Swap binary axTLS libssl for direct compiled version
This commit is contained in:
parent
c19346fa23
commit
3fcec6106f
21 changed files with 590 additions and 1925 deletions
|
@ -70,6 +70,7 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "esp8266.h"
|
||||
#include "espressif/esp8266/ets_sys.h"
|
||||
#include <stdint.h>
|
||||
#include <xtruntime.h>
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
#include <string.h>
|
||||
#include "FreeRTOS.h"
|
||||
|
||||
/* SDK uses this and so does lwip, it was defined in libudhcp.a
|
||||
/* SDK uses errno. errno was defined in libudhcp.a
|
||||
but that library has been removed. */
|
||||
int errno;
|
||||
|
||||
|
|
29
axtls/axtls_esp_stubs.c
Normal file
29
axtls/axtls_esp_stubs.c
Normal file
|
@ -0,0 +1,29 @@
|
|||
#include <time.h>
|
||||
#include <sys/time.h>
|
||||
#include <stdio.h>
|
||||
/*
|
||||
* Stub time functions for TLS time-related operations
|
||||
*
|
||||
* ESPTODO: Revisit these soon as gettimeofday() is used for entropy
|
||||
*/
|
||||
|
||||
time_t time(time_t *t)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
time_t mktime(struct tm *tm)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int gettimeofday(struct timeval *tv, void *tz)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
void abort(void)
|
||||
{
|
||||
printf("abort() was called.\r\n");
|
||||
while(1) {}
|
||||
}
|
19
axtls/component.mk
Normal file
19
axtls/component.mk
Normal file
|
@ -0,0 +1,19 @@
|
|||
# Component makefile for axTLS
|
||||
|
||||
# axTLS has its own configure and build system, but it's not particularly
|
||||
# designed for embedded systems. For now we're just imposing the ESP Open RTOS
|
||||
# build system over the top.
|
||||
|
||||
# We supply our own hand tweaked config.h in the external 'include' dir.
|
||||
|
||||
AXTLS_DIR = $(ROOT)axtls/axtls/
|
||||
INC_DIRS += $(ROOT)axtls/include $(AXTLS_DIR)ssl $(AXTLS_DIR)crypto
|
||||
|
||||
# args for passing into compile rule generation
|
||||
axtls_ROOT = $(ROOT)axtls
|
||||
axtls_INC_DIR = $(AXTLS_DIR)include $(AXTLS_DIR)
|
||||
axtls_SRC_DIR = $(AXTLS_DIR)crypto $(AXTLS_DIR)ssl $(ROOT)axtls
|
||||
|
||||
#axtls_CFLAGS = $(CFLAGS) -Wno-address
|
||||
|
||||
$(eval $(call component_compile_rules,axtls))
|
|
@ -1,18 +1,18 @@
|
|||
/*
|
||||
* Automatically generated header file: don't edit
|
||||
*/
|
||||
|
||||
#define HAVE_DOT_CONFIG 1
|
||||
#define HAVE_DOT_CONFIG 0
|
||||
#undef CONFIG_PLATFORM_LINUX
|
||||
#define CONFIG_PLATFORM_CYGWIN 1
|
||||
#undef CONFIG_PLATFORM_CYGWIN
|
||||
#undef CONFIG_PLATFORM_WIN32
|
||||
|
||||
/*
|
||||
* General Configuration
|
||||
*/
|
||||
#define PREFIX "/usr/local"
|
||||
#define CONFIG_DEBUG 1
|
||||
#undef CONFIG_STRIP_UNWANTED_SECTIONS
|
||||
#define CROSS "xtensa-lx106-elf-"
|
||||
#undef CONFIG_DEBUG
|
||||
#define CONFIG_STRIP_UNWANTED_SECTIONS 1
|
||||
#undef CONFIG_VISUAL_STUDIO_7_0
|
||||
#undef CONFIG_VISUAL_STUDIO_8_0
|
||||
#undef CONFIG_VISUAL_STUDIO_10_0
|
||||
|
@ -22,18 +22,26 @@
|
|||
#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
|
||||
#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
|
||||
|
||||
/*
|
||||
* Embedded System Options (added for ESP RTOS SDK, don't have config entries yetr)
|
||||
*/
|
||||
#define CONFIG_NO_FILESYSTEM 1
|
||||
#define CONFIG_USE_RAND 1
|
||||
#define CONFIG_MAX_PLAIN_LENGTH 1024
|
||||
#define CONFIG_MAX_KEY_BYTE_SIZE 256 /* for max 2048 bit keys (untested with >1024 bit keys) */
|
||||
|
||||
/*
|
||||
* SSL Library
|
||||
*/
|
||||
#undef CONFIG_SSL_SERVER_ONLY
|
||||
#undef CONFIG_SSL_CERT_VERIFICATION
|
||||
#undef CONFIG_SSL_ENABLE_CLIENT
|
||||
#define CONFIG_SSL_FULL_MODE 1
|
||||
#define CONFIG_SSL_ENABLE_CLIENT 1
|
||||
#undef CONFIG_SSL_FULL_MODE
|
||||
#undef CONFIG_SSL_SKELETON_MODE
|
||||
#undef CONFIG_SSL_PROT_LOW
|
||||
#define CONFIG_SSL_PROT_MEDIUM 1
|
||||
#undef CONFIG_SSL_PROT_HIGH
|
||||
#define CONFIG_SSL_USE_DEFAULT_KEY
|
||||
#undef CONFIG_SSL_USE_DEFAULT_KEY
|
||||
#define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
|
||||
#define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
|
||||
#define CONFIG_SSL_X509_CERT_LOCATION ""
|
||||
|
@ -42,45 +50,37 @@
|
|||
#define CONFIG_SSL_X509_ORGANIZATION_NAME ""
|
||||
#define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME ""
|
||||
#undef CONFIG_SSL_ENABLE_V23_HANDSHAKE
|
||||
#define CONFIG_SSL_HAS_PEM 1
|
||||
#undef CONFIG_SSL_HAS_PEM
|
||||
#undef CONFIG_SSL_USE_PKCS12
|
||||
#define CONFIG_SSL_EXPIRY_TIME 24
|
||||
#define CONFIG_X509_MAX_CA_CERTS 150
|
||||
#define CONFIG_X509_MAX_CA_CERTS 1
|
||||
#define CONFIG_SSL_MAX_CERTS 3
|
||||
#undef CONFIG_SSL_CTX_MUTEXING
|
||||
//#define CONFIG_USE_DEV_URANDOM 1
|
||||
#undef CONFIG_USE_DEV_URANDOM
|
||||
#undef CONFIG_WIN32_USE_CRYPTO_LIB
|
||||
#undef CONFIG_OPENSSL_COMPATIBLE
|
||||
#undef CONFIG_PERFORMANCE_TESTING
|
||||
#define CONFIG_SSL_TEST 1
|
||||
#undef CONFIG_SSL_TEST
|
||||
#undef CONFIG_AXTLSWRAP
|
||||
#define CONFIG_AXHTTPD 1
|
||||
|
||||
/*
|
||||
* Axhttpd Configuration
|
||||
*/
|
||||
#undef CONFIG_AXHTTPD
|
||||
#undef CONFIG_HTTP_STATIC_BUILD
|
||||
#define CONFIG_HTTP_PORT 80
|
||||
#define CONFIG_HTTP_HTTPS_PORT 443
|
||||
#define CONFIG_HTTP_SESSION_CACHE_SIZE 5
|
||||
#define CONFIG_HTTP_WEBROOT "../www"
|
||||
#define CONFIG_HTTP_TIMEOUT 300
|
||||
|
||||
/*
|
||||
* CGI
|
||||
*/
|
||||
#undef CONFIG_HTTP_HAS_CGI
|
||||
#define CONFIG_HTTP_CGI_EXTENSIONS ".lua,.lp,.php"
|
||||
#define CONFIG_HTTP_ENABLE_LUA 1
|
||||
#define CONFIG_HTTP_LUA_PREFIX "/usr"
|
||||
#define CONFIG_HTTP_PORT
|
||||
#define CONFIG_HTTP_HTTPS_PORT
|
||||
#define CONFIG_HTTP_SESSION_CACHE_SIZE
|
||||
#define CONFIG_HTTP_WEBROOT ""
|
||||
#define CONFIG_HTTP_TIMEOUT
|
||||
#undef CONFIG_HTTP_HAS_CGI
|
||||
#define CONFIG_HTTP_CGI_EXTENSIONS ""
|
||||
#undef CONFIG_HTTP_ENABLE_LUA
|
||||
#define CONFIG_HTTP_LUA_PREFIX ""
|
||||
#undef CONFIG_HTTP_BUILD_LUA
|
||||
#define CONFIG_HTTP_CGI_LAUNCHER "/usr/bin/cgi"
|
||||
#define CONFIG_HTTP_DIRECTORIES 1
|
||||
#define CONFIG_HTTP_HAS_AUTHORIZATION 1
|
||||
#define CONFIG_HTTP_CGI_LAUNCHER ""
|
||||
#undef CONFIG_HTTP_DIRECTORIES
|
||||
#undef CONFIG_HTTP_HAS_AUTHORIZATION
|
||||
#undef CONFIG_HTTP_HAS_IPV6
|
||||
#undef CONFIG_HTTP_ENABLE_DIFFERENT_USER
|
||||
#define CONFIG_HTTP_USER ""
|
||||
#define CONFIG_HTTP_VERBOSE 0
|
||||
#undef CONFIG_HTTP_VERBOSE
|
||||
#undef CONFIG_HTTP_IS_DAEMON
|
||||
|
||||
/*
|
||||
|
@ -101,8 +101,8 @@
|
|||
/*
|
||||
* Samples
|
||||
*/
|
||||
#define CONFIG_SAMPLES 1
|
||||
#define CONFIG_C_SAMPLES 1
|
||||
#undef CONFIG_SAMPLES
|
||||
#undef CONFIG_C_SAMPLES
|
||||
#undef CONFIG_CSHARP_SAMPLES
|
||||
#undef CONFIG_VBNET_SAMPLES
|
||||
#undef CONFIG_JAVA_SAMPLES
|
||||
|
@ -117,11 +117,12 @@
|
|||
#define CONFIG_BIGINT_BARRETT 1
|
||||
#define CONFIG_BIGINT_CRT 1
|
||||
#undef CONFIG_BIGINT_KARATSUBA
|
||||
#define MUL_KARATSUBA_THRESH
|
||||
#define SQU_KARATSUBA_THRESH
|
||||
#define MUL_KARATSUBA_THRESH
|
||||
#define SQU_KARATSUBA_THRESH
|
||||
#define CONFIG_BIGINT_SLIDING_WINDOW 1
|
||||
#define CONFIG_BIGINT_SQUARE 1
|
||||
#define CONFIG_BIGINT_CHECK_ON 1
|
||||
#define CONFIG_INTEGER_32BIT 1
|
||||
#undef CONFIG_INTEGER_16BIT
|
||||
#undef CONFIG_INTEGER_8BIT
|
||||
|
6
axtls/include/os_int.h
Normal file
6
axtls/include/os_int.h
Normal file
|
@ -0,0 +1,6 @@
|
|||
#ifndef _OS_INT_H
|
||||
#define _OS_INT_H
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#endif
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
* Copyright (c) 2007, Cameron Rich
|
||||
* Copyright (c) 2007-2015, Cameron Rich
|
||||
* Modifications Copyright (c) 2015 Superhouse Automation Pty Ltd
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
|
@ -34,28 +35,58 @@
|
|||
* Some stuff to minimise the differences between windows and linux/unix
|
||||
*/
|
||||
|
||||
#ifndef HEADER_OS_PORT_H
|
||||
#define HEADER_OS_PORT_H
|
||||
#ifndef _HEADER_OS_PORT_H
|
||||
#define _HEADER_OS_PORT_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "esp_common.h"
|
||||
|
||||
#if 0
|
||||
#define ssl_printf(fmt, args...) os_printf(fmt,## args)
|
||||
#else
|
||||
#define ssl_printf(fmt, args...)
|
||||
#include "FreeRTOS.h"
|
||||
#include "os_int.h"
|
||||
#include "config.h"
|
||||
#include <stdio.h>
|
||||
#include <pwd.h>
|
||||
#include <netdb.h>
|
||||
//#include <fcntl.h>
|
||||
#include <errno.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/time.h>
|
||||
#include <posix/sys/socket.h>
|
||||
#include <sys/wait.h>
|
||||
#include <ipv4/lwip/inet.h>
|
||||
#if defined(CONFIG_SSL_CTX_MUTEXING)
|
||||
#include "semphr.h"
|
||||
#endif
|
||||
|
||||
#define STDCALL
|
||||
#define EXP_FUNC
|
||||
#define SOCKET_READ(A,B,C) read(A,B,C)
|
||||
#define SOCKET_WRITE(A,B,C) write(A,B,C)
|
||||
#define SOCKET_CLOSE(A) if (A >= 0) close(A)
|
||||
#define TTY_FLUSH()
|
||||
|
||||
static inline uint64_t be64toh(uint64_t x) {
|
||||
return ntohl(x>>32) | ((uint64_t)(ntohl(x)) << 32);
|
||||
}
|
||||
|
||||
void exit_now(const char *format, ...) __attribute((noreturn));
|
||||
|
||||
#define EXP_FUNC
|
||||
#define STDCALL
|
||||
|
||||
/* Mutex definitions */
|
||||
#if defined(CONFIG_SSL_CTX_MUTEXING)
|
||||
#define SSL_CTX_MUTEX_TYPE xSemaphoreHandle
|
||||
#define SSL_CTX_MUTEX_INIT(A) vSemaphoreCreateBinaryCreateMutex(A)
|
||||
#define SSL_CTX_MUTEX_DESTROY(A) vSemaphoreDelete(A)
|
||||
#define SSL_CTX_LOCK(A) xSemaphoreTakeRecursive(A, portMAX_DELAY)
|
||||
#define SSL_CTX_UNLOCK(A) xSemaphoreGiveRecursive(A)
|
||||
#else
|
||||
#define SSL_CTX_MUTEX_TYPE
|
||||
#define SSL_CTX_MUTEX_INIT(A)
|
||||
#define SSL_CTX_MUTEX_DESTROY(A)
|
||||
#define SSL_CTX_LOCK(A)
|
||||
#define SSL_CTX_UNLOCK(A)
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
|
@ -53,7 +53,7 @@ OBJCOPY = $(CROSS)objcopy
|
|||
|
||||
# Source components to compile and link. Each of these are subdirectories
|
||||
# of the root, with a 'component.mk' file.
|
||||
COMPONENTS ?= FreeRTOS lwip
|
||||
COMPONENTS ?= FreeRTOS lwip axtls
|
||||
|
||||
# binary esp-iot-rtos SDK libraries to link. These are pre-processed prior to linking.
|
||||
SDK_LIBS ?= main net80211 phy pp wpa
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/* esp8266.h
|
||||
*
|
||||
<<<<<<< HEAD
|
||||
* ESP-specific SoC-level addresses, macros, etc.
|
||||
* Part of esp-open-rtos
|
||||
*
|
||||
|
@ -23,7 +24,6 @@
|
|||
*/
|
||||
#define IROM __attribute__((section(".irom0"))) const
|
||||
|
||||
|
||||
/* Register addresses
|
||||
|
||||
ESPTODO: break this out to its own header file and clean it up, add other regs, etc.
|
||||
|
|
|
@ -1,99 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2007, Cameron Rich
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* * Neither the name of the axTLS project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef BIGINT_HEADER
|
||||
#define BIGINT_HEADER
|
||||
|
||||
#include "ssl/ssl_crypto.h"
|
||||
|
||||
BI_CTX *bi_initialize(void);
|
||||
void bi_terminate(BI_CTX *ctx);
|
||||
void bi_permanent(bigint *bi);
|
||||
void bi_depermanent(bigint *bi);
|
||||
void bi_clear_cache(BI_CTX *ctx);
|
||||
void bi_free(BI_CTX *ctx, bigint *bi);
|
||||
bigint *bi_copy(bigint *bi);
|
||||
bigint *bi_clone(BI_CTX *ctx, const bigint *bi);
|
||||
void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size);
|
||||
bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len);
|
||||
bigint *int_to_bi(BI_CTX *ctx, comp i);
|
||||
|
||||
/* the functions that actually do something interesting */
|
||||
bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib);
|
||||
bigint *bi_subtract(BI_CTX *ctx, bigint *bia,
|
||||
bigint *bib, int *is_negative);
|
||||
bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod);
|
||||
bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib);
|
||||
bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp);
|
||||
bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp);
|
||||
int bi_compare(bigint *bia, bigint *bib);
|
||||
void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset);
|
||||
void bi_free_mod(BI_CTX *ctx, int mod_offset);
|
||||
|
||||
#ifdef CONFIG_SSL_FULL_MODE
|
||||
void bi_print(const char *label, bigint *bi);
|
||||
bigint *bi_str_import(BI_CTX *ctx, const char *data);
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @def bi_mod
|
||||
* Find the residue of B. bi_set_mod() must be called before hand.
|
||||
*/
|
||||
#define bi_mod(A, B) bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1)
|
||||
|
||||
/**
|
||||
* bi_residue() is technically the same as bi_mod(), but it uses the
|
||||
* appropriate reduction technique (which is bi_mod() when doing classical
|
||||
* reduction).
|
||||
*/
|
||||
#if defined(CONFIG_BIGINT_MONTGOMERY)
|
||||
#define bi_residue(A, B) bi_mont(A, B)
|
||||
bigint *bi_mont(BI_CTX *ctx, bigint *bixy);
|
||||
#elif defined(CONFIG_BIGINT_BARRETT)
|
||||
#define bi_residue(A, B) bi_barrett(A, B)
|
||||
bigint *bi_barrett(BI_CTX *ctx, bigint *bi);
|
||||
#else /* if defined(CONFIG_BIGINT_CLASSICAL) */
|
||||
#define bi_residue(A, B) bi_mod(A, B)
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_BIGINT_SQUARE
|
||||
bigint *bi_square(BI_CTX *ctx, bigint *bi);
|
||||
#else
|
||||
#define bi_square(A, B) bi_multiply(A, bi_copy(B), B)
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_BIGINT_CRT
|
||||
bigint *bi_crt(BI_CTX *ctx, bigint *bi,
|
||||
bigint *dP, bigint *dQ,
|
||||
bigint *p, bigint *q,
|
||||
bigint *qInv);
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -1,131 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2007, Cameron Rich
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* * Neither the name of the axTLS project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef BIGINT_IMPL_HEADER
|
||||
#define BIGINT_IMPL_HEADER
|
||||
|
||||
/* Maintain a number of precomputed variables when doing reduction */
|
||||
#define BIGINT_M_OFFSET 0 /**< Normal modulo offset. */
|
||||
#ifdef CONFIG_BIGINT_CRT
|
||||
#define BIGINT_P_OFFSET 1 /**< p modulo offset. */
|
||||
#define BIGINT_Q_OFFSET 2 /**< q module offset. */
|
||||
#define BIGINT_NUM_MODS 3 /**< The number of modulus constants used. */
|
||||
#else
|
||||
#define BIGINT_NUM_MODS 1
|
||||
#endif
|
||||
|
||||
/* Architecture specific functions for big ints */
|
||||
#if defined(CONFIG_INTEGER_8BIT)
|
||||
#define COMP_RADIX 256U /**< Max component + 1 */
|
||||
#define COMP_MAX 0xFFFFU/**< (Max dbl comp -1) */
|
||||
#define COMP_BIT_SIZE 8 /**< Number of bits in a component. */
|
||||
#define COMP_BYTE_SIZE 1 /**< Number of bytes in a component. */
|
||||
#define COMP_NUM_NIBBLES 2 /**< Used For diagnostics only. */
|
||||
typedef uint8_t comp; /**< A single precision component. */
|
||||
typedef uint16_t long_comp; /**< A double precision component. */
|
||||
typedef int16_t slong_comp; /**< A signed double precision component. */
|
||||
#elif defined(CONFIG_INTEGER_16BIT)
|
||||
#define COMP_RADIX 65536U /**< Max component + 1 */
|
||||
#define COMP_MAX 0xFFFFFFFFU/**< (Max dbl comp -1) */
|
||||
#define COMP_BIT_SIZE 16 /**< Number of bits in a component. */
|
||||
#define COMP_BYTE_SIZE 2 /**< Number of bytes in a component. */
|
||||
#define COMP_NUM_NIBBLES 4 /**< Used For diagnostics only. */
|
||||
typedef uint16_t comp; /**< A single precision component. */
|
||||
typedef uint32_t long_comp; /**< A double precision component. */
|
||||
typedef int32_t slong_comp; /**< A signed double precision component. */
|
||||
#else /* regular 32 bit */
|
||||
#ifdef WIN32
|
||||
#define COMP_RADIX 4294967296i64
|
||||
#define COMP_MAX 0xFFFFFFFFFFFFFFFFui64
|
||||
#else
|
||||
#define COMP_RADIX 4294967296ULL /**< Max component + 1 */
|
||||
#define COMP_MAX 0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */
|
||||
#endif
|
||||
#define COMP_BIT_SIZE 32 /**< Number of bits in a component. */
|
||||
#define COMP_BYTE_SIZE 4 /**< Number of bytes in a component. */
|
||||
#define COMP_NUM_NIBBLES 8 /**< Used For diagnostics only. */
|
||||
typedef uint32_t comp; /**< A single precision component. */
|
||||
typedef uint64_t long_comp; /**< A double precision component. */
|
||||
typedef sint64_t slong_comp; /**< A signed double precision component. */
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @struct _bigint
|
||||
* @brief A big integer basic object
|
||||
*/
|
||||
struct _bigint
|
||||
{
|
||||
struct _bigint* next; /**< The next bigint in the cache. */
|
||||
short size; /**< The number of components in this bigint. */
|
||||
short max_comps; /**< The heapsize allocated for this bigint */
|
||||
int refs; /**< An internal reference count. */
|
||||
comp* comps; /**< A ptr to the actual component data */
|
||||
};
|
||||
|
||||
typedef struct _bigint bigint; /**< An alias for _bigint */
|
||||
|
||||
/**
|
||||
* Maintains the state of the cache, and a number of variables used in
|
||||
* reduction.
|
||||
*/
|
||||
typedef struct /**< A big integer "session" context. */
|
||||
{
|
||||
bigint *active_list; /**< Bigints currently used. */
|
||||
bigint *free_list; /**< Bigints not used. */
|
||||
bigint *bi_radix; /**< The radix used. */
|
||||
bigint *bi_mod[BIGINT_NUM_MODS]; /**< modulus */
|
||||
|
||||
#if defined(CONFIG_BIGINT_MONTGOMERY)
|
||||
bigint *bi_RR_mod_m[BIGINT_NUM_MODS]; /**< R^2 mod m */
|
||||
bigint *bi_R_mod_m[BIGINT_NUM_MODS]; /**< R mod m */
|
||||
comp N0_dash[BIGINT_NUM_MODS];
|
||||
#elif defined(CONFIG_BIGINT_BARRETT)
|
||||
bigint *bi_mu[BIGINT_NUM_MODS]; /**< Storage for mu */
|
||||
#endif
|
||||
bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */
|
||||
bigint **g; /**< Used by sliding-window. */
|
||||
int window; /**< The size of the sliding window */
|
||||
int active_count; /**< Number of active bigints. */
|
||||
int free_count; /**< Number of free bigints. */
|
||||
|
||||
#ifdef CONFIG_BIGINT_MONTGOMERY
|
||||
uint8_t use_classical; /**< Use classical reduction. */
|
||||
#endif
|
||||
uint8_t mod_offset; /**< The mod offset we are using */
|
||||
} BI_CTX;
|
||||
|
||||
#ifndef WIN32
|
||||
#define max(a,b) ((a)>(b)?(a):(b)) /**< Find the maximum of 2 numbers. */
|
||||
#define min(a,b) ((a)<(b)?(a):(b)) /**< Find the minimum of 2 numbers. */
|
||||
#endif
|
||||
|
||||
#define PERMANENT 0x7FFF55AA /**< A magic number for permanents. */
|
||||
|
||||
#endif
|
|
@ -1,230 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2007, Cameron Rich
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* * Neither the name of the axTLS project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @file crypto.h
|
||||
*/
|
||||
|
||||
#ifndef HEADER_CRYPTO_H
|
||||
#define HEADER_CRYPTO_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "ssl/ssl_config.h"
|
||||
#include "ssl/ssl_bigint_impl.h"
|
||||
#include "ssl/ssl_bigint.h"
|
||||
|
||||
#ifndef STDCALL
|
||||
#define STDCALL
|
||||
#endif
|
||||
#ifndef EXP_FUNC
|
||||
#define EXP_FUNC
|
||||
#endif
|
||||
|
||||
|
||||
/* enable features based on a 'super-set' capbaility. */
|
||||
#if defined(CONFIG_SSL_FULL_MODE)
|
||||
#define CONFIG_SSL_ENABLE_CLIENT
|
||||
#define CONFIG_SSL_CERT_VERIFICATION
|
||||
#elif defined(CONFIG_SSL_ENABLE_CLIENT)
|
||||
#define CONFIG_SSL_CERT_VERIFICATION
|
||||
#endif
|
||||
|
||||
/**************************************************************************
|
||||
* AES declarations
|
||||
**************************************************************************/
|
||||
|
||||
#define AES_MAXROUNDS 14
|
||||
#define AES_BLOCKSIZE 16
|
||||
#define AES_IV_SIZE 16
|
||||
|
||||
typedef struct aes_key_st
|
||||
{
|
||||
uint16_t rounds;
|
||||
uint16_t key_size;
|
||||
uint32_t ks[(AES_MAXROUNDS+1)*8];
|
||||
uint8_t iv[AES_IV_SIZE];
|
||||
} AES_CTX;
|
||||
|
||||
typedef enum
|
||||
{
|
||||
AES_MODE_128,
|
||||
AES_MODE_256
|
||||
} AES_MODE;
|
||||
|
||||
void AES_set_key(AES_CTX *ctx, const uint8_t *key,
|
||||
const uint8_t *iv, AES_MODE mode);
|
||||
void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg,
|
||||
uint8_t *out, int length);
|
||||
void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
|
||||
void AES_convert_key(AES_CTX *ctx);
|
||||
|
||||
/**************************************************************************
|
||||
* RC4 declarations
|
||||
**************************************************************************/
|
||||
|
||||
typedef struct
|
||||
{
|
||||
uint8_t x, y, m[256];
|
||||
} RC4_CTX;
|
||||
|
||||
void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
|
||||
void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
|
||||
|
||||
/**************************************************************************
|
||||
* SHA1 declarations
|
||||
**************************************************************************/
|
||||
|
||||
#define SHA1_SIZE 20
|
||||
|
||||
/*
|
||||
* This structure will hold context information for the SHA-1
|
||||
* hashing operation
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
|
||||
uint32_t Length_Low; /* Message length in bits */
|
||||
uint32_t Length_High; /* Message length in bits */
|
||||
uint16_t Message_Block_Index; /* Index into message block array */
|
||||
uint8_t Message_Block[64]; /* 512-bit message blocks */
|
||||
} SHA1_CTX;
|
||||
|
||||
void SHA1_Init(SHA1_CTX *);
|
||||
void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
|
||||
void SHA1_Final(uint8_t *digest, SHA1_CTX *);
|
||||
|
||||
/**************************************************************************
|
||||
* MD2 declarations
|
||||
**************************************************************************/
|
||||
|
||||
#define MD2_SIZE 16
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned char cksum[16]; /* checksum of the data block */
|
||||
unsigned char state[48]; /* intermediate digest state */
|
||||
unsigned char buffer[16]; /* data block being processed */
|
||||
int left; /* amount of data in buffer */
|
||||
} MD2_CTX;
|
||||
|
||||
EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx);
|
||||
EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen);
|
||||
EXP_FUNC void STDCALL MD2_Final(uint8_t *digest, MD2_CTX *ctx);
|
||||
|
||||
/**************************************************************************
|
||||
* MD5 declarations
|
||||
**************************************************************************/
|
||||
|
||||
#define MD5_SIZE 16
|
||||
|
||||
typedef struct
|
||||
{
|
||||
uint32_t state[4]; /* state (ABCD) */
|
||||
uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */
|
||||
uint8_t buffer[64]; /* input buffer */
|
||||
} MD5_CTX;
|
||||
|
||||
EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
|
||||
EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
|
||||
EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
|
||||
|
||||
/**************************************************************************
|
||||
* HMAC declarations
|
||||
**************************************************************************/
|
||||
void ssl_hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
|
||||
int key_len, uint8_t *digest);// fix hmac_md5 to ssl_hmac_md5, discriminate ieee80211
|
||||
void ssl_hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
|
||||
int key_len, uint8_t *digest);// fix hmac_md5 to ssl_hmac_sha1, discriminate ieee80211
|
||||
|
||||
/**************************************************************************
|
||||
* RSA declarations
|
||||
**************************************************************************/
|
||||
|
||||
typedef struct
|
||||
{
|
||||
bigint *m; /* modulus */
|
||||
bigint *e; /* public exponent */
|
||||
bigint *d; /* private exponent */
|
||||
#ifdef CONFIG_BIGINT_CRT
|
||||
bigint *p; /* p as in m = pq */
|
||||
bigint *q; /* q as in m = pq */
|
||||
bigint *dP; /* d mod (p-1) */
|
||||
bigint *dQ; /* d mod (q-1) */
|
||||
bigint *qInv; /* q^-1 mod p */
|
||||
#endif
|
||||
int num_octets;
|
||||
BI_CTX *bi_ctx;
|
||||
} RSA_CTX;
|
||||
|
||||
void RSA_priv_key_new(RSA_CTX **rsa_ctx,
|
||||
const uint8_t *modulus, int mod_len,
|
||||
const uint8_t *pub_exp, int pub_len,
|
||||
const uint8_t *priv_exp, int priv_len
|
||||
#ifdef CONFIG_BIGINT_CRT
|
||||
, const uint8_t *p, int p_len,
|
||||
const uint8_t *q, int q_len,
|
||||
const uint8_t *dP, int dP_len,
|
||||
const uint8_t *dQ, int dQ_len,
|
||||
const uint8_t *qInv, int qInv_len
|
||||
#endif
|
||||
);
|
||||
void RSA_pub_key_new(RSA_CTX **rsa_ctx,
|
||||
const uint8_t *modulus, int mod_len,
|
||||
const uint8_t *pub_exp, int pub_len);
|
||||
void RSA_free(RSA_CTX *ctx);
|
||||
int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
|
||||
int is_decryption);
|
||||
bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
|
||||
#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
|
||||
bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
|
||||
bigint *modulus, bigint *pub_exp);
|
||||
bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
|
||||
int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
|
||||
uint8_t *out_data, int is_signing);
|
||||
void RSA_print(const RSA_CTX *ctx);
|
||||
#endif
|
||||
|
||||
/**************************************************************************
|
||||
* RNG declarations
|
||||
**************************************************************************/
|
||||
EXP_FUNC void STDCALL RNG_initialize(void);
|
||||
EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size);
|
||||
EXP_FUNC void STDCALL RNG_terminate(void);
|
||||
EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
|
||||
void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -1,172 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2007, Cameron Rich
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* * Neither the name of the axTLS project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @file crypto_misc.h
|
||||
*/
|
||||
|
||||
#ifndef HEADER_CRYPTO_MISC_H
|
||||
#define HEADER_CRYPTO_MISC_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "ssl/ssl_crypto.h"
|
||||
#include "ssl/ssl_bigint.h"
|
||||
|
||||
/**************************************************************************
|
||||
* X509 declarations
|
||||
**************************************************************************/
|
||||
#define X509_OK 0
|
||||
#define X509_NOT_OK -1
|
||||
#define X509_VFY_ERROR_NO_TRUSTED_CERT -2
|
||||
#define X509_VFY_ERROR_BAD_SIGNATURE -3
|
||||
#define X509_VFY_ERROR_NOT_YET_VALID -4
|
||||
#define X509_VFY_ERROR_EXPIRED -5
|
||||
#define X509_VFY_ERROR_SELF_SIGNED -6
|
||||
#define X509_VFY_ERROR_INVALID_CHAIN -7
|
||||
#define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8
|
||||
#define X509_INVALID_PRIV_KEY -9
|
||||
|
||||
/*
|
||||
* The Distinguished Name
|
||||
*/
|
||||
#define X509_NUM_DN_TYPES 3
|
||||
#define X509_COMMON_NAME 0
|
||||
#define X509_ORGANIZATION 1
|
||||
#define X509_ORGANIZATIONAL_UNIT 2
|
||||
|
||||
struct _x509_ctx
|
||||
{
|
||||
char *ca_cert_dn[X509_NUM_DN_TYPES];
|
||||
char *cert_dn[X509_NUM_DN_TYPES];
|
||||
char **subject_alt_dnsnames;
|
||||
time_t not_before;
|
||||
time_t not_after;
|
||||
uint8_t *signature;
|
||||
uint16_t sig_len;
|
||||
uint8_t sig_type;
|
||||
RSA_CTX *rsa_ctx;
|
||||
bigint *digest;
|
||||
struct _x509_ctx *next;
|
||||
};
|
||||
|
||||
typedef struct _x509_ctx X509_CTX;
|
||||
|
||||
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
||||
typedef struct
|
||||
{
|
||||
X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
|
||||
} CA_CERT_CTX;
|
||||
#endif
|
||||
|
||||
int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
|
||||
void x509_free(X509_CTX *x509_ctx);
|
||||
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
||||
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
|
||||
#endif
|
||||
#ifdef CONFIG_SSL_FULL_MODE
|
||||
void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
|
||||
const char * x509_display_error(int error);
|
||||
#endif
|
||||
|
||||
/**************************************************************************
|
||||
* ASN1 declarations
|
||||
**************************************************************************/
|
||||
#define ASN1_INTEGER 0x02
|
||||
#define ASN1_BIT_STRING 0x03
|
||||
#define ASN1_OCTET_STRING 0x04
|
||||
#define ASN1_NULL 0x05
|
||||
#define ASN1_PRINTABLE_STR2 0x0C
|
||||
#define ASN1_OID 0x06
|
||||
#define ASN1_PRINTABLE_STR2 0x0C
|
||||
#define ASN1_PRINTABLE_STR 0x13
|
||||
#define ASN1_TELETEX_STR 0x14
|
||||
#define ASN1_IA5_STR 0x16
|
||||
#define ASN1_UTC_TIME 0x17
|
||||
#define ASN1_UNICODE_STR 0x1e
|
||||
#define ASN1_SEQUENCE 0x30
|
||||
#define ASN1_CONTEXT_DNSNAME 0x82
|
||||
#define ASN1_SET 0x31
|
||||
#define ASN1_V3_DATA 0xa3
|
||||
#define ASN1_IMPLICIT_TAG 0x80
|
||||
#define ASN1_CONTEXT_DNSNAME 0x82
|
||||
#define ASN1_EXPLICIT_TAG 0xa0
|
||||
#define ASN1_V3_DATA 0xa3
|
||||
|
||||
#define SIG_TYPE_MD2 0x02
|
||||
#define SIG_TYPE_MD5 0x04
|
||||
#define SIG_TYPE_SHA1 0x05
|
||||
|
||||
int get_asn1_length(const uint8_t *buf, int *offset);
|
||||
int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
|
||||
int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
|
||||
int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
|
||||
int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
|
||||
int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
|
||||
int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
|
||||
int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
|
||||
int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
|
||||
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
||||
int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
|
||||
int asn1_find_subjectaltname(const uint8_t* cert, int offset);
|
||||
int asn1_compare_dn(char * const dn1[], char * const dn2[]);
|
||||
#endif /* CONFIG_SSL_CERT_VERIFICATION */
|
||||
int asn1_signature_type(const uint8_t *cert,
|
||||
int *offset, X509_CTX *x509_ctx);
|
||||
|
||||
/**************************************************************************
|
||||
* MISC declarations
|
||||
**************************************************************************/
|
||||
#define SALT_SIZE 8
|
||||
|
||||
extern const char * const unsupported_str;
|
||||
|
||||
typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
|
||||
typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,
|
||||
int key_len, uint8_t *digest);
|
||||
|
||||
int get_file(const char *filename, uint8_t **buf);
|
||||
|
||||
#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
|
||||
EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
|
||||
#else
|
||||
#define print_blob(...)
|
||||
#endif
|
||||
|
||||
EXP_FUNC int STDCALL base64_decode(const char *in, int len,
|
||||
uint8_t *out, int *outlen);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -1,500 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2007, Cameron Rich
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* * Neither the name of the axTLS project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @mainpage axTLS API
|
||||
*
|
||||
* @image html axolotl.jpg
|
||||
*
|
||||
* The axTLS library has features such as:
|
||||
* - The TLSv1 SSL client/server protocol
|
||||
* - No requirement to use any openssl libraries.
|
||||
* - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers.
|
||||
* - RSA encryption/decryption with variable sized keys (up to 4096 bits).
|
||||
* - Certificate chaining and peer authentication.
|
||||
* - Session resumption, session renegotiation.
|
||||
* - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding.
|
||||
* - Highly configurable compile time options.
|
||||
* - Portable across many platforms (written in ANSI C), and has language
|
||||
* bindings in C, C#, VB.NET, Java, Perl and Lua.
|
||||
* - Partial openssl API compatibility (via a wrapper).
|
||||
* - A very small footprint (around 50-60kB for the library in 'server-only'
|
||||
* mode).
|
||||
* - No dependencies on sockets - can use serial connections for example.
|
||||
* - A very simple API - ~ 20 functions/methods.
|
||||
*
|
||||
* A list of these functions/methods are described below.
|
||||
*
|
||||
* @ref c_api
|
||||
*
|
||||
* @ref bigint_api
|
||||
*
|
||||
* @ref csharp_api
|
||||
*
|
||||
* @ref java_api
|
||||
*/
|
||||
#ifndef HEADER_SSL_H
|
||||
#define HEADER_SSL_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
//#include <time.h>
|
||||
typedef long time_t;
|
||||
|
||||
/* need to predefine before ssl_lib.h gets to it */
|
||||
#define SSL_SESSION_ID_SIZE 32
|
||||
|
||||
#include "ssl/ssl_tls1.h"
|
||||
|
||||
/* The optional parameters that can be given to the client/server SSL engine */
|
||||
#define SSL_CLIENT_AUTHENTICATION 0x00010000
|
||||
#define SSL_SERVER_VERIFY_LATER 0x00020000
|
||||
#define SSL_NO_DEFAULT_KEY 0x00040000
|
||||
#define SSL_DISPLAY_STATES 0x00080000
|
||||
#define SSL_DISPLAY_BYTES 0x00100000
|
||||
#define SSL_DISPLAY_CERTS 0x00200000
|
||||
#define SSL_DISPLAY_RSA 0x00400000
|
||||
#define SSL_CONNECT_IN_PARTS 0x00800000
|
||||
|
||||
/* errors that can be generated */
|
||||
#define SSL_OK 0
|
||||
#define SSL_NOT_OK -1
|
||||
#define SSL_ERROR_DEAD -2
|
||||
#define SSL_CLOSE_NOTIFY -3
|
||||
#define SSL_ERROR_CONN_LOST -256
|
||||
#define SSL_ERROR_SOCK_SETUP_FAILURE -258
|
||||
#define SSL_ERROR_INVALID_HANDSHAKE -260
|
||||
#define SSL_ERROR_INVALID_PROT_MSG -261
|
||||
#define SSL_ERROR_INVALID_HMAC -262
|
||||
#define SSL_ERROR_INVALID_VERSION -263
|
||||
#define SSL_ERROR_INVALID_SESSION -265
|
||||
#define SSL_ERROR_NO_CIPHER -266
|
||||
#define SSL_ERROR_BAD_CERTIFICATE -268
|
||||
#define SSL_ERROR_INVALID_KEY -269
|
||||
#define SSL_ERROR_FINISHED_INVALID -271
|
||||
#define SSL_ERROR_NO_CERT_DEFINED -272
|
||||
#define SSL_ERROR_NO_CLIENT_RENOG -273
|
||||
#define SSL_ERROR_NOT_SUPPORTED -274
|
||||
#define SSL_X509_OFFSET -512
|
||||
#define SSL_X509_ERROR(A) (SSL_X509_OFFSET+A)
|
||||
|
||||
/* alert types that are recognized */
|
||||
#define SSL_ALERT_TYPE_WARNING 1
|
||||
#define SLL_ALERT_TYPE_FATAL 2
|
||||
|
||||
/* these are all the alerts that are recognized */
|
||||
#define SSL_ALERT_CLOSE_NOTIFY 0
|
||||
#define SSL_ALERT_UNEXPECTED_MESSAGE 10
|
||||
#define SSL_ALERT_BAD_RECORD_MAC 20
|
||||
#define SSL_ALERT_HANDSHAKE_FAILURE 40
|
||||
#define SSL_ALERT_BAD_CERTIFICATE 42
|
||||
#define SSL_ALERT_ILLEGAL_PARAMETER 47
|
||||
#define SSL_ALERT_DECODE_ERROR 50
|
||||
#define SSL_ALERT_DECRYPT_ERROR 51
|
||||
#define SSL_ALERT_INVALID_VERSION 70
|
||||
#define SSL_ALERT_NO_RENEGOTIATION 100
|
||||
|
||||
/* The ciphers that are supported */
|
||||
#define SSL_AES128_SHA 0x2f
|
||||
#define SSL_AES256_SHA 0x35
|
||||
#define SSL_RC4_128_SHA 0x05
|
||||
#define SSL_RC4_128_MD5 0x04
|
||||
|
||||
/* build mode ids' */
|
||||
#define SSL_BUILD_SKELETON_MODE 0x01
|
||||
#define SSL_BUILD_SERVER_ONLY 0x02
|
||||
#define SSL_BUILD_ENABLE_VERIFICATION 0x03
|
||||
#define SSL_BUILD_ENABLE_CLIENT 0x04
|
||||
#define SSL_BUILD_FULL_MODE 0x05
|
||||
|
||||
/* offsets to retrieve configuration information */
|
||||
#define SSL_BUILD_MODE 0
|
||||
#define SSL_MAX_CERT_CFG_OFFSET 1
|
||||
#define SSL_MAX_CA_CERT_CFG_OFFSET 2
|
||||
#define SSL_HAS_PEM 3
|
||||
|
||||
/* default session sizes */
|
||||
#define SSL_DEFAULT_SVR_SESS 1 //modify 5->1 by lhan
|
||||
#define SSL_DEFAULT_CLNT_SESS 1
|
||||
|
||||
/* X.509/X.520 distinguished name types */
|
||||
#define SSL_X509_CERT_COMMON_NAME 0
|
||||
#define SSL_X509_CERT_ORGANIZATION 1
|
||||
#define SSL_X509_CERT_ORGANIZATIONAL_NAME 2
|
||||
#define SSL_X509_CA_CERT_COMMON_NAME 3
|
||||
#define SSL_X509_CA_CERT_ORGANIZATION 4
|
||||
#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME 5
|
||||
|
||||
/* SSL object loader types */
|
||||
#define SSL_OBJ_X509_CERT 1
|
||||
#define SSL_OBJ_X509_CACERT 2
|
||||
#define SSL_OBJ_RSA_KEY 3
|
||||
#define SSL_OBJ_PKCS8 4
|
||||
#define SSL_OBJ_PKCS12 5
|
||||
|
||||
/**
|
||||
* @defgroup c_api Standard C API
|
||||
* @brief The standard interface in C.
|
||||
* @{
|
||||
*/
|
||||
|
||||
/**
|
||||
* @brief Establish a new client/server context.
|
||||
*
|
||||
* This function is called before any client/server SSL connections are made.
|
||||
*
|
||||
* Each new connection will use the this context's private key and
|
||||
* certificate chain. If a different certificate chain is required, then a
|
||||
* different context needs to be be used.
|
||||
*
|
||||
* There are two threading models supported - a single thread with one
|
||||
* SSL_CTX can support any number of SSL connections - and multiple threads can
|
||||
* support one SSL_CTX object each (the default). But if a single SSL_CTX
|
||||
* object uses many SSL objects in individual threads, then the
|
||||
* CONFIG_SSL_CTX_MUTEXING option needs to be configured.
|
||||
*
|
||||
* @param options [in] Any particular options. At present the options
|
||||
* supported are:
|
||||
* - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server
|
||||
* authentication fails. The certificate can be authenticated later with a
|
||||
* call to ssl_verify_cert().
|
||||
* - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
|
||||
* i.e. each handshake will include a "certificate request" message from the
|
||||
* server. Only available if verification has been enabled.
|
||||
* - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
|
||||
* during the handshake.
|
||||
* - SSL_DISPLAY_STATES (full mode build only): Display the state changes
|
||||
* during the handshake.
|
||||
* - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
|
||||
* are passed during a handshake.
|
||||
* - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
|
||||
* are passed during a handshake.
|
||||
* - SSL_CONNECT_IN_PARTS (client only): To use a non-blocking version of
|
||||
* ssl_client_new().
|
||||
* @param num_sessions [in] The number of sessions to be used for session
|
||||
* caching. If this value is 0, then there is no session caching. This option
|
||||
* is not used in skeleton mode.
|
||||
* @return A client/server context.
|
||||
*/
|
||||
EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
|
||||
|
||||
/**
|
||||
* @brief Remove a client/server context.
|
||||
*
|
||||
* Frees any used resources used by this context. Each connection will be
|
||||
* sent a "Close Notify" alert (if possible).
|
||||
* @param ssl_ctx [in] The client/server context.
|
||||
*/
|
||||
EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
|
||||
|
||||
/**
|
||||
* @brief (server only) Establish a new SSL connection to an SSL client.
|
||||
*
|
||||
* It is up to the application to establish the logical connection (whether it
|
||||
* is a socket, serial connection etc).
|
||||
* @param ssl_ctx [in] The server context.
|
||||
* @param client_fd [in] The client's file descriptor.
|
||||
* @return An SSL object reference.
|
||||
*/
|
||||
EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
|
||||
|
||||
/**
|
||||
* @brief (client only) Establish a new SSL connection to an SSL server.
|
||||
*
|
||||
* It is up to the application to establish the initial logical connection
|
||||
* (whether it is a socket, serial connection etc).
|
||||
*
|
||||
* This is a normally a blocking call - it will finish when the handshake is
|
||||
* complete (or has failed). To use in non-blocking mode, set
|
||||
* SSL_CONNECT_IN_PARTS in ssl_ctx_new().
|
||||
* @param ssl_ctx [in] The client context.
|
||||
* @param client_fd [in] The client's file descriptor.
|
||||
* @param session_id [in] A 32 byte session id for session resumption. This
|
||||
* can be null if no session resumption is being used or required. This option
|
||||
* is not used in skeleton mode.
|
||||
* @param sess_id_size The size of the session id (max 32)
|
||||
* @return An SSL object reference. Use ssl_handshake_status() to check
|
||||
* if a handshake succeeded.
|
||||
*/
|
||||
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size);
|
||||
|
||||
/**
|
||||
* @brief Free any used resources on this connection.
|
||||
|
||||
* A "Close Notify" message is sent on this connection (if possible). It is up
|
||||
* to the application to close the socket or file descriptor.
|
||||
* @param ssl [in] The ssl object reference.
|
||||
*/
|
||||
EXP_FUNC void STDCALL ssl_free(SSL *ssl);
|
||||
|
||||
/**
|
||||
* @brief Read the SSL data stream.
|
||||
* If the socket is non-blocking and data is blocked then SSO_OK will be
|
||||
* returned.
|
||||
* @param ssl [in] An SSL object reference.
|
||||
* @param in_data [out] If the read was successful, a pointer to the read
|
||||
* buffer will be here. Do NOT ever free this memory as this buffer is used in
|
||||
* sucessive calls. If the call was unsuccessful, this value will be null.
|
||||
* @return The number of decrypted bytes:
|
||||
* - if > 0, then the handshaking is complete and we are returning the number
|
||||
* of decrypted bytes.
|
||||
* - SSL_OK if the handshaking stage is successful (but not yet complete).
|
||||
* - < 0 if an error.
|
||||
* @see ssl.h for the error code list.
|
||||
* @note Use in_data before doing any successive ssl calls.
|
||||
*/
|
||||
EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
|
||||
|
||||
/**
|
||||
* @brief Write to the SSL data stream.
|
||||
* if the socket is non-blocking and data is blocked then a check is made
|
||||
* to ensure that all data is sent (i.e. blocked mode is forced).
|
||||
* @param ssl [in] An SSL obect reference.
|
||||
* @param out_data [in] The data to be written
|
||||
* @param out_len [in] The number of bytes to be written.
|
||||
* @return The number of bytes sent, or if < 0 if an error.
|
||||
* @see ssl.h for the error code list.
|
||||
*/
|
||||
EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
|
||||
|
||||
/**
|
||||
* @brief Find an ssl object based on a file descriptor.
|
||||
*
|
||||
* Goes through the list of SSL objects maintained in a client/server context
|
||||
* to look for a file descriptor match.
|
||||
* @param ssl_ctx [in] The client/server context.
|
||||
* @param client_fd [in] The file descriptor.
|
||||
* @return A reference to the SSL object. Returns null if the object could not
|
||||
* be found.
|
||||
*/
|
||||
EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
|
||||
|
||||
/**
|
||||
* @brief Get the session id for a handshake.
|
||||
*
|
||||
* This will be a 32 byte sequence and is available after the first
|
||||
* handshaking messages are sent.
|
||||
* @param ssl [in] An SSL object reference.
|
||||
* @return The session id as a 32 byte sequence.
|
||||
* @note A SSLv23 handshake may have only 16 valid bytes.
|
||||
*/
|
||||
EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
|
||||
|
||||
/**
|
||||
* @brief Get the session id size for a handshake.
|
||||
*
|
||||
* This will normally be 32 but could be 0 (no session id) or something else.
|
||||
* @param ssl [in] An SSL object reference.
|
||||
* @return The size of the session id.
|
||||
*/
|
||||
EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
|
||||
|
||||
/**
|
||||
* @brief Return the cipher id (in the SSL form).
|
||||
* @param ssl [in] An SSL object reference.
|
||||
* @return The cipher id. This will be one of the following:
|
||||
* - SSL_AES128_SHA (0x2f)
|
||||
* - SSL_AES256_SHA (0x35)
|
||||
* - SSL_RC4_128_SHA (0x05)
|
||||
* - SSL_RC4_128_MD5 (0x04)
|
||||
*/
|
||||
EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
|
||||
|
||||
/**
|
||||
* @brief Return the status of the handshake.
|
||||
* @param ssl [in] An SSL object reference.
|
||||
* @return SSL_OK if the handshake is complete and ok.
|
||||
* @see ssl.h for the error code list.
|
||||
*/
|
||||
EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
|
||||
|
||||
/**
|
||||
* @brief Retrieve various parameters about the axTLS engine.
|
||||
* @param offset [in] The configuration offset. It will be one of the following:
|
||||
* - SSL_BUILD_MODE The build mode. This will be one of the following:
|
||||
* - SSL_BUILD_SERVER_ONLY (basic server mode)
|
||||
* - SSL_BUILD_ENABLE_VERIFICATION (server can do client authentication)
|
||||
* - SSL_BUILD_ENABLE_CLIENT (client/server capabilties)
|
||||
* - SSL_BUILD_FULL_MODE (client/server with diagnostics)
|
||||
* - SSL_BUILD_SKELETON_MODE (skeleton mode)
|
||||
* - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed.
|
||||
* - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed.
|
||||
* - SSL_HAS_PEM 1 if supported
|
||||
* @return The value of the requested parameter.
|
||||
*/
|
||||
EXP_FUNC int STDCALL ssl_get_config(int offset);
|
||||
|
||||
/**
|
||||
* @brief Display why the handshake failed.
|
||||
*
|
||||
* This call is only useful in a 'full mode' build. The output is to stdout.
|
||||
* @param error_code [in] An error code.
|
||||
* @see ssl.h for the error code list.
|
||||
*/
|
||||
//EXP_FUNC void STDCALL ssl_display_error(int error_code);
|
||||
|
||||
/**
|
||||
* @brief Authenticate a received certificate.
|
||||
*
|
||||
* This call is usually made by a client after a handshake is complete and the
|
||||
* context is in SSL_SERVER_VERIFY_LATER mode.
|
||||
* @param ssl [in] An SSL object reference.
|
||||
* @return SSL_OK if the certificate is verified.
|
||||
*/
|
||||
EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
|
||||
|
||||
/**
|
||||
* @brief Retrieve an X.509 distinguished name component.
|
||||
*
|
||||
* When a handshake is complete and a certificate has been exchanged, then the
|
||||
* details of the remote certificate can be retrieved.
|
||||
*
|
||||
* This will usually be used by a client to check that the server's common
|
||||
* name matches the URL.
|
||||
*
|
||||
* @param ssl [in] An SSL object reference.
|
||||
* @param component [in] one of:
|
||||
* - SSL_X509_CERT_COMMON_NAME
|
||||
* - SSL_X509_CERT_ORGANIZATION
|
||||
* - SSL_X509_CERT_ORGANIZATIONAL_NAME
|
||||
* - SSL_X509_CA_CERT_COMMON_NAME
|
||||
* - SSL_X509_CA_CERT_ORGANIZATION
|
||||
* - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
|
||||
* @return The appropriate string (or null if not defined)
|
||||
* @note Verification build mode must be enabled.
|
||||
*/
|
||||
EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
|
||||
|
||||
/**
|
||||
* @brief Retrieve a Subject Alternative DNSName
|
||||
*
|
||||
* When a handshake is complete and a certificate has been exchanged, then the
|
||||
* details of the remote certificate can be retrieved.
|
||||
*
|
||||
* This will usually be used by a client to check that the server's DNS
|
||||
* name matches the URL.
|
||||
*
|
||||
* @param ssl [in] An SSL object reference.
|
||||
* @param dnsindex [in] The index of the DNS name to retrieve.
|
||||
* @return The appropriate string (or null if not defined)
|
||||
* @note Verification build mode must be enabled.
|
||||
*/
|
||||
EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int dnsindex);
|
||||
|
||||
/**
|
||||
* @brief Force the client to perform its handshake again.
|
||||
*
|
||||
* For a client this involves sending another "client hello" message.
|
||||
* For the server is means sending a "hello request" message.
|
||||
*
|
||||
* This is a blocking call on the client (until the handshake completes).
|
||||
*
|
||||
* @param ssl [in] An SSL object reference.
|
||||
* @return SSL_OK if renegotiation instantiation was ok
|
||||
*/
|
||||
EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
|
||||
|
||||
/**
|
||||
* @brief Process a file that is in binary DER or ASCII PEM format.
|
||||
*
|
||||
* These are temporary objects that are used to load private keys,
|
||||
* certificates etc into memory.
|
||||
* @param ssl_ctx [in] The client/server context.
|
||||
* @param obj_type [in] The format of the file. Can be one of:
|
||||
* - SSL_OBJ_X509_CERT (no password required)
|
||||
* - SSL_OBJ_X509_CACERT (no password required)
|
||||
* - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
|
||||
* - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
|
||||
* - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
|
||||
*
|
||||
* PEM files are automatically detected (if supported). The object type is
|
||||
* also detected, and so is not relevant for these types of files.
|
||||
* @param filename [in] The location of a file in DER/PEM format.
|
||||
* @param password [in] The password used. Can be null if not required.
|
||||
* @return SSL_OK if all ok
|
||||
* @note Not available in skeleton build mode.
|
||||
*/
|
||||
EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password);
|
||||
|
||||
/**
|
||||
* @brief Process binary data.
|
||||
*
|
||||
* These are temporary objects that are used to load private keys,
|
||||
* certificates etc into memory.
|
||||
* @param ssl_ctx [in] The client/server context.
|
||||
* @param obj_type [in] The format of the memory data.
|
||||
* @param data [in] The binary data to be loaded.
|
||||
* @param len [in] The amount of data to be loaded.
|
||||
* @param password [in] The password used. Can be null if not required.
|
||||
* @return SSL_OK if all ok
|
||||
* @see ssl_obj_load for more details on obj_type.
|
||||
*/
|
||||
EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
|
||||
|
||||
#ifdef CONFIG_SSL_GENERATE_X509_CERT
|
||||
/**
|
||||
* @brief Create an X.509 certificate.
|
||||
*
|
||||
* This certificate is a self-signed v1 cert with a fixed start/stop validity
|
||||
* times. It is signed with an internal private key in ssl_ctx.
|
||||
*
|
||||
* @param ssl_ctx [in] The client/server context.
|
||||
* @param options [in] Not used yet.
|
||||
* @param dn [in] An array of distinguished name strings. The array is defined
|
||||
* by:
|
||||
* - SSL_X509_CERT_COMMON_NAME (0)
|
||||
* - If SSL_X509_CERT_COMMON_NAME is empty or not defined, then the
|
||||
* hostname will be used.
|
||||
* - SSL_X509_CERT_ORGANIZATION (1)
|
||||
* - If SSL_X509_CERT_ORGANIZATION is empty or not defined, then $USERNAME
|
||||
* will be used.
|
||||
* - SSL_X509_CERT_ORGANIZATIONAL_NAME (2)
|
||||
* - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional.
|
||||
* @param cert_data [out] The certificate as a sequence of bytes.
|
||||
* @return < 0 if an error, or the size of the certificate in bytes.
|
||||
* @note cert_data must be freed when there is no more need for it.
|
||||
*/
|
||||
EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data);
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @brief Return the axTLS library version as a string.
|
||||
*/
|
||||
EXP_FUNC const char * STDCALL ssl_version(void);
|
||||
|
||||
/** @} */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -1,298 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2007, Cameron Rich
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* * Neither the name of the axTLS project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @file tls1.h
|
||||
*
|
||||
* @brief The definitions for the TLS library.
|
||||
*/
|
||||
#ifndef HEADER_SSL_LIB_H
|
||||
#define HEADER_SSL_LIB_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include "c_types.h"
|
||||
#include "ssl/ssl_version.h"
|
||||
#include "ssl/ssl_config.h"
|
||||
|
||||
#include "ssl/ssl_crypto.h"
|
||||
#include "ssl/ssl_crypto_misc.h"
|
||||
|
||||
#define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */
|
||||
#define SSL_PROTOCOL_MINOR_VERSION 0x02 /* TLS v1.1 */
|
||||
#define SSL_PROTOCOL_VERSION_MAX 0x32 /* TLS v1.1 */
|
||||
#define SSL_PROTOCOL_VERSION1_1 0x32 /* TLS v1.1 */
|
||||
#define SSL_RANDOM_SIZE 32
|
||||
#define SSL_SECRET_SIZE 48
|
||||
#define SSL_FINISHED_HASH_SIZE 12
|
||||
#define SSL_RECORD_SIZE 5
|
||||
#define SSL_SERVER_READ 0
|
||||
#define SSL_SERVER_WRITE 1
|
||||
#define SSL_CLIENT_READ 2
|
||||
#define SSL_CLIENT_WRITE 3
|
||||
#define SSL_HS_HDR_SIZE 4
|
||||
|
||||
/* the flags we use while establishing a connection */
|
||||
#define SSL_NEED_RECORD 0x0001
|
||||
#define SSL_TX_ENCRYPTED 0x0002
|
||||
#define SSL_RX_ENCRYPTED 0x0004
|
||||
#define SSL_SESSION_RESUME 0x0008
|
||||
#define SSL_IS_CLIENT 0x0010
|
||||
#define SSL_HAS_CERT_REQ 0x0020
|
||||
#define SSL_SENT_CLOSE_NOTIFY 0x0040
|
||||
|
||||
/* some macros to muck around with flag bits */
|
||||
#define SET_SSL_FLAG(A) (ssl->flag |= A)
|
||||
#define CLR_SSL_FLAG(A) (ssl->flag &= ~A)
|
||||
#define IS_SET_SSL_FLAG(A) (ssl->flag & A)
|
||||
|
||||
#define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */
|
||||
#define RT_MAX_PLAIN_LENGTH 1024
|
||||
#define RT_EXTRA 1024
|
||||
#define BM_RECORD_OFFSET 5
|
||||
|
||||
#ifdef CONFIG_SSL_SKELETON_MODE
|
||||
#define NUM_PROTOCOLS 1
|
||||
#else
|
||||
#define NUM_PROTOCOLS 4
|
||||
#endif
|
||||
|
||||
#define PARANOIA_CHECK(A, B) if (A < B) { \
|
||||
ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
|
||||
|
||||
/* protocol types */
|
||||
enum
|
||||
{
|
||||
PT_CHANGE_CIPHER_SPEC = 20,
|
||||
PT_ALERT_PROTOCOL,
|
||||
PT_HANDSHAKE_PROTOCOL,
|
||||
PT_APP_PROTOCOL_DATA
|
||||
};
|
||||
|
||||
/* handshaking types */
|
||||
enum
|
||||
{
|
||||
HS_HELLO_REQUEST,
|
||||
HS_CLIENT_HELLO,
|
||||
HS_SERVER_HELLO,
|
||||
HS_CERTIFICATE = 11,
|
||||
HS_SERVER_KEY_XCHG,
|
||||
HS_CERT_REQ,
|
||||
HS_SERVER_HELLO_DONE,
|
||||
HS_CERT_VERIFY,
|
||||
HS_CLIENT_KEY_XCHG,
|
||||
HS_FINISHED = 20
|
||||
};
|
||||
|
||||
typedef struct
|
||||
{
|
||||
uint8_t cipher;
|
||||
uint8_t key_size;
|
||||
uint8_t iv_size;
|
||||
uint8_t key_block_size;
|
||||
uint8_t padding_size;
|
||||
uint8_t digest_size;
|
||||
hmac_func hmac;
|
||||
crypt_func encrypt;
|
||||
crypt_func decrypt;
|
||||
} cipher_info_t;
|
||||
|
||||
struct _SSLObjLoader
|
||||
{
|
||||
uint8_t *buf;
|
||||
int len;
|
||||
};
|
||||
|
||||
typedef struct _SSLObjLoader SSLObjLoader;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
time_t conn_time;
|
||||
uint8_t session_id[SSL_SESSION_ID_SIZE];
|
||||
uint8_t master_secret[SSL_SECRET_SIZE];
|
||||
} SSL_SESSION;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
uint8_t *buf;
|
||||
int size;
|
||||
} SSL_CERT;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
MD5_CTX md5_ctx;
|
||||
SHA1_CTX sha1_ctx;
|
||||
uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
|
||||
uint8_t *key_block;
|
||||
uint8_t master_secret[SSL_SECRET_SIZE];
|
||||
uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
|
||||
uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
|
||||
uint16_t bm_proc_index;
|
||||
} DISPOSABLE_CTX;
|
||||
|
||||
struct _SSL
|
||||
{
|
||||
uint32_t flag;
|
||||
uint16_t need_bytes;
|
||||
uint16_t got_bytes;
|
||||
uint8_t record_type;
|
||||
uint8_t cipher;
|
||||
uint8_t sess_id_size;
|
||||
uint8_t version;
|
||||
uint8_t client_version;
|
||||
sint16_t next_state;
|
||||
sint16_t hs_status;
|
||||
DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */
|
||||
int client_fd;
|
||||
const cipher_info_t *cipher_info;
|
||||
void *encrypt_ctx;
|
||||
void *decrypt_ctx;
|
||||
uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
|
||||
uint8_t *bm_data;
|
||||
uint16_t bm_index;
|
||||
uint16_t bm_read_index;
|
||||
struct _SSL *next; /* doubly linked list */
|
||||
struct _SSL *prev;
|
||||
struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */
|
||||
#ifndef CONFIG_SSL_SKELETON_MODE
|
||||
uint16_t session_index;
|
||||
SSL_SESSION *session;
|
||||
#endif
|
||||
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
||||
X509_CTX *x509_ctx;
|
||||
#endif
|
||||
|
||||
uint8_t session_id[SSL_SESSION_ID_SIZE];
|
||||
uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */
|
||||
uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */
|
||||
uint8_t read_sequence[8]; /* 64 bit sequence number */
|
||||
uint8_t write_sequence[8]; /* 64 bit sequence number */
|
||||
uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
|
||||
};
|
||||
|
||||
typedef struct _SSL SSL;
|
||||
|
||||
struct _SSL_CTX
|
||||
{
|
||||
uint32_t options;
|
||||
uint8_t chain_length;
|
||||
RSA_CTX *rsa_ctx;
|
||||
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
||||
CA_CERT_CTX *ca_cert_ctx;
|
||||
#endif
|
||||
SSL *head;
|
||||
SSL *tail;
|
||||
SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
|
||||
#ifndef CONFIG_SSL_SKELETON_MODE
|
||||
uint16_t num_sessions;
|
||||
SSL_SESSION **ssl_sessions;
|
||||
#endif
|
||||
#ifdef CONFIG_SSL_CTX_MUTEXING
|
||||
SSL_CTX_MUTEX_TYPE mutex;
|
||||
#endif
|
||||
#ifdef CONFIG_OPENSSL_COMPATIBLE
|
||||
void *bonus_attr;
|
||||
#endif
|
||||
};
|
||||
|
||||
typedef struct _SSL_CTX SSL_CTX;
|
||||
|
||||
/* backwards compatibility */
|
||||
typedef struct _SSL_CTX SSLCTX;
|
||||
|
||||
extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
|
||||
|
||||
SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
|
||||
void disposable_new(SSL *ssl);
|
||||
void disposable_free(SSL *ssl);
|
||||
int send_packet(SSL *ssl, uint8_t protocol,
|
||||
const uint8_t *in, int length);
|
||||
int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
|
||||
int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
|
||||
int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
|
||||
int process_sslv23_client_hello(SSL *ssl);
|
||||
int send_alert(SSL *ssl, int error_code);
|
||||
int send_finished(SSL *ssl);
|
||||
int send_certificate(SSL *ssl);
|
||||
int basic_read(SSL *ssl, uint8_t **in_data);
|
||||
int send_change_cipher_spec(SSL *ssl);
|
||||
void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
|
||||
void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
|
||||
void add_packet(SSL *ssl, const uint8_t *pkt, int len);
|
||||
int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
|
||||
int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
|
||||
void ssl_obj_free(SSLObjLoader *ssl_obj);
|
||||
int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
|
||||
int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
|
||||
int load_key_certs(SSL_CTX *ssl_ctx);
|
||||
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
||||
int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
|
||||
void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
|
||||
#endif
|
||||
#ifdef CONFIG_SSL_ENABLE_CLIENT
|
||||
int do_client_connect(SSL *ssl);
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_SSL_FULL_MODE
|
||||
//void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
|
||||
//void DISPLAY_BYTES(SSL *ssl, const char *format,
|
||||
// const uint8_t *data, int size, ...);
|
||||
//void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
|
||||
//void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx);
|
||||
//void DISPLAY_ALERT(SSL *ssl, int alert);
|
||||
#else
|
||||
#define DISPLAY_STATE(A,B,C,D)
|
||||
#define DISPLAY_CERT(A,B)
|
||||
#define DISPLAY_RSA(A,B)
|
||||
#define DISPLAY_ALERT(A, B)
|
||||
#ifdef WIN32
|
||||
void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
|
||||
const uint8_t *data, int size, ...);
|
||||
#else
|
||||
#define DISPLAY_BYTES(A,B,C,D,...)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_SSL_CERT_VERIFICATION
|
||||
int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
|
||||
#endif
|
||||
|
||||
SSL_SESSION *ssl_session_update(int max_sessions,
|
||||
SSL_SESSION *ssl_sessions[], SSL *ssl,
|
||||
const uint8_t *session_id);
|
||||
void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -1 +0,0 @@
|
|||
#define AXTLS_VERSION "1.4.9"
|
BIN
lib/libssl.a
BIN
lib/libssl.a
Binary file not shown.
|
@ -3,4 +3,6 @@
|
|||
puts
|
||||
printf
|
||||
putchar
|
||||
rand
|
||||
srand
|
||||
atoi
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Component makefile for LWIP
|
||||
|
||||
LWIP_DIR = $(ROOT)lwip/lwip/src/
|
||||
INC_DIRS += $(LWIP_DIR)/include $(ROOT)/lwip/include $(ROOT)lwip/include $(LWIP_DIR)include/ipv4 $(LWIP_DIR)include/ipv4/lwip
|
||||
INC_DIRS += $(LWIP_DIR)include $(ROOT)lwip/include $(ROOT)lwip/include $(LWIP_DIR)include/ipv4 $(LWIP_DIR)include/ipv4/lwip $(LWIP_DIR)include/lwip
|
||||
|
||||
# args for passing into compile rule generation
|
||||
lwip_ROOT = $(ROOT)/lwip
|
||||
|
|
|
@ -47,6 +47,8 @@
|
|||
#include <stdio.h> /* printf, fflush, FILE */
|
||||
#include <stdlib.h> /* abort */
|
||||
#include <stdint.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/errno.h>
|
||||
|
||||
#define BYTE_ORDER LITTLE_ENDIAN
|
||||
|
||||
|
@ -59,8 +61,6 @@
|
|||
#pragma warning (disable: 4103) /* structure packing changed by including file */
|
||||
#endif
|
||||
|
||||
#define LWIP_PROVIDE_ERRNO
|
||||
|
||||
/* Define generic types used in lwIP */
|
||||
typedef uint8_t u8_t;
|
||||
typedef int8_t s8_t;
|
||||
|
@ -86,6 +86,7 @@ typedef int sys_prot_t;
|
|||
#define PACK_STRUCT_STRUCT __attribute__( (packed) )
|
||||
|
||||
/* Plaform specific diagnostic output */
|
||||
#ifdef LWIP_DEBUG
|
||||
#define LWIP_PLATFORM_DIAG(x) do { printf x; } while(0)
|
||||
|
||||
#define LWIP_PLATFORM_ASSERT(x) do { printf("Assertion \"%s\" failed at line %d in %s\n", \
|
||||
|
@ -94,6 +95,11 @@ typedef int sys_prot_t;
|
|||
#define LWIP_ERROR(message, expression, handler) do { if (!(expression)) { \
|
||||
printf("Assertion \"%s\" failed at line %d in %s\n", message, __LINE__, __FILE__); \
|
||||
handler;} } while(0)
|
||||
#else
|
||||
#define LWIP_PLATFORM_DIAG(x)
|
||||
#define LWIP_PLATFORM_ASSERT(x)
|
||||
#define LWIP_ERROR(m,e,h)
|
||||
#endif
|
||||
|
||||
#define LWIP_PLATFORM_BYTESWAP 1
|
||||
|
||||
|
|
|
@ -1,439 +1,440 @@
|
|||
/*
|
||||
* Copyright (c) 2001-2003 Swedish Institute of Computer Science.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without modification,
|
||||
* are permitted provided that the following conditions are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
||||
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
|
||||
* SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
|
||||
* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
|
||||
* OF SUCH DAMAGE.
|
||||
*
|
||||
* This file is part of the lwIP TCP/IP stack.
|
||||
*
|
||||
* Author: Simon Goldschmidt
|
||||
*
|
||||
*/
|
||||
#ifndef __LWIPOPTS_H__
|
||||
#define __LWIPOPTS_H__
|
||||
|
||||
#define LWIP_ESP 1
|
||||
#define ESP_RTOS 1
|
||||
#define PBUF_RSV_FOR_WLAN 1
|
||||
#define EBUF_LWIP 1
|
||||
#define ESP_TIMEWAIT_THRESHOLD 10000
|
||||
|
||||
// Uncomment this line, and set the debug options you want below, for IP stack debug output
|
||||
//#define LWIP_DEBUG
|
||||
|
||||
/*
|
||||
-----------------------------------------------
|
||||
---------- Platform specific locking ----------
|
||||
-----------------------------------------------
|
||||
*/
|
||||
/**
|
||||
* SYS_LIGHTWEIGHT_PROT==1: if you want inter-task protection for certain
|
||||
* critical regions during buffer allocation, deallocation and memory
|
||||
* allocation and deallocation.
|
||||
*/
|
||||
#define SYS_LIGHTWEIGHT_PROT 1
|
||||
|
||||
/**
|
||||
* MEMCPY: override this if you have a faster implementation at hand than the
|
||||
* one included in your C library
|
||||
*/
|
||||
#define MEMCPY(dst,src,len) memcpy(dst,src,len)
|
||||
|
||||
/**
|
||||
* SMEMCPY: override this with care! Some compilers (e.g. gcc) can inline a
|
||||
* call to memcpy() if the length is known at compile time and is small.
|
||||
*/
|
||||
#define SMEMCPY(dst,src,len) memcpy(dst,src,len)
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- Memory options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
/**
|
||||
* MEM_LIBC_MALLOC==1: Use malloc/free/realloc provided by your C-library
|
||||
* instead of the lwip internal allocator. Can save code size if you
|
||||
* already use it.
|
||||
*/
|
||||
#define MEM_LIBC_MALLOC 1
|
||||
|
||||
/**
|
||||
* MEMP_MEM_MALLOC==1: Use mem_malloc/mem_free instead of the lwip pool allocator.
|
||||
* Especially useful with MEM_LIBC_MALLOC but handle with care regarding execution
|
||||
* speed and usage from interrupts!
|
||||
*/
|
||||
#define MEMP_MEM_MALLOC 1
|
||||
|
||||
/**
|
||||
* MEM_ALIGNMENT: should be set to the alignment of the CPU
|
||||
* 4 byte alignment -> #define MEM_ALIGNMENT 4
|
||||
* 2 byte alignment -> #define MEM_ALIGNMENT 2
|
||||
*/
|
||||
#define MEM_ALIGNMENT 4
|
||||
|
||||
/*
|
||||
------------------------------------------------
|
||||
---------- Internal Memory Pool Sizes ----------
|
||||
------------------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
--------------------------------
|
||||
---------- ARP options -------
|
||||
--------------------------------
|
||||
*/
|
||||
/**
|
||||
* ARP_QUEUEING==1: Multiple outgoing packets are queued during hardware address
|
||||
* resolution. By default, only the most recent packet is queued per IP address.
|
||||
* This is sufficient for most protocols and mainly reduces TCP connection
|
||||
* startup time. Set this to 1 if you know your application sends more than one
|
||||
* packet in a row to an IP address that is not in the ARP cache.
|
||||
*/
|
||||
#define ARP_QUEUEING 1
|
||||
|
||||
/*
|
||||
--------------------------------
|
||||
---------- IP options ----------
|
||||
--------------------------------
|
||||
*/
|
||||
/**
|
||||
* IP_REASSEMBLY==1: Reassemble incoming fragmented IP packets. Note that
|
||||
* this option does not affect outgoing packet sizes, which can be controlled
|
||||
* via IP_FRAG.
|
||||
*/
|
||||
#define IP_REASSEMBLY 0
|
||||
|
||||
/**
|
||||
* IP_FRAG==1: Fragment outgoing IP packets if their size exceeds MTU. Note
|
||||
* that this option does not affect incoming packet sizes, which can be
|
||||
* controlled via IP_REASSEMBLY.
|
||||
*/
|
||||
#define IP_FRAG 1
|
||||
|
||||
/**
|
||||
* IP_REASS_MAXAGE: Maximum time (in multiples of IP_TMR_INTERVAL - so seconds, normally)
|
||||
* a fragmented IP packet waits for all fragments to arrive. If not all fragments arrived
|
||||
* in this time, the whole packet is discarded.
|
||||
*/
|
||||
#define IP_REASS_MAXAGE 3
|
||||
|
||||
/**
|
||||
* IP_REASS_MAX_PBUFS: Total maximum amount of pbufs waiting to be reassembled.
|
||||
* Since the received pbufs are enqueued, be sure to configure
|
||||
* PBUF_POOL_SIZE > IP_REASS_MAX_PBUFS so that the stack is still able to receive
|
||||
* packets even if the maximum amount of fragments is enqueued for reassembly!
|
||||
*/
|
||||
#define IP_REASS_MAX_PBUFS 10
|
||||
|
||||
/*
|
||||
----------------------------------
|
||||
---------- ICMP options ----------
|
||||
----------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------
|
||||
---------- RAW options ----------
|
||||
---------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
----------------------------------
|
||||
---------- DHCP options ----------
|
||||
----------------------------------
|
||||
*/
|
||||
/**
|
||||
* LWIP_DHCP==1: Enable DHCP module.
|
||||
*/
|
||||
#define LWIP_DHCP 1
|
||||
|
||||
#define LWIP_DHCP_BOOTP_FILE 0
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- AUTOIP options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
/*
|
||||
----------------------------------
|
||||
---------- SNMP options ----------
|
||||
----------------------------------
|
||||
*/
|
||||
/*
|
||||
----------------------------------
|
||||
---------- IGMP options ----------
|
||||
----------------------------------
|
||||
*/
|
||||
/*
|
||||
----------------------------------
|
||||
---------- DNS options -----------
|
||||
----------------------------------
|
||||
*/
|
||||
/**
|
||||
* LWIP_DNS==1: Turn on DNS module. UDP must be available for DNS
|
||||
* transport.
|
||||
*/
|
||||
#define LWIP_DNS 1
|
||||
|
||||
/*
|
||||
---------------------------------
|
||||
---------- UDP options ----------
|
||||
---------------------------------
|
||||
*/
|
||||
/*
|
||||
---------------------------------
|
||||
---------- TCP options ----------
|
||||
---------------------------------
|
||||
*/
|
||||
/**
|
||||
* TCP_QUEUE_OOSEQ==1: TCP will queue segments that arrive out of order.
|
||||
* Define to 0 if your device is low on memory.
|
||||
*/
|
||||
#define TCP_QUEUE_OOSEQ 0
|
||||
|
||||
/*
|
||||
* LWIP_EVENT_API==1: The user defines lwip_tcp_event() to receive all
|
||||
* events (accept, sent, etc) that happen in the system.
|
||||
* LWIP_CALLBACK_API==1: The PCB callback function is called directly
|
||||
* for the event. This is the default.
|
||||
*/
|
||||
#define TCP_MSS 1460
|
||||
|
||||
/**
|
||||
* TCP_MAXRTX: Maximum number of retransmissions of data segments.
|
||||
*/
|
||||
#define TCP_MAXRTX 6
|
||||
|
||||
|
||||
/**
|
||||
* TCP_SYNMAXRTX: Maximum number of retransmissions of SYN segments.
|
||||
*/
|
||||
#define TCP_SYNMAXRTX 3
|
||||
|
||||
/*
|
||||
----------------------------------
|
||||
---------- Pbuf options ----------
|
||||
----------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
------------------------------------------------
|
||||
---------- Network Interfaces options ----------
|
||||
------------------------------------------------
|
||||
*/
|
||||
/**
|
||||
* LWIP_NETIF_TX_SINGLE_PBUF: if this is set to 1, lwIP tries to put all data
|
||||
* to be sent into one single pbuf. This is for compatibility with DMA-enabled
|
||||
* MACs that do not support scatter-gather.
|
||||
* Beware that this might involve CPU-memcpy before transmitting that would not
|
||||
* be needed without this flag! Use this only if you need to!
|
||||
*
|
||||
* @todo: TCP and IP-frag do not work with this, yet:
|
||||
*/
|
||||
#define LWIP_NETIF_TX_SINGLE_PBUF 1
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- LOOPIF options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- SLIPIF options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- Thread options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
/**
|
||||
* TCPIP_THREAD_STACKSIZE: The stack size used by the main tcpip thread.
|
||||
* The stack size value itself is platform-dependent, but is passed to
|
||||
* sys_thread_new() when the thread is created.
|
||||
*/
|
||||
#define TCPIP_THREAD_STACKSIZE 512 //not ok:384
|
||||
|
||||
/**
|
||||
* TCPIP_THREAD_PRIO: The priority assigned to the main tcpip thread.
|
||||
* The priority value itself is platform-dependent, but is passed to
|
||||
* sys_thread_new() when the thread is created.
|
||||
*/
|
||||
#define TCPIP_THREAD_PRIO (configMAX_PRIORITIES-5)
|
||||
|
||||
/**
|
||||
* TCPIP_MBOX_SIZE: The mailbox size for the tcpip thread messages
|
||||
* The queue size value itself is platform-dependent, but is passed to
|
||||
* sys_mbox_new() when tcpip_init is called.
|
||||
*/
|
||||
#define TCPIP_MBOX_SIZE 16
|
||||
|
||||
/**
|
||||
* DEFAULT_UDP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a
|
||||
* NETCONN_UDP. The queue size value itself is platform-dependent, but is passed
|
||||
* to sys_mbox_new() when the recvmbox is created.
|
||||
*/
|
||||
#define DEFAULT_UDP_RECVMBOX_SIZE 6
|
||||
|
||||
/**
|
||||
* DEFAULT_TCP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a
|
||||
* NETCONN_TCP. The queue size value itself is platform-dependent, but is passed
|
||||
* to sys_mbox_new() when the recvmbox is created.
|
||||
*/
|
||||
#define DEFAULT_TCP_RECVMBOX_SIZE 6
|
||||
|
||||
/**
|
||||
* DEFAULT_ACCEPTMBOX_SIZE: The mailbox size for the incoming connections.
|
||||
* The queue size value itself is platform-dependent, but is passed to
|
||||
* sys_mbox_new() when the acceptmbox is created.
|
||||
*/
|
||||
#define DEFAULT_ACCEPTMBOX_SIZE 6
|
||||
|
||||
/*
|
||||
----------------------------------------------
|
||||
---------- Sequential layer options ----------
|
||||
----------------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- Socket options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
/**
|
||||
* LWIP_SO_SNDTIMEO==1: Enable send timeout for sockets/netconns and
|
||||
* SO_SNDTIMEO processing.
|
||||
*/
|
||||
#define LWIP_SO_SNDTIMEO 1
|
||||
|
||||
/**
|
||||
* LWIP_SO_RCVTIMEO==1: Enable receive timeout for sockets/netconns and
|
||||
* SO_RCVTIMEO processing.
|
||||
*/
|
||||
#define LWIP_SO_RCVTIMEO 1
|
||||
|
||||
/**
|
||||
* LWIP_TCP_KEEPALIVE==1: Enable TCP_KEEPIDLE, TCP_KEEPINTVL and TCP_KEEPCNT
|
||||
* options processing. Note that TCP_KEEPIDLE and TCP_KEEPINTVL have to be set
|
||||
* in seconds. (does not require sockets.c, and will affect tcp.c)
|
||||
*/
|
||||
#define LWIP_TCP_KEEPALIVE 1
|
||||
|
||||
/**
|
||||
* LWIP_SO_RCVBUF==1: Enable SO_RCVBUF processing.
|
||||
*/
|
||||
#define LWIP_SO_RCVBUF 0
|
||||
|
||||
/**
|
||||
* SO_REUSE==1: Enable SO_REUSEADDR option.
|
||||
*/
|
||||
#define SO_REUSE 1
|
||||
|
||||
/*
|
||||
----------------------------------------
|
||||
---------- Statistics options ----------
|
||||
----------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------
|
||||
---------- PPP options ----------
|
||||
---------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
--------------------------------------
|
||||
---------- Checksum options ----------
|
||||
--------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------------
|
||||
---------- IPv6 options ---------------
|
||||
---------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------------
|
||||
---------- Hook options ---------------
|
||||
---------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------------
|
||||
---------- Debugging options ----------
|
||||
---------------------------------------
|
||||
*/
|
||||
/**
|
||||
* ETHARP_DEBUG: Enable debugging in etharp.c.
|
||||
*/
|
||||
#define ETHARP_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* PBUF_DEBUG: Enable debugging in pbuf.c.
|
||||
*/
|
||||
#define PBUF_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* API_LIB_DEBUG: Enable debugging in api_lib.c.
|
||||
*/
|
||||
#define API_LIB_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* SOCKETS_DEBUG: Enable debugging in sockets.c.
|
||||
*/
|
||||
#define SOCKETS_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* IP_DEBUG: Enable debugging for IP.
|
||||
*/
|
||||
#define IP_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* MEMP_DEBUG: Enable debugging in memp.c.
|
||||
*/
|
||||
#define MEMP_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* TCP_INPUT_DEBUG: Enable debugging in tcp_in.c for incoming debug.
|
||||
*/
|
||||
#define TCP_INPUT_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* TCP_OUTPUT_DEBUG: Enable debugging in tcp_out.c output functions.
|
||||
*/
|
||||
#define TCP_OUTPUT_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* TCPIP_DEBUG: Enable debugging in tcpip.c.
|
||||
*/
|
||||
#define TCPIP_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* DHCP_DEBUG: Enable debugging in dhcp.c.
|
||||
*/
|
||||
#define DHCP_DEBUG LWIP_DBG_OFF
|
||||
|
||||
#endif /* __LWIPOPTS_H__ */
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Swedish Institute of Computer Science.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without modification,
|
||||
* are permitted provided that the following conditions are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
||||
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
|
||||
* SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
|
||||
* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
|
||||
* OF SUCH DAMAGE.
|
||||
*
|
||||
* This file is part of the lwIP TCP/IP stack.
|
||||
*
|
||||
* Author: Simon Goldschmidt
|
||||
*
|
||||
*/
|
||||
#ifndef __LWIPOPTS_H__
|
||||
#define __LWIPOPTS_H__
|
||||
|
||||
#define LWIP_ESP 1
|
||||
#define ESP_RTOS 1
|
||||
#define PBUF_RSV_FOR_WLAN 1
|
||||
#define EBUF_LWIP 1
|
||||
#define ESP_TIMEWAIT_THRESHOLD 10000
|
||||
#define LWIP_TIMEVAL_PRIVATE 0
|
||||
|
||||
// Uncomment this line, and set the debug options you want below, for IP stack debug output
|
||||
//#define LWIP_DEBUG
|
||||
|
||||
/*
|
||||
-----------------------------------------------
|
||||
---------- Platform specific locking ----------
|
||||
-----------------------------------------------
|
||||
*/
|
||||
/**
|
||||
* SYS_LIGHTWEIGHT_PROT==1: if you want inter-task protection for certain
|
||||
* critical regions during buffer allocation, deallocation and memory
|
||||
* allocation and deallocation.
|
||||
*/
|
||||
#define SYS_LIGHTWEIGHT_PROT 1
|
||||
|
||||
/**
|
||||
* MEMCPY: override this if you have a faster implementation at hand than the
|
||||
* one included in your C library
|
||||
*/
|
||||
#define MEMCPY(dst,src,len) memcpy(dst,src,len)
|
||||
|
||||
/**
|
||||
* SMEMCPY: override this with care! Some compilers (e.g. gcc) can inline a
|
||||
* call to memcpy() if the length is known at compile time and is small.
|
||||
*/
|
||||
#define SMEMCPY(dst,src,len) memcpy(dst,src,len)
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- Memory options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
/**
|
||||
* MEM_LIBC_MALLOC==1: Use malloc/free/realloc provided by your C-library
|
||||
* instead of the lwip internal allocator. Can save code size if you
|
||||
* already use it.
|
||||
*/
|
||||
#define MEM_LIBC_MALLOC 1
|
||||
|
||||
/**
|
||||
* MEMP_MEM_MALLOC==1: Use mem_malloc/mem_free instead of the lwip pool allocator.
|
||||
* Especially useful with MEM_LIBC_MALLOC but handle with care regarding execution
|
||||
* speed and usage from interrupts!
|
||||
*/
|
||||
#define MEMP_MEM_MALLOC 1
|
||||
|
||||
/**
|
||||
* MEM_ALIGNMENT: should be set to the alignment of the CPU
|
||||
* 4 byte alignment -> #define MEM_ALIGNMENT 4
|
||||
* 2 byte alignment -> #define MEM_ALIGNMENT 2
|
||||
*/
|
||||
#define MEM_ALIGNMENT 4
|
||||
|
||||
/*
|
||||
------------------------------------------------
|
||||
---------- Internal Memory Pool Sizes ----------
|
||||
------------------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
--------------------------------
|
||||
---------- ARP options -------
|
||||
--------------------------------
|
||||
*/
|
||||
/**
|
||||
* ARP_QUEUEING==1: Multiple outgoing packets are queued during hardware address
|
||||
* resolution. By default, only the most recent packet is queued per IP address.
|
||||
* This is sufficient for most protocols and mainly reduces TCP connection
|
||||
* startup time. Set this to 1 if you know your application sends more than one
|
||||
* packet in a row to an IP address that is not in the ARP cache.
|
||||
*/
|
||||
#define ARP_QUEUEING 1
|
||||
|
||||
/*
|
||||
--------------------------------
|
||||
---------- IP options ----------
|
||||
--------------------------------
|
||||
*/
|
||||
/**
|
||||
* IP_REASSEMBLY==1: Reassemble incoming fragmented IP packets. Note that
|
||||
* this option does not affect outgoing packet sizes, which can be controlled
|
||||
* via IP_FRAG.
|
||||
*/
|
||||
#define IP_REASSEMBLY 0
|
||||
|
||||
/**
|
||||
* IP_FRAG==1: Fragment outgoing IP packets if their size exceeds MTU. Note
|
||||
* that this option does not affect incoming packet sizes, which can be
|
||||
* controlled via IP_REASSEMBLY.
|
||||
*/
|
||||
#define IP_FRAG 1
|
||||
|
||||
/**
|
||||
* IP_REASS_MAXAGE: Maximum time (in multiples of IP_TMR_INTERVAL - so seconds, normally)
|
||||
* a fragmented IP packet waits for all fragments to arrive. If not all fragments arrived
|
||||
* in this time, the whole packet is discarded.
|
||||
*/
|
||||
#define IP_REASS_MAXAGE 3
|
||||
|
||||
/**
|
||||
* IP_REASS_MAX_PBUFS: Total maximum amount of pbufs waiting to be reassembled.
|
||||
* Since the received pbufs are enqueued, be sure to configure
|
||||
* PBUF_POOL_SIZE > IP_REASS_MAX_PBUFS so that the stack is still able to receive
|
||||
* packets even if the maximum amount of fragments is enqueued for reassembly!
|
||||
*/
|
||||
#define IP_REASS_MAX_PBUFS 10
|
||||
|
||||
/*
|
||||
----------------------------------
|
||||
---------- ICMP options ----------
|
||||
----------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------
|
||||
---------- RAW options ----------
|
||||
---------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
----------------------------------
|
||||
---------- DHCP options ----------
|
||||
----------------------------------
|
||||
*/
|
||||
/**
|
||||
* LWIP_DHCP==1: Enable DHCP module.
|
||||
*/
|
||||
#define LWIP_DHCP 1
|
||||
|
||||
#define LWIP_DHCP_BOOTP_FILE 0
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- AUTOIP options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
/*
|
||||
----------------------------------
|
||||
---------- SNMP options ----------
|
||||
----------------------------------
|
||||
*/
|
||||
/*
|
||||
----------------------------------
|
||||
---------- IGMP options ----------
|
||||
----------------------------------
|
||||
*/
|
||||
/*
|
||||
----------------------------------
|
||||
---------- DNS options -----------
|
||||
----------------------------------
|
||||
*/
|
||||
/**
|
||||
* LWIP_DNS==1: Turn on DNS module. UDP must be available for DNS
|
||||
* transport.
|
||||
*/
|
||||
#define LWIP_DNS 1
|
||||
|
||||
/*
|
||||
---------------------------------
|
||||
---------- UDP options ----------
|
||||
---------------------------------
|
||||
*/
|
||||
/*
|
||||
---------------------------------
|
||||
---------- TCP options ----------
|
||||
---------------------------------
|
||||
*/
|
||||
/**
|
||||
* TCP_QUEUE_OOSEQ==1: TCP will queue segments that arrive out of order.
|
||||
* Define to 0 if your device is low on memory.
|
||||
*/
|
||||
#define TCP_QUEUE_OOSEQ 0
|
||||
|
||||
/*
|
||||
* LWIP_EVENT_API==1: The user defines lwip_tcp_event() to receive all
|
||||
* events (accept, sent, etc) that happen in the system.
|
||||
* LWIP_CALLBACK_API==1: The PCB callback function is called directly
|
||||
* for the event. This is the default.
|
||||
*/
|
||||
#define TCP_MSS 1460
|
||||
|
||||
/**
|
||||
* TCP_MAXRTX: Maximum number of retransmissions of data segments.
|
||||
*/
|
||||
#define TCP_MAXRTX 6
|
||||
|
||||
|
||||
/**
|
||||
* TCP_SYNMAXRTX: Maximum number of retransmissions of SYN segments.
|
||||
*/
|
||||
#define TCP_SYNMAXRTX 3
|
||||
|
||||
/*
|
||||
----------------------------------
|
||||
---------- Pbuf options ----------
|
||||
----------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
------------------------------------------------
|
||||
---------- Network Interfaces options ----------
|
||||
------------------------------------------------
|
||||
*/
|
||||
/**
|
||||
* LWIP_NETIF_TX_SINGLE_PBUF: if this is set to 1, lwIP tries to put all data
|
||||
* to be sent into one single pbuf. This is for compatibility with DMA-enabled
|
||||
* MACs that do not support scatter-gather.
|
||||
* Beware that this might involve CPU-memcpy before transmitting that would not
|
||||
* be needed without this flag! Use this only if you need to!
|
||||
*
|
||||
* @todo: TCP and IP-frag do not work with this, yet:
|
||||
*/
|
||||
#define LWIP_NETIF_TX_SINGLE_PBUF 1
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- LOOPIF options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- SLIPIF options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- Thread options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
/**
|
||||
* TCPIP_THREAD_STACKSIZE: The stack size used by the main tcpip thread.
|
||||
* The stack size value itself is platform-dependent, but is passed to
|
||||
* sys_thread_new() when the thread is created.
|
||||
*/
|
||||
#define TCPIP_THREAD_STACKSIZE 512 //not ok:384
|
||||
|
||||
/**
|
||||
* TCPIP_THREAD_PRIO: The priority assigned to the main tcpip thread.
|
||||
* The priority value itself is platform-dependent, but is passed to
|
||||
* sys_thread_new() when the thread is created.
|
||||
*/
|
||||
#define TCPIP_THREAD_PRIO (configMAX_PRIORITIES-5)
|
||||
|
||||
/**
|
||||
* TCPIP_MBOX_SIZE: The mailbox size for the tcpip thread messages
|
||||
* The queue size value itself is platform-dependent, but is passed to
|
||||
* sys_mbox_new() when tcpip_init is called.
|
||||
*/
|
||||
#define TCPIP_MBOX_SIZE 16
|
||||
|
||||
/**
|
||||
* DEFAULT_UDP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a
|
||||
* NETCONN_UDP. The queue size value itself is platform-dependent, but is passed
|
||||
* to sys_mbox_new() when the recvmbox is created.
|
||||
*/
|
||||
#define DEFAULT_UDP_RECVMBOX_SIZE 6
|
||||
|
||||
/**
|
||||
* DEFAULT_TCP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a
|
||||
* NETCONN_TCP. The queue size value itself is platform-dependent, but is passed
|
||||
* to sys_mbox_new() when the recvmbox is created.
|
||||
*/
|
||||
#define DEFAULT_TCP_RECVMBOX_SIZE 6
|
||||
|
||||
/**
|
||||
* DEFAULT_ACCEPTMBOX_SIZE: The mailbox size for the incoming connections.
|
||||
* The queue size value itself is platform-dependent, but is passed to
|
||||
* sys_mbox_new() when the acceptmbox is created.
|
||||
*/
|
||||
#define DEFAULT_ACCEPTMBOX_SIZE 6
|
||||
|
||||
/*
|
||||
----------------------------------------------
|
||||
---------- Sequential layer options ----------
|
||||
----------------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
------------------------------------
|
||||
---------- Socket options ----------
|
||||
------------------------------------
|
||||
*/
|
||||
/**
|
||||
* LWIP_SO_SNDTIMEO==1: Enable send timeout for sockets/netconns and
|
||||
* SO_SNDTIMEO processing.
|
||||
*/
|
||||
#define LWIP_SO_SNDTIMEO 1
|
||||
|
||||
/**
|
||||
* LWIP_SO_RCVTIMEO==1: Enable receive timeout for sockets/netconns and
|
||||
* SO_RCVTIMEO processing.
|
||||
*/
|
||||
#define LWIP_SO_RCVTIMEO 1
|
||||
|
||||
/**
|
||||
* LWIP_TCP_KEEPALIVE==1: Enable TCP_KEEPIDLE, TCP_KEEPINTVL and TCP_KEEPCNT
|
||||
* options processing. Note that TCP_KEEPIDLE and TCP_KEEPINTVL have to be set
|
||||
* in seconds. (does not require sockets.c, and will affect tcp.c)
|
||||
*/
|
||||
#define LWIP_TCP_KEEPALIVE 1
|
||||
|
||||
/**
|
||||
* LWIP_SO_RCVBUF==1: Enable SO_RCVBUF processing.
|
||||
*/
|
||||
#define LWIP_SO_RCVBUF 0
|
||||
|
||||
/**
|
||||
* SO_REUSE==1: Enable SO_REUSEADDR option.
|
||||
*/
|
||||
#define SO_REUSE 1
|
||||
|
||||
/*
|
||||
----------------------------------------
|
||||
---------- Statistics options ----------
|
||||
----------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------
|
||||
---------- PPP options ----------
|
||||
---------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
--------------------------------------
|
||||
---------- Checksum options ----------
|
||||
--------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------------
|
||||
---------- IPv6 options ---------------
|
||||
---------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------------
|
||||
---------- Hook options ---------------
|
||||
---------------------------------------
|
||||
*/
|
||||
|
||||
/*
|
||||
---------------------------------------
|
||||
---------- Debugging options ----------
|
||||
---------------------------------------
|
||||
*/
|
||||
/**
|
||||
* ETHARP_DEBUG: Enable debugging in etharp.c.
|
||||
*/
|
||||
#define ETHARP_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* PBUF_DEBUG: Enable debugging in pbuf.c.
|
||||
*/
|
||||
#define PBUF_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* API_LIB_DEBUG: Enable debugging in api_lib.c.
|
||||
*/
|
||||
#define API_LIB_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* SOCKETS_DEBUG: Enable debugging in sockets.c.
|
||||
*/
|
||||
#define SOCKETS_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* IP_DEBUG: Enable debugging for IP.
|
||||
*/
|
||||
#define IP_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* MEMP_DEBUG: Enable debugging in memp.c.
|
||||
*/
|
||||
#define MEMP_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* TCP_INPUT_DEBUG: Enable debugging in tcp_in.c for incoming debug.
|
||||
*/
|
||||
#define TCP_INPUT_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* TCP_OUTPUT_DEBUG: Enable debugging in tcp_out.c output functions.
|
||||
*/
|
||||
#define TCP_OUTPUT_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* TCPIP_DEBUG: Enable debugging in tcpip.c.
|
||||
*/
|
||||
#define TCPIP_DEBUG LWIP_DBG_OFF
|
||||
|
||||
/**
|
||||
* DHCP_DEBUG: Enable debugging in dhcp.c.
|
||||
*/
|
||||
#define DHCP_DEBUG LWIP_DBG_OFF
|
||||
|
||||
#endif /* __LWIPOPTS_H__ */
|
||||
|
|
Loading…
Reference in a new issue