├── README.md ├── examples ├── a1-example │ └── a1-example.ino └── a2-example │ └── a2-example.ino ├── library.properties ├── license.txt └── src ├── MQTT-TLS.cpp ├── MQTT-TLS.h ├── MQTT-TLS └── MQTT-TLS.h └── mbedtls ├── .DS_Store ├── include ├── .DS_Store ├── mbedtls │ ├── .DS_Store │ ├── aes.h │ ├── aria.h │ ├── asn1.h │ ├── asn1write.h │ ├── base64.h │ ├── bignum.h │ ├── build_info.h │ ├── camellia.h │ ├── ccm.h │ ├── chacha20.h │ ├── chachapoly.h │ ├── check_config.h │ ├── cipher.h │ ├── cmac.h │ ├── compat-2.x.h │ ├── config_psa.h │ ├── constant_time.h │ ├── ctr_drbg.h │ ├── debug.h │ ├── des.h │ ├── dhm.h │ ├── ecdh.h │ ├── ecdsa.h │ ├── ecjpake.h │ ├── ecp.h │ ├── entropy.h │ ├── error.h │ ├── gcm.h │ ├── hkdf.h │ ├── hmac_drbg.h │ ├── mbedtls_config.h │ ├── mbedtls_config.h.org │ ├── md.h │ ├── md5.h │ ├── memory_buffer_alloc.h │ ├── net_sockets.h │ ├── nist_kw.h │ ├── oid.h │ ├── pem.h │ ├── pk.h │ ├── pkcs12.h │ ├── pkcs5.h │ ├── platform.h │ ├── platform_time.h │ ├── platform_util.h │ ├── poly1305.h │ ├── private_access.h │ ├── psa_util.h │ ├── ripemd160.h │ ├── rsa.h │ ├── sha1.h │ ├── sha256.h │ ├── sha512.h │ ├── ssl.h │ ├── ssl_cache.h │ ├── ssl_ciphersuites.h │ ├── ssl_cookie.h │ ├── ssl_ticket.h │ ├── threading.h │ ├── timing.h │ ├── version.h │ ├── x509.h │ ├── x509_crl.h │ ├── x509_crt.h │ └── x509_csr.h └── psa │ ├── .DS_Store │ ├── crypto.h │ ├── crypto_builtin_composites.h │ ├── crypto_builtin_primitives.h │ ├── crypto_compat.h │ ├── crypto_config.h │ ├── crypto_driver_common.h │ ├── crypto_driver_contexts_composites.h │ ├── crypto_driver_contexts_primitives.h │ ├── crypto_extra.h │ ├── crypto_platform.h │ ├── crypto_se_driver.h │ ├── crypto_sizes.h │ ├── crypto_struct.h │ ├── crypto_types.h │ └── crypto_values.h └── library ├── .DS_Store ├── aes.c ├── aesni.c ├── aesni.h ├── aria.c ├── asn1parse.c ├── asn1write.c ├── base64.c ├── bignum.c ├── bn_mul.h ├── camellia.c ├── ccm.c ├── chacha20.c ├── chachapoly.c ├── check_crypto_config.h ├── cipher.c ├── cipher_wrap.c ├── cipher_wrap.h ├── cmac.c ├── common.h ├── constant_time.c ├── constant_time_internal.h ├── constant_time_invasive.h ├── ctr_drbg.c ├── debug.c ├── des.c ├── dhm.c ├── ecdh.c ├── ecdh_misc.h ├── ecdsa.c ├── ecjpake.c ├── ecp.c ├── ecp_curves.c ├── ecp_internal_alt.h ├── ecp_invasive.h ├── entropy.c ├── entropy_poll.c ├── entropy_poll.h ├── error.c ├── gcm.c ├── hkdf.c ├── hmac_drbg.c ├── md.c ├── md5.c ├── md_wrap.h ├── memory_buffer_alloc.c ├── mps_common.h ├── mps_error.h ├── mps_reader.c ├── mps_reader.h ├── mps_trace.c ├── mps_trace.h ├── net_sockets.c ├── nist_kw.c ├── oid.c ├── padlock.c ├── padlock.h ├── pem.c ├── pk.c ├── pk_wrap.c ├── pk_wrap.h ├── pkcs12.c ├── pkcs5.c ├── pkparse.c ├── pkwrite.c ├── platform.c ├── platform_util.c ├── poly1305.c ├── psa_crypto.c ├── psa_crypto_aead.c ├── psa_crypto_aead.h ├── psa_crypto_cipher.c ├── psa_crypto_cipher.h ├── psa_crypto_client.c ├── psa_crypto_core.h ├── psa_crypto_driver_wrappers.c ├── psa_crypto_driver_wrappers.h ├── psa_crypto_ecp.c ├── psa_crypto_ecp.h ├── psa_crypto_hash.c ├── psa_crypto_hash.h ├── psa_crypto_invasive.h ├── psa_crypto_its.h ├── psa_crypto_mac.c ├── psa_crypto_mac.h ├── psa_crypto_random_impl.h ├── psa_crypto_rsa.c ├── psa_crypto_rsa.h ├── psa_crypto_se.c ├── psa_crypto_se.h ├── psa_crypto_slot_management.c ├── psa_crypto_slot_management.h ├── psa_crypto_storage.c ├── psa_crypto_storage.h ├── psa_its_file.c ├── ripemd160.c ├── rsa.c ├── rsa_alt_helpers.c ├── rsa_alt_helpers.h ├── sha1.c ├── sha256.c ├── sha512.c ├── ssl_cache.c ├── ssl_ciphersuites.c ├── ssl_cli.c ├── ssl_cookie.c ├── ssl_debug_helpers_generated.c ├── ssl_debug_helpers_generated.h ├── ssl_misc.h ├── ssl_msg.c ├── ssl_srv.c ├── ssl_ticket.c ├── ssl_tls.c ├── ssl_tls13_client.c ├── ssl_tls13_generic.c ├── ssl_tls13_keys.c ├── ssl_tls13_keys.h ├── ssl_tls13_server.c ├── threading.c ├── timing.c ├── version.c ├── version_features.c ├── x509.c ├── x509_create.c ├── x509_crl.c ├── x509_crt.c ├── x509_csr.c ├── x509write_crt.c └── x509write_csr.c /examples/a1-example/a1-example.ino: -------------------------------------------------------------------------------- 1 | #include "MQTT-TLS.h" 2 | 3 | void callback(char* topic, byte* payload, unsigned int length); 4 | 5 | #define LET_ENCRYPT_CA_PEM \ 6 | "-----BEGIN CERTIFICATE----- \r\n" \ 7 | "MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAw\r\n" \ 8 | "TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\r\n" \ 9 | "cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1\r\n" \ 10 | "WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\r\n" \ 11 | "RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEi\r\n" \ 12 | "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX\r\n" \ 13 | "NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf\r\n" \ 14 | "89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl\r\n" \ 15 | "Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc\r\n" \ 16 | "Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz\r\n" \ 17 | "uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB\r\n" \ 18 | "AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU\r\n" \ 19 | "BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB\r\n" \ 20 | "FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo\r\n" \ 21 | "SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js\r\n" \ 22 | "LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF\r\n" \ 23 | "BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG\r\n" \ 24 | "AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD\r\n" \ 25 | "VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB\r\n" \ 26 | "ABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGx\r\n" \ 27 | "A/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRM\r\n" \ 28 | "UM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2\r\n" \ 29 | "DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1\r\n" \ 30 | "eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOu\r\n" \ 31 | "OsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vw\r\n" \ 32 | "p7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY\r\n" \ 33 | "2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0\r\n" \ 34 | "ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKR\r\n" \ 35 | "PB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5b\r\n" \ 36 | "rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt\r\n" \ 37 | "-----END CERTIFICATE----- " 38 | const char letencryptCaPem[] = LET_ENCRYPT_CA_PEM; 39 | 40 | /** 41 | * if want to use IP address, 42 | * byte server[] = { XXX,XXX,XXX,XXX }; 43 | * MQTT client(server, 1883, callback); 44 | * want to use domain name, 45 | * MQTT client("www.sample.com", 1883, callback); 46 | * iot.eclipse.org is Eclipse Open MQTT Broker: https://iot.eclipse.org/getting-started 47 | **/ 48 | MQTT client("mqtt.eclipse.org", 8883, callback); 49 | 50 | // recieve message 51 | void callback(char* topic, byte* payload, unsigned int length) { 52 | char p[length + 1]; 53 | memcpy(p, payload, length); 54 | p[length] = NULL; 55 | String message(p); 56 | 57 | if (message.equals("RED")) 58 | RGB.color(255, 0, 0); 59 | else if (message.equals("GREEN")) 60 | RGB.color(0, 255, 0); 61 | else if (message.equals("BLUE")) 62 | RGB.color(0, 0, 255); 63 | else 64 | RGB.color(255, 255, 255); 65 | delay(1000); 66 | } 67 | 68 | #define ONE_DAY_MILLIS (24 * 60 * 60 * 1000) 69 | unsigned long lastSync = millis(); 70 | void setup() { 71 | if (millis() - lastSync > ONE_DAY_MILLIS) { 72 | Particle.syncTime(); 73 | lastSync = millis(); 74 | } 75 | 76 | RGB.control(true); 77 | 78 | // enable tls. set Root CA pem file. 79 | // if you don't use TLS, comment out this line. 80 | client.enableTls(letencryptCaPem, sizeof(letencryptCaPem)); 81 | Serial.println("tls enable"); 82 | 83 | // connect to the server 84 | client.connect("sparkclient"); 85 | 86 | // publish/subscribe 87 | if (client.isConnected()) { 88 | Serial.println("client connected"); 89 | client.publish("outTopic/message", "hello world"); 90 | client.subscribe("inTopic/message"); 91 | } 92 | } 93 | 94 | void loop() { 95 | if (client.isConnected()) 96 | client.loop(); 97 | delay(200); 98 | } 99 | -------------------------------------------------------------------------------- /examples/a2-example/a2-example.ino: -------------------------------------------------------------------------------- 1 | #include "MQTT-TLS.h" 2 | 3 | void callback(char* topic, byte* payload, unsigned int length); 4 | 5 | #define AMAZON_IOT_ROOT_CA_PEM \ 6 | "-----BEGIN CERTIFICATE----- \r\n" \ 7 | "MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB\r\n" \ 8 | "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\r\n" \ 9 | "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\r\n" \ 10 | "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\r\n" \ 11 | "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\r\n" \ 12 | "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL\r\n" \ 13 | "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\r\n" \ 14 | "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln\r\n" \ 15 | "biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp\r\n" \ 16 | "U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y\r\n" \ 17 | "aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1\r\n" \ 18 | "nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex\r\n" \ 19 | "t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz\r\n" \ 20 | "SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG\r\n" \ 21 | "BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+\r\n" \ 22 | "rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/\r\n" \ 23 | "NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E\r\n" \ 24 | "BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH\r\n" \ 25 | "BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy\r\n" \ 26 | "aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv\r\n" \ 27 | "MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE\r\n" \ 28 | "p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y\r\n" \ 29 | "5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK\r\n" \ 30 | "WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ\r\n" \ 31 | "4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N\r\n" \ 32 | "hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq\r\n" \ 33 | "-----END CERTIFICATE----- " 34 | const char amazonIoTRootCaPem[] = AMAZON_IOT_ROOT_CA_PEM; 35 | 36 | #define CELINT_KEY_CRT_PEM \ 37 | "-----BEGIN CERTIFICATE----- \r\n" \ 38 | "[YOUR CLIENT KEY CRT PEM] \r\n" \ 39 | "-----END CERTIFICATE----- " 40 | const char clientKeyCrtPem[] = CELINT_KEY_CRT_PEM; 41 | 42 | #define CELINT_KEY_PEM \ 43 | "-----BEGIN RSA PRIVATE KEY-----\r\n" \ 44 | "[YOUR PRIVATE KEY PEM] \r\n" \ 45 | "-----END RSA PRIVATE KEY----- " 46 | const char clientKeyPem[] = CELINT_KEY_PEM; 47 | 48 | /** 49 | * if want to use IP address, 50 | * byte server[] = { XXX,XXX,XXX,XXX }; 51 | * MQTT client(server, 1883, callback); 52 | * want to use domain name, 53 | * MQTT client("www.sample.com", 1883, callback); 54 | **/ 55 | MQTT client("[TLS mqtt server]", 8883, callback); 56 | 57 | // recieve message 58 | void callback(char* topic, byte* payload, unsigned int length) { 59 | char p[length + 1]; 60 | memcpy(p, payload, length); 61 | p[length] = NULL; 62 | String message(p); 63 | 64 | if (message.equals("RED")) 65 | RGB.color(255, 0, 0); 66 | else if (message.equals("GREEN")) 67 | RGB.color(0, 255, 0); 68 | else if (message.equals("BLUE")) 69 | RGB.color(0, 0, 255); 70 | else 71 | RGB.color(255, 255, 255); 72 | delay(1000); 73 | } 74 | 75 | #define ONE_DAY_MILLIS (24 * 60 * 60 * 1000) 76 | unsigned long lastSync = millis(); 77 | int counter = 0; 78 | void setup() { 79 | if (millis() - lastSync > ONE_DAY_MILLIS) { 80 | Particle.syncTime(); 81 | lastSync = millis(); 82 | } 83 | 84 | RGB.control(true); 85 | 86 | // enable tls. set Root CA pem, private key file. 87 | client.enableTls(amazonIoTRootCaPem, sizeof(amazonIoTRootCaPem), 88 | clientKeyCrtPem, sizeof(clientKeyCrtPem), 89 | clientKeyPem, sizeof(clientKeyPem)); 90 | Serial.println("tls enable"); 91 | 92 | // connect to the server 93 | client.connect("sparkclient"); 94 | 95 | // publish/subscribe 96 | if (client.isConnected()) { 97 | Serial.println("client connected"); 98 | client.publish("outTopic/message", "hello world"); 99 | client.subscribe("inTopic/message"); 100 | } 101 | } 102 | 103 | void loop() { 104 | if (client.isConnected()) { 105 | client.loop(); 106 | } 107 | delay(200); 108 | } 109 | -------------------------------------------------------------------------------- /library.properties: -------------------------------------------------------------------------------- 1 | name=MQTT-TLS 2 | version=0.2.27 3 | license=MIT 4 | author=hirotakaster 5 | url=https://github.com/hirotakaster/MQTT-TLS 6 | repository=https://github.com/hirotakaster/MQTT-TLS.git 7 | architectures=particle-argon,particle-boron 8 | -------------------------------------------------------------------------------- /license.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014 Hirotaka Niisato 2 | This software is released under the MIT License. 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining 5 | a copy of this software and associated documentation files (the 6 | "Software"), to deal in the Software without restriction, including 7 | without limitation the rights to use, copy, modify, merge, publish, 8 | distribute, sublicense, and/or sell copies of the Software, and to 9 | permit persons to whom the Software is furnished to do so, subject to 10 | the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be 13 | included in all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 19 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 20 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 21 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 22 | 23 | Much of the code was inspired by Arduino Nicholas pubsubclient 24 | sample code bearing this copyright. 25 | //--------------------------------------------------------------------------- 26 | // Copyright (c) 2008-2012 Nicholas O'Leary 27 | // 28 | // Permission is hereby granted, free of charge, to any person obtaining 29 | // a copy of this software and associated documentation files (the 30 | // "Software"), to deal in the Software without restriction, including 31 | // without limitation the rights to use, copy, modify, merge, publish, 32 | // distribute, sublicense, and/or sell copies of the Software, and to 33 | // permit persons to whom the Software is furnished to do so, subject to 34 | // the following conditions: 35 | // 36 | // The above copyright notice and this permission notice shall be 37 | // included in all copies or substantial portions of the Software. 38 | // 39 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 40 | // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 41 | // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 42 | // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 43 | // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 44 | // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 45 | // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 46 | //--------------------------------------------------------------------------- 47 | -------------------------------------------------------------------------------- /src/MQTT-TLS/MQTT-TLS.h: -------------------------------------------------------------------------------- 1 | #include "../MQTT-TLS.h" 2 | -------------------------------------------------------------------------------- /src/mbedtls/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hirotakaster/MQTT-TLS/e2a0a6c79ea8624aaa7695ecd0bdd3a6abdd26d1/src/mbedtls/.DS_Store -------------------------------------------------------------------------------- /src/mbedtls/include/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hirotakaster/MQTT-TLS/e2a0a6c79ea8624aaa7695ecd0bdd3a6abdd26d1/src/mbedtls/include/.DS_Store -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hirotakaster/MQTT-TLS/e2a0a6c79ea8624aaa7695ecd0bdd3a6abdd26d1/src/mbedtls/include/mbedtls/.DS_Store -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/base64.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file base64.h 3 | * 4 | * \brief RFC 1521 base64 encoding/decoding 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_BASE64_H 23 | #define MBEDTLS_BASE64_H 24 | 25 | #include "mbedtls/include/mbedtls/build_info.h" 26 | 27 | #include 28 | 29 | /** Output buffer too small. */ 30 | #define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A 31 | /** Invalid character in input. */ 32 | #define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C 33 | 34 | #ifdef __cplusplus 35 | extern "C" { 36 | #endif 37 | 38 | /** 39 | * \brief Encode a buffer into base64 format 40 | * 41 | * \param dst destination buffer 42 | * \param dlen size of the destination buffer 43 | * \param olen number of bytes written 44 | * \param src source buffer 45 | * \param slen amount of data to be encoded 46 | * 47 | * \return 0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL. 48 | * *olen is always updated to reflect the amount 49 | * of data that has (or would have) been written. 50 | * If that length cannot be represented, then no data is 51 | * written to the buffer and *olen is set to the maximum 52 | * length representable as a size_t. 53 | * 54 | * \note Call this function with dlen = 0 to obtain the 55 | * required buffer size in *olen 56 | */ 57 | int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, 58 | const unsigned char *src, size_t slen ); 59 | 60 | /** 61 | * \brief Decode a base64-formatted buffer 62 | * 63 | * \param dst destination buffer (can be NULL for checking size) 64 | * \param dlen size of the destination buffer 65 | * \param olen number of bytes written 66 | * \param src source buffer 67 | * \param slen amount of data to be decoded 68 | * 69 | * \return 0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or 70 | * MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is 71 | * not correct. *olen is always updated to reflect the amount 72 | * of data that has (or would have) been written. 73 | * 74 | * \note Call this function with *dst = NULL or dlen = 0 to obtain 75 | * the required buffer size in *olen 76 | */ 77 | int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, 78 | const unsigned char *src, size_t slen ); 79 | 80 | #if defined(MBEDTLS_SELF_TEST) 81 | /** 82 | * \brief Checkup routine 83 | * 84 | * \return 0 if successful, or 1 if the test failed 85 | */ 86 | int mbedtls_base64_self_test( int verbose ); 87 | 88 | #endif /* MBEDTLS_SELF_TEST */ 89 | 90 | #ifdef __cplusplus 91 | } 92 | #endif 93 | 94 | #endif /* base64.h */ 95 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/build_info.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file build_info.h 3 | * 4 | * \brief Build-time configuration info 5 | * 6 | * Include this file if you need to depend on the 7 | * configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE 8 | */ 9 | /* 10 | * Copyright The Mbed TLS Contributors 11 | * SPDX-License-Identifier: Apache-2.0 12 | * 13 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 14 | * not use this file except in compliance with the License. 15 | * You may obtain a copy of the License at 16 | * 17 | * http://www.apache.org/licenses/LICENSE-2.0 18 | * 19 | * Unless required by applicable law or agreed to in writing, software 20 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 21 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 | * See the License for the specific language governing permissions and 23 | * limitations under the License. 24 | */ 25 | 26 | #ifndef MBEDTLS_BUILD_INFO_H 27 | #define MBEDTLS_BUILD_INFO_H 28 | 29 | /* 30 | * This set of compile-time defines can be used to determine the version number 31 | * of the Mbed TLS library used. Run-time variables for the same can be found in 32 | * version.h 33 | */ 34 | 35 | /** 36 | * The version number x.y.z is split into three parts. 37 | * Major, Minor, Patchlevel 38 | */ 39 | #define MBEDTLS_VERSION_MAJOR 3 40 | #define MBEDTLS_VERSION_MINOR 1 41 | #define MBEDTLS_VERSION_PATCH 0 42 | 43 | /** 44 | * The single version number has the following structure: 45 | * MMNNPP00 46 | * Major version | Minor version | Patch version 47 | */ 48 | #define MBEDTLS_VERSION_NUMBER 0x03010000 49 | #define MBEDTLS_VERSION_STRING "3.1.0" 50 | #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.1.0" 51 | 52 | #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 53 | #define _CRT_SECURE_NO_DEPRECATE 1 54 | #endif 55 | 56 | #if !defined(MBEDTLS_CONFIG_FILE) 57 | #include "mbedtls/include/mbedtls/mbedtls_config.h" 58 | #else 59 | #include MBEDTLS_CONFIG_FILE 60 | #endif 61 | 62 | #if defined(MBEDTLS_CONFIG_VERSION) && ( \ 63 | MBEDTLS_CONFIG_VERSION < 0x03000000 || \ 64 | MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER ) 65 | #error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported" 66 | #endif 67 | 68 | /* Target and application specific configurations 69 | * 70 | * Allow user to override any previous default. 71 | * 72 | */ 73 | #if defined(MBEDTLS_USER_CONFIG_FILE) 74 | #include MBEDTLS_USER_CONFIG_FILE 75 | #endif 76 | 77 | #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) 78 | #include "mbedtls/include/mbedtls/config_psa.h" 79 | #endif 80 | 81 | #include "mbedtls/include/mbedtls/check_config.h" 82 | 83 | #endif /* MBEDTLS_BUILD_INFO_H */ 84 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/compat-2.x.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file compat-2.x.h 3 | * 4 | * \brief Compatibility definitions 5 | * 6 | * \deprecated Use the new names directly instead 7 | */ 8 | /* 9 | * Copyright The Mbed TLS Contributors 10 | * SPDX-License-Identifier: Apache-2.0 11 | * 12 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 13 | * not use this file except in compliance with the License. 14 | * You may obtain a copy of the License at 15 | * 16 | * http://www.apache.org/licenses/LICENSE-2.0 17 | * 18 | * Unless required by applicable law or agreed to in writing, software 19 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 20 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | * See the License for the specific language governing permissions and 22 | * limitations under the License. 23 | */ 24 | 25 | #if defined(MBEDTLS_DEPRECATED_WARNING) 26 | #warning "Including compat-2.x.h is deprecated" 27 | #endif 28 | 29 | #ifndef MBEDTLS_COMPAT2X_H 30 | #define MBEDTLS_COMPAT2X_H 31 | 32 | /* 33 | * Macros for renamed functions 34 | */ 35 | #define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update 36 | #define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update 37 | #define mbedtls_md5_starts_ret mbedtls_md5_starts 38 | #define mbedtls_md5_update_ret mbedtls_md5_update 39 | #define mbedtls_md5_finish_ret mbedtls_md5_finish 40 | #define mbedtls_md5_ret mbedtls_md5 41 | #define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts 42 | #define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update 43 | #define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish 44 | #define mbedtls_ripemd160_ret mbedtls_ripemd160 45 | #define mbedtls_sha1_starts_ret mbedtls_sha1_starts 46 | #define mbedtls_sha1_update_ret mbedtls_sha1_update 47 | #define mbedtls_sha1_finish_ret mbedtls_sha1_finish 48 | #define mbedtls_sha1_ret mbedtls_sha1 49 | #define mbedtls_sha256_starts_ret mbedtls_sha256_starts 50 | #define mbedtls_sha256_update_ret mbedtls_sha256_update 51 | #define mbedtls_sha256_finish_ret mbedtls_sha256_finish 52 | #define mbedtls_sha256_ret mbedtls_sha256 53 | #define mbedtls_sha512_starts_ret mbedtls_sha512_starts 54 | #define mbedtls_sha512_update_ret mbedtls_sha512_update 55 | #define mbedtls_sha512_finish_ret mbedtls_sha512_finish 56 | #define mbedtls_sha512_ret mbedtls_sha512 57 | 58 | #endif /* MBEDTLS_COMPAT2X_H */ 59 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/constant_time.h: -------------------------------------------------------------------------------- 1 | /** 2 | * Constant-time functions 3 | * 4 | * Copyright The Mbed TLS Contributors 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | */ 19 | 20 | #ifndef MBEDTLS_CONSTANT_TIME_H 21 | #define MBEDTLS_CONSTANT_TIME_H 22 | 23 | #include 24 | 25 | 26 | /** Constant-time buffer comparison without branches. 27 | * 28 | * This is equivalent to the standard memcmp function, but is likely to be 29 | * compiled to code using bitwise operation rather than a branch. 30 | * 31 | * This function can be used to write constant-time code by replacing branches 32 | * with bit operations using masks. 33 | * 34 | * \param a Pointer to the first buffer. 35 | * \param b Pointer to the second buffer. 36 | * \param n The number of bytes to compare in the buffer. 37 | * 38 | * \return Zero if the content of the two buffer is the same, 39 | * otherwise non-zero. 40 | */ 41 | int mbedtls_ct_memcmp( const void *a, 42 | const void *b, 43 | size_t n ); 44 | 45 | #endif /* MBEDTLS_CONSTANT_TIME_H */ 46 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/hkdf.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file hkdf.h 3 | * 4 | * \brief This file contains the HKDF interface. 5 | * 6 | * The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is 7 | * specified by RFC 5869. 8 | */ 9 | /* 10 | * Copyright The Mbed TLS Contributors 11 | * SPDX-License-Identifier: Apache-2.0 12 | * 13 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 14 | * not use this file except in compliance with the License. 15 | * You may obtain a copy of the License at 16 | * 17 | * http://www.apache.org/licenses/LICENSE-2.0 18 | * 19 | * Unless required by applicable law or agreed to in writing, software 20 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 21 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 | * See the License for the specific language governing permissions and 23 | * limitations under the License. 24 | */ 25 | #ifndef MBEDTLS_HKDF_H 26 | #define MBEDTLS_HKDF_H 27 | 28 | #include "mbedtls/include/mbedtls/build_info.h" 29 | 30 | #include "mbedtls/include/mbedtls/md.h" 31 | 32 | /** 33 | * \name HKDF Error codes 34 | * \{ 35 | */ 36 | /** Bad input parameters to function. */ 37 | #define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 38 | /* \} name */ 39 | 40 | #ifdef __cplusplus 41 | extern "C" { 42 | #endif 43 | 44 | /** 45 | * \brief This is the HMAC-based Extract-and-Expand Key Derivation Function 46 | * (HKDF). 47 | * 48 | * \param md A hash function; md.size denotes the length of the hash 49 | * function output in bytes. 50 | * \param salt An optional salt value (a non-secret random value); 51 | * if the salt is not provided, a string of all zeros of 52 | * md.size length is used as the salt. 53 | * \param salt_len The length in bytes of the optional \p salt. 54 | * \param ikm The input keying material. 55 | * \param ikm_len The length in bytes of \p ikm. 56 | * \param info An optional context and application specific information 57 | * string. This can be a zero-length string. 58 | * \param info_len The length of \p info in bytes. 59 | * \param okm The output keying material of \p okm_len bytes. 60 | * \param okm_len The length of the output keying material in bytes. This 61 | * must be less than or equal to 255 * md.size bytes. 62 | * 63 | * \return 0 on success. 64 | * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid. 65 | * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying 66 | * MD layer. 67 | */ 68 | int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, 69 | size_t salt_len, const unsigned char *ikm, size_t ikm_len, 70 | const unsigned char *info, size_t info_len, 71 | unsigned char *okm, size_t okm_len ); 72 | 73 | /** 74 | * \brief Take the input keying material \p ikm and extract from it a 75 | * fixed-length pseudorandom key \p prk. 76 | * 77 | * \warning This function should only be used if the security of it has been 78 | * studied and established in that particular context (eg. TLS 1.3 79 | * key schedule). For standard HKDF security guarantees use 80 | * \c mbedtls_hkdf instead. 81 | * 82 | * \param md A hash function; md.size denotes the length of the 83 | * hash function output in bytes. 84 | * \param salt An optional salt value (a non-secret random value); 85 | * if the salt is not provided, a string of all zeros 86 | * of md.size length is used as the salt. 87 | * \param salt_len The length in bytes of the optional \p salt. 88 | * \param ikm The input keying material. 89 | * \param ikm_len The length in bytes of \p ikm. 90 | * \param[out] prk A pseudorandom key of at least md.size bytes. 91 | * 92 | * \return 0 on success. 93 | * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid. 94 | * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying 95 | * MD layer. 96 | */ 97 | int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, 98 | const unsigned char *salt, size_t salt_len, 99 | const unsigned char *ikm, size_t ikm_len, 100 | unsigned char *prk ); 101 | 102 | /** 103 | * \brief Expand the supplied \p prk into several additional pseudorandom 104 | * keys, which is the output of the HKDF. 105 | * 106 | * \warning This function should only be used if the security of it has been 107 | * studied and established in that particular context (eg. TLS 1.3 108 | * key schedule). For standard HKDF security guarantees use 109 | * \c mbedtls_hkdf instead. 110 | * 111 | * \param md A hash function; md.size denotes the length of the hash 112 | * function output in bytes. 113 | * \param prk A pseudorandom key of at least md.size bytes. \p prk is 114 | * usually the output from the HKDF extract step. 115 | * \param prk_len The length in bytes of \p prk. 116 | * \param info An optional context and application specific information 117 | * string. This can be a zero-length string. 118 | * \param info_len The length of \p info in bytes. 119 | * \param okm The output keying material of \p okm_len bytes. 120 | * \param okm_len The length of the output keying material in bytes. This 121 | * must be less than or equal to 255 * md.size bytes. 122 | * 123 | * \return 0 on success. 124 | * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid. 125 | * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying 126 | * MD layer. 127 | */ 128 | int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, 129 | size_t prk_len, const unsigned char *info, 130 | size_t info_len, unsigned char *okm, size_t okm_len ); 131 | 132 | #ifdef __cplusplus 133 | } 134 | #endif 135 | 136 | #endif /* hkdf.h */ 137 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/md5.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file md5.h 3 | * 4 | * \brief MD5 message digest algorithm (hash function) 5 | * 6 | * \warning MD5 is considered a weak message digest and its use constitutes a 7 | * security risk. We recommend considering stronger message 8 | * digests instead. 9 | */ 10 | /* 11 | * Copyright The Mbed TLS Contributors 12 | * SPDX-License-Identifier: Apache-2.0 13 | * 14 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 15 | * not use this file except in compliance with the License. 16 | * You may obtain a copy of the License at 17 | * 18 | * http://www.apache.org/licenses/LICENSE-2.0 19 | * 20 | * Unless required by applicable law or agreed to in writing, software 21 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 22 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 23 | * See the License for the specific language governing permissions and 24 | * limitations under the License. 25 | */ 26 | #ifndef MBEDTLS_MD5_H 27 | #define MBEDTLS_MD5_H 28 | #include "mbedtls/include/mbedtls/private_access.h" 29 | 30 | #include "mbedtls/include/mbedtls/build_info.h" 31 | 32 | #include 33 | #include 34 | 35 | #ifdef __cplusplus 36 | extern "C" { 37 | #endif 38 | 39 | #if !defined(MBEDTLS_MD5_ALT) 40 | // Regular implementation 41 | // 42 | 43 | /** 44 | * \brief MD5 context structure 45 | * 46 | * \warning MD5 is considered a weak message digest and its use 47 | * constitutes a security risk. We recommend considering 48 | * stronger message digests instead. 49 | * 50 | */ 51 | typedef struct mbedtls_md5_context 52 | { 53 | uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */ 54 | uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */ 55 | unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */ 56 | } 57 | mbedtls_md5_context; 58 | 59 | #else /* MBEDTLS_MD5_ALT */ 60 | #include "md5_alt.h" 61 | #endif /* MBEDTLS_MD5_ALT */ 62 | 63 | /** 64 | * \brief Initialize MD5 context 65 | * 66 | * \param ctx MD5 context to be initialized 67 | * 68 | * \warning MD5 is considered a weak message digest and its use 69 | * constitutes a security risk. We recommend considering 70 | * stronger message digests instead. 71 | * 72 | */ 73 | void mbedtls_md5_init( mbedtls_md5_context *ctx ); 74 | 75 | /** 76 | * \brief Clear MD5 context 77 | * 78 | * \param ctx MD5 context to be cleared 79 | * 80 | * \warning MD5 is considered a weak message digest and its use 81 | * constitutes a security risk. We recommend considering 82 | * stronger message digests instead. 83 | * 84 | */ 85 | void mbedtls_md5_free( mbedtls_md5_context *ctx ); 86 | 87 | /** 88 | * \brief Clone (the state of) an MD5 context 89 | * 90 | * \param dst The destination context 91 | * \param src The context to be cloned 92 | * 93 | * \warning MD5 is considered a weak message digest and its use 94 | * constitutes a security risk. We recommend considering 95 | * stronger message digests instead. 96 | * 97 | */ 98 | void mbedtls_md5_clone( mbedtls_md5_context *dst, 99 | const mbedtls_md5_context *src ); 100 | 101 | /** 102 | * \brief MD5 context setup 103 | * 104 | * \param ctx context to be initialized 105 | * 106 | * \return 0 if successful 107 | * 108 | * \warning MD5 is considered a weak message digest and its use 109 | * constitutes a security risk. We recommend considering 110 | * stronger message digests instead. 111 | * 112 | */ 113 | int mbedtls_md5_starts( mbedtls_md5_context *ctx ); 114 | 115 | /** 116 | * \brief MD5 process buffer 117 | * 118 | * \param ctx MD5 context 119 | * \param input buffer holding the data 120 | * \param ilen length of the input data 121 | * 122 | * \return 0 if successful 123 | * 124 | * \warning MD5 is considered a weak message digest and its use 125 | * constitutes a security risk. We recommend considering 126 | * stronger message digests instead. 127 | * 128 | */ 129 | int mbedtls_md5_update( mbedtls_md5_context *ctx, 130 | const unsigned char *input, 131 | size_t ilen ); 132 | 133 | /** 134 | * \brief MD5 final digest 135 | * 136 | * \param ctx MD5 context 137 | * \param output MD5 checksum result 138 | * 139 | * \return 0 if successful 140 | * 141 | * \warning MD5 is considered a weak message digest and its use 142 | * constitutes a security risk. We recommend considering 143 | * stronger message digests instead. 144 | * 145 | */ 146 | int mbedtls_md5_finish( mbedtls_md5_context *ctx, 147 | unsigned char output[16] ); 148 | 149 | /** 150 | * \brief MD5 process data block (internal use only) 151 | * 152 | * \param ctx MD5 context 153 | * \param data buffer holding one block of data 154 | * 155 | * \return 0 if successful 156 | * 157 | * \warning MD5 is considered a weak message digest and its use 158 | * constitutes a security risk. We recommend considering 159 | * stronger message digests instead. 160 | * 161 | */ 162 | int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, 163 | const unsigned char data[64] ); 164 | 165 | /** 166 | * \brief Output = MD5( input buffer ) 167 | * 168 | * \param input buffer holding the data 169 | * \param ilen length of the input data 170 | * \param output MD5 checksum result 171 | * 172 | * \return 0 if successful 173 | * 174 | * \warning MD5 is considered a weak message digest and its use 175 | * constitutes a security risk. We recommend considering 176 | * stronger message digests instead. 177 | * 178 | */ 179 | int mbedtls_md5( const unsigned char *input, 180 | size_t ilen, 181 | unsigned char output[16] ); 182 | 183 | #if defined(MBEDTLS_SELF_TEST) 184 | 185 | /** 186 | * \brief Checkup routine 187 | * 188 | * \return 0 if successful, or 1 if the test failed 189 | * 190 | * \warning MD5 is considered a weak message digest and its use 191 | * constitutes a security risk. We recommend considering 192 | * stronger message digests instead. 193 | * 194 | */ 195 | int mbedtls_md5_self_test( int verbose ); 196 | 197 | #endif /* MBEDTLS_SELF_TEST */ 198 | 199 | #ifdef __cplusplus 200 | } 201 | #endif 202 | 203 | #endif /* mbedtls_md5.h */ 204 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/memory_buffer_alloc.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file memory_buffer_alloc.h 3 | * 4 | * \brief Buffer-based memory allocator 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H 23 | #define MBEDTLS_MEMORY_BUFFER_ALLOC_H 24 | 25 | #include "mbedtls/include/mbedtls/build_info.h" 26 | 27 | #include 28 | 29 | /** 30 | * \name SECTION: Module settings 31 | * 32 | * The configuration options you can set for this module are in this section. 33 | * Either change them in mbedtls_config.h or define them on the compiler command line. 34 | * \{ 35 | */ 36 | 37 | #if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE) 38 | #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 39 | #endif 40 | 41 | /* \} name SECTION: Module settings */ 42 | 43 | #define MBEDTLS_MEMORY_VERIFY_NONE 0 44 | #define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0) 45 | #define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1) 46 | #define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE) 47 | 48 | #ifdef __cplusplus 49 | extern "C" { 50 | #endif 51 | 52 | /** 53 | * \brief Initialize use of stack-based memory allocator. 54 | * The stack-based allocator does memory management inside the 55 | * presented buffer and does not call calloc() and free(). 56 | * It sets the global mbedtls_calloc() and mbedtls_free() pointers 57 | * to its own functions. 58 | * (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if 59 | * MBEDTLS_THREADING_C is defined) 60 | * 61 | * \note This code is not optimized and provides a straight-forward 62 | * implementation of a stack-based memory allocator. 63 | * 64 | * \param buf buffer to use as heap 65 | * \param len size of the buffer 66 | */ 67 | void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ); 68 | 69 | /** 70 | * \brief Free the mutex for thread-safety and clear remaining memory 71 | */ 72 | void mbedtls_memory_buffer_alloc_free( void ); 73 | 74 | /** 75 | * \brief Determine when the allocator should automatically verify the state 76 | * of the entire chain of headers / meta-data. 77 | * (Default: MBEDTLS_MEMORY_VERIFY_NONE) 78 | * 79 | * \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC, 80 | * MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS 81 | */ 82 | void mbedtls_memory_buffer_set_verify( int verify ); 83 | 84 | #if defined(MBEDTLS_MEMORY_DEBUG) 85 | /** 86 | * \brief Print out the status of the allocated memory (primarily for use 87 | * after a program should have de-allocated all memory) 88 | * Prints out a list of 'still allocated' blocks and their stack 89 | * trace if MBEDTLS_MEMORY_BACKTRACE is defined. 90 | */ 91 | void mbedtls_memory_buffer_alloc_status( void ); 92 | 93 | /** 94 | * \brief Get the peak heap usage so far 95 | * 96 | * \param max_used Peak number of bytes in use or committed. This 97 | * includes bytes in allocated blocks too small to split 98 | * into smaller blocks but larger than the requested size. 99 | * \param max_blocks Peak number of blocks in use, including free and used 100 | */ 101 | void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ); 102 | 103 | /** 104 | * \brief Reset peak statistics 105 | */ 106 | void mbedtls_memory_buffer_alloc_max_reset( void ); 107 | 108 | /** 109 | * \brief Get the current heap usage 110 | * 111 | * \param cur_used Current number of bytes in use or committed. This 112 | * includes bytes in allocated blocks too small to split 113 | * into smaller blocks but larger than the requested size. 114 | * \param cur_blocks Current number of blocks in use, including free and used 115 | */ 116 | void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ); 117 | #endif /* MBEDTLS_MEMORY_DEBUG */ 118 | 119 | /** 120 | * \brief Verifies that all headers in the memory buffer are correct 121 | * and contain sane values. Helps debug buffer-overflow errors. 122 | * 123 | * Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined. 124 | * Prints out full header information if MBEDTLS_MEMORY_DEBUG 125 | * is defined. (Includes stack trace information for each block if 126 | * MBEDTLS_MEMORY_BACKTRACE is defined as well). 127 | * 128 | * \return 0 if verified, 1 otherwise 129 | */ 130 | int mbedtls_memory_buffer_alloc_verify( void ); 131 | 132 | #if defined(MBEDTLS_SELF_TEST) 133 | /** 134 | * \brief Checkup routine 135 | * 136 | * \return 0 if successful, or 1 if a test failed 137 | */ 138 | int mbedtls_memory_buffer_alloc_self_test( int verbose ); 139 | #endif 140 | 141 | #ifdef __cplusplus 142 | } 143 | #endif 144 | 145 | #endif /* memory_buffer_alloc.h */ 146 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/pem.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pem.h 3 | * 4 | * \brief Privacy Enhanced Mail (PEM) decoding 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_PEM_H 23 | #define MBEDTLS_PEM_H 24 | #include "mbedtls/include/mbedtls/private_access.h" 25 | 26 | #include "mbedtls/include/mbedtls/build_info.h" 27 | 28 | #include 29 | 30 | /** 31 | * \name PEM Error codes 32 | * These error codes are returned in case of errors reading the 33 | * PEM data. 34 | * \{ 35 | */ 36 | /** No PEM header or footer found. */ 37 | #define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 38 | /** PEM string is not as expected. */ 39 | #define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 40 | /** Failed to allocate memory. */ 41 | #define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180 42 | /** RSA IV is not in hex-format. */ 43 | #define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 44 | /** Unsupported key encryption algorithm. */ 45 | #define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 46 | /** Private key password can't be empty. */ 47 | #define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 48 | /** Given private key password does not allow for correct decryption. */ 49 | #define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380 50 | /** Unavailable feature, e.g. hashing/encryption combination. */ 51 | #define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 52 | /** Bad input parameters to function. */ 53 | #define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 54 | /* \} name */ 55 | 56 | #ifdef __cplusplus 57 | extern "C" { 58 | #endif 59 | 60 | #if defined(MBEDTLS_PEM_PARSE_C) 61 | /** 62 | * \brief PEM context structure 63 | */ 64 | typedef struct mbedtls_pem_context 65 | { 66 | unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */ 67 | size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */ 68 | unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header information */ 69 | } 70 | mbedtls_pem_context; 71 | 72 | /** 73 | * \brief PEM context setup 74 | * 75 | * \param ctx context to be initialized 76 | */ 77 | void mbedtls_pem_init( mbedtls_pem_context *ctx ); 78 | 79 | /** 80 | * \brief Read a buffer for PEM information and store the resulting 81 | * data into the specified context buffers. 82 | * 83 | * \param ctx context to use 84 | * \param header header string to seek and expect 85 | * \param footer footer string to seek and expect 86 | * \param data source data to look in (must be nul-terminated) 87 | * \param pwd password for decryption (can be NULL) 88 | * \param pwdlen length of password 89 | * \param use_len destination for total length used (set after header is 90 | * correctly read, so unless you get 91 | * MBEDTLS_ERR_PEM_BAD_INPUT_DATA or 92 | * MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is 93 | * the length to skip) 94 | * 95 | * \note Attempts to check password correctness by verifying if 96 | * the decrypted text starts with an ASN.1 sequence of 97 | * appropriate length 98 | * 99 | * \return 0 on success, or a specific PEM error code 100 | */ 101 | int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer, 102 | const unsigned char *data, 103 | const unsigned char *pwd, 104 | size_t pwdlen, size_t *use_len ); 105 | 106 | /** 107 | * \brief PEM context memory freeing 108 | * 109 | * \param ctx context to be freed 110 | */ 111 | void mbedtls_pem_free( mbedtls_pem_context *ctx ); 112 | #endif /* MBEDTLS_PEM_PARSE_C */ 113 | 114 | #if defined(MBEDTLS_PEM_WRITE_C) 115 | /** 116 | * \brief Write a buffer of PEM information from a DER encoded 117 | * buffer. 118 | * 119 | * \param header The header string to write. 120 | * \param footer The footer string to write. 121 | * \param der_data The DER data to encode. 122 | * \param der_len The length of the DER data \p der_data in Bytes. 123 | * \param buf The buffer to write to. 124 | * \param buf_len The length of the output buffer \p buf in Bytes. 125 | * \param olen The address at which to store the total length written 126 | * or required (if \p buf_len is not enough). 127 | * 128 | * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len 129 | * to request the length of the resulting PEM buffer in 130 | * `*olen`. 131 | * 132 | * \note This function may be called with overlapping \p der_data 133 | * and \p buf buffers. 134 | * 135 | * \return \c 0 on success. 136 | * \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large 137 | * enough to hold the PEM buffer. In this case, `*olen` holds 138 | * the required minimum size of \p buf. 139 | * \return Another PEM or BASE64 error code on other kinds of failure. 140 | */ 141 | int mbedtls_pem_write_buffer( const char *header, const char *footer, 142 | const unsigned char *der_data, size_t der_len, 143 | unsigned char *buf, size_t buf_len, size_t *olen ); 144 | #endif /* MBEDTLS_PEM_WRITE_C */ 145 | 146 | #ifdef __cplusplus 147 | } 148 | #endif 149 | 150 | #endif /* pem.h */ 151 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/pkcs12.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pkcs12.h 3 | * 4 | * \brief PKCS#12 Personal Information Exchange Syntax 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_PKCS12_H 23 | #define MBEDTLS_PKCS12_H 24 | 25 | #include "mbedtls/include/mbedtls/build_info.h" 26 | 27 | #include "mbedtls/include/mbedtls/md.h" 28 | #include "mbedtls/include/mbedtls/cipher.h" 29 | #include "mbedtls/include/mbedtls/asn1.h" 30 | 31 | #include 32 | 33 | /** Bad input parameters to function. */ 34 | #define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 35 | /** Feature not available, e.g. unsupported encryption scheme. */ 36 | #define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 37 | /** PBE ASN.1 data not as expected. */ 38 | #define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 39 | /** Given private key password does not allow for correct decryption. */ 40 | #define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 41 | 42 | #define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */ 43 | #define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */ 44 | #define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */ 45 | 46 | #define MBEDTLS_PKCS12_PBE_DECRYPT 0 47 | #define MBEDTLS_PKCS12_PBE_ENCRYPT 1 48 | 49 | #ifdef __cplusplus 50 | extern "C" { 51 | #endif 52 | 53 | #if defined(MBEDTLS_ASN1_PARSE_C) 54 | 55 | /** 56 | * \brief PKCS12 Password Based function (encryption / decryption) 57 | * for cipher-based and mbedtls_md-based PBE's 58 | * 59 | * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure 60 | * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or 61 | * #MBEDTLS_PKCS12_PBE_DECRYPT 62 | * \param cipher_type the cipher used 63 | * \param md_type the mbedtls_md used 64 | * \param pwd Latin1-encoded password used. This may only be \c NULL when 65 | * \p pwdlen is 0. No null terminator should be used. 66 | * \param pwdlen length of the password (may be 0) 67 | * \param input the input data 68 | * \param len data length 69 | * \param output the output buffer 70 | * 71 | * \return 0 if successful, or a MBEDTLS_ERR_XXX code 72 | */ 73 | int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, 74 | mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, 75 | const unsigned char *pwd, size_t pwdlen, 76 | const unsigned char *input, size_t len, 77 | unsigned char *output ); 78 | 79 | #endif /* MBEDTLS_ASN1_PARSE_C */ 80 | 81 | /** 82 | * \brief The PKCS#12 derivation function uses a password and a salt 83 | * to produce pseudo-random bits for a particular "purpose". 84 | * 85 | * Depending on the given id, this function can produce an 86 | * encryption/decryption key, an initialization vector or an 87 | * integrity key. 88 | * 89 | * \param data buffer to store the derived data in 90 | * \param datalen length of buffer to fill 91 | * \param pwd The password to use. For compliance with PKCS#12 §B.1, this 92 | * should be a BMPString, i.e. a Unicode string where each 93 | * character is encoded as 2 bytes in big-endian order, with 94 | * no byte order mark and with a null terminator (i.e. the 95 | * last two bytes should be 0x00 0x00). 96 | * \param pwdlen length of the password (may be 0). 97 | * \param salt Salt buffer to use This may only be \c NULL when 98 | * \p saltlen is 0. 99 | * \param saltlen length of the salt (may be zero) 100 | * \param mbedtls_md mbedtls_md type to use during the derivation 101 | * \param id id that describes the purpose (can be 102 | * #MBEDTLS_PKCS12_DERIVE_KEY, #MBEDTLS_PKCS12_DERIVE_IV or 103 | * #MBEDTLS_PKCS12_DERIVE_MAC_KEY) 104 | * \param iterations number of iterations 105 | * 106 | * \return 0 if successful, or a MD, BIGNUM type error. 107 | */ 108 | int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, 109 | const unsigned char *pwd, size_t pwdlen, 110 | const unsigned char *salt, size_t saltlen, 111 | mbedtls_md_type_t mbedtls_md, int id, int iterations ); 112 | 113 | #ifdef __cplusplus 114 | } 115 | #endif 116 | 117 | #endif /* pkcs12.h */ 118 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/pkcs5.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pkcs5.h 3 | * 4 | * \brief PKCS#5 functions 5 | * 6 | * \author Mathias Olsson 7 | */ 8 | /* 9 | * Copyright The Mbed TLS Contributors 10 | * SPDX-License-Identifier: Apache-2.0 11 | * 12 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 13 | * not use this file except in compliance with the License. 14 | * You may obtain a copy of the License at 15 | * 16 | * http://www.apache.org/licenses/LICENSE-2.0 17 | * 18 | * Unless required by applicable law or agreed to in writing, software 19 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 20 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | * See the License for the specific language governing permissions and 22 | * limitations under the License. 23 | */ 24 | #ifndef MBEDTLS_PKCS5_H 25 | #define MBEDTLS_PKCS5_H 26 | 27 | #include "mbedtls/include/mbedtls/build_info.h" 28 | 29 | #include "mbedtls/include/mbedtls/asn1.h" 30 | #include "mbedtls/include/mbedtls/md.h" 31 | 32 | #include 33 | #include 34 | 35 | /** Bad input parameters to function. */ 36 | #define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80 37 | /** Unexpected ASN.1 data. */ 38 | #define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00 39 | /** Requested encryption or digest alg not available. */ 40 | #define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80 41 | /** Given private key password does not allow for correct decryption. */ 42 | #define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00 43 | 44 | #define MBEDTLS_PKCS5_DECRYPT 0 45 | #define MBEDTLS_PKCS5_ENCRYPT 1 46 | 47 | #ifdef __cplusplus 48 | extern "C" { 49 | #endif 50 | 51 | #if defined(MBEDTLS_ASN1_PARSE_C) 52 | 53 | /** 54 | * \brief PKCS#5 PBES2 function 55 | * 56 | * \param pbe_params the ASN.1 algorithm parameters 57 | * \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT 58 | * \param pwd password to use when generating key 59 | * \param pwdlen length of password 60 | * \param data data to process 61 | * \param datalen length of data 62 | * \param output output buffer 63 | * 64 | * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. 65 | */ 66 | int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, 67 | const unsigned char *pwd, size_t pwdlen, 68 | const unsigned char *data, size_t datalen, 69 | unsigned char *output ); 70 | 71 | #endif /* MBEDTLS_ASN1_PARSE_C */ 72 | 73 | /** 74 | * \brief PKCS#5 PBKDF2 using HMAC 75 | * 76 | * \param ctx Generic HMAC context 77 | * \param password Password to use when generating key 78 | * \param plen Length of password 79 | * \param salt Salt to use when generating key 80 | * \param slen Length of salt 81 | * \param iteration_count Iteration count 82 | * \param key_length Length of generated key in bytes 83 | * \param output Generated key. Must be at least as big as key_length 84 | * 85 | * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. 86 | */ 87 | int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password, 88 | size_t plen, const unsigned char *salt, size_t slen, 89 | unsigned int iteration_count, 90 | uint32_t key_length, unsigned char *output ); 91 | 92 | #if defined(MBEDTLS_SELF_TEST) 93 | 94 | /** 95 | * \brief Checkup routine 96 | * 97 | * \return 0 if successful, or 1 if the test failed 98 | */ 99 | int mbedtls_pkcs5_self_test( int verbose ); 100 | 101 | #endif /* MBEDTLS_SELF_TEST */ 102 | 103 | #ifdef __cplusplus 104 | } 105 | #endif 106 | 107 | #endif /* pkcs5.h */ 108 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/platform_time.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file platform_time.h 3 | * 4 | * \brief mbed TLS Platform time abstraction 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_PLATFORM_TIME_H 23 | #define MBEDTLS_PLATFORM_TIME_H 24 | 25 | #include "mbedtls/include/mbedtls/build_info.h" 26 | 27 | #ifdef __cplusplus 28 | extern "C" { 29 | #endif 30 | 31 | /** 32 | * \name SECTION: Module settings 33 | * 34 | * The configuration options you can set for this module are in this section. 35 | * Either change them in mbedtls_config.h or define them on the compiler command line. 36 | * \{ 37 | */ 38 | 39 | /* 40 | * The time_t datatype 41 | */ 42 | #if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) 43 | typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; 44 | #else 45 | /* For time_t */ 46 | #include 47 | typedef time_t mbedtls_time_t; 48 | #endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ 49 | 50 | /* 51 | * The function pointers for time 52 | */ 53 | #if defined(MBEDTLS_PLATFORM_TIME_ALT) 54 | extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); 55 | 56 | /** 57 | * \brief Set your own time function pointer 58 | * 59 | * \param time_func the time function implementation 60 | * 61 | * \return 0 62 | */ 63 | int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); 64 | #else 65 | #if defined(MBEDTLS_PLATFORM_TIME_MACRO) 66 | #define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO 67 | #else 68 | #define mbedtls_time time 69 | #endif /* MBEDTLS_PLATFORM_TIME_MACRO */ 70 | #endif /* MBEDTLS_PLATFORM_TIME_ALT */ 71 | 72 | #ifdef __cplusplus 73 | } 74 | #endif 75 | 76 | #endif /* platform_time.h */ 77 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/private_access.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file private_access.h 3 | * 4 | * \brief Macro wrapper for struct's memebrs. 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | 23 | #ifndef MBEDTLS_PRIVATE_ACCESS_H 24 | #define MBEDTLS_PRIVATE_ACCESS_H 25 | 26 | #ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS 27 | #define MBEDTLS_PRIVATE(member) private_##member 28 | #else 29 | #define MBEDTLS_PRIVATE(member) member 30 | #endif 31 | 32 | #endif /* MBEDTLS_PRIVATE_ACCESS_H */ 33 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/ripemd160.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ripemd160.h 3 | * 4 | * \brief RIPE MD-160 message digest 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_RIPEMD160_H 23 | #define MBEDTLS_RIPEMD160_H 24 | #include "mbedtls/include/mbedtls/private_access.h" 25 | 26 | #include "mbedtls/include/mbedtls/build_info.h" 27 | 28 | #include 29 | #include 30 | 31 | #ifdef __cplusplus 32 | extern "C" { 33 | #endif 34 | 35 | #if !defined(MBEDTLS_RIPEMD160_ALT) 36 | // Regular implementation 37 | // 38 | 39 | /** 40 | * \brief RIPEMD-160 context structure 41 | */ 42 | typedef struct mbedtls_ripemd160_context 43 | { 44 | uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */ 45 | uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */ 46 | unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */ 47 | } 48 | mbedtls_ripemd160_context; 49 | 50 | #else /* MBEDTLS_RIPEMD160_ALT */ 51 | #include "ripemd160_alt.h" 52 | #endif /* MBEDTLS_RIPEMD160_ALT */ 53 | 54 | /** 55 | * \brief Initialize RIPEMD-160 context 56 | * 57 | * \param ctx RIPEMD-160 context to be initialized 58 | */ 59 | void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ); 60 | 61 | /** 62 | * \brief Clear RIPEMD-160 context 63 | * 64 | * \param ctx RIPEMD-160 context to be cleared 65 | */ 66 | void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ); 67 | 68 | /** 69 | * \brief Clone (the state of) an RIPEMD-160 context 70 | * 71 | * \param dst The destination context 72 | * \param src The context to be cloned 73 | */ 74 | void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, 75 | const mbedtls_ripemd160_context *src ); 76 | 77 | /** 78 | * \brief RIPEMD-160 context setup 79 | * 80 | * \param ctx context to be initialized 81 | * 82 | * \return 0 if successful 83 | */ 84 | int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ); 85 | 86 | /** 87 | * \brief RIPEMD-160 process buffer 88 | * 89 | * \param ctx RIPEMD-160 context 90 | * \param input buffer holding the data 91 | * \param ilen length of the input data 92 | * 93 | * \return 0 if successful 94 | */ 95 | int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, 96 | const unsigned char *input, 97 | size_t ilen ); 98 | 99 | /** 100 | * \brief RIPEMD-160 final digest 101 | * 102 | * \param ctx RIPEMD-160 context 103 | * \param output RIPEMD-160 checksum result 104 | * 105 | * \return 0 if successful 106 | */ 107 | int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, 108 | unsigned char output[20] ); 109 | 110 | /** 111 | * \brief RIPEMD-160 process data block (internal use only) 112 | * 113 | * \param ctx RIPEMD-160 context 114 | * \param data buffer holding one block of data 115 | * 116 | * \return 0 if successful 117 | */ 118 | int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, 119 | const unsigned char data[64] ); 120 | 121 | /** 122 | * \brief Output = RIPEMD-160( input buffer ) 123 | * 124 | * \param input buffer holding the data 125 | * \param ilen length of the input data 126 | * \param output RIPEMD-160 checksum result 127 | * 128 | * \return 0 if successful 129 | */ 130 | int mbedtls_ripemd160( const unsigned char *input, 131 | size_t ilen, 132 | unsigned char output[20] ); 133 | 134 | #if defined(MBEDTLS_SELF_TEST) 135 | 136 | /** 137 | * \brief Checkup routine 138 | * 139 | * \return 0 if successful, or 1 if the test failed 140 | */ 141 | int mbedtls_ripemd160_self_test( int verbose ); 142 | 143 | #endif /* MBEDTLS_SELF_TEST */ 144 | 145 | #ifdef __cplusplus 146 | } 147 | #endif 148 | 149 | #endif /* mbedtls_ripemd160.h */ 150 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/ssl_cache.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ssl_cache.h 3 | * 4 | * \brief SSL session cache implementation 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_SSL_CACHE_H 23 | #define MBEDTLS_SSL_CACHE_H 24 | #include "mbedtls/include/mbedtls/private_access.h" 25 | 26 | #include "mbedtls/include/mbedtls/build_info.h" 27 | 28 | #include "mbedtls/include/mbedtls/ssl.h" 29 | 30 | #if defined(MBEDTLS_THREADING_C) 31 | #include "mbedtls/include/mbedtls/threading.h" 32 | #endif 33 | 34 | /** 35 | * \name SECTION: Module settings 36 | * 37 | * The configuration options you can set for this module are in this section. 38 | * Either change them in mbedtls_config.h or define them on the compiler command line. 39 | * \{ 40 | */ 41 | 42 | #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT) 43 | #define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */ 44 | #endif 45 | 46 | #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES) 47 | #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */ 48 | #endif 49 | 50 | /* \} name SECTION: Module settings */ 51 | 52 | #ifdef __cplusplus 53 | extern "C" { 54 | #endif 55 | 56 | typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context; 57 | typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry; 58 | 59 | /** 60 | * \brief This structure is used for storing cache entries 61 | */ 62 | struct mbedtls_ssl_cache_entry 63 | { 64 | #if defined(MBEDTLS_HAVE_TIME) 65 | mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */ 66 | #endif 67 | 68 | unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */ 69 | size_t MBEDTLS_PRIVATE(session_id_len); 70 | 71 | unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */ 72 | size_t MBEDTLS_PRIVATE(session_len); 73 | 74 | mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */ 75 | }; 76 | 77 | /** 78 | * \brief Cache context 79 | */ 80 | struct mbedtls_ssl_cache_context 81 | { 82 | mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */ 83 | int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */ 84 | int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */ 85 | #if defined(MBEDTLS_THREADING_C) 86 | mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */ 87 | #endif 88 | }; 89 | 90 | /** 91 | * \brief Initialize an SSL cache context 92 | * 93 | * \param cache SSL cache context 94 | */ 95 | void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ); 96 | 97 | /** 98 | * \brief Cache get callback implementation 99 | * (Thread-safe if MBEDTLS_THREADING_C is enabled) 100 | * 101 | * \param data The SSL cache context to use. 102 | * \param session_id The pointer to the buffer holding the session ID 103 | * for the session to load. 104 | * \param session_id_len The length of \p session_id in bytes. 105 | * \param session The address at which to store the session 106 | * associated with \p session_id, if present. 107 | */ 108 | int mbedtls_ssl_cache_get( void *data, 109 | unsigned char const *session_id, 110 | size_t session_id_len, 111 | mbedtls_ssl_session *session ); 112 | 113 | /** 114 | * \brief Cache set callback implementation 115 | * (Thread-safe if MBEDTLS_THREADING_C is enabled) 116 | * 117 | * \param data The SSL cache context to use. 118 | * \param session_id The pointer to the buffer holding the session ID 119 | * associated to \p session. 120 | * \param session_id_len The length of \p session_id in bytes. 121 | * \param session The session to store. 122 | */ 123 | int mbedtls_ssl_cache_set( void *data, 124 | unsigned char const *session_id, 125 | size_t session_id_len, 126 | const mbedtls_ssl_session *session ); 127 | 128 | #if defined(MBEDTLS_HAVE_TIME) 129 | /** 130 | * \brief Set the cache timeout 131 | * (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day)) 132 | * 133 | * A timeout of 0 indicates no timeout. 134 | * 135 | * \param cache SSL cache context 136 | * \param timeout cache entry timeout in seconds 137 | */ 138 | void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout ); 139 | #endif /* MBEDTLS_HAVE_TIME */ 140 | 141 | /** 142 | * \brief Set the maximum number of cache entries 143 | * (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50)) 144 | * 145 | * \param cache SSL cache context 146 | * \param max cache entry maximum 147 | */ 148 | void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max ); 149 | 150 | /** 151 | * \brief Free referenced items in a cache context and clear memory 152 | * 153 | * \param cache SSL cache context 154 | */ 155 | void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ); 156 | 157 | #ifdef __cplusplus 158 | } 159 | #endif 160 | 161 | #endif /* ssl_cache.h */ 162 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/ssl_cookie.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ssl_cookie.h 3 | * 4 | * \brief DTLS cookie callbacks implementation 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_SSL_COOKIE_H 23 | #define MBEDTLS_SSL_COOKIE_H 24 | #include "mbedtls/include/mbedtls/private_access.h" 25 | 26 | #include "mbedtls/include/mbedtls/build_info.h" 27 | 28 | #include "mbedtls/include/mbedtls/ssl.h" 29 | 30 | #if defined(MBEDTLS_THREADING_C) 31 | #include "mbedtls/include/mbedtls/threading.h" 32 | #endif 33 | 34 | /** 35 | * \name SECTION: Module settings 36 | * 37 | * The configuration options you can set for this module are in this section. 38 | * Either change them in mbedtls_config.h or define them on the compiler command line. 39 | * \{ 40 | */ 41 | #ifndef MBEDTLS_SSL_COOKIE_TIMEOUT 42 | #define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 43 | #endif 44 | 45 | /* \} name SECTION: Module settings */ 46 | 47 | #ifdef __cplusplus 48 | extern "C" { 49 | #endif 50 | 51 | /** 52 | * \brief Context for the default cookie functions. 53 | */ 54 | typedef struct mbedtls_ssl_cookie_ctx 55 | { 56 | mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */ 57 | #if !defined(MBEDTLS_HAVE_TIME) 58 | unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */ 59 | #endif 60 | unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME, 61 | or in number of tickets issued */ 62 | 63 | #if defined(MBEDTLS_THREADING_C) 64 | mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); 65 | #endif 66 | } mbedtls_ssl_cookie_ctx; 67 | 68 | /** 69 | * \brief Initialize cookie context 70 | */ 71 | void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx ); 72 | 73 | /** 74 | * \brief Setup cookie context (generate keys) 75 | */ 76 | int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, 77 | int (*f_rng)(void *, unsigned char *, size_t), 78 | void *p_rng ); 79 | 80 | /** 81 | * \brief Set expiration delay for cookies 82 | * (Default MBEDTLS_SSL_COOKIE_TIMEOUT) 83 | * 84 | * \param ctx Cookie contex 85 | * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies 86 | * issued in the meantime. 87 | * 0 to disable expiration (NOT recommended) 88 | */ 89 | void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay ); 90 | 91 | /** 92 | * \brief Free cookie context 93 | */ 94 | void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ); 95 | 96 | /** 97 | * \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t 98 | */ 99 | mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write; 100 | 101 | /** 102 | * \brief Verify cookie, see \c mbedtls_ssl_cookie_write_t 103 | */ 104 | mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check; 105 | 106 | #ifdef __cplusplus 107 | } 108 | #endif 109 | 110 | #endif /* ssl_cookie.h */ 111 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/ssl_ticket.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ssl_ticket.h 3 | * 4 | * \brief TLS server ticket callbacks implementation 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_SSL_TICKET_H 23 | #define MBEDTLS_SSL_TICKET_H 24 | #include "mbedtls/include/mbedtls/private_access.h" 25 | 26 | #include "mbedtls/include/mbedtls/build_info.h" 27 | 28 | /* 29 | * This implementation of the session ticket callbacks includes key 30 | * management, rotating the keys periodically in order to preserve forward 31 | * secrecy, when MBEDTLS_HAVE_TIME is defined. 32 | */ 33 | 34 | #include "mbedtls/include/mbedtls/ssl.h" 35 | #include "mbedtls/include/mbedtls/cipher.h" 36 | 37 | #if defined(MBEDTLS_THREADING_C) 38 | #include "mbedtls/include/mbedtls/threading.h" 39 | #endif 40 | 41 | #ifdef __cplusplus 42 | extern "C" { 43 | #endif 44 | 45 | /** 46 | * \brief Information for session ticket protection 47 | */ 48 | typedef struct mbedtls_ssl_ticket_key 49 | { 50 | unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */ 51 | uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */ 52 | mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */ 53 | } 54 | mbedtls_ssl_ticket_key; 55 | 56 | /** 57 | * \brief Context for session ticket handling functions 58 | */ 59 | typedef struct mbedtls_ssl_ticket_context 60 | { 61 | mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ 62 | unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ 63 | 64 | uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ 65 | 66 | /** Callback for getting (pseudo-)random numbers */ 67 | int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); 68 | void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ 69 | 70 | #if defined(MBEDTLS_THREADING_C) 71 | mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); 72 | #endif 73 | } 74 | mbedtls_ssl_ticket_context; 75 | 76 | /** 77 | * \brief Initialize a ticket context. 78 | * (Just make it ready for mbedtls_ssl_ticket_setup() 79 | * or mbedtls_ssl_ticket_free().) 80 | * 81 | * \param ctx Context to be initialized 82 | */ 83 | void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); 84 | 85 | /** 86 | * \brief Prepare context to be actually used 87 | * 88 | * \param ctx Context to be set up 89 | * \param f_rng RNG callback function (mandatory) 90 | * \param p_rng RNG callback context 91 | * \param cipher AEAD cipher to use for ticket protection. 92 | * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. 93 | * \param lifetime Tickets lifetime in seconds 94 | * Recommended value: 86400 (one day). 95 | * 96 | * \note It is highly recommended to select a cipher that is at 97 | * least as strong as the strongest ciphersuite 98 | * supported. Usually that means a 256-bit key. 99 | * 100 | * \note The lifetime of the keys is twice the lifetime of tickets. 101 | * It is recommended to pick a reasonnable lifetime so as not 102 | * to negate the benefits of forward secrecy. 103 | * 104 | * \return 0 if successful, 105 | * or a specific MBEDTLS_ERR_XXX error code 106 | */ 107 | int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, 108 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 109 | mbedtls_cipher_type_t cipher, 110 | uint32_t lifetime ); 111 | 112 | /** 113 | * \brief Implementation of the ticket write callback 114 | * 115 | * \note See \c mbedtls_ssl_ticket_write_t for description 116 | */ 117 | mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write; 118 | 119 | /** 120 | * \brief Implementation of the ticket parse callback 121 | * 122 | * \note See \c mbedtls_ssl_ticket_parse_t for description 123 | */ 124 | mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; 125 | 126 | /** 127 | * \brief Free a context's content and zeroize it. 128 | * 129 | * \param ctx Context to be cleaned up 130 | */ 131 | void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ); 132 | 133 | #ifdef __cplusplus 134 | } 135 | #endif 136 | 137 | #endif /* ssl_ticket.h */ 138 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/threading.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file threading.h 3 | * 4 | * \brief Threading abstraction layer 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_THREADING_H 23 | #define MBEDTLS_THREADING_H 24 | #include "mbedtls/include/mbedtls/private_access.h" 25 | 26 | #include "mbedtls/include/mbedtls/build_info.h" 27 | 28 | #include 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif 33 | 34 | /** Bad input parameters to function. */ 35 | #define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C 36 | /** Locking / unlocking / free failed with error code. */ 37 | #define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E 38 | 39 | #if defined(MBEDTLS_THREADING_PTHREAD) 40 | #include 41 | typedef struct mbedtls_threading_mutex_t 42 | { 43 | pthread_mutex_t MBEDTLS_PRIVATE(mutex); 44 | /* is_valid is 0 after a failed init or a free, and nonzero after a 45 | * successful init. This field is not considered part of the public 46 | * API of Mbed TLS and may change without notice. */ 47 | char MBEDTLS_PRIVATE(is_valid); 48 | } mbedtls_threading_mutex_t; 49 | #endif 50 | 51 | #if defined(MBEDTLS_THREADING_ALT) 52 | /* You should define the mbedtls_threading_mutex_t type in your header */ 53 | #include "threading_alt.h" 54 | 55 | /** 56 | * \brief Set your alternate threading implementation function 57 | * pointers and initialize global mutexes. If used, this 58 | * function must be called once in the main thread before any 59 | * other mbed TLS function is called, and 60 | * mbedtls_threading_free_alt() must be called once in the main 61 | * thread after all other mbed TLS functions. 62 | * 63 | * \note mutex_init() and mutex_free() don't return a status code. 64 | * If mutex_init() fails, it should leave its argument (the 65 | * mutex) in a state such that mutex_lock() will fail when 66 | * called with this argument. 67 | * 68 | * \param mutex_init the init function implementation 69 | * \param mutex_free the free function implementation 70 | * \param mutex_lock the lock function implementation 71 | * \param mutex_unlock the unlock function implementation 72 | */ 73 | void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ), 74 | void (*mutex_free)( mbedtls_threading_mutex_t * ), 75 | int (*mutex_lock)( mbedtls_threading_mutex_t * ), 76 | int (*mutex_unlock)( mbedtls_threading_mutex_t * ) ); 77 | 78 | /** 79 | * \brief Free global mutexes. 80 | */ 81 | void mbedtls_threading_free_alt( void ); 82 | #endif /* MBEDTLS_THREADING_ALT */ 83 | 84 | #if defined(MBEDTLS_THREADING_C) 85 | /* 86 | * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock 87 | * 88 | * All these functions are expected to work or the result will be undefined. 89 | */ 90 | extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex ); 91 | extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex ); 92 | extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex ); 93 | extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); 94 | 95 | /* 96 | * Global mutexes 97 | */ 98 | #if defined(MBEDTLS_FS_IO) 99 | extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; 100 | #endif 101 | 102 | #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) 103 | /* This mutex may or may not be used in the default definition of 104 | * mbedtls_platform_gmtime_r(), but in order to determine that, 105 | * we need to check POSIX features, hence modify _POSIX_C_SOURCE. 106 | * With the current approach, this declaration is orphaned, lacking 107 | * an accompanying definition, in case mbedtls_platform_gmtime_r() 108 | * doesn't need it, but that's not a problem. */ 109 | extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; 110 | #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ 111 | 112 | #endif /* MBEDTLS_THREADING_C */ 113 | 114 | #ifdef __cplusplus 115 | } 116 | #endif 117 | 118 | #endif /* threading.h */ 119 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/timing.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file timing.h 3 | * 4 | * \brief Portable interface to timeouts and to the CPU cycle counter 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_TIMING_H 23 | #define MBEDTLS_TIMING_H 24 | #include "mbedtls/include/mbedtls/private_access.h" 25 | 26 | #include "mbedtls/include/mbedtls/build_info.h" 27 | 28 | #include 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif 33 | 34 | #if !defined(MBEDTLS_TIMING_ALT) 35 | // Regular implementation 36 | // 37 | 38 | /** 39 | * \brief timer structure 40 | */ 41 | struct mbedtls_timing_hr_time 42 | { 43 | unsigned char MBEDTLS_PRIVATE(opaque)[32]; 44 | }; 45 | 46 | /** 47 | * \brief Context for mbedtls_timing_set/get_delay() 48 | */ 49 | typedef struct mbedtls_timing_delay_context 50 | { 51 | struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer); 52 | uint32_t MBEDTLS_PRIVATE(int_ms); 53 | uint32_t MBEDTLS_PRIVATE(fin_ms); 54 | } mbedtls_timing_delay_context; 55 | 56 | #else /* MBEDTLS_TIMING_ALT */ 57 | #include "timing_alt.h" 58 | #endif /* MBEDTLS_TIMING_ALT */ 59 | 60 | /* Internal use */ 61 | unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); 62 | 63 | /** 64 | * \brief Set a pair of delays to watch 65 | * (See \c mbedtls_timing_get_delay().) 66 | * 67 | * \param data Pointer to timing data. 68 | * Must point to a valid \c mbedtls_timing_delay_context struct. 69 | * \param int_ms First (intermediate) delay in milliseconds. 70 | * The effect if int_ms > fin_ms is unspecified. 71 | * \param fin_ms Second (final) delay in milliseconds. 72 | * Pass 0 to cancel the current delay. 73 | * 74 | * \note To set a single delay, either use \c mbedtls_timing_set_timer 75 | * directly or use this function with int_ms == fin_ms. 76 | */ 77 | void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); 78 | 79 | /** 80 | * \brief Get the status of delays 81 | * (Memory helper: number of delays passed.) 82 | * 83 | * \param data Pointer to timing data 84 | * Must point to a valid \c mbedtls_timing_delay_context struct. 85 | * 86 | * \return -1 if cancelled (fin_ms = 0), 87 | * 0 if none of the delays are passed, 88 | * 1 if only the intermediate delay is passed, 89 | * 2 if the final delay is passed. 90 | */ 91 | int mbedtls_timing_get_delay( void *data ); 92 | 93 | #ifdef __cplusplus 94 | } 95 | #endif 96 | 97 | #endif /* timing.h */ 98 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/version.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file version.h 3 | * 4 | * \brief Run-time version information 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | /* 23 | * This set of run-time variables can be used to determine the version number of 24 | * the Mbed TLS library used. Compile-time version defines for the same can be 25 | * found in build_info.h 26 | */ 27 | #ifndef MBEDTLS_VERSION_H 28 | #define MBEDTLS_VERSION_H 29 | 30 | #include "mbedtls/include/mbedtls/build_info.h" 31 | 32 | #if defined(MBEDTLS_VERSION_C) 33 | 34 | #ifdef __cplusplus 35 | extern "C" { 36 | #endif 37 | 38 | /** 39 | * Get the version number. 40 | * 41 | * \return The constructed version number in the format 42 | * MMNNPP00 (Major, Minor, Patch). 43 | */ 44 | unsigned int mbedtls_version_get_number( void ); 45 | 46 | /** 47 | * Get the version string ("x.y.z"). 48 | * 49 | * \param string The string that will receive the value. 50 | * (Should be at least 9 bytes in size) 51 | */ 52 | void mbedtls_version_get_string( char *string ); 53 | 54 | /** 55 | * Get the full version string ("mbed TLS x.y.z"). 56 | * 57 | * \param string The string that will receive the value. The mbed TLS version 58 | * string will use 18 bytes AT MOST including a terminating 59 | * null byte. 60 | * (So the buffer should be at least 18 bytes to receive this 61 | * version string). 62 | */ 63 | void mbedtls_version_get_string_full( char *string ); 64 | 65 | /** 66 | * \brief Check if support for a feature was compiled into this 67 | * mbed TLS binary. This allows you to see at runtime if the 68 | * library was for instance compiled with or without 69 | * Multi-threading support. 70 | * 71 | * \note only checks against defines in the sections "System 72 | * support", "mbed TLS modules" and "mbed TLS feature 73 | * support" in mbedtls_config.h 74 | * 75 | * \param feature The string for the define to check (e.g. "MBEDTLS_AES_C") 76 | * 77 | * \return 0 if the feature is present, 78 | * -1 if the feature is not present and 79 | * -2 if support for feature checking as a whole was not 80 | * compiled in. 81 | */ 82 | int mbedtls_version_check_feature( const char *feature ); 83 | 84 | #ifdef __cplusplus 85 | } 86 | #endif 87 | 88 | #endif /* MBEDTLS_VERSION_C */ 89 | 90 | #endif /* version.h */ 91 | -------------------------------------------------------------------------------- /src/mbedtls/include/mbedtls/x509_crl.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file x509_crl.h 3 | * 4 | * \brief X.509 certificate revocation list parsing 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_X509_CRL_H 23 | #define MBEDTLS_X509_CRL_H 24 | #include "mbedtls/include/mbedtls/private_access.h" 25 | 26 | #include "mbedtls/include/mbedtls/build_info.h" 27 | 28 | #include "mbedtls/include/mbedtls/x509.h" 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif 33 | 34 | /** 35 | * \addtogroup x509_module 36 | * \{ */ 37 | 38 | /** 39 | * \name Structures and functions for parsing CRLs 40 | * \{ 41 | */ 42 | 43 | /** 44 | * Certificate revocation list entry. 45 | * Contains the CA-specific serial numbers and revocation dates. 46 | * 47 | * Some fields of this structure are publicly readable. Do not modify 48 | * them except via Mbed TLS library functions: the effect of modifying 49 | * those fields or the data that those fields points to is unspecified. 50 | */ 51 | typedef struct mbedtls_x509_crl_entry 52 | { 53 | /** Direct access to the whole entry inside the containing buffer. */ 54 | mbedtls_x509_buf raw; 55 | /** The serial number of the revoked certificate. */ 56 | mbedtls_x509_buf serial; 57 | /** The revocation date of this entry. */ 58 | mbedtls_x509_time revocation_date; 59 | /** Direct access to the list of CRL entry extensions 60 | * (an ASN.1 constructed sequence). 61 | * 62 | * If there are no extensions, `entry_ext.len == 0` and 63 | * `entry_ext.p == NULL`. */ 64 | mbedtls_x509_buf entry_ext; 65 | 66 | /** Next element in the linked list of entries. 67 | * \p NULL indicates the end of the list. 68 | * Do not modify this field directly. */ 69 | struct mbedtls_x509_crl_entry *next; 70 | } 71 | mbedtls_x509_crl_entry; 72 | 73 | /** 74 | * Certificate revocation list structure. 75 | * Every CRL may have multiple entries. 76 | */ 77 | typedef struct mbedtls_x509_crl 78 | { 79 | mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ 80 | mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ 81 | 82 | int version; /**< CRL version (1=v1, 2=v2) */ 83 | mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ 84 | 85 | mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */ 86 | 87 | mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ 88 | 89 | mbedtls_x509_time this_update; 90 | mbedtls_x509_time next_update; 91 | 92 | mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */ 93 | 94 | mbedtls_x509_buf crl_ext; 95 | 96 | mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2); 97 | mbedtls_x509_buf MBEDTLS_PRIVATE(sig); 98 | mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ 99 | mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ 100 | void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ 101 | 102 | /** Next element in the linked list of CRL. 103 | * \p NULL indicates the end of the list. 104 | * Do not modify this field directly. */ 105 | struct mbedtls_x509_crl *next; 106 | } 107 | mbedtls_x509_crl; 108 | 109 | /** 110 | * \brief Parse a DER-encoded CRL and append it to the chained list 111 | * 112 | * \param chain points to the start of the chain 113 | * \param buf buffer holding the CRL data in DER format 114 | * \param buflen size of the buffer 115 | * (including the terminating null byte for PEM data) 116 | * 117 | * \return 0 if successful, or a specific X509 or PEM error code 118 | */ 119 | int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, 120 | const unsigned char *buf, size_t buflen ); 121 | /** 122 | * \brief Parse one or more CRLs and append them to the chained list 123 | * 124 | * \note Multiple CRLs are accepted only if using PEM format 125 | * 126 | * \param chain points to the start of the chain 127 | * \param buf buffer holding the CRL data in PEM or DER format 128 | * \param buflen size of the buffer 129 | * (including the terminating null byte for PEM data) 130 | * 131 | * \return 0 if successful, or a specific X509 or PEM error code 132 | */ 133 | int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ); 134 | 135 | #if defined(MBEDTLS_FS_IO) 136 | /** 137 | * \brief Load one or more CRLs and append them to the chained list 138 | * 139 | * \note Multiple CRLs are accepted only if using PEM format 140 | * 141 | * \param chain points to the start of the chain 142 | * \param path filename to read the CRLs from (in PEM or DER encoding) 143 | * 144 | * \return 0 if successful, or a specific X509 or PEM error code 145 | */ 146 | int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); 147 | #endif /* MBEDTLS_FS_IO */ 148 | 149 | #if !defined(MBEDTLS_X509_REMOVE_INFO) 150 | /** 151 | * \brief Returns an informational string about the CRL. 152 | * 153 | * \param buf Buffer to write to 154 | * \param size Maximum size of buffer 155 | * \param prefix A line prefix 156 | * \param crl The X509 CRL to represent 157 | * 158 | * \return The length of the string written (not including the 159 | * terminated nul byte), or a negative error code. 160 | */ 161 | int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, 162 | const mbedtls_x509_crl *crl ); 163 | #endif /* !MBEDTLS_X509_REMOVE_INFO */ 164 | 165 | /** 166 | * \brief Initialize a CRL (chain) 167 | * 168 | * \param crl CRL chain to initialize 169 | */ 170 | void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ); 171 | 172 | /** 173 | * \brief Unallocate all CRL data 174 | * 175 | * \param crl CRL chain to free 176 | */ 177 | void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ); 178 | 179 | /* \} name */ 180 | /* \} addtogroup x509_module */ 181 | 182 | #ifdef __cplusplus 183 | } 184 | #endif 185 | 186 | #endif /* mbedtls_x509_crl.h */ 187 | -------------------------------------------------------------------------------- /src/mbedtls/include/psa/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hirotakaster/MQTT-TLS/e2a0a6c79ea8624aaa7695ecd0bdd3a6abdd26d1/src/mbedtls/include/psa/.DS_Store -------------------------------------------------------------------------------- /src/mbedtls/include/psa/crypto_builtin_composites.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Context structure declaration of the Mbed TLS software-based PSA drivers 3 | * called through the PSA Crypto driver dispatch layer. 4 | * This file contains the context structures of those algorithms which need to 5 | * rely on other algorithms, i.e. are 'composite' algorithms. 6 | * 7 | * \note This file may not be included directly. Applications must 8 | * include psa/crypto.h. 9 | * 10 | * \note This header and its content is not part of the Mbed TLS API and 11 | * applications must not depend on it. Its main purpose is to define the 12 | * multi-part state objects of the Mbed TLS software-based PSA drivers. The 13 | * definition of these objects are then used by crypto_struct.h to define the 14 | * implementation-defined types of PSA multi-part state objects. 15 | */ 16 | /* 17 | * Copyright The Mbed TLS Contributors 18 | * SPDX-License-Identifier: Apache-2.0 19 | * 20 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 21 | * not use this file except in compliance with the License. 22 | * You may obtain a copy of the License at 23 | * 24 | * http://www.apache.org/licenses/LICENSE-2.0 25 | * 26 | * Unless required by applicable law or agreed to in writing, software 27 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 28 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 29 | * See the License for the specific language governing permissions and 30 | * limitations under the License. 31 | */ 32 | 33 | #ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H 34 | #define PSA_CRYPTO_BUILTIN_COMPOSITES_H 35 | #include "mbedtls/include/mbedtls/private_access.h" 36 | 37 | #include "crypto_driver_common.h" 38 | 39 | /* 40 | * MAC multi-part operation definitions. 41 | */ 42 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \ 43 | defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) 44 | #define MBEDTLS_PSA_BUILTIN_MAC 45 | #endif 46 | 47 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST) 48 | typedef struct 49 | { 50 | /** The HMAC algorithm in use */ 51 | psa_algorithm_t MBEDTLS_PRIVATE(alg); 52 | /** The hash context. */ 53 | struct psa_hash_operation_s hash_ctx; 54 | /** The HMAC part of the context. */ 55 | uint8_t MBEDTLS_PRIVATE(opad)[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; 56 | } mbedtls_psa_hmac_operation_t; 57 | 58 | #define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}} 59 | #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ 60 | 61 | #include "mbedtls/include/mbedtls/cmac.h" 62 | 63 | typedef struct 64 | { 65 | psa_algorithm_t MBEDTLS_PRIVATE(alg); 66 | union 67 | { 68 | unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */ 69 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST) 70 | mbedtls_psa_hmac_operation_t MBEDTLS_PRIVATE(hmac); 71 | #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ 72 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST) 73 | mbedtls_cipher_context_t MBEDTLS_PRIVATE(cmac); 74 | #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ 75 | } MBEDTLS_PRIVATE(ctx); 76 | } mbedtls_psa_mac_operation_t; 77 | 78 | #define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}} 79 | 80 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \ 81 | defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \ 82 | defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) 83 | #define MBEDTLS_PSA_BUILTIN_AEAD 1 84 | #endif 85 | 86 | /* Context structure for the Mbed TLS AEAD implementation. */ 87 | typedef struct 88 | { 89 | psa_algorithm_t MBEDTLS_PRIVATE(alg); 90 | psa_key_type_t MBEDTLS_PRIVATE(key_type); 91 | 92 | unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1; 93 | 94 | uint8_t MBEDTLS_PRIVATE(tag_length); 95 | 96 | union 97 | { 98 | unsigned dummy; /* Enable easier initializing of the union. */ 99 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) 100 | mbedtls_ccm_context MBEDTLS_PRIVATE(ccm); 101 | #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ 102 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) 103 | mbedtls_gcm_context MBEDTLS_PRIVATE(gcm); 104 | #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ 105 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) 106 | mbedtls_chachapoly_context MBEDTLS_PRIVATE(chachapoly); 107 | #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ 108 | 109 | } ctx; 110 | 111 | } mbedtls_psa_aead_operation_t; 112 | 113 | #define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, {0}} 114 | 115 | #endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */ 116 | -------------------------------------------------------------------------------- /src/mbedtls/include/psa/crypto_builtin_primitives.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Context structure declaration of the Mbed TLS software-based PSA drivers 3 | * called through the PSA Crypto driver dispatch layer. 4 | * This file contains the context structures of those algorithms which do not 5 | * rely on other algorithms, i.e. are 'primitive' algorithms. 6 | * 7 | * \note This file may not be included directly. Applications must 8 | * include psa/crypto.h. 9 | * 10 | * \note This header and its content is not part of the Mbed TLS API and 11 | * applications must not depend on it. Its main purpose is to define the 12 | * multi-part state objects of the Mbed TLS software-based PSA drivers. The 13 | * definition of these objects are then used by crypto_struct.h to define the 14 | * implementation-defined types of PSA multi-part state objects. 15 | */ 16 | /* 17 | * Copyright The Mbed TLS Contributors 18 | * SPDX-License-Identifier: Apache-2.0 19 | * 20 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 21 | * not use this file except in compliance with the License. 22 | * You may obtain a copy of the License at 23 | * 24 | * http://www.apache.org/licenses/LICENSE-2.0 25 | * 26 | * Unless required by applicable law or agreed to in writing, software 27 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 28 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 29 | * See the License for the specific language governing permissions and 30 | * limitations under the License. 31 | */ 32 | 33 | #ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H 34 | #define PSA_CRYPTO_BUILTIN_PRIMITIVES_H 35 | #include "mbedtls/include/mbedtls/private_access.h" 36 | 37 | #include "crypto_driver_common.h" 38 | 39 | /* 40 | * Hash multi-part operation definitions. 41 | */ 42 | 43 | #include "mbedtls/include/mbedtls/md5.h" 44 | #include "mbedtls/include/mbedtls/ripemd160.h" 45 | #include "mbedtls/include/mbedtls/sha1.h" 46 | #include "mbedtls/include/mbedtls/sha256.h" 47 | #include "mbedtls/include/mbedtls/sha512.h" 48 | 49 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \ 50 | defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \ 51 | defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \ 52 | defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \ 53 | defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \ 54 | defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \ 55 | defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) 56 | #define MBEDTLS_PSA_BUILTIN_HASH 57 | #endif 58 | 59 | typedef struct 60 | { 61 | psa_algorithm_t MBEDTLS_PRIVATE(alg); 62 | union 63 | { 64 | unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ 65 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) 66 | mbedtls_md5_context md5; 67 | #endif 68 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) 69 | mbedtls_ripemd160_context ripemd160; 70 | #endif 71 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) 72 | mbedtls_sha1_context sha1; 73 | #endif 74 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \ 75 | defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) 76 | mbedtls_sha256_context sha256; 77 | #endif 78 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \ 79 | defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) 80 | mbedtls_sha512_context sha512; 81 | #endif 82 | } MBEDTLS_PRIVATE(ctx); 83 | } mbedtls_psa_hash_operation_t; 84 | 85 | #define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}} 86 | 87 | /* 88 | * Cipher multi-part operation definitions. 89 | */ 90 | 91 | #include "mbedtls/include/mbedtls/cipher.h" 92 | 93 | #if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \ 94 | defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \ 95 | defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \ 96 | defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \ 97 | defined(MBEDTLS_PSA_BUILTIN_ALG_XTS) || \ 98 | defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \ 99 | defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ 100 | defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) 101 | #define MBEDTLS_PSA_BUILTIN_CIPHER 1 102 | #endif 103 | 104 | typedef struct { 105 | /* Context structure for the Mbed TLS cipher implementation. */ 106 | psa_algorithm_t MBEDTLS_PRIVATE(alg); 107 | uint8_t MBEDTLS_PRIVATE(iv_length); 108 | uint8_t MBEDTLS_PRIVATE(block_length); 109 | union { 110 | unsigned int MBEDTLS_PRIVATE(dummy); 111 | mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher); 112 | } MBEDTLS_PRIVATE(ctx); 113 | } mbedtls_psa_cipher_operation_t; 114 | 115 | #define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}} 116 | 117 | #endif /* PSA_CRYPTO_BUILTIN_PRIMITIVES_H */ 118 | -------------------------------------------------------------------------------- /src/mbedtls/include/psa/crypto_config.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file psa/crypto_config.h 3 | * \brief PSA crypto configuration options (set of defines) 4 | * 5 | */ 6 | #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) 7 | /** 8 | * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, 9 | * this file determines which cryptographic mechanisms are enabled 10 | * through the PSA Cryptography API (\c psa_xxx() functions). 11 | * 12 | * To enable a cryptographic mechanism, uncomment the definition of 13 | * the corresponding \c PSA_WANT_xxx preprocessor symbol. 14 | * To disable a cryptographic mechanism, comment out the definition of 15 | * the corresponding \c PSA_WANT_xxx preprocessor symbol. 16 | * The names of cryptographic mechanisms correspond to values 17 | * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead 18 | * of \c PSA_. 19 | * 20 | * Note that many cryptographic mechanisms involve two symbols: one for 21 | * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm 22 | * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve 23 | * additional symbols. 24 | */ 25 | #else 26 | /** 27 | * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h, 28 | * this file is not used, and cryptographic mechanisms are supported 29 | * through the PSA API if and only if they are supported through the 30 | * mbedtls_xxx API. 31 | */ 32 | #endif 33 | /* 34 | * Copyright The Mbed TLS Contributors 35 | * SPDX-License-Identifier: Apache-2.0 36 | * 37 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 38 | * not use this file except in compliance with the License. 39 | * You may obtain a copy of the License at 40 | * 41 | * http://www.apache.org/licenses/LICENSE-2.0 42 | * 43 | * Unless required by applicable law or agreed to in writing, software 44 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 45 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 46 | * See the License for the specific language governing permissions and 47 | * limitations under the License. 48 | */ 49 | 50 | #ifndef PSA_CRYPTO_CONFIG_H 51 | #define PSA_CRYPTO_CONFIG_H 52 | 53 | /* 54 | * CBC-MAC is not yet supported via the PSA API in Mbed TLS. 55 | */ 56 | //#define PSA_WANT_ALG_CBC_MAC 1 57 | #define PSA_WANT_ALG_CBC_NO_PADDING 1 58 | #define PSA_WANT_ALG_CBC_PKCS7 1 59 | #define PSA_WANT_ALG_CCM 1 60 | #define PSA_WANT_ALG_CMAC 1 61 | #define PSA_WANT_ALG_CFB 1 62 | #define PSA_WANT_ALG_CHACHA20_POLY1305 1 63 | #define PSA_WANT_ALG_CMAC 1 64 | #define PSA_WANT_ALG_CTR 1 65 | #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 66 | #define PSA_WANT_ALG_ECB_NO_PADDING 1 67 | #define PSA_WANT_ALG_ECDH 1 68 | #define PSA_WANT_ALG_ECDSA 1 69 | #define PSA_WANT_ALG_GCM 1 70 | #define PSA_WANT_ALG_HKDF 1 71 | #define PSA_WANT_ALG_HMAC 1 72 | #define PSA_WANT_ALG_MD5 1 73 | #define PSA_WANT_ALG_OFB 1 74 | /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. 75 | * Note: when adding support, also adjust include/mbedtls/config_psa.h */ 76 | //#define PSA_WANT_ALG_PBKDF2_HMAC 1 77 | #define PSA_WANT_ALG_RIPEMD160 1 78 | #define PSA_WANT_ALG_RSA_OAEP 1 79 | #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 80 | #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 81 | #define PSA_WANT_ALG_RSA_PSS 1 82 | #define PSA_WANT_ALG_SHA_1 1 83 | #define PSA_WANT_ALG_SHA_224 1 84 | #define PSA_WANT_ALG_SHA_256 1 85 | #define PSA_WANT_ALG_SHA_384 1 86 | #define PSA_WANT_ALG_SHA_512 1 87 | #define PSA_WANT_ALG_STREAM_CIPHER 1 88 | #define PSA_WANT_ALG_TLS12_PRF 1 89 | #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 90 | #define PSA_WANT_ALG_XTS 1 91 | 92 | #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 93 | #define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 94 | #define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 95 | #define PSA_WANT_ECC_MONTGOMERY_255 1 96 | #define PSA_WANT_ECC_MONTGOMERY_448 1 97 | #define PSA_WANT_ECC_SECP_K1_192 1 98 | /* 99 | * SECP224K1 is buggy via the PSA API in Mbed TLS 100 | * (https://github.com/ARMmbed/mbedtls/issues/3541). Thus, do not enable it by 101 | * default. 102 | */ 103 | //#define PSA_WANT_ECC_SECP_K1_224 1 104 | #define PSA_WANT_ECC_SECP_K1_256 1 105 | #define PSA_WANT_ECC_SECP_R1_192 1 106 | #define PSA_WANT_ECC_SECP_R1_224 1 107 | #define PSA_WANT_ECC_SECP_R1_256 1 108 | #define PSA_WANT_ECC_SECP_R1_384 1 109 | #define PSA_WANT_ECC_SECP_R1_521 1 110 | 111 | #define PSA_WANT_KEY_TYPE_DERIVE 1 112 | #define PSA_WANT_KEY_TYPE_HMAC 1 113 | #define PSA_WANT_KEY_TYPE_AES 1 114 | #define PSA_WANT_KEY_TYPE_ARIA 1 115 | #define PSA_WANT_KEY_TYPE_CAMELLIA 1 116 | #define PSA_WANT_KEY_TYPE_CHACHA20 1 117 | #define PSA_WANT_KEY_TYPE_DES 1 118 | #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 119 | #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 120 | #define PSA_WANT_KEY_TYPE_RAW_DATA 1 121 | #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 122 | #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 123 | 124 | #endif /* PSA_CRYPTO_CONFIG_H */ 125 | -------------------------------------------------------------------------------- /src/mbedtls/include/psa/crypto_driver_common.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file psa/crypto_driver_common.h 3 | * \brief Definitions for all PSA crypto drivers 4 | * 5 | * This file contains common definitions shared by all PSA crypto drivers. 6 | * Do not include it directly: instead, include the header file(s) for 7 | * the type(s) of driver that you are implementing. For example, if 8 | * you are writing a dynamically registered driver for a secure element, 9 | * include `psa/crypto_se_driver.h`. 10 | * 11 | * This file is part of the PSA Crypto Driver Model, containing functions for 12 | * driver developers to implement to enable hardware to be called in a 13 | * standardized way by a PSA Cryptographic API implementation. The functions 14 | * comprising the driver model, which driver authors implement, are not 15 | * intended to be called by application developers. 16 | */ 17 | 18 | /* 19 | * Copyright The Mbed TLS Contributors 20 | * SPDX-License-Identifier: Apache-2.0 21 | * 22 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 23 | * not use this file except in compliance with the License. 24 | * You may obtain a copy of the License at 25 | * 26 | * http://www.apache.org/licenses/LICENSE-2.0 27 | * 28 | * Unless required by applicable law or agreed to in writing, software 29 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 30 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 31 | * See the License for the specific language governing permissions and 32 | * limitations under the License. 33 | */ 34 | #ifndef PSA_CRYPTO_DRIVER_COMMON_H 35 | #define PSA_CRYPTO_DRIVER_COMMON_H 36 | 37 | #include 38 | #include 39 | 40 | /* Include type definitions (psa_status_t, psa_algorithm_t, 41 | * psa_key_type_t, etc.) and macros to build and analyze values 42 | * of these types. */ 43 | #include "crypto_types.h" 44 | #include "crypto_values.h" 45 | /* Include size definitions which are used to size some arrays in operation 46 | * structures. */ 47 | #include "crypto_sizes.h" 48 | 49 | /** For encrypt-decrypt functions, whether the operation is an encryption 50 | * or a decryption. */ 51 | typedef enum { 52 | PSA_CRYPTO_DRIVER_DECRYPT, 53 | PSA_CRYPTO_DRIVER_ENCRYPT 54 | } psa_encrypt_or_decrypt_t; 55 | 56 | #endif /* PSA_CRYPTO_DRIVER_COMMON_H */ 57 | -------------------------------------------------------------------------------- /src/mbedtls/include/psa/crypto_driver_contexts_composites.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Declaration of context structures for use with the PSA driver wrapper 3 | * interface. This file contains the context structures for 'composite' 4 | * operations, i.e. those operations which need to make use of other operations 5 | * from the primitives (crypto_driver_contexts_primitives.h) 6 | * 7 | * Warning: This file will be auto-generated in the future. 8 | * 9 | * \note This file may not be included directly. Applications must 10 | * include psa/crypto.h. 11 | * 12 | * \note This header and its content is not part of the Mbed TLS API and 13 | * applications must not depend on it. Its main purpose is to define the 14 | * multi-part state objects of the PSA drivers included in the cryptographic 15 | * library. The definition of these objects are then used by crypto_struct.h 16 | * to define the implementation-defined types of PSA multi-part state objects. 17 | */ 18 | /* Copyright The Mbed TLS Contributors 19 | * SPDX-License-Identifier: Apache-2.0 20 | * 21 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 22 | * not use this file except in compliance with the License. 23 | * You may obtain a copy of the License at 24 | * 25 | * http://www.apache.org/licenses/LICENSE-2.0 26 | * 27 | * Unless required by applicable law or agreed to in writing, software 28 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 29 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 30 | * See the License for the specific language governing permissions and 31 | * limitations under the License. 32 | */ 33 | 34 | #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H 35 | #define PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H 36 | 37 | #include "mbedtls/include/psa/crypto_driver_common.h" 38 | 39 | /* Include the context structure definitions for the Mbed TLS software drivers */ 40 | #include "mbedtls/include/psa/crypto_builtin_composites.h" 41 | 42 | /* Include the context structure definitions for those drivers that were 43 | * declared during the autogeneration process. */ 44 | 45 | #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) 46 | #include 47 | #endif 48 | 49 | #if defined(PSA_CRYPTO_DRIVER_TEST) 50 | #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 51 | defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) 52 | typedef libtestdriver1_mbedtls_psa_mac_operation_t 53 | mbedtls_transparent_test_driver_mac_operation_t; 54 | typedef libtestdriver1_mbedtls_psa_mac_operation_t 55 | mbedtls_opaque_test_driver_mac_operation_t; 56 | 57 | #define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT \ 58 | LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT 59 | #define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT \ 60 | LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT 61 | 62 | #else 63 | typedef mbedtls_psa_mac_operation_t 64 | mbedtls_transparent_test_driver_mac_operation_t; 65 | typedef mbedtls_psa_mac_operation_t 66 | mbedtls_opaque_test_driver_mac_operation_t; 67 | 68 | #define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT \ 69 | MBEDTLS_PSA_MAC_OPERATION_INIT 70 | #define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT \ 71 | MBEDTLS_PSA_MAC_OPERATION_INIT 72 | 73 | #endif /* MBEDTLS_TEST_LIBTESTDRIVER1 && LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC */ 74 | 75 | #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 76 | defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) 77 | typedef libtestdriver1_mbedtls_psa_aead_operation_t 78 | mbedtls_transparent_test_driver_aead_operation_t; 79 | 80 | #define MBEDTLS_TRANSPARENT_TEST_DRIVER_AEAD_OPERATION_INIT \ 81 | LIBTESTDRIVER1_MBEDTLS_PSA_AEAD_OPERATION_INIT 82 | #else 83 | typedef mbedtls_psa_aead_operation_t 84 | mbedtls_transparent_test_driver_aead_operation_t; 85 | 86 | #define MBEDTLS_TRANSPARENT_TEST_DRIVER_AEAD_OPERATION_INIT \ 87 | MBEDTLS_PSA_AEAD_OPERATION_INIT 88 | 89 | #endif /* MBEDTLS_TEST_LIBTESTDRIVER1 && LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD */ 90 | 91 | #endif /* PSA_CRYPTO_DRIVER_TEST */ 92 | 93 | /* Define the context to be used for an operation that is executed through the 94 | * PSA Driver wrapper layer as the union of all possible driver's contexts. 95 | * 96 | * The union members are the driver's context structures, and the member names 97 | * are formatted as `'drivername'_ctx`. This allows for procedural generation 98 | * of both this file and the content of psa_crypto_driver_wrappers.c */ 99 | 100 | typedef union { 101 | unsigned dummy; /* Make sure this union is always non-empty */ 102 | mbedtls_psa_mac_operation_t mbedtls_ctx; 103 | #if defined(PSA_CRYPTO_DRIVER_TEST) 104 | mbedtls_transparent_test_driver_mac_operation_t transparent_test_driver_ctx; 105 | mbedtls_opaque_test_driver_mac_operation_t opaque_test_driver_ctx; 106 | #endif 107 | } psa_driver_mac_context_t; 108 | 109 | typedef union { 110 | unsigned dummy; /* Make sure this union is always non-empty */ 111 | mbedtls_psa_aead_operation_t mbedtls_ctx; 112 | #if defined(PSA_CRYPTO_DRIVER_TEST) 113 | mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx; 114 | #endif 115 | } psa_driver_aead_context_t; 116 | 117 | #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */ 118 | /* End of automatically generated file. */ 119 | -------------------------------------------------------------------------------- /src/mbedtls/include/psa/crypto_driver_contexts_primitives.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Declaration of context structures for use with the PSA driver wrapper 3 | * interface. This file contains the context structures for 'primitive' 4 | * operations, i.e. those operations which do not rely on other contexts. 5 | * 6 | * Warning: This file will be auto-generated in the future. 7 | * 8 | * \note This file may not be included directly. Applications must 9 | * include psa/crypto.h. 10 | * 11 | * \note This header and its content is not part of the Mbed TLS API and 12 | * applications must not depend on it. Its main purpose is to define the 13 | * multi-part state objects of the PSA drivers included in the cryptographic 14 | * library. The definition of these objects are then used by crypto_struct.h 15 | * to define the implementation-defined types of PSA multi-part state objects. 16 | */ 17 | /* Copyright The Mbed TLS Contributors 18 | * SPDX-License-Identifier: Apache-2.0 19 | * 20 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 21 | * not use this file except in compliance with the License. 22 | * You may obtain a copy of the License at 23 | * 24 | * http://www.apache.org/licenses/LICENSE-2.0 25 | * 26 | * Unless required by applicable law or agreed to in writing, software 27 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 28 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 29 | * See the License for the specific language governing permissions and 30 | * limitations under the License. 31 | */ 32 | 33 | #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H 34 | #define PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H 35 | 36 | #include "mbedtls/include/psa/crypto_driver_common.h" 37 | 38 | /* Include the context structure definitions for the Mbed TLS software drivers */ 39 | #include "mbedtls/include/psa/crypto_builtin_primitives.h" 40 | 41 | /* Include the context structure definitions for those drivers that were 42 | * declared during the autogeneration process. */ 43 | 44 | #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) 45 | #include 46 | #endif 47 | 48 | #if defined(PSA_CRYPTO_DRIVER_TEST) 49 | 50 | #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 51 | defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) 52 | typedef libtestdriver1_mbedtls_psa_cipher_operation_t 53 | mbedtls_transparent_test_driver_cipher_operation_t; 54 | 55 | #define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \ 56 | LIBTESTDRIVER1_MBEDTLS_PSA_CIPHER_OPERATION_INIT 57 | #else 58 | typedef mbedtls_psa_cipher_operation_t 59 | mbedtls_transparent_test_driver_cipher_operation_t; 60 | 61 | #define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \ 62 | MBEDTLS_PSA_CIPHER_OPERATION_INIT 63 | #endif /* MBEDTLS_TEST_LIBTESTDRIVER1 && 64 | LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER */ 65 | 66 | #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 67 | defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) 68 | typedef libtestdriver1_mbedtls_psa_hash_operation_t 69 | mbedtls_transparent_test_driver_hash_operation_t; 70 | 71 | #define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT \ 72 | LIBTESTDRIVER1_MBEDTLS_PSA_HASH_OPERATION_INIT 73 | #else 74 | typedef mbedtls_psa_hash_operation_t 75 | mbedtls_transparent_test_driver_hash_operation_t; 76 | 77 | #define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT \ 78 | MBEDTLS_PSA_HASH_OPERATION_INIT 79 | #endif /* MBEDTLS_TEST_LIBTESTDRIVER1 && 80 | LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH */ 81 | 82 | typedef struct { 83 | unsigned int initialised : 1; 84 | mbedtls_transparent_test_driver_cipher_operation_t ctx; 85 | } mbedtls_opaque_test_driver_cipher_operation_t; 86 | 87 | #define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \ 88 | { 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT } 89 | 90 | #endif /* PSA_CRYPTO_DRIVER_TEST */ 91 | 92 | /* Define the context to be used for an operation that is executed through the 93 | * PSA Driver wrapper layer as the union of all possible driver's contexts. 94 | * 95 | * The union members are the driver's context structures, and the member names 96 | * are formatted as `'drivername'_ctx`. This allows for procedural generation 97 | * of both this file and the content of psa_crypto_driver_wrappers.c */ 98 | 99 | typedef union { 100 | unsigned dummy; /* Make sure this union is always non-empty */ 101 | mbedtls_psa_hash_operation_t mbedtls_ctx; 102 | #if defined(PSA_CRYPTO_DRIVER_TEST) 103 | mbedtls_transparent_test_driver_hash_operation_t test_driver_ctx; 104 | #endif 105 | } psa_driver_hash_context_t; 106 | 107 | typedef union { 108 | unsigned dummy; /* Make sure this union is always non-empty */ 109 | mbedtls_psa_cipher_operation_t mbedtls_ctx; 110 | #if defined(PSA_CRYPTO_DRIVER_TEST) 111 | mbedtls_transparent_test_driver_cipher_operation_t transparent_test_driver_ctx; 112 | mbedtls_opaque_test_driver_cipher_operation_t opaque_test_driver_ctx; 113 | #endif 114 | } psa_driver_cipher_context_t; 115 | 116 | #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */ 117 | /* End of automatically generated file. */ 118 | -------------------------------------------------------------------------------- /src/mbedtls/include/psa/crypto_platform.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file psa/crypto_platform.h 3 | * 4 | * \brief PSA cryptography module: Mbed TLS platform definitions 5 | * 6 | * \note This file may not be included directly. Applications must 7 | * include psa/crypto.h. 8 | * 9 | * This file contains platform-dependent type definitions. 10 | * 11 | * In implementations with isolation between the application and the 12 | * cryptography module, implementers should take care to ensure that 13 | * the definitions that are exposed to applications match what the 14 | * module implements. 15 | */ 16 | /* 17 | * Copyright The Mbed TLS Contributors 18 | * SPDX-License-Identifier: Apache-2.0 19 | * 20 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 21 | * not use this file except in compliance with the License. 22 | * You may obtain a copy of the License at 23 | * 24 | * http://www.apache.org/licenses/LICENSE-2.0 25 | * 26 | * Unless required by applicable law or agreed to in writing, software 27 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 28 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 29 | * See the License for the specific language governing permissions and 30 | * limitations under the License. 31 | */ 32 | 33 | #ifndef PSA_CRYPTO_PLATFORM_H 34 | #define PSA_CRYPTO_PLATFORM_H 35 | #include "mbedtls/include/mbedtls/private_access.h" 36 | 37 | /* Include the Mbed TLS configuration file, the way Mbed TLS does it 38 | * in each of its header files. */ 39 | #include "mbedtls/include/mbedtls/build_info.h" 40 | 41 | /* Translate between classic MBEDTLS_xxx feature symbols and PSA_xxx 42 | * feature symbols. */ 43 | #include "mbedtls/include/mbedtls/config_psa.h" 44 | 45 | /* PSA requires several types which C99 provides in stdint.h. */ 46 | #include 47 | 48 | #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 49 | !defined(inline) && !defined(__cplusplus) 50 | #define inline __inline 51 | #endif 52 | 53 | #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) 54 | 55 | /* Building for the PSA Crypto service on a PSA platform, a key owner is a PSA 56 | * partition identifier. 57 | * 58 | * The function psa_its_identifier_of_slot() in psa_crypto_storage.c that 59 | * translates a key identifier to a key storage file name assumes that 60 | * mbedtls_key_owner_id_t is an 32 bits integer. This function thus needs 61 | * reworking if mbedtls_key_owner_id_t is not defined as a 32 bits integer 62 | * here anymore. 63 | */ 64 | typedef int32_t mbedtls_key_owner_id_t; 65 | 66 | /** Compare two key owner identifiers. 67 | * 68 | * \param id1 First key owner identifier. 69 | * \param id2 Second key owner identifier. 70 | * 71 | * \return Non-zero if the two key owner identifiers are equal, zero otherwise. 72 | */ 73 | static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1, 74 | mbedtls_key_owner_id_t id2 ) 75 | { 76 | return( id1 == id2 ); 77 | } 78 | 79 | #endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ 80 | 81 | /* 82 | * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM 83 | * (Secure Partition Manager) integration which separates the code into two 84 | * parts: NSPE (Non-Secure Processing Environment) and SPE (Secure Processing 85 | * Environment). When building for the SPE, an additional header file should be 86 | * included. 87 | */ 88 | #if defined(MBEDTLS_PSA_CRYPTO_SPM) 89 | #define PSA_CRYPTO_SECURE 1 90 | #include "crypto_spe.h" 91 | #endif // MBEDTLS_PSA_CRYPTO_SPM 92 | 93 | #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) 94 | /** The type of the context passed to mbedtls_psa_external_get_random(). 95 | * 96 | * Mbed TLS initializes the context to all-bits-zero before calling 97 | * mbedtls_psa_external_get_random() for the first time. 98 | * 99 | * The definition of this type in the Mbed TLS source code is for 100 | * demonstration purposes. Implementers of mbedtls_psa_external_get_random() 101 | * are expected to replace it with a custom definition. 102 | */ 103 | typedef struct { 104 | uintptr_t MBEDTLS_PRIVATE(opaque)[2]; 105 | } mbedtls_psa_external_random_context_t; 106 | #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ 107 | 108 | #endif /* PSA_CRYPTO_PLATFORM_H */ 109 | -------------------------------------------------------------------------------- /src/mbedtls/library/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hirotakaster/MQTT-TLS/e2a0a6c79ea8624aaa7695ecd0bdd3a6abdd26d1/src/mbedtls/library/.DS_Store -------------------------------------------------------------------------------- /src/mbedtls/library/aesni.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file aesni.h 3 | * 4 | * \brief AES-NI for hardware AES acceleration on some Intel processors 5 | * 6 | * \warning These functions are only for internal use by other library 7 | * functions; you must not call them directly. 8 | */ 9 | /* 10 | * Copyright The Mbed TLS Contributors 11 | * SPDX-License-Identifier: Apache-2.0 12 | * 13 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 14 | * not use this file except in compliance with the License. 15 | * You may obtain a copy of the License at 16 | * 17 | * http://www.apache.org/licenses/LICENSE-2.0 18 | * 19 | * Unless required by applicable law or agreed to in writing, software 20 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 21 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 | * See the License for the specific language governing permissions and 23 | * limitations under the License. 24 | */ 25 | #ifndef MBEDTLS_AESNI_H 26 | #define MBEDTLS_AESNI_H 27 | 28 | #include "mbedtls/include/mbedtls/build_info.h" 29 | 30 | #include "mbedtls/include/mbedtls/aes.h" 31 | 32 | #define MBEDTLS_AESNI_AES 0x02000000u 33 | #define MBEDTLS_AESNI_CLMUL 0x00000002u 34 | 35 | #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \ 36 | ( defined(__amd64__) || defined(__x86_64__) ) && \ 37 | ! defined(MBEDTLS_HAVE_X86_64) 38 | #define MBEDTLS_HAVE_X86_64 39 | #endif 40 | 41 | #if defined(MBEDTLS_HAVE_X86_64) 42 | 43 | #ifdef __cplusplus 44 | extern "C" { 45 | #endif 46 | 47 | /** 48 | * \brief Internal function to detect the AES-NI feature in CPUs. 49 | * 50 | * \note This function is only for internal use by other library 51 | * functions; you must not call it directly. 52 | * 53 | * \param what The feature to detect 54 | * (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL) 55 | * 56 | * \return 1 if CPU has support for the feature, 0 otherwise 57 | */ 58 | int mbedtls_aesni_has_support( unsigned int what ); 59 | 60 | /** 61 | * \brief Internal AES-NI AES-ECB block encryption and decryption 62 | * 63 | * \note This function is only for internal use by other library 64 | * functions; you must not call it directly. 65 | * 66 | * \param ctx AES context 67 | * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT 68 | * \param input 16-byte input block 69 | * \param output 16-byte output block 70 | * 71 | * \return 0 on success (cannot fail) 72 | */ 73 | int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, 74 | int mode, 75 | const unsigned char input[16], 76 | unsigned char output[16] ); 77 | 78 | /** 79 | * \brief Internal GCM multiplication: c = a * b in GF(2^128) 80 | * 81 | * \note This function is only for internal use by other library 82 | * functions; you must not call it directly. 83 | * 84 | * \param c Result 85 | * \param a First operand 86 | * \param b Second operand 87 | * 88 | * \note Both operands and result are bit strings interpreted as 89 | * elements of GF(2^128) as per the GCM spec. 90 | */ 91 | void mbedtls_aesni_gcm_mult( unsigned char c[16], 92 | const unsigned char a[16], 93 | const unsigned char b[16] ); 94 | 95 | /** 96 | * \brief Internal round key inversion. This function computes 97 | * decryption round keys from the encryption round keys. 98 | * 99 | * \note This function is only for internal use by other library 100 | * functions; you must not call it directly. 101 | * 102 | * \param invkey Round keys for the equivalent inverse cipher 103 | * \param fwdkey Original round keys (for encryption) 104 | * \param nr Number of rounds (that is, number of round keys minus one) 105 | */ 106 | void mbedtls_aesni_inverse_key( unsigned char *invkey, 107 | const unsigned char *fwdkey, 108 | int nr ); 109 | 110 | /** 111 | * \brief Internal key expansion for encryption 112 | * 113 | * \note This function is only for internal use by other library 114 | * functions; you must not call it directly. 115 | * 116 | * \param rk Destination buffer where the round keys are written 117 | * \param key Encryption key 118 | * \param bits Key size in bits (must be 128, 192 or 256) 119 | * 120 | * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH 121 | */ 122 | int mbedtls_aesni_setkey_enc( unsigned char *rk, 123 | const unsigned char *key, 124 | size_t bits ); 125 | 126 | #ifdef __cplusplus 127 | } 128 | #endif 129 | 130 | #endif /* MBEDTLS_HAVE_X86_64 */ 131 | 132 | #endif /* MBEDTLS_AESNI_H */ 133 | -------------------------------------------------------------------------------- /src/mbedtls/library/check_crypto_config.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file check_crypto_config.h 3 | * 4 | * \brief Consistency checks for PSA configuration options 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | 23 | /* 24 | * It is recommended to include this file from your crypto_config.h 25 | * in order to catch dependency issues early. 26 | */ 27 | 28 | #ifndef MBEDTLS_CHECK_CRYPTO_CONFIG_H 29 | #define MBEDTLS_CHECK_CRYPTO_CONFIG_H 30 | 31 | #if defined(PSA_WANT_ALG_CCM) && \ 32 | !( defined(PSA_WANT_KEY_TYPE_AES) || \ 33 | defined(PSA_WANT_KEY_TYPE_CAMELLIA) ) 34 | #error "PSA_WANT_ALG_CCM defined, but not all prerequisites" 35 | #endif 36 | 37 | #if defined(PSA_WANT_ALG_CMAC) && \ 38 | !( defined(PSA_WANT_KEY_TYPE_AES) || \ 39 | defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \ 40 | defined(PSA_WANT_KEY_TYPE_DES) ) 41 | #error "PSA_WANT_ALG_CMAC defined, but not all prerequisites" 42 | #endif 43 | 44 | #if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \ 45 | !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ 46 | defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) 47 | #error "PSA_WANT_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites" 48 | #endif 49 | 50 | #if defined(PSA_WANT_ALG_ECDSA) && \ 51 | !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ 52 | defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) 53 | #error "PSA_WANT_ALG_ECDSA defined, but not all prerequisites" 54 | #endif 55 | 56 | #if defined(PSA_WANT_ALG_GCM) && \ 57 | !( defined(PSA_WANT_KEY_TYPE_AES) || \ 58 | defined(PSA_WANT_KEY_TYPE_CAMELLIA) ) 59 | #error "PSA_WANT_ALG_GCM defined, but not all prerequisites" 60 | #endif 61 | 62 | #if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \ 63 | !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ 64 | defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) 65 | #error "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites" 66 | #endif 67 | 68 | #if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \ 69 | !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ 70 | defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) 71 | #error "PSA_WANT_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites" 72 | #endif 73 | 74 | #if defined(PSA_WANT_ALG_RSA_OAEP) && \ 75 | !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ 76 | defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) 77 | #error "PSA_WANT_ALG_RSA_OAEP defined, but not all prerequisites" 78 | #endif 79 | 80 | #if defined(PSA_WANT_ALG_RSA_PSS) && \ 81 | !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ 82 | defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) 83 | #error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites" 84 | #endif 85 | 86 | #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ 87 | !defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) 88 | #error "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR defined, but not all prerequisites" 89 | #endif 90 | 91 | #endif /* MBEDTLS_CHECK_CRYPTO_CONFIG_H */ 92 | -------------------------------------------------------------------------------- /src/mbedtls/library/cipher_wrap.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file cipher_wrap.h 3 | * 4 | * \brief Cipher wrappers. 5 | * 6 | * \author Adriaan de Jong 7 | */ 8 | /* 9 | * Copyright The Mbed TLS Contributors 10 | * SPDX-License-Identifier: Apache-2.0 11 | * 12 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 13 | * not use this file except in compliance with the License. 14 | * You may obtain a copy of the License at 15 | * 16 | * http://www.apache.org/licenses/LICENSE-2.0 17 | * 18 | * Unless required by applicable law or agreed to in writing, software 19 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 20 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | * See the License for the specific language governing permissions and 22 | * limitations under the License. 23 | */ 24 | #ifndef MBEDTLS_CIPHER_WRAP_H 25 | #define MBEDTLS_CIPHER_WRAP_H 26 | 27 | #include "mbedtls/include/mbedtls/build_info.h" 28 | 29 | #include "mbedtls/include/mbedtls/cipher.h" 30 | 31 | #if defined(MBEDTLS_USE_PSA_CRYPTO) 32 | #include "mbedtls/include/psa/crypto.h" 33 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ 34 | 35 | #ifdef __cplusplus 36 | extern "C" { 37 | #endif 38 | 39 | /** 40 | * Base cipher information. The non-mode specific functions and values. 41 | */ 42 | struct mbedtls_cipher_base_t 43 | { 44 | /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */ 45 | mbedtls_cipher_id_t cipher; 46 | 47 | /** Encrypt using ECB */ 48 | int (*ecb_func)( void *ctx, mbedtls_operation_t mode, 49 | const unsigned char *input, unsigned char *output ); 50 | 51 | #if defined(MBEDTLS_CIPHER_MODE_CBC) 52 | /** Encrypt using CBC */ 53 | int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length, 54 | unsigned char *iv, const unsigned char *input, 55 | unsigned char *output ); 56 | #endif 57 | 58 | #if defined(MBEDTLS_CIPHER_MODE_CFB) 59 | /** Encrypt using CFB (Full length) */ 60 | int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off, 61 | unsigned char *iv, const unsigned char *input, 62 | unsigned char *output ); 63 | #endif 64 | 65 | #if defined(MBEDTLS_CIPHER_MODE_OFB) 66 | /** Encrypt using OFB (Full length) */ 67 | int (*ofb_func)( void *ctx, size_t length, size_t *iv_off, 68 | unsigned char *iv, 69 | const unsigned char *input, 70 | unsigned char *output ); 71 | #endif 72 | 73 | #if defined(MBEDTLS_CIPHER_MODE_CTR) 74 | /** Encrypt using CTR */ 75 | int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, 76 | unsigned char *nonce_counter, unsigned char *stream_block, 77 | const unsigned char *input, unsigned char *output ); 78 | #endif 79 | 80 | #if defined(MBEDTLS_CIPHER_MODE_XTS) 81 | /** Encrypt or decrypt using XTS. */ 82 | int (*xts_func)( void *ctx, mbedtls_operation_t mode, size_t length, 83 | const unsigned char data_unit[16], 84 | const unsigned char *input, unsigned char *output ); 85 | #endif 86 | 87 | #if defined(MBEDTLS_CIPHER_MODE_STREAM) 88 | /** Encrypt using STREAM */ 89 | int (*stream_func)( void *ctx, size_t length, 90 | const unsigned char *input, unsigned char *output ); 91 | #endif 92 | 93 | /** Set key for encryption purposes */ 94 | int (*setkey_enc_func)( void *ctx, const unsigned char *key, 95 | unsigned int key_bitlen ); 96 | 97 | /** Set key for decryption purposes */ 98 | int (*setkey_dec_func)( void *ctx, const unsigned char *key, 99 | unsigned int key_bitlen); 100 | 101 | /** Allocate a new context */ 102 | void * (*ctx_alloc_func)( void ); 103 | 104 | /** Free the given context */ 105 | void (*ctx_free_func)( void *ctx ); 106 | 107 | }; 108 | 109 | typedef struct 110 | { 111 | mbedtls_cipher_type_t type; 112 | const mbedtls_cipher_info_t *info; 113 | } mbedtls_cipher_definition_t; 114 | 115 | #if defined(MBEDTLS_USE_PSA_CRYPTO) 116 | typedef enum 117 | { 118 | MBEDTLS_CIPHER_PSA_KEY_UNSET = 0, 119 | MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */ 120 | /* use raw key material internally imported */ 121 | /* as a volatile key, and which hence need */ 122 | /* to destroy that key when the context is */ 123 | /* freed. */ 124 | MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED, /* Used for PSA-based cipher contexts */ 125 | /* which use a key provided by the */ 126 | /* user, and which hence will not be */ 127 | /* destroyed when the context is freed. */ 128 | } mbedtls_cipher_psa_key_ownership; 129 | 130 | typedef struct 131 | { 132 | psa_algorithm_t alg; 133 | psa_key_id_t slot; 134 | mbedtls_cipher_psa_key_ownership slot_state; 135 | } mbedtls_cipher_context_psa; 136 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ 137 | 138 | extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[]; 139 | 140 | extern int mbedtls_cipher_supported[]; 141 | 142 | #ifdef __cplusplus 143 | } 144 | #endif 145 | 146 | #endif /* MBEDTLS_CIPHER_WRAP_H */ 147 | -------------------------------------------------------------------------------- /src/mbedtls/library/constant_time_invasive.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file constant_time_invasive.h 3 | * 4 | * \brief Constant-time module: interfaces for invasive testing only. 5 | * 6 | * The interfaces in this file are intended for testing purposes only. 7 | * They SHOULD NOT be made available in library integrations except when 8 | * building the library for testing. 9 | */ 10 | /* 11 | * Copyright The Mbed TLS Contributors 12 | * SPDX-License-Identifier: Apache-2.0 13 | * 14 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 15 | * not use this file except in compliance with the License. 16 | * You may obtain a copy of the License at 17 | * 18 | * http://www.apache.org/licenses/LICENSE-2.0 19 | * 20 | * Unless required by applicable law or agreed to in writing, software 21 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 22 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 23 | * See the License for the specific language governing permissions and 24 | * limitations under the License. 25 | */ 26 | 27 | #ifndef MBEDTLS_CONSTANT_TIME_INVASIVE_H 28 | #define MBEDTLS_CONSTANT_TIME_INVASIVE_H 29 | 30 | #include "common.h" 31 | 32 | #if defined(MBEDTLS_TEST_HOOKS) 33 | 34 | /** Turn a value into a mask: 35 | * - if \p low <= \p c <= \p high, 36 | * return the all-bits 1 mask, aka (unsigned) -1 37 | * - otherwise, return the all-bits 0 mask, aka 0 38 | * 39 | * \param low The value to analyze. 40 | * \param high The value to analyze. 41 | * \param c The value to analyze. 42 | * 43 | * \return All-bits-one if \p low <= \p c <= \p high, otherwise zero. 44 | */ 45 | unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low, 46 | unsigned char high, 47 | unsigned char c ); 48 | 49 | #endif /* MBEDTLS_TEST_HOOKS */ 50 | 51 | #endif /* MBEDTLS_CONSTANT_TIME_INVASIVE_H */ 52 | -------------------------------------------------------------------------------- /src/mbedtls/library/ecdh_misc.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ecdh_misc.h 3 | * 4 | * \brief Internal functions shared by the ECDH module 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 ( the "License" ); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #if !defined(MBEDTLS_ECDH_MISC_H) 23 | #define MBEDTLS_ECDH_MISC_H 24 | 25 | #include "mbedtls/include/mbedtls/ecdh.h" 26 | #include "mbedtls/include/mbedtls/ecp.h" 27 | 28 | #if defined(MBEDTLS_ECDH_C) 29 | 30 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 31 | 32 | /* 33 | * Setup context without Everest 34 | */ 35 | int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx, 36 | mbedtls_ecp_group_id grp_id ); 37 | 38 | /* 39 | * TLS 1.3 version of mbedtls_ecdh_make_params 40 | */ 41 | int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, 42 | unsigned char *buf, size_t buf_len, 43 | int ( *f_rng )( void *, unsigned char *, size_t ), 44 | void *p_rng ); 45 | 46 | /* 47 | * TLS 1.3 version of mbedtls_ecdh_read_public 48 | */ 49 | int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx, 50 | const unsigned char *buf, 51 | size_t buf_len ); 52 | 53 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 54 | 55 | #endif /* MBEDTLS_ECDH_C */ 56 | 57 | #endif /* !MBEDTLS_ECDH_MISC_H */ 58 | -------------------------------------------------------------------------------- /src/mbedtls/library/ecp_invasive.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ecp_invasive.h 3 | * 4 | * \brief ECP module: interfaces for invasive testing only. 5 | * 6 | * The interfaces in this file are intended for testing purposes only. 7 | * They SHOULD NOT be made available in library integrations except when 8 | * building the library for testing. 9 | */ 10 | /* 11 | * Copyright The Mbed TLS Contributors 12 | * SPDX-License-Identifier: Apache-2.0 13 | * 14 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 15 | * not use this file except in compliance with the License. 16 | * You may obtain a copy of the License at 17 | * 18 | * http://www.apache.org/licenses/LICENSE-2.0 19 | * 20 | * Unless required by applicable law or agreed to in writing, software 21 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 22 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 23 | * See the License for the specific language governing permissions and 24 | * limitations under the License. 25 | */ 26 | #ifndef MBEDTLS_ECP_INVASIVE_H 27 | #define MBEDTLS_ECP_INVASIVE_H 28 | 29 | #include "common.h" 30 | #include "mbedtls/include/mbedtls/bignum.h" 31 | #include "mbedtls/include/mbedtls/ecp.h" 32 | 33 | #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_C) 34 | 35 | #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ 36 | defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ 37 | defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) 38 | /* Preconditions: 39 | * - bits is a multiple of 64 or is 224 40 | * - c is -1 or -2 41 | * - 0 <= N < 2^bits 42 | * - N has room for bits plus one limb 43 | * 44 | * Behavior: 45 | * Set N to c * 2^bits + old_value_of_N. 46 | */ 47 | void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits ); 48 | #endif 49 | 50 | #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) 51 | /** Generate a private key on a Montgomery curve (Curve25519 or Curve448). 52 | * 53 | * This function implements key generation for the set of secret keys 54 | * specified in [Curve25519] p. 5 and in [Curve448]. The resulting value 55 | * has the lower bits masked but is not necessarily canonical. 56 | * 57 | * \note - [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf 58 | * - [RFC7748] https://tools.ietf.org/html/rfc7748 59 | * 60 | * \p high_bit The position of the high-order bit of the key to generate. 61 | * This is the bit-size of the key minus 1: 62 | * 254 for Curve25519 or 447 for Curve448. 63 | * \param d The randomly generated key. This is a number of size 64 | * exactly \p n_bits + 1 bits, with the least significant bits 65 | * masked as specified in [Curve25519] and in [RFC7748] §5. 66 | * \param f_rng The RNG function. 67 | * \param p_rng The RNG context to be passed to \p f_rng. 68 | * 69 | * \return \c 0 on success. 70 | * \return \c MBEDTLS_ERR_ECP_xxx or MBEDTLS_ERR_MPI_xxx on failure. 71 | */ 72 | int mbedtls_ecp_gen_privkey_mx( size_t n_bits, 73 | mbedtls_mpi *d, 74 | int (*f_rng)(void *, unsigned char *, size_t), 75 | void *p_rng ); 76 | 77 | #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ 78 | 79 | #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */ 80 | 81 | #endif /* MBEDTLS_ECP_INVASIVE_H */ 82 | -------------------------------------------------------------------------------- /src/mbedtls/library/entropy_poll.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file entropy_poll.h 3 | * 4 | * \brief Platform-specific and custom entropy polling functions 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | #ifndef MBEDTLS_ENTROPY_POLL_H 23 | #define MBEDTLS_ENTROPY_POLL_H 24 | 25 | #include "mbedtls/include/mbedtls/build_info.h" 26 | 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | /* 34 | * Default thresholds for built-in sources, in bytes 35 | */ 36 | #define MBEDTLS_ENTROPY_MIN_PLATFORM 32 /**< Minimum for platform source */ 37 | #if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE) 38 | #define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */ 39 | #endif 40 | 41 | #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) 42 | /** 43 | * \brief Platform-specific entropy poll callback 44 | */ 45 | int mbedtls_platform_entropy_poll( void *data, 46 | unsigned char *output, size_t len, size_t *olen ); 47 | #endif 48 | 49 | #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) 50 | /** 51 | * \brief Entropy poll callback for a hardware source 52 | * 53 | * \warning This is not provided by mbed TLS! 54 | * See \c MBEDTLS_ENTROPY_HARDWARE_ALT in mbedtls_config.h. 55 | * 56 | * \note This must accept NULL as its first argument. 57 | */ 58 | int mbedtls_hardware_poll( void *data, 59 | unsigned char *output, size_t len, size_t *olen ); 60 | #endif 61 | 62 | #if defined(MBEDTLS_ENTROPY_NV_SEED) 63 | /** 64 | * \brief Entropy poll callback for a non-volatile seed file 65 | * 66 | * \note This must accept NULL as its first argument. 67 | */ 68 | int mbedtls_nv_seed_poll( void *data, 69 | unsigned char *output, size_t len, size_t *olen ); 70 | #endif 71 | 72 | #ifdef __cplusplus 73 | } 74 | #endif 75 | 76 | #endif /* entropy_poll.h */ 77 | -------------------------------------------------------------------------------- /src/mbedtls/library/hkdf.c: -------------------------------------------------------------------------------- 1 | /* 2 | * HKDF implementation -- RFC 5869 3 | * 4 | * Copyright The Mbed TLS Contributors 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | */ 19 | #include "common.h" 20 | 21 | #if defined(MBEDTLS_HKDF_C) 22 | 23 | #include 24 | #include "mbedtls/include/mbedtls/hkdf.h" 25 | #include "mbedtls/include/mbedtls/platform_util.h" 26 | #include "mbedtls/include/mbedtls/error.h" 27 | 28 | int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, 29 | size_t salt_len, const unsigned char *ikm, size_t ikm_len, 30 | const unsigned char *info, size_t info_len, 31 | unsigned char *okm, size_t okm_len ) 32 | { 33 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 34 | unsigned char prk[MBEDTLS_MD_MAX_SIZE]; 35 | 36 | ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk ); 37 | 38 | if( ret == 0 ) 39 | { 40 | ret = mbedtls_hkdf_expand( md, prk, mbedtls_md_get_size( md ), 41 | info, info_len, okm, okm_len ); 42 | } 43 | 44 | mbedtls_platform_zeroize( prk, sizeof( prk ) ); 45 | 46 | return( ret ); 47 | } 48 | 49 | int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, 50 | const unsigned char *salt, size_t salt_len, 51 | const unsigned char *ikm, size_t ikm_len, 52 | unsigned char *prk ) 53 | { 54 | unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' }; 55 | 56 | if( salt == NULL ) 57 | { 58 | size_t hash_len; 59 | 60 | if( salt_len != 0 ) 61 | { 62 | return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; 63 | } 64 | 65 | hash_len = mbedtls_md_get_size( md ); 66 | 67 | if( hash_len == 0 ) 68 | { 69 | return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; 70 | } 71 | 72 | salt = null_salt; 73 | salt_len = hash_len; 74 | } 75 | 76 | return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) ); 77 | } 78 | 79 | int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, 80 | size_t prk_len, const unsigned char *info, 81 | size_t info_len, unsigned char *okm, size_t okm_len ) 82 | { 83 | size_t hash_len; 84 | size_t where = 0; 85 | size_t n; 86 | size_t t_len = 0; 87 | size_t i; 88 | int ret = 0; 89 | mbedtls_md_context_t ctx; 90 | unsigned char t[MBEDTLS_MD_MAX_SIZE]; 91 | 92 | if( okm == NULL ) 93 | { 94 | return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); 95 | } 96 | 97 | hash_len = mbedtls_md_get_size( md ); 98 | 99 | if( prk_len < hash_len || hash_len == 0 ) 100 | { 101 | return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); 102 | } 103 | 104 | if( info == NULL ) 105 | { 106 | info = (const unsigned char *) ""; 107 | info_len = 0; 108 | } 109 | 110 | n = okm_len / hash_len; 111 | 112 | if( okm_len % hash_len != 0 ) 113 | { 114 | n++; 115 | } 116 | 117 | /* 118 | * Per RFC 5869 Section 2.3, okm_len must not exceed 119 | * 255 times the hash length 120 | */ 121 | if( n > 255 ) 122 | { 123 | return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); 124 | } 125 | 126 | mbedtls_md_init( &ctx ); 127 | 128 | if( ( ret = mbedtls_md_setup( &ctx, md, 1 ) ) != 0 ) 129 | { 130 | goto exit; 131 | } 132 | 133 | memset( t, 0, hash_len ); 134 | 135 | /* 136 | * Compute T = T(1) | T(2) | T(3) | ... | T(N) 137 | * Where T(N) is defined in RFC 5869 Section 2.3 138 | */ 139 | for( i = 1; i <= n; i++ ) 140 | { 141 | size_t num_to_copy; 142 | unsigned char c = i & 0xff; 143 | 144 | ret = mbedtls_md_hmac_starts( &ctx, prk, prk_len ); 145 | if( ret != 0 ) 146 | { 147 | goto exit; 148 | } 149 | 150 | ret = mbedtls_md_hmac_update( &ctx, t, t_len ); 151 | if( ret != 0 ) 152 | { 153 | goto exit; 154 | } 155 | 156 | ret = mbedtls_md_hmac_update( &ctx, info, info_len ); 157 | if( ret != 0 ) 158 | { 159 | goto exit; 160 | } 161 | 162 | /* The constant concatenated to the end of each T(n) is a single octet. 163 | * */ 164 | ret = mbedtls_md_hmac_update( &ctx, &c, 1 ); 165 | if( ret != 0 ) 166 | { 167 | goto exit; 168 | } 169 | 170 | ret = mbedtls_md_hmac_finish( &ctx, t ); 171 | if( ret != 0 ) 172 | { 173 | goto exit; 174 | } 175 | 176 | num_to_copy = i != n ? hash_len : okm_len - where; 177 | memcpy( okm + where, t, num_to_copy ); 178 | where += hash_len; 179 | t_len = hash_len; 180 | } 181 | 182 | exit: 183 | mbedtls_md_free( &ctx ); 184 | mbedtls_platform_zeroize( t, sizeof( t ) ); 185 | 186 | return( ret ); 187 | } 188 | 189 | #endif /* MBEDTLS_HKDF_C */ 190 | -------------------------------------------------------------------------------- /src/mbedtls/library/md_wrap.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file md_wrap.h 3 | * 4 | * \brief Message digest wrappers. 5 | * 6 | * \warning This in an internal header. Do not include directly. 7 | * 8 | * \author Adriaan de Jong 9 | */ 10 | /* 11 | * Copyright The Mbed TLS Contributors 12 | * SPDX-License-Identifier: Apache-2.0 13 | * 14 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 15 | * not use this file except in compliance with the License. 16 | * You may obtain a copy of the License at 17 | * 18 | * http://www.apache.org/licenses/LICENSE-2.0 19 | * 20 | * Unless required by applicable law or agreed to in writing, software 21 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 22 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 23 | * See the License for the specific language governing permissions and 24 | * limitations under the License. 25 | */ 26 | #ifndef MBEDTLS_MD_WRAP_H 27 | #define MBEDTLS_MD_WRAP_H 28 | 29 | #include "mbedtls/include/mbedtls/build_info.h" 30 | 31 | #include "mbedtls/include/mbedtls/md.h" 32 | 33 | #ifdef __cplusplus 34 | extern "C" { 35 | #endif 36 | 37 | /** 38 | * Message digest information. 39 | * Allows message digest functions to be called in a generic way. 40 | */ 41 | struct mbedtls_md_info_t 42 | { 43 | /** Name of the message digest */ 44 | const char * name; 45 | 46 | /** Digest identifier */ 47 | mbedtls_md_type_t type; 48 | 49 | /** Output length of the digest function in bytes */ 50 | unsigned char size; 51 | 52 | /** Block length of the digest function in bytes */ 53 | unsigned char block_size; 54 | }; 55 | 56 | #if defined(MBEDTLS_MD5_C) 57 | extern const mbedtls_md_info_t mbedtls_md5_info; 58 | #endif 59 | #if defined(MBEDTLS_RIPEMD160_C) 60 | extern const mbedtls_md_info_t mbedtls_ripemd160_info; 61 | #endif 62 | #if defined(MBEDTLS_SHA1_C) 63 | extern const mbedtls_md_info_t mbedtls_sha1_info; 64 | #endif 65 | #if defined(MBEDTLS_SHA224_C) 66 | extern const mbedtls_md_info_t mbedtls_sha224_info; 67 | #endif 68 | #if defined(MBEDTLS_SHA256_C) 69 | extern const mbedtls_md_info_t mbedtls_sha256_info; 70 | #endif 71 | #if defined(MBEDTLS_SHA384_C) 72 | extern const mbedtls_md_info_t mbedtls_sha384_info; 73 | #endif 74 | #if defined(MBEDTLS_SHA512_C) 75 | extern const mbedtls_md_info_t mbedtls_sha512_info; 76 | #endif 77 | 78 | #ifdef __cplusplus 79 | } 80 | #endif 81 | 82 | #endif /* MBEDTLS_MD_WRAP_H */ 83 | -------------------------------------------------------------------------------- /src/mbedtls/library/mps_error.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright The Mbed TLS Contributors 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | * 17 | * This file is part of mbed TLS (https://tls.mbed.org) 18 | */ 19 | 20 | /** 21 | * \file mps_error.h 22 | * 23 | * \brief Error codes used by MPS 24 | */ 25 | 26 | #ifndef MBEDTLS_MPS_ERROR_H 27 | #define MBEDTLS_MPS_ERROR_H 28 | 29 | 30 | /* TODO: The error code allocation needs to be revisited: 31 | * 32 | * - Should we make (some of) the MPS Reader error codes public? 33 | * If so, we need to adjust MBEDTLS_MPS_READER_MAKE_ERROR() to hit 34 | * a gap in the Mbed TLS public error space. 35 | * If not, we have to make sure we don't forward those errors 36 | * at the level of the public API -- no risk at the moment as 37 | * long as MPS is an experimental component not accessible from 38 | * public API. 39 | */ 40 | 41 | /** 42 | * \name SECTION: MPS general error codes 43 | * 44 | * \{ 45 | */ 46 | 47 | #ifndef MBEDTLS_MPS_ERR_BASE 48 | #define MBEDTLS_MPS_ERR_BASE ( 0 ) 49 | #endif 50 | 51 | #define MBEDTLS_MPS_MAKE_ERROR(code) \ 52 | ( -( MBEDTLS_MPS_ERR_BASE | (code) ) ) 53 | 54 | #define MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED MBEDTLS_MPS_MAKE_ERROR( 0x1 ) 55 | #define MBEDTLS_ERR_MPS_INTERNAL_ERROR MBEDTLS_MPS_MAKE_ERROR( 0x2 ) 56 | 57 | /* \} name SECTION: MPS general error codes */ 58 | 59 | /** 60 | * \name SECTION: MPS Reader error codes 61 | * 62 | * \{ 63 | */ 64 | 65 | #ifndef MBEDTLS_MPS_READER_ERR_BASE 66 | #define MBEDTLS_MPS_READER_ERR_BASE ( 1 << 8 ) 67 | #endif 68 | 69 | #define MBEDTLS_MPS_READER_MAKE_ERROR(code) \ 70 | ( -( MBEDTLS_MPS_READER_ERR_BASE | (code) ) ) 71 | 72 | /*! An attempt to reclaim the data buffer from a reader failed because 73 | * the user hasn't yet read and committed all of it. */ 74 | #define MBEDTLS_ERR_MPS_READER_DATA_LEFT MBEDTLS_MPS_READER_MAKE_ERROR( 0x1 ) 75 | 76 | /*! An invalid argument was passed to the reader. */ 77 | #define MBEDTLS_ERR_MPS_READER_INVALID_ARG MBEDTLS_MPS_READER_MAKE_ERROR( 0x2 ) 78 | 79 | /*! An attempt to move a reader to consuming mode through mbedtls_mps_reader_feed() 80 | * after pausing failed because the provided data is not sufficient to serve the 81 | * read requests that led to the pausing. */ 82 | #define MBEDTLS_ERR_MPS_READER_NEED_MORE MBEDTLS_MPS_READER_MAKE_ERROR( 0x3 ) 83 | 84 | /*! A get request failed because not enough data is available in the reader. */ 85 | #define MBEDTLS_ERR_MPS_READER_OUT_OF_DATA MBEDTLS_MPS_READER_MAKE_ERROR( 0x4 ) 86 | 87 | /*!< A get request after pausing and reactivating the reader failed because 88 | * the request is not in line with the request made prior to pausing. The user 89 | * must not change it's 'strategy' after pausing and reactivating a reader. */ 90 | #define MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS MBEDTLS_MPS_READER_MAKE_ERROR( 0x5 ) 91 | 92 | /*! An attempt to reclaim the data buffer from a reader failed because the reader 93 | * has no accumulator it can use to backup the data that hasn't been processed. */ 94 | #define MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR MBEDTLS_MPS_READER_MAKE_ERROR( 0x6 ) 95 | 96 | /*! An attempt to reclaim the data buffer from a reader failed because the 97 | * accumulator passed to the reader is not large enough to hold both the 98 | * data that hasn't been processed and the excess of the last read-request. */ 99 | #define MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL MBEDTLS_MPS_READER_MAKE_ERROR( 0x7 ) 100 | 101 | /* \} name SECTION: MPS Reader error codes */ 102 | 103 | #endif /* MBEDTLS_MPS_ERROR_H */ 104 | -------------------------------------------------------------------------------- /src/mbedtls/library/mps_trace.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Message Processing Stack, Trace module 3 | * 4 | * Copyright The Mbed TLS Contributors 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | * 19 | * This file is part of Mbed TLS (https://tls.mbed.org) 20 | */ 21 | 22 | #include "common.h" 23 | 24 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 25 | 26 | #include "mps_common.h" 27 | 28 | #if defined(MBEDTLS_MPS_ENABLE_TRACE) 29 | 30 | #include "mps_trace.h" 31 | #include 32 | 33 | static int trace_depth = 0; 34 | 35 | #define color_default "\x1B[0m" 36 | #define color_red "\x1B[1;31m" 37 | #define color_green "\x1B[1;32m" 38 | #define color_yellow "\x1B[1;33m" 39 | #define color_blue "\x1B[1;34m" 40 | #define color_magenta "\x1B[1;35m" 41 | #define color_cyan "\x1B[1;36m" 42 | #define color_white "\x1B[1;37m" 43 | 44 | static char const * colors[] = 45 | { 46 | color_default, 47 | color_green, 48 | color_yellow, 49 | color_magenta, 50 | color_cyan, 51 | color_blue, 52 | color_white 53 | }; 54 | 55 | #define MPS_TRACE_BUF_SIZE 100 56 | 57 | void mbedtls_mps_trace_print_msg( int id, int line, const char *format, ... ) 58 | { 59 | int ret; 60 | char str[MPS_TRACE_BUF_SIZE]; 61 | va_list argp; 62 | va_start( argp, format ); 63 | ret = mbedtls_vsnprintf( str, MPS_TRACE_BUF_SIZE, format, argp ); 64 | va_end( argp ); 65 | 66 | if( ret >= 0 && ret < MPS_TRACE_BUF_SIZE ) 67 | { 68 | str[ret] = '\0'; 69 | mbedtls_printf( "[%d|L%d]: %s\n", id, line, str ); 70 | } 71 | } 72 | 73 | int mbedtls_mps_trace_get_depth() 74 | { 75 | return trace_depth; 76 | } 77 | void mbedtls_mps_trace_dec_depth() 78 | { 79 | trace_depth--; 80 | } 81 | void mbedtls_mps_trace_inc_depth() 82 | { 83 | trace_depth++; 84 | } 85 | 86 | void mbedtls_mps_trace_color( int id ) 87 | { 88 | if( id > (int) ( sizeof( colors ) / sizeof( *colors ) ) ) 89 | return; 90 | printf( "%s", colors[ id ] ); 91 | } 92 | 93 | void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty ) 94 | { 95 | if( level > 0 ) 96 | { 97 | while( --level ) 98 | printf( "| " ); 99 | 100 | printf( "| " ); 101 | } 102 | 103 | switch( ty ) 104 | { 105 | case MBEDTLS_MPS_TRACE_TYPE_COMMENT: 106 | mbedtls_printf( "@ " ); 107 | break; 108 | 109 | case MBEDTLS_MPS_TRACE_TYPE_CALL: 110 | mbedtls_printf( "+--> " ); 111 | break; 112 | 113 | case MBEDTLS_MPS_TRACE_TYPE_ERROR: 114 | mbedtls_printf( "E " ); 115 | break; 116 | 117 | case MBEDTLS_MPS_TRACE_TYPE_RETURN: 118 | mbedtls_printf( "< " ); 119 | break; 120 | 121 | default: 122 | break; 123 | } 124 | } 125 | 126 | #endif /* MBEDTLS_MPS_ENABLE_TRACE */ 127 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 128 | -------------------------------------------------------------------------------- /src/mbedtls/library/mps_trace.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright The Mbed TLS Contributors 3 | * SPDX-License-Identifier: Apache-2.0 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | * not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | * 17 | * This file is part of mbed TLS (https://tls.mbed.org) 18 | */ 19 | 20 | /** 21 | * \file mps_trace.h 22 | * 23 | * \brief Tracing module for MPS 24 | */ 25 | 26 | #ifndef MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H 27 | #define MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H 28 | 29 | #include "common.h" 30 | #include "mps_common.h" 31 | #include "mps_trace.h" 32 | 33 | #if defined(MBEDTLS_PLATFORM_C) 34 | #include "mbedtls/include/mbedtls/platform.h" 35 | #else 36 | #include 37 | #define mbedtls_printf printf 38 | #define mbedtls_vsnprintf vsnprintf 39 | #endif /* MBEDTLS_PLATFORM_C */ 40 | 41 | #if defined(MBEDTLS_MPS_ENABLE_TRACE) 42 | 43 | /* 44 | * Adapt this to enable/disable tracing output 45 | * from the various layers of the MPS. 46 | */ 47 | 48 | #define MBEDTLS_MPS_TRACE_ENABLE_LAYER_1 49 | #define MBEDTLS_MPS_TRACE_ENABLE_LAYER_2 50 | #define MBEDTLS_MPS_TRACE_ENABLE_LAYER_3 51 | #define MBEDTLS_MPS_TRACE_ENABLE_LAYER_4 52 | #define MBEDTLS_MPS_TRACE_ENABLE_READER 53 | #define MBEDTLS_MPS_TRACE_ENABLE_WRITER 54 | 55 | /* 56 | * To use the existing trace module, only change 57 | * MBEDTLS_MPS_TRACE_ENABLE_XXX above, but don't modify the 58 | * rest of this file. 59 | */ 60 | 61 | typedef enum 62 | { 63 | MBEDTLS_MPS_TRACE_TYPE_COMMENT, 64 | MBEDTLS_MPS_TRACE_TYPE_CALL, 65 | MBEDTLS_MPS_TRACE_TYPE_ERROR, 66 | MBEDTLS_MPS_TRACE_TYPE_RETURN 67 | } mbedtls_mps_trace_type; 68 | 69 | #define MBEDTLS_MPS_TRACE_BIT_LAYER_1 1 70 | #define MBEDTLS_MPS_TRACE_BIT_LAYER_2 2 71 | #define MBEDTLS_MPS_TRACE_BIT_LAYER_3 3 72 | #define MBEDTLS_MPS_TRACE_BIT_LAYER_4 4 73 | #define MBEDTLS_MPS_TRACE_BIT_WRITER 5 74 | #define MBEDTLS_MPS_TRACE_BIT_READER 6 75 | 76 | #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_1) 77 | #define MBEDTLS_MPS_TRACE_MASK_LAYER_1 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_1 ) 78 | #else 79 | #define MBEDTLS_MPS_TRACE_MASK_LAYER_1 0 80 | #endif 81 | 82 | #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_2) 83 | #define MBEDTLS_MPS_TRACE_MASK_LAYER_2 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_2 ) 84 | #else 85 | #define MBEDTLS_MPS_TRACE_MASK_LAYER_2 0 86 | #endif 87 | 88 | #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_3) 89 | #define MBEDTLS_MPS_TRACE_MASK_LAYER_3 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_3 ) 90 | #else 91 | #define MBEDTLS_MPS_TRACE_MASK_LAYER_3 0 92 | #endif 93 | 94 | #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_4) 95 | #define MBEDTLS_MPS_TRACE_MASK_LAYER_4 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_4 ) 96 | #else 97 | #define MBEDTLS_MPS_TRACE_MASK_LAYER_4 0 98 | #endif 99 | 100 | #if defined(MBEDTLS_MPS_TRACE_ENABLE_READER) 101 | #define MBEDTLS_MPS_TRACE_MASK_READER (1u << MBEDTLS_MPS_TRACE_BIT_READER ) 102 | #else 103 | #define MBEDTLS_MPS_TRACE_MASK_READER 0 104 | #endif 105 | 106 | #if defined(MBEDTLS_MPS_TRACE_ENABLE_WRITER) 107 | #define MBEDTLS_MPS_TRACE_MASK_WRITER (1u << MBEDTLS_MPS_TRACE_BIT_WRITER ) 108 | #else 109 | #define MBEDTLS_MPS_TRACE_MASK_WRITER 0 110 | #endif 111 | 112 | #define MBEDTLS_MPS_TRACE_MASK ( MBEDTLS_MPS_TRACE_MASK_LAYER_1 | \ 113 | MBEDTLS_MPS_TRACE_MASK_LAYER_2 | \ 114 | MBEDTLS_MPS_TRACE_MASK_LAYER_3 | \ 115 | MBEDTLS_MPS_TRACE_MASK_LAYER_4 | \ 116 | MBEDTLS_MPS_TRACE_MASK_READER | \ 117 | MBEDTLS_MPS_TRACE_MASK_WRITER ) 118 | 119 | /* We have to avoid globals because E-ACSL chokes on them... 120 | * Wrap everything in stub functions. */ 121 | int mbedtls_mps_trace_get_depth( void ); 122 | void mbedtls_mps_trace_inc_depth( void ); 123 | void mbedtls_mps_trace_dec_depth( void ); 124 | 125 | void mbedtls_mps_trace_color( int id ); 126 | void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty ); 127 | 128 | void mbedtls_mps_trace_print_msg( int id, int line, const char *format, ... ); 129 | 130 | #define MBEDTLS_MPS_TRACE( type, ... ) \ 131 | do { \ 132 | if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) ) \ 133 | break; \ 134 | mbedtls_mps_trace_indent( mbedtls_mps_trace_get_depth(), type ); \ 135 | mbedtls_mps_trace_color( mbedtls_mps_trace_id ); \ 136 | mbedtls_mps_trace_print_msg( mbedtls_mps_trace_id, __LINE__, __VA_ARGS__ ); \ 137 | mbedtls_mps_trace_color( 0 ); \ 138 | } while( 0 ) 139 | 140 | #define MBEDTLS_MPS_TRACE_INIT( ... ) \ 141 | do { \ 142 | if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) ) \ 143 | break; \ 144 | MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_CALL, __VA_ARGS__ ); \ 145 | mbedtls_mps_trace_inc_depth(); \ 146 | } while( 0 ) 147 | 148 | #define MBEDTLS_MPS_TRACE_END( val ) \ 149 | do { \ 150 | if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) ) \ 151 | break; \ 152 | MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_RETURN, "%d (-%#04x)", \ 153 | (int) (val), -((unsigned)(val)) ); \ 154 | mbedtls_mps_trace_dec_depth(); \ 155 | } while( 0 ) 156 | 157 | #define MBEDTLS_MPS_TRACE_RETURN( val ) \ 158 | do { \ 159 | /* Breaks tail recursion. */ \ 160 | int ret__ = val; \ 161 | MBEDTLS_MPS_TRACE_END( ret__ ); \ 162 | return( ret__ ); \ 163 | } while( 0 ) 164 | 165 | #else /* MBEDTLS_MPS_TRACE */ 166 | 167 | #define MBEDTLS_MPS_TRACE( type, ... ) do { } while( 0 ) 168 | #define MBEDTLS_MPS_TRACE_INIT( ... ) do { } while( 0 ) 169 | #define MBEDTLS_MPS_TRACE_END do { } while( 0 ) 170 | 171 | #define MBEDTLS_MPS_TRACE_RETURN( val ) return( val ); 172 | 173 | #endif /* MBEDTLS_MPS_TRACE */ 174 | 175 | #endif /* MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H */ 176 | -------------------------------------------------------------------------------- /src/mbedtls/library/padlock.c: -------------------------------------------------------------------------------- 1 | /* 2 | * VIA PadLock support functions 3 | * 4 | * Copyright The Mbed TLS Contributors 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | */ 19 | /* 20 | * This implementation is based on the VIA PadLock Programming Guide: 21 | * 22 | * http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/ 23 | * programming_guide.pdf 24 | */ 25 | 26 | #include "common.h" 27 | 28 | #if defined(MBEDTLS_PADLOCK_C) 29 | 30 | #include "padlock.h" 31 | 32 | #include 33 | 34 | #ifndef asm 35 | #define asm __asm 36 | #endif 37 | 38 | #if defined(MBEDTLS_HAVE_X86) 39 | 40 | /* 41 | * PadLock detection routine 42 | */ 43 | int mbedtls_padlock_has_support( int feature ) 44 | { 45 | static int flags = -1; 46 | int ebx = 0, edx = 0; 47 | 48 | if( flags == -1 ) 49 | { 50 | asm( "movl %%ebx, %0 \n\t" 51 | "movl $0xC0000000, %%eax \n\t" 52 | "cpuid \n\t" 53 | "cmpl $0xC0000001, %%eax \n\t" 54 | "movl $0, %%edx \n\t" 55 | "jb 1f \n\t" 56 | "movl $0xC0000001, %%eax \n\t" 57 | "cpuid \n\t" 58 | "1: \n\t" 59 | "movl %%edx, %1 \n\t" 60 | "movl %2, %%ebx \n\t" 61 | : "=m" (ebx), "=m" (edx) 62 | : "m" (ebx) 63 | : "eax", "ecx", "edx" ); 64 | 65 | flags = edx; 66 | } 67 | 68 | return( flags & feature ); 69 | } 70 | 71 | /* 72 | * PadLock AES-ECB block en(de)cryption 73 | */ 74 | int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, 75 | int mode, 76 | const unsigned char input[16], 77 | unsigned char output[16] ) 78 | { 79 | int ebx = 0; 80 | uint32_t *rk; 81 | uint32_t *blk; 82 | uint32_t *ctrl; 83 | unsigned char buf[256]; 84 | 85 | rk = ctx->rk; 86 | blk = MBEDTLS_PADLOCK_ALIGN16( buf ); 87 | memcpy( blk, input, 16 ); 88 | 89 | ctrl = blk + 4; 90 | *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 ); 91 | 92 | asm( "pushfl \n\t" 93 | "popfl \n\t" 94 | "movl %%ebx, %0 \n\t" 95 | "movl $1, %%ecx \n\t" 96 | "movl %2, %%edx \n\t" 97 | "movl %3, %%ebx \n\t" 98 | "movl %4, %%esi \n\t" 99 | "movl %4, %%edi \n\t" 100 | ".byte 0xf3,0x0f,0xa7,0xc8 \n\t" 101 | "movl %1, %%ebx \n\t" 102 | : "=m" (ebx) 103 | : "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk) 104 | : "memory", "ecx", "edx", "esi", "edi" ); 105 | 106 | memcpy( output, blk, 16 ); 107 | 108 | return( 0 ); 109 | } 110 | 111 | /* 112 | * PadLock AES-CBC buffer en(de)cryption 113 | */ 114 | int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, 115 | int mode, 116 | size_t length, 117 | unsigned char iv[16], 118 | const unsigned char *input, 119 | unsigned char *output ) 120 | { 121 | int ebx = 0; 122 | size_t count; 123 | uint32_t *rk; 124 | uint32_t *iw; 125 | uint32_t *ctrl; 126 | unsigned char buf[256]; 127 | 128 | if( ( (long) input & 15 ) != 0 || 129 | ( (long) output & 15 ) != 0 ) 130 | return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED ); 131 | 132 | rk = ctx->rk; 133 | iw = MBEDTLS_PADLOCK_ALIGN16( buf ); 134 | memcpy( iw, iv, 16 ); 135 | 136 | ctrl = iw + 4; 137 | *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode ^ 1 ) - 10 ) << 9 ); 138 | 139 | count = ( length + 15 ) >> 4; 140 | 141 | asm( "pushfl \n\t" 142 | "popfl \n\t" 143 | "movl %%ebx, %0 \n\t" 144 | "movl %2, %%ecx \n\t" 145 | "movl %3, %%edx \n\t" 146 | "movl %4, %%ebx \n\t" 147 | "movl %5, %%esi \n\t" 148 | "movl %6, %%edi \n\t" 149 | "movl %7, %%eax \n\t" 150 | ".byte 0xf3,0x0f,0xa7,0xd0 \n\t" 151 | "movl %1, %%ebx \n\t" 152 | : "=m" (ebx) 153 | : "m" (ebx), "m" (count), "m" (ctrl), 154 | "m" (rk), "m" (input), "m" (output), "m" (iw) 155 | : "memory", "eax", "ecx", "edx", "esi", "edi" ); 156 | 157 | memcpy( iv, iw, 16 ); 158 | 159 | return( 0 ); 160 | } 161 | 162 | #endif /* MBEDTLS_HAVE_X86 */ 163 | 164 | #endif /* MBEDTLS_PADLOCK_C */ 165 | -------------------------------------------------------------------------------- /src/mbedtls/library/padlock.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file padlock.h 3 | * 4 | * \brief VIA PadLock ACE for HW encryption/decryption supported by some 5 | * processors 6 | * 7 | * \warning These functions are only for internal use by other library 8 | * functions; you must not call them directly. 9 | */ 10 | /* 11 | * Copyright The Mbed TLS Contributors 12 | * SPDX-License-Identifier: Apache-2.0 13 | * 14 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 15 | * not use this file except in compliance with the License. 16 | * You may obtain a copy of the License at 17 | * 18 | * http://www.apache.org/licenses/LICENSE-2.0 19 | * 20 | * Unless required by applicable law or agreed to in writing, software 21 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 22 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 23 | * See the License for the specific language governing permissions and 24 | * limitations under the License. 25 | */ 26 | #ifndef MBEDTLS_PADLOCK_H 27 | #define MBEDTLS_PADLOCK_H 28 | 29 | #include "mbedtls/include/mbedtls/build_info.h" 30 | 31 | #include "mbedtls/include/mbedtls/aes.h" 32 | 33 | #define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */ 34 | 35 | #if defined(__has_feature) 36 | #if __has_feature(address_sanitizer) 37 | #define MBEDTLS_HAVE_ASAN 38 | #endif 39 | #endif 40 | 41 | /* Some versions of ASan result in errors about not enough registers */ 42 | #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \ 43 | !defined(MBEDTLS_HAVE_ASAN) 44 | 45 | #ifndef MBEDTLS_HAVE_X86 46 | #define MBEDTLS_HAVE_X86 47 | #endif 48 | 49 | #include 50 | 51 | #define MBEDTLS_PADLOCK_RNG 0x000C 52 | #define MBEDTLS_PADLOCK_ACE 0x00C0 53 | #define MBEDTLS_PADLOCK_PHE 0x0C00 54 | #define MBEDTLS_PADLOCK_PMM 0x3000 55 | 56 | #define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15)) 57 | 58 | #ifdef __cplusplus 59 | extern "C" { 60 | #endif 61 | 62 | /** 63 | * \brief Internal PadLock detection routine 64 | * 65 | * \note This function is only for internal use by other library 66 | * functions; you must not call it directly. 67 | * 68 | * \param feature The feature to detect 69 | * 70 | * \return non-zero if CPU has support for the feature, 0 otherwise 71 | */ 72 | int mbedtls_padlock_has_support( int feature ); 73 | 74 | /** 75 | * \brief Internal PadLock AES-ECB block en(de)cryption 76 | * 77 | * \note This function is only for internal use by other library 78 | * functions; you must not call it directly. 79 | * 80 | * \param ctx AES context 81 | * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT 82 | * \param input 16-byte input block 83 | * \param output 16-byte output block 84 | * 85 | * \return 0 if success, 1 if operation failed 86 | */ 87 | int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, 88 | int mode, 89 | const unsigned char input[16], 90 | unsigned char output[16] ); 91 | 92 | /** 93 | * \brief Internal PadLock AES-CBC buffer en(de)cryption 94 | * 95 | * \note This function is only for internal use by other library 96 | * functions; you must not call it directly. 97 | * 98 | * \param ctx AES context 99 | * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT 100 | * \param length length of the input data 101 | * \param iv initialization vector (updated after use) 102 | * \param input buffer holding the input data 103 | * \param output buffer holding the output data 104 | * 105 | * \return 0 if success, 1 if operation failed 106 | */ 107 | int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, 108 | int mode, 109 | size_t length, 110 | unsigned char iv[16], 111 | const unsigned char *input, 112 | unsigned char *output ); 113 | 114 | #ifdef __cplusplus 115 | } 116 | #endif 117 | 118 | #endif /* HAVE_X86 */ 119 | 120 | #endif /* padlock.h */ 121 | -------------------------------------------------------------------------------- /src/mbedtls/library/pk_wrap.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pk_wrap.h 3 | * 4 | * \brief Public Key abstraction layer: wrapper functions 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | 23 | #ifndef MBEDTLS_PK_WRAP_H 24 | #define MBEDTLS_PK_WRAP_H 25 | 26 | #include "mbedtls/include/mbedtls/build_info.h" 27 | 28 | #include "mbedtls/include/mbedtls/pk.h" 29 | 30 | struct mbedtls_pk_info_t 31 | { 32 | /** Public key type */ 33 | mbedtls_pk_type_t type; 34 | 35 | /** Type name */ 36 | const char *name; 37 | 38 | /** Get key size in bits */ 39 | size_t (*get_bitlen)( const void * ); 40 | 41 | /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */ 42 | int (*can_do)( mbedtls_pk_type_t type ); 43 | 44 | /** Verify signature */ 45 | int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg, 46 | const unsigned char *hash, size_t hash_len, 47 | const unsigned char *sig, size_t sig_len ); 48 | 49 | /** Make signature */ 50 | int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg, 51 | const unsigned char *hash, size_t hash_len, 52 | unsigned char *sig, size_t sig_size, size_t *sig_len, 53 | int (*f_rng)(void *, unsigned char *, size_t), 54 | void *p_rng ); 55 | 56 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 57 | /** Verify signature (restartable) */ 58 | int (*verify_rs_func)( void *ctx, mbedtls_md_type_t md_alg, 59 | const unsigned char *hash, size_t hash_len, 60 | const unsigned char *sig, size_t sig_len, 61 | void *rs_ctx ); 62 | 63 | /** Make signature (restartable) */ 64 | int (*sign_rs_func)( void *ctx, mbedtls_md_type_t md_alg, 65 | const unsigned char *hash, size_t hash_len, 66 | unsigned char *sig, size_t sig_size, size_t *sig_len, 67 | int (*f_rng)(void *, unsigned char *, size_t), 68 | void *p_rng, void *rs_ctx ); 69 | #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 70 | 71 | /** Decrypt message */ 72 | int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen, 73 | unsigned char *output, size_t *olen, size_t osize, 74 | int (*f_rng)(void *, unsigned char *, size_t), 75 | void *p_rng ); 76 | 77 | /** Encrypt message */ 78 | int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen, 79 | unsigned char *output, size_t *olen, size_t osize, 80 | int (*f_rng)(void *, unsigned char *, size_t), 81 | void *p_rng ); 82 | 83 | /** Check public-private key pair */ 84 | int (*check_pair_func)( const void *pub, const void *prv, 85 | int (*f_rng)(void *, unsigned char *, size_t), 86 | void *p_rng ); 87 | 88 | /** Allocate a new context */ 89 | void * (*ctx_alloc_func)( void ); 90 | 91 | /** Free the given context */ 92 | void (*ctx_free_func)( void *ctx ); 93 | 94 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 95 | /** Allocate the restart context */ 96 | void * (*rs_alloc_func)( void ); 97 | 98 | /** Free the restart context */ 99 | void (*rs_free_func)( void *rs_ctx ); 100 | #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 101 | 102 | /** Interface with the debug module */ 103 | void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items ); 104 | 105 | }; 106 | #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 107 | /* Container for RSA-alt */ 108 | typedef struct 109 | { 110 | void *key; 111 | mbedtls_pk_rsa_alt_decrypt_func decrypt_func; 112 | mbedtls_pk_rsa_alt_sign_func sign_func; 113 | mbedtls_pk_rsa_alt_key_len_func key_len_func; 114 | } mbedtls_rsa_alt_context; 115 | #endif 116 | 117 | #if defined(MBEDTLS_RSA_C) 118 | extern const mbedtls_pk_info_t mbedtls_rsa_info; 119 | #endif 120 | 121 | #if defined(MBEDTLS_ECP_C) 122 | extern const mbedtls_pk_info_t mbedtls_eckey_info; 123 | extern const mbedtls_pk_info_t mbedtls_eckeydh_info; 124 | #endif 125 | 126 | #if defined(MBEDTLS_ECDSA_C) 127 | extern const mbedtls_pk_info_t mbedtls_ecdsa_info; 128 | #endif 129 | 130 | #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 131 | extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; 132 | #endif 133 | 134 | #if defined(MBEDTLS_USE_PSA_CRYPTO) 135 | extern const mbedtls_pk_info_t mbedtls_pk_opaque_info; 136 | #endif 137 | 138 | #endif /* MBEDTLS_PK_WRAP_H */ 139 | -------------------------------------------------------------------------------- /src/mbedtls/library/platform_util.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Common and shared functions used by multiple modules in the Mbed TLS 3 | * library. 4 | * 5 | * Copyright The Mbed TLS Contributors 6 | * SPDX-License-Identifier: Apache-2.0 7 | * 8 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 9 | * not use this file except in compliance with the License. 10 | * You may obtain a copy of the License at 11 | * 12 | * http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * Unless required by applicable law or agreed to in writing, software 15 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | * See the License for the specific language governing permissions and 18 | * limitations under the License. 19 | */ 20 | 21 | /* 22 | * Ensure gmtime_r is available even with -std=c99; must be defined before 23 | * mbedtls_config.h, which pulls in glibc's features.h. Harmless on other platforms. 24 | */ 25 | #if !defined(_POSIX_C_SOURCE) 26 | #define _POSIX_C_SOURCE 200112L 27 | #endif 28 | 29 | #include "common.h" 30 | 31 | #include "mbedtls/include/mbedtls/platform_util.h" 32 | #include "mbedtls/include/mbedtls/platform.h" 33 | #include "mbedtls/include/mbedtls/threading.h" 34 | 35 | #include 36 | #include 37 | 38 | #if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) 39 | /* 40 | * This implementation should never be optimized out by the compiler 41 | * 42 | * This implementation for mbedtls_platform_zeroize() was inspired from Colin 43 | * Percival's blog article at: 44 | * 45 | * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html 46 | * 47 | * It uses a volatile function pointer to the standard memset(). Because the 48 | * pointer is volatile the compiler expects it to change at 49 | * any time and will not optimize out the call that could potentially perform 50 | * other operations on the input buffer instead of just setting it to 0. 51 | * Nevertheless, as pointed out by davidtgoldblatt on Hacker News 52 | * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for 53 | * details), optimizations of the following form are still possible: 54 | * 55 | * if( memset_func != memset ) 56 | * memset_func( buf, 0, len ); 57 | * 58 | * Note that it is extremely difficult to guarantee that 59 | * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers 60 | * in a portable way. For this reason, Mbed TLS also provides the configuration 61 | * option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure 62 | * mbedtls_platform_zeroize() to use a suitable implementation for their 63 | * platform and needs. 64 | */ 65 | static void * (* const volatile memset_func)( void *, int, size_t ) = memset; 66 | 67 | void mbedtls_platform_zeroize( void *buf, size_t len ) 68 | { 69 | MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL ); 70 | 71 | if( len > 0 ) 72 | memset_func( buf, 0, len ); 73 | } 74 | #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ 75 | 76 | #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) 77 | #include 78 | #if !defined(_WIN32) && (defined(unix) || \ 79 | defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ 80 | defined(__MACH__))) 81 | #include 82 | #endif /* !_WIN32 && (unix || __unix || __unix__ || 83 | * (__APPLE__ && __MACH__)) */ 84 | 85 | #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ 86 | ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ 87 | _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) 88 | /* 89 | * This is a convenience shorthand macro to avoid checking the long 90 | * preprocessor conditions above. Ideally, we could expose this macro in 91 | * platform_util.h and simply use it in platform_util.c, threading.c and 92 | * threading.h. However, this macro is not part of the Mbed TLS public API, so 93 | * we keep it private by only defining it in this file 94 | */ 95 | #if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) 96 | #define PLATFORM_UTIL_USE_GMTIME 97 | #endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ 98 | 99 | #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ 100 | ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ 101 | _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */ 102 | 103 | struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, 104 | struct tm *tm_buf ) 105 | { 106 | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 107 | return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); 108 | #elif !defined(PLATFORM_UTIL_USE_GMTIME) 109 | return( gmtime_r( tt, tm_buf ) ); 110 | #else 111 | struct tm *lt; 112 | 113 | #if defined(MBEDTLS_THREADING_C) 114 | if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) 115 | return( NULL ); 116 | #endif /* MBEDTLS_THREADING_C */ 117 | 118 | lt = gmtime( tt ); 119 | 120 | if( lt != NULL ) 121 | { 122 | memcpy( tm_buf, lt, sizeof( struct tm ) ); 123 | } 124 | 125 | #if defined(MBEDTLS_THREADING_C) 126 | if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) 127 | return( NULL ); 128 | #endif /* MBEDTLS_THREADING_C */ 129 | 130 | return( ( lt == NULL ) ? NULL : tm_buf ); 131 | #endif /* _WIN32 && !EFIX64 && !EFI32 */ 132 | } 133 | #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ 134 | 135 | #if defined(MBEDTLS_TEST_HOOKS) 136 | void (*mbedtls_test_hook_test_fail)( const char *, int, const char *); 137 | #endif /* MBEDTLS_TEST_HOOKS */ 138 | 139 | -------------------------------------------------------------------------------- /src/mbedtls/library/psa_crypto_client.c: -------------------------------------------------------------------------------- 1 | /* 2 | * PSA crypto client code 3 | */ 4 | /* 5 | * Copyright The Mbed TLS Contributors 6 | * SPDX-License-Identifier: Apache-2.0 7 | * 8 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 9 | * not use this file except in compliance with the License. 10 | * You may obtain a copy of the License at 11 | * 12 | * http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * Unless required by applicable law or agreed to in writing, software 15 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | * See the License for the specific language governing permissions and 18 | * limitations under the License. 19 | */ 20 | 21 | #include "common.h" 22 | #include "mbedtls/include/psa/crypto.h" 23 | 24 | #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) 25 | 26 | #include 27 | #include "mbedtls/include/mbedtls/platform.h" 28 | #if !defined(MBEDTLS_PLATFORM_C) 29 | #define mbedtls_calloc calloc 30 | #define mbedtls_free free 31 | #endif 32 | 33 | void psa_reset_key_attributes( psa_key_attributes_t *attributes ) 34 | { 35 | mbedtls_free( attributes->domain_parameters ); 36 | memset( attributes, 0, sizeof( *attributes ) ); 37 | } 38 | 39 | psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes, 40 | psa_key_type_t type, 41 | const uint8_t *data, 42 | size_t data_length ) 43 | { 44 | uint8_t *copy = NULL; 45 | 46 | if( data_length != 0 ) 47 | { 48 | copy = mbedtls_calloc( 1, data_length ); 49 | if( copy == NULL ) 50 | return( PSA_ERROR_INSUFFICIENT_MEMORY ); 51 | memcpy( copy, data, data_length ); 52 | } 53 | /* After this point, this function is guaranteed to succeed, so it 54 | * can start modifying `*attributes`. */ 55 | 56 | if( attributes->domain_parameters != NULL ) 57 | { 58 | mbedtls_free( attributes->domain_parameters ); 59 | attributes->domain_parameters = NULL; 60 | attributes->domain_parameters_size = 0; 61 | } 62 | 63 | attributes->domain_parameters = copy; 64 | attributes->domain_parameters_size = data_length; 65 | attributes->core.type = type; 66 | return( PSA_SUCCESS ); 67 | } 68 | 69 | psa_status_t psa_get_key_domain_parameters( 70 | const psa_key_attributes_t *attributes, 71 | uint8_t *data, size_t data_size, size_t *data_length ) 72 | { 73 | if( attributes->domain_parameters_size > data_size ) 74 | return( PSA_ERROR_BUFFER_TOO_SMALL ); 75 | *data_length = attributes->domain_parameters_size; 76 | if( attributes->domain_parameters_size != 0 ) 77 | memcpy( data, attributes->domain_parameters, 78 | attributes->domain_parameters_size ); 79 | return( PSA_SUCCESS ); 80 | } 81 | 82 | #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ 83 | -------------------------------------------------------------------------------- /src/mbedtls/library/psa_crypto_invasive.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file psa_crypto_invasive.h 3 | * 4 | * \brief PSA cryptography module: invasive interfaces for test only. 5 | * 6 | * The interfaces in this file are intended for testing purposes only. 7 | * They MUST NOT be made available to clients over IPC in integrations 8 | * with isolation, and they SHOULD NOT be made available in library 9 | * integrations except when building the library for testing. 10 | */ 11 | /* 12 | * Copyright The Mbed TLS Contributors 13 | * SPDX-License-Identifier: Apache-2.0 14 | * 15 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 16 | * not use this file except in compliance with the License. 17 | * You may obtain a copy of the License at 18 | * 19 | * http://www.apache.org/licenses/LICENSE-2.0 20 | * 21 | * Unless required by applicable law or agreed to in writing, software 22 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 23 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 24 | * See the License for the specific language governing permissions and 25 | * limitations under the License. 26 | */ 27 | 28 | #ifndef PSA_CRYPTO_INVASIVE_H 29 | #define PSA_CRYPTO_INVASIVE_H 30 | 31 | #include "mbedtls/include/mbedtls/build_info.h" 32 | 33 | #include "mbedtls/include/psa/crypto.h" 34 | #include "common.h" 35 | 36 | #include "mbedtls/include/mbedtls/entropy.h" 37 | 38 | #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) 39 | /** \brief Configure entropy sources. 40 | * 41 | * This function may only be called before a call to psa_crypto_init(), 42 | * or after a call to mbedtls_psa_crypto_free() and before any 43 | * subsequent call to psa_crypto_init(). 44 | * 45 | * This function is only intended for test purposes. The functionality 46 | * it provides is also useful for system integrators, but 47 | * system integrators should configure entropy drivers instead of 48 | * breaking through to the Mbed TLS API. 49 | * 50 | * \param entropy_init Function to initialize the entropy context 51 | * and set up the desired entropy sources. 52 | * It is called by psa_crypto_init(). 53 | * By default this is mbedtls_entropy_init(). 54 | * This function cannot report failures directly. 55 | * To indicate a failure, set the entropy context 56 | * to a state where mbedtls_entropy_func() will 57 | * return an error. 58 | * \param entropy_free Function to free the entropy context 59 | * and associated resources. 60 | * It is called by mbedtls_psa_crypto_free(). 61 | * By default this is mbedtls_entropy_free(). 62 | * 63 | * \retval #PSA_SUCCESS 64 | * Success. 65 | * \retval #PSA_ERROR_NOT_PERMITTED 66 | * The caller does not have the permission to configure 67 | * entropy sources. 68 | * \retval #PSA_ERROR_BAD_STATE 69 | * The library has already been initialized. 70 | */ 71 | psa_status_t mbedtls_psa_crypto_configure_entropy_sources( 72 | void (* entropy_init )( mbedtls_entropy_context *ctx ), 73 | void (* entropy_free )( mbedtls_entropy_context *ctx ) ); 74 | #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ 75 | 76 | #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) 77 | psa_status_t psa_mac_key_can_do( 78 | psa_algorithm_t algorithm, 79 | psa_key_type_t key_type ); 80 | #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C */ 81 | 82 | #endif /* PSA_CRYPTO_INVASIVE_H */ 83 | -------------------------------------------------------------------------------- /src/mbedtls/library/ssl_debug_helpers_generated.c: -------------------------------------------------------------------------------- 1 | /* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */ 2 | 3 | #include "common.h" 4 | 5 | #if defined(MBEDTLS_DEBUG_C) 6 | 7 | #include "ssl_debug_helpers_generated.h" 8 | 9 | 10 | const char *mbedtls_ssl_states_str( mbedtls_ssl_states in ) 11 | { 12 | const char * in_to_str[]= 13 | { 14 | [MBEDTLS_SSL_HELLO_REQUEST] = "MBEDTLS_SSL_HELLO_REQUEST", 15 | [MBEDTLS_SSL_CLIENT_HELLO] = "MBEDTLS_SSL_CLIENT_HELLO", 16 | [MBEDTLS_SSL_SERVER_HELLO] = "MBEDTLS_SSL_SERVER_HELLO", 17 | [MBEDTLS_SSL_SERVER_CERTIFICATE] = "MBEDTLS_SSL_SERVER_CERTIFICATE", 18 | [MBEDTLS_SSL_SERVER_KEY_EXCHANGE] = "MBEDTLS_SSL_SERVER_KEY_EXCHANGE", 19 | [MBEDTLS_SSL_CERTIFICATE_REQUEST] = "MBEDTLS_SSL_CERTIFICATE_REQUEST", 20 | [MBEDTLS_SSL_SERVER_HELLO_DONE] = "MBEDTLS_SSL_SERVER_HELLO_DONE", 21 | [MBEDTLS_SSL_CLIENT_CERTIFICATE] = "MBEDTLS_SSL_CLIENT_CERTIFICATE", 22 | [MBEDTLS_SSL_CLIENT_KEY_EXCHANGE] = "MBEDTLS_SSL_CLIENT_KEY_EXCHANGE", 23 | [MBEDTLS_SSL_CERTIFICATE_VERIFY] = "MBEDTLS_SSL_CERTIFICATE_VERIFY", 24 | [MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC] = "MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC", 25 | [MBEDTLS_SSL_CLIENT_FINISHED] = "MBEDTLS_SSL_CLIENT_FINISHED", 26 | [MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC] = "MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC", 27 | [MBEDTLS_SSL_SERVER_FINISHED] = "MBEDTLS_SSL_SERVER_FINISHED", 28 | [MBEDTLS_SSL_FLUSH_BUFFERS] = "MBEDTLS_SSL_FLUSH_BUFFERS", 29 | [MBEDTLS_SSL_HANDSHAKE_WRAPUP] = "MBEDTLS_SSL_HANDSHAKE_WRAPUP", 30 | [MBEDTLS_SSL_HANDSHAKE_OVER] = "MBEDTLS_SSL_HANDSHAKE_OVER", 31 | [MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET] = "MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET", 32 | [MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT] = "MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT", 33 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 34 | [MBEDTLS_SSL_ENCRYPTED_EXTENSIONS] = "MBEDTLS_SSL_ENCRYPTED_EXTENSIONS", 35 | [MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY] = "MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY", 36 | #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) 37 | [MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED] = "MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED", 38 | #endif 39 | #endif 40 | }; 41 | 42 | if( in > ( sizeof( in_to_str )/sizeof( in_to_str[0]) - 1 ) || 43 | in_to_str[ in ] == NULL ) 44 | { 45 | return "UNKOWN_VAULE"; 46 | } 47 | return in_to_str[ in ]; 48 | } 49 | 50 | const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in ) 51 | { 52 | const char * in_to_str[]= 53 | { 54 | [MBEDTLS_SSL_TLS_PRF_NONE] = "MBEDTLS_SSL_TLS_PRF_NONE", 55 | [MBEDTLS_SSL_TLS_PRF_SHA384] = "MBEDTLS_SSL_TLS_PRF_SHA384", 56 | [MBEDTLS_SSL_TLS_PRF_SHA256] = "MBEDTLS_SSL_TLS_PRF_SHA256", 57 | [MBEDTLS_SSL_HKDF_EXPAND_SHA384] = "MBEDTLS_SSL_HKDF_EXPAND_SHA384", 58 | [MBEDTLS_SSL_HKDF_EXPAND_SHA256] = "MBEDTLS_SSL_HKDF_EXPAND_SHA256", 59 | }; 60 | 61 | if( in > ( sizeof( in_to_str )/sizeof( in_to_str[0]) - 1 ) || 62 | in_to_str[ in ] == NULL ) 63 | { 64 | return "UNKOWN_VAULE"; 65 | } 66 | return in_to_str[ in ]; 67 | } 68 | 69 | const char *mbedtls_ssl_key_export_type_str( mbedtls_ssl_key_export_type in ) 70 | { 71 | const char * in_to_str[]= 72 | { 73 | [MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET", 74 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 75 | [MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET", 76 | [MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET", 77 | [MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET", 78 | [MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET", 79 | [MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET", 80 | [MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET", 81 | #endif 82 | }; 83 | 84 | if( in > ( sizeof( in_to_str )/sizeof( in_to_str[0]) - 1 ) || 85 | in_to_str[ in ] == NULL ) 86 | { 87 | return "UNKOWN_VAULE"; 88 | } 89 | return in_to_str[ in ]; 90 | } 91 | 92 | 93 | 94 | #endif /* MBEDTLS_DEBUG_C */ 95 | /* End of automatically generated file. */ 96 | 97 | -------------------------------------------------------------------------------- /src/mbedtls/library/ssl_debug_helpers_generated.h: -------------------------------------------------------------------------------- 1 | /* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */ 2 | #ifndef MBEDTLS_SSL_DEBUG_HELPERS_H 3 | #define MBEDTLS_SSL_DEBUG_HELPERS_H 4 | 5 | #include "common.h" 6 | 7 | #if defined(MBEDTLS_DEBUG_C) 8 | 9 | #include "mbedtls/include/mbedtls/ssl.h" 10 | #include "ssl_misc.h" 11 | 12 | 13 | const char *mbedtls_ssl_states_str( mbedtls_ssl_states in ); 14 | 15 | const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in ); 16 | 17 | const char *mbedtls_ssl_key_export_type_str( mbedtls_ssl_key_export_type in ); 18 | 19 | 20 | 21 | #endif /* MBEDTLS_DEBUG_C */ 22 | 23 | #endif /* SSL_DEBUG_HELPERS_H */ 24 | 25 | /* End of automatically generated file. */ 26 | 27 | -------------------------------------------------------------------------------- /src/mbedtls/library/ssl_tls13_server.c: -------------------------------------------------------------------------------- 1 | /* 2 | * TLS 1.3 server-side functions 3 | * 4 | * Copyright The Mbed TLS Contributors 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | */ 19 | 20 | #include "common.h" 21 | 22 | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 23 | 24 | #if defined(MBEDTLS_SSL_SRV_C) 25 | 26 | #include "mbedtls/include/mbedtls/debug.h" 27 | 28 | #include "ssl_misc.h" 29 | #include "ssl_debug_helpers_generated.h" 30 | 31 | int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) 32 | { 33 | ((void) ssl); 34 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 server state: %s(%d)", 35 | mbedtls_ssl_states_str( ssl->state ), 36 | ssl->state ) ); 37 | 38 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); 39 | } 40 | 41 | #endif /* MBEDTLS_SSL_SRV_C */ 42 | 43 | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 44 | -------------------------------------------------------------------------------- /src/mbedtls/library/threading.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Threading abstraction layer 3 | * 4 | * Copyright The Mbed TLS Contributors 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | */ 19 | 20 | /* 21 | * Ensure gmtime_r is available even with -std=c99; must be defined before 22 | * mbedtls_config.h, which pulls in glibc's features.h. Harmless on other platforms. 23 | */ 24 | #if !defined(_POSIX_C_SOURCE) 25 | #define _POSIX_C_SOURCE 200112L 26 | #endif 27 | 28 | #include "common.h" 29 | 30 | #if defined(MBEDTLS_THREADING_C) 31 | 32 | #include "mbedtls/include/mbedtls/threading.h" 33 | 34 | #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) 35 | 36 | #if !defined(_WIN32) && (defined(unix) || \ 37 | defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ 38 | defined(__MACH__))) 39 | #include 40 | #endif /* !_WIN32 && (unix || __unix || __unix__ || 41 | * (__APPLE__ && __MACH__)) */ 42 | 43 | #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ 44 | ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ 45 | _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) 46 | /* 47 | * This is a convenience shorthand macro to avoid checking the long 48 | * preprocessor conditions above. Ideally, we could expose this macro in 49 | * platform_util.h and simply use it in platform_util.c, threading.c and 50 | * threading.h. However, this macro is not part of the Mbed TLS public API, so 51 | * we keep it private by only defining it in this file 52 | */ 53 | 54 | #if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) 55 | #define THREADING_USE_GMTIME 56 | #endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */ 57 | 58 | #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ 59 | ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ 60 | _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */ 61 | 62 | #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ 63 | 64 | #if defined(MBEDTLS_THREADING_PTHREAD) 65 | static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) 66 | { 67 | if( mutex == NULL ) 68 | return; 69 | 70 | /* A nonzero value of is_valid indicates a successfully initialized 71 | * mutex. This is a workaround for not being able to return an error 72 | * code for this function. The lock/unlock functions return an error 73 | * if is_valid is nonzero. The Mbed TLS unit test code uses this field 74 | * to distinguish more states of the mutex; see 75 | * tests/src/threading_helpers for details. */ 76 | mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0; 77 | } 78 | 79 | static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex ) 80 | { 81 | if( mutex == NULL || !mutex->is_valid ) 82 | return; 83 | 84 | (void) pthread_mutex_destroy( &mutex->mutex ); 85 | mutex->is_valid = 0; 86 | } 87 | 88 | static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex ) 89 | { 90 | if( mutex == NULL || ! mutex->is_valid ) 91 | return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); 92 | 93 | if( pthread_mutex_lock( &mutex->mutex ) != 0 ) 94 | return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); 95 | 96 | return( 0 ); 97 | } 98 | 99 | static int threading_mutex_unlock_pthread( mbedtls_threading_mutex_t *mutex ) 100 | { 101 | if( mutex == NULL || ! mutex->is_valid ) 102 | return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); 103 | 104 | if( pthread_mutex_unlock( &mutex->mutex ) != 0 ) 105 | return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); 106 | 107 | return( 0 ); 108 | } 109 | 110 | void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_init_pthread; 111 | void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_free_pthread; 112 | int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_lock_pthread; 113 | int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread; 114 | 115 | /* 116 | * With phtreads we can statically initialize mutexes 117 | */ 118 | #define MUTEX_INIT = { PTHREAD_MUTEX_INITIALIZER, 1 } 119 | 120 | #endif /* MBEDTLS_THREADING_PTHREAD */ 121 | 122 | #if defined(MBEDTLS_THREADING_ALT) 123 | static int threading_mutex_fail( mbedtls_threading_mutex_t *mutex ) 124 | { 125 | ((void) mutex ); 126 | return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); 127 | } 128 | static void threading_mutex_dummy( mbedtls_threading_mutex_t *mutex ) 129 | { 130 | ((void) mutex ); 131 | return; 132 | } 133 | 134 | void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy; 135 | void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy; 136 | int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail; 137 | int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail; 138 | 139 | /* 140 | * Set functions pointers and initialize global mutexes 141 | */ 142 | void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ), 143 | void (*mutex_free)( mbedtls_threading_mutex_t * ), 144 | int (*mutex_lock)( mbedtls_threading_mutex_t * ), 145 | int (*mutex_unlock)( mbedtls_threading_mutex_t * ) ) 146 | { 147 | mbedtls_mutex_init = mutex_init; 148 | mbedtls_mutex_free = mutex_free; 149 | mbedtls_mutex_lock = mutex_lock; 150 | mbedtls_mutex_unlock = mutex_unlock; 151 | 152 | #if defined(MBEDTLS_FS_IO) 153 | mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); 154 | #endif 155 | #if defined(THREADING_USE_GMTIME) 156 | mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); 157 | #endif 158 | } 159 | 160 | /* 161 | * Free global mutexes 162 | */ 163 | void mbedtls_threading_free_alt( void ) 164 | { 165 | #if defined(MBEDTLS_FS_IO) 166 | mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); 167 | #endif 168 | #if defined(THREADING_USE_GMTIME) 169 | mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); 170 | #endif 171 | } 172 | #endif /* MBEDTLS_THREADING_ALT */ 173 | 174 | /* 175 | * Define global mutexes 176 | */ 177 | #ifndef MUTEX_INIT 178 | #define MUTEX_INIT 179 | #endif 180 | #if defined(MBEDTLS_FS_IO) 181 | mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; 182 | #endif 183 | #if defined(THREADING_USE_GMTIME) 184 | mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; 185 | #endif 186 | 187 | #endif /* MBEDTLS_THREADING_C */ 188 | -------------------------------------------------------------------------------- /src/mbedtls/library/timing.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Portable interface to the CPU cycle counter 3 | * 4 | * Copyright The Mbed TLS Contributors 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | */ 19 | 20 | #include "common.h" 21 | 22 | #if defined(MBEDTLS_TIMING_C) 23 | 24 | #include "mbedtls/include/mbedtls/timing.h" 25 | 26 | #if !defined(MBEDTLS_TIMING_ALT) 27 | 28 | #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ 29 | !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ 30 | !defined(__HAIKU__) && !defined(__midipix__) 31 | // #error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in mbedtls_config.h" 32 | #endif 33 | 34 | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 35 | 36 | #include 37 | #include 38 | 39 | struct _hr_time 40 | { 41 | LARGE_INTEGER start; 42 | }; 43 | 44 | #else 45 | 46 | #include 47 | #include 48 | #include 49 | #include 50 | #include 51 | 52 | struct _hr_time 53 | { 54 | struct timeval start; 55 | }; 56 | 57 | #endif /* _WIN32 && !EFIX64 && !EFI32 */ 58 | 59 | /** 60 | * \brief Return the elapsed time in milliseconds 61 | * 62 | * \warning May change without notice 63 | * 64 | * \param val points to a timer structure 65 | * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. 66 | * 67 | * \return Elapsed time since the previous reset in ms. When 68 | * restarting, this is always 0. 69 | * 70 | * \note To initialize a timer, call this function with reset=1. 71 | * 72 | * Determining the elapsed time and resetting the timer is not 73 | * atomic on all platforms, so after the sequence 74 | * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = 75 | * get_timer(0) }` the value time1+time2 is only approximately 76 | * the delay since the first reset. 77 | */ 78 | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 79 | 80 | unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) 81 | { 82 | struct _hr_time *t = (struct _hr_time *) val; 83 | 84 | if( reset ) 85 | { 86 | QueryPerformanceCounter( &t->start ); 87 | return( 0 ); 88 | } 89 | else 90 | { 91 | unsigned long delta; 92 | LARGE_INTEGER now, hfreq; 93 | QueryPerformanceCounter( &now ); 94 | QueryPerformanceFrequency( &hfreq ); 95 | delta = (unsigned long)( ( now.QuadPart - t->start.QuadPart ) * 1000ul 96 | / hfreq.QuadPart ); 97 | return( delta ); 98 | } 99 | } 100 | 101 | #else /* _WIN32 && !EFIX64 && !EFI32 */ 102 | 103 | unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) 104 | { 105 | struct _hr_time *t = (struct _hr_time *) val; 106 | 107 | if( reset ) 108 | { 109 | gettimeofday( &t->start, NULL ); 110 | return( 0 ); 111 | } 112 | else 113 | { 114 | unsigned long delta; 115 | struct timeval now; 116 | gettimeofday( &now, NULL ); 117 | delta = ( now.tv_sec - t->start.tv_sec ) * 1000ul 118 | + ( now.tv_usec - t->start.tv_usec ) / 1000; 119 | return( delta ); 120 | } 121 | } 122 | 123 | #endif /* _WIN32 && !EFIX64 && !EFI32 */ 124 | 125 | /* 126 | * Set delays to watch 127 | */ 128 | void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ) 129 | { 130 | mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; 131 | 132 | ctx->int_ms = int_ms; 133 | ctx->fin_ms = fin_ms; 134 | 135 | if( fin_ms != 0 ) 136 | (void) mbedtls_timing_get_timer( &ctx->timer, 1 ); 137 | } 138 | 139 | /* 140 | * Get number of delays expired 141 | */ 142 | int mbedtls_timing_get_delay( void *data ) 143 | { 144 | mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; 145 | unsigned long elapsed_ms; 146 | 147 | if( ctx->fin_ms == 0 ) 148 | return( -1 ); 149 | 150 | elapsed_ms = mbedtls_timing_get_timer( &ctx->timer, 0 ); 151 | 152 | if( elapsed_ms >= ctx->fin_ms ) 153 | return( 2 ); 154 | 155 | if( elapsed_ms >= ctx->int_ms ) 156 | return( 1 ); 157 | 158 | return( 0 ); 159 | } 160 | 161 | #endif /* !MBEDTLS_TIMING_ALT */ 162 | #endif /* MBEDTLS_TIMING_C */ 163 | -------------------------------------------------------------------------------- /src/mbedtls/library/version.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Version information 3 | * 4 | * Copyright The Mbed TLS Contributors 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | * not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | */ 19 | 20 | #include "common.h" 21 | 22 | #if defined(MBEDTLS_VERSION_C) 23 | 24 | #include "mbedtls/include/mbedtls/version.h" 25 | #include 26 | 27 | unsigned int mbedtls_version_get_number( void ) 28 | { 29 | return( MBEDTLS_VERSION_NUMBER ); 30 | } 31 | 32 | void mbedtls_version_get_string( char *string ) 33 | { 34 | memcpy( string, MBEDTLS_VERSION_STRING, 35 | sizeof( MBEDTLS_VERSION_STRING ) ); 36 | } 37 | 38 | void mbedtls_version_get_string_full( char *string ) 39 | { 40 | memcpy( string, MBEDTLS_VERSION_STRING_FULL, 41 | sizeof( MBEDTLS_VERSION_STRING_FULL ) ); 42 | } 43 | 44 | #endif /* MBEDTLS_VERSION_C */ 45 | --------------------------------------------------------------------------------