├── ssl ├── version.h ├── test │ ├── axTLS.key_1024 │ ├── axTLS.key_2048 │ ├── axTLS.key_4096 │ ├── axTLS.ca_x509.cer │ ├── axTLS.noname.p12 │ ├── axTLS.withCA.p12 │ ├── axTLS.encrypted.p8 │ ├── axTLS.withoutCA.p12 │ ├── axTLS.x509_1024.cer │ ├── axTLS.x509_2048.cer │ ├── axTLS.x509_4096.cer │ ├── axTLS.unencrypted.p8 │ ├── axTLS.x509_1024.pem │ ├── axTLS.x509_aes128.pem │ ├── axTLS.x509_aes256.pem │ ├── axTLS.x509_1024_sha256.pem │ ├── axTLS.x509_1024_sha384.pem │ ├── axTLS.x509_1024_sha512.pem │ ├── axTLS.x509_bad_after.pem │ ├── axTLS.x509_bad_before.pem │ ├── axTLS.key_1024.pem │ ├── axTLS.unencrypted_pem.p8 │ ├── axTLS.encrypted_pem.p8 │ ├── axTLS.key_aes128.pem │ ├── axTLS.key_aes256.pem │ ├── axTLS.x509_2048.pem │ ├── axTLS.x509_intermediate_ca.pem │ ├── axTLS.ca_x509.pem │ ├── axTLS.ca_x509_sha256.pem │ ├── axTLS.x509_end_chain.pem │ ├── axTLS.x509_end_chain_bad.pem │ ├── axTLS.x509_4096.pem │ ├── axTLS.ca_key.pem │ ├── axTLS.key_2048.pem │ ├── axTLS.key_end_chain.pem │ ├── axTLS.key_device.pem │ ├── axTLS.key_intermediate_ca.pem │ ├── axTLS.key_intermediate_ca2.pem │ ├── axTLS.x509_device.pem │ ├── axTLS.x509_intermediate_ca2.pem │ └── axTLS.key_4096.pem ├── os_int.h ├── os_port.c ├── cert.h ├── config.h ├── private_key.h ├── crypto_misc.h ├── openssl.c ├── os_port.h └── tls1.h ├── .gitignore ├── .gitmodules ├── util └── time.h ├── LICENSE ├── README.md ├── .travis.yml ├── Makefile ├── samples └── java │ └── Makefile ├── crypto ├── os_int.h ├── sha384.c ├── rc4.c ├── bigint.h ├── hmac.c ├── bigint_impl.h ├── sha1.c ├── sha512.c ├── rsa.c ├── crypto.h ├── sha256.c └── md5.c ├── bindings ├── Config.in └── java │ └── SSL.java ├── replacements └── time.c ├── config └── makefile.conf └── tools └── make_certs.sh /ssl/version.h: -------------------------------------------------------------------------------- 1 | #define AXTLS_VERSION "2.1.2" 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.o 2 | bin/ 3 | Makefile.local 4 | .DS_Store 5 | 6 | -------------------------------------------------------------------------------- /ssl/test/axTLS.key_1024: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.key_1024 -------------------------------------------------------------------------------- /ssl/test/axTLS.key_2048: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.key_2048 -------------------------------------------------------------------------------- /ssl/test/axTLS.key_4096: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.key_4096 -------------------------------------------------------------------------------- /ssl/test/axTLS.ca_x509.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.ca_x509.cer -------------------------------------------------------------------------------- /ssl/test/axTLS.noname.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.noname.p12 -------------------------------------------------------------------------------- /ssl/test/axTLS.withCA.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.withCA.p12 -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "compat"] 2 | path = compat 3 | url = https://github.com/attachix/lwirax.git 4 | -------------------------------------------------------------------------------- /ssl/test/axTLS.encrypted.p8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.encrypted.p8 -------------------------------------------------------------------------------- /ssl/test/axTLS.withoutCA.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.withoutCA.p12 -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_1024.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.x509_1024.cer -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_2048.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.x509_2048.cer -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_4096.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.x509_4096.cer -------------------------------------------------------------------------------- /ssl/test/axTLS.unencrypted.p8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/igrr/axtls-8266/HEAD/ssl/test/axTLS.unencrypted.p8 -------------------------------------------------------------------------------- /util/time.h: -------------------------------------------------------------------------------- 1 | #ifndef TIME_H 2 | #define TIME_H 3 | 4 | #include 5 | #include 6 | 7 | 8 | #endif //TIME_H 9 | -------------------------------------------------------------------------------- /ssl/os_int.h: -------------------------------------------------------------------------------- 1 | #ifndef OS_INT_H 2 | #define OS_INT_H 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | #endif //OS_INT_H -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_1024.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICWDCCAUACCQClKsh4h/LnxTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh 3 | eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy 4 | MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl 5 | Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC 6 | gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa 7 | /5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o 8 | 3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG 9 | 9w0BAQUFAAOCAQEAMuA8biHmpvS4EJ+K5guETizlFMpWgT/ALKM5iSTOr0cuGWKy 10 | 5HaRJbzhqO5qaDp3ubJilwwlPF4TSIeAo5HZLuaSKxxSJLF3xvbe2JvZVzdWaBcy 11 | ZgEIOAiawYxeP+fJRMtiuUjHiab/jn094UYynBMGmtEXqz+pkAQzLT+BCqVVzraV 12 | VK3xT6LKw/Yle3HSaIXpcraZNG3lX/Z0HLmi2isE/4LFCQTEuryCPrRyGI4waEhK 13 | Dac9tfRCOpdgfahhip6YxH5lmep+ynXn2yFdznxmPX7cFP5VBJeoZBK0tTBIcrzb 14 | 61tPpvuHAUGR7JiY8Us4okDxBZC7m12WsSJrUA== 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_aes128.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICWDCCAUACCQClKsh4h/Ln0DANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh 3 | eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy 4 | MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl 5 | Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC 6 | gYEA8k4Lr67fner/JtPfbCJe9+RMyq4ErKmXDlxQnXDEcvn/7Mw/CcNQXDPDRTN2 7 | /pw0Cwb45Pgv0bqTAFPK2sWhp68QMiuyl+lIUGSrgXX69nW7B2cAp4YSNW55M8SQ 8 | EISL3QOkzl1oHW3iuxxGeuCGuVv0i4gRxhQ1XkHdoGOc4G0CAwEAATANBgkqhkiG 9 | 9w0BAQUFAAOCAQEAPbTh7YlIYA/XOKC1Laf0SQ0HQU4hC9rd1IowBIyKYT5YlKVM 10 | VIrmqN7B3ytUZbP3eL9ZO63G5NHmGk/i+RpxF+O0oX09uhIPWHlupZ1LeEHDwsSG 11 | 5OjZ1scU0bbIX/aBNPDL8hU7/TSTtL7NY9939cHE5LVwdSuOqndXl5nPFKxyJjfB 12 | npworzs+UUwXLAcJSRHTruyRf6fvSfl1NdMabWiR/L7+tzDV0842+HwUsJLUlWFv 13 | osK0avS8ER8PrFMRnKqGIK416B38ZMjn65G/J5v1j/RSHDAWjp+SYAFHaxiU0gEk 14 | WOAZlVmG1vVlFk/ubTJ/vd+RAk0QYI+THgwlbQ== 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_aes256.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICWDCCAUACCQClKsh4h/Ln0TANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh 3 | eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy 4 | MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl 5 | Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC 6 | gYEAqn/ZBpw3WLD87W/rVp8rdvg2yoml5CSMfePkcXKCfbWMAkZOJJtMupPoMFC9 7 | CbQ5EUmSV47BHGTh0xnQK/4s4bc6lPVtkK7dJtFfonCsiTErW0p6z0q7tQfWFEd3 8 | NGNFv/qVIsB0hJDOJn8x30wYWCOY+gC+53KJzRVcRMoM75sCAwEAATANBgkqhkiG 9 | 9w0BAQUFAAOCAQEAqI4YkmyznQ9lE0+2cSkRX7ELJeKGedGFCCKJZaee5k9R4PBc 10 | fg97WsEMARSl2WLzAkK3rjSQWslbRxb/u1NYhd2uBdrYGIMXgPyBIjV7sSoI0TkC 11 | 3muhke+W2yZsVp55DoJpfsX9dIfzbM0ICbaD509xuClfraIafO/6VLrw/+BzTTVM 12 | DECTo1dCheYYXyOJPgdgdcABKKb3WkTLJPkV6SCK0D8xAHpTRR8AtT0xu60JDRoq 13 | wcKZie02AXOgg3mEQPdvmVDb+cgOL2Cb/nyraS2OVKPRTZfQfvhve0mU3DN/TVDB 14 | 7N9bVd1WNst+bsNIE0SbnYiF/oSdnHGNQxaLGA== 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_1024_sha256.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICWDCCAUACCQClKsh4h/LnxjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQKEylh 3 | eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy 4 | MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl 5 | Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC 6 | gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa 7 | /5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o 8 | 3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG 9 | 9w0BAQsFAAOCAQEAbpbFPGnc74yvFgxKiNGA8+9azns10+KionRirc6g/1X1zBnJ 10 | 7vBXW9aXwUr2y9G3jnmX82eut0YnaJ3xlU5rp2NbGSH43fQd/OvWC+6yDFBeHfJG 11 | JqbyP9oBkrUSuaXO/svsGUr8z1YVnxvtN7A1NGt+xQmgTyNq2QWg3MSQQwVtNsQt 12 | 84mQqU0BmmyRyi14LOCi2dHxjduXFVgHIcM6XzVL8lxQ1oaabA1mP5u8dzH+n+sT 13 | uVDMmn6ABDZsnnCo9i7WidPI8pfJ4k6xR5l0wUdcOQeY8ynwUmILBt7lhKhxtAIG 14 | j9SHuiQYstmr5+6wIBv6LRwjuXNDEwcqdT+o1g== 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_1024_sha384.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICWDCCAUACCQClKsh4h/LnxzANBgkqhkiG9w0BAQwFADA0MTIwMAYDVQQKEylh 3 | eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy 4 | MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl 5 | Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC 6 | gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa 7 | /5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o 8 | 3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG 9 | 9w0BAQwFAAOCAQEAcVYgGWa/OFtWSpsH55h4iHan1Hj8WMzhvczirWDP8EaG3N1P 10 | WVo7LQdfhs9OvQwLlacAym3eawwsMe7ODU6Iq2vsbajeKMuF0jb5teghb7dMIiIW 11 | UIy3zRe9pmOZZpIcwJfuzTMTXMq+UksNfSzgB8mGqnIj+4D3UPXce5KYMvxzAjYU 12 | HAAFR9+ZkTdpratH/qFlk14DJ4CKlH69/RUpekkXcn3lk1DutfQ15kaTnaFObTUs 13 | HvGr2pX5PsofeR7DW4NStIMbOwMvTby6thCw8zImI2yyouCv+LkilGxmxEMAV85X 14 | ZKu5dNZXbJwfOFjkmHEtDfmISsdl8NoQxyz55A== 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_1024_sha512.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICWDCCAUACCQClKsh4h/LnyDANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQKEylh 3 | eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy 4 | MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl 5 | Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC 6 | gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa 7 | /5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o 8 | 3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG 9 | 9w0BAQ0FAAOCAQEAbrG+mMdCorMaq6VHQC071CdXzqdUGFgXM/qpVjNo3tKjqUbD 10 | 73FJOYYoSgXO7aJPebraaZTdSpgHO2vdJrifUjrJg+2RKDwIzCP853fgi3Nm4n+R 11 | 7uDsd6K/cj4xvcnhIdmQZC3TPIJFujjbMy0Tw9EQ5Zoz5rNwR0Oy++HtWoULOjTe 12 | xsVsagshFaGajLF6RXoH+caKHIi4HANlWwJvHCBpqQYUyhUCAHUm9Pdo0+h7Viuj 13 | evzm3SPr5rOisE8xTDU4WPOhwel3lggZWfh6nbDG7+1sWmT4qTtAkv3V1m1o1h+8 14 | 4TeJUOV9QHm88a2UUqWIZocaLxPYB6NThoBNVg== 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_bad_after.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICWDCCAUACCQClKsh4h/Ln0zANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh 3 | eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy 4 | MzAyMTA0MjhaFw0xNTEyMzEyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl 5 | Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC 6 | gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa 7 | /5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o 8 | 3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG 9 | 9w0BAQUFAAOCAQEAqk3O/LBqyketDzFqMe7L8nqmM/crpmjZ93KEwhrc7uRKJgXm 10 | CjfTSm7D43l4xbz/NbHnNvSFnblFoioAQP23opotJV/WutmrGCIjpidLc682GvcP 11 | DvhlOTAqoVFFWmjL6gj2iKEtIUzxCMI7K/h/znQvk/NrsfvOF0uZtpMoLqqo4o3Y 12 | V2vogbTEPpr77952JMpsLvJYatwiYo8G7Pc8qdl86mk3tx1Kqn/Pl9CgMgj8tgFi 13 | tcBRFePe3WvAiK7vnSqz7H4NUXrcv0RTA7f/bUXNWoRUI98GbYKVpxgIY7uFmLF8 14 | 0jb92pWMlA9Ps0fAdMKs98c7dIaJi0buM5Mtuw== 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_bad_before.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICWDCCAUACCQClKsh4h/Ln0jANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh 3 | eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDEy 4 | MzExNDAwMDBaFw0yNTEyMzExNDAwMDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl 5 | Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC 6 | gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa 7 | /5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o 8 | 3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG 9 | 9w0BAQUFAAOCAQEALWtzVdl7s7NHPKslDc0NN2N/kqd8V5Ug93s9POLPQV6Cq7fH 10 | WPzxdU/IcLwocngqDzYEADlKJL1prRIP7IEtclRW109kVf5ge4waL7BIFogX0iII 11 | WzjSlLTdYFo6ZK/oxwg86+zVA9UbkWbvQwSGE60Hqr8GEaqon09CxYUpFTtOq7qZ 12 | Ikjjf1Rz/t1AAGXoN2Yls1hm2ONYFuxQq+dBME0sSL7hdhwFoOi/u3Q0QXmg4Z1Y 13 | xe0J3Pg1mt5nsh4cY0QDNZdSbZz1p4jVY5RxQsoYzgyVYQWBeDJGKs2RN8o1CFko 14 | EMQ4Bq65fSUs5hPnYGl4iibWmQQgAWkasKZwaw== 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /ssl/test/axTLS.key_1024.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICXQIBAAKBgQC9D9RCqHSHVKq5Oh+Lzr23ZftAPdARmpzcgnzqqBfhdPMFDmHB 3 | wXiKsroVIlr/m7h6Lg+It3TeBJmloplTi614WjHtvAHn3+nsL6BdU/bmiqDIbUFF 4 | YyOzz05QHyjfNuJz39ahs0ZPbrsNm++o+UylcaGI3Qephg0/zZkjooR3DwIDAQAB 5 | AoGAJj/slqvUH4kOnTjYJwXlthQI1/9peBZKxAYWVbc6VZ++hvhY6MVGqPDt2ta/ 6 | iFUt5nIpLGTJXR2bJDqYQKHSr1yrI+Qz0OpgUud6nnNfLoDR3G9HD5eANtIwB93W 7 | 1xWJK3TVfoq8Y0IK8jEpv/n58IiPisIibhUmt15bWEQcO3kCQQDh8bLlyICTQFB0 8 | FN2y8idcDD3AX+6cRWwTAN/Q2YP6kCyE8qrC3fvPA0GIEMa7Xre2LqYdqrr7SnLY 9 | mq2IDWoVAkEA1jYj8113yNNJwZP+yg3rm9q9Ryhzl6BQ10wk35sLN67DMbVPYgjK 10 | 5e+Xe0Og2isfv6gIk9IWHImZ8d8m0UKZkwJBALFB5H7fIPfk8flP0WotDfHp7Jw6 11 | 5sCUuififLSloSP27eZTVuJQMtgCjuvHdZHTyj7UNCB8K/svOhBysQdWts0CQB47 12 | 8gMNdDSyLbzWyKV4JYMP8psyiG4kQITCyImO9pxbXE2Ny7CIkSq3EGhjeTaR059X 13 | di52/ov0l/fdiTsL7WUCQQC5r78JyZAm83KLv7N8529vW6OVuJ4Duc+gU7oywdOt 14 | hbt5SAnWP5zZN5ERDQTVO8p0XRyRjT3x+Pm+NdeyU1Ad 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /ssl/test/axTLS.unencrypted_pem.p8: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL0P1EKodIdUqrk6 3 | H4vOvbdl+0A90BGanNyCfOqoF+F08wUOYcHBeIqyuhUiWv+buHouD4i3dN4EmaWi 4 | mVOLrXhaMe28Aeff6ewvoF1T9uaKoMhtQUVjI7PPTlAfKN824nPf1qGzRk9uuw2b 5 | 76j5TKVxoYjdB6mGDT/NmSOihHcPAgMBAAECgYAmP+yWq9QfiQ6dONgnBeW2FAjX 6 | /2l4FkrEBhZVtzpVn76G+FjoxUao8O3a1r+IVS3mciksZMldHZskOphAodKvXKsj 7 | 5DPQ6mBS53qec18ugNHcb0cPl4A20jAH3dbXFYkrdNV+irxjQgryMSm/+fnwiI+K 8 | wiJuFSa3XltYRBw7eQJBAOHxsuXIgJNAUHQU3bLyJ1wMPcBf7pxFbBMA39DZg/qQ 9 | LITyqsLd+88DQYgQxrtet7Yuph2quvtKctiarYgNahUCQQDWNiPzXXfI00nBk/7K 10 | Deub2r1HKHOXoFDXTCTfmws3rsMxtU9iCMrl75d7Q6DaKx+/qAiT0hYciZnx3ybR 11 | QpmTAkEAsUHkft8g9+Tx+U/Rai0N8ensnDrmwJS6J+J8tKWhI/bt5lNW4lAy2AKO 12 | 68d1kdPKPtQ0IHwr+y86EHKxB1a2zQJAHjvyAw10NLItvNbIpXglgw/ymzKIbiRA 13 | hMLIiY72nFtcTY3LsIiRKrcQaGN5NpHTn1d2Lnb+i/SX992JOwvtZQJBALmvvwnJ 14 | kCbzcou/s3znb29bo5W4ngO5z6BTujLB062Fu3lICdY/nNk3kRENBNU7ynRdHJGN 15 | PfH4+b4117JTUB0= 16 | -----END PRIVATE KEY----- 17 | -------------------------------------------------------------------------------- /ssl/test/axTLS.encrypted_pem.p8: -------------------------------------------------------------------------------- 1 | -----BEGIN ENCRYPTED PRIVATE KEY----- 2 | MIICnTAcBgoqhkiG9w0BDAEBMA4ECLZOmsNEeDZnAgIIAASCAnu22JX3BRRr9cTr 3 | j4x62+iDbrqcwmhQkybM1xShFgWObY3/OQf1NJfH4DO4zGQN45ZN0X9zSUVRu8Dd 4 | ycHls5qsROJ96PYQ8d1xnuh1C9TWmFiLieM0qUyn35raHcKPQiBl8PYHtNr3+m0K 5 | bsql6T23hE5ZjVhbRtcRdRd9MsQeTZ6n4mdWPEhzN1+rmSPV8ybCbrtJl3/Dh1v8 6 | LnswXB92T6WcmHRyRiNsbAXR9SQkOaXFZ/1RUXDNqoRYZjlWPBWdcQf48mzgaDjq 7 | 3RXF1mjbOlX2x4/V4qVwH1qZADlT38fSRk/iVdRfureS+wfOuJgJ/g9Riwa0o41K 8 | 2q+sOEcTOv4rShXRGp/0ckeuwhARDdSMymlSBhgBWdf14qdgxCx0rAXYlRAc/4Ze 9 | Zl9ErfydwdUfDJoPK+QlGZMF//hFRF+vdO/wJHleLsels4KaqN9v/sB+BrGWaeUC 10 | ScKMISixquCwfWi2qGiqLQGsxHn0d6ejiMblZR4kTf7dcuWVWGXdf5VZqxLNP8Xg 11 | zzjjeP59OxHRVH0ytGBUejTehcxWDKq+6ESAuujzVXa0v1+5QzZXsJ8rPyZOINzj 12 | bdpN4Cr3tZj9ALrNzoC2oG62+OO45U7lg54cV1nyrQ2QiI4XFnt0WA06K1G1JrRW 13 | a/y6nZkntGybbCpuuIBiWl2FfdcTepctiXcJ0vCYqVNOTT4L2Y1RwajDzALhgb7e 14 | wOy0eA8gmOmMLNozSlMV7siL0LeE1WlotLwK+AHMU1lmPMqS7jK9nycXtZyg4IKl 15 | eBAnW052fnKZhT4zNlfJkZqpcp6YWpCU16PWx6L+/FDzFPzswluHyfB72oVqRniI 16 | 2A== 17 | -----END ENCRYPTED PRIVATE KEY----- 18 | -------------------------------------------------------------------------------- /ssl/test/axTLS.key_aes128.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | Proc-Type: 4,ENCRYPTED 3 | DEK-Info: AES-128-CBC,7BFA0887B7740C1BBA458D0362E75F89 4 | 5 | aBIhF2zVGRMFZAWg8s11WnxoTQhGabdzchHBxPltnipEgvwOM9FGmYnVIDsFPvyb 6 | hSA2HgmN972SPeRG4hITzrIXiRZMBOd6Lchz9p2Ui/mqkR6RUfnUBkUtkgxGymSa 7 | oD7WAmbpNG73+7KX4gV36tevC1dM9lQzbClhhXQL9FH9LFh11cS7ZFa9L/esWHbb 8 | sxgicR8zG919UEA+XvhLPVXpYD3AVHTcyEHbPWiGY49SIEI+GOcLi6rvxQizcXKY 9 | pFtmlk/jM06OdZWur5/qLg3HqGP/o8GUjjA6KuAe5SIWVrmlkHCYHj6c1KFLVQJZ 10 | 7qAUNvjVaELXOc3+SE64Fl4OMP/4MiUA5WJ+gcdIKFtX/qksjywzF7goNTsxB1ZX 11 | 8g9JP6m5BF2VS/Woz+9ypekzk7DEKST4Knh8cYBNdz6yYwX73FBb93jk1aPMXv2K 12 | SzhupTSHyAt7ddvXm+QYXBrklpZgUcuvinrkb7TNYEDcc2h3iDkLMHhI2VW0fiSF 13 | JcL2DZWLu1UChg+Nkc43+9f8Ao76tjJHdV+IkWfINlKz8cpKthIfOiUSQWYK4Czr 14 | 0E3dyUrljIqFyKmZGokQ2QH+kdMmcm2/R+8NwL4s0Y4k1ylB0mZ5+A55t0ESaUVC 15 | 8NJtoIMrLz2pyhf2ohXMVepcjvR/Id8vNxSlLFResmIwSo4orTZOnsHBlQqm5hJl 16 | 9dr8G0o7n7WVfGbHLlpuPHoKegn1OK5xLbDbAi14HnZIi7/lUnbQHMbFFBjyS5EE 17 | v+SMbI7JU+5zeJc34WLUTm1zll1ZNpFH/76vlP7tUWxYqVUZfKYHOndqS4b1rAs2 18 | -----END RSA PRIVATE KEY----- 19 | -------------------------------------------------------------------------------- /ssl/test/axTLS.key_aes256.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | Proc-Type: 4,ENCRYPTED 3 | DEK-Info: AES-256-CBC,5AA67B48694516B66EECE19E0F3BB048 4 | 5 | eXbuyN1kJR84JMhFruS9yeJ/WnyD0V6h9w/6fhEcPfxW0HmFqgIk35IE4c4QYazZ 6 | aMC0J1S19Yb4kKnRd7j0+92IDBw3B7zeJKjPDrcRDSo8R8K7O7+6MYwcmJJ/DZlC 7 | yqcaHr3cJEiS4I8NS3EdffffFA37Uf2O4C26b96ewg899YZXmPtai6uOvKbF1A90 8 | aRV4PdCpJdJq0q69VfoSeQ5p//Wokb4RfDGWTNxpgclYr0SK2F8qfITjCNDbqR+E 9 | r+6tRsy9VcHVRjswuewU19HOQNQzaPlIiNaoGBGvOVRHLdE0s8b1Czyh3oeuRAZi 10 | EK/SPEdZ5JMWbtxpKi+rdqFZhW3sGE5T9QItYqAWezScOCcuZw7ivVITWj0HuAJl 11 | YZnkL4CS2qMKfQ7oz/YBAuShDvfl/W1M2YXt8caoYIox8NWnGaifHbk+eP7sQRE3 12 | UMA/71gfz4AOUSKOWTNCen+qeAImyRi++6kFOVyAZnmvGAj1INv76xh6tHP9aDN+ 13 | 0ROlEMeL+4EyqEeTeRL5+i9xEGtA247hMjtwB6i8SDl2N9RZkIzGOj6GmJpWQhHK 14 | qRSu+PvoDfSHqfHYXof0rtvCuKj6pAhYgKeL5Ycfc0FtJX6gTvErlKWENUrsJxgV 15 | RJNcRbltxcOylmdYP2tUe/PxQCSFcYIzFbQbXJDoZ9hMgJRv086fzn/QWiZEx59o 16 | 9r8kKQrYhKjS34Aq13ghFBf/Mr+GKrB8JtO5DnlC4N9AnapVlDgeZn2NmXyVZygA 17 | mcIq5MTJcZzCdX6PdzNVBsttRfYeItN9M8aP5q5YodBfuLXPOvFhV2J7wc5Bgt4i 18 | -----END RSA PRIVATE KEY----- 19 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_2048.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC3DCCAcQCCQClKsh4h/LnyTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh 3 | eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy 4 | MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl 5 | Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC 6 | AQoCggEBAPladjynJXGaCmdzonEGTQOF6RmWw/ehmrG+ROur6DD7m+5fspZ+gPQm 7 | L3gZ2tIv3EB0QsKWLs82x0IDowAMO63L3oiKpvJyTMQPARTTCQh79JJw5UU9x9vM 8 | aE7dPGfzAnwmMjl6FbCTkugUjknRVcs4X1OpwInuYrJGJ5innJoWGhZveEvFliTD 9 | YBL8Mz8oXZhOK6alAR0Urt8z4B1J0USDn7ouSnWRsyqWgvotRp+fDDguFi/JILhD 10 | AwhJEA+s8RatD1+RgYLvs1aghQcl+7KMWQdNuxbJiVDeljaKN4Ufx9UFfEXV74DG 11 | 09NMsphJ2FX5/WS+510oSiO9D4uWNdUCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA 12 | HKqK24TYW7NvGoIifLaFyaSwAQV/OODpiZmTie3X5RBHR34v9fnBk5qnBf7EZEfC 13 | uMg/mdMQm2Fst4uBzx9q8PltfcmCaX+/1M0F5nzhEszJ3cDevMBexNl7Q4nfYNTN 14 | QShJyhSgr9cQ/K48k9IA64RRcRP9DWtSNzt0zzA4UCqlkBvKd6TdcC+rAzOigdhT 15 | z0e1a9KVfKSxtXxyCAQZyKdsfWlhVyXPWd2urd8IfLfHdiFMKwyyreCCc4tCDjcA 16 | QcJkv2bfL8Cb4cUd2vtI8kic9zUBFaOWyz9tOicGG2k3SBjN99iQfBAsqbHjtGnj 17 | +dKbDCxXy4udsNINgfE3aA== 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_intermediate_ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV 3 | BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X 4 | DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg 5 | UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw 6 | ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj 7 | UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc 8 | R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk 9 | aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU 10 | HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4 11 | u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB 12 | Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf 13 | mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3 14 | +innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8 15 | QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7 16 | c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm 17 | SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92 18 | 2L3MUIVn 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /ssl/test/axTLS.ca_x509.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV 3 | BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X 4 | DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg 5 | UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 6 | DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc 7 | FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb 8 | XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK 9 | dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr 10 | L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN 11 | pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G 12 | A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB 13 | AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T 14 | SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD 15 | gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6 16 | 5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI 17 | FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c 18 | b5kxOvfGlM4E6v+lMSw/HDrI 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /ssl/test/axTLS.ca_x509_sha256.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDDjCCAfagAwIBAgIJAJRCXZlKhZeHMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV 3 | BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X 4 | DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg 5 | UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 6 | DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc 7 | FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb 8 | XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK 9 | dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr 10 | L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN 11 | pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G 12 | A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IB 13 | AQAm3qU+APMkgTRCWhw0m4+06gc2iGaf7l+3i/Kg6EvDB9js4cI1sqzRpSdqdjTZ 14 | BwVlIURlB6BnEMCB3hP69IF/oSnqrnIxx2KIeVJt4CCwW1mXKsBwxNMXwHYD3A02 15 | 08eFTRkP0ofn+YBRfUYFkDFebqba4V3NBZtBW497YtQk/ssKAL1xaI0V26M4E/VH 16 | jkJtk99mcMjfuD8HPoqjTeVBGtY2h0A3j2LQPmOJNdSxv30SJuVjvpG7vejQripq 17 | 9MW0kPMBIRKhBpUBLIthLLxm/2VBe0IHU34kpe60YpQdJqebbldtOG1Uxe4F2JpN 18 | LfUXs2/UCNpEHS60Xl8UDJXA 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_end_chain.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDJDCCAgygAwIBAgIJAKUqyHiH8ufOMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV 3 | BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy 4 | OFoXDTMwMDkwODIxMDQyOFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVjdDESMBAG 5 | A1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 6 | 7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqeDyUTpdwtzBt8H8/a 7 | xNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3YuRN4Y0i8sn8A1Fbe 8 | 69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+ajTB2TnO7UTsjKRrXP 9 | v16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzlI8eTDHZqZJiw8gPg 10 | 7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOeDU6wo4/e0Ta5bdZe 11 | 7apqOBfdDnq3EUnHO1ZQbQIDAQABo00wSzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB 12 | /wQEAwIF4DArBgNVHREEJDAigg93d3cuZXhhbXBsZS5uZXSCD3d3dy5leGFtcGxl 13 | Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAbPQ1Y205Ricl1K2ByVa2RHJyYGP0Qj+H 14 | 5mWj4A92N1vAb6uOrliqFYOClYINGsKKC8YDZdyA4c8ZglCKZ2RePwOSdaWIw7wi 15 | Efhysyq3WLSlo5jEcnkO7o5dV/7V7FX/+65UEXu35ZqaE8ZY++eotmLzccnInYP3 16 | 1e4oaF5hyZIHVNCXnywNvchSkXjN0HhvIpeLTyzC5MQkQMMEOi8EBOgTGAo4UvL9 17 | eau3YhhpvfnCDlrRB6N79RcTLmJyOj5g1YO/9wn/du+EMwEkKUg5QJHzwUB2+ISp 18 | 57JjKh2BQt0g/XJfRugHQcNtjUu73Ziexpl0qaXjNjb8mvsuV9RX0g== 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_end_chain_bad.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDJjCCAg6gAwIBAgIJAKUqyHiH8ufPMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV 3 | BAoTH2F4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIDIgQ0EwHhcNMTYxMjMwMjEw 4 | NDI4WhcNMzAwOTA4MjEwNDI4WjAsMRYwFAYDVQQKEw1heFRMUyBQcm9qZWN0MRIw 5 | EAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB 6 | AQDtHhLvmPll+SevNuwC9SepL33sU2TnjmwajRitoNDsJ4lcap4PJROl3C3MG3wf 7 | z9rE0/UEV2A0RacXULUddVuGpbGrXoiVqSpliRiV0ckw9CAVrdi5E3hjSLyyfwDU 8 | Vt7r0P//nslmvXC36rEAlZafRqc8ZeZHQeU7QC3UAJCQoZIT5qNMHZOc7tROyMpG 9 | tc+/XoV1ZNeQlNUdR1W4Czoh+AAqS9BDnMDwPoheCNaxOhZ0XOUjx5MMdmpkmLDy 10 | A+DvEbSN6k30lTTklFzg127N5WP/RZPS12KU7SNA//7wWCKR054NTrCjj97RNrlt 11 | 1l7tqmo4F90OercRScc7VlBtAgMBAAGjTTBLMAwGA1UdEwEB/wQCMAAwDgYDVR0P 12 | AQH/BAQDAgXgMCsGA1UdEQQkMCKCD3d3dy5leGFtcGxlLm5ldIIPd3d3LmV4YW1w 13 | bGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBGJydzARx5fNYprptRG9c3pqecGKlX 14 | ArxbLe+K+83wS427HnWONnuZ5LJKGkuXjIeh1G/2AfKYXJz/SMN0IPYY3ro5Lt1Z 15 | GOPyn01qcj6OkfyiUPCDIsVFS9V0TVLTBLTMZFa1j6nMHs8Ajmm10Fkf/NQP/CVk 16 | zEgoktjb+wLqw1iPUGqkVepVtp3wg7VQY6E07SliNp/06Q3ue6xLJnYlKqFhUQf7 17 | 064JyRIH9W/C2WnxWbKRBjsE4gCRnMvKQrCrfR64VohCr6XvygIIufwCG/CLJogn 18 | 4OJMqz1oDkABPgSgjNhOdwnt+3dvxbjQBiRy1ERfNAJLo+V6x6aO1Gqz 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_4096.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIID3DCCAsQCCQClKsh4h/LnyjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh 3 | eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy 4 | MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl 5 | Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC 6 | AgoCggIBAMAKTqPX9LMlyPA5hJD/PHhwoGWfBbpnCAnKnBXtDssEfVLF1HUITKin 7 | zC4vFpXKPqzahXA37DcgJZQg4qvPXaf2jY94pwlQKF52ibomUOnV/VLQUVRFvXK/ 8 | 8+kY4K2UPfjJGzsfjF1XeOCPIxFlbltqCtXkM1PhVG9dnY+OZk2i6S+gcV3Fxgu3 9 | tiknju+YlsIrTMhpiUIq1fH7bVDWulXyru4rMREs+Y2lJrkrDGSJeh45vysZmcZA 10 | bhb9WZtipCqiLVf1qkGAq54IpdSOcyS4x1hTYwOt+FOt8lmaOS1kGPKaecMtLLQv 11 | O8iQ+9K7LM45t83o7VwFYqZtu/hlntWyiOlAFX8ht8vmxACjhnPW+lKVCe4kT3d9 12 | g62Qidcbm1Vty8foCuWCC7H+30AETwG3NSm7idhidr/YoSDc5Ksk+jehSZ7PwXGZ 13 | xwF5PiqK0tN8QzICPwjChI6HOWIxWPYqDlL77aXoNpG9FVKrwBzpuIvg1H+aUPNr 14 | h9erR1ZNmMmajVjVbvHG2LCwChWD7crq/RDtk3ioQiPrwI5eRTcN00AI8tTeD+6J 15 | Q6SYdVZMeatn22kLyKtRzKL0phiirzm144wKKpcFWogrpJK/3Y1dU3rtSU+dGj+7 16 | agjjqwWAWlhztSDgesRTkn6QJLmVX+IKh7Jdo04i2Osw4ZGnyYKBAgMBAAEwDQYJ 17 | KoZIhvcNAQEFBQADggEBABPkfLZVIJ5z5cIhmiN5yqjMKotzGMwi7ihiPx8YSgBc 18 | 2grI7Aqyojn/gPBTvKXGRYCGC7aXIBo69RlbnZy0VW1fLqoNo8y6+zLiryCtxsv6 19 | 3orQmHslh2WofzzhkNyazT3WoGvzV4qhzK5KU7vkrFpHcwiLFRglBMP4ruoOq8jY 20 | 4wKDrP3FpgaSpY4NOm7ro7LiYzmVcj6A9Gci6mm55er6ZGX0yI9O1FXOZCxABPJF 21 | kDEAk4GQScbaEDBZWjFAhkmdwYnE3n6usPnURwp08vDRkd4bGdrMT2KtP5ASNigQ 22 | vEaYj2pQJLS8Eljwc6nEBeGrZ14fGXXaVh+p9TKrpM8= 23 | -----END CERTIFICATE----- 24 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2008, Cameron Rich All rights reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are met: 5 | 6 | Redistributions of source code must retain the above copyright notice, this 7 | list of conditions and the following disclaimer. Redistributions in binary 8 | form must reproduce the above copyright notice, this list of conditions and 9 | the following disclaimer in the documentation and/or other materials 10 | provided with the distribution. Neither the name of the axTLS Project nor 11 | the names of its contributors may be used to endorse or promote products 12 | derived from this software without specific prior written permission. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR 18 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 24 | DAMAGE. 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | This is an ESP8266 port of [axTLS](http://axtls.sourceforge.net/) library, currently based on axTLS 2.1.4 (SVN version 277). 2 | 3 | This library supports TLS 1.2, and the following cipher suites: 4 | 5 | Cipher suite name (RFC) | OpenSSL name | Key exchange | Encryption | Hash 6 | ----------------------------------|---------------|--------------|------------|--------- 7 | TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA | RSA | AES-128 | SHA-1 8 | TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA | RSA | AES-256 | SHA-1 9 | TLS_RSA_WITH_AES_128_CBC_SHA256 | AES128-SHA256 | RSA | AES-128 | SHA-256 10 | TLS_RSA_WITH_AES_256_CBC_SHA256 | AES256-SHA256 | RSA | AES-256 | SHA-256 11 | 12 | ## Using the library 13 | 14 | This is not a self-sufficient library. In addition to the standard C library functions, application has to provide the following functions: 15 | 16 | ``` 17 | ax_port_read 18 | ax_port_write 19 | ax_port_open 20 | ax_port_close 21 | ax_get_file 22 | phy_get_rand (provided by the IoT SDK) 23 | ets_printf (in ESP8266 ROM) 24 | ets_putc (in ESP8266 ROM) 25 | ``` 26 | 27 | For use with LwIP raw TCP API, see [compat/README.md](https://github.com/attachix/lwirax/blob/master/README.md) 28 | 29 | ## Building [![Build status](https://travis-ci.org/igrr/axtls-8266.svg)](https://travis-ci.org/igrr/axtls-8266) 30 | 31 | To build, add xtensa toolchain to your path, and run `make`. The library will be built in `bin/` directory. 32 | 33 | ## Credits and license 34 | 35 | [axTLS](http://axtls.sourceforge.net/) is written and maintained by Cameron Rich. 36 | 37 | Other people have contributed to this port; see git logs for a full list. 38 | 39 | See [LICENSE](LICENSE) file for axTLS license. 40 | -------------------------------------------------------------------------------- /ssl/test/axTLS.ca_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAsSMwkpYHlwIsi1oxllJLjAPjjycx9t6Q3BOzXBSoZHc1wA+r 3 | QVuKHarpe8tYOKlNP8b79ejbCv/1U3NlVkMJJtLZUPtDwTEwUZNEG17ixS438mGI 4 | 1AbHXvwhPaoT24UymEOcbJxAZuClDfzKpN7Cl6OzN7Ox44gHmBCBSnUhRAnJYxD6 5 | x8wBLw8HdH0bMdoc2+H4KyW31uMGva7C9YlUCPVQGPJsTP1DLRskqy+zO1NERUTO 6 | XytHeYLlh/X/o+NYVvUf7WKu6qC3I4HK+OZ5OW3E+EaE73oYRmUVDaVavL7bRKEf 7 | 2NSbzowU+VsFEnyXIF7YnRFp0D1yrMzaC49bDQIDAQABAoIBAQCwOrNLUunwKaCJ 8 | b00gIXW5sfDGbhc+ZUU3Pn5V4NN7SEJ4dt5JYrnxNCWgHLkDfiQ1jFEF4QlzUx0O 9 | TiMGhCDpuCGueJx66uYIcnvywx7XT1kn0jNfxfK6JBsqDzg8ULL6W2GXiIhmEZ8E 10 | YHh3OIvec2WMyED1flMXzWvj2M4ksfMgZH290T9BSxzlEj9X7dZu55K4sFtu0XNi 11 | 7uJDB0vF8KfW5gLpwj6pd7i32Cm/Pgpl+7lcqMNpDHo0U2dMyWeH1EmWinS4rHxd 12 | mGDm0N0qK4BOYAJdasq7HwRjzDZkAPuNqcH0gOzSq3aYCI2tP2E6IvprM/vbqA4I 13 | ooo+GDJhAoGBAORiphxweuGBRTpSqoi9qEICM2WMC2NZW8bpFyWn79CuALGzvvc+ 14 | Buw8W3LVElByUyTVWBnBQQ1iXZGe9f1x2P9q8R1Bdl0rpePg3J9ff9674VRLrcov 15 | M85/NUHkj1fJ+2CkCx7KG5BFm3GaAb74e+7MceEW/eErMmCqtNgkR2Z5AoGBAMaO 16 | O9SnVNd4wgnJAjVgN4fqaXWNzZz6NYWtnFVIcTTO7vU1P9t5NjgcsdF9+SnLA/jV 17 | Ylo5Pl0fLPKg5QtIvlooZjXB8hgKVjrVGRLFt9TN0tJMeJ//11Bo88MNMOf0OQPg 18 | i2OMWI3w/oRFJthmpeYWOgXNlLOcoSW1LsnWR0Q1AoGBALAXi+KTq3tiM+FzSb/j 19 | E+/JSJ28bC9u/7+Pi2RiZxrsfuaFI/H4ZlgRdaVFujhC3e6hfKtnAWRzepfEDAEd 20 | neXaLAyVo9DUzbS1dQaBGNPA400eiOJCoNxP4t1qgEd9GhB6i4Ry6uvDb8YYq832 21 | Q4BtLEUUeC38I3y7QnMBDfhpAoGAZ13InA54xqvhKELy2WK7xhAs0rv93MkNcAhP 22 | qL5L4RgRoqoUEmfp6BBYKh2Qx0cfTD2aNCo04znFppJIazV1k24Qt8+9/vHyrjIe 23 | GX3BFBIKvNx+t5zzNLNOo66MVVT5EaGmLy7zMwHRHn75mBLoLv5HOpop3c+evQiz 24 | 0POyqjkCgYA2+ql0jS7Qbk7EPyFXftQhHcD/Ld8TKjonShkASoudSEHKwuQGBuit 25 | ftPsg/E5YfhlRpQB6p00kXb4vZsdpFV38eXkyLuLwg0kbpaLedahIujIENNvWP1w 26 | 89T/ueiafWPqvwu3M7sAkkd/ReAQ0LcPwrsBHlOk0uujq+WV+b+Xfw== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /ssl/test/axTLS.key_2048.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEA+Vp2PKclcZoKZ3OicQZNA4XpGZbD96Gasb5E66voMPub7l+y 3 | ln6A9CYveBna0i/cQHRCwpYuzzbHQgOjAAw7rcveiIqm8nJMxA8BFNMJCHv0knDl 4 | RT3H28xoTt08Z/MCfCYyOXoVsJOS6BSOSdFVyzhfU6nAie5iskYnmKecmhYaFm94 5 | S8WWJMNgEvwzPyhdmE4rpqUBHRSu3zPgHUnRRIOfui5KdZGzKpaC+i1Gn58MOC4W 6 | L8kguEMDCEkQD6zxFq0PX5GBgu+zVqCFByX7soxZB027FsmJUN6WNoo3hR/H1QV8 7 | RdXvgMbT00yymEnYVfn9ZL7nXShKI70Pi5Y11QIDAQABAoIBAQDQQBrrgPUmsW3r 8 | BIowNwDu5lHNizrTf+ZAeBX7dbEP57NNHCN8yN5OCe4vMfis/kfGlNKEzQT/DlLP 9 | 8VWa3pyhA9kw1AumBIvUWmuexrmOmmeiPiNc9sIJ8edTpjWi4zO6F/RuSGYA+N8C 10 | cNh9EhXDCaujpewlxjArj6fWOHXzwMewghiGCm/fW0rWri5HCQ7ec+WuHPC2KQGQ 11 | mRDpkXUsxWzTIMIsMKe3M2jYD+pk4xkJqN1+OV/APmQfLyshkGD4EN/qG1dieMQ0 12 | e85HxxCxbFETOzip0+pHXMbtxY/ok25/SCdtBXkBUJK1KqAysEZdHtOWmmk4HDaz 13 | Dx2PBbKpAoGBAP+BT/WXeVgtOv1idyv9RG34kOJCDaROtVk3g5MNLfj9mIklcwEd 14 | SylhpFxvvrFQAWQIDFPzFkukMs8aIuC0Gm4zxH+8RF45lwhgcXlXP87IiIyW6Bqu 15 | aglmWAM9UHol3/b2AD1UdpqGe0nvWo0rIqs4pdtGTA5BSSUYeaZXhzFDAoGBAPnW 16 | GWqDarzSbZM4TWcrx6O+cjLnstxDW+cgSCIrm9iVq2ys+Hn5O03aN9SsklyGxXgo 17 | ygdGvbYnnPl3ugT139KEiIeUSCBU15WP/NZejpHmtUHduDw1Y6SlBJ9T+p5CSDE+ 18 | 2kJoZu1zG7W3eBprZsyqNWtw3Dwc2N+emrF+NF8HAoGBANzErAVFq6if9E+KK/SL 19 | cvwegXmun0DwbUu4ZuzBv45b+NfPzu4QlKgd4TmpqDhnK7x2I8jJyuLy7p/6Mla7 20 | 5/Z+rnO8hcpwsmqfgozY8Z5HsYzgu46KU77penTaHtZcMYefCZf0ikJ8nrzEnxZJ 21 | RjxxxwWPWRocGQp/emVbTconAoGAUClmFkr8YIGULvyNuWDOubdNpQ+6z/m87zfo 22 | bS5Y3vGHA2OshlZ1tNEjwNVuUMndamSMDjGghWXIdDL6OMU7f6yOshHd4qHWWmLM 23 | 2WuVizLfTbb6ejcXNajNBuJHM6hIyaRFG7Gr9NxOM8weeTukzF6ArWyU/aSz4Wxe 24 | bjz0SNkCgYBVC0xdMPauqO1Ie/Gp6SPrIx9+bDDlwEvnDki/2RN7z5IkmBnRFxPy 25 | 6wqBiMFRxJXI4q3SSSbicb+7TQlK2/Vq/bL6QfjjQM8ZEzpPenYpP/wyMQXdVxfh 26 | 1GFDTzeiAhXTvBsZVj8R64VNhNaNn4naMlC4hqxaZ2KA0wrjTRKR0g== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /ssl/test/axTLS.key_end_chain.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEA7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqe 3 | DyUTpdwtzBt8H8/axNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3Y 4 | uRN4Y0i8sn8A1Fbe69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+aj 5 | TB2TnO7UTsjKRrXPv16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzl 6 | I8eTDHZqZJiw8gPg7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOe 7 | DU6wo4/e0Ta5bdZe7apqOBfdDnq3EUnHO1ZQbQIDAQABAoIBADbu47Yse4L7YQ0/ 8 | rRfWUfTpMsQgYd0far4P+Cqpeh1r32/Qp4OctFuVkeqaZ3w7PFSjQj1aPMh/ZoGJ 9 | ShxkBus/0dSA1yXNBix1wYNcEb9Mn25GU1I1R4vA2y6DK98FrSl2xwgickhiFQ4W 10 | yiD3huiphq8AcIQLqR679KIL63IF+lMnHmYTrm9/rkGvO/wiW55OMhLvhuR4w7/n 11 | 5g+PMBLF4vEqtN6wEpb5f3Q8ugNCG35ykpgBMFWI6FGGmcZkYgux+xnTweZ9+Xol 12 | tBQRrq9cY3/ouIrRX4K30e/EcaJN0eA0Cx9WerEHfYO45BWUJGySsxPab9vk6Qep 13 | uxRnHoECgYEA+uv054HQKGQOZPjgZ9lCqfPB4wQ98T4hNSLgNwAkd85D7UtF6Wb9 14 | GMsEecJ5aPIQjDN6dTT6Nb45AV4e0XWtQFtxHFXP6SKfyIlf0Zcl0cd8Fvt7CX/e 15 | ghZF6ndUxHaWtAltALVwo+Fi6LOgEN7+dsBjkAZf994cZNfqrr6B1s0CgYEA8eqY 16 | u2p/QE7YNfw7naMUKDqgqGzo41IjF915rznYOyuO4hu+zGrL2D+7EeZnLWfSCSxl 17 | t0uowOzDOKkm6XeungMyJFH0DnzhYEgh6K9AXMi3QF0zfgGrh7hhK5wFEt+a4nOY 18 | hIAnqhANqISRhOOd0iT2VIt+igQhEQv8XLjAICECgYAVvkKfmQkfpuP0bfiMJzB2 19 | p6/Ca0iu0fJwt0/0lCeU1iPeuSoaupjuABGoN2jr5iX28DMJWwjfhVdNPgmvnuHf 20 | dM0NZoY4ro5oAzdxYwac8gtXtn0H6rOuVB3E3ohS6e/PNA3lBNP473vxrDcPnzMv 21 | uSYngdXpFa8iMe+dKtb3dQKBgQCAzse56q+Mvy5yODZJ7f4amXTXmP27pA1ZdKyI 22 | 90TB5KR0kg9aanbVUsG5ezNuwrvb9I7INPnKl4Yu0ioM35PTQKJfIl/PowChsmaT 23 | rVSY0qp4E+gJ7Lu3TR44CR/Od87RSnln+5CjBV8wXj3ZQxTSQqoCRDABLseoevhJ 24 | Knnp4QKBgEHHHpegaCXl7+kaPzD/qD38iN6AmoAya9ZUxCUH55bDmkTFu1ZGgA6S 25 | 87fuXQ2tzwFyOtaxAftPuOkSKMpZYRPJY92SalHA4WyN1pl0MhWMZQiyKOh0QQ7A 26 | yaHjrLn5wPrhHhkpmYu2L1ZNiN+NIFDuD/j+APCX+wqb9otfbfxk 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /ssl/test/axTLS.key_device.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAvV0Pomdmpxx7s19ue0itPlPusWrTSwofoWEU141dp7cS9eXc 3 | SnQV5pfvYvvw21HsZHy+xW2cupjQBzvqPtrrqAz4p2E9VHTMuzvDSScj6GU0BUD+ 4 | GQ3qthLkXMfh7pJZFN5DYtVqzSE+ufZlYlfBqsT1BON9eRs2fTf6OnMFApx0ANjJ 5 | yFElu2cEf3iif/3Z6PF0iUNtKaDNDVvVBoiRa9mUuj4vxnyH4HmyzThp2bXDLMUO 6 | Viz/WWZs9Nl/QoJduyJZGEii1UM5VS81qQnu2dT1g/E0yPXwtOQUnVgjSMPfW+CA 7 | yJ1XTdSwVDSsyXApyxxtSEYbM81t3GGvmmCf+QIDAQABAoIBAFFO4COvmlgu1r6S 8 | P3IYJqsYhukPIWKbGjHE6ZoUTR5ycWW8KPafGbhFjLhHzYeeiY4sMg27nwxQCSLS 9 | CyaqAX3K9AmKqzbUYAQVCSkj8TscGVYYLgK8Awfi3MMp4Ez78dwQA4cwdAdYOwLG 10 | VYoAfFvC7iIHPB0AHklt+7eVI5WWsYlOIf9aS6+PDVii86GVoCpBE0eNZjE3JJo7 11 | hC0ctcjOqSVZRPC4p5KLFI8QkwyEK3vstyIiQOKSCFbZIn5Wi0+d6A9K96WhwssM 12 | OpmenLv3xgz4zrUkRDbv0cPAU+/e7ZVPCiIbL/Y78qk3lBjUuyztX6fwQ/eDFadw 13 | BS6LcvECgYEA+Nlwgi1Kzcd46xKG7xryI0mYjHO4cbZMsTcB4FQK5xXkGlg6j+WD 14 | NAi/LKDJhaKcBKIYDhYi8tY1ye7JSDmyrPfZ0WvQF8K4yprUAqidNIuwOPMASjTW 15 | CEBgTfMwCATNYNiaQ8eRuTLyknF4I2lrc4Ifby7cYEZrJ6aLGyolvdcCgYEAws4J 16 | rGQS8W1DmzrL9mIDlSUtMFkTWqhx7nvG4lCYWVGpMByiQwf4DRvcqmXhwPr0syaj 17 | qE6nu8G3iuOywSx2qrPX1a6NzeoZZybOSL7poaVmnpxgtS1xXyo1Bdc5ZPPOom1T 18 | apb1QXHIPFVFKsuKsrQvyXfYLFGlQbYh3TGrtq8CgYEAmDqT+95vI0ECNHNp/f0y 19 | 4OlVm53y2AUYF1S6Hhvra3/VwVP1xy80uvEa2dcmUEywOplaM8vQ51KpJvWfRkKd 20 | jfg01Eqqys5AsxhR16qEOK+3Rq9InxyBThzrjOPWnyEo7jSy8gG0oGGNSI6HWspT 21 | hB620hINmAub426bLCv1WJMCgYEAkdfBZEAT8o30BH5TfyVIO1v25fB6TfA4Q+yF 22 | LKBcPtqlSPDXBkosClxmq2fVSS5ZDtsJwZMJfsb8C86G4JrSSOCV4VNqtNPjqtdh 23 | rxLHRQ7YsjyvJlVcQHwP8Ex+mrbxZ6djwTQ9b36pA4pvWyfBsiK2eCXyQNPrXjPm 24 | THzIat8CgYAXN7CO+EUKtBil/r3PTj8FpWxvfZiKMbmktiHKD9ntcN3te2hrOWVs 25 | 1SmrIzr8/eBIsh7OGS3LUZTb4wKGtY29N6fTHuoA8pYILeRcJALGZnmrsTyFDzGH 26 | iXBSkZ94EXpywxWHAEglow028nQ9UNugKk9SIkpg42u4vrqhRitMqw== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /ssl/test/axTLS.key_intermediate_ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAzhdv9CgZ895+JuF4J5ttgKS8HDKL5uCAYOS2B+o1OkGzYRkS 3 | I+vA41BpPfE8D8P9lgjcbzAOrOvgYHPZneE3Ix1mhlyPwbnXesC48AahbWXeHFJL 4 | u3Hr3EfjIVngptIHF0/FXmLtOjcxLpP/mXyUTX7bm0NMhgEvxAX34fPfgM4r6AwP 5 | YLwxJGl0c4rrb9choDmXp7+72NnjiO/pXzrUkI0VL+fV6U/cT9ro6p6wJYewvfXA 6 | zqV01B76xf+QhYGp6h/HSZQntTQfA2KIp3H7jhaVXgC/CyyZ/fvx1QUAVCy8pMck 7 | Fs7YuLtVuhAOZ1KpeZzaQotwRjTEeRkF99iCxwIDAQABAoIBAFNxi+O4hOGHuV42 8 | tjabKNgIWx2znY+KYJBaqhVET+7ZgS6UPxMKNlwTR7lLvjzH5xnjVpUySQ7cpkmH 9 | Ppo9AN0X31YRjicq/sL12ytcE+o+b5LaA03Oz2euN5leUaZZrYNTyh7wQQrsI96v 10 | D7NujIFgFryjoA0118gvfnEfE+SLW5q4m+n7D4cZ2D1nolDnOo2noLhKhMVWT9jp 11 | UVoa5sO+9/Ap71ElAaet2LawNsKbyjjRuI84544G09zQ+YUfcelADaqtXyYZpSJL 12 | iWrmHasD1w8NfiHB84y2hWHySoiuTBfVBJFfTjg075TaxBwCtDbzzEe0ecDCVGnb 13 | gZfkevECgYEA5+5cUFf9LXt7Cwqc/lnuIUYmX7pvTPVVZbdjEzd1MUvu12p01cRN 14 | QYk4K41LZsQYwDrCk82TFn1+hDbVt27i5r4FPJ9GbkSh4AiqUFDkqpqE/U06ZiUX 15 | JOosU6laI6MmguWbXAAQuv2OwK7xVA0575HdbsEK8LRP2bSTRUYNFjkCgYEA43qb 16 | FaKixVC4KOm8dyNYFHB5oldZW0u4ieemum8B+a9wd2BEG8FdxFw6IuGnKyMQ1BWu 17 | NVwN2wZsHbosmCYxGO7cX4OT37711hdCr4pCGQhQ3gf9eNls4ZjjykZp8EHWQnx8 18 | SYl7sjQMQUjhfqePKwR396IGx4KSrc/l1rxKYP8CgYEAjYPPJ+bIQFw7s30CVeAh 19 | gIQBHh/vkZGQTcQb27nW9AFU9nOqXlSsnvRPJaPNAiNcxs4Ts4OX3/0qmRmsRYSP 20 | RiNjpp24p8eQzdX7tY3mOIKX6saYf4LaIFgSO+n1ahE+ilf296fCjZXw6HjWH2cC 21 | lr710YJQXpZmsnuP8JDRo2ECgYBrasL+5WydZi+ASldPnuYByNb3HO46GTiMDlKB 22 | 6Ndy8zBVfqTKwnWnurFNNWc+DHHu5En+Mnjse0zkgLx8IFTA5FI13Ckg18i4jwVT 23 | ZSMvNOkS340G2wz6PrsaEkQGSuCFRsld5Ej/7mn3DhZFO5R0iMipq94tqe/fmbN7 24 | wjAROwKBgHLl/XNhPTI/ed76ZjmCpbCvQlKZeYLhNbTS4lHvKCuniHKQsPz4BxjB 25 | fuVCUDH61yQT7WM31zIMfzQZjx9hTgFYYvnptRWj9zIBlIZJEieX3//flvEJ3Qmd 26 | /tbSoADa/1y+Y58biKkgmM4f4qS9h0AkVe88OCbpm14Xs2u7/4Nu 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /ssl/test/axTLS.key_intermediate_ca2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAqhp+ySEP4Oods+29nF39auqEmJ/qTUqQCz+9iWyOhp6NU5pJ 3 | 2LZiQNxVWIzasFHp9I1cvmf+4fnstMpaFl/TtdCpQnuV+eFIe7alEP6+Pc3YiFrO 4 | zyO0XnqJcZwmmkpr5omvGcx9FbcrKflzfgmn4ZvGIdgtwkA+ZAj6WkpZHGGpzqLY 5 | yAFz86fwANeT4I3a90aGwOEo/on+jvJA+O8KARsFx+yspxrfSZtNVTNWFfQfkIIt 6 | 7vOWnevZNAEkMnHxY8jDFq8EACNGDo3r0j+G5imRl8P0hdklpN261OS1hANVM3l2 7 | t2INNN/UkZjJe3/T7RW30A0VZ3Wk/nz3IgKlDwIDAQABAoIBACV6FurrPNtZ2Vd2 8 | DqtvzdCLgNE7klybC+dekLzBTRl9vzdnK9PyQu11XdxXlCr6sSfvKTrOIMrazHr8 9 | hiKd1EAfi9sY7W8TYmvXTsDSz0lAm+9Wym+6txeFudhtBdhCg0lUll6BviFVrM3f 10 | psFjETjUoC9+uH4ut1BE5huUe9OTmOXxupLWdETcHViMc2VrpnDsNKX/lFIMFSo7 11 | 3JDVojyTA/xdawJgkksCmQyHLICDvqJrIbLaDKxCfEiMKMyjVqgf9qwR33WAJ73e 12 | ES8XMVtgIce2Zpzx6OITf+gNhS0ekqsxZJ56iiacOVHxpphNKk+BwSj1bBxHLRoo 13 | narBebkCgYEA1BuLsbfr5lXAmGxE4JG1XrOZ7YtTqQNMYzy03s6fndoITqS+YpHk 14 | dtPqM/lQ6qByqLbaPZFVEqecIb9EVRoG1m+9rIkAutiWf/vAWwr7w7yIbFID2YBH 15 | 50crmdtbK+1eoml/MkNx2grmgelqtMy5iOzwbPcFzmgXaTBzXvJvZEUCgYEAzU3F 16 | f3QP0xgbrT0iK6138waegsuPaLoBdq+arlZ0LMzuN7T3KTKiNfkJKWbxoaECmu1p 17 | PpJsQpG+0cQxyKU1PK9Pz+9qUXaPf/OsRKTcvpiS2kdBFXLPEgGi2JeSoPZxErYM 18 | WuaqLIM8krYrV0JBRgGv38Pd0u0VaSbQvPx5u0MCgYEAidFoIE6IKf64CJH44w3q 19 | EiGSt8Va06u/+48bWtZY4kEkOq1Sw0tWbltdhu3NRNaCCdvdzDldVKSxjz/vD3i8 20 | zqKGVNAkOEO47mnO35kwY0tiPTfBJpbyoXUeAHeGMvGmFtODgU5PcMS6Z9kZq2aG 21 | e1CxG6waCraZ15BStnPCKx0CgYA2n7Olhp7TPn3WqQZXcq8QdTlleX2tkpfjGTPh 22 | oNUGOnxDTB3a00L/c0QxxNcTdwB3ciVnZZPyXk7UBwxr4zD39XkZzQyPoijqFU5H 23 | cUneWD/yXbT+XO6lTtQiJqn3s7pADTnaUbcDYuOR8XA0pkcxti8yLS3u+e+Ra6ds 24 | MQy+ewKBgDfHrvBhbxyYskxc/xHnSeAZjrKsKoFNmV3/n9XTmms3WAVoCYydIEou 25 | Pm3p5kDiaiTTqLBpxoa4g2tuaEXBJpgLwxq79Jod4PA1bnip45ERRrk4kRROIaFg 26 | eHV6U0+PQTrdFhiJkvK7CgNZVr+NLiS1V1pM3x7xI81nAV9Sv4c5 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: false 2 | language: bash 3 | os: 4 | - linux 5 | 6 | script: 7 | # Download Arduino IDE 8 | - wget -O arduino.tar.xz https://www.arduino.cc/download.php?f=/arduino-nightly-linux64.tar.xz 9 | - tar xf arduino.tar.xz 10 | - mv arduino-nightly $HOME/arduino_ide 11 | # Download ESP8266 Arduino core 12 | - cd $HOME/arduino_ide/hardware 13 | - mkdir esp8266com 14 | - cd esp8266com 15 | - git clone https://github.com/esp8266/Arduino.git esp8266 16 | - cd esp8266 17 | - export ESP8266_ARDUINO_DIR="$PWD" 18 | # Download toolchain and esptool 19 | - cd tools 20 | - python get.py 21 | - export PATH="$PATH:$PWD/xtensa-lx106-elf/bin" 22 | # Build axTLS 23 | - cd $TRAVIS_BUILD_DIR 24 | - make 25 | # Copy the library into Arduino core 26 | - cp bin/libaxtls.a $ESP8266_ARDUINO_DIR/tools/sdk/lib/libaxtls.a 27 | # Try building examples in ESP8266WiFi library from the ESP8266 Arduino core 28 | - /sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_1.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :1 -ac -screen 0 1280x1024x16 29 | - sleep 3 30 | - export DISPLAY=:1.0 31 | - export PATH="$HOME/arduino_ide:$PATH" 32 | - which arduino 33 | - cd $ESP8266_ARDUINO_DIR 34 | # 2.4.2 common.sh errors out if there is no valid build_type set, so ignore error 35 | - sed -i 's/exit 1//' tests/common.sh 36 | - source tests/common.sh 37 | - arduino --board esp8266com:esp8266:generic --save-prefs 38 | - arduino --get-pref sketchbook.path 39 | - build_sketches $HOME/arduino_ide $ESP8266_ARDUINO_DIR/libraries/ESP8266WiFi/examples/HTTPSRequest "-l $ESP8266_ARDUINO_DIR/libraries" 1 0 40 | # Feel free to add more test cases (for other environments) here 41 | 42 | notifications: 43 | email: 44 | on_success: change 45 | on_failure: change 46 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_device.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICUjCCAbsCCQClKsh4h/LnyzANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h 3 | eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTYxMjMwMjEwNDI3 4 | WhcNMzAwOTA4MjEwNDI3WjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj 5 | ZSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1d 6 | D6JnZqcce7NfbntIrT5T7rFq00sKH6FhFNeNXae3EvXl3Ep0FeaX72L78NtR7GR8 7 | vsVtnLqY0Ac76j7a66gM+KdhPVR0zLs7w0knI+hlNAVA/hkN6rYS5FzH4e6SWRTe 8 | Q2LVas0hPrn2ZWJXwarE9QTjfXkbNn03+jpzBQKcdADYychRJbtnBH94on/92ejx 9 | dIlDbSmgzQ1b1QaIkWvZlLo+L8Z8h+B5ss04adm1wyzFDlYs/1lmbPTZf0KCXbsi 10 | WRhIotVDOVUvNakJ7tnU9YPxNMj18LTkFJ1YI0jD31vggMidV03UsFQ0rMlwKcsc 11 | bUhGGzPNbdxhr5pgn/kCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBX+beg1jGMSqQd 12 | 6Q/d07mQCLuEwmXmmz7hc0lgp6IumjsxulO2xLiotXie7e3GIRAVgJsd6ysRJKim 13 | IioOMxcwUMWw0CcqjcwqorczJjsqzW99dzCd3NcDiDxx+7Pye58D8qOLHGtafC9n 14 | TjQELV6dNIUX5IfH/18jAkPEmFcOUg== 15 | -----END CERTIFICATE----- 16 | -----BEGIN CERTIFICATE----- 17 | MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV 18 | BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X 19 | DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg 20 | UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 21 | DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc 22 | FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb 23 | XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK 24 | dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr 25 | L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN 26 | pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G 27 | A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB 28 | AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T 29 | SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD 30 | gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6 31 | 5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI 32 | FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c 33 | b5kxOvfGlM4E6v+lMSw/HDrI 34 | -----END CERTIFICATE----- 35 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | TOOLCHAIN_PREFIX := xtensa-lx106-elf- 2 | CC := $(TOOLCHAIN_PREFIX)gcc 3 | AR := $(TOOLCHAIN_PREFIX)ar 4 | LD := $(TOOLCHAIN_PREFIX)gcc 5 | OBJCOPY := $(TOOLCHAIN_PREFIX)objcopy 6 | 7 | XTENSA_LIBS ?= $(shell $(CC) -print-sysroot) 8 | 9 | TOOLCHAIN_DIR=$(shell cd $(XTENSA_LIBS)/../../; pwd) 10 | 11 | OBJ_FILES := \ 12 | crypto/aes.o \ 13 | crypto/bigint.o \ 14 | crypto/hmac.o \ 15 | crypto/md5.o \ 16 | crypto/rc4.o \ 17 | crypto/rsa.o \ 18 | crypto/sha1.o \ 19 | crypto/sha256.o \ 20 | crypto/sha384.o \ 21 | crypto/sha512.o \ 22 | ssl/asn1.o \ 23 | ssl/gen_cert.o \ 24 | ssl/loader.o \ 25 | ssl/os_port.o \ 26 | ssl/p12.o \ 27 | ssl/tls1.o \ 28 | ssl/tls1_clnt.o \ 29 | ssl/tls1_svr.o \ 30 | ssl/x509.o \ 31 | crypto/crypto_misc.o \ 32 | 33 | 34 | CPPFLAGS += -I$(XTENSA_LIBS)/include \ 35 | -Icrypto \ 36 | -Issl \ 37 | -I. 38 | 39 | LDFLAGS += -L$(XTENSA_LIBS)/lib \ 40 | -L$(XTENSA_LIBS)/arch/lib \ 41 | 42 | 43 | CFLAGS+=-std=c99 -DESP8266 44 | 45 | CFLAGS += -Wall -Os -g -O2 -Wpointer-arith -Wl,-EL -nostdlib -mlongcalls -mno-text-section-literals -D__ets__ -DICACHE_FLASH 46 | 47 | CFLAGS += -ffunction-sections -fdata-sections 48 | 49 | CFLAGS += -fdebug-prefix-map=$(PWD)= -fdebug-prefix-map=$(TOOLCHAIN_DIR)=xtensa-lx106-elf -gno-record-gcc-switches 50 | 51 | MFORCE32 := $(shell $(CC) --help=target | grep mforce-l32) 52 | ifneq ($(MFORCE32),) 53 | # If the compiler supports the -mforce-l32 flag, the compiler will generate correct code for loading 54 | # 16- and 8-bit constants from program memory. So in the code we can directly access the arrays 55 | # placed into program memory. 56 | CFLAGS += -mforce-l32 57 | else 58 | # Otherwise we need to use a helper function to load 16- and 8-bit constants from program memory. 59 | CFLAGS += -DWITH_PGM_READ_HELPER 60 | endif 61 | 62 | BIN_DIR := bin 63 | AXTLS_AR := $(BIN_DIR)/libaxtls.a 64 | 65 | all: $(AXTLS_AR) 66 | 67 | $(AXTLS_AR): | $(BIN_DIR) 68 | 69 | $(AXTLS_AR): $(OBJ_FILES) 70 | $(AR) cru $@ $^ 71 | 72 | $(BIN_DIR): 73 | mkdir -p $(BIN_DIR) 74 | 75 | clean: 76 | rm -rf $(OBJ_FILES) $(AXTLS_AR) 77 | 78 | 79 | .PHONY: all clean 80 | -------------------------------------------------------------------------------- /samples/java/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2007-2016, Cameron Rich 3 | # 4 | # All rights reserved. 5 | # 6 | # Redistribution and use in source and binary forms, with or without 7 | # modification, are permitted provided that the following conditions are met: 8 | # 9 | # * Redistributions of source code must retain the above copyright notice, 10 | # this list of conditions and the following disclaimer. 11 | # * Redistributions in binary form must reproduce the above copyright 12 | # notice, this list of conditions and the following disclaimer in the 13 | # documentation and/or other materials provided with the distribution. 14 | # * Neither the name of the axTLS project nor the names of its 15 | # contributors may be used to endorse or promote products derived 16 | # from this software without specific prior written permission. 17 | # 18 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 24 | # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 26 | # OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 | # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | # 30 | 31 | include ../../config/.config 32 | include ../../config/makefile.conf 33 | include ../../config/makefile.java.conf 34 | 35 | all : sample 36 | JAR=../../$(STAGE)/axtls.jar 37 | CLASSES=../../bindings/java/classes 38 | sample : $(JAR) 39 | 40 | $(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class) 41 | jar mcvf manifest.mf $@ -C $(CLASSES) axTLSj -C $(CLASSES) axssl.class 42 | 43 | JAVA_FILES=axssl.java 44 | JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class) 45 | 46 | $(CLASSES)/%.class : %.java 47 | javac -d $(CLASSES) -classpath $(CLASSES) $^ 48 | 49 | clean:: 50 | -@rm -f $(TARGET) 51 | 52 | -------------------------------------------------------------------------------- /ssl/test/axTLS.x509_intermediate_ca2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC+TCCAeGgAwIBAgIJAKUqyHiH8ufNMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV 3 | BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy 4 | N1oXDTMwMDkwODIxMDQyN1owKjEoMCYGA1UEChMfYXhUTFMgUHJvamVjdCBJbnRl 5 | cm1lZGlhdGUgMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoa 6 | fskhD+DqHbPtvZxd/WrqhJif6k1KkAs/vYlsjoaejVOaSdi2YkDcVViM2rBR6fSN 7 | XL5n/uH57LTKWhZf07XQqUJ7lfnhSHu2pRD+vj3N2Ihazs8jtF56iXGcJppKa+aJ 8 | rxnMfRW3Kyn5c34Jp+GbxiHYLcJAPmQI+lpKWRxhqc6i2MgBc/On8ADXk+CN2vdG 9 | hsDhKP6J/o7yQPjvCgEbBcfsrKca30mbTVUzVhX0H5CCLe7zlp3r2TQBJDJx8WPI 10 | wxavBAAjRg6N69I/huYpkZfD9IXZJaTdutTktYQDVTN5drdiDTTf1JGYyXt/0+0V 11 | t9ANFWd1pP589yICpQ8CAwEAAaMkMCIwEgYDVR0TAQH/BAgwBgEB/wIBCjAMBgNV 12 | HQ8EBQMDBwWAMA0GCSqGSIb3DQEBCwUAA4IBAQBNWDjqxlO0BwMdyxfUs1wDsLiq 13 | 4hOmUFwCv8TuTFsL9aNe7OIJRT8IF2pHw07qyvAxJVEWUCLK/KLq0HrRTzRZO/tK 14 | eNroHMHS+fBwFuHFp+1RGMK2rHLajxVVB6X0aeLWKrNKrvUQZL+Tx+NZ3dEO62rq 15 | rANnElCrnyI1bIBKwHdUbOMOHeZAECr7H0KfvaX8F67aln4IwPzCauQM3DFf9h9Z 16 | FvmxUdVgjRZK4e5he9k4gT/Faom0z/ApnW4DJRF8rpCPWqN872aNpL8NPZuOFtiD 17 | Gzg5O4wJYx7OWIPa/qcQ0hTbn5waPzC68X448tlJTPiwyeKsYT3JwWqLi6o5 18 | -----END CERTIFICATE----- 19 | -----BEGIN CERTIFICATE----- 20 | MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV 21 | BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X 22 | DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg 23 | UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw 24 | ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj 25 | UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc 26 | R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk 27 | aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU 28 | HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4 29 | u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB 30 | Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf 31 | mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3 32 | +innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8 33 | QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7 34 | c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm 35 | SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92 36 | 2L3MUIVn 37 | -----END CERTIFICATE----- 38 | -------------------------------------------------------------------------------- /crypto/os_int.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2012-2016, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /** 32 | * @file os_int.h 33 | * 34 | * Ensure a consistent bit size 35 | */ 36 | 37 | #ifndef HEADER_OS_INT_H 38 | #define HEADER_OS_INT_H 39 | 40 | #ifdef __cplusplus 41 | extern "C" { 42 | #endif 43 | 44 | /* some bool types - just make life easier */ 45 | typedef char bool; 46 | #define false 0 47 | #define true 1 48 | 49 | #if defined(WIN32) 50 | typedef UINT8 uint8_t; 51 | typedef INT8 int8_t; 52 | typedef UINT16 uint16_t; 53 | typedef INT16 int16_t; 54 | typedef UINT32 uint32_t; 55 | typedef INT32 int32_t; 56 | typedef UINT64 uint64_t; 57 | typedef INT64 int64_t; 58 | #else /* Not Win32 */ 59 | 60 | #ifdef CONFIG_PLATFORM_SOLARIS 61 | #include 62 | #else 63 | #include 64 | #endif /* Not Solaris */ 65 | 66 | #endif /* Not Win32 */ 67 | 68 | #ifdef __cplusplus 69 | } 70 | #endif 71 | 72 | #endif 73 | -------------------------------------------------------------------------------- /crypto/sha384.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2015, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | #include 32 | #include "os_port.h" 33 | #include "crypto.h" 34 | 35 | /** 36 | * Initialize the SHA384 context 37 | */ 38 | void SHA384_Init(SHA384_CTX *ctx) 39 | { 40 | //Set initial hash value 41 | ctx->h_dig.h[0] = 0xCBBB9D5DC1059ED8LL; 42 | ctx->h_dig.h[1] = 0x629A292A367CD507LL; 43 | ctx->h_dig.h[2] = 0x9159015A3070DD17LL; 44 | ctx->h_dig.h[3] = 0x152FECD8F70E5939LL; 45 | ctx->h_dig.h[4] = 0x67332667FFC00B31LL; 46 | ctx->h_dig.h[5] = 0x8EB44A8768581511LL; 47 | ctx->h_dig.h[6] = 0xDB0C2E0D64F98FA7LL; 48 | ctx->h_dig.h[7] = 0x47B5481DBEFA4FA4LL; 49 | 50 | // Number of bytes in the buffer 51 | ctx->size = 0; 52 | // Total length of the message 53 | ctx->totalSize = 0; 54 | } 55 | 56 | /** 57 | * Accepts an array of octets as the next portion of the message. 58 | */ 59 | void SHA384_Update(SHA384_CTX *ctx, const uint8_t * msg, int len) 60 | { 61 | // The function is defined in the exact same manner as SHA-512 62 | SHA512_Update(ctx, msg, len); 63 | } 64 | 65 | /** 66 | * Return the 384-bit message digest into the user's array 67 | */ 68 | void SHA384_Final(uint8_t *digest, SHA384_CTX *ctx) 69 | { 70 | // The function is defined in the exact same manner as SHA-512 71 | SHA512_Final(NULL, ctx); 72 | 73 | // Copy the resulting digest 74 | if (digest != NULL) 75 | memcpy(digest, ctx->h_dig.digest, SHA384_SIZE); 76 | } 77 | 78 | -------------------------------------------------------------------------------- /crypto/rc4.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /** 32 | * An implementation of the RC4/ARC4 algorithm. 33 | * Originally written by Christophe Devine. 34 | */ 35 | 36 | #include 37 | #include "os_port.h" 38 | #include "crypto.h" 39 | 40 | /* only used for PKCS12 now */ 41 | #ifdef CONFIG_SSL_USE_PKCS12 42 | 43 | /** 44 | * Get ready for an encrypt/decrypt operation 45 | */ 46 | void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length) 47 | { 48 | int i, j = 0, k = 0, a; 49 | uint8_t *m; 50 | 51 | ctx->x = 0; 52 | ctx->y = 0; 53 | m = ctx->m; 54 | 55 | for (i = 0; i < 256; i++) 56 | m[i] = i; 57 | 58 | for (i = 0; i < 256; i++) 59 | { 60 | a = m[i]; 61 | j = (uint8_t)(j + a + key[k]); 62 | m[i] = m[j]; 63 | m[j] = a; 64 | 65 | if (++k >= length) 66 | k = 0; 67 | } 68 | } 69 | 70 | /** 71 | * Perform the encrypt/decrypt operation (can use it for either since 72 | * this is a stream cipher). 73 | * NOTE: *msg and *out must be the same pointer (performance tweak) 74 | */ 75 | void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length) 76 | { 77 | int i; 78 | uint8_t *m, x, y, a, b; 79 | 80 | x = ctx->x; 81 | y = ctx->y; 82 | m = ctx->m; 83 | 84 | for (i = 0; i < length; i++) 85 | { 86 | a = m[++x]; 87 | y += a; 88 | m[x] = b = m[y]; 89 | m[y] = a; 90 | out[i] ^= m[(uint8_t)(a + b)]; 91 | } 92 | 93 | ctx->x = x; 94 | ctx->y = y; 95 | } 96 | 97 | #endif 98 | -------------------------------------------------------------------------------- /ssl/os_port.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007-2016, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /** 32 | * @file os_port.c 33 | * 34 | * OS specific functions. 35 | */ 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include "os_port.h" 42 | 43 | #ifdef WIN32 44 | /** 45 | * gettimeofday() not in Win32 46 | */ 47 | EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone) 48 | { 49 | #if defined(_WIN32_WCE) 50 | t->tv_sec = time(NULL); 51 | t->tv_usec = 0; /* 1sec precision only */ 52 | #else 53 | struct _timeb timebuffer; 54 | _ftime(&timebuffer); 55 | t->tv_sec = (long)timebuffer.time; 56 | t->tv_usec = 1000 * timebuffer.millitm; /* 1ms precision */ 57 | #endif 58 | } 59 | 60 | /** 61 | * strcasecmp() not in Win32 62 | */ 63 | EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2) 64 | { 65 | while (tolower(*s1) == tolower(*s2++)) 66 | { 67 | if (*s1++ == '\0') 68 | { 69 | return 0; 70 | } 71 | } 72 | 73 | return *(unsigned char *)s1 - *(unsigned char *)(s2 - 1); 74 | } 75 | 76 | 77 | EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size) 78 | { 79 | HKEY hKey; 80 | unsigned long datatype; 81 | unsigned long bufferlength = buf_size; 82 | 83 | if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, 84 | TEXT("SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters"), 85 | 0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS) 86 | return -1; 87 | 88 | RegQueryValueEx(hKey, "Domain", NULL, &datatype, buf, &bufferlength); 89 | RegCloseKey(hKey); 90 | return 0; 91 | } 92 | #endif 93 | 94 | -------------------------------------------------------------------------------- /bindings/Config.in: -------------------------------------------------------------------------------- 1 | # 2 | # For a description of the syntax of this configuration file, 3 | # see scripts/config/Kconfig-language.txt 4 | # 5 | menu "Language Bindings" 6 | 7 | config CONFIG_BINDINGS 8 | bool "Create language bindings" 9 | default n 10 | help 11 | axTLS supports language bindings in C#, VB.NET, Java and Perl. 12 | 13 | Select Y here if you want to build the various language bindings. 14 | 15 | config CONFIG_CSHARP_BINDINGS 16 | bool "Create C# bindings" 17 | default n 18 | depends on CONFIG_BINDINGS 19 | help 20 | Build C# bindings. 21 | 22 | This requires .NET to be installed on Win32 platforms and mono to be 23 | installed on all other platforms. 24 | 25 | config CONFIG_VBNET_BINDINGS 26 | bool "Create VB.NET bindings" 27 | default n 28 | depends on CONFIG_BINDINGS 29 | help 30 | Build VB.NET bindings. 31 | 32 | This requires the .NET to be installed and is only built under Win32 33 | platforms. 34 | 35 | menu ".Net Framework" 36 | depends on CONFIG_CSHARP_BINDINGS || CONFIG_VBNET_BINDINGS 37 | config CONFIG_DOT_NET_FRAMEWORK_BASE 38 | string "Location of .NET Framework" 39 | default "c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727" 40 | endmenu 41 | 42 | config CONFIG_JAVA_BINDINGS 43 | bool "Create Java bindings" 44 | default n 45 | depends on CONFIG_BINDINGS 46 | help 47 | Build Java bindings. 48 | 49 | Current Issues (see README): 50 | * Needs Java 1.4 or better. 51 | * If building under Win32 it will use the Win32 JDK. 52 | 53 | menu "Java Home" 54 | depends on CONFIG_JAVA_BINDINGS 55 | config CONFIG_JAVA_HOME 56 | string "Location of JDK" 57 | default "c:\\Program Files\\Java\\jdk1.5.0_06" if CONFIG_PLATFORM_WIN32 || CONFIG_PLATFORM_CYGWIN 58 | default "/usr/lib/jvm/java-7-openjdk-amd64" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN 59 | depends on CONFIG_JAVA_BINDINGS 60 | help 61 | The location of Sun's JDK. 62 | endmenu 63 | 64 | config CONFIG_PERL_BINDINGS 65 | bool "Create Perl bindings" 66 | default n 67 | depends on CONFIG_BINDINGS 68 | help 69 | Build Perl bindings. 70 | 71 | Current Issues (see README): 72 | * 64 bit versions don't work at present. 73 | * libperl.so needs to be in the shared library path. 74 | 75 | menu "Perl Home" 76 | depends on CONFIG_PERL_BINDINGS && CONFIG_PLATFORM_WIN32 77 | config CONFIG_PERL_CORE 78 | string "Location of Perl CORE" 79 | default "c:\\perl\\lib\\CORE" 80 | help: 81 | works with ActiveState 82 | "http://www.activestate.com/Products/ActivePerl" 83 | 84 | config CONFIG_PERL_LIB 85 | string "Name of Perl Library" 86 | default "perl58.lib" 87 | endmenu 88 | 89 | config CONFIG_LUA_BINDINGS 90 | bool "Create Lua bindings" 91 | default n 92 | depends on CONFIG_BINDINGS && !CONFIG_PLATFORM_WIN32 93 | help 94 | Build Lua bindings (see www.lua.org). 95 | 96 | menu "Lua Home" 97 | depends on CONFIG_LUA_BINDINGS 98 | config CONFIG_LUA_CORE 99 | string "Location of Lua CORE" 100 | default "/usr/local" 101 | help: 102 | If the Lua exists on another directory then this needs to be changed 103 | endmenu 104 | 105 | endmenu 106 | -------------------------------------------------------------------------------- /ssl/test/axTLS.key_4096.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJJwIBAAKCAgEAwApOo9f0syXI8DmEkP88eHCgZZ8FumcICcqcFe0OywR9UsXU 3 | dQhMqKfMLi8Wlco+rNqFcDfsNyAllCDiq89dp/aNj3inCVAoXnaJuiZQ6dX9UtBR 4 | VEW9cr/z6RjgrZQ9+MkbOx+MXVd44I8jEWVuW2oK1eQzU+FUb12dj45mTaLpL6Bx 5 | XcXGC7e2KSeO75iWwitMyGmJQirV8fttUNa6VfKu7isxESz5jaUmuSsMZIl6Hjm/ 6 | KxmZxkBuFv1Zm2KkKqItV/WqQYCrngil1I5zJLjHWFNjA634U63yWZo5LWQY8pp5 7 | wy0stC87yJD70rsszjm3zejtXAVipm27+GWe1bKI6UAVfyG3y+bEAKOGc9b6UpUJ 8 | 7iRPd32DrZCJ1xubVW3Lx+gK5YILsf7fQARPAbc1KbuJ2GJ2v9ihINzkqyT6N6FJ 9 | ns/BcZnHAXk+KorS03xDMgI/CMKEjoc5YjFY9ioOUvvtpeg2kb0VUqvAHOm4i+DU 10 | f5pQ82uH16tHVk2YyZqNWNVu8cbYsLAKFYPtyur9EO2TeKhCI+vAjl5FNw3TQAjy 11 | 1N4P7olDpJh1Vkx5q2fbaQvIq1HMovSmGKKvObXjjAoqlwVaiCukkr/djV1Teu1J 12 | T50aP7tqCOOrBYBaWHO1IOB6xFOSfpAkuZVf4gqHsl2jTiLY6zDhkafJgoECAwEA 13 | AQKCAgAlKVlyZzXY/PTXV6oJjPqcq96+C3nGSm3Jx0VREOCN9L5zqAim5QZAlMf0 14 | H/SU4+Ag/uBXiNrTCAt9kKeMa8JJ4HIgU06vhK1rKjEYrpV1yo0M23cBgcVZUT/X 15 | 2ZKQxGEBpZj5Ze95mJWxjsFQenpSgkC6h0BPeQkny8vTndC6MU5Cgx+s77qVReWg 16 | LSGBx9tUk6B2H8YJ4dQo0Wij/gls3FtxhzYlhrh76nuF1Yi+Y8QX2UDfDEMvlAQ5 17 | uqj+YqY2AdAYd1eM+WM8X5wHd9FcR817kBdW/PFS8BQ3tppd6ELTn4T0eedurr04 18 | 4KV6b/IJri2dUPetmPUwE4gOV0vW5LP1DSNS+sBD1OrsQ+Ytovht868GLMQ/d6M+ 19 | 82IDz2at0lDQ+6JLGBrY2rOXYi22fqGgSg2ErDENgYU1dft1Yc8sAzCTl5WC/Bhg 20 | IxbfUChsYqURvq7faaqVfb50FcMYUcj/rAXVSLOuix2HUgLsQSj2MTtvuR7+BUgh 21 | 2KEmiCaMJy6CQyIgtOTjhmPqMr5Se/JYi1SRG0SxZpsYhGRPfjC8jg1k/VmRoAmS 22 | pvqfhqgUMB0vAjfynoxFOZGNZIVrSR+yuC3xaORBW5UAPGvZHS1XzuxdybjpPm74 23 | 0NB1JIc3ylAWcJEWdpnpk8OzZCAhifx0Farrq6Xauk6/ZLtd4QKCAQEA4a0DaHcp 24 | OqFTudM8kC/N21FuE9U5MRLtJ2HP42iTEAfMi1bpZjO35giqYhfxNJiyTPnWDbkS 25 | HVvNuSLAG58/Xs0KTuXCEgWuALBFtgg39BrPTT9Kw2CdqCgIpx5ArBwF+3lDfGIH 26 | lIeoOhR7OKnN8a1/6l7KVOHxV4FMX9aVmom8FKKqjZYcObY86MgLObMtt50v0cKY 27 | GgNZCy1HLoXHRGJ+3pypZEV0qxbOt2jGAhEpDf/LdX9Ez4AIYK16/a5AvUnNJlvN 28 | d28LPgTCvPK8Mhz/m+7ms8IfZ2j0hJgm2j9jiMTK0QvyhWq57TfrU+8HWCKzsUfH 29 | M1Riwt0z8u9HpQKCAQEA2dhE79/lyaGe3lxqJmzxdLG3Khp3wAk4/SM6CP9elN9J 30 | 4kg7UFGIE1AUs73HPwlXmoOyE1r+g6W2CaNMds5qqJKOIIS/89mrGZs68hpTLbdR 31 | rTrNNeTLlOQcF/txNfawYEtPwAedjIxUFATKDibbDwfe0p3mRZSm/ji0N3n5ehJl 32 | yDwfaSVsZsoHWm0GUfhMVGwu1OZjAGGpGZIf/tcjMNQ3cKAmqAvRpRrlc51eUw5M 33 | +Z+POgRY2mnrKgTUREFzaLG62umaTVTGC6dn++QLPmFgoFuloSUJNUbRRvIg9d+a 34 | aatn2eiusBILVarQcHGWdysuMFqxUJ9VHQqCNqI4rQKCAQBjPcZF5kEHO3KqQS5c 35 | 6ejJDaIurpGb9wq7StQ02QPzBLr6e5ngC9ZPHnhu8sBrtMqT9zoehshkiL6LL7Dz 36 | dLBVbC2gTIFvk3fVba76Qdr5SeDnw3GJQa+TByfm9fLSvPAUilsXE7TpqE5eXCtj 37 | 26hpIzchRdYMRd/v7zg63Q6lCvTezjnaUazP5EgcxfvJv/XWzRT+VWi158r8k0i+ 38 | OK5McFQCaTpEkhagNkNpfHW26vz23woF/ZWw+ki02xU/AaYOl6nTuIM+hmKXP1iz 39 | 5rrD/uSZGhHx8ugEfa8psA9F4qJOvtvB2lMoQKrKmtCt9GtyYrBKwZnkBLP5pXT2 40 | 3CrRAoIBABiIz/LIH6QezLq0Y8wiFuuSnFNkmboKD94Kmp2qzSctIrAWfH+mPxIV 41 | wc8gf5Es5y3iySp+5A1Fm4PoXVNAGikUIGevK8M175w5rGDZ8CZE8DD3X2dDdl41 42 | dqiIzA5M0z51HO0+rlLG9y0uAOepHqDJvSGxYN7TSB93mWxqE1vZOJddlhgMe/Hz 43 | rPJVNxICSe50JK4bqGjBlv7nQy07Y547OGc50kC43AqhRdhIj/gAs1Cl1Mau+KbY 44 | qQCZfKKXUH0pDydaieNNueRUHVT0MQP8iZpl1/iXKDtU13sLCAVJAqYGBPM4znvL 45 | /HTQgRs4375aIaCWhkPTPg3AQjwO9x0CggEANIoxDPtty49prkkd8xQQceySEbnf 46 | CeTljNd1uUEqki5DSJMfXajwuSkUrhZAnSevT7k9BjsAzqHM9sWqo3C3PQpFA2Q/ 47 | seTA7lSIxyKvQ4bt/ZaMMeryCzC/WKH81+F35IoQ616nzJz+A7khHX/+l6ZdS9Ud 48 | LYmYUEB1PQVd0PFQQ67dnNCJ265Hi54XLez9rzuYbuNFIb+wg4FsjV8NHUQSMow3 49 | LQLLMO16nqs9lQA17WdTlhyR6fYrovh6h7puGzONesSF0s9uLSyiOQ9UDKenNPPb 50 | nBdM3Bwq5M72o11IKwTPvq95e09o2eFY0SlqwqLdqeD9lrbh/HWfO9VpWA== 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /ssl/cert.h: -------------------------------------------------------------------------------- 1 | unsigned char default_certificate[] = { 2 | 0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xa5, 3 | 0x2a, 0xc8, 0x78, 0x87, 0xf2, 0xe7, 0xc5, 0x30, 0x0d, 0x06, 0x09, 0x2a, 4 | 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34, 5 | 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61, 6 | 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 7 | 0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 8 | 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 9 | 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x32, 10 | 0x33, 0x30, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a, 0x17, 0x0d, 0x33, 11 | 0x30, 0x30, 0x39, 0x30, 0x38, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a, 12 | 0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 13 | 0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 14 | 0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 15 | 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x81, 16 | 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 17 | 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 18 | 0x81, 0x81, 0x00, 0xbd, 0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa, 19 | 0xb9, 0x3a, 0x1f, 0x8b, 0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0, 20 | 0x11, 0x9a, 0x9c, 0xdc, 0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3, 21 | 0x05, 0x0e, 0x61, 0xc1, 0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a, 22 | 0xff, 0x9b, 0xb8, 0x7a, 0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99, 23 | 0xa5, 0xa2, 0x99, 0x53, 0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01, 24 | 0xe7, 0xdf, 0xe9, 0xec, 0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0, 25 | 0xc8, 0x6d, 0x41, 0x45, 0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28, 26 | 0xdf, 0x36, 0xe2, 0x73, 0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb, 27 | 0x0d, 0x9b, 0xef, 0xa8, 0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07, 28 | 0xa9, 0x86, 0x0d, 0x3f, 0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02, 29 | 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 30 | 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 31 | 0x32, 0xe0, 0x3c, 0x6e, 0x21, 0xe6, 0xa6, 0xf4, 0xb8, 0x10, 0x9f, 0x8a, 32 | 0xe6, 0x0b, 0x84, 0x4e, 0x2c, 0xe5, 0x14, 0xca, 0x56, 0x81, 0x3f, 0xc0, 33 | 0x2c, 0xa3, 0x39, 0x89, 0x24, 0xce, 0xaf, 0x47, 0x2e, 0x19, 0x62, 0xb2, 34 | 0xe4, 0x76, 0x91, 0x25, 0xbc, 0xe1, 0xa8, 0xee, 0x6a, 0x68, 0x3a, 0x77, 35 | 0xb9, 0xb2, 0x62, 0x97, 0x0c, 0x25, 0x3c, 0x5e, 0x13, 0x48, 0x87, 0x80, 36 | 0xa3, 0x91, 0xd9, 0x2e, 0xe6, 0x92, 0x2b, 0x1c, 0x52, 0x24, 0xb1, 0x77, 37 | 0xc6, 0xf6, 0xde, 0xd8, 0x9b, 0xd9, 0x57, 0x37, 0x56, 0x68, 0x17, 0x32, 38 | 0x66, 0x01, 0x08, 0x38, 0x08, 0x9a, 0xc1, 0x8c, 0x5e, 0x3f, 0xe7, 0xc9, 39 | 0x44, 0xcb, 0x62, 0xb9, 0x48, 0xc7, 0x89, 0xa6, 0xff, 0x8e, 0x7d, 0x3d, 40 | 0xe1, 0x46, 0x32, 0x9c, 0x13, 0x06, 0x9a, 0xd1, 0x17, 0xab, 0x3f, 0xa9, 41 | 0x90, 0x04, 0x33, 0x2d, 0x3f, 0x81, 0x0a, 0xa5, 0x55, 0xce, 0xb6, 0x95, 42 | 0x54, 0xad, 0xf1, 0x4f, 0xa2, 0xca, 0xc3, 0xf6, 0x25, 0x7b, 0x71, 0xd2, 43 | 0x68, 0x85, 0xe9, 0x72, 0xb6, 0x99, 0x34, 0x6d, 0xe5, 0x5f, 0xf6, 0x74, 44 | 0x1c, 0xb9, 0xa2, 0xda, 0x2b, 0x04, 0xff, 0x82, 0xc5, 0x09, 0x04, 0xc4, 45 | 0xba, 0xbc, 0x82, 0x3e, 0xb4, 0x72, 0x18, 0x8e, 0x30, 0x68, 0x48, 0x4a, 46 | 0x0d, 0xa7, 0x3d, 0xb5, 0xf4, 0x42, 0x3a, 0x97, 0x60, 0x7d, 0xa8, 0x61, 47 | 0x8a, 0x9e, 0x98, 0xc4, 0x7e, 0x65, 0x99, 0xea, 0x7e, 0xca, 0x75, 0xe7, 48 | 0xdb, 0x21, 0x5d, 0xce, 0x7c, 0x66, 0x3d, 0x7e, 0xdc, 0x14, 0xfe, 0x55, 49 | 0x04, 0x97, 0xa8, 0x64, 0x12, 0xb4, 0xb5, 0x30, 0x48, 0x72, 0xbc, 0xdb, 50 | 0xeb, 0x5b, 0x4f, 0xa6, 0xfb, 0x87, 0x01, 0x41, 0x91, 0xec, 0x98, 0x98, 51 | 0xf1, 0x4b, 0x38, 0xa2, 0x40, 0xf1, 0x05, 0x90, 0xbb, 0x9b, 0x5d, 0x96, 52 | 0xb1, 0x22, 0x6b, 0x50 53 | }; 54 | unsigned int default_certificate_len = 604; 55 | -------------------------------------------------------------------------------- /ssl/config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Automatically generated header file: don't edit 3 | */ 4 | 5 | #define HAVE_DOT_CONFIG 1 6 | #undef CONFIG_PLATFORM_LINUX 7 | #define CONFIG_PLATFORM_CYGWIN 1 8 | #undef CONFIG_PLATFORM_WIN32 9 | 10 | /* 11 | * General Configuration 12 | */ 13 | #define PREFIX "/usr/local" 14 | #define CONFIG_DEBUG 1 15 | #undef CONFIG_STRIP_UNWANTED_SECTIONS 16 | #undef CONFIG_VISUAL_STUDIO_7_0 17 | #undef CONFIG_VISUAL_STUDIO_8_0 18 | #undef CONFIG_VISUAL_STUDIO_10_0 19 | #define CONFIG_VISUAL_STUDIO_7_0_BASE "" 20 | #define CONFIG_VISUAL_STUDIO_8_0_BASE "" 21 | #define CONFIG_VISUAL_STUDIO_10_0_BASE "" 22 | #define CONFIG_EXTRA_CFLAGS_OPTIONS "" 23 | #define CONFIG_EXTRA_LDFLAGS_OPTIONS "" 24 | 25 | /* 26 | * SSL Library 27 | */ 28 | #undef CONFIG_SSL_SERVER_ONLY 29 | #define CONFIG_SSL_CERT_VERIFICATION 30 | #undef CONFIG_SSL_ENABLE_CLIENT 31 | #define CONFIG_SSL_FULL_MODE 1 32 | #undef CONFIG_SSL_SKELETON_MODE 33 | #undef CONFIG_SSL_PROT_LOW 34 | #define CONFIG_SSL_PROT_MEDIUM 1 35 | #undef CONFIG_SSL_PROT_HIGH 36 | #undef CONFIG_SSL_USE_DEFAULT_KEY 37 | #define CONFIG_SSL_PRIVATE_KEY_LOCATION "" 38 | #define CONFIG_SSL_PRIVATE_KEY_PASSWORD "" 39 | #define CONFIG_SSL_X509_CERT_LOCATION "" 40 | #undef CONFIG_SSL_GENERATE_X509_CERT 41 | #define CONFIG_SSL_X509_COMMON_NAME "" 42 | #define CONFIG_SSL_X509_ORGANIZATION_NAME "" 43 | #define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME "" 44 | #undef CONFIG_SSL_ENABLE_V23_HANDSHAKE 45 | #define CONFIG_SSL_HAS_PEM 1 46 | #undef CONFIG_SSL_USE_PKCS12 47 | #define CONFIG_SSL_EXPIRY_TIME 24 48 | #define CONFIG_X509_MAX_CA_CERTS 10 49 | #define CONFIG_SSL_MAX_CERTS 1 50 | #undef CONFIG_SSL_CTX_MUTEXING 51 | #undef CONFIG_USE_DEV_URANDOM 52 | #undef CONFIG_WIN32_USE_CRYPTO_LIB 53 | #undef CONFIG_OPENSSL_COMPATIBLE 54 | #undef CONFIG_PERFORMANCE_TESTING 55 | #define CONFIG_SSL_TEST 1 56 | #undef CONFIG_AXTLSWRAP 57 | #define CONFIG_AXHTTPD 1 58 | 59 | /* 60 | * Axhttpd Configuration 61 | */ 62 | #undef CONFIG_HTTP_STATIC_BUILD 63 | #define CONFIG_HTTP_PORT 80 64 | #define CONFIG_HTTP_HTTPS_PORT 443 65 | #define CONFIG_HTTP_SESSION_CACHE_SIZE 5 66 | #define CONFIG_HTTP_WEBROOT "../www" 67 | #define CONFIG_HTTP_TIMEOUT 300 68 | 69 | /* 70 | * CGI 71 | */ 72 | #undef CONFIG_HTTP_HAS_CGI 73 | #define CONFIG_HTTP_CGI_EXTENSIONS ".lua,.lp,.php" 74 | #define CONFIG_HTTP_ENABLE_LUA 1 75 | #define CONFIG_HTTP_LUA_PREFIX "/usr" 76 | #undef CONFIG_HTTP_BUILD_LUA 77 | #define CONFIG_HTTP_CGI_LAUNCHER "/usr/bin/cgi" 78 | #define CONFIG_HTTP_DIRECTORIES 1 79 | #define CONFIG_HTTP_HAS_AUTHORIZATION 1 80 | #undef CONFIG_HTTP_HAS_IPV6 81 | #undef CONFIG_HTTP_ENABLE_DIFFERENT_USER 82 | #define CONFIG_HTTP_USER "" 83 | #define CONFIG_HTTP_VERBOSE 0 84 | #undef CONFIG_HTTP_IS_DAEMON 85 | 86 | /* 87 | * Language Bindings 88 | */ 89 | #undef CONFIG_BINDINGS 90 | #undef CONFIG_CSHARP_BINDINGS 91 | #undef CONFIG_VBNET_BINDINGS 92 | #define CONFIG_DOT_NET_FRAMEWORK_BASE "" 93 | #undef CONFIG_JAVA_BINDINGS 94 | #define CONFIG_JAVA_HOME "" 95 | #undef CONFIG_PERL_BINDINGS 96 | #define CONFIG_PERL_CORE "" 97 | #define CONFIG_PERL_LIB "" 98 | #undef CONFIG_LUA_BINDINGS 99 | #define CONFIG_LUA_CORE "" 100 | 101 | /* 102 | * Samples 103 | */ 104 | #define CONFIG_SAMPLES 1 105 | #define CONFIG_C_SAMPLES 1 106 | #undef CONFIG_CSHARP_SAMPLES 107 | #undef CONFIG_VBNET_SAMPLES 108 | #undef CONFIG_JAVA_SAMPLES 109 | #undef CONFIG_PERL_SAMPLES 110 | #undef CONFIG_LUA_SAMPLES 111 | 112 | /* 113 | * BigInt Options 114 | */ 115 | #undef CONFIG_BIGINT_CLASSICAL 116 | #undef CONFIG_BIGINT_MONTGOMERY 117 | #define CONFIG_BIGINT_BARRETT 1 118 | #define CONFIG_BIGINT_CRT 1 119 | #undef CONFIG_BIGINT_KARATSUBA 120 | #define MUL_KARATSUBA_THRESH 121 | #define SQU_KARATSUBA_THRESH 122 | #define CONFIG_BIGINT_SLIDING_WINDOW 1 123 | #define CONFIG_BIGINT_SQUARE 1 124 | #define CONFIG_BIGINT_CHECK_ON 1 125 | #define CONFIG_INTEGER_32BIT 1 126 | #undef CONFIG_INTEGER_16BIT 127 | #undef CONFIG_INTEGER_8BIT 128 | -------------------------------------------------------------------------------- /ssl/private_key.h: -------------------------------------------------------------------------------- 1 | unsigned char default_private_key[] = { 2 | 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbd, 3 | 0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa, 0xb9, 0x3a, 0x1f, 0x8b, 4 | 0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0, 0x11, 0x9a, 0x9c, 0xdc, 5 | 0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3, 0x05, 0x0e, 0x61, 0xc1, 6 | 0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a, 0xff, 0x9b, 0xb8, 0x7a, 7 | 0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99, 0xa5, 0xa2, 0x99, 0x53, 8 | 0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01, 0xe7, 0xdf, 0xe9, 0xec, 9 | 0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0, 0xc8, 0x6d, 0x41, 0x45, 10 | 0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28, 0xdf, 0x36, 0xe2, 0x73, 11 | 0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb, 0x0d, 0x9b, 0xef, 0xa8, 12 | 0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07, 0xa9, 0x86, 0x0d, 0x3f, 13 | 0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02, 0x03, 0x01, 0x00, 0x01, 14 | 0x02, 0x81, 0x80, 0x26, 0x3f, 0xec, 0x96, 0xab, 0xd4, 0x1f, 0x89, 0x0e, 15 | 0x9d, 0x38, 0xd8, 0x27, 0x05, 0xe5, 0xb6, 0x14, 0x08, 0xd7, 0xff, 0x69, 16 | 0x78, 0x16, 0x4a, 0xc4, 0x06, 0x16, 0x55, 0xb7, 0x3a, 0x55, 0x9f, 0xbe, 17 | 0x86, 0xf8, 0x58, 0xe8, 0xc5, 0x46, 0xa8, 0xf0, 0xed, 0xda, 0xd6, 0xbf, 18 | 0x88, 0x55, 0x2d, 0xe6, 0x72, 0x29, 0x2c, 0x64, 0xc9, 0x5d, 0x1d, 0x9b, 19 | 0x24, 0x3a, 0x98, 0x40, 0xa1, 0xd2, 0xaf, 0x5c, 0xab, 0x23, 0xe4, 0x33, 20 | 0xd0, 0xea, 0x60, 0x52, 0xe7, 0x7a, 0x9e, 0x73, 0x5f, 0x2e, 0x80, 0xd1, 21 | 0xdc, 0x6f, 0x47, 0x0f, 0x97, 0x80, 0x36, 0xd2, 0x30, 0x07, 0xdd, 0xd6, 22 | 0xd7, 0x15, 0x89, 0x2b, 0x74, 0xd5, 0x7e, 0x8a, 0xbc, 0x63, 0x42, 0x0a, 23 | 0xf2, 0x31, 0x29, 0xbf, 0xf9, 0xf9, 0xf0, 0x88, 0x8f, 0x8a, 0xc2, 0x22, 24 | 0x6e, 0x15, 0x26, 0xb7, 0x5e, 0x5b, 0x58, 0x44, 0x1c, 0x3b, 0x79, 0x02, 25 | 0x41, 0x00, 0xe1, 0xf1, 0xb2, 0xe5, 0xc8, 0x80, 0x93, 0x40, 0x50, 0x74, 26 | 0x14, 0xdd, 0xb2, 0xf2, 0x27, 0x5c, 0x0c, 0x3d, 0xc0, 0x5f, 0xee, 0x9c, 27 | 0x45, 0x6c, 0x13, 0x00, 0xdf, 0xd0, 0xd9, 0x83, 0xfa, 0x90, 0x2c, 0x84, 28 | 0xf2, 0xaa, 0xc2, 0xdd, 0xfb, 0xcf, 0x03, 0x41, 0x88, 0x10, 0xc6, 0xbb, 29 | 0x5e, 0xb7, 0xb6, 0x2e, 0xa6, 0x1d, 0xaa, 0xba, 0xfb, 0x4a, 0x72, 0xd8, 30 | 0x9a, 0xad, 0x88, 0x0d, 0x6a, 0x15, 0x02, 0x41, 0x00, 0xd6, 0x36, 0x23, 31 | 0xf3, 0x5d, 0x77, 0xc8, 0xd3, 0x49, 0xc1, 0x93, 0xfe, 0xca, 0x0d, 0xeb, 32 | 0x9b, 0xda, 0xbd, 0x47, 0x28, 0x73, 0x97, 0xa0, 0x50, 0xd7, 0x4c, 0x24, 33 | 0xdf, 0x9b, 0x0b, 0x37, 0xae, 0xc3, 0x31, 0xb5, 0x4f, 0x62, 0x08, 0xca, 34 | 0xe5, 0xef, 0x97, 0x7b, 0x43, 0xa0, 0xda, 0x2b, 0x1f, 0xbf, 0xa8, 0x08, 35 | 0x93, 0xd2, 0x16, 0x1c, 0x89, 0x99, 0xf1, 0xdf, 0x26, 0xd1, 0x42, 0x99, 36 | 0x93, 0x02, 0x41, 0x00, 0xb1, 0x41, 0xe4, 0x7e, 0xdf, 0x20, 0xf7, 0xe4, 37 | 0xf1, 0xf9, 0x4f, 0xd1, 0x6a, 0x2d, 0x0d, 0xf1, 0xe9, 0xec, 0x9c, 0x3a, 38 | 0xe6, 0xc0, 0x94, 0xba, 0x27, 0xe2, 0x7c, 0xb4, 0xa5, 0xa1, 0x23, 0xf6, 39 | 0xed, 0xe6, 0x53, 0x56, 0xe2, 0x50, 0x32, 0xd8, 0x02, 0x8e, 0xeb, 0xc7, 40 | 0x75, 0x91, 0xd3, 0xca, 0x3e, 0xd4, 0x34, 0x20, 0x7c, 0x2b, 0xfb, 0x2f, 41 | 0x3a, 0x10, 0x72, 0xb1, 0x07, 0x56, 0xb6, 0xcd, 0x02, 0x40, 0x1e, 0x3b, 42 | 0xf2, 0x03, 0x0d, 0x74, 0x34, 0xb2, 0x2d, 0xbc, 0xd6, 0xc8, 0xa5, 0x78, 43 | 0x25, 0x83, 0x0f, 0xf2, 0x9b, 0x32, 0x88, 0x6e, 0x24, 0x40, 0x84, 0xc2, 44 | 0xc8, 0x89, 0x8e, 0xf6, 0x9c, 0x5b, 0x5c, 0x4d, 0x8d, 0xcb, 0xb0, 0x88, 45 | 0x91, 0x2a, 0xb7, 0x10, 0x68, 0x63, 0x79, 0x36, 0x91, 0xd3, 0x9f, 0x57, 46 | 0x76, 0x2e, 0x76, 0xfe, 0x8b, 0xf4, 0x97, 0xf7, 0xdd, 0x89, 0x3b, 0x0b, 47 | 0xed, 0x65, 0x02, 0x41, 0x00, 0xb9, 0xaf, 0xbf, 0x09, 0xc9, 0x90, 0x26, 48 | 0xf3, 0x72, 0x8b, 0xbf, 0xb3, 0x7c, 0xe7, 0x6f, 0x6f, 0x5b, 0xa3, 0x95, 49 | 0xb8, 0x9e, 0x03, 0xb9, 0xcf, 0xa0, 0x53, 0xba, 0x32, 0xc1, 0xd3, 0xad, 50 | 0x85, 0xbb, 0x79, 0x48, 0x09, 0xd6, 0x3f, 0x9c, 0xd9, 0x37, 0x91, 0x11, 51 | 0x0d, 0x04, 0xd5, 0x3b, 0xca, 0x74, 0x5d, 0x1c, 0x91, 0x8d, 0x3d, 0xf1, 52 | 0xf8, 0xf9, 0xbe, 0x35, 0xd7, 0xb2, 0x53, 0x50, 0x1d 53 | }; 54 | unsigned int default_private_key_len = 609; 55 | -------------------------------------------------------------------------------- /crypto/bigint.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | #ifndef BIGINT_HEADER 32 | #define BIGINT_HEADER 33 | 34 | #include "crypto.h" 35 | 36 | BI_CTX *bi_initialize(void); 37 | void bi_terminate(BI_CTX *ctx); 38 | void bi_permanent(bigint *bi); 39 | void bi_depermanent(bigint *bi); 40 | void bi_clear_cache(BI_CTX *ctx); 41 | void bi_free(BI_CTX *ctx, bigint *bi); 42 | bigint *bi_copy(bigint *bi); 43 | bigint *bi_clone(BI_CTX *ctx, const bigint *bi); 44 | void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size); 45 | bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len); 46 | bigint *int_to_bi(BI_CTX *ctx, comp i); 47 | 48 | /* the functions that actually do something interesting */ 49 | bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib); 50 | bigint *bi_subtract(BI_CTX *ctx, bigint *bia, 51 | bigint *bib, int *is_negative); 52 | bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod); 53 | bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib); 54 | bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp); 55 | bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp); 56 | int bi_compare(bigint *bia, bigint *bib); 57 | void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset); 58 | void bi_free_mod(BI_CTX *ctx, int mod_offset); 59 | 60 | #ifdef CONFIG_SSL_FULL_MODE 61 | void bi_print(const char *label, bigint *bi); 62 | bigint *bi_str_import(BI_CTX *ctx, const char *data); 63 | #endif 64 | 65 | /** 66 | * @def bi_mod 67 | * Find the residue of B. bi_set_mod() must be called before hand. 68 | */ 69 | #define bi_mod(A, B) bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1) 70 | 71 | /** 72 | * bi_residue() is technically the same as bi_mod(), but it uses the 73 | * appropriate reduction technique (which is bi_mod() when doing classical 74 | * reduction). 75 | */ 76 | #if defined(CONFIG_BIGINT_MONTGOMERY) 77 | #define bi_residue(A, B) bi_mont(A, B) 78 | bigint *bi_mont(BI_CTX *ctx, bigint *bixy); 79 | #elif defined(CONFIG_BIGINT_BARRETT) 80 | #define bi_residue(A, B) bi_barrett(A, B) 81 | bigint *bi_barrett(BI_CTX *ctx, bigint *bi); 82 | #else /* if defined(CONFIG_BIGINT_CLASSICAL) */ 83 | #define bi_residue(A, B) bi_mod(A, B) 84 | #endif 85 | 86 | #ifdef CONFIG_BIGINT_SQUARE 87 | bigint *bi_square(BI_CTX *ctx, bigint *bi); 88 | #else 89 | #define bi_square(A, B) bi_multiply(A, bi_copy(B), B) 90 | #endif 91 | 92 | #ifdef CONFIG_BIGINT_CRT 93 | bigint *bi_crt(BI_CTX *ctx, bigint *bi, 94 | bigint *dP, bigint *dQ, 95 | bigint *p, bigint *q, 96 | bigint *qInv); 97 | #endif 98 | 99 | #endif 100 | -------------------------------------------------------------------------------- /replacements/time.c: -------------------------------------------------------------------------------- 1 | /* 2 | * time.c - ESP8266-specific functions for SNTP 3 | * Copyright (c) 2015 Peter Dobler. All rights reserved. 4 | * This file is part of the esp8266 core for Arduino environment. 5 | * This library is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU Lesser General Public 7 | * License as published by the Free Software Foundation; either 8 | * version 2.1 of the License, or (at your option) any later version. 9 | * This library is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 | * See the GNU Lesser General Public License for more details. 13 | * You should have received a copy of the GNU Lesser General Public 14 | * License along with this library; if not, write to the Free Software 15 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 16 | * 17 | */ 18 | 19 | #include 20 | #include 21 | 22 | extern uint32_t system_get_time(void); 23 | extern uint64_t system_mktime(uint32_t year, uint32_t mon, uint32_t day, uint32_t hour, uint32_t min, uint32_t sec); 24 | 25 | static int errno_var = 0; 26 | 27 | int* __errno(void) { 28 | // DEBUGV("__errno is called last error: %d (not current)\n", errno_var); 29 | return &errno_var; 30 | } 31 | 32 | unsigned long millis(void) 33 | { 34 | return system_get_time() / 1000UL; 35 | } 36 | 37 | unsigned long micros(void) 38 | { 39 | return system_get_time(); 40 | } 41 | 42 | #ifndef _TIMEVAL_DEFINED 43 | #define _TIMEVAL_DEFINED 44 | struct timeval { 45 | time_t tv_sec; 46 | suseconds_t tv_usec; 47 | }; 48 | #endif 49 | 50 | extern char* sntp_asctime(const struct tm *t); 51 | extern struct tm* sntp_localtime(const time_t *clock); 52 | 53 | // time gap in seconds from 01.01.1900 (NTP time) to 01.01.1970 (UNIX time) 54 | #define DIFF1900TO1970 2208988800UL 55 | 56 | static int s_daylightOffset_sec = 0; 57 | static long s_timezone_sec = 0; 58 | static time_t s_bootTime = 0; 59 | 60 | // calculate offset used in gettimeofday 61 | static void ensureBootTimeIsSet() 62 | { 63 | if (!s_bootTime) 64 | { 65 | time_t now = sntp_get_current_timestamp(); 66 | if (now) 67 | { 68 | s_bootTime = now - millis() / 1000; 69 | } 70 | } 71 | } 72 | 73 | static void setServer(int id, const char* name_or_ip) 74 | { 75 | if (name_or_ip) 76 | { 77 | //TODO: check whether server is given by name or IP 78 | sntp_setservername(id, (char*) name_or_ip); 79 | } 80 | } 81 | 82 | void configTime(int timezone, int daylightOffset_sec, const char* server1, const char* server2, const char* server3) 83 | { 84 | sntp_stop(); 85 | 86 | setServer(0, server1); 87 | setServer(1, server2); 88 | setServer(2, server3); 89 | 90 | s_timezone_sec = timezone; 91 | s_daylightOffset_sec = daylightOffset_sec; 92 | sntp_set_timezone(timezone/3600); 93 | sntp_init(); 94 | } 95 | 96 | int clock_gettime(clockid_t unused, struct timespec *tp) 97 | { 98 | tp->tv_sec = millis() / 1000; 99 | tp->tv_nsec = micros() * 1000; 100 | return 0; 101 | } 102 | 103 | // seconds since 1970 104 | time_t mktime(struct tm *t) 105 | { 106 | // system_mktime expects month in range 1..12 107 | #define START_MONTH 1 108 | return DIFF1900TO1970 + system_mktime(t->tm_year, t->tm_mon + START_MONTH, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); 109 | } 110 | 111 | time_t time(time_t * t) 112 | { 113 | time_t seconds = sntp_get_current_timestamp(); 114 | if (t) 115 | { 116 | *t = seconds; 117 | } 118 | return seconds; 119 | } 120 | 121 | char* asctime(const struct tm *t) 122 | { 123 | return sntp_asctime(t); 124 | } 125 | 126 | struct tm* localtime(const time_t *clock) 127 | { 128 | return sntp_localtime(clock); 129 | } 130 | 131 | char* ctime(const time_t *t) 132 | { 133 | struct tm* p_tm = localtime(t); 134 | char* result = asctime(p_tm); 135 | return result; 136 | } 137 | 138 | int gettimeofday(struct timeval *tp, void *tzp) 139 | { 140 | if (tp) 141 | { 142 | ensureBootTimeIsSet(); 143 | tp->tv_sec = (s_bootTime + millis()) / 1000; 144 | tp->tv_usec = micros() * 1000; 145 | } 146 | return 0; 147 | } 148 | -------------------------------------------------------------------------------- /bindings/java/SSL.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007-2016, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /* 32 | * A wrapper around the unmanaged interface to give a semi-decent Java API 33 | */ 34 | 35 | package axTLSj; 36 | 37 | import java.io.*; 38 | import java.util.*; 39 | 40 | /** 41 | * @defgroup java_api Java API. 42 | * 43 | * Ensure that the appropriate dispose() methods are called when finished with 44 | * various objects - otherwise memory leaks will result. 45 | */ 46 | 47 | /** 48 | * @class SSL 49 | * @ingroup java_api 50 | * @brief A representation of an SSL connection. 51 | * 52 | */ 53 | public class SSL 54 | { 55 | public int m_ssl; /**< A pointer to the real SSL type */ 56 | 57 | /** 58 | * @brief Store the reference to an SSL context. 59 | * @param ip [in] A reference to an SSL object. 60 | */ 61 | public SSL(int ip) 62 | { 63 | m_ssl = ip; 64 | } 65 | 66 | /** 67 | * @brief Free any used resources on this connection. 68 | * 69 | * A "Close Notify" message is sent on this connection (if possible). It 70 | * is up to the application to close the socket. 71 | */ 72 | public void dispose() 73 | { 74 | axtlsj.ssl_free(m_ssl); 75 | } 76 | 77 | /** 78 | * @brief Return the result of a handshake. 79 | * @return SSL_OK if the handshake is complete and ok. 80 | * @see ssl.h for the error code list. 81 | */ 82 | public int handshakeStatus() 83 | { 84 | return axtlsj.ssl_handshake_status(m_ssl); 85 | } 86 | 87 | /** 88 | * @brief Return the SSL cipher id. 89 | * @return The cipher id which is one of: 90 | * - SSL_AES128_SHA (0x2f) 91 | * - SSL_AES256_SHA (0x35) 92 | * - SSL_AES128_SHA256 (0x3c) 93 | * - SSL_AES256_SHA256 (0x3d) 94 | */ 95 | public byte getCipherId() 96 | { 97 | return axtlsj.ssl_get_cipher_id(m_ssl); 98 | } 99 | 100 | /** 101 | * @brief Get the session id for a handshake. 102 | * 103 | * This will be a 32 byte sequence and is available after the first 104 | * handshaking messages are sent. 105 | * @return The session id as a 32 byte sequence. 106 | * @note A SSLv23 handshake may have only 16 valid bytes. 107 | */ 108 | public byte[] getSessionId() 109 | { 110 | return axtlsj.ssl_get_session_id(m_ssl); 111 | } 112 | 113 | /** 114 | * @brief Retrieve an X.509 distinguished name component. 115 | * 116 | * When a handshake is complete and a certificate has been exchanged, 117 | * then the details of the remote certificate can be retrieved. 118 | * 119 | * This will usually be used by a client to check that the server's common 120 | * name matches the URL. 121 | * 122 | * A full handshake needs to occur for this call to work. 123 | * 124 | * @param component [in] one of: 125 | * - SSL_X509_CERT_COMMON_NAME 126 | * - SSL_X509_CERT_ORGANIZATION 127 | * - SSL_X509_CERT_ORGANIZATIONAL_NAME 128 | * - SSL_X509_CA_CERT_COMMON_NAME 129 | * - SSL_X509_CA_CERT_ORGANIZATION 130 | * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME 131 | * @return The appropriate string (or null if not defined) 132 | */ 133 | public String getCertificateDN(int component) 134 | { 135 | return axtlsj.ssl_get_cert_dn(m_ssl, component); 136 | } 137 | } 138 | -------------------------------------------------------------------------------- /config/makefile.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2007-2016, Cameron Rich 3 | # 4 | # All rights reserved. 5 | # 6 | # Redistribution and use in source and binary forms, with or without 7 | # modification, are permitted provided that the following conditions are met: 8 | # 9 | # * Redistributions of source code must retain the above copyright notice, 10 | # this list of conditions and the following disclaimer. 11 | # * Redistributions in binary form must reproduce the above copyright 12 | # notice, this list of conditions and the following disclaimer in the 13 | # documentation and/or other materials provided with the distribution. 14 | # * Neither the name of the axTLS project nor the names of its 15 | # contributors may be used to endorse or promote products derived 16 | # from this software without specific prior written permission. 17 | # 18 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 24 | # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 26 | # OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 | # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | # 30 | 31 | # 32 | # A standard makefile for all makefiles 33 | # 34 | 35 | # All executables and libraries go here 36 | STAGE=./_stage 37 | 38 | ifneq ($(MAKECMDGOALS), clean) 39 | 40 | # Give an initial rule 41 | all: 42 | 43 | # Win32 44 | ifdef CONFIG_PLATFORM_WIN32 45 | 46 | ifdef CONFIG_VISUAL_STUDIO_7_0 47 | CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_0_BASE)) 48 | export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include") 49 | export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib") 50 | PATH:=$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/vc7/bin:$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/common7/ide:$(PATH) 51 | endif 52 | ifdef CONFIG_VISUAL_STUDIO_8_0 53 | CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_8_0_BASE)) 54 | export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include") 55 | export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib") 56 | PATH:=$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/common7/ide:$(PATH) 57 | endif 58 | ifdef CONFIG_VISUAL_STUDIO_10_0 59 | CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_10_0_BASE)) 60 | export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\include") 61 | export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\lib;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\lib") 62 | PATH:=$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/common7/ide:$(PATH) 63 | stuff: 64 | @echo $(INCLUDE) 65 | endif 66 | 67 | CC=cl.exe 68 | LD=link.exe 69 | AXTLS_INCLUDE=$(shell cygpath -w $(AXTLS_HOME)) 70 | CFLAGS+=/nologo /W3 /D"WIN32" /D"_MBCS" /D"_CONSOLE" /D"_CRT_SECURE_NO_DEPRECATE" /FD /I"$(AXTLS_INCLUDE)crypto" /I"$(AXTLS_INCLUDE)ssl" /I"$(AXTLS_INCLUDE)config" /c 71 | LDFLAGS=/nologo /subsystem:console /machine:I386 72 | LDSHARED = /dll 73 | AR=lib /nologo 74 | 75 | ifdef CONFIG_DEBUG 76 | CFLAGS += /Gm /Zi /Od /D "_DEBUG" 77 | LDFLAGS += /debug /incremental:yes 78 | else 79 | CFLAGS += /O2 /D "NDEBUG" 80 | LDFLAGS += /incremental:no 81 | endif 82 | 83 | else # Not Win32 84 | 85 | -include .depend 86 | 87 | CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto 88 | LD=$(CC) 89 | STRIP=$(CROSS)strip 90 | 91 | # Solaris 92 | ifdef CONFIG_PLATFORM_SOLARIS 93 | CFLAGS += -DCONFIG_PLATFORM_SOLARIS 94 | LDFLAGS += -lsocket -lnsl -lc 95 | LDSHARED = -G 96 | # Linux/Cygwin 97 | else 98 | CFLAGS += -Wall -Wstrict-prototypes -Wshadow 99 | LDSHARED = -shared 100 | 101 | # Linux 102 | ifndef CONFIG_PLATFORM_CYGWIN 103 | ifndef CONFIG_PLATFORM_NOMMU 104 | CFLAGS += -fPIC 105 | 106 | # Cygwin 107 | else 108 | CFLAGS += -DCONFIG_PLATFORM_CYGWIN 109 | LDFLAGS += -enable-auto-import 110 | endif 111 | endif 112 | endif 113 | 114 | ifdef CONFIG_DEBUG 115 | CFLAGS += -g 116 | else 117 | LDFLAGS += -s 118 | ifdef CONFIG_PLATFORM_SOLARIS 119 | CFLAGS += -O 120 | else 121 | CFLAGS += -O3 122 | endif 123 | 124 | endif # CONFIG_DEBUG 125 | endif # WIN32 126 | 127 | CFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_CFLAGS_OPTIONS))) 128 | LDFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_LDFLAGS_OPTIONS))) 129 | 130 | endif # not 'clean' 131 | 132 | clean:: 133 | -@rm -f *.o *.obj core* *.out *~ \.depend vc*0* 134 | 135 | -------------------------------------------------------------------------------- /crypto/hmac.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007-2016, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /** 32 | * HMAC implementation - This code was originally taken from RFC2104 33 | * See http://www.ietf.org/rfc/rfc2104.txt and 34 | * http://www.faqs.org/rfcs/rfc2202.html 35 | */ 36 | 37 | #include 38 | #include "os_port.h" 39 | #include "crypto.h" 40 | 41 | /** 42 | * Perform HMAC-MD5 43 | * NOTE: does not handle keys larger than the block size. 44 | */ 45 | void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 46 | int key_len, uint8_t *digest) 47 | { 48 | hmac_md5_v(&msg, &length, 1, key, key_len, digest); 49 | } 50 | 51 | void hmac_md5_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 52 | int key_len, uint8_t *digest) 53 | { 54 | MD5_CTX context; 55 | uint8_t k_ipad[64]; 56 | uint8_t k_opad[64]; 57 | int i; 58 | 59 | memset(k_ipad, 0, sizeof k_ipad); 60 | memset(k_opad, 0, sizeof k_opad); 61 | memcpy(k_ipad, key, key_len); 62 | memcpy(k_opad, key, key_len); 63 | 64 | for (i = 0; i < 64; i++) 65 | { 66 | k_ipad[i] ^= 0x36; 67 | k_opad[i] ^= 0x5c; 68 | } 69 | 70 | MD5_Init(&context); 71 | MD5_Update(&context, k_ipad, 64); 72 | for (i = 0; i < count; ++i) 73 | { 74 | MD5_Update(&context, msg[i], length[i]); 75 | } 76 | MD5_Final(digest, &context); 77 | MD5_Init(&context); 78 | MD5_Update(&context, k_opad, 64); 79 | MD5_Update(&context, digest, MD5_SIZE); 80 | MD5_Final(digest, &context); 81 | } 82 | 83 | /** 84 | * Perform HMAC-SHA1 85 | * NOTE: does not handle keys larger than the block size. 86 | */ 87 | void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 88 | int key_len, uint8_t *digest) 89 | { 90 | hmac_sha1_v(&msg, &length, 1, key, key_len, digest); 91 | } 92 | 93 | void hmac_sha1_v(const uint8_t **msg, int *length, int count, const uint8_t *key, 94 | int key_len, uint8_t *digest) 95 | { 96 | SHA1_CTX context; 97 | uint8_t k_ipad[64]; 98 | uint8_t k_opad[64]; 99 | int i; 100 | 101 | memset(k_ipad, 0, sizeof k_ipad); 102 | memset(k_opad, 0, sizeof k_opad); 103 | memcpy(k_ipad, key, key_len); 104 | memcpy(k_opad, key, key_len); 105 | 106 | for (i = 0; i < 64; i++) 107 | { 108 | k_ipad[i] ^= 0x36; 109 | k_opad[i] ^= 0x5c; 110 | } 111 | 112 | SHA1_Init(&context); 113 | SHA1_Update(&context, k_ipad, 64); 114 | for (i = 0; i < count; ++i) 115 | { 116 | SHA1_Update(&context, msg[i], length[i]); 117 | } 118 | SHA1_Final(digest, &context); 119 | SHA1_Init(&context); 120 | SHA1_Update(&context, k_opad, 64); 121 | SHA1_Update(&context, digest, SHA1_SIZE); 122 | SHA1_Final(digest, &context); 123 | } 124 | 125 | /** 126 | * Perform HMAC-SHA256 127 | * NOTE: does not handle keys larger than the block size. 128 | */ 129 | void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 130 | int key_len, uint8_t *digest) 131 | { 132 | hmac_sha256_v(&msg, &length, 1, key, key_len, digest); 133 | } 134 | 135 | void hmac_sha256_v(const uint8_t **msg, int *length, int count, const uint8_t *key, 136 | int key_len, uint8_t *digest) 137 | { 138 | SHA256_CTX context; 139 | uint8_t k_ipad[64]; 140 | uint8_t k_opad[64]; 141 | int i; 142 | 143 | memset(k_ipad, 0, sizeof k_ipad); 144 | memset(k_opad, 0, sizeof k_opad); 145 | memcpy(k_ipad, key, key_len); 146 | memcpy(k_opad, key, key_len); 147 | 148 | for (i = 0; i < 64; i++) 149 | { 150 | k_ipad[i] ^= 0x36; 151 | k_opad[i] ^= 0x5c; 152 | } 153 | 154 | SHA256_Init(&context); 155 | SHA256_Update(&context, k_ipad, 64); 156 | for (i = 0; i < count; ++i) 157 | { 158 | SHA256_Update(&context, msg[i], length[i]); 159 | } 160 | SHA256_Final(digest, &context); 161 | SHA256_Init(&context); 162 | SHA256_Update(&context, k_opad, 64); 163 | SHA256_Update(&context, digest, SHA256_SIZE); 164 | SHA256_Final(digest, &context); 165 | } 166 | 167 | -------------------------------------------------------------------------------- /crypto/bigint_impl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | #ifndef BIGINT_IMPL_HEADER 32 | #define BIGINT_IMPL_HEADER 33 | 34 | /* Maintain a number of precomputed variables when doing reduction */ 35 | #define BIGINT_M_OFFSET 0 /**< Normal modulo offset. */ 36 | #ifdef CONFIG_BIGINT_CRT 37 | #define BIGINT_P_OFFSET 1 /**< p modulo offset. */ 38 | #define BIGINT_Q_OFFSET 2 /**< q module offset. */ 39 | #define BIGINT_NUM_MODS 3 /**< The number of modulus constants used. */ 40 | #else 41 | #define BIGINT_NUM_MODS 1 42 | #endif 43 | 44 | /* Architecture specific functions for big ints */ 45 | #if defined(CONFIG_INTEGER_8BIT) 46 | #define COMP_RADIX 256U /**< Max component + 1 */ 47 | #define COMP_MAX 0xFFFFU/**< (Max dbl comp -1) */ 48 | #define COMP_BIT_SIZE 8 /**< Number of bits in a component. */ 49 | #define COMP_BYTE_SIZE 1 /**< Number of bytes in a component. */ 50 | #define COMP_NUM_NIBBLES 2 /**< Used For diagnostics only. */ 51 | typedef uint8_t comp; /**< A single precision component. */ 52 | typedef uint16_t long_comp; /**< A double precision component. */ 53 | typedef int16_t slong_comp; /**< A signed double precision component. */ 54 | #elif defined(CONFIG_INTEGER_16BIT) 55 | #define COMP_RADIX 65536U /**< Max component + 1 */ 56 | #define COMP_MAX 0xFFFFFFFFU/**< (Max dbl comp -1) */ 57 | #define COMP_BIT_SIZE 16 /**< Number of bits in a component. */ 58 | #define COMP_BYTE_SIZE 2 /**< Number of bytes in a component. */ 59 | #define COMP_NUM_NIBBLES 4 /**< Used For diagnostics only. */ 60 | typedef uint16_t comp; /**< A single precision component. */ 61 | typedef uint32_t long_comp; /**< A double precision component. */ 62 | typedef int32_t slong_comp; /**< A signed double precision component. */ 63 | #else /* regular 32 bit */ 64 | #ifdef WIN32 65 | #define COMP_RADIX 4294967296i64 66 | #define COMP_MAX 0xFFFFFFFFFFFFFFFFui64 67 | #else 68 | #define COMP_RADIX 4294967296ULL /**< Max component + 1 */ 69 | #define COMP_MAX 0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */ 70 | #endif 71 | #define COMP_BIT_SIZE 32 /**< Number of bits in a component. */ 72 | #define COMP_BYTE_SIZE 4 /**< Number of bytes in a component. */ 73 | #define COMP_NUM_NIBBLES 8 /**< Used For diagnostics only. */ 74 | typedef uint32_t comp; /**< A single precision component. */ 75 | typedef uint64_t long_comp; /**< A double precision component. */ 76 | typedef int64_t slong_comp; /**< A signed double precision component. */ 77 | #endif 78 | 79 | /** 80 | * @struct _bigint 81 | * @brief A big integer basic object 82 | */ 83 | struct _bigint 84 | { 85 | struct _bigint* next; /**< The next bigint in the cache. */ 86 | short size; /**< The number of components in this bigint. */ 87 | short max_comps; /**< The heapsize allocated for this bigint */ 88 | int refs; /**< An internal reference count. */ 89 | comp* comps; /**< A ptr to the actual component data */ 90 | }; 91 | 92 | typedef struct _bigint bigint; /**< An alias for _bigint */ 93 | 94 | /** 95 | * Maintains the state of the cache, and a number of variables used in 96 | * reduction. 97 | */ 98 | typedef struct /**< A big integer "session" context. */ 99 | { 100 | bigint *active_list; /**< Bigints currently used. */ 101 | bigint *free_list; /**< Bigints not used. */ 102 | bigint *bi_radix; /**< The radix used. */ 103 | bigint *bi_mod[BIGINT_NUM_MODS]; /**< modulus */ 104 | 105 | #if defined(CONFIG_BIGINT_MONTGOMERY) 106 | bigint *bi_RR_mod_m[BIGINT_NUM_MODS]; /**< R^2 mod m */ 107 | bigint *bi_R_mod_m[BIGINT_NUM_MODS]; /**< R mod m */ 108 | comp N0_dash[BIGINT_NUM_MODS]; 109 | #elif defined(CONFIG_BIGINT_BARRETT) 110 | bigint *bi_mu[BIGINT_NUM_MODS]; /**< Storage for mu */ 111 | #endif 112 | bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */ 113 | bigint **g; /**< Used by sliding-window. */ 114 | int window; /**< The size of the sliding window */ 115 | int active_count; /**< Number of active bigints. */ 116 | int free_count; /**< Number of free bigints. */ 117 | 118 | #ifdef CONFIG_BIGINT_MONTGOMERY 119 | uint8_t use_classical; /**< Use classical reduction. */ 120 | #endif 121 | uint8_t mod_offset; /**< The mod offset we are using */ 122 | } BI_CTX; 123 | 124 | #define axtls_max(a,b) ((a)>(b)?(a):(b)) /**< Find the maximum of 2 numbers. */ 125 | #define axtls_min(a,b) ((a)<(b)?(a):(b)) /**< Find the minimum of 2 numbers. */ 126 | 127 | #define PERMANENT 0x7FFF55AA /**< A magic number for permanents. */ 128 | 129 | #endif 130 | -------------------------------------------------------------------------------- /crypto/sha1.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /** 32 | * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995. 33 | * This code was originally taken from RFC3174 34 | */ 35 | 36 | #include 37 | #include "os_port.h" 38 | #include "crypto.h" 39 | 40 | /* 41 | * Define the SHA1 circular left shift macro 42 | */ 43 | #define SHA1CircularShift(bits,word) \ 44 | (((word) << (bits)) | ((word) >> (32-(bits)))) 45 | 46 | /* ----- static functions ----- */ 47 | static void SHA1PadMessage(SHA1_CTX *ctx); 48 | static void SHA1ProcessMessageBlock(SHA1_CTX *ctx); 49 | 50 | /** 51 | * Initialize the SHA1 context 52 | */ 53 | void SHA1_Init(SHA1_CTX *ctx) 54 | { 55 | ctx->Length_Low = 0; 56 | ctx->Length_High = 0; 57 | ctx->Message_Block_Index = 0; 58 | ctx->Intermediate_Hash[0] = 0x67452301; 59 | ctx->Intermediate_Hash[1] = 0xEFCDAB89; 60 | ctx->Intermediate_Hash[2] = 0x98BADCFE; 61 | ctx->Intermediate_Hash[3] = 0x10325476; 62 | ctx->Intermediate_Hash[4] = 0xC3D2E1F0; 63 | } 64 | 65 | /** 66 | * Accepts an array of octets as the next portion of the message. 67 | */ 68 | void SHA1_Update(SHA1_CTX *ctx, const uint8_t *msg, int len) 69 | { 70 | while (len--) 71 | { 72 | ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF); 73 | ctx->Length_Low += 8; 74 | 75 | if (ctx->Length_Low == 0) 76 | ctx->Length_High++; 77 | 78 | if (ctx->Message_Block_Index == 64) 79 | SHA1ProcessMessageBlock(ctx); 80 | 81 | msg++; 82 | } 83 | } 84 | 85 | /** 86 | * Return the 160-bit message digest into the user's array 87 | */ 88 | void SHA1_Final(uint8_t *digest, SHA1_CTX *ctx) 89 | { 90 | int i; 91 | 92 | SHA1PadMessage(ctx); 93 | memset(ctx->Message_Block, 0, 64); 94 | ctx->Length_Low = 0; /* and clear length */ 95 | ctx->Length_High = 0; 96 | 97 | for (i = 0; i < SHA1_SIZE; i++) 98 | { 99 | digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) ); 100 | } 101 | } 102 | 103 | /** 104 | * Process the next 512 bits of the message stored in the array. 105 | */ 106 | static void SHA1ProcessMessageBlock(SHA1_CTX *ctx) 107 | { 108 | const uint32_t K[] = { /* Constants defined in SHA-1 */ 109 | 0x5A827999, 110 | 0x6ED9EBA1, 111 | 0x8F1BBCDC, 112 | 0xCA62C1D6 113 | }; 114 | int t; /* Loop counter */ 115 | uint32_t temp; /* Temporary word value */ 116 | uint32_t W[80]; /* Word sequence */ 117 | uint32_t A, B, C, D, E; /* Word buffers */ 118 | 119 | /* 120 | * Initialize the first 16 words in the array W 121 | */ 122 | for (t = 0; t < 16; t++) 123 | { 124 | W[t] = ctx->Message_Block[t * 4] << 24; 125 | W[t] |= ctx->Message_Block[t * 4 + 1] << 16; 126 | W[t] |= ctx->Message_Block[t * 4 + 2] << 8; 127 | W[t] |= ctx->Message_Block[t * 4 + 3]; 128 | } 129 | 130 | for (t = 16; t < 80; t++) 131 | { 132 | W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]); 133 | } 134 | 135 | A = ctx->Intermediate_Hash[0]; 136 | B = ctx->Intermediate_Hash[1]; 137 | C = ctx->Intermediate_Hash[2]; 138 | D = ctx->Intermediate_Hash[3]; 139 | E = ctx->Intermediate_Hash[4]; 140 | 141 | for (t = 0; t < 20; t++) 142 | { 143 | temp = SHA1CircularShift(5,A) + 144 | ((B & C) | ((~B) & D)) + E + W[t] + K[0]; 145 | E = D; 146 | D = C; 147 | C = SHA1CircularShift(30,B); 148 | 149 | B = A; 150 | A = temp; 151 | } 152 | 153 | for (t = 20; t < 40; t++) 154 | { 155 | temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1]; 156 | E = D; 157 | D = C; 158 | C = SHA1CircularShift(30,B); 159 | B = A; 160 | A = temp; 161 | } 162 | 163 | for (t = 40; t < 60; t++) 164 | { 165 | temp = SHA1CircularShift(5,A) + 166 | ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2]; 167 | E = D; 168 | D = C; 169 | C = SHA1CircularShift(30,B); 170 | B = A; 171 | A = temp; 172 | } 173 | 174 | for (t = 60; t < 80; t++) 175 | { 176 | temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3]; 177 | E = D; 178 | D = C; 179 | C = SHA1CircularShift(30,B); 180 | B = A; 181 | A = temp; 182 | } 183 | 184 | ctx->Intermediate_Hash[0] += A; 185 | ctx->Intermediate_Hash[1] += B; 186 | ctx->Intermediate_Hash[2] += C; 187 | ctx->Intermediate_Hash[3] += D; 188 | ctx->Intermediate_Hash[4] += E; 189 | ctx->Message_Block_Index = 0; 190 | } 191 | 192 | /* 193 | * According to the standard, the message must be padded to an even 194 | * 512 bits. The first padding bit must be a '1'. The last 64 195 | * bits represent the length of the original message. All bits in 196 | * between should be 0. This function will pad the message 197 | * according to those rules by filling the Message_Block array 198 | * accordingly. It will also call the ProcessMessageBlock function 199 | * provided appropriately. When it returns, it can be assumed that 200 | * the message digest has been computed. 201 | * 202 | * @param ctx [in, out] The SHA1 context 203 | */ 204 | static void SHA1PadMessage(SHA1_CTX *ctx) 205 | { 206 | /* 207 | * Check to see if the current message block is too small to hold 208 | * the initial padding bits and length. If so, we will pad the 209 | * block, process it, and then continue padding into a second 210 | * block. 211 | */ 212 | if (ctx->Message_Block_Index > 55) 213 | { 214 | ctx->Message_Block[ctx->Message_Block_Index++] = 0x80; 215 | while(ctx->Message_Block_Index < 64) 216 | { 217 | ctx->Message_Block[ctx->Message_Block_Index++] = 0; 218 | } 219 | 220 | SHA1ProcessMessageBlock(ctx); 221 | 222 | while (ctx->Message_Block_Index < 56) 223 | { 224 | ctx->Message_Block[ctx->Message_Block_Index++] = 0; 225 | } 226 | } 227 | else 228 | { 229 | ctx->Message_Block[ctx->Message_Block_Index++] = 0x80; 230 | while(ctx->Message_Block_Index < 56) 231 | { 232 | 233 | ctx->Message_Block[ctx->Message_Block_Index++] = 0; 234 | } 235 | } 236 | 237 | /* 238 | * Store the message length as the last 8 octets 239 | */ 240 | ctx->Message_Block[56] = ctx->Length_High >> 24; 241 | ctx->Message_Block[57] = ctx->Length_High >> 16; 242 | ctx->Message_Block[58] = ctx->Length_High >> 8; 243 | ctx->Message_Block[59] = ctx->Length_High; 244 | ctx->Message_Block[60] = ctx->Length_Low >> 24; 245 | ctx->Message_Block[61] = ctx->Length_Low >> 16; 246 | ctx->Message_Block[62] = ctx->Length_Low >> 8; 247 | ctx->Message_Block[63] = ctx->Length_Low; 248 | SHA1ProcessMessageBlock(ctx); 249 | } 250 | -------------------------------------------------------------------------------- /ssl/crypto_misc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007-2016, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /** 32 | * @file crypto_misc.h 33 | */ 34 | 35 | #ifndef HEADER_CRYPTO_MISC_H 36 | #define HEADER_CRYPTO_MISC_H 37 | 38 | #ifdef __cplusplus 39 | extern "C" { 40 | #endif 41 | 42 | #include "crypto.h" 43 | #include "bigint.h" 44 | 45 | /************************************************************************** 46 | * X509 declarations 47 | **************************************************************************/ 48 | #define X509_OK 0 49 | #define X509_NOT_OK -1 50 | #define X509_VFY_ERROR_NO_TRUSTED_CERT -2 51 | #define X509_VFY_ERROR_BAD_SIGNATURE -3 52 | #define X509_VFY_ERROR_NOT_YET_VALID -4 53 | #define X509_VFY_ERROR_EXPIRED -5 54 | #define X509_VFY_ERROR_SELF_SIGNED -6 55 | #define X509_VFY_ERROR_INVALID_CHAIN -7 56 | #define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8 57 | #define X509_INVALID_PRIV_KEY -9 58 | #define X509_MAX_CERTS -10 59 | #define X509_VFY_ERROR_BASIC_CONSTRAINT -11 60 | 61 | /* 62 | * The Distinguished Name 63 | */ 64 | #define X509_NUM_DN_TYPES 6 65 | #define X509_COMMON_NAME 0 66 | #define X509_ORGANIZATION 1 67 | #define X509_ORGANIZATIONAL_UNIT 2 68 | #define X509_LOCATION 3 69 | #define X509_COUNTRY 4 70 | #define X509_STATE 5 71 | 72 | /* 73 | * Key Usage bits 74 | */ 75 | #define IS_SET_KEY_USAGE_FLAG(A, B) (A->key_usage & B) 76 | 77 | #define KEY_USAGE_DIGITAL_SIGNATURE 0x0080 78 | #define KEY_USAGE_NON_REPUDIATION 0x0040 79 | #define KEY_USAGE_KEY_ENCIPHERMENT 0x0020 80 | #define KEY_USAGE_DATA_ENCIPHERMENT 0x0010 81 | #define KEY_USAGE_KEY_AGREEMENT 0x0008 82 | #define KEY_USAGE_KEY_CERT_SIGN 0x0004 83 | #define KEY_USAGE_CRL_SIGN 0x0002 84 | #define KEY_USAGE_ENCIPHER_ONLY 0x0001 85 | #define KEY_USAGE_DECIPHER_ONLY 0x8000 86 | 87 | struct _x509_ctx 88 | { 89 | char *ca_cert_dn[X509_NUM_DN_TYPES]; 90 | char *cert_dn[X509_NUM_DN_TYPES]; 91 | char **subject_alt_dnsnames; 92 | time_t not_before; 93 | time_t not_after; 94 | uint8_t *signature; 95 | RSA_CTX *rsa_ctx; 96 | bigint *digest; 97 | uint8_t *fingerprint; 98 | uint8_t *spki_sha256; 99 | uint16_t sig_len; 100 | uint8_t sig_type; 101 | bool basic_constraint_present; 102 | bool basic_constraint_is_critical; 103 | bool key_usage_present; 104 | bool key_usage_is_critical; 105 | bool subject_alt_name_present; 106 | bool subject_alt_name_is_critical; 107 | bool basic_constraint_cA; 108 | int basic_constraint_pathLenConstraint; 109 | uint32_t key_usage; 110 | struct _x509_ctx *next; 111 | }; 112 | 113 | typedef struct _x509_ctx X509_CTX; 114 | 115 | #ifdef CONFIG_SSL_CERT_VERIFICATION 116 | typedef struct 117 | { 118 | X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS]; 119 | } CA_CERT_CTX; 120 | #endif 121 | 122 | int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx); 123 | void x509_free(X509_CTX *x509_ctx); 124 | #ifdef CONFIG_SSL_CERT_VERIFICATION 125 | int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, 126 | int *pathLenConstraint); 127 | #endif 128 | #ifdef CONFIG_SSL_FULL_MODE 129 | void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx); 130 | const char * x509_display_error(int error, char *buff); 131 | #endif 132 | 133 | /************************************************************************** 134 | * ASN1 declarations 135 | **************************************************************************/ 136 | #define ASN1_BOOLEAN 0x01 137 | #define ASN1_INTEGER 0x02 138 | #define ASN1_BIT_STRING 0x03 139 | #define ASN1_OCTET_STRING 0x04 140 | #define ASN1_NULL 0x05 141 | #define ASN1_PRINTABLE_STR2 0x0C 142 | #define ASN1_OID 0x06 143 | #define ASN1_PRINTABLE_STR2 0x0C 144 | #define ASN1_PRINTABLE_STR 0x13 145 | #define ASN1_TELETEX_STR 0x14 146 | #define ASN1_IA5_STR 0x16 147 | #define ASN1_UTC_TIME 0x17 148 | #define ASN1_GENERALIZED_TIME 0x18 149 | #define ASN1_UNICODE_STR 0x1e 150 | #define ASN1_SEQUENCE 0x30 151 | #define ASN1_CONTEXT_DNSNAME 0x82 152 | #define ASN1_SET 0x31 153 | #define ASN1_V3_DATA 0xa3 154 | #define ASN1_IMPLICIT_TAG 0x80 155 | #define ASN1_CONTEXT_DNSNAME 0x82 156 | #define ASN1_EXPLICIT_TAG 0xa0 157 | #define ASN1_V3_DATA 0xa3 158 | 159 | #define SIG_TYPE_MD5 0x04 160 | #define SIG_TYPE_SHA1 0x05 161 | #define SIG_TYPE_SHA256 0x0b 162 | #define SIG_TYPE_SHA384 0x0c 163 | #define SIG_TYPE_SHA512 0x0d 164 | 165 | uint32_t get_asn1_length(const uint8_t *buf, int *offset); 166 | int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx); 167 | int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type); 168 | int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type); 169 | int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object); 170 | int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val); 171 | int asn1_get_bool(const uint8_t *buf, int *offset, bool *val); 172 | int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val); 173 | int asn1_version(const uint8_t *cert, int *offset, int *val); 174 | int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); 175 | int asn1_name(const uint8_t *cert, int *offset, char *dn[]); 176 | int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); 177 | #ifdef CONFIG_SSL_CERT_VERIFICATION 178 | int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); 179 | int asn1_compare_dn(char * const dn1[], char * const dn2[]); 180 | int asn1_is_subject_alt_name(const uint8_t *cert, int offset); 181 | int asn1_is_basic_constraints(const uint8_t *cert, int offset); 182 | int asn1_is_key_usage(const uint8_t *cert, int offset); 183 | bool asn1_is_critical_ext(const uint8_t *buf, int *offset); 184 | #endif /* CONFIG_SSL_CERT_VERIFICATION */ 185 | int asn1_signature_type(const uint8_t *cert, 186 | int *offset, X509_CTX *x509_ctx); 187 | 188 | /************************************************************************** 189 | * MISC declarations 190 | **************************************************************************/ 191 | #define SALT_SIZE 8 192 | 193 | #define unsupported_str "Error: Feature not supported\n" 194 | 195 | typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int); 196 | typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 197 | int key_len, uint8_t *digest); 198 | typedef void (*hmac_func_v)(const uint8_t **msg, int *length, int count, const uint8_t *key, 199 | int key_len, uint8_t *digest); 200 | 201 | 202 | int get_file(const char *filename, uint8_t **buf); 203 | 204 | #if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG) 205 | EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...); 206 | #else 207 | #define print_blob(...) 208 | #endif 209 | 210 | EXP_FUNC int STDCALL base64_decode(const char *in, int len, 211 | uint8_t *out, int *outlen); 212 | 213 | #ifdef __cplusplus 214 | } 215 | #endif 216 | 217 | #endif 218 | -------------------------------------------------------------------------------- /ssl/openssl.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007-2016, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /* 32 | * Enable a subset of openssl compatible functions. We don't aim to be 100% 33 | * compatible - just to be able to do basic ports etc. 34 | * 35 | * Only really tested on mini_httpd, so I'm not too sure how extensive this 36 | * port is. 37 | */ 38 | 39 | #include "config.h" 40 | 41 | #ifdef CONFIG_OPENSSL_COMPATIBLE 42 | #include 43 | #include 44 | #include 45 | #include "os_port.h" 46 | #include "ssl.h" 47 | 48 | #define OPENSSL_CTX_ATTR ((OPENSSL_CTX *)ssl_ctx->bonus_attr) 49 | 50 | static char *key_password = NULL; 51 | 52 | void *SSLv3_server_method(void) { return NULL; } 53 | void *TLSv1_server_method(void) { return NULL; } 54 | void *SSLv3_client_method(void) { return NULL; } 55 | void *TLSv1_client_method(void) { return NULL; } 56 | 57 | typedef void * (*ssl_func_type_t)(void); 58 | typedef void * (*bio_func_type_t)(void); 59 | 60 | typedef struct 61 | { 62 | ssl_func_type_t ssl_func_type; 63 | } OPENSSL_CTX; 64 | 65 | SSL_CTX * SSL_CTX_new(ssl_func_type_t meth) 66 | { 67 | SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5); 68 | ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX)); 69 | OPENSSL_CTX_ATTR->ssl_func_type = meth; 70 | return ssl_ctx; 71 | } 72 | 73 | void SSL_CTX_free(SSL_CTX * ssl_ctx) 74 | { 75 | free(ssl_ctx->bonus_attr); 76 | ssl_ctx_free(ssl_ctx); 77 | } 78 | 79 | SSL * SSL_new(SSL_CTX *ssl_ctx) 80 | { 81 | SSL *ssl; 82 | #ifdef CONFIG_SSL_ENABLE_CLIENT 83 | ssl_func_type_t ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type; 84 | #endif 85 | 86 | ssl = ssl_new(ssl_ctx, -1); /* fd is set later */ 87 | #ifdef CONFIG_SSL_ENABLE_CLIENT 88 | if (ssl_func_type == SSLv3_client_method || 89 | ssl_func_type == TLSv1_client_method) 90 | { 91 | SET_SSL_FLAG(SSL_IS_CLIENT); 92 | } 93 | else 94 | #endif 95 | { 96 | ssl->next_state = HS_CLIENT_HELLO; 97 | } 98 | 99 | return ssl; 100 | } 101 | 102 | int SSL_set_fd(SSL *s, int fd) 103 | { 104 | s->client_fd = fd; 105 | return 1; /* always succeeds */ 106 | } 107 | 108 | int SSL_accept(SSL *ssl) 109 | { 110 | while (ssl_read(ssl, NULL) == SSL_OK) 111 | { 112 | if (ssl->next_state == HS_CLIENT_HELLO) 113 | return 1; /* we're done */ 114 | } 115 | 116 | return -1; 117 | } 118 | 119 | #ifdef CONFIG_SSL_ENABLE_CLIENT 120 | int SSL_connect(SSL *ssl) 121 | { 122 | return do_client_connect(ssl) == SSL_OK ? 1 : -1; 123 | } 124 | #endif 125 | 126 | void SSL_free(SSL *ssl) 127 | { 128 | ssl_free(ssl); 129 | } 130 | 131 | int SSL_read(SSL *ssl, void *buf, int num) 132 | { 133 | uint8_t *read_buf; 134 | int ret; 135 | 136 | while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK); 137 | 138 | if (ret > SSL_OK) 139 | { 140 | memcpy(buf, read_buf, ret > num ? num : ret); 141 | } 142 | 143 | return ret; 144 | } 145 | 146 | int SSL_write(SSL *ssl, const void *buf, int num) 147 | { 148 | return ssl_write(ssl, buf, num); 149 | } 150 | 151 | int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type) 152 | { 153 | return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK); 154 | } 155 | 156 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type) 157 | { 158 | return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, key_password) == SSL_OK); 159 | } 160 | 161 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d) 162 | { 163 | return (ssl_obj_memory_load(ssl_ctx, 164 | SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK); 165 | } 166 | 167 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, 168 | unsigned int sid_ctx_len) 169 | { 170 | return 1; 171 | } 172 | 173 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 174 | { 175 | return 1; 176 | } 177 | 178 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ssl_ctx, const char *file) 179 | { 180 | return (ssl_obj_load(ssl_ctx, 181 | SSL_OBJ_X509_CERT, file, NULL) == SSL_OK); 182 | } 183 | 184 | int SSL_shutdown(SSL *ssl) 185 | { 186 | return 1; 187 | } 188 | 189 | /*** get/set session ***/ 190 | SSL_SESSION *SSL_get1_session(SSL *ssl) 191 | { 192 | return (SSL_SESSION *)ssl_get_session_id(ssl); /* note: wrong cast */ 193 | } 194 | 195 | int SSL_set_session(SSL *ssl, SSL_SESSION *session) 196 | { 197 | memcpy(ssl->session_id, (uint8_t *)session, SSL_SESSION_ID_SIZE); 198 | return 1; 199 | } 200 | 201 | void SSL_SESSION_free(SSL_SESSION *session) { } 202 | /*** end get/set session ***/ 203 | 204 | long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 205 | { 206 | return 0; 207 | } 208 | 209 | void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 210 | int (*verify_callback)(int, void *)) { } 211 | 212 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) { } 213 | 214 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 215 | const char *CApath) 216 | { 217 | return 1; 218 | } 219 | 220 | void *SSL_load_client_CA_file(const char *file) 221 | { 222 | return (void *)file; 223 | } 224 | 225 | void SSL_CTX_set_client_CA_list(SSL_CTX *ssl_ctx, void *file) 226 | { 227 | 228 | ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, (const char *)file, NULL); 229 | } 230 | 231 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, void *cb) { } 232 | 233 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 234 | { 235 | key_password = (char *)u; 236 | } 237 | 238 | int SSL_peek(SSL *ssl, void *buf, int num) 239 | { 240 | memcpy(buf, ssl->bm_data, num); 241 | return num; 242 | } 243 | 244 | void SSL_set_bio(SSL *ssl, void *rbio, void *wbio) { } 245 | 246 | long SSL_get_verify_result(const SSL *ssl) 247 | { 248 | return ssl_handshake_status(ssl); 249 | } 250 | 251 | int SSL_state(SSL *ssl) 252 | { 253 | return 0x03; // ok state 254 | } 255 | 256 | /** end of could do better list */ 257 | 258 | void *SSL_get_peer_certificate(const SSL *ssl) 259 | { 260 | return &ssl->ssl_ctx->certs[0]; 261 | } 262 | 263 | int SSL_clear(SSL *ssl) 264 | { 265 | return 1; 266 | } 267 | 268 | 269 | int SSL_CTX_check_private_key(const SSL_CTX *ctx) 270 | { 271 | return 1; 272 | } 273 | 274 | int SSL_CTX_set_cipher_list(SSL *s, const char *str) 275 | { 276 | return 1; 277 | } 278 | 279 | int SSL_get_error(const SSL *ssl, int ret) 280 | { 281 | ssl_display_error(ret); 282 | return 0; /* TODO: return proper return code */ 283 | } 284 | 285 | void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {} 286 | int SSL_library_init(void ) { return 1; } 287 | void SSL_load_error_strings(void ) {} 288 | void ERR_print_errors_fp(FILE *fp) {} 289 | 290 | #ifndef CONFIG_SSL_SKELETON_MODE 291 | long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 292 | return CONFIG_SSL_EXPIRY_TIME*3600; } 293 | long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) { 294 | return SSL_CTX_get_timeout(ssl_ctx); } 295 | #endif 296 | void BIO_printf(FILE *f, const char *format, ...) 297 | { 298 | va_list(ap); 299 | va_start(ap, format); 300 | vfprintf(f, format, ap); 301 | va_end(ap); 302 | } 303 | 304 | void* BIO_s_null(void) { return NULL; } 305 | FILE *BIO_new(bio_func_type_t func) 306 | { 307 | if (func == BIO_s_null) 308 | return fopen("/dev/null", "r"); 309 | else 310 | return NULL; 311 | } 312 | 313 | FILE *BIO_new_fp(FILE *stream, int close_flag) { return stream; } 314 | int BIO_free(FILE *a) { if (a != stdout && a != stderr) fclose(a); return 1; } 315 | 316 | 317 | 318 | #endif 319 | -------------------------------------------------------------------------------- /crypto/sha512.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2015, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | #include 32 | #include "os_port.h" 33 | #include "crypto.h" 34 | 35 | #define SHR64(a, n) ((a) >> (n)) 36 | #define ROR64(a, n) (((a) >> (n)) | ((a) << (64 - (n)))) 37 | #define CH(x, y, z) (((x) & (y)) | (~(x) & (z))) 38 | #define MAJ(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) 39 | #define SIGMA1(x) (ROR64(x, 28) ^ ROR64(x, 34) ^ ROR64(x, 39)) 40 | #define SIGMA2(x) (ROR64(x, 14) ^ ROR64(x, 18) ^ ROR64(x, 41)) 41 | #define SIGMA3(x) (ROR64(x, 1) ^ ROR64(x, 8) ^ SHR64(x, 7)) 42 | #define SIGMA4(x) (ROR64(x, 19) ^ ROR64(x, 61) ^ SHR64(x, 6)) 43 | #define MIN(x, y) ((x) < (y) ? x : y) 44 | 45 | static const uint8_t padding[128] PROGMEM = 46 | { 47 | 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 48 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 49 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 50 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 51 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 52 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 53 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 54 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 55 | }; 56 | 57 | static const uint64_t k[80] PROGMEM = 58 | { 59 | 0x428A2F98D728AE22LL, 0x7137449123EF65CDLL, 0xB5C0FBCFEC4D3B2FLL, 0xE9B5DBA58189DBBCLL, 60 | 0x3956C25BF348B538LL, 0x59F111F1B605D019LL, 0x923F82A4AF194F9BLL, 0xAB1C5ED5DA6D8118LL, 61 | 0xD807AA98A3030242LL, 0x12835B0145706FBELL, 0x243185BE4EE4B28CLL, 0x550C7DC3D5FFB4E2LL, 62 | 0x72BE5D74F27B896FLL, 0x80DEB1FE3B1696B1LL, 0x9BDC06A725C71235LL, 0xC19BF174CF692694LL, 63 | 0xE49B69C19EF14AD2LL, 0xEFBE4786384F25E3LL, 0x0FC19DC68B8CD5B5LL, 0x240CA1CC77AC9C65LL, 64 | 0x2DE92C6F592B0275LL, 0x4A7484AA6EA6E483LL, 0x5CB0A9DCBD41FBD4LL, 0x76F988DA831153B5LL, 65 | 0x983E5152EE66DFABLL, 0xA831C66D2DB43210LL, 0xB00327C898FB213FLL, 0xBF597FC7BEEF0EE4LL, 66 | 0xC6E00BF33DA88FC2LL, 0xD5A79147930AA725LL, 0x06CA6351E003826FLL, 0x142929670A0E6E70LL, 67 | 0x27B70A8546D22FFCLL, 0x2E1B21385C26C926LL, 0x4D2C6DFC5AC42AEDLL, 0x53380D139D95B3DFLL, 68 | 0x650A73548BAF63DELL, 0x766A0ABB3C77B2A8LL, 0x81C2C92E47EDAEE6LL, 0x92722C851482353BLL, 69 | 0xA2BFE8A14CF10364LL, 0xA81A664BBC423001LL, 0xC24B8B70D0F89791LL, 0xC76C51A30654BE30LL, 70 | 0xD192E819D6EF5218LL, 0xD69906245565A910LL, 0xF40E35855771202ALL, 0x106AA07032BBD1B8LL, 71 | 0x19A4C116B8D2D0C8LL, 0x1E376C085141AB53LL, 0x2748774CDF8EEB99LL, 0x34B0BCB5E19B48A8LL, 72 | 0x391C0CB3C5C95A63LL, 0x4ED8AA4AE3418ACBLL, 0x5B9CCA4F7763E373LL, 0x682E6FF3D6B2B8A3LL, 73 | 0x748F82EE5DEFB2FCLL, 0x78A5636F43172F60LL, 0x84C87814A1F0AB72LL, 0x8CC702081A6439ECLL, 74 | 0x90BEFFFA23631E28LL, 0xA4506CEBDE82BDE9LL, 0xBEF9A3F7B2C67915LL, 0xC67178F2E372532BLL, 75 | 0xCA273ECEEA26619CLL, 0xD186B8C721C0C207LL, 0xEADA7DD6CDE0EB1ELL, 0xF57D4F7FEE6ED178LL, 76 | 0x06F067AA72176FBALL, 0x0A637DC5A2C898A6LL, 0x113F9804BEF90DAELL, 0x1B710B35131C471BLL, 77 | 0x28DB77F523047D84LL, 0x32CAAB7B40C72493LL, 0x3C9EBE0A15C9BEBCLL, 0x431D67C49C100D4CLL, 78 | 0x4CC5D4BECB3E42B6LL, 0x597F299CFC657E2ALL, 0x5FCB6FAB3AD6FAECLL, 0x6C44198C4A475817LL 79 | }; 80 | 81 | /** 82 | * Initialize the SHA512 context 83 | */ 84 | void SHA512_Init(SHA512_CTX *ctx) 85 | { 86 | ctx->h_dig.h[0] = 0x6A09E667F3BCC908LL; 87 | ctx->h_dig.h[1] = 0xBB67AE8584CAA73BLL; 88 | ctx->h_dig.h[2] = 0x3C6EF372FE94F82BLL; 89 | ctx->h_dig.h[3] = 0xA54FF53A5F1D36F1LL; 90 | ctx->h_dig.h[4] = 0x510E527FADE682D1LL; 91 | ctx->h_dig.h[5] = 0x9B05688C2B3E6C1FLL; 92 | ctx->h_dig.h[6] = 0x1F83D9ABFB41BD6BLL; 93 | ctx->h_dig.h[7] = 0x5BE0CD19137E2179LL; 94 | ctx->size = 0; 95 | ctx->totalSize = 0; 96 | } 97 | 98 | static void SHA512_Process(SHA512_CTX *ctx) 99 | { 100 | int t; 101 | uint64_t temp1; 102 | uint64_t temp2; 103 | 104 | // Initialize the 8 working registers 105 | uint64_t a = ctx->h_dig.h[0]; 106 | uint64_t b = ctx->h_dig.h[1]; 107 | uint64_t c = ctx->h_dig.h[2]; 108 | uint64_t d = ctx->h_dig.h[3]; 109 | uint64_t e = ctx->h_dig.h[4]; 110 | uint64_t f = ctx->h_dig.h[5]; 111 | uint64_t g = ctx->h_dig.h[6]; 112 | uint64_t h = ctx->h_dig.h[7]; 113 | 114 | // Process message in 16-word blocks 115 | uint64_t *w = ctx->w_buf.w; 116 | 117 | // Convert from big-endian byte order to host byte order 118 | for (t = 0; t < 16; t++) 119 | w[t] = be64toh(w[t]); 120 | 121 | // Prepare the message schedule 122 | for (t = 16; t < 80; t++) 123 | w[t] = SIGMA4(w[t - 2]) + w[t - 7] + SIGMA3(w[t - 15]) + w[t - 16]; 124 | 125 | // SHA-512 hash computation 126 | for (t = 0; t < 80; t++) 127 | { 128 | // Calculate T1 and T2 129 | temp1 = h + SIGMA2(e) + CH(e, f, g) + k[t] + w[t]; 130 | temp2 = SIGMA1(a) + MAJ(a, b, c); 131 | 132 | // Update the working registers 133 | h = g; 134 | g = f; 135 | f = e; 136 | e = d + temp1; 137 | d = c; 138 | c = b; 139 | b = a; 140 | a = temp1 + temp2; 141 | } 142 | 143 | // Update the hash value 144 | ctx->h_dig.h[0] += a; 145 | ctx->h_dig.h[1] += b; 146 | ctx->h_dig.h[2] += c; 147 | ctx->h_dig.h[3] += d; 148 | ctx->h_dig.h[4] += e; 149 | ctx->h_dig.h[5] += f; 150 | ctx->h_dig.h[6] += g; 151 | ctx->h_dig.h[7] += h; 152 | } 153 | 154 | /** 155 | * Accepts an array of octets as the next portion of the message. 156 | */ 157 | void SHA512_Update(SHA512_CTX *ctx, const uint8_t * msg, int len) 158 | { 159 | // Process the incoming data 160 | while (len > 0) 161 | { 162 | // The buffer can hold at most 128 bytes 163 | size_t n = MIN(len, 128 - ctx->size); 164 | 165 | // Copy the data to the buffer 166 | memcpy(ctx->w_buf.buffer + ctx->size, msg, n); 167 | 168 | // Update the SHA-512 ctx 169 | ctx->size += n; 170 | ctx->totalSize += n; 171 | // Advance the data pointer 172 | msg = (uint8_t *) msg + n; 173 | // Remaining bytes to process 174 | len -= n; 175 | 176 | // Process message in 16-word blocks 177 | if (ctx->size == 128) 178 | { 179 | // Transform the 16-word block 180 | SHA512_Process(ctx); 181 | // Empty the buffer 182 | ctx->size = 0; 183 | } 184 | } 185 | } 186 | 187 | /** 188 | * Return the 512-bit message digest into the user's array 189 | */ 190 | void SHA512_Final(uint8_t *digest, SHA512_CTX *ctx) 191 | { 192 | int i; 193 | size_t paddingSize; 194 | uint64_t totalSize; 195 | 196 | // Length of the original message (before padding) 197 | totalSize = ctx->totalSize * 8; 198 | 199 | // Pad the message so that its length is congruent to 112 modulo 128 200 | paddingSize = (ctx->size < 112) ? (112 - ctx->size) : 201 | (128 + 112 - ctx->size); 202 | 203 | #ifdef WITH_PGM_READ_HELPER 204 | uint8_t padding_ram[paddingSize]; 205 | memcpy(padding_ram, padding, (paddingSize + 3) & (~3)); 206 | SHA512_Update(ctx, padding_ram, paddingSize); 207 | #else 208 | // Append padding 209 | SHA512_Update(ctx, padding, paddingSize); 210 | #endif // WITH_PGM_READ_HELPER 211 | 212 | // Append the length of the original message 213 | ctx->w_buf.w[14] = 0; 214 | ctx->w_buf.w[15] = be64toh(totalSize); 215 | 216 | // Calculate the message digest 217 | SHA512_Process(ctx); 218 | 219 | // Convert from host byte order to big-endian byte order 220 | for (i = 0; i < 8; i++) 221 | ctx->h_dig.h[i] = be64toh(ctx->h_dig.h[i]); 222 | 223 | // Copy the resulting digest 224 | if (digest != NULL) 225 | memcpy(digest, ctx->h_dig.digest, SHA512_SIZE); 226 | } 227 | 228 | 229 | 230 | -------------------------------------------------------------------------------- /crypto/rsa.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007-2014, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /** 32 | * Implements the RSA public encryption algorithm. Uses the bigint library to 33 | * perform its calculations. 34 | */ 35 | 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include "os_port.h" 41 | #include "crypto.h" 42 | 43 | void RSA_priv_key_new(RSA_CTX **ctx, 44 | const uint8_t *modulus, int mod_len, 45 | const uint8_t *pub_exp, int pub_len, 46 | const uint8_t *priv_exp, int priv_len 47 | #if CONFIG_BIGINT_CRT 48 | , const uint8_t *p, int p_len, 49 | const uint8_t *q, int q_len, 50 | const uint8_t *dP, int dP_len, 51 | const uint8_t *dQ, int dQ_len, 52 | const uint8_t *qInv, int qInv_len 53 | #endif 54 | ) 55 | { 56 | RSA_CTX *rsa_ctx; 57 | BI_CTX *bi_ctx; 58 | RSA_pub_key_new(ctx, modulus, mod_len, pub_exp, pub_len); 59 | rsa_ctx = *ctx; 60 | bi_ctx = rsa_ctx->bi_ctx; 61 | rsa_ctx->d = bi_import(bi_ctx, priv_exp, priv_len); 62 | bi_permanent(rsa_ctx->d); 63 | 64 | #ifdef CONFIG_BIGINT_CRT 65 | rsa_ctx->p = bi_import(bi_ctx, p, p_len); 66 | rsa_ctx->q = bi_import(bi_ctx, q, q_len); 67 | rsa_ctx->dP = bi_import(bi_ctx, dP, dP_len); 68 | rsa_ctx->dQ = bi_import(bi_ctx, dQ, dQ_len); 69 | rsa_ctx->qInv = bi_import(bi_ctx, qInv, qInv_len); 70 | bi_permanent(rsa_ctx->dP); 71 | bi_permanent(rsa_ctx->dQ); 72 | bi_permanent(rsa_ctx->qInv); 73 | bi_set_mod(bi_ctx, rsa_ctx->p, BIGINT_P_OFFSET); 74 | bi_set_mod(bi_ctx, rsa_ctx->q, BIGINT_Q_OFFSET); 75 | #endif 76 | bi_clear_cache(bi_ctx); 77 | } 78 | 79 | void RSA_pub_key_new(RSA_CTX **ctx, 80 | const uint8_t *modulus, int mod_len, 81 | const uint8_t *pub_exp, int pub_len) 82 | { 83 | RSA_CTX *rsa_ctx; 84 | BI_CTX *bi_ctx; 85 | 86 | if (*ctx) /* if we load multiple certs, dump the old one */ 87 | RSA_free(*ctx); 88 | 89 | bi_ctx = bi_initialize(); 90 | *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX)); 91 | rsa_ctx = *ctx; 92 | rsa_ctx->bi_ctx = bi_ctx; 93 | rsa_ctx->num_octets = mod_len; 94 | rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len); 95 | bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET); 96 | rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len); 97 | bi_permanent(rsa_ctx->e); 98 | bi_clear_cache(bi_ctx); 99 | } 100 | 101 | /** 102 | * Free up any RSA context resources. 103 | */ 104 | void RSA_free(RSA_CTX *rsa_ctx) 105 | { 106 | BI_CTX *bi_ctx; 107 | if (rsa_ctx == NULL) /* deal with ptrs that are null */ 108 | return; 109 | 110 | bi_ctx = rsa_ctx->bi_ctx; 111 | 112 | bi_depermanent(rsa_ctx->e); 113 | bi_free(bi_ctx, rsa_ctx->e); 114 | bi_free_mod(rsa_ctx->bi_ctx, BIGINT_M_OFFSET); 115 | 116 | if (rsa_ctx->d) 117 | { 118 | bi_depermanent(rsa_ctx->d); 119 | bi_free(bi_ctx, rsa_ctx->d); 120 | #ifdef CONFIG_BIGINT_CRT 121 | bi_depermanent(rsa_ctx->dP); 122 | bi_depermanent(rsa_ctx->dQ); 123 | bi_depermanent(rsa_ctx->qInv); 124 | bi_free(bi_ctx, rsa_ctx->dP); 125 | bi_free(bi_ctx, rsa_ctx->dQ); 126 | bi_free(bi_ctx, rsa_ctx->qInv); 127 | bi_free_mod(rsa_ctx->bi_ctx, BIGINT_P_OFFSET); 128 | bi_free_mod(rsa_ctx->bi_ctx, BIGINT_Q_OFFSET); 129 | #endif 130 | } 131 | 132 | bi_terminate(bi_ctx); 133 | free(rsa_ctx); 134 | } 135 | 136 | /** 137 | * @brief Use PKCS1.5 for decryption/verification. 138 | * @param ctx [in] The context 139 | * @param in_data [in] The data to decrypt (must be < modulus size-11) 140 | * @param out_data [out] The decrypted data. 141 | * @param out_len [int] The size of the decrypted buffer in bytes 142 | * @param is_decryption [in] Decryption or verify operation. 143 | * @return The number of bytes that were originally encrypted. -1 on error. 144 | * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125 145 | */ 146 | int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, 147 | uint8_t *out_data, int out_len, int is_decryption) 148 | { 149 | const int byte_size = ctx->num_octets; 150 | int i = 0, size = -1; 151 | bigint *decrypted_bi, *dat_bi; 152 | uint8_t *block = NULL; 153 | int pad_count = 0; 154 | 155 | do 156 | { 157 | if (out_len < byte_size) /* check output has enough size */ 158 | break; 159 | 160 | block = (uint8_t *)malloc(byte_size); 161 | if (!block) 162 | break; 163 | 164 | memset(out_data, 0, out_len); /* initialise */ 165 | 166 | /* decrypt */ 167 | dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size); 168 | #ifdef CONFIG_SSL_CERT_VERIFICATION 169 | decrypted_bi = is_decryption ? /* decrypt or verify? */ 170 | RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi); 171 | #else /* always a decryption */ 172 | decrypted_bi = RSA_private(ctx, dat_bi); 173 | #endif 174 | 175 | /* convert to a normal block */ 176 | bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size); 177 | 178 | if (block[i++] != 0) /* leading 0? */ 179 | break; 180 | 181 | #ifdef CONFIG_SSL_CERT_VERIFICATION 182 | if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */ 183 | { 184 | if (block[i++] != 0x01) /* BT correct? */ 185 | break; 186 | 187 | while (block[i++] == 0xff && i < byte_size) 188 | pad_count++; 189 | } 190 | else /* PKCS1.5 encryption padding is random */ 191 | #endif 192 | { 193 | if (block[i++] != 0x02) /* BT correct? */ 194 | break; 195 | 196 | while (block[i++] && i < byte_size) 197 | pad_count++; 198 | } 199 | 200 | /* check separator byte 0x00 - and padding must be 8 or more bytes */ 201 | if (i == byte_size || pad_count < 8) 202 | break; 203 | 204 | size = byte_size - i; 205 | 206 | /* get only the bit we want */ 207 | memcpy(out_data, &block[i], size); 208 | } while(false); 209 | 210 | if(block) 211 | free(block); 212 | 213 | return size; 214 | } 215 | 216 | /** 217 | * Performs m = c^d mod n 218 | */ 219 | bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg) 220 | { 221 | #ifdef CONFIG_BIGINT_CRT 222 | return bi_crt(c->bi_ctx, bi_msg, c->dP, c->dQ, c->p, c->q, c->qInv); 223 | #else 224 | BI_CTX *ctx = c->bi_ctx; 225 | ctx->mod_offset = BIGINT_M_OFFSET; 226 | return bi_mod_power(ctx, bi_msg, c->d); 227 | #endif 228 | } 229 | 230 | #ifdef CONFIG_SSL_FULL_MODE 231 | /** 232 | * Used for diagnostics. 233 | */ 234 | void RSA_print(const RSA_CTX *rsa_ctx) 235 | { 236 | if (rsa_ctx == NULL) 237 | return; 238 | 239 | printf("----------------- RSA DEBUG ----------------\n"); 240 | printf("Size:\t%d\n", rsa_ctx->num_octets); 241 | printf("Modulus"); bi_print("", rsa_ctx->m); 242 | printf("Public Key"); bi_print("", rsa_ctx->e); 243 | printf("Private Key"); bi_print("", rsa_ctx->d); 244 | } 245 | #endif 246 | 247 | #if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT) 248 | /** 249 | * Performs c = m^e mod n 250 | */ 251 | bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg) 252 | { 253 | c->bi_ctx->mod_offset = BIGINT_M_OFFSET; 254 | return bi_mod_power(c->bi_ctx, bi_msg, c->e); 255 | } 256 | 257 | /** 258 | * Use PKCS1.5 for encryption/signing. 259 | * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125 260 | */ 261 | int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 262 | uint8_t *out_data, int is_signing) 263 | { 264 | int byte_size = ctx->num_octets; 265 | int num_pads_needed = byte_size-in_len-3; 266 | bigint *dat_bi, *encrypt_bi; 267 | 268 | /* note: in_len+11 must be > byte_size */ 269 | out_data[0] = 0; /* ensure encryption block is < modulus */ 270 | 271 | if (is_signing) 272 | { 273 | out_data[1] = 1; /* PKCS1.5 signing pads with "0xff"'s */ 274 | memset(&out_data[2], 0xff, num_pads_needed); 275 | } 276 | else /* randomize the encryption padding with non-zero bytes */ 277 | { 278 | out_data[1] = 2; 279 | if (get_random_NZ(num_pads_needed, &out_data[2]) < 0) 280 | return -1; 281 | } 282 | 283 | out_data[2+num_pads_needed] = 0; 284 | memcpy(&out_data[3+num_pads_needed], in_data, in_len); 285 | 286 | /* now encrypt it */ 287 | dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size); 288 | encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : 289 | RSA_public(ctx, dat_bi); 290 | bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size); 291 | 292 | /* save a few bytes of memory */ 293 | bi_clear_cache(ctx->bi_ctx); 294 | return byte_size; 295 | } 296 | 297 | #endif /* CONFIG_SSL_CERT_VERIFICATION */ 298 | -------------------------------------------------------------------------------- /crypto/crypto.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007-2016, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /** 32 | * @file crypto.h 33 | */ 34 | 35 | #ifndef HEADER_CRYPTO_H 36 | #define HEADER_CRYPTO_H 37 | 38 | #ifdef __cplusplus 39 | extern "C" { 40 | #endif 41 | 42 | #include "bigint_impl.h" 43 | #include "bigint.h" 44 | 45 | #ifndef STDCALL 46 | #define STDCALL 47 | #endif 48 | #ifndef EXP_FUNC 49 | #define EXP_FUNC 50 | #endif 51 | 52 | 53 | /* enable features based on a 'super-set' capbaility. */ 54 | #if defined(CONFIG_SSL_FULL_MODE) 55 | #define CONFIG_SSL_ENABLE_CLIENT 56 | #define CONFIG_SSL_CERT_VERIFICATION 57 | #elif defined(CONFIG_SSL_ENABLE_CLIENT) 58 | #define CONFIG_SSL_CERT_VERIFICATION 59 | #endif 60 | 61 | /************************************************************************** 62 | * AES declarations 63 | **************************************************************************/ 64 | 65 | #define AES_MAXROUNDS 14 66 | #define AES_BLOCKSIZE 16 67 | #define AES_IV_SIZE 16 68 | 69 | typedef struct aes_key_st 70 | { 71 | uint16_t rounds; 72 | uint16_t key_size; 73 | uint32_t ks[(AES_MAXROUNDS+1)*8]; 74 | uint8_t iv[AES_IV_SIZE]; 75 | } AES_CTX; 76 | 77 | typedef enum 78 | { 79 | AES_MODE_128, 80 | AES_MODE_256 81 | } AES_MODE; 82 | 83 | void AES_set_key(AES_CTX *ctx, const uint8_t *key, 84 | const uint8_t *iv, AES_MODE mode); 85 | void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 86 | uint8_t *out, int length); 87 | void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length); 88 | void AES_convert_key(AES_CTX *ctx); 89 | 90 | /************************************************************************** 91 | * RC4 declarations 92 | **************************************************************************/ 93 | 94 | typedef struct 95 | { 96 | uint8_t x, y, m[256]; 97 | } RC4_CTX; 98 | 99 | void RC4_setup(RC4_CTX *s, const uint8_t *key, int length); 100 | void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length); 101 | 102 | /************************************************************************** 103 | * SHA1 declarations 104 | **************************************************************************/ 105 | 106 | #define SHA1_SIZE 20 107 | 108 | /* 109 | * This structure will hold context information for the SHA-1 110 | * hashing operation 111 | */ 112 | typedef struct 113 | { 114 | uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */ 115 | uint32_t Length_Low; /* Message length in bits */ 116 | uint32_t Length_High; /* Message length in bits */ 117 | uint16_t Message_Block_Index; /* Index into message block array */ 118 | uint8_t Message_Block[64]; /* 512-bit message blocks */ 119 | } SHA1_CTX; 120 | 121 | void SHA1_Init(SHA1_CTX *); 122 | void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len); 123 | void SHA1_Final(uint8_t *digest, SHA1_CTX *); 124 | 125 | /************************************************************************** 126 | * SHA256 declarations 127 | **************************************************************************/ 128 | 129 | #define SHA256_SIZE 32 130 | 131 | typedef struct 132 | { 133 | uint32_t total[2]; 134 | uint32_t state[8]; 135 | uint8_t buffer[64]; 136 | } SHA256_CTX; 137 | 138 | void SHA256_Init(SHA256_CTX *c); 139 | void SHA256_Update(SHA256_CTX *, const uint8_t *input, int len); 140 | void SHA256_Final(uint8_t *digest, SHA256_CTX *); 141 | 142 | /************************************************************************** 143 | * SHA512 declarations 144 | **************************************************************************/ 145 | 146 | #define SHA512_SIZE 64 147 | 148 | typedef struct 149 | { 150 | union 151 | { 152 | uint64_t h[8]; 153 | uint8_t digest[64]; 154 | } h_dig; 155 | union 156 | { 157 | uint64_t w[80]; 158 | uint8_t buffer[128]; 159 | } w_buf; 160 | size_t size; 161 | uint64_t totalSize; 162 | } SHA512_CTX; 163 | 164 | void SHA512_Init(SHA512_CTX *c); 165 | void SHA512_Update(SHA512_CTX *, const uint8_t *input, int len); 166 | void SHA512_Final(uint8_t *digest, SHA512_CTX *); 167 | 168 | /************************************************************************** 169 | * SHA384 declarations 170 | **************************************************************************/ 171 | 172 | #define SHA384_SIZE 48 173 | 174 | typedef SHA512_CTX SHA384_CTX; 175 | void SHA384_Init(SHA384_CTX *c); 176 | void SHA384_Update(SHA384_CTX *, const uint8_t *input, int len); 177 | void SHA384_Final(uint8_t *digest, SHA384_CTX *); 178 | 179 | /************************************************************************** 180 | * MD5 declarations 181 | **************************************************************************/ 182 | 183 | #define MD5_SIZE 16 184 | 185 | typedef struct 186 | { 187 | uint32_t state[4]; /* state (ABCD) */ 188 | uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */ 189 | uint8_t buffer[64]; /* input buffer */ 190 | } MD5_CTX; 191 | 192 | EXP_FUNC void STDCALL MD5_Init(MD5_CTX *); 193 | EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len); 194 | EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *); 195 | 196 | /************************************************************************** 197 | * HMAC declarations 198 | **************************************************************************/ 199 | void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 200 | int key_len, uint8_t *digest); 201 | void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 202 | int key_len, uint8_t *digest); 203 | void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 204 | int key_len, uint8_t *digest); 205 | 206 | /************************************************************************** 207 | * HMAC functions operating on vectors 208 | **************************************************************************/ 209 | void hmac_md5_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 210 | int key_len, uint8_t *digest); 211 | void hmac_sha1_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 212 | int key_len, uint8_t *digest); 213 | void hmac_sha256_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 214 | int key_len, uint8_t *digest); 215 | 216 | /************************************************************************** 217 | * RSA declarations 218 | **************************************************************************/ 219 | 220 | typedef struct 221 | { 222 | bigint *m; /* modulus */ 223 | bigint *e; /* public exponent */ 224 | bigint *d; /* private exponent */ 225 | #ifdef CONFIG_BIGINT_CRT 226 | bigint *p; /* p as in m = pq */ 227 | bigint *q; /* q as in m = pq */ 228 | bigint *dP; /* d mod (p-1) */ 229 | bigint *dQ; /* d mod (q-1) */ 230 | bigint *qInv; /* q^-1 mod p */ 231 | #endif 232 | int num_octets; 233 | BI_CTX *bi_ctx; 234 | } RSA_CTX; 235 | 236 | void RSA_priv_key_new(RSA_CTX **rsa_ctx, 237 | const uint8_t *modulus, int mod_len, 238 | const uint8_t *pub_exp, int pub_len, 239 | const uint8_t *priv_exp, int priv_len 240 | #ifdef CONFIG_BIGINT_CRT 241 | , const uint8_t *p, int p_len, 242 | const uint8_t *q, int q_len, 243 | const uint8_t *dP, int dP_len, 244 | const uint8_t *dQ, int dQ_len, 245 | const uint8_t *qInv, int qInv_len 246 | #endif 247 | ); 248 | void RSA_pub_key_new(RSA_CTX **rsa_ctx, 249 | const uint8_t *modulus, int mod_len, 250 | const uint8_t *pub_exp, int pub_len); 251 | void RSA_free(RSA_CTX *ctx); 252 | int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data, 253 | int out_len, int is_decryption); 254 | bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg); 255 | #if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT) 256 | bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len, 257 | bigint *modulus, bigint *pub_exp); 258 | bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg); 259 | int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 260 | uint8_t *out_data, int is_signing); 261 | void RSA_print(const RSA_CTX *ctx); 262 | #endif 263 | 264 | /************************************************************************** 265 | * RNG declarations 266 | **************************************************************************/ 267 | EXP_FUNC void STDCALL RNG_initialize(void); 268 | EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size); 269 | EXP_FUNC void STDCALL RNG_terminate(void); 270 | EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data); 271 | int get_random_NZ(int num_rand_bytes, uint8_t *rand_data); 272 | 273 | #ifdef __cplusplus 274 | } 275 | #endif 276 | 277 | #endif 278 | -------------------------------------------------------------------------------- /crypto/sha256.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2015, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | #include 32 | #include "os_port.h" 33 | #include "crypto.h" 34 | 35 | #define GET_UINT32(n,b,i) \ 36 | { \ 37 | (n) = ((uint32_t) (b)[(i) ] << 24) \ 38 | | ((uint32_t) (b)[(i) + 1] << 16) \ 39 | | ((uint32_t) (b)[(i) + 2] << 8) \ 40 | | ((uint32_t) (b)[(i) + 3] ); \ 41 | } 42 | 43 | #define PUT_UINT32(n,b,i) \ 44 | { \ 45 | (b)[(i) ] = (uint8_t) ((n) >> 24); \ 46 | (b)[(i) + 1] = (uint8_t) ((n) >> 16); \ 47 | (b)[(i) + 2] = (uint8_t) ((n) >> 8); \ 48 | (b)[(i) + 3] = (uint8_t) ((n) ); \ 49 | } 50 | 51 | static const uint8_t sha256_padding[64] PROGMEM = 52 | { 53 | 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 54 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 55 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 56 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 57 | }; 58 | 59 | /** 60 | * Initialize the SHA256 context 61 | */ 62 | void SHA256_Init(SHA256_CTX *ctx) 63 | { 64 | ctx->total[0] = 0; 65 | ctx->total[1] = 0; 66 | 67 | ctx->state[0] = 0x6A09E667; 68 | ctx->state[1] = 0xBB67AE85; 69 | ctx->state[2] = 0x3C6EF372; 70 | ctx->state[3] = 0xA54FF53A; 71 | ctx->state[4] = 0x510E527F; 72 | ctx->state[5] = 0x9B05688C; 73 | ctx->state[6] = 0x1F83D9AB; 74 | ctx->state[7] = 0x5BE0CD19; 75 | } 76 | 77 | static void SHA256_Process(const uint8_t digest[64], SHA256_CTX *ctx) 78 | { 79 | uint32_t temp1, temp2, W[64]; 80 | uint32_t A, B, C, D, E, F, G, H; 81 | 82 | GET_UINT32(W[0], digest, 0); 83 | GET_UINT32(W[1], digest, 4); 84 | GET_UINT32(W[2], digest, 8); 85 | GET_UINT32(W[3], digest, 12); 86 | GET_UINT32(W[4], digest, 16); 87 | GET_UINT32(W[5], digest, 20); 88 | GET_UINT32(W[6], digest, 24); 89 | GET_UINT32(W[7], digest, 28); 90 | GET_UINT32(W[8], digest, 32); 91 | GET_UINT32(W[9], digest, 36); 92 | GET_UINT32(W[10], digest, 40); 93 | GET_UINT32(W[11], digest, 44); 94 | GET_UINT32(W[12], digest, 48); 95 | GET_UINT32(W[13], digest, 52); 96 | GET_UINT32(W[14], digest, 56); 97 | GET_UINT32(W[15], digest, 60); 98 | 99 | #define SHR(x,n) ((x & 0xFFFFFFFF) >> n) 100 | #define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) 101 | 102 | #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) 103 | #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) 104 | 105 | #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) 106 | #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) 107 | 108 | #define F0(x,y,z) ((x & y) | (z & (x | y))) 109 | #define F1(x,y,z) (z ^ (x & (y ^ z))) 110 | 111 | #define R(t) \ 112 | ( \ 113 | W[t] = S1(W[t - 2]) + W[t - 7] + \ 114 | S0(W[t - 15]) + W[t - 16] \ 115 | ) 116 | 117 | #define P(a,b,c,d,e,f,g,h,x,K) \ 118 | { \ 119 | temp1 = h + S3(e) + F1(e,f,g) + K + x; \ 120 | temp2 = S2(a) + F0(a,b,c); \ 121 | d += temp1; h = temp1 + temp2; \ 122 | } 123 | 124 | A = ctx->state[0]; 125 | B = ctx->state[1]; 126 | C = ctx->state[2]; 127 | D = ctx->state[3]; 128 | E = ctx->state[4]; 129 | F = ctx->state[5]; 130 | G = ctx->state[6]; 131 | H = ctx->state[7]; 132 | 133 | P(A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98); 134 | P(H, A, B, C, D, E, F, G, W[ 1], 0x71374491); 135 | P(G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF); 136 | P(F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5); 137 | P(E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B); 138 | P(D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1); 139 | P(C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4); 140 | P(B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5); 141 | P(A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98); 142 | P(H, A, B, C, D, E, F, G, W[ 9], 0x12835B01); 143 | P(G, H, A, B, C, D, E, F, W[10], 0x243185BE); 144 | P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3); 145 | P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74); 146 | P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE); 147 | P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7); 148 | P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174); 149 | P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1); 150 | P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786); 151 | P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6); 152 | P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC); 153 | P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F); 154 | P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA); 155 | P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC); 156 | P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA); 157 | P(A, B, C, D, E, F, G, H, R(24), 0x983E5152); 158 | P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D); 159 | P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8); 160 | P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7); 161 | P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3); 162 | P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147); 163 | P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351); 164 | P(B, C, D, E, F, G, H, A, R(31), 0x14292967); 165 | P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85); 166 | P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138); 167 | P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC); 168 | P(F, G, H, A, B, C, D, E, R(35), 0x53380D13); 169 | P(E, F, G, H, A, B, C, D, R(36), 0x650A7354); 170 | P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB); 171 | P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E); 172 | P(B, C, D, E, F, G, H, A, R(39), 0x92722C85); 173 | P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1); 174 | P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B); 175 | P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70); 176 | P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3); 177 | P(E, F, G, H, A, B, C, D, R(44), 0xD192E819); 178 | P(D, E, F, G, H, A, B, C, R(45), 0xD6990624); 179 | P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585); 180 | P(B, C, D, E, F, G, H, A, R(47), 0x106AA070); 181 | P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116); 182 | P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08); 183 | P(G, H, A, B, C, D, E, F, R(50), 0x2748774C); 184 | P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5); 185 | P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3); 186 | P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A); 187 | P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F); 188 | P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3); 189 | P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE); 190 | P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F); 191 | P(G, H, A, B, C, D, E, F, R(58), 0x84C87814); 192 | P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208); 193 | P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA); 194 | P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB); 195 | P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7); 196 | P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2); 197 | 198 | ctx->state[0] += A; 199 | ctx->state[1] += B; 200 | ctx->state[2] += C; 201 | ctx->state[3] += D; 202 | ctx->state[4] += E; 203 | ctx->state[5] += F; 204 | ctx->state[6] += G; 205 | ctx->state[7] += H; 206 | } 207 | 208 | /** 209 | * Accepts an array of octets as the next portion of the message. 210 | */ 211 | void SHA256_Update(SHA256_CTX *ctx, const uint8_t * msg, int len) 212 | { 213 | uint32_t left = ctx->total[0] & 0x3F; 214 | uint32_t fill = 64 - left; 215 | 216 | ctx->total[0] += len; 217 | ctx->total[0] &= 0xFFFFFFFF; 218 | 219 | if (ctx->total[0] < len) 220 | ctx->total[1]++; 221 | 222 | if (left && len >= fill) 223 | { 224 | memcpy((void *) (ctx->buffer + left), (void *)msg, fill); 225 | SHA256_Process(ctx->buffer, ctx); 226 | len -= fill; 227 | msg += fill; 228 | left = 0; 229 | } 230 | 231 | while (len >= 64) 232 | { 233 | SHA256_Process(msg, ctx); 234 | len -= 64; 235 | msg += 64; 236 | } 237 | 238 | if (len) 239 | { 240 | memcpy((void *) (ctx->buffer + left), (void *) msg, len); 241 | } 242 | } 243 | 244 | /** 245 | * Return the 256-bit message digest into the user's array 246 | */ 247 | void SHA256_Final(uint8_t *digest, SHA256_CTX *ctx) 248 | { 249 | uint32_t last, padn; 250 | uint32_t high, low; 251 | uint8_t msglen[8]; 252 | #ifdef WITH_PGM_READ_HELPER 253 | uint8_t sha256_padding_ram[64]; 254 | memcpy(sha256_padding_ram, sha256_padding, 64); 255 | #endif 256 | 257 | high = (ctx->total[0] >> 29) 258 | | (ctx->total[1] << 3); 259 | low = (ctx->total[0] << 3); 260 | 261 | PUT_UINT32(high, msglen, 0); 262 | PUT_UINT32(low, msglen, 4); 263 | 264 | last = ctx->total[0] & 0x3F; 265 | padn = (last < 56) ? (56 - last) : (120 - last); 266 | #ifdef WITH_PGM_READ_HELPER 267 | SHA256_Update(ctx, sha256_padding_ram, padn); 268 | #else 269 | SHA256_Update(ctx, sha256_padding, padn); 270 | #endif 271 | SHA256_Update(ctx, msglen, 8); 272 | 273 | PUT_UINT32(ctx->state[0], digest, 0); 274 | PUT_UINT32(ctx->state[1], digest, 4); 275 | PUT_UINT32(ctx->state[2], digest, 8); 276 | PUT_UINT32(ctx->state[3], digest, 12); 277 | PUT_UINT32(ctx->state[4], digest, 16); 278 | PUT_UINT32(ctx->state[5], digest, 20); 279 | PUT_UINT32(ctx->state[6], digest, 24); 280 | PUT_UINT32(ctx->state[7], digest, 28); 281 | } 282 | -------------------------------------------------------------------------------- /ssl/os_port.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007-2016, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /** 32 | * @file os_port.h 33 | * 34 | * Some stuff to minimise the differences between windows and linux/unix 35 | */ 36 | 37 | #ifndef HEADER_OS_PORT_H 38 | #define HEADER_OS_PORT_H 39 | 40 | #ifdef __cplusplus 41 | extern "C" { 42 | #endif 43 | 44 | #include "os_int.h" 45 | #include "config.h" 46 | #include 47 | 48 | #ifdef WIN32 49 | #define STDCALL __stdcall 50 | #define EXP_FUNC __declspec(dllexport) 51 | #else 52 | #define STDCALL 53 | #define EXP_FUNC 54 | #endif 55 | 56 | #if defined(_WIN32_WCE) 57 | #undef WIN32 58 | #define WIN32 59 | #endif 60 | 61 | #if defined(ESP8266) 62 | 63 | #include "util/time.h" 64 | #include 65 | #define alloca(size) __builtin_alloca(size) 66 | #define TTY_FLUSH() 67 | #ifdef putc 68 | #undef putc 69 | #endif 70 | #define putc(x, f) ets_putc(x) 71 | 72 | #define SOCKET_READ(A,B,C) ax_port_read(A,B,C) 73 | #define SOCKET_WRITE(A,B,C) ax_port_write(A,B,C) 74 | #define SOCKET_CLOSE(A) ax_port_close(A) 75 | #define get_file ax_get_file 76 | #define EWOULDBLOCK EAGAIN 77 | 78 | #define hmac_sha1 ax_hmac_sha1 79 | #define hmac_sha256 ax_hmac_sha256 80 | #define hmac_md5 ax_hmac_md5 81 | 82 | #ifndef be64toh 83 | # define __bswap_constant_64(x) \ 84 | ((((x) & 0xff00000000000000ull) >> 56) \ 85 | | (((x) & 0x00ff000000000000ull) >> 40) \ 86 | | (((x) & 0x0000ff0000000000ull) >> 24) \ 87 | | (((x) & 0x000000ff00000000ull) >> 8) \ 88 | | (((x) & 0x00000000ff000000ull) << 8) \ 89 | | (((x) & 0x0000000000ff0000ull) << 24) \ 90 | | (((x) & 0x000000000000ff00ull) << 40) \ 91 | | (((x) & 0x00000000000000ffull) << 56)) 92 | #define be64toh(x) __bswap_constant_64(x) 93 | #endif 94 | 95 | void ax_wdt_feed(); 96 | 97 | #ifndef PROGMEM 98 | #define PROGMEM __attribute__((aligned(4))) __attribute__((section(".irom.text"))) 99 | #endif 100 | 101 | #ifndef WITH_PGM_READ_HELPER 102 | #define ax_array_read_u8(x, y) x[y] 103 | #else 104 | 105 | static inline uint8_t pgm_read_byte(const void* addr) { 106 | register uint32_t res; 107 | __asm__("extui %0, %1, 0, 2\n" /* Extract offset within word (in bytes) */ 108 | "sub %1, %1, %0\n" /* Subtract offset from addr, yielding an aligned address */ 109 | "l32i.n %1, %1, 0x0\n" /* Load word from aligned address */ 110 | "slli %0, %0, 3\n" /* Multiply offset by 8, yielding an offset in bits */ 111 | "ssr %0\n" /* Prepare to shift by offset (in bits) */ 112 | "srl %0, %1\n" /* Shift right; now the requested byte is the first one */ 113 | :"=r"(res), "=r"(addr) 114 | :"1"(addr) 115 | :); 116 | return (uint8_t) res; /* This masks the lower byte from the returned word */ 117 | } 118 | 119 | #define ax_array_read_u8(x, y) pgm_read_byte((x)+(y)) 120 | #endif //WITH_PGM_READ_HELPER 121 | 122 | #ifdef printf 123 | #undef printf 124 | #endif 125 | //#define printf(...) ets_printf(__VA_ARGS__) 126 | #define PSTR(s) (__extension__({static const char __c[] PROGMEM = (s); &__c[0];})) 127 | #define PGM_VOID_P const void * 128 | static inline void* memcpy_P(void* dest, PGM_VOID_P src, size_t count) { 129 | const uint8_t* read = (const uint8_t*)(src); 130 | uint8_t* write = (uint8_t*)(dest); 131 | 132 | while (count) 133 | { 134 | *write++ = pgm_read_byte(read++); 135 | count--; 136 | } 137 | 138 | return dest; 139 | } 140 | static inline int strlen_P(const char *str) { 141 | int cnt = 0; 142 | while (pgm_read_byte(str++)) cnt++; 143 | return cnt; 144 | } 145 | static inline int memcmp_P(const void *a1, const void *b1, size_t len) { 146 | const uint8_t* a = (const uint8_t*)(a1); 147 | uint8_t* b = (uint8_t*)(b1); 148 | for (size_t i=0; i? 169 | extern char *strdup(const char *orig); 170 | 171 | #elif defined(WIN32) 172 | 173 | /* Windows CE stuff */ 174 | #if defined(_WIN32_WCE) 175 | #include 176 | #define abort() exit(1) 177 | #else 178 | #include 179 | #include 180 | #include 181 | #include 182 | #endif /* _WIN32_WCE */ 183 | 184 | #include 185 | #include 186 | #undef getpid 187 | #undef open 188 | #undef close 189 | #undef sleep 190 | #undef gettimeofday 191 | #undef dup2 192 | #undef unlink 193 | 194 | #define SOCKET_READ(A,B,C) recv(A,B,C,0) 195 | #define SOCKET_WRITE(A,B,C) send(A,B,C,0) 196 | #define SOCKET_CLOSE(A) closesocket(A) 197 | #define srandom(A) srand(A) 198 | #define random() rand() 199 | #define getpid() _getpid() 200 | #define snprintf _snprintf 201 | #define open(A,B) _open(A,B) 202 | #define dup2(A,B) _dup2(A,B) 203 | #define unlink(A) _unlink(A) 204 | #define close(A) _close(A) 205 | #define read(A,B,C) _read(A,B,C) 206 | #define write(A,B,C) _write(A,B,C) 207 | #define sleep(A) Sleep(A*1000) 208 | #define usleep(A) Sleep(A/1000) 209 | #define strdup(A) _strdup(A) 210 | #define chroot(A) _chdir(A) 211 | #define chdir(A) _chdir(A) 212 | #define alloca(A) _alloca(A) 213 | #ifndef lseek 214 | #define lseek(A,B,C) _lseek(A,B,C) 215 | #endif 216 | 217 | /* This fix gets around a problem where a win32 application on a cygwin xterm 218 | doesn't display regular output (until a certain buffer limit) - but it works 219 | fine under a normal DOS window. This is a hack to get around the issue - 220 | see http://www.khngai.com/emacs/tty.php */ 221 | #define TTY_FLUSH() if (!_isatty(_fileno(stdout))) fflush(stdout); 222 | 223 | /* 224 | * automatically build some library dependencies. 225 | */ 226 | #pragma comment(lib, "WS2_32.lib") 227 | #pragma comment(lib, "AdvAPI32.lib") 228 | 229 | typedef int socklen_t; 230 | 231 | EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone); 232 | EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2); 233 | EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size); 234 | 235 | #else /* Not Win32 */ 236 | 237 | #include 238 | #include 239 | #include 240 | #include 241 | #include 242 | #include 243 | #include 244 | #include 245 | #include 246 | #include 247 | #include 248 | #include 249 | #include 250 | 251 | #define SOCKET_READ(A,B,C) read(A,B,C) 252 | #define SOCKET_WRITE(A,B,C) write(A,B,C) 253 | #define SOCKET_CLOSE(A) if (A >= 0) close(A) 254 | #define TTY_FLUSH() 255 | 256 | #ifndef be64toh 257 | #define be64toh(x) __be64_to_cpu(x) 258 | #endif 259 | 260 | #endif /* Not Win32 */ 261 | 262 | /* some functions to mutate the way these work */ 263 | inline uint32_t htonl(uint32_t n){ 264 | return ((n & 0xff) << 24) | 265 | ((n & 0xff00) << 8) | 266 | ((n & 0xff0000UL) >> 8) | 267 | ((n & 0xff000000UL) >> 24); 268 | } 269 | 270 | #define ntohl htonl 271 | 272 | EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 273 | 274 | #ifdef CONFIG_PLATFORM_LINUX 275 | void exit_now(const char *format, ...) __attribute((noreturn)); 276 | #else 277 | void exit_now(const char *format, ...); 278 | #endif 279 | 280 | /* Mutexing definitions */ 281 | #if defined(CONFIG_SSL_CTX_MUTEXING) 282 | #if defined(WIN32) 283 | #define SSL_CTX_MUTEX_TYPE HANDLE 284 | #define SSL_CTX_MUTEX_INIT(A) A=CreateMutex(0, FALSE, 0) 285 | #define SSL_CTX_MUTEX_DESTROY(A) CloseHandle(A) 286 | #define SSL_CTX_LOCK(A) WaitForSingleObject(A, INFINITE) 287 | #define SSL_CTX_UNLOCK(A) ReleaseMutex(A) 288 | #else 289 | #include 290 | #define SSL_CTX_MUTEX_TYPE pthread_mutex_t 291 | #define SSL_CTX_MUTEX_INIT(A) pthread_mutex_init(&A, NULL) 292 | #define SSL_CTX_MUTEX_DESTROY(A) pthread_mutex_destroy(&A) 293 | #define SSL_CTX_LOCK(A) pthread_mutex_lock(&A) 294 | #define SSL_CTX_UNLOCK(A) pthread_mutex_unlock(&A) 295 | #endif 296 | #else /* no mutexing */ 297 | #define SSL_CTX_MUTEX_INIT(A) 298 | #define SSL_CTX_MUTEX_DESTROY(A) 299 | #define SSL_CTX_LOCK(A) 300 | #define SSL_CTX_UNLOCK(A) 301 | #endif 302 | 303 | #ifndef PROGMEM 304 | #define PROGMEM 305 | #endif 306 | 307 | #ifdef __cplusplus 308 | } 309 | #endif 310 | 311 | #endif 312 | -------------------------------------------------------------------------------- /ssl/tls1.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007-2016, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /** 32 | * @file tls1.h 33 | * 34 | * @brief The definitions for the TLS library. 35 | */ 36 | #ifndef HEADER_SSL_LIB_H 37 | #define HEADER_SSL_LIB_H 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | #include "version.h" 44 | #include "config.h" 45 | #include "os_int.h" 46 | #include "os_port.h" 47 | #include "crypto.h" 48 | #include "crypto_misc.h" 49 | 50 | #define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */ 51 | #define SSL_PROTOCOL_VERSION_MAX 0x33 /* TLS v1.3 */ 52 | #define SSL_PROTOCOL_VERSION_TLS1_1 0x32 /* TLS v1.1 */ 53 | #define SSL_PROTOCOL_VERSION_TLS1_2 0x33 /* TLS v1.2 */ 54 | #define SSL_RANDOM_SIZE 32 55 | #define SSL_SECRET_SIZE 48 56 | #define SSL_FINISHED_HASH_SIZE 12 57 | #define SSL_RECORD_SIZE 5 58 | #define SSL_SERVER_READ 0 59 | #define SSL_SERVER_WRITE 1 60 | #define SSL_CLIENT_READ 2 61 | #define SSL_CLIENT_WRITE 3 62 | #define SSL_HS_HDR_SIZE 4 63 | 64 | /* the flags we use while establishing a connection */ 65 | #define SSL_NEED_RECORD 0x0001 66 | #define SSL_TX_ENCRYPTED 0x0002 67 | #define SSL_RX_ENCRYPTED 0x0004 68 | #define SSL_SESSION_RESUME 0x0008 69 | #define SSL_IS_CLIENT 0x0010 70 | #define SSL_HAS_CERT_REQ 0x0020 71 | #define SSL_SENT_CLOSE_NOTIFY 0x0040 72 | 73 | /* some macros to muck around with flag bits */ 74 | #define SET_SSL_FLAG(A) (ssl->flag |= A) 75 | #define CLR_SSL_FLAG(A) (ssl->flag &= ~A) 76 | #define IS_SET_SSL_FLAG(A) (ssl->flag & A) 77 | 78 | #define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */ 79 | #define RT_MAX_PLAIN_LENGTH 16384 80 | #define RT_EXTRA 1024 81 | #define BM_RECORD_OFFSET 5 82 | 83 | #define NUM_PROTOCOLS 4 84 | 85 | #define MAX_SIG_ALGORITHMS 4 86 | #define SIG_ALG_SHA1 2 87 | #define SIG_ALG_SHA256 4 88 | #define SIG_ALG_SHA384 5 89 | #define SIG_ALG_SHA512 6 90 | #define SIG_ALG_RSA 1 91 | 92 | #define PARANOIA_CHECK(A, B) if (A < B) { \ 93 | ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; } 94 | 95 | /* protocol types */ 96 | enum 97 | { 98 | PT_CHANGE_CIPHER_SPEC = 20, 99 | PT_ALERT_PROTOCOL, 100 | PT_HANDSHAKE_PROTOCOL, 101 | PT_APP_PROTOCOL_DATA 102 | }; 103 | 104 | /* handshaking types */ 105 | enum 106 | { 107 | HS_HELLO_REQUEST, 108 | HS_CLIENT_HELLO, 109 | HS_SERVER_HELLO, 110 | HS_CERTIFICATE = 11, 111 | HS_SERVER_KEY_XCHG, 112 | HS_CERT_REQ, 113 | HS_SERVER_HELLO_DONE, 114 | HS_CERT_VERIFY, 115 | HS_CLIENT_KEY_XCHG, 116 | HS_FINISHED = 20 117 | }; 118 | 119 | /* SSL extension types */ 120 | enum 121 | { 122 | SSL_EXT_SERVER_NAME = 0, 123 | SSL_EXT_MAX_FRAGMENT_SIZE, 124 | SSL_EXT_SIG_ALG = 0x0d, 125 | }; 126 | 127 | typedef struct 128 | { 129 | uint8_t cipher; 130 | uint8_t key_size; 131 | uint8_t iv_size; 132 | uint8_t padding_size; 133 | uint8_t digest_size; 134 | uint8_t key_block_size; 135 | hmac_func_v hmac_v; 136 | crypt_func encrypt; 137 | crypt_func decrypt; 138 | } cipher_info_t; 139 | 140 | struct _SSLObjLoader 141 | { 142 | uint8_t *buf; 143 | int len; 144 | }; 145 | 146 | typedef struct _SSLObjLoader SSLObjLoader; 147 | 148 | typedef struct 149 | { 150 | time_t conn_time; 151 | uint8_t session_id[SSL_SESSION_ID_SIZE]; 152 | uint8_t master_secret[SSL_SECRET_SIZE]; 153 | } SSL_SESSION; 154 | 155 | typedef struct 156 | { 157 | uint8_t *buf; 158 | int size; 159 | uint8_t hash_alg; 160 | } SSL_CERT; 161 | 162 | typedef struct 163 | { 164 | MD5_CTX md5_ctx; 165 | SHA1_CTX sha1_ctx; 166 | SHA256_CTX sha256_ctx; 167 | uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */ 168 | uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */ 169 | uint8_t final_finish_mac[128]; 170 | uint8_t master_secret[SSL_SECRET_SIZE]; 171 | uint8_t key_block[256]; 172 | uint16_t bm_proc_index; 173 | uint8_t key_block_generated; 174 | } DISPOSABLE_CTX; 175 | 176 | typedef struct 177 | { 178 | char *host_name; /* Needed for the SNI support */ 179 | /* Needed for the Max Fragment Size Extension. 180 | Allowed values: 0,1,2,3..6 corresponding to off,512,1024,2048..16384 bytes 181 | */ 182 | uint8_t max_fragment_size; 183 | } SSL_EXTENSIONS; 184 | 185 | struct _SSL 186 | { 187 | uint32_t flag; 188 | uint16_t need_bytes; 189 | uint16_t got_bytes; 190 | uint8_t record_type; 191 | uint8_t cipher; 192 | uint8_t sess_id_size; 193 | uint8_t version; 194 | uint8_t client_version; 195 | int16_t next_state; 196 | int16_t hs_status; 197 | DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */ 198 | int client_fd; 199 | const cipher_info_t *cipher_info; 200 | void *encrypt_ctx; 201 | void *decrypt_ctx; 202 | uint8_t *bm_all_data; 203 | uint8_t *bm_data; 204 | uint16_t bm_index; 205 | uint16_t bm_read_index; 206 | size_t max_plain_length; 207 | uint8_t sig_algs[MAX_SIG_ALGORITHMS]; 208 | uint8_t num_sig_algs; 209 | struct _SSL *next; /* doubly linked list */ 210 | struct _SSL *prev; 211 | struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */ 212 | #ifndef CONFIG_SSL_SKELETON_MODE 213 | uint16_t session_index; 214 | SSL_SESSION *session; 215 | #endif 216 | #ifdef CONFIG_SSL_CERT_VERIFICATION 217 | X509_CTX *x509_ctx; 218 | bool can_free_certificates; 219 | #endif 220 | uint8_t session_id[SSL_SESSION_ID_SIZE]; 221 | uint8_t client_mac[SHA256_SIZE]; /* for HMAC verification */ 222 | uint8_t server_mac[SHA256_SIZE]; /* for HMAC verification */ 223 | uint8_t read_sequence[8]; /* 64 bit sequence number */ 224 | uint8_t write_sequence[8]; /* 64 bit sequence number */ 225 | uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */ 226 | SSL_EXTENSIONS *extensions; /* Contains the SSL (client) extensions */ 227 | }; 228 | 229 | typedef struct _SSL SSL; 230 | 231 | struct _SSL_CTX 232 | { 233 | uint32_t options; 234 | uint8_t chain_length; 235 | RSA_CTX *rsa_ctx; 236 | #ifdef CONFIG_SSL_CERT_VERIFICATION 237 | CA_CERT_CTX *ca_cert_ctx; 238 | #endif 239 | SSL *head; 240 | SSL *tail; 241 | SSL_CERT certs[CONFIG_SSL_MAX_CERTS]; 242 | #ifndef CONFIG_SSL_SKELETON_MODE 243 | uint16_t num_sessions; 244 | SSL_SESSION **ssl_sessions; 245 | #endif 246 | #ifdef CONFIG_SSL_CTX_MUTEXING 247 | SSL_CTX_MUTEX_TYPE mutex; 248 | #endif 249 | #ifdef CONFIG_OPENSSL_COMPATIBLE 250 | void *bonus_attr; 251 | #endif 252 | }; 253 | 254 | typedef struct _SSL_CTX SSL_CTX; 255 | 256 | /* backwards compatibility */ 257 | typedef struct _SSL_CTX SSLCTX; 258 | 259 | extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS]; 260 | 261 | SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd); 262 | void disposable_new(SSL *ssl); 263 | void disposable_free(SSL *ssl); 264 | int send_packet(SSL *ssl, uint8_t protocol, 265 | const uint8_t *in, int length); 266 | int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); 267 | int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); 268 | int process_finished(SSL *ssl, uint8_t *buf, int hs_len); 269 | int process_sslv23_client_hello(SSL *ssl); 270 | int send_alert(SSL *ssl, int error_code); 271 | int send_finished(SSL *ssl); 272 | int send_certificate(SSL *ssl); 273 | int basic_read(SSL *ssl, uint8_t **in_data); 274 | int send_change_cipher_spec(SSL *ssl); 275 | int finished_digest(SSL *ssl, const char *label, uint8_t *digest); 276 | void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret); 277 | void add_packet(SSL *ssl, const uint8_t *pkt, int len); 278 | int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); 279 | int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj); 280 | void ssl_obj_free(SSLObjLoader *ssl_obj); 281 | int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); 282 | int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); 283 | int load_key_certs(SSL_CTX *ssl_ctx); 284 | #ifdef CONFIG_SSL_CERT_VERIFICATION 285 | int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); 286 | void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx); 287 | #endif 288 | #ifdef CONFIG_SSL_ENABLE_CLIENT 289 | int do_client_connect(SSL *ssl); 290 | #endif 291 | 292 | #ifdef CONFIG_SSL_FULL_MODE 293 | void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok); 294 | void DISPLAY_BYTES(SSL *ssl, const char *format, 295 | const uint8_t *data, int size, ...); 296 | void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx); 297 | void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx); 298 | void DISPLAY_ALERT(SSL *ssl, int alert); 299 | #else 300 | #define DISPLAY_STATE(A,B,C,D) 301 | #define DISPLAY_CERT(A,B) 302 | #define DISPLAY_RSA(A,B) 303 | #define DISPLAY_ALERT(A, B) 304 | #ifdef WIN32 305 | void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */ 306 | const uint8_t *data, int size, ...); 307 | #else 308 | #define DISPLAY_BYTES(A,B,C,D,...) 309 | #endif 310 | #endif 311 | 312 | #ifdef CONFIG_SSL_CERT_VERIFICATION 313 | int process_certificate(SSL *ssl, X509_CTX **x509_ctx); 314 | #endif 315 | 316 | SSL_SESSION *ssl_session_update(int max_sessions, 317 | SSL_SESSION *ssl_sessions[], SSL *ssl, 318 | const uint8_t *session_id); 319 | void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl); 320 | 321 | #ifdef __cplusplus 322 | } 323 | #endif 324 | 325 | #endif 326 | -------------------------------------------------------------------------------- /crypto/md5.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, Cameron Rich 3 | * 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * * Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * * Redistributions in binary form must reproduce the above copyright notice, 12 | * this list of conditions and the following disclaimer in the documentation 13 | * and/or other materials provided with the distribution. 14 | * * Neither the name of the axTLS project nor the names of its contributors 15 | * may be used to endorse or promote products derived from this software 16 | * without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | */ 30 | 31 | /** 32 | * This file implements the MD5 algorithm as defined in RFC1321 33 | */ 34 | 35 | #include 36 | #include "os_port.h" 37 | #include "crypto.h" 38 | 39 | /* Constants for MD5Transform routine. 40 | */ 41 | #define S11 7 42 | #define S12 12 43 | #define S13 17 44 | #define S14 22 45 | #define S21 5 46 | #define S22 9 47 | #define S23 14 48 | #define S24 20 49 | #define S31 4 50 | #define S32 11 51 | #define S33 16 52 | #define S34 23 53 | #define S41 6 54 | #define S42 10 55 | #define S43 15 56 | #define S44 21 57 | 58 | /* ----- static functions ----- */ 59 | static void MD5Transform(uint32_t state[4], const uint8_t block[64]); 60 | static void Encode(uint8_t *output, uint32_t *input, uint32_t len); 61 | static void Decode(uint32_t *output, const uint8_t *input, uint32_t len); 62 | 63 | static const uint8_t PADDING[64] PROGMEM = 64 | { 65 | 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 66 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 67 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 68 | }; 69 | 70 | /* F, G, H and I are basic MD5 functions. 71 | */ 72 | #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) 73 | #define G(x, y, z) (((x) & (z)) | ((y) & (~z))) 74 | #define H(x, y, z) ((x) ^ (y) ^ (z)) 75 | #define I(x, y, z) ((y) ^ ((x) | (~z))) 76 | 77 | /* ROTATE_LEFT rotates x left n bits. */ 78 | #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) 79 | 80 | /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. 81 | Rotation is separate from addition to prevent recomputation. */ 82 | #define FF(a, b, c, d, x, s, ac) { \ 83 | (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \ 84 | (a) = ROTATE_LEFT ((a), (s)); \ 85 | (a) += (b); \ 86 | } 87 | #define GG(a, b, c, d, x, s, ac) { \ 88 | (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \ 89 | (a) = ROTATE_LEFT ((a), (s)); \ 90 | (a) += (b); \ 91 | } 92 | #define HH(a, b, c, d, x, s, ac) { \ 93 | (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \ 94 | (a) = ROTATE_LEFT ((a), (s)); \ 95 | (a) += (b); \ 96 | } 97 | #define II(a, b, c, d, x, s, ac) { \ 98 | (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \ 99 | (a) = ROTATE_LEFT ((a), (s)); \ 100 | (a) += (b); \ 101 | } 102 | 103 | /** 104 | * MD5 initialization - begins an MD5 operation, writing a new ctx. 105 | */ 106 | EXP_FUNC void STDCALL MD5_Init(MD5_CTX *ctx) 107 | { 108 | ctx->count[0] = ctx->count[1] = 0; 109 | 110 | /* Load magic initialization constants. 111 | */ 112 | ctx->state[0] = 0x67452301; 113 | ctx->state[1] = 0xefcdab89; 114 | ctx->state[2] = 0x98badcfe; 115 | ctx->state[3] = 0x10325476; 116 | } 117 | 118 | /** 119 | * Accepts an array of octets as the next portion of the message. 120 | */ 121 | EXP_FUNC void STDCALL MD5_Update(MD5_CTX *ctx, const uint8_t * msg, int len) 122 | { 123 | uint32_t x; 124 | int i, partLen; 125 | 126 | /* Compute number of bytes mod 64 */ 127 | x = (uint32_t)((ctx->count[0] >> 3) & 0x3F); 128 | 129 | /* Update number of bits */ 130 | if ((ctx->count[0] += ((uint32_t)len << 3)) < ((uint32_t)len << 3)) 131 | ctx->count[1]++; 132 | ctx->count[1] += ((uint32_t)len >> 29); 133 | 134 | partLen = 64 - x; 135 | 136 | /* Transform as many times as possible. */ 137 | if (len >= partLen) 138 | { 139 | memcpy(&ctx->buffer[x], msg, partLen); 140 | MD5Transform(ctx->state, ctx->buffer); 141 | 142 | for (i = partLen; i + 63 < len; i += 64) 143 | MD5Transform(ctx->state, &msg[i]); 144 | 145 | x = 0; 146 | } 147 | else 148 | i = 0; 149 | 150 | /* Buffer remaining input */ 151 | memcpy(&ctx->buffer[x], &msg[i], len-i); 152 | } 153 | 154 | /** 155 | * Return the 128-bit message digest into the user's array 156 | */ 157 | EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx) 158 | { 159 | uint8_t bits[8]; 160 | uint32_t x, padLen; 161 | #ifdef WITH_PGM_READ_HELPER 162 | uint8_t PADDING_stack[64]; 163 | memcpy(PADDING_stack, PADDING, 64); 164 | #endif 165 | /* Save number of bits */ 166 | Encode(bits, ctx->count, 8); 167 | 168 | /* Pad out to 56 mod 64. 169 | */ 170 | x = (uint32_t)((ctx->count[0] >> 3) & 0x3f); 171 | padLen = (x < 56) ? (56 - x) : (120 - x); 172 | #ifdef WITH_PGM_READ_HELPER 173 | MD5_Update(ctx, PADDING_stack, padLen); 174 | #else 175 | MD5_Update(ctx, PADDING, padLen); 176 | #endif 177 | 178 | /* Append length (before padding) */ 179 | MD5_Update(ctx, bits, 8); 180 | 181 | /* Store state in digest */ 182 | Encode(digest, ctx->state, MD5_SIZE); 183 | } 184 | 185 | /** 186 | * MD5 basic transformation. Transforms state based on block. 187 | */ 188 | static void MD5Transform(uint32_t state[4], const uint8_t block[64]) 189 | { 190 | uint32_t a = state[0], b = state[1], c = state[2], 191 | d = state[3], x[MD5_SIZE]; 192 | 193 | Decode(x, block, 64); 194 | 195 | /* Round 1 */ 196 | FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ 197 | FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ 198 | FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ 199 | FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ 200 | FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ 201 | FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ 202 | FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ 203 | FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ 204 | FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ 205 | FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ 206 | FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ 207 | FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ 208 | FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ 209 | FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ 210 | FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ 211 | FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ 212 | 213 | /* Round 2 */ 214 | GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ 215 | GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ 216 | GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ 217 | GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ 218 | GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ 219 | GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ 220 | GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ 221 | GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ 222 | GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ 223 | GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ 224 | GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ 225 | GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ 226 | GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ 227 | GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ 228 | GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ 229 | GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ 230 | 231 | /* Round 3 */ 232 | HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ 233 | HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ 234 | HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ 235 | HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ 236 | HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ 237 | HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ 238 | HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ 239 | HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ 240 | HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ 241 | HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ 242 | HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ 243 | HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ 244 | HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ 245 | HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ 246 | HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ 247 | HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ 248 | 249 | /* Round 4 */ 250 | II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ 251 | II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ 252 | II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ 253 | II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ 254 | II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ 255 | II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ 256 | II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ 257 | II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ 258 | II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ 259 | II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ 260 | II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ 261 | II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ 262 | II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ 263 | II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ 264 | II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ 265 | II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ 266 | 267 | state[0] += a; 268 | state[1] += b; 269 | state[2] += c; 270 | state[3] += d; 271 | } 272 | 273 | /** 274 | * Encodes input (uint32_t) into output (uint8_t). Assumes len is 275 | * a multiple of 4. 276 | */ 277 | static void Encode(uint8_t *output, uint32_t *input, uint32_t len) 278 | { 279 | uint32_t i, j; 280 | 281 | for (i = 0, j = 0; j < len; i++, j += 4) 282 | { 283 | output[j] = (uint8_t)(input[i] & 0xff); 284 | output[j+1] = (uint8_t)((input[i] >> 8) & 0xff); 285 | output[j+2] = (uint8_t)((input[i] >> 16) & 0xff); 286 | output[j+3] = (uint8_t)((input[i] >> 24) & 0xff); 287 | } 288 | } 289 | 290 | /** 291 | * Decodes input (uint8_t) into output (uint32_t). Assumes len is 292 | * a multiple of 4. 293 | */ 294 | static void Decode(uint32_t *output, const uint8_t *input, uint32_t len) 295 | { 296 | uint32_t i, j; 297 | 298 | for (i = 0, j = 0; j < len; i++, j += 4) 299 | output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) | 300 | (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24); 301 | } 302 | -------------------------------------------------------------------------------- /tools/make_certs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2007-2016, Cameron Rich 4 | # 5 | # All rights reserved. 6 | # 7 | # Redistribution and use in source and binary forms, with or without 8 | # modification, are permitted provided that the following conditions are met: 9 | # 10 | # * Redistributions of source code must retain the above copyright notice, 11 | # this list of conditions and the following disclaimer. 12 | # * Redistributions in binary form must reproduce the above copyright 13 | # notice, this list of conditions and the following disclaimer in the 14 | # documentation and/or other materials provided with the distribution. 15 | # * Neither the name of the axTLS project nor the names of its 16 | # contributors may be used to endorse or promote products derived 17 | # from this software without specific prior written permission. 18 | # 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 23 | # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 25 | # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 27 | # OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 28 | # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 | # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | # 31 | 32 | AXDIR=`pwd`/`dirname $0` 33 | CWD=`mktemp -d` && cd $dir 34 | cd $CWD 35 | 36 | # 37 | # Generate the certificates and keys for testing. 38 | # 39 | 40 | PROJECT_NAME="axTLS Project" 41 | 42 | # Generate the openssl configuration files. 43 | cat > ca_cert.conf << EOF 44 | [ req ] 45 | distinguished_name = req_distinguished_name 46 | prompt = no 47 | req_extensions = v3_ca 48 | 49 | [ req_distinguished_name ] 50 | O = $PROJECT_NAME Dodgy Certificate Authority 51 | 52 | [ v3_ca ] 53 | basicConstraints = critical, CA:true 54 | keyUsage = critical, cRLSign, keyCertSign, digitalSignature 55 | EOF 56 | 57 | cat > certs.conf << EOF 58 | [ req ] 59 | distinguished_name = req_distinguished_name 60 | prompt = no 61 | req_extensions = v3_usr_cert 62 | 63 | [ req_distinguished_name ] 64 | O = $PROJECT_NAME 65 | CN = localhost 66 | 67 | [ v3_usr_cert ] 68 | basicConstraints = critical, CA:false 69 | keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment 70 | subjectAltName = @alt_names 71 | 72 | [alt_names] 73 | DNS.1 = www.example.net 74 | DNS.2 = www.example.org 75 | EOF 76 | 77 | cat > device_cert.conf << EOF 78 | [ req ] 79 | distinguished_name = req_distinguished_name 80 | prompt = no 81 | 82 | [ req_distinguished_name ] 83 | O = $PROJECT_NAME Device Certificate 84 | EOF 85 | 86 | cat > intermediate_ca.conf << EOF 87 | [ req ] 88 | distinguished_name = req_distinguished_name 89 | prompt = no 90 | req_extensions = v3_intermediate_ca 91 | 92 | [ req_distinguished_name ] 93 | O = $PROJECT_NAME Intermediate CA 94 | 95 | [ v3_intermediate_ca ] 96 | basicConstraints = critical, CA:true, pathlen:0 97 | keyUsage = cRLSign, keyCertSign, digitalSignature 98 | EOF 99 | 100 | cat > intermediate_ca2.conf << EOF 101 | [ req ] 102 | distinguished_name = req_distinguished_name 103 | prompt = no 104 | req_extensions = v3_intermediate_ca2 105 | 106 | [ req_distinguished_name ] 107 | O = $PROJECT_NAME Intermediate 2 CA 108 | 109 | [ v3_intermediate_ca2 ] 110 | basicConstraints = critical, CA:true, pathlen:10 111 | keyUsage = encipherOnly, keyCertSign, decipherOnly 112 | EOF 113 | 114 | # private key generation 115 | openssl genrsa -out axTLS.ca_key.pem 2048 116 | openssl genrsa -out axTLS.key_1024.pem 1024 117 | openssl genrsa -out axTLS.key_2048.pem 2048 118 | openssl genrsa -out axTLS.key_4096.pem 4096 119 | openssl genrsa -out axTLS.key_device.pem 2048 120 | openssl genrsa -out axTLS.key_intermediate_ca.pem 2048 121 | openssl genrsa -out axTLS.key_intermediate_ca2.pem 2048 122 | openssl genrsa -out axTLS.key_end_chain.pem 2048 123 | openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 1024 124 | openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 1024 125 | 126 | # convert private keys into DER format 127 | openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER 128 | openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER 129 | openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER 130 | 131 | # cert requests 132 | openssl req -out axTLS.ca_x509.csr -key axTLS.ca_key.pem -new \ 133 | -config ./ca_cert.conf 134 | openssl req -out axTLS.x509_1024.csr -key axTLS.key_1024.pem -new \ 135 | -config ./certs.conf 136 | openssl req -out axTLS.x509_2048.csr -key axTLS.key_2048.pem -new \ 137 | -config ./certs.conf 138 | openssl req -out axTLS.x509_4096.csr -key axTLS.key_4096.pem -new \ 139 | -config ./certs.conf 140 | openssl req -out axTLS.x509_device.csr -key axTLS.key_device.pem -new \ 141 | -config ./device_cert.conf 142 | openssl req -out axTLS.x509_intermediate_ca.csr \ 143 | -key axTLS.key_intermediate_ca.pem -new \ 144 | -config ./intermediate_ca.conf 145 | openssl req -out axTLS.x509_intermediate_ca2.csr \ 146 | -key axTLS.key_intermediate_ca2.pem -new \ 147 | -config ./intermediate_ca2.conf 148 | openssl req -out axTLS.x509_end_chain.csr -key axTLS.key_end_chain.pem -new \ 149 | -config ./certs.conf 150 | openssl req -out axTLS.x509_aes128.csr -key axTLS.key_aes128.pem \ 151 | -new -config ./certs.conf -passin pass:abcd 152 | openssl req -out axTLS.x509_aes256.csr -key axTLS.key_aes256.pem \ 153 | -new -config ./certs.conf -passin pass:abcd 154 | 155 | # generate the actual certs. 156 | openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509.pem \ 157 | -sha1 -days 5000 -signkey axTLS.ca_key.pem \ 158 | -CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca 159 | openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509_sha256.pem \ 160 | -sha256 -days 5000 -signkey axTLS.ca_key.pem \ 161 | -CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca 162 | openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024.pem \ 163 | -sha1 -CAcreateserial -days 5000 \ 164 | -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem 165 | openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha256.pem \ 166 | -sha256 -CAcreateserial -days 5000 \ 167 | -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem 168 | openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha384.pem \ 169 | -sha384 -CAcreateserial -days 5000 \ 170 | -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem 171 | openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha512.pem \ 172 | -sha512 -CAcreateserial -days 5000 \ 173 | -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem 174 | openssl x509 -req -in axTLS.x509_2048.csr -out axTLS.x509_2048.pem \ 175 | -sha1 -CAcreateserial -days 5000 \ 176 | -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem 177 | openssl x509 -req -in axTLS.x509_4096.csr -out axTLS.x509_4096.pem \ 178 | -sha1 -CAcreateserial -days 5000 \ 179 | -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem 180 | openssl x509 -req -in axTLS.x509_device.csr -out axTLS.x509_device.pem \ 181 | -sha1 -CAcreateserial -days 5000 \ 182 | -CA axTLS.x509_1024.pem -CAkey axTLS.key_1024.pem 183 | openssl x509 -req -in axTLS.x509_intermediate_ca.csr -out axTLS.x509_intermediate_ca.pem \ 184 | -sha256 -CAcreateserial -days 5000 \ 185 | -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem \ 186 | -extfile ./intermediate_ca.conf -extensions v3_intermediate_ca 187 | openssl x509 -req -in axTLS.x509_intermediate_ca2.csr -out axTLS.x509_intermediate_ca2.pem \ 188 | -sha256 -CAcreateserial -days 5000 \ 189 | -CA axTLS.x509_intermediate_ca.pem \ 190 | -CAkey axTLS.key_intermediate_ca.pem \ 191 | -extfile ./intermediate_ca2.conf -extensions v3_intermediate_ca2 192 | openssl x509 -req -in axTLS.x509_end_chain.csr -out axTLS.x509_end_chain.pem \ 193 | -sha256 -CAcreateserial -days 5000 \ 194 | -CA axTLS.x509_intermediate_ca.pem \ 195 | -CAkey axTLS.key_intermediate_ca.pem \ 196 | -extfile ./certs.conf -extensions v3_usr_cert 197 | # basic constraint path len failure 198 | openssl x509 -req -in axTLS.x509_end_chain.csr \ 199 | -out axTLS.x509_end_chain_bad.pem \ 200 | -sha256 -CAcreateserial -days 5000 \ 201 | -CA axTLS.x509_intermediate_ca2.pem \ 202 | -CAkey axTLS.key_intermediate_ca2.pem \ 203 | -extfile ./certs.conf -extensions v3_usr_cert 204 | cat axTLS.x509_intermediate_ca.pem >> axTLS.x509_intermediate_ca2.pem 205 | openssl x509 -req -in axTLS.x509_aes128.csr \ 206 | -out axTLS.x509_aes128.pem \ 207 | -sha1 -CAcreateserial -days 5000 \ 208 | -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem 209 | openssl x509 -req -in axTLS.x509_aes256.csr \ 210 | -out axTLS.x509_aes256.pem \ 211 | -sha1 -CAcreateserial -days 5000 \ 212 | -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem 213 | 214 | # note: must be root to do this 215 | DATE_NOW=`date` 216 | if date -s "Jan 1 2025"; then 217 | openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_before.pem \ 218 | -sha1 -CAcreateserial -days 365 \ 219 | -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem 220 | date -s "$DATE_NOW" 221 | touch axTLS.x509_bad_before.pem 222 | fi 223 | openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_after.pem \ 224 | -sha1 -CAcreateserial -days -365 \ 225 | -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem 226 | 227 | # some cleanup 228 | rm axTLS*.csr 229 | rm *.srl 230 | rm *.conf 231 | 232 | # need this for the client tests 233 | openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer 234 | openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer 235 | openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer 236 | openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer 237 | 238 | # generate pkcs8 files (use RC4-128 for encryption) 239 | openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8 240 | openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8 241 | openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8 242 | openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8 243 | 244 | # generate pkcs12 files (use RC4-128 for encryption) 245 | openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd 246 | openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_without_CA" -out axTLS.withoutCA.p12 -password pass:abcd 247 | openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -out axTLS.noname.p12 -password pass:abcd 248 | 249 | # PEM certificate chain 250 | cat axTLS.ca_x509.pem >> axTLS.x509_device.pem 251 | 252 | # set default key/cert for use in the server 253 | xxd -i axTLS.x509_1024.cer | sed -e \ 254 | "s/axTLS_x509_1024_cer/default_certificate/" > $AXDIR/../ssl/cert.h 255 | xxd -i axTLS.key_1024 | sed -e \ 256 | "s/axTLS_key_1024/default_private_key/" > $AXDIR/../ssl/private_key.h 257 | --------------------------------------------------------------------------------