Swap binary axTLS libssl for direct compiled version
This commit is contained in:
		
							parent
							
								
									c19346fa23
								
							
						
					
					
						commit
						3fcec6106f
					
				
					 21 changed files with 590 additions and 1925 deletions
				
			
		|  | @ -1,5 +1,6 @@ | |||
| /* esp8266.h
 | ||||
|  * | ||||
| <<<<<<< HEAD | ||||
|  * ESP-specific SoC-level addresses, macros, etc. | ||||
|  * Part of esp-open-rtos | ||||
|  * | ||||
|  | @ -23,7 +24,6 @@ | |||
| */ | ||||
| #define IROM __attribute__((section(".irom0"))) const | ||||
| 
 | ||||
| 
 | ||||
| /* Register addresses
 | ||||
| 
 | ||||
|    ESPTODO: break this out to its own header file and clean it up, add other regs, etc. | ||||
|  |  | |||
|  | @ -1,99 +0,0 @@ | |||
| /*
 | ||||
|  * Copyright (c) 2007, Cameron Rich | ||||
|  *  | ||||
|  * All rights reserved. | ||||
|  *  | ||||
|  * Redistribution and use in source and binary forms, with or without  | ||||
|  * modification, are permitted provided that the following conditions are met: | ||||
|  * | ||||
|  * * Redistributions of source code must retain the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer. | ||||
|  * * Redistributions in binary form must reproduce the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer in the documentation  | ||||
|  *   and/or other materials provided with the distribution. | ||||
|  * * Neither the name of the axTLS project nor the names of its contributors  | ||||
|  *   may be used to endorse or promote products derived from this software  | ||||
|  *   without specific prior written permission. | ||||
|  * | ||||
|  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||||
|  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||||
|  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | ||||
|  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | ||||
|  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | ||||
|  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | ||||
|  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | ||||
|  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||||
|  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | ||||
|  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||||
|  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
|  */ | ||||
| 
 | ||||
| #ifndef BIGINT_HEADER | ||||
| #define BIGINT_HEADER | ||||
| 
 | ||||
| #include "ssl/ssl_crypto.h" | ||||
| 
 | ||||
| BI_CTX *bi_initialize(void); | ||||
| void bi_terminate(BI_CTX *ctx); | ||||
| void bi_permanent(bigint *bi); | ||||
| void bi_depermanent(bigint *bi); | ||||
| void bi_clear_cache(BI_CTX *ctx); | ||||
| void bi_free(BI_CTX *ctx, bigint *bi); | ||||
| bigint *bi_copy(bigint *bi); | ||||
| bigint *bi_clone(BI_CTX *ctx, const bigint *bi); | ||||
| void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size); | ||||
| bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len); | ||||
| bigint *int_to_bi(BI_CTX *ctx, comp i); | ||||
| 
 | ||||
| /* the functions that actually do something interesting */ | ||||
| bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib); | ||||
| bigint *bi_subtract(BI_CTX *ctx, bigint *bia,  | ||||
|         bigint *bib, int *is_negative); | ||||
| bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod); | ||||
| bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib); | ||||
| bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp); | ||||
| bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp); | ||||
| int bi_compare(bigint *bia, bigint *bib); | ||||
| void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset); | ||||
| void bi_free_mod(BI_CTX *ctx, int mod_offset); | ||||
| 
 | ||||
| #ifdef CONFIG_SSL_FULL_MODE | ||||
| void bi_print(const char *label, bigint *bi); | ||||
| bigint *bi_str_import(BI_CTX *ctx, const char *data); | ||||
| #endif | ||||
| 
 | ||||
| /**
 | ||||
|  * @def bi_mod | ||||
|  * Find the residue of B. bi_set_mod() must be called before hand. | ||||
|  */ | ||||
| #define bi_mod(A, B)      bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1) | ||||
| 
 | ||||
| /**
 | ||||
|  * bi_residue() is technically the same as bi_mod(), but it uses the | ||||
|  * appropriate reduction technique (which is bi_mod() when doing classical | ||||
|  * reduction). | ||||
|  */ | ||||
| #if defined(CONFIG_BIGINT_MONTGOMERY) | ||||
| #define bi_residue(A, B)         bi_mont(A, B) | ||||
| bigint *bi_mont(BI_CTX *ctx, bigint *bixy); | ||||
| #elif defined(CONFIG_BIGINT_BARRETT) | ||||
| #define bi_residue(A, B)         bi_barrett(A, B) | ||||
| bigint *bi_barrett(BI_CTX *ctx, bigint *bi); | ||||
| #else /* if defined(CONFIG_BIGINT_CLASSICAL) */ | ||||
| #define bi_residue(A, B)         bi_mod(A, B) | ||||
| #endif | ||||
| 
 | ||||
| #ifdef CONFIG_BIGINT_SQUARE | ||||
| bigint *bi_square(BI_CTX *ctx, bigint *bi); | ||||
| #else | ||||
| #define bi_square(A, B)     bi_multiply(A, bi_copy(B), B) | ||||
| #endif | ||||
| 
 | ||||
| #ifdef CONFIG_BIGINT_CRT | ||||
| bigint *bi_crt(BI_CTX *ctx, bigint *bi, | ||||
|         bigint *dP, bigint *dQ, | ||||
|         bigint *p, bigint *q, | ||||
|         bigint *qInv); | ||||
| #endif | ||||
| 
 | ||||
| #endif | ||||
|  | @ -1,131 +0,0 @@ | |||
| /*
 | ||||
|  * Copyright (c) 2007, Cameron Rich | ||||
|  *  | ||||
|  * All rights reserved. | ||||
|  *  | ||||
|  * Redistribution and use in source and binary forms, with or without  | ||||
|  * modification, are permitted provided that the following conditions are met: | ||||
|  * | ||||
|  * * Redistributions of source code must retain the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer. | ||||
|  * * Redistributions in binary form must reproduce the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer in the documentation  | ||||
|  *   and/or other materials provided with the distribution. | ||||
|  * * Neither the name of the axTLS project nor the names of its contributors  | ||||
|  *   may be used to endorse or promote products derived from this software  | ||||
|  *   without specific prior written permission. | ||||
|  * | ||||
|  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||||
|  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||||
|  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | ||||
|  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | ||||
|  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | ||||
|  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | ||||
|  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | ||||
|  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||||
|  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | ||||
|  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||||
|  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
|  */ | ||||
| 
 | ||||
| #ifndef BIGINT_IMPL_HEADER | ||||
| #define BIGINT_IMPL_HEADER | ||||
| 
 | ||||
| /* Maintain a number of precomputed variables when doing reduction */ | ||||
| #define BIGINT_M_OFFSET     0    /**< Normal modulo offset. */ | ||||
| #ifdef CONFIG_BIGINT_CRT | ||||
| #define BIGINT_P_OFFSET     1    /**< p modulo offset. */ | ||||
| #define BIGINT_Q_OFFSET     2    /**< q module offset. */ | ||||
| #define BIGINT_NUM_MODS     3    /**< The number of modulus constants used. */ | ||||
| #else | ||||
| #define BIGINT_NUM_MODS     1     | ||||
| #endif | ||||
| 
 | ||||
| /* Architecture specific functions for big ints */ | ||||
| #if defined(CONFIG_INTEGER_8BIT) | ||||
| #define COMP_RADIX          256U       /**< Max component + 1 */ | ||||
| #define COMP_MAX            0xFFFFU/**< (Max dbl comp -1) */ | ||||
| #define COMP_BIT_SIZE       8   /**< Number of bits in a component. */ | ||||
| #define COMP_BYTE_SIZE      1   /**< Number of bytes in a component. */ | ||||
| #define COMP_NUM_NIBBLES    2   /**< Used For diagnostics only. */ | ||||
| typedef uint8_t comp;	        /**< A single precision component. */ | ||||
| typedef uint16_t long_comp;     /**< A double precision component. */ | ||||
| typedef int16_t slong_comp;     /**< A signed double precision component. */ | ||||
| #elif defined(CONFIG_INTEGER_16BIT) | ||||
| #define COMP_RADIX          65536U       /**< Max component + 1 */ | ||||
| #define COMP_MAX            0xFFFFFFFFU/**< (Max dbl comp -1) */ | ||||
| #define COMP_BIT_SIZE       16  /**< Number of bits in a component. */ | ||||
| #define COMP_BYTE_SIZE      2   /**< Number of bytes in a component. */ | ||||
| #define COMP_NUM_NIBBLES    4   /**< Used For diagnostics only. */ | ||||
| typedef uint16_t comp;	        /**< A single precision component. */ | ||||
| typedef uint32_t long_comp;     /**< A double precision component. */ | ||||
| typedef int32_t slong_comp;     /**< A signed double precision component. */ | ||||
| #else /* regular 32 bit */ | ||||
| #ifdef WIN32 | ||||
| #define COMP_RADIX          4294967296i64          | ||||
| #define COMP_MAX            0xFFFFFFFFFFFFFFFFui64 | ||||
| #else | ||||
| #define COMP_RADIX          4294967296ULL         /**< Max component + 1 */ | ||||
| #define COMP_MAX            0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */ | ||||
| #endif | ||||
| #define COMP_BIT_SIZE       32  /**< Number of bits in a component. */ | ||||
| #define COMP_BYTE_SIZE      4   /**< Number of bytes in a component. */ | ||||
| #define COMP_NUM_NIBBLES    8   /**< Used For diagnostics only. */ | ||||
| typedef uint32_t comp;	        /**< A single precision component. */ | ||||
| typedef uint64_t long_comp;     /**< A double precision component. */ | ||||
| typedef sint64_t slong_comp;     /**< A signed double precision component. */ | ||||
| #endif | ||||
| 
 | ||||
| /**
 | ||||
|  * @struct  _bigint | ||||
|  * @brief A big integer basic object | ||||
|  */ | ||||
| struct _bigint | ||||
| { | ||||
|     struct _bigint* next;       /**< The next bigint in the cache. */ | ||||
|     short size;                 /**< The number of components in this bigint. */ | ||||
|     short max_comps;            /**< The heapsize allocated for this bigint */ | ||||
|     int refs;                   /**< An internal reference count. */ | ||||
|     comp* comps;                /**< A ptr to the actual component data */ | ||||
| }; | ||||
| 
 | ||||
| typedef struct _bigint bigint;  /**< An alias for _bigint */ | ||||
| 
 | ||||
| /**
 | ||||
|  * Maintains the state of the cache, and a number of variables used in  | ||||
|  * reduction. | ||||
|  */ | ||||
| typedef struct /**< A big integer "session" context. */ | ||||
| { | ||||
|     bigint *active_list;                    /**< Bigints currently used. */ | ||||
|     bigint *free_list;                      /**< Bigints not used. */ | ||||
|     bigint *bi_radix;                       /**< The radix used. */ | ||||
|     bigint *bi_mod[BIGINT_NUM_MODS];        /**< modulus */ | ||||
| 
 | ||||
| #if defined(CONFIG_BIGINT_MONTGOMERY) | ||||
|     bigint *bi_RR_mod_m[BIGINT_NUM_MODS];   /**< R^2 mod m */ | ||||
|     bigint *bi_R_mod_m[BIGINT_NUM_MODS];    /**< R mod m */ | ||||
|     comp N0_dash[BIGINT_NUM_MODS]; | ||||
| #elif defined(CONFIG_BIGINT_BARRETT) | ||||
|     bigint *bi_mu[BIGINT_NUM_MODS];         /**< Storage for mu */ | ||||
| #endif | ||||
|     bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */ | ||||
|     bigint **g;                 /**< Used by sliding-window. */ | ||||
|     int window;                 /**< The size of the sliding window */ | ||||
|     int active_count;           /**< Number of active bigints. */ | ||||
|     int free_count;             /**< Number of free bigints. */ | ||||
| 
 | ||||
| #ifdef CONFIG_BIGINT_MONTGOMERY | ||||
|     uint8_t use_classical;      /**< Use classical reduction. */ | ||||
| #endif | ||||
|     uint8_t mod_offset;         /**< The mod offset we are using */ | ||||
| } BI_CTX; | ||||
| 
 | ||||
| #ifndef WIN32 | ||||
| #define max(a,b) ((a)>(b)?(a):(b))  /**< Find the maximum of 2 numbers. */ | ||||
| #define min(a,b) ((a)<(b)?(a):(b))  /**< Find the minimum of 2 numbers. */ | ||||
| #endif | ||||
| 
 | ||||
| #define PERMANENT           0x7FFF55AA  /**< A magic number for permanents. */ | ||||
| 
 | ||||
| #endif | ||||
|  | @ -1,127 +0,0 @@ | |||
| /*
 | ||||
|  * Automatically generated header file: don't edit | ||||
|  */ | ||||
| 
 | ||||
| #define HAVE_DOT_CONFIG 1 | ||||
| #undef CONFIG_PLATFORM_LINUX | ||||
| #define CONFIG_PLATFORM_CYGWIN 1 | ||||
| #undef CONFIG_PLATFORM_WIN32 | ||||
| 
 | ||||
| /*
 | ||||
|  * General Configuration | ||||
|  */ | ||||
| #define PREFIX "/usr/local" | ||||
| #define CONFIG_DEBUG 1 | ||||
| #undef CONFIG_STRIP_UNWANTED_SECTIONS | ||||
| #undef CONFIG_VISUAL_STUDIO_7_0 | ||||
| #undef CONFIG_VISUAL_STUDIO_8_0 | ||||
| #undef CONFIG_VISUAL_STUDIO_10_0 | ||||
| #define CONFIG_VISUAL_STUDIO_7_0_BASE "" | ||||
| #define CONFIG_VISUAL_STUDIO_8_0_BASE "" | ||||
| #define CONFIG_VISUAL_STUDIO_10_0_BASE "" | ||||
| #define CONFIG_EXTRA_CFLAGS_OPTIONS "" | ||||
| #define CONFIG_EXTRA_LDFLAGS_OPTIONS "" | ||||
| 
 | ||||
| /*
 | ||||
|  * SSL Library | ||||
|  */ | ||||
| #undef CONFIG_SSL_SERVER_ONLY | ||||
| #undef CONFIG_SSL_CERT_VERIFICATION | ||||
| #undef CONFIG_SSL_ENABLE_CLIENT | ||||
| #define CONFIG_SSL_FULL_MODE 1 | ||||
| #undef CONFIG_SSL_SKELETON_MODE | ||||
| #undef CONFIG_SSL_PROT_LOW | ||||
| #define CONFIG_SSL_PROT_MEDIUM 1 | ||||
| #undef CONFIG_SSL_PROT_HIGH | ||||
| #define CONFIG_SSL_USE_DEFAULT_KEY | ||||
| #define CONFIG_SSL_PRIVATE_KEY_LOCATION "" | ||||
| #define CONFIG_SSL_PRIVATE_KEY_PASSWORD "" | ||||
| #define CONFIG_SSL_X509_CERT_LOCATION "" | ||||
| #undef CONFIG_SSL_GENERATE_X509_CERT | ||||
| #define CONFIG_SSL_X509_COMMON_NAME "" | ||||
| #define CONFIG_SSL_X509_ORGANIZATION_NAME "" | ||||
| #define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME "" | ||||
| #undef CONFIG_SSL_ENABLE_V23_HANDSHAKE | ||||
| #define CONFIG_SSL_HAS_PEM 1 | ||||
| #undef CONFIG_SSL_USE_PKCS12 | ||||
| #define CONFIG_SSL_EXPIRY_TIME 24 | ||||
| #define CONFIG_X509_MAX_CA_CERTS 150 | ||||
| #define CONFIG_SSL_MAX_CERTS 3 | ||||
| #undef CONFIG_SSL_CTX_MUTEXING | ||||
| //#define CONFIG_USE_DEV_URANDOM 1
 | ||||
| #undef CONFIG_WIN32_USE_CRYPTO_LIB | ||||
| #undef CONFIG_OPENSSL_COMPATIBLE | ||||
| #undef CONFIG_PERFORMANCE_TESTING | ||||
| #define CONFIG_SSL_TEST 1 | ||||
| #undef CONFIG_AXTLSWRAP | ||||
| #define CONFIG_AXHTTPD 1 | ||||
| 
 | ||||
| /*
 | ||||
|  * Axhttpd Configuration | ||||
|  */ | ||||
| #undef CONFIG_HTTP_STATIC_BUILD | ||||
| #define CONFIG_HTTP_PORT 80 | ||||
| #define CONFIG_HTTP_HTTPS_PORT 443 | ||||
| #define CONFIG_HTTP_SESSION_CACHE_SIZE 5 | ||||
| #define CONFIG_HTTP_WEBROOT "../www" | ||||
| #define CONFIG_HTTP_TIMEOUT 300 | ||||
| 
 | ||||
| /*
 | ||||
|  * CGI | ||||
|  */ | ||||
| #undef CONFIG_HTTP_HAS_CGI  | ||||
| #define CONFIG_HTTP_CGI_EXTENSIONS ".lua,.lp,.php" | ||||
| #define CONFIG_HTTP_ENABLE_LUA 1 | ||||
| #define CONFIG_HTTP_LUA_PREFIX "/usr" | ||||
| #undef CONFIG_HTTP_BUILD_LUA | ||||
| #define CONFIG_HTTP_CGI_LAUNCHER "/usr/bin/cgi" | ||||
| #define CONFIG_HTTP_DIRECTORIES 1 | ||||
| #define CONFIG_HTTP_HAS_AUTHORIZATION 1 | ||||
| #undef CONFIG_HTTP_HAS_IPV6 | ||||
| #undef CONFIG_HTTP_ENABLE_DIFFERENT_USER | ||||
| #define CONFIG_HTTP_USER "" | ||||
| #define CONFIG_HTTP_VERBOSE 0 | ||||
| #undef CONFIG_HTTP_IS_DAEMON | ||||
| 
 | ||||
| /*
 | ||||
|  * Language Bindings | ||||
|  */ | ||||
| #undef CONFIG_BINDINGS | ||||
| #undef CONFIG_CSHARP_BINDINGS | ||||
| #undef CONFIG_VBNET_BINDINGS | ||||
| #define CONFIG_DOT_NET_FRAMEWORK_BASE "" | ||||
| #undef CONFIG_JAVA_BINDINGS | ||||
| #define CONFIG_JAVA_HOME "" | ||||
| #undef CONFIG_PERL_BINDINGS | ||||
| #define CONFIG_PERL_CORE "" | ||||
| #define CONFIG_PERL_LIB "" | ||||
| #undef CONFIG_LUA_BINDINGS | ||||
| #define CONFIG_LUA_CORE "" | ||||
| 
 | ||||
| /*
 | ||||
|  * Samples | ||||
|  */ | ||||
| #define CONFIG_SAMPLES 1 | ||||
| #define CONFIG_C_SAMPLES 1 | ||||
| #undef CONFIG_CSHARP_SAMPLES | ||||
| #undef CONFIG_VBNET_SAMPLES | ||||
| #undef CONFIG_JAVA_SAMPLES | ||||
| #undef CONFIG_PERL_SAMPLES | ||||
| #undef CONFIG_LUA_SAMPLES | ||||
| 
 | ||||
| /*
 | ||||
|  * BigInt Options | ||||
|  */ | ||||
| #undef CONFIG_BIGINT_CLASSICAL | ||||
| #undef CONFIG_BIGINT_MONTGOMERY | ||||
| #define CONFIG_BIGINT_BARRETT 1 | ||||
| #define CONFIG_BIGINT_CRT 1 | ||||
| #undef CONFIG_BIGINT_KARATSUBA | ||||
| #define MUL_KARATSUBA_THRESH  | ||||
| #define SQU_KARATSUBA_THRESH  | ||||
| #define CONFIG_BIGINT_SLIDING_WINDOW 1 | ||||
| #define CONFIG_BIGINT_SQUARE 1 | ||||
| #define CONFIG_BIGINT_CHECK_ON 1 | ||||
| #define CONFIG_INTEGER_32BIT 1 | ||||
| #undef CONFIG_INTEGER_16BIT | ||||
| #undef CONFIG_INTEGER_8BIT | ||||
|  | @ -1,230 +0,0 @@ | |||
| /*
 | ||||
|  * Copyright (c) 2007, Cameron Rich | ||||
|  *  | ||||
|  * All rights reserved. | ||||
|  *  | ||||
|  * Redistribution and use in source and binary forms, with or without  | ||||
|  * modification, are permitted provided that the following conditions are met: | ||||
|  * | ||||
|  * * Redistributions of source code must retain the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer. | ||||
|  * * Redistributions in binary form must reproduce the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer in the documentation  | ||||
|  *   and/or other materials provided with the distribution. | ||||
|  * * Neither the name of the axTLS project nor the names of its contributors  | ||||
|  *   may be used to endorse or promote products derived from this software  | ||||
|  *   without specific prior written permission. | ||||
|  * | ||||
|  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||||
|  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||||
|  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | ||||
|  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | ||||
|  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | ||||
|  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | ||||
|  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | ||||
|  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||||
|  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | ||||
|  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||||
|  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
|  */ | ||||
| 
 | ||||
| /**
 | ||||
|  * @file crypto.h | ||||
|  */ | ||||
| 
 | ||||
| #ifndef HEADER_CRYPTO_H | ||||
| #define HEADER_CRYPTO_H | ||||
| 
 | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
| 
 | ||||
| #include "ssl/ssl_config.h" | ||||
| #include "ssl/ssl_bigint_impl.h" | ||||
| #include "ssl/ssl_bigint.h" | ||||
| 
 | ||||
| #ifndef STDCALL | ||||
| #define STDCALL | ||||
| #endif | ||||
| #ifndef EXP_FUNC | ||||
| #define EXP_FUNC | ||||
| #endif | ||||
| 
 | ||||
| 
 | ||||
| /* enable features based on a 'super-set' capbaility. */ | ||||
| #if defined(CONFIG_SSL_FULL_MODE)  | ||||
| #define CONFIG_SSL_ENABLE_CLIENT | ||||
| #define CONFIG_SSL_CERT_VERIFICATION | ||||
| #elif defined(CONFIG_SSL_ENABLE_CLIENT) | ||||
| #define CONFIG_SSL_CERT_VERIFICATION | ||||
| #endif | ||||
| 
 | ||||
| /**************************************************************************
 | ||||
|  * AES declarations  | ||||
|  **************************************************************************/ | ||||
| 
 | ||||
| #define AES_MAXROUNDS			14 | ||||
| #define AES_BLOCKSIZE           16 | ||||
| #define AES_IV_SIZE             16 | ||||
| 
 | ||||
| typedef struct aes_key_st  | ||||
| { | ||||
|     uint16_t rounds; | ||||
|     uint16_t key_size; | ||||
|     uint32_t ks[(AES_MAXROUNDS+1)*8]; | ||||
|     uint8_t iv[AES_IV_SIZE]; | ||||
| } AES_CTX; | ||||
| 
 | ||||
| typedef enum | ||||
| { | ||||
|     AES_MODE_128, | ||||
|     AES_MODE_256 | ||||
| } AES_MODE; | ||||
| 
 | ||||
| void AES_set_key(AES_CTX *ctx, const uint8_t *key,  | ||||
|         const uint8_t *iv, AES_MODE mode); | ||||
| void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg,  | ||||
|         uint8_t *out, int length); | ||||
| void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length); | ||||
| void AES_convert_key(AES_CTX *ctx); | ||||
| 
 | ||||
| /**************************************************************************
 | ||||
|  * RC4 declarations  | ||||
|  **************************************************************************/ | ||||
| 
 | ||||
| typedef struct  | ||||
| { | ||||
|     uint8_t x, y, m[256]; | ||||
| } RC4_CTX; | ||||
| 
 | ||||
| void RC4_setup(RC4_CTX *s, const uint8_t *key, int length); | ||||
| void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length); | ||||
| 
 | ||||
| /**************************************************************************
 | ||||
|  * SHA1 declarations  | ||||
|  **************************************************************************/ | ||||
| 
 | ||||
| #define SHA1_SIZE   20 | ||||
| 
 | ||||
| /*
 | ||||
|  *  This structure will hold context information for the SHA-1 | ||||
|  *  hashing operation | ||||
|  */ | ||||
| typedef struct  | ||||
| { | ||||
|     uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */ | ||||
|     uint32_t Length_Low;            /* Message length in bits */ | ||||
|     uint32_t Length_High;           /* Message length in bits */ | ||||
|     uint16_t Message_Block_Index;   /* Index into message block array   */ | ||||
|     uint8_t Message_Block[64];      /* 512-bit message blocks */ | ||||
| } SHA1_CTX; | ||||
| 
 | ||||
| void SHA1_Init(SHA1_CTX *); | ||||
| void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len); | ||||
| void SHA1_Final(uint8_t *digest, SHA1_CTX *); | ||||
| 
 | ||||
| /**************************************************************************
 | ||||
|  * MD2 declarations  | ||||
|  **************************************************************************/ | ||||
| 
 | ||||
| #define MD2_SIZE 16 | ||||
| 
 | ||||
| typedef struct | ||||
| { | ||||
|     unsigned char cksum[16];    /* checksum of the data block */ | ||||
|     unsigned char state[48];    /* intermediate digest state */ | ||||
|     unsigned char buffer[16];   /* data block being processed */ | ||||
|     int left;                   /* amount of data in buffer */ | ||||
| } MD2_CTX; | ||||
| 
 | ||||
| EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx); | ||||
| EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen); | ||||
| EXP_FUNC void STDCALL MD2_Final(uint8_t *digest, MD2_CTX *ctx); | ||||
| 
 | ||||
| /**************************************************************************
 | ||||
|  * MD5 declarations  | ||||
|  **************************************************************************/ | ||||
| 
 | ||||
| #define MD5_SIZE    16 | ||||
| 
 | ||||
| typedef struct  | ||||
| { | ||||
|   uint32_t state[4];        /* state (ABCD) */ | ||||
|   uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */ | ||||
|   uint8_t buffer[64];       /* input buffer */ | ||||
| } MD5_CTX; | ||||
| 
 | ||||
| EXP_FUNC void STDCALL MD5_Init(MD5_CTX *); | ||||
| EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len); | ||||
| EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *); | ||||
| 
 | ||||
| /**************************************************************************
 | ||||
|  * HMAC declarations  | ||||
|  **************************************************************************/ | ||||
| void ssl_hmac_md5(const uint8_t *msg, int length, const uint8_t *key,  | ||||
|         int key_len, uint8_t *digest);// fix hmac_md5 to ssl_hmac_md5, discriminate ieee80211
 | ||||
| void ssl_hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,  | ||||
|         int key_len, uint8_t *digest);// fix hmac_md5 to ssl_hmac_sha1, discriminate ieee80211
 | ||||
| 
 | ||||
| /**************************************************************************
 | ||||
|  * RSA declarations  | ||||
|  **************************************************************************/ | ||||
| 
 | ||||
| typedef struct  | ||||
| { | ||||
|     bigint *m;              /* modulus */ | ||||
|     bigint *e;              /* public exponent */ | ||||
|     bigint *d;              /* private exponent */ | ||||
| #ifdef CONFIG_BIGINT_CRT | ||||
|     bigint *p;              /* p as in m = pq */ | ||||
|     bigint *q;              /* q as in m = pq */ | ||||
|     bigint *dP;             /* d mod (p-1) */ | ||||
|     bigint *dQ;             /* d mod (q-1) */ | ||||
|     bigint *qInv;           /* q^-1 mod p */ | ||||
| #endif | ||||
|     int num_octets; | ||||
|     BI_CTX *bi_ctx; | ||||
| } RSA_CTX; | ||||
| 
 | ||||
| void RSA_priv_key_new(RSA_CTX **rsa_ctx,  | ||||
|         const uint8_t *modulus, int mod_len, | ||||
|         const uint8_t *pub_exp, int pub_len, | ||||
|         const uint8_t *priv_exp, int priv_len | ||||
| #ifdef CONFIG_BIGINT_CRT | ||||
|       , const uint8_t *p, int p_len, | ||||
|         const uint8_t *q, int q_len, | ||||
|         const uint8_t *dP, int dP_len, | ||||
|         const uint8_t *dQ, int dQ_len, | ||||
|         const uint8_t *qInv, int qInv_len | ||||
| #endif | ||||
|         ); | ||||
| void RSA_pub_key_new(RSA_CTX **rsa_ctx,  | ||||
|         const uint8_t *modulus, int mod_len, | ||||
|         const uint8_t *pub_exp, int pub_len); | ||||
| void RSA_free(RSA_CTX *ctx); | ||||
| int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data, | ||||
|         int is_decryption); | ||||
| bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg); | ||||
| #if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT) | ||||
| bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len, | ||||
|         bigint *modulus, bigint *pub_exp); | ||||
| bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg); | ||||
| int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,  | ||||
|         uint8_t *out_data, int is_signing); | ||||
| void RSA_print(const RSA_CTX *ctx); | ||||
| #endif | ||||
| 
 | ||||
| /**************************************************************************
 | ||||
|  * RNG declarations  | ||||
|  **************************************************************************/ | ||||
| EXP_FUNC void STDCALL RNG_initialize(void); | ||||
| EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size); | ||||
| EXP_FUNC void STDCALL RNG_terminate(void); | ||||
| EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data); | ||||
| void get_random_NZ(int num_rand_bytes, uint8_t *rand_data); | ||||
| 
 | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| 
 | ||||
| #endif  | ||||
|  | @ -1,172 +0,0 @@ | |||
| /*
 | ||||
|  * Copyright (c) 2007, Cameron Rich | ||||
|  *  | ||||
|  * All rights reserved. | ||||
|  *  | ||||
|  * Redistribution and use in source and binary forms, with or without  | ||||
|  * modification, are permitted provided that the following conditions are met: | ||||
|  * | ||||
|  * * Redistributions of source code must retain the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer. | ||||
|  * * Redistributions in binary form must reproduce the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer in the documentation  | ||||
|  *   and/or other materials provided with the distribution. | ||||
|  * * Neither the name of the axTLS project nor the names of its contributors  | ||||
|  *   may be used to endorse or promote products derived from this software  | ||||
|  *   without specific prior written permission. | ||||
|  * | ||||
|  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||||
|  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||||
|  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | ||||
|  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | ||||
|  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | ||||
|  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | ||||
|  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | ||||
|  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||||
|  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | ||||
|  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||||
|  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
| */ | ||||
| 
 | ||||
| /**
 | ||||
|  * @file crypto_misc.h | ||||
|  */ | ||||
| 
 | ||||
| #ifndef HEADER_CRYPTO_MISC_H | ||||
| #define HEADER_CRYPTO_MISC_H | ||||
| 
 | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
| 
 | ||||
| #include "ssl/ssl_crypto.h" | ||||
| #include "ssl/ssl_bigint.h" | ||||
| 
 | ||||
| /**************************************************************************
 | ||||
|  * X509 declarations  | ||||
|  **************************************************************************/ | ||||
| #define X509_OK                             0 | ||||
| #define X509_NOT_OK                         -1 | ||||
| #define X509_VFY_ERROR_NO_TRUSTED_CERT      -2 | ||||
| #define X509_VFY_ERROR_BAD_SIGNATURE        -3       | ||||
| #define X509_VFY_ERROR_NOT_YET_VALID        -4 | ||||
| #define X509_VFY_ERROR_EXPIRED              -5 | ||||
| #define X509_VFY_ERROR_SELF_SIGNED          -6 | ||||
| #define X509_VFY_ERROR_INVALID_CHAIN        -7 | ||||
| #define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8 | ||||
| #define X509_INVALID_PRIV_KEY               -9 | ||||
| 
 | ||||
| /*
 | ||||
|  * The Distinguished Name | ||||
|  */ | ||||
| #define X509_NUM_DN_TYPES                   3 | ||||
| #define X509_COMMON_NAME                    0 | ||||
| #define X509_ORGANIZATION                   1 | ||||
| #define X509_ORGANIZATIONAL_UNIT            2 | ||||
| 
 | ||||
| struct _x509_ctx | ||||
| { | ||||
|     char *ca_cert_dn[X509_NUM_DN_TYPES]; | ||||
|     char *cert_dn[X509_NUM_DN_TYPES]; | ||||
|     char **subject_alt_dnsnames; | ||||
|     time_t not_before; | ||||
|     time_t not_after; | ||||
|     uint8_t *signature; | ||||
|     uint16_t sig_len; | ||||
|     uint8_t sig_type; | ||||
|     RSA_CTX *rsa_ctx; | ||||
|     bigint *digest; | ||||
|     struct _x509_ctx *next; | ||||
| }; | ||||
| 
 | ||||
| typedef struct _x509_ctx X509_CTX; | ||||
| 
 | ||||
| #ifdef CONFIG_SSL_CERT_VERIFICATION | ||||
| typedef struct  | ||||
| { | ||||
|     X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS]; | ||||
| } CA_CERT_CTX; | ||||
| #endif | ||||
| 
 | ||||
| int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx); | ||||
| void x509_free(X509_CTX *x509_ctx); | ||||
| #ifdef CONFIG_SSL_CERT_VERIFICATION | ||||
| int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert); | ||||
| #endif | ||||
| #ifdef CONFIG_SSL_FULL_MODE | ||||
| void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx); | ||||
| const char * x509_display_error(int error); | ||||
| #endif | ||||
| 
 | ||||
| /**************************************************************************
 | ||||
|  * ASN1 declarations  | ||||
|  **************************************************************************/ | ||||
| #define ASN1_INTEGER            0x02 | ||||
| #define ASN1_BIT_STRING         0x03 | ||||
| #define ASN1_OCTET_STRING       0x04 | ||||
| #define ASN1_NULL               0x05 | ||||
| #define ASN1_PRINTABLE_STR2     0x0C | ||||
| #define ASN1_OID                0x06 | ||||
| #define ASN1_PRINTABLE_STR2     0x0C | ||||
| #define ASN1_PRINTABLE_STR      0x13 | ||||
| #define ASN1_TELETEX_STR        0x14 | ||||
| #define ASN1_IA5_STR            0x16 | ||||
| #define ASN1_UTC_TIME           0x17 | ||||
| #define ASN1_UNICODE_STR        0x1e | ||||
| #define ASN1_SEQUENCE           0x30 | ||||
| #define ASN1_CONTEXT_DNSNAME	0x82 | ||||
| #define ASN1_SET                0x31 | ||||
| #define ASN1_V3_DATA			0xa3 | ||||
| #define ASN1_IMPLICIT_TAG       0x80 | ||||
| #define ASN1_CONTEXT_DNSNAME	0x82 | ||||
| #define ASN1_EXPLICIT_TAG       0xa0 | ||||
| #define ASN1_V3_DATA			0xa3 | ||||
| 
 | ||||
| #define SIG_TYPE_MD2            0x02 | ||||
| #define SIG_TYPE_MD5            0x04 | ||||
| #define SIG_TYPE_SHA1           0x05 | ||||
| 
 | ||||
| int get_asn1_length(const uint8_t *buf, int *offset); | ||||
| int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx); | ||||
| int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type); | ||||
| int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type); | ||||
| int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object); | ||||
| int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); | ||||
| int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); | ||||
| int asn1_name(const uint8_t *cert, int *offset, char *dn[]); | ||||
| int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); | ||||
| #ifdef CONFIG_SSL_CERT_VERIFICATION | ||||
| int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); | ||||
| int asn1_find_subjectaltname(const uint8_t* cert, int offset); | ||||
| int asn1_compare_dn(char * const dn1[], char * const dn2[]); | ||||
| #endif /* CONFIG_SSL_CERT_VERIFICATION */ | ||||
| int asn1_signature_type(const uint8_t *cert,  | ||||
|                                 int *offset, X509_CTX *x509_ctx); | ||||
| 
 | ||||
| /**************************************************************************
 | ||||
|  * MISC declarations  | ||||
|  **************************************************************************/ | ||||
| #define SALT_SIZE               8 | ||||
| 
 | ||||
| extern const char * const unsupported_str; | ||||
| 
 | ||||
| typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int); | ||||
| typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,  | ||||
|         int key_len, uint8_t *digest); | ||||
| 
 | ||||
| int get_file(const char *filename, uint8_t **buf); | ||||
| 
 | ||||
| #if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG) | ||||
| EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...); | ||||
| #else | ||||
|     #define print_blob(...) | ||||
| #endif | ||||
| 
 | ||||
| EXP_FUNC int STDCALL base64_decode(const char *in,  int len, | ||||
|                     uint8_t *out, int *outlen); | ||||
| 
 | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| 
 | ||||
| #endif  | ||||
|  | @ -1,64 +0,0 @@ | |||
| /*
 | ||||
|  * Copyright (c) 2007, Cameron Rich | ||||
|  *  | ||||
|  * All rights reserved. | ||||
|  *  | ||||
|  * Redistribution and use in source and binary forms, with or without  | ||||
|  * modification, are permitted provided that the following conditions are met: | ||||
|  * | ||||
|  * * Redistributions of source code must retain the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer. | ||||
|  * * Redistributions in binary form must reproduce the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer in the documentation  | ||||
|  *   and/or other materials provided with the distribution. | ||||
|  * * Neither the name of the axTLS project nor the names of its contributors  | ||||
|  *   may be used to endorse or promote products derived from this software  | ||||
|  *   without specific prior written permission. | ||||
|  * | ||||
|  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||||
|  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||||
|  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | ||||
|  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | ||||
|  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | ||||
|  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | ||||
|  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | ||||
|  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||||
|  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | ||||
|  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||||
|  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
|  */ | ||||
| 
 | ||||
| /**
 | ||||
|  * @file os_port.h | ||||
|  * | ||||
|  * Some stuff to minimise the differences between windows and linux/unix | ||||
|  */ | ||||
| 
 | ||||
| #ifndef HEADER_OS_PORT_H | ||||
| #define HEADER_OS_PORT_H | ||||
| 
 | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
| 
 | ||||
| #include "esp_common.h" | ||||
| 
 | ||||
| #if 0 | ||||
| #define ssl_printf(fmt, args...) os_printf(fmt,## args) | ||||
| #else | ||||
| #define ssl_printf(fmt, args...) | ||||
| #endif | ||||
| 
 | ||||
| #define STDCALL | ||||
| #define EXP_FUNC | ||||
| 
 | ||||
| #define SSL_CTX_MUTEX_INIT(A) | ||||
| #define SSL_CTX_MUTEX_DESTROY(A) | ||||
| #define SSL_CTX_LOCK(A) | ||||
| #define SSL_CTX_UNLOCK(A) | ||||
| 
 | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| 
 | ||||
| #endif  | ||||
|  | @ -1,500 +0,0 @@ | |||
| /*
 | ||||
|  * Copyright (c) 2007, Cameron Rich | ||||
|  *  | ||||
|  * All rights reserved. | ||||
|  *  | ||||
|  * Redistribution and use in source and binary forms, with or without  | ||||
|  * modification, are permitted provided that the following conditions are met: | ||||
|  * | ||||
|  * * Redistributions of source code must retain the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer. | ||||
|  * * Redistributions in binary form must reproduce the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer in the documentation  | ||||
|  *   and/or other materials provided with the distribution. | ||||
|  * * Neither the name of the axTLS project nor the names of its contributors  | ||||
|  *   may be used to endorse or promote products derived from this software  | ||||
|  *   without specific prior written permission. | ||||
|  * | ||||
|  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||||
|  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||||
|  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | ||||
|  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | ||||
|  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | ||||
|  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | ||||
|  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | ||||
|  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||||
|  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | ||||
|  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||||
|  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
|  */ | ||||
| 
 | ||||
| /**
 | ||||
|  * @mainpage axTLS API | ||||
|  * | ||||
|  * @image html axolotl.jpg | ||||
|  * | ||||
|  * The axTLS library has features such as: | ||||
|  * - The TLSv1 SSL client/server protocol | ||||
|  * - No requirement to use any openssl libraries. | ||||
|  * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers. | ||||
|  * - RSA encryption/decryption with variable sized keys (up to 4096 bits). | ||||
|  * - Certificate chaining and peer authentication. | ||||
|  * - Session resumption, session renegotiation. | ||||
|  * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding. | ||||
|  * - Highly configurable compile time options. | ||||
|  * - Portable across many platforms (written in ANSI C), and has language | ||||
|  * bindings in C, C#, VB.NET, Java, Perl and Lua. | ||||
|  * - Partial openssl API compatibility (via a wrapper). | ||||
|  * - A very small footprint (around 50-60kB for the library in 'server-only'  | ||||
|  *   mode). | ||||
|  * - No dependencies on sockets - can use serial connections for example. | ||||
|  * - A very simple API - ~ 20 functions/methods. | ||||
|  * | ||||
|  * A list of these functions/methods are described below. | ||||
|  * | ||||
|  *  @ref c_api  | ||||
|  * | ||||
|  *  @ref bigint_api  | ||||
|  * | ||||
|  *  @ref csharp_api  | ||||
|  * | ||||
|  *  @ref java_api  | ||||
|  */ | ||||
| #ifndef HEADER_SSL_H | ||||
| #define HEADER_SSL_H | ||||
| 
 | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
| 
 | ||||
| //#include <time.h>
 | ||||
| typedef long     time_t; | ||||
| 
 | ||||
| /* need to predefine before ssl_lib.h gets to it */ | ||||
| #define SSL_SESSION_ID_SIZE                     32 | ||||
| 
 | ||||
| #include "ssl/ssl_tls1.h" | ||||
| 
 | ||||
| /* The optional parameters that can be given to the client/server SSL engine */ | ||||
| #define SSL_CLIENT_AUTHENTICATION               0x00010000 | ||||
| #define SSL_SERVER_VERIFY_LATER                 0x00020000 | ||||
| #define SSL_NO_DEFAULT_KEY                      0x00040000 | ||||
| #define SSL_DISPLAY_STATES                      0x00080000 | ||||
| #define SSL_DISPLAY_BYTES                       0x00100000 | ||||
| #define SSL_DISPLAY_CERTS                       0x00200000 | ||||
| #define SSL_DISPLAY_RSA                         0x00400000 | ||||
| #define SSL_CONNECT_IN_PARTS                    0x00800000 | ||||
| 
 | ||||
| /* errors that can be generated */ | ||||
| #define SSL_OK                                  0 | ||||
| #define SSL_NOT_OK                              -1 | ||||
| #define SSL_ERROR_DEAD                          -2 | ||||
| #define SSL_CLOSE_NOTIFY                        -3 | ||||
| #define SSL_ERROR_CONN_LOST                     -256 | ||||
| #define SSL_ERROR_SOCK_SETUP_FAILURE            -258 | ||||
| #define SSL_ERROR_INVALID_HANDSHAKE             -260 | ||||
| #define SSL_ERROR_INVALID_PROT_MSG              -261 | ||||
| #define SSL_ERROR_INVALID_HMAC                  -262 | ||||
| #define SSL_ERROR_INVALID_VERSION               -263 | ||||
| #define SSL_ERROR_INVALID_SESSION               -265 | ||||
| #define SSL_ERROR_NO_CIPHER                     -266 | ||||
| #define SSL_ERROR_BAD_CERTIFICATE               -268 | ||||
| #define SSL_ERROR_INVALID_KEY                   -269 | ||||
| #define SSL_ERROR_FINISHED_INVALID              -271 | ||||
| #define SSL_ERROR_NO_CERT_DEFINED               -272 | ||||
| #define SSL_ERROR_NO_CLIENT_RENOG               -273 | ||||
| #define SSL_ERROR_NOT_SUPPORTED                 -274 | ||||
| #define SSL_X509_OFFSET                         -512 | ||||
| #define SSL_X509_ERROR(A)                       (SSL_X509_OFFSET+A) | ||||
| 
 | ||||
| /* alert types that are recognized */ | ||||
| #define SSL_ALERT_TYPE_WARNING                  1 | ||||
| #define SLL_ALERT_TYPE_FATAL                    2 | ||||
| 
 | ||||
| /* these are all the alerts that are recognized */ | ||||
| #define SSL_ALERT_CLOSE_NOTIFY                  0 | ||||
| #define SSL_ALERT_UNEXPECTED_MESSAGE            10 | ||||
| #define SSL_ALERT_BAD_RECORD_MAC                20 | ||||
| #define SSL_ALERT_HANDSHAKE_FAILURE             40 | ||||
| #define SSL_ALERT_BAD_CERTIFICATE               42 | ||||
| #define SSL_ALERT_ILLEGAL_PARAMETER             47 | ||||
| #define SSL_ALERT_DECODE_ERROR                  50 | ||||
| #define SSL_ALERT_DECRYPT_ERROR                 51 | ||||
| #define SSL_ALERT_INVALID_VERSION               70 | ||||
| #define SSL_ALERT_NO_RENEGOTIATION              100 | ||||
| 
 | ||||
| /* The ciphers that are supported */ | ||||
| #define SSL_AES128_SHA                          0x2f | ||||
| #define SSL_AES256_SHA                          0x35 | ||||
| #define SSL_RC4_128_SHA                         0x05 | ||||
| #define SSL_RC4_128_MD5                         0x04 | ||||
| 
 | ||||
| /* build mode ids' */ | ||||
| #define SSL_BUILD_SKELETON_MODE                 0x01 | ||||
| #define SSL_BUILD_SERVER_ONLY                   0x02 | ||||
| #define SSL_BUILD_ENABLE_VERIFICATION           0x03 | ||||
| #define SSL_BUILD_ENABLE_CLIENT                 0x04 | ||||
| #define SSL_BUILD_FULL_MODE                     0x05 | ||||
| 
 | ||||
| /* offsets to retrieve configuration information */ | ||||
| #define SSL_BUILD_MODE                          0 | ||||
| #define SSL_MAX_CERT_CFG_OFFSET                 1 | ||||
| #define SSL_MAX_CA_CERT_CFG_OFFSET              2 | ||||
| #define SSL_HAS_PEM                             3 | ||||
| 
 | ||||
| /* default session sizes */ | ||||
| #define SSL_DEFAULT_SVR_SESS                    1	//modify 5->1 by lhan
 | ||||
| #define SSL_DEFAULT_CLNT_SESS                   1 | ||||
| 
 | ||||
| /* X.509/X.520 distinguished name types */ | ||||
| #define SSL_X509_CERT_COMMON_NAME               0 | ||||
| #define SSL_X509_CERT_ORGANIZATION              1 | ||||
| #define SSL_X509_CERT_ORGANIZATIONAL_NAME       2 | ||||
| #define SSL_X509_CA_CERT_COMMON_NAME            3 | ||||
| #define SSL_X509_CA_CERT_ORGANIZATION           4 | ||||
| #define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME    5 | ||||
| 
 | ||||
| /* SSL object loader types */ | ||||
| #define SSL_OBJ_X509_CERT                       1 | ||||
| #define SSL_OBJ_X509_CACERT                     2 | ||||
| #define SSL_OBJ_RSA_KEY                         3 | ||||
| #define SSL_OBJ_PKCS8                           4 | ||||
| #define SSL_OBJ_PKCS12                          5 | ||||
| 
 | ||||
| /**
 | ||||
|  * @defgroup c_api Standard C API | ||||
|  * @brief The standard interface in C. | ||||
|  * @{ | ||||
|  */ | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Establish a new client/server context. | ||||
|  * | ||||
|  * This function is called before any client/server SSL connections are made.  | ||||
|  * | ||||
|  * Each new connection will use the this context's private key and  | ||||
|  * certificate chain. If a different certificate chain is required, then a  | ||||
|  * different context needs to be be used. | ||||
|  * | ||||
|  * There are two threading models supported - a single thread with one | ||||
|  * SSL_CTX can support any number of SSL connections - and multiple threads can  | ||||
|  * support one SSL_CTX object each (the default). But if a single SSL_CTX  | ||||
|  * object uses many SSL objects in individual threads, then the  | ||||
|  * CONFIG_SSL_CTX_MUTEXING option needs to be configured. | ||||
|  * | ||||
|  * @param options [in]  Any particular options. At present the options | ||||
|  * supported are: | ||||
|  * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server | ||||
|  * authentication fails. The certificate can be authenticated later with a | ||||
|  * call to ssl_verify_cert(). | ||||
|  * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication | ||||
|  * i.e. each handshake will include a "certificate request" message from the | ||||
|  * server. Only available if verification has been enabled. | ||||
|  * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences | ||||
|  * during the handshake. | ||||
|  * - SSL_DISPLAY_STATES (full mode build only): Display the state changes | ||||
|  * during the handshake. | ||||
|  * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that | ||||
|  * are passed during a handshake. | ||||
|  * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that | ||||
|  * are passed during a handshake. | ||||
|  * - SSL_CONNECT_IN_PARTS (client only): To use a non-blocking version of  | ||||
|  * ssl_client_new(). | ||||
|  * @param num_sessions [in] The number of sessions to be used for session | ||||
|  * caching. If this value is 0, then there is no session caching. This option | ||||
|  * is not used in skeleton mode. | ||||
|  * @return A client/server context. | ||||
|  */ | ||||
| EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Remove a client/server context. | ||||
|  * | ||||
|  * Frees any used resources used by this context. Each connection will be  | ||||
|  * sent a "Close Notify" alert (if possible). | ||||
|  * @param ssl_ctx [in] The client/server context. | ||||
|  */ | ||||
| EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief (server only) Establish a new SSL connection to an SSL client. | ||||
|  * | ||||
|  * It is up to the application to establish the logical connection (whether it | ||||
|  * is  a socket, serial connection etc). | ||||
|  * @param ssl_ctx [in] The server context. | ||||
|  * @param client_fd [in] The client's file descriptor.  | ||||
|  * @return An SSL object reference. | ||||
|  */ | ||||
| EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief (client only) Establish a new SSL connection to an SSL server. | ||||
|  * | ||||
|  * It is up to the application to establish the initial logical connection  | ||||
|  * (whether it is  a socket, serial connection etc). | ||||
|  * | ||||
|  * This is a normally a blocking call - it will finish when the handshake is  | ||||
|  * complete (or has failed). To use in non-blocking mode, set  | ||||
|  * SSL_CONNECT_IN_PARTS in ssl_ctx_new(). | ||||
|  * @param ssl_ctx [in] The client context. | ||||
|  * @param client_fd [in] The client's file descriptor. | ||||
|  * @param session_id [in] A 32 byte session id for session resumption. This  | ||||
|  * can be null if no session resumption is being used or required. This option | ||||
|  * is not used in skeleton mode. | ||||
|  * @param sess_id_size The size of the session id (max 32) | ||||
|  * @return An SSL object reference. Use ssl_handshake_status() to check  | ||||
|  * if a handshake succeeded. | ||||
|  */ | ||||
| EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Free any used resources on this connection.  | ||||
|   | ||||
|  * A "Close Notify" message is sent on this connection (if possible). It is up  | ||||
|  * to the application to close the socket or file descriptor. | ||||
|  * @param ssl [in] The ssl object reference. | ||||
|  */ | ||||
| EXP_FUNC void STDCALL ssl_free(SSL *ssl); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Read the SSL data stream. | ||||
|  * If the socket is non-blocking and data is blocked then SSO_OK will be | ||||
|  * returned. | ||||
|  * @param ssl [in] An SSL object reference. | ||||
|  * @param in_data [out] If the read was successful, a pointer to the read | ||||
|  * buffer will be here. Do NOT ever free this memory as this buffer is used in | ||||
|  * sucessive calls. If the call was unsuccessful, this value will be null. | ||||
|  * @return The number of decrypted bytes: | ||||
|  * - if > 0, then the handshaking is complete and we are returning the number  | ||||
|  *   of decrypted bytes.  | ||||
|  * - SSL_OK if the handshaking stage is successful (but not yet complete).   | ||||
|  * - < 0 if an error. | ||||
|  * @see ssl.h for the error code list. | ||||
|  * @note Use in_data before doing any successive ssl calls. | ||||
|  */ | ||||
| EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Write to the SSL data stream.  | ||||
|  * if the socket is non-blocking and data is blocked then a check is made | ||||
|  * to ensure that all data is sent (i.e. blocked mode is forced). | ||||
|  * @param ssl [in] An SSL obect reference. | ||||
|  * @param out_data [in] The data to be written | ||||
|  * @param out_len [in] The number of bytes to be written. | ||||
|  * @return The number of bytes sent, or if < 0 if an error. | ||||
|  * @see ssl.h for the error code list. | ||||
|  */ | ||||
| EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Find an ssl object based on a file descriptor. | ||||
|  * | ||||
|  * Goes through the list of SSL objects maintained in a client/server context | ||||
|  * to look for a file descriptor match. | ||||
|  * @param ssl_ctx [in] The client/server context. | ||||
|  * @param client_fd [in]  The file descriptor. | ||||
|  * @return A reference to the SSL object. Returns null if the object could not  | ||||
|  * be found. | ||||
|  */ | ||||
| EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Get the session id for a handshake.  | ||||
|  *  | ||||
|  * This will be a 32 byte sequence and is available after the first | ||||
|  * handshaking messages are sent. | ||||
|  * @param ssl [in] An SSL object reference. | ||||
|  * @return The session id as a 32 byte sequence. | ||||
|  * @note A SSLv23 handshake may have only 16 valid bytes. | ||||
|  */ | ||||
| EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Get the session id size for a handshake.  | ||||
|  *  | ||||
|  * This will normally be 32 but could be 0 (no session id) or something else. | ||||
|  * @param ssl [in] An SSL object reference. | ||||
|  * @return The size of the session id. | ||||
|  */ | ||||
| EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Return the cipher id (in the SSL form). | ||||
|  * @param ssl [in] An SSL object reference. | ||||
|  * @return The cipher id. This will be one of the following: | ||||
|  * - SSL_AES128_SHA (0x2f) | ||||
|  * - SSL_AES256_SHA (0x35) | ||||
|  * - SSL_RC4_128_SHA (0x05) | ||||
|  * - SSL_RC4_128_MD5 (0x04) | ||||
|  */ | ||||
| EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Return the status of the handshake. | ||||
|  * @param ssl [in] An SSL object reference. | ||||
|  * @return SSL_OK if the handshake is complete and ok.  | ||||
|  * @see ssl.h for the error code list. | ||||
|  */ | ||||
| EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Retrieve various parameters about the axTLS engine. | ||||
|  * @param offset [in] The configuration offset. It will be one of the following: | ||||
|  * - SSL_BUILD_MODE The build mode. This will be one of the following: | ||||
|  *   - SSL_BUILD_SERVER_ONLY            (basic server mode) | ||||
|  *   - SSL_BUILD_ENABLE_VERIFICATION    (server can do client authentication) | ||||
|  *   - SSL_BUILD_ENABLE_CLIENT          (client/server capabilties) | ||||
|  *   - SSL_BUILD_FULL_MODE              (client/server with diagnostics) | ||||
|  *   - SSL_BUILD_SKELETON_MODE          (skeleton mode) | ||||
|  * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed. | ||||
|  * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed. | ||||
|  * - SSL_HAS_PEM                        1 if supported | ||||
|  * @return The value of the requested parameter. | ||||
|  */ | ||||
| EXP_FUNC int STDCALL ssl_get_config(int offset); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Display why the handshake failed. | ||||
|  * | ||||
|  * This call is only useful in a 'full mode' build. The output is to stdout. | ||||
|  * @param error_code [in] An error code. | ||||
|  * @see ssl.h for the error code list. | ||||
|  */ | ||||
| //EXP_FUNC void STDCALL ssl_display_error(int error_code);
 | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Authenticate a received certificate. | ||||
|  *  | ||||
|  * This call is usually made by a client after a handshake is complete and the | ||||
|  * context is in SSL_SERVER_VERIFY_LATER mode. | ||||
|  * @param ssl [in] An SSL object reference. | ||||
|  * @return SSL_OK if the certificate is verified. | ||||
|  */ | ||||
| EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Retrieve an X.509 distinguished name component. | ||||
|  *  | ||||
|  * When a handshake is complete and a certificate has been exchanged, then the | ||||
|  * details of the remote certificate can be retrieved. | ||||
|  * | ||||
|  * This will usually be used by a client to check that the server's common  | ||||
|  * name matches the URL. | ||||
|  * | ||||
|  * @param ssl [in] An SSL object reference. | ||||
|  * @param component [in] one of: | ||||
|  * - SSL_X509_CERT_COMMON_NAME | ||||
|  * - SSL_X509_CERT_ORGANIZATION | ||||
|  * - SSL_X509_CERT_ORGANIZATIONAL_NAME | ||||
|  * - SSL_X509_CA_CERT_COMMON_NAME | ||||
|  * - SSL_X509_CA_CERT_ORGANIZATION | ||||
|  * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME | ||||
|  * @return The appropriate string (or null if not defined) | ||||
|  * @note Verification build mode must be enabled. | ||||
|  */ | ||||
| EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Retrieve a Subject Alternative DNSName | ||||
|  * | ||||
|  * When a handshake is complete and a certificate has been exchanged, then the | ||||
|  * details of the remote certificate can be retrieved. | ||||
|  * | ||||
|  * This will usually be used by a client to check that the server's DNS   | ||||
|  * name matches the URL. | ||||
|  * | ||||
|  * @param ssl [in] An SSL object reference. | ||||
|  * @param dnsindex [in] The index of the DNS name to retrieve. | ||||
|  * @return The appropriate string (or null if not defined) | ||||
|  * @note Verification build mode must be enabled. | ||||
|  */ | ||||
| EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int dnsindex); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Force the client to perform its handshake again. | ||||
|  * | ||||
|  * For a client this involves sending another "client hello" message. | ||||
|  * For the server is means sending a "hello request" message. | ||||
|  * | ||||
|  * This is a blocking call on the client (until the handshake completes). | ||||
|  * | ||||
|  * @param ssl [in] An SSL object reference. | ||||
|  * @return SSL_OK if renegotiation instantiation was ok | ||||
|  */ | ||||
| EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Process a file that is in binary DER or ASCII PEM format. | ||||
|  * | ||||
|  * These are temporary objects that are used to load private keys, | ||||
|  * certificates etc into memory. | ||||
|  * @param ssl_ctx [in] The client/server context. | ||||
|  * @param obj_type [in] The format of the file. Can be one of: | ||||
|  * - SSL_OBJ_X509_CERT (no password required) | ||||
|  * - SSL_OBJ_X509_CACERT (no password required) | ||||
|  * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported) | ||||
|  * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported) | ||||
|  * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported) | ||||
|  * | ||||
|  * PEM files are automatically detected (if supported). The object type is | ||||
|  * also detected, and so is not relevant for these types of files. | ||||
|  * @param filename [in] The location of a file in DER/PEM format. | ||||
|  * @param password [in] The password used. Can be null if not required. | ||||
|  * @return SSL_OK if all ok | ||||
|  * @note Not available in skeleton build mode. | ||||
|  */ | ||||
| EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password); | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Process binary data. | ||||
|  * | ||||
|  * These are temporary objects that are used to load private keys, | ||||
|  * certificates etc into memory. | ||||
|  * @param ssl_ctx [in] The client/server context. | ||||
|  * @param obj_type [in] The format of the memory data. | ||||
|  * @param data [in] The binary data to be loaded. | ||||
|  * @param len [in] The amount of data to be loaded. | ||||
|  * @param password [in] The password used. Can be null if not required. | ||||
|  * @return SSL_OK if all ok | ||||
|  * @see ssl_obj_load for more details on obj_type. | ||||
|  */ | ||||
| EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password); | ||||
| 
 | ||||
| #ifdef CONFIG_SSL_GENERATE_X509_CERT | ||||
| /**
 | ||||
|  * @brief Create an X.509 certificate.  | ||||
|  *  | ||||
|  * This certificate is a self-signed v1 cert with a fixed start/stop validity  | ||||
|  * times. It is signed with an internal private key in ssl_ctx. | ||||
|  * | ||||
|  * @param ssl_ctx [in] The client/server context. | ||||
|  * @param options [in] Not used yet. | ||||
|  * @param dn [in] An array of distinguished name strings. The array is defined | ||||
|  * by: | ||||
|  * - SSL_X509_CERT_COMMON_NAME (0) | ||||
|  *      - If SSL_X509_CERT_COMMON_NAME is empty or not defined, then the  | ||||
|  *        hostname will be used. | ||||
|  * - SSL_X509_CERT_ORGANIZATION (1) | ||||
|  *      - If SSL_X509_CERT_ORGANIZATION is empty or not defined, then $USERNAME  | ||||
|  *        will be used. | ||||
|  * - SSL_X509_CERT_ORGANIZATIONAL_NAME (2) | ||||
|  *      - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional. | ||||
|  * @param cert_data [out] The certificate as a sequence of bytes. | ||||
|  * @return < 0 if an error, or the size of the certificate in bytes. | ||||
|  * @note cert_data must be freed when there is no more need for it. | ||||
|  */ | ||||
| EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data); | ||||
| #endif | ||||
| 
 | ||||
| /**
 | ||||
|  * @brief Return the axTLS library version as a string. | ||||
|  */ | ||||
| EXP_FUNC const char * STDCALL ssl_version(void); | ||||
| 
 | ||||
| /** @} */ | ||||
| 
 | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| 
 | ||||
| #endif | ||||
|  | @ -1,298 +0,0 @@ | |||
| /*
 | ||||
|  * Copyright (c) 2007, Cameron Rich | ||||
|  *  | ||||
|  * All rights reserved. | ||||
|  *  | ||||
|  * Redistribution and use in source and binary forms, with or without  | ||||
|  * modification, are permitted provided that the following conditions are met: | ||||
|  * | ||||
|  * * Redistributions of source code must retain the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer. | ||||
|  * * Redistributions in binary form must reproduce the above copyright notice,  | ||||
|  *   this list of conditions and the following disclaimer in the documentation  | ||||
|  *   and/or other materials provided with the distribution. | ||||
|  * * Neither the name of the axTLS project nor the names of its contributors  | ||||
|  *   may be used to endorse or promote products derived from this software  | ||||
|  *   without specific prior written permission. | ||||
|  * | ||||
|  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||||
|  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||||
|  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | ||||
|  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | ||||
|  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | ||||
|  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | ||||
|  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | ||||
|  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||||
|  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | ||||
|  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||||
|  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
|  */ | ||||
| 
 | ||||
| /**
 | ||||
|  * @file tls1.h | ||||
|  * | ||||
|  * @brief The definitions for the TLS library. | ||||
|  */ | ||||
| #ifndef HEADER_SSL_LIB_H | ||||
| #define HEADER_SSL_LIB_H | ||||
| 
 | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
| 
 | ||||
| #include "c_types.h" | ||||
| #include "ssl/ssl_version.h" | ||||
| #include "ssl/ssl_config.h" | ||||
| 
 | ||||
| #include "ssl/ssl_crypto.h" | ||||
| #include "ssl/ssl_crypto_misc.h" | ||||
| 
 | ||||
| #define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */ | ||||
| #define SSL_PROTOCOL_MINOR_VERSION  0x02   /* TLS v1.1 */ | ||||
| #define SSL_PROTOCOL_VERSION_MAX    0x32   /* TLS v1.1 */ | ||||
| #define SSL_PROTOCOL_VERSION1_1     0x32   /* TLS v1.1 */ | ||||
| #define SSL_RANDOM_SIZE             32 | ||||
| #define SSL_SECRET_SIZE             48 | ||||
| #define SSL_FINISHED_HASH_SIZE      12 | ||||
| #define SSL_RECORD_SIZE             5 | ||||
| #define SSL_SERVER_READ             0 | ||||
| #define SSL_SERVER_WRITE            1 | ||||
| #define SSL_CLIENT_READ             2 | ||||
| #define SSL_CLIENT_WRITE            3 | ||||
| #define SSL_HS_HDR_SIZE             4 | ||||
| 
 | ||||
| /* the flags we use while establishing a connection */ | ||||
| #define SSL_NEED_RECORD             0x0001 | ||||
| #define SSL_TX_ENCRYPTED            0x0002  | ||||
| #define SSL_RX_ENCRYPTED            0x0004 | ||||
| #define SSL_SESSION_RESUME          0x0008 | ||||
| #define SSL_IS_CLIENT               0x0010 | ||||
| #define SSL_HAS_CERT_REQ            0x0020 | ||||
| #define SSL_SENT_CLOSE_NOTIFY       0x0040 | ||||
| 
 | ||||
| /* some macros to muck around with flag bits */ | ||||
| #define SET_SSL_FLAG(A)             (ssl->flag |= A) | ||||
| #define CLR_SSL_FLAG(A)             (ssl->flag &= ~A) | ||||
| #define IS_SET_SSL_FLAG(A)          (ssl->flag & A) | ||||
| 
 | ||||
| #define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */ | ||||
| #define RT_MAX_PLAIN_LENGTH         1024 | ||||
| #define RT_EXTRA                    1024 | ||||
| #define BM_RECORD_OFFSET            5 | ||||
| 
 | ||||
| #ifdef CONFIG_SSL_SKELETON_MODE | ||||
| #define NUM_PROTOCOLS               1 | ||||
| #else | ||||
| #define NUM_PROTOCOLS               4 | ||||
| #endif | ||||
| 
 | ||||
| #define PARANOIA_CHECK(A, B)        if (A < B) { \ | ||||
|     ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; } | ||||
| 
 | ||||
| /* protocol types */ | ||||
| enum | ||||
| { | ||||
|     PT_CHANGE_CIPHER_SPEC = 20, | ||||
|     PT_ALERT_PROTOCOL, | ||||
|     PT_HANDSHAKE_PROTOCOL, | ||||
|     PT_APP_PROTOCOL_DATA | ||||
| }; | ||||
| 
 | ||||
| /* handshaking types */ | ||||
| enum | ||||
| { | ||||
|     HS_HELLO_REQUEST, | ||||
|     HS_CLIENT_HELLO, | ||||
|     HS_SERVER_HELLO, | ||||
|     HS_CERTIFICATE = 11, | ||||
|     HS_SERVER_KEY_XCHG, | ||||
|     HS_CERT_REQ, | ||||
|     HS_SERVER_HELLO_DONE, | ||||
|     HS_CERT_VERIFY, | ||||
|     HS_CLIENT_KEY_XCHG, | ||||
|     HS_FINISHED = 20 | ||||
| }; | ||||
| 
 | ||||
| typedef struct  | ||||
| { | ||||
|     uint8_t cipher; | ||||
|     uint8_t key_size; | ||||
|     uint8_t iv_size; | ||||
|     uint8_t key_block_size; | ||||
|     uint8_t padding_size; | ||||
|     uint8_t digest_size; | ||||
|     hmac_func hmac; | ||||
|     crypt_func encrypt; | ||||
|     crypt_func decrypt; | ||||
| } cipher_info_t; | ||||
| 
 | ||||
| struct _SSLObjLoader  | ||||
| { | ||||
|     uint8_t *buf; | ||||
|     int len; | ||||
| }; | ||||
| 
 | ||||
| typedef struct _SSLObjLoader SSLObjLoader; | ||||
| 
 | ||||
| typedef struct  | ||||
| { | ||||
|     time_t conn_time; | ||||
|     uint8_t session_id[SSL_SESSION_ID_SIZE]; | ||||
|     uint8_t master_secret[SSL_SECRET_SIZE]; | ||||
| } SSL_SESSION; | ||||
| 
 | ||||
| typedef struct | ||||
| { | ||||
|     uint8_t *buf; | ||||
|     int size; | ||||
| } SSL_CERT; | ||||
| 
 | ||||
| typedef struct | ||||
| { | ||||
|     MD5_CTX md5_ctx; | ||||
|     SHA1_CTX sha1_ctx; | ||||
|     uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE]; | ||||
|     uint8_t *key_block; | ||||
|     uint8_t master_secret[SSL_SECRET_SIZE]; | ||||
|     uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */ | ||||
|     uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */ | ||||
|     uint16_t bm_proc_index; | ||||
| } DISPOSABLE_CTX; | ||||
| 
 | ||||
| struct _SSL | ||||
| { | ||||
|     uint32_t flag; | ||||
|     uint16_t need_bytes; | ||||
|     uint16_t got_bytes; | ||||
|     uint8_t record_type; | ||||
|     uint8_t cipher; | ||||
|     uint8_t sess_id_size; | ||||
|     uint8_t version; | ||||
|     uint8_t client_version; | ||||
|     sint16_t next_state; | ||||
|     sint16_t hs_status; | ||||
|     DISPOSABLE_CTX *dc;         /* temporary data which we'll get rid of soon */ | ||||
|     int client_fd; | ||||
|     const cipher_info_t *cipher_info; | ||||
|     void *encrypt_ctx; | ||||
|     void *decrypt_ctx; | ||||
|     uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA]; | ||||
|     uint8_t *bm_data; | ||||
|     uint16_t bm_index; | ||||
|     uint16_t bm_read_index; | ||||
|     struct _SSL *next;                  /* doubly linked list */ | ||||
|     struct _SSL *prev; | ||||
|     struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */ | ||||
| #ifndef CONFIG_SSL_SKELETON_MODE | ||||
|     uint16_t session_index; | ||||
|     SSL_SESSION *session; | ||||
| #endif | ||||
| #ifdef CONFIG_SSL_CERT_VERIFICATION | ||||
|     X509_CTX *x509_ctx; | ||||
| #endif | ||||
| 
 | ||||
|     uint8_t session_id[SSL_SESSION_ID_SIZE];  | ||||
|     uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */ | ||||
|     uint8_t server_mac[SHA1_SIZE];  /* for HMAC verification */ | ||||
|     uint8_t read_sequence[8];       /* 64 bit sequence number */ | ||||
|     uint8_t write_sequence[8];      /* 64 bit sequence number */ | ||||
|     uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */ | ||||
| }; | ||||
| 
 | ||||
| typedef struct _SSL SSL; | ||||
| 
 | ||||
| struct _SSL_CTX | ||||
| { | ||||
|     uint32_t options; | ||||
|     uint8_t chain_length; | ||||
|     RSA_CTX *rsa_ctx; | ||||
| #ifdef CONFIG_SSL_CERT_VERIFICATION | ||||
|     CA_CERT_CTX *ca_cert_ctx; | ||||
| #endif | ||||
|     SSL *head; | ||||
|     SSL *tail; | ||||
|     SSL_CERT certs[CONFIG_SSL_MAX_CERTS]; | ||||
| #ifndef CONFIG_SSL_SKELETON_MODE | ||||
|     uint16_t num_sessions; | ||||
|     SSL_SESSION **ssl_sessions; | ||||
| #endif | ||||
| #ifdef CONFIG_SSL_CTX_MUTEXING | ||||
|     SSL_CTX_MUTEX_TYPE mutex; | ||||
| #endif | ||||
| #ifdef CONFIG_OPENSSL_COMPATIBLE | ||||
|     void *bonus_attr; | ||||
| #endif | ||||
| }; | ||||
| 
 | ||||
| typedef struct _SSL_CTX SSL_CTX; | ||||
| 
 | ||||
| /* backwards compatibility */ | ||||
| typedef struct _SSL_CTX SSLCTX; | ||||
| 
 | ||||
| extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS]; | ||||
| 
 | ||||
| SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd); | ||||
| void disposable_new(SSL *ssl); | ||||
| void disposable_free(SSL *ssl); | ||||
| int send_packet(SSL *ssl, uint8_t protocol,  | ||||
|         const uint8_t *in, int length); | ||||
| int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); | ||||
| int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); | ||||
| int process_finished(SSL *ssl, uint8_t *buf, int hs_len); | ||||
| int process_sslv23_client_hello(SSL *ssl); | ||||
| int send_alert(SSL *ssl, int error_code); | ||||
| int send_finished(SSL *ssl); | ||||
| int send_certificate(SSL *ssl); | ||||
| int basic_read(SSL *ssl, uint8_t **in_data); | ||||
| int send_change_cipher_spec(SSL *ssl); | ||||
| void finished_digest(SSL *ssl, const char *label, uint8_t *digest); | ||||
| void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret); | ||||
| void add_packet(SSL *ssl, const uint8_t *pkt, int len); | ||||
| int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); | ||||
| int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj); | ||||
| void ssl_obj_free(SSLObjLoader *ssl_obj); | ||||
| int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); | ||||
| int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); | ||||
| int load_key_certs(SSL_CTX *ssl_ctx); | ||||
| #ifdef CONFIG_SSL_CERT_VERIFICATION | ||||
| int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); | ||||
| void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx); | ||||
| #endif | ||||
| #ifdef CONFIG_SSL_ENABLE_CLIENT | ||||
| int do_client_connect(SSL *ssl); | ||||
| #endif | ||||
| 
 | ||||
| #ifdef CONFIG_SSL_FULL_MODE | ||||
| //void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
 | ||||
| //void DISPLAY_BYTES(SSL *ssl, const char *format,
 | ||||
| //        const uint8_t *data, int size, ...);
 | ||||
| //void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
 | ||||
| //void DISPLAY_RSA(SSL *ssl,  const RSA_CTX *rsa_ctx);
 | ||||
| //void DISPLAY_ALERT(SSL *ssl, int alert);
 | ||||
| #else | ||||
| #define DISPLAY_STATE(A,B,C,D) | ||||
| #define DISPLAY_CERT(A,B) | ||||
| #define DISPLAY_RSA(A,B) | ||||
| #define DISPLAY_ALERT(A, B) | ||||
| #ifdef WIN32 | ||||
| void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */ | ||||
|         const uint8_t *data, int size, ...); | ||||
| #else | ||||
| #define DISPLAY_BYTES(A,B,C,D,...) | ||||
| #endif | ||||
| #endif | ||||
| 
 | ||||
| #ifdef CONFIG_SSL_CERT_VERIFICATION | ||||
| int process_certificate(SSL *ssl, X509_CTX **x509_ctx); | ||||
| #endif | ||||
| 
 | ||||
| SSL_SESSION *ssl_session_update(int max_sessions,  | ||||
|         SSL_SESSION *ssl_sessions[], SSL *ssl, | ||||
|         const uint8_t *session_id); | ||||
| void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl); | ||||
| 
 | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| 
 | ||||
| #endif  | ||||
|  | @ -1 +0,0 @@ | |||
| #define AXTLS_VERSION    "1.4.9" | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue