├── .gitignore ├── .gitmodules ├── LICENSE ├── README.md ├── TODO ├── build.sh ├── firmware ├── Makefile.include ├── libopencm3_stm32f1.ld ├── rules.mk ├── src │ ├── Makefile │ ├── cedarkey.c │ ├── common.h │ └── mbedtls │ │ ├── aes.h │ │ ├── aesni.h │ │ ├── arc4.h │ │ ├── asn1.h │ │ ├── asn1write.h │ │ ├── base64.h │ │ ├── bignum.h │ │ ├── blowfish.h │ │ ├── bn_mul.h │ │ ├── camellia.h │ │ ├── ccm.h │ │ ├── certs.h │ │ ├── check_config.h │ │ ├── cipher.h │ │ ├── cipher_internal.h │ │ ├── cmac.h │ │ ├── compat-1.3.h │ │ ├── config.h │ │ ├── ctr_drbg.h │ │ ├── debug.h │ │ ├── des.h │ │ ├── dhm.h │ │ ├── ecdh.h │ │ ├── ecdsa.h │ │ ├── ecjpake.h │ │ ├── ecp.h │ │ ├── ecp_internal.h │ │ ├── entropy.h │ │ ├── entropy_poll.h │ │ ├── error.h │ │ ├── gcm.h │ │ ├── havege.h │ │ ├── hmac_drbg.h │ │ ├── md.h │ │ ├── md2.h │ │ ├── md4.h │ │ ├── md5.h │ │ ├── md_internal.h │ │ ├── memory_buffer_alloc.h │ │ ├── net.h │ │ ├── net_sockets.h │ │ ├── oid.h │ │ ├── padlock.h │ │ ├── pem.h │ │ ├── pk.h │ │ ├── pk_internal.h │ │ ├── pkcs11.h │ │ ├── pkcs12.h │ │ ├── pkcs5.h │ │ ├── platform.h │ │ ├── platform_time.h │ │ ├── ripemd160.h │ │ ├── rsa.h │ │ ├── sha1.h │ │ ├── sha256.h │ │ ├── sha512.h │ │ ├── ssl.h │ │ ├── ssl_cache.h │ │ ├── ssl_ciphersuites.h │ │ ├── ssl_cookie.h │ │ ├── ssl_internal.h │ │ ├── ssl_ticket.h │ │ ├── threading.h │ │ ├── timing.h │ │ ├── version.h │ │ ├── x509.h │ │ ├── x509_crl.h │ │ ├── x509_crt.h │ │ ├── x509_csr.h │ │ └── xtea.h └── stm32-h103.ld ├── howto ├── 99-ttyacms.rules ├── bluepill.jpg ├── dupont_female.jpg └── geekbuying_stlink.jpg └── userspace ├── Makefile └── cedaragent.c /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Object files 5 | *.o 6 | *.ko 7 | *.obj 8 | *.elf 9 | 10 | # Linker output 11 | *.ilk 12 | *.map 13 | *.exp 14 | 15 | # Precompiled Headers 16 | *.gch 17 | *.pch 18 | 19 | # Libraries 20 | *.lib 21 | *.a 22 | *.la 23 | *.lo 24 | 25 | # Shared objects (inc. Windows DLLs) 26 | *.dll 27 | *.so 28 | *.so.* 29 | *.dylib 30 | 31 | # Executables 32 | *.exe 33 | *.out 34 | *.app 35 | *.i*86 36 | *.x86_64 37 | *.hex 38 | 39 | # Debug files 40 | *.dSYM/ 41 | *.su 42 | *.idb 43 | *.pdb 44 | 45 | # Kernel Module Compile Results 46 | *.mod* 47 | *.cmd 48 | .tmp_versions/ 49 | modules.order 50 | Module.symvers 51 | Mkfile.old 52 | dkms.conf 53 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "firmware/libopencm3"] 2 | path = firmware/libopencm3 3 | url = https://github.com/libopencm3/libopencm3 4 | [submodule "mbedtls"] 5 | path = mbedtls 6 | url = https://github.com/ARMmbed/mbedtls.git 7 | [submodule "libscrypt"] 8 | path = libscrypt 9 | url = https://github.com/technion/libscrypt.git 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | CedarKey Security Kit 2 | ===================== 3 | 4 | # Secure SSH Key Storage 5 | 6 | This project is mostly intended to protect from "software" (trojans, etc.) extraction of ssh key and to provide more reliable method of storing keys than just keeping them on disk storage. 7 | It might not be as protected as smartcard against all physical attacks, however in some cases, it is more protected as it's transparent and wont have hidden backdoors like smartcards (e.g., [CVE-2017-15361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15361)) and uses very simple protocol to reduce probability of software exploits using "corner cases" of protocol, such as, for example ASN.1 prone to have overflows and leaks ([MITKRB5-SA-2009-002](https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt), [MS04-007](https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2004/ms04-007), [CAN-2003-0545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0545) and much more), due implementation complexity. 8 | 9 | The most important feature is the smallest possible size of the firmware. 10 | This will allow you to have a hardware dongle that can keep 3+ RSA4096(DER encoding) on 64k flash, or whopping 30 keys in 128k flash. 11 | As alternative you can take a look to [gnuk](https://www.fsij.org/category/gnuk.html), but it generates 110592 bytes firmware (current git snapshot), while Blue Pill have only 64k flash (officially). 12 | 13 | # Q&A 14 | * Q: What is Blinker feature? 15 | * A: On key sign you will be asked for password, you should count blinks on dongle and enter number from 1 to 6. If answer is incorrect - dongle will lock down(ignore any further commands), keep blinking each second until you physically unplug it, and plug back. This is semi-replacement of "touch confirmation" as Blue Pill don't have hardware buttons. 16 | * Q: What is difference with gnuk? 17 | * A: 18 | * Cons: Not standards compliant in matters of communication with host, we use own protocol instead of smartcard/pgp 19 | * Pros: You can use our key on guest PC without asking admin to install smartcard libraries and support, it just have to detect ACM device. 20 | Also we support from RSA-1024 to RSA-4096(gnuk is RSA-2048) and keys are encrypted by AES256, instead of AES128 21 | At the moment private keys protection at gnuk is weak, as they are limited with simple KDF and if you don't have very long password, it might be feasible to crack it by bruteforcing. We are using double-KDF (host based + IC based). 22 | 23 | # Quickstart (under development) 24 | ## Required Hardware: 25 | 1. STM32F103 board with SWD header (for example [Blue Pill](http://wiki.stm32duino.com/index.php?title=Blue_Pill)) 26 | 2. ST-Link V2 programmer (you can use j-link or others, but they are not covered in quickstart) 27 | 3. 3x female-female wires 28 | ## Software: 29 | 1. https://github.com/texane/stlink 30 | 2. cross-compiler for arm arm-none-eabi (for example Ubuntu - gcc-arm-none-eabi package) 31 | 32 | ## Preparing hardware 33 | ### Connect your stm32f103 board to st-link 34 | * GND to GND 35 | * DCLK to DCLK 36 | * DIO to DIO 37 | 38 | Small visual guide exist in wiki: https://github.com/nuclearcat/cedarkey/wiki 39 | 40 | ### Compiling firmware 41 | * git submodule update --init 42 | * cd firmware/libopencm3 43 | * make 44 | * cd ../../libscrypt 45 | * make 46 | * cd ../firmware/src 47 | * make cedarkey.bin 48 | ### Flashing firmware (if everything compiled fine) 49 | * st-flash erase 50 | * make cedarkey.stlink-flash 51 | * Unplug device from USB port and plug back. It should be detected as ttyACM device in dmesg 52 | ### Compiling userspace 53 | * cd ../../userspace 54 | * make 55 | * (optional) sudo make install 56 | ### Initial configuration 57 | * ./cedaragent -s /dev/ttyACM0 -n 58 | It is not very critical to have complex/long pin, as it doesn't serve as protection layer against decrypting. It's purpose is just to allow/deny access to device. 59 | ### Adding keys 60 | * ./cedaragent -s /dev/ttyACM0 -p (your pin) -w (path to key) -v -D 61 | * IMPORTANT! Please choose strong password for your keys. I suggest at least 12 characters, alphanumeric in different case, and special characters (except character ~). This password is used to encrypt your keys, and in case if device firmware extracted, it will buy you time, until hackers decrypt your keys. Or if it is enough long, it will make decryption infeasible. 62 | * Note: At the moment it is better to have same password for all keys, if you want them to work automatically. If password is different, you need to launch agent for each one, 63 | specifying key id with flag -k. This will be fixed in future releases. 64 | ### Running it! 65 | * ./cedaragent -s /dev/ttyACM0 -p <> -b ssh-askpass -a ssh-askpass 66 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | Make short report for top functions size on compile? 2 | nm -S --size-sort -t d cedarkey.elf 3 | 4 | Awesome idea of kees99, porting to ST-Link clone, https://blog.danman.eu/2-usb-crypto-token-for-use-with-gpg-and-ssh/ 5 | 6 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z "$1" ]; then 3 | echo "Usage: ${0} command" 4 | cat << EOF 5 | prepare - fetch associated submodules 6 | build - build firmware and userspace 7 | flash - install firmware to key over st-link 8 | blank - erase all data from cedarkey 9 | EOF 10 | fi 11 | 12 | if [ "$1" == "prepare" ]; then 13 | git submodule update --init 14 | #cd scrypt 15 | #git checkout 1.2.1 16 | fi 17 | 18 | if [ "$1" == "build" ]; then 19 | cd firmware/libopencm3 20 | make 21 | cd ../src 22 | make cedarkey.bin 23 | cd ../../libscrypt 24 | make 25 | cd ../userspace 26 | make 27 | fi 28 | 29 | if [ "$1" == "flash" ]; then 30 | cd firmware/src 31 | make cedarkey.stlink-flash 32 | fi 33 | 34 | if [ "$1" == "blank" ]; then 35 | st-flash erase 36 | fi 37 | -------------------------------------------------------------------------------- /firmware/Makefile.include: -------------------------------------------------------------------------------- 1 | ## 2 | ## This file is part of the libopencm3 project. 3 | ## 4 | ## Copyright (C) 2009 Uwe Hermann 5 | ## Copyright (C) 2010 Piotr Esden-Tempski 6 | ## 7 | ## This library is free software: you can redistribute it and/or modify 8 | ## it under the terms of the GNU Lesser General Public License as published by 9 | ## the Free Software Foundation, either version 3 of the License, or 10 | ## (at your option) any later version. 11 | ## 12 | ## This library is distributed in the hope that it will be useful, 13 | ## but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ## GNU Lesser General Public License for more details. 16 | ## 17 | ## You should have received a copy of the GNU Lesser General Public License 18 | ## along with this library. If not, see . 19 | ## 20 | 21 | LIBNAME = opencm3_stm32f1 22 | DEFS += -DSTM32F1 23 | 24 | FP_FLAGS ?= -msoft-float 25 | ARCH_FLAGS = -mthumb -mcpu=cortex-m3 $(FP_FLAGS) -mfix-cortex-m3-ldrd 26 | 27 | ################################################################################ 28 | # OpenOCD specific variables 29 | 30 | OOCD ?= openocd 31 | OOCD_INTERFACE ?= flossjtag 32 | OOCD_TARGET ?= stm32f1x 33 | 34 | ################################################################################ 35 | # Black Magic Probe specific variables 36 | # Set the BMP_PORT to a serial port and then BMP is used for flashing 37 | BMP_PORT ?= 38 | 39 | ################################################################################ 40 | # texane/stlink specific variables 41 | #STLINK_PORT ?= :4242 42 | 43 | 44 | include ../rules.mk 45 | -------------------------------------------------------------------------------- /firmware/libopencm3_stm32f1.ld: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of the libopencm3 project. 3 | * 4 | * Copyright (C) 2009 Uwe Hermann 5 | * 6 | * This library is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU Lesser General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This library is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public License 17 | * along with this library. If not, see . 18 | */ 19 | 20 | /* Generic linker script for STM32 targets using libopencm3. */ 21 | 22 | /* Memory regions must be defined in the ld script which includes this one. */ 23 | 24 | /* Enforce emmition of the vector table. */ 25 | EXTERN (vector_table) 26 | 27 | /* Define the entry point of the output file. */ 28 | ENTRY(reset_handler) 29 | 30 | /* Define sections. */ 31 | SECTIONS 32 | { 33 | .text : { 34 | *(.vectors) /* Vector table */ 35 | *(.text*) /* Program code */ 36 | . = ALIGN(4); 37 | *(.rodata*) /* Read-only data */ 38 | . = ALIGN(4); 39 | } >rom 40 | 41 | /* C++ Static constructors/destructors, also used for __attribute__ 42 | * ((constructor)) and the likes */ 43 | .preinit_array : { 44 | . = ALIGN(4); 45 | __preinit_array_start = .; 46 | KEEP (*(.preinit_array)) 47 | __preinit_array_end = .; 48 | } >rom 49 | .init_array : { 50 | . = ALIGN(4); 51 | __init_array_start = .; 52 | KEEP (*(SORT(.init_array.*))) 53 | KEEP (*(.init_array)) 54 | __init_array_end = .; 55 | } >rom 56 | .fini_array : { 57 | . = ALIGN(4); 58 | __fini_array_start = .; 59 | KEEP (*(.fini_array)) 60 | KEEP (*(SORT(.fini_array.*))) 61 | __fini_array_end = .; 62 | } >rom 63 | 64 | /* 65 | * Another section used by C++ stuff, appears when using newlib with 66 | * 64bit (long long) printf support 67 | */ 68 | .ARM.extab : { 69 | *(.ARM.extab*) 70 | } >rom 71 | .ARM.exidx : { 72 | __exidx_start = .; 73 | *(.ARM.exidx*) 74 | __exidx_end = .; 75 | } >rom 76 | 77 | . = ALIGN(4); 78 | _etext = .; 79 | 80 | .data : { 81 | _data = .; 82 | *(.data*) /* Read-write initialized data */ 83 | . = ALIGN(4); 84 | _edata = .; 85 | } >ram AT >rom 86 | _data_loadaddr = LOADADDR(.data); 87 | 88 | .bss : { 89 | *(.bss*) /* Read-write zero initialized data */ 90 | *(COMMON) 91 | . = ALIGN(4); 92 | _ebss = .; 93 | } >ram 94 | 95 | /* 96 | * The .eh_frame section appears to be used for C++ exception handling. 97 | * You may need to fix this if you're using C++. 98 | */ 99 | /DISCARD/ : { *(.eh_frame) } 100 | 101 | . = ALIGN(4); 102 | end = .; 103 | } 104 | 105 | PROVIDE(_stack = ORIGIN(ram) + LENGTH(ram)); 106 | 107 | -------------------------------------------------------------------------------- /firmware/rules.mk: -------------------------------------------------------------------------------- 1 | ## 2 | ## This file is part of the libopencm3 project. 3 | ## 4 | ## Copyright (C) 2009 Uwe Hermann 5 | ## Copyright (C) 2010 Piotr Esden-Tempski 6 | ## Copyright (C) 2013 Frantisek Burian 7 | ## 8 | ## This library is free software: you can redistribute it and/or modify 9 | ## it under the terms of the GNU Lesser General Public License as published by 10 | ## the Free Software Foundation, either version 3 of the License, or 11 | ## (at your option) any later version. 12 | ## 13 | ## This library is distributed in the hope that it will be useful, 14 | ## but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | ## GNU Lesser General Public License for more details. 17 | ## 18 | ## You should have received a copy of the GNU Lesser General Public License 19 | ## along with this library. If not, see . 20 | ## 21 | 22 | # Be silent per default, but 'make V=1' will show all compiler calls. 23 | ifneq ($(V),1) 24 | Q := @ 25 | NULL := 2>/dev/null 26 | endif 27 | 28 | ############################################################################### 29 | # Executables 30 | 31 | PREFIX ?= arm-none-eabi 32 | 33 | CC := $(PREFIX)-gcc 34 | CXX := $(PREFIX)-g++ 35 | LD := $(PREFIX)-gcc 36 | AR := $(PREFIX)-ar 37 | AS := $(PREFIX)-as 38 | OBJCOPY := $(PREFIX)-objcopy 39 | OBJDUMP := $(PREFIX)-objdump 40 | GDB := $(PREFIX)-gdb 41 | STFLASH = $(shell which st-flash) 42 | STYLECHECK := /checkpatch.pl 43 | STYLECHECKFLAGS := --no-tree -f --terse --mailback 44 | STYLECHECKFILES := $(shell find . -name '*.[ch]') 45 | OPT := -Os 46 | CSTD ?= -std=c99 47 | 48 | 49 | ############################################################################### 50 | # Source files 51 | 52 | OBJS += $(BINARY).o 53 | 54 | 55 | ifeq ($(strip $(OPENCM3_DIR)),) 56 | # user has not specified the library path, so we try to detect it 57 | 58 | # where we search for the library 59 | LIBPATHS := ../libopencm3 60 | 61 | OPENCM3_DIR := $(wildcard $(LIBPATHS:=/locm3.sublime-project)) 62 | OPENCM3_DIR := $(firstword $(dir $(OPENCM3_DIR))) 63 | 64 | ifeq ($(strip $(OPENCM3_DIR)),) 65 | $(warning Cannot find libopencm3 library in the standard search paths.) 66 | $(error Please specify it through OPENCM3_DIR variable!) 67 | endif 68 | endif 69 | 70 | ifeq ($(V),1) 71 | $(info Using $(OPENCM3_DIR) path to library) 72 | endif 73 | 74 | define ERR_DEVICE_LDSCRIPT_CONFLICT 75 | You can either specify DEVICE=blah, and have the LDSCRIPT generated, 76 | or you can provide LDSCRIPT, and ensure CPPFLAGS, LDFLAGS and LDLIBS 77 | all contain the correct values for the target you wish to use. 78 | You cannot provide both! 79 | endef 80 | 81 | ifeq ($(strip $(DEVICE)),) 82 | # Old style, assume LDSCRIPT exists 83 | DEFS += -I$(OPENCM3_DIR)/include 84 | LDFLAGS += -L$(OPENCM3_DIR)/lib 85 | LDLIBS += -l$(LIBNAME) 86 | LDSCRIPT ?= $(BINARY).ld 87 | else 88 | # New style, assume device is provided, and we're generating the rest. 89 | ifneq ($(strip $(LDSCRIPT)),) 90 | $(error $(ERR_DEVICE_LDSCRIPT_CONFLICT)) 91 | endif 92 | include $(OPENCM3_DIR)/mk/genlink-config.mk 93 | endif 94 | 95 | OPENCM3_SCRIPT_DIR = $(OPENCM3_DIR)/scripts 96 | EXAMPLES_SCRIPT_DIR = $(OPENCM3_DIR)/../scripts 97 | 98 | ############################################################################### 99 | # C flags 100 | 101 | TGT_CFLAGS += $(OPT) $(CSTD) -g 102 | TGT_CFLAGS += $(ARCH_FLAGS) 103 | TGT_CFLAGS += -Wextra -Wshadow -Wimplicit-function-declaration 104 | TGT_CFLAGS += -Wredundant-decls -Wmissing-prototypes -Wstrict-prototypes 105 | TGT_CFLAGS += -fno-common -ffunction-sections -fdata-sections 106 | 107 | ############################################################################### 108 | # C++ flags 109 | 110 | TGT_CXXFLAGS += $(OPT) $(CXXSTD) -g 111 | TGT_CXXFLAGS += $(ARCH_FLAGS) 112 | TGT_CXXFLAGS += -Wextra -Wshadow -Wredundant-decls -Weffc++ 113 | TGT_CXXFLAGS += -fno-common -ffunction-sections -fdata-sections 114 | 115 | ############################################################################### 116 | # C & C++ preprocessor common flags 117 | 118 | TGT_CPPFLAGS += -MD 119 | TGT_CPPFLAGS += -Wall -Wundef 120 | TGT_CPPFLAGS += $(DEFS) 121 | 122 | ############################################################################### 123 | # Linker flags 124 | 125 | TGT_LDFLAGS += --static -nostartfiles 126 | TGT_LDFLAGS += -T$(LDSCRIPT) 127 | TGT_LDFLAGS += $(ARCH_FLAGS) 128 | TGT_LDFLAGS += -Wl,-Map=$(*).map 129 | TGT_LDFLAGS += -Wl,--gc-sections 130 | ifeq ($(V),99) 131 | TGT_LDFLAGS += -Wl,--print-gc-sections 132 | endif 133 | 134 | ############################################################################### 135 | # Used libraries 136 | 137 | LDLIBS += -Wl,--start-group -lc -lgcc -lnosys -Wl,--end-group 138 | 139 | ############################################################################### 140 | ############################################################################### 141 | ############################################################################### 142 | 143 | .SUFFIXES: .elf .bin .hex .srec .list .map .images 144 | .SECONDEXPANSION: 145 | .SECONDARY: 146 | 147 | all: elf 148 | 149 | elf: $(BINARY).elf 150 | bin: $(BINARY).bin 151 | hex: $(BINARY).hex 152 | srec: $(BINARY).srec 153 | list: $(BINARY).list 154 | 155 | images: $(BINARY).images 156 | flash: $(BINARY).flash 157 | 158 | # Either verify the user provided LDSCRIPT exists, or generate it. 159 | ifeq ($(strip $(DEVICE)),) 160 | $(LDSCRIPT): 161 | ifeq (,$(wildcard $(LDSCRIPT))) 162 | $(error Unable to find specified linker script: $(LDSCRIPT)) 163 | endif 164 | else 165 | include $(OPENCM3_DIR)/mk/genlink-rules.mk 166 | endif 167 | 168 | # Define a helper macro for debugging make errors online 169 | # you can type "make print-OPENCM3_DIR" and it will show you 170 | # how that ended up being resolved by all of the included 171 | # makefiles. 172 | print-%: 173 | @echo $*=$($*) 174 | 175 | %.images: %.bin %.hex %.srec %.list %.map 176 | @#printf "*** $* images generated ***\n" 177 | 178 | %.bin: %.elf 179 | @#printf " OBJCOPY $(*).bin\n" 180 | $(Q)$(OBJCOPY) -Obinary $(*).elf $(*).bin 181 | 182 | %.hex: %.elf 183 | @#printf " OBJCOPY $(*).hex\n" 184 | $(Q)$(OBJCOPY) -Oihex $(*).elf $(*).hex 185 | 186 | %.srec: %.elf 187 | @#printf " OBJCOPY $(*).srec\n" 188 | $(Q)$(OBJCOPY) -Osrec $(*).elf $(*).srec 189 | 190 | %.list: %.elf 191 | @#printf " OBJDUMP $(*).list\n" 192 | $(Q)$(OBJDUMP) -S $(*).elf > $(*).list 193 | 194 | %.elf %.map: $(OBJS) $(LDSCRIPT) 195 | @#printf " LD $(*).elf\n" 196 | $(Q)$(LD) $(TGT_LDFLAGS) $(LDFLAGS) $(OBJS) $(LDLIBS) -o $(*).elf 197 | 198 | %.o: %.c 199 | @#printf " CC $(*).c\n" 200 | $(Q)$(CC) $(TGT_CFLAGS) $(CFLAGS) $(TGT_CPPFLAGS) $(CPPFLAGS) -o $@ -c $< 201 | 202 | %.o: %.cxx 203 | @#printf " CXX $(*).cxx\n" 204 | $(Q)$(CXX) $(TGT_CXXFLAGS) $(CXXFLAGS) $(TGT_CPPFLAGS) $(CPPFLAGS) -o $(*).o -c $(*).cxx 205 | 206 | %.o: %.cpp 207 | @#printf " CXX $(*).cpp\n" 208 | $(Q)$(CXX) $(TGT_CXXFLAGS) $(CXXFLAGS) $(TGT_CPPFLAGS) $(CPPFLAGS) -o $(*).o -c $(*).cpp 209 | 210 | clean: 211 | @#printf " CLEAN\n" 212 | $(Q)$(RM) *.o *.d *.elf *.bin *.hex *.srec *.list *.map generated.* ${OBJS} ${OBJS:%.o:%.d} 213 | 214 | stylecheck: $(STYLECHECKFILES:=.stylecheck) 215 | styleclean: $(STYLECHECKFILES:=.styleclean) 216 | 217 | # the cat is due to multithreaded nature - we like to have consistent chunks of text on the output 218 | %.stylecheck: % 219 | $(Q)$(OPENCM3_SCRIPT_DIR)$(STYLECHECK) $(STYLECHECKFLAGS) $* > $*.stylecheck; \ 220 | if [ -s $*.stylecheck ]; then \ 221 | cat $*.stylecheck; \ 222 | else \ 223 | rm -f $*.stylecheck; \ 224 | fi; 225 | 226 | %.styleclean: 227 | $(Q)rm -f $*.stylecheck; 228 | 229 | 230 | %.stlink-flash: %.bin 231 | @printf " FLASH $<\n" 232 | $(STFLASH) write $(*).bin 0x8000000 233 | 234 | ifeq ($(BMP_PORT),) 235 | ifeq ($(OOCD_FILE),) 236 | %.flash: %.elf 237 | @printf " FLASH $<\n" 238 | (echo "halt; program $(realpath $(*).elf) verify reset" | nc -4 localhost 4444 2>/dev/null) || \ 239 | $(OOCD) -f interface/$(OOCD_INTERFACE).cfg \ 240 | -f target/$(OOCD_TARGET).cfg \ 241 | -c "program $(*).elf verify reset exit" \ 242 | $(NULL) 243 | else 244 | %.flash: %.elf 245 | @printf " FLASH $<\n" 246 | (echo "halt; program $(realpath $(*).elf) verify reset" | nc -4 localhost 4444 2>/dev/null) || \ 247 | $(OOCD) -f $(OOCD_FILE) \ 248 | -c "program $(*).elf verify reset exit" \ 249 | $(NULL) 250 | endif 251 | else 252 | %.flash: %.elf 253 | @printf " GDB $(*).elf (flash)\n" 254 | $(GDB) --batch \ 255 | -ex 'target extended-remote $(BMP_PORT)' \ 256 | -x $(EXAMPLES_SCRIPT_DIR)/black_magic_probe_flash.scr \ 257 | $(*).elf 258 | endif 259 | 260 | .PHONY: images clean stylecheck styleclean elf bin hex srec list 261 | 262 | -include $(OBJS:.o=.d) 263 | -------------------------------------------------------------------------------- /firmware/src/Makefile: -------------------------------------------------------------------------------- 1 | ## 2 | ## This file is part of the libopencm3 project. 3 | ## 4 | ## Copyright (C) 2009 Uwe Hermann 5 | ## 6 | ## This library is free software: you can redistribute it and/or modify 7 | ## it under the terms of the GNU Lesser General Public License as published by 8 | ## the Free Software Foundation, either version 3 of the License, or 9 | ## (at your option) any later version. 10 | ## 11 | ## This library is distributed in the hope that it will be useful, 12 | ## but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ## GNU Lesser General Public License for more details. 15 | ## 16 | ## You should have received a copy of the GNU Lesser General Public License 17 | ## along with this library. If not, see . 18 | ## 19 | CFLAGS += -I. -flto 20 | BINARY = cedarkey 21 | 22 | VPATH += ../../mbedtls/library 23 | 24 | 25 | OBJS = sha512.o 26 | OBJS += bignum.o asn1parse.o oid.o 27 | OBJS += pkcs12.o md.o cipher.o 28 | OBJS += des.o aes.o cipher_wrap.o 29 | OBJS += md_wrap.o sha256.o rsa.o 30 | #OBJS += error.o 31 | 32 | LDSCRIPT = ../stm32-h103.ld 33 | 34 | include ../Makefile.include 35 | 36 | -------------------------------------------------------------------------------- /firmware/src/common.h: -------------------------------------------------------------------------------- 1 | #define CFG_BIT_BLINKERLOCK (1 << 0) 2 | #define CFG_BIT_DONOTUSE (1 << 31) 3 | #define VER_TEMPLATE "VXXXX" 4 | /* Including null byte */ 5 | #define VER_LEN 6 6 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/aesni.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file aesni.h 3 | * 4 | * \brief AES-NI for hardware AES acceleration on some Intel processors 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_AESNI_H 24 | #define MBEDTLS_AESNI_H 25 | 26 | #include "aes.h" 27 | 28 | #define MBEDTLS_AESNI_AES 0x02000000u 29 | #define MBEDTLS_AESNI_CLMUL 0x00000002u 30 | 31 | #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \ 32 | ( defined(__amd64__) || defined(__x86_64__) ) && \ 33 | ! defined(MBEDTLS_HAVE_X86_64) 34 | #define MBEDTLS_HAVE_X86_64 35 | #endif 36 | 37 | #if defined(MBEDTLS_HAVE_X86_64) 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /** 44 | * \brief AES-NI features detection routine 45 | * 46 | * \param what The feature to detect 47 | * (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL) 48 | * 49 | * \return 1 if CPU has support for the feature, 0 otherwise 50 | */ 51 | int mbedtls_aesni_has_support( unsigned int what ); 52 | 53 | /** 54 | * \brief AES-NI AES-ECB block en(de)cryption 55 | * 56 | * \param ctx AES context 57 | * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT 58 | * \param input 16-byte input block 59 | * \param output 16-byte output block 60 | * 61 | * \return 0 on success (cannot fail) 62 | */ 63 | int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, 64 | int mode, 65 | const unsigned char input[16], 66 | unsigned char output[16] ); 67 | 68 | /** 69 | * \brief GCM multiplication: c = a * b in GF(2^128) 70 | * 71 | * \param c Result 72 | * \param a First operand 73 | * \param b Second operand 74 | * 75 | * \note Both operands and result are bit strings interpreted as 76 | * elements of GF(2^128) as per the GCM spec. 77 | */ 78 | void mbedtls_aesni_gcm_mult( unsigned char c[16], 79 | const unsigned char a[16], 80 | const unsigned char b[16] ); 81 | 82 | /** 83 | * \brief Compute decryption round keys from encryption round keys 84 | * 85 | * \param invkey Round keys for the equivalent inverse cipher 86 | * \param fwdkey Original round keys (for encryption) 87 | * \param nr Number of rounds (that is, number of round keys minus one) 88 | */ 89 | void mbedtls_aesni_inverse_key( unsigned char *invkey, 90 | const unsigned char *fwdkey, int nr ); 91 | 92 | /** 93 | * \brief Perform key expansion (for encryption) 94 | * 95 | * \param rk Destination buffer where the round keys are written 96 | * \param key Encryption key 97 | * \param bits Key size in bits (must be 128, 192 or 256) 98 | * 99 | * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH 100 | */ 101 | int mbedtls_aesni_setkey_enc( unsigned char *rk, 102 | const unsigned char *key, 103 | size_t bits ); 104 | 105 | #ifdef __cplusplus 106 | } 107 | #endif 108 | 109 | #endif /* MBEDTLS_HAVE_X86_64 */ 110 | 111 | #endif /* MBEDTLS_AESNI_H */ 112 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/arc4.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file arc4.h 3 | * 4 | * \brief The ARCFOUR stream cipher 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_ARC4_H 24 | #define MBEDTLS_ARC4_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | 34 | #if !defined(MBEDTLS_ARC4_ALT) 35 | // Regular implementation 36 | // 37 | 38 | #ifdef __cplusplus 39 | extern "C" { 40 | #endif 41 | 42 | /** 43 | * \brief ARC4 context structure 44 | */ 45 | typedef struct 46 | { 47 | int x; /*!< permutation index */ 48 | int y; /*!< permutation index */ 49 | unsigned char m[256]; /*!< permutation table */ 50 | } 51 | mbedtls_arc4_context; 52 | 53 | /** 54 | * \brief Initialize ARC4 context 55 | * 56 | * \param ctx ARC4 context to be initialized 57 | */ 58 | void mbedtls_arc4_init( mbedtls_arc4_context *ctx ); 59 | 60 | /** 61 | * \brief Clear ARC4 context 62 | * 63 | * \param ctx ARC4 context to be cleared 64 | */ 65 | void mbedtls_arc4_free( mbedtls_arc4_context *ctx ); 66 | 67 | /** 68 | * \brief ARC4 key schedule 69 | * 70 | * \param ctx ARC4 context to be setup 71 | * \param key the secret key 72 | * \param keylen length of the key, in bytes 73 | */ 74 | void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, 75 | unsigned int keylen ); 76 | 77 | /** 78 | * \brief ARC4 cipher function 79 | * 80 | * \param ctx ARC4 context 81 | * \param length length of the input data 82 | * \param input buffer holding the input data 83 | * \param output buffer for the output data 84 | * 85 | * \return 0 if successful 86 | */ 87 | int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, 88 | unsigned char *output ); 89 | 90 | #ifdef __cplusplus 91 | } 92 | #endif 93 | 94 | #else /* MBEDTLS_ARC4_ALT */ 95 | #include "arc4_alt.h" 96 | #endif /* MBEDTLS_ARC4_ALT */ 97 | 98 | #ifdef __cplusplus 99 | extern "C" { 100 | #endif 101 | 102 | /** 103 | * \brief Checkup routine 104 | * 105 | * \return 0 if successful, or 1 if the test failed 106 | */ 107 | int mbedtls_arc4_self_test( int verbose ); 108 | 109 | #ifdef __cplusplus 110 | } 111 | #endif 112 | 113 | #endif /* arc4.h */ 114 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/base64.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file base64.h 3 | * 4 | * \brief RFC 1521 base64 encoding/decoding 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_BASE64_H 24 | #define MBEDTLS_BASE64_H 25 | 26 | #include 27 | 28 | #define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */ 29 | #define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C /**< Invalid character in input. */ 30 | 31 | #ifdef __cplusplus 32 | extern "C" { 33 | #endif 34 | 35 | /** 36 | * \brief Encode a buffer into base64 format 37 | * 38 | * \param dst destination buffer 39 | * \param dlen size of the destination buffer 40 | * \param olen number of bytes written 41 | * \param src source buffer 42 | * \param slen amount of data to be encoded 43 | * 44 | * \return 0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL. 45 | * *olen is always updated to reflect the amount 46 | * of data that has (or would have) been written. 47 | * If that length cannot be represented, then no data is 48 | * written to the buffer and *olen is set to the maximum 49 | * length representable as a size_t. 50 | * 51 | * \note Call this function with dlen = 0 to obtain the 52 | * required buffer size in *olen 53 | */ 54 | int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, 55 | const unsigned char *src, size_t slen ); 56 | 57 | /** 58 | * \brief Decode a base64-formatted buffer 59 | * 60 | * \param dst destination buffer (can be NULL for checking size) 61 | * \param dlen size of the destination buffer 62 | * \param olen number of bytes written 63 | * \param src source buffer 64 | * \param slen amount of data to be decoded 65 | * 66 | * \return 0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or 67 | * MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is 68 | * not correct. *olen is always updated to reflect the amount 69 | * of data that has (or would have) been written. 70 | * 71 | * \note Call this function with *dst = NULL or dlen = 0 to obtain 72 | * the required buffer size in *olen 73 | */ 74 | int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, 75 | const unsigned char *src, size_t slen ); 76 | 77 | /** 78 | * \brief Checkup routine 79 | * 80 | * \return 0 if successful, or 1 if the test failed 81 | */ 82 | int mbedtls_base64_self_test( int verbose ); 83 | 84 | #ifdef __cplusplus 85 | } 86 | #endif 87 | 88 | #endif /* base64.h */ 89 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/blowfish.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file blowfish.h 3 | * 4 | * \brief Blowfish block cipher 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_BLOWFISH_H 24 | #define MBEDTLS_BLOWFISH_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | #include 34 | 35 | #define MBEDTLS_BLOWFISH_ENCRYPT 1 36 | #define MBEDTLS_BLOWFISH_DECRYPT 0 37 | #define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448 38 | #define MBEDTLS_BLOWFISH_MIN_KEY_BITS 32 39 | #define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */ 40 | #define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ 41 | 42 | #define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */ 43 | #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ 44 | 45 | #if !defined(MBEDTLS_BLOWFISH_ALT) 46 | // Regular implementation 47 | // 48 | 49 | #ifdef __cplusplus 50 | extern "C" { 51 | #endif 52 | 53 | /** 54 | * \brief Blowfish context structure 55 | */ 56 | typedef struct 57 | { 58 | uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */ 59 | uint32_t S[4][256]; /*!< key dependent S-boxes */ 60 | } 61 | mbedtls_blowfish_context; 62 | 63 | /** 64 | * \brief Initialize Blowfish context 65 | * 66 | * \param ctx Blowfish context to be initialized 67 | */ 68 | void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ); 69 | 70 | /** 71 | * \brief Clear Blowfish context 72 | * 73 | * \param ctx Blowfish context to be cleared 74 | */ 75 | void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); 76 | 77 | /** 78 | * \brief Blowfish key schedule 79 | * 80 | * \param ctx Blowfish context to be initialized 81 | * \param key encryption key 82 | * \param keybits must be between 32 and 448 bits 83 | * 84 | * \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH 85 | */ 86 | int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key, 87 | unsigned int keybits ); 88 | 89 | /** 90 | * \brief Blowfish-ECB block encryption/decryption 91 | * 92 | * \param ctx Blowfish context 93 | * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT 94 | * \param input 8-byte input block 95 | * \param output 8-byte output block 96 | * 97 | * \return 0 if successful 98 | */ 99 | int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, 100 | int mode, 101 | const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], 102 | unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] ); 103 | 104 | #if defined(MBEDTLS_CIPHER_MODE_CBC) 105 | /** 106 | * \brief Blowfish-CBC buffer encryption/decryption 107 | * Length should be a multiple of the block 108 | * size (8 bytes) 109 | * 110 | * \note Upon exit, the content of the IV is updated so that you can 111 | * call the function same function again on the following 112 | * block(s) of data and get the same result as if it was 113 | * encrypted in one call. This allows a "streaming" usage. 114 | * If on the other hand you need to retain the contents of the 115 | * IV, you should either save it manually or use the cipher 116 | * module instead. 117 | * 118 | * \param ctx Blowfish context 119 | * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT 120 | * \param length length of the input data 121 | * \param iv initialization vector (updated after use) 122 | * \param input buffer holding the input data 123 | * \param output buffer holding the output data 124 | * 125 | * \return 0 if successful, or 126 | * MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH 127 | */ 128 | int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, 129 | int mode, 130 | size_t length, 131 | unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], 132 | const unsigned char *input, 133 | unsigned char *output ); 134 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ 135 | 136 | #if defined(MBEDTLS_CIPHER_MODE_CFB) 137 | /** 138 | * \brief Blowfish CFB buffer encryption/decryption. 139 | * 140 | * \note Upon exit, the content of the IV is updated so that you can 141 | * call the function same function again on the following 142 | * block(s) of data and get the same result as if it was 143 | * encrypted in one call. This allows a "streaming" usage. 144 | * If on the other hand you need to retain the contents of the 145 | * IV, you should either save it manually or use the cipher 146 | * module instead. 147 | * 148 | * \param ctx Blowfish context 149 | * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT 150 | * \param length length of the input data 151 | * \param iv_off offset in IV (updated after use) 152 | * \param iv initialization vector (updated after use) 153 | * \param input buffer holding the input data 154 | * \param output buffer holding the output data 155 | * 156 | * \return 0 if successful 157 | */ 158 | int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, 159 | int mode, 160 | size_t length, 161 | size_t *iv_off, 162 | unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], 163 | const unsigned char *input, 164 | unsigned char *output ); 165 | #endif /*MBEDTLS_CIPHER_MODE_CFB */ 166 | 167 | #if defined(MBEDTLS_CIPHER_MODE_CTR) 168 | /** 169 | * \brief Blowfish-CTR buffer encryption/decryption 170 | * 171 | * Warning: You have to keep the maximum use of your counter in mind! 172 | * 173 | * \param ctx Blowfish context 174 | * \param length The length of the data 175 | * \param nc_off The offset in the current stream_block (for resuming 176 | * within current cipher stream). The offset pointer to 177 | * should be 0 at the start of a stream. 178 | * \param nonce_counter The 64-bit nonce and counter. 179 | * \param stream_block The saved stream-block for resuming. Is overwritten 180 | * by the function. 181 | * \param input The input data stream 182 | * \param output The output data stream 183 | * 184 | * \return 0 if successful 185 | */ 186 | int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, 187 | size_t length, 188 | size_t *nc_off, 189 | unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], 190 | unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], 191 | const unsigned char *input, 192 | unsigned char *output ); 193 | #endif /* MBEDTLS_CIPHER_MODE_CTR */ 194 | 195 | #ifdef __cplusplus 196 | } 197 | #endif 198 | 199 | #else /* MBEDTLS_BLOWFISH_ALT */ 200 | #include "blowfish_alt.h" 201 | #endif /* MBEDTLS_BLOWFISH_ALT */ 202 | 203 | #endif /* blowfish.h */ 204 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/camellia.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file camellia.h 3 | * 4 | * \brief Camellia block cipher 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_CAMELLIA_H 24 | #define MBEDTLS_CAMELLIA_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | #include 34 | 35 | #define MBEDTLS_CAMELLIA_ENCRYPT 1 36 | #define MBEDTLS_CAMELLIA_DECRYPT 0 37 | 38 | #define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */ 39 | #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ 40 | 41 | #if !defined(MBEDTLS_CAMELLIA_ALT) 42 | // Regular implementation 43 | // 44 | 45 | #ifdef __cplusplus 46 | extern "C" { 47 | #endif 48 | 49 | /** 50 | * \brief CAMELLIA context structure 51 | */ 52 | typedef struct 53 | { 54 | int nr; /*!< number of rounds */ 55 | uint32_t rk[68]; /*!< CAMELLIA round keys */ 56 | } 57 | mbedtls_camellia_context; 58 | 59 | /** 60 | * \brief Initialize CAMELLIA context 61 | * 62 | * \param ctx CAMELLIA context to be initialized 63 | */ 64 | void mbedtls_camellia_init( mbedtls_camellia_context *ctx ); 65 | 66 | /** 67 | * \brief Clear CAMELLIA context 68 | * 69 | * \param ctx CAMELLIA context to be cleared 70 | */ 71 | void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); 72 | 73 | /** 74 | * \brief CAMELLIA key schedule (encryption) 75 | * 76 | * \param ctx CAMELLIA context to be initialized 77 | * \param key encryption key 78 | * \param keybits must be 128, 192 or 256 79 | * 80 | * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH 81 | */ 82 | int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key, 83 | unsigned int keybits ); 84 | 85 | /** 86 | * \brief CAMELLIA key schedule (decryption) 87 | * 88 | * \param ctx CAMELLIA context to be initialized 89 | * \param key decryption key 90 | * \param keybits must be 128, 192 or 256 91 | * 92 | * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH 93 | */ 94 | int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key, 95 | unsigned int keybits ); 96 | 97 | /** 98 | * \brief CAMELLIA-ECB block encryption/decryption 99 | * 100 | * \param ctx CAMELLIA context 101 | * \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT 102 | * \param input 16-byte input block 103 | * \param output 16-byte output block 104 | * 105 | * \return 0 if successful 106 | */ 107 | int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, 108 | int mode, 109 | const unsigned char input[16], 110 | unsigned char output[16] ); 111 | 112 | #if defined(MBEDTLS_CIPHER_MODE_CBC) 113 | /** 114 | * \brief CAMELLIA-CBC buffer encryption/decryption 115 | * Length should be a multiple of the block 116 | * size (16 bytes) 117 | * 118 | * \note Upon exit, the content of the IV is updated so that you can 119 | * call the function same function again on the following 120 | * block(s) of data and get the same result as if it was 121 | * encrypted in one call. This allows a "streaming" usage. 122 | * If on the other hand you need to retain the contents of the 123 | * IV, you should either save it manually or use the cipher 124 | * module instead. 125 | * 126 | * \param ctx CAMELLIA context 127 | * \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT 128 | * \param length length of the input data 129 | * \param iv initialization vector (updated after use) 130 | * \param input buffer holding the input data 131 | * \param output buffer holding the output data 132 | * 133 | * \return 0 if successful, or 134 | * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH 135 | */ 136 | int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, 137 | int mode, 138 | size_t length, 139 | unsigned char iv[16], 140 | const unsigned char *input, 141 | unsigned char *output ); 142 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ 143 | 144 | #if defined(MBEDTLS_CIPHER_MODE_CFB) 145 | /** 146 | * \brief CAMELLIA-CFB128 buffer encryption/decryption 147 | * 148 | * Note: Due to the nature of CFB you should use the same key schedule for 149 | * both encryption and decryption. So a context initialized with 150 | * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT. 151 | * 152 | * \note Upon exit, the content of the IV is updated so that you can 153 | * call the function same function again on the following 154 | * block(s) of data and get the same result as if it was 155 | * encrypted in one call. This allows a "streaming" usage. 156 | * If on the other hand you need to retain the contents of the 157 | * IV, you should either save it manually or use the cipher 158 | * module instead. 159 | * 160 | * \param ctx CAMELLIA context 161 | * \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT 162 | * \param length length of the input data 163 | * \param iv_off offset in IV (updated after use) 164 | * \param iv initialization vector (updated after use) 165 | * \param input buffer holding the input data 166 | * \param output buffer holding the output data 167 | * 168 | * \return 0 if successful, or 169 | * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH 170 | */ 171 | int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, 172 | int mode, 173 | size_t length, 174 | size_t *iv_off, 175 | unsigned char iv[16], 176 | const unsigned char *input, 177 | unsigned char *output ); 178 | #endif /* MBEDTLS_CIPHER_MODE_CFB */ 179 | 180 | #if defined(MBEDTLS_CIPHER_MODE_CTR) 181 | /** 182 | * \brief CAMELLIA-CTR buffer encryption/decryption 183 | * 184 | * Warning: You have to keep the maximum use of your counter in mind! 185 | * 186 | * Note: Due to the nature of CTR you should use the same key schedule for 187 | * both encryption and decryption. So a context initialized with 188 | * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT. 189 | * 190 | * \param ctx CAMELLIA context 191 | * \param length The length of the data 192 | * \param nc_off The offset in the current stream_block (for resuming 193 | * within current cipher stream). The offset pointer to 194 | * should be 0 at the start of a stream. 195 | * \param nonce_counter The 128-bit nonce and counter. 196 | * \param stream_block The saved stream-block for resuming. Is overwritten 197 | * by the function. 198 | * \param input The input data stream 199 | * \param output The output data stream 200 | * 201 | * \return 0 if successful 202 | */ 203 | int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, 204 | size_t length, 205 | size_t *nc_off, 206 | unsigned char nonce_counter[16], 207 | unsigned char stream_block[16], 208 | const unsigned char *input, 209 | unsigned char *output ); 210 | #endif /* MBEDTLS_CIPHER_MODE_CTR */ 211 | 212 | #ifdef __cplusplus 213 | } 214 | #endif 215 | 216 | #else /* MBEDTLS_CAMELLIA_ALT */ 217 | #include "camellia_alt.h" 218 | #endif /* MBEDTLS_CAMELLIA_ALT */ 219 | 220 | #ifdef __cplusplus 221 | extern "C" { 222 | #endif 223 | 224 | /** 225 | * \brief Checkup routine 226 | * 227 | * \return 0 if successful, or 1 if the test failed 228 | */ 229 | int mbedtls_camellia_self_test( int verbose ); 230 | 231 | #ifdef __cplusplus 232 | } 233 | #endif 234 | 235 | #endif /* camellia.h */ 236 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/ccm.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ccm.h 3 | * 4 | * \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_CCM_H 24 | #define MBEDTLS_CCM_H 25 | 26 | #include "cipher.h" 27 | 28 | #define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */ 29 | #define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ 30 | 31 | #ifdef __cplusplus 32 | extern "C" { 33 | #endif 34 | 35 | /** 36 | * \brief CCM context structure 37 | */ 38 | typedef struct { 39 | mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */ 40 | } 41 | mbedtls_ccm_context; 42 | 43 | /** 44 | * \brief Initialize CCM context (just makes references valid) 45 | * Makes the context ready for mbedtls_ccm_setkey() or 46 | * mbedtls_ccm_free(). 47 | * 48 | * \param ctx CCM context to initialize 49 | */ 50 | void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); 51 | 52 | /** 53 | * \brief CCM initialization (encryption and decryption) 54 | * 55 | * \param ctx CCM context to be initialized 56 | * \param cipher cipher to use (a 128-bit block cipher) 57 | * \param key encryption key 58 | * \param keybits key size in bits (must be acceptable by the cipher) 59 | * 60 | * \return 0 if successful, or a cipher specific error code 61 | */ 62 | int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, 63 | mbedtls_cipher_id_t cipher, 64 | const unsigned char *key, 65 | unsigned int keybits ); 66 | 67 | /** 68 | * \brief Free a CCM context and underlying cipher sub-context 69 | * 70 | * \param ctx CCM context to free 71 | */ 72 | void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); 73 | 74 | /** 75 | * \brief CCM buffer encryption 76 | * 77 | * \param ctx CCM context 78 | * \param length length of the input data in bytes 79 | * \param iv nonce (initialization vector) 80 | * \param iv_len length of IV in bytes 81 | * must be 2, 3, 4, 5, 6, 7 or 8 82 | * \param add additional data 83 | * \param add_len length of additional data in bytes 84 | * must be less than 2^16 - 2^8 85 | * \param input buffer holding the input data 86 | * \param output buffer for holding the output data 87 | * must be at least 'length' bytes wide 88 | * \param tag buffer for holding the tag 89 | * \param tag_len length of the tag to generate in bytes 90 | * must be 4, 6, 8, 10, 14 or 16 91 | * 92 | * \note The tag is written to a separate buffer. To get the tag 93 | * concatenated with the output as in the CCM spec, use 94 | * tag = output + length and make sure the output buffer is 95 | * at least length + tag_len wide. 96 | * 97 | * \return 0 if successful 98 | */ 99 | int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, 100 | const unsigned char *iv, size_t iv_len, 101 | const unsigned char *add, size_t add_len, 102 | const unsigned char *input, unsigned char *output, 103 | unsigned char *tag, size_t tag_len ); 104 | 105 | /** 106 | * \brief CCM buffer authenticated decryption 107 | * 108 | * \param ctx CCM context 109 | * \param length length of the input data 110 | * \param iv initialization vector 111 | * \param iv_len length of IV 112 | * \param add additional data 113 | * \param add_len length of additional data 114 | * \param input buffer holding the input data 115 | * \param output buffer for holding the output data 116 | * \param tag buffer holding the tag 117 | * \param tag_len length of the tag 118 | * 119 | * \return 0 if successful and authenticated, 120 | * MBEDTLS_ERR_CCM_AUTH_FAILED if tag does not match 121 | */ 122 | int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, 123 | const unsigned char *iv, size_t iv_len, 124 | const unsigned char *add, size_t add_len, 125 | const unsigned char *input, unsigned char *output, 126 | const unsigned char *tag, size_t tag_len ); 127 | 128 | #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) 129 | /** 130 | * \brief Checkup routine 131 | * 132 | * \return 0 if successful, or 1 if the test failed 133 | */ 134 | int mbedtls_ccm_self_test( int verbose ); 135 | #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ 136 | 137 | #ifdef __cplusplus 138 | } 139 | #endif 140 | 141 | #endif /* MBEDTLS_CCM_H */ 142 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/certs.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file certs.h 3 | * 4 | * \brief Sample certificates and DHM parameters for testing 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_CERTS_H 24 | #define MBEDTLS_CERTS_H 25 | 26 | #include 27 | 28 | #ifdef __cplusplus 29 | extern "C" { 30 | #endif 31 | 32 | #if defined(MBEDTLS_PEM_PARSE_C) 33 | /* Concatenation of all CA certificates in PEM format if available */ 34 | extern const char mbedtls_test_cas_pem[]; 35 | extern const size_t mbedtls_test_cas_pem_len; 36 | #endif 37 | 38 | /* List of all CA certificates, terminated by NULL */ 39 | extern const char * mbedtls_test_cas[]; 40 | extern const size_t mbedtls_test_cas_len[]; 41 | 42 | /* 43 | * Convenience for users who just want a certificate: 44 | * RSA by default, or ECDSA if RSA is not available 45 | */ 46 | extern const char * mbedtls_test_ca_crt; 47 | extern const size_t mbedtls_test_ca_crt_len; 48 | extern const char * mbedtls_test_ca_key; 49 | extern const size_t mbedtls_test_ca_key_len; 50 | extern const char * mbedtls_test_ca_pwd; 51 | extern const size_t mbedtls_test_ca_pwd_len; 52 | extern const char * mbedtls_test_srv_crt; 53 | extern const size_t mbedtls_test_srv_crt_len; 54 | extern const char * mbedtls_test_srv_key; 55 | extern const size_t mbedtls_test_srv_key_len; 56 | extern const char * mbedtls_test_cli_crt; 57 | extern const size_t mbedtls_test_cli_crt_len; 58 | extern const char * mbedtls_test_cli_key; 59 | extern const size_t mbedtls_test_cli_key_len; 60 | 61 | #if defined(MBEDTLS_ECDSA_C) 62 | extern const char mbedtls_test_ca_crt_ec[]; 63 | extern const size_t mbedtls_test_ca_crt_ec_len; 64 | extern const char mbedtls_test_ca_key_ec[]; 65 | extern const size_t mbedtls_test_ca_key_ec_len; 66 | extern const char mbedtls_test_ca_pwd_ec[]; 67 | extern const size_t mbedtls_test_ca_pwd_ec_len; 68 | extern const char mbedtls_test_srv_crt_ec[]; 69 | extern const size_t mbedtls_test_srv_crt_ec_len; 70 | extern const char mbedtls_test_srv_key_ec[]; 71 | extern const size_t mbedtls_test_srv_key_ec_len; 72 | extern const char mbedtls_test_cli_crt_ec[]; 73 | extern const size_t mbedtls_test_cli_crt_ec_len; 74 | extern const char mbedtls_test_cli_key_ec[]; 75 | extern const size_t mbedtls_test_cli_key_ec_len; 76 | #endif 77 | 78 | #if defined(MBEDTLS_RSA_C) 79 | extern const char mbedtls_test_ca_crt_rsa[]; 80 | extern const size_t mbedtls_test_ca_crt_rsa_len; 81 | extern const char mbedtls_test_ca_key_rsa[]; 82 | extern const size_t mbedtls_test_ca_key_rsa_len; 83 | extern const char mbedtls_test_ca_pwd_rsa[]; 84 | extern const size_t mbedtls_test_ca_pwd_rsa_len; 85 | extern const char mbedtls_test_srv_crt_rsa[]; 86 | extern const size_t mbedtls_test_srv_crt_rsa_len; 87 | extern const char mbedtls_test_srv_key_rsa[]; 88 | extern const size_t mbedtls_test_srv_key_rsa_len; 89 | extern const char mbedtls_test_cli_crt_rsa[]; 90 | extern const size_t mbedtls_test_cli_crt_rsa_len; 91 | extern const char mbedtls_test_cli_key_rsa[]; 92 | extern const size_t mbedtls_test_cli_key_rsa_len; 93 | #endif 94 | 95 | #ifdef __cplusplus 96 | } 97 | #endif 98 | 99 | #endif /* certs.h */ 100 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/cipher_internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file cipher_internal.h 3 | * 4 | * \brief Cipher wrappers. 5 | * 6 | * \author Adriaan de Jong 7 | * 8 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 9 | * SPDX-License-Identifier: Apache-2.0 10 | * 11 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 12 | * not use this file except in compliance with the License. 13 | * You may obtain a copy of the License at 14 | * 15 | * http://www.apache.org/licenses/LICENSE-2.0 16 | * 17 | * Unless required by applicable law or agreed to in writing, software 18 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 19 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 | * See the License for the specific language governing permissions and 21 | * limitations under the License. 22 | * 23 | * This file is part of mbed TLS (https://tls.mbed.org) 24 | */ 25 | #ifndef MBEDTLS_CIPHER_WRAP_H 26 | #define MBEDTLS_CIPHER_WRAP_H 27 | 28 | #if !defined(MBEDTLS_CONFIG_FILE) 29 | #include "config.h" 30 | #else 31 | #include MBEDTLS_CONFIG_FILE 32 | #endif 33 | 34 | #include "cipher.h" 35 | 36 | #ifdef __cplusplus 37 | extern "C" { 38 | #endif 39 | 40 | /** 41 | * Base cipher information. The non-mode specific functions and values. 42 | */ 43 | struct mbedtls_cipher_base_t 44 | { 45 | /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */ 46 | mbedtls_cipher_id_t cipher; 47 | 48 | /** Encrypt using ECB */ 49 | int (*ecb_func)( void *ctx, mbedtls_operation_t mode, 50 | const unsigned char *input, unsigned char *output ); 51 | 52 | #if defined(MBEDTLS_CIPHER_MODE_CBC) 53 | /** Encrypt using CBC */ 54 | int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length, 55 | unsigned char *iv, const unsigned char *input, 56 | unsigned char *output ); 57 | #endif 58 | 59 | #if defined(MBEDTLS_CIPHER_MODE_CFB) 60 | /** Encrypt using CFB (Full length) */ 61 | int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off, 62 | unsigned char *iv, const unsigned char *input, 63 | unsigned char *output ); 64 | #endif 65 | 66 | #if defined(MBEDTLS_CIPHER_MODE_CTR) 67 | /** Encrypt using CTR */ 68 | int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, 69 | unsigned char *nonce_counter, unsigned char *stream_block, 70 | const unsigned char *input, unsigned char *output ); 71 | #endif 72 | 73 | #if defined(MBEDTLS_CIPHER_MODE_STREAM) 74 | /** Encrypt using STREAM */ 75 | int (*stream_func)( void *ctx, size_t length, 76 | const unsigned char *input, unsigned char *output ); 77 | #endif 78 | 79 | /** Set key for encryption purposes */ 80 | int (*setkey_enc_func)( void *ctx, const unsigned char *key, 81 | unsigned int key_bitlen ); 82 | 83 | /** Set key for decryption purposes */ 84 | int (*setkey_dec_func)( void *ctx, const unsigned char *key, 85 | unsigned int key_bitlen); 86 | 87 | /** Allocate a new context */ 88 | void * (*ctx_alloc_func)( void ); 89 | 90 | /** Free the given context */ 91 | void (*ctx_free_func)( void *ctx ); 92 | 93 | }; 94 | 95 | typedef struct 96 | { 97 | mbedtls_cipher_type_t type; 98 | const mbedtls_cipher_info_t *info; 99 | } mbedtls_cipher_definition_t; 100 | 101 | extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[]; 102 | 103 | extern int mbedtls_cipher_supported[]; 104 | 105 | #ifdef __cplusplus 106 | } 107 | #endif 108 | 109 | #endif /* MBEDTLS_CIPHER_WRAP_H */ 110 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/cmac.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file cmac.h 3 | * 4 | * \brief Cipher-based Message Authentication Code (CMAC) Mode for 5 | * Authentication 6 | * 7 | * Copyright (C) 2015-2016, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_CMAC_H 25 | #define MBEDTLS_CMAC_H 26 | 27 | #include "mbedtls/cipher.h" 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | #define MBEDTLS_AES_BLOCK_SIZE 16 34 | #define MBEDTLS_DES3_BLOCK_SIZE 8 35 | 36 | #if defined(MBEDTLS_AES_C) 37 | #define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* longest used by CMAC is AES */ 38 | #else 39 | #define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* longest used by CMAC is 3DES */ 40 | #endif 41 | 42 | /** 43 | * CMAC context structure - Contains internal state information only 44 | */ 45 | struct mbedtls_cmac_context_t 46 | { 47 | /** Internal state of the CMAC algorithm */ 48 | unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; 49 | 50 | /** Unprocessed data - either data that was not block aligned and is still 51 | * pending to be processed, or the final block */ 52 | unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX]; 53 | 54 | /** Length of data pending to be processed */ 55 | size_t unprocessed_len; 56 | }; 57 | 58 | /** 59 | * \brief Set the CMAC key and prepare to authenticate the input 60 | * data. 61 | * Should be called with an initialized cipher context. 62 | * 63 | * \param ctx Cipher context. This should be a cipher context, 64 | * initialized to be one of the following types: 65 | * MBEDTLS_CIPHER_AES_128_ECB, MBEDTLS_CIPHER_AES_192_ECB, 66 | * MBEDTLS_CIPHER_AES_256_ECB or 67 | * MBEDTLS_CIPHER_DES_EDE3_ECB. 68 | * \param key CMAC key 69 | * \param keybits length of the CMAC key in bits 70 | * (must be acceptable by the cipher) 71 | * 72 | * \return 0 if successful, or a cipher specific error code 73 | */ 74 | int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, 75 | const unsigned char *key, size_t keybits ); 76 | 77 | /** 78 | * \brief Generic CMAC process buffer. 79 | * Called between mbedtls_cipher_cmac_starts() or 80 | * mbedtls_cipher_cmac_reset() and 81 | * mbedtls_cipher_cmac_finish(). 82 | * May be called repeatedly. 83 | * 84 | * \param ctx CMAC context 85 | * \param input buffer holding the data 86 | * \param ilen length of the input data 87 | * 88 | * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 89 | * verification fails. 90 | */ 91 | int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, 92 | const unsigned char *input, size_t ilen ); 93 | 94 | /** 95 | * \brief Output CMAC. 96 | * Called after mbedtls_cipher_cmac_update(). 97 | * Usually followed by mbedtls_cipher_cmac_reset(), then 98 | * mbedtls_cipher_cmac_starts(), or mbedtls_cipher_free(). 99 | * 100 | * \param ctx CMAC context 101 | * \param output Generic CMAC checksum result 102 | * 103 | * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 104 | * verification fails. 105 | */ 106 | int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, 107 | unsigned char *output ); 108 | 109 | /** 110 | * \brief Prepare to authenticate a new message with the same key. 111 | * Called after mbedtls_cipher_cmac_finish() and before 112 | * mbedtls_cipher_cmac_update(). 113 | * 114 | * \param ctx CMAC context to be reset 115 | * 116 | * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 117 | * verification fails. 118 | */ 119 | int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); 120 | 121 | /** 122 | * \brief Output = Generic_CMAC( cmac key, input buffer ) 123 | * 124 | * \param cipher_info message digest info 125 | * \param key CMAC key 126 | * \param keylen length of the CMAC key in bits 127 | * \param input buffer holding the data 128 | * \param ilen length of the input data 129 | * \param output Generic CMAC-result 130 | * 131 | * \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter 132 | * verification fails. 133 | */ 134 | int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, 135 | const unsigned char *key, size_t keylen, 136 | const unsigned char *input, size_t ilen, 137 | unsigned char *output ); 138 | 139 | #if defined(MBEDTLS_AES_C) 140 | /** 141 | * \brief AES-CMAC-128-PRF 142 | * Implementation of (AES-CMAC-PRF-128), as defined in RFC 4615 143 | * 144 | * \param key PRF key 145 | * \param key_len PRF key length in bytes 146 | * \param input buffer holding the input data 147 | * \param in_len length of the input data in bytes 148 | * \param output buffer holding the generated pseudorandom output (16 bytes) 149 | * 150 | * \return 0 if successful 151 | */ 152 | int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, 153 | const unsigned char *input, size_t in_len, 154 | unsigned char output[16] ); 155 | #endif /* MBEDTLS_AES_C */ 156 | 157 | #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) 158 | /** 159 | * \brief Checkup routine 160 | * 161 | * \return 0 if successful, or 1 if the test failed 162 | */ 163 | int mbedtls_cmac_self_test( int verbose ); 164 | #endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ 165 | 166 | #ifdef __cplusplus 167 | } 168 | #endif 169 | 170 | #endif /* MBEDTLS_CMAC_H */ 171 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/ecdh.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ecdh.h 3 | * 4 | * \brief Elliptic curve Diffie-Hellman 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_ECDH_H 24 | #define MBEDTLS_ECDH_H 25 | 26 | #include "ecp.h" 27 | 28 | #ifdef __cplusplus 29 | extern "C" { 30 | #endif 31 | 32 | /** 33 | * When importing from an EC key, select if it is our key or the peer's key 34 | */ 35 | typedef enum 36 | { 37 | MBEDTLS_ECDH_OURS, 38 | MBEDTLS_ECDH_THEIRS, 39 | } mbedtls_ecdh_side; 40 | 41 | /** 42 | * \brief ECDH context structure 43 | */ 44 | typedef struct 45 | { 46 | mbedtls_ecp_group grp; /*!< elliptic curve used */ 47 | mbedtls_mpi d; /*!< our secret value (private key) */ 48 | mbedtls_ecp_point Q; /*!< our public value (public key) */ 49 | mbedtls_ecp_point Qp; /*!< peer's public value (public key) */ 50 | mbedtls_mpi z; /*!< shared secret */ 51 | int point_format; /*!< format for point export in TLS messages */ 52 | mbedtls_ecp_point Vi; /*!< blinding value (for later) */ 53 | mbedtls_ecp_point Vf; /*!< un-blinding value (for later) */ 54 | mbedtls_mpi _d; /*!< previous d (for later) */ 55 | } 56 | mbedtls_ecdh_context; 57 | 58 | /** 59 | * \brief Generate a public key. 60 | * Raw function that only does the core computation. 61 | * 62 | * \param grp ECP group 63 | * \param d Destination MPI (secret exponent, aka private key) 64 | * \param Q Destination point (public key) 65 | * \param f_rng RNG function 66 | * \param p_rng RNG parameter 67 | * 68 | * \return 0 if successful, 69 | * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code 70 | */ 71 | int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, 72 | int (*f_rng)(void *, unsigned char *, size_t), 73 | void *p_rng ); 74 | 75 | /** 76 | * \brief Compute shared secret 77 | * Raw function that only does the core computation. 78 | * 79 | * \param grp ECP group 80 | * \param z Destination MPI (shared secret) 81 | * \param Q Public key from other party 82 | * \param d Our secret exponent (private key) 83 | * \param f_rng RNG function (see notes) 84 | * \param p_rng RNG parameter 85 | * 86 | * \return 0 if successful, 87 | * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code 88 | * 89 | * \note If f_rng is not NULL, it is used to implement 90 | * countermeasures against potential elaborate timing 91 | * attacks, see \c mbedtls_ecp_mul() for details. 92 | */ 93 | int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, 94 | const mbedtls_ecp_point *Q, const mbedtls_mpi *d, 95 | int (*f_rng)(void *, unsigned char *, size_t), 96 | void *p_rng ); 97 | 98 | /** 99 | * \brief Initialize context 100 | * 101 | * \param ctx Context to initialize 102 | */ 103 | void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ); 104 | 105 | /** 106 | * \brief Free context 107 | * 108 | * \param ctx Context to free 109 | */ 110 | void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); 111 | 112 | /** 113 | * \brief Generate a public key and a TLS ServerKeyExchange payload. 114 | * (First function used by a TLS server for ECDHE.) 115 | * 116 | * \param ctx ECDH context 117 | * \param olen number of chars written 118 | * \param buf destination buffer 119 | * \param blen length of buffer 120 | * \param f_rng RNG function 121 | * \param p_rng RNG parameter 122 | * 123 | * \note This function assumes that ctx->grp has already been 124 | * properly set (for example using mbedtls_ecp_group_load). 125 | * 126 | * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 127 | */ 128 | int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, 129 | unsigned char *buf, size_t blen, 130 | int (*f_rng)(void *, unsigned char *, size_t), 131 | void *p_rng ); 132 | 133 | /** 134 | * \brief Parse and procress a TLS ServerKeyExhange payload. 135 | * (First function used by a TLS client for ECDHE.) 136 | * 137 | * \param ctx ECDH context 138 | * \param buf pointer to start of input buffer 139 | * \param end one past end of buffer 140 | * 141 | * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 142 | */ 143 | int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, 144 | const unsigned char **buf, const unsigned char *end ); 145 | 146 | /** 147 | * \brief Setup an ECDH context from an EC key. 148 | * (Used by clients and servers in place of the 149 | * ServerKeyEchange for static ECDH: import ECDH parameters 150 | * from a certificate's EC key information.) 151 | * 152 | * \param ctx ECDH constext to set 153 | * \param key EC key to use 154 | * \param side Is it our key (1) or the peer's key (0) ? 155 | * 156 | * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 157 | */ 158 | int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, 159 | mbedtls_ecdh_side side ); 160 | 161 | /** 162 | * \brief Generate a public key and a TLS ClientKeyExchange payload. 163 | * (Second function used by a TLS client for ECDH(E).) 164 | * 165 | * \param ctx ECDH context 166 | * \param olen number of bytes actually written 167 | * \param buf destination buffer 168 | * \param blen size of destination buffer 169 | * \param f_rng RNG function 170 | * \param p_rng RNG parameter 171 | * 172 | * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 173 | */ 174 | int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, 175 | unsigned char *buf, size_t blen, 176 | int (*f_rng)(void *, unsigned char *, size_t), 177 | void *p_rng ); 178 | 179 | /** 180 | * \brief Parse and process a TLS ClientKeyExchange payload. 181 | * (Second function used by a TLS server for ECDH(E).) 182 | * 183 | * \param ctx ECDH context 184 | * \param buf start of input buffer 185 | * \param blen length of input buffer 186 | * 187 | * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 188 | */ 189 | int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, 190 | const unsigned char *buf, size_t blen ); 191 | 192 | /** 193 | * \brief Derive and export the shared secret. 194 | * (Last function used by both TLS client en servers.) 195 | * 196 | * \param ctx ECDH context 197 | * \param olen number of bytes written 198 | * \param buf destination buffer 199 | * \param blen buffer length 200 | * \param f_rng RNG function, see notes for \c mbedtls_ecdh_compute_shared() 201 | * \param p_rng RNG parameter 202 | * 203 | * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 204 | */ 205 | int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, 206 | unsigned char *buf, size_t blen, 207 | int (*f_rng)(void *, unsigned char *, size_t), 208 | void *p_rng ); 209 | 210 | #ifdef __cplusplus 211 | } 212 | #endif 213 | 214 | #endif /* ecdh.h */ 215 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/ecjpake.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ecjpake.h 3 | * 4 | * \brief Elliptic curve J-PAKE 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_ECJPAKE_H 24 | #define MBEDTLS_ECJPAKE_H 25 | 26 | /* 27 | * J-PAKE is a password-authenticated key exchange that allows deriving a 28 | * strong shared secret from a (potentially low entropy) pre-shared 29 | * passphrase, with forward secrecy and mutual authentication. 30 | * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling 31 | * 32 | * This file implements the Elliptic Curve variant of J-PAKE, 33 | * as defined in Chapter 7.4 of the Thread v1.0 Specification, 34 | * available to members of the Thread Group http://threadgroup.org/ 35 | * 36 | * As the J-PAKE algorithm is inherently symmetric, so is our API. 37 | * Each party needs to send its first round message, in any order, to the 38 | * other party, then each sends its second round message, in any order. 39 | * The payloads are serialized in a way suitable for use in TLS, but could 40 | * also be use outside TLS. 41 | */ 42 | 43 | #include "ecp.h" 44 | #include "md.h" 45 | 46 | #ifdef __cplusplus 47 | extern "C" { 48 | #endif 49 | 50 | /** 51 | * Roles in the EC J-PAKE exchange 52 | */ 53 | typedef enum { 54 | MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */ 55 | MBEDTLS_ECJPAKE_SERVER, /**< Server */ 56 | } mbedtls_ecjpake_role; 57 | 58 | /** 59 | * EC J-PAKE context structure. 60 | * 61 | * J-PAKE is a symmetric protocol, except for the identifiers used in 62 | * Zero-Knowledge Proofs, and the serialization of the second message 63 | * (KeyExchange) as defined by the Thread spec. 64 | * 65 | * In order to benefit from this symmetry, we choose a different naming 66 | * convetion from the Thread v1.0 spec. Correspondance is indicated in the 67 | * description as a pair C: client name, S: server name 68 | */ 69 | typedef struct 70 | { 71 | const mbedtls_md_info_t *md_info; /**< Hash to use */ 72 | mbedtls_ecp_group grp; /**< Elliptic curve */ 73 | mbedtls_ecjpake_role role; /**< Are we client or server? */ 74 | int point_format; /**< Format for point export */ 75 | 76 | mbedtls_ecp_point Xm1; /**< My public key 1 C: X1, S: X3 */ 77 | mbedtls_ecp_point Xm2; /**< My public key 2 C: X2, S: X4 */ 78 | mbedtls_ecp_point Xp1; /**< Peer public key 1 C: X3, S: X1 */ 79 | mbedtls_ecp_point Xp2; /**< Peer public key 2 C: X4, S: X2 */ 80 | mbedtls_ecp_point Xp; /**< Peer public key C: Xs, S: Xc */ 81 | 82 | mbedtls_mpi xm1; /**< My private key 1 C: x1, S: x3 */ 83 | mbedtls_mpi xm2; /**< My private key 2 C: x2, S: x4 */ 84 | 85 | mbedtls_mpi s; /**< Pre-shared secret (passphrase) */ 86 | } mbedtls_ecjpake_context; 87 | 88 | /** 89 | * \brief Initialize a context 90 | * (just makes it ready for setup() or free()). 91 | * 92 | * \param ctx context to initialize 93 | */ 94 | void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); 95 | 96 | /** 97 | * \brief Set up a context for use 98 | * 99 | * \note Currently the only values for hash/curve allowed by the 100 | * standard are MBEDTLS_MD_SHA256/MBEDTLS_ECP_DP_SECP256R1. 101 | * 102 | * \param ctx context to set up 103 | * \param role Our role: client or server 104 | * \param hash hash function to use (MBEDTLS_MD_XXX) 105 | * \param curve elliptic curve identifier (MBEDTLS_ECP_DP_XXX) 106 | * \param secret pre-shared secret (passphrase) 107 | * \param len length of the shared secret 108 | * 109 | * \return 0 if successfull, 110 | * a negative error code otherwise 111 | */ 112 | int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, 113 | mbedtls_ecjpake_role role, 114 | mbedtls_md_type_t hash, 115 | mbedtls_ecp_group_id curve, 116 | const unsigned char *secret, 117 | size_t len ); 118 | 119 | /** 120 | * \brief Check if a context is ready for use 121 | * 122 | * \param ctx Context to check 123 | * 124 | * \return 0 if the context is ready for use, 125 | * MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise 126 | */ 127 | int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ); 128 | 129 | /** 130 | * \brief Generate and write the first round message 131 | * (TLS: contents of the Client/ServerHello extension, 132 | * excluding extension type and length bytes) 133 | * 134 | * \param ctx Context to use 135 | * \param buf Buffer to write the contents to 136 | * \param len Buffer size 137 | * \param olen Will be updated with the number of bytes written 138 | * \param f_rng RNG function 139 | * \param p_rng RNG parameter 140 | * 141 | * \return 0 if successfull, 142 | * a negative error code otherwise 143 | */ 144 | int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, 145 | unsigned char *buf, size_t len, size_t *olen, 146 | int (*f_rng)(void *, unsigned char *, size_t), 147 | void *p_rng ); 148 | 149 | /** 150 | * \brief Read and process the first round message 151 | * (TLS: contents of the Client/ServerHello extension, 152 | * excluding extension type and length bytes) 153 | * 154 | * \param ctx Context to use 155 | * \param buf Pointer to extension contents 156 | * \param len Extension length 157 | * 158 | * \return 0 if successfull, 159 | * a negative error code otherwise 160 | */ 161 | int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, 162 | const unsigned char *buf, 163 | size_t len ); 164 | 165 | /** 166 | * \brief Generate and write the second round message 167 | * (TLS: contents of the Client/ServerKeyExchange) 168 | * 169 | * \param ctx Context to use 170 | * \param buf Buffer to write the contents to 171 | * \param len Buffer size 172 | * \param olen Will be updated with the number of bytes written 173 | * \param f_rng RNG function 174 | * \param p_rng RNG parameter 175 | * 176 | * \return 0 if successfull, 177 | * a negative error code otherwise 178 | */ 179 | int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, 180 | unsigned char *buf, size_t len, size_t *olen, 181 | int (*f_rng)(void *, unsigned char *, size_t), 182 | void *p_rng ); 183 | 184 | /** 185 | * \brief Read and process the second round message 186 | * (TLS: contents of the Client/ServerKeyExchange) 187 | * 188 | * \param ctx Context to use 189 | * \param buf Pointer to the message 190 | * \param len Message length 191 | * 192 | * \return 0 if successfull, 193 | * a negative error code otherwise 194 | */ 195 | int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, 196 | const unsigned char *buf, 197 | size_t len ); 198 | 199 | /** 200 | * \brief Derive the shared secret 201 | * (TLS: Pre-Master Secret) 202 | * 203 | * \param ctx Context to use 204 | * \param buf Buffer to write the contents to 205 | * \param len Buffer size 206 | * \param olen Will be updated with the number of bytes written 207 | * \param f_rng RNG function 208 | * \param p_rng RNG parameter 209 | * 210 | * \return 0 if successfull, 211 | * a negative error code otherwise 212 | */ 213 | int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, 214 | unsigned char *buf, size_t len, size_t *olen, 215 | int (*f_rng)(void *, unsigned char *, size_t), 216 | void *p_rng ); 217 | 218 | /** 219 | * \brief Free a context's content 220 | * 221 | * \param ctx context to free 222 | */ 223 | void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); 224 | 225 | #if defined(MBEDTLS_SELF_TEST) 226 | /** 227 | * \brief Checkup routine 228 | * 229 | * \return 0 if successful, or 1 if a test failed 230 | */ 231 | int mbedtls_ecjpake_self_test( int verbose ); 232 | #endif 233 | 234 | #ifdef __cplusplus 235 | } 236 | #endif 237 | 238 | #endif /* ecjpake.h */ 239 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/entropy_poll.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file entropy_poll.h 3 | * 4 | * \brief Platform-specific and custom entropy polling functions 5 | * 6 | * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_ENTROPY_POLL_H 24 | #define MBEDTLS_ENTROPY_POLL_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | 34 | #ifdef __cplusplus 35 | extern "C" { 36 | #endif 37 | 38 | /* 39 | * Default thresholds for built-in sources, in bytes 40 | */ 41 | #define MBEDTLS_ENTROPY_MIN_PLATFORM 32 /**< Minimum for platform source */ 42 | #define MBEDTLS_ENTROPY_MIN_HAVEGE 32 /**< Minimum for HAVEGE */ 43 | #define MBEDTLS_ENTROPY_MIN_HARDCLOCK 4 /**< Minimum for mbedtls_timing_hardclock() */ 44 | #if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE) 45 | #define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */ 46 | #endif 47 | 48 | /** 49 | * \brief Entropy poll callback that provides 0 entropy. 50 | */ 51 | #if defined(MBEDTLS_TEST_NULL_ENTROPY) 52 | int mbedtls_null_entropy_poll( void *data, 53 | unsigned char *output, size_t len, size_t *olen ); 54 | #endif 55 | 56 | #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) 57 | /** 58 | * \brief Platform-specific entropy poll callback 59 | */ 60 | int mbedtls_platform_entropy_poll( void *data, 61 | unsigned char *output, size_t len, size_t *olen ); 62 | #endif 63 | 64 | #if defined(MBEDTLS_HAVEGE_C) 65 | /** 66 | * \brief HAVEGE based entropy poll callback 67 | * 68 | * Requires an HAVEGE state as its data pointer. 69 | */ 70 | int mbedtls_havege_poll( void *data, 71 | unsigned char *output, size_t len, size_t *olen ); 72 | #endif 73 | 74 | #if defined(MBEDTLS_TIMING_C) 75 | /** 76 | * \brief mbedtls_timing_hardclock-based entropy poll callback 77 | */ 78 | int mbedtls_hardclock_poll( void *data, 79 | unsigned char *output, size_t len, size_t *olen ); 80 | #endif 81 | 82 | #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) 83 | /** 84 | * \brief Entropy poll callback for a hardware source 85 | * 86 | * \warning This is not provided by mbed TLS! 87 | * See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h. 88 | * 89 | * \note This must accept NULL as its first argument. 90 | */ 91 | int mbedtls_hardware_poll( void *data, 92 | unsigned char *output, size_t len, size_t *olen ); 93 | #endif 94 | 95 | #if defined(MBEDTLS_ENTROPY_NV_SEED) 96 | /** 97 | * \brief Entropy poll callback for a non-volatile seed file 98 | * 99 | * \note This must accept NULL as its first argument. 100 | */ 101 | int mbedtls_nv_seed_poll( void *data, 102 | unsigned char *output, size_t len, size_t *olen ); 103 | #endif 104 | 105 | #ifdef __cplusplus 106 | } 107 | #endif 108 | 109 | #endif /* entropy_poll.h */ 110 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/error.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file error.h 3 | * 4 | * \brief Error to string translation 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_ERROR_H 24 | #define MBEDTLS_ERROR_H 25 | 26 | #include 27 | 28 | /** 29 | * Error code layout. 30 | * 31 | * Currently we try to keep all error codes within the negative space of 16 32 | * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In 33 | * addition we'd like to give two layers of information on the error if 34 | * possible. 35 | * 36 | * For that purpose the error codes are segmented in the following manner: 37 | * 38 | * 16 bit error code bit-segmentation 39 | * 40 | * 1 bit - Unused (sign bit) 41 | * 3 bits - High level module ID 42 | * 5 bits - Module-dependent error code 43 | * 7 bits - Low level module errors 44 | * 45 | * For historical reasons, low-level error codes are divided in even and odd, 46 | * even codes were assigned first, and -1 is reserved for other errors. 47 | * 48 | * Low-level module errors (0x0002-0x007E, 0x0003-0x007F) 49 | * 50 | * Module Nr Codes assigned 51 | * MPI 7 0x0002-0x0010 52 | * GCM 2 0x0012-0x0014 53 | * BLOWFISH 2 0x0016-0x0018 54 | * THREADING 3 0x001A-0x001E 55 | * AES 2 0x0020-0x0022 56 | * CAMELLIA 2 0x0024-0x0026 57 | * XTEA 1 0x0028-0x0028 58 | * BASE64 2 0x002A-0x002C 59 | * OID 1 0x002E-0x002E 0x000B-0x000B 60 | * PADLOCK 1 0x0030-0x0030 61 | * DES 1 0x0032-0x0032 62 | * CTR_DBRG 4 0x0034-0x003A 63 | * ENTROPY 3 0x003C-0x0040 0x003D-0x003F 64 | * NET 11 0x0042-0x0052 0x0043-0x0045 65 | * ASN1 7 0x0060-0x006C 66 | * PBKDF2 1 0x007C-0x007C 67 | * HMAC_DRBG 4 0x0003-0x0009 68 | * CCM 2 0x000D-0x000F 69 | * 70 | * High-level module nr (3 bits - 0x0...-0x7...) 71 | * Name ID Nr of Errors 72 | * PEM 1 9 73 | * PKCS#12 1 4 (Started from top) 74 | * X509 2 20 75 | * PKCS5 2 4 (Started from top) 76 | * DHM 3 9 77 | * PK 3 14 (Started from top) 78 | * RSA 4 9 79 | * ECP 4 8 (Started from top) 80 | * MD 5 4 81 | * CIPHER 6 6 82 | * SSL 6 17 (Started from top) 83 | * SSL 7 31 84 | * 85 | * Module dependent error code (5 bits 0x.00.-0x.F8.) 86 | */ 87 | 88 | #ifdef __cplusplus 89 | extern "C" { 90 | #endif 91 | 92 | /** 93 | * \brief Translate a mbed TLS error code into a string representation, 94 | * Result is truncated if necessary and always includes a terminating 95 | * null byte. 96 | * 97 | * \param errnum error code 98 | * \param buffer buffer to place representation in 99 | * \param buflen length of the buffer 100 | */ 101 | void mbedtls_strerror( int errnum, char *buffer, size_t buflen ); 102 | 103 | #ifdef __cplusplus 104 | } 105 | #endif 106 | 107 | #endif /* error.h */ 108 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/gcm.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file gcm.h 3 | * 4 | * \brief Galois/Counter mode for 128-bit block ciphers 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_GCM_H 24 | #define MBEDTLS_GCM_H 25 | 26 | #include "cipher.h" 27 | 28 | #include 29 | 30 | #define MBEDTLS_GCM_ENCRYPT 1 31 | #define MBEDTLS_GCM_DECRYPT 0 32 | 33 | #define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */ 34 | #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ 35 | 36 | #ifdef __cplusplus 37 | extern "C" { 38 | #endif 39 | 40 | /** 41 | * \brief GCM context structure 42 | */ 43 | typedef struct { 44 | mbedtls_cipher_context_t cipher_ctx;/*!< cipher context used */ 45 | uint64_t HL[16]; /*!< Precalculated HTable */ 46 | uint64_t HH[16]; /*!< Precalculated HTable */ 47 | uint64_t len; /*!< Total data length */ 48 | uint64_t add_len; /*!< Total add length */ 49 | unsigned char base_ectr[16];/*!< First ECTR for tag */ 50 | unsigned char y[16]; /*!< Y working value */ 51 | unsigned char buf[16]; /*!< buf working value */ 52 | int mode; /*!< Encrypt or Decrypt */ 53 | } 54 | mbedtls_gcm_context; 55 | 56 | /** 57 | * \brief Initialize GCM context (just makes references valid) 58 | * Makes the context ready for mbedtls_gcm_setkey() or 59 | * mbedtls_gcm_free(). 60 | * 61 | * \param ctx GCM context to initialize 62 | */ 63 | void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); 64 | 65 | /** 66 | * \brief GCM initialization (encryption) 67 | * 68 | * \param ctx GCM context to be initialized 69 | * \param cipher cipher to use (a 128-bit block cipher) 70 | * \param key encryption key 71 | * \param keybits must be 128, 192 or 256 72 | * 73 | * \return 0 if successful, or a cipher specific error code 74 | */ 75 | int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, 76 | mbedtls_cipher_id_t cipher, 77 | const unsigned char *key, 78 | unsigned int keybits ); 79 | 80 | /** 81 | * \brief GCM buffer encryption/decryption using a block cipher 82 | * 83 | * \note On encryption, the output buffer can be the same as the input buffer. 84 | * On decryption, the output buffer cannot be the same as input buffer. 85 | * If buffers overlap, the output buffer must trail at least 8 bytes 86 | * behind the input buffer. 87 | * 88 | * \param ctx GCM context 89 | * \param mode MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT 90 | * \param length length of the input data 91 | * \param iv initialization vector 92 | * \param iv_len length of IV 93 | * \param add additional data 94 | * \param add_len length of additional data 95 | * \param input buffer holding the input data 96 | * \param output buffer for holding the output data 97 | * \param tag_len length of the tag to generate 98 | * \param tag buffer for holding the tag 99 | * 100 | * \return 0 if successful 101 | */ 102 | int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, 103 | int mode, 104 | size_t length, 105 | const unsigned char *iv, 106 | size_t iv_len, 107 | const unsigned char *add, 108 | size_t add_len, 109 | const unsigned char *input, 110 | unsigned char *output, 111 | size_t tag_len, 112 | unsigned char *tag ); 113 | 114 | /** 115 | * \brief GCM buffer authenticated decryption using a block cipher 116 | * 117 | * \note On decryption, the output buffer cannot be the same as input buffer. 118 | * If buffers overlap, the output buffer must trail at least 8 bytes 119 | * behind the input buffer. 120 | * 121 | * \param ctx GCM context 122 | * \param length length of the input data 123 | * \param iv initialization vector 124 | * \param iv_len length of IV 125 | * \param add additional data 126 | * \param add_len length of additional data 127 | * \param tag buffer holding the tag 128 | * \param tag_len length of the tag 129 | * \param input buffer holding the input data 130 | * \param output buffer for holding the output data 131 | * 132 | * \return 0 if successful and authenticated, 133 | * MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match 134 | */ 135 | int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, 136 | size_t length, 137 | const unsigned char *iv, 138 | size_t iv_len, 139 | const unsigned char *add, 140 | size_t add_len, 141 | const unsigned char *tag, 142 | size_t tag_len, 143 | const unsigned char *input, 144 | unsigned char *output ); 145 | 146 | /** 147 | * \brief Generic GCM stream start function 148 | * 149 | * \param ctx GCM context 150 | * \param mode MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT 151 | * \param iv initialization vector 152 | * \param iv_len length of IV 153 | * \param add additional data (or NULL if length is 0) 154 | * \param add_len length of additional data 155 | * 156 | * \return 0 if successful 157 | */ 158 | int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, 159 | int mode, 160 | const unsigned char *iv, 161 | size_t iv_len, 162 | const unsigned char *add, 163 | size_t add_len ); 164 | 165 | /** 166 | * \brief Generic GCM update function. Encrypts/decrypts using the 167 | * given GCM context. Expects input to be a multiple of 16 168 | * bytes! Only the last call before mbedtls_gcm_finish() can be less 169 | * than 16 bytes! 170 | * 171 | * \note On decryption, the output buffer cannot be the same as input buffer. 172 | * If buffers overlap, the output buffer must trail at least 8 bytes 173 | * behind the input buffer. 174 | * 175 | * \param ctx GCM context 176 | * \param length length of the input data 177 | * \param input buffer holding the input data 178 | * \param output buffer for holding the output data 179 | * 180 | * \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT 181 | */ 182 | int mbedtls_gcm_update( mbedtls_gcm_context *ctx, 183 | size_t length, 184 | const unsigned char *input, 185 | unsigned char *output ); 186 | 187 | /** 188 | * \brief Generic GCM finalisation function. Wraps up the GCM stream 189 | * and generates the tag. The tag can have a maximum length of 190 | * 16 bytes. 191 | * 192 | * \param ctx GCM context 193 | * \param tag buffer for holding the tag 194 | * \param tag_len length of the tag to generate (must be at least 4) 195 | * 196 | * \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT 197 | */ 198 | int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, 199 | unsigned char *tag, 200 | size_t tag_len ); 201 | 202 | /** 203 | * \brief Free a GCM context and underlying cipher sub-context 204 | * 205 | * \param ctx GCM context to free 206 | */ 207 | void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); 208 | 209 | /** 210 | * \brief Checkup routine 211 | * 212 | * \return 0 if successful, or 1 if the test failed 213 | */ 214 | int mbedtls_gcm_self_test( int verbose ); 215 | 216 | #ifdef __cplusplus 217 | } 218 | #endif 219 | 220 | #endif /* gcm.h */ 221 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/havege.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file havege.h 3 | * 4 | * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_HAVEGE_H 24 | #define MBEDTLS_HAVEGE_H 25 | 26 | #include 27 | 28 | #define MBEDTLS_HAVEGE_COLLECT_SIZE 1024 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif 33 | 34 | /** 35 | * \brief HAVEGE state structure 36 | */ 37 | typedef struct 38 | { 39 | int PT1, PT2, offset[2]; 40 | int pool[MBEDTLS_HAVEGE_COLLECT_SIZE]; 41 | int WALK[8192]; 42 | } 43 | mbedtls_havege_state; 44 | 45 | /** 46 | * \brief HAVEGE initialization 47 | * 48 | * \param hs HAVEGE state to be initialized 49 | */ 50 | void mbedtls_havege_init( mbedtls_havege_state *hs ); 51 | 52 | /** 53 | * \brief Clear HAVEGE state 54 | * 55 | * \param hs HAVEGE state to be cleared 56 | */ 57 | void mbedtls_havege_free( mbedtls_havege_state *hs ); 58 | 59 | /** 60 | * \brief HAVEGE rand function 61 | * 62 | * \param p_rng A HAVEGE state 63 | * \param output Buffer to fill 64 | * \param len Length of buffer 65 | * 66 | * \return 0 67 | */ 68 | int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len ); 69 | 70 | #ifdef __cplusplus 71 | } 72 | #endif 73 | 74 | #endif /* havege.h */ 75 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/md2.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file md2.h 3 | * 4 | * \brief MD2 message digest algorithm (hash function) 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_MD2_H 24 | #define MBEDTLS_MD2_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | 34 | #if !defined(MBEDTLS_MD2_ALT) 35 | // Regular implementation 36 | // 37 | 38 | #ifdef __cplusplus 39 | extern "C" { 40 | #endif 41 | 42 | /** 43 | * \brief MD2 context structure 44 | */ 45 | typedef struct 46 | { 47 | unsigned char cksum[16]; /*!< checksum of the data block */ 48 | unsigned char state[48]; /*!< intermediate digest state */ 49 | unsigned char buffer[16]; /*!< data block being processed */ 50 | size_t left; /*!< amount of data in buffer */ 51 | } 52 | mbedtls_md2_context; 53 | 54 | /** 55 | * \brief Initialize MD2 context 56 | * 57 | * \param ctx MD2 context to be initialized 58 | */ 59 | void mbedtls_md2_init( mbedtls_md2_context *ctx ); 60 | 61 | /** 62 | * \brief Clear MD2 context 63 | * 64 | * \param ctx MD2 context to be cleared 65 | */ 66 | void mbedtls_md2_free( mbedtls_md2_context *ctx ); 67 | 68 | /** 69 | * \brief Clone (the state of) an MD2 context 70 | * 71 | * \param dst The destination context 72 | * \param src The context to be cloned 73 | */ 74 | void mbedtls_md2_clone( mbedtls_md2_context *dst, 75 | const mbedtls_md2_context *src ); 76 | 77 | /** 78 | * \brief MD2 context setup 79 | * 80 | * \param ctx context to be initialized 81 | */ 82 | void mbedtls_md2_starts( mbedtls_md2_context *ctx ); 83 | 84 | /** 85 | * \brief MD2 process buffer 86 | * 87 | * \param ctx MD2 context 88 | * \param input buffer holding the data 89 | * \param ilen length of the input data 90 | */ 91 | void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ); 92 | 93 | /** 94 | * \brief MD2 final digest 95 | * 96 | * \param ctx MD2 context 97 | * \param output MD2 checksum result 98 | */ 99 | void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ); 100 | 101 | #ifdef __cplusplus 102 | } 103 | #endif 104 | 105 | #else /* MBEDTLS_MD2_ALT */ 106 | #include "md2_alt.h" 107 | #endif /* MBEDTLS_MD2_ALT */ 108 | 109 | #ifdef __cplusplus 110 | extern "C" { 111 | #endif 112 | 113 | /** 114 | * \brief Output = MD2( input buffer ) 115 | * 116 | * \param input buffer holding the data 117 | * \param ilen length of the input data 118 | * \param output MD2 checksum result 119 | */ 120 | void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] ); 121 | 122 | /** 123 | * \brief Checkup routine 124 | * 125 | * \return 0 if successful, or 1 if the test failed 126 | */ 127 | int mbedtls_md2_self_test( int verbose ); 128 | 129 | /* Internal use */ 130 | void mbedtls_md2_process( mbedtls_md2_context *ctx ); 131 | 132 | #ifdef __cplusplus 133 | } 134 | #endif 135 | 136 | #endif /* mbedtls_md2.h */ 137 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/md4.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file md4.h 3 | * 4 | * \brief MD4 message digest algorithm (hash function) 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_MD4_H 24 | #define MBEDTLS_MD4_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | #include 34 | 35 | #if !defined(MBEDTLS_MD4_ALT) 36 | // Regular implementation 37 | // 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /** 44 | * \brief MD4 context structure 45 | */ 46 | typedef struct 47 | { 48 | uint32_t total[2]; /*!< number of bytes processed */ 49 | uint32_t state[4]; /*!< intermediate digest state */ 50 | unsigned char buffer[64]; /*!< data block being processed */ 51 | } 52 | mbedtls_md4_context; 53 | 54 | /** 55 | * \brief Initialize MD4 context 56 | * 57 | * \param ctx MD4 context to be initialized 58 | */ 59 | void mbedtls_md4_init( mbedtls_md4_context *ctx ); 60 | 61 | /** 62 | * \brief Clear MD4 context 63 | * 64 | * \param ctx MD4 context to be cleared 65 | */ 66 | void mbedtls_md4_free( mbedtls_md4_context *ctx ); 67 | 68 | /** 69 | * \brief Clone (the state of) an MD4 context 70 | * 71 | * \param dst The destination context 72 | * \param src The context to be cloned 73 | */ 74 | void mbedtls_md4_clone( mbedtls_md4_context *dst, 75 | const mbedtls_md4_context *src ); 76 | 77 | /** 78 | * \brief MD4 context setup 79 | * 80 | * \param ctx context to be initialized 81 | */ 82 | void mbedtls_md4_starts( mbedtls_md4_context *ctx ); 83 | 84 | /** 85 | * \brief MD4 process buffer 86 | * 87 | * \param ctx MD4 context 88 | * \param input buffer holding the data 89 | * \param ilen length of the input data 90 | */ 91 | void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ); 92 | 93 | /** 94 | * \brief MD4 final digest 95 | * 96 | * \param ctx MD4 context 97 | * \param output MD4 checksum result 98 | */ 99 | void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ); 100 | 101 | #ifdef __cplusplus 102 | } 103 | #endif 104 | 105 | #else /* MBEDTLS_MD4_ALT */ 106 | #include "md4_alt.h" 107 | #endif /* MBEDTLS_MD4_ALT */ 108 | 109 | #ifdef __cplusplus 110 | extern "C" { 111 | #endif 112 | 113 | /** 114 | * \brief Output = MD4( input buffer ) 115 | * 116 | * \param input buffer holding the data 117 | * \param ilen length of the input data 118 | * \param output MD4 checksum result 119 | */ 120 | void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] ); 121 | 122 | /** 123 | * \brief Checkup routine 124 | * 125 | * \return 0 if successful, or 1 if the test failed 126 | */ 127 | int mbedtls_md4_self_test( int verbose ); 128 | 129 | /* Internal use */ 130 | void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ); 131 | 132 | #ifdef __cplusplus 133 | } 134 | #endif 135 | 136 | #endif /* mbedtls_md4.h */ 137 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/md5.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file md5.h 3 | * 4 | * \brief MD5 message digest algorithm (hash function) 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_MD5_H 24 | #define MBEDTLS_MD5_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | #include 34 | 35 | #if !defined(MBEDTLS_MD5_ALT) 36 | // Regular implementation 37 | // 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /** 44 | * \brief MD5 context structure 45 | */ 46 | typedef struct 47 | { 48 | uint32_t total[2]; /*!< number of bytes processed */ 49 | uint32_t state[4]; /*!< intermediate digest state */ 50 | unsigned char buffer[64]; /*!< data block being processed */ 51 | } 52 | mbedtls_md5_context; 53 | 54 | /** 55 | * \brief Initialize MD5 context 56 | * 57 | * \param ctx MD5 context to be initialized 58 | */ 59 | void mbedtls_md5_init( mbedtls_md5_context *ctx ); 60 | 61 | /** 62 | * \brief Clear MD5 context 63 | * 64 | * \param ctx MD5 context to be cleared 65 | */ 66 | void mbedtls_md5_free( mbedtls_md5_context *ctx ); 67 | 68 | /** 69 | * \brief Clone (the state of) an MD5 context 70 | * 71 | * \param dst The destination context 72 | * \param src The context to be cloned 73 | */ 74 | void mbedtls_md5_clone( mbedtls_md5_context *dst, 75 | const mbedtls_md5_context *src ); 76 | 77 | /** 78 | * \brief MD5 context setup 79 | * 80 | * \param ctx context to be initialized 81 | */ 82 | void mbedtls_md5_starts( mbedtls_md5_context *ctx ); 83 | 84 | /** 85 | * \brief MD5 process buffer 86 | * 87 | * \param ctx MD5 context 88 | * \param input buffer holding the data 89 | * \param ilen length of the input data 90 | */ 91 | void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); 92 | 93 | /** 94 | * \brief MD5 final digest 95 | * 96 | * \param ctx MD5 context 97 | * \param output MD5 checksum result 98 | */ 99 | void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ); 100 | 101 | /* Internal use */ 102 | void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ); 103 | 104 | #ifdef __cplusplus 105 | } 106 | #endif 107 | 108 | #else /* MBEDTLS_MD5_ALT */ 109 | #include "md5_alt.h" 110 | #endif /* MBEDTLS_MD5_ALT */ 111 | 112 | #ifdef __cplusplus 113 | extern "C" { 114 | #endif 115 | 116 | /** 117 | * \brief Output = MD5( input buffer ) 118 | * 119 | * \param input buffer holding the data 120 | * \param ilen length of the input data 121 | * \param output MD5 checksum result 122 | */ 123 | void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] ); 124 | 125 | /** 126 | * \brief Checkup routine 127 | * 128 | * \return 0 if successful, or 1 if the test failed 129 | */ 130 | int mbedtls_md5_self_test( int verbose ); 131 | 132 | #ifdef __cplusplus 133 | } 134 | #endif 135 | 136 | #endif /* mbedtls_md5.h */ 137 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/md_internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file md_internal.h 3 | * 4 | * \brief Message digest wrappers. 5 | * 6 | * \warning This in an internal header. Do not include directly. 7 | * 8 | * \author Adriaan de Jong 9 | * 10 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 11 | * SPDX-License-Identifier: Apache-2.0 12 | * 13 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 14 | * not use this file except in compliance with the License. 15 | * You may obtain a copy of the License at 16 | * 17 | * http://www.apache.org/licenses/LICENSE-2.0 18 | * 19 | * Unless required by applicable law or agreed to in writing, software 20 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 21 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 | * See the License for the specific language governing permissions and 23 | * limitations under the License. 24 | * 25 | * This file is part of mbed TLS (https://tls.mbed.org) 26 | */ 27 | #ifndef MBEDTLS_MD_WRAP_H 28 | #define MBEDTLS_MD_WRAP_H 29 | 30 | #if !defined(MBEDTLS_CONFIG_FILE) 31 | #include "config.h" 32 | #else 33 | #include MBEDTLS_CONFIG_FILE 34 | #endif 35 | 36 | #include "md.h" 37 | 38 | #ifdef __cplusplus 39 | extern "C" { 40 | #endif 41 | 42 | /** 43 | * Message digest information. 44 | * Allows message digest functions to be called in a generic way. 45 | */ 46 | struct mbedtls_md_info_t 47 | { 48 | /** Digest identifier */ 49 | mbedtls_md_type_t type; 50 | 51 | /** Name of the message digest */ 52 | const char * name; 53 | 54 | /** Output length of the digest function in bytes */ 55 | int size; 56 | 57 | /** Block length of the digest function in bytes */ 58 | int block_size; 59 | 60 | /** Digest initialisation function */ 61 | void (*starts_func)( void *ctx ); 62 | 63 | /** Digest update function */ 64 | void (*update_func)( void *ctx, const unsigned char *input, size_t ilen ); 65 | 66 | /** Digest finalisation function */ 67 | void (*finish_func)( void *ctx, unsigned char *output ); 68 | 69 | /** Generic digest function */ 70 | void (*digest_func)( const unsigned char *input, size_t ilen, 71 | unsigned char *output ); 72 | 73 | /** Allocate a new context */ 74 | void * (*ctx_alloc_func)( void ); 75 | 76 | /** Free the given context */ 77 | void (*ctx_free_func)( void *ctx ); 78 | 79 | /** Clone state from a context */ 80 | void (*clone_func)( void *dst, const void *src ); 81 | 82 | /** Internal use only */ 83 | void (*process_func)( void *ctx, const unsigned char *input ); 84 | }; 85 | 86 | #if defined(MBEDTLS_MD2_C) 87 | extern const mbedtls_md_info_t mbedtls_md2_info; 88 | #endif 89 | #if defined(MBEDTLS_MD4_C) 90 | extern const mbedtls_md_info_t mbedtls_md4_info; 91 | #endif 92 | #if defined(MBEDTLS_MD5_C) 93 | extern const mbedtls_md_info_t mbedtls_md5_info; 94 | #endif 95 | #if defined(MBEDTLS_RIPEMD160_C) 96 | extern const mbedtls_md_info_t mbedtls_ripemd160_info; 97 | #endif 98 | #if defined(MBEDTLS_SHA1_C) 99 | extern const mbedtls_md_info_t mbedtls_sha1_info; 100 | #endif 101 | #if defined(MBEDTLS_SHA256_C) 102 | extern const mbedtls_md_info_t mbedtls_sha224_info; 103 | extern const mbedtls_md_info_t mbedtls_sha256_info; 104 | #endif 105 | #if defined(MBEDTLS_SHA512_C) 106 | extern const mbedtls_md_info_t mbedtls_sha384_info; 107 | extern const mbedtls_md_info_t mbedtls_sha512_info; 108 | #endif 109 | 110 | #ifdef __cplusplus 111 | } 112 | #endif 113 | 114 | #endif /* MBEDTLS_MD_WRAP_H */ 115 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/memory_buffer_alloc.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file memory_buffer_alloc.h 3 | * 4 | * \brief Buffer-based memory allocator 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H 24 | #define MBEDTLS_MEMORY_BUFFER_ALLOC_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | 34 | /** 35 | * \name SECTION: Module settings 36 | * 37 | * The configuration options you can set for this module are in this section. 38 | * Either change them in config.h or define them on the compiler command line. 39 | * \{ 40 | */ 41 | 42 | #if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE) 43 | #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 44 | #endif 45 | 46 | /* \} name SECTION: Module settings */ 47 | 48 | #define MBEDTLS_MEMORY_VERIFY_NONE 0 49 | #define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0) 50 | #define MBEDTLS_MEMORY_VERIFY_FREE (1 << 1) 51 | #define MBEDTLS_MEMORY_VERIFY_ALWAYS (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE) 52 | 53 | #ifdef __cplusplus 54 | extern "C" { 55 | #endif 56 | 57 | /** 58 | * \brief Initialize use of stack-based memory allocator. 59 | * The stack-based allocator does memory management inside the 60 | * presented buffer and does not call calloc() and free(). 61 | * It sets the global mbedtls_calloc() and mbedtls_free() pointers 62 | * to its own functions. 63 | * (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if 64 | * MBEDTLS_THREADING_C is defined) 65 | * 66 | * \note This code is not optimized and provides a straight-forward 67 | * implementation of a stack-based memory allocator. 68 | * 69 | * \param buf buffer to use as heap 70 | * \param len size of the buffer 71 | */ 72 | void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ); 73 | 74 | /** 75 | * \brief Free the mutex for thread-safety and clear remaining memory 76 | */ 77 | void mbedtls_memory_buffer_alloc_free( void ); 78 | 79 | /** 80 | * \brief Determine when the allocator should automatically verify the state 81 | * of the entire chain of headers / meta-data. 82 | * (Default: MBEDTLS_MEMORY_VERIFY_NONE) 83 | * 84 | * \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC, 85 | * MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS 86 | */ 87 | void mbedtls_memory_buffer_set_verify( int verify ); 88 | 89 | #if defined(MBEDTLS_MEMORY_DEBUG) 90 | /** 91 | * \brief Print out the status of the allocated memory (primarily for use 92 | * after a program should have de-allocated all memory) 93 | * Prints out a list of 'still allocated' blocks and their stack 94 | * trace if MBEDTLS_MEMORY_BACKTRACE is defined. 95 | */ 96 | void mbedtls_memory_buffer_alloc_status( void ); 97 | 98 | /** 99 | * \brief Get the peak heap usage so far 100 | * 101 | * \param max_used Peak number of bytes in use or committed. This 102 | * includes bytes in allocated blocks too small to split 103 | * into smaller blocks but larger than the requested size. 104 | * \param max_blocks Peak number of blocks in use, including free and used 105 | */ 106 | void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ); 107 | 108 | /** 109 | * \brief Reset peak statistics 110 | */ 111 | void mbedtls_memory_buffer_alloc_max_reset( void ); 112 | 113 | /** 114 | * \brief Get the current heap usage 115 | * 116 | * \param cur_used Current number of bytes in use or committed. This 117 | * includes bytes in allocated blocks too small to split 118 | * into smaller blocks but larger than the requested size. 119 | * \param cur_blocks Current number of blocks in use, including free and used 120 | */ 121 | void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ); 122 | #endif /* MBEDTLS_MEMORY_DEBUG */ 123 | 124 | /** 125 | * \brief Verifies that all headers in the memory buffer are correct 126 | * and contain sane values. Helps debug buffer-overflow errors. 127 | * 128 | * Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined. 129 | * Prints out full header information if MBEDTLS_MEMORY_DEBUG 130 | * is defined. (Includes stack trace information for each block if 131 | * MBEDTLS_MEMORY_BACKTRACE is defined as well). 132 | * 133 | * \return 0 if verified, 1 otherwise 134 | */ 135 | int mbedtls_memory_buffer_alloc_verify( void ); 136 | 137 | #if defined(MBEDTLS_SELF_TEST) 138 | /** 139 | * \brief Checkup routine 140 | * 141 | * \return 0 if successful, or 1 if a test failed 142 | */ 143 | int mbedtls_memory_buffer_alloc_self_test( int verbose ); 144 | #endif 145 | 146 | #ifdef __cplusplus 147 | } 148 | #endif 149 | 150 | #endif /* memory_buffer_alloc.h */ 151 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/net.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file net.h 3 | * 4 | * \brief Deprecated header file that includes mbedtls/net_sockets.h 5 | * 6 | * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | * 23 | * \deprecated Superseded by mbedtls/net_sockets.h 24 | */ 25 | 26 | #if !defined(MBEDTLS_DEPRECATED_REMOVED) 27 | #include "mbedtls/net_sockets.h" 28 | #if defined(MBEDTLS_DEPRECATED_WARNING) 29 | #warning "Deprecated header file: Superseded by mbedtls/net_sockets.h" 30 | #endif /* MBEDTLS_DEPRECATED_WARNING */ 31 | #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 32 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/net_sockets.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file net_sockets.h 3 | * 4 | * \brief Network communication functions 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_NET_SOCKETS_H 24 | #define MBEDTLS_NET_SOCKETS_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include "ssl.h" 33 | 34 | #include 35 | #include 36 | 37 | #define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */ 38 | #define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */ 39 | #define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */ 40 | #define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */ 41 | #define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */ 42 | #define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */ 43 | #define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */ 44 | #define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */ 45 | #define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ 46 | #define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ 47 | #define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ 48 | 49 | #define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ 50 | 51 | #define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ 52 | #define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ 53 | 54 | #ifdef __cplusplus 55 | extern "C" { 56 | #endif 57 | 58 | /** 59 | * Wrapper type for sockets. 60 | * 61 | * Currently backed by just a file descriptor, but might be more in the future 62 | * (eg two file descriptors for combined IPv4 + IPv6 support, or additional 63 | * structures for hand-made UDP demultiplexing). 64 | */ 65 | typedef struct 66 | { 67 | int fd; /**< The underlying file descriptor */ 68 | } 69 | mbedtls_net_context; 70 | 71 | /** 72 | * \brief Initialize a context 73 | * Just makes the context ready to be used or freed safely. 74 | * 75 | * \param ctx Context to initialize 76 | */ 77 | void mbedtls_net_init( mbedtls_net_context *ctx ); 78 | 79 | /** 80 | * \brief Initiate a connection with host:port in the given protocol 81 | * 82 | * \param ctx Socket to use 83 | * \param host Host to connect to 84 | * \param port Port to connect to 85 | * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP 86 | * 87 | * \return 0 if successful, or one of: 88 | * MBEDTLS_ERR_NET_SOCKET_FAILED, 89 | * MBEDTLS_ERR_NET_UNKNOWN_HOST, 90 | * MBEDTLS_ERR_NET_CONNECT_FAILED 91 | * 92 | * \note Sets the socket in connected mode even with UDP. 93 | */ 94 | int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ); 95 | 96 | /** 97 | * \brief Create a receiving socket on bind_ip:port in the chosen 98 | * protocol. If bind_ip == NULL, all interfaces are bound. 99 | * 100 | * \param ctx Socket to use 101 | * \param bind_ip IP to bind to, can be NULL 102 | * \param port Port number to use 103 | * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP 104 | * 105 | * \return 0 if successful, or one of: 106 | * MBEDTLS_ERR_NET_SOCKET_FAILED, 107 | * MBEDTLS_ERR_NET_BIND_FAILED, 108 | * MBEDTLS_ERR_NET_LISTEN_FAILED 109 | * 110 | * \note Regardless of the protocol, opens the sockets and binds it. 111 | * In addition, make the socket listening if protocol is TCP. 112 | */ 113 | int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ); 114 | 115 | /** 116 | * \brief Accept a connection from a remote client 117 | * 118 | * \param bind_ctx Relevant socket 119 | * \param client_ctx Will contain the connected client socket 120 | * \param client_ip Will contain the client IP address 121 | * \param buf_size Size of the client_ip buffer 122 | * \param ip_len Will receive the size of the client IP written 123 | * 124 | * \return 0 if successful, or 125 | * MBEDTLS_ERR_NET_ACCEPT_FAILED, or 126 | * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small, 127 | * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to 128 | * non-blocking and accept() would block. 129 | */ 130 | int mbedtls_net_accept( mbedtls_net_context *bind_ctx, 131 | mbedtls_net_context *client_ctx, 132 | void *client_ip, size_t buf_size, size_t *ip_len ); 133 | 134 | /** 135 | * \brief Set the socket blocking 136 | * 137 | * \param ctx Socket to set 138 | * 139 | * \return 0 if successful, or a non-zero error code 140 | */ 141 | int mbedtls_net_set_block( mbedtls_net_context *ctx ); 142 | 143 | /** 144 | * \brief Set the socket non-blocking 145 | * 146 | * \param ctx Socket to set 147 | * 148 | * \return 0 if successful, or a non-zero error code 149 | */ 150 | int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ); 151 | 152 | /** 153 | * \brief Portable usleep helper 154 | * 155 | * \param usec Amount of microseconds to sleep 156 | * 157 | * \note Real amount of time slept will not be less than 158 | * select()'s timeout granularity (typically, 10ms). 159 | */ 160 | void mbedtls_net_usleep( unsigned long usec ); 161 | 162 | /** 163 | * \brief Read at most 'len' characters. If no error occurs, 164 | * the actual amount read is returned. 165 | * 166 | * \param ctx Socket 167 | * \param buf The buffer to write to 168 | * \param len Maximum length of the buffer 169 | * 170 | * \return the number of bytes received, 171 | * or a non-zero error code; with a non-blocking socket, 172 | * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block. 173 | */ 174 | int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ); 175 | 176 | /** 177 | * \brief Write at most 'len' characters. If no error occurs, 178 | * the actual amount read is returned. 179 | * 180 | * \param ctx Socket 181 | * \param buf The buffer to read from 182 | * \param len The length of the buffer 183 | * 184 | * \return the number of bytes sent, 185 | * or a non-zero error code; with a non-blocking socket, 186 | * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block. 187 | */ 188 | int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ); 189 | 190 | /** 191 | * \brief Read at most 'len' characters, blocking for at most 192 | * 'timeout' seconds. If no error occurs, the actual amount 193 | * read is returned. 194 | * 195 | * \param ctx Socket 196 | * \param buf The buffer to write to 197 | * \param len Maximum length of the buffer 198 | * \param timeout Maximum number of milliseconds to wait for data 199 | * 0 means no timeout (wait forever) 200 | * 201 | * \return the number of bytes received, 202 | * or a non-zero error code: 203 | * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, 204 | * MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. 205 | * 206 | * \note This function will block (until data becomes available or 207 | * timeout is reached) even if the socket is set to 208 | * non-blocking. Handling timeouts with non-blocking reads 209 | * requires a different strategy. 210 | */ 211 | int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, 212 | uint32_t timeout ); 213 | 214 | /** 215 | * \brief Gracefully shutdown the connection and free associated data 216 | * 217 | * \param ctx The context to free 218 | */ 219 | void mbedtls_net_free( mbedtls_net_context *ctx ); 220 | 221 | #ifdef __cplusplus 222 | } 223 | #endif 224 | 225 | #endif /* net_sockets.h */ 226 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/padlock.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file padlock.h 3 | * 4 | * \brief VIA PadLock ACE for HW encryption/decryption supported by some 5 | * processors 6 | * 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | * 22 | * This file is part of mbed TLS (https://tls.mbed.org) 23 | */ 24 | #ifndef MBEDTLS_PADLOCK_H 25 | #define MBEDTLS_PADLOCK_H 26 | 27 | #include "aes.h" 28 | 29 | #define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */ 30 | 31 | #if defined(__has_feature) 32 | #if __has_feature(address_sanitizer) 33 | #define MBEDTLS_HAVE_ASAN 34 | #endif 35 | #endif 36 | 37 | /* Some versions of ASan result in errors about not enough registers */ 38 | #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \ 39 | !defined(MBEDTLS_HAVE_ASAN) 40 | 41 | #ifndef MBEDTLS_HAVE_X86 42 | #define MBEDTLS_HAVE_X86 43 | #endif 44 | 45 | #include 46 | 47 | #define MBEDTLS_PADLOCK_RNG 0x000C 48 | #define MBEDTLS_PADLOCK_ACE 0x00C0 49 | #define MBEDTLS_PADLOCK_PHE 0x0C00 50 | #define MBEDTLS_PADLOCK_PMM 0x3000 51 | 52 | #define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15)) 53 | 54 | #ifdef __cplusplus 55 | extern "C" { 56 | #endif 57 | 58 | /** 59 | * \brief PadLock detection routine 60 | * 61 | * \param feature The feature to detect 62 | * 63 | * \return 1 if CPU has support for the feature, 0 otherwise 64 | */ 65 | int mbedtls_padlock_has_support( int feature ); 66 | 67 | /** 68 | * \brief PadLock AES-ECB block en(de)cryption 69 | * 70 | * \param ctx AES context 71 | * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT 72 | * \param input 16-byte input block 73 | * \param output 16-byte output block 74 | * 75 | * \return 0 if success, 1 if operation failed 76 | */ 77 | int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, 78 | int mode, 79 | const unsigned char input[16], 80 | unsigned char output[16] ); 81 | 82 | /** 83 | * \brief PadLock AES-CBC buffer en(de)cryption 84 | * 85 | * \param ctx AES context 86 | * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT 87 | * \param length length of the input data 88 | * \param iv initialization vector (updated after use) 89 | * \param input buffer holding the input data 90 | * \param output buffer holding the output data 91 | * 92 | * \return 0 if success, 1 if operation failed 93 | */ 94 | int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, 95 | int mode, 96 | size_t length, 97 | unsigned char iv[16], 98 | const unsigned char *input, 99 | unsigned char *output ); 100 | 101 | #ifdef __cplusplus 102 | } 103 | #endif 104 | 105 | #endif /* HAVE_X86 */ 106 | 107 | #endif /* padlock.h */ 108 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/pem.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pem.h 3 | * 4 | * \brief Privacy Enhanced Mail (PEM) decoding 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_PEM_H 24 | #define MBEDTLS_PEM_H 25 | 26 | #include 27 | 28 | /** 29 | * \name PEM Error codes 30 | * These error codes are returned in case of errors reading the 31 | * PEM data. 32 | * \{ 33 | */ 34 | #define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 /**< No PEM header or footer found. */ 35 | #define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */ 36 | #define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180 /**< Failed to allocate memory. */ 37 | #define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */ 38 | #define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 /**< Unsupported key encryption algorithm. */ 39 | #define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */ 40 | #define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */ 41 | #define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */ 42 | #define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Bad input parameters to function. */ 43 | /* \} name */ 44 | 45 | #ifdef __cplusplus 46 | extern "C" { 47 | #endif 48 | 49 | #if defined(MBEDTLS_PEM_PARSE_C) 50 | /** 51 | * \brief PEM context structure 52 | */ 53 | typedef struct 54 | { 55 | unsigned char *buf; /*!< buffer for decoded data */ 56 | size_t buflen; /*!< length of the buffer */ 57 | unsigned char *info; /*!< buffer for extra header information */ 58 | } 59 | mbedtls_pem_context; 60 | 61 | /** 62 | * \brief PEM context setup 63 | * 64 | * \param ctx context to be initialized 65 | */ 66 | void mbedtls_pem_init( mbedtls_pem_context *ctx ); 67 | 68 | /** 69 | * \brief Read a buffer for PEM information and store the resulting 70 | * data into the specified context buffers. 71 | * 72 | * \param ctx context to use 73 | * \param header header string to seek and expect 74 | * \param footer footer string to seek and expect 75 | * \param data source data to look in (must be nul-terminated) 76 | * \param pwd password for decryption (can be NULL) 77 | * \param pwdlen length of password 78 | * \param use_len destination for total length used (set after header is 79 | * correctly read, so unless you get 80 | * MBEDTLS_ERR_PEM_BAD_INPUT_DATA or 81 | * MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is 82 | * the length to skip) 83 | * 84 | * \note Attempts to check password correctness by verifying if 85 | * the decrypted text starts with an ASN.1 sequence of 86 | * appropriate length 87 | * 88 | * \return 0 on success, or a specific PEM error code 89 | */ 90 | int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer, 91 | const unsigned char *data, 92 | const unsigned char *pwd, 93 | size_t pwdlen, size_t *use_len ); 94 | 95 | /** 96 | * \brief PEM context memory freeing 97 | * 98 | * \param ctx context to be freed 99 | */ 100 | void mbedtls_pem_free( mbedtls_pem_context *ctx ); 101 | #endif /* MBEDTLS_PEM_PARSE_C */ 102 | 103 | #if defined(MBEDTLS_PEM_WRITE_C) 104 | /** 105 | * \brief Write a buffer of PEM information from a DER encoded 106 | * buffer. 107 | * 108 | * \param header header string to write 109 | * \param footer footer string to write 110 | * \param der_data DER data to write 111 | * \param der_len length of the DER data 112 | * \param buf buffer to write to 113 | * \param buf_len length of output buffer 114 | * \param olen total length written / required (if buf_len is not enough) 115 | * 116 | * \return 0 on success, or a specific PEM or BASE64 error code. On 117 | * MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required 118 | * size. 119 | */ 120 | int mbedtls_pem_write_buffer( const char *header, const char *footer, 121 | const unsigned char *der_data, size_t der_len, 122 | unsigned char *buf, size_t buf_len, size_t *olen ); 123 | #endif /* MBEDTLS_PEM_WRITE_C */ 124 | 125 | #ifdef __cplusplus 126 | } 127 | #endif 128 | 129 | #endif /* pem.h */ 130 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/pk_internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pk.h 3 | * 4 | * \brief Public Key abstraction layer: wrapper functions 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | 24 | #ifndef MBEDTLS_PK_WRAP_H 25 | #define MBEDTLS_PK_WRAP_H 26 | 27 | #if !defined(MBEDTLS_CONFIG_FILE) 28 | #include "config.h" 29 | #else 30 | #include MBEDTLS_CONFIG_FILE 31 | #endif 32 | 33 | #include "pk.h" 34 | 35 | struct mbedtls_pk_info_t 36 | { 37 | /** Public key type */ 38 | mbedtls_pk_type_t type; 39 | 40 | /** Type name */ 41 | const char *name; 42 | 43 | /** Get key size in bits */ 44 | size_t (*get_bitlen)( const void * ); 45 | 46 | /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */ 47 | int (*can_do)( mbedtls_pk_type_t type ); 48 | 49 | /** Verify signature */ 50 | int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg, 51 | const unsigned char *hash, size_t hash_len, 52 | const unsigned char *sig, size_t sig_len ); 53 | 54 | /** Make signature */ 55 | int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg, 56 | const unsigned char *hash, size_t hash_len, 57 | unsigned char *sig, size_t *sig_len, 58 | int (*f_rng)(void *, unsigned char *, size_t), 59 | void *p_rng ); 60 | 61 | /** Decrypt message */ 62 | int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen, 63 | unsigned char *output, size_t *olen, size_t osize, 64 | int (*f_rng)(void *, unsigned char *, size_t), 65 | void *p_rng ); 66 | 67 | /** Encrypt message */ 68 | int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen, 69 | unsigned char *output, size_t *olen, size_t osize, 70 | int (*f_rng)(void *, unsigned char *, size_t), 71 | void *p_rng ); 72 | 73 | /** Check public-private key pair */ 74 | int (*check_pair_func)( const void *pub, const void *prv ); 75 | 76 | /** Allocate a new context */ 77 | void * (*ctx_alloc_func)( void ); 78 | 79 | /** Free the given context */ 80 | void (*ctx_free_func)( void *ctx ); 81 | 82 | /** Interface with the debug module */ 83 | void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items ); 84 | 85 | }; 86 | #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 87 | /* Container for RSA-alt */ 88 | typedef struct 89 | { 90 | void *key; 91 | mbedtls_pk_rsa_alt_decrypt_func decrypt_func; 92 | mbedtls_pk_rsa_alt_sign_func sign_func; 93 | mbedtls_pk_rsa_alt_key_len_func key_len_func; 94 | } mbedtls_rsa_alt_context; 95 | #endif 96 | 97 | #if defined(MBEDTLS_RSA_C) 98 | extern const mbedtls_pk_info_t mbedtls_rsa_info; 99 | #endif 100 | 101 | #if defined(MBEDTLS_ECP_C) 102 | extern const mbedtls_pk_info_t mbedtls_eckey_info; 103 | extern const mbedtls_pk_info_t mbedtls_eckeydh_info; 104 | #endif 105 | 106 | #if defined(MBEDTLS_ECDSA_C) 107 | extern const mbedtls_pk_info_t mbedtls_ecdsa_info; 108 | #endif 109 | 110 | #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 111 | extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; 112 | #endif 113 | 114 | #endif /* MBEDTLS_PK_WRAP_H */ 115 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/pkcs11.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pkcs11.h 3 | * 4 | * \brief Wrapper for PKCS#11 library libpkcs11-helper 5 | * 6 | * \author Adriaan de Jong 7 | * 8 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 9 | * SPDX-License-Identifier: Apache-2.0 10 | * 11 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 12 | * not use this file except in compliance with the License. 13 | * You may obtain a copy of the License at 14 | * 15 | * http://www.apache.org/licenses/LICENSE-2.0 16 | * 17 | * Unless required by applicable law or agreed to in writing, software 18 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 19 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 | * See the License for the specific language governing permissions and 21 | * limitations under the License. 22 | * 23 | * This file is part of mbed TLS (https://tls.mbed.org) 24 | */ 25 | #ifndef MBEDTLS_PKCS11_H 26 | #define MBEDTLS_PKCS11_H 27 | 28 | #if !defined(MBEDTLS_CONFIG_FILE) 29 | #include "config.h" 30 | #else 31 | #include MBEDTLS_CONFIG_FILE 32 | #endif 33 | 34 | #if defined(MBEDTLS_PKCS11_C) 35 | 36 | #include "x509_crt.h" 37 | 38 | #include 39 | 40 | #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 41 | !defined(inline) && !defined(__cplusplus) 42 | #define inline __inline 43 | #endif 44 | 45 | #ifdef __cplusplus 46 | extern "C" { 47 | #endif 48 | 49 | /** 50 | * Context for PKCS #11 private keys. 51 | */ 52 | typedef struct { 53 | pkcs11h_certificate_t pkcs11h_cert; 54 | int len; 55 | } mbedtls_pkcs11_context; 56 | 57 | /** 58 | * Initialize a mbedtls_pkcs11_context. 59 | * (Just making memory references valid.) 60 | */ 61 | void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ); 62 | 63 | /** 64 | * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate. 65 | * 66 | * \param cert X.509 certificate to fill 67 | * \param pkcs11h_cert PKCS #11 helper certificate 68 | * 69 | * \return 0 on success. 70 | */ 71 | int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert ); 72 | 73 | /** 74 | * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the 75 | * mbedtls_pkcs11_context will take over control of the certificate, freeing it when 76 | * done. 77 | * 78 | * \param priv_key Private key structure to fill. 79 | * \param pkcs11_cert PKCS #11 helper certificate 80 | * 81 | * \return 0 on success 82 | */ 83 | int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key, 84 | pkcs11h_certificate_t pkcs11_cert ); 85 | 86 | /** 87 | * Free the contents of the given private key context. Note that the structure 88 | * itself is not freed. 89 | * 90 | * \param priv_key Private key structure to cleanup 91 | */ 92 | void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key ); 93 | 94 | /** 95 | * \brief Do an RSA private key decrypt, then remove the message 96 | * padding 97 | * 98 | * \param ctx PKCS #11 context 99 | * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature 100 | * \param input buffer holding the encrypted data 101 | * \param output buffer that will hold the plaintext 102 | * \param olen will contain the plaintext length 103 | * \param output_max_len maximum length of the output buffer 104 | * 105 | * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code 106 | * 107 | * \note The output buffer must be as large as the size 108 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise 109 | * an error is thrown. 110 | */ 111 | int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx, 112 | int mode, size_t *olen, 113 | const unsigned char *input, 114 | unsigned char *output, 115 | size_t output_max_len ); 116 | 117 | /** 118 | * \brief Do a private RSA to sign a message digest 119 | * 120 | * \param ctx PKCS #11 context 121 | * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature 122 | * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) 123 | * \param hashlen message digest length (for MBEDTLS_MD_NONE only) 124 | * \param hash buffer holding the message digest 125 | * \param sig buffer that will hold the ciphertext 126 | * 127 | * \return 0 if the signing operation was successful, 128 | * or an MBEDTLS_ERR_RSA_XXX error code 129 | * 130 | * \note The "sig" buffer must be as large as the size 131 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). 132 | */ 133 | int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, 134 | int mode, 135 | mbedtls_md_type_t md_alg, 136 | unsigned int hashlen, 137 | const unsigned char *hash, 138 | unsigned char *sig ); 139 | 140 | /** 141 | * SSL/TLS wrappers for PKCS#11 functions 142 | */ 143 | static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen, 144 | const unsigned char *input, unsigned char *output, 145 | size_t output_max_len ) 146 | { 147 | return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output, 148 | output_max_len ); 149 | } 150 | 151 | static inline int mbedtls_ssl_pkcs11_sign( void *ctx, 152 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 153 | int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, 154 | const unsigned char *hash, unsigned char *sig ) 155 | { 156 | ((void) f_rng); 157 | ((void) p_rng); 158 | return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg, 159 | hashlen, hash, sig ); 160 | } 161 | 162 | static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx ) 163 | { 164 | return ( (mbedtls_pkcs11_context *) ctx )->len; 165 | } 166 | 167 | #ifdef __cplusplus 168 | } 169 | #endif 170 | 171 | #endif /* MBEDTLS_PKCS11_C */ 172 | 173 | #endif /* MBEDTLS_PKCS11_H */ 174 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/pkcs12.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pkcs12.h 3 | * 4 | * \brief PKCS#12 Personal Information Exchange Syntax 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_PKCS12_H 24 | #define MBEDTLS_PKCS12_H 25 | 26 | #include "md.h" 27 | #include "cipher.h" 28 | #include "asn1.h" 29 | 30 | #include 31 | 32 | #define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */ 33 | #define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */ 34 | #define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */ 35 | #define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */ 36 | 37 | #define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */ 38 | #define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */ 39 | #define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */ 40 | 41 | #define MBEDTLS_PKCS12_PBE_DECRYPT 0 42 | #define MBEDTLS_PKCS12_PBE_ENCRYPT 1 43 | 44 | #ifdef __cplusplus 45 | extern "C" { 46 | #endif 47 | 48 | /** 49 | * \brief PKCS12 Password Based function (encryption / decryption) 50 | * for pbeWithSHAAnd128BitRC4 51 | * 52 | * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure 53 | * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT 54 | * \param pwd the password used (may be NULL if no password is used) 55 | * \param pwdlen length of the password (may be 0) 56 | * \param input the input data 57 | * \param len data length 58 | * \param output the output buffer 59 | * 60 | * \return 0 if successful, or a MBEDTLS_ERR_XXX code 61 | */ 62 | int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, 63 | const unsigned char *pwd, size_t pwdlen, 64 | const unsigned char *input, size_t len, 65 | unsigned char *output ); 66 | 67 | /** 68 | * \brief PKCS12 Password Based function (encryption / decryption) 69 | * for cipher-based and mbedtls_md-based PBE's 70 | * 71 | * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure 72 | * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT 73 | * \param cipher_type the cipher used 74 | * \param md_type the mbedtls_md used 75 | * \param pwd the password used (may be NULL if no password is used) 76 | * \param pwdlen length of the password (may be 0) 77 | * \param input the input data 78 | * \param len data length 79 | * \param output the output buffer 80 | * 81 | * \return 0 if successful, or a MBEDTLS_ERR_XXX code 82 | */ 83 | int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, 84 | mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, 85 | const unsigned char *pwd, size_t pwdlen, 86 | const unsigned char *input, size_t len, 87 | unsigned char *output ); 88 | 89 | /** 90 | * \brief The PKCS#12 derivation function uses a password and a salt 91 | * to produce pseudo-random bits for a particular "purpose". 92 | * 93 | * Depending on the given id, this function can produce an 94 | * encryption/decryption key, an nitialization vector or an 95 | * integrity key. 96 | * 97 | * \param data buffer to store the derived data in 98 | * \param datalen length to fill 99 | * \param pwd password to use (may be NULL if no password is used) 100 | * \param pwdlen length of the password (may be 0) 101 | * \param salt salt buffer to use 102 | * \param saltlen length of the salt 103 | * \param mbedtls_md mbedtls_md type to use during the derivation 104 | * \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY, 105 | * MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY) 106 | * \param iterations number of iterations 107 | * 108 | * \return 0 if successful, or a MD, BIGNUM type error. 109 | */ 110 | int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, 111 | const unsigned char *pwd, size_t pwdlen, 112 | const unsigned char *salt, size_t saltlen, 113 | mbedtls_md_type_t mbedtls_md, int id, int iterations ); 114 | 115 | #ifdef __cplusplus 116 | } 117 | #endif 118 | 119 | #endif /* pkcs12.h */ 120 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/pkcs5.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file pkcs5.h 3 | * 4 | * \brief PKCS#5 functions 5 | * 6 | * \author Mathias Olsson 7 | * 8 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 9 | * SPDX-License-Identifier: Apache-2.0 10 | * 11 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 12 | * not use this file except in compliance with the License. 13 | * You may obtain a copy of the License at 14 | * 15 | * http://www.apache.org/licenses/LICENSE-2.0 16 | * 17 | * Unless required by applicable law or agreed to in writing, software 18 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 19 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 | * See the License for the specific language governing permissions and 21 | * limitations under the License. 22 | * 23 | * This file is part of mbed TLS (https://tls.mbed.org) 24 | */ 25 | #ifndef MBEDTLS_PKCS5_H 26 | #define MBEDTLS_PKCS5_H 27 | 28 | #include "asn1.h" 29 | #include "md.h" 30 | 31 | #include 32 | #include 33 | 34 | #define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80 /**< Bad input parameters to function. */ 35 | #define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00 /**< Unexpected ASN.1 data. */ 36 | #define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80 /**< Requested encryption or digest alg not available. */ 37 | #define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00 /**< Given private key password does not allow for correct decryption. */ 38 | 39 | #define MBEDTLS_PKCS5_DECRYPT 0 40 | #define MBEDTLS_PKCS5_ENCRYPT 1 41 | 42 | #ifdef __cplusplus 43 | extern "C" { 44 | #endif 45 | 46 | /** 47 | * \brief PKCS#5 PBES2 function 48 | * 49 | * \param pbe_params the ASN.1 algorithm parameters 50 | * \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT 51 | * \param pwd password to use when generating key 52 | * \param pwdlen length of password 53 | * \param data data to process 54 | * \param datalen length of data 55 | * \param output output buffer 56 | * 57 | * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. 58 | */ 59 | int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, 60 | const unsigned char *pwd, size_t pwdlen, 61 | const unsigned char *data, size_t datalen, 62 | unsigned char *output ); 63 | 64 | /** 65 | * \brief PKCS#5 PBKDF2 using HMAC 66 | * 67 | * \param ctx Generic HMAC context 68 | * \param password Password to use when generating key 69 | * \param plen Length of password 70 | * \param salt Salt to use when generating key 71 | * \param slen Length of salt 72 | * \param iteration_count Iteration count 73 | * \param key_length Length of generated key in bytes 74 | * \param output Generated key. Must be at least as big as key_length 75 | * 76 | * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. 77 | */ 78 | int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password, 79 | size_t plen, const unsigned char *salt, size_t slen, 80 | unsigned int iteration_count, 81 | uint32_t key_length, unsigned char *output ); 82 | 83 | /** 84 | * \brief Checkup routine 85 | * 86 | * \return 0 if successful, or 1 if the test failed 87 | */ 88 | int mbedtls_pkcs5_self_test( int verbose ); 89 | 90 | #ifdef __cplusplus 91 | } 92 | #endif 93 | 94 | #endif /* pkcs5.h */ 95 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/platform_time.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file platform_time.h 3 | * 4 | * \brief mbed TLS Platform time abstraction 5 | * 6 | * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_PLATFORM_TIME_H 24 | #define MBEDTLS_PLATFORM_TIME_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #ifdef __cplusplus 33 | extern "C" { 34 | #endif 35 | 36 | /** 37 | * \name SECTION: Module settings 38 | * 39 | * The configuration options you can set for this module are in this section. 40 | * Either change them in config.h or define them on the compiler command line. 41 | * \{ 42 | */ 43 | 44 | /* 45 | * The time_t datatype 46 | */ 47 | #if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) 48 | typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t; 49 | #else 50 | /* For time_t */ 51 | #include 52 | typedef time_t mbedtls_time_t; 53 | #endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ 54 | 55 | /* 56 | * The function pointers for time 57 | */ 58 | #if defined(MBEDTLS_PLATFORM_TIME_ALT) 59 | extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); 60 | 61 | /** 62 | * \brief Set your own time function pointer 63 | * 64 | * \param time_func the time function implementation 65 | * 66 | * \return 0 67 | */ 68 | int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); 69 | #else 70 | #if defined(MBEDTLS_PLATFORM_TIME_MACRO) 71 | #define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO 72 | #else 73 | #define mbedtls_time time 74 | #endif /* MBEDTLS_PLATFORM_TIME_MACRO */ 75 | #endif /* MBEDTLS_PLATFORM_TIME_ALT */ 76 | 77 | #ifdef __cplusplus 78 | } 79 | #endif 80 | 81 | #endif /* platform_time.h */ 82 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/ripemd160.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ripemd160.h 3 | * 4 | * \brief RIPE MD-160 message digest 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_RIPEMD160_H 24 | #define MBEDTLS_RIPEMD160_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | #include 34 | 35 | #if !defined(MBEDTLS_RIPEMD160_ALT) 36 | // Regular implementation 37 | // 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /** 44 | * \brief RIPEMD-160 context structure 45 | */ 46 | typedef struct 47 | { 48 | uint32_t total[2]; /*!< number of bytes processed */ 49 | uint32_t state[5]; /*!< intermediate digest state */ 50 | unsigned char buffer[64]; /*!< data block being processed */ 51 | } 52 | mbedtls_ripemd160_context; 53 | 54 | /** 55 | * \brief Initialize RIPEMD-160 context 56 | * 57 | * \param ctx RIPEMD-160 context to be initialized 58 | */ 59 | void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ); 60 | 61 | /** 62 | * \brief Clear RIPEMD-160 context 63 | * 64 | * \param ctx RIPEMD-160 context to be cleared 65 | */ 66 | void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ); 67 | 68 | /** 69 | * \brief Clone (the state of) an RIPEMD-160 context 70 | * 71 | * \param dst The destination context 72 | * \param src The context to be cloned 73 | */ 74 | void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, 75 | const mbedtls_ripemd160_context *src ); 76 | 77 | /** 78 | * \brief RIPEMD-160 context setup 79 | * 80 | * \param ctx context to be initialized 81 | */ 82 | void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ); 83 | 84 | /** 85 | * \brief RIPEMD-160 process buffer 86 | * 87 | * \param ctx RIPEMD-160 context 88 | * \param input buffer holding the data 89 | * \param ilen length of the input data 90 | */ 91 | void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, 92 | const unsigned char *input, size_t ilen ); 93 | 94 | /** 95 | * \brief RIPEMD-160 final digest 96 | * 97 | * \param ctx RIPEMD-160 context 98 | * \param output RIPEMD-160 checksum result 99 | */ 100 | void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] ); 101 | 102 | /* Internal use */ 103 | void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] ); 104 | 105 | #ifdef __cplusplus 106 | } 107 | #endif 108 | 109 | #else /* MBEDTLS_RIPEMD160_ALT */ 110 | #include "ripemd160.h" 111 | #endif /* MBEDTLS_RIPEMD160_ALT */ 112 | 113 | #ifdef __cplusplus 114 | extern "C" { 115 | #endif 116 | 117 | /** 118 | * \brief Output = RIPEMD-160( input buffer ) 119 | * 120 | * \param input buffer holding the data 121 | * \param ilen length of the input data 122 | * \param output RIPEMD-160 checksum result 123 | */ 124 | void mbedtls_ripemd160( const unsigned char *input, size_t ilen, 125 | unsigned char output[20] ); 126 | 127 | /** 128 | * \brief Checkup routine 129 | * 130 | * \return 0 if successful, or 1 if the test failed 131 | */ 132 | int mbedtls_ripemd160_self_test( int verbose ); 133 | 134 | #ifdef __cplusplus 135 | } 136 | #endif 137 | 138 | #endif /* mbedtls_ripemd160.h */ 139 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/sha1.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file sha1.h 3 | * 4 | * \brief SHA-1 cryptographic hash function 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_SHA1_H 24 | #define MBEDTLS_SHA1_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | #include 34 | 35 | #if !defined(MBEDTLS_SHA1_ALT) 36 | // Regular implementation 37 | // 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /** 44 | * \brief SHA-1 context structure 45 | */ 46 | typedef struct 47 | { 48 | uint32_t total[2]; /*!< number of bytes processed */ 49 | uint32_t state[5]; /*!< intermediate digest state */ 50 | unsigned char buffer[64]; /*!< data block being processed */ 51 | } 52 | mbedtls_sha1_context; 53 | 54 | /** 55 | * \brief Initialize SHA-1 context 56 | * 57 | * \param ctx SHA-1 context to be initialized 58 | */ 59 | void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); 60 | 61 | /** 62 | * \brief Clear SHA-1 context 63 | * 64 | * \param ctx SHA-1 context to be cleared 65 | */ 66 | void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); 67 | 68 | /** 69 | * \brief Clone (the state of) a SHA-1 context 70 | * 71 | * \param dst The destination context 72 | * \param src The context to be cloned 73 | */ 74 | void mbedtls_sha1_clone( mbedtls_sha1_context *dst, 75 | const mbedtls_sha1_context *src ); 76 | 77 | /** 78 | * \brief SHA-1 context setup 79 | * 80 | * \param ctx context to be initialized 81 | */ 82 | void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); 83 | 84 | /** 85 | * \brief SHA-1 process buffer 86 | * 87 | * \param ctx SHA-1 context 88 | * \param input buffer holding the data 89 | * \param ilen length of the input data 90 | */ 91 | void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ); 92 | 93 | /** 94 | * \brief SHA-1 final digest 95 | * 96 | * \param ctx SHA-1 context 97 | * \param output SHA-1 checksum result 98 | */ 99 | void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ); 100 | 101 | /* Internal use */ 102 | void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); 103 | 104 | #ifdef __cplusplus 105 | } 106 | #endif 107 | 108 | #else /* MBEDTLS_SHA1_ALT */ 109 | #include "sha1_alt.h" 110 | #endif /* MBEDTLS_SHA1_ALT */ 111 | 112 | #ifdef __cplusplus 113 | extern "C" { 114 | #endif 115 | 116 | /** 117 | * \brief Output = SHA-1( input buffer ) 118 | * 119 | * \param input buffer holding the data 120 | * \param ilen length of the input data 121 | * \param output SHA-1 checksum result 122 | */ 123 | void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ); 124 | 125 | /** 126 | * \brief Checkup routine 127 | * 128 | * \return 0 if successful, or 1 if the test failed 129 | */ 130 | int mbedtls_sha1_self_test( int verbose ); 131 | 132 | #ifdef __cplusplus 133 | } 134 | #endif 135 | 136 | #endif /* mbedtls_sha1.h */ 137 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/sha256.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file sha256.h 3 | * 4 | * \brief SHA-224 and SHA-256 cryptographic hash function 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_SHA256_H 24 | #define MBEDTLS_SHA256_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | #include 34 | 35 | #if !defined(MBEDTLS_SHA256_ALT) 36 | // Regular implementation 37 | // 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /** 44 | * \brief SHA-256 context structure 45 | */ 46 | typedef struct 47 | { 48 | uint32_t total[2]; /*!< number of bytes processed */ 49 | uint32_t state[8]; /*!< intermediate digest state */ 50 | unsigned char buffer[64]; /*!< data block being processed */ 51 | int is224; /*!< 0 => SHA-256, else SHA-224 */ 52 | } 53 | mbedtls_sha256_context; 54 | 55 | /** 56 | * \brief Initialize SHA-256 context 57 | * 58 | * \param ctx SHA-256 context to be initialized 59 | */ 60 | void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); 61 | 62 | /** 63 | * \brief Clear SHA-256 context 64 | * 65 | * \param ctx SHA-256 context to be cleared 66 | */ 67 | void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); 68 | 69 | /** 70 | * \brief Clone (the state of) a SHA-256 context 71 | * 72 | * \param dst The destination context 73 | * \param src The context to be cloned 74 | */ 75 | void mbedtls_sha256_clone( mbedtls_sha256_context *dst, 76 | const mbedtls_sha256_context *src ); 77 | 78 | /** 79 | * \brief SHA-256 context setup 80 | * 81 | * \param ctx context to be initialized 82 | * \param is224 0 = use SHA256, 1 = use SHA224 83 | */ 84 | void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); 85 | 86 | /** 87 | * \brief SHA-256 process buffer 88 | * 89 | * \param ctx SHA-256 context 90 | * \param input buffer holding the data 91 | * \param ilen length of the input data 92 | */ 93 | void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, 94 | size_t ilen ); 95 | 96 | /** 97 | * \brief SHA-256 final digest 98 | * 99 | * \param ctx SHA-256 context 100 | * \param output SHA-224/256 checksum result 101 | */ 102 | void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); 103 | 104 | /* Internal use */ 105 | void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); 106 | 107 | #ifdef __cplusplus 108 | } 109 | #endif 110 | 111 | #else /* MBEDTLS_SHA256_ALT */ 112 | #include "sha256_alt.h" 113 | #endif /* MBEDTLS_SHA256_ALT */ 114 | 115 | #ifdef __cplusplus 116 | extern "C" { 117 | #endif 118 | 119 | /** 120 | * \brief Output = SHA-256( input buffer ) 121 | * 122 | * \param input buffer holding the data 123 | * \param ilen length of the input data 124 | * \param output SHA-224/256 checksum result 125 | * \param is224 0 = use SHA256, 1 = use SHA224 126 | */ 127 | void mbedtls_sha256( const unsigned char *input, size_t ilen, 128 | unsigned char output[32], int is224 ); 129 | 130 | /** 131 | * \brief Checkup routine 132 | * 133 | * \return 0 if successful, or 1 if the test failed 134 | */ 135 | int mbedtls_sha256_self_test( int verbose ); 136 | 137 | #ifdef __cplusplus 138 | } 139 | #endif 140 | 141 | #endif /* mbedtls_sha256.h */ 142 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/sha512.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file sha512.h 3 | * 4 | * \brief SHA-384 and SHA-512 cryptographic hash function 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_SHA512_H 24 | #define MBEDTLS_SHA512_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | #include 34 | 35 | #if !defined(MBEDTLS_SHA512_ALT) 36 | // Regular implementation 37 | // 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /** 44 | * \brief SHA-512 context structure 45 | */ 46 | typedef struct 47 | { 48 | uint64_t total[2]; /*!< number of bytes processed */ 49 | uint64_t state[8]; /*!< intermediate digest state */ 50 | unsigned char buffer[128]; /*!< data block being processed */ 51 | int is384; /*!< 0 => SHA-512, else SHA-384 */ 52 | } 53 | mbedtls_sha512_context; 54 | 55 | /** 56 | * \brief Initialize SHA-512 context 57 | * 58 | * \param ctx SHA-512 context to be initialized 59 | */ 60 | void mbedtls_sha512_init( mbedtls_sha512_context *ctx ); 61 | 62 | /** 63 | * \brief Clear SHA-512 context 64 | * 65 | * \param ctx SHA-512 context to be cleared 66 | */ 67 | void mbedtls_sha512_free( mbedtls_sha512_context *ctx ); 68 | 69 | /** 70 | * \brief Clone (the state of) a SHA-512 context 71 | * 72 | * \param dst The destination context 73 | * \param src The context to be cloned 74 | */ 75 | void mbedtls_sha512_clone( mbedtls_sha512_context *dst, 76 | const mbedtls_sha512_context *src ); 77 | 78 | /** 79 | * \brief SHA-512 context setup 80 | * 81 | * \param ctx context to be initialized 82 | * \param is384 0 = use SHA512, 1 = use SHA384 83 | */ 84 | void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ); 85 | 86 | /** 87 | * \brief SHA-512 process buffer 88 | * 89 | * \param ctx SHA-512 context 90 | * \param input buffer holding the data 91 | * \param ilen length of the input data 92 | */ 93 | void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, 94 | size_t ilen ); 95 | 96 | /** 97 | * \brief SHA-512 final digest 98 | * 99 | * \param ctx SHA-512 context 100 | * \param output SHA-384/512 checksum result 101 | */ 102 | void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ); 103 | 104 | #ifdef __cplusplus 105 | } 106 | #endif 107 | 108 | #else /* MBEDTLS_SHA512_ALT */ 109 | #include "sha512_alt.h" 110 | #endif /* MBEDTLS_SHA512_ALT */ 111 | 112 | #ifdef __cplusplus 113 | extern "C" { 114 | #endif 115 | 116 | /** 117 | * \brief Output = SHA-512( input buffer ) 118 | * 119 | * \param input buffer holding the data 120 | * \param ilen length of the input data 121 | * \param output SHA-384/512 checksum result 122 | * \param is384 0 = use SHA512, 1 = use SHA384 123 | */ 124 | void mbedtls_sha512( const unsigned char *input, size_t ilen, 125 | unsigned char output[64], int is384 ); 126 | 127 | /** 128 | * \brief Checkup routine 129 | * 130 | * \return 0 if successful, or 1 if the test failed 131 | */ 132 | int mbedtls_sha512_self_test( int verbose ); 133 | 134 | /* Internal use */ 135 | void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ); 136 | 137 | #ifdef __cplusplus 138 | } 139 | #endif 140 | 141 | #endif /* mbedtls_sha512.h */ 142 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/ssl_cache.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ssl_cache.h 3 | * 4 | * \brief SSL session cache implementation 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_SSL_CACHE_H 24 | #define MBEDTLS_SSL_CACHE_H 25 | 26 | #include "ssl.h" 27 | 28 | #if defined(MBEDTLS_THREADING_C) 29 | #include "threading.h" 30 | #endif 31 | 32 | /** 33 | * \name SECTION: Module settings 34 | * 35 | * The configuration options you can set for this module are in this section. 36 | * Either change them in config.h or define them on the compiler command line. 37 | * \{ 38 | */ 39 | 40 | #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT) 41 | #define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */ 42 | #endif 43 | 44 | #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES) 45 | #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */ 46 | #endif 47 | 48 | /* \} name SECTION: Module settings */ 49 | 50 | #ifdef __cplusplus 51 | extern "C" { 52 | #endif 53 | 54 | typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context; 55 | typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry; 56 | 57 | /** 58 | * \brief This structure is used for storing cache entries 59 | */ 60 | struct mbedtls_ssl_cache_entry 61 | { 62 | #if defined(MBEDTLS_HAVE_TIME) 63 | mbedtls_time_t timestamp; /*!< entry timestamp */ 64 | #endif 65 | mbedtls_ssl_session session; /*!< entry session */ 66 | #if defined(MBEDTLS_X509_CRT_PARSE_C) 67 | mbedtls_x509_buf peer_cert; /*!< entry peer_cert */ 68 | #endif 69 | mbedtls_ssl_cache_entry *next; /*!< chain pointer */ 70 | }; 71 | 72 | /** 73 | * \brief Cache context 74 | */ 75 | struct mbedtls_ssl_cache_context 76 | { 77 | mbedtls_ssl_cache_entry *chain; /*!< start of the chain */ 78 | int timeout; /*!< cache entry timeout */ 79 | int max_entries; /*!< maximum entries */ 80 | #if defined(MBEDTLS_THREADING_C) 81 | mbedtls_threading_mutex_t mutex; /*!< mutex */ 82 | #endif 83 | }; 84 | 85 | /** 86 | * \brief Initialize an SSL cache context 87 | * 88 | * \param cache SSL cache context 89 | */ 90 | void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ); 91 | 92 | /** 93 | * \brief Cache get callback implementation 94 | * (Thread-safe if MBEDTLS_THREADING_C is enabled) 95 | * 96 | * \param data SSL cache context 97 | * \param session session to retrieve entry for 98 | */ 99 | int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ); 100 | 101 | /** 102 | * \brief Cache set callback implementation 103 | * (Thread-safe if MBEDTLS_THREADING_C is enabled) 104 | * 105 | * \param data SSL cache context 106 | * \param session session to store entry for 107 | */ 108 | int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ); 109 | 110 | #if defined(MBEDTLS_HAVE_TIME) 111 | /** 112 | * \brief Set the cache timeout 113 | * (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day)) 114 | * 115 | * A timeout of 0 indicates no timeout. 116 | * 117 | * \param cache SSL cache context 118 | * \param timeout cache entry timeout in seconds 119 | */ 120 | void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout ); 121 | #endif /* MBEDTLS_HAVE_TIME */ 122 | 123 | /** 124 | * \brief Set the maximum number of cache entries 125 | * (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50)) 126 | * 127 | * \param cache SSL cache context 128 | * \param max cache entry maximum 129 | */ 130 | void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max ); 131 | 132 | /** 133 | * \brief Free referenced items in a cache context and clear memory 134 | * 135 | * \param cache SSL cache context 136 | */ 137 | void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ); 138 | 139 | #ifdef __cplusplus 140 | } 141 | #endif 142 | 143 | #endif /* ssl_cache.h */ 144 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/ssl_cookie.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ssl_cookie.h 3 | * 4 | * \brief DTLS cookie callbacks implementation 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_SSL_COOKIE_H 24 | #define MBEDTLS_SSL_COOKIE_H 25 | 26 | #include "ssl.h" 27 | 28 | #if defined(MBEDTLS_THREADING_C) 29 | #include "threading.h" 30 | #endif 31 | 32 | /** 33 | * \name SECTION: Module settings 34 | * 35 | * The configuration options you can set for this module are in this section. 36 | * Either change them in config.h or define them on the compiler command line. 37 | * \{ 38 | */ 39 | #ifndef MBEDTLS_SSL_COOKIE_TIMEOUT 40 | #define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 41 | #endif 42 | 43 | /* \} name SECTION: Module settings */ 44 | 45 | #ifdef __cplusplus 46 | extern "C" { 47 | #endif 48 | 49 | /** 50 | * \brief Context for the default cookie functions. 51 | */ 52 | typedef struct 53 | { 54 | mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */ 55 | #if !defined(MBEDTLS_HAVE_TIME) 56 | unsigned long serial; /*!< serial number for expiration */ 57 | #endif 58 | unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME, 59 | or in number of tickets issued */ 60 | 61 | #if defined(MBEDTLS_THREADING_C) 62 | mbedtls_threading_mutex_t mutex; 63 | #endif 64 | } mbedtls_ssl_cookie_ctx; 65 | 66 | /** 67 | * \brief Initialize cookie context 68 | */ 69 | void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx ); 70 | 71 | /** 72 | * \brief Setup cookie context (generate keys) 73 | */ 74 | int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, 75 | int (*f_rng)(void *, unsigned char *, size_t), 76 | void *p_rng ); 77 | 78 | /** 79 | * \brief Set expiration delay for cookies 80 | * (Default MBEDTLS_SSL_COOKIE_TIMEOUT) 81 | * 82 | * \param ctx Cookie contex 83 | * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies 84 | * issued in the meantime. 85 | * 0 to disable expiration (NOT recommended) 86 | */ 87 | void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay ); 88 | 89 | /** 90 | * \brief Free cookie context 91 | */ 92 | void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ); 93 | 94 | /** 95 | * \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t 96 | */ 97 | mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write; 98 | 99 | /** 100 | * \brief Verify cookie, see \c mbedtls_ssl_cookie_write_t 101 | */ 102 | mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check; 103 | 104 | #ifdef __cplusplus 105 | } 106 | #endif 107 | 108 | #endif /* ssl_cookie.h */ 109 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/ssl_ticket.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ssl_ticket.h 3 | * 4 | * \brief TLS server ticket callbacks implementation 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_SSL_TICKET_H 24 | #define MBEDTLS_SSL_TICKET_H 25 | 26 | /* 27 | * This implementation of the session ticket callbacks includes key 28 | * management, rotating the keys periodically in order to preserve forward 29 | * secrecy, when MBEDTLS_HAVE_TIME is defined. 30 | */ 31 | 32 | #include "ssl.h" 33 | #include "cipher.h" 34 | 35 | #if defined(MBEDTLS_THREADING_C) 36 | #include "threading.h" 37 | #endif 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /** 44 | * \brief Information for session ticket protection 45 | */ 46 | typedef struct 47 | { 48 | unsigned char name[4]; /*!< random key identifier */ 49 | uint32_t generation_time; /*!< key generation timestamp (seconds) */ 50 | mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */ 51 | } 52 | mbedtls_ssl_ticket_key; 53 | 54 | /** 55 | * \brief Context for session ticket handling functions 56 | */ 57 | typedef struct 58 | { 59 | mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */ 60 | unsigned char active; /*!< index of the currently active key */ 61 | 62 | uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */ 63 | 64 | /** Callback for getting (pseudo-)random numbers */ 65 | int (*f_rng)(void *, unsigned char *, size_t); 66 | void *p_rng; /*!< context for the RNG function */ 67 | 68 | #if defined(MBEDTLS_THREADING_C) 69 | mbedtls_threading_mutex_t mutex; 70 | #endif 71 | } 72 | mbedtls_ssl_ticket_context; 73 | 74 | /** 75 | * \brief Initialize a ticket context. 76 | * (Just make it ready for mbedtls_ssl_ticket_setup() 77 | * or mbedtls_ssl_ticket_free().) 78 | * 79 | * \param ctx Context to be initialized 80 | */ 81 | void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); 82 | 83 | /** 84 | * \brief Prepare context to be actually used 85 | * 86 | * \param ctx Context to be set up 87 | * \param f_rng RNG callback function 88 | * \param p_rng RNG callback context 89 | * \param cipher AEAD cipher to use for ticket protection. 90 | * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. 91 | * \param lifetime Tickets lifetime in seconds 92 | * Recommended value: 86400 (one day). 93 | * 94 | * \note It is highly recommended to select a cipher that is at 95 | * least as strong as the the strongest ciphersuite 96 | * supported. Usually that means a 256-bit key. 97 | * 98 | * \note The lifetime of the keys is twice the lifetime of tickets. 99 | * It is recommended to pick a reasonnable lifetime so as not 100 | * to negate the benefits of forward secrecy. 101 | * 102 | * \return 0 if successful, 103 | * or a specific MBEDTLS_ERR_XXX error code 104 | */ 105 | int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, 106 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 107 | mbedtls_cipher_type_t cipher, 108 | uint32_t lifetime ); 109 | 110 | /** 111 | * \brief Implementation of the ticket write callback 112 | * 113 | * \note See \c mbedlts_ssl_ticket_write_t for description 114 | */ 115 | mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write; 116 | 117 | /** 118 | * \brief Implementation of the ticket parse callback 119 | * 120 | * \note See \c mbedlts_ssl_ticket_parse_t for description 121 | */ 122 | mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; 123 | 124 | /** 125 | * \brief Free a context's content and zeroize it. 126 | * 127 | * \param ctx Context to be cleaned up 128 | */ 129 | void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ); 130 | 131 | #ifdef __cplusplus 132 | } 133 | #endif 134 | 135 | #endif /* ssl_ticket.h */ 136 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/threading.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file threading.h 3 | * 4 | * \brief Threading abstraction layer 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_THREADING_H 24 | #define MBEDTLS_THREADING_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | 34 | #ifdef __cplusplus 35 | extern "C" { 36 | #endif 37 | 38 | #define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE -0x001A /**< The selected feature is not available. */ 39 | #define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C /**< Bad input parameters to function. */ 40 | #define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E /**< Locking / unlocking / free failed with error code. */ 41 | 42 | #if defined(MBEDTLS_THREADING_PTHREAD) 43 | #include 44 | typedef struct 45 | { 46 | pthread_mutex_t mutex; 47 | char is_valid; 48 | } mbedtls_threading_mutex_t; 49 | #endif 50 | 51 | #if defined(MBEDTLS_THREADING_ALT) 52 | /* You should define the mbedtls_threading_mutex_t type in your header */ 53 | #include "threading_alt.h" 54 | 55 | /** 56 | * \brief Set your alternate threading implementation function 57 | * pointers and initialize global mutexes. If used, this 58 | * function must be called once in the main thread before any 59 | * other mbed TLS function is called, and 60 | * mbedtls_threading_free_alt() must be called once in the main 61 | * thread after all other mbed TLS functions. 62 | * 63 | * \note mutex_init() and mutex_free() don't return a status code. 64 | * If mutex_init() fails, it should leave its argument (the 65 | * mutex) in a state such that mutex_lock() will fail when 66 | * called with this argument. 67 | * 68 | * \param mutex_init the init function implementation 69 | * \param mutex_free the free function implementation 70 | * \param mutex_lock the lock function implementation 71 | * \param mutex_unlock the unlock function implementation 72 | */ 73 | void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ), 74 | void (*mutex_free)( mbedtls_threading_mutex_t * ), 75 | int (*mutex_lock)( mbedtls_threading_mutex_t * ), 76 | int (*mutex_unlock)( mbedtls_threading_mutex_t * ) ); 77 | 78 | /** 79 | * \brief Free global mutexes. 80 | */ 81 | void mbedtls_threading_free_alt( void ); 82 | #endif /* MBEDTLS_THREADING_ALT */ 83 | 84 | #if defined(MBEDTLS_THREADING_C) 85 | /* 86 | * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock 87 | * 88 | * All these functions are expected to work or the result will be undefined. 89 | */ 90 | extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex ); 91 | extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex ); 92 | extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex ); 93 | extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); 94 | 95 | /* 96 | * Global mutexes 97 | */ 98 | extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; 99 | extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; 100 | #endif /* MBEDTLS_THREADING_C */ 101 | 102 | #ifdef __cplusplus 103 | } 104 | #endif 105 | 106 | #endif /* threading.h */ 107 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/timing.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file timing.h 3 | * 4 | * \brief Portable interface to the CPU cycle counter 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_TIMING_H 24 | #define MBEDTLS_TIMING_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #if !defined(MBEDTLS_TIMING_ALT) 33 | // Regular implementation 34 | // 35 | 36 | #include 37 | 38 | #ifdef __cplusplus 39 | extern "C" { 40 | #endif 41 | 42 | /** 43 | * \brief timer structure 44 | */ 45 | struct mbedtls_timing_hr_time 46 | { 47 | unsigned char opaque[32]; 48 | }; 49 | 50 | /** 51 | * \brief Context for mbedtls_timing_set/get_delay() 52 | */ 53 | typedef struct 54 | { 55 | struct mbedtls_timing_hr_time timer; 56 | uint32_t int_ms; 57 | uint32_t fin_ms; 58 | } mbedtls_timing_delay_context; 59 | 60 | extern volatile int mbedtls_timing_alarmed; 61 | 62 | /** 63 | * \brief Return the CPU cycle counter value 64 | * 65 | * \warning This is only a best effort! Do not rely on this! 66 | * In particular, it is known to be unreliable on virtual 67 | * machines. 68 | */ 69 | unsigned long mbedtls_timing_hardclock( void ); 70 | 71 | /** 72 | * \brief Return the elapsed time in milliseconds 73 | * 74 | * \param val points to a timer structure 75 | * \param reset if set to 1, the timer is restarted 76 | */ 77 | unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); 78 | 79 | /** 80 | * \brief Setup an alarm clock 81 | * 82 | * \param seconds delay before the "mbedtls_timing_alarmed" flag is set 83 | * 84 | * \warning Only one alarm at a time is supported. In a threaded 85 | * context, this means one for the whole process, not one per 86 | * thread. 87 | */ 88 | void mbedtls_set_alarm( int seconds ); 89 | 90 | /** 91 | * \brief Set a pair of delays to watch 92 | * (See \c mbedtls_timing_get_delay().) 93 | * 94 | * \param data Pointer to timing data 95 | * Must point to a valid \c mbedtls_timing_delay_context struct. 96 | * \param int_ms First (intermediate) delay in milliseconds. 97 | * \param fin_ms Second (final) delay in milliseconds. 98 | * Pass 0 to cancel the current delay. 99 | */ 100 | void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); 101 | 102 | /** 103 | * \brief Get the status of delays 104 | * (Memory helper: number of delays passed.) 105 | * 106 | * \param data Pointer to timing data 107 | * Must point to a valid \c mbedtls_timing_delay_context struct. 108 | * 109 | * \return -1 if cancelled (fin_ms = 0) 110 | * 0 if none of the delays are passed, 111 | * 1 if only the intermediate delay is passed, 112 | * 2 if the final delay is passed. 113 | */ 114 | int mbedtls_timing_get_delay( void *data ); 115 | 116 | #ifdef __cplusplus 117 | } 118 | #endif 119 | 120 | #else /* MBEDTLS_TIMING_ALT */ 121 | #include "timing_alt.h" 122 | #endif /* MBEDTLS_TIMING_ALT */ 123 | 124 | #ifdef __cplusplus 125 | extern "C" { 126 | #endif 127 | 128 | #if defined(MBEDTLS_SELF_TEST) 129 | /** 130 | * \brief Checkup routine 131 | * 132 | * \return 0 if successful, or 1 if a test failed 133 | */ 134 | int mbedtls_timing_self_test( int verbose ); 135 | #endif 136 | 137 | #ifdef __cplusplus 138 | } 139 | #endif 140 | 141 | #endif /* timing.h */ 142 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/version.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file version.h 3 | * 4 | * \brief Run-time version information 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | /* 24 | * This set of compile-time defines and run-time variables can be used to 25 | * determine the version number of the mbed TLS library used. 26 | */ 27 | #ifndef MBEDTLS_VERSION_H 28 | #define MBEDTLS_VERSION_H 29 | 30 | #if !defined(MBEDTLS_CONFIG_FILE) 31 | #include "config.h" 32 | #else 33 | #include MBEDTLS_CONFIG_FILE 34 | #endif 35 | 36 | /** 37 | * The version number x.y.z is split into three parts. 38 | * Major, Minor, Patchlevel 39 | */ 40 | #define MBEDTLS_VERSION_MAJOR 2 41 | #define MBEDTLS_VERSION_MINOR 6 42 | #define MBEDTLS_VERSION_PATCH 0 43 | 44 | /** 45 | * The single version number has the following structure: 46 | * MMNNPP00 47 | * Major version | Minor version | Patch version 48 | */ 49 | #define MBEDTLS_VERSION_NUMBER 0x02060000 50 | #define MBEDTLS_VERSION_STRING "2.6.0" 51 | #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.6.0" 52 | 53 | #if defined(MBEDTLS_VERSION_C) 54 | 55 | #ifdef __cplusplus 56 | extern "C" { 57 | #endif 58 | 59 | /** 60 | * Get the version number. 61 | * 62 | * \return The constructed version number in the format 63 | * MMNNPP00 (Major, Minor, Patch). 64 | */ 65 | unsigned int mbedtls_version_get_number( void ); 66 | 67 | /** 68 | * Get the version string ("x.y.z"). 69 | * 70 | * \param string The string that will receive the value. 71 | * (Should be at least 9 bytes in size) 72 | */ 73 | void mbedtls_version_get_string( char *string ); 74 | 75 | /** 76 | * Get the full version string ("mbed TLS x.y.z"). 77 | * 78 | * \param string The string that will receive the value. The mbed TLS version 79 | * string will use 18 bytes AT MOST including a terminating 80 | * null byte. 81 | * (So the buffer should be at least 18 bytes to receive this 82 | * version string). 83 | */ 84 | void mbedtls_version_get_string_full( char *string ); 85 | 86 | /** 87 | * \brief Check if support for a feature was compiled into this 88 | * mbed TLS binary. This allows you to see at runtime if the 89 | * library was for instance compiled with or without 90 | * Multi-threading support. 91 | * 92 | * \note only checks against defines in the sections "System 93 | * support", "mbed TLS modules" and "mbed TLS feature 94 | * support" in config.h 95 | * 96 | * \param feature The string for the define to check (e.g. "MBEDTLS_AES_C") 97 | * 98 | * \return 0 if the feature is present, 99 | * -1 if the feature is not present and 100 | * -2 if support for feature checking as a whole was not 101 | * compiled in. 102 | */ 103 | int mbedtls_version_check_feature( const char *feature ); 104 | 105 | #ifdef __cplusplus 106 | } 107 | #endif 108 | 109 | #endif /* MBEDTLS_VERSION_C */ 110 | 111 | #endif /* version.h */ 112 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/x509_crl.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file x509_crl.h 3 | * 4 | * \brief X.509 certificate revocation list parsing 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_X509_CRL_H 24 | #define MBEDTLS_X509_CRL_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include "x509.h" 33 | 34 | #ifdef __cplusplus 35 | extern "C" { 36 | #endif 37 | 38 | /** 39 | * \addtogroup x509_module 40 | * \{ */ 41 | 42 | /** 43 | * \name Structures and functions for parsing CRLs 44 | * \{ 45 | */ 46 | 47 | /** 48 | * Certificate revocation list entry. 49 | * Contains the CA-specific serial numbers and revocation dates. 50 | */ 51 | typedef struct mbedtls_x509_crl_entry 52 | { 53 | mbedtls_x509_buf raw; 54 | 55 | mbedtls_x509_buf serial; 56 | 57 | mbedtls_x509_time revocation_date; 58 | 59 | mbedtls_x509_buf entry_ext; 60 | 61 | struct mbedtls_x509_crl_entry *next; 62 | } 63 | mbedtls_x509_crl_entry; 64 | 65 | /** 66 | * Certificate revocation list structure. 67 | * Every CRL may have multiple entries. 68 | */ 69 | typedef struct mbedtls_x509_crl 70 | { 71 | mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ 72 | mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ 73 | 74 | int version; /**< CRL version (1=v1, 2=v2) */ 75 | mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ 76 | 77 | mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */ 78 | 79 | mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ 80 | 81 | mbedtls_x509_time this_update; 82 | mbedtls_x509_time next_update; 83 | 84 | mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */ 85 | 86 | mbedtls_x509_buf crl_ext; 87 | 88 | mbedtls_x509_buf sig_oid2; 89 | mbedtls_x509_buf sig; 90 | mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ 91 | mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ 92 | void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ 93 | 94 | struct mbedtls_x509_crl *next; 95 | } 96 | mbedtls_x509_crl; 97 | 98 | /** 99 | * \brief Parse a DER-encoded CRL and append it to the chained list 100 | * 101 | * \param chain points to the start of the chain 102 | * \param buf buffer holding the CRL data in DER format 103 | * \param buflen size of the buffer 104 | * (including the terminating null byte for PEM data) 105 | * 106 | * \return 0 if successful, or a specific X509 or PEM error code 107 | */ 108 | int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, 109 | const unsigned char *buf, size_t buflen ); 110 | /** 111 | * \brief Parse one or more CRLs and append them to the chained list 112 | * 113 | * \note Mutliple CRLs are accepted only if using PEM format 114 | * 115 | * \param chain points to the start of the chain 116 | * \param buf buffer holding the CRL data in PEM or DER format 117 | * \param buflen size of the buffer 118 | * (including the terminating null byte for PEM data) 119 | * 120 | * \return 0 if successful, or a specific X509 or PEM error code 121 | */ 122 | int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ); 123 | 124 | #if defined(MBEDTLS_FS_IO) 125 | /** 126 | * \brief Load one or more CRLs and append them to the chained list 127 | * 128 | * \note Mutliple CRLs are accepted only if using PEM format 129 | * 130 | * \param chain points to the start of the chain 131 | * \param path filename to read the CRLs from (in PEM or DER encoding) 132 | * 133 | * \return 0 if successful, or a specific X509 or PEM error code 134 | */ 135 | int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); 136 | #endif /* MBEDTLS_FS_IO */ 137 | 138 | /** 139 | * \brief Returns an informational string about the CRL. 140 | * 141 | * \param buf Buffer to write to 142 | * \param size Maximum size of buffer 143 | * \param prefix A line prefix 144 | * \param crl The X509 CRL to represent 145 | * 146 | * \return The length of the string written (not including the 147 | * terminated nul byte), or a negative error code. 148 | */ 149 | int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, 150 | const mbedtls_x509_crl *crl ); 151 | 152 | /** 153 | * \brief Initialize a CRL (chain) 154 | * 155 | * \param crl CRL chain to initialize 156 | */ 157 | void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ); 158 | 159 | /** 160 | * \brief Unallocate all CRL data 161 | * 162 | * \param crl CRL chain to free 163 | */ 164 | void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ); 165 | 166 | /* \} name */ 167 | /* \} addtogroup x509_module */ 168 | 169 | #ifdef __cplusplus 170 | } 171 | #endif 172 | 173 | #endif /* mbedtls_x509_crl.h */ 174 | -------------------------------------------------------------------------------- /firmware/src/mbedtls/xtea.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file xtea.h 3 | * 4 | * \brief XTEA block cipher (32-bit) 5 | * 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 7 | * SPDX-License-Identifier: Apache-2.0 8 | * 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 | * not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * 21 | * This file is part of mbed TLS (https://tls.mbed.org) 22 | */ 23 | #ifndef MBEDTLS_XTEA_H 24 | #define MBEDTLS_XTEA_H 25 | 26 | #if !defined(MBEDTLS_CONFIG_FILE) 27 | #include "config.h" 28 | #else 29 | #include MBEDTLS_CONFIG_FILE 30 | #endif 31 | 32 | #include 33 | #include 34 | 35 | #define MBEDTLS_XTEA_ENCRYPT 1 36 | #define MBEDTLS_XTEA_DECRYPT 0 37 | 38 | #define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */ 39 | 40 | #if !defined(MBEDTLS_XTEA_ALT) 41 | // Regular implementation 42 | // 43 | 44 | #ifdef __cplusplus 45 | extern "C" { 46 | #endif 47 | 48 | /** 49 | * \brief XTEA context structure 50 | */ 51 | typedef struct 52 | { 53 | uint32_t k[4]; /*!< key */ 54 | } 55 | mbedtls_xtea_context; 56 | 57 | /** 58 | * \brief Initialize XTEA context 59 | * 60 | * \param ctx XTEA context to be initialized 61 | */ 62 | void mbedtls_xtea_init( mbedtls_xtea_context *ctx ); 63 | 64 | /** 65 | * \brief Clear XTEA context 66 | * 67 | * \param ctx XTEA context to be cleared 68 | */ 69 | void mbedtls_xtea_free( mbedtls_xtea_context *ctx ); 70 | 71 | /** 72 | * \brief XTEA key schedule 73 | * 74 | * \param ctx XTEA context to be initialized 75 | * \param key the secret key 76 | */ 77 | void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] ); 78 | 79 | /** 80 | * \brief XTEA cipher function 81 | * 82 | * \param ctx XTEA context 83 | * \param mode MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT 84 | * \param input 8-byte input block 85 | * \param output 8-byte output block 86 | * 87 | * \return 0 if successful 88 | */ 89 | int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, 90 | int mode, 91 | const unsigned char input[8], 92 | unsigned char output[8] ); 93 | 94 | #if defined(MBEDTLS_CIPHER_MODE_CBC) 95 | /** 96 | * \brief XTEA CBC cipher function 97 | * 98 | * \param ctx XTEA context 99 | * \param mode MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT 100 | * \param length the length of input, multiple of 8 101 | * \param iv initialization vector for CBC mode 102 | * \param input input block 103 | * \param output output block 104 | * 105 | * \return 0 if successful, 106 | * MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0 107 | */ 108 | int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, 109 | int mode, 110 | size_t length, 111 | unsigned char iv[8], 112 | const unsigned char *input, 113 | unsigned char *output); 114 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ 115 | 116 | #ifdef __cplusplus 117 | } 118 | #endif 119 | 120 | #else /* MBEDTLS_XTEA_ALT */ 121 | #include "xtea_alt.h" 122 | #endif /* MBEDTLS_XTEA_ALT */ 123 | 124 | #ifdef __cplusplus 125 | extern "C" { 126 | #endif 127 | 128 | /** 129 | * \brief Checkup routine 130 | * 131 | * \return 0 if successful, or 1 if the test failed 132 | */ 133 | int mbedtls_xtea_self_test( int verbose ); 134 | 135 | #ifdef __cplusplus 136 | } 137 | #endif 138 | 139 | #endif /* xtea.h */ 140 | -------------------------------------------------------------------------------- /firmware/stm32-h103.ld: -------------------------------------------------------------------------------- 1 | /* 2 | * This file is part of the libopencm3 project. 3 | * 4 | * Copyright (C) 2009 Uwe Hermann 5 | * 6 | * This library is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU Lesser General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This library is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public License 17 | * along with this library. If not, see . 18 | */ 19 | 20 | /* Linker script for Olimex STM32-H103 (STM32F103RBT6, 128K flash, 20K RAM). */ 21 | 22 | /* Define memory regions. */ 23 | MEMORY 24 | { 25 | rom (rx) : ORIGIN = 0x08000000, LENGTH = 128K 26 | ram (rwx) : ORIGIN = 0x20000000, LENGTH = 20K 27 | } 28 | 29 | /* Include the common ld script. */ 30 | INCLUDE ../libopencm3_stm32f1.ld 31 | 32 | -------------------------------------------------------------------------------- /howto/99-ttyacms.rules: -------------------------------------------------------------------------------- 1 | ATTRS{idVendor}=="f055" ATTRS{idProduct}=="0001", ENV{ID_MM_DEVICE_IGNORE}="1" 2 | 3 | -------------------------------------------------------------------------------- /howto/bluepill.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nuclearcat/cedarkey/76ba81c694584b3993a7d91f25f3283a94269b97/howto/bluepill.jpg -------------------------------------------------------------------------------- /howto/dupont_female.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nuclearcat/cedarkey/76ba81c694584b3993a7d91f25f3283a94269b97/howto/dupont_female.jpg -------------------------------------------------------------------------------- /howto/geekbuying_stlink.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nuclearcat/cedarkey/76ba81c694584b3993a7d91f25f3283a94269b97/howto/geekbuying_stlink.jpg -------------------------------------------------------------------------------- /userspace/Makefile: -------------------------------------------------------------------------------- 1 | TARGET = cedaragent 2 | LIBS = -lm -lcrypto -lssh ../libscrypt/libscrypt.a 3 | CC = gcc 4 | CFLAGS = -g -Wall -I../mbedtls/include -I../libscrypt 5 | 6 | .PHONY: default all clean 7 | 8 | default: $(TARGET) 9 | all: default 10 | 11 | VPATH += ../mbedtls/library 12 | OBJECTS = $(patsubst %.c, %.o, $(wildcard *.c)) 13 | OBJECTS += pk.o pem.o rsa.o md.o bignum.o md5.o pk_wrap.o base64.o des.o aes.o asn1parse.o md_wrap.o sha1.o sha256.o sha512.o oid.o ecdsa.o aesni.o 14 | OBJECTS += ripemd160.o hmac_drbg.o pkparse.o ecp.o asn1write.o ecp_curves.o pkcs11.o pkcs12.o pkcs5.o arc4.o cipher.o cipher_wrap.o 15 | OBJECTS += gcm.o ccm.o camellia.o blowfish.o error.o 16 | HEADERS = $(wildcard *.h) 17 | 18 | 19 | %.o: %.c $(HEADERS) 20 | $(CC) $(CFLAGS) -c $< -o $@ 21 | 22 | .PRECIOUS: $(TARGET) $(OBJECTS) 23 | 24 | $(TARGET): $(OBJECTS) 25 | $(CC) $(OBJECTS) -Wall $(LDFLAGS) $(LIBS) -o $@ 26 | 27 | clean: 28 | -rm -f *.o 29 | -rm -f $(TARGET) 30 | --------------------------------------------------------------------------------