contents of this buffer should be provided to ec_channel_start()
on the remote end.ec_err_t ec_channel_start(ec_channel_t *ch, unsigned char *dh, int checks);
dh
should contain the negotiation packet generated by ec_channel_init()
on the remote end.checks
is a bitfield determining which checks should be run on the remote certificate. All checks must pass for channel setup to complete successfully. EC_CHECK_CERT
and EC_CHECK_SIGN
will always be tested, whether or not they are set.ec_err_t ec_channel_encrypt(ec_channel_t *ch, unsigned char *buf, size_t len,
unsigned char *mac, uint64_t *ctr);
EC_CHANNEL_MAC_BYTES
bytes) for the message will be stored in *mac
, and the message sequence number will be stored in *ctr
if ctr
is not NULL.ec_err_t ec_channel_decrypt(ec_channel_t *ch, unsigned char *buf, size_t len,
unsigned char *mac, uint64_t ctr);
mac
should be the MAC generated by the other end of the channel using ec_channel_encrypt()
.ctr
should be set to the sequence number of the message being decrypted. Otherwise, this can be left at zero, and it will be set automatically.ec_cert_t *ec_channel_remote(ec_channel_t *ch);