mirror of
https://github.com/Ai-Thinker-Open/Ai-Thinker-Open_RTL8710BX_ALIOS_SDK.git
synced 2026-07-07 03:05:38 +00:00
rel_1.6.0 init
This commit is contained in:
commit
27b3e2883d
19359 changed files with 8093121 additions and 0 deletions
74
Living_SDK/security/include/id2/config.h
Normal file
74
Living_SDK/security/include/id2/config.h
Normal file
|
|
@ -0,0 +1,74 @@
|
|||
/*
|
||||
* Copyright (C) 2015-2017 Alibaba Group Holding Limited
|
||||
*/
|
||||
|
||||
#ifndef __CONFIG_H__
|
||||
#define __CONFIG_H__
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#ifdef WIN32
|
||||
#define snprintf _snprintf
|
||||
#endif
|
||||
#define __FUNC_NAME__ __FUNCTION__
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#define ID2_HASH_TYPE_SHA256 2
|
||||
|
||||
#define ID2_CRYPTO_TYPE_3DES 1
|
||||
#define ID2_CRYPTO_TYPE_AES 2
|
||||
#define ID2_CRYPTO_TYPE_RSA 3
|
||||
|
||||
#define ID2_HASH_TYPE_CONFIG ID2_HASH_TYPE_SHA256
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
//[config: local verification]
|
||||
|
||||
#ifndef ID2_DEBUG
|
||||
#define ID2_DEBUG 0
|
||||
#endif
|
||||
#ifndef ID2_OTP_LOCAL_TEST
|
||||
#define ID2_OTP_LOCAL_TEST 0
|
||||
#endif
|
||||
#ifndef ID2_LOCAL_TEST
|
||||
#define ID2_LOCAL_TEST 0
|
||||
#endif
|
||||
#ifndef ID2_SET_ID_KEY_SUPPORTED
|
||||
#define ID2_SET_ID_KEY_SUPPORTED 0
|
||||
#endif
|
||||
#ifndef ID2_KM_API_EMU
|
||||
#define ID2_KM_API_EMU 0
|
||||
#endif
|
||||
|
||||
//[config: iTLS and OTP]
|
||||
#ifndef ID2_ITLS_SUPPORTED
|
||||
#define ID2_ITLS_SUPPORTED 1
|
||||
#endif
|
||||
|
||||
#ifndef ID2_OTP_SUPPORTED
|
||||
#define ID2_OTP_SUPPORTED 0
|
||||
#endif
|
||||
|
||||
#ifndef ID2_USE_ALI_CRYPTO
|
||||
#define ID2_USE_ALI_CRYPTO 1
|
||||
#endif
|
||||
|
||||
#ifndef ID2_CRYPTO_TYPE_CONFIG
|
||||
#define ID2_CRYPTO_TYPE_CONFIG ID2_CRYPTO_TYPE_AES
|
||||
#endif
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#if ((ID2_CRYPTO_TYPE_CONFIG != ID2_CRYPTO_TYPE_3DES) && (ID2_CRYPTO_TYPE_CONFIG != ID2_CRYPTO_TYPE_AES) && (ID2_CRYPTO_TYPE_CONFIG != ID2_CRYPTO_TYPE_RSA))
|
||||
#error("ID2_CRYPTO_TYPE_CONFIG error.");
|
||||
#endif
|
||||
|
||||
#if (ID2_HASH_TYPE_CONFIG != ID2_HASH_TYPE_SHA256)
|
||||
#error("ID2_HASH_TYPE_CONFIG error.");
|
||||
#endif
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#endif
|
||||
33
Living_SDK/security/include/id2/error_code.h
Normal file
33
Living_SDK/security/include/id2/error_code.h
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
/*
|
||||
* Copyright (C) 2015-2017 Alibaba Group Holding Limited
|
||||
*/
|
||||
|
||||
#ifndef __ERROR_CODE_H__
|
||||
#define __ERROR_CODE_H__
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef enum
|
||||
{
|
||||
IROT_SUCCESS = 0, ///< The operation was successful.
|
||||
IROT_ERROR_GENERIC = -1, ///< Non-specific casuse.
|
||||
IROT_ERROR_BAD_PARAMETERS = -2, ///< Input parameters were invlid.
|
||||
IROT_ERROR_SHORT_BUFFER = -3, ///< The supplied buffer is too short for the output.
|
||||
IROT_ERROR_EXCESS_DATA = -4, ///< Too much data for the requested operation was passed.
|
||||
IROT_ERROR_OUT_OF_MEMORY = -5, ///< System out of memory resources.
|
||||
IROT_ERROR_COMMUNICATION = -7, ///< Communication error
|
||||
IROT_ERROR_NOT_SUPPORTED = -8, ///< The request operation is valid but is not supported in this implementation.
|
||||
IROT_ERROR_NOT_IMPLEMENTED = -9, ///< The requested operation should exist but is not yet implementation.
|
||||
IROT_ERROR_TIMEOUT = -10,///< Communication Timeout
|
||||
IROT_ERROR_ITEM_NOT_FOUND = -11,///< Id2 is not exist
|
||||
} irot_result_t;
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
185
Living_SDK/security/include/id2/id2_client.h
Normal file
185
Living_SDK/security/include/id2/id2_client.h
Normal file
|
|
@ -0,0 +1,185 @@
|
|||
/*
|
||||
* Copyright (C) 2015-2017 Alibaba Group Holding Limited
|
||||
*/
|
||||
|
||||
#ifndef __ID2_CLIENT_H__
|
||||
#define __ID2_CLIENT_H__
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
#include "error_code.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
|
||||
#define ID2_ID_LEN 24
|
||||
#define ID2_MAX_SERVER_RANDOM_LEN 32
|
||||
#define ID2_MAX_DEVICE_RANDOM_LEN 16
|
||||
#define ID2_MAX_EXTRA_LEN 512
|
||||
#define ID2_MAX_CRYPTO_LEN 4096
|
||||
#define AUTH_CODE_BUF_LEN 256
|
||||
|
||||
|
||||
/**
|
||||
* @brief initialize the id2 client resource, must be called first before other ID2 client API.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_init(void);
|
||||
|
||||
/**
|
||||
* @brief get the id2-client-sdk version number
|
||||
* @param[out] pversion the version number for output
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_get_version(uint32_t* pversion);
|
||||
|
||||
/**
|
||||
* @brief get ID2 information
|
||||
*
|
||||
* @param[out] id the ID2 buffer, buffer size must >= ID2_ID_LEN.
|
||||
* @param[inout] len input with the ID2 buffer size, ouput the real data length.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_get_id(uint8_t* id, uint32_t* len);
|
||||
|
||||
/**
|
||||
* @brief get the authentication code with the challenge mode.
|
||||
*
|
||||
* @param[in] server_random random data from ID2 server.
|
||||
* @param[in] extra extra data, optional data, no more than 512 bytes.
|
||||
* @param[in] extra_len length of extra data.
|
||||
* @param[out] auth_code the auth code output buffer.
|
||||
* @param[inout] auth_code_len input with the output buffer size, ouput the real data length.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_get_challenge_auth_code(const char* server_random, const uint8_t* extra, uint32_t extra_len, uint8_t* auth_code, uint32_t* auth_code_len);
|
||||
|
||||
/**
|
||||
* @brief get the authentication code with timestamp mode.
|
||||
*
|
||||
* @param[in] timestamp the number of milliseconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC)
|
||||
* @param[in] extra extra data, optional data, no more than 512 bytes.
|
||||
* @param[in] extra_len length of extra data.
|
||||
* @param[out] auth_code the auth code output buffer.
|
||||
* @param[inout] auth_code_len input with the output buffer size, ouput the real data length.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_get_timestamp_auth_code(const char* timestamp, const uint8_t* extra, uint32_t extra_len, uint8_t* auth_code, uint32_t* auth_code_len);
|
||||
|
||||
/**
|
||||
* @brief decrypt the input data with ID2 key.
|
||||
*
|
||||
* @param[in] in input data.
|
||||
* @param[in] in_len lenth of the input data, which must <= 4096 bytes.
|
||||
* @param[out] out output buffer for decrypt data.
|
||||
* @param[inout] out_len input with the output buffer size, ouput the real data length.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_decrypt(const uint8_t* in, uint32_t in_len, uint8_t* out, uint32_t* out_len);
|
||||
|
||||
|
||||
/**
|
||||
* @brief get the challenge form device.
|
||||
*
|
||||
* @param[out] device_random_buf output buffer for device challenge.
|
||||
* @param[inout] device_random_len input with the output buffer size, ouput the real data length.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_get_device_challenge(uint8_t* device_random_buf, uint32_t* device_random_len);
|
||||
|
||||
/**
|
||||
* @brief verify the auth code from server.
|
||||
*
|
||||
* @param[in] server_auth_code auth code of server.
|
||||
* @param[in] server_auth_code_len auth code length.
|
||||
* @param[in] device_random device challenge, may be NULL if the get_device_challenge has been called.
|
||||
* @param[in] device_random_len the length of device challenge, must set to 0 if device_random is null.
|
||||
* @param[in] server_extra extra data of server.
|
||||
* @param[in] server_extra_len extra data length.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_verify_server(const uint8_t* server_auth_code, uint32_t server_auth_code_len, const uint8_t* device_random, uint32_t device_random_len, const uint8_t* server_extra, uint32_t server_extra_len);
|
||||
|
||||
|
||||
/* ================================ ID2 OTP Functions ===================================== */
|
||||
|
||||
/**
|
||||
* @brief get the device id2 provisiong status.
|
||||
* @param[out] is_prov the provisioning status.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_get_prov_stat(bool *is_prov);
|
||||
|
||||
/**
|
||||
* @brief get the otp authentication code.
|
||||
*
|
||||
* @param[in] token the provisioning token buffer.
|
||||
* @param[in] token_len length of provisioning token.
|
||||
* @param[out] auth_code the auth code output buffer.
|
||||
* @param[inout] len input with the output buffer size, ouput the real data length.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_get_otp_auth_code(const uint8_t* token, uint32_t token_len,
|
||||
uint8_t* auth_code, uint32_t* len);
|
||||
/**
|
||||
* @brief load the id2 otp data into device.
|
||||
*
|
||||
* @param[in] otp_data the otp data, which is got from id2 server.
|
||||
* @param[in] len length of otp data.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_load_otp_data(const uint8_t *otp_data, uint32_t len);
|
||||
|
||||
|
||||
/**
|
||||
* @brief derive the id2 secret data
|
||||
*
|
||||
* @param[in] seed
|
||||
* @param[out] secret
|
||||
* @param[inout] len
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_get_secret(const char*seed, uint8_t* secret, uint32_t* len);
|
||||
|
||||
|
||||
/**
|
||||
* @brief set ID2 and key only for debug.
|
||||
*
|
||||
* @param[in] id2: the id2 vlaue, (24 character)
|
||||
* @param[in] key_type: 3DES = 0x01, AES = 0x02
|
||||
* @param[in] key: the key value
|
||||
*
|
||||
* for example: id2_client_set_id2_and_key("0102030405060708090A0B0C", 0x01, "0102030405060708090A0B0C0D0E0F101112131415161718");
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
|
||||
irot_result_t id2_client_set_id2_and_key(const char* id2, int key_type, const char* key);
|
||||
|
||||
|
||||
/**
|
||||
* @brief resource release.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t id2_client_cleanup(void);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
56
Living_SDK/security/include/id2/irot_pal.h
Normal file
56
Living_SDK/security/include/id2/irot_pal.h
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
/*
|
||||
* Copyright (C) 2015-2017 Alibaba Group Holding Limited
|
||||
*/
|
||||
|
||||
#ifndef __IROT_PAL_H__
|
||||
#define __IROT_PAL_H__
|
||||
|
||||
#include <stdint.h>
|
||||
#include "error_code.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/**
|
||||
* @brief allocates size bytes and returns a pointer to the allocated memory.
|
||||
*
|
||||
* @param size the memory size.
|
||||
*
|
||||
* @return the pointer to the allocated memory if success else return NULL.
|
||||
*/
|
||||
void* irot_pal_memory_malloc(int size);
|
||||
|
||||
|
||||
/**
|
||||
* @brief free the memory space pointed to by ptr, which must have been returned by a previous call to irot_pal_memory_malloc.
|
||||
*
|
||||
* @param ptr the memory space pointer.
|
||||
*/
|
||||
void irot_pal_memory_free(void* ptr);
|
||||
|
||||
|
||||
/**
|
||||
* @brief generate random number with the given length.
|
||||
*
|
||||
* @param buf output buffer.
|
||||
* @param len the output length to be generated with random bytes.
|
||||
*
|
||||
* @return @see irot_result_t
|
||||
*/
|
||||
irot_result_t irot_pal_get_random(uint8_t* buf, uint32_t len);
|
||||
|
||||
/**
|
||||
* @brief produce the output according to a format like printf.
|
||||
*
|
||||
* @param fmt A string like printf to format the output result.
|
||||
* @param ...
|
||||
*/
|
||||
void irot_pal_log(const char* fmt, ...);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
417
Living_SDK/security/include/irot/km.h
Normal file
417
Living_SDK/security/include/irot/km.h
Normal file
|
|
@ -0,0 +1,417 @@
|
|||
/*
|
||||
* Copyright (C) 2015-2017 Alibaba Group Holding Limited
|
||||
*/
|
||||
|
||||
#ifndef _KM_H_
|
||||
#define _KM_H_
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
//the max key name len that KM can support
|
||||
#define MAX_NAME_LEN 16
|
||||
|
||||
//km error code
|
||||
#define KM_SUCCESS 0x00000000
|
||||
#define KM_ERR_GENERIC 0xffff0000
|
||||
#define KM_ERR_AUTHENTICATION 0xffff0001
|
||||
#define KM_ERR_BAD_PARAMS 0xffff0002
|
||||
#define KM_ERR_NOT_SUPPORTED 0xffff0003
|
||||
#define KM_ERR_BAD_FORMAT 0xffff0004
|
||||
#define KM_ERR_SHORT_BUFFER 0xffff0005
|
||||
#define KM_ERR_OUT_OF_MEMORY 0xffff0006
|
||||
#define KM_ERR_ACCESS_CONFLICT 0xffff0007
|
||||
#define KM_ERR_ITEM_NOT_FOUND 0xffff0008
|
||||
#define KM_ERR_CORRUPT_KEY 0xffff0009
|
||||
#define KM_ERR_OVERFLOW 0xffff000A
|
||||
|
||||
typedef void * km_op_handle_t;
|
||||
|
||||
typedef enum {
|
||||
KM_KEY_FORMAT_X509 = 0, /* for public key export*/
|
||||
KM_KEY_FORMAT_PKCS8 = 1, /* for asymmetric key pair import*/
|
||||
KM_KEY_FORMAT_RAW = 2, /* for symmetric key pair import */
|
||||
} km_format_t;
|
||||
|
||||
/* only support rsa now */
|
||||
typedef enum {
|
||||
KM_RSA,
|
||||
KM_ECC,
|
||||
KM_AES,
|
||||
KM_DES,
|
||||
KM_DES3,
|
||||
KM_HMAC,
|
||||
KM_SM4,
|
||||
} km_key_type;
|
||||
|
||||
typedef enum {
|
||||
KM_ECB,
|
||||
KM_CBC,
|
||||
KM_CTR,
|
||||
KM_XTS, //not support yet
|
||||
KM_GCM,
|
||||
} km_block_mode_type;
|
||||
|
||||
typedef enum {
|
||||
KM_NO_PADDING = 0,
|
||||
KM_PKCS1,
|
||||
KM_PKCS5,
|
||||
KM_PKCS7,
|
||||
} km_padding_type;
|
||||
|
||||
typedef enum {
|
||||
KM_DIGEST_NONE = 0,
|
||||
KM_MD5,
|
||||
KM_SHA1,
|
||||
KM_SHA256,
|
||||
KM_SHA384,
|
||||
KM_SHA512,
|
||||
KM_SM3,
|
||||
} km_digest_type;
|
||||
|
||||
typedef enum {
|
||||
KM_PURPOSE_ENCRYPT,
|
||||
KM_PURPOSE_DECRYPT,
|
||||
KM_PURPOSE_SIGN,
|
||||
KM_PURPOSE_VERIFY,
|
||||
} km_purpose_type;
|
||||
|
||||
typedef struct _km_rsa_gen_param {
|
||||
uint32_t key_size;
|
||||
uint64_t exponent;
|
||||
} km_rsa_gen_param;
|
||||
|
||||
typedef struct _km_sym_gen_param {
|
||||
uint32_t key_size;
|
||||
} km_sym_gen_param;
|
||||
|
||||
typedef struct _km_sign_param {
|
||||
km_padding_type padding_type;
|
||||
km_digest_type digest_type;
|
||||
} km_sign_param;
|
||||
|
||||
typedef struct _km_enc_param {
|
||||
km_padding_type padding_type;
|
||||
} km_enc_param;
|
||||
|
||||
typedef struct _km_cipher_param {
|
||||
km_purpose_type purpose_type;
|
||||
km_block_mode_type block_mode;
|
||||
km_padding_type padding_type;
|
||||
} km_cipher_param;
|
||||
|
||||
typedef struct _km_hmac_param {
|
||||
km_digest_type hash_type;
|
||||
} km_hmac_param;
|
||||
|
||||
typedef struct _km_sym_param {
|
||||
km_key_type key_type;
|
||||
union {
|
||||
km_cipher_param cipher_param;
|
||||
km_hmac_param hmac_param;
|
||||
};
|
||||
} km_sym_param;
|
||||
|
||||
//for import raw format
|
||||
typedef struct _km_rsa_key_t {
|
||||
uint32_t n_len;
|
||||
uint32_t e_len;
|
||||
uint32_t d_len;
|
||||
uint32_t p_len;
|
||||
uint32_t q_len;
|
||||
uint32_t dp_len;
|
||||
uint32_t dq_len;
|
||||
uint32_t iq_len;
|
||||
uint8_t *n;
|
||||
uint8_t *e;
|
||||
uint8_t *d;
|
||||
uint8_t *p;
|
||||
uint8_t *q;
|
||||
uint8_t *dp;
|
||||
uint8_t *dq;
|
||||
uint8_t *iq;
|
||||
} km_rsa_key_t;
|
||||
|
||||
typedef struct _km_sym_key_t {
|
||||
uint32_t key_bit;
|
||||
uint8_t *key;
|
||||
} km_sym_key_t;
|
||||
|
||||
typedef struct _km_key_data_t {
|
||||
km_key_type type;
|
||||
union {
|
||||
km_rsa_key_t rsa_key;
|
||||
km_sym_key_t sym_key;
|
||||
};
|
||||
} km_key_data_t;
|
||||
|
||||
#ifndef KM_FEATURES_BASIC
|
||||
/*
|
||||
* km generate key
|
||||
* param: in: name: key name
|
||||
* param: in: mame_len: key name len
|
||||
* param: in: key_type: generated key type, see km_key_type
|
||||
* param: in: arg: the parameters for generate key
|
||||
* km_rsa_gen_param type for rsa key
|
||||
* km_sym_gen_param type for sym key
|
||||
* return: see km error code
|
||||
* */
|
||||
uint32_t km_generate_key(const char *name, const uint32_t name_len,
|
||||
km_key_type key_type, void *arg);
|
||||
|
||||
/*
|
||||
* km import key
|
||||
* param: in: name: key name
|
||||
* param: in: nam_len: key name len
|
||||
* param: in: format: the format for key data
|
||||
* param: in: key_data: key data to import
|
||||
* param: in: key_data_len: the len of key data
|
||||
* return: see km error code
|
||||
* */
|
||||
uint32_t km_import_key(const char *name, const uint32_t name_len, km_format_t format,
|
||||
const km_key_data_t *key_data, const uint32_t key_data_len);
|
||||
|
||||
/*
|
||||
* km export key
|
||||
* param: in: name: key name
|
||||
* param: in: name_len: key name len
|
||||
* param: in: format: the format for export data
|
||||
* param: out: export_data: the data of exported key
|
||||
* param: in_out: export_data_size:
|
||||
* in: the length of export_data buffer
|
||||
* out: the real length of export_data
|
||||
* return: see km error code
|
||||
* */
|
||||
uint32_t km_export_key(const char *name, const uint32_t name_len, km_format_t format,
|
||||
uint8_t *export_data, uint32_t *export_data_size);
|
||||
|
||||
/*
|
||||
* km mac: computer mac
|
||||
* param: in: name: key name
|
||||
* param: in: name_len: key name len
|
||||
* param: in: mac_params: the params to computer mac
|
||||
* param: in: iv: iv for computer mac , if no need can pass NULL
|
||||
* param: in: iv_len: the length for iv buffer
|
||||
* param: in: src: the source for computer mac
|
||||
* param: in: src_len: the lengthof src buffer
|
||||
* param: out: mac: output mac
|
||||
* param: in_out: mac_len
|
||||
* in: the length of mac buffer
|
||||
* out: the real length of mac result
|
||||
* return: see km error code
|
||||
* */
|
||||
uint32_t km_mac(const char *name, const uint32_t name_len, km_sym_param *mac_params,
|
||||
const uint8_t *iv, const uint32_t iv_len, uint8_t *src, size_t src_len,
|
||||
uint8_t *mac, uint32_t *mac_len);
|
||||
|
||||
/*
|
||||
* km_delete_key: delete key stored in km
|
||||
* param: in: name: key name
|
||||
* param: in: name_len: key name len
|
||||
* return: see km error code
|
||||
* */
|
||||
|
||||
uint32_t km_delete_key(const char *name, const uint32_t name_len);
|
||||
|
||||
/*
|
||||
* km_delete_all: delete all key stored in km
|
||||
* return: see km error code
|
||||
* */
|
||||
uint32_t km_delete_all();
|
||||
|
||||
/*
|
||||
* km_envelope_begin: to generate a digit envelope
|
||||
* param: out: ctx
|
||||
* param: in: name: the root key for the envelope
|
||||
* param: in: name_len: the length of the name
|
||||
* param: in/out: protected_key: the encrypted sub_key
|
||||
* in: for parse envelope
|
||||
* out: for generate envelope
|
||||
* param: in_out: protected_key_len:
|
||||
* in: the length of protected_key buffer
|
||||
* out: the real length of protected_key
|
||||
* param: is_enc: to generate envelope or to parse envelope
|
||||
* KM_PURPOSE_ENCRYPT for parse envelope
|
||||
* KM_PURPOSE_DECRYPT for generate envelope
|
||||
* return: see km error code
|
||||
*
|
||||
* */
|
||||
|
||||
uint32_t km_envelope_begin(void **ctx, const char *name, const uint32_t name_len,
|
||||
uint8_t *iv, uint16_t iv_len,
|
||||
uint8_t *protected_key, uint32_t *protected_key_len, km_purpose_type is_enc);
|
||||
|
||||
/*
|
||||
* km_envelope_update: to generate a digit envelope
|
||||
* param: in: ctx
|
||||
* param: in: src: the source data to encrypt
|
||||
* param: in: src_len: the length of the src
|
||||
* param: out: dest: the out buffer
|
||||
* param: in_out: dest_len:
|
||||
* in: the length of dest buffer
|
||||
* out: the real length of dest buffer
|
||||
* return: see km error code
|
||||
* */
|
||||
|
||||
uint32_t km_envelope_update(void *ctx, uint8_t *src, uint32_t src_len,
|
||||
uint8_t *dest, uint32_t *dest_len);
|
||||
|
||||
/*
|
||||
* km_envelope_update: to generate a digit
|
||||
* param: in: ctx
|
||||
* param: in: src: the source data to encrypt
|
||||
* param: in: src_len: the length of the src
|
||||
* param: out: dest: the out buffer
|
||||
* param: in_out: dest_len:
|
||||
* in: the length of dest buffer
|
||||
* out: the real length of dest buffer
|
||||
* return: see km error code
|
||||
*
|
||||
* */
|
||||
uint32_t km_envelope_finish(void *ctx, uint8_t *src, uint32_t src_len,
|
||||
uint8_t *dest, uint32_t *dest_len);
|
||||
|
||||
/*
|
||||
* to get device id
|
||||
* param: out: id: the out buffer
|
||||
* param: in_out: id_len
|
||||
* in: length of id buffer
|
||||
* out: the real length of id
|
||||
|
||||
* return: see km error code
|
||||
* */
|
||||
uint32_t km_get_attestation(uint8_t *id, uint32_t *id_len);
|
||||
#endif /* KM_FEATURES_BASIC */
|
||||
|
||||
/*
|
||||
* km sign
|
||||
* param: in: name: key name
|
||||
* param: in: name_len: key name len
|
||||
* param: in: sign_params: the params to sign
|
||||
* km_sign_param: for rsa sign
|
||||
* param: in: data: the data to sign
|
||||
* param: in: data_len: the length for data
|
||||
* param: out: out: the out buf
|
||||
* param: in_out: out_len:
|
||||
* in: the length of out buffer
|
||||
* out: the real length of out
|
||||
* return: see km error code
|
||||
*
|
||||
* */
|
||||
|
||||
uint32_t km_sign(const char *name, const uint32_t name_len, void *sign_params,
|
||||
const uint8_t *data, const size_t data_len,
|
||||
uint8_t *out, size_t *out_len);
|
||||
|
||||
/*
|
||||
* km verify
|
||||
* param: in: name: key name
|
||||
* param: in: name_len: key name len
|
||||
* param: in: sign_params: the params to verify
|
||||
* km_sign_param: for rsa sign
|
||||
* param: in: data: the data to verify
|
||||
* param: in: data_len: the length for data
|
||||
* param: in: signature: the signature buffer
|
||||
* param: in: signature_len: the length of signature buffer
|
||||
* return: see km error code
|
||||
*
|
||||
* */
|
||||
uint32_t km_verify(const char *name, const uint32_t name_len, void *sign_params,
|
||||
const uint8_t *data, const size_t data_len,
|
||||
const uint8_t *signature, const size_t signature_len);
|
||||
|
||||
/*
|
||||
* km asymmetric encrypt
|
||||
* param: in: name: key name
|
||||
* param: in: name_len: key name len
|
||||
* param: in: enc_params: the params to encrypt
|
||||
* km_enc_param: for rsa encrypt
|
||||
* param: in: src: the source data to encrypt
|
||||
* param: in: src_len: the length for src
|
||||
* param: in: dest: the out buffet
|
||||
* param: in_out: dest_len:
|
||||
* in: the length of dest buffer
|
||||
* out: the real length of dest
|
||||
* return: see km error code
|
||||
* */
|
||||
uint32_t km_asym_encrypt(const char *name, const uint32_t name_len, void *enc_params,
|
||||
const uint8_t *src, const size_t src_len,
|
||||
uint8_t *dest, size_t *dest_len);
|
||||
/*
|
||||
* km asymmetric decrypt
|
||||
* param: in: name: key name
|
||||
* param: in: name_len: key name len
|
||||
* param: in: enc_params: the params to decrypt
|
||||
* km_enc_param: for rsa encrypt
|
||||
* param: in: src: the source data to encrypt
|
||||
* param: in: src_len: the length for src
|
||||
* param: in: dest: the out buffet
|
||||
* param: in_out: dest_len:
|
||||
* in: the length of dest buffer
|
||||
* out: the real length of dest
|
||||
* return: see km error code
|
||||
* */
|
||||
uint32_t km_asym_decrypt(const char *name, const uint32_t name_len, void *enc_params,
|
||||
const uint8_t *src, const size_t src_len,
|
||||
uint8_t *dest, size_t *dest_len);
|
||||
|
||||
/*
|
||||
* km symmetric cipher
|
||||
* param: in: name: key name
|
||||
* param: in: name_len: key name len
|
||||
* param: in: cipher_params: the params to symmetric cipher
|
||||
* param: in: iv: the iv for symmetric cipher
|
||||
* param: in: iv_len: the length of input iv
|
||||
* param: in: src: the source data to cipher
|
||||
* param: in: src_len: the length for src
|
||||
* param: in: dest: the out buffet
|
||||
* param: in_out: dest_len:
|
||||
* in: the length of dest buffer
|
||||
* out: the real length of dest
|
||||
* return: see km error code
|
||||
* */
|
||||
|
||||
uint32_t km_cipher(const char *name, const uint32_t name_len, km_sym_param *cipher_params,
|
||||
const uint8_t *iv, const uint32_t iv_len, uint8_t *src, size_t src_len,
|
||||
uint8_t *dest, size_t *dest_len);
|
||||
/*
|
||||
* to show km version and new file for no rsvd part platform
|
||||
* return: see km error code
|
||||
* */
|
||||
|
||||
uint32_t km_init();
|
||||
|
||||
/*
|
||||
* to clean resource
|
||||
* */
|
||||
|
||||
void km_cleanup();
|
||||
|
||||
/*
|
||||
* to get id2 id
|
||||
* param: out: the out buffer
|
||||
* param: in_out:
|
||||
* in: length of id2
|
||||
* out: the real length of id2
|
||||
* return: see km error code
|
||||
* */
|
||||
uint32_t km_get_id2(uint8_t *id2, uint32_t *len);
|
||||
/*
|
||||
* to set id2 id
|
||||
* param: in: the id buffer
|
||||
* param: in: the id len
|
||||
* return: see km error code
|
||||
* */
|
||||
uint32_t km_set_id2(uint8_t *id2, uint32_t len);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* _KM_H_ */
|
||||
|
||||
343
Living_SDK/security/include/itls/aes.h
Normal file
343
Living_SDK/security/include/itls/aes.h
Normal file
|
|
@ -0,0 +1,343 @@
|
|||
/**
|
||||
* \file aes.h
|
||||
*
|
||||
* \brief AES block cipher
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_AES_H
|
||||
#define MBEDTLS_AES_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
/* padlock.c and aesni.c rely on these values! */
|
||||
#define MBEDTLS_AES_ENCRYPT 1
|
||||
#define MBEDTLS_AES_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_AES_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief AES context structure
|
||||
*
|
||||
* \note buf is able to hold 32 extra bytes, which can be used:
|
||||
* - for alignment purposes if VIA padlock is used, and/or
|
||||
* - to simplify key expansion in the 256-bit case by
|
||||
* generating an extra round key
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
int nr; /*!< number of rounds */
|
||||
uint32_t *rk; /*!< AES round keys */
|
||||
uint32_t buf[68]; /*!< unaligned data */
|
||||
}
|
||||
mbedtls_aes_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize AES context
|
||||
*
|
||||
* \param ctx AES context to be initialized
|
||||
*/
|
||||
void mbedtls_aes_init( mbedtls_aes_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear AES context
|
||||
*
|
||||
* \param ctx AES context to be cleared
|
||||
*/
|
||||
void mbedtls_aes_free( mbedtls_aes_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief AES key schedule (encryption)
|
||||
*
|
||||
* \param ctx AES context to be initialized
|
||||
* \param key encryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
|
||||
*/
|
||||
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief AES key schedule (decryption)
|
||||
*
|
||||
* \param ctx AES context to be initialized
|
||||
* \param key decryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
|
||||
*/
|
||||
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
/**
|
||||
* \brief AES-ECB block encryption/decryption
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param input 16-byte input block
|
||||
* \param output 16-byte output block
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/**
|
||||
* \brief AES-CBC buffer encryption/decryption
|
||||
* Length should be a multiple of the block
|
||||
* size (16 bytes)
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
|
||||
*/
|
||||
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
/**
|
||||
* \brief AES-CFB128 buffer encryption/decryption.
|
||||
*
|
||||
* Note: Due to the nature of CFB you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv_off offset in IV (updated after use)
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
size_t *iv_off,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief AES-CFB8 buffer encryption/decryption.
|
||||
*
|
||||
* Note: Due to the nature of CFB you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
|
||||
*
|
||||
* \note Upon exit, the content of the IV is updated so that you can
|
||||
* call the function same function again on the following
|
||||
* block(s) of data and get the same result as if it was
|
||||
* encrypted in one call. This allows a "streaming" usage.
|
||||
* If on the other hand you need to retain the contents of the
|
||||
* IV, you should either save it manually or use the cipher
|
||||
* module instead.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
|
||||
* \param length length of the input data
|
||||
* \param iv initialization vector (updated after use)
|
||||
* \param input buffer holding the input data
|
||||
* \param output buffer holding the output data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /*MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
/**
|
||||
* \brief AES-CTR buffer encryption/decryption
|
||||
*
|
||||
* Warning: You have to keep the maximum use of your counter in mind!
|
||||
*
|
||||
* Note: Due to the nature of CTR you should use the same key schedule for
|
||||
* both encryption and decryption. So a context initialized with
|
||||
* mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param length The length of the data
|
||||
* \param nc_off The offset in the current stream_block (for resuming
|
||||
* within current cipher stream). The offset pointer to
|
||||
* should be 0 at the start of a stream.
|
||||
* \param nonce_counter The 128-bit nonce and counter.
|
||||
* \param stream_block The saved stream-block for resuming. Is overwritten
|
||||
* by the function.
|
||||
* \param input The input data stream
|
||||
* \param output The output data stream
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
size_t length,
|
||||
size_t *nc_off,
|
||||
unsigned char nonce_counter[16],
|
||||
unsigned char stream_block[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
/**
|
||||
* \brief Internal AES block encryption function
|
||||
* (Only exposed to allow overriding it,
|
||||
* see MBEDTLS_AES_ENCRYPT_ALT)
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Plaintext block
|
||||
* \param output Output (ciphertext) block
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief Internal AES block decryption function
|
||||
* (Only exposed to allow overriding it,
|
||||
* see MBEDTLS_AES_DECRYPT_ALT)
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Ciphertext block
|
||||
* \param output Output (plaintext) block
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Deprecated internal AES block encryption function
|
||||
* without return value.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Plaintext block
|
||||
* \param output Output (ciphertext) block
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief Deprecated internal AES block decryption function
|
||||
* without return value.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0
|
||||
*
|
||||
* \param ctx AES context
|
||||
* \param input Ciphertext block
|
||||
* \param output Output (plaintext) block
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_AES_ALT */
|
||||
#include "aes_alt.h"
|
||||
#endif /* MBEDTLS_AES_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_aes_self_test( int verbose );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* aes.h */
|
||||
50
Living_SDK/security/include/itls/aes_alt.h
Normal file
50
Living_SDK/security/include/itls/aes_alt.h
Normal file
|
|
@ -0,0 +1,50 @@
|
|||
/**
|
||||
* Copyright (C) 2017 The YunOS IoT Project. All rights reserved.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_AES_ALT_H
|
||||
#define MBEDTLS_AES_ALT_H
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define AES_STATUS_NONE 0
|
||||
#define AES_STATUS_INIT 1
|
||||
#define AES_STATUS_PROCESS 2
|
||||
|
||||
typedef struct
|
||||
{
|
||||
size_t reset;
|
||||
size_t status;
|
||||
uint8_t key[32];
|
||||
size_t key_len;
|
||||
void *ali_ctx;
|
||||
} mbedtls_aes_context;
|
||||
|
||||
void mbedtls_aes_init_alt( mbedtls_aes_context *ctx );
|
||||
void mbedtls_aes_free_alt( mbedtls_aes_context *ctx );
|
||||
|
||||
int mbedtls_aes_setkey_enc_alt( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
int mbedtls_aes_setkey_dec_alt( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
||||
int mbedtls_aes_crypt_ecb_alt( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] );
|
||||
int mbedtls_aes_crypt_cbc_alt( mbedtls_aes_context *ctx,
|
||||
int mode,
|
||||
size_t length,
|
||||
unsigned char iv[16],
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_AES_ALT_H */
|
||||
669
Living_SDK/security/include/itls/check_config.h
Normal file
669
Living_SDK/security/include/itls/check_config.h
Normal file
|
|
@ -0,0 +1,669 @@
|
|||
/**
|
||||
* \file check_config.h
|
||||
*
|
||||
* \brief Consistency checks for configuration options
|
||||
*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
/*
|
||||
* It is recommended to include this file from your config.h
|
||||
* in order to catch dependency issues early.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CHECK_CONFIG_H
|
||||
#define MBEDTLS_CHECK_CONFIG_H
|
||||
|
||||
/*
|
||||
* We assume CHAR_BIT is 8 in many places. In practice, this is true on our
|
||||
* target platforms, so not an issue, but let's just be extra sure.
|
||||
*/
|
||||
#include <limits.h>
|
||||
#if CHAR_BIT != 8
|
||||
#error "mbed TLS requires a platform with 8-bit chars"
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32)
|
||||
#if !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_C is required on Windows"
|
||||
#endif
|
||||
|
||||
/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as
|
||||
* it would confuse config.pl. */
|
||||
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
#endif
|
||||
#endif /* _WIN32 */
|
||||
|
||||
#if defined(TARGET_LIKE_MBED) && \
|
||||
( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
|
||||
#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING) && \
|
||||
!defined(__GNUC__) && !defined(__clang__)
|
||||
#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
|
||||
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
|
||||
#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
|
||||
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
|
||||
#error "MBEDTLS_DHM_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C) && \
|
||||
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
|
||||
#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
|
||||
#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C) && \
|
||||
( !defined(MBEDTLS_ECP_C) || \
|
||||
!defined(MBEDTLS_ASN1_PARSE_C) || \
|
||||
!defined(MBEDTLS_ASN1_WRITE_C) )
|
||||
#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C) && \
|
||||
( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
|
||||
#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
|
||||
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
|
||||
!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
|
||||
#error "MBEDTLS_ECP_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
|
||||
!defined(MBEDTLS_SHA256_C))
|
||||
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) && \
|
||||
defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
|
||||
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
|
||||
&& defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
|
||||
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
|
||||
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
|
||||
( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
|
||||
#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
|
||||
#endif
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
|
||||
( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
|
||||
defined(MBEDTLS_HAVEGE_C) )
|
||||
#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) && ( \
|
||||
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) )
|
||||
#error "MBEDTLS_GCM_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
|
||||
#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
|
||||
#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
|
||||
#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
|
||||
!defined(MBEDTLS_ECDH_C)
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
|
||||
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
|
||||
!defined(MBEDTLS_PKCS1_V15) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
|
||||
!defined(MBEDTLS_PKCS1_V15) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \
|
||||
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
|
||||
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
|
||||
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
|
||||
#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
|
||||
#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
|
||||
#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_C) && \
|
||||
( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
|
||||
#error "MBEDTLS_PK_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
|
||||
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
|
||||
#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
|
||||
#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
|
||||
defined(MBEDTLS_PLATFORM_EXIT_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_C) ||\
|
||||
!defined(MBEDTLS_HAVE_TIME) )
|
||||
#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_C) ||\
|
||||
!defined(MBEDTLS_HAVE_TIME) )
|
||||
#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_C) ||\
|
||||
!defined(MBEDTLS_HAVE_TIME) )
|
||||
#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
|
||||
defined(MBEDTLS_PLATFORM_TIME_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
|
||||
defined(MBEDTLS_PLATFORM_TIME_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
|
||||
defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
|
||||
#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
|
||||
defined(MBEDTLS_PLATFORM_STD_FREE)
|
||||
#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
|
||||
#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
|
||||
#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
|
||||
defined(MBEDTLS_PLATFORM_STD_CALLOC)
|
||||
#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
|
||||
#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
|
||||
defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
|
||||
defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
|
||||
!defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
|
||||
#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
|
||||
#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
|
||||
#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
|
||||
#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
|
||||
!defined(MBEDTLS_PLATFORM_EXIT_ALT)
|
||||
#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
|
||||
!defined(MBEDTLS_HAVE_TIME) )
|
||||
#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
|
||||
!defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
|
||||
#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
|
||||
!defined(MBEDTLS_PLATFORM_PRINTF_ALT)
|
||||
#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
|
||||
!defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
|
||||
#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
|
||||
#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
|
||||
!defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
|
||||
!defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
|
||||
#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
|
||||
!defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
|
||||
#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
|
||||
defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
|
||||
defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
|
||||
!defined(MBEDTLS_OID_C) )
|
||||
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \
|
||||
!defined(MBEDTLS_PKCS1_V15) )
|
||||
#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
|
||||
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
|
||||
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) || \
|
||||
!defined(MBEDTLS_SHA1_C) )
|
||||
#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) || \
|
||||
!defined(MBEDTLS_SHA1_C) )
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) || \
|
||||
!defined(MBEDTLS_SHA1_C) )
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) && \
|
||||
!defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
|
||||
#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) || \
|
||||
!defined(MBEDTLS_MD_C) )
|
||||
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
|
||||
#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2))
|
||||
#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
|
||||
#error "Illegal protocol selection"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
|
||||
#error "Illegal protocol selection"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1)))
|
||||
#error "Illegal protocol selection"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
|
||||
!defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
|
||||
( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
|
||||
#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \
|
||||
( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
|
||||
#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
|
||||
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
|
||||
#endif
|
||||
#define MBEDTLS_THREADING_IMPL
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_ALT)
|
||||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
#define MBEDTLS_THREADING_IMPL
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_C defined, single threading implementation required"
|
||||
#endif
|
||||
#undef MBEDTLS_THREADING_IMPL
|
||||
|
||||
#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
|
||||
#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
|
||||
!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
|
||||
!defined(MBEDTLS_PK_PARSE_C) )
|
||||
#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
|
||||
!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \
|
||||
!defined(MBEDTLS_PK_WRITE_C) )
|
||||
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
|
||||
#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
|
||||
#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
|
||||
#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
|
||||
#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
|
||||
#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
|
||||
#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
|
||||
#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */
|
||||
|
||||
#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \
|
||||
defined(MBEDTLS_HAVE_ASM)
|
||||
#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
|
||||
#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
|
||||
|
||||
/*
|
||||
* Avoid warning from -pedantic. This is a convenient place for this
|
||||
* workaround since this is included by every single file before the
|
||||
* #if defined(MBEDTLS_xxx_C) that results in emtpy translation units.
|
||||
*/
|
||||
typedef int mbedtls_iso_c_forbids_empty_translation_units;
|
||||
|
||||
#endif /* MBEDTLS_CHECK_CONFIG_H */
|
||||
709
Living_SDK/security/include/itls/cipher.h
Normal file
709
Living_SDK/security/include/itls/cipher.h
Normal file
|
|
@ -0,0 +1,709 @@
|
|||
/**
|
||||
* \file cipher.h
|
||||
*
|
||||
* \brief Generic cipher wrapper.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CIPHER_H
|
||||
#define MBEDTLS_CIPHER_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
|
||||
#define MBEDTLS_CIPHER_MODE_AEAD
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
#define MBEDTLS_CIPHER_MODE_WITH_PADDING
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
#define MBEDTLS_CIPHER_MODE_STREAM
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /**< The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 /**< Failed to allocate memory. */
|
||||
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
|
||||
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
|
||||
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
|
||||
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */
|
||||
|
||||
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */
|
||||
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef enum {
|
||||
MBEDTLS_CIPHER_ID_NONE = 0,
|
||||
MBEDTLS_CIPHER_ID_NULL,
|
||||
MBEDTLS_CIPHER_ID_AES,
|
||||
MBEDTLS_CIPHER_ID_DES,
|
||||
MBEDTLS_CIPHER_ID_3DES,
|
||||
MBEDTLS_CIPHER_ID_CAMELLIA,
|
||||
MBEDTLS_CIPHER_ID_BLOWFISH,
|
||||
MBEDTLS_CIPHER_ID_ARC4,
|
||||
} mbedtls_cipher_id_t;
|
||||
|
||||
typedef enum {
|
||||
MBEDTLS_CIPHER_NONE = 0,
|
||||
MBEDTLS_CIPHER_NULL,
|
||||
MBEDTLS_CIPHER_AES_128_ECB,
|
||||
MBEDTLS_CIPHER_AES_192_ECB,
|
||||
MBEDTLS_CIPHER_AES_256_ECB,
|
||||
MBEDTLS_CIPHER_AES_128_CBC,
|
||||
MBEDTLS_CIPHER_AES_192_CBC,
|
||||
MBEDTLS_CIPHER_AES_256_CBC,
|
||||
MBEDTLS_CIPHER_AES_128_CFB128,
|
||||
MBEDTLS_CIPHER_AES_192_CFB128,
|
||||
MBEDTLS_CIPHER_AES_256_CFB128,
|
||||
MBEDTLS_CIPHER_AES_128_CTR,
|
||||
MBEDTLS_CIPHER_AES_192_CTR,
|
||||
MBEDTLS_CIPHER_AES_256_CTR,
|
||||
MBEDTLS_CIPHER_AES_128_GCM,
|
||||
MBEDTLS_CIPHER_AES_192_GCM,
|
||||
MBEDTLS_CIPHER_AES_256_GCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_ECB,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_ECB,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_ECB,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CBC,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CTR,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CTR,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CTR,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_GCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_GCM,
|
||||
MBEDTLS_CIPHER_DES_ECB,
|
||||
MBEDTLS_CIPHER_DES_CBC,
|
||||
MBEDTLS_CIPHER_DES_EDE_ECB,
|
||||
MBEDTLS_CIPHER_DES_EDE_CBC,
|
||||
MBEDTLS_CIPHER_DES_EDE3_ECB,
|
||||
MBEDTLS_CIPHER_DES_EDE3_CBC,
|
||||
MBEDTLS_CIPHER_BLOWFISH_ECB,
|
||||
MBEDTLS_CIPHER_BLOWFISH_CBC,
|
||||
MBEDTLS_CIPHER_BLOWFISH_CFB64,
|
||||
MBEDTLS_CIPHER_BLOWFISH_CTR,
|
||||
MBEDTLS_CIPHER_ARC4_128,
|
||||
MBEDTLS_CIPHER_AES_128_CCM,
|
||||
MBEDTLS_CIPHER_AES_192_CCM,
|
||||
MBEDTLS_CIPHER_AES_256_CCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CCM,
|
||||
} mbedtls_cipher_type_t;
|
||||
|
||||
typedef enum {
|
||||
MBEDTLS_MODE_NONE = 0,
|
||||
MBEDTLS_MODE_ECB,
|
||||
MBEDTLS_MODE_CBC,
|
||||
MBEDTLS_MODE_CFB,
|
||||
MBEDTLS_MODE_OFB, /* Unused! */
|
||||
MBEDTLS_MODE_CTR,
|
||||
MBEDTLS_MODE_GCM,
|
||||
MBEDTLS_MODE_STREAM,
|
||||
MBEDTLS_MODE_CCM,
|
||||
} mbedtls_cipher_mode_t;
|
||||
|
||||
typedef enum {
|
||||
MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default) */
|
||||
MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding */
|
||||
MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding */
|
||||
MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible!) */
|
||||
MBEDTLS_PADDING_NONE, /**< never pad (full blocks only) */
|
||||
} mbedtls_cipher_padding_t;
|
||||
|
||||
typedef enum {
|
||||
MBEDTLS_OPERATION_NONE = -1,
|
||||
MBEDTLS_DECRYPT = 0,
|
||||
MBEDTLS_ENCRYPT,
|
||||
} mbedtls_operation_t;
|
||||
|
||||
enum {
|
||||
/** Undefined key length */
|
||||
MBEDTLS_KEY_LENGTH_NONE = 0,
|
||||
/** Key length, in bits (including parity), for DES keys */
|
||||
MBEDTLS_KEY_LENGTH_DES = 64,
|
||||
/** Key length, in bits (including parity), for DES in two key EDE */
|
||||
MBEDTLS_KEY_LENGTH_DES_EDE = 128,
|
||||
/** Key length, in bits (including parity), for DES in three-key EDE */
|
||||
MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
|
||||
};
|
||||
|
||||
/** Maximum length of any IV, in bytes */
|
||||
#define MBEDTLS_MAX_IV_LENGTH 16
|
||||
/** Maximum block size of any cipher, in bytes */
|
||||
#define MBEDTLS_MAX_BLOCK_LENGTH 16
|
||||
|
||||
/**
|
||||
* Base cipher information (opaque struct).
|
||||
*/
|
||||
typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
|
||||
|
||||
/**
|
||||
* CMAC context (opaque struct).
|
||||
*/
|
||||
typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
|
||||
|
||||
/**
|
||||
* Cipher information. Allows cipher functions to be called in a generic way.
|
||||
*/
|
||||
typedef struct {
|
||||
/** Full cipher identifier (e.g. MBEDTLS_CIPHER_AES_256_CBC) */
|
||||
mbedtls_cipher_type_t type;
|
||||
|
||||
/** Cipher mode (e.g. MBEDTLS_MODE_CBC) */
|
||||
mbedtls_cipher_mode_t mode;
|
||||
|
||||
/** Cipher key length, in bits (default length for variable sized ciphers)
|
||||
* (Includes parity bits for ciphers like DES) */
|
||||
unsigned int key_bitlen;
|
||||
|
||||
/** Name of the cipher */
|
||||
const char * name;
|
||||
|
||||
/** IV/NONCE size, in bytes.
|
||||
* For cipher that accept many sizes: recommended size */
|
||||
unsigned int iv_size;
|
||||
|
||||
/** Flags for variable IV size, variable key size, etc. */
|
||||
int flags;
|
||||
|
||||
/** block size, in bytes */
|
||||
unsigned int block_size;
|
||||
|
||||
/** Base cipher information and functions */
|
||||
const mbedtls_cipher_base_t *base;
|
||||
|
||||
} mbedtls_cipher_info_t;
|
||||
|
||||
/**
|
||||
* Generic cipher context.
|
||||
*/
|
||||
typedef struct {
|
||||
/** Information about the associated cipher */
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
|
||||
/** Key length to use */
|
||||
int key_bitlen;
|
||||
|
||||
/** Operation that the context's key has been initialised for */
|
||||
mbedtls_operation_t operation;
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
/** Padding functions to use, if relevant for cipher mode */
|
||||
void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
|
||||
int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
|
||||
#endif
|
||||
|
||||
/** Buffer for data that hasn't been encrypted yet */
|
||||
unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
|
||||
|
||||
/** Number of bytes that still need processing */
|
||||
size_t unprocessed_len;
|
||||
|
||||
/** Current IV or NONCE_COUNTER for CTR-mode */
|
||||
unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
|
||||
|
||||
/** IV size in bytes (for ciphers with variable-length IVs) */
|
||||
size_t iv_size;
|
||||
|
||||
/** Cipher-specific context */
|
||||
void *cipher_ctx;
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
/** CMAC Specific context */
|
||||
mbedtls_cmac_context_t *cmac_ctx;
|
||||
#endif
|
||||
} mbedtls_cipher_context_t;
|
||||
|
||||
/**
|
||||
* \brief Returns the list of ciphers supported by the generic cipher module.
|
||||
*
|
||||
* \return a statically allocated array of ciphers, the last entry
|
||||
* is 0.
|
||||
*/
|
||||
const int *mbedtls_cipher_list( void );
|
||||
|
||||
/**
|
||||
* \brief Returns the cipher information structure associated
|
||||
* with the given cipher name.
|
||||
*
|
||||
* \param cipher_name Name of the cipher to search for.
|
||||
*
|
||||
* \return the cipher information structure associated with the
|
||||
* given cipher_name, or NULL if not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
|
||||
|
||||
/**
|
||||
* \brief Returns the cipher information structure associated
|
||||
* with the given cipher type.
|
||||
*
|
||||
* \param cipher_type Type of the cipher to search for.
|
||||
*
|
||||
* \return the cipher information structure associated with the
|
||||
* given cipher_type, or NULL if not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
|
||||
|
||||
/**
|
||||
* \brief Returns the cipher information structure associated
|
||||
* with the given cipher id, key size and mode.
|
||||
*
|
||||
* \param cipher_id Id of the cipher to search for
|
||||
* (e.g. MBEDTLS_CIPHER_ID_AES)
|
||||
* \param key_bitlen Length of the key in bits
|
||||
* \param mode Cipher mode (e.g. MBEDTLS_MODE_CBC)
|
||||
*
|
||||
* \return the cipher information structure associated with the
|
||||
* given cipher_type, or NULL if not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
|
||||
int key_bitlen,
|
||||
const mbedtls_cipher_mode_t mode );
|
||||
|
||||
/**
|
||||
* \brief Initialize a cipher_context (as NONE)
|
||||
*/
|
||||
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free and clear the cipher-specific context of ctx.
|
||||
* Freeing ctx itself remains the responsibility of the
|
||||
* caller.
|
||||
*/
|
||||
void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Initialises and fills the cipher context structure with
|
||||
* the appropriate values.
|
||||
*
|
||||
* \note Currently also clears structure. In future versions you
|
||||
* will be required to call mbedtls_cipher_init() on the structure
|
||||
* first.
|
||||
*
|
||||
* \param ctx context to initialise. May not be NULL.
|
||||
* \param cipher_info cipher to use.
|
||||
*
|
||||
* \return 0 on success,
|
||||
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
|
||||
* MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
|
||||
* cipher-specific context failed.
|
||||
*/
|
||||
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
|
||||
|
||||
/**
|
||||
* \brief Returns the block size of the given cipher.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
*
|
||||
* \return size of the cipher's blocks, or 0 if ctx has not been
|
||||
* initialised.
|
||||
*/
|
||||
static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
return 0;
|
||||
|
||||
return ctx->cipher_info->block_size;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the mode of operation for the cipher.
|
||||
* (e.g. MBEDTLS_MODE_CBC)
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
*
|
||||
* \return mode of operation, or MBEDTLS_MODE_NONE if ctx
|
||||
* has not been initialised.
|
||||
*/
|
||||
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
return MBEDTLS_MODE_NONE;
|
||||
|
||||
return ctx->cipher_info->mode;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the size of the cipher's IV/NONCE in bytes.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
*
|
||||
* \return If IV has not been set yet: (recommended) IV size
|
||||
* (0 for ciphers not using IV/NONCE).
|
||||
* If IV has already been set: actual size.
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
return 0;
|
||||
|
||||
if( ctx->iv_size != 0 )
|
||||
return (int) ctx->iv_size;
|
||||
|
||||
return (int) ctx->cipher_info->iv_size;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the type of the given cipher.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
*
|
||||
* \return type of the cipher, or MBEDTLS_CIPHER_NONE if ctx has
|
||||
* not been initialised.
|
||||
*/
|
||||
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
return MBEDTLS_CIPHER_NONE;
|
||||
|
||||
return ctx->cipher_info->type;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the name of the given cipher, as a string.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
*
|
||||
* \return name of the cipher, or NULL if ctx was not initialised.
|
||||
*/
|
||||
static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
return 0;
|
||||
|
||||
return ctx->cipher_info->name;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the key length of the cipher.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
*
|
||||
* \return cipher's key length, in bits, or
|
||||
* MBEDTLS_KEY_LENGTH_NONE if ctx has not been
|
||||
* initialised.
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
return MBEDTLS_KEY_LENGTH_NONE;
|
||||
|
||||
return (int) ctx->cipher_info->key_bitlen;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Returns the operation of the given cipher.
|
||||
*
|
||||
* \param ctx cipher's context. Must have been initialised.
|
||||
*
|
||||
* \return operation (MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT),
|
||||
* or MBEDTLS_OPERATION_NONE if ctx has not been
|
||||
* initialised.
|
||||
*/
|
||||
static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
if( NULL == ctx || NULL == ctx->cipher_info )
|
||||
return MBEDTLS_OPERATION_NONE;
|
||||
|
||||
return ctx->operation;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Set the key to use with the given context.
|
||||
*
|
||||
* \param ctx generic cipher context. May not be NULL. Must have been
|
||||
* initialised using cipher_context_from_type or
|
||||
* cipher_context_from_string.
|
||||
* \param key The key to use.
|
||||
* \param key_bitlen key length to use, in bits.
|
||||
* \param operation Operation that the key will be used for, either
|
||||
* MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails or a cipher specific
|
||||
* error code.
|
||||
*/
|
||||
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
|
||||
int key_bitlen, const mbedtls_operation_t operation );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
/**
|
||||
* \brief Set padding mode, for cipher modes that use padding.
|
||||
* (Default: PKCS7 padding.)
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param mode padding mode
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
|
||||
* if selected padding mode is not supported, or
|
||||
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
|
||||
* does not support padding.
|
||||
*/
|
||||
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||
|
||||
/**
|
||||
* \brief Set the initialization vector (IV) or nonce
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
|
||||
* \param iv_len IV length for ciphers with variable-size IV;
|
||||
* discarded by ciphers with fixed-size IV.
|
||||
*
|
||||
* \returns 0 on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||
*
|
||||
* \note Some ciphers don't use IVs nor NONCE. For these
|
||||
* ciphers, this function has no effect.
|
||||
*/
|
||||
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len );
|
||||
|
||||
/**
|
||||
* \brief Finish preparation of the given context
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
/**
|
||||
* \brief Add additional data (for AEAD ciphers).
|
||||
* Currently only supported with GCM.
|
||||
* Must be called exactly once, after mbedtls_cipher_reset().
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param ad Additional data to use.
|
||||
* \param ad_len Length of ad.
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *ad, size_t ad_len );
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
|
||||
/**
|
||||
* \brief Generic cipher update function. Encrypts/decrypts
|
||||
* using the given cipher context. Writes as many block
|
||||
* size'd blocks of data as possible to output. Any data
|
||||
* that cannot be written immediately will either be added
|
||||
* to the next block, or flushed when cipher_final is
|
||||
* called.
|
||||
* Exception: for MBEDTLS_MODE_ECB, expects single block
|
||||
* in size (e.g. 16 bytes for AES)
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param input buffer holding the input data
|
||||
* \param ilen length of the input data
|
||||
* \param output buffer for the output data. Should be able to hold at
|
||||
* least ilen + block_size. Cannot be the same buffer as
|
||||
* input!
|
||||
* \param olen length of the output data, will be filled with the
|
||||
* actual number of bytes written.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails,
|
||||
* MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
|
||||
* unsupported mode for a cipher or a cipher specific
|
||||
* error code.
|
||||
*
|
||||
* \note If the underlying cipher is GCM, all calls to this
|
||||
* function, except the last one before mbedtls_cipher_finish(),
|
||||
* must have ilen a multiple of the block size.
|
||||
*/
|
||||
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
|
||||
size_t ilen, unsigned char *output, size_t *olen );
|
||||
|
||||
/**
|
||||
* \brief Generic cipher finalisation function. If data still
|
||||
* needs to be flushed from an incomplete block, data
|
||||
* contained within it will be padded with the size of
|
||||
* the last block, and written to the output buffer.
|
||||
*
|
||||
* \param ctx Generic cipher context
|
||||
* \param output buffer to write data to. Needs block_size available.
|
||||
* \param olen length of the data written to the output buffer.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails,
|
||||
* MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
|
||||
* expected a full block but was not provided one,
|
||||
* MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting or a cipher specific error code.
|
||||
*/
|
||||
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *output, size_t *olen );
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
/**
|
||||
* \brief Write tag for AEAD ciphers.
|
||||
* Currently only supported with GCM.
|
||||
* Must be called after mbedtls_cipher_finish().
|
||||
*
|
||||
* \param ctx Generic cipher context
|
||||
* \param tag buffer to write the tag
|
||||
* \param tag_len Length of the tag to write
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief Check tag for AEAD ciphers.
|
||||
* Currently only supported with GCM.
|
||||
* Must be called after mbedtls_cipher_finish().
|
||||
*
|
||||
* \param ctx Generic cipher context
|
||||
* \param tag Buffer holding the tag
|
||||
* \param tag_len Length of the tag to check
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
|
||||
/**
|
||||
* \brief Generic all-in-one encryption/decryption
|
||||
* (for all ciphers except AEAD constructs).
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
|
||||
* \param iv_len IV length for ciphers with variable-size IV;
|
||||
* discarded by ciphers with fixed-size IV.
|
||||
* \param input buffer holding the input data
|
||||
* \param ilen length of the input data
|
||||
* \param output buffer for the output data. Should be able to hold at
|
||||
* least ilen + block_size. Cannot be the same buffer as
|
||||
* input!
|
||||
* \param olen length of the output data, will be filled with the
|
||||
* actual number of bytes written.
|
||||
*
|
||||
* \note Some ciphers don't use IVs nor NONCE. For these
|
||||
* ciphers, use iv = NULL and iv_len = 0.
|
||||
*
|
||||
* \returns 0 on success, or
|
||||
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
|
||||
* expected a full block but was not provided one, or
|
||||
* MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting, or
|
||||
* a cipher specific error code.
|
||||
*/
|
||||
int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen );
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
|
||||
/**
|
||||
* \brief Generic autenticated encryption (AEAD ciphers).
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
|
||||
* \param iv_len IV length for ciphers with variable-size IV;
|
||||
* discarded by ciphers with fixed-size IV.
|
||||
* \param ad Additional data to authenticate.
|
||||
* \param ad_len Length of ad.
|
||||
* \param input buffer holding the input data
|
||||
* \param ilen length of the input data
|
||||
* \param output buffer for the output data.
|
||||
* Should be able to hold at least ilen.
|
||||
* \param olen length of the output data, will be filled with the
|
||||
* actual number of bytes written.
|
||||
* \param tag buffer for the authentication tag
|
||||
* \param tag_len desired tag length
|
||||
*
|
||||
* \returns 0 on success, or
|
||||
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* a cipher specific error code.
|
||||
*/
|
||||
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *ad, size_t ad_len,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief Generic autenticated decryption (AEAD ciphers).
|
||||
*
|
||||
* \param ctx generic cipher context
|
||||
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
|
||||
* \param iv_len IV length for ciphers with variable-size IV;
|
||||
* discarded by ciphers with fixed-size IV.
|
||||
* \param ad Additional data to be authenticated.
|
||||
* \param ad_len Length of ad.
|
||||
* \param input buffer holding the input data
|
||||
* \param ilen length of the input data
|
||||
* \param output buffer for the output data.
|
||||
* Should be able to hold at least ilen.
|
||||
* \param olen length of the output data, will be filled with the
|
||||
* actual number of bytes written.
|
||||
* \param tag buffer holding the authentication tag
|
||||
* \param tag_len length of the authentication tag
|
||||
*
|
||||
* \returns 0 on success, or
|
||||
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* MBEDTLS_ERR_CIPHER_AUTH_FAILED if data isn't authentic,
|
||||
* or a cipher specific error code.
|
||||
*
|
||||
* \note If the data is not authentic, then the output buffer
|
||||
* is zeroed out to prevent the unauthentic plaintext to
|
||||
* be used by mistake, making this interface safer.
|
||||
*/
|
||||
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *ad, size_t ad_len,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CIPHER_H */
|
||||
89
Living_SDK/security/include/itls/config.h
Normal file
89
Living_SDK/security/include/itls/config.h
Normal file
|
|
@ -0,0 +1,89 @@
|
|||
/**
|
||||
* \file config.h
|
||||
*
|
||||
* \brief Configuration options (set of defines)
|
||||
*
|
||||
* This set of compile-time options may be used to enable
|
||||
* or disable features selectively, and reduce the global
|
||||
* memory footprint.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_H
|
||||
#define MBEDTLS_CONFIG_H
|
||||
|
||||
/* System support */
|
||||
#define MBEDTLS_HAVE_ASM
|
||||
#define MBEDTLS_PLATFORM_C
|
||||
#define MBEDTLS_PLATFORM_ALT
|
||||
|
||||
/* mbed TLS feature support */
|
||||
#define MBEDTLS_CIPHER_MODE_CBC
|
||||
#define MBEDTLS_SSL_PROTO_TLS1_2
|
||||
#define MBEDTLS_THREADING_C
|
||||
|
||||
/* mbed TLS modules */
|
||||
#define MBEDTLS_AES_C
|
||||
#define MBEDTLS_CIPHER_C
|
||||
#define MBEDTLS_NET_C
|
||||
#define MBEDTLS_MD_C
|
||||
#define MBEDTLS_SHA256_C
|
||||
#define MBEDTLS_SSL_CLI_C
|
||||
#define MBEDTLS_SSL_TLS_C
|
||||
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
|
||||
/* mbed DTLS modules */
|
||||
#define MBEDTLS_TIMING_C
|
||||
#define MBEDTLS_SSL_COOKIE_C
|
||||
#define MBEDTLS_SSL_PROTO_DTLS
|
||||
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
||||
|
||||
/* iTLS modules */
|
||||
#define MBEDTLS_SSL_PROTO_ITLS
|
||||
#define MBEDTLS_KEY_EXCHANGE_ID2_ENABLED
|
||||
|
||||
/* iTLS debug */
|
||||
#if defined(CONFIG_SSL_DEBUG)
|
||||
#define MBEDTLS_DEBUG_C
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_MD_ALT
|
||||
#define MBEDTLS_AES_ALT
|
||||
|
||||
#if defined(MBEDTLS_MD_ALT)
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#define MBEDTLS_SHA1_ALT
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#define MBEDTLS_SHA256_ALT
|
||||
#endif
|
||||
#endif /* MBEDTLS_MD_ALT */
|
||||
|
||||
#if defined(CONFIG_PLAT_AOS)
|
||||
#define MBEDTLS_THREADING_ALT
|
||||
#define MBEDTLS_NET_ALT
|
||||
#else
|
||||
#define MBEDTLS_THREADING_PTHREAD
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_SSL_MAX_CONTENT_LEN (2 * 1024) /* Size of the input / output buffer */
|
||||
|
||||
#include "check_config.h"
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_H */
|
||||
228
Living_SDK/security/include/itls/debug.h
Normal file
228
Living_SDK/security/include/itls/debug.h
Normal file
|
|
@ -0,0 +1,228 @@
|
|||
/**
|
||||
* \file debug.h
|
||||
*
|
||||
* \brief Functions for controlling and providing debug output from the library.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_DEBUG_H
|
||||
#define MBEDTLS_DEBUG_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#include "ecp.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
|
||||
#define MBEDTLS_DEBUG_STRIP_PARENS( ... ) __VA_ARGS__
|
||||
|
||||
#define MBEDTLS_SSL_DEBUG_MSG( level, args ) \
|
||||
mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__, \
|
||||
MBEDTLS_DEBUG_STRIP_PARENS args )
|
||||
|
||||
#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) \
|
||||
mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
|
||||
|
||||
#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) \
|
||||
mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) \
|
||||
mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) \
|
||||
mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) \
|
||||
mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_DEBUG_C */
|
||||
|
||||
#define MBEDTLS_SSL_DEBUG_MSG( level, args ) do { } while( 0 )
|
||||
#define MBEDTLS_SSL_DEBUG_RET( level, text, ret ) do { } while( 0 )
|
||||
#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 )
|
||||
#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) do { } while( 0 )
|
||||
#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) do { } while( 0 )
|
||||
#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
|
||||
|
||||
#endif /* MBEDTLS_DEBUG_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Set the threshold error level to handle globally all debug output.
|
||||
* Debug messages that have a level over the threshold value are
|
||||
* discarded.
|
||||
* (Default value: 0 = No debug )
|
||||
*
|
||||
* \param threshold theshold level of messages to filter on. Messages at a
|
||||
* higher level will be discarded.
|
||||
* - Debug levels
|
||||
* - 0 No debug
|
||||
* - 1 Error
|
||||
* - 2 State change
|
||||
* - 3 Informational
|
||||
* - 4 Verbose
|
||||
*/
|
||||
void mbedtls_debug_set_threshold( int threshold );
|
||||
|
||||
/**
|
||||
* \brief Print a message to the debug output. This function is always used
|
||||
* through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
|
||||
* context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the message has occurred in
|
||||
* \param line line number the message has occurred at
|
||||
* \param format format specifier, in printf format
|
||||
* \param ... variables used by the format specifier
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief Print the return value of a function to the debug output. This
|
||||
* function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
|
||||
* which supplies the ssl context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the error has occurred in
|
||||
* \param line line number the error has occurred in
|
||||
* \param text the name of the function that returned the error
|
||||
* \param ret the return code value
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *text, int ret );
|
||||
|
||||
/**
|
||||
* \brief Output a buffer of size len bytes to the debug output. This function
|
||||
* is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
|
||||
* which supplies the ssl context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the error has occurred in
|
||||
* \param line line number the error has occurred in
|
||||
* \param text a name or label for the buffer being dumped. Normally the
|
||||
* variable or buffer name
|
||||
* \param buf the buffer to be outputted
|
||||
* \param len length of the buffer
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line, const char *text,
|
||||
const unsigned char *buf, size_t len );
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
/**
|
||||
* \brief Print a MPI variable to the debug output. This function is always
|
||||
* used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
|
||||
* ssl context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the error has occurred in
|
||||
* \param line line number the error has occurred in
|
||||
* \param text a name or label for the MPI being output. Normally the
|
||||
* variable name
|
||||
* \param X the MPI variable
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *text, const mbedtls_mpi *X );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/**
|
||||
* \brief Print an ECP point to the debug output. This function is always
|
||||
* used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
|
||||
* ssl context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the error has occurred in
|
||||
* \param line line number the error has occurred in
|
||||
* \param text a name or label for the ECP point being output. Normally the
|
||||
* variable name
|
||||
* \param X the ECP point
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *text, const mbedtls_ecp_point *X );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
* \brief Print a X.509 certificate structure to the debug output. This
|
||||
* function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
|
||||
* which supplies the ssl context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the error has occurred in
|
||||
* \param line line number the error has occurred in
|
||||
* \param text a name or label for the certificate being output
|
||||
* \param crt X.509 certificate structure
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *text, const mbedtls_x509_crt *crt );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* debug.h */
|
||||
|
||||
101
Living_SDK/security/include/itls/hal_itls.h
Normal file
101
Living_SDK/security/include/itls/hal_itls.h
Normal file
|
|
@ -0,0 +1,101 @@
|
|||
/*
|
||||
* Copyright (C) 2015-2018 Alibaba Group Holding Limited
|
||||
*/
|
||||
|
||||
#ifndef __HAL_ITLS_H__
|
||||
#define __HAL_ITLS_H__
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @brief Get itls library version.
|
||||
*
|
||||
* @param [out] version: @n A pointer to a buffer to receive version string.
|
||||
* @see None.
|
||||
* @note None.
|
||||
*/
|
||||
void hal_itls_get_version(char version[16]);
|
||||
|
||||
/**
|
||||
* @brief Set itls debug levels.
|
||||
*
|
||||
* @param [in] debug_level: @n Specify itls debug levels:
|
||||
* - 0 No debug
|
||||
* - 1 Error
|
||||
* - 2 State change
|
||||
* - 3 Informational
|
||||
* - 4 Verbose
|
||||
* @see None.
|
||||
* @note None.
|
||||
*/
|
||||
void hal_itls_set_debug_level(uint32_t debug_level);
|
||||
|
||||
/**
|
||||
* @brief Establish a itls connection.
|
||||
*
|
||||
* @param [in] host: @n Specify the hostname(IP) of the itls server
|
||||
* @param [in] port: @n Specify the port of itls server
|
||||
* @param [in] product_key @n Specify the product key, terminated with '\0'.
|
||||
* @param [in] product_secret @n Specify the product secret, terminated with '\0'.
|
||||
* @return itls handle.
|
||||
* @see None.
|
||||
* @note None.
|
||||
*/
|
||||
uintptr_t hal_itls_establish(
|
||||
const char *host,
|
||||
uint32_t port,
|
||||
const char *product_key,
|
||||
const char *product_secret);
|
||||
|
||||
/**
|
||||
* @brief Destroy the specific itls connection.
|
||||
*
|
||||
* @param[in] handle: @n Handle of the specific connection.
|
||||
*
|
||||
* @return The result of destroy ssl
|
||||
*
|
||||
* @retval < 0 : Fail.
|
||||
* @retval 0 : Success.
|
||||
*/
|
||||
int32_t hal_itls_destroy(uintptr_t handle);
|
||||
|
||||
/**
|
||||
* @brief Write data into the specific itls connection.
|
||||
*
|
||||
* @param [in] handle: @n Handle of a itls connection.
|
||||
* @param [in] buf: @n A pointer to a buffer containing the data to be transmitted.
|
||||
* @param [in] len: @n The length, in bytes, of the data pointed to by the 'buf' parameter.
|
||||
* @param [in] timeout_ms: @n Specify the timeout value in millisecond.
|
||||
*
|
||||
* @retval < 0 : itls connection error occur..
|
||||
* @retval 0 : No any data be write into the SSL connection in 'timeout_ms' timeout period.
|
||||
* @retval (0, len] : The total number of bytes be written in 'timeout_ms' timeout period.
|
||||
* @see None.
|
||||
*/
|
||||
int32_t hal_itls_write(uintptr_t handle, const char *buf, int len, int timeout_ms);
|
||||
|
||||
/**
|
||||
* @brief Read data from the specific SSL connection with timeout parameter.
|
||||
*
|
||||
* @param [in] handle: @n Handle of a itls connection.
|
||||
* @param [out] buf: @n A pointer to a buffer to receive incoming data.
|
||||
* @param [out] len: @n The length, in bytes, of the data pointed to by the 'buf' parameter.
|
||||
* @param [in] timeout_ms: @n Specify the timeout value in millisecond.
|
||||
*
|
||||
* @retval -2 : itls connection error occur.
|
||||
* @retval -1 : itls connection be closed by remote server.
|
||||
* @retval 0 : No any data be received in 'timeout_ms' timeout period.
|
||||
* @retval (0, len] : The total number of bytes be received in 'timeout_ms' timeout period.
|
||||
* @see None.
|
||||
*/
|
||||
int32_t hal_itls_read(uintptr_t handle, char *buf, int len, int timeout_ms);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* __HAL_ITLS_H__ */
|
||||
40
Living_SDK/security/include/itls/mbedtls_auth.h
Normal file
40
Living_SDK/security/include/itls/mbedtls_auth.h
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
/**
|
||||
* Copyright (C) 2017 The YunOS IoT Project. All rights reserved.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_AUTH_H
|
||||
#define MBEDTLS_AUTH_H
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Key Groups */
|
||||
#define MBEDTLS_KEY_GROUP_ALIBABA_ID2 (0x10001000)
|
||||
|
||||
int mbedtls_write_auth_extra_ext(
|
||||
mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen);
|
||||
|
||||
int mbedtls_write_key_id_ext(
|
||||
mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen);
|
||||
|
||||
int mbedtls_write_auth_code_ext(
|
||||
mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen);
|
||||
|
||||
int mbedtls_parse_hello_verify_ext(
|
||||
mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
|
||||
|
||||
int mbedtls_parse_auth_code_ext(
|
||||
mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
|
||||
|
||||
int mbedtls_parse_pre_master_secret_ext(
|
||||
mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_AUTH_H */
|
||||
354
Living_SDK/security/include/itls/md.h
Normal file
354
Living_SDK/security/include/itls/md.h
Normal file
|
|
@ -0,0 +1,354 @@
|
|||
/**
|
||||
* \file md.h
|
||||
*
|
||||
* \brief Generic message digest wrapper
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_MD_H
|
||||
#define MBEDTLS_MD_H
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
|
||||
#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef enum {
|
||||
MBEDTLS_MD_NONE=0,
|
||||
MBEDTLS_MD_MD2,
|
||||
MBEDTLS_MD_MD4,
|
||||
MBEDTLS_MD_MD5,
|
||||
MBEDTLS_MD_SHA1,
|
||||
MBEDTLS_MD_SHA224,
|
||||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_MD_SHA384,
|
||||
MBEDTLS_MD_SHA512,
|
||||
MBEDTLS_MD_RIPEMD160,
|
||||
} mbedtls_md_type_t;
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
|
||||
#else
|
||||
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Opaque struct defined in md_internal.h
|
||||
*/
|
||||
typedef struct mbedtls_md_info_t mbedtls_md_info_t;
|
||||
|
||||
/**
|
||||
* Generic message digest context.
|
||||
*/
|
||||
typedef struct {
|
||||
/** Information about the associated message digest */
|
||||
const mbedtls_md_info_t *md_info;
|
||||
|
||||
/** Digest-specific context */
|
||||
void *md_ctx;
|
||||
|
||||
/** HMAC part of the context */
|
||||
void *hmac_ctx;
|
||||
} mbedtls_md_context_t;
|
||||
|
||||
/**
|
||||
* \brief Returns the list of digests supported by the generic digest module.
|
||||
*
|
||||
* \return a statically allocated array of digests, the last entry
|
||||
* is 0.
|
||||
*/
|
||||
const int *mbedtls_md_list( void );
|
||||
|
||||
/**
|
||||
* \brief Returns the message digest information associated with the
|
||||
* given digest name.
|
||||
*
|
||||
* \param md_name Name of the digest to search for.
|
||||
*
|
||||
* \return The message digest information associated with md_name or
|
||||
* NULL if not found.
|
||||
*/
|
||||
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
|
||||
|
||||
/**
|
||||
* \brief Returns the message digest information associated with the
|
||||
* given digest type.
|
||||
*
|
||||
* \param md_type type of digest to search for.
|
||||
*
|
||||
* \return The message digest information associated with md_type or
|
||||
* NULL if not found.
|
||||
*/
|
||||
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
|
||||
|
||||
/**
|
||||
* \brief Initialize a md_context (as NONE)
|
||||
* This should always be called first.
|
||||
* Prepares the context for mbedtls_md_setup() or mbedtls_md_free().
|
||||
*/
|
||||
void mbedtls_md_init( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Free and clear the internal structures of ctx.
|
||||
* Can be called at any time after mbedtls_md_init().
|
||||
* Mandatory once mbedtls_md_setup() has been called.
|
||||
*/
|
||||
void mbedtls_md_free( mbedtls_md_context_t *ctx );
|
||||
|
||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief Select MD to use and allocate internal structures.
|
||||
* Should be called after mbedtls_md_init() or mbedtls_md_free().
|
||||
* Makes it necessary to call mbedtls_md_free() later.
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_md_setup() in 2.0.0
|
||||
*
|
||||
* \param ctx Context to set up.
|
||||
* \param md_info Message digest to use.
|
||||
*
|
||||
* \returns \c 0 on success,
|
||||
* \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
|
||||
* \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
|
||||
*/
|
||||
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Select MD to use and allocate internal structures.
|
||||
* Should be called after mbedtls_md_init() or mbedtls_md_free().
|
||||
* Makes it necessary to call mbedtls_md_free() later.
|
||||
*
|
||||
* \param ctx Context to set up.
|
||||
* \param md_info Message digest to use.
|
||||
* \param hmac 0 to save some memory if HMAC will not be used,
|
||||
* non-zero is HMAC is going to be used with this context.
|
||||
*
|
||||
* \returns \c 0 on success,
|
||||
* \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
|
||||
* \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
|
||||
*/
|
||||
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
|
||||
|
||||
/**
|
||||
* \brief Clone the state of an MD context
|
||||
*
|
||||
* \note The two contexts must have been setup to the same type
|
||||
* (cloning from SHA-256 to SHA-512 make no sense).
|
||||
*
|
||||
* \warning Only clones the MD state, not the HMAC state! (for now)
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
|
||||
*/
|
||||
int mbedtls_md_clone( mbedtls_md_context_t *dst,
|
||||
const mbedtls_md_context_t *src );
|
||||
|
||||
/**
|
||||
* \brief Returns the size of the message digest output.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
*
|
||||
* \return size of the message digest output in bytes.
|
||||
*/
|
||||
unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief Returns the type of the message digest output.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
*
|
||||
* \return type of the message digest output.
|
||||
*/
|
||||
mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief Returns the name of the message digest output.
|
||||
*
|
||||
* \param md_info message digest info
|
||||
*
|
||||
* \return name of the message digest output.
|
||||
*/
|
||||
const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
|
||||
|
||||
/**
|
||||
* \brief Prepare the context to digest a new message.
|
||||
* Generally called after mbedtls_md_setup() or mbedtls_md_finish().
|
||||
* Followed by mbedtls_md_update().
|
||||
*
|
||||
* \param ctx generic message digest context.
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_md_starts( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Generic message digest process buffer
|
||||
* Called between mbedtls_md_starts() and mbedtls_md_finish().
|
||||
* May be called repeatedly.
|
||||
*
|
||||
* \param ctx Generic message digest context
|
||||
* \param input buffer holding the datal
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief Generic message digest final digest
|
||||
* Called after mbedtls_md_update().
|
||||
* Usually followed by mbedtls_md_free() or mbedtls_md_starts().
|
||||
*
|
||||
* \param ctx Generic message digest context
|
||||
* \param output Generic message digest checksum result
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief Output = message_digest( input buffer )
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output Generic message digest checksum result
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief Output = message_digest( file contents )
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param path input file name
|
||||
* \param output generic message digest checksum result
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed,
|
||||
* MBEDTLS_ERR_MD_BAD_INPUT_DATA if md_info was NULL.
|
||||
*/
|
||||
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
|
||||
unsigned char *output );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
/**
|
||||
* \brief Set HMAC key and prepare to authenticate a new message.
|
||||
* Usually called after mbedtls_md_setup() or mbedtls_md_hmac_finish().
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param key HMAC secret key
|
||||
* \param keylen length of the HMAC key in bytes
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
||||
size_t keylen );
|
||||
|
||||
/**
|
||||
* \brief Generic HMAC process buffer.
|
||||
* Called between mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
|
||||
* and mbedtls_md_hmac_finish().
|
||||
* May be called repeatedly.
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief Output HMAC.
|
||||
* Called after mbedtls_md_hmac_update().
|
||||
* Usually followed by mbedtls_md_hmac_reset(),
|
||||
* mbedtls_md_hmac_starts(), or mbedtls_md_free().
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param output Generic HMAC checksum result
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
|
||||
|
||||
/**
|
||||
* \brief Prepare to authenticate a new message with the same key.
|
||||
* Called after mbedtls_md_hmac_finish() and before
|
||||
* mbedtls_md_hmac_update().
|
||||
*
|
||||
* \param ctx HMAC context to be reset
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Output = Generic_HMAC( hmac key, input buffer )
|
||||
*
|
||||
* \param md_info message digest info
|
||||
* \param key HMAC secret key
|
||||
* \param keylen length of the HMAC key in bytes
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output Generic HMAC-result
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
/* Internal use */
|
||||
int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_MD_H */
|
||||
142
Living_SDK/security/include/itls/md5.h
Normal file
142
Living_SDK/security/include/itls/md5.h
Normal file
|
|
@ -0,0 +1,142 @@
|
|||
/**
|
||||
* \file md5.h
|
||||
*
|
||||
* \brief MD5 message digest algorithm (hash function)
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_MD5_H
|
||||
#define MBEDTLS_MD5_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief MD5 context structure
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
uint32_t total[2]; /*!< number of bytes processed */
|
||||
uint32_t state[4]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
} mbedtls_md5_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize MD5 context
|
||||
*
|
||||
* \param ctx MD5 context to be initialized
|
||||
*/
|
||||
void mbedtls_md5_init(mbedtls_md5_context *ctx);
|
||||
|
||||
/**
|
||||
* \brief Clear MD5 context
|
||||
*
|
||||
* \param ctx MD5 context to be cleared
|
||||
*/
|
||||
void mbedtls_md5_free(mbedtls_md5_context *ctx);
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) an MD5 context
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*/
|
||||
void mbedtls_md5_clone(mbedtls_md5_context * dst,
|
||||
const mbedtls_md5_context *src);
|
||||
|
||||
/**
|
||||
* \brief MD5 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*/
|
||||
void mbedtls_md5_starts(mbedtls_md5_context *ctx);
|
||||
|
||||
/**
|
||||
* \brief MD5 process buffer
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
void mbedtls_md5_update(mbedtls_md5_context *ctx,
|
||||
const unsigned char *input, size_t ilen);
|
||||
|
||||
/**
|
||||
* \brief MD5 final digest
|
||||
*
|
||||
* \param ctx MD5 context
|
||||
* \param output MD5 checksum result
|
||||
*/
|
||||
void mbedtls_md5_finish(mbedtls_md5_context *ctx, unsigned char output[16]);
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_md5_process(mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64]);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_MD5_ALT */
|
||||
#include "md5_alt.h"
|
||||
#endif /* MBEDTLS_MD5_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
/**
|
||||
* \brief Output = MD5( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output MD5 checksum result
|
||||
*/
|
||||
void mbedtls_md5(const unsigned char *input, size_t ilen,
|
||||
unsigned char output[16]);
|
||||
#endif /* MBEDTLS_MD5_ALT */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_md5_self_test(int verbose);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* mbedtls_md5.h */
|
||||
31
Living_SDK/security/include/itls/net.h
Normal file
31
Living_SDK/security/include/itls/net.h
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
/**
|
||||
* \file net.h
|
||||
*
|
||||
* \brief Deprecated header file that includes itls/net_sockets.h
|
||||
*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
* \deprecated Superseded by itls/net_sockets.h
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#include "itls/net_sockets.h"
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#warning "Deprecated header file: Superseded by itls/net_sockets.h"
|
||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
225
Living_SDK/security/include/itls/net_sockets.h
Normal file
225
Living_SDK/security/include/itls/net_sockets.h
Normal file
|
|
@ -0,0 +1,225 @@
|
|||
/**
|
||||
* \file net_sockets.h
|
||||
*
|
||||
* \brief Network communication functions
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_NET_SOCKETS_H
|
||||
#define MBEDTLS_NET_SOCKETS_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */
|
||||
#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */
|
||||
#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */
|
||||
#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */
|
||||
#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */
|
||||
#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */
|
||||
#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */
|
||||
#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */
|
||||
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */
|
||||
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */
|
||||
#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */
|
||||
|
||||
#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */
|
||||
|
||||
#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
|
||||
#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Wrapper type for sockets.
|
||||
*
|
||||
* Currently backed by just a file descriptor, but might be more in the future
|
||||
* (eg two file descriptors for combined IPv4 + IPv6 support, or additional
|
||||
* structures for hand-made UDP demultiplexing).
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
int fd; /**< The underlying file descriptor */
|
||||
}
|
||||
mbedtls_net_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize a context
|
||||
* Just makes the context ready to be used or freed safely.
|
||||
*
|
||||
* \param ctx Context to initialize
|
||||
*/
|
||||
void mbedtls_net_init( mbedtls_net_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Initiate a connection with host:port in the given protocol
|
||||
*
|
||||
* \param ctx Socket to use
|
||||
* \param host Host to connect to
|
||||
* \param port Port to connect to
|
||||
* \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
|
||||
*
|
||||
* \return 0 if successful, or one of:
|
||||
* MBEDTLS_ERR_NET_SOCKET_FAILED,
|
||||
* MBEDTLS_ERR_NET_UNKNOWN_HOST,
|
||||
* MBEDTLS_ERR_NET_CONNECT_FAILED
|
||||
*
|
||||
* \note Sets the socket in connected mode even with UDP.
|
||||
*/
|
||||
int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
|
||||
|
||||
/**
|
||||
* \brief Create a receiving socket on bind_ip:port in the chosen
|
||||
* protocol. If bind_ip == NULL, all interfaces are bound.
|
||||
*
|
||||
* \param ctx Socket to use
|
||||
* \param bind_ip IP to bind to, can be NULL
|
||||
* \param port Port number to use
|
||||
* \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
|
||||
*
|
||||
* \return 0 if successful, or one of:
|
||||
* MBEDTLS_ERR_NET_SOCKET_FAILED,
|
||||
* MBEDTLS_ERR_NET_BIND_FAILED,
|
||||
* MBEDTLS_ERR_NET_LISTEN_FAILED
|
||||
*
|
||||
* \note Regardless of the protocol, opens the sockets and binds it.
|
||||
* In addition, make the socket listening if protocol is TCP.
|
||||
*/
|
||||
int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
|
||||
|
||||
/**
|
||||
* \brief Accept a connection from a remote client
|
||||
*
|
||||
* \param bind_ctx Relevant socket
|
||||
* \param client_ctx Will contain the connected client socket
|
||||
* \param client_ip Will contain the client IP address
|
||||
* \param buf_size Size of the client_ip buffer
|
||||
* \param ip_len Will receive the size of the client IP written
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_NET_ACCEPT_FAILED, or
|
||||
* MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
|
||||
* non-blocking and accept() would block.
|
||||
*/
|
||||
int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
|
||||
mbedtls_net_context *client_ctx,
|
||||
void *client_ip, size_t buf_size, size_t *ip_len );
|
||||
|
||||
/**
|
||||
* \brief Set the socket blocking
|
||||
*
|
||||
* \param ctx Socket to set
|
||||
*
|
||||
* \return 0 if successful, or a non-zero error code
|
||||
*/
|
||||
int mbedtls_net_set_block( mbedtls_net_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Set the socket non-blocking
|
||||
*
|
||||
* \param ctx Socket to set
|
||||
*
|
||||
* \return 0 if successful, or a non-zero error code
|
||||
*/
|
||||
int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Portable usleep helper
|
||||
*
|
||||
* \param usec Amount of microseconds to sleep
|
||||
*
|
||||
* \note Real amount of time slept will not be less than
|
||||
* select()'s timeout granularity (typically, 10ms).
|
||||
*/
|
||||
void mbedtls_net_usleep( unsigned long usec );
|
||||
|
||||
/**
|
||||
* \brief Read at most 'len' characters. If no error occurs,
|
||||
* the actual amount read is returned.
|
||||
*
|
||||
* \param ctx Socket
|
||||
* \param buf The buffer to write to
|
||||
* \param len Maximum length of the buffer
|
||||
*
|
||||
* \return the number of bytes received,
|
||||
* or a non-zero error code; with a non-blocking socket,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
|
||||
*/
|
||||
int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Write at most 'len' characters. If no error occurs,
|
||||
* the actual amount read is returned.
|
||||
*
|
||||
* \param ctx Socket
|
||||
* \param buf The buffer to read from
|
||||
* \param len The length of the buffer
|
||||
*
|
||||
* \return the number of bytes sent,
|
||||
* or a non-zero error code; with a non-blocking socket,
|
||||
* MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
|
||||
*/
|
||||
int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Read at most 'len' characters, blocking for at most
|
||||
* 'timeout' seconds. If no error occurs, the actual amount
|
||||
* read is returned.
|
||||
*
|
||||
* \param ctx Socket
|
||||
* \param buf The buffer to write to
|
||||
* \param len Maximum length of the buffer
|
||||
* \param timeout Maximum number of milliseconds to wait for data
|
||||
* 0 means no timeout (wait forever)
|
||||
*
|
||||
* \return the number of bytes received,
|
||||
* or a non-zero error code:
|
||||
* MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
|
||||
*
|
||||
* \note This function will block (until data becomes available or
|
||||
* timeout is reached) even if the socket is set to
|
||||
* non-blocking. Handling timeouts with non-blocking reads
|
||||
* requires a different strategy.
|
||||
*/
|
||||
int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
|
||||
uint32_t timeout );
|
||||
|
||||
/**
|
||||
* \brief Gracefully shutdown the connection and free associated data
|
||||
*
|
||||
* \param ctx The context to free
|
||||
*/
|
||||
void mbedtls_net_free( mbedtls_net_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* net_sockets.h */
|
||||
351
Living_SDK/security/include/itls/platform.h
Normal file
351
Living_SDK/security/include/itls/platform.h
Normal file
|
|
@ -0,0 +1,351 @@
|
|||
/**
|
||||
* \file platform.h
|
||||
*
|
||||
* \brief mbed TLS Platform abstraction layer
|
||||
*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_H
|
||||
#define MBEDTLS_PLATFORM_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_ALT)
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include "itls/platform_time.h"
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them on the compiler command line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
|
||||
#if defined(_WIN32)
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< Default snprintf to use */
|
||||
#else
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use */
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
|
||||
#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
|
||||
#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
|
||||
#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_FREE)
|
||||
#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_TIME)
|
||||
#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< Default exit value to use */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< Default exit value to use */
|
||||
#endif
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
|
||||
#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
|
||||
#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
|
||||
#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
|
||||
#endif
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
|
||||
#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
|
||||
#include MBEDTLS_PLATFORM_STD_MEM_HDR
|
||||
#endif
|
||||
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
|
||||
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
/*
|
||||
* The function pointers for calloc and free
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_MEMORY)
|
||||
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
|
||||
defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
|
||||
#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
|
||||
#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
|
||||
#else
|
||||
/* For size_t */
|
||||
#include <stddef.h>
|
||||
extern void * (*mbedtls_calloc)( size_t n, size_t size );
|
||||
extern void (*mbedtls_free)( void *ptr );
|
||||
|
||||
/**
|
||||
* \brief Set your own memory implementation function pointers
|
||||
*
|
||||
* \param calloc_func the calloc function implementation
|
||||
* \param free_func the free function implementation
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
|
||||
void (*free_func)( void * ) );
|
||||
#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
|
||||
#else /* !MBEDTLS_PLATFORM_MEMORY */
|
||||
#define mbedtls_free free
|
||||
#define mbedtls_calloc calloc
|
||||
#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
|
||||
|
||||
/*
|
||||
* The function pointers for fprintf
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
|
||||
/* We need FILE * */
|
||||
#include <stdio.h>
|
||||
extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief Set your own fprintf function pointer
|
||||
*
|
||||
* \param fprintf_func the fprintf function implementation
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
|
||||
... ) );
|
||||
#else
|
||||
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
|
||||
#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
|
||||
#else
|
||||
#define mbedtls_fprintf fprintf
|
||||
#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
|
||||
|
||||
/*
|
||||
* The function pointers for printf
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
|
||||
extern int (*mbedtls_printf)( const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief Set your own printf function pointer
|
||||
*
|
||||
* \param printf_func the printf function implementation
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
|
||||
#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
|
||||
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
|
||||
#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
|
||||
#else
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
|
||||
|
||||
/*
|
||||
* The function pointers for snprintf
|
||||
*
|
||||
* The snprintf implementation should conform to C99:
|
||||
* - it *must* always correctly zero-terminate the buffer
|
||||
* (except when n == 0, then it must leave the buffer untouched)
|
||||
* - however it is acceptable to return -1 instead of the required length when
|
||||
* the destination buffer is too short.
|
||||
*/
|
||||
#if defined(_WIN32)
|
||||
/* For Windows (inc. MSYS2), we provide our own fixed implementation */
|
||||
int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
|
||||
extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
|
||||
|
||||
/**
|
||||
* \brief Set your own snprintf function pointer
|
||||
*
|
||||
* \param snprintf_func the snprintf function implementation
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
|
||||
const char * format, ... ) );
|
||||
#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
|
||||
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
||||
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
|
||||
#else
|
||||
#define mbedtls_snprintf snprintf
|
||||
#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
|
||||
|
||||
/*
|
||||
* The function pointers for exit
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
|
||||
extern void (*mbedtls_exit)( int status );
|
||||
|
||||
/**
|
||||
* \brief Set your own exit function pointer
|
||||
*
|
||||
* \param exit_func the exit function implementation
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
|
||||
#else
|
||||
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
|
||||
#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
|
||||
#else
|
||||
#define mbedtls_exit exit
|
||||
#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
|
||||
|
||||
/*
|
||||
* The default exit values
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
|
||||
#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
|
||||
#else
|
||||
#define MBEDTLS_EXIT_SUCCESS 0
|
||||
#endif
|
||||
#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
|
||||
#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
|
||||
#else
|
||||
#define MBEDTLS_EXIT_FAILURE 1
|
||||
#endif
|
||||
|
||||
/*
|
||||
* The function pointers for reading from and writing a seed file to
|
||||
* Non-Volatile storage (NV) in a platform-independent way
|
||||
*
|
||||
* Only enabled when the NV seed entropy source is enabled
|
||||
*/
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
|
||||
/* Internal standard platform definitions */
|
||||
int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
|
||||
int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
|
||||
extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
|
||||
extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
|
||||
|
||||
/**
|
||||
* \brief Set your own seed file writing/reading functions
|
||||
*
|
||||
* \param nv_seed_read_func the seed reading function implementation
|
||||
* \param nv_seed_write_func the seed writing function implementation
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_platform_set_nv_seed(
|
||||
int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
|
||||
int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
|
||||
);
|
||||
#else
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
|
||||
defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
|
||||
#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
|
||||
#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
|
||||
#else
|
||||
#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
|
||||
#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
|
||||
#endif
|
||||
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
|
||||
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
|
||||
|
||||
/**
|
||||
* \brief Platform context structure
|
||||
*
|
||||
* \note This structure may be used to assist platform-specific
|
||||
* setup/teardown operations.
|
||||
*/
|
||||
typedef struct {
|
||||
char dummy; /**< Placeholder member as empty structs are not portable */
|
||||
}
|
||||
mbedtls_platform_context;
|
||||
|
||||
#else
|
||||
#include "platform_alt.h"
|
||||
#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
|
||||
|
||||
/**
|
||||
* \brief Perform any platform initialisation operations
|
||||
*
|
||||
* \param ctx mbed TLS context
|
||||
*
|
||||
* \return 0 if successful
|
||||
*
|
||||
* \note This function is intended to allow platform specific initialisation,
|
||||
* and should be called before any other library functions. Its
|
||||
* implementation is platform specific, and by default, unless platform
|
||||
* specific code is provided, it does nothing.
|
||||
*
|
||||
* Its use and whether its necessary to be called is dependent on the
|
||||
* platform.
|
||||
*/
|
||||
int mbedtls_platform_setup( mbedtls_platform_context *ctx );
|
||||
/**
|
||||
* \brief Perform any platform teardown operations
|
||||
*
|
||||
* \param ctx mbed TLS context
|
||||
*
|
||||
* \note This function should be called after every other mbed TLS module has
|
||||
* been correctly freed using the appropriate free function.
|
||||
* Its implementation is platform specific, and by default, unless
|
||||
* platform specific code is provided, it does nothing.
|
||||
*
|
||||
* Its use and whether its necessary to be called is dependent on the
|
||||
* platform.
|
||||
*/
|
||||
void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_PLATFORM_ALT */
|
||||
|
||||
#include "platform_alt.h"
|
||||
|
||||
#endif /* MBEDTLS_PLATFORM_ALT */
|
||||
|
||||
#endif /* platform.h */
|
||||
27
Living_SDK/security/include/itls/platform_alt.h
Normal file
27
Living_SDK/security/include/itls/platform_alt.h
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
/**
|
||||
* Copyright (C) 2018 The YunOS IoT Project. All rights reserved.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_PLATFORM_ALT_H
|
||||
#define MBEDTLS_PLATFORM_ALT_H
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define mbedtls_time time
|
||||
#define mbedtls_snprintf snprintf
|
||||
|
||||
typedef time_t mbedtls_time_t;
|
||||
|
||||
void *mbedtls_calloc( size_t n, size_t size );
|
||||
void mbedtls_free( void *ptr );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PLATFORM_ALT_H */
|
||||
137
Living_SDK/security/include/itls/sha1.h
Normal file
137
Living_SDK/security/include/itls/sha1.h
Normal file
|
|
@ -0,0 +1,137 @@
|
|||
/**
|
||||
* \file sha1.h
|
||||
*
|
||||
* \brief SHA-1 cryptographic hash function
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SHA1_H
|
||||
#define MBEDTLS_SHA1_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief SHA-1 context structure
|
||||
*/
|
||||
typedef struct {
|
||||
uint32_t total[2]; /*!< number of bytes processed */
|
||||
uint32_t state[5]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
}
|
||||
mbedtls_sha1_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize SHA-1 context
|
||||
*
|
||||
* \param ctx SHA-1 context to be initialized
|
||||
*/
|
||||
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear SHA-1 context
|
||||
*
|
||||
* \param ctx SHA-1 context to be cleared
|
||||
*/
|
||||
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) a SHA-1 context
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*/
|
||||
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
||||
const mbedtls_sha1_context *src );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*/
|
||||
void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process buffer
|
||||
*
|
||||
* \param ctx SHA-1 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 final digest
|
||||
*
|
||||
* \param ctx SHA-1 context
|
||||
* \param output SHA-1 checksum result
|
||||
*/
|
||||
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_SHA1_ALT */
|
||||
#include "sha1_alt.h"
|
||||
#endif /* MBEDTLS_SHA1_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
/**
|
||||
* \brief Output = SHA-1( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output SHA-1 checksum result
|
||||
*/
|
||||
void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
|
||||
#endif /* MBEDTLS_SHA1_ALT */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_sha1_self_test( int verbose );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* mbedtls_sha1.h */
|
||||
36
Living_SDK/security/include/itls/sha1_alt.h
Normal file
36
Living_SDK/security/include/itls/sha1_alt.h
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
/**
|
||||
* Copyright (C) 2018 The YunOS IoT Project. All rights reserved.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_SHA1_ALT_H
|
||||
#define MBEDTLS_SHA1_ALT_H
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct {
|
||||
size_t size;
|
||||
void *ali_ctx;
|
||||
} mbedtls_sha1_context;
|
||||
|
||||
void mbedtls_sha1_init_alt(mbedtls_sha1_context *ctx);
|
||||
void mbedtls_sha1_free_alt(mbedtls_sha1_context *ctx);
|
||||
|
||||
void mbedtls_sha1_clone_alt(mbedtls_sha1_context *dst,
|
||||
const mbedtls_sha1_context *src);
|
||||
|
||||
void mbedtls_sha1_starts_alt(mbedtls_sha1_context *ctx);
|
||||
void mbedtls_sha1_update_alt(mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen);
|
||||
void mbedtls_sha1_finish_alt(mbedtls_sha1_context *ctx, unsigned char output[20]);
|
||||
|
||||
void mbedtls_sha1_alt( const unsigned char *input, size_t ilen, unsigned char output[20] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_SHA1_ALT_H */
|
||||
142
Living_SDK/security/include/itls/sha256.h
Normal file
142
Living_SDK/security/include/itls/sha256.h
Normal file
|
|
@ -0,0 +1,142 @@
|
|||
/**
|
||||
* \file sha256.h
|
||||
*
|
||||
* \brief SHA-224 and SHA-256 cryptographic hash function
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SHA256_H
|
||||
#define MBEDTLS_SHA256_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief SHA-256 context structure
|
||||
*/
|
||||
typedef struct {
|
||||
uint32_t total[2]; /*!< number of bytes processed */
|
||||
uint32_t state[8]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
int is224; /*!< 0 => SHA-256, else SHA-224 */
|
||||
}
|
||||
mbedtls_sha256_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize SHA-256 context
|
||||
*
|
||||
* \param ctx SHA-256 context to be initialized
|
||||
*/
|
||||
void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clear SHA-256 context
|
||||
*
|
||||
* \param ctx SHA-256 context to be cleared
|
||||
*/
|
||||
void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Clone (the state of) a SHA-256 context
|
||||
*
|
||||
* \param dst The destination context
|
||||
* \param src The context to be cloned
|
||||
*/
|
||||
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
const mbedtls_sha256_context *src );
|
||||
|
||||
/**
|
||||
* \brief SHA-256 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
* \param is224 0 = use SHA256, 1 = use SHA224
|
||||
*/
|
||||
void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
|
||||
|
||||
/**
|
||||
* \brief SHA-256 process buffer
|
||||
*
|
||||
* \param ctx SHA-256 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief SHA-256 final digest
|
||||
*
|
||||
* \param ctx SHA-256 context
|
||||
* \param output SHA-224/256 checksum result
|
||||
*/
|
||||
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] );
|
||||
|
||||
/* Internal use */
|
||||
void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_SHA256_ALT */
|
||||
#include "sha256_alt.h"
|
||||
#endif /* MBEDTLS_SHA256_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
/**
|
||||
* \brief Output = SHA-256( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output SHA-224/256 checksum result
|
||||
* \param is224 0 = use SHA256, 1 = use SHA224
|
||||
*/
|
||||
void mbedtls_sha256( const unsigned char *input, size_t ilen,
|
||||
unsigned char output[32], int is224 );
|
||||
#endif /* MBEDTLS_SHA256_ALT */
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_sha256_self_test( int verbose );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* mbedtls_sha256.h */
|
||||
36
Living_SDK/security/include/itls/sha256_alt.h
Normal file
36
Living_SDK/security/include/itls/sha256_alt.h
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
/**
|
||||
* Copyright (C) 2018 The YunOS IoT Project. All rights reserved.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_SHA256_ALT_H
|
||||
#define MBEDTLS_SHA256_ALT_H
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct {
|
||||
size_t size;
|
||||
void *ali_ctx;
|
||||
} mbedtls_sha256_context;
|
||||
|
||||
void mbedtls_sha256_init_alt(mbedtls_sha256_context *ctx);
|
||||
void mbedtls_sha256_free_alt(mbedtls_sha256_context *ctx);
|
||||
|
||||
void mbedtls_sha256_clone_alt(mbedtls_sha256_context *dst,
|
||||
const mbedtls_sha256_context *src);
|
||||
|
||||
void mbedtls_sha256_starts_alt(mbedtls_sha256_context *ctx, int is224);
|
||||
void mbedtls_sha256_update_alt(mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen);
|
||||
void mbedtls_sha256_finish_alt(mbedtls_sha256_context *ctx, unsigned char output[32]);
|
||||
|
||||
void mbedtls_sha256_alt(const unsigned char *input, size_t ilen, unsigned char output[32], int is224);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_SHA256_ALT_H */
|
||||
2698
Living_SDK/security/include/itls/ssl.h
Normal file
2698
Living_SDK/security/include/itls/ssl.h
Normal file
File diff suppressed because it is too large
Load diff
494
Living_SDK/security/include/itls/ssl_ciphersuites.h
Normal file
494
Living_SDK/security/include/itls/ssl_ciphersuites.h
Normal file
|
|
@ -0,0 +1,494 @@
|
|||
/**
|
||||
* \file ssl_ciphersuites.h
|
||||
*
|
||||
* \brief SSL Ciphersuites for mbed TLS
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SSL_CIPHERSUITES_H
|
||||
#define MBEDTLS_SSL_CIPHERSUITES_H
|
||||
|
||||
#include "cipher.h"
|
||||
#include "md.h"
|
||||
|
||||
#if defined(MBEDTLS_PK_C)
|
||||
#include "pk.h"
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Supported ciphersuites (Official IANA names)
|
||||
*/
|
||||
#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
|
||||
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04
|
||||
#define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05
|
||||
#define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
|
||||
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
|
||||
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
|
||||
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A
|
||||
#define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
|
||||
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
|
||||
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
|
||||
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */
|
||||
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */
|
||||
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 /**< Weak! */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 /**< Weak! */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 /**< Not in SSL3! */
|
||||
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */
|
||||
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F /**< Not in SSL3! */
|
||||
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /**< Not in SSL3! */
|
||||
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */
|
||||
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 /**< Not in SSL3! */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
|
||||
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */
|
||||
/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
|
||||
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */
|
||||
|
||||
#define MBEDTLS_TLS_ID2_WITH_AES_128_CBC_SHA 0xD001
|
||||
#define MBEDTLS_TLS_ID2_WITH_AES_256_CBC_SHA 0xD002
|
||||
#define MBEDTLS_TLS_ID2_WITH_AES_128_CBC_SHA256 0xD003
|
||||
#define MBEDTLS_TLS_ID2_WITH_AES_256_CBC_SHA256 0xD004
|
||||
|
||||
/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
|
||||
* Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_KEY_EXCHANGE_NONE = 0,
|
||||
MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE,
|
||||
MBEDTLS_KEY_EXCHANGE_ID2 = 0xF,
|
||||
} mbedtls_key_exchange_type_t;
|
||||
|
||||
/* Key exchanges using a certificate */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges allowing client certificate requests */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges involving server signature in ServerKeyExchange */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges using ECDH */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges that don't involve ephemeral keys */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges that involve ephemeral keys */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges using a PSK */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges using DHE */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges using ECDHE */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
|
||||
#endif
|
||||
|
||||
typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
|
||||
|
||||
#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
|
||||
#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag,
|
||||
eg for CCM_8 */
|
||||
#define MBEDTLS_CIPHERSUITE_NODTLS 0x04 /**< Can't be used with DTLS */
|
||||
|
||||
/**
|
||||
* \brief This structure is used for storing ciphersuite information
|
||||
*/
|
||||
struct mbedtls_ssl_ciphersuite_t
|
||||
{
|
||||
int id;
|
||||
const char * name;
|
||||
|
||||
mbedtls_cipher_type_t cipher;
|
||||
mbedtls_md_type_t mac;
|
||||
mbedtls_key_exchange_type_t key_exchange;
|
||||
|
||||
int min_major_ver;
|
||||
int min_minor_ver;
|
||||
int max_major_ver;
|
||||
int max_minor_ver;
|
||||
|
||||
unsigned char flags;
|
||||
};
|
||||
|
||||
const int *mbedtls_ssl_list_ciphersuites( void );
|
||||
|
||||
const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
|
||||
const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
|
||||
|
||||
#if defined(MBEDTLS_PK_C)
|
||||
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
|
||||
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info );
|
||||
#endif
|
||||
|
||||
int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
|
||||
int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
{
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
|
||||
return( 1 );
|
||||
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
{
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_PSK:
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
|
||||
return( 1 );
|
||||
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
{
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
|
||||
return( 1 );
|
||||
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
|
||||
|
||||
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
{
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||
return( 1 );
|
||||
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
{
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
|
||||
return( 1 );
|
||||
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
{
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
|
||||
return( 1 );
|
||||
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
{
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||
return( 1 );
|
||||
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* ssl_ciphersuites.h */
|
||||
626
Living_SDK/security/include/itls/ssl_internal.h
Normal file
626
Living_SDK/security/include/itls/ssl_internal.h
Normal file
|
|
@ -0,0 +1,626 @@
|
|||
/**
|
||||
* \file ssl_ticket.h
|
||||
*
|
||||
* \brief Internal functions shared by the SSL modules
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_SSL_INTERNAL_H
|
||||
#define MBEDTLS_SSL_INTERNAL_H
|
||||
|
||||
#include "ssl.h"
|
||||
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#include "md5.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#include "sha1.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#include "sha256.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#include "sha512.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#include "ecjpake.h"
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/* Determine minimum supported version */
|
||||
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
||||
/* Determine maximum supported version */
|
||||
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
|
||||
#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
|
||||
#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
|
||||
#define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
|
||||
|
||||
/*
|
||||
* DTLS retransmission states, see RFC 6347 4.2.4
|
||||
*
|
||||
* The SENDING state is merged in PREPARING for initial sends,
|
||||
* but is distinct for resends.
|
||||
*
|
||||
* Note: initial state is wrong for server, but is not used anyway.
|
||||
*/
|
||||
#define MBEDTLS_SSL_RETRANS_PREPARING 0
|
||||
#define MBEDTLS_SSL_RETRANS_SENDING 1
|
||||
#define MBEDTLS_SSL_RETRANS_WAITING 2
|
||||
#define MBEDTLS_SSL_RETRANS_FINISHED 3
|
||||
|
||||
/*
|
||||
* Allow extra bytes for record, authentication and encryption overhead:
|
||||
* counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
|
||||
* and allow for a maximum of 1024 of compression expansion if
|
||||
* enabled.
|
||||
*/
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
#define MBEDTLS_SSL_COMPRESSION_ADD 1024
|
||||
#else
|
||||
#define MBEDTLS_SSL_COMPRESSION_ADD 0
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
/* Ciphersuites using HMAC */
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
|
||||
#elif defined(MBEDTLS_SHA256_C)
|
||||
#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
|
||||
#else
|
||||
#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
|
||||
#endif
|
||||
#else
|
||||
/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
|
||||
#define MBEDTLS_SSL_MAC_ADD 16
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
#if defined(MBEDTLS_SSL_PROTO_ITLS)
|
||||
#define MBEDTLS_SSL_PADDING_ADD 32
|
||||
#else /* MBEDTLS_SSL_PROTO_ITLS */
|
||||
#define MBEDTLS_SSL_PADDING_ADD 256
|
||||
#endif /* MBEDTLS_SSL_PROTO_ITLS */
|
||||
#else
|
||||
#define MBEDTLS_SSL_PADDING_ADD 0
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \
|
||||
+ MBEDTLS_SSL_COMPRESSION_ADD \
|
||||
+ 29 /* counter + header + IV */ \
|
||||
+ MBEDTLS_SSL_MAC_ADD \
|
||||
+ MBEDTLS_SSL_PADDING_ADD \
|
||||
)
|
||||
|
||||
/*
|
||||
* TLS extension flags (for extensions with outgoing ServerHello content
|
||||
* that need it (e.g. for RENEGOTIATION_INFO the server already knows because
|
||||
* of state of the renegotiation flag, so no indicator is required)
|
||||
*/
|
||||
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
|
||||
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
/*
|
||||
* Abstraction for a grid of allowed signature-hash-algorithm pairs.
|
||||
*/
|
||||
struct mbedtls_ssl_sig_hash_set_t
|
||||
{
|
||||
/* At the moment, we only need to remember a single suitable
|
||||
* hash algorithm per signature algorithm. As long as that's
|
||||
* the case - and we don't need a general lookup function -
|
||||
* we can implement the sig-hash-set as a map from signatures
|
||||
* to hash algorithms. */
|
||||
mbedtls_md_type_t rsa;
|
||||
mbedtls_md_type_t ecdsa;
|
||||
};
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
/*
|
||||
* This structure contains the parameters only needed during handshake.
|
||||
*/
|
||||
struct mbedtls_ssl_handshake_params
|
||||
{
|
||||
/*
|
||||
* Handshake specific crypto variables
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
|
||||
#endif
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */
|
||||
size_t ecjpake_cache_len; /*!< Length of cached data */
|
||||
#endif
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
unsigned char *psk; /*!< PSK from the callback */
|
||||
size_t psk_len; /*!< Length of PSK from callback */
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
int sni_authmode; /*!< authmode from SNI callback */
|
||||
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
||||
mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
|
||||
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
|
||||
unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
|
||||
|
||||
unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
|
||||
Srv: unused */
|
||||
unsigned char verify_cookie_len; /*!< Cli: cookie length
|
||||
Srv: flag for sending a cookie */
|
||||
|
||||
unsigned char *hs_msg; /*!< Reassembled handshake message */
|
||||
|
||||
uint32_t retransmit_timeout; /*!< Current value of timeout */
|
||||
unsigned char retransmit_state; /*!< Retransmission state */
|
||||
mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
|
||||
mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
|
||||
unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
|
||||
flight being received */
|
||||
mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
|
||||
resending messages */
|
||||
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
|
||||
for resending messages */
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
#if defined(MBEDTLS_SSL_PROTO_ITLS)
|
||||
unsigned char *challenge; /*!< Cli: HelloVerifyRequest challenge */
|
||||
unsigned int challenge_len; /*!< Cli: challenge length */
|
||||
unsigned int key_otp; /*!< Cli: key otp needed or not */
|
||||
#endif /* MBEDTLS_SSL_PROTO_ITLS */
|
||||
|
||||
/*
|
||||
* Checksum contexts
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_context fin_md5;
|
||||
mbedtls_sha1_context fin_sha1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
mbedtls_sha256_context fin_sha256;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
mbedtls_sha512_context fin_sha512;
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
|
||||
void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
|
||||
void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
|
||||
int (*tls_prf)(const unsigned char *, size_t, const char *,
|
||||
const unsigned char *, size_t,
|
||||
unsigned char *, size_t);
|
||||
|
||||
size_t pmslen; /*!< premaster length */
|
||||
|
||||
unsigned char randbytes[64]; /*!< random bytes */
|
||||
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
||||
/*!< premaster secret */
|
||||
|
||||
int resume; /*!< session resume indicator*/
|
||||
int max_major_ver; /*!< max. major version client*/
|
||||
int max_minor_ver; /*!< max. minor version client*/
|
||||
int cli_exts; /*!< client extension presence*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
int new_session_ticket; /*!< use NewSessionTicket? */
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
int extended_ms; /*!< use Extended Master Secret? */
|
||||
#endif
|
||||
};
|
||||
|
||||
/*
|
||||
* This structure contains a full set of runtime transform parameters
|
||||
* either in negotiation or active.
|
||||
*/
|
||||
struct mbedtls_ssl_transform
|
||||
{
|
||||
/*
|
||||
* Session specific crypto layer
|
||||
*/
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
/*!< Chosen cipersuite_info */
|
||||
unsigned int keylen; /*!< symmetric key length (bytes) */
|
||||
size_t minlen; /*!< min. ciphertext length */
|
||||
size_t ivlen; /*!< IV length */
|
||||
size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
|
||||
size_t maclen; /*!< MAC length */
|
||||
|
||||
unsigned char iv_enc[16]; /*!< IV (encryption) */
|
||||
unsigned char iv_dec[16]; /*!< IV (decryption) */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
/* Needed only for SSL v3.0 secret */
|
||||
unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
|
||||
unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
||||
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
|
||||
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
|
||||
|
||||
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
|
||||
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
|
||||
|
||||
/*
|
||||
* Session specific compression layer
|
||||
*/
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
z_stream ctx_deflate; /*!< compression context */
|
||||
z_stream ctx_inflate; /*!< decompression context */
|
||||
#endif
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/*
|
||||
* List of certificate + private key pairs
|
||||
*/
|
||||
struct mbedtls_ssl_key_cert
|
||||
{
|
||||
mbedtls_x509_crt *cert; /*!< cert */
|
||||
mbedtls_pk_context *key; /*!< private key */
|
||||
mbedtls_ssl_key_cert *next; /*!< next key/cert pair */
|
||||
};
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
/*
|
||||
* List of handshake messages kept around for resending
|
||||
*/
|
||||
struct mbedtls_ssl_flight_item
|
||||
{
|
||||
unsigned char *p; /*!< message, including handshake headers */
|
||||
size_t len; /*!< length of p */
|
||||
unsigned char type; /*!< type of the message: handshake or CCS */
|
||||
mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */
|
||||
};
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
|
||||
/* Find an entry in a signature-hash set matching a given hash algorithm. */
|
||||
mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
|
||||
mbedtls_pk_type_t sig_alg );
|
||||
/* Add a signature-hash-pair to a signature-hash set */
|
||||
void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
|
||||
mbedtls_pk_type_t sig_alg,
|
||||
mbedtls_md_type_t md_alg );
|
||||
/* Allow exactly one hash algorithm for each signature. */
|
||||
void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
|
||||
mbedtls_md_type_t md_alg );
|
||||
|
||||
/* Setup an empty signature-hash set */
|
||||
static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set )
|
||||
{
|
||||
mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
/**
|
||||
* \brief Free referenced items in an SSL transform context and clear
|
||||
* memory
|
||||
*
|
||||
* \param transform SSL transform context
|
||||
*/
|
||||
void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
|
||||
|
||||
/**
|
||||
* \brief Free referenced items in an SSL handshake context and clear
|
||||
* memory
|
||||
*
|
||||
* \param handshake SSL handshake context
|
||||
*/
|
||||
void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
|
||||
|
||||
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
|
||||
|
||||
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
|
||||
|
||||
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
|
||||
|
||||
int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Update record layer
|
||||
*
|
||||
* This function roughly separates the implementation
|
||||
* of the logic of (D)TLS from the implementation
|
||||
* of the secure transport.
|
||||
*
|
||||
* \param ssl SSL context to use
|
||||
*
|
||||
* \return 0 or non-zero error code.
|
||||
*
|
||||
* \note A clarification on what is called 'record layer' here
|
||||
* is in order, as many sensible definitions are possible:
|
||||
*
|
||||
* The record layer takes as input an untrusted underlying
|
||||
* transport (stream or datagram) and transforms it into
|
||||
* a serially multiplexed, secure transport, which
|
||||
* conceptually provides the following:
|
||||
*
|
||||
* (1) Three datagram based, content-agnostic transports
|
||||
* for handshake, alert and CCS messages.
|
||||
* (2) One stream- or datagram-based transport
|
||||
* for application data.
|
||||
* (3) Functionality for changing the underlying transform
|
||||
* securing the contents.
|
||||
*
|
||||
* The interface to this functionality is given as follows:
|
||||
*
|
||||
* a Updating
|
||||
* [Currently implemented by mbedtls_ssl_read_record]
|
||||
*
|
||||
* Check if and on which of the four 'ports' data is pending:
|
||||
* Nothing, a controlling datagram of type (1), or application
|
||||
* data (2). In any case data is present, internal buffers
|
||||
* provide access to the data for the user to process it.
|
||||
* Consumption of type (1) datagrams is done automatically
|
||||
* on the next update, invalidating that the internal buffers
|
||||
* for previous datagrams, while consumption of application
|
||||
* data (2) is user-controlled.
|
||||
*
|
||||
* b Reading of application data
|
||||
* [Currently manual adaption of ssl->in_offt pointer]
|
||||
*
|
||||
* As mentioned in the last paragraph, consumption of data
|
||||
* is different from the automatic consumption of control
|
||||
* datagrams (1) because application data is treated as a stream.
|
||||
*
|
||||
* c Tracking availability of application data
|
||||
* [Currently manually through decreasing ssl->in_msglen]
|
||||
*
|
||||
* For efficiency and to retain datagram semantics for
|
||||
* application data in case of DTLS, the record layer
|
||||
* provides functionality for checking how much application
|
||||
* data is still available in the internal buffer.
|
||||
*
|
||||
* d Changing the transformation securing the communication.
|
||||
*
|
||||
* Given an opaque implementation of the record layer in the
|
||||
* above sense, it should be possible to implement the logic
|
||||
* of (D)TLS on top of it without the need to know anything
|
||||
* about the record layer's internals. This is done e.g.
|
||||
* in all the handshake handling functions, and in the
|
||||
* application data reading function mbedtls_ssl_read.
|
||||
*
|
||||
* \note The above tries to give a conceptual picture of the
|
||||
* record layer, but the current implementation deviates
|
||||
* from it in some places. For example, our implementation of
|
||||
* the update functionality through mbedtls_ssl_read_record
|
||||
* discards datagrams depending on the current state, which
|
||||
* wouldn't fall under the record layer's responsibility
|
||||
* following the above definition.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
||||
|
||||
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
|
||||
|
||||
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
|
||||
|
||||
int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
|
||||
|
||||
int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
|
||||
|
||||
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_C)
|
||||
unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
|
||||
unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
|
||||
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
|
||||
#endif
|
||||
|
||||
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
|
||||
unsigned char mbedtls_ssl_hash_from_md_alg( int md );
|
||||
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
||||
mbedtls_md_type_t md );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_key_cert *key_cert;
|
||||
|
||||
if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
|
||||
key_cert = ssl->handshake->key_cert;
|
||||
else
|
||||
key_cert = ssl->conf->key_cert;
|
||||
|
||||
return( key_cert == NULL ? NULL : key_cert->key );
|
||||
}
|
||||
|
||||
static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ssl_key_cert *key_cert;
|
||||
|
||||
if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
|
||||
key_cert = ssl->handshake->key_cert;
|
||||
else
|
||||
key_cert = ssl->conf->key_cert;
|
||||
|
||||
return( key_cert == NULL ? NULL : key_cert->cert );
|
||||
}
|
||||
|
||||
/*
|
||||
* Check usage of a certificate wrt extensions:
|
||||
* keyUsage, extendedKeyUsage (later), and nSCertType (later).
|
||||
*
|
||||
* Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
|
||||
* check a cert we received from them)!
|
||||
*
|
||||
* Return 0 if everything is OK, -1 if not.
|
||||
*/
|
||||
int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite,
|
||||
int cert_endpoint,
|
||||
uint32_t *flags );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
void mbedtls_ssl_write_version( int major, int minor, int transport,
|
||||
unsigned char ver[2] );
|
||||
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
||||
const unsigned char ver[2] );
|
||||
|
||||
static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
return( 13 );
|
||||
#else
|
||||
((void) ssl);
|
||||
#endif
|
||||
return( 5 );
|
||||
}
|
||||
|
||||
static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
return( 12 );
|
||||
#else
|
||||
((void) ssl);
|
||||
#endif
|
||||
return( 4 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
|
||||
#endif
|
||||
|
||||
/* Visible for testing purposes only */
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
|
||||
#endif
|
||||
|
||||
/* constant-time buffer comparison */
|
||||
static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
|
||||
{
|
||||
size_t i;
|
||||
const unsigned char *A = (const unsigned char *) a;
|
||||
const unsigned char *B = (const unsigned char *) b;
|
||||
unsigned char diff = 0;
|
||||
|
||||
for( i = 0; i < n; i++ )
|
||||
diff |= A[i] ^ B[i];
|
||||
|
||||
return( diff );
|
||||
}
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* ssl_internal.h */
|
||||
106
Living_SDK/security/include/itls/threading.h
Normal file
106
Living_SDK/security/include/itls/threading.h
Normal file
|
|
@ -0,0 +1,106 @@
|
|||
/**
|
||||
* \file threading.h
|
||||
*
|
||||
* \brief Threading abstraction layer
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_THREADING_H
|
||||
#define MBEDTLS_THREADING_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE -0x001A /**< The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E /**< Locking / unlocking / free failed with error code. */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
#include <pthread.h>
|
||||
typedef struct
|
||||
{
|
||||
pthread_mutex_t mutex;
|
||||
char is_valid;
|
||||
} mbedtls_threading_mutex_t;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_ALT)
|
||||
/* You should define the mbedtls_threading_mutex_t type in your header */
|
||||
#include "threading_alt.h"
|
||||
|
||||
/**
|
||||
* \brief Set your alternate threading implementation function
|
||||
* pointers and initialize global mutexes. If used, this
|
||||
* function must be called once in the main thread before any
|
||||
* other mbed TLS function is called, and
|
||||
* mbedtls_threading_free_alt() must be called once in the main
|
||||
* thread after all other mbed TLS functions.
|
||||
*
|
||||
* \note mutex_init() and mutex_free() don't return a status code.
|
||||
* If mutex_init() fails, it should leave its argument (the
|
||||
* mutex) in a state such that mutex_lock() will fail when
|
||||
* called with this argument.
|
||||
*
|
||||
* \param mutex_init the init function implementation
|
||||
* \param mutex_free the free function implementation
|
||||
* \param mutex_lock the lock function implementation
|
||||
* \param mutex_unlock the unlock function implementation
|
||||
*/
|
||||
void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
|
||||
void (*mutex_free)( mbedtls_threading_mutex_t * ),
|
||||
int (*mutex_lock)( mbedtls_threading_mutex_t * ),
|
||||
int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
|
||||
|
||||
/**
|
||||
* \brief Free global mutexes.
|
||||
*/
|
||||
void mbedtls_threading_free_alt( void );
|
||||
#endif /* MBEDTLS_THREADING_ALT */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/*
|
||||
* The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
|
||||
*
|
||||
* All these functions are expected to work or the result will be undefined.
|
||||
*/
|
||||
extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
|
||||
extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
|
||||
extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
|
||||
extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
|
||||
|
||||
/*
|
||||
* Global mutexes
|
||||
*/
|
||||
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
|
||||
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* threading.h */
|
||||
30
Living_SDK/security/include/itls/threading_alt.h
Normal file
30
Living_SDK/security/include/itls/threading_alt.h
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
/**
|
||||
* Copyright (C) 2017 The YunOS IoT Project. All rights reserved.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_THREADING_ALT_H
|
||||
#define MBEDTLS_THREADING_ALT_H
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <aos/kernel.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct
|
||||
{
|
||||
aos_mutex_t mutex;
|
||||
char is_valid;
|
||||
} mbedtls_threading_mutex_t;
|
||||
|
||||
void threading_mutex_init(mbedtls_threading_mutex_t *mutex);
|
||||
void threading_mutex_free(mbedtls_threading_mutex_t *mutex);
|
||||
int threading_mutex_lock(mbedtls_threading_mutex_t *mutex);
|
||||
int threading_mutex_unlock(mbedtls_threading_mutex_t *mutex);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_THREADING_ALT_H */
|
||||
141
Living_SDK/security/include/itls/timing.h
Normal file
141
Living_SDK/security/include/itls/timing.h
Normal file
|
|
@ -0,0 +1,141 @@
|
|||
/**
|
||||
* \file timing.h
|
||||
*
|
||||
* \brief Portable interface to the CPU cycle counter
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_TIMING_H
|
||||
#define MBEDTLS_TIMING_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_TIMING_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief timer structure
|
||||
*/
|
||||
struct mbedtls_timing_hr_time
|
||||
{
|
||||
unsigned char opaque[32];
|
||||
};
|
||||
|
||||
/**
|
||||
* \brief Context for mbedtls_timing_set/get_delay()
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
struct mbedtls_timing_hr_time timer;
|
||||
uint32_t int_ms;
|
||||
uint32_t fin_ms;
|
||||
} mbedtls_timing_delay_context;
|
||||
|
||||
extern volatile int mbedtls_timing_alarmed;
|
||||
|
||||
/**
|
||||
* \brief Return the CPU cycle counter value
|
||||
*
|
||||
* \warning This is only a best effort! Do not rely on this!
|
||||
* In particular, it is known to be unreliable on virtual
|
||||
* machines.
|
||||
*/
|
||||
unsigned long mbedtls_timing_hardclock( void );
|
||||
|
||||
/**
|
||||
* \brief Return the elapsed time in milliseconds
|
||||
*
|
||||
* \param val points to a timer structure
|
||||
* \param reset if set to 1, the timer is restarted
|
||||
*/
|
||||
unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
|
||||
|
||||
/**
|
||||
* \brief Setup an alarm clock
|
||||
*
|
||||
* \param seconds delay before the "mbedtls_timing_alarmed" flag is set
|
||||
*
|
||||
* \warning Only one alarm at a time is supported. In a threaded
|
||||
* context, this means one for the whole process, not one per
|
||||
* thread.
|
||||
*/
|
||||
void mbedtls_set_alarm( int seconds );
|
||||
|
||||
/**
|
||||
* \brief Set a pair of delays to watch
|
||||
* (See \c mbedtls_timing_get_delay().)
|
||||
*
|
||||
* \param data Pointer to timing data
|
||||
* Must point to a valid \c mbedtls_timing_delay_context struct.
|
||||
* \param int_ms First (intermediate) delay in milliseconds.
|
||||
* \param fin_ms Second (final) delay in milliseconds.
|
||||
* Pass 0 to cancel the current delay.
|
||||
*/
|
||||
void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
|
||||
|
||||
/**
|
||||
* \brief Get the status of delays
|
||||
* (Memory helper: number of delays passed.)
|
||||
*
|
||||
* \param data Pointer to timing data
|
||||
* Must point to a valid \c mbedtls_timing_delay_context struct.
|
||||
*
|
||||
* \return -1 if cancelled (fin_ms = 0)
|
||||
* 0 if none of the delays are passed,
|
||||
* 1 if only the intermediate delay is passed,
|
||||
* 2 if the final delay is passed.
|
||||
*/
|
||||
int mbedtls_timing_get_delay( void *data );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_TIMING_ALT */
|
||||
#include "timing_alt.h"
|
||||
#endif /* MBEDTLS_TIMING_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
*/
|
||||
int mbedtls_timing_self_test( int verbose );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* timing.h */
|
||||
18
Living_SDK/security/include/prov/prov_pro.h
Normal file
18
Living_SDK/security/include/prov/prov_pro.h
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
/**
|
||||
* Copyright (C) 2016 The YunOS Project. All rights reserved.
|
||||
*/
|
||||
|
||||
#ifndef _PROV_PRO_H_
|
||||
#define _PROV_PRO_H_
|
||||
|
||||
/*
|
||||
* provision all key to the board
|
||||
*
|
||||
* return: 0 - success
|
||||
* -1 - fail
|
||||
*/
|
||||
|
||||
int prov_all();
|
||||
|
||||
#endif /* _PROV_PRO_H_ */
|
||||
|
||||
32
Living_SDK/security/include/prov/prov_res.h
Normal file
32
Living_SDK/security/include/prov/prov_res.h
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
/**
|
||||
* Copyright (C) 2016 The YunOS Project. All rights reserved.
|
||||
*/
|
||||
|
||||
#ifndef _PROV_RES_H_
|
||||
#define _PROV_RES_H_
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
/* prov status */
|
||||
#define PROV_STAT_ABORT (0x10001000)
|
||||
#define PROV_STAT_FINISHED (0x10001001)
|
||||
|
||||
/* prov result */
|
||||
#define PROV_SUCCESS (0x00000000)
|
||||
#define PROV_ERROR_RECOVERY (0xEEEE0000)
|
||||
|
||||
/*
|
||||
* get provision result
|
||||
*
|
||||
* prov_res[out]: provision result:
|
||||
* 0x00000000 -- success
|
||||
* 0xEEEE0000 -- failed, can recovery(software failure)
|
||||
*
|
||||
* return: 0 - success
|
||||
* -1 - fail
|
||||
*
|
||||
* Notice: the prov_res is valid only if the return value is 0 */
|
||||
int prov_get_prov_res(uint32_t *prov_res);
|
||||
|
||||
#endif /* _PROV_RES_H_*/
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue