diff --git a/FreeRTOS/Source/portable/esp8266/portmacro.h b/FreeRTOS/Source/portable/esp8266/portmacro.h index a41b1f7..3c54612 100644 --- a/FreeRTOS/Source/portable/esp8266/portmacro.h +++ b/FreeRTOS/Source/portable/esp8266/portmacro.h @@ -70,6 +70,7 @@ extern "C" { #endif +#include "esp8266.h" #include "espressif/esp8266/ets_sys.h" #include #include diff --git a/FreeRTOS/Source/portable/esp8266/sdk_compat.c b/FreeRTOS/Source/portable/esp8266/sdk_compat.c index 9691138..9ca5cd4 100644 --- a/FreeRTOS/Source/portable/esp8266/sdk_compat.c +++ b/FreeRTOS/Source/portable/esp8266/sdk_compat.c @@ -4,7 +4,7 @@ #include #include "FreeRTOS.h" -/* SDK uses this and so does lwip, it was defined in libudhcp.a +/* SDK uses errno. errno was defined in libudhcp.a but that library has been removed. */ int errno; diff --git a/axtls/axtls_esp_stubs.c b/axtls/axtls_esp_stubs.c new file mode 100644 index 0000000..00b7fd6 --- /dev/null +++ b/axtls/axtls_esp_stubs.c @@ -0,0 +1,29 @@ +#include +#include +#include +/* + * Stub time functions for TLS time-related operations + * + * ESPTODO: Revisit these soon as gettimeofday() is used for entropy + */ + +time_t time(time_t *t) +{ + return 0; +} + +time_t mktime(struct tm *tm) +{ + return 0; +} + +int gettimeofday(struct timeval *tv, void *tz) +{ + return 0; +} + +void abort(void) +{ + printf("abort() was called.\r\n"); + while(1) {} +} diff --git a/axtls/component.mk b/axtls/component.mk new file mode 100644 index 0000000..185f47e --- /dev/null +++ b/axtls/component.mk @@ -0,0 +1,19 @@ +# Component makefile for axTLS + +# axTLS has its own configure and build system, but it's not particularly +# designed for embedded systems. For now we're just imposing the ESP Open RTOS +# build system over the top. + +# We supply our own hand tweaked config.h in the external 'include' dir. + +AXTLS_DIR = $(ROOT)axtls/axtls/ +INC_DIRS += $(ROOT)axtls/include $(AXTLS_DIR)ssl $(AXTLS_DIR)crypto + +# args for passing into compile rule generation +axtls_ROOT = $(ROOT)axtls +axtls_INC_DIR = $(AXTLS_DIR)include $(AXTLS_DIR) +axtls_SRC_DIR = $(AXTLS_DIR)crypto $(AXTLS_DIR)ssl $(ROOT)axtls + +#axtls_CFLAGS = $(CFLAGS) -Wno-address + +$(eval $(call component_compile_rules,axtls)) diff --git a/include/ssl/ssl_config.h b/axtls/include/config.h similarity index 66% rename from include/ssl/ssl_config.h rename to axtls/include/config.h index 3404b5b..175d083 100644 --- a/include/ssl/ssl_config.h +++ b/axtls/include/config.h @@ -1,18 +1,18 @@ /* * Automatically generated header file: don't edit */ - -#define HAVE_DOT_CONFIG 1 +#define HAVE_DOT_CONFIG 0 #undef CONFIG_PLATFORM_LINUX -#define CONFIG_PLATFORM_CYGWIN 1 +#undef CONFIG_PLATFORM_CYGWIN #undef CONFIG_PLATFORM_WIN32 /* * General Configuration */ #define PREFIX "/usr/local" -#define CONFIG_DEBUG 1 -#undef CONFIG_STRIP_UNWANTED_SECTIONS +#define CROSS "xtensa-lx106-elf-" +#undef CONFIG_DEBUG +#define CONFIG_STRIP_UNWANTED_SECTIONS 1 #undef CONFIG_VISUAL_STUDIO_7_0 #undef CONFIG_VISUAL_STUDIO_8_0 #undef CONFIG_VISUAL_STUDIO_10_0 @@ -22,18 +22,26 @@ #define CONFIG_EXTRA_CFLAGS_OPTIONS "" #define CONFIG_EXTRA_LDFLAGS_OPTIONS "" +/* + * Embedded System Options (added for ESP RTOS SDK, don't have config entries yetr) + */ +#define CONFIG_NO_FILESYSTEM 1 +#define CONFIG_USE_RAND 1 +#define CONFIG_MAX_PLAIN_LENGTH 1024 +#define CONFIG_MAX_KEY_BYTE_SIZE 256 /* for max 2048 bit keys (untested with >1024 bit keys) */ + /* * SSL Library */ #undef CONFIG_SSL_SERVER_ONLY #undef CONFIG_SSL_CERT_VERIFICATION -#undef CONFIG_SSL_ENABLE_CLIENT -#define CONFIG_SSL_FULL_MODE 1 +#define CONFIG_SSL_ENABLE_CLIENT 1 +#undef CONFIG_SSL_FULL_MODE #undef CONFIG_SSL_SKELETON_MODE #undef CONFIG_SSL_PROT_LOW #define CONFIG_SSL_PROT_MEDIUM 1 #undef CONFIG_SSL_PROT_HIGH -#define CONFIG_SSL_USE_DEFAULT_KEY +#undef CONFIG_SSL_USE_DEFAULT_KEY #define CONFIG_SSL_PRIVATE_KEY_LOCATION "" #define CONFIG_SSL_PRIVATE_KEY_PASSWORD "" #define CONFIG_SSL_X509_CERT_LOCATION "" @@ -42,45 +50,37 @@ #define CONFIG_SSL_X509_ORGANIZATION_NAME "" #define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME "" #undef CONFIG_SSL_ENABLE_V23_HANDSHAKE -#define CONFIG_SSL_HAS_PEM 1 +#undef CONFIG_SSL_HAS_PEM #undef CONFIG_SSL_USE_PKCS12 #define CONFIG_SSL_EXPIRY_TIME 24 -#define CONFIG_X509_MAX_CA_CERTS 150 +#define CONFIG_X509_MAX_CA_CERTS 1 #define CONFIG_SSL_MAX_CERTS 3 #undef CONFIG_SSL_CTX_MUTEXING -//#define CONFIG_USE_DEV_URANDOM 1 +#undef CONFIG_USE_DEV_URANDOM #undef CONFIG_WIN32_USE_CRYPTO_LIB #undef CONFIG_OPENSSL_COMPATIBLE #undef CONFIG_PERFORMANCE_TESTING -#define CONFIG_SSL_TEST 1 +#undef CONFIG_SSL_TEST #undef CONFIG_AXTLSWRAP -#define CONFIG_AXHTTPD 1 - -/* - * Axhttpd Configuration - */ +#undef CONFIG_AXHTTPD #undef CONFIG_HTTP_STATIC_BUILD -#define CONFIG_HTTP_PORT 80 -#define CONFIG_HTTP_HTTPS_PORT 443 -#define CONFIG_HTTP_SESSION_CACHE_SIZE 5 -#define CONFIG_HTTP_WEBROOT "../www" -#define CONFIG_HTTP_TIMEOUT 300 - -/* - * CGI - */ -#undef CONFIG_HTTP_HAS_CGI -#define CONFIG_HTTP_CGI_EXTENSIONS ".lua,.lp,.php" -#define CONFIG_HTTP_ENABLE_LUA 1 -#define CONFIG_HTTP_LUA_PREFIX "/usr" +#define CONFIG_HTTP_PORT +#define CONFIG_HTTP_HTTPS_PORT +#define CONFIG_HTTP_SESSION_CACHE_SIZE +#define CONFIG_HTTP_WEBROOT "" +#define CONFIG_HTTP_TIMEOUT +#undef CONFIG_HTTP_HAS_CGI +#define CONFIG_HTTP_CGI_EXTENSIONS "" +#undef CONFIG_HTTP_ENABLE_LUA +#define CONFIG_HTTP_LUA_PREFIX "" #undef CONFIG_HTTP_BUILD_LUA -#define CONFIG_HTTP_CGI_LAUNCHER "/usr/bin/cgi" -#define CONFIG_HTTP_DIRECTORIES 1 -#define CONFIG_HTTP_HAS_AUTHORIZATION 1 +#define CONFIG_HTTP_CGI_LAUNCHER "" +#undef CONFIG_HTTP_DIRECTORIES +#undef CONFIG_HTTP_HAS_AUTHORIZATION #undef CONFIG_HTTP_HAS_IPV6 #undef CONFIG_HTTP_ENABLE_DIFFERENT_USER #define CONFIG_HTTP_USER "" -#define CONFIG_HTTP_VERBOSE 0 +#undef CONFIG_HTTP_VERBOSE #undef CONFIG_HTTP_IS_DAEMON /* @@ -101,8 +101,8 @@ /* * Samples */ -#define CONFIG_SAMPLES 1 -#define CONFIG_C_SAMPLES 1 +#undef CONFIG_SAMPLES +#undef CONFIG_C_SAMPLES #undef CONFIG_CSHARP_SAMPLES #undef CONFIG_VBNET_SAMPLES #undef CONFIG_JAVA_SAMPLES @@ -117,11 +117,12 @@ #define CONFIG_BIGINT_BARRETT 1 #define CONFIG_BIGINT_CRT 1 #undef CONFIG_BIGINT_KARATSUBA -#define MUL_KARATSUBA_THRESH -#define SQU_KARATSUBA_THRESH +#define MUL_KARATSUBA_THRESH +#define SQU_KARATSUBA_THRESH #define CONFIG_BIGINT_SLIDING_WINDOW 1 #define CONFIG_BIGINT_SQUARE 1 #define CONFIG_BIGINT_CHECK_ON 1 #define CONFIG_INTEGER_32BIT 1 #undef CONFIG_INTEGER_16BIT #undef CONFIG_INTEGER_8BIT + diff --git a/axtls/include/os_int.h b/axtls/include/os_int.h new file mode 100644 index 0000000..3fc09cd --- /dev/null +++ b/axtls/include/os_int.h @@ -0,0 +1,6 @@ +#ifndef _OS_INT_H +#define _OS_INT_H + +#include + +#endif diff --git a/include/ssl/ssl_os_port.h b/axtls/include/os_port.h similarity index 60% rename from include/ssl/ssl_os_port.h rename to axtls/include/os_port.h index a68b9e1..67fc3db 100644 --- a/include/ssl/ssl_os_port.h +++ b/axtls/include/os_port.h @@ -1,5 +1,6 @@ /* - * Copyright (c) 2007, Cameron Rich + * Copyright (c) 2007-2015, Cameron Rich + * Modifications Copyright (c) 2015 Superhouse Automation Pty Ltd * * All rights reserved. * @@ -34,28 +35,58 @@ * Some stuff to minimise the differences between windows and linux/unix */ -#ifndef HEADER_OS_PORT_H -#define HEADER_OS_PORT_H +#ifndef _HEADER_OS_PORT_H +#define _HEADER_OS_PORT_H #ifdef __cplusplus extern "C" { #endif -#include "esp_common.h" - -#if 0 -#define ssl_printf(fmt, args...) os_printf(fmt,## args) -#else -#define ssl_printf(fmt, args...) +#include "FreeRTOS.h" +#include "os_int.h" +#include "config.h" +#include +#include +#include +//#include +#include +#include +#include +#include +#include +#include +#if defined(CONFIG_SSL_CTX_MUTEXING) +#include "semphr.h" #endif -#define STDCALL -#define EXP_FUNC +#define SOCKET_READ(A,B,C) read(A,B,C) +#define SOCKET_WRITE(A,B,C) write(A,B,C) +#define SOCKET_CLOSE(A) if (A >= 0) close(A) +#define TTY_FLUSH() +static inline uint64_t be64toh(uint64_t x) { + return ntohl(x>>32) | ((uint64_t)(ntohl(x)) << 32); +} + +void exit_now(const char *format, ...) __attribute((noreturn)); + +#define EXP_FUNC +#define STDCALL + +/* Mutex definitions */ +#if defined(CONFIG_SSL_CTX_MUTEXING) +#define SSL_CTX_MUTEX_TYPE xSemaphoreHandle +#define SSL_CTX_MUTEX_INIT(A) vSemaphoreCreateBinaryCreateMutex(A) +#define SSL_CTX_MUTEX_DESTROY(A) vSemaphoreDelete(A) +#define SSL_CTX_LOCK(A) xSemaphoreTakeRecursive(A, portMAX_DELAY) +#define SSL_CTX_UNLOCK(A) xSemaphoreGiveRecursive(A) +#else +#define SSL_CTX_MUTEX_TYPE #define SSL_CTX_MUTEX_INIT(A) #define SSL_CTX_MUTEX_DESTROY(A) #define SSL_CTX_LOCK(A) #define SSL_CTX_UNLOCK(A) +#endif #ifdef __cplusplus } diff --git a/common.mk b/common.mk index fa8082f..c5467d0 100644 --- a/common.mk +++ b/common.mk @@ -53,7 +53,7 @@ OBJCOPY = $(CROSS)objcopy # Source components to compile and link. Each of these are subdirectories # of the root, with a 'component.mk' file. -COMPONENTS ?= FreeRTOS lwip +COMPONENTS ?= FreeRTOS lwip axtls # binary esp-iot-rtos SDK libraries to link. These are pre-processed prior to linking. SDK_LIBS ?= main net80211 phy pp wpa diff --git a/include/esp8266.h b/include/esp8266.h index a58a9be..492ed46 100644 --- a/include/esp8266.h +++ b/include/esp8266.h @@ -1,5 +1,6 @@ /* esp8266.h * +<<<<<<< HEAD * ESP-specific SoC-level addresses, macros, etc. * Part of esp-open-rtos * @@ -23,7 +24,6 @@ */ #define IROM __attribute__((section(".irom0"))) const - /* Register addresses ESPTODO: break this out to its own header file and clean it up, add other regs, etc. diff --git a/include/ssl/ssl_bigint.h b/include/ssl/ssl_bigint.h deleted file mode 100644 index 99f5415..0000000 --- a/include/ssl/ssl_bigint.h +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef BIGINT_HEADER -#define BIGINT_HEADER - -#include "ssl/ssl_crypto.h" - -BI_CTX *bi_initialize(void); -void bi_terminate(BI_CTX *ctx); -void bi_permanent(bigint *bi); -void bi_depermanent(bigint *bi); -void bi_clear_cache(BI_CTX *ctx); -void bi_free(BI_CTX *ctx, bigint *bi); -bigint *bi_copy(bigint *bi); -bigint *bi_clone(BI_CTX *ctx, const bigint *bi); -void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size); -bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len); -bigint *int_to_bi(BI_CTX *ctx, comp i); - -/* the functions that actually do something interesting */ -bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib); -bigint *bi_subtract(BI_CTX *ctx, bigint *bia, - bigint *bib, int *is_negative); -bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod); -bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib); -bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp); -bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp); -int bi_compare(bigint *bia, bigint *bib); -void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset); -void bi_free_mod(BI_CTX *ctx, int mod_offset); - -#ifdef CONFIG_SSL_FULL_MODE -void bi_print(const char *label, bigint *bi); -bigint *bi_str_import(BI_CTX *ctx, const char *data); -#endif - -/** - * @def bi_mod - * Find the residue of B. bi_set_mod() must be called before hand. - */ -#define bi_mod(A, B) bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1) - -/** - * bi_residue() is technically the same as bi_mod(), but it uses the - * appropriate reduction technique (which is bi_mod() when doing classical - * reduction). - */ -#if defined(CONFIG_BIGINT_MONTGOMERY) -#define bi_residue(A, B) bi_mont(A, B) -bigint *bi_mont(BI_CTX *ctx, bigint *bixy); -#elif defined(CONFIG_BIGINT_BARRETT) -#define bi_residue(A, B) bi_barrett(A, B) -bigint *bi_barrett(BI_CTX *ctx, bigint *bi); -#else /* if defined(CONFIG_BIGINT_CLASSICAL) */ -#define bi_residue(A, B) bi_mod(A, B) -#endif - -#ifdef CONFIG_BIGINT_SQUARE -bigint *bi_square(BI_CTX *ctx, bigint *bi); -#else -#define bi_square(A, B) bi_multiply(A, bi_copy(B), B) -#endif - -#ifdef CONFIG_BIGINT_CRT -bigint *bi_crt(BI_CTX *ctx, bigint *bi, - bigint *dP, bigint *dQ, - bigint *p, bigint *q, - bigint *qInv); -#endif - -#endif diff --git a/include/ssl/ssl_bigint_impl.h b/include/ssl/ssl_bigint_impl.h deleted file mode 100644 index c82fefb..0000000 --- a/include/ssl/ssl_bigint_impl.h +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef BIGINT_IMPL_HEADER -#define BIGINT_IMPL_HEADER - -/* Maintain a number of precomputed variables when doing reduction */ -#define BIGINT_M_OFFSET 0 /**< Normal modulo offset. */ -#ifdef CONFIG_BIGINT_CRT -#define BIGINT_P_OFFSET 1 /**< p modulo offset. */ -#define BIGINT_Q_OFFSET 2 /**< q module offset. */ -#define BIGINT_NUM_MODS 3 /**< The number of modulus constants used. */ -#else -#define BIGINT_NUM_MODS 1 -#endif - -/* Architecture specific functions for big ints */ -#if defined(CONFIG_INTEGER_8BIT) -#define COMP_RADIX 256U /**< Max component + 1 */ -#define COMP_MAX 0xFFFFU/**< (Max dbl comp -1) */ -#define COMP_BIT_SIZE 8 /**< Number of bits in a component. */ -#define COMP_BYTE_SIZE 1 /**< Number of bytes in a component. */ -#define COMP_NUM_NIBBLES 2 /**< Used For diagnostics only. */ -typedef uint8_t comp; /**< A single precision component. */ -typedef uint16_t long_comp; /**< A double precision component. */ -typedef int16_t slong_comp; /**< A signed double precision component. */ -#elif defined(CONFIG_INTEGER_16BIT) -#define COMP_RADIX 65536U /**< Max component + 1 */ -#define COMP_MAX 0xFFFFFFFFU/**< (Max dbl comp -1) */ -#define COMP_BIT_SIZE 16 /**< Number of bits in a component. */ -#define COMP_BYTE_SIZE 2 /**< Number of bytes in a component. */ -#define COMP_NUM_NIBBLES 4 /**< Used For diagnostics only. */ -typedef uint16_t comp; /**< A single precision component. */ -typedef uint32_t long_comp; /**< A double precision component. */ -typedef int32_t slong_comp; /**< A signed double precision component. */ -#else /* regular 32 bit */ -#ifdef WIN32 -#define COMP_RADIX 4294967296i64 -#define COMP_MAX 0xFFFFFFFFFFFFFFFFui64 -#else -#define COMP_RADIX 4294967296ULL /**< Max component + 1 */ -#define COMP_MAX 0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */ -#endif -#define COMP_BIT_SIZE 32 /**< Number of bits in a component. */ -#define COMP_BYTE_SIZE 4 /**< Number of bytes in a component. */ -#define COMP_NUM_NIBBLES 8 /**< Used For diagnostics only. */ -typedef uint32_t comp; /**< A single precision component. */ -typedef uint64_t long_comp; /**< A double precision component. */ -typedef sint64_t slong_comp; /**< A signed double precision component. */ -#endif - -/** - * @struct _bigint - * @brief A big integer basic object - */ -struct _bigint -{ - struct _bigint* next; /**< The next bigint in the cache. */ - short size; /**< The number of components in this bigint. */ - short max_comps; /**< The heapsize allocated for this bigint */ - int refs; /**< An internal reference count. */ - comp* comps; /**< A ptr to the actual component data */ -}; - -typedef struct _bigint bigint; /**< An alias for _bigint */ - -/** - * Maintains the state of the cache, and a number of variables used in - * reduction. - */ -typedef struct /**< A big integer "session" context. */ -{ - bigint *active_list; /**< Bigints currently used. */ - bigint *free_list; /**< Bigints not used. */ - bigint *bi_radix; /**< The radix used. */ - bigint *bi_mod[BIGINT_NUM_MODS]; /**< modulus */ - -#if defined(CONFIG_BIGINT_MONTGOMERY) - bigint *bi_RR_mod_m[BIGINT_NUM_MODS]; /**< R^2 mod m */ - bigint *bi_R_mod_m[BIGINT_NUM_MODS]; /**< R mod m */ - comp N0_dash[BIGINT_NUM_MODS]; -#elif defined(CONFIG_BIGINT_BARRETT) - bigint *bi_mu[BIGINT_NUM_MODS]; /**< Storage for mu */ -#endif - bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */ - bigint **g; /**< Used by sliding-window. */ - int window; /**< The size of the sliding window */ - int active_count; /**< Number of active bigints. */ - int free_count; /**< Number of free bigints. */ - -#ifdef CONFIG_BIGINT_MONTGOMERY - uint8_t use_classical; /**< Use classical reduction. */ -#endif - uint8_t mod_offset; /**< The mod offset we are using */ -} BI_CTX; - -#ifndef WIN32 -#define max(a,b) ((a)>(b)?(a):(b)) /**< Find the maximum of 2 numbers. */ -#define min(a,b) ((a)<(b)?(a):(b)) /**< Find the minimum of 2 numbers. */ -#endif - -#define PERMANENT 0x7FFF55AA /**< A magic number for permanents. */ - -#endif diff --git a/include/ssl/ssl_crypto.h b/include/ssl/ssl_crypto.h deleted file mode 100644 index 1ea461a..0000000 --- a/include/ssl/ssl_crypto.h +++ /dev/null @@ -1,230 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file crypto.h - */ - -#ifndef HEADER_CRYPTO_H -#define HEADER_CRYPTO_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "ssl/ssl_config.h" -#include "ssl/ssl_bigint_impl.h" -#include "ssl/ssl_bigint.h" - -#ifndef STDCALL -#define STDCALL -#endif -#ifndef EXP_FUNC -#define EXP_FUNC -#endif - - -/* enable features based on a 'super-set' capbaility. */ -#if defined(CONFIG_SSL_FULL_MODE) -#define CONFIG_SSL_ENABLE_CLIENT -#define CONFIG_SSL_CERT_VERIFICATION -#elif defined(CONFIG_SSL_ENABLE_CLIENT) -#define CONFIG_SSL_CERT_VERIFICATION -#endif - -/************************************************************************** - * AES declarations - **************************************************************************/ - -#define AES_MAXROUNDS 14 -#define AES_BLOCKSIZE 16 -#define AES_IV_SIZE 16 - -typedef struct aes_key_st -{ - uint16_t rounds; - uint16_t key_size; - uint32_t ks[(AES_MAXROUNDS+1)*8]; - uint8_t iv[AES_IV_SIZE]; -} AES_CTX; - -typedef enum -{ - AES_MODE_128, - AES_MODE_256 -} AES_MODE; - -void AES_set_key(AES_CTX *ctx, const uint8_t *key, - const uint8_t *iv, AES_MODE mode); -void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, - uint8_t *out, int length); -void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length); -void AES_convert_key(AES_CTX *ctx); - -/************************************************************************** - * RC4 declarations - **************************************************************************/ - -typedef struct -{ - uint8_t x, y, m[256]; -} RC4_CTX; - -void RC4_setup(RC4_CTX *s, const uint8_t *key, int length); -void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length); - -/************************************************************************** - * SHA1 declarations - **************************************************************************/ - -#define SHA1_SIZE 20 - -/* - * This structure will hold context information for the SHA-1 - * hashing operation - */ -typedef struct -{ - uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */ - uint32_t Length_Low; /* Message length in bits */ - uint32_t Length_High; /* Message length in bits */ - uint16_t Message_Block_Index; /* Index into message block array */ - uint8_t Message_Block[64]; /* 512-bit message blocks */ -} SHA1_CTX; - -void SHA1_Init(SHA1_CTX *); -void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len); -void SHA1_Final(uint8_t *digest, SHA1_CTX *); - -/************************************************************************** - * MD2 declarations - **************************************************************************/ - -#define MD2_SIZE 16 - -typedef struct -{ - unsigned char cksum[16]; /* checksum of the data block */ - unsigned char state[48]; /* intermediate digest state */ - unsigned char buffer[16]; /* data block being processed */ - int left; /* amount of data in buffer */ -} MD2_CTX; - -EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx); -EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen); -EXP_FUNC void STDCALL MD2_Final(uint8_t *digest, MD2_CTX *ctx); - -/************************************************************************** - * MD5 declarations - **************************************************************************/ - -#define MD5_SIZE 16 - -typedef struct -{ - uint32_t state[4]; /* state (ABCD) */ - uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */ - uint8_t buffer[64]; /* input buffer */ -} MD5_CTX; - -EXP_FUNC void STDCALL MD5_Init(MD5_CTX *); -EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len); -EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *); - -/************************************************************************** - * HMAC declarations - **************************************************************************/ -void ssl_hmac_md5(const uint8_t *msg, int length, const uint8_t *key, - int key_len, uint8_t *digest);// fix hmac_md5 to ssl_hmac_md5, discriminate ieee80211 -void ssl_hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, - int key_len, uint8_t *digest);// fix hmac_md5 to ssl_hmac_sha1, discriminate ieee80211 - -/************************************************************************** - * RSA declarations - **************************************************************************/ - -typedef struct -{ - bigint *m; /* modulus */ - bigint *e; /* public exponent */ - bigint *d; /* private exponent */ -#ifdef CONFIG_BIGINT_CRT - bigint *p; /* p as in m = pq */ - bigint *q; /* q as in m = pq */ - bigint *dP; /* d mod (p-1) */ - bigint *dQ; /* d mod (q-1) */ - bigint *qInv; /* q^-1 mod p */ -#endif - int num_octets; - BI_CTX *bi_ctx; -} RSA_CTX; - -void RSA_priv_key_new(RSA_CTX **rsa_ctx, - const uint8_t *modulus, int mod_len, - const uint8_t *pub_exp, int pub_len, - const uint8_t *priv_exp, int priv_len -#ifdef CONFIG_BIGINT_CRT - , const uint8_t *p, int p_len, - const uint8_t *q, int q_len, - const uint8_t *dP, int dP_len, - const uint8_t *dQ, int dQ_len, - const uint8_t *qInv, int qInv_len -#endif - ); -void RSA_pub_key_new(RSA_CTX **rsa_ctx, - const uint8_t *modulus, int mod_len, - const uint8_t *pub_exp, int pub_len); -void RSA_free(RSA_CTX *ctx); -int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data, - int is_decryption); -bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg); -#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT) -bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len, - bigint *modulus, bigint *pub_exp); -bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg); -int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, - uint8_t *out_data, int is_signing); -void RSA_print(const RSA_CTX *ctx); -#endif - -/************************************************************************** - * RNG declarations - **************************************************************************/ -EXP_FUNC void STDCALL RNG_initialize(void); -EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size); -EXP_FUNC void STDCALL RNG_terminate(void); -EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data); -void get_random_NZ(int num_rand_bytes, uint8_t *rand_data); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/include/ssl/ssl_crypto_misc.h b/include/ssl/ssl_crypto_misc.h deleted file mode 100644 index 8e1ba53..0000000 --- a/include/ssl/ssl_crypto_misc.h +++ /dev/null @@ -1,172 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -/** - * @file crypto_misc.h - */ - -#ifndef HEADER_CRYPTO_MISC_H -#define HEADER_CRYPTO_MISC_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "ssl/ssl_crypto.h" -#include "ssl/ssl_bigint.h" - -/************************************************************************** - * X509 declarations - **************************************************************************/ -#define X509_OK 0 -#define X509_NOT_OK -1 -#define X509_VFY_ERROR_NO_TRUSTED_CERT -2 -#define X509_VFY_ERROR_BAD_SIGNATURE -3 -#define X509_VFY_ERROR_NOT_YET_VALID -4 -#define X509_VFY_ERROR_EXPIRED -5 -#define X509_VFY_ERROR_SELF_SIGNED -6 -#define X509_VFY_ERROR_INVALID_CHAIN -7 -#define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8 -#define X509_INVALID_PRIV_KEY -9 - -/* - * The Distinguished Name - */ -#define X509_NUM_DN_TYPES 3 -#define X509_COMMON_NAME 0 -#define X509_ORGANIZATION 1 -#define X509_ORGANIZATIONAL_UNIT 2 - -struct _x509_ctx -{ - char *ca_cert_dn[X509_NUM_DN_TYPES]; - char *cert_dn[X509_NUM_DN_TYPES]; - char **subject_alt_dnsnames; - time_t not_before; - time_t not_after; - uint8_t *signature; - uint16_t sig_len; - uint8_t sig_type; - RSA_CTX *rsa_ctx; - bigint *digest; - struct _x509_ctx *next; -}; - -typedef struct _x509_ctx X509_CTX; - -#ifdef CONFIG_SSL_CERT_VERIFICATION -typedef struct -{ - X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS]; -} CA_CERT_CTX; -#endif - -int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx); -void x509_free(X509_CTX *x509_ctx); -#ifdef CONFIG_SSL_CERT_VERIFICATION -int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert); -#endif -#ifdef CONFIG_SSL_FULL_MODE -void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx); -const char * x509_display_error(int error); -#endif - -/************************************************************************** - * ASN1 declarations - **************************************************************************/ -#define ASN1_INTEGER 0x02 -#define ASN1_BIT_STRING 0x03 -#define ASN1_OCTET_STRING 0x04 -#define ASN1_NULL 0x05 -#define ASN1_PRINTABLE_STR2 0x0C -#define ASN1_OID 0x06 -#define ASN1_PRINTABLE_STR2 0x0C -#define ASN1_PRINTABLE_STR 0x13 -#define ASN1_TELETEX_STR 0x14 -#define ASN1_IA5_STR 0x16 -#define ASN1_UTC_TIME 0x17 -#define ASN1_UNICODE_STR 0x1e -#define ASN1_SEQUENCE 0x30 -#define ASN1_CONTEXT_DNSNAME 0x82 -#define ASN1_SET 0x31 -#define ASN1_V3_DATA 0xa3 -#define ASN1_IMPLICIT_TAG 0x80 -#define ASN1_CONTEXT_DNSNAME 0x82 -#define ASN1_EXPLICIT_TAG 0xa0 -#define ASN1_V3_DATA 0xa3 - -#define SIG_TYPE_MD2 0x02 -#define SIG_TYPE_MD5 0x04 -#define SIG_TYPE_SHA1 0x05 - -int get_asn1_length(const uint8_t *buf, int *offset); -int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx); -int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type); -int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type); -int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object); -int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); -int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); -int asn1_name(const uint8_t *cert, int *offset, char *dn[]); -int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); -#ifdef CONFIG_SSL_CERT_VERIFICATION -int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); -int asn1_find_subjectaltname(const uint8_t* cert, int offset); -int asn1_compare_dn(char * const dn1[], char * const dn2[]); -#endif /* CONFIG_SSL_CERT_VERIFICATION */ -int asn1_signature_type(const uint8_t *cert, - int *offset, X509_CTX *x509_ctx); - -/************************************************************************** - * MISC declarations - **************************************************************************/ -#define SALT_SIZE 8 - -extern const char * const unsupported_str; - -typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int); -typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, - int key_len, uint8_t *digest); - -int get_file(const char *filename, uint8_t **buf); - -#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG) -EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...); -#else - #define print_blob(...) -#endif - -EXP_FUNC int STDCALL base64_decode(const char *in, int len, - uint8_t *out, int *outlen); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/include/ssl/ssl_ssl.h b/include/ssl/ssl_ssl.h deleted file mode 100644 index 4564533..0000000 --- a/include/ssl/ssl_ssl.h +++ /dev/null @@ -1,500 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @mainpage axTLS API - * - * @image html axolotl.jpg - * - * The axTLS library has features such as: - * - The TLSv1 SSL client/server protocol - * - No requirement to use any openssl libraries. - * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers. - * - RSA encryption/decryption with variable sized keys (up to 4096 bits). - * - Certificate chaining and peer authentication. - * - Session resumption, session renegotiation. - * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding. - * - Highly configurable compile time options. - * - Portable across many platforms (written in ANSI C), and has language - * bindings in C, C#, VB.NET, Java, Perl and Lua. - * - Partial openssl API compatibility (via a wrapper). - * - A very small footprint (around 50-60kB for the library in 'server-only' - * mode). - * - No dependencies on sockets - can use serial connections for example. - * - A very simple API - ~ 20 functions/methods. - * - * A list of these functions/methods are described below. - * - * @ref c_api - * - * @ref bigint_api - * - * @ref csharp_api - * - * @ref java_api - */ -#ifndef HEADER_SSL_H -#define HEADER_SSL_H - -#ifdef __cplusplus -extern "C" { -#endif - -//#include -typedef long time_t; - -/* need to predefine before ssl_lib.h gets to it */ -#define SSL_SESSION_ID_SIZE 32 - -#include "ssl/ssl_tls1.h" - -/* The optional parameters that can be given to the client/server SSL engine */ -#define SSL_CLIENT_AUTHENTICATION 0x00010000 -#define SSL_SERVER_VERIFY_LATER 0x00020000 -#define SSL_NO_DEFAULT_KEY 0x00040000 -#define SSL_DISPLAY_STATES 0x00080000 -#define SSL_DISPLAY_BYTES 0x00100000 -#define SSL_DISPLAY_CERTS 0x00200000 -#define SSL_DISPLAY_RSA 0x00400000 -#define SSL_CONNECT_IN_PARTS 0x00800000 - -/* errors that can be generated */ -#define SSL_OK 0 -#define SSL_NOT_OK -1 -#define SSL_ERROR_DEAD -2 -#define SSL_CLOSE_NOTIFY -3 -#define SSL_ERROR_CONN_LOST -256 -#define SSL_ERROR_SOCK_SETUP_FAILURE -258 -#define SSL_ERROR_INVALID_HANDSHAKE -260 -#define SSL_ERROR_INVALID_PROT_MSG -261 -#define SSL_ERROR_INVALID_HMAC -262 -#define SSL_ERROR_INVALID_VERSION -263 -#define SSL_ERROR_INVALID_SESSION -265 -#define SSL_ERROR_NO_CIPHER -266 -#define SSL_ERROR_BAD_CERTIFICATE -268 -#define SSL_ERROR_INVALID_KEY -269 -#define SSL_ERROR_FINISHED_INVALID -271 -#define SSL_ERROR_NO_CERT_DEFINED -272 -#define SSL_ERROR_NO_CLIENT_RENOG -273 -#define SSL_ERROR_NOT_SUPPORTED -274 -#define SSL_X509_OFFSET -512 -#define SSL_X509_ERROR(A) (SSL_X509_OFFSET+A) - -/* alert types that are recognized */ -#define SSL_ALERT_TYPE_WARNING 1 -#define SLL_ALERT_TYPE_FATAL 2 - -/* these are all the alerts that are recognized */ -#define SSL_ALERT_CLOSE_NOTIFY 0 -#define SSL_ALERT_UNEXPECTED_MESSAGE 10 -#define SSL_ALERT_BAD_RECORD_MAC 20 -#define SSL_ALERT_HANDSHAKE_FAILURE 40 -#define SSL_ALERT_BAD_CERTIFICATE 42 -#define SSL_ALERT_ILLEGAL_PARAMETER 47 -#define SSL_ALERT_DECODE_ERROR 50 -#define SSL_ALERT_DECRYPT_ERROR 51 -#define SSL_ALERT_INVALID_VERSION 70 -#define SSL_ALERT_NO_RENEGOTIATION 100 - -/* The ciphers that are supported */ -#define SSL_AES128_SHA 0x2f -#define SSL_AES256_SHA 0x35 -#define SSL_RC4_128_SHA 0x05 -#define SSL_RC4_128_MD5 0x04 - -/* build mode ids' */ -#define SSL_BUILD_SKELETON_MODE 0x01 -#define SSL_BUILD_SERVER_ONLY 0x02 -#define SSL_BUILD_ENABLE_VERIFICATION 0x03 -#define SSL_BUILD_ENABLE_CLIENT 0x04 -#define SSL_BUILD_FULL_MODE 0x05 - -/* offsets to retrieve configuration information */ -#define SSL_BUILD_MODE 0 -#define SSL_MAX_CERT_CFG_OFFSET 1 -#define SSL_MAX_CA_CERT_CFG_OFFSET 2 -#define SSL_HAS_PEM 3 - -/* default session sizes */ -#define SSL_DEFAULT_SVR_SESS 1 //modify 5->1 by lhan -#define SSL_DEFAULT_CLNT_SESS 1 - -/* X.509/X.520 distinguished name types */ -#define SSL_X509_CERT_COMMON_NAME 0 -#define SSL_X509_CERT_ORGANIZATION 1 -#define SSL_X509_CERT_ORGANIZATIONAL_NAME 2 -#define SSL_X509_CA_CERT_COMMON_NAME 3 -#define SSL_X509_CA_CERT_ORGANIZATION 4 -#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME 5 - -/* SSL object loader types */ -#define SSL_OBJ_X509_CERT 1 -#define SSL_OBJ_X509_CACERT 2 -#define SSL_OBJ_RSA_KEY 3 -#define SSL_OBJ_PKCS8 4 -#define SSL_OBJ_PKCS12 5 - -/** - * @defgroup c_api Standard C API - * @brief The standard interface in C. - * @{ - */ - -/** - * @brief Establish a new client/server context. - * - * This function is called before any client/server SSL connections are made. - * - * Each new connection will use the this context's private key and - * certificate chain. If a different certificate chain is required, then a - * different context needs to be be used. - * - * There are two threading models supported - a single thread with one - * SSL_CTX can support any number of SSL connections - and multiple threads can - * support one SSL_CTX object each (the default). But if a single SSL_CTX - * object uses many SSL objects in individual threads, then the - * CONFIG_SSL_CTX_MUTEXING option needs to be configured. - * - * @param options [in] Any particular options. At present the options - * supported are: - * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server - * authentication fails. The certificate can be authenticated later with a - * call to ssl_verify_cert(). - * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication - * i.e. each handshake will include a "certificate request" message from the - * server. Only available if verification has been enabled. - * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences - * during the handshake. - * - SSL_DISPLAY_STATES (full mode build only): Display the state changes - * during the handshake. - * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that - * are passed during a handshake. - * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that - * are passed during a handshake. - * - SSL_CONNECT_IN_PARTS (client only): To use a non-blocking version of - * ssl_client_new(). - * @param num_sessions [in] The number of sessions to be used for session - * caching. If this value is 0, then there is no session caching. This option - * is not used in skeleton mode. - * @return A client/server context. - */ -EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions); - -/** - * @brief Remove a client/server context. - * - * Frees any used resources used by this context. Each connection will be - * sent a "Close Notify" alert (if possible). - * @param ssl_ctx [in] The client/server context. - */ -EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx); - -/** - * @brief (server only) Establish a new SSL connection to an SSL client. - * - * It is up to the application to establish the logical connection (whether it - * is a socket, serial connection etc). - * @param ssl_ctx [in] The server context. - * @param client_fd [in] The client's file descriptor. - * @return An SSL object reference. - */ -EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd); - -/** - * @brief (client only) Establish a new SSL connection to an SSL server. - * - * It is up to the application to establish the initial logical connection - * (whether it is a socket, serial connection etc). - * - * This is a normally a blocking call - it will finish when the handshake is - * complete (or has failed). To use in non-blocking mode, set - * SSL_CONNECT_IN_PARTS in ssl_ctx_new(). - * @param ssl_ctx [in] The client context. - * @param client_fd [in] The client's file descriptor. - * @param session_id [in] A 32 byte session id for session resumption. This - * can be null if no session resumption is being used or required. This option - * is not used in skeleton mode. - * @param sess_id_size The size of the session id (max 32) - * @return An SSL object reference. Use ssl_handshake_status() to check - * if a handshake succeeded. - */ -EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size); - -/** - * @brief Free any used resources on this connection. - - * A "Close Notify" message is sent on this connection (if possible). It is up - * to the application to close the socket or file descriptor. - * @param ssl [in] The ssl object reference. - */ -EXP_FUNC void STDCALL ssl_free(SSL *ssl); - -/** - * @brief Read the SSL data stream. - * If the socket is non-blocking and data is blocked then SSO_OK will be - * returned. - * @param ssl [in] An SSL object reference. - * @param in_data [out] If the read was successful, a pointer to the read - * buffer will be here. Do NOT ever free this memory as this buffer is used in - * sucessive calls. If the call was unsuccessful, this value will be null. - * @return The number of decrypted bytes: - * - if > 0, then the handshaking is complete and we are returning the number - * of decrypted bytes. - * - SSL_OK if the handshaking stage is successful (but not yet complete). - * - < 0 if an error. - * @see ssl.h for the error code list. - * @note Use in_data before doing any successive ssl calls. - */ -EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data); - -/** - * @brief Write to the SSL data stream. - * if the socket is non-blocking and data is blocked then a check is made - * to ensure that all data is sent (i.e. blocked mode is forced). - * @param ssl [in] An SSL obect reference. - * @param out_data [in] The data to be written - * @param out_len [in] The number of bytes to be written. - * @return The number of bytes sent, or if < 0 if an error. - * @see ssl.h for the error code list. - */ -EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len); - -/** - * @brief Find an ssl object based on a file descriptor. - * - * Goes through the list of SSL objects maintained in a client/server context - * to look for a file descriptor match. - * @param ssl_ctx [in] The client/server context. - * @param client_fd [in] The file descriptor. - * @return A reference to the SSL object. Returns null if the object could not - * be found. - */ -EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd); - -/** - * @brief Get the session id for a handshake. - * - * This will be a 32 byte sequence and is available after the first - * handshaking messages are sent. - * @param ssl [in] An SSL object reference. - * @return The session id as a 32 byte sequence. - * @note A SSLv23 handshake may have only 16 valid bytes. - */ -EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl); - -/** - * @brief Get the session id size for a handshake. - * - * This will normally be 32 but could be 0 (no session id) or something else. - * @param ssl [in] An SSL object reference. - * @return The size of the session id. - */ -EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl); - -/** - * @brief Return the cipher id (in the SSL form). - * @param ssl [in] An SSL object reference. - * @return The cipher id. This will be one of the following: - * - SSL_AES128_SHA (0x2f) - * - SSL_AES256_SHA (0x35) - * - SSL_RC4_128_SHA (0x05) - * - SSL_RC4_128_MD5 (0x04) - */ -EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl); - -/** - * @brief Return the status of the handshake. - * @param ssl [in] An SSL object reference. - * @return SSL_OK if the handshake is complete and ok. - * @see ssl.h for the error code list. - */ -EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl); - -/** - * @brief Retrieve various parameters about the axTLS engine. - * @param offset [in] The configuration offset. It will be one of the following: - * - SSL_BUILD_MODE The build mode. This will be one of the following: - * - SSL_BUILD_SERVER_ONLY (basic server mode) - * - SSL_BUILD_ENABLE_VERIFICATION (server can do client authentication) - * - SSL_BUILD_ENABLE_CLIENT (client/server capabilties) - * - SSL_BUILD_FULL_MODE (client/server with diagnostics) - * - SSL_BUILD_SKELETON_MODE (skeleton mode) - * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed. - * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed. - * - SSL_HAS_PEM 1 if supported - * @return The value of the requested parameter. - */ -EXP_FUNC int STDCALL ssl_get_config(int offset); - -/** - * @brief Display why the handshake failed. - * - * This call is only useful in a 'full mode' build. The output is to stdout. - * @param error_code [in] An error code. - * @see ssl.h for the error code list. - */ -//EXP_FUNC void STDCALL ssl_display_error(int error_code); - -/** - * @brief Authenticate a received certificate. - * - * This call is usually made by a client after a handshake is complete and the - * context is in SSL_SERVER_VERIFY_LATER mode. - * @param ssl [in] An SSL object reference. - * @return SSL_OK if the certificate is verified. - */ -EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl); - -/** - * @brief Retrieve an X.509 distinguished name component. - * - * When a handshake is complete and a certificate has been exchanged, then the - * details of the remote certificate can be retrieved. - * - * This will usually be used by a client to check that the server's common - * name matches the URL. - * - * @param ssl [in] An SSL object reference. - * @param component [in] one of: - * - SSL_X509_CERT_COMMON_NAME - * - SSL_X509_CERT_ORGANIZATION - * - SSL_X509_CERT_ORGANIZATIONAL_NAME - * - SSL_X509_CA_CERT_COMMON_NAME - * - SSL_X509_CA_CERT_ORGANIZATION - * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME - * @return The appropriate string (or null if not defined) - * @note Verification build mode must be enabled. - */ -EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component); - -/** - * @brief Retrieve a Subject Alternative DNSName - * - * When a handshake is complete and a certificate has been exchanged, then the - * details of the remote certificate can be retrieved. - * - * This will usually be used by a client to check that the server's DNS - * name matches the URL. - * - * @param ssl [in] An SSL object reference. - * @param dnsindex [in] The index of the DNS name to retrieve. - * @return The appropriate string (or null if not defined) - * @note Verification build mode must be enabled. - */ -EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int dnsindex); - -/** - * @brief Force the client to perform its handshake again. - * - * For a client this involves sending another "client hello" message. - * For the server is means sending a "hello request" message. - * - * This is a blocking call on the client (until the handshake completes). - * - * @param ssl [in] An SSL object reference. - * @return SSL_OK if renegotiation instantiation was ok - */ -EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl); - -/** - * @brief Process a file that is in binary DER or ASCII PEM format. - * - * These are temporary objects that are used to load private keys, - * certificates etc into memory. - * @param ssl_ctx [in] The client/server context. - * @param obj_type [in] The format of the file. Can be one of: - * - SSL_OBJ_X509_CERT (no password required) - * - SSL_OBJ_X509_CACERT (no password required) - * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported) - * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported) - * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported) - * - * PEM files are automatically detected (if supported). The object type is - * also detected, and so is not relevant for these types of files. - * @param filename [in] The location of a file in DER/PEM format. - * @param password [in] The password used. Can be null if not required. - * @return SSL_OK if all ok - * @note Not available in skeleton build mode. - */ -EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password); - -/** - * @brief Process binary data. - * - * These are temporary objects that are used to load private keys, - * certificates etc into memory. - * @param ssl_ctx [in] The client/server context. - * @param obj_type [in] The format of the memory data. - * @param data [in] The binary data to be loaded. - * @param len [in] The amount of data to be loaded. - * @param password [in] The password used. Can be null if not required. - * @return SSL_OK if all ok - * @see ssl_obj_load for more details on obj_type. - */ -EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password); - -#ifdef CONFIG_SSL_GENERATE_X509_CERT -/** - * @brief Create an X.509 certificate. - * - * This certificate is a self-signed v1 cert with a fixed start/stop validity - * times. It is signed with an internal private key in ssl_ctx. - * - * @param ssl_ctx [in] The client/server context. - * @param options [in] Not used yet. - * @param dn [in] An array of distinguished name strings. The array is defined - * by: - * - SSL_X509_CERT_COMMON_NAME (0) - * - If SSL_X509_CERT_COMMON_NAME is empty or not defined, then the - * hostname will be used. - * - SSL_X509_CERT_ORGANIZATION (1) - * - If SSL_X509_CERT_ORGANIZATION is empty or not defined, then $USERNAME - * will be used. - * - SSL_X509_CERT_ORGANIZATIONAL_NAME (2) - * - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional. - * @param cert_data [out] The certificate as a sequence of bytes. - * @return < 0 if an error, or the size of the certificate in bytes. - * @note cert_data must be freed when there is no more need for it. - */ -EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data); -#endif - -/** - * @brief Return the axTLS library version as a string. - */ -EXP_FUNC const char * STDCALL ssl_version(void); - -/** @} */ - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/include/ssl/ssl_tls1.h b/include/ssl/ssl_tls1.h deleted file mode 100644 index 5597856..0000000 --- a/include/ssl/ssl_tls1.h +++ /dev/null @@ -1,298 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * @file tls1.h - * - * @brief The definitions for the TLS library. - */ -#ifndef HEADER_SSL_LIB_H -#define HEADER_SSL_LIB_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "c_types.h" -#include "ssl/ssl_version.h" -#include "ssl/ssl_config.h" - -#include "ssl/ssl_crypto.h" -#include "ssl/ssl_crypto_misc.h" - -#define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */ -#define SSL_PROTOCOL_MINOR_VERSION 0x02 /* TLS v1.1 */ -#define SSL_PROTOCOL_VERSION_MAX 0x32 /* TLS v1.1 */ -#define SSL_PROTOCOL_VERSION1_1 0x32 /* TLS v1.1 */ -#define SSL_RANDOM_SIZE 32 -#define SSL_SECRET_SIZE 48 -#define SSL_FINISHED_HASH_SIZE 12 -#define SSL_RECORD_SIZE 5 -#define SSL_SERVER_READ 0 -#define SSL_SERVER_WRITE 1 -#define SSL_CLIENT_READ 2 -#define SSL_CLIENT_WRITE 3 -#define SSL_HS_HDR_SIZE 4 - -/* the flags we use while establishing a connection */ -#define SSL_NEED_RECORD 0x0001 -#define SSL_TX_ENCRYPTED 0x0002 -#define SSL_RX_ENCRYPTED 0x0004 -#define SSL_SESSION_RESUME 0x0008 -#define SSL_IS_CLIENT 0x0010 -#define SSL_HAS_CERT_REQ 0x0020 -#define SSL_SENT_CLOSE_NOTIFY 0x0040 - -/* some macros to muck around with flag bits */ -#define SET_SSL_FLAG(A) (ssl->flag |= A) -#define CLR_SSL_FLAG(A) (ssl->flag &= ~A) -#define IS_SET_SSL_FLAG(A) (ssl->flag & A) - -#define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */ -#define RT_MAX_PLAIN_LENGTH 1024 -#define RT_EXTRA 1024 -#define BM_RECORD_OFFSET 5 - -#ifdef CONFIG_SSL_SKELETON_MODE -#define NUM_PROTOCOLS 1 -#else -#define NUM_PROTOCOLS 4 -#endif - -#define PARANOIA_CHECK(A, B) if (A < B) { \ - ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; } - -/* protocol types */ -enum -{ - PT_CHANGE_CIPHER_SPEC = 20, - PT_ALERT_PROTOCOL, - PT_HANDSHAKE_PROTOCOL, - PT_APP_PROTOCOL_DATA -}; - -/* handshaking types */ -enum -{ - HS_HELLO_REQUEST, - HS_CLIENT_HELLO, - HS_SERVER_HELLO, - HS_CERTIFICATE = 11, - HS_SERVER_KEY_XCHG, - HS_CERT_REQ, - HS_SERVER_HELLO_DONE, - HS_CERT_VERIFY, - HS_CLIENT_KEY_XCHG, - HS_FINISHED = 20 -}; - -typedef struct -{ - uint8_t cipher; - uint8_t key_size; - uint8_t iv_size; - uint8_t key_block_size; - uint8_t padding_size; - uint8_t digest_size; - hmac_func hmac; - crypt_func encrypt; - crypt_func decrypt; -} cipher_info_t; - -struct _SSLObjLoader -{ - uint8_t *buf; - int len; -}; - -typedef struct _SSLObjLoader SSLObjLoader; - -typedef struct -{ - time_t conn_time; - uint8_t session_id[SSL_SESSION_ID_SIZE]; - uint8_t master_secret[SSL_SECRET_SIZE]; -} SSL_SESSION; - -typedef struct -{ - uint8_t *buf; - int size; -} SSL_CERT; - -typedef struct -{ - MD5_CTX md5_ctx; - SHA1_CTX sha1_ctx; - uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE]; - uint8_t *key_block; - uint8_t master_secret[SSL_SECRET_SIZE]; - uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */ - uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */ - uint16_t bm_proc_index; -} DISPOSABLE_CTX; - -struct _SSL -{ - uint32_t flag; - uint16_t need_bytes; - uint16_t got_bytes; - uint8_t record_type; - uint8_t cipher; - uint8_t sess_id_size; - uint8_t version; - uint8_t client_version; - sint16_t next_state; - sint16_t hs_status; - DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */ - int client_fd; - const cipher_info_t *cipher_info; - void *encrypt_ctx; - void *decrypt_ctx; - uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA]; - uint8_t *bm_data; - uint16_t bm_index; - uint16_t bm_read_index; - struct _SSL *next; /* doubly linked list */ - struct _SSL *prev; - struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */ -#ifndef CONFIG_SSL_SKELETON_MODE - uint16_t session_index; - SSL_SESSION *session; -#endif -#ifdef CONFIG_SSL_CERT_VERIFICATION - X509_CTX *x509_ctx; -#endif - - uint8_t session_id[SSL_SESSION_ID_SIZE]; - uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */ - uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */ - uint8_t read_sequence[8]; /* 64 bit sequence number */ - uint8_t write_sequence[8]; /* 64 bit sequence number */ - uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */ -}; - -typedef struct _SSL SSL; - -struct _SSL_CTX -{ - uint32_t options; - uint8_t chain_length; - RSA_CTX *rsa_ctx; -#ifdef CONFIG_SSL_CERT_VERIFICATION - CA_CERT_CTX *ca_cert_ctx; -#endif - SSL *head; - SSL *tail; - SSL_CERT certs[CONFIG_SSL_MAX_CERTS]; -#ifndef CONFIG_SSL_SKELETON_MODE - uint16_t num_sessions; - SSL_SESSION **ssl_sessions; -#endif -#ifdef CONFIG_SSL_CTX_MUTEXING - SSL_CTX_MUTEX_TYPE mutex; -#endif -#ifdef CONFIG_OPENSSL_COMPATIBLE - void *bonus_attr; -#endif -}; - -typedef struct _SSL_CTX SSL_CTX; - -/* backwards compatibility */ -typedef struct _SSL_CTX SSLCTX; - -extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS]; - -SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd); -void disposable_new(SSL *ssl); -void disposable_free(SSL *ssl); -int send_packet(SSL *ssl, uint8_t protocol, - const uint8_t *in, int length); -int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); -int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); -int process_finished(SSL *ssl, uint8_t *buf, int hs_len); -int process_sslv23_client_hello(SSL *ssl); -int send_alert(SSL *ssl, int error_code); -int send_finished(SSL *ssl); -int send_certificate(SSL *ssl); -int basic_read(SSL *ssl, uint8_t **in_data); -int send_change_cipher_spec(SSL *ssl); -void finished_digest(SSL *ssl, const char *label, uint8_t *digest); -void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret); -void add_packet(SSL *ssl, const uint8_t *pkt, int len); -int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); -int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj); -void ssl_obj_free(SSLObjLoader *ssl_obj); -int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); -int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); -int load_key_certs(SSL_CTX *ssl_ctx); -#ifdef CONFIG_SSL_CERT_VERIFICATION -int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); -void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx); -#endif -#ifdef CONFIG_SSL_ENABLE_CLIENT -int do_client_connect(SSL *ssl); -#endif - -#ifdef CONFIG_SSL_FULL_MODE -//void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok); -//void DISPLAY_BYTES(SSL *ssl, const char *format, -// const uint8_t *data, int size, ...); -//void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx); -//void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx); -//void DISPLAY_ALERT(SSL *ssl, int alert); -#else -#define DISPLAY_STATE(A,B,C,D) -#define DISPLAY_CERT(A,B) -#define DISPLAY_RSA(A,B) -#define DISPLAY_ALERT(A, B) -#ifdef WIN32 -void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */ - const uint8_t *data, int size, ...); -#else -#define DISPLAY_BYTES(A,B,C,D,...) -#endif -#endif - -#ifdef CONFIG_SSL_CERT_VERIFICATION -int process_certificate(SSL *ssl, X509_CTX **x509_ctx); -#endif - -SSL_SESSION *ssl_session_update(int max_sessions, - SSL_SESSION *ssl_sessions[], SSL *ssl, - const uint8_t *session_id); -void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/include/ssl/ssl_version.h b/include/ssl/ssl_version.h deleted file mode 100644 index e8158cc..0000000 --- a/include/ssl/ssl_version.h +++ /dev/null @@ -1 +0,0 @@ -#define AXTLS_VERSION "1.4.9" diff --git a/lib/libssl.a b/lib/libssl.a deleted file mode 100644 index 77d9dfa..0000000 Binary files a/lib/libssl.a and /dev/null differ diff --git a/lib/symbols_norename.txt b/lib/symbols_norename.txt index 8d762b4..766c191 100644 --- a/lib/symbols_norename.txt +++ b/lib/symbols_norename.txt @@ -3,4 +3,6 @@ puts printf putchar +rand +srand atoi diff --git a/lwip/component.mk b/lwip/component.mk index 7f737a6..92e8a36 100644 --- a/lwip/component.mk +++ b/lwip/component.mk @@ -1,7 +1,7 @@ # Component makefile for LWIP LWIP_DIR = $(ROOT)lwip/lwip/src/ -INC_DIRS += $(LWIP_DIR)/include $(ROOT)/lwip/include $(ROOT)lwip/include $(LWIP_DIR)include/ipv4 $(LWIP_DIR)include/ipv4/lwip +INC_DIRS += $(LWIP_DIR)include $(ROOT)lwip/include $(ROOT)lwip/include $(LWIP_DIR)include/ipv4 $(LWIP_DIR)include/ipv4/lwip $(LWIP_DIR)include/lwip # args for passing into compile rule generation lwip_ROOT = $(ROOT)/lwip diff --git a/lwip/include/arch/cc.h b/lwip/include/arch/cc.h index fe10d25..acd5f3d 100644 --- a/lwip/include/arch/cc.h +++ b/lwip/include/arch/cc.h @@ -47,6 +47,8 @@ #include /* printf, fflush, FILE */ #include /* abort */ #include +#include +#include #define BYTE_ORDER LITTLE_ENDIAN @@ -59,8 +61,6 @@ #pragma warning (disable: 4103) /* structure packing changed by including file */ #endif -#define LWIP_PROVIDE_ERRNO - /* Define generic types used in lwIP */ typedef uint8_t u8_t; typedef int8_t s8_t; @@ -86,6 +86,7 @@ typedef int sys_prot_t; #define PACK_STRUCT_STRUCT __attribute__( (packed) ) /* Plaform specific diagnostic output */ +#ifdef LWIP_DEBUG #define LWIP_PLATFORM_DIAG(x) do { printf x; } while(0) #define LWIP_PLATFORM_ASSERT(x) do { printf("Assertion \"%s\" failed at line %d in %s\n", \ @@ -94,6 +95,11 @@ typedef int sys_prot_t; #define LWIP_ERROR(message, expression, handler) do { if (!(expression)) { \ printf("Assertion \"%s\" failed at line %d in %s\n", message, __LINE__, __FILE__); \ handler;} } while(0) +#else +#define LWIP_PLATFORM_DIAG(x) +#define LWIP_PLATFORM_ASSERT(x) +#define LWIP_ERROR(m,e,h) +#endif #define LWIP_PLATFORM_BYTESWAP 1 diff --git a/lwip/include/lwipopts.h b/lwip/include/lwipopts.h index e4b3955..0cdd8d9 100644 --- a/lwip/include/lwipopts.h +++ b/lwip/include/lwipopts.h @@ -1,439 +1,440 @@ -/* - * Copyright (c) 2001-2003 Swedish Institute of Computer Science. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT - * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT - * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING - * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY - * OF SUCH DAMAGE. - * - * This file is part of the lwIP TCP/IP stack. - * - * Author: Simon Goldschmidt - * - */ -#ifndef __LWIPOPTS_H__ -#define __LWIPOPTS_H__ - -#define LWIP_ESP 1 -#define ESP_RTOS 1 -#define PBUF_RSV_FOR_WLAN 1 -#define EBUF_LWIP 1 -#define ESP_TIMEWAIT_THRESHOLD 10000 - -// Uncomment this line, and set the debug options you want below, for IP stack debug output -//#define LWIP_DEBUG - -/* - ----------------------------------------------- - ---------- Platform specific locking ---------- - ----------------------------------------------- -*/ -/** - * SYS_LIGHTWEIGHT_PROT==1: if you want inter-task protection for certain - * critical regions during buffer allocation, deallocation and memory - * allocation and deallocation. - */ -#define SYS_LIGHTWEIGHT_PROT 1 - -/** - * MEMCPY: override this if you have a faster implementation at hand than the - * one included in your C library - */ -#define MEMCPY(dst,src,len) memcpy(dst,src,len) - -/** - * SMEMCPY: override this with care! Some compilers (e.g. gcc) can inline a - * call to memcpy() if the length is known at compile time and is small. - */ -#define SMEMCPY(dst,src,len) memcpy(dst,src,len) - -/* - ------------------------------------ - ---------- Memory options ---------- - ------------------------------------ -*/ -/** - * MEM_LIBC_MALLOC==1: Use malloc/free/realloc provided by your C-library - * instead of the lwip internal allocator. Can save code size if you - * already use it. - */ -#define MEM_LIBC_MALLOC 1 - -/** -* MEMP_MEM_MALLOC==1: Use mem_malloc/mem_free instead of the lwip pool allocator. -* Especially useful with MEM_LIBC_MALLOC but handle with care regarding execution -* speed and usage from interrupts! -*/ -#define MEMP_MEM_MALLOC 1 - -/** - * MEM_ALIGNMENT: should be set to the alignment of the CPU - * 4 byte alignment -> #define MEM_ALIGNMENT 4 - * 2 byte alignment -> #define MEM_ALIGNMENT 2 - */ -#define MEM_ALIGNMENT 4 - -/* - ------------------------------------------------ - ---------- Internal Memory Pool Sizes ---------- - ------------------------------------------------ -*/ - -/* - -------------------------------- - ---------- ARP options ------- - -------------------------------- -*/ -/** - * ARP_QUEUEING==1: Multiple outgoing packets are queued during hardware address - * resolution. By default, only the most recent packet is queued per IP address. - * This is sufficient for most protocols and mainly reduces TCP connection - * startup time. Set this to 1 if you know your application sends more than one - * packet in a row to an IP address that is not in the ARP cache. - */ -#define ARP_QUEUEING 1 - -/* - -------------------------------- - ---------- IP options ---------- - -------------------------------- -*/ -/** - * IP_REASSEMBLY==1: Reassemble incoming fragmented IP packets. Note that - * this option does not affect outgoing packet sizes, which can be controlled - * via IP_FRAG. - */ -#define IP_REASSEMBLY 0 - -/** - * IP_FRAG==1: Fragment outgoing IP packets if their size exceeds MTU. Note - * that this option does not affect incoming packet sizes, which can be - * controlled via IP_REASSEMBLY. - */ -#define IP_FRAG 1 - -/** - * IP_REASS_MAXAGE: Maximum time (in multiples of IP_TMR_INTERVAL - so seconds, normally) - * a fragmented IP packet waits for all fragments to arrive. If not all fragments arrived - * in this time, the whole packet is discarded. - */ -#define IP_REASS_MAXAGE 3 - -/** - * IP_REASS_MAX_PBUFS: Total maximum amount of pbufs waiting to be reassembled. - * Since the received pbufs are enqueued, be sure to configure - * PBUF_POOL_SIZE > IP_REASS_MAX_PBUFS so that the stack is still able to receive - * packets even if the maximum amount of fragments is enqueued for reassembly! - */ -#define IP_REASS_MAX_PBUFS 10 - -/* - ---------------------------------- - ---------- ICMP options ---------- - ---------------------------------- -*/ - -/* - --------------------------------- - ---------- RAW options ---------- - --------------------------------- -*/ - -/* - ---------------------------------- - ---------- DHCP options ---------- - ---------------------------------- -*/ -/** - * LWIP_DHCP==1: Enable DHCP module. - */ -#define LWIP_DHCP 1 - -#define LWIP_DHCP_BOOTP_FILE 0 - -/* - ------------------------------------ - ---------- AUTOIP options ---------- - ------------------------------------ -*/ -/* - ---------------------------------- - ---------- SNMP options ---------- - ---------------------------------- -*/ -/* - ---------------------------------- - ---------- IGMP options ---------- - ---------------------------------- -*/ -/* - ---------------------------------- - ---------- DNS options ----------- - ---------------------------------- -*/ -/** - * LWIP_DNS==1: Turn on DNS module. UDP must be available for DNS - * transport. - */ -#define LWIP_DNS 1 - -/* - --------------------------------- - ---------- UDP options ---------- - --------------------------------- -*/ -/* - --------------------------------- - ---------- TCP options ---------- - --------------------------------- -*/ -/** - * TCP_QUEUE_OOSEQ==1: TCP will queue segments that arrive out of order. - * Define to 0 if your device is low on memory. - */ -#define TCP_QUEUE_OOSEQ 0 - -/* - * LWIP_EVENT_API==1: The user defines lwip_tcp_event() to receive all - * events (accept, sent, etc) that happen in the system. - * LWIP_CALLBACK_API==1: The PCB callback function is called directly - * for the event. This is the default. -*/ -#define TCP_MSS 1460 - -/** - * TCP_MAXRTX: Maximum number of retransmissions of data segments. - */ -#define TCP_MAXRTX 6 - - -/** - * TCP_SYNMAXRTX: Maximum number of retransmissions of SYN segments. - */ -#define TCP_SYNMAXRTX 3 - -/* - ---------------------------------- - ---------- Pbuf options ---------- - ---------------------------------- -*/ - -/* - ------------------------------------------------ - ---------- Network Interfaces options ---------- - ------------------------------------------------ -*/ -/** - * LWIP_NETIF_TX_SINGLE_PBUF: if this is set to 1, lwIP tries to put all data - * to be sent into one single pbuf. This is for compatibility with DMA-enabled - * MACs that do not support scatter-gather. - * Beware that this might involve CPU-memcpy before transmitting that would not - * be needed without this flag! Use this only if you need to! - * - * @todo: TCP and IP-frag do not work with this, yet: - */ -#define LWIP_NETIF_TX_SINGLE_PBUF 1 - -/* - ------------------------------------ - ---------- LOOPIF options ---------- - ------------------------------------ -*/ - -/* - ------------------------------------ - ---------- SLIPIF options ---------- - ------------------------------------ -*/ - -/* - ------------------------------------ - ---------- Thread options ---------- - ------------------------------------ -*/ -/** - * TCPIP_THREAD_STACKSIZE: The stack size used by the main tcpip thread. - * The stack size value itself is platform-dependent, but is passed to - * sys_thread_new() when the thread is created. - */ -#define TCPIP_THREAD_STACKSIZE 512 //not ok:384 - -/** - * TCPIP_THREAD_PRIO: The priority assigned to the main tcpip thread. - * The priority value itself is platform-dependent, but is passed to - * sys_thread_new() when the thread is created. - */ -#define TCPIP_THREAD_PRIO (configMAX_PRIORITIES-5) - -/** - * TCPIP_MBOX_SIZE: The mailbox size for the tcpip thread messages - * The queue size value itself is platform-dependent, but is passed to - * sys_mbox_new() when tcpip_init is called. - */ -#define TCPIP_MBOX_SIZE 16 - -/** - * DEFAULT_UDP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a - * NETCONN_UDP. The queue size value itself is platform-dependent, but is passed - * to sys_mbox_new() when the recvmbox is created. - */ -#define DEFAULT_UDP_RECVMBOX_SIZE 6 - -/** - * DEFAULT_TCP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a - * NETCONN_TCP. The queue size value itself is platform-dependent, but is passed - * to sys_mbox_new() when the recvmbox is created. - */ -#define DEFAULT_TCP_RECVMBOX_SIZE 6 - -/** - * DEFAULT_ACCEPTMBOX_SIZE: The mailbox size for the incoming connections. - * The queue size value itself is platform-dependent, but is passed to - * sys_mbox_new() when the acceptmbox is created. - */ -#define DEFAULT_ACCEPTMBOX_SIZE 6 - -/* - ---------------------------------------------- - ---------- Sequential layer options ---------- - ---------------------------------------------- -*/ - -/* - ------------------------------------ - ---------- Socket options ---------- - ------------------------------------ -*/ -/** - * LWIP_SO_SNDTIMEO==1: Enable send timeout for sockets/netconns and - * SO_SNDTIMEO processing. - */ -#define LWIP_SO_SNDTIMEO 1 - -/** - * LWIP_SO_RCVTIMEO==1: Enable receive timeout for sockets/netconns and - * SO_RCVTIMEO processing. - */ -#define LWIP_SO_RCVTIMEO 1 - -/** - * LWIP_TCP_KEEPALIVE==1: Enable TCP_KEEPIDLE, TCP_KEEPINTVL and TCP_KEEPCNT - * options processing. Note that TCP_KEEPIDLE and TCP_KEEPINTVL have to be set - * in seconds. (does not require sockets.c, and will affect tcp.c) - */ -#define LWIP_TCP_KEEPALIVE 1 - -/** - * LWIP_SO_RCVBUF==1: Enable SO_RCVBUF processing. - */ -#define LWIP_SO_RCVBUF 0 - -/** - * SO_REUSE==1: Enable SO_REUSEADDR option. - */ -#define SO_REUSE 1 - -/* - ---------------------------------------- - ---------- Statistics options ---------- - ---------------------------------------- -*/ - -/* - --------------------------------- - ---------- PPP options ---------- - --------------------------------- -*/ - -/* - -------------------------------------- - ---------- Checksum options ---------- - -------------------------------------- -*/ - -/* - --------------------------------------- - ---------- IPv6 options --------------- - --------------------------------------- -*/ - -/* - --------------------------------------- - ---------- Hook options --------------- - --------------------------------------- -*/ - -/* - --------------------------------------- - ---------- Debugging options ---------- - --------------------------------------- -*/ -/** - * ETHARP_DEBUG: Enable debugging in etharp.c. - */ -#define ETHARP_DEBUG LWIP_DBG_OFF - -/** - * PBUF_DEBUG: Enable debugging in pbuf.c. - */ -#define PBUF_DEBUG LWIP_DBG_OFF - -/** - * API_LIB_DEBUG: Enable debugging in api_lib.c. - */ -#define API_LIB_DEBUG LWIP_DBG_OFF - -/** - * SOCKETS_DEBUG: Enable debugging in sockets.c. - */ -#define SOCKETS_DEBUG LWIP_DBG_OFF - -/** - * IP_DEBUG: Enable debugging for IP. - */ -#define IP_DEBUG LWIP_DBG_OFF - -/** - * MEMP_DEBUG: Enable debugging in memp.c. - */ -#define MEMP_DEBUG LWIP_DBG_OFF - -/** - * TCP_INPUT_DEBUG: Enable debugging in tcp_in.c for incoming debug. - */ -#define TCP_INPUT_DEBUG LWIP_DBG_OFF - -/** - * TCP_OUTPUT_DEBUG: Enable debugging in tcp_out.c output functions. - */ -#define TCP_OUTPUT_DEBUG LWIP_DBG_OFF - -/** - * TCPIP_DEBUG: Enable debugging in tcpip.c. - */ -#define TCPIP_DEBUG LWIP_DBG_OFF - -/** - * DHCP_DEBUG: Enable debugging in dhcp.c. - */ -#define DHCP_DEBUG LWIP_DBG_OFF - -#endif /* __LWIPOPTS_H__ */ +/* + * Copyright (c) 2001-2003 Swedish Institute of Computer Science. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT + * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT + * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + * + * This file is part of the lwIP TCP/IP stack. + * + * Author: Simon Goldschmidt + * + */ +#ifndef __LWIPOPTS_H__ +#define __LWIPOPTS_H__ + +#define LWIP_ESP 1 +#define ESP_RTOS 1 +#define PBUF_RSV_FOR_WLAN 1 +#define EBUF_LWIP 1 +#define ESP_TIMEWAIT_THRESHOLD 10000 +#define LWIP_TIMEVAL_PRIVATE 0 + +// Uncomment this line, and set the debug options you want below, for IP stack debug output +//#define LWIP_DEBUG + +/* + ----------------------------------------------- + ---------- Platform specific locking ---------- + ----------------------------------------------- +*/ +/** + * SYS_LIGHTWEIGHT_PROT==1: if you want inter-task protection for certain + * critical regions during buffer allocation, deallocation and memory + * allocation and deallocation. + */ +#define SYS_LIGHTWEIGHT_PROT 1 + +/** + * MEMCPY: override this if you have a faster implementation at hand than the + * one included in your C library + */ +#define MEMCPY(dst,src,len) memcpy(dst,src,len) + +/** + * SMEMCPY: override this with care! Some compilers (e.g. gcc) can inline a + * call to memcpy() if the length is known at compile time and is small. + */ +#define SMEMCPY(dst,src,len) memcpy(dst,src,len) + +/* + ------------------------------------ + ---------- Memory options ---------- + ------------------------------------ +*/ +/** + * MEM_LIBC_MALLOC==1: Use malloc/free/realloc provided by your C-library + * instead of the lwip internal allocator. Can save code size if you + * already use it. + */ +#define MEM_LIBC_MALLOC 1 + +/** +* MEMP_MEM_MALLOC==1: Use mem_malloc/mem_free instead of the lwip pool allocator. +* Especially useful with MEM_LIBC_MALLOC but handle with care regarding execution +* speed and usage from interrupts! +*/ +#define MEMP_MEM_MALLOC 1 + +/** + * MEM_ALIGNMENT: should be set to the alignment of the CPU + * 4 byte alignment -> #define MEM_ALIGNMENT 4 + * 2 byte alignment -> #define MEM_ALIGNMENT 2 + */ +#define MEM_ALIGNMENT 4 + +/* + ------------------------------------------------ + ---------- Internal Memory Pool Sizes ---------- + ------------------------------------------------ +*/ + +/* + -------------------------------- + ---------- ARP options ------- + -------------------------------- +*/ +/** + * ARP_QUEUEING==1: Multiple outgoing packets are queued during hardware address + * resolution. By default, only the most recent packet is queued per IP address. + * This is sufficient for most protocols and mainly reduces TCP connection + * startup time. Set this to 1 if you know your application sends more than one + * packet in a row to an IP address that is not in the ARP cache. + */ +#define ARP_QUEUEING 1 + +/* + -------------------------------- + ---------- IP options ---------- + -------------------------------- +*/ +/** + * IP_REASSEMBLY==1: Reassemble incoming fragmented IP packets. Note that + * this option does not affect outgoing packet sizes, which can be controlled + * via IP_FRAG. + */ +#define IP_REASSEMBLY 0 + +/** + * IP_FRAG==1: Fragment outgoing IP packets if their size exceeds MTU. Note + * that this option does not affect incoming packet sizes, which can be + * controlled via IP_REASSEMBLY. + */ +#define IP_FRAG 1 + +/** + * IP_REASS_MAXAGE: Maximum time (in multiples of IP_TMR_INTERVAL - so seconds, normally) + * a fragmented IP packet waits for all fragments to arrive. If not all fragments arrived + * in this time, the whole packet is discarded. + */ +#define IP_REASS_MAXAGE 3 + +/** + * IP_REASS_MAX_PBUFS: Total maximum amount of pbufs waiting to be reassembled. + * Since the received pbufs are enqueued, be sure to configure + * PBUF_POOL_SIZE > IP_REASS_MAX_PBUFS so that the stack is still able to receive + * packets even if the maximum amount of fragments is enqueued for reassembly! + */ +#define IP_REASS_MAX_PBUFS 10 + +/* + ---------------------------------- + ---------- ICMP options ---------- + ---------------------------------- +*/ + +/* + --------------------------------- + ---------- RAW options ---------- + --------------------------------- +*/ + +/* + ---------------------------------- + ---------- DHCP options ---------- + ---------------------------------- +*/ +/** + * LWIP_DHCP==1: Enable DHCP module. + */ +#define LWIP_DHCP 1 + +#define LWIP_DHCP_BOOTP_FILE 0 + +/* + ------------------------------------ + ---------- AUTOIP options ---------- + ------------------------------------ +*/ +/* + ---------------------------------- + ---------- SNMP options ---------- + ---------------------------------- +*/ +/* + ---------------------------------- + ---------- IGMP options ---------- + ---------------------------------- +*/ +/* + ---------------------------------- + ---------- DNS options ----------- + ---------------------------------- +*/ +/** + * LWIP_DNS==1: Turn on DNS module. UDP must be available for DNS + * transport. + */ +#define LWIP_DNS 1 + +/* + --------------------------------- + ---------- UDP options ---------- + --------------------------------- +*/ +/* + --------------------------------- + ---------- TCP options ---------- + --------------------------------- +*/ +/** + * TCP_QUEUE_OOSEQ==1: TCP will queue segments that arrive out of order. + * Define to 0 if your device is low on memory. + */ +#define TCP_QUEUE_OOSEQ 0 + +/* + * LWIP_EVENT_API==1: The user defines lwip_tcp_event() to receive all + * events (accept, sent, etc) that happen in the system. + * LWIP_CALLBACK_API==1: The PCB callback function is called directly + * for the event. This is the default. +*/ +#define TCP_MSS 1460 + +/** + * TCP_MAXRTX: Maximum number of retransmissions of data segments. + */ +#define TCP_MAXRTX 6 + + +/** + * TCP_SYNMAXRTX: Maximum number of retransmissions of SYN segments. + */ +#define TCP_SYNMAXRTX 3 + +/* + ---------------------------------- + ---------- Pbuf options ---------- + ---------------------------------- +*/ + +/* + ------------------------------------------------ + ---------- Network Interfaces options ---------- + ------------------------------------------------ +*/ +/** + * LWIP_NETIF_TX_SINGLE_PBUF: if this is set to 1, lwIP tries to put all data + * to be sent into one single pbuf. This is for compatibility with DMA-enabled + * MACs that do not support scatter-gather. + * Beware that this might involve CPU-memcpy before transmitting that would not + * be needed without this flag! Use this only if you need to! + * + * @todo: TCP and IP-frag do not work with this, yet: + */ +#define LWIP_NETIF_TX_SINGLE_PBUF 1 + +/* + ------------------------------------ + ---------- LOOPIF options ---------- + ------------------------------------ +*/ + +/* + ------------------------------------ + ---------- SLIPIF options ---------- + ------------------------------------ +*/ + +/* + ------------------------------------ + ---------- Thread options ---------- + ------------------------------------ +*/ +/** + * TCPIP_THREAD_STACKSIZE: The stack size used by the main tcpip thread. + * The stack size value itself is platform-dependent, but is passed to + * sys_thread_new() when the thread is created. + */ +#define TCPIP_THREAD_STACKSIZE 512 //not ok:384 + +/** + * TCPIP_THREAD_PRIO: The priority assigned to the main tcpip thread. + * The priority value itself is platform-dependent, but is passed to + * sys_thread_new() when the thread is created. + */ +#define TCPIP_THREAD_PRIO (configMAX_PRIORITIES-5) + +/** + * TCPIP_MBOX_SIZE: The mailbox size for the tcpip thread messages + * The queue size value itself is platform-dependent, but is passed to + * sys_mbox_new() when tcpip_init is called. + */ +#define TCPIP_MBOX_SIZE 16 + +/** + * DEFAULT_UDP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a + * NETCONN_UDP. The queue size value itself is platform-dependent, but is passed + * to sys_mbox_new() when the recvmbox is created. + */ +#define DEFAULT_UDP_RECVMBOX_SIZE 6 + +/** + * DEFAULT_TCP_RECVMBOX_SIZE: The mailbox size for the incoming packets on a + * NETCONN_TCP. The queue size value itself is platform-dependent, but is passed + * to sys_mbox_new() when the recvmbox is created. + */ +#define DEFAULT_TCP_RECVMBOX_SIZE 6 + +/** + * DEFAULT_ACCEPTMBOX_SIZE: The mailbox size for the incoming connections. + * The queue size value itself is platform-dependent, but is passed to + * sys_mbox_new() when the acceptmbox is created. + */ +#define DEFAULT_ACCEPTMBOX_SIZE 6 + +/* + ---------------------------------------------- + ---------- Sequential layer options ---------- + ---------------------------------------------- +*/ + +/* + ------------------------------------ + ---------- Socket options ---------- + ------------------------------------ +*/ +/** + * LWIP_SO_SNDTIMEO==1: Enable send timeout for sockets/netconns and + * SO_SNDTIMEO processing. + */ +#define LWIP_SO_SNDTIMEO 1 + +/** + * LWIP_SO_RCVTIMEO==1: Enable receive timeout for sockets/netconns and + * SO_RCVTIMEO processing. + */ +#define LWIP_SO_RCVTIMEO 1 + +/** + * LWIP_TCP_KEEPALIVE==1: Enable TCP_KEEPIDLE, TCP_KEEPINTVL and TCP_KEEPCNT + * options processing. Note that TCP_KEEPIDLE and TCP_KEEPINTVL have to be set + * in seconds. (does not require sockets.c, and will affect tcp.c) + */ +#define LWIP_TCP_KEEPALIVE 1 + +/** + * LWIP_SO_RCVBUF==1: Enable SO_RCVBUF processing. + */ +#define LWIP_SO_RCVBUF 0 + +/** + * SO_REUSE==1: Enable SO_REUSEADDR option. + */ +#define SO_REUSE 1 + +/* + ---------------------------------------- + ---------- Statistics options ---------- + ---------------------------------------- +*/ + +/* + --------------------------------- + ---------- PPP options ---------- + --------------------------------- +*/ + +/* + -------------------------------------- + ---------- Checksum options ---------- + -------------------------------------- +*/ + +/* + --------------------------------------- + ---------- IPv6 options --------------- + --------------------------------------- +*/ + +/* + --------------------------------------- + ---------- Hook options --------------- + --------------------------------------- +*/ + +/* + --------------------------------------- + ---------- Debugging options ---------- + --------------------------------------- +*/ +/** + * ETHARP_DEBUG: Enable debugging in etharp.c. + */ +#define ETHARP_DEBUG LWIP_DBG_OFF + +/** + * PBUF_DEBUG: Enable debugging in pbuf.c. + */ +#define PBUF_DEBUG LWIP_DBG_OFF + +/** + * API_LIB_DEBUG: Enable debugging in api_lib.c. + */ +#define API_LIB_DEBUG LWIP_DBG_OFF + +/** + * SOCKETS_DEBUG: Enable debugging in sockets.c. + */ +#define SOCKETS_DEBUG LWIP_DBG_OFF + +/** + * IP_DEBUG: Enable debugging for IP. + */ +#define IP_DEBUG LWIP_DBG_OFF + +/** + * MEMP_DEBUG: Enable debugging in memp.c. + */ +#define MEMP_DEBUG LWIP_DBG_OFF + +/** + * TCP_INPUT_DEBUG: Enable debugging in tcp_in.c for incoming debug. + */ +#define TCP_INPUT_DEBUG LWIP_DBG_OFF + +/** + * TCP_OUTPUT_DEBUG: Enable debugging in tcp_out.c output functions. + */ +#define TCP_OUTPUT_DEBUG LWIP_DBG_OFF + +/** + * TCPIP_DEBUG: Enable debugging in tcpip.c. + */ +#define TCPIP_DEBUG LWIP_DBG_OFF + +/** + * DHCP_DEBUG: Enable debugging in dhcp.c. + */ +#define DHCP_DEBUG LWIP_DBG_OFF + +#endif /* __LWIPOPTS_H__ */