├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── custom.md │ └── feature_request.md └── workflows │ └── sync_issues.yml ├── .gitlab-ci.yml ├── .gitmodules ├── .travis.yml ├── CMakeLists.txt ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── Kconfig ├── LICENSE ├── Makefile.projbuild ├── README.md ├── component.mk ├── examples └── HelloHMACSHA256 │ └── HelloHMACSHA256.ino ├── extras ├── arduino-link-create.bat └── arduino-link-remove.bat ├── library.properties ├── mbedtls.c ├── mklink.py ├── port ├── esp_bignum.c ├── esp_hardware.c ├── esp_mem.c ├── esp_sha1.c ├── esp_sha256.c ├── esp_sha512.c ├── include │ ├── aes_alt.h │ ├── esp_mem.h │ ├── mbedtls │ │ ├── bignum.h │ │ ├── config.h │ │ └── esp_debug.h │ ├── sha1_alt.h │ ├── sha256_alt.h │ └── sha512_alt.h ├── mbedtls_debug.c └── net_sockets.c └── src ├── Seeed_mbedtls.h ├── aes_alt.h ├── arduino_config.h ├── esp_mem.h ├── library ├── aes.c ├── aesni.c ├── arc4.c ├── aria.c ├── asn1parse.c ├── asn1write.c ├── base64.c ├── bignum.c ├── blowfish.c ├── camellia.c ├── ccm.c ├── certs.c ├── chacha20.c ├── chachapoly.c ├── cipher.c ├── cipher_wrap.c ├── cmac.c ├── ctr_drbg.c ├── debug.c ├── des.c ├── dhm.c ├── ecdh.c ├── ecdsa.c ├── ecjpake.c ├── ecp.c ├── ecp_curves.c ├── entropy.c ├── error.c ├── gcm.c ├── havege.c ├── hkdf.c ├── hmac_drbg.c ├── md.c ├── md2.c ├── md4.c ├── md5.c ├── md_wrap.c ├── memory_buffer_alloc.c ├── nist_kw.c ├── oid.c ├── padlock.c ├── pem.c ├── pk.c ├── pk_wrap.c ├── pkcs11.c ├── pkcs12.c ├── pkcs5.c ├── pkparse.c ├── pkwrite.c ├── platform.c ├── platform_util.c ├── poly1305.c ├── ripemd160.c ├── rsa.c ├── rsa_internal.c ├── sha1.c ├── sha256.c ├── sha512.c ├── ssl_cache.c ├── ssl_ciphersuites.c ├── ssl_cli.c ├── ssl_cookie.c ├── ssl_srv.c ├── ssl_ticket.c ├── ssl_tls.c ├── threading.c ├── version.c ├── version_features.c ├── x509.c ├── x509_create.c ├── x509_crl.c ├── x509_crt.c ├── x509_csr.c ├── x509write_crt.c ├── x509write_csr.c └── xtea.c ├── mbedtls ├── aes.h ├── aesni.h ├── arc4.h ├── aria.h ├── asn1.h ├── asn1write.h ├── base64.h ├── bignum.h ├── blowfish.h ├── bn_mul.h ├── camellia.h ├── ccm.h ├── certs.h ├── chacha20.h ├── chachapoly.h ├── check_config.h ├── cipher.h ├── cipher_internal.h ├── cmac.h ├── compat-1.3.h ├── config.h ├── ctr_drbg.h ├── debug.h ├── des.h ├── dhm.h ├── ecdh.h ├── ecdsa.h ├── ecjpake.h ├── ecp.h ├── ecp_internal.h ├── entropy.h ├── entropy_poll.h ├── error.h ├── esp_debug.h ├── gcm.h ├── havege.h ├── hkdf.h ├── hmac_drbg.h ├── md.h ├── md2.h ├── md4.h ├── md5.h ├── md_internal.h ├── memory_buffer_alloc.h ├── net.h ├── net_sockets.h ├── nist_kw.h ├── oid.h ├── padlock.h ├── pem.h ├── pk.h ├── pk_internal.h ├── pkcs11.h ├── pkcs12.h ├── pkcs5.h ├── platform.h ├── platform_time.h ├── platform_util.h ├── poly1305.h ├── ripemd160.h ├── rsa.h ├── rsa_internal.h ├── sdkconfig.h ├── sha1.h ├── sha256.h ├── sha512.h ├── ssl.h ├── ssl_cache.h ├── ssl_ciphersuites.h ├── ssl_cookie.h ├── ssl_internal.h ├── ssl_ticket.h ├── threading.h ├── timing.h ├── version.h ├── x509.h ├── x509_crl.h ├── x509_crt.h ├── x509_csr.h └── xtea.h ├── port ├── esp_hardware.c ├── esp_mem.c └── mbedtls_debug.c ├── sha1_alt.h ├── sha256_alt.h └── sha512_alt.h /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop (please complete the following information):** 27 | - OS: [e.g. iOS] 28 | - Browser [e.g. chrome, safari] 29 | - Version [e.g. 22] 30 | 31 | **Smartphone (please complete the following information):** 32 | - Device: [e.g. iPhone6] 33 | - OS: [e.g. iOS8.1] 34 | - Browser [e.g. stock browser, safari] 35 | - Version [e.g. 22] 36 | 37 | **Additional context** 38 | Add any other context about the problem here. 39 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/custom.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Custom issue template 3 | about: Describe this issue template's purpose here. 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | 11 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.github/workflows/sync_issues.yml: -------------------------------------------------------------------------------- 1 | name: Automate Issue Management 2 | 3 | on: 4 | issues: 5 | types: 6 | - opened 7 | - edited 8 | - assigned 9 | - unassigned 10 | - labeled 11 | - unlabeled 12 | - reopened 13 | 14 | jobs: 15 | add_issue_to_project: 16 | runs-on: ubuntu-latest 17 | steps: 18 | - name: Add issue to GitHub Project 19 | uses: actions/add-to-project@v1.0.2 20 | with: 21 | project-url: https://github.com/orgs/Seeed-Studio/projects/17 22 | github-token: ${{ secrets.ISSUE_ASSEMBLE }} 23 | labeled: bug 24 | label-operator: NOT -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | build: 2 | tags: 3 | - nas 4 | script: 5 | - wget -c https://files.seeedstudio.com/arduino/seeed-arduino-ci.sh 6 | - chmod +x seeed-arduino-ci.sh 7 | - bash $PWD/seeed-arduino-ci.sh test 8 | 9 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "mbedtls"] 2 | path = mbedtls 3 | url = https://github.com/espressif/mbedtls.git 4 | # version = f5f2e5926cd294ae7cb579ff6a12ad9303caeb6e 5 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | 2 | language: generic 3 | dist: bionic 4 | sudo: false 5 | cache: 6 | directories: 7 | - ~/arduino_ide 8 | - ~/.arduino15/packages/ 9 | 10 | before_install: 11 | - wget -c https://github.com/Seeed-Studio/Seeed_Arduino_atUnified/raw/master/seeed-arduino-ci.sh 12 | 13 | script: 14 | - chmod +x seeed-arduino-ci.sh 15 | - cat $PWD/seeed-arduino-ci.sh 16 | - $PWD/seeed-arduino-ci.sh -b "Seeeduino:samd:seeed_wio_terminal" -s 17 | nothing 18 | Seeed-Studio/esp-at-lib.git 19 | Seeed-Studio/Seeed_Arduino_FreeRTOS.git 20 | Seeed-Studio/Seeed_Arduino_atUnified.git 21 | Seeed-Studio/Seeed_Arduino_atWiFi.git 22 | Seeed-Studio/Seeed_Arduino_mbedtls.git 23 | 24 | notifications: 25 | email: 26 | on_success: change 27 | on_failure: change 28 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | set(COMPONENT_ADD_INCLUDEDIRS "port/include" "mbedtls/include") 2 | set(COMPONENT_SRCS "mbedtls.c") 3 | set(COMPONENT_REQUIRES lwip) 4 | 5 | register_component() 6 | 7 | # Only build mbedtls libraries 8 | set(ENABLE_TESTING CACHE BOOL OFF) 9 | set(ENABLE_PROGRAMS CACHE BOOL OFF) 10 | 11 | # Use same policy between IDF and mbedtls build 12 | function(project) 13 | set(_args ARGV) 14 | _project(${${_args}}) 15 | cmake_policy(SET CMP0022 NEW) 16 | endfunction() 17 | 18 | # Needed to for include_next includes to work from within mbedtls 19 | include_directories("${COMPONENT_PATH}/port/include") 20 | 21 | # Workaround issue with creating symbolic links due to issues with native 22 | # path conversion (TO_NATIVE_PATH). The following summarizes what CMake invocations 23 | # this workaround is for: 24 | # 25 | # 1. CMake from command line + Ninja = No errors 26 | # 2. CMake from command line + MinGW Makefiles = Forward slash for paths, mklink mistakes path for a switch 27 | # 3. CMake from MSYS + Ninja = No errors 28 | # 4. CMake from MSYS + Unix Makefiles/MSYS Makefiles = Forward slash for paths, mklink mistakes path for a switch 29 | # 30 | # There are references to the issue in case (2) and (4) in https://github.com/ARMmbed/mbedtls/issues/1496, 31 | # https://cmake.org/pipermail/cmake/2006-July/010193.html, and https://cmake.org/Bug/view.php?id=5939. 32 | # 33 | # This workaround is meant to circumvent logic inside link_to_source() function in mbedtls/mbedtls/CMakeLists.txt. 34 | if(CMAKE_HOST_WIN32) 35 | set(msystem $ENV{MSYSTEM}) 36 | if(MSYS OR msystem) 37 | # Solves case (4). When in MSYS environment, instead opt to use the Unix equivalent of mklink. 38 | set(CMAKE_HOST_UNIX 1) 39 | else() 40 | # Solves case (2). When invoked from command line, create the symbolic links ahead of link_to_source() invocations 41 | # using a 'hybrid' path format resilient intermediary - in this case a Python wrapper for mklink. This is more unweildy 42 | # than necessary, since string(REPLACE "/" "\\" ... does not actually work. 43 | set(target_links "mbedtls/include/mbedtls" 44 | "mbedtls/scripts") 45 | foreach(target_link ${target_links}) 46 | file(TO_NATIVE_PATH ${CMAKE_CURRENT_BINARY_DIR}/${target_link} link) 47 | file(TO_NATIVE_PATH ${COMPONENT_PATH}/${target_link} target) 48 | 49 | if(NOT EXISTS ${link}) 50 | if (IS_DIRECTORY ${target}) 51 | set(command ${PYTHON} ${COMPONENT_PATH}/mklink.py /j ${link} ${target}) 52 | else() 53 | set(command ${PYTHON} ${COMPONENT_PATH}/mklink.py /h ${link} ${target}) 54 | endif() 55 | 56 | execute_process(COMMAND ${command} 57 | RESULT_VARIABLE result 58 | ERROR_VARIABLE output) 59 | 60 | if (NOT ${result} EQUAL 0) 61 | message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}") 62 | endif() 63 | endif() 64 | endforeach() 65 | endif() 66 | endif() 67 | 68 | # Import mbedtls library targets 69 | add_subdirectory(mbedtls) 70 | 71 | # Use port specific implementation of net_socket.c instead of one from mbedtls 72 | get_target_property(src_tls mbedtls SOURCES) 73 | list(REMOVE_ITEM src_tls net_sockets.c) 74 | set_property(TARGET mbedtls PROPERTY SOURCES ${src_tls}) 75 | 76 | set(mbedtls_targets mbedtls mbedcrypto mbedx509) 77 | 78 | # Add port files to mbedtls targets 79 | target_sources(mbedtls PRIVATE "${COMPONENT_PATH}/port/esp_bignum.c" 80 | "${COMPONENT_PATH}/port/esp_hardware.c" 81 | "${COMPONENT_PATH}/port/esp_mem.c" 82 | "${COMPONENT_PATH}/port/esp_sha1.c" 83 | "${COMPONENT_PATH}/port/esp_sha256.c" 84 | "${COMPONENT_PATH}/port/esp_sha512.c" 85 | "${COMPONENT_PATH}/port/mbedtls_debug.c" 86 | "${COMPONENT_PATH}/port/net_sockets.c") 87 | 88 | foreach(target ${mbedtls_targets}) 89 | # Propagate compile options to mbedtls library targets 90 | target_include_directories(${target} PRIVATE "${IDF_INCLUDE_DIRECTORIES}") 91 | target_compile_options(${target} PRIVATE "${IDF_COMPILE_OPTIONS};${IDF_C_COMPILE_OPTIONS}") 92 | target_compile_definitions(${target} PRIVATE "${IDF_COMPILE_DEFINITIONS}") 93 | target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h") 94 | 95 | # The mbedtls targets also depends on core components 96 | foreach(common ${IDF_COMPONENT_REQUIRES_COMMON}) 97 | component_get_target(common_target ${common}) 98 | set_property(TARGET ${target} APPEND PROPERTY INTERFACE_LINK_LIBRARIES ${common_target}) 99 | set_property(TARGET ${target} APPEND PROPERTY LINK_LIBRARIES ${common_target}) 100 | endforeach() 101 | endforeach() 102 | 103 | # Link mbedtls libraries to component library 104 | target_link_libraries(${COMPONENT_TARGET} ${mbedtls_targets}) 105 | 106 | # Catch usage of deprecated mbedTLS functions when building tests 107 | if(mbedtls_test IN_LIST BUILD_TEST_COMPONENTS) 108 | add_definitions(-DMBEDTLS_DEPRECATED_WARNING) 109 | endif() 110 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at zuobaozhu@gmail.com. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | 75 | For answers to common questions about this code of conduct, see 76 | https://www.contributor-covenant.org/faq 77 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | ## Contributing guidelines 2 | 3 | All guidelines for contributing to the Seeed_Arduino_mbedtls repository can be found at [`How to contribute guideline`](https://github.com/Seeed-Studio/Seeed_Arduino_mbedtls/wiki/How_to_contribute). 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Seeed Studio 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile.projbuild: -------------------------------------------------------------------------------- 1 | # Anyone compiling mbedTLS code needs the name of the 2 | # alternative config file 3 | CPPFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"' 4 | 5 | # Catch usage of deprecated mbedTLS functions when building tests 6 | ifneq ("$(filter mbedtls,$(TEST_COMPONENTS_LIST))","") 7 | CPPFLAGS += -DMBEDTLS_DEPRECATED_WARNING 8 | endif 9 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Seeed_Arduino_mbedtls [![Build Status](https://travis-ci.com/Seeed-Studio/Seeed_Arduino_mbedtls.svg?branch=master)](https://travis-ci.com/Seeed-Studio/Seeed_Arduino_mbedtls) 2 | 3 | Please note that you need to use the following release versions for the respective firmware structures: 4 | 5 | - v2.0.1 - AT firmware structure 6 | - v3.0.1 and above - eRPC firmware structure 7 | -------------------------------------------------------------------------------- /component.mk: -------------------------------------------------------------------------------- 1 | # 2 | # Component Makefile 3 | # 4 | 5 | COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include 6 | 7 | COMPONENT_SRCDIRS := mbedtls/library port 8 | 9 | COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o 10 | 11 | COMPONENT_SUBMODULES += mbedtls 12 | 13 | -------------------------------------------------------------------------------- /examples/HelloHMACSHA256/HelloHMACSHA256.ino: -------------------------------------------------------------------------------- 1 | #include "Seeed_mbedtls.h" 2 | void setup(){ 3 | Serial.begin(115200); 4 | 5 | char *key = "secretKey"; 6 | char *payload = "Hello HMAC SHA 256!"; 7 | byte hmacResult[32]; 8 | 9 | mbedtls_md_context_t ctx; 10 | mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256; 11 | 12 | const size_t payloadLength = strlen(payload); 13 | const size_t keyLength = strlen(key); 14 | 15 | mbedtls_md_init(&ctx); 16 | mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 1); 17 | mbedtls_md_hmac_starts(&ctx, (const unsigned char *) key, keyLength); 18 | mbedtls_md_hmac_update(&ctx, (const unsigned char *) payload, payloadLength); 19 | mbedtls_md_hmac_finish(&ctx, hmacResult); 20 | mbedtls_md_free(&ctx); 21 | 22 | Serial.print("Hash: "); 23 | 24 | for(int i= 0; i< sizeof(hmacResult); i++){ 25 | char str[3]; 26 | 27 | sprintf(str, "%02x", (int)hmacResult[i]); 28 | Serial.print(str); 29 | } 30 | } 31 | 32 | void loop(){} 33 | 34 | -------------------------------------------------------------------------------- /extras/arduino-link-create.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal EnableExtensions 3 | setlocal EnableDelayedExpansion 4 | 5 | :: Change current directory for 'Run As Admin' 6 | cd %~dp0 7 | 8 | setlocal 9 | 10 | cd ..\src 11 | :: if not exist library mklink /d library ..\mbedtls\library 12 | if not exist library mkdir library 13 | for %%i in (..\mbedtls\library\*.c) do ( 14 | call :GetFileName fname "%%i" 15 | set _ignore= 16 | if /i "!fname!" equ "net_sockets.c" set _ignore=1 17 | if /i "!fname!" equ "entropy_poll.c" set _ignore=1 18 | if /i "!fname!" equ "timing.c" set _ignore=1 19 | :: if /i "!fname!" equ "x509_crt.c" set _ignore=1 20 | if "!_ignore!" == "" ( 21 | call :FileLink library\!fname! "..\%%i" 22 | ) 23 | ) 24 | 25 | :: if not exist mbedtls mklink /d mbedtls ..\mbedtls\include\mbedtls 26 | if not exist mbedtls mkdir mbedtls 27 | for %%i in (..\mbedtls\include\mbedtls\*.h) do ( 28 | call :GetFileName fname "%%i" 29 | set _ignore= 30 | if /i "!fname!" equ "config.h" set _ignore=1 31 | if "!_ignore!" == "" ( 32 | call :FileLink mbedtls\!fname! "..\%%i" 33 | ) 34 | ) 35 | 36 | if not exist Seeed_mbedtls.h echo // Empty file > Seeed_mbedtls.h 37 | 38 | :: if not exist port mklink /d port ..\port 39 | if not exist port mkdir port 40 | for %%i in (..\port\*.c) do ( 41 | call :GetFileName fname "%%i" 42 | set _ignore= 43 | if /i "!fname!" equ "esp_bignum.c" set _ignore=1 44 | :: if /i "!fname!" equ "esp_hardware.c" set _ignore=1 45 | if /i "!fname!" equ "esp_sha1.c" set _ignore=1 46 | if /i "!fname!" equ "esp_sha256.c" set _ignore=1 47 | if /i "!fname!" equ "esp_sha512.c" set _ignore=1 48 | if "!_ignore!" == "" ( 49 | call :FileLink port\!fname! "..\%%i" 50 | ) 51 | ) 52 | 53 | for %%i in (..\port\include\*.h) do ( 54 | call :GetFileName fname "%%i" 55 | call :FileLink !fname! "%%i" 56 | ) 57 | 58 | call :FileLink mbedtls\config.h ..\..\port\include\mbedtls\esp_config.h 59 | call :FileLink mbedtls\esp_debug.h ..\..\port\include\mbedtls\esp_debug.h 60 | 61 | 62 | goto :eof 63 | 64 | 65 | 66 | :GetFileName 67 | REM --Get the file name in the path 68 | setlocal 69 | set filename=%~nx2 70 | ( 71 | endlocal & REM -- RETURN VALUES 72 | if "%~1" neq "" ( 73 | set %~1=%filename% 74 | ) 75 | ) 76 | goto :eof 77 | 78 | :FileLink 79 | REM --Make a file linkage, could be mklink or copy directly. 80 | setlocal 81 | set link=%~1 82 | set tar=%~2 83 | 84 | :: mklink %link% %tar% 85 | 86 | :: up link 87 | :: or 88 | :: below copy 89 | 90 | set linkpath=%~p1 91 | set linkname=%~nx1 92 | cd %linkpath% 93 | echo copy %tar% %linkname% 94 | copy %tar% %linkname% 95 | ( 96 | endlocal & REM -- RETURN VALUES 97 | ) 98 | goto :eof 99 | -------------------------------------------------------------------------------- /extras/arduino-link-remove.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal EnableExtensions 3 | setlocal EnableDelayedExpansion 4 | 5 | :: Change current directory for 'Run As Admin' 6 | cd %~dp0 7 | 8 | setlocal 9 | 10 | cd ..\src 11 | :: if not exist library mkdir library 12 | for %%i in (..\mbedtls\library\*.c) do ( 13 | call :GetFileName fname "%%i" 14 | set _ignore= 15 | if "!_ignore!" == "" ( 16 | del library\!fname! 17 | ) 18 | ) 19 | 20 | :: if not exist mbedtls mklink /d mbedtls ..\mbedtls\include\mbedtls 21 | if not exist mbedtls mkdir mbedtls 22 | for %%i in (..\mbedtls\include\mbedtls\*.h) do ( 23 | call :GetFileName fname "%%i" 24 | set _ignore= 25 | if /i "!fname!" equ "config.h" set _ignore=1 26 | if "!_ignore!" == "" ( 27 | del mbedtls\!fname! 28 | ) 29 | ) 30 | 31 | :: if not exist port mklink /d port ..\port 32 | if not exist port mkdir port 33 | for %%i in (..\port\*.c) do ( 34 | call :GetFileName fname "%%i" 35 | set _ignore= 36 | if "!_ignore!" == "" ( 37 | del port\!fname! 38 | ) 39 | ) 40 | 41 | for %%i in (..\port\include\*.h) do ( 42 | call :GetFileName fname "%%i" 43 | del !fname! 44 | ) 45 | 46 | del mbedtls\config.h 47 | del mbedtls\esp_debug.h 48 | 49 | goto :eof 50 | 51 | 52 | 53 | :GetFileName 54 | REM --Get the file name in the path 55 | setlocal 56 | set filename=%~nx2 57 | ( 58 | endlocal & REM -- RETURN VALUES 59 | if "%~1" neq "" ( 60 | set %~1=%filename% 61 | ) 62 | ) 63 | goto :eof 64 | -------------------------------------------------------------------------------- /library.properties: -------------------------------------------------------------------------------- 1 | name=Seeed_Arduino_mbedtls 2 | version=3.0.2 3 | author=Peter Yang 4 | maintainer=Peter Yang 5 | sentence=Seeed Arduino library for TLS/SSL connection 6 | paragraph=Seeed Arduino library for TLS/SSL connection. 7 | category=Communication 8 | url=https://github.com/Seeed-Studio/Seeed_Arduino_mbedtls.git 9 | architectures=* 10 | includes=Seeed_mbedtls.h 11 | -------------------------------------------------------------------------------- /mbedtls.c: -------------------------------------------------------------------------------- 1 | // Empty file 2 | -------------------------------------------------------------------------------- /mklink.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # Wrapper for symbolic link creation on Windows that works around issues 4 | # with native path conversion. See the component CMakeLists.txt for more details. 5 | # 6 | # Copyright 2018 Espressif Systems (Shanghai) PTE LTD 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the "License"); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http:#www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an "AS IS" BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | import os 20 | import argparse 21 | import subprocess 22 | 23 | parser = argparse.ArgumentParser() 24 | parser.add_argument("type") 25 | parser.add_argument("link") 26 | parser.add_argument("target") 27 | 28 | args = parser.parse_args() 29 | 30 | link = os.path.abspath(args.link) 31 | target = os.path.abspath(args.target) 32 | 33 | try: 34 | os.makedirs(os.path.dirname(link)) 35 | except WindowsError: 36 | pass 37 | 38 | mklink_cmd = ["mklink", args.type, link, target] 39 | 40 | subprocess.call(mklink_cmd, shell=True) 41 | -------------------------------------------------------------------------------- /port/esp_hardware.c: -------------------------------------------------------------------------------- 1 | #if !defined(MBEDTLS_CONFIG_FILE) 2 | #include "mbedtls/config.h" 3 | #else 4 | #include MBEDTLS_CONFIG_FILE 5 | #endif 6 | 7 | #include "Arduino.h" 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | #include "mbedtls/entropy_poll.h" 14 | 15 | #ifndef MBEDTLS_ENTROPY_HARDWARE_ALT 16 | #error "MBEDTLS_ENTROPY_HARDWARE_ALT should always be set in ESP-IDF" 17 | #endif 18 | 19 | int mbedtls_hardware_poll( void *data, 20 | unsigned char *output, size_t len, size_t *olen ) 21 | { 22 | static int srand_set; 23 | size_t i; 24 | 25 | // prevent warning 26 | data = data; 27 | 28 | if (!srand_set) { 29 | srand_set = 1; 30 | srand(micros()); 31 | } 32 | for (i = 0; i < len; i++) { 33 | output[i] = rand() % 0x100; 34 | } 35 | *olen = len; 36 | return 0; 37 | } 38 | 39 | 40 | -------------------------------------------------------------------------------- /port/esp_mem.c: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Espressif Systems (Shanghai) PTE LTD 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | #include 17 | #define IRAM_ATTR 18 | 19 | #ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC 20 | 21 | IRAM_ATTR void *esp_mbedtls_mem_calloc(size_t n, size_t size) 22 | { 23 | #ifdef CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC 24 | return heap_caps_calloc(n, size, MALLOC_CAP_INTERNAL|MALLOC_CAP_8BIT); 25 | #elif CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC 26 | return heap_caps_calloc(n, size, MALLOC_CAP_SPIRAM|MALLOC_CAP_8BIT); 27 | #else 28 | return calloc(n, size); 29 | #endif 30 | } 31 | 32 | IRAM_ATTR void esp_mbedtls_mem_free(void *ptr) 33 | { 34 | return free(ptr); 35 | } 36 | 37 | #endif /* !CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC */ 38 | -------------------------------------------------------------------------------- /port/include/aes_alt.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file aes_alt.h 3 | * 4 | * \brief AES block cipher 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * 22 | */ 23 | #ifndef AES_ALT_H 24 | #define AES_ALT_H 25 | 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | 30 | #if defined(MBEDTLS_AES_ALT) 31 | #include "hwcrypto/aes.h" 32 | 33 | typedef esp_aes_context mbedtls_aes_context; 34 | 35 | #define mbedtls_aes_init esp_aes_init 36 | #define mbedtls_aes_free esp_aes_free 37 | #define mbedtls_aes_setkey_enc esp_aes_setkey 38 | #define mbedtls_aes_setkey_dec esp_aes_setkey 39 | #define mbedtls_aes_crypt_ecb esp_aes_crypt_ecb 40 | #if defined(MBEDTLS_CIPHER_MODE_CBC) 41 | #define mbedtls_aes_crypt_cbc esp_aes_crypt_cbc 42 | #endif 43 | #if defined(MBEDTLS_CIPHER_MODE_CFB) 44 | #define mbedtls_aes_crypt_cfb128 esp_aes_crypt_cfb128 45 | #define mbedtls_aes_crypt_cfb8 esp_aes_crypt_cfb8 46 | #endif 47 | #if defined(MBEDTLS_CIPHER_MODE_CTR) 48 | #define mbedtls_aes_crypt_ctr esp_aes_crypt_ctr 49 | #endif 50 | #if defined(MBEDTLS_CIPHER_MODE_XTS) 51 | typedef esp_aes_xts_context mbedtls_aes_xts_context; 52 | #define mbedtls_aes_xts_init esp_aes_xts_init 53 | #define mbedtls_aes_xts_free esp_aes_xts_free 54 | #define mbedtls_aes_xts_setkey_enc esp_aes_xts_setkey_enc 55 | #define mbedtls_aes_xts_setkey_dec esp_aes_xts_setkey_dec 56 | #define mbedtls_aes_crypt_xts esp_aes_crypt_xts 57 | #endif 58 | #define mbedtls_internal_aes_encrypt esp_internal_aes_encrypt 59 | #define mbedtls_internal_aes_decrypt esp_internal_aes_decrypt 60 | #endif /* MBEDTLS_AES_ALT */ 61 | 62 | #ifdef __cplusplus 63 | } 64 | #endif 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /port/include/esp_mem.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Espressif Systems (Shanghai) PTE LTD 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #pragma once 16 | 17 | #include 18 | 19 | void *esp_mbedtls_mem_calloc(size_t n, size_t size); 20 | void esp_mbedtls_mem_free(void *ptr); 21 | -------------------------------------------------------------------------------- /port/include/mbedtls/bignum.h: -------------------------------------------------------------------------------- 1 | // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | #ifndef __ESP_MBEDTLS_BIGNUM_H__ 15 | #define __ESP_MBEDTLS_BIGNUM_H__ 16 | 17 | #include_next "mbedtls/bignum.h" 18 | 19 | /** 20 | * This is a wrapper for the main mbedtls/bignum.h. This wrapper 21 | * provides a few additional ESP32-only functions. 22 | * 23 | * This is because we don't set MBEDTLS_BIGNUM_ALT in the same way we 24 | * do for AES, SHA, etc. Because we still use most of the bignum.h 25 | * implementation and just replace a few hardware accelerated 26 | * functions (see MBEDTLS_MPI_EXP_MOD_ALT & MBEDTLS_MPI_MUL_MPI_ALT in 27 | * esp_config.h). 28 | * 29 | * @note Unlike the other hardware accelerator support functions in esp32/hwcrypto, there is no 30 | * generic "hwcrypto/bignum.h" header for using these functions without mbedTLS. The reason for this 31 | * is that all of the function implementations depend strongly upon the mbedTLS MPI implementation. 32 | */ 33 | 34 | /** 35 | * @brief Lock access to RSA Accelerator (MPI/bignum operations) 36 | * 37 | * RSA Accelerator hardware unit can only be used by one 38 | * consumer at a time. 39 | * 40 | * @note This function is non-recursive (do not call it twice from the 41 | * same task.) 42 | * 43 | * @note You do not need to call this if you are using the mbedTLS bignum.h 44 | * API or esp_mpi_xxx functions. This function is only needed if you 45 | * want to call ROM RSA functions or access the registers directly. 46 | * 47 | */ 48 | void esp_mpi_acquire_hardware(void); 49 | 50 | /** 51 | * @brief Unlock access to RSA Accelerator (MPI/bignum operations) 52 | * 53 | * Has to be called once for each call to esp_mpi_acquire_hardware(). 54 | * 55 | * @note You do not need to call this if you are using the mbedTLS bignum.h 56 | * API or esp_mpi_xxx functions. This function is only needed if you 57 | * want to call ROM RSA functions or access the registers directly. 58 | */ 59 | void esp_mpi_release_hardware(void); 60 | 61 | /* @brief MPI modular mupltiplication function 62 | * 63 | * Calculates Z = (X * Y) mod M using MPI hardware acceleration. 64 | * 65 | * This is not part of the standard mbedTLS bignum API. 66 | * 67 | * @note All of X, Y & Z should be less than 4096 bit long or an error is returned. 68 | * 69 | * @param Z Result bignum, should be pre-initialised with mbedtls_mpi_init(). 70 | * @param X First multiplication argument. 71 | * @param Y Second multiplication argument. 72 | * @param M Modulus value for result. 73 | * 74 | * @return 0 on success, mbedTLS MPI error codes on failure. 75 | */ 76 | int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M); 77 | 78 | #endif 79 | -------------------------------------------------------------------------------- /port/include/mbedtls/config.h: -------------------------------------------------------------------------------- 1 | /* This shim header is added so that any application code 2 | which includes "mbedtls/config.h" directly gets the correct 3 | config. */ 4 | #pragma once 5 | #if !defined(MBEDTLS_CONFIG_FILE) 6 | #include_next "mbedtls/config.h" 7 | #else 8 | #include MBEDTLS_CONFIG_FILE 9 | #endif 10 | -------------------------------------------------------------------------------- /port/include/mbedtls/esp_debug.h: -------------------------------------------------------------------------------- 1 | // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | #ifndef _ESP_DEBUG_H_ 15 | #define _ESP_DEBUG_H_ 16 | 17 | #ifdef __cplusplus 18 | extern "C" { 19 | #endif 20 | 21 | #include "arduino_config.h" 22 | #ifdef CONFIG_MBEDTLS_DEBUG 23 | 24 | /** @brief Enable mbedTLS debug logging via the esp_log mechanism. 25 | * 26 | * mbedTLS internal debugging is filtered from a specified mbedTLS 27 | * threshold level to esp_log level at runtime: 28 | * 29 | * - 1 - Warning 30 | * - 2 - Info 31 | * - 3 - Debug 32 | * - 4 - Verbose 33 | * 34 | * (Note that mbedTLS debug thresholds are not always consistently used.) 35 | * 36 | * This function will set the esp log level for "mbedtls" to the specified mbedTLS 37 | * threshold level that matches. However, the overall max ESP log level must be set high 38 | * enough in menuconfig, or some messages may be filtered at compile time. 39 | * 40 | * @param conf mbedtls_ssl_config structure 41 | * @param mbedTLS debug threshold, 0-4. Messages are filtered at runtime. 42 | */ 43 | void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold); 44 | 45 | /** @brief Disable mbedTLS debug logging via the esp_log mechanism. 46 | * 47 | */ 48 | void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf); 49 | 50 | 51 | #endif 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | #endif /* __ESP_DEBUG_H__ */ 58 | -------------------------------------------------------------------------------- /port/include/sha1_alt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SHA-1 implementation with hardware ESP32 support added. 3 | * Uses mbedTLS software implementation for failover when concurrent 4 | * SHA operations are in use. 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | */ 23 | #ifndef _SHA1_ALT_H_ 24 | #define _SHA1_ALT_H_ 25 | 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | 30 | #if defined(MBEDTLS_SHA1_ALT) 31 | 32 | typedef enum { 33 | ESP_MBEDTLS_SHA1_UNUSED, /* first block hasn't been processed yet */ 34 | ESP_MBEDTLS_SHA1_HARDWARE, /* using hardware SHA engine */ 35 | ESP_MBEDTLS_SHA1_SOFTWARE, /* using software SHA */ 36 | } esp_mbedtls_sha1_mode; 37 | 38 | /** 39 | * \brief SHA-1 context structure 40 | */ 41 | typedef struct 42 | { 43 | uint32_t total[2]; /*!< number of bytes processed */ 44 | uint32_t state[5]; /*!< intermediate digest state */ 45 | unsigned char buffer[64]; /*!< data block being processed */ 46 | esp_mbedtls_sha1_mode mode; 47 | } 48 | mbedtls_sha1_context; 49 | 50 | #endif 51 | 52 | #ifdef __cplusplus 53 | } 54 | #endif 55 | 56 | #endif 57 | 58 | -------------------------------------------------------------------------------- /port/include/sha256_alt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SHA-256 implementation with hardware ESP32 support added. 3 | * Uses mbedTLS software implementation for failover when concurrent 4 | * SHA operations are in use. 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | */ 23 | #ifndef _SHA256_ALT_H_ 24 | #define _SHA256_ALT_H_ 25 | 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | 30 | #if defined(MBEDTLS_SHA256_ALT) 31 | 32 | typedef enum { 33 | ESP_MBEDTLS_SHA256_UNUSED, /* first block hasn't been processed yet */ 34 | ESP_MBEDTLS_SHA256_HARDWARE, /* using hardware SHA engine */ 35 | ESP_MBEDTLS_SHA256_SOFTWARE, /* using software SHA */ 36 | } esp_mbedtls_sha256_mode; 37 | 38 | /** 39 | * \brief SHA-256 context structure 40 | */ 41 | typedef struct 42 | { 43 | uint32_t total[2]; /*!< number of bytes processed */ 44 | uint32_t state[8]; /*!< intermediate digest state */ 45 | unsigned char buffer[64]; /*!< data block being processed */ 46 | int is224; /*!< 0 => SHA-256, else SHA-224 */ 47 | esp_mbedtls_sha256_mode mode; 48 | } 49 | mbedtls_sha256_context; 50 | 51 | #endif 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /port/include/sha512_alt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SHA-512 implementation with hardware ESP32 support added. 3 | * Uses mbedTLS software implementation for failover when concurrent 4 | * SHA operations are in use. 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | */ 23 | #ifndef _SHA512_ALT_H_ 24 | #define _SHA512_ALT_H_ 25 | 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | 30 | #if defined(MBEDTLS_SHA512_ALT) 31 | 32 | typedef enum { 33 | ESP_MBEDTLS_SHA512_UNUSED, /* first block hasn't been processed yet */ 34 | ESP_MBEDTLS_SHA512_HARDWARE, /* using hardware SHA engine */ 35 | ESP_MBEDTLS_SHA512_SOFTWARE, /* using software SHA */ 36 | } esp_mbedtls_sha512_mode; 37 | 38 | /** 39 | * \brief SHA-512 context structure 40 | */ 41 | typedef struct 42 | { 43 | uint64_t total[2]; /*!< number of bytes processed */ 44 | uint64_t state[8]; /*!< intermediate digest state */ 45 | unsigned char buffer[128]; /*!< data block being processed */ 46 | int is384; /*!< 0 => SHA-512, else SHA-384 */ 47 | esp_mbedtls_sha512_mode mode; 48 | } 49 | mbedtls_sha512_context; 50 | 51 | #endif 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /port/mbedtls_debug.c: -------------------------------------------------------------------------------- 1 | // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | 17 | #include "esp_log.h" 18 | #include "mbedtls/platform.h" 19 | #include "mbedtls/debug.h" 20 | #include "mbedtls/ssl.h" 21 | #include "mbedtls/esp_debug.h" 22 | #include "esp_hal_log.h" 23 | 24 | #ifdef CONFIG_MBEDTLS_DEBUG 25 | static const char *TAG = "mbedtls"; 26 | 27 | static void mbedtls_esp_debug(void *ctx, int level, 28 | const char *file, int line, 29 | const char *str); 30 | 31 | void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold) 32 | { 33 | esp_log_level_t level = ESP_LOG_NONE; 34 | mbedtls_debug_set_threshold(threshold); 35 | mbedtls_ssl_conf_dbg(conf, mbedtls_esp_debug, NULL); 36 | switch(threshold) { 37 | case 1: 38 | level = ESP_LOG_WARN; 39 | break; 40 | case 2: 41 | level = ESP_LOG_INFO; 42 | break; 43 | case 3: 44 | level = ESP_LOG_DEBUG; 45 | break; 46 | case 4: 47 | level = ESP_LOG_VERBOSE; 48 | break; 49 | } 50 | // esp_log_level_set(TAG, level); 51 | } 52 | 53 | void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf) 54 | { 55 | mbedtls_ssl_conf_dbg(conf, NULL, NULL); 56 | } 57 | 58 | 59 | /* Default mbedtls debug function that translates mbedTLS debug output 60 | to ESP_LOGx debug output. 61 | */ 62 | static void mbedtls_esp_debug(void *ctx, int level, 63 | const char *file, int line, 64 | const char *str) 65 | { 66 | char *file_sep; 67 | 68 | /* Shorten 'file' from the whole file path to just the filename 69 | 70 | This is a bit wasteful because the macros are compiled in with 71 | the full _FILE_ path in each case. 72 | */ 73 | file_sep = rindex(file, '/'); 74 | if(file_sep) 75 | file = file_sep+1; 76 | 77 | switch(level) { 78 | case 1: 79 | // ESP_LOGW(TAG, "%s:%d %s", file, line, str); 80 | xprintf("%s:%d %s\r\n", file, line, str); 81 | break; 82 | case 2: 83 | // ESP_LOGI(TAG, "%s:%d %s", file, line, str); 84 | xprintf("%s:%d %s\r\n", file, line, str); 85 | break; 86 | case 3: 87 | // ESP_LOGD(TAG, "%s:%d %s", file, line, str); 88 | xprintf("%s:%d %s\r\n", file, line, str); 89 | break; 90 | case 4: 91 | // ESP_LOGV(TAG, "%s:%d %s", file, line, str); 92 | xprintf("%s:%d %s\r\n", file, line, str); 93 | break; 94 | default: 95 | ESP_LOGE(TAG, "Unexpected log level %d: %s", level, str); 96 | break; 97 | } 98 | } 99 | #endif -------------------------------------------------------------------------------- /src/Seeed_mbedtls.h: -------------------------------------------------------------------------------- 1 | #ifndef __SEEED_MBEDTLS_H__ 2 | #define __SEEED_MBEDTLS_H__ 3 | 4 | #ifndef MBEDTLS_CONFIG_FILE 5 | #define MBEDTLS_CONFIG_FILE "arduino_config.h" 6 | #endif 7 | 8 | #include "mbedtls/md5.h" 9 | #include "mbedtls/md.h" 10 | #include "mbedtls/base64.h" 11 | #include "mbedtls/sha256.h" 12 | #endif//__SEEED_MBEDTLS_H__ 13 | -------------------------------------------------------------------------------- /src/aes_alt.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file aes_alt.h 3 | * 4 | * \brief AES block cipher 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * 22 | */ 23 | #ifndef AES_ALT_H 24 | #define AES_ALT_H 25 | 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | 30 | #if defined(MBEDTLS_AES_ALT) 31 | #include "hwcrypto/aes.h" 32 | 33 | typedef esp_aes_context mbedtls_aes_context; 34 | 35 | #define mbedtls_aes_init esp_aes_init 36 | #define mbedtls_aes_free esp_aes_free 37 | #define mbedtls_aes_setkey_enc esp_aes_setkey 38 | #define mbedtls_aes_setkey_dec esp_aes_setkey 39 | #define mbedtls_aes_crypt_ecb esp_aes_crypt_ecb 40 | #if defined(MBEDTLS_CIPHER_MODE_CBC) 41 | #define mbedtls_aes_crypt_cbc esp_aes_crypt_cbc 42 | #endif 43 | #if defined(MBEDTLS_CIPHER_MODE_CFB) 44 | #define mbedtls_aes_crypt_cfb128 esp_aes_crypt_cfb128 45 | #define mbedtls_aes_crypt_cfb8 esp_aes_crypt_cfb8 46 | #endif 47 | #if defined(MBEDTLS_CIPHER_MODE_CTR) 48 | #define mbedtls_aes_crypt_ctr esp_aes_crypt_ctr 49 | #endif 50 | #if defined(MBEDTLS_CIPHER_MODE_XTS) 51 | typedef esp_aes_xts_context mbedtls_aes_xts_context; 52 | #define mbedtls_aes_xts_init esp_aes_xts_init 53 | #define mbedtls_aes_xts_free esp_aes_xts_free 54 | #define mbedtls_aes_xts_setkey_enc esp_aes_xts_setkey_enc 55 | #define mbedtls_aes_xts_setkey_dec esp_aes_xts_setkey_dec 56 | #define mbedtls_aes_crypt_xts esp_aes_crypt_xts 57 | #endif 58 | #define mbedtls_internal_aes_encrypt esp_internal_aes_encrypt 59 | #define mbedtls_internal_aes_decrypt esp_internal_aes_decrypt 60 | #endif /* MBEDTLS_AES_ALT */ 61 | 62 | #ifdef __cplusplus 63 | } 64 | #endif 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /src/arduino_config.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | #ifndef CONFIG_MBEDTLS_ARDUINO 4 | #define CONFIG_MBEDTLS_ARDUINO 5 | 6 | #define CONFIG_MBEDTLS_KEY_EXCHANGE_RSA 1 7 | #define CONFIG_MBEDTLS_AES_C 1 8 | #define CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED 1 9 | #define CONFIG_MBEDTLS_GCM_C 1 10 | #define CONFIG_MBEDTLS_SSL_PROTO_TLS1 1 11 | #define CONFIG_MBEDTLS_ECDSA_C 1 12 | #define CONFIG_MBEDTLS_ECDH_C 1 13 | #define CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE 1 14 | #define CONFIG_MBEDTLS_SSL_ALPN 1 15 | #define CONFIG_MBEDTLS_PEM_WRITE_C 1 16 | #define CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED 1 17 | #define CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED 1 18 | #define CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED 1 19 | #define CONFIG_MBEDTLS_ECP_C 1 20 | #define CONFIG_MBEDTLS_RC4_DISABLED 1 21 | #define CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN 16384 22 | #define CONFIG_MBEDTLS_X509_CRL_PARSE_C 1 23 | #define CONFIG_MBEDTLS_PSK_MODES 1 24 | #define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA 1 25 | #define CONFIG_MBEDTLS_CCM_C 1 26 | #define CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED 1 27 | #define CONFIG_LIBSODIUM_USE_MBEDTLS_SHA 1 28 | #define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK 1 29 | #define CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED 1 30 | #define CONFIG_MBEDTLS_KEY_EXCHANGE_PSK 1 31 | #define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 1 32 | #define CONFIG_MBEDTLS_ECP_NIST_OPTIM 1 33 | #define CONFIG_MBEDTLS_SSL_PROTO_TLS1_1 1 34 | #define CONFIG_MBEDTLS_X509_CSR_PARSE_C 1 35 | #define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA 1 36 | #define CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK 1 37 | #define CONFIG_MBEDTLS_PEM_PARSE_C 1 38 | #define CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 1 39 | #define CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA 1 40 | #define CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED 1 41 | #define CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED 1 42 | #define CONFIG_MBEDTLS_TLS_ENABLED 1 43 | #define CONFIG_MBEDTLS_SSL_SESSION_TICKETS 1 44 | #define CONFIG_MBEDTLS_SSL_RENEGOTIATION 1 45 | #define CONFIG_MBEDTLS_TLS_CLIENT 1 46 | #define CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED 1 47 | #define CONFIG_MBEDTLS_HAVE_TIME 1 48 | #define CONFIG_MBEDTLS_TLS_SERVER 1 49 | #define CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT 1 50 | #define CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK 1 51 | #define CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED 1 52 | #define CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED 1 53 | #define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA 1 54 | #define CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED 1 55 | #define CONFIG_MBEDTLS_DEBUG 1 56 | #define CONFIG_MBEDTLS_ECP_RESTARTABLE 1 57 | 58 | #endif //CONFIG_MBEDTLS_ARDUINO 59 | 60 | -------------------------------------------------------------------------------- /src/esp_mem.h: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Espressif Systems (Shanghai) PTE LTD 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #pragma once 16 | 17 | #include 18 | 19 | void *esp_mbedtls_mem_calloc(size_t n, size_t size); 20 | void esp_mbedtls_mem_free(void *ptr); 21 | -------------------------------------------------------------------------------- /src/library/arc4.c: -------------------------------------------------------------------------------- 1 | /* 2 | * An implementation of the ARCFOUR algorithm 3 | * 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | * 19 | * This file is part of mbed TLS (https://tls.mbed.org) 20 | */ 21 | /* 22 | * The ARCFOUR algorithm was publicly disclosed on 94/09. 23 | * 24 | * http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0 25 | */ 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "mbedtls/config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #if defined(MBEDTLS_ARC4_C) 34 | 35 | #include "mbedtls/arc4.h" 36 | #include "mbedtls/platform_util.h" 37 | 38 | #include 39 | 40 | #if defined(MBEDTLS_SELF_TEST) 41 | #if defined(MBEDTLS_PLATFORM_C) 42 | #include "mbedtls/platform.h" 43 | #else 44 | #include 45 | #define mbedtls_printf printf 46 | #endif /* MBEDTLS_PLATFORM_C */ 47 | #endif /* MBEDTLS_SELF_TEST */ 48 | 49 | #if !defined(MBEDTLS_ARC4_ALT) 50 | 51 | void mbedtls_arc4_init( mbedtls_arc4_context *ctx ) 52 | { 53 | memset( ctx, 0, sizeof( mbedtls_arc4_context ) ); 54 | } 55 | 56 | void mbedtls_arc4_free( mbedtls_arc4_context *ctx ) 57 | { 58 | if( ctx == NULL ) 59 | return; 60 | 61 | mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); 62 | } 63 | 64 | /* 65 | * ARC4 key schedule 66 | */ 67 | void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, 68 | unsigned int keylen ) 69 | { 70 | int i, j, a; 71 | unsigned int k; 72 | unsigned char *m; 73 | 74 | ctx->x = 0; 75 | ctx->y = 0; 76 | m = ctx->m; 77 | 78 | for( i = 0; i < 256; i++ ) 79 | m[i] = (unsigned char) i; 80 | 81 | j = k = 0; 82 | 83 | for( i = 0; i < 256; i++, k++ ) 84 | { 85 | if( k >= keylen ) k = 0; 86 | 87 | a = m[i]; 88 | j = ( j + a + key[k] ) & 0xFF; 89 | m[i] = m[j]; 90 | m[j] = (unsigned char) a; 91 | } 92 | } 93 | 94 | /* 95 | * ARC4 cipher function 96 | */ 97 | int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, 98 | unsigned char *output ) 99 | { 100 | int x, y, a, b; 101 | size_t i; 102 | unsigned char *m; 103 | 104 | x = ctx->x; 105 | y = ctx->y; 106 | m = ctx->m; 107 | 108 | for( i = 0; i < length; i++ ) 109 | { 110 | x = ( x + 1 ) & 0xFF; a = m[x]; 111 | y = ( y + a ) & 0xFF; b = m[y]; 112 | 113 | m[x] = (unsigned char) b; 114 | m[y] = (unsigned char) a; 115 | 116 | output[i] = (unsigned char) 117 | ( input[i] ^ m[(unsigned char)( a + b )] ); 118 | } 119 | 120 | ctx->x = x; 121 | ctx->y = y; 122 | 123 | return( 0 ); 124 | } 125 | 126 | #endif /* !MBEDTLS_ARC4_ALT */ 127 | 128 | #if defined(MBEDTLS_SELF_TEST) 129 | /* 130 | * ARC4 tests vectors as posted by Eric Rescorla in sep. 1994: 131 | * 132 | * http://groups.google.com/group/comp.security.misc/msg/10a300c9d21afca0 133 | */ 134 | static const unsigned char arc4_test_key[3][8] = 135 | { 136 | { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, 137 | { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, 138 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 139 | }; 140 | 141 | static const unsigned char arc4_test_pt[3][8] = 142 | { 143 | { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, 144 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 145 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 146 | }; 147 | 148 | static const unsigned char arc4_test_ct[3][8] = 149 | { 150 | { 0x75, 0xB7, 0x87, 0x80, 0x99, 0xE0, 0xC5, 0x96 }, 151 | { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 }, 152 | { 0xDE, 0x18, 0x89, 0x41, 0xA3, 0x37, 0x5D, 0x3A } 153 | }; 154 | 155 | /* 156 | * Checkup routine 157 | */ 158 | int mbedtls_arc4_self_test( int verbose ) 159 | { 160 | int i, ret = 0; 161 | unsigned char ibuf[8]; 162 | unsigned char obuf[8]; 163 | mbedtls_arc4_context ctx; 164 | 165 | mbedtls_arc4_init( &ctx ); 166 | 167 | for( i = 0; i < 3; i++ ) 168 | { 169 | if( verbose != 0 ) 170 | mbedtls_printf( " ARC4 test #%d: ", i + 1 ); 171 | 172 | memcpy( ibuf, arc4_test_pt[i], 8 ); 173 | 174 | mbedtls_arc4_setup( &ctx, arc4_test_key[i], 8 ); 175 | mbedtls_arc4_crypt( &ctx, 8, ibuf, obuf ); 176 | 177 | if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 ) 178 | { 179 | if( verbose != 0 ) 180 | mbedtls_printf( "failed\n" ); 181 | 182 | ret = 1; 183 | goto exit; 184 | } 185 | 186 | if( verbose != 0 ) 187 | mbedtls_printf( "passed\n" ); 188 | } 189 | 190 | if( verbose != 0 ) 191 | mbedtls_printf( "\n" ); 192 | 193 | exit: 194 | mbedtls_arc4_free( &ctx ); 195 | 196 | return( ret ); 197 | } 198 | 199 | #endif /* MBEDTLS_SELF_TEST */ 200 | 201 | #endif /* MBEDTLS_ARC4_C */ 202 | -------------------------------------------------------------------------------- /src/library/hkdf.c: -------------------------------------------------------------------------------- 1 | /* 2 | * HKDF implementation -- RFC 5869 3 | * 4 | * Copyright (C) 2016-2018, ARM Limited, All Rights Reserved 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | * 19 | * This file is part of mbed TLS (https://tls.mbed.org) 20 | */ 21 | #if !defined(MBEDTLS_CONFIG_FILE) 22 | #include "mbedtls/config.h" 23 | #else 24 | #include MBEDTLS_CONFIG_FILE 25 | #endif 26 | 27 | #if defined(MBEDTLS_HKDF_C) 28 | 29 | #include 30 | #include "mbedtls/hkdf.h" 31 | #include "mbedtls/platform_util.h" 32 | 33 | int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, 34 | size_t salt_len, const unsigned char *ikm, size_t ikm_len, 35 | const unsigned char *info, size_t info_len, 36 | unsigned char *okm, size_t okm_len ) 37 | { 38 | int ret; 39 | unsigned char prk[MBEDTLS_MD_MAX_SIZE]; 40 | 41 | ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk ); 42 | 43 | if( ret == 0 ) 44 | { 45 | ret = mbedtls_hkdf_expand( md, prk, mbedtls_md_get_size( md ), 46 | info, info_len, okm, okm_len ); 47 | } 48 | 49 | mbedtls_platform_zeroize( prk, sizeof( prk ) ); 50 | 51 | return( ret ); 52 | } 53 | 54 | int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, 55 | const unsigned char *salt, size_t salt_len, 56 | const unsigned char *ikm, size_t ikm_len, 57 | unsigned char *prk ) 58 | { 59 | unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' }; 60 | 61 | if( salt == NULL ) 62 | { 63 | size_t hash_len; 64 | 65 | if( salt_len != 0 ) 66 | { 67 | return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; 68 | } 69 | 70 | hash_len = mbedtls_md_get_size( md ); 71 | 72 | if( hash_len == 0 ) 73 | { 74 | return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; 75 | } 76 | 77 | salt = null_salt; 78 | salt_len = hash_len; 79 | } 80 | 81 | return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) ); 82 | } 83 | 84 | int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, 85 | size_t prk_len, const unsigned char *info, 86 | size_t info_len, unsigned char *okm, size_t okm_len ) 87 | { 88 | size_t hash_len; 89 | size_t where = 0; 90 | size_t n; 91 | size_t t_len = 0; 92 | size_t i; 93 | int ret = 0; 94 | mbedtls_md_context_t ctx; 95 | unsigned char t[MBEDTLS_MD_MAX_SIZE]; 96 | 97 | if( okm == NULL ) 98 | { 99 | return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); 100 | } 101 | 102 | hash_len = mbedtls_md_get_size( md ); 103 | 104 | if( prk_len < hash_len || hash_len == 0 ) 105 | { 106 | return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); 107 | } 108 | 109 | if( info == NULL ) 110 | { 111 | info = (const unsigned char *) ""; 112 | info_len = 0; 113 | } 114 | 115 | n = okm_len / hash_len; 116 | 117 | if( (okm_len % hash_len) != 0 ) 118 | { 119 | n++; 120 | } 121 | 122 | /* 123 | * Per RFC 5869 Section 2.3, okm_len must not exceed 124 | * 255 times the hash length 125 | */ 126 | if( n > 255 ) 127 | { 128 | return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); 129 | } 130 | 131 | mbedtls_md_init( &ctx ); 132 | 133 | if( (ret = mbedtls_md_setup( &ctx, md, 1) ) != 0 ) 134 | { 135 | goto exit; 136 | } 137 | 138 | /* 139 | * Compute T = T(1) | T(2) | T(3) | ... | T(N) 140 | * Where T(N) is defined in RFC 5869 Section 2.3 141 | */ 142 | for( i = 1; i <= n; i++ ) 143 | { 144 | size_t num_to_copy; 145 | unsigned char c = i & 0xff; 146 | 147 | ret = mbedtls_md_hmac_starts( &ctx, prk, prk_len ); 148 | if( ret != 0 ) 149 | { 150 | goto exit; 151 | } 152 | 153 | ret = mbedtls_md_hmac_update( &ctx, t, t_len ); 154 | if( ret != 0 ) 155 | { 156 | goto exit; 157 | } 158 | 159 | ret = mbedtls_md_hmac_update( &ctx, info, info_len ); 160 | if( ret != 0 ) 161 | { 162 | goto exit; 163 | } 164 | 165 | /* The constant concatenated to the end of each T(n) is a single octet. 166 | * */ 167 | ret = mbedtls_md_hmac_update( &ctx, &c, 1 ); 168 | if( ret != 0 ) 169 | { 170 | goto exit; 171 | } 172 | 173 | ret = mbedtls_md_hmac_finish( &ctx, t ); 174 | if( ret != 0 ) 175 | { 176 | goto exit; 177 | } 178 | 179 | num_to_copy = i != n ? hash_len : okm_len - where; 180 | memcpy( okm + where, t, num_to_copy ); 181 | where += hash_len; 182 | t_len = hash_len; 183 | } 184 | 185 | exit: 186 | mbedtls_md_free( &ctx ); 187 | mbedtls_platform_zeroize( t, sizeof( t ) ); 188 | 189 | return( ret ); 190 | } 191 | 192 | #endif /* MBEDTLS_HKDF_C */ 193 | -------------------------------------------------------------------------------- /src/library/padlock.c: -------------------------------------------------------------------------------- 1 | /* 2 | * VIA PadLock support functions 3 | * 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | * 19 | * This file is part of mbed TLS (https://tls.mbed.org) 20 | */ 21 | /* 22 | * This implementation is based on the VIA PadLock Programming Guide: 23 | * 24 | * http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/ 25 | * programming_guide.pdf 26 | */ 27 | 28 | #if !defined(MBEDTLS_CONFIG_FILE) 29 | #include "mbedtls/config.h" 30 | #else 31 | #include MBEDTLS_CONFIG_FILE 32 | #endif 33 | 34 | #if defined(MBEDTLS_PADLOCK_C) 35 | 36 | #include "mbedtls/padlock.h" 37 | 38 | #include 39 | 40 | #ifndef asm 41 | #define asm __asm 42 | #endif 43 | 44 | #if defined(MBEDTLS_HAVE_X86) 45 | 46 | /* 47 | * PadLock detection routine 48 | */ 49 | int mbedtls_padlock_has_support( int feature ) 50 | { 51 | static int flags = -1; 52 | int ebx = 0, edx = 0; 53 | 54 | if( flags == -1 ) 55 | { 56 | asm( "movl %%ebx, %0 \n\t" 57 | "movl $0xC0000000, %%eax \n\t" 58 | "cpuid \n\t" 59 | "cmpl $0xC0000001, %%eax \n\t" 60 | "movl $0, %%edx \n\t" 61 | "jb unsupported \n\t" 62 | "movl $0xC0000001, %%eax \n\t" 63 | "cpuid \n\t" 64 | "unsupported: \n\t" 65 | "movl %%edx, %1 \n\t" 66 | "movl %2, %%ebx \n\t" 67 | : "=m" (ebx), "=m" (edx) 68 | : "m" (ebx) 69 | : "eax", "ecx", "edx" ); 70 | 71 | flags = edx; 72 | } 73 | 74 | return( flags & feature ); 75 | } 76 | 77 | /* 78 | * PadLock AES-ECB block en(de)cryption 79 | */ 80 | int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, 81 | int mode, 82 | const unsigned char input[16], 83 | unsigned char output[16] ) 84 | { 85 | int ebx = 0; 86 | uint32_t *rk; 87 | uint32_t *blk; 88 | uint32_t *ctrl; 89 | unsigned char buf[256]; 90 | 91 | rk = ctx->rk; 92 | blk = MBEDTLS_PADLOCK_ALIGN16( buf ); 93 | memcpy( blk, input, 16 ); 94 | 95 | ctrl = blk + 4; 96 | *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 ); 97 | 98 | asm( "pushfl \n\t" 99 | "popfl \n\t" 100 | "movl %%ebx, %0 \n\t" 101 | "movl $1, %%ecx \n\t" 102 | "movl %2, %%edx \n\t" 103 | "movl %3, %%ebx \n\t" 104 | "movl %4, %%esi \n\t" 105 | "movl %4, %%edi \n\t" 106 | ".byte 0xf3,0x0f,0xa7,0xc8 \n\t" 107 | "movl %1, %%ebx \n\t" 108 | : "=m" (ebx) 109 | : "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk) 110 | : "memory", "ecx", "edx", "esi", "edi" ); 111 | 112 | memcpy( output, blk, 16 ); 113 | 114 | return( 0 ); 115 | } 116 | 117 | /* 118 | * PadLock AES-CBC buffer en(de)cryption 119 | */ 120 | int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, 121 | int mode, 122 | size_t length, 123 | unsigned char iv[16], 124 | const unsigned char *input, 125 | unsigned char *output ) 126 | { 127 | int ebx = 0; 128 | size_t count; 129 | uint32_t *rk; 130 | uint32_t *iw; 131 | uint32_t *ctrl; 132 | unsigned char buf[256]; 133 | 134 | if( ( (long) input & 15 ) != 0 || 135 | ( (long) output & 15 ) != 0 ) 136 | return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED ); 137 | 138 | rk = ctx->rk; 139 | iw = MBEDTLS_PADLOCK_ALIGN16( buf ); 140 | memcpy( iw, iv, 16 ); 141 | 142 | ctrl = iw + 4; 143 | *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode ^ 1 ) - 10 ) << 9 ); 144 | 145 | count = ( length + 15 ) >> 4; 146 | 147 | asm( "pushfl \n\t" 148 | "popfl \n\t" 149 | "movl %%ebx, %0 \n\t" 150 | "movl %2, %%ecx \n\t" 151 | "movl %3, %%edx \n\t" 152 | "movl %4, %%ebx \n\t" 153 | "movl %5, %%esi \n\t" 154 | "movl %6, %%edi \n\t" 155 | "movl %7, %%eax \n\t" 156 | ".byte 0xf3,0x0f,0xa7,0xd0 \n\t" 157 | "movl %1, %%ebx \n\t" 158 | : "=m" (ebx) 159 | : "m" (ebx), "m" (count), "m" (ctrl), 160 | "m" (rk), "m" (input), "m" (output), "m" (iw) 161 | : "memory", "eax", "ecx", "edx", "esi", "edi" ); 162 | 163 | memcpy( iv, iw, 16 ); 164 | 165 | return( 0 ); 166 | } 167 | 168 | #endif /* MBEDTLS_HAVE_X86 */ 169 | 170 | #endif /* MBEDTLS_PADLOCK_C */ 171 | -------------------------------------------------------------------------------- /src/library/pkcs11.c: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pkcs11.c 3 | * 4 | * \brief Wrapper for PKCS#11 library libpkcs11-helper 5 | * 6 | * \author Adriaan de Jong 7 | * 8 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 9 | * SPDX-License-Identifier: Apache-2.0 10 | * 11 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 12 | * not use this file except in compliance with the License. 13 | * You may obtain a copy of the License at 14 | * 15 | * http://www.apache.org/licenses/LICENSE-2.0 16 | * 17 | * Unless required by applicable law or agreed to in writing, software 18 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 19 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 | * See the License for the specific language governing permissions and 21 | * limitations under the License. 22 | * 23 | * This file is part of mbed TLS (https://tls.mbed.org) 24 | */ 25 | 26 | #include "mbedtls/pkcs11.h" 27 | 28 | #if defined(MBEDTLS_PKCS11_C) 29 | 30 | #include "mbedtls/md.h" 31 | #include "mbedtls/oid.h" 32 | #include "mbedtls/x509_crt.h" 33 | 34 | #if defined(MBEDTLS_PLATFORM_C) 35 | #include "mbedtls/platform.h" 36 | #else 37 | #include 38 | #define mbedtls_calloc calloc 39 | #define mbedtls_free free 40 | #endif 41 | 42 | #include 43 | 44 | void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ) 45 | { 46 | memset( ctx, 0, sizeof( mbedtls_pkcs11_context ) ); 47 | } 48 | 49 | int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert ) 50 | { 51 | int ret = 1; 52 | unsigned char *cert_blob = NULL; 53 | size_t cert_blob_size = 0; 54 | 55 | if( cert == NULL ) 56 | { 57 | ret = 2; 58 | goto cleanup; 59 | } 60 | 61 | if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL, 62 | &cert_blob_size ) != CKR_OK ) 63 | { 64 | ret = 3; 65 | goto cleanup; 66 | } 67 | 68 | cert_blob = mbedtls_calloc( 1, cert_blob_size ); 69 | if( NULL == cert_blob ) 70 | { 71 | ret = 4; 72 | goto cleanup; 73 | } 74 | 75 | if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob, 76 | &cert_blob_size ) != CKR_OK ) 77 | { 78 | ret = 5; 79 | goto cleanup; 80 | } 81 | 82 | if( 0 != mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) ) 83 | { 84 | ret = 6; 85 | goto cleanup; 86 | } 87 | 88 | ret = 0; 89 | 90 | cleanup: 91 | if( NULL != cert_blob ) 92 | mbedtls_free( cert_blob ); 93 | 94 | return( ret ); 95 | } 96 | 97 | 98 | int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key, 99 | pkcs11h_certificate_t pkcs11_cert ) 100 | { 101 | int ret = 1; 102 | mbedtls_x509_crt cert; 103 | 104 | mbedtls_x509_crt_init( &cert ); 105 | 106 | if( priv_key == NULL ) 107 | goto cleanup; 108 | 109 | if( 0 != mbedtls_pkcs11_x509_cert_bind( &cert, pkcs11_cert ) ) 110 | goto cleanup; 111 | 112 | priv_key->len = mbedtls_pk_get_len( &cert.pk ); 113 | priv_key->pkcs11h_cert = pkcs11_cert; 114 | 115 | ret = 0; 116 | 117 | cleanup: 118 | mbedtls_x509_crt_free( &cert ); 119 | 120 | return( ret ); 121 | } 122 | 123 | void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key ) 124 | { 125 | if( NULL != priv_key ) 126 | pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert ); 127 | } 128 | 129 | int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx, 130 | int mode, size_t *olen, 131 | const unsigned char *input, 132 | unsigned char *output, 133 | size_t output_max_len ) 134 | { 135 | size_t input_len, output_len; 136 | 137 | if( NULL == ctx ) 138 | return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 139 | 140 | if( MBEDTLS_RSA_PRIVATE != mode ) 141 | return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 142 | 143 | output_len = input_len = ctx->len; 144 | 145 | if( input_len < 16 || input_len > output_max_len ) 146 | return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 147 | 148 | /* Determine size of output buffer */ 149 | if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input, 150 | input_len, NULL, &output_len ) != CKR_OK ) 151 | { 152 | return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 153 | } 154 | 155 | if( output_len > output_max_len ) 156 | return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); 157 | 158 | if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input, 159 | input_len, output, &output_len ) != CKR_OK ) 160 | { 161 | return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 162 | } 163 | *olen = output_len; 164 | return( 0 ); 165 | } 166 | 167 | int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, 168 | int mode, 169 | mbedtls_md_type_t md_alg, 170 | unsigned int hashlen, 171 | const unsigned char *hash, 172 | unsigned char *sig ) 173 | { 174 | size_t sig_len = 0, asn_len = 0, oid_size = 0; 175 | unsigned char *p = sig; 176 | const char *oid; 177 | 178 | if( NULL == ctx ) 179 | return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 180 | 181 | if( MBEDTLS_RSA_PRIVATE != mode ) 182 | return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 183 | 184 | if( md_alg != MBEDTLS_MD_NONE ) 185 | { 186 | const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); 187 | if( md_info == NULL ) 188 | return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 189 | 190 | if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) 191 | return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 192 | 193 | hashlen = mbedtls_md_get_size( md_info ); 194 | asn_len = 10 + oid_size; 195 | } 196 | 197 | sig_len = ctx->len; 198 | if( hashlen > sig_len || asn_len > sig_len || 199 | hashlen + asn_len > sig_len ) 200 | { 201 | return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 202 | } 203 | 204 | if( md_alg != MBEDTLS_MD_NONE ) 205 | { 206 | /* 207 | * DigestInfo ::= SEQUENCE { 208 | * digestAlgorithm DigestAlgorithmIdentifier, 209 | * digest Digest } 210 | * 211 | * DigestAlgorithmIdentifier ::= AlgorithmIdentifier 212 | * 213 | * Digest ::= OCTET STRING 214 | */ 215 | *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; 216 | *p++ = (unsigned char) ( 0x08 + oid_size + hashlen ); 217 | *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; 218 | *p++ = (unsigned char) ( 0x04 + oid_size ); 219 | *p++ = MBEDTLS_ASN1_OID; 220 | *p++ = oid_size & 0xFF; 221 | memcpy( p, oid, oid_size ); 222 | p += oid_size; 223 | *p++ = MBEDTLS_ASN1_NULL; 224 | *p++ = 0x00; 225 | *p++ = MBEDTLS_ASN1_OCTET_STRING; 226 | *p++ = hashlen; 227 | } 228 | 229 | memcpy( p, hash, hashlen ); 230 | 231 | if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig, 232 | asn_len + hashlen, sig, &sig_len ) != CKR_OK ) 233 | { 234 | return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 235 | } 236 | 237 | return( 0 ); 238 | } 239 | 240 | #endif /* defined(MBEDTLS_PKCS11_C) */ 241 | -------------------------------------------------------------------------------- /src/library/platform_util.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Common and shared functions used by multiple modules in the Mbed TLS 3 | * library. 4 | * 5 | * Copyright (C) 2018, Arm Limited, All Rights Reserved 6 | * SPDX-License-Identifier: Apache-2.0 7 | * 8 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 9 | * not use this file except in compliance with the License. 10 | * You may obtain a copy of the License at 11 | * 12 | * http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * Unless required by applicable law or agreed to in writing, software 15 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | * See the License for the specific language governing permissions and 18 | * limitations under the License. 19 | * 20 | * This file is part of Mbed TLS (https://tls.mbed.org) 21 | */ 22 | 23 | /* 24 | * Ensure gmtime_r is available even with -std=c99; must be defined before 25 | * config.h, which pulls in glibc's features.h. Harmless on other platforms. 26 | */ 27 | #if !defined(_POSIX_C_SOURCE) 28 | #define _POSIX_C_SOURCE 200112L 29 | #endif 30 | 31 | #if !defined(MBEDTLS_CONFIG_FILE) 32 | #include "mbedtls/config.h" 33 | #else 34 | #include MBEDTLS_CONFIG_FILE 35 | #endif 36 | 37 | #include "mbedtls/platform_util.h" 38 | #include "mbedtls/platform.h" 39 | #include "mbedtls/threading.h" 40 | 41 | #include 42 | #include 43 | 44 | #if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) 45 | /* 46 | * This implementation should never be optimized out by the compiler 47 | * 48 | * This implementation for mbedtls_platform_zeroize() was inspired from Colin 49 | * Percival's blog article at: 50 | * 51 | * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html 52 | * 53 | * It uses a volatile function pointer to the standard memset(). Because the 54 | * pointer is volatile the compiler expects it to change at 55 | * any time and will not optimize out the call that could potentially perform 56 | * other operations on the input buffer instead of just setting it to 0. 57 | * Nevertheless, as pointed out by davidtgoldblatt on Hacker News 58 | * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for 59 | * details), optimizations of the following form are still possible: 60 | * 61 | * if( memset_func != memset ) 62 | * memset_func( buf, 0, len ); 63 | * 64 | * Note that it is extremely difficult to guarantee that 65 | * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers 66 | * in a portable way. For this reason, Mbed TLS also provides the configuration 67 | * option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure 68 | * mbedtls_platform_zeroize() to use a suitable implementation for their 69 | * platform and needs. 70 | */ 71 | static void * (* const volatile memset_func)( void *, int, size_t ) = memset; 72 | 73 | void mbedtls_platform_zeroize( void *buf, size_t len ) 74 | { 75 | memset_func( buf, 0, len ); 76 | } 77 | #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ 78 | 79 | #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) 80 | #include 81 | #if !defined(_WIN32) && (defined(unix) || \ 82 | defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ 83 | defined(__MACH__))) 84 | #include 85 | #endif /* !_WIN32 && (unix || __unix || __unix__ || 86 | * (__APPLE__ && __MACH__)) */ 87 | 88 | #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ 89 | ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ 90 | _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) 91 | /* 92 | * This is a convenience shorthand macro to avoid checking the long 93 | * preprocessor conditions above. Ideally, we could expose this macro in 94 | * platform_util.h and simply use it in platform_util.c, threading.c and 95 | * threading.h. However, this macro is not part of the Mbed TLS public API, so 96 | * we keep it private by only defining it in this file 97 | */ 98 | #if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) 99 | #define PLATFORM_UTIL_USE_GMTIME 100 | #endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ 101 | 102 | #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ 103 | ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ 104 | _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ 105 | 106 | struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, 107 | struct tm *tm_buf ) 108 | { 109 | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 110 | return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); 111 | #elif !defined(PLATFORM_UTIL_USE_GMTIME) 112 | return( gmtime_r( tt, tm_buf ) ); 113 | #else 114 | struct tm *lt; 115 | 116 | #if defined(MBEDTLS_THREADING_C) 117 | if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) 118 | return( NULL ); 119 | #endif /* MBEDTLS_THREADING_C */ 120 | 121 | lt = gmtime( tt ); 122 | 123 | if( lt != NULL ) 124 | { 125 | memcpy( tm_buf, lt, sizeof( struct tm ) ); 126 | } 127 | 128 | #if defined(MBEDTLS_THREADING_C) 129 | if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) 130 | return( NULL ); 131 | #endif /* MBEDTLS_THREADING_C */ 132 | 133 | return( ( lt == NULL ) ? NULL : tm_buf ); 134 | #endif /* _WIN32 && !EFIX64 && !EFI32 */ 135 | } 136 | #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ 137 | -------------------------------------------------------------------------------- /src/library/threading.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Threading abstraction layer 3 | * 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | * 19 | * This file is part of mbed TLS (https://tls.mbed.org) 20 | */ 21 | 22 | /* 23 | * Ensure gmtime_r is available even with -std=c99; must be defined before 24 | * config.h, which pulls in glibc's features.h. Harmless on other platforms. 25 | */ 26 | #if !defined(_POSIX_C_SOURCE) 27 | #define _POSIX_C_SOURCE 200112L 28 | #endif 29 | 30 | #if !defined(MBEDTLS_CONFIG_FILE) 31 | #include "mbedtls/config.h" 32 | #else 33 | #include MBEDTLS_CONFIG_FILE 34 | #endif 35 | 36 | #if defined(MBEDTLS_THREADING_C) 37 | 38 | #include "mbedtls/threading.h" 39 | 40 | #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) 41 | 42 | #if !defined(_WIN32) && (defined(unix) || \ 43 | defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ 44 | defined(__MACH__))) 45 | #include 46 | #endif /* !_WIN32 && (unix || __unix || __unix__ || 47 | * (__APPLE__ && __MACH__)) */ 48 | 49 | #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ 50 | ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ 51 | _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) 52 | /* 53 | * This is a convenience shorthand macro to avoid checking the long 54 | * preprocessor conditions above. Ideally, we could expose this macro in 55 | * platform_util.h and simply use it in platform_util.c, threading.c and 56 | * threading.h. However, this macro is not part of the Mbed TLS public API, so 57 | * we keep it private by only defining it in this file 58 | */ 59 | 60 | #if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) 61 | #define THREADING_USE_GMTIME 62 | #endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ 63 | 64 | #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ 65 | ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ 66 | _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ 67 | 68 | #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ 69 | 70 | #if defined(MBEDTLS_THREADING_PTHREAD) 71 | static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) 72 | { 73 | if( mutex == NULL ) 74 | return; 75 | 76 | mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0; 77 | } 78 | 79 | static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex ) 80 | { 81 | if( mutex == NULL || !mutex->is_valid ) 82 | return; 83 | 84 | (void) pthread_mutex_destroy( &mutex->mutex ); 85 | mutex->is_valid = 0; 86 | } 87 | 88 | static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex ) 89 | { 90 | if( mutex == NULL || ! mutex->is_valid ) 91 | return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); 92 | 93 | if( pthread_mutex_lock( &mutex->mutex ) != 0 ) 94 | return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); 95 | 96 | return( 0 ); 97 | } 98 | 99 | static int threading_mutex_unlock_pthread( mbedtls_threading_mutex_t *mutex ) 100 | { 101 | if( mutex == NULL || ! mutex->is_valid ) 102 | return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); 103 | 104 | if( pthread_mutex_unlock( &mutex->mutex ) != 0 ) 105 | return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); 106 | 107 | return( 0 ); 108 | } 109 | 110 | void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_init_pthread; 111 | void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_free_pthread; 112 | int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_lock_pthread; 113 | int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread; 114 | 115 | /* 116 | * With phtreads we can statically initialize mutexes 117 | */ 118 | #define MUTEX_INIT = { PTHREAD_MUTEX_INITIALIZER, 1 } 119 | 120 | #endif /* MBEDTLS_THREADING_PTHREAD */ 121 | 122 | #if defined(MBEDTLS_THREADING_ALT) 123 | static int threading_mutex_fail( mbedtls_threading_mutex_t *mutex ) 124 | { 125 | ((void) mutex ); 126 | return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); 127 | } 128 | static void threading_mutex_dummy( mbedtls_threading_mutex_t *mutex ) 129 | { 130 | ((void) mutex ); 131 | return; 132 | } 133 | 134 | void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy; 135 | void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy; 136 | int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail; 137 | int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail; 138 | 139 | /* 140 | * Set functions pointers and initialize global mutexes 141 | */ 142 | void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ), 143 | void (*mutex_free)( mbedtls_threading_mutex_t * ), 144 | int (*mutex_lock)( mbedtls_threading_mutex_t * ), 145 | int (*mutex_unlock)( mbedtls_threading_mutex_t * ) ) 146 | { 147 | mbedtls_mutex_init = mutex_init; 148 | mbedtls_mutex_free = mutex_free; 149 | mbedtls_mutex_lock = mutex_lock; 150 | mbedtls_mutex_unlock = mutex_unlock; 151 | 152 | #if defined(MBEDTLS_FS_IO) 153 | mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); 154 | #endif 155 | #if defined(THREADING_USE_GMTIME) 156 | mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); 157 | #endif 158 | } 159 | 160 | /* 161 | * Free global mutexes 162 | */ 163 | void mbedtls_threading_free_alt( void ) 164 | { 165 | #if defined(MBEDTLS_FS_IO) 166 | mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); 167 | #endif 168 | #if defined(THREADING_USE_GMTIME) 169 | mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); 170 | #endif 171 | } 172 | #endif /* MBEDTLS_THREADING_ALT */ 173 | 174 | /* 175 | * Define global mutexes 176 | */ 177 | #ifndef MUTEX_INIT 178 | #define MUTEX_INIT 179 | #endif 180 | #if defined(MBEDTLS_FS_IO) 181 | mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; 182 | #endif 183 | #if defined(THREADING_USE_GMTIME) 184 | mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; 185 | #endif 186 | 187 | #endif /* MBEDTLS_THREADING_C */ 188 | -------------------------------------------------------------------------------- /src/library/version.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Version information 3 | * 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | * 19 | * This file is part of mbed TLS (https://tls.mbed.org) 20 | */ 21 | 22 | #if !defined(MBEDTLS_CONFIG_FILE) 23 | #include "mbedtls/config.h" 24 | #else 25 | #include MBEDTLS_CONFIG_FILE 26 | #endif 27 | 28 | #if defined(MBEDTLS_VERSION_C) 29 | 30 | #include "mbedtls/version.h" 31 | #include 32 | 33 | unsigned int mbedtls_version_get_number( void ) 34 | { 35 | return( MBEDTLS_VERSION_NUMBER ); 36 | } 37 | 38 | void mbedtls_version_get_string( char *string ) 39 | { 40 | memcpy( string, MBEDTLS_VERSION_STRING, 41 | sizeof( MBEDTLS_VERSION_STRING ) ); 42 | } 43 | 44 | void mbedtls_version_get_string_full( char *string ) 45 | { 46 | memcpy( string, MBEDTLS_VERSION_STRING_FULL, 47 | sizeof( MBEDTLS_VERSION_STRING_FULL ) ); 48 | } 49 | 50 | #endif /* MBEDTLS_VERSION_C */ 51 | -------------------------------------------------------------------------------- /src/mbedtls/aesni.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file aesni.h 3 | * 4 | * \brief AES-NI for hardware AES acceleration on some Intel processors 5 | * 6 | * \warning These functions are only for internal use by other library 7 | * functions; you must not call them directly. 8 | */ 9 | /* 10 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 11 | * SPDX-License-Identifier: Apache-2.0 12 | * 13 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 14 | * not use this file except in compliance with the License. 15 | * You may obtain a copy of the License at 16 | * 17 | * http://www.apache.org/licenses/LICENSE-2.0 18 | * 19 | * Unless required by applicable law or agreed to in writing, software 20 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 21 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 | * See the License for the specific language governing permissions and 23 | * limitations under the License. 24 | * 25 | * This file is part of mbed TLS (https://tls.mbed.org) 26 | */ 27 | #ifndef MBEDTLS_AESNI_H 28 | #define MBEDTLS_AESNI_H 29 | 30 | #if !defined(MBEDTLS_CONFIG_FILE) 31 | #include "config.h" 32 | #else 33 | #include MBEDTLS_CONFIG_FILE 34 | #endif 35 | 36 | #include "aes.h" 37 | 38 | #define MBEDTLS_AESNI_AES 0x02000000u 39 | #define MBEDTLS_AESNI_CLMUL 0x00000002u 40 | 41 | #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \ 42 | ( defined(__amd64__) || defined(__x86_64__) ) && \ 43 | ! defined(MBEDTLS_HAVE_X86_64) 44 | #define MBEDTLS_HAVE_X86_64 45 | #endif 46 | 47 | #if defined(MBEDTLS_HAVE_X86_64) 48 | 49 | #ifdef __cplusplus 50 | extern "C" { 51 | #endif 52 | 53 | /** 54 | * \brief Internal function to detect the AES-NI feature in CPUs. 55 | * 56 | * \note This function is only for internal use by other library 57 | * functions; you must not call it directly. 58 | * 59 | * \param what The feature to detect 60 | * (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL) 61 | * 62 | * \return 1 if CPU has support for the feature, 0 otherwise 63 | */ 64 | int mbedtls_aesni_has_support( unsigned int what ); 65 | 66 | /** 67 | * \brief Internal AES-NI AES-ECB block encryption and decryption 68 | * 69 | * \note This function is only for internal use by other library 70 | * functions; you must not call it directly. 71 | * 72 | * \param ctx AES context 73 | * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT 74 | * \param input 16-byte input block 75 | * \param output 16-byte output block 76 | * 77 | * \return 0 on success (cannot fail) 78 | */ 79 | int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, 80 | int mode, 81 | const unsigned char input[16], 82 | unsigned char output[16] ); 83 | 84 | /** 85 | * \brief Internal GCM multiplication: c = a * b in GF(2^128) 86 | * 87 | * \note This function is only for internal use by other library 88 | * functions; you must not call it directly. 89 | * 90 | * \param c Result 91 | * \param a First operand 92 | * \param b Second operand 93 | * 94 | * \note Both operands and result are bit strings interpreted as 95 | * elements of GF(2^128) as per the GCM spec. 96 | */ 97 | void mbedtls_aesni_gcm_mult( unsigned char c[16], 98 | const unsigned char a[16], 99 | const unsigned char b[16] ); 100 | 101 | /** 102 | * \brief Internal round key inversion. This function computes 103 | * decryption round keys from the encryption round keys. 104 | * 105 | * \note This function is only for internal use by other library 106 | * functions; you must not call it directly. 107 | * 108 | * \param invkey Round keys for the equivalent inverse cipher 109 | * \param fwdkey Original round keys (for encryption) 110 | * \param nr Number of rounds (that is, number of round keys minus one) 111 | */ 112 | void mbedtls_aesni_inverse_key( unsigned char *invkey, 113 | const unsigned char *fwdkey, 114 | int nr ); 115 | 116 | /** 117 | * \brief Internal key expansion for encryption 118 | * 119 | * \note This function is only for internal use by other library 120 | * functions; you must not call it directly. 121 | * 122 | * \param rk Destination buffer where the round keys are written 123 | * \param key Encryption key 124 | * \param bits Key size in bits (must be 128, 192 or 256) 125 | * 126 | * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH 127 | */ 128 | int mbedtls_aesni_setkey_enc( unsigned char *rk, 129 | const unsigned char *key, 130 | size_t bits ); 131 | 132 | #ifdef __cplusplus 133 | } 134 | #endif 135 | 136 | #endif /* MBEDTLS_HAVE_X86_64 */ 137 | 138 | #endif /* MBEDTLS_AESNI_H */ 139 | -------------------------------------------------------------------------------- /src/mbedtls/arc4.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file arc4.h 3 | * 4 | * \brief The ARCFOUR stream cipher 5 | * 6 | * \warning ARC4 is considered a weak cipher and its use constitutes a 7 | * security risk. We recommend considering stronger ciphers instead. 8 | */ 9 | /* 10 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 11 | * SPDX-License-Identifier: Apache-2.0 12 | * 13 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 14 | * not use this file except in compliance with the License. 15 | * You may obtain a copy of the License at 16 | * 17 | * http://www.apache.org/licenses/LICENSE-2.0 18 | * 19 | * Unless required by applicable law or agreed to in writing, software 20 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 21 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 | * See the License for the specific language governing permissions and 23 | * limitations under the License. 24 | * 25 | * This file is part of mbed TLS (https://tls.mbed.org) 26 | * 27 | */ 28 | #ifndef MBEDTLS_ARC4_H 29 | #define MBEDTLS_ARC4_H 30 | 31 | #if !defined(MBEDTLS_CONFIG_FILE) 32 | #include "config.h" 33 | #else 34 | #include MBEDTLS_CONFIG_FILE 35 | #endif 36 | 37 | #include 38 | 39 | /* MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED is deprecated and should not be used. */ 40 | #define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */ 41 | 42 | #ifdef __cplusplus 43 | extern "C" { 44 | #endif 45 | 46 | #if !defined(MBEDTLS_ARC4_ALT) 47 | // Regular implementation 48 | // 49 | 50 | /** 51 | * \brief ARC4 context structure 52 | * 53 | * \warning ARC4 is considered a weak cipher and its use constitutes a 54 | * security risk. We recommend considering stronger ciphers instead. 55 | * 56 | */ 57 | typedef struct mbedtls_arc4_context 58 | { 59 | int x; /*!< permutation index */ 60 | int y; /*!< permutation index */ 61 | unsigned char m[256]; /*!< permutation table */ 62 | } 63 | mbedtls_arc4_context; 64 | 65 | #else /* MBEDTLS_ARC4_ALT */ 66 | #include "arc4_alt.h" 67 | #endif /* MBEDTLS_ARC4_ALT */ 68 | 69 | /** 70 | * \brief Initialize ARC4 context 71 | * 72 | * \param ctx ARC4 context to be initialized 73 | * 74 | * \warning ARC4 is considered a weak cipher and its use constitutes a 75 | * security risk. We recommend considering stronger ciphers 76 | * instead. 77 | * 78 | */ 79 | void mbedtls_arc4_init( mbedtls_arc4_context *ctx ); 80 | 81 | /** 82 | * \brief Clear ARC4 context 83 | * 84 | * \param ctx ARC4 context to be cleared 85 | * 86 | * \warning ARC4 is considered a weak cipher and its use constitutes a 87 | * security risk. We recommend considering stronger ciphers 88 | * instead. 89 | * 90 | */ 91 | void mbedtls_arc4_free( mbedtls_arc4_context *ctx ); 92 | 93 | /** 94 | * \brief ARC4 key schedule 95 | * 96 | * \param ctx ARC4 context to be setup 97 | * \param key the secret key 98 | * \param keylen length of the key, in bytes 99 | * 100 | * \warning ARC4 is considered a weak cipher and its use constitutes a 101 | * security risk. We recommend considering stronger ciphers 102 | * instead. 103 | * 104 | */ 105 | void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, 106 | unsigned int keylen ); 107 | 108 | /** 109 | * \brief ARC4 cipher function 110 | * 111 | * \param ctx ARC4 context 112 | * \param length length of the input data 113 | * \param input buffer holding the input data 114 | * \param output buffer for the output data 115 | * 116 | * \return 0 if successful 117 | * 118 | * \warning ARC4 is considered a weak cipher and its use constitutes a 119 | * security risk. We recommend considering stronger ciphers 120 | * instead. 121 | * 122 | */ 123 | int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, 124 | unsigned char *output ); 125 | 126 | #if defined(MBEDTLS_SELF_TEST) 127 | 128 | /** 129 | * \brief Checkup routine 130 | * 131 | * \return 0 if successful, or 1 if the test failed 132 | * 133 | * \warning ARC4 is considered a weak cipher and its use constitutes a 134 | * security risk. We recommend considering stronger ciphers 135 | * instead. 136 | * 137 | */ 138 | int mbedtls_arc4_self_test( int verbose ); 139 | 140 | #endif /* MBEDTLS_SELF_TEST */ 141 | 142 | #ifdef __cplusplus 143 | } 144 | #endif 145 | 146 | #endif /* arc4.h */ 147 | -------------------------------------------------------------------------------- /src/mbedtls/base64.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file base64.h 3 | * 4 | * \brief RFC 1521 base64 encoding/decoding 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_BASE64_H 25 | #define MBEDTLS_BASE64_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include 34 | 35 | #define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */ 36 | #define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C /**< Invalid character in input. */ 37 | 38 | #ifdef __cplusplus 39 | extern "C" { 40 | #endif 41 | 42 | /** 43 | * \brief Encode a buffer into base64 format 44 | * 45 | * \param dst destination buffer 46 | * \param dlen size of the destination buffer 47 | * \param olen number of bytes written 48 | * \param src source buffer 49 | * \param slen amount of data to be encoded 50 | * 51 | * \return 0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL. 52 | * *olen is always updated to reflect the amount 53 | * of data that has (or would have) been written. 54 | * If that length cannot be represented, then no data is 55 | * written to the buffer and *olen is set to the maximum 56 | * length representable as a size_t. 57 | * 58 | * \note Call this function with dlen = 0 to obtain the 59 | * required buffer size in *olen 60 | */ 61 | int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, 62 | const unsigned char *src, size_t slen ); 63 | 64 | /** 65 | * \brief Decode a base64-formatted buffer 66 | * 67 | * \param dst destination buffer (can be NULL for checking size) 68 | * \param dlen size of the destination buffer 69 | * \param olen number of bytes written 70 | * \param src source buffer 71 | * \param slen amount of data to be decoded 72 | * 73 | * \return 0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or 74 | * MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is 75 | * not correct. *olen is always updated to reflect the amount 76 | * of data that has (or would have) been written. 77 | * 78 | * \note Call this function with *dst = NULL or dlen = 0 to obtain 79 | * the required buffer size in *olen 80 | */ 81 | int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, 82 | const unsigned char *src, size_t slen ); 83 | 84 | #if defined(MBEDTLS_SELF_TEST) 85 | /** 86 | * \brief Checkup routine 87 | * 88 | * \return 0 if successful, or 1 if the test failed 89 | */ 90 | int mbedtls_base64_self_test( int verbose ); 91 | 92 | #endif /* MBEDTLS_SELF_TEST */ 93 | 94 | #ifdef __cplusplus 95 | } 96 | #endif 97 | 98 | #endif /* base64.h */ 99 | -------------------------------------------------------------------------------- /src/mbedtls/cipher_internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file cipher_internal.h 3 | * 4 | * \brief Cipher wrappers. 5 | * 6 | * \author Adriaan de Jong 7 | */ 8 | /* 9 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 10 | * SPDX-License-Identifier: Apache-2.0 11 | * 12 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 13 | * not use this file except in compliance with the License. 14 | * You may obtain a copy of the License at 15 | * 16 | * http://www.apache.org/licenses/LICENSE-2.0 17 | * 18 | * Unless required by applicable law or agreed to in writing, software 19 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 20 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | * See the License for the specific language governing permissions and 22 | * limitations under the License. 23 | * 24 | * This file is part of mbed TLS (https://tls.mbed.org) 25 | */ 26 | #ifndef MBEDTLS_CIPHER_WRAP_H 27 | #define MBEDTLS_CIPHER_WRAP_H 28 | 29 | #if !defined(MBEDTLS_CONFIG_FILE) 30 | #include "config.h" 31 | #else 32 | #include MBEDTLS_CONFIG_FILE 33 | #endif 34 | 35 | #include "cipher.h" 36 | 37 | #ifdef __cplusplus 38 | extern "C" { 39 | #endif 40 | 41 | /** 42 | * Base cipher information. The non-mode specific functions and values. 43 | */ 44 | struct mbedtls_cipher_base_t 45 | { 46 | /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */ 47 | mbedtls_cipher_id_t cipher; 48 | 49 | /** Encrypt using ECB */ 50 | int (*ecb_func)( void *ctx, mbedtls_operation_t mode, 51 | const unsigned char *input, unsigned char *output ); 52 | 53 | #if defined(MBEDTLS_CIPHER_MODE_CBC) 54 | /** Encrypt using CBC */ 55 | int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length, 56 | unsigned char *iv, const unsigned char *input, 57 | unsigned char *output ); 58 | #endif 59 | 60 | #if defined(MBEDTLS_CIPHER_MODE_CFB) 61 | /** Encrypt using CFB (Full length) */ 62 | int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off, 63 | unsigned char *iv, const unsigned char *input, 64 | unsigned char *output ); 65 | #endif 66 | 67 | #if defined(MBEDTLS_CIPHER_MODE_OFB) 68 | /** Encrypt using OFB (Full length) */ 69 | int (*ofb_func)( void *ctx, size_t length, size_t *iv_off, 70 | unsigned char *iv, 71 | const unsigned char *input, 72 | unsigned char *output ); 73 | #endif 74 | 75 | #if defined(MBEDTLS_CIPHER_MODE_CTR) 76 | /** Encrypt using CTR */ 77 | int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, 78 | unsigned char *nonce_counter, unsigned char *stream_block, 79 | const unsigned char *input, unsigned char *output ); 80 | #endif 81 | 82 | #if defined(MBEDTLS_CIPHER_MODE_XTS) 83 | /** Encrypt or decrypt using XTS. */ 84 | int (*xts_func)( void *ctx, mbedtls_operation_t mode, size_t length, 85 | const unsigned char data_unit[16], 86 | const unsigned char *input, unsigned char *output ); 87 | #endif 88 | 89 | #if defined(MBEDTLS_CIPHER_MODE_STREAM) 90 | /** Encrypt using STREAM */ 91 | int (*stream_func)( void *ctx, size_t length, 92 | const unsigned char *input, unsigned char *output ); 93 | #endif 94 | 95 | /** Set key for encryption purposes */ 96 | int (*setkey_enc_func)( void *ctx, const unsigned char *key, 97 | unsigned int key_bitlen ); 98 | 99 | /** Set key for decryption purposes */ 100 | int (*setkey_dec_func)( void *ctx, const unsigned char *key, 101 | unsigned int key_bitlen); 102 | 103 | /** Allocate a new context */ 104 | void * (*ctx_alloc_func)( void ); 105 | 106 | /** Free the given context */ 107 | void (*ctx_free_func)( void *ctx ); 108 | 109 | }; 110 | 111 | typedef struct 112 | { 113 | mbedtls_cipher_type_t type; 114 | const mbedtls_cipher_info_t *info; 115 | } mbedtls_cipher_definition_t; 116 | 117 | extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[]; 118 | 119 | extern int mbedtls_cipher_supported[]; 120 | 121 | #ifdef __cplusplus 122 | } 123 | #endif 124 | 125 | #endif /* MBEDTLS_CIPHER_WRAP_H */ 126 | -------------------------------------------------------------------------------- /src/mbedtls/entropy_poll.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file entropy_poll.h 3 | * 4 | * \brief Platform-specific and custom entropy polling functions 5 | */ 6 | /* 7 | * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_ENTROPY_POLL_H 25 | #define MBEDTLS_ENTROPY_POLL_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include 34 | 35 | #ifdef __cplusplus 36 | extern "C" { 37 | #endif 38 | 39 | /* 40 | * Default thresholds for built-in sources, in bytes 41 | */ 42 | #define MBEDTLS_ENTROPY_MIN_PLATFORM 32 /**< Minimum for platform source */ 43 | #define MBEDTLS_ENTROPY_MIN_HAVEGE 32 /**< Minimum for HAVEGE */ 44 | #define MBEDTLS_ENTROPY_MIN_HARDCLOCK 4 /**< Minimum for mbedtls_timing_hardclock() */ 45 | #if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE) 46 | #define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */ 47 | #endif 48 | 49 | /** 50 | * \brief Entropy poll callback that provides 0 entropy. 51 | */ 52 | #if defined(MBEDTLS_TEST_NULL_ENTROPY) 53 | int mbedtls_null_entropy_poll( void *data, 54 | unsigned char *output, size_t len, size_t *olen ); 55 | #endif 56 | 57 | #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) 58 | /** 59 | * \brief Platform-specific entropy poll callback 60 | */ 61 | int mbedtls_platform_entropy_poll( void *data, 62 | unsigned char *output, size_t len, size_t *olen ); 63 | #endif 64 | 65 | #if defined(MBEDTLS_HAVEGE_C) 66 | /** 67 | * \brief HAVEGE based entropy poll callback 68 | * 69 | * Requires an HAVEGE state as its data pointer. 70 | */ 71 | int mbedtls_havege_poll( void *data, 72 | unsigned char *output, size_t len, size_t *olen ); 73 | #endif 74 | 75 | #if defined(MBEDTLS_TIMING_C) 76 | /** 77 | * \brief mbedtls_timing_hardclock-based entropy poll callback 78 | */ 79 | int mbedtls_hardclock_poll( void *data, 80 | unsigned char *output, size_t len, size_t *olen ); 81 | #endif 82 | 83 | #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) 84 | /** 85 | * \brief Entropy poll callback for a hardware source 86 | * 87 | * \warning This is not provided by mbed TLS! 88 | * See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h. 89 | * 90 | * \note This must accept NULL as its first argument. 91 | */ 92 | int mbedtls_hardware_poll( void *data, 93 | unsigned char *output, size_t len, size_t *olen ); 94 | #endif 95 | 96 | #if defined(MBEDTLS_ENTROPY_NV_SEED) 97 | /** 98 | * \brief Entropy poll callback for a non-volatile seed file 99 | * 100 | * \note This must accept NULL as its first argument. 101 | */ 102 | int mbedtls_nv_seed_poll( void *data, 103 | unsigned char *output, size_t len, size_t *olen ); 104 | #endif 105 | 106 | #ifdef __cplusplus 107 | } 108 | #endif 109 | 110 | #endif /* entropy_poll.h */ 111 | -------------------------------------------------------------------------------- /src/mbedtls/error.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file error.h 3 | * 4 | * \brief Error to string translation 5 | */ 6 | /* 7 | * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_ERROR_H 25 | #define MBEDTLS_ERROR_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include 34 | 35 | /** 36 | * Error code layout. 37 | * 38 | * Currently we try to keep all error codes within the negative space of 16 39 | * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In 40 | * addition we'd like to give two layers of information on the error if 41 | * possible. 42 | * 43 | * For that purpose the error codes are segmented in the following manner: 44 | * 45 | * 16 bit error code bit-segmentation 46 | * 47 | * 1 bit - Unused (sign bit) 48 | * 3 bits - High level module ID 49 | * 5 bits - Module-dependent error code 50 | * 7 bits - Low level module errors 51 | * 52 | * For historical reasons, low-level error codes are divided in even and odd, 53 | * even codes were assigned first, and -1 is reserved for other errors. 54 | * 55 | * Low-level module errors (0x0002-0x007E, 0x0003-0x007F) 56 | * 57 | * Module Nr Codes assigned 58 | * MPI 7 0x0002-0x0010 59 | * GCM 3 0x0012-0x0014 0x0013-0x0013 60 | * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 61 | * THREADING 3 0x001A-0x001E 62 | * AES 5 0x0020-0x0022 0x0021-0x0025 63 | * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 64 | * XTEA 2 0x0028-0x0028 0x0029-0x0029 65 | * BASE64 2 0x002A-0x002C 66 | * OID 1 0x002E-0x002E 0x000B-0x000B 67 | * PADLOCK 1 0x0030-0x0030 68 | * DES 2 0x0032-0x0032 0x0033-0x0033 69 | * CTR_DBRG 4 0x0034-0x003A 70 | * ENTROPY 3 0x003C-0x0040 0x003D-0x003F 71 | * NET 13 0x0042-0x0052 0x0043-0x0049 72 | * ARIA 4 0x0058-0x005E 73 | * ASN1 7 0x0060-0x006C 74 | * CMAC 1 0x007A-0x007A 75 | * PBKDF2 1 0x007C-0x007C 76 | * HMAC_DRBG 4 0x0003-0x0009 77 | * CCM 3 0x000D-0x0011 78 | * ARC4 1 0x0019-0x0019 79 | * MD2 1 0x002B-0x002B 80 | * MD4 1 0x002D-0x002D 81 | * MD5 1 0x002F-0x002F 82 | * RIPEMD160 1 0x0031-0x0031 83 | * SHA1 1 0x0035-0x0035 0x0073-0x0073 84 | * SHA256 1 0x0037-0x0037 0x0074-0x0074 85 | * SHA512 1 0x0039-0x0039 0x0075-0x0075 86 | * CHACHA20 3 0x0051-0x0055 87 | * POLY1305 3 0x0057-0x005B 88 | * CHACHAPOLY 2 0x0054-0x0056 89 | * PLATFORM 1 0x0070-0x0072 90 | * 91 | * High-level module nr (3 bits - 0x0...-0x7...) 92 | * Name ID Nr of Errors 93 | * PEM 1 9 94 | * PKCS#12 1 4 (Started from top) 95 | * X509 2 20 96 | * PKCS5 2 4 (Started from top) 97 | * DHM 3 11 98 | * PK 3 15 (Started from top) 99 | * RSA 4 11 100 | * ECP 4 10 (Started from top) 101 | * MD 5 5 102 | * HKDF 5 1 (Started from top) 103 | * CIPHER 6 8 104 | * SSL 6 23 (Started from top) 105 | * SSL 7 32 106 | * 107 | * Module dependent error code (5 bits 0x.00.-0x.F8.) 108 | */ 109 | 110 | #ifdef __cplusplus 111 | extern "C" { 112 | #endif 113 | 114 | /** 115 | * \brief Translate a mbed TLS error code into a string representation, 116 | * Result is truncated if necessary and always includes a terminating 117 | * null byte. 118 | * 119 | * \param errnum error code 120 | * \param buffer buffer to place representation in 121 | * \param buflen length of the buffer 122 | */ 123 | void mbedtls_strerror( int errnum, char *buffer, size_t buflen ); 124 | 125 | #ifdef __cplusplus 126 | } 127 | #endif 128 | 129 | #endif /* error.h */ 130 | -------------------------------------------------------------------------------- /src/mbedtls/esp_debug.h: -------------------------------------------------------------------------------- 1 | // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | #ifndef _ESP_DEBUG_H_ 15 | #define _ESP_DEBUG_H_ 16 | 17 | #ifdef __cplusplus 18 | extern "C" { 19 | #endif 20 | 21 | #include "arduino_config.h" 22 | #ifdef CONFIG_MBEDTLS_DEBUG 23 | 24 | /** @brief Enable mbedTLS debug logging via the esp_log mechanism. 25 | * 26 | * mbedTLS internal debugging is filtered from a specified mbedTLS 27 | * threshold level to esp_log level at runtime: 28 | * 29 | * - 1 - Warning 30 | * - 2 - Info 31 | * - 3 - Debug 32 | * - 4 - Verbose 33 | * 34 | * (Note that mbedTLS debug thresholds are not always consistently used.) 35 | * 36 | * This function will set the esp log level for "mbedtls" to the specified mbedTLS 37 | * threshold level that matches. However, the overall max ESP log level must be set high 38 | * enough in menuconfig, or some messages may be filtered at compile time. 39 | * 40 | * @param conf mbedtls_ssl_config structure 41 | * @param mbedTLS debug threshold, 0-4. Messages are filtered at runtime. 42 | */ 43 | void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold); 44 | 45 | /** @brief Disable mbedTLS debug logging via the esp_log mechanism. 46 | * 47 | */ 48 | void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf); 49 | 50 | 51 | #endif 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | #endif /* __ESP_DEBUG_H__ */ 58 | -------------------------------------------------------------------------------- /src/mbedtls/havege.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file havege.h 3 | * 4 | * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_HAVEGE_H 25 | #define MBEDTLS_HAVEGE_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include 34 | 35 | #define MBEDTLS_HAVEGE_COLLECT_SIZE 1024 36 | 37 | #ifdef __cplusplus 38 | extern "C" { 39 | #endif 40 | 41 | /** 42 | * \brief HAVEGE state structure 43 | */ 44 | typedef struct mbedtls_havege_state 45 | { 46 | int PT1, PT2, offset[2]; 47 | int pool[MBEDTLS_HAVEGE_COLLECT_SIZE]; 48 | int WALK[8192]; 49 | } 50 | mbedtls_havege_state; 51 | 52 | /** 53 | * \brief HAVEGE initialization 54 | * 55 | * \param hs HAVEGE state to be initialized 56 | */ 57 | void mbedtls_havege_init( mbedtls_havege_state *hs ); 58 | 59 | /** 60 | * \brief Clear HAVEGE state 61 | * 62 | * \param hs HAVEGE state to be cleared 63 | */ 64 | void mbedtls_havege_free( mbedtls_havege_state *hs ); 65 | 66 | /** 67 | * \brief HAVEGE rand function 68 | * 69 | * \param p_rng A HAVEGE state 70 | * \param output Buffer to fill 71 | * \param len Length of buffer 72 | * 73 | * \return 0 74 | */ 75 | int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len ); 76 | 77 | #ifdef __cplusplus 78 | } 79 | #endif 80 | 81 | #endif /* havege.h */ 82 | -------------------------------------------------------------------------------- /src/mbedtls/hkdf.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file hkdf.h 3 | * 4 | * \brief This file contains the HKDF interface. 5 | * 6 | * The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is 7 | * specified by RFC 5869. 8 | */ 9 | /* 10 | * Copyright (C) 2016-2018, ARM Limited, All Rights Reserved 11 | * SPDX-License-Identifier: Apache-2.0 12 | * 13 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 14 | * not use this file except in compliance with the License. 15 | * You may obtain a copy of the License at 16 | * 17 | * http://www.apache.org/licenses/LICENSE-2.0 18 | * 19 | * Unless required by applicable law or agreed to in writing, software 20 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 21 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 | * See the License for the specific language governing permissions and 23 | * limitations under the License. 24 | * 25 | * This file is part of mbed TLS (https://tls.mbed.org) 26 | */ 27 | #ifndef MBEDTLS_HKDF_H 28 | #define MBEDTLS_HKDF_H 29 | 30 | #if !defined(MBEDTLS_CONFIG_FILE) 31 | #include "config.h" 32 | #else 33 | #include MBEDTLS_CONFIG_FILE 34 | #endif 35 | 36 | #include "md.h" 37 | 38 | /** 39 | * \name HKDF Error codes 40 | * \{ 41 | */ 42 | #define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 /**< Bad input parameters to function. */ 43 | /* \} name */ 44 | 45 | #ifdef __cplusplus 46 | extern "C" { 47 | #endif 48 | 49 | /** 50 | * \brief This is the HMAC-based Extract-and-Expand Key Derivation Function 51 | * (HKDF). 52 | * 53 | * \param md A hash function; md.size denotes the length of the hash 54 | * function output in bytes. 55 | * \param salt An optional salt value (a non-secret random value); 56 | * if the salt is not provided, a string of all zeros of 57 | * md.size length is used as the salt. 58 | * \param salt_len The length in bytes of the optional \p salt. 59 | * \param ikm The input keying material. 60 | * \param ikm_len The length in bytes of \p ikm. 61 | * \param info An optional context and application specific information 62 | * string. This can be a zero-length string. 63 | * \param info_len The length of \p info in bytes. 64 | * \param okm The output keying material of \p okm_len bytes. 65 | * \param okm_len The length of the output keying material in bytes. This 66 | * must be less than or equal to 255 * md.size bytes. 67 | * 68 | * \return 0 on success. 69 | * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid. 70 | * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying 71 | * MD layer. 72 | */ 73 | int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, 74 | size_t salt_len, const unsigned char *ikm, size_t ikm_len, 75 | const unsigned char *info, size_t info_len, 76 | unsigned char *okm, size_t okm_len ); 77 | 78 | /** 79 | * \brief Take the input keying material \p ikm and extract from it a 80 | * fixed-length pseudorandom key \p prk. 81 | * 82 | * \warning This function should only be used if the security of it has been 83 | * studied and established in that particular context (eg. TLS 1.3 84 | * key schedule). For standard HKDF security guarantees use 85 | * \c mbedtls_hkdf instead. 86 | * 87 | * \param md A hash function; md.size denotes the length of the 88 | * hash function output in bytes. 89 | * \param salt An optional salt value (a non-secret random value); 90 | * if the salt is not provided, a string of all zeros 91 | * of md.size length is used as the salt. 92 | * \param salt_len The length in bytes of the optional \p salt. 93 | * \param ikm The input keying material. 94 | * \param ikm_len The length in bytes of \p ikm. 95 | * \param[out] prk A pseudorandom key of at least md.size bytes. 96 | * 97 | * \return 0 on success. 98 | * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid. 99 | * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying 100 | * MD layer. 101 | */ 102 | int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, 103 | const unsigned char *salt, size_t salt_len, 104 | const unsigned char *ikm, size_t ikm_len, 105 | unsigned char *prk ); 106 | 107 | /** 108 | * \brief Expand the supplied \p prk into several additional pseudorandom 109 | * keys, which is the output of the HKDF. 110 | * 111 | * \warning This function should only be used if the security of it has been 112 | * studied and established in that particular context (eg. TLS 1.3 113 | * key schedule). For standard HKDF security guarantees use 114 | * \c mbedtls_hkdf instead. 115 | * 116 | * \param md A hash function; md.size denotes the length of the hash 117 | * function output in bytes. 118 | * \param prk A pseudorandom key of at least md.size bytes. \p prk is 119 | * usually the output from the HKDF extract step. 120 | * \param prk_len The length in bytes of \p prk. 121 | * \param info An optional context and application specific information 122 | * string. This can be a zero-length string. 123 | * \param info_len The length of \p info in bytes. 124 | * \param okm The output keying material of \p okm_len bytes. 125 | * \param okm_len The length of the output keying material in bytes. This 126 | * must be less than or equal to 255 * md.size bytes. 127 | * 128 | * \return 0 on success. 129 | * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid. 130 | * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying 131 | * MD layer. 132 | */ 133 | int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, 134 | size_t prk_len, const unsigned char *info, 135 | size_t info_len, unsigned char *okm, size_t okm_len ); 136 | 137 | #ifdef __cplusplus 138 | } 139 | #endif 140 | 141 | #endif /* hkdf.h */ 142 | -------------------------------------------------------------------------------- /src/mbedtls/md_internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file md_internal.h 3 | * 4 | * \brief Message digest wrappers. 5 | * 6 | * \warning This in an internal header. Do not include directly. 7 | * 8 | * \author Adriaan de Jong 9 | */ 10 | /* 11 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 12 | * SPDX-License-Identifier: Apache-2.0 13 | * 14 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 15 | * not use this file except in compliance with the License. 16 | * You may obtain a copy of the License at 17 | * 18 | * http://www.apache.org/licenses/LICENSE-2.0 19 | * 20 | * Unless required by applicable law or agreed to in writing, software 21 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 22 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 23 | * See the License for the specific language governing permissions and 24 | * limitations under the License. 25 | * 26 | * This file is part of mbed TLS (https://tls.mbed.org) 27 | */ 28 | #ifndef MBEDTLS_MD_WRAP_H 29 | #define MBEDTLS_MD_WRAP_H 30 | 31 | #if !defined(MBEDTLS_CONFIG_FILE) 32 | #include "config.h" 33 | #else 34 | #include MBEDTLS_CONFIG_FILE 35 | #endif 36 | 37 | #include "md.h" 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /** 44 | * Message digest information. 45 | * Allows message digest functions to be called in a generic way. 46 | */ 47 | struct mbedtls_md_info_t 48 | { 49 | /** Digest identifier */ 50 | mbedtls_md_type_t type; 51 | 52 | /** Name of the message digest */ 53 | const char * name; 54 | 55 | /** Output length of the digest function in bytes */ 56 | int size; 57 | 58 | /** Block length of the digest function in bytes */ 59 | int block_size; 60 | 61 | /** Digest initialisation function */ 62 | int (*starts_func)( void *ctx ); 63 | 64 | /** Digest update function */ 65 | int (*update_func)( void *ctx, const unsigned char *input, size_t ilen ); 66 | 67 | /** Digest finalisation function */ 68 | int (*finish_func)( void *ctx, unsigned char *output ); 69 | 70 | /** Generic digest function */ 71 | int (*digest_func)( const unsigned char *input, size_t ilen, 72 | unsigned char *output ); 73 | 74 | /** Allocate a new context */ 75 | void * (*ctx_alloc_func)( void ); 76 | 77 | /** Free the given context */ 78 | void (*ctx_free_func)( void *ctx ); 79 | 80 | /** Clone state from a context */ 81 | void (*clone_func)( void *dst, const void *src ); 82 | 83 | /** Internal use only */ 84 | int (*process_func)( void *ctx, const unsigned char *input ); 85 | }; 86 | 87 | #if defined(MBEDTLS_MD2_C) 88 | extern const mbedtls_md_info_t mbedtls_md2_info; 89 | #endif 90 | #if defined(MBEDTLS_MD4_C) 91 | extern const mbedtls_md_info_t mbedtls_md4_info; 92 | #endif 93 | #if defined(MBEDTLS_MD5_C) 94 | extern const mbedtls_md_info_t mbedtls_md5_info; 95 | #endif 96 | #if defined(MBEDTLS_RIPEMD160_C) 97 | extern const mbedtls_md_info_t mbedtls_ripemd160_info; 98 | #endif 99 | #if defined(MBEDTLS_SHA1_C) 100 | extern const mbedtls_md_info_t mbedtls_sha1_info; 101 | #endif 102 | #if defined(MBEDTLS_SHA256_C) 103 | extern const mbedtls_md_info_t mbedtls_sha224_info; 104 | extern const mbedtls_md_info_t mbedtls_sha256_info; 105 | #endif 106 | #if defined(MBEDTLS_SHA512_C) 107 | extern const mbedtls_md_info_t mbedtls_sha384_info; 108 | extern const mbedtls_md_info_t mbedtls_sha512_info; 109 | #endif 110 | 111 | #ifdef __cplusplus 112 | } 113 | #endif 114 | 115 | #endif /* MBEDTLS_MD_WRAP_H */ 116 | -------------------------------------------------------------------------------- /src/mbedtls/memory_buffer_alloc.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file memory_buffer_alloc.h 3 | * 4 | * \brief Buffer-based memory allocator 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H 25 | #define MBEDTLS_MEMORY_BUFFER_ALLOC_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include 34 | 35 | /** 36 | * \name SECTION: Module settings 37 | * 38 | * The configuration options you can set for this module are in this section. 39 | * Either change them in config.h or define them on the compiler command line. 40 | * \{ 41 | */ 42 | 43 | #if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE) 44 | #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 45 | #endif 46 | 47 | /* \} name SECTION: Module settings */ 48 | 49 | #define MBEDTLS_MEMORY_VERIFY_NONE 0 50 | #define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0) 51 | #define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1) 52 | #define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE) 53 | 54 | #ifdef __cplusplus 55 | extern "C" { 56 | #endif 57 | 58 | /** 59 | * \brief Initialize use of stack-based memory allocator. 60 | * The stack-based allocator does memory management inside the 61 | * presented buffer and does not call calloc() and free(). 62 | * It sets the global mbedtls_calloc() and mbedtls_free() pointers 63 | * to its own functions. 64 | * (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if 65 | * MBEDTLS_THREADING_C is defined) 66 | * 67 | * \note This code is not optimized and provides a straight-forward 68 | * implementation of a stack-based memory allocator. 69 | * 70 | * \param buf buffer to use as heap 71 | * \param len size of the buffer 72 | */ 73 | void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ); 74 | 75 | /** 76 | * \brief Free the mutex for thread-safety and clear remaining memory 77 | */ 78 | void mbedtls_memory_buffer_alloc_free( void ); 79 | 80 | /** 81 | * \brief Determine when the allocator should automatically verify the state 82 | * of the entire chain of headers / meta-data. 83 | * (Default: MBEDTLS_MEMORY_VERIFY_NONE) 84 | * 85 | * \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC, 86 | * MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS 87 | */ 88 | void mbedtls_memory_buffer_set_verify( int verify ); 89 | 90 | #if defined(MBEDTLS_MEMORY_DEBUG) 91 | /** 92 | * \brief Print out the status of the allocated memory (primarily for use 93 | * after a program should have de-allocated all memory) 94 | * Prints out a list of 'still allocated' blocks and their stack 95 | * trace if MBEDTLS_MEMORY_BACKTRACE is defined. 96 | */ 97 | void mbedtls_memory_buffer_alloc_status( void ); 98 | 99 | /** 100 | * \brief Get the peak heap usage so far 101 | * 102 | * \param max_used Peak number of bytes in use or committed. This 103 | * includes bytes in allocated blocks too small to split 104 | * into smaller blocks but larger than the requested size. 105 | * \param max_blocks Peak number of blocks in use, including free and used 106 | */ 107 | void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ); 108 | 109 | /** 110 | * \brief Reset peak statistics 111 | */ 112 | void mbedtls_memory_buffer_alloc_max_reset( void ); 113 | 114 | /** 115 | * \brief Get the current heap usage 116 | * 117 | * \param cur_used Current number of bytes in use or committed. This 118 | * includes bytes in allocated blocks too small to split 119 | * into smaller blocks but larger than the requested size. 120 | * \param cur_blocks Current number of blocks in use, including free and used 121 | */ 122 | void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ); 123 | #endif /* MBEDTLS_MEMORY_DEBUG */ 124 | 125 | /** 126 | * \brief Verifies that all headers in the memory buffer are correct 127 | * and contain sane values. Helps debug buffer-overflow errors. 128 | * 129 | * Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined. 130 | * Prints out full header information if MBEDTLS_MEMORY_DEBUG 131 | * is defined. (Includes stack trace information for each block if 132 | * MBEDTLS_MEMORY_BACKTRACE is defined as well). 133 | * 134 | * \return 0 if verified, 1 otherwise 135 | */ 136 | int mbedtls_memory_buffer_alloc_verify( void ); 137 | 138 | #if defined(MBEDTLS_SELF_TEST) 139 | /** 140 | * \brief Checkup routine 141 | * 142 | * \return 0 if successful, or 1 if a test failed 143 | */ 144 | int mbedtls_memory_buffer_alloc_self_test( int verbose ); 145 | #endif 146 | 147 | #ifdef __cplusplus 148 | } 149 | #endif 150 | 151 | #endif /* memory_buffer_alloc.h */ 152 | -------------------------------------------------------------------------------- /src/mbedtls/net.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file net.h 3 | * 4 | * \brief Deprecated header file that includes net_sockets.h 5 | * 6 | * \deprecated Superseded by mbedtls/net_sockets.h 7 | */ 8 | /* 9 | * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved 10 | * SPDX-License-Identifier: Apache-2.0 11 | * 12 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 13 | * not use this file except in compliance with the License. 14 | * You may obtain a copy of the License at 15 | * 16 | * http://www.apache.org/licenses/LICENSE-2.0 17 | * 18 | * Unless required by applicable law or agreed to in writing, software 19 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 20 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | * See the License for the specific language governing permissions and 22 | * limitations under the License. 23 | * 24 | * This file is part of mbed TLS (https://tls.mbed.org) 25 | */ 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #if !defined(MBEDTLS_DEPRECATED_REMOVED) 33 | #include "net_sockets.h" 34 | #if defined(MBEDTLS_DEPRECATED_WARNING) 35 | #warning "Deprecated header file: Superseded by mbedtls/net_sockets.h" 36 | #endif /* MBEDTLS_DEPRECATED_WARNING */ 37 | #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 38 | -------------------------------------------------------------------------------- /src/mbedtls/padlock.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file padlock.h 3 | * 4 | * \brief VIA PadLock ACE for HW encryption/decryption supported by some 5 | * processors 6 | * 7 | * \warning These functions are only for internal use by other library 8 | * functions; you must not call them directly. 9 | */ 10 | /* 11 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 12 | * SPDX-License-Identifier: Apache-2.0 13 | * 14 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 15 | * not use this file except in compliance with the License. 16 | * You may obtain a copy of the License at 17 | * 18 | * http://www.apache.org/licenses/LICENSE-2.0 19 | * 20 | * Unless required by applicable law or agreed to in writing, software 21 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 22 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 23 | * See the License for the specific language governing permissions and 24 | * limitations under the License. 25 | * 26 | * This file is part of mbed TLS (https://tls.mbed.org) 27 | */ 28 | #ifndef MBEDTLS_PADLOCK_H 29 | #define MBEDTLS_PADLOCK_H 30 | 31 | #if !defined(MBEDTLS_CONFIG_FILE) 32 | #include "config.h" 33 | #else 34 | #include MBEDTLS_CONFIG_FILE 35 | #endif 36 | 37 | #include "aes.h" 38 | 39 | #define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */ 40 | 41 | #if defined(__has_feature) 42 | #if __has_feature(address_sanitizer) 43 | #define MBEDTLS_HAVE_ASAN 44 | #endif 45 | #endif 46 | 47 | /* Some versions of ASan result in errors about not enough registers */ 48 | #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \ 49 | !defined(MBEDTLS_HAVE_ASAN) 50 | 51 | #ifndef MBEDTLS_HAVE_X86 52 | #define MBEDTLS_HAVE_X86 53 | #endif 54 | 55 | #include 56 | 57 | #define MBEDTLS_PADLOCK_RNG 0x000C 58 | #define MBEDTLS_PADLOCK_ACE 0x00C0 59 | #define MBEDTLS_PADLOCK_PHE 0x0C00 60 | #define MBEDTLS_PADLOCK_PMM 0x3000 61 | 62 | #define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15)) 63 | 64 | #ifdef __cplusplus 65 | extern "C" { 66 | #endif 67 | 68 | /** 69 | * \brief Internal PadLock detection routine 70 | * 71 | * \note This function is only for internal use by other library 72 | * functions; you must not call it directly. 73 | * 74 | * \param feature The feature to detect 75 | * 76 | * \return 1 if CPU has support for the feature, 0 otherwise 77 | */ 78 | int mbedtls_padlock_has_support( int feature ); 79 | 80 | /** 81 | * \brief Internal PadLock AES-ECB block en(de)cryption 82 | * 83 | * \note This function is only for internal use by other library 84 | * functions; you must not call it directly. 85 | * 86 | * \param ctx AES context 87 | * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT 88 | * \param input 16-byte input block 89 | * \param output 16-byte output block 90 | * 91 | * \return 0 if success, 1 if operation failed 92 | */ 93 | int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, 94 | int mode, 95 | const unsigned char input[16], 96 | unsigned char output[16] ); 97 | 98 | /** 99 | * \brief Internal PadLock AES-CBC buffer en(de)cryption 100 | * 101 | * \note This function is only for internal use by other library 102 | * functions; you must not call it directly. 103 | * 104 | * \param ctx AES context 105 | * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT 106 | * \param length length of the input data 107 | * \param iv initialization vector (updated after use) 108 | * \param input buffer holding the input data 109 | * \param output buffer holding the output data 110 | * 111 | * \return 0 if success, 1 if operation failed 112 | */ 113 | int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, 114 | int mode, 115 | size_t length, 116 | unsigned char iv[16], 117 | const unsigned char *input, 118 | unsigned char *output ); 119 | 120 | #ifdef __cplusplus 121 | } 122 | #endif 123 | 124 | #endif /* HAVE_X86 */ 125 | 126 | #endif /* padlock.h */ 127 | -------------------------------------------------------------------------------- /src/mbedtls/pem.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pem.h 3 | * 4 | * \brief Privacy Enhanced Mail (PEM) decoding 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_PEM_H 25 | #define MBEDTLS_PEM_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include 34 | 35 | /** 36 | * \name PEM Error codes 37 | * These error codes are returned in case of errors reading the 38 | * PEM data. 39 | * \{ 40 | */ 41 | #define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 /**< No PEM header or footer found. */ 42 | #define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */ 43 | #define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180 /**< Failed to allocate memory. */ 44 | #define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */ 45 | #define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 /**< Unsupported key encryption algorithm. */ 46 | #define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */ 47 | #define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */ 48 | #define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */ 49 | #define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Bad input parameters to function. */ 50 | /* \} name */ 51 | 52 | #ifdef __cplusplus 53 | extern "C" { 54 | #endif 55 | 56 | #if defined(MBEDTLS_PEM_PARSE_C) 57 | /** 58 | * \brief PEM context structure 59 | */ 60 | typedef struct mbedtls_pem_context 61 | { 62 | unsigned char *buf; /*!< buffer for decoded data */ 63 | size_t buflen; /*!< length of the buffer */ 64 | unsigned char *info; /*!< buffer for extra header information */ 65 | } 66 | mbedtls_pem_context; 67 | 68 | /** 69 | * \brief PEM context setup 70 | * 71 | * \param ctx context to be initialized 72 | */ 73 | void mbedtls_pem_init( mbedtls_pem_context *ctx ); 74 | 75 | /** 76 | * \brief Read a buffer for PEM information and store the resulting 77 | * data into the specified context buffers. 78 | * 79 | * \param ctx context to use 80 | * \param header header string to seek and expect 81 | * \param footer footer string to seek and expect 82 | * \param data source data to look in (must be nul-terminated) 83 | * \param pwd password for decryption (can be NULL) 84 | * \param pwdlen length of password 85 | * \param use_len destination for total length used (set after header is 86 | * correctly read, so unless you get 87 | * MBEDTLS_ERR_PEM_BAD_INPUT_DATA or 88 | * MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is 89 | * the length to skip) 90 | * 91 | * \note Attempts to check password correctness by verifying if 92 | * the decrypted text starts with an ASN.1 sequence of 93 | * appropriate length 94 | * 95 | * \return 0 on success, or a specific PEM error code 96 | */ 97 | int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer, 98 | const unsigned char *data, 99 | const unsigned char *pwd, 100 | size_t pwdlen, size_t *use_len ); 101 | 102 | /** 103 | * \brief PEM context memory freeing 104 | * 105 | * \param ctx context to be freed 106 | */ 107 | void mbedtls_pem_free( mbedtls_pem_context *ctx ); 108 | #endif /* MBEDTLS_PEM_PARSE_C */ 109 | 110 | #if defined(MBEDTLS_PEM_WRITE_C) 111 | /** 112 | * \brief Write a buffer of PEM information from a DER encoded 113 | * buffer. 114 | * 115 | * \param header header string to write 116 | * \param footer footer string to write 117 | * \param der_data DER data to write 118 | * \param der_len length of the DER data 119 | * \param buf buffer to write to 120 | * \param buf_len length of output buffer 121 | * \param olen total length written / required (if buf_len is not enough) 122 | * 123 | * \return 0 on success, or a specific PEM or BASE64 error code. On 124 | * MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required 125 | * size. 126 | */ 127 | int mbedtls_pem_write_buffer( const char *header, const char *footer, 128 | const unsigned char *der_data, size_t der_len, 129 | unsigned char *buf, size_t buf_len, size_t *olen ); 130 | #endif /* MBEDTLS_PEM_WRITE_C */ 131 | 132 | #ifdef __cplusplus 133 | } 134 | #endif 135 | 136 | #endif /* pem.h */ 137 | -------------------------------------------------------------------------------- /src/mbedtls/pk_internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pk_internal.h 3 | * 4 | * \brief Public Key abstraction layer: wrapper functions 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | 25 | #ifndef MBEDTLS_PK_WRAP_H 26 | #define MBEDTLS_PK_WRAP_H 27 | 28 | #if !defined(MBEDTLS_CONFIG_FILE) 29 | #include "config.h" 30 | #else 31 | #include MBEDTLS_CONFIG_FILE 32 | #endif 33 | 34 | #include "pk.h" 35 | 36 | struct mbedtls_pk_info_t 37 | { 38 | /** Public key type */ 39 | mbedtls_pk_type_t type; 40 | 41 | /** Type name */ 42 | const char *name; 43 | 44 | /** Get key size in bits */ 45 | size_t (*get_bitlen)( const void * ); 46 | 47 | /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */ 48 | int (*can_do)( mbedtls_pk_type_t type ); 49 | 50 | /** Verify signature */ 51 | int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg, 52 | const unsigned char *hash, size_t hash_len, 53 | const unsigned char *sig, size_t sig_len ); 54 | 55 | /** Make signature */ 56 | int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg, 57 | const unsigned char *hash, size_t hash_len, 58 | unsigned char *sig, size_t *sig_len, 59 | int (*f_rng)(void *, unsigned char *, size_t), 60 | void *p_rng ); 61 | 62 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 63 | /** Verify signature (restartable) */ 64 | int (*verify_rs_func)( void *ctx, mbedtls_md_type_t md_alg, 65 | const unsigned char *hash, size_t hash_len, 66 | const unsigned char *sig, size_t sig_len, 67 | void *rs_ctx ); 68 | 69 | /** Make signature (restartable) */ 70 | int (*sign_rs_func)( void *ctx, mbedtls_md_type_t md_alg, 71 | const unsigned char *hash, size_t hash_len, 72 | unsigned char *sig, size_t *sig_len, 73 | int (*f_rng)(void *, unsigned char *, size_t), 74 | void *p_rng, void *rs_ctx ); 75 | #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 76 | 77 | /** Decrypt message */ 78 | int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen, 79 | unsigned char *output, size_t *olen, size_t osize, 80 | int (*f_rng)(void *, unsigned char *, size_t), 81 | void *p_rng ); 82 | 83 | /** Encrypt message */ 84 | int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen, 85 | unsigned char *output, size_t *olen, size_t osize, 86 | int (*f_rng)(void *, unsigned char *, size_t), 87 | void *p_rng ); 88 | 89 | /** Check public-private key pair */ 90 | int (*check_pair_func)( const void *pub, const void *prv ); 91 | 92 | /** Allocate a new context */ 93 | void * (*ctx_alloc_func)( void ); 94 | 95 | /** Free the given context */ 96 | void (*ctx_free_func)( void *ctx ); 97 | 98 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 99 | /** Allocate the restart context */ 100 | void * (*rs_alloc_func)( void ); 101 | 102 | /** Free the restart context */ 103 | void (*rs_free_func)( void *rs_ctx ); 104 | #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 105 | 106 | /** Interface with the debug module */ 107 | void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items ); 108 | 109 | }; 110 | #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 111 | /* Container for RSA-alt */ 112 | typedef struct 113 | { 114 | void *key; 115 | mbedtls_pk_rsa_alt_decrypt_func decrypt_func; 116 | mbedtls_pk_rsa_alt_sign_func sign_func; 117 | mbedtls_pk_rsa_alt_key_len_func key_len_func; 118 | } mbedtls_rsa_alt_context; 119 | #endif 120 | 121 | #if defined(MBEDTLS_RSA_C) 122 | extern const mbedtls_pk_info_t mbedtls_rsa_info; 123 | #endif 124 | 125 | #if defined(MBEDTLS_ECP_C) 126 | extern const mbedtls_pk_info_t mbedtls_eckey_info; 127 | extern const mbedtls_pk_info_t mbedtls_eckeydh_info; 128 | #endif 129 | 130 | #if defined(MBEDTLS_ECDSA_C) 131 | extern const mbedtls_pk_info_t mbedtls_ecdsa_info; 132 | #endif 133 | 134 | #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 135 | extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; 136 | #endif 137 | 138 | #endif /* MBEDTLS_PK_WRAP_H */ 139 | -------------------------------------------------------------------------------- /src/mbedtls/pkcs11.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pkcs11.h 3 | * 4 | * \brief Wrapper for PKCS#11 library libpkcs11-helper 5 | * 6 | * \author Adriaan de Jong 7 | */ 8 | /* 9 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 10 | * SPDX-License-Identifier: Apache-2.0 11 | * 12 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 13 | * not use this file except in compliance with the License. 14 | * You may obtain a copy of the License at 15 | * 16 | * http://www.apache.org/licenses/LICENSE-2.0 17 | * 18 | * Unless required by applicable law or agreed to in writing, software 19 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 20 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | * See the License for the specific language governing permissions and 22 | * limitations under the License. 23 | * 24 | * This file is part of mbed TLS (https://tls.mbed.org) 25 | */ 26 | #ifndef MBEDTLS_PKCS11_H 27 | #define MBEDTLS_PKCS11_H 28 | 29 | #if !defined(MBEDTLS_CONFIG_FILE) 30 | #include "config.h" 31 | #else 32 | #include MBEDTLS_CONFIG_FILE 33 | #endif 34 | 35 | #if defined(MBEDTLS_PKCS11_C) 36 | 37 | #include "x509_crt.h" 38 | 39 | #include 40 | 41 | #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 42 | !defined(inline) && !defined(__cplusplus) 43 | #define inline __inline 44 | #endif 45 | 46 | #ifdef __cplusplus 47 | extern "C" { 48 | #endif 49 | 50 | /** 51 | * Context for PKCS #11 private keys. 52 | */ 53 | typedef struct mbedtls_pkcs11_context 54 | { 55 | pkcs11h_certificate_t pkcs11h_cert; 56 | int len; 57 | } mbedtls_pkcs11_context; 58 | 59 | /** 60 | * Initialize a mbedtls_pkcs11_context. 61 | * (Just making memory references valid.) 62 | */ 63 | void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ); 64 | 65 | /** 66 | * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate. 67 | * 68 | * \param cert X.509 certificate to fill 69 | * \param pkcs11h_cert PKCS #11 helper certificate 70 | * 71 | * \return 0 on success. 72 | */ 73 | int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert ); 74 | 75 | /** 76 | * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the 77 | * mbedtls_pkcs11_context will take over control of the certificate, freeing it when 78 | * done. 79 | * 80 | * \param priv_key Private key structure to fill. 81 | * \param pkcs11_cert PKCS #11 helper certificate 82 | * 83 | * \return 0 on success 84 | */ 85 | int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key, 86 | pkcs11h_certificate_t pkcs11_cert ); 87 | 88 | /** 89 | * Free the contents of the given private key context. Note that the structure 90 | * itself is not freed. 91 | * 92 | * \param priv_key Private key structure to cleanup 93 | */ 94 | void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key ); 95 | 96 | /** 97 | * \brief Do an RSA private key decrypt, then remove the message 98 | * padding 99 | * 100 | * \param ctx PKCS #11 context 101 | * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature 102 | * \param input buffer holding the encrypted data 103 | * \param output buffer that will hold the plaintext 104 | * \param olen will contain the plaintext length 105 | * \param output_max_len maximum length of the output buffer 106 | * 107 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 108 | * 109 | * \note The output buffer must be as large as the size 110 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise 111 | * an error is thrown. 112 | */ 113 | int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx, 114 | int mode, size_t *olen, 115 | const unsigned char *input, 116 | unsigned char *output, 117 | size_t output_max_len ); 118 | 119 | /** 120 | * \brief Do a private RSA to sign a message digest 121 | * 122 | * \param ctx PKCS #11 context 123 | * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature 124 | * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) 125 | * \param hashlen message digest length (for MBEDTLS_MD_NONE only) 126 | * \param hash buffer holding the message digest 127 | * \param sig buffer that will hold the ciphertext 128 | * 129 | * \return 0 if the signing operation was successful, 130 | * or an MBEDTLS_ERR_RSA_XXX error code 131 | * 132 | * \note The "sig" buffer must be as large as the size 133 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). 134 | */ 135 | int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, 136 | int mode, 137 | mbedtls_md_type_t md_alg, 138 | unsigned int hashlen, 139 | const unsigned char *hash, 140 | unsigned char *sig ); 141 | 142 | /** 143 | * SSL/TLS wrappers for PKCS#11 functions 144 | */ 145 | static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen, 146 | const unsigned char *input, unsigned char *output, 147 | size_t output_max_len ) 148 | { 149 | return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output, 150 | output_max_len ); 151 | } 152 | 153 | static inline int mbedtls_ssl_pkcs11_sign( void *ctx, 154 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 155 | int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, 156 | const unsigned char *hash, unsigned char *sig ) 157 | { 158 | ((void) f_rng); 159 | ((void) p_rng); 160 | return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg, 161 | hashlen, hash, sig ); 162 | } 163 | 164 | static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx ) 165 | { 166 | return ( (mbedtls_pkcs11_context *) ctx )->len; 167 | } 168 | 169 | #ifdef __cplusplus 170 | } 171 | #endif 172 | 173 | #endif /* MBEDTLS_PKCS11_C */ 174 | 175 | #endif /* MBEDTLS_PKCS11_H */ 176 | -------------------------------------------------------------------------------- /src/mbedtls/pkcs12.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pkcs12.h 3 | * 4 | * \brief PKCS#12 Personal Information Exchange Syntax 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_PKCS12_H 25 | #define MBEDTLS_PKCS12_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include "md.h" 34 | #include "cipher.h" 35 | #include "asn1.h" 36 | 37 | #include 38 | 39 | #define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */ 40 | #define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */ 41 | #define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */ 42 | #define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */ 43 | 44 | #define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */ 45 | #define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */ 46 | #define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */ 47 | 48 | #define MBEDTLS_PKCS12_PBE_DECRYPT 0 49 | #define MBEDTLS_PKCS12_PBE_ENCRYPT 1 50 | 51 | #ifdef __cplusplus 52 | extern "C" { 53 | #endif 54 | 55 | #if defined(MBEDTLS_ASN1_PARSE_C) 56 | 57 | /** 58 | * \brief PKCS12 Password Based function (encryption / decryption) 59 | * for pbeWithSHAAnd128BitRC4 60 | * 61 | * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure 62 | * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT 63 | * \param pwd the password used (may be NULL if no password is used) 64 | * \param pwdlen length of the password (may be 0) 65 | * \param input the input data 66 | * \param len data length 67 | * \param output the output buffer 68 | * 69 | * \return 0 if successful, or a MBEDTLS_ERR_XXX code 70 | */ 71 | int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, 72 | const unsigned char *pwd, size_t pwdlen, 73 | const unsigned char *input, size_t len, 74 | unsigned char *output ); 75 | 76 | /** 77 | * \brief PKCS12 Password Based function (encryption / decryption) 78 | * for cipher-based and mbedtls_md-based PBE's 79 | * 80 | * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure 81 | * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT 82 | * \param cipher_type the cipher used 83 | * \param md_type the mbedtls_md used 84 | * \param pwd the password used (may be NULL if no password is used) 85 | * \param pwdlen length of the password (may be 0) 86 | * \param input the input data 87 | * \param len data length 88 | * \param output the output buffer 89 | * 90 | * \return 0 if successful, or a MBEDTLS_ERR_XXX code 91 | */ 92 | int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, 93 | mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, 94 | const unsigned char *pwd, size_t pwdlen, 95 | const unsigned char *input, size_t len, 96 | unsigned char *output ); 97 | 98 | #endif /* MBEDTLS_ASN1_PARSE_C */ 99 | 100 | /** 101 | * \brief The PKCS#12 derivation function uses a password and a salt 102 | * to produce pseudo-random bits for a particular "purpose". 103 | * 104 | * Depending on the given id, this function can produce an 105 | * encryption/decryption key, an nitialization vector or an 106 | * integrity key. 107 | * 108 | * \param data buffer to store the derived data in 109 | * \param datalen length to fill 110 | * \param pwd password to use (may be NULL if no password is used) 111 | * \param pwdlen length of the password (may be 0) 112 | * \param salt salt buffer to use 113 | * \param saltlen length of the salt 114 | * \param mbedtls_md mbedtls_md type to use during the derivation 115 | * \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY, 116 | * MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY) 117 | * \param iterations number of iterations 118 | * 119 | * \return 0 if successful, or a MD, BIGNUM type error. 120 | */ 121 | int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, 122 | const unsigned char *pwd, size_t pwdlen, 123 | const unsigned char *salt, size_t saltlen, 124 | mbedtls_md_type_t mbedtls_md, int id, int iterations ); 125 | 126 | #ifdef __cplusplus 127 | } 128 | #endif 129 | 130 | #endif /* pkcs12.h */ 131 | -------------------------------------------------------------------------------- /src/mbedtls/pkcs5.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pkcs5.h 3 | * 4 | * \brief PKCS#5 functions 5 | * 6 | * \author Mathias Olsson 7 | */ 8 | /* 9 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 10 | * SPDX-License-Identifier: Apache-2.0 11 | * 12 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 13 | * not use this file except in compliance with the License. 14 | * You may obtain a copy of the License at 15 | * 16 | * http://www.apache.org/licenses/LICENSE-2.0 17 | * 18 | * Unless required by applicable law or agreed to in writing, software 19 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 20 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | * See the License for the specific language governing permissions and 22 | * limitations under the License. 23 | * 24 | * This file is part of mbed TLS (https://tls.mbed.org) 25 | */ 26 | #ifndef MBEDTLS_PKCS5_H 27 | #define MBEDTLS_PKCS5_H 28 | 29 | #if !defined(MBEDTLS_CONFIG_FILE) 30 | #include "config.h" 31 | #else 32 | #include MBEDTLS_CONFIG_FILE 33 | #endif 34 | 35 | #include "asn1.h" 36 | #include "md.h" 37 | 38 | #include 39 | #include 40 | 41 | #define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80 /**< Bad input parameters to function. */ 42 | #define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00 /**< Unexpected ASN.1 data. */ 43 | #define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80 /**< Requested encryption or digest alg not available. */ 44 | #define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00 /**< Given private key password does not allow for correct decryption. */ 45 | 46 | #define MBEDTLS_PKCS5_DECRYPT 0 47 | #define MBEDTLS_PKCS5_ENCRYPT 1 48 | 49 | #ifdef __cplusplus 50 | extern "C" { 51 | #endif 52 | 53 | #if defined(MBEDTLS_ASN1_PARSE_C) 54 | 55 | /** 56 | * \brief PKCS#5 PBES2 function 57 | * 58 | * \param pbe_params the ASN.1 algorithm parameters 59 | * \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT 60 | * \param pwd password to use when generating key 61 | * \param pwdlen length of password 62 | * \param data data to process 63 | * \param datalen length of data 64 | * \param output output buffer 65 | * 66 | * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. 67 | */ 68 | int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, 69 | const unsigned char *pwd, size_t pwdlen, 70 | const unsigned char *data, size_t datalen, 71 | unsigned char *output ); 72 | 73 | #endif /* MBEDTLS_ASN1_PARSE_C */ 74 | 75 | /** 76 | * \brief PKCS#5 PBKDF2 using HMAC 77 | * 78 | * \param ctx Generic HMAC context 79 | * \param password Password to use when generating key 80 | * \param plen Length of password 81 | * \param salt Salt to use when generating key 82 | * \param slen Length of salt 83 | * \param iteration_count Iteration count 84 | * \param key_length Length of generated key in bytes 85 | * \param output Generated key. Must be at least as big as key_length 86 | * 87 | * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. 88 | */ 89 | int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password, 90 | size_t plen, const unsigned char *salt, size_t slen, 91 | unsigned int iteration_count, 92 | uint32_t key_length, unsigned char *output ); 93 | 94 | #if defined(MBEDTLS_SELF_TEST) 95 | 96 | /** 97 | * \brief Checkup routine 98 | * 99 | * \return 0 if successful, or 1 if the test failed 100 | */ 101 | int mbedtls_pkcs5_self_test( int verbose ); 102 | 103 | #endif /* MBEDTLS_SELF_TEST */ 104 | 105 | #ifdef __cplusplus 106 | } 107 | #endif 108 | 109 | #endif /* pkcs5.h */ 110 | -------------------------------------------------------------------------------- /src/mbedtls/platform_time.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file platform_time.h 3 | * 4 | * \brief mbed TLS Platform time abstraction 5 | */ 6 | /* 7 | * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_PLATFORM_TIME_H 25 | #define MBEDTLS_PLATFORM_TIME_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #ifdef __cplusplus 34 | extern "C" { 35 | #endif 36 | 37 | /** 38 | * \name SECTION: Module settings 39 | * 40 | * The configuration options you can set for this module are in this section. 41 | * Either change them in config.h or define them on the compiler command line. 42 | * \{ 43 | */ 44 | 45 | /* 46 | * The time_t datatype 47 | */ 48 | #if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) 49 | typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; 50 | #else 51 | /* For time_t */ 52 | #include 53 | typedef time_t mbedtls_time_t; 54 | #endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ 55 | 56 | /* 57 | * The function pointers for time 58 | */ 59 | #if defined(MBEDTLS_PLATFORM_TIME_ALT) 60 | extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); 61 | 62 | /** 63 | * \brief Set your own time function pointer 64 | * 65 | * \param time_func the time function implementation 66 | * 67 | * \return 0 68 | */ 69 | int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); 70 | #else 71 | #if defined(MBEDTLS_PLATFORM_TIME_MACRO) 72 | #define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO 73 | #else 74 | #define mbedtls_time time 75 | #endif /* MBEDTLS_PLATFORM_TIME_MACRO */ 76 | #endif /* MBEDTLS_PLATFORM_TIME_ALT */ 77 | 78 | #ifdef __cplusplus 79 | } 80 | #endif 81 | 82 | #endif /* platform_time.h */ 83 | -------------------------------------------------------------------------------- /src/mbedtls/poly1305.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file poly1305.h 3 | * 4 | * \brief This file contains Poly1305 definitions and functions. 5 | * 6 | * Poly1305 is a one-time message authenticator that can be used to 7 | * authenticate messages. Poly1305-AES was created by Daniel 8 | * Bernstein https://cr.yp.to/mac/poly1305-20050329.pdf The generic 9 | * Poly1305 algorithm (not tied to AES) was also standardized in RFC 10 | * 7539. 11 | * 12 | * \author Daniel King 13 | */ 14 | 15 | /* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. 16 | * SPDX-License-Identifier: Apache-2.0 17 | * 18 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 19 | * not use this file except in compliance with the License. 20 | * You may obtain a copy of the License at 21 | * 22 | * http://www.apache.org/licenses/LICENSE-2.0 23 | * 24 | * Unless required by applicable law or agreed to in writing, software 25 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 26 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 27 | * See the License for the specific language governing permissions and 28 | * limitations under the License. 29 | * 30 | * This file is part of Mbed TLS (https://tls.mbed.org) 31 | */ 32 | 33 | #ifndef MBEDTLS_POLY1305_H 34 | #define MBEDTLS_POLY1305_H 35 | 36 | #if !defined(MBEDTLS_CONFIG_FILE) 37 | #include "config.h" 38 | #else 39 | #include MBEDTLS_CONFIG_FILE 40 | #endif 41 | 42 | #include 43 | #include 44 | 45 | #define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057 /**< Invalid input parameter(s). */ 46 | 47 | /* MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE is deprecated and should not be 48 | * used. */ 49 | #define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE -0x0059 /**< Feature not available. For example, s part of the API is not implemented. */ 50 | 51 | /* MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED is deprecated and should not be used. 52 | */ 53 | #define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED -0x005B /**< Poly1305 hardware accelerator failed. */ 54 | 55 | #ifdef __cplusplus 56 | extern "C" { 57 | #endif 58 | 59 | #if !defined(MBEDTLS_POLY1305_ALT) 60 | 61 | typedef struct mbedtls_poly1305_context 62 | { 63 | uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */ 64 | uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */ 65 | uint32_t acc[5]; /** The accumulator number. */ 66 | uint8_t queue[16]; /** The current partial block of data. */ 67 | size_t queue_len; /** The number of bytes stored in 'queue'. */ 68 | } 69 | mbedtls_poly1305_context; 70 | 71 | #else /* MBEDTLS_POLY1305_ALT */ 72 | #include "poly1305_alt.h" 73 | #endif /* MBEDTLS_POLY1305_ALT */ 74 | 75 | /** 76 | * \brief This function initializes the specified Poly1305 context. 77 | * 78 | * It must be the first API called before using 79 | * the context. 80 | * 81 | * It is usually followed by a call to 82 | * \c mbedtls_poly1305_starts(), then one or more calls to 83 | * \c mbedtls_poly1305_update(), then one call to 84 | * \c mbedtls_poly1305_finish(), then finally 85 | * \c mbedtls_poly1305_free(). 86 | * 87 | * \param ctx The Poly1305 context to initialize. This must 88 | * not be \c NULL. 89 | */ 90 | void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ); 91 | 92 | /** 93 | * \brief This function releases and clears the specified 94 | * Poly1305 context. 95 | * 96 | * \param ctx The Poly1305 context to clear. This may be \c NULL, in which 97 | * case this function is a no-op. If it is not \c NULL, it must 98 | * point to an initialized Poly1305 context. 99 | */ 100 | void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ); 101 | 102 | /** 103 | * \brief This function sets the one-time authentication key. 104 | * 105 | * \warning The key must be unique and unpredictable for each 106 | * invocation of Poly1305. 107 | * 108 | * \param ctx The Poly1305 context to which the key should be bound. 109 | * This must be initialized. 110 | * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key. 111 | * 112 | * \return \c 0 on success. 113 | * \return A negative error code on failure. 114 | */ 115 | int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, 116 | const unsigned char key[32] ); 117 | 118 | /** 119 | * \brief This functions feeds an input buffer into an ongoing 120 | * Poly1305 computation. 121 | * 122 | * It is called between \c mbedtls_cipher_poly1305_starts() and 123 | * \c mbedtls_cipher_poly1305_finish(). 124 | * It can be called repeatedly to process a stream of data. 125 | * 126 | * \param ctx The Poly1305 context to use for the Poly1305 operation. 127 | * This must be initialized and bound to a key. 128 | * \param ilen The length of the input data in Bytes. 129 | * Any value is accepted. 130 | * \param input The buffer holding the input data. 131 | * This pointer can be \c NULL if `ilen == 0`. 132 | * 133 | * \return \c 0 on success. 134 | * \return A negative error code on failure. 135 | */ 136 | int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, 137 | const unsigned char *input, 138 | size_t ilen ); 139 | 140 | /** 141 | * \brief This function generates the Poly1305 Message 142 | * Authentication Code (MAC). 143 | * 144 | * \param ctx The Poly1305 context to use for the Poly1305 operation. 145 | * This must be initialized and bound to a key. 146 | * \param mac The buffer to where the MAC is written. This must 147 | * be a writable buffer of length \c 16 Bytes. 148 | * 149 | * \return \c 0 on success. 150 | * \return A negative error code on failure. 151 | */ 152 | int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, 153 | unsigned char mac[16] ); 154 | 155 | /** 156 | * \brief This function calculates the Poly1305 MAC of the input 157 | * buffer with the provided key. 158 | * 159 | * \warning The key must be unique and unpredictable for each 160 | * invocation of Poly1305. 161 | * 162 | * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key. 163 | * \param ilen The length of the input data in Bytes. 164 | * Any value is accepted. 165 | * \param input The buffer holding the input data. 166 | * This pointer can be \c NULL if `ilen == 0`. 167 | * \param mac The buffer to where the MAC is written. This must be 168 | * a writable buffer of length \c 16 Bytes. 169 | * 170 | * \return \c 0 on success. 171 | * \return A negative error code on failure. 172 | */ 173 | int mbedtls_poly1305_mac( const unsigned char key[32], 174 | const unsigned char *input, 175 | size_t ilen, 176 | unsigned char mac[16] ); 177 | 178 | #if defined(MBEDTLS_SELF_TEST) 179 | /** 180 | * \brief The Poly1305 checkup routine. 181 | * 182 | * \return \c 0 on success. 183 | * \return \c 1 on failure. 184 | */ 185 | int mbedtls_poly1305_self_test( int verbose ); 186 | #endif /* MBEDTLS_SELF_TEST */ 187 | 188 | #ifdef __cplusplus 189 | } 190 | #endif 191 | 192 | #endif /* MBEDTLS_POLY1305_H */ 193 | -------------------------------------------------------------------------------- /src/mbedtls/sdkconfig.h: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Automatically generated file; DO NOT EDIT. 4 | Espressif IoT Development Framework Configuration 5 | 6 | */ 7 | #ifndef SEEED_ATSDK_CONFIG 8 | #define SEEED_ATSDK_CONFIG 9 | 10 | #define CONFIG_MBEDTLS_AES_C 11 | 12 | #endif //SEEED_ATSDK_CONFIG 13 | -------------------------------------------------------------------------------- /src/mbedtls/ssl_cache.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ssl_cache.h 3 | * 4 | * \brief SSL session cache implementation 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_SSL_CACHE_H 25 | #define MBEDTLS_SSL_CACHE_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include "ssl.h" 34 | 35 | #if defined(MBEDTLS_THREADING_C) 36 | #include "threading.h" 37 | #endif 38 | 39 | /** 40 | * \name SECTION: Module settings 41 | * 42 | * The configuration options you can set for this module are in this section. 43 | * Either change them in config.h or define them on the compiler command line. 44 | * \{ 45 | */ 46 | 47 | #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT) 48 | #define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */ 49 | #endif 50 | 51 | #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES) 52 | #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */ 53 | #endif 54 | 55 | /* \} name SECTION: Module settings */ 56 | 57 | #ifdef __cplusplus 58 | extern "C" { 59 | #endif 60 | 61 | typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context; 62 | typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry; 63 | 64 | /** 65 | * \brief This structure is used for storing cache entries 66 | */ 67 | struct mbedtls_ssl_cache_entry 68 | { 69 | #if defined(MBEDTLS_HAVE_TIME) 70 | mbedtls_time_t timestamp; /*!< entry timestamp */ 71 | #endif 72 | mbedtls_ssl_session session; /*!< entry session */ 73 | #if defined(MBEDTLS_X509_CRT_PARSE_C) 74 | mbedtls_x509_buf peer_cert; /*!< entry peer_cert */ 75 | #endif 76 | mbedtls_ssl_cache_entry *next; /*!< chain pointer */ 77 | }; 78 | 79 | /** 80 | * \brief Cache context 81 | */ 82 | struct mbedtls_ssl_cache_context 83 | { 84 | mbedtls_ssl_cache_entry *chain; /*!< start of the chain */ 85 | int timeout; /*!< cache entry timeout */ 86 | int max_entries; /*!< maximum entries */ 87 | #if defined(MBEDTLS_THREADING_C) 88 | mbedtls_threading_mutex_t mutex; /*!< mutex */ 89 | #endif 90 | }; 91 | 92 | /** 93 | * \brief Initialize an SSL cache context 94 | * 95 | * \param cache SSL cache context 96 | */ 97 | void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ); 98 | 99 | /** 100 | * \brief Cache get callback implementation 101 | * (Thread-safe if MBEDTLS_THREADING_C is enabled) 102 | * 103 | * \param data SSL cache context 104 | * \param session session to retrieve entry for 105 | */ 106 | int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ); 107 | 108 | /** 109 | * \brief Cache set callback implementation 110 | * (Thread-safe if MBEDTLS_THREADING_C is enabled) 111 | * 112 | * \param data SSL cache context 113 | * \param session session to store entry for 114 | */ 115 | int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ); 116 | 117 | #if defined(MBEDTLS_HAVE_TIME) 118 | /** 119 | * \brief Set the cache timeout 120 | * (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day)) 121 | * 122 | * A timeout of 0 indicates no timeout. 123 | * 124 | * \param cache SSL cache context 125 | * \param timeout cache entry timeout in seconds 126 | */ 127 | void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout ); 128 | #endif /* MBEDTLS_HAVE_TIME */ 129 | 130 | /** 131 | * \brief Set the maximum number of cache entries 132 | * (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50)) 133 | * 134 | * \param cache SSL cache context 135 | * \param max cache entry maximum 136 | */ 137 | void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max ); 138 | 139 | /** 140 | * \brief Free referenced items in a cache context and clear memory 141 | * 142 | * \param cache SSL cache context 143 | */ 144 | void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ); 145 | 146 | #ifdef __cplusplus 147 | } 148 | #endif 149 | 150 | #endif /* ssl_cache.h */ 151 | -------------------------------------------------------------------------------- /src/mbedtls/ssl_cookie.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ssl_cookie.h 3 | * 4 | * \brief DTLS cookie callbacks implementation 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_SSL_COOKIE_H 25 | #define MBEDTLS_SSL_COOKIE_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include "ssl.h" 34 | 35 | #if defined(MBEDTLS_THREADING_C) 36 | #include "threading.h" 37 | #endif 38 | 39 | /** 40 | * \name SECTION: Module settings 41 | * 42 | * The configuration options you can set for this module are in this section. 43 | * Either change them in config.h or define them on the compiler command line. 44 | * \{ 45 | */ 46 | #ifndef MBEDTLS_SSL_COOKIE_TIMEOUT 47 | #define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 48 | #endif 49 | 50 | /* \} name SECTION: Module settings */ 51 | 52 | #ifdef __cplusplus 53 | extern "C" { 54 | #endif 55 | 56 | /** 57 | * \brief Context for the default cookie functions. 58 | */ 59 | typedef struct mbedtls_ssl_cookie_ctx 60 | { 61 | mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */ 62 | #if !defined(MBEDTLS_HAVE_TIME) 63 | unsigned long serial; /*!< serial number for expiration */ 64 | #endif 65 | unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME, 66 | or in number of tickets issued */ 67 | 68 | #if defined(MBEDTLS_THREADING_C) 69 | mbedtls_threading_mutex_t mutex; 70 | #endif 71 | } mbedtls_ssl_cookie_ctx; 72 | 73 | /** 74 | * \brief Initialize cookie context 75 | */ 76 | void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx ); 77 | 78 | /** 79 | * \brief Setup cookie context (generate keys) 80 | */ 81 | int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, 82 | int (*f_rng)(void *, unsigned char *, size_t), 83 | void *p_rng ); 84 | 85 | /** 86 | * \brief Set expiration delay for cookies 87 | * (Default MBEDTLS_SSL_COOKIE_TIMEOUT) 88 | * 89 | * \param ctx Cookie contex 90 | * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies 91 | * issued in the meantime. 92 | * 0 to disable expiration (NOT recommended) 93 | */ 94 | void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay ); 95 | 96 | /** 97 | * \brief Free cookie context 98 | */ 99 | void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ); 100 | 101 | /** 102 | * \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t 103 | */ 104 | mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write; 105 | 106 | /** 107 | * \brief Verify cookie, see \c mbedtls_ssl_cookie_write_t 108 | */ 109 | mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check; 110 | 111 | #ifdef __cplusplus 112 | } 113 | #endif 114 | 115 | #endif /* ssl_cookie.h */ 116 | -------------------------------------------------------------------------------- /src/mbedtls/ssl_ticket.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ssl_ticket.h 3 | * 4 | * \brief TLS server ticket callbacks implementation 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_SSL_TICKET_H 25 | #define MBEDTLS_SSL_TICKET_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | /* 34 | * This implementation of the session ticket callbacks includes key 35 | * management, rotating the keys periodically in order to preserve forward 36 | * secrecy, when MBEDTLS_HAVE_TIME is defined. 37 | */ 38 | 39 | #include "ssl.h" 40 | #include "cipher.h" 41 | 42 | #if defined(MBEDTLS_THREADING_C) 43 | #include "threading.h" 44 | #endif 45 | 46 | #ifdef __cplusplus 47 | extern "C" { 48 | #endif 49 | 50 | /** 51 | * \brief Information for session ticket protection 52 | */ 53 | typedef struct mbedtls_ssl_ticket_key 54 | { 55 | unsigned char name[4]; /*!< random key identifier */ 56 | uint32_t generation_time; /*!< key generation timestamp (seconds) */ 57 | mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */ 58 | } 59 | mbedtls_ssl_ticket_key; 60 | 61 | /** 62 | * \brief Context for session ticket handling functions 63 | */ 64 | typedef struct mbedtls_ssl_ticket_context 65 | { 66 | mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */ 67 | unsigned char active; /*!< index of the currently active key */ 68 | 69 | uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */ 70 | 71 | /** Callback for getting (pseudo-)random numbers */ 72 | int (*f_rng)(void *, unsigned char *, size_t); 73 | void *p_rng; /*!< context for the RNG function */ 74 | 75 | #if defined(MBEDTLS_THREADING_C) 76 | mbedtls_threading_mutex_t mutex; 77 | #endif 78 | } 79 | mbedtls_ssl_ticket_context; 80 | 81 | /** 82 | * \brief Initialize a ticket context. 83 | * (Just make it ready for mbedtls_ssl_ticket_setup() 84 | * or mbedtls_ssl_ticket_free().) 85 | * 86 | * \param ctx Context to be initialized 87 | */ 88 | void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); 89 | 90 | /** 91 | * \brief Prepare context to be actually used 92 | * 93 | * \param ctx Context to be set up 94 | * \param f_rng RNG callback function 95 | * \param p_rng RNG callback context 96 | * \param cipher AEAD cipher to use for ticket protection. 97 | * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. 98 | * \param lifetime Tickets lifetime in seconds 99 | * Recommended value: 86400 (one day). 100 | * 101 | * \note It is highly recommended to select a cipher that is at 102 | * least as strong as the the strongest ciphersuite 103 | * supported. Usually that means a 256-bit key. 104 | * 105 | * \note The lifetime of the keys is twice the lifetime of tickets. 106 | * It is recommended to pick a reasonnable lifetime so as not 107 | * to negate the benefits of forward secrecy. 108 | * 109 | * \return 0 if successful, 110 | * or a specific MBEDTLS_ERR_XXX error code 111 | */ 112 | int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, 113 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 114 | mbedtls_cipher_type_t cipher, 115 | uint32_t lifetime ); 116 | 117 | /** 118 | * \brief Implementation of the ticket write callback 119 | * 120 | * \note See \c mbedlts_ssl_ticket_write_t for description 121 | */ 122 | mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write; 123 | 124 | /** 125 | * \brief Implementation of the ticket parse callback 126 | * 127 | * \note See \c mbedlts_ssl_ticket_parse_t for description 128 | */ 129 | mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; 130 | 131 | /** 132 | * \brief Free a context's content and zeroize it. 133 | * 134 | * \param ctx Context to be cleaned up 135 | */ 136 | void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ); 137 | 138 | #ifdef __cplusplus 139 | } 140 | #endif 141 | 142 | #endif /* ssl_ticket.h */ 143 | -------------------------------------------------------------------------------- /src/mbedtls/threading.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file threading.h 3 | * 4 | * \brief Threading abstraction layer 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_THREADING_H 25 | #define MBEDTLS_THREADING_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include 34 | 35 | #ifdef __cplusplus 36 | extern "C" { 37 | #endif 38 | 39 | /* MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE is deprecated and should not be 40 | * used. */ 41 | #define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE -0x001A /**< The selected feature is not available. */ 42 | 43 | #define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C /**< Bad input parameters to function. */ 44 | #define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E /**< Locking / unlocking / free failed with error code. */ 45 | 46 | #if defined(MBEDTLS_THREADING_PTHREAD) 47 | #include 48 | typedef struct mbedtls_threading_mutex_t 49 | { 50 | pthread_mutex_t mutex; 51 | char is_valid; 52 | } mbedtls_threading_mutex_t; 53 | #endif 54 | 55 | #if defined(MBEDTLS_THREADING_ALT) 56 | /* You should define the mbedtls_threading_mutex_t type in your header */ 57 | #include "threading_alt.h" 58 | 59 | /** 60 | * \brief Set your alternate threading implementation function 61 | * pointers and initialize global mutexes. If used, this 62 | * function must be called once in the main thread before any 63 | * other mbed TLS function is called, and 64 | * mbedtls_threading_free_alt() must be called once in the main 65 | * thread after all other mbed TLS functions. 66 | * 67 | * \note mutex_init() and mutex_free() don't return a status code. 68 | * If mutex_init() fails, it should leave its argument (the 69 | * mutex) in a state such that mutex_lock() will fail when 70 | * called with this argument. 71 | * 72 | * \param mutex_init the init function implementation 73 | * \param mutex_free the free function implementation 74 | * \param mutex_lock the lock function implementation 75 | * \param mutex_unlock the unlock function implementation 76 | */ 77 | void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ), 78 | void (*mutex_free)( mbedtls_threading_mutex_t * ), 79 | int (*mutex_lock)( mbedtls_threading_mutex_t * ), 80 | int (*mutex_unlock)( mbedtls_threading_mutex_t * ) ); 81 | 82 | /** 83 | * \brief Free global mutexes. 84 | */ 85 | void mbedtls_threading_free_alt( void ); 86 | #endif /* MBEDTLS_THREADING_ALT */ 87 | 88 | #if defined(MBEDTLS_THREADING_C) 89 | /* 90 | * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock 91 | * 92 | * All these functions are expected to work or the result will be undefined. 93 | */ 94 | extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex ); 95 | extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex ); 96 | extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex ); 97 | extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); 98 | 99 | /* 100 | * Global mutexes 101 | */ 102 | #if defined(MBEDTLS_FS_IO) 103 | extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; 104 | #endif 105 | 106 | #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) 107 | /* This mutex may or may not be used in the default definition of 108 | * mbedtls_platform_gmtime_r(), but in order to determine that, 109 | * we need to check POSIX features, hence modify _POSIX_C_SOURCE. 110 | * With the current approach, this declaration is orphaned, lacking 111 | * an accompanying definition, in case mbedtls_platform_gmtime_r() 112 | * doesn't need it, but that's not a problem. */ 113 | extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; 114 | #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ 115 | 116 | #endif /* MBEDTLS_THREADING_C */ 117 | 118 | #ifdef __cplusplus 119 | } 120 | #endif 121 | 122 | #endif /* threading.h */ 123 | -------------------------------------------------------------------------------- /src/mbedtls/timing.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file timing.h 3 | * 4 | * \brief Portable interface to timeouts and to the CPU cycle counter 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_TIMING_H 25 | #define MBEDTLS_TIMING_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include 34 | 35 | #ifdef __cplusplus 36 | extern "C" { 37 | #endif 38 | 39 | #if !defined(MBEDTLS_TIMING_ALT) 40 | // Regular implementation 41 | // 42 | 43 | /** 44 | * \brief timer structure 45 | */ 46 | struct mbedtls_timing_hr_time 47 | { 48 | unsigned char opaque[32]; 49 | }; 50 | 51 | /** 52 | * \brief Context for mbedtls_timing_set/get_delay() 53 | */ 54 | typedef struct mbedtls_timing_delay_context 55 | { 56 | struct mbedtls_timing_hr_time timer; 57 | uint32_t int_ms; 58 | uint32_t fin_ms; 59 | } mbedtls_timing_delay_context; 60 | 61 | #else /* MBEDTLS_TIMING_ALT */ 62 | #include "timing_alt.h" 63 | #endif /* MBEDTLS_TIMING_ALT */ 64 | 65 | extern volatile int mbedtls_timing_alarmed; 66 | 67 | /** 68 | * \brief Return the CPU cycle counter value 69 | * 70 | * \warning This is only a best effort! Do not rely on this! 71 | * In particular, it is known to be unreliable on virtual 72 | * machines. 73 | * 74 | * \note This value starts at an unspecified origin and 75 | * may wrap around. 76 | */ 77 | unsigned long mbedtls_timing_hardclock( void ); 78 | 79 | /** 80 | * \brief Return the elapsed time in milliseconds 81 | * 82 | * \param val points to a timer structure 83 | * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. 84 | * 85 | * \return Elapsed time since the previous reset in ms. When 86 | * restarting, this is always 0. 87 | * 88 | * \note To initialize a timer, call this function with reset=1. 89 | * 90 | * Determining the elapsed time and resetting the timer is not 91 | * atomic on all platforms, so after the sequence 92 | * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = 93 | * get_timer(0) }` the value time1+time2 is only approximately 94 | * the delay since the first reset. 95 | */ 96 | unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); 97 | 98 | /** 99 | * \brief Setup an alarm clock 100 | * 101 | * \param seconds delay before the "mbedtls_timing_alarmed" flag is set 102 | * (must be >=0) 103 | * 104 | * \warning Only one alarm at a time is supported. In a threaded 105 | * context, this means one for the whole process, not one per 106 | * thread. 107 | */ 108 | void mbedtls_set_alarm( int seconds ); 109 | 110 | /** 111 | * \brief Set a pair of delays to watch 112 | * (See \c mbedtls_timing_get_delay().) 113 | * 114 | * \param data Pointer to timing data. 115 | * Must point to a valid \c mbedtls_timing_delay_context struct. 116 | * \param int_ms First (intermediate) delay in milliseconds. 117 | * The effect if int_ms > fin_ms is unspecified. 118 | * \param fin_ms Second (final) delay in milliseconds. 119 | * Pass 0 to cancel the current delay. 120 | * 121 | * \note To set a single delay, either use \c mbedtls_timing_set_timer 122 | * directly or use this function with int_ms == fin_ms. 123 | */ 124 | void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); 125 | 126 | /** 127 | * \brief Get the status of delays 128 | * (Memory helper: number of delays passed.) 129 | * 130 | * \param data Pointer to timing data 131 | * Must point to a valid \c mbedtls_timing_delay_context struct. 132 | * 133 | * \return -1 if cancelled (fin_ms = 0), 134 | * 0 if none of the delays are passed, 135 | * 1 if only the intermediate delay is passed, 136 | * 2 if the final delay is passed. 137 | */ 138 | int mbedtls_timing_get_delay( void *data ); 139 | 140 | #if defined(MBEDTLS_SELF_TEST) 141 | /** 142 | * \brief Checkup routine 143 | * 144 | * \return 0 if successful, or 1 if a test failed 145 | */ 146 | int mbedtls_timing_self_test( int verbose ); 147 | #endif 148 | 149 | #ifdef __cplusplus 150 | } 151 | #endif 152 | 153 | #endif /* timing.h */ 154 | -------------------------------------------------------------------------------- /src/mbedtls/version.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file version.h 3 | * 4 | * \brief Run-time version information 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | /* 25 | * This set of compile-time defines and run-time variables can be used to 26 | * determine the version number of the mbed TLS library used. 27 | */ 28 | #ifndef MBEDTLS_VERSION_H 29 | #define MBEDTLS_VERSION_H 30 | 31 | #if !defined(MBEDTLS_CONFIG_FILE) 32 | #include "config.h" 33 | #else 34 | #include MBEDTLS_CONFIG_FILE 35 | #endif 36 | 37 | /** 38 | * The version number x.y.z is split into three parts. 39 | * Major, Minor, Patchlevel 40 | */ 41 | #define MBEDTLS_VERSION_MAJOR 2 42 | #define MBEDTLS_VERSION_MINOR 16 43 | #define MBEDTLS_VERSION_PATCH 2 44 | 45 | /** 46 | * The single version number has the following structure: 47 | * MMNNPP00 48 | * Major version | Minor version | Patch version 49 | */ 50 | #define MBEDTLS_VERSION_NUMBER 0x02100200 51 | #define MBEDTLS_VERSION_STRING "2.16.2" 52 | #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.2" 53 | 54 | #if defined(MBEDTLS_VERSION_C) 55 | 56 | #ifdef __cplusplus 57 | extern "C" { 58 | #endif 59 | 60 | /** 61 | * Get the version number. 62 | * 63 | * \return The constructed version number in the format 64 | * MMNNPP00 (Major, Minor, Patch). 65 | */ 66 | unsigned int mbedtls_version_get_number( void ); 67 | 68 | /** 69 | * Get the version string ("x.y.z"). 70 | * 71 | * \param string The string that will receive the value. 72 | * (Should be at least 9 bytes in size) 73 | */ 74 | void mbedtls_version_get_string( char *string ); 75 | 76 | /** 77 | * Get the full version string ("mbed TLS x.y.z"). 78 | * 79 | * \param string The string that will receive the value. The mbed TLS version 80 | * string will use 18 bytes AT MOST including a terminating 81 | * null byte. 82 | * (So the buffer should be at least 18 bytes to receive this 83 | * version string). 84 | */ 85 | void mbedtls_version_get_string_full( char *string ); 86 | 87 | /** 88 | * \brief Check if support for a feature was compiled into this 89 | * mbed TLS binary. This allows you to see at runtime if the 90 | * library was for instance compiled with or without 91 | * Multi-threading support. 92 | * 93 | * \note only checks against defines in the sections "System 94 | * support", "mbed TLS modules" and "mbed TLS feature 95 | * support" in config.h 96 | * 97 | * \param feature The string for the define to check (e.g. "MBEDTLS_AES_C") 98 | * 99 | * \return 0 if the feature is present, 100 | * -1 if the feature is not present and 101 | * -2 if support for feature checking as a whole was not 102 | * compiled in. 103 | */ 104 | int mbedtls_version_check_feature( const char *feature ); 105 | 106 | #ifdef __cplusplus 107 | } 108 | #endif 109 | 110 | #endif /* MBEDTLS_VERSION_C */ 111 | 112 | #endif /* version.h */ 113 | -------------------------------------------------------------------------------- /src/mbedtls/x509_crl.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file x509_crl.h 3 | * 4 | * \brief X.509 certificate revocation list parsing 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_X509_CRL_H 25 | #define MBEDTLS_X509_CRL_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include "x509.h" 34 | 35 | #ifdef __cplusplus 36 | extern "C" { 37 | #endif 38 | 39 | /** 40 | * \addtogroup x509_module 41 | * \{ */ 42 | 43 | /** 44 | * \name Structures and functions for parsing CRLs 45 | * \{ 46 | */ 47 | 48 | /** 49 | * Certificate revocation list entry. 50 | * Contains the CA-specific serial numbers and revocation dates. 51 | */ 52 | typedef struct mbedtls_x509_crl_entry 53 | { 54 | mbedtls_x509_buf raw; 55 | 56 | mbedtls_x509_buf serial; 57 | 58 | mbedtls_x509_time revocation_date; 59 | 60 | mbedtls_x509_buf entry_ext; 61 | 62 | struct mbedtls_x509_crl_entry *next; 63 | } 64 | mbedtls_x509_crl_entry; 65 | 66 | /** 67 | * Certificate revocation list structure. 68 | * Every CRL may have multiple entries. 69 | */ 70 | typedef struct mbedtls_x509_crl 71 | { 72 | mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ 73 | mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ 74 | 75 | int version; /**< CRL version (1=v1, 2=v2) */ 76 | mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ 77 | 78 | mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */ 79 | 80 | mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ 81 | 82 | mbedtls_x509_time this_update; 83 | mbedtls_x509_time next_update; 84 | 85 | mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */ 86 | 87 | mbedtls_x509_buf crl_ext; 88 | 89 | mbedtls_x509_buf sig_oid2; 90 | mbedtls_x509_buf sig; 91 | mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ 92 | mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ 93 | void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ 94 | 95 | struct mbedtls_x509_crl *next; 96 | } 97 | mbedtls_x509_crl; 98 | 99 | /** 100 | * \brief Parse a DER-encoded CRL and append it to the chained list 101 | * 102 | * \param chain points to the start of the chain 103 | * \param buf buffer holding the CRL data in DER format 104 | * \param buflen size of the buffer 105 | * (including the terminating null byte for PEM data) 106 | * 107 | * \return 0 if successful, or a specific X509 or PEM error code 108 | */ 109 | int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, 110 | const unsigned char *buf, size_t buflen ); 111 | /** 112 | * \brief Parse one or more CRLs and append them to the chained list 113 | * 114 | * \note Mutliple CRLs are accepted only if using PEM format 115 | * 116 | * \param chain points to the start of the chain 117 | * \param buf buffer holding the CRL data in PEM or DER format 118 | * \param buflen size of the buffer 119 | * (including the terminating null byte for PEM data) 120 | * 121 | * \return 0 if successful, or a specific X509 or PEM error code 122 | */ 123 | int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ); 124 | 125 | #if defined(MBEDTLS_FS_IO) 126 | /** 127 | * \brief Load one or more CRLs and append them to the chained list 128 | * 129 | * \note Mutliple CRLs are accepted only if using PEM format 130 | * 131 | * \param chain points to the start of the chain 132 | * \param path filename to read the CRLs from (in PEM or DER encoding) 133 | * 134 | * \return 0 if successful, or a specific X509 or PEM error code 135 | */ 136 | int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); 137 | #endif /* MBEDTLS_FS_IO */ 138 | 139 | /** 140 | * \brief Returns an informational string about the CRL. 141 | * 142 | * \param buf Buffer to write to 143 | * \param size Maximum size of buffer 144 | * \param prefix A line prefix 145 | * \param crl The X509 CRL to represent 146 | * 147 | * \return The length of the string written (not including the 148 | * terminated nul byte), or a negative error code. 149 | */ 150 | int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, 151 | const mbedtls_x509_crl *crl ); 152 | 153 | /** 154 | * \brief Initialize a CRL (chain) 155 | * 156 | * \param crl CRL chain to initialize 157 | */ 158 | void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ); 159 | 160 | /** 161 | * \brief Unallocate all CRL data 162 | * 163 | * \param crl CRL chain to free 164 | */ 165 | void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ); 166 | 167 | /* \} name */ 168 | /* \} addtogroup x509_module */ 169 | 170 | #ifdef __cplusplus 171 | } 172 | #endif 173 | 174 | #endif /* mbedtls_x509_crl.h */ 175 | -------------------------------------------------------------------------------- /src/mbedtls/xtea.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file xtea.h 3 | * 4 | * \brief XTEA block cipher (32-bit) 5 | */ 6 | /* 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_XTEA_H 25 | #define MBEDTLS_XTEA_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include 34 | #include 35 | 36 | #define MBEDTLS_XTEA_ENCRYPT 1 37 | #define MBEDTLS_XTEA_DECRYPT 0 38 | 39 | #define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */ 40 | 41 | /* MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED is deprecated and should not be used. */ 42 | #define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */ 43 | 44 | #ifdef __cplusplus 45 | extern "C" { 46 | #endif 47 | 48 | #if !defined(MBEDTLS_XTEA_ALT) 49 | // Regular implementation 50 | // 51 | 52 | /** 53 | * \brief XTEA context structure 54 | */ 55 | typedef struct mbedtls_xtea_context 56 | { 57 | uint32_t k[4]; /*!< key */ 58 | } 59 | mbedtls_xtea_context; 60 | 61 | #else /* MBEDTLS_XTEA_ALT */ 62 | #include "xtea_alt.h" 63 | #endif /* MBEDTLS_XTEA_ALT */ 64 | 65 | /** 66 | * \brief Initialize XTEA context 67 | * 68 | * \param ctx XTEA context to be initialized 69 | */ 70 | void mbedtls_xtea_init( mbedtls_xtea_context *ctx ); 71 | 72 | /** 73 | * \brief Clear XTEA context 74 | * 75 | * \param ctx XTEA context to be cleared 76 | */ 77 | void mbedtls_xtea_free( mbedtls_xtea_context *ctx ); 78 | 79 | /** 80 | * \brief XTEA key schedule 81 | * 82 | * \param ctx XTEA context to be initialized 83 | * \param key the secret key 84 | */ 85 | void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] ); 86 | 87 | /** 88 | * \brief XTEA cipher function 89 | * 90 | * \param ctx XTEA context 91 | * \param mode MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT 92 | * \param input 8-byte input block 93 | * \param output 8-byte output block 94 | * 95 | * \return 0 if successful 96 | */ 97 | int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, 98 | int mode, 99 | const unsigned char input[8], 100 | unsigned char output[8] ); 101 | 102 | #if defined(MBEDTLS_CIPHER_MODE_CBC) 103 | /** 104 | * \brief XTEA CBC cipher function 105 | * 106 | * \param ctx XTEA context 107 | * \param mode MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT 108 | * \param length the length of input, multiple of 8 109 | * \param iv initialization vector for CBC mode 110 | * \param input input block 111 | * \param output output block 112 | * 113 | * \return 0 if successful, 114 | * MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0 115 | */ 116 | int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, 117 | int mode, 118 | size_t length, 119 | unsigned char iv[8], 120 | const unsigned char *input, 121 | unsigned char *output); 122 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ 123 | 124 | #if defined(MBEDTLS_SELF_TEST) 125 | 126 | /** 127 | * \brief Checkup routine 128 | * 129 | * \return 0 if successful, or 1 if the test failed 130 | */ 131 | int mbedtls_xtea_self_test( int verbose ); 132 | 133 | #endif /* MBEDTLS_SELF_TEST */ 134 | 135 | #ifdef __cplusplus 136 | } 137 | #endif 138 | 139 | #endif /* xtea.h */ 140 | -------------------------------------------------------------------------------- /src/port/esp_hardware.c: -------------------------------------------------------------------------------- 1 | #if !defined(MBEDTLS_CONFIG_FILE) 2 | #include "mbedtls/config.h" 3 | #else 4 | #include MBEDTLS_CONFIG_FILE 5 | #endif 6 | 7 | #include "Arduino.h" 8 | #include 9 | #include 10 | #include 11 | //#include 12 | 13 | #include "mbedtls/entropy_poll.h" 14 | 15 | #ifndef MBEDTLS_ENTROPY_HARDWARE_ALT 16 | #error "MBEDTLS_ENTROPY_HARDWARE_ALT should always be set in ESP-IDF" 17 | #endif 18 | 19 | int mbedtls_hardware_poll( void *data, 20 | unsigned char *output, size_t len, size_t *olen ) 21 | { 22 | static int srand_set; 23 | size_t i; 24 | 25 | // prevent warning 26 | data = data; 27 | 28 | if (!srand_set) { 29 | srand_set = 1; 30 | srand(micros()); 31 | } 32 | for (i = 0; i < len; i++) { 33 | output[i] = rand() % 0x100; 34 | } 35 | *olen = len; 36 | return 0; 37 | } 38 | 39 | 40 | -------------------------------------------------------------------------------- /src/port/esp_mem.c: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Espressif Systems (Shanghai) PTE LTD 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | #include 17 | #define IRAM_ATTR 18 | 19 | #ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC 20 | 21 | IRAM_ATTR void *esp_mbedtls_mem_calloc(size_t n, size_t size) 22 | { 23 | #ifdef CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC 24 | return heap_caps_calloc(n, size, MALLOC_CAP_INTERNAL|MALLOC_CAP_8BIT); 25 | #elif CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC 26 | return heap_caps_calloc(n, size, MALLOC_CAP_SPIRAM|MALLOC_CAP_8BIT); 27 | #else 28 | return calloc(n, size); 29 | #endif 30 | } 31 | 32 | IRAM_ATTR void esp_mbedtls_mem_free(void *ptr) 33 | { 34 | return free(ptr); 35 | } 36 | 37 | #endif /* !CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC */ 38 | -------------------------------------------------------------------------------- /src/port/mbedtls_debug.c: -------------------------------------------------------------------------------- 1 | // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | 17 | //#include "esp_log.h" 18 | #include "mbedtls/platform.h" 19 | #include "mbedtls/debug.h" 20 | #include "mbedtls/ssl.h" 21 | #include "mbedtls/esp_debug.h" 22 | //#include "esp_hal_log.h" 23 | 24 | #ifdef CONFIG_MBEDTLS_DEBUG 25 | static const char *TAG = "mbedtls"; 26 | 27 | static void mbedtls_esp_debug(void *ctx, int level, 28 | const char *file, int line, 29 | const char *str); 30 | 31 | void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold) 32 | { 33 | unsigned char level = 0; 34 | mbedtls_debug_set_threshold(threshold); 35 | mbedtls_ssl_conf_dbg(conf, mbedtls_esp_debug, NULL); 36 | if (threshold < 6) 37 | level = threshold; 38 | // esp_log_level_set(TAG, level); 39 | } 40 | 41 | void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf) 42 | { 43 | mbedtls_ssl_conf_dbg(conf, NULL, NULL); 44 | } 45 | 46 | 47 | /* Default mbedtls debug function that translates mbedTLS debug output 48 | to ESP_LOGx debug output. 49 | */ 50 | static void mbedtls_esp_debug(void *ctx, int level, 51 | const char *file, int line, 52 | const char *str) 53 | { 54 | char *file_sep; 55 | 56 | /* Shorten 'file' from the whole file path to just the filename 57 | 58 | This is a bit wasteful because the macros are compiled in with 59 | the full _FILE_ path in each case. 60 | */ 61 | file_sep = strrchr(file, '/'); 62 | if(file_sep) 63 | file = file_sep+1; 64 | 65 | switch(level) { 66 | case 1: 67 | // ESP_LOGW(TAG, "%s:%d %s", file, line, str); 68 | xprintf("%s:%d %s\r\n", file, line, str); 69 | break; 70 | case 2: 71 | // ESP_LOGI(TAG, "%s:%d %s", file, line, str); 72 | xprintf("%s:%d %s\r\n", file, line, str); 73 | break; 74 | case 3: 75 | // ESP_LOGD(TAG, "%s:%d %s", file, line, str); 76 | xprintf("%s:%d %s\r\n", file, line, str); 77 | break; 78 | case 4: 79 | // ESP_LOGV(TAG, "%s:%d %s", file, line, str); 80 | xprintf("%s:%d %s\r\n", file, line, str); 81 | break; 82 | default: 83 | ESP_LOGE(TAG, "Unexpected log level %d: %s", level, str); 84 | break; 85 | } 86 | } 87 | #endif 88 | -------------------------------------------------------------------------------- /src/sha1_alt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SHA-1 implementation with hardware ESP32 support added. 3 | * Uses mbedTLS software implementation for failover when concurrent 4 | * SHA operations are in use. 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | */ 23 | #ifndef _SHA1_ALT_H_ 24 | #define _SHA1_ALT_H_ 25 | 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | 30 | #if defined(MBEDTLS_SHA1_ALT) 31 | 32 | typedef enum { 33 | ESP_MBEDTLS_SHA1_UNUSED, /* first block hasn't been processed yet */ 34 | ESP_MBEDTLS_SHA1_HARDWARE, /* using hardware SHA engine */ 35 | ESP_MBEDTLS_SHA1_SOFTWARE, /* using software SHA */ 36 | } esp_mbedtls_sha1_mode; 37 | 38 | /** 39 | * \brief SHA-1 context structure 40 | */ 41 | typedef struct 42 | { 43 | uint32_t total[2]; /*!< number of bytes processed */ 44 | uint32_t state[5]; /*!< intermediate digest state */ 45 | unsigned char buffer[64]; /*!< data block being processed */ 46 | esp_mbedtls_sha1_mode mode; 47 | } 48 | mbedtls_sha1_context; 49 | 50 | #endif 51 | 52 | #ifdef __cplusplus 53 | } 54 | #endif 55 | 56 | #endif 57 | 58 | -------------------------------------------------------------------------------- /src/sha256_alt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SHA-256 implementation with hardware ESP32 support added. 3 | * Uses mbedTLS software implementation for failover when concurrent 4 | * SHA operations are in use. 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | */ 23 | #ifndef _SHA256_ALT_H_ 24 | #define _SHA256_ALT_H_ 25 | 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | 30 | #if defined(MBEDTLS_SHA256_ALT) 31 | 32 | typedef enum { 33 | ESP_MBEDTLS_SHA256_UNUSED, /* first block hasn't been processed yet */ 34 | ESP_MBEDTLS_SHA256_HARDWARE, /* using hardware SHA engine */ 35 | ESP_MBEDTLS_SHA256_SOFTWARE, /* using software SHA */ 36 | } esp_mbedtls_sha256_mode; 37 | 38 | /** 39 | * \brief SHA-256 context structure 40 | */ 41 | typedef struct 42 | { 43 | uint32_t total[2]; /*!< number of bytes processed */ 44 | uint32_t state[8]; /*!< intermediate digest state */ 45 | unsigned char buffer[64]; /*!< data block being processed */ 46 | int is224; /*!< 0 => SHA-256, else SHA-224 */ 47 | esp_mbedtls_sha256_mode mode; 48 | } 49 | mbedtls_sha256_context; 50 | 51 | #endif 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /src/sha512_alt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SHA-512 implementation with hardware ESP32 support added. 3 | * Uses mbedTLS software implementation for failover when concurrent 4 | * SHA operations are in use. 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | */ 23 | #ifndef _SHA512_ALT_H_ 24 | #define _SHA512_ALT_H_ 25 | 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | 30 | #if defined(MBEDTLS_SHA512_ALT) 31 | 32 | typedef enum { 33 | ESP_MBEDTLS_SHA512_UNUSED, /* first block hasn't been processed yet */ 34 | ESP_MBEDTLS_SHA512_HARDWARE, /* using hardware SHA engine */ 35 | ESP_MBEDTLS_SHA512_SOFTWARE, /* using software SHA */ 36 | } esp_mbedtls_sha512_mode; 37 | 38 | /** 39 | * \brief SHA-512 context structure 40 | */ 41 | typedef struct 42 | { 43 | uint64_t total[2]; /*!< number of bytes processed */ 44 | uint64_t state[8]; /*!< intermediate digest state */ 45 | unsigned char buffer[128]; /*!< data block being processed */ 46 | int is384; /*!< 0 => SHA-512, else SHA-384 */ 47 | esp_mbedtls_sha512_mode mode; 48 | } 49 | mbedtls_sha512_context; 50 | 51 | #endif 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | #endif 58 | --------------------------------------------------------------------------------