rel_1.6.0 init

This commit is contained in:
guocheng.kgc 2020-06-18 20:06:52 +08:00 committed by shengdong.dsd
commit 27b3e2883d
19359 changed files with 8093121 additions and 0 deletions

View file

@ -0,0 +1,26 @@
NAME := itls
DEBUG := no
GLOBAL_INCLUDES += ../include
$(NAME)_DEFINES += CONFIG_PLAT_AOS
ifneq ($(HOST_ARCH), ck802)
$(NAME)_DEFINES += CONFIG_KEY_OTP_ENABLED
endif
ifeq ($(DEBUG), no)
$(NAME)_PREBUILT_LIBRARY := lib/$(HOST_ARCH)/libitls.a
else
GLOBAL_DEFINES += CONFIG_SSL_DEBUG
$(NAME)_PREBUILT_LIBRARY := lib/$(HOST_ARCH)/libitls.a.dbg
endif
$(NAME)_COMPONENTS := alicrypto
$(NAME)_COMPONENTS += id2
$(NAME)_COMPONENTS += irot
$(NAME)_SOURCES := src/mbedtls_net.c
$(NAME)_SOURCES += src/mbedtls_alt.c
$(NAME)_SOURCES += src/mbedtls_auth.c

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -0,0 +1,570 @@
/**
* Copyright (C) 2017 The YunOS IoT Project. All rights reserved.
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "itls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "itls/md.h"
#include "itls/debug.h"
#include "itls/threading.h"
#include "itls/aes.h"
#include "itls/sha1.h"
#include "itls/sha256.h"
#include "itls/platform.h"
#if defined(CONFIG_PLAT_AOS)
#include <aos/kernel.h>
#endif
#if defined(MBEDTLS_AES_ALT) || defined(MBEDTLS_MD_ALT)
#include "ali_crypto.h"
#endif
#ifndef PLATFORM_ANDROID
#define MBEDTLS_ALT_PRINT(_f, _a ...) \
printf("%s %d: "_f, __FUNCTION__, __LINE__, ##_a)
#else /* PLATFORM_ANDROID */
#include <android/log.h>
#define __LOG_TAG__ "ITLS_LOG"
#define LOG_INF(...) __android_log_print( \
ANDROID_LOG_INFO, \
__LOG_TAG__, \
__VA_ARGS__)
#define MBEDTLS_ALT_PRINT(_f, _a ...) \
LOG_INF("%s %d: "_f, __FUNCTION__, __LINE__, ##_a)
#endif /* PLATFORM_ANDROID */
#define MBEDTLS_ALT_ASSERT(_x) \
do { \
if (!(_x)) { \
printf("ASSERT FAILURE:\n"); \
printf("%s (%d): %s\n", \
__FILE__, __LINE__, __FUNCTION__); \
while (1) /* loop */; \
} \
} while (0)
#if defined(MBEDTLS_AES_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n )
{
volatile unsigned char *p = v;
while ( n-- ) {
*p++ = 0;
}
}
#endif
#if defined(MBEDTLS_PLATFORM_ALT)
#if defined(CONFIG_MEM_TEST_EN)
#define MBEDTLS_MEM_INFO_MAGIC 0x12345678
static unsigned int mbedtls_mem_used = 0;
static unsigned int mbedtls_max_mem_used = 0;
typedef struct {
int magic;
int size;
} mbedtls_mem_info_t;
#endif
void *mbedtls_calloc( size_t n, size_t size )
{
void *buf;
#if defined(CONFIG_MEM_TEST_EN)
mbedtls_mem_info_t *mem_info;
#endif
if (n == 0 || size == 0) {
return NULL;
}
#if defined(CONFIG_MEM_TEST_EN)
buf = malloc(n * size + sizeof(mbedtls_mem_info_t));
if (NULL == buf) {
return NULL;
} else {
memset(buf, 0, n * size + sizeof(mbedtls_mem_info_t));
}
mem_info = (mbedtls_mem_info_t *)buf;
mem_info->magic = MBEDTLS_MEM_INFO_MAGIC;
mem_info->size = n * size;
buf += sizeof(mbedtls_mem_info_t);
mbedtls_mem_used += mem_info->size;
if (mbedtls_mem_used > mbedtls_max_mem_used) {
mbedtls_max_mem_used = mbedtls_mem_used;
}
MBEDTLS_ALT_PRINT("INFO -- itls malloc: 0x%x %d total used: %d max used: %d\n",
(uint32_t)buf, size, mbedtls_mem_used, mbedtls_max_mem_used);
#else
#if defined(CONFIG_PLAT_AOS)
buf = aos_malloc(n * size);
#else
buf = malloc(n * size);
#endif
if (NULL == buf) {
return NULL;
} else {
memset(buf, 0, n * size);
}
#endif
return buf;
}
void mbedtls_free( void *ptr )
{
#if defined(CONFIG_MEM_TEST_EN)
mbedtls_mem_info_t *mem_info;
#endif
if (NULL == ptr) {
return;
}
#if defined(CONFIG_MEM_TEST_EN)
mem_info = ptr - sizeof(mbedtls_mem_info_t);
if (mem_info->magic != MBEDTLS_MEM_INFO_MAGIC) {
MBEDTLS_ALT_PRINT("bad mem magic: 0x%x\n", mem_info->magic);
return;
}
mbedtls_mem_used -= mem_info->size;
MBEDTLS_ALT_PRINT("INFO -- itls free: 0x%x %d total used: %d max used: %d\n",
(uint32_t)ptr, mem_info->size, mbedtls_mem_used, mbedtls_max_mem_used);
free(mem_info);
#else
#if defined(CONFIG_PLAT_AOS)
aos_free(ptr);
#else
free(ptr);
#endif
#endif
}
#endif
#if defined(MBEDTLS_THREADING_ALT)
void threading_mutex_init(mbedtls_threading_mutex_t *mutex)
{
if (mutex == NULL || mutex->is_valid) {
return;
}
mutex->is_valid = aos_mutex_new(&mutex->mutex) == 0;
}
void threading_mutex_free(mbedtls_threading_mutex_t *mutex)
{
if (mutex == NULL || !mutex->is_valid) {
return;
}
aos_mutex_free(&mutex->mutex);
mutex->is_valid = 0;
}
int threading_mutex_lock(mbedtls_threading_mutex_t *mutex)
{
if (mutex == NULL || !mutex->is_valid) {
return ( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
}
if (aos_mutex_lock( &mutex->mutex, AOS_WAIT_FOREVER) != 0 ) {
return (MBEDTLS_ERR_THREADING_MUTEX_ERROR);
}
return 0;
}
int threading_mutex_unlock( mbedtls_threading_mutex_t *mutex )
{
if ( mutex == NULL || ! mutex->is_valid ) {
return ( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
}
if ( aos_mutex_unlock( &mutex->mutex ) != 0 ) {
return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
}
return ( 0 );
}
#endif /* MBEDTLS_THREADING_ALT */
#if defined(MBEDTLS_AES_ALT)
void mbedtls_aes_init_alt( mbedtls_aes_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
}
void mbedtls_aes_free_alt( mbedtls_aes_context *ctx )
{
if (ctx == NULL) {
return;
}
if (ctx->ali_ctx) {
mbedtls_free(ctx->ali_ctx);
}
mbedtls_zeroize(ctx, sizeof(mbedtls_aes_context));
}
int mbedtls_aes_setkey_enc_alt( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits )
{
if (ctx == NULL || key == NULL || keybits == 0) {
MBEDTLS_ALT_PRINT("invalid input args\n");
return -1;
}
if ((keybits >> 3) > 32) {
MBEDTLS_ALT_PRINT("invalid key length - %d\n", keybits >> 3);
return -1;
} else {
ctx->key_len = keybits >> 3;
memcpy(ctx->key, key, ctx->key_len);
}
return 0;
}
int mbedtls_aes_setkey_dec_alt( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits )
{
if (ctx == NULL || key == NULL || keybits == 0) {
MBEDTLS_ALT_PRINT("invalid input args\n");
return -1;
}
if ((keybits >> 3) > 32) {
MBEDTLS_ALT_PRINT("invalid key length - %d\n", keybits >> 3);
return -1;
} else {
ctx->key_len = keybits >> 3;
memcpy(ctx->key, key, ctx->key_len);
}
return 0;
}
int mbedtls_aes_crypt_ecb_alt( mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16] )
{
(void)ctx;
(void)mode;
(void)input;
(void)output;
MBEDTLS_ALT_PRINT("not support!\n");
return -1;
}
int mbedtls_aes_crypt_cbc_alt( mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output )
{
bool is_enc;
size_t ctx_size;
ali_crypto_result result;
if (ctx == NULL ||
length == 0 || input == NULL || output == NULL) {
MBEDTLS_ALT_PRINT("invalid input args\n");
return -1;
}
if (length % 16) {
MBEDTLS_ALT_PRINT("invalid input length - %d\n", (uint32_t)length);
return -1;
}
if (ctx->ali_ctx == NULL) {
result = ali_aes_get_ctx_size(AES_CBC, &ctx_size);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("get ctx size fail - 0x%x\n", result);
return -1;
}
ctx->ali_ctx = mbedtls_calloc(1, ctx_size);
if (ctx->ali_ctx == NULL) {
MBEDTLS_ALT_PRINT("mbedtls_calloc(%d) fail\n", (uint32_t)ctx_size);
return -1;
} else {
memset(ctx->ali_ctx, 0, ctx_size);
}
}
if (ctx->status == AES_STATUS_INIT) {
if (mode == MBEDTLS_AES_ENCRYPT) {
is_enc = true;
} else {
is_enc = false;
}
if (ctx->reset) {
result = ali_aes_reset(ctx->ali_ctx);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("aes reset fail - 0x%x\n", result);
return -1;
}
}
result = ali_aes_init(AES_CBC, is_enc,
ctx->key, NULL, ctx->key_len, iv, ctx->ali_ctx);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("aes init fail - 0x%x\n", result);
return -1;
} else {
ctx->reset = 1;
ctx->status = AES_STATUS_PROCESS;
}
}
result = ali_aes_process(input,
output, length, ctx->ali_ctx);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("aes process fail - 0x%x\n", result);
return -1;
}
return 0;
}
#endif /* MBEDTLS_AES_ALT */
#if defined(MBEDTLS_SHA1_ALT)
void mbedtls_sha1_init_alt(mbedtls_sha1_context *ctx)
{
memset(ctx, 0, sizeof(mbedtls_sha1_context));
}
void mbedtls_sha1_free_alt(mbedtls_sha1_context *ctx)
{
if (ctx == NULL) {
return;
}
if (ctx->ali_ctx) {
mbedtls_free(ctx->ali_ctx);
}
mbedtls_zeroize(ctx, sizeof(mbedtls_sha1_context));
}
void mbedtls_sha1_clone_alt(mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src)
{
dst->ali_ctx = mbedtls_calloc(1, src->size);
if (dst->ali_ctx == NULL) {
MBEDTLS_ALT_PRINT("mbedtls_calloc(%d) fail\n", (uint32_t)src->size);
MBEDTLS_ALT_ASSERT(0);
}
dst->size = src->size;
memcpy(dst->ali_ctx, src->ali_ctx, dst->size);
}
void mbedtls_sha1_starts_alt(mbedtls_sha1_context *ctx)
{
size_t ctx_size;
hash_type_t type = SHA1;
ali_crypto_result result;
if (NULL == ctx->ali_ctx) {
result = ali_hash_get_ctx_size(type, &ctx_size);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("get ctx size fail - 0x%x\n", result);
MBEDTLS_ALT_ASSERT(0);
}
ctx->size = ctx_size;
ctx->ali_ctx = mbedtls_calloc(1, ctx_size);
if (ctx->ali_ctx == NULL) {
MBEDTLS_ALT_PRINT("mbedtls_calloc(%d) fail\n", (uint32_t)ctx_size);
MBEDTLS_ALT_ASSERT(0);
} else {
memset(ctx->ali_ctx, 0, ctx_size);
}
}
result = ali_hash_init(type, ctx->ali_ctx);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("sha1 init fail - 0x%x\n", result);
MBEDTLS_ALT_ASSERT(0);
}
return;
}
void mbedtls_sha1_update_alt(mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen)
{
ali_crypto_result result;
result = ali_hash_update(input, ilen, ctx->ali_ctx);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("sha1 update fail - 0x%x\n", result);
MBEDTLS_ALT_ASSERT(0);
}
return;
}
void mbedtls_sha1_finish_alt(mbedtls_sha1_context *ctx, unsigned char output[20])
{
ali_crypto_result result;
result = ali_hash_final(output, ctx->ali_ctx);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("sha1 final fail - 0x%x\n", result);
MBEDTLS_ALT_ASSERT(0);
}
return;
}
void mbedtls_sha1_alt(const unsigned char *input, size_t ilen, unsigned char output[20])
{
mbedtls_sha1_context ctx;
mbedtls_sha1_init_alt( &ctx );
mbedtls_sha1_starts_alt( &ctx );
mbedtls_sha1_update_alt( &ctx, input, ilen );
mbedtls_sha1_finish_alt( &ctx, output );
mbedtls_sha1_free_alt( &ctx );
}
#endif /* MBEDTLS_SHA1_ALT */
#if defined(MBEDTLS_SHA256_ALT)
void mbedtls_sha256_init_alt(mbedtls_sha256_context *ctx)
{
memset(ctx, 0, sizeof(mbedtls_sha256_context));
}
void mbedtls_sha256_free_alt(mbedtls_sha256_context *ctx)
{
if (ctx == NULL) {
return;
}
if (ctx->ali_ctx) {
mbedtls_free(ctx->ali_ctx);
}
mbedtls_zeroize(ctx, sizeof(mbedtls_sha256_context));
}
void mbedtls_sha256_clone_alt(mbedtls_sha256_context *dst,
const mbedtls_sha256_context *src)
{
dst->ali_ctx = mbedtls_calloc(1, src->size);
if (dst->ali_ctx == NULL) {
MBEDTLS_ALT_PRINT("mbedtls_calloc(%d) fail\n", (uint32_t)src->size);
MBEDTLS_ALT_ASSERT(0);
}
dst->size = src->size;
memcpy(dst->ali_ctx, src->ali_ctx, dst->size);
}
void mbedtls_sha256_starts_alt(mbedtls_sha256_context *ctx, int is224)
{
size_t ctx_size;
hash_type_t type;
ali_crypto_result result;
if (is224 == 0) {
type = SHA256;
} else {
type = SHA224;
}
if (NULL == ctx->ali_ctx) {
result = ali_hash_get_ctx_size(type, &ctx_size);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("get ctx size fail - 0x%x\n", result);
MBEDTLS_ALT_ASSERT(0);
}
ctx->size = ctx_size;
ctx->ali_ctx = mbedtls_calloc(1, ctx_size);
if (ctx->ali_ctx == NULL) {
MBEDTLS_ALT_PRINT("mbedtls_calloc(%d) fail\n", (uint32_t)ctx_size);
MBEDTLS_ALT_ASSERT(0);
} else {
memset(ctx->ali_ctx, 0, ctx_size);
}
}
result = ali_hash_init(type, ctx->ali_ctx);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("sha256 init fail - 0x%x\n", result);
MBEDTLS_ALT_ASSERT(0);
}
return;
}
void mbedtls_sha256_update_alt(mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen)
{
ali_crypto_result result;
result = ali_hash_update(input, ilen, ctx->ali_ctx);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("sha256 update fail - 0x%x\n", result);
MBEDTLS_ALT_ASSERT(0);
}
return;
}
void mbedtls_sha256_finish_alt(mbedtls_sha256_context *ctx, unsigned char output[32])
{
ali_crypto_result result;
result = ali_hash_final(output, ctx->ali_ctx);
if (result != ALI_CRYPTO_SUCCESS) {
MBEDTLS_ALT_PRINT("sha256 final fail - 0x%x\n", result);
MBEDTLS_ALT_ASSERT(0);
}
return;
}
void mbedtls_sha256_alt(const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
{
mbedtls_sha256_context ctx;
mbedtls_sha256_init_alt( &ctx );
mbedtls_sha256_starts_alt( &ctx, is224 );
mbedtls_sha256_update_alt( &ctx, input, ilen );
mbedtls_sha256_finish_alt( &ctx, output );
mbedtls_sha256_free_alt( &ctx );
}
#endif /* MBEDTLS_SHA256_ALT */

View file

@ -0,0 +1,570 @@
/**
* Copyright (C) 2017 The YunOS IoT Project. All rights reserved.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "itls/config.h"
#include "itls/ssl.h"
#include "itls/ssl_internal.h"
#include "itls/mbedtls_auth.h"
#include "itls/debug.h"
#include "itls/platform.h"
#include "id2_client.h"
#if defined(MBEDTLS_SSL_PROTO_ITLS)
#ifndef PLATFORM_ANDROID
#define MBEDTLS_SSL_PRINT(_f, _a ...) \
printf("%s %d: "_f, __FUNCTION__, __LINE__, ##_a)
#else /* PLATFORM_ANDROID */
#include <android/log.h>
#define __LOG_TAG__ "ITLS_LOG"
#define LOG_INF(...) __android_log_print( \
ANDROID_LOG_INFO, \
__LOG_TAG__, \
__VA_ARGS__)
#define MBEDTLS_SSL_PRINT(_f, _a ...) \
LOG_INF("%s %d: "_f, __FUNCTION__, __LINE__, ##_a)
#endif /* PLATFORM_ANDROID */
#if defined(CONFIG_KEY_OTP_ENABLED)
static uint32_t otp_time = 0;
#endif
static unsigned char *mbedtls_hex_to_str(uint8_t *data, size_t len)
{
size_t i;
uint8_t lo, hi;
unsigned char *str = NULL;
str = (unsigned char *)mbedtls_calloc(1, 2 * len + 1);
if (str == NULL) {
return NULL;
}
for (i = 0; i < len; i++) {
hi = (data[i] >> 4) & 0xF;
lo = (data[i] >> 0) & 0xF;
if (hi <= 9) {
str[2*i] = hi + ('0' - 0);
} else {
str[2*i] = hi + ('A' - 10);
}
if (lo <= 9) {
str[2*i + 1] = lo + ('0' - 0);
} else {
str[2*i + 1] = lo + ('A' - 10);
}
}
str[2 * len] = '\0';
return str;
}
int mbedtls_write_auth_extra_ext(
mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen)
{
int ret = 0;
unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
unsigned char *auth_extra = buf + 4;
size_t auth_extra_len = ssl->conf->auth_extra_len;
if (end < p || (size_t)(end - p) < 4 + auth_extra_len) {
MBEDTLS_SSL_PRINT("buffer too small\n");
return -1;
}
/* if no auth extra data, exit directly */
if (ssl->conf->auth_extra == NULL || ssl->conf->auth_extra_len == 0) {
MBEDTLS_SSL_PRINT("no auth extra data\n");
*olen = 0;
return ret;
}
*p++ = (unsigned char)((MBEDTLS_TLS_EXT_AUTH_EXTRA >> 8) & 0xFF);
*p++ = (unsigned char)((MBEDTLS_TLS_EXT_AUTH_EXTRA) & 0xFF);
*p++ = (unsigned char)((auth_extra_len >> 8) & 0xFF);
*p++ = (unsigned char)((auth_extra_len) & 0xFF);
memcpy(auth_extra, ssl->conf->auth_extra, auth_extra_len);
#if defined(MBEDTLS_DEBUG_C)
MBEDTLS_SSL_DEBUG_BUF(3, "client hello, auth extra", auth_extra, auth_extra_len);
#endif
*olen = 4 + auth_extra_len;
return ret;
}
/*
* struct {
* uint32_t key_group;
* opaque key_id<0..2^8-1>;
* } Key_ID_Extension;
*/
int mbedtls_write_key_id_ext(
mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen)
{
int ret = 0;
unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
uint32_t key_group;
unsigned char *key_id = buf + 4;
uint32_t key_id_len;
#if defined(CONFIG_KEY_OTP_ENABLED)
bool is_prov;
#endif
if (end < p || (size_t)(end - p) < 8) {
MBEDTLS_SSL_PRINT("buffer too small\n");
return -1;
}
*p++ = (unsigned char)((MBEDTLS_TLS_EXT_KEY_ID >> 8) & 0xFF);
*p++ = (unsigned char)((MBEDTLS_TLS_EXT_KEY_ID) & 0xFF);
key_id_len = (uint32_t)(end - p - 8);
#if defined(MBEDTLS_SSL_PROTO_ITLS_TEST)
if (ssl->conf->type == ITLS_TEST_VALUE_KEY_GROUP)
{
MBEDTLS_SSL_PRINT("iTLS TEST - Client Hello - Invalid Key Group(0x%x)!!!\n\n", ssl->conf->key_group);
key_group = ssl->conf->key_group;
key_id[0] = (unsigned char)( ( key_group ) & 0xFF );
key_id[1] = (unsigned char)( ( key_group >> 8 ) & 0xFF );
key_id[2] = (unsigned char)( ( key_group >> 16 ) & 0xFF );
key_id[3] = (unsigned char)( ( key_group >> 24 ) & 0xFF );
}
else
#endif /* MBEDTLS_SSL_PROTO_ITLS_TEST */
{
key_group = MBEDTLS_KEY_GROUP_ALIBABA_ID2;
key_id[0] = (unsigned char)( ( key_group ) & 0xFF );
key_id[1] = (unsigned char)( ( key_group >> 8 ) & 0xFF );
key_id[2] = (unsigned char)( ( key_group >> 16 ) & 0xFF );
key_id[3] = (unsigned char)( ( key_group >> 24 ) & 0xFF );
}
#if defined(MBEDTLS_SSL_PROTO_ITLS_TEST)
if (ssl->conf->type == ITLS_TEST_DATA_KEY_ID)
{
MBEDTLS_SSL_PRINT("iTLS ABT TEST - Client Hello - Invalid Key ID!!!\n\n");
memcpy(key_id + 4, ssl->conf->key_id, ssl->conf->key_id_len);
key_id_len = ssl->conf->key_id_len;
}
else
#endif /* MBEDTLS_SSL_PROTO_ITLS_TEST */
{
#if defined(CONFIG_KEY_OTP_ENABLED)
ret = id2_client_get_prov_stat(&is_prov);
if (ret != 0) {
MBEDTLS_SSL_PRINT("id2 client get prov stat fail, %d\n", ret);
return -1;
}
if (key_id_len < ID2_ID_LEN) {
MBEDTLS_SSL_PRINT("key id short buffer, %d\n", key_id_len);
return -1;
} else {
key_id_len = ID2_ID_LEN;
}
ssl->handshake->key_otp = 0;
/* key is not provisioned, set otp flag to true */
if (!is_prov) {
MBEDTLS_SSL_PRINT("key is not provisioned, need to get key first!\n");
if (!otp_time++) {
ssl->handshake->key_otp = 1;
memset(key_id + 4, 'F', key_id_len);
} else {
MBEDTLS_SSL_PRINT("key provisioning (time:%d) exceed the allowed times!\n", otp_time);
return -1;
}
}
else
#endif /* CONFIG_KEY_OTP_ENABLED */
{
ret = id2_client_get_id(key_id + 4, &key_id_len);
if (ret != 0) {
MBEDTLS_SSL_PRINT("id2 client get id fail, %d\n", ret);
return -1;
}
}
}
if (key_id_len > MBEDTLS_KEY_ID_MAX_LEN) {
MBEDTLS_SSL_PRINT("bad key id len, %d\n", key_id_len);
return -1;
}
/* add key group length */
key_id_len += 4;
*p++ = (unsigned char)((key_id_len >> 8) & 0xFF);
*p++ = (unsigned char)((key_id_len) & 0xFF);
#if defined(MBEDTLS_DEBUG_C)
MBEDTLS_SSL_DEBUG_BUF(3, "client hello, key id", key_id, key_id_len);
#endif
*olen = 4 + key_id_len;
return ret;
}
int mbedtls_write_auth_code_ext(
mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen)
{
int ret = 0;
unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
unsigned char *auth_code = buf + 4;
uint32_t auth_code_len;
if (end < p || (size_t)(end - p) < 4) {
MBEDTLS_SSL_PRINT("buffer too small\n");
return -1;
}
*p++ = (unsigned char)((MBEDTLS_TLS_EXT_AUTH_CODE >> 8) & 0xFF);
*p++ = (unsigned char)((MBEDTLS_TLS_EXT_AUTH_CODE) & 0xFF);
auth_code_len = (uint32_t)(end - p - 4);
#if defined(CONFIG_KEY_OTP_ENABLED)
if (ssl->handshake->key_otp) {
ret = id2_client_get_otp_auth_code(
ssl->conf->auth_token, ssl->conf->auth_token_len,
auth_code, &auth_code_len);
if (ret != 0) {
MBEDTLS_SSL_PRINT("id2_clien _get_otp_auth_code fail, %d\n", ret);
return -1;
}
}
else
#endif /* CONFIG_KEY_OTP_ENABLED */
{
if (ssl->handshake->challenge != NULL &&
ssl->handshake->challenge_len != 0) {
/* challenge len is set to fixed length */
if (ssl->handshake->challenge_len != 32) {
MBEDTLS_SSL_PRINT("bad challenge len: %d", ssl->handshake->challenge_len);
return -1;
}
#if defined(MBEDTLS_SSL_PROTO_ITLS_TEST)
if (ssl->conf->type == ITLS_TEST_DATA_AUTH_CODE)
{
MBEDTLS_SSL_PRINT("iTLS ABT TEST - Client Hello - Invalid Auth Code!!!\n\n");
auth_code_len = ssl->conf->auth_code_len;
if ((uint32_t)(end - p) < 4 + auth_code_len) {
MBEDTLS_SSL_PRINT("buffer too small\n");
return -1;
}
memcpy(auth_code, ssl->conf->auth_code, auth_code_len);
}
else
#endif /* MBEDTLS_SSL_PROTO_ITLS_TEST */
{
ret = id2_client_get_challenge_auth_code(
(char *)ssl->handshake->challenge,
NULL, 0, auth_code, &auth_code_len);
if (ret != 0) {
MBEDTLS_SSL_PRINT("id2_client_get_challenge_auth_code fail, %d\n", ret);
return -1;
}
}
} else {
auth_code_len = 0;
}
}
#if defined(MBEDTLS_DEBUG_C)
MBEDTLS_SSL_DEBUG_BUF(3, "client hello, auth code", auth_code, auth_code_len);
#endif
*p++ = (unsigned char)((auth_code_len >> 8) & 0xFF);
*p++ = (unsigned char)((auth_code_len) & 0xFF);
*olen = 4 + auth_code_len;
return ret;
}
int mbedtls_parse_hello_verify_ext(
mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
{
const unsigned char *ext = buf;
unsigned int ext_id;
unsigned int ext_size;
#if defined(CONFIG_KEY_OTP_ENABLED)
int ret = 0;
#endif
#if defined(MBEDTLS_SSL_PROTO_ITLS_TEST)
if (ssl->conf->type == ITLS_TEST_FLAGS_SRV_VERIFY) {
MBEDTLS_SSL_DEBUG_MSG(1, ("TLS ABT TEST - Hello Verify - Parse Ext Failed!!!\n\n"));
return -1;
}
#endif /* MBEDTLS_SSL_PROTO_ITLS_TEST */
if (len < 4) {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no extension data for hello verify " ) );
return -1;
}
ext_id = (ext[0] << 8) | ext[1];
ext_size = (ext[2] << 8) | ext[3];
if (ext_size + 4 > len) {
MBEDTLS_SSL_DEBUG_MSG( 1,
( "extension length does not match incoming message size" ) );
return - 1;
}
switch(ext_id) {
case MBEDTLS_TLS_EXT_SRV_CHALLENGE: {
#if defined(MBEDTLS_DEBUG_C)
MBEDTLS_SSL_DEBUG_BUF( 3, "challenge extension", ext + 4, ext_size );
#endif
mbedtls_free(ssl->handshake->challenge);
ssl->handshake->challenge = mbedtls_calloc(1, ext_size + 1);
if (ssl->handshake->challenge == NULL ) {
MBEDTLS_SSL_PRINT("alloc failed (%d bytes)\n", ext_size);
return - 1;
} else {
memset(ssl->handshake->challenge, 0, ext_size + 1);
}
memcpy(ssl->handshake->challenge, ext + 4, ext_size);
ssl->handshake->challenge_len = ext_size;
break;
}
#if defined(CONFIG_KEY_OTP_ENABLED)
case MBEDTLS_TLS_EXT_KEY_OTP_DATA: {
#if defined(MBEDTLS_DEBUG_C)
MBEDTLS_SSL_DEBUG_BUF( 3, "otp_data extension", ext + 4, ext_size );
#endif
if (ssl->handshake->key_otp == 0) {
MBEDTLS_SSL_PRINT("otp_data extension is not needed\n");
return -1;
}
ret = id2_client_load_otp_data(ext + 4, ext_size);
if (ret != 0) {
MBEDTLS_SSL_PRINT("id2_client_load_otp_data fail, %d\n", ret);
return -1;
}
break;
}
#endif
default:
MBEDTLS_SSL_PRINT("unkown extension found: 0x%04x\n", ext_id);
return -1;
}
return 0;
}
int mbedtls_parse_auth_code_ext(
mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
{
int ret = 0;
unsigned char *rand_str = NULL;
#if defined(MBEDTLS_DEBUG_C)
MBEDTLS_SSL_DEBUG_BUF(3, "server hello, auth code", buf, len);
#endif
rand_str = mbedtls_hex_to_str(ssl->handshake->randbytes, 32);
if (rand_str == NULL) {
MBEDTLS_SSL_PRINT("mbedtls_hex_to_str fail\n");
ret = -1;
goto _out;
}
#if defined(MBEDTLS_DEBUG_C)
MBEDTLS_SSL_DEBUG_BUF(3, "rand_str", rand_str, strlen((char *)rand_str));
#endif
#if defined(MBEDTLS_SSL_PROTO_ITLS_TEST)
if (ssl->conf->type == ITLS_TEST_FLAGS_SRV_HELLO) {
MBEDTLS_SSL_PRINT("TLS ABT TEST - Server Hello - Verify iTLS Server Failed!!!\n\n");
ret = -1;
goto _out;
}
#endif /* MBEDTLS_SSL_PROTO_ITLS_TEST */
ret = id2_client_verify_server(
buf, len, rand_str, strlen((char *)rand_str), NULL, 0);
if (ret != 0) {
MBEDTLS_SSL_PRINT(" . Verify iTLS Server authCode Failed!\n");
ret = -1;
goto _out;
} else {
MBEDTLS_SSL_PRINT(" . Verify iTLS Server authCode OK!\n");
}
ret = 0;
_out:
if (ret < 0) {
mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
ret = MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
if (rand_str != NULL) {
mbedtls_free(rand_str);
}
return ret;
}
int mbedtls_parse_pre_master_secret_ext(
mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
{
int ret = 0;
uint32_t pms_len;
#if defined(MBEDTLS_DEBUG_C)
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, encrypted premaster secret", buf, len );
#endif
pms_len = 48;
ret = id2_client_decrypt(buf, len, ssl->handshake->premaster, &pms_len);
if (ret != 0) {
MBEDTLS_SSL_PRINT("id2_client_decrypt fail, %d\n", ret);
ret = -1;
goto _out;
}
if (pms_len != 48) {
MBEDTLS_SSL_PRINT("invalid premaster secret len: %d\n", pms_len);
ret = -1;
goto _out;
} else {
ssl->handshake->pmslen = pms_len;
}
#if defined(MBEDTLS_DEBUG_C)
MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", ssl->handshake->premaster, pms_len);
#endif
ret = 0;
_out:
if (ret < 0) {
mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
ret = MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO;
}
return ret;
}
#if defined(MBEDTLS_SSL_PROTO_ITLS_TEST)
int mbedtls_ssl_conf_set_data( mbedtls_ssl_config *conf,
unsigned int type, const char *data, size_t data_len)
{
MBEDTLS_SSL_PRINT("ssl_conf_set_data - type: 0x%x\n", type);
if (conf == NULL || data == NULL || data_len == 0) {
MBEDTLS_SSL_PRINT("invalid input args\n");
return -1;
}
switch(type) {
case ITLS_TEST_DATA_KEY_ID: {
conf->key_id = (unsigned char *)data;
conf->key_id_len = data_len;
break;
}
case ITLS_TEST_DATA_AUTH_CODE: {
conf->auth_code = (unsigned char *)data;
conf->auth_code_len = data_len;
break;
}
case ITLS_TEST_DATA_VERIFY_DATA: {
conf->verify_data = (unsigned char *)data;
conf->verify_data_len = data_len;
break;
}
default: {
MBEDTLS_SSL_PRINT("invalid data type, 0x%x\n", type);
return -1;
}
}
conf->type = type;
return 0;
}
int mbedtls_ssl_conf_set_value( mbedtls_ssl_config *conf,
unsigned int type, unsigned int value)
{
MBEDTLS_SSL_PRINT("ssl_conf_set_data - type: 0x%x value: 0x%x\n", type, value);
if (conf == NULL) {
MBEDTLS_SSL_PRINT("invalid input arg\n");
return -1;
}
switch(type) {
case ITLS_TEST_VALUE_VERSION: {
conf->version = value;
break;
}
case ITLS_TEST_VALUE_KEY_GROUP: {
conf->key_group = value;
break;
}
case ITLS_TEST_VALUE_CIPHER_SUITE: {
conf->cipher_suite = value;
break;
}
default: {
MBEDTLS_SSL_PRINT("invalid data type, 0x%x\n", type);
return -1;
}
}
conf->type = type;
return 0;
}
#endif /* MBEDTLS_SSL_PROTO_ITLS_TEST */
#endif /* MBEDTLS_SSL_PROTO_ITLS */

View file

@ -0,0 +1,252 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include "itls/config.h"
#include "itls/net_sockets.h"
#define MBEDTLS_NET_PRINT(_f, ...) \
printf("%s %d: "_f, __FUNCTION__, __LINE__, ##__VA_ARGS__)
#if defined(MBEDTLS_NET_ALT)
#include <fcntl.h>
#include <unistd.h>
#include <aos/errno.h>
#include <aos/network.h>
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
/*
* Check if the requested operation would be blocking on a non-blocking socket
* and thus 'failed' with a negative return value.
*/
static int net_would_block(const mbedtls_net_context *ctx)
{
((void)ctx);
return (WSAGetLastError() == WSAEWOULDBLOCK);
}
#else
static int net_would_block(const mbedtls_net_context *ctx)
{
/*
* Never return 'WOULD BLOCK' on a non-blocking socket
*/
if ((fcntl(ctx->fd, F_GETFL, 0) & O_NONBLOCK) != O_NONBLOCK) {
return 0;
}
switch (errno) {
#if defined EAGAIN
case EAGAIN:
#endif
#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN
case EWOULDBLOCK:
#endif
return 1;
}
return 0;
}
#endif
void mbedtls_net_init(mbedtls_net_context *ctx)
{
ctx->fd = -1;
}
int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host, const char *port, int proto)
{
int ret;
struct addrinfo hints, *addr_list, *cur;
memset( &hints, 0, sizeof( hints ) );
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
if ((ret = getaddrinfo(host, port, &hints, &addr_list)) != 0) {
MBEDTLS_NET_PRINT("getaddrinfo fail- errno: %d, %d\n", errno, ret);
return MBEDTLS_ERR_NET_UNKNOWN_HOST;
}
ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
for (cur = addr_list; cur != NULL; cur = cur->ai_next) {
ctx->fd = (int)socket(cur->ai_family,
cur->ai_socktype, cur->ai_protocol);
if (ctx->fd < 0) {
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
do {
ret = connect(ctx->fd, cur->ai_addr, cur->ai_addrlen);
if (ret == 0) {
goto _out;
} else {
if (errno == EINTR) {
continue;
}
break;
}
} while (1);
close(ctx->fd);
ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
}
_out:
freeaddrinfo(addr_list);
return ret;
}
int mbedtls_net_set_block(mbedtls_net_context *ctx)
{
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
u_long n = 0;
return (ioctlsocket(ctx->fd, FIONBIO, &n));
#else
int flags;
flags = fcntl(ctx->fd, F_GETFL, 0);
flags &= ~O_NONBLOCK;
return fcntl(ctx->fd, F_SETFL, flags);
#endif
}
int mbedtls_net_set_nonblock(mbedtls_net_context *ctx)
{
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
!defined(EFI32)
u_long n = 1;
return ( ioctlsocket( ctx->fd, FIONBIO, &n ) );
#else
int flags;
flags = fcntl(ctx->fd, F_GETFL, 0);
flags |= O_NONBLOCK;
return fcntl(ctx->fd, F_SETFL, flags);
#endif
}
int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len)
{
int ret;
int fd = ((mbedtls_net_context *) ctx)->fd;
if (fd < 0) {
MBEDTLS_NET_PRINT("invalid socket fd\n");
return (MBEDTLS_ERR_NET_INVALID_CONTEXT);
}
ret = (int)read(fd, buf, len);
if (ret < 0) {
if (net_would_block(ctx) != 0) {
return (MBEDTLS_ERR_SSL_WANT_READ);
}
if (errno == EPIPE || errno == ECONNRESET) {
MBEDTLS_NET_PRINT("net reset - errno: %d\n", errno);
return (MBEDTLS_ERR_NET_CONN_RESET);
}
if (errno == EINTR) {
return (MBEDTLS_ERR_SSL_WANT_READ);
}
MBEDTLS_NET_PRINT("net recv failed - errno: %d\n", errno);
return (MBEDTLS_ERR_NET_RECV_FAILED);
}
return ret;
}
int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len)
{
int ret;
int fd = ((mbedtls_net_context *) ctx)->fd;
if (fd < 0) {
return (MBEDTLS_ERR_NET_INVALID_CONTEXT);
}
ret = (int)write(fd, buf, len);
if (ret < 0) {
if (net_would_block(ctx) != 0) {
return (MBEDTLS_ERR_SSL_WANT_WRITE);
}
if (errno == EPIPE || errno == ECONNRESET) {
MBEDTLS_NET_PRINT("net reset - errno: %d\n", errno);
return (MBEDTLS_ERR_NET_CONN_RESET);
}
if (errno == EINTR) {
return (MBEDTLS_ERR_SSL_WANT_WRITE);
}
MBEDTLS_NET_PRINT("net send failed - errno: %d\n", errno);
return (MBEDTLS_ERR_NET_SEND_FAILED);
}
return ret;
}
int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, size_t len,
uint32_t timeout )
{
int ret;
struct timeval tv;
fd_set read_fds;
int fd = ((mbedtls_net_context *) ctx)->fd;
if (fd < 0) {
return MBEDTLS_ERR_NET_INVALID_CONTEXT;
}
FD_ZERO(&read_fds);
FD_SET(fd, &read_fds);
tv.tv_sec = timeout / 1000;
tv.tv_usec = (timeout % 1000) * 1000;
ret = select(fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv);
if (ret == 0) {
return MBEDTLS_ERR_SSL_TIMEOUT;
}
if (ret < 0) {
if (errno == EINTR) {
return MBEDTLS_ERR_SSL_WANT_READ;
}
return MBEDTLS_ERR_NET_RECV_FAILED;
}
return mbedtls_net_recv(ctx, buf, len);
}
void mbedtls_net_free(mbedtls_net_context *ctx)
{
if (ctx->fd == -1) {
return;
}
shutdown(ctx->fd, 2);
close(ctx->fd);
ctx->fd = -1;
}
#endif /* MBEDTLS_NET_ALT */