Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

1. add lock function for every function

Browse source 
2. modify some function for crypto
This commit is contained in:
liuhan 2016-08-08 13:56:36 +08:00 committed by Wu Jian Gang
parent 30be5f6eb5
commit d9b660f6d4
15 changed files with 436 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
components/mbedtls/include/mbedtls/aes.h
View file

@ -276,7 +276,27 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
#endif
#else /* MBEDTLS_AES_ALT */
#include "aes_alt.h"
#include "port/aes_alt.h"
typedef AES_CTX mbedtls_aes_context;
#define mbedtls_aes_init aes_init
#define mbedtls_aes_free aes_free
#define mbedtls_aes_setkey_enc aes_setkey_enc
#define mbedtls_aes_setkey_dec aes_setkey_dec
#define mbedtls_aes_crypt_ecb aes_crypt_ecb
#if defined(MBEDTLS_CIPHER_MODE_CBC)
#define mbedtls_aes_crypt_cbc aes_crypt_cbc
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
#define mbedtls_aes_crypt_cfb128 aes_crypt_cfb128
#define mbedtls_aes_crypt_cfb8 aes_crypt_cfb8
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
#define mbedtls_aes_crypt_ctr aes_crypt_ctr
#endif
#define mbedtls_aes_encrypt aes_encrypt
#define mbedtls_aes_decrypt aes_decrypt
#endif /* MBEDTLS_AES_ALT */
#ifdef __cplusplus

50
components/mbedtls/include/mbedtls/bignum.h
View file

@ -100,6 +100,8 @@
#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
#define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
#if !defined(MBEDTLS_BIGNUM_ALT)
/*
* Define the base integer type, architecture-wise.
*
@ -702,6 +704,54 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
#else /* MBEDTLS_BIGNUM_ALT */
#include "port/bignum_alt.h"
typedef mpi mbedtls_mpi;
#define mbedtls_mpi_init mpi_init
#define mbedtls_mpi_free mpi_free
#define mbedtls_mpi_grow mpi_grow
#define mbedtls_mpi_shrink mpi_shrink
#define mbedtls_mpi_copy mpi_copy
#define mbedtls_mpi_swap mpi_swap
#define mbedtls_mpi_safe_cond_assign mpi_safe_cond_assign
#define mbedtls_mpi_safe_cond_swap mpi_safe_cond_swap
#define mbedtls_mpi_lset mpi_lset
#define mbedtls_mpi_get_bit mpi_get_bit
#define mbedtls_mpi_set_bit mpi_set_bit
#define mbedtls_mpi_lsb mpi_lsb
#define mbedtls_mpi_bitlen mpi_bitlen
#define mbedtls_mpi_size mpi_size
#define mbedtls_mpi_read_string mpi_read_string
#define mbedtls_mpi_write_string mpi_write_string
#define mbedtls_mpi_read_binary mpi_read_binary
#define mbedtls_mpi_write_binary mpi_write_binary
#define mbedtls_mpi_shift_l mpi_shift_l
#define mbedtls_mpi_shift_r mpi_shift_r
#define mbedtls_mpi_cmp_abs mpi_cmp_abs
#define mbedtls_mpi_cmp_mpi mpi_cmp_mpi
#define mbedtls_mpi_cmp_int mpi_cmp_int
#define mbedtls_mpi_add_abs mpi_add_abs
#define mbedtls_mpi_sub_abs mpi_sub_abs
#define mbedtls_mpi_add_mpi mpi_add_mpi
#define mbedtls_mpi_sub_mpi mpi_sub_mpi
#define mbedtls_mpi_add_int mpi_add_int
#define mbedtls_mpi_sub_int mpi_sub_int
#define mbedtls_mpi_mul_mpi mpi_mul_mpi
#define mbedtls_mpi_mul_int mpi_mul_int
#define mbedtls_mpi_div_mpi mpi_div_mpi
#define mbedtls_mpi_div_int mpi_div_int
#define mbedtls_mpi_mod_mpi mpi_mod_mpi
#define mbedtls_mpi_mod_int mpi_mod_int
#define mbedtls_mpi_exp_mod mpi_exp_mod
#define mbedtls_mpi_fill_random mpi_fill_random
#define mbedtls_mpi_gcd mpi_gcd
#define mbedtls_mpi_inv_mod mpi_inv_mod
#define mbedtls_mpi_is_prime mpi_is_prime
#define mbedtls_mpi_gen_prime mpi_gen_prime
#endif /* MBEDTLS_BIGNUM_ALT */
/**
* \brief Checkup routine

148
components/mbedtls/include/mbedtls/esp_config.h
View file

@ -225,7 +225,7 @@
* Uncomment a macro to enable alternate implementation of the corresponding
* module.
*/
//#define MBEDTLS_AES_ALT
#define MBEDTLS_AES_ALT
//#define MBEDTLS_ARC4_ALT
//#define MBEDTLS_BLOWFISH_ALT
//#define MBEDTLS_CAMELLIA_ALT
@ -235,10 +235,11 @@
//#define MBEDTLS_MD4_ALT
//#define MBEDTLS_MD5_ALT
//#define MBEDTLS_RIPEMD160_ALT
//#define MBEDTLS_SHA1_ALT
//#define MBEDTLS_SHA256_ALT
//#define MBEDTLS_SHA512_ALT
#define MBEDTLS_SHA1_ALT
#define MBEDTLS_SHA256_ALT
#define MBEDTLS_SHA512_ALT
#define MBEDTLS_BIGNUM_ALT
/**
* \def MBEDTLS_MD2_PROCESS_ALT
*
@ -297,7 +298,7 @@
*
* Uncomment this macro to store the AES tables in ROM.
*/
//#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_AES_ROM_TABLES
/**
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
@ -373,10 +374,10 @@
*
* Enable padding modes in the cipher layer.
*/
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
#define MBEDTLS_CIPHER_PADDING_ZEROS
//#define MBEDTLS_CIPHER_PADDING_PKCS7
//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
//#define MBEDTLS_CIPHER_PADDING_ZEROS
/**
* \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
@ -414,18 +415,18 @@
*
* Comment macros to disable the curve and functions for it
*/
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
/**
* \def MBEDTLS_ECP_NIST_OPTIM
@ -436,7 +437,7 @@
*
* Comment this macro to disable NIST curves optimisation.
*/
#define MBEDTLS_ECP_NIST_OPTIM
//#define MBEDTLS_ECP_NIST_OPTIM
/**
* \def MBEDTLS_ECDSA_DETERMINISTIC
@ -450,7 +451,7 @@
*
* Comment this macro to disable deterministic ECDSA.
*/
#define MBEDTLS_ECDSA_DETERMINISTIC
//#define MBEDTLS_ECDSA_DETERMINISTIC
/**
* \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@ -472,7 +473,7 @@
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
@ -496,7 +497,7 @@
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@ -516,7 +517,7 @@
* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@ -595,7 +596,7 @@
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@ -620,7 +621,7 @@
* MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@ -644,7 +645,7 @@
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@ -668,7 +669,7 @@
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
*/
#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@ -692,7 +693,7 @@
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
*/
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
/**
* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@ -945,7 +946,7 @@
*
* Comment this macro to disable support for Encrypt-then-MAC
*/
#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
*
@ -963,7 +964,7 @@
*
* Comment this macro to disable support for Extended Master Secret.
*/
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
/**
* \def MBEDTLS_SSL_FALLBACK_SCSV
@ -980,7 +981,7 @@
*
* Comment this macro to disable support for FALLBACK_SCSV
*/
#define MBEDTLS_SSL_FALLBACK_SCSV
//#define MBEDTLS_SSL_FALLBACK_SCSV
/**
* \def MBEDTLS_SSL_HW_RECORD_ACCEL
@ -1017,7 +1018,7 @@
*
* Comment this to disable support for renegotiation.
*/
#define MBEDTLS_SSL_RENEGOTIATION
//#define MBEDTLS_SSL_RENEGOTIATION
/**
* \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@ -1046,7 +1047,7 @@
*
* Comment this macro to disable support for the max_fragment_length extension
*/
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
/**
* \def MBEDTLS_SSL_PROTO_SSL3
@ -1058,7 +1059,7 @@
*
* Comment this macro to disable support for SSL 3.0
*/
#define MBEDTLS_SSL_PROTO_SSL3
//#define MBEDTLS_SSL_PROTO_SSL3
/**
* \def MBEDTLS_SSL_PROTO_TLS1
@ -1109,7 +1110,7 @@
*
* Comment this macro to disable support for DTLS
*/
#define MBEDTLS_SSL_PROTO_DTLS
//#define MBEDTLS_SSL_PROTO_DTLS
/**
* \def MBEDTLS_SSL_ALPN
@ -1118,7 +1119,7 @@
*
* Comment this macro to disable support for ALPN.
*/
#define MBEDTLS_SSL_ALPN
//#define MBEDTLS_SSL_ALPN
/**
* \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
@ -1133,7 +1134,7 @@
*
* Comment this to disable anti-replay in DTLS.
*/
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
/**
* \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
@ -1151,7 +1152,7 @@
*
* Comment this to disable support for HelloVerifyRequest.
*/
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
/**
* \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
@ -1167,7 +1168,7 @@
*
* Comment this to disable support for clients reusing the source port.
*/
#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
/**
* \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
@ -1178,7 +1179,7 @@
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*/
#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
/**
* \def MBEDTLS_SSL_SESSION_TICKETS
@ -1192,7 +1193,7 @@
*
* Comment this macro to disable support for SSL session tickets
*/
#define MBEDTLS_SSL_SESSION_TICKETS
//#define MBEDTLS_SSL_SESSION_TICKETS
/**
* \def MBEDTLS_SSL_EXPORT_KEYS
@ -1202,7 +1203,7 @@
*
* Comment this macro to disable support for key export
*/
#define MBEDTLS_SSL_EXPORT_KEYS
//#define MBEDTLS_SSL_EXPORT_KEYS
/**
* \def MBEDTLS_SSL_SERVER_NAME_INDICATION
@ -1222,7 +1223,7 @@
*
* Comment this macro to disable support for truncated HMAC in SSL
*/
#define MBEDTLS_SSL_TRUNCATED_HMAC
//#define MBEDTLS_SSL_TRUNCATED_HMAC
/**
* \def MBEDTLS_THREADING_ALT
@ -1257,7 +1258,7 @@
*
* Comment this to disable run-time checking and save ROM space
*/
#define MBEDTLS_VERSION_FEATURES
//#define MBEDTLS_VERSION_FEATURES
/**
* \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@ -1293,7 +1294,7 @@
*
* Comment to skip keyUsage checking for both CA and leaf certificates.
*/
#define MBEDTLS_X509_CHECK_KEY_USAGE
//#define MBEDTLS_X509_CHECK_KEY_USAGE
/**
* \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
@ -1306,7 +1307,7 @@
*
* Comment to skip extendedKeyUsage checking for certificates.
*/
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
/**
* \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
@ -1316,7 +1317,7 @@
*
* Comment this macro to disallow using RSASSA-PSS in certificates.
*/
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
/**
* \def MBEDTLS_ZLIB_SUPPORT
@ -1458,7 +1459,7 @@
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*/
#define MBEDTLS_ARC4_C
//#define MBEDTLS_ARC4_C
/**
* \def MBEDTLS_ASN1_PARSE_C
@ -1523,7 +1524,7 @@
*
* Module: library/blowfish.c
*/
#define MBEDTLS_BLOWFISH_C
//#define MBEDTLS_BLOWFISH_C
/**
* \def MBEDTLS_CAMELLIA_C
@ -1578,7 +1579,7 @@
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
*/
#define MBEDTLS_CAMELLIA_C
//#define MBEDTLS_CAMELLIA_C
/**
* \def MBEDTLS_CCM_C
@ -1592,7 +1593,7 @@
* This module enables the AES-CCM ciphersuites, if other requisites are
* enabled as well.
*/
#define MBEDTLS_CCM_C
//#define MBEDTLS_CCM_C
/**
* \def MBEDTLS_CERTS_C
@ -1604,7 +1605,7 @@
*
* This module is used for testing (ssl_client/server).
*/
#define MBEDTLS_CERTS_C
//#define MBEDTLS_CERTS_C
/**
* \def MBEDTLS_CIPHER_C
@ -1644,7 +1645,7 @@
*
* This module provides debugging functions.
*/
#define MBEDTLS_DEBUG_C
//#define MBEDTLS_DEBUG_C
/**
* \def MBEDTLS_DES_C
@ -1670,7 +1671,7 @@
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*/
#define MBEDTLS_DES_C
//#define MBEDTLS_DES_C
/**
* \def MBEDTLS_DHM_C
@ -1684,7 +1685,7 @@
* This module is used by the following key exchanges:
* DHE-RSA, DHE-PSK
*/
#define MBEDTLS_DHM_C
//#define MBEDTLS_DHM_C
/**
* \def MBEDTLS_ECDH_C
@ -1700,7 +1701,7 @@
*
* Requires: MBEDTLS_ECP_C
*/
#define MBEDTLS_ECDH_C
//#define MBEDTLS_ECDH_C
/**
* \def MBEDTLS_ECDSA_C
@ -1715,7 +1716,7 @@
*
* Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
*/
#define MBEDTLS_ECDSA_C
//#define MBEDTLS_ECDSA_C
/**
* \def MBEDTLS_ECJPAKE_C
@ -1748,7 +1749,7 @@
*
* Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
*/
#define MBEDTLS_ECP_C
//#define MBEDTLS_ECP_C
/**
* \def MBEDTLS_ENTROPY_C
@ -1774,7 +1775,7 @@
*
* This module enables mbedtls_strerror().
*/
#define MBEDTLS_ERROR_C
//#define MBEDTLS_ERROR_C
/**
* \def MBEDTLS_GCM_C
@ -1788,7 +1789,7 @@
* This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
* requisites are enabled as well.
*/
#define MBEDTLS_GCM_C
//#define MBEDTLS_GCM_C //764 Byte
/**
* \def MBEDTLS_HAVEGE_C
@ -1825,7 +1826,7 @@
*
* Uncomment to enable the HMAC_DRBG random number geerator.
*/
#define MBEDTLS_HMAC_DRBG_C
//#define MBEDTLS_HMAC_DRBG_C
/**
* \def MBEDTLS_MD_C
@ -1940,7 +1941,7 @@
*
* This modules adds support for the VIA PadLock on x86.
*/
#define MBEDTLS_PADLOCK_C
//#define MBEDTLS_PADLOCK_C
/**
* \def MBEDTLS_PEM_PARSE_C
@ -2032,7 +2033,7 @@
*
* This module adds support for the PKCS#5 functions.
*/
#define MBEDTLS_PKCS5_C
//#define MBEDTLS_PKCS5_C
/**
* \def MBEDTLS_PKCS11_C
@ -2063,7 +2064,7 @@
*
* This module enables PKCS#12 functions.
*/
#define MBEDTLS_PKCS12_C
//#define MBEDTLS_PKCS12_C
/**
* \def MBEDTLS_PLATFORM_C
@ -2083,7 +2084,7 @@
*
* This module enables abstraction of common (libc) functions.
*/
#define MBEDTLS_PLATFORM_C
//#define MBEDTLS_PLATFORM_C
/**
* \def MBEDTLS_RIPEMD160_C
@ -2094,7 +2095,7 @@
* Caller: library/mbedtls_md.c
*
*/
#define MBEDTLS_RIPEMD160_C
//#define MBEDTLS_RIPEMD160_C
/**
* \def MBEDTLS_RSA_C
@ -2172,7 +2173,7 @@
*
* Requires: MBEDTLS_SSL_CACHE_C
*/
#define MBEDTLS_SSL_CACHE_C
//#define MBEDTLS_SSL_CACHE_C
/**
* \def MBEDTLS_SSL_COOKIE_C
@ -2182,7 +2183,7 @@
* Module: library/ssl_cookie.c
* Caller:
*/
#define MBEDTLS_SSL_COOKIE_C
//#define MBEDTLS_SSL_COOKIE_C
/**
* \def MBEDTLS_SSL_TICKET_C
@ -2194,7 +2195,7 @@
*
* Requires: MBEDTLS_CIPHER_C
*/
#define MBEDTLS_SSL_TICKET_C
//#define MBEDTLS_SSL_TICKET_C
/**
* \def MBEDTLS_SSL_CLI_C
@ -2465,7 +2466,8 @@
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
/* SSL options */
//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
extern unsigned int max_content_len;
#define MBEDTLS_SSL_MAX_CONTENT_LEN max_content_len /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */

12
components/mbedtls/include/mbedtls/sha1.h
View file

@ -106,7 +106,17 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[6
#endif
#else /* MBEDTLS_SHA1_ALT */
#include "sha1_alt.h"
#include "port/sha1_alt.h"
typedef SHA1_CTX mbedtls_sha1_context;
#define mbedtls_sha1_init sha1_init
#define mbedtls_sha1_starts sha1_starts
#define mbedtls_sha1_clone sha1_clone
#define mbedtls_sha1_update sha1_update
#define mbedtls_sha1_finish sha1_finish
#define mbedtls_sha1_free sha1_free
#define mbedtls_sha1_process sha1_process
#endif /* MBEDTLS_SHA1_ALT */
#ifdef __cplusplus

12
components/mbedtls/include/mbedtls/sha256.h
View file

@ -109,7 +109,17 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char da
#endif
#else /* MBEDTLS_SHA256_ALT */
#include "sha256_alt.h"
#include "port/sha256_alt.h"
typedef SHA256_CTX mbedtls_sha256_context;
#define mbedtls_sha256_init sha256_init
#define mbedtls_sha256_clone sha256_clone
#define mbedtls_sha256_starts sha256_starts
#define mbedtls_sha256_update sha256_update
#define mbedtls_sha256_finish sha256_finish
#define mbedtls_sha256_free sha256_free
#define mbedtls_sha256_process sha256_process
#endif /* MBEDTLS_SHA256_ALT */
#ifdef __cplusplus

12
components/mbedtls/include/mbedtls/sha512.h
View file

@ -106,7 +106,17 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64
#endif
#else /* MBEDTLS_SHA512_ALT */
#include "sha512_alt.h"
#include "port/sha512_alt.h"
typedef SHA512_CTX mbedtls_sha512_context;
#define mbedtls_sha512_init sha512_init
#define mbedtls_sha512_clone sha512_clone
#define mbedtls_sha512_starts sha512_starts
#define mbedtls_sha512_update sha512_update
#define mbedtls_sha512_finish sha512_finish
#define mbedtls_sha512_free sha512_free
#endif /* MBEDTLS_SHA512_ALT */
#ifdef __cplusplus

9
components/mbedtls/include/port/aes_alt.h
View file

@ -41,6 +41,12 @@ extern "C" {
#define ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
typedef struct{
bool flag;
uint16 keybites;
uint8 key[32];
}key_context, KEY_CTX;
/**
* \brief AES context structure
*
@ -53,7 +59,8 @@ typedef struct
{
int nr; /*!< number of rounds */
uint32_t *rk; /*!< AES round keys */
uint32_t buf[68]; /*!< unaligned data */
KEY_CTX enc;
KEY_CTX dec;
}aes_context;
typedef aes_context AES_CTX;

63
components/mbedtls/include/port/multi_thread.h Normal file
View file

@ -0,0 +1,63 @@
#ifndef _MULTI_THREAD_H_
#define _MULTI_THREAD_H_
#ifdef __cplusplus
extern "C" {
#endif
enum {
AES_MUTEX = 0,
BIGNUM_MUTEX,
SHA_MUTEX,
MUTEX_MAX_NUM,
};
int multi_thread_init(void);
void multi_thread_lock(unsigned int num);
void multi_thread_unlock(unsigned int num);
void multi_thread_take(unsigned int num);
void multi_thread_give(unsigned int num);
bool multi_thread_is_used(num);
#define MUTEX_LOCK(num) multi_thread_lock(num)
#define MUTEX_UNLOCK(num) multi_thread_unlock(num)
#define SIG_TAKE(num) multi_thread_take(num)
#define SIG_GIVE(num) multi_thread_give(num)
#define SIG_IS_USED(num) multi_thread_is_used(num)
#define AES_LOCK() MUTEX_LOCK(AES_MUTEX)
#define AES_UNLOCK() MUTEX_UNLOCK(AES_MUTEX)
#define BIGNUM_LOCK() MUTEX_LOCK(BIGNUM_MUTEX)
#define BIGNUM_UNLOCK() MUTEX_UNLOCK(BIGNUM_MUTEX)
#define SHA1_LOCK() MUTEX_LOCK(SHA_MUTEX)
#define SHA1_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX)
#define SHA256_LOCK() MUTEX_LOCK(SHA_MUTEX)
#define SHA256_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX)
#define SHA512_LOCK() MUTEX_LOCK(SHA_MUTEX)
#define SHA512_UNLOCK() MUTEX_UNLOCK(SHA_MUTEX)
#define AES_TAKE() SIG_TAKE(AES_MUTEX)
#define AES_GIVE() SIG_GIVE(AES_MUTEX)
#define AES_IS_USED() SIG_IS_USED(AES_MUTEX)
#define BIGNUM_TAKE() SIG_TAKE(BIGNUM_MUTEX)
#define BIGNUM_GIVE() SIG_GIVE(BIGNUM_MUTEX)
#define BIGNUM_IS_USED() SIG_IS_USED(BIGNUM_MUTEX)
#define SHA1_TAKE() SIG_TAKE(SHA_MUTEX)
#define SHA1_GIVE() SIG_GIVE(SHA_MUTEX)
#define SHA1_IS_USED() SIG_IS_USED(SHA_MUTEX)
#define SHA256_TAKE() SIG_TAKE(SHA_MUTEX)
#define SHA256_GIVE() SIG_GIVE(SHA_MUTEX)
#define SHA256_IS_USED() SIG_IS_USED(SHA_MUTEX)
#define SHA512_TAKE() SIG_TAKE(SHA_MUTEX)
#define SHA512_GIVE() SIG_GIVE(SHA_MUTEX)
#define SHA512_IS_USED() SIG_IS_USED(SHA_MUTEX)
#ifdef __cplusplus
}
#endif
#endif /* multi_thread.h */

3
components/mbedtls/library/bignum.c
View file

@ -58,6 +58,8 @@
#define mbedtls_free free
#endif
#if !defined(MBEDTLS_BIGNUM_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
@ -2264,6 +2266,7 @@ cleanup:
}
#endif /* MBEDTLS_GENPRIME */
#endif /* MBEDTLS_BIGNUM_ALT */
#if defined(MBEDTLS_SELF_TEST)

74
components/mbedtls/port/aes_alt.c
View file

@ -30,6 +30,7 @@
#if defined(ESP_AES_C)
#include <string.h>
#include "multi_thread.h"
/* Implementation that should never be optimized out by the compiler */
static void aes_zeroize( void *v, size_t n ) {
@ -39,7 +40,11 @@ static void aes_zeroize( void *v, size_t n ) {
void aes_init( AES_CTX *ctx )
{
memset( ctx, 0, sizeof( AES_CTX ) );
AES_LOCK();
AES_TAKE();
ets_aes_enable();
AES_UNLOCK();
}
void aes_free( AES_CTX *ctx )
@ -48,7 +53,12 @@ void aes_free( AES_CTX *ctx )
return;
aes_zeroize( ctx, sizeof( AES_CTX ) );
ets_aes_disable();
AES_LOCK();
AES_GIVE();
if (false == AES_IS_USED())
ets_aes_disable();
AES_UNLOCK();
}
/*
@ -58,6 +68,7 @@ int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,
unsigned int keybits )
{
enum AES_BITS keybit;
uint16 keybyte = keybits / 8;
switch (keybits){
case 128:
keybit = AES128;
@ -70,6 +81,12 @@ int aes_setkey_enc( AES_CTX *ctx, const unsigned char *key,
break;
default : return( ERR_AES_INVALID_KEY_LENGTH );
}
if (ctx->enc.flag == false){
ctx->enc.flag = true;
ctx->enc.keybites = keybits;
memset(ctx->enc.key, 0, sizeof(ctx->enc.key));
memcpy(ctx->enc.key, key, keybyte);
}
ets_aes_setkey_enc(key, keybit);
return 0;
}
@ -81,6 +98,7 @@ int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,
unsigned int keybits )
{
enum AES_BITS keybit;
uint16 keybyte = keybits / 8;
switch (keybits){
case 128:
keybit = AES128;
@ -93,11 +111,32 @@ int aes_setkey_dec( AES_CTX *ctx, const unsigned char *key,
break;
default : return( ERR_AES_INVALID_KEY_LENGTH );
}
if (ctx->dec.flag == false){
ctx->dec.flag = true;
ctx->dec.keybites = keybits;
memset(ctx->dec.key, 0, sizeof(ctx->dec.key));
memcpy(ctx->dec.key, key, keybyte);
}
ets_aes_setkey_dec(key, keybit);
return 0;
}
static void aes_process_enable(AES_CTX *ctx, int mode)
{
if( mode == AES_ENCRYPT ){
aes_setkey_enc(ctx, ctx->enc.key, ctx->enc.keybites);
}else{
aes_setkey_dec(ctx, ctx->dec.key, ctx->dec.keybites);
}
return;
}
static void aes_process_disable(AES_CTX *ctx, int mode)
{
}
/*
* AES-ECB block encryption
*/
@ -155,7 +194,10 @@ int aes_crypt_cbc( AES_CTX *ctx,
if( length % 16 )
return( ERR_AES_INVALID_INPUT_LENGTH );
AES_LOCK();
aes_process_enable(ctx, mode);
if( mode == AES_DECRYPT )
{
while( length > 0 )
@ -188,6 +230,10 @@ int aes_crypt_cbc( AES_CTX *ctx,
length -= 16;
}
}
aes_process_disable(ctx, mode);
AES_UNLOCK();
return 0;
}
@ -204,7 +250,10 @@ int aes_crypt_cfb128( AES_CTX *ctx,
{
int c;
size_t n = *iv_off;
AES_LOCK();
aes_process_enable(ctx, mode);
if( mode == AES_DECRYPT )
{
while( length-- )
@ -233,6 +282,9 @@ int aes_crypt_cfb128( AES_CTX *ctx,
}
*iv_off = n;
aes_process_disable(ctx, mode);
AES_UNLOCK();
return 0;
}
@ -249,7 +301,10 @@ int aes_crypt_cfb8( AES_CTX *ctx,
{
unsigned char c;
unsigned char ov[17];
AES_LOCK();
aes_process_enable(ctx, mode);
while( length-- )
{
memcpy( ov, iv, 16 );
@ -265,6 +320,9 @@ int aes_crypt_cfb8( AES_CTX *ctx,
memcpy( iv, ov + 1, 16 );
}
aes_process_disable(ctx, mode);
AES_UNLOCK();
return 0;
}
@ -283,6 +341,10 @@ int aes_crypt_ctr( AES_CTX *ctx,
int c, i;
size_t n = *nc_off;
AES_LOCK();
aes_process_enable(ctx, AES_ENCRYPT);
while( length-- )
{
if( n == 0 ) {
@ -299,6 +361,10 @@ int aes_crypt_ctr( AES_CTX *ctx,
}
*nc_off = n;
aes_process_disable(ctx, AES_ENCRYPT);
AES_UNLOCK();
return 0;
}

14
components/mbedtls/port/bignum_alt.c
View file

@ -38,6 +38,7 @@
#if defined(ESP_BIGNUM_ALT)
#include <string.h>
#include <stdlib.h>
#include "multi_thread.h"
/* Implementation that should never be optimized out by the compiler */
static void mpi_zeroize( void *v, size_t n ) {
@ -68,7 +69,10 @@ void mpi_init( mpi *X )
X->s = 1;
X->n = 0;
X->p = NULL;
BIGNUM_LOCK();
BIGNUM_TAKE();
ets_bigint_enable();
BIGNUM_UNLOCK();
}
/*
@ -88,7 +92,11 @@ void mpi_free( mpi *X )
X->s = 1;
X->n = 0;
X->p = NULL;
ets_bigint_disable();
BIGNUM_LOCK();
BIGNUM_GIVE();
if (false == BIGNUM_IS_USED())
ets_bigint_disable();
BIGNUM_UNLOCK();
}
/*
@ -1035,12 +1043,14 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B )
// for( i++; j > 0; j-- )
mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] );
BIGNUM_LOCK();
if (ets_bigint_mult_prepare(A->p, B->p, n)){
ets_bigint_wait_finish();
ets_bigint_mult_getz(X->p, n);
} else{
mpi_printf("Baseline multiplication failed\n");
}
BIGNUM_UNLOCK();
X->s = A->s * B->s;
@ -1406,6 +1416,7 @@ static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm,
n = N->n;
m = ( B->n < n ) ? B->n : n;
BIGNUM_LOCK();
if (ets_bigint_montgomery_mult_prepare(N->p, B->p, d, m, n, false)) {
ets_bigint_wait_finish();
@ -1413,6 +1424,7 @@ static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, mpi_uint mm,
} else{
mpi_printf("Montgomery multiplication failed\n");
}
BIGNUM_UNLOCK();
}

53
components/mbedtls/port/multi_thread.c Normal file
View file

@ -0,0 +1,53 @@
#include "multi_thread.h"
#include "freertos/FreeRTOS.h"
#include "freertos/semphr.h"
static xSemaphoreHandle multi_thread_mutex[MUTEX_MAX_NUM];
static int multi_thread_sig[MUTEX_MAX_NUM];
int multi_thread_init(void)
{
int i;
for (i = 0; i < MUTEX_MAX_NUM; i++) {
multi_thread_mutex[i] = xSemaphoreCreateMutex();
if (!multi_thread_mutex[i]) {
goto failed1;
}
multi_thread_sig[i] = 0;
}
return 0;
failed1:
for (i--; i >= 0; i--)
vQueueDelete(multi_thread_mutex[i]);
return -1;
}
void multi_thread_lock(unsigned int num)
{
xSemaphoreTake(multi_thread_mutex[num], portMAX_DELAY);
}
void multi_thread_unlock(unsigned int num)
{
xSemaphoreGive(multi_thread_mutex[num]);
}
void multi_thread_take(unsigned int num)
{
multi_thread_sig[num]++;
}
void multi_thread_give(unsigned int num)
{
multi_thread_sig[num]--;
}
bool multi_thread_is_used(num)
{
return (multi_thread_sig[num] != 0) ? true : false;
}

17
components/mbedtls/port/sha1_alt.c
View file

@ -27,6 +27,7 @@
#if defined(ESP_SHA1_C)
#include <string.h>
#include "multi_thread.h"
/* Implementation that should never be optimized out by the compiler */
static void sha1_zeroize( void *v, size_t n ) {
@ -36,7 +37,11 @@ static void sha1_zeroize( void *v, size_t n ) {
void sha1_init( SHA1_CTX *ctx )
{
memset( ctx, 0, sizeof( SHA1_CTX ) );
SHA1_LOCK();
SHA1_TAKE();
ets_sha_enable();
SHA1_UNLOCK();
}
void sha1_free( SHA1_CTX *ctx )
@ -45,7 +50,12 @@ void sha1_free( SHA1_CTX *ctx )
return;
sha1_zeroize( ctx, sizeof( SHA1_CTX ) );
ets_sha_disable();
SHA1_LOCK();
SHA1_GIVE();
if (false == SHA1_IS_USED())
ets_sha_disable();
SHA1_UNLOCK();
}
void sha1_clone( SHA1_CTX *dst, const SHA1_CTX *src )
@ -63,7 +73,10 @@ void sha1_process(SHA1_CTX *ctx, const unsigned char data[64])
*/
void sha1_starts( SHA1_CTX *ctx )
{
SHA1_LOCK();
ets_sha_init(&ctx->context);
SHA1_UNLOCK();
ctx->context_type = SHA1;
}
@ -72,6 +85,7 @@ void sha1_starts( SHA1_CTX *ctx )
*/
void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen )
{
SHA1_LOCK();
ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8);
}
@ -81,6 +95,7 @@ void sha1_update( SHA1_CTX *ctx, const unsigned char *input, size_t ilen )
void sha1_finish( SHA1_CTX *ctx, unsigned char output[20] )
{
ets_sha_finish(&ctx->context, ctx->context_type, output);
SHA1_UNLOCK();
}
/*

17
components/mbedtls/port/sha256_alt.c
View file

@ -27,6 +27,7 @@
#if defined(ESP_SHA256_C)
#include <string.h>
#include "multi_thread.h"
/* Implementation that should never be optimized out by the compiler */
static void sha256_zeroize( void *v, size_t n ) {
@ -36,7 +37,11 @@ static void sha256_zeroize( void *v, size_t n ) {
void sha256_init( SHA256_CTX *ctx )
{
memset( ctx, 0, sizeof( SHA256_CTX ) );
SHA256_LOCK();
SHA256_TAKE();
ets_sha_enable();
SHA256_UNLOCK();
}
void sha256_process(SHA256_CTX *ctx, const unsigned char data[64])
@ -50,7 +55,12 @@ void sha256_free( SHA256_CTX *ctx )
return;
sha256_zeroize( ctx, sizeof( SHA256_CTX ) );
ets_sha_disable();
SHA256_LOCK();
SHA256_GIVE();
if (false == SHA256_IS_USED())
ets_sha_disable();
SHA256_UNLOCK();
}
void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src )
@ -63,7 +73,10 @@ void sha256_clone( SHA256_CTX *dst, const SHA256_CTX *src )
*/
void sha256_starts( SHA256_CTX *ctx, int is224 )
{
SHA256_LOCK();
ets_sha_init(&ctx->context);
SHA256_UNLOCK();
if( is224 == 0 )
{
/* SHA-256 */
@ -79,6 +92,7 @@ void sha256_starts( SHA256_CTX *ctx, int is224 )
*/
void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen )
{
SHA256_LOCK();
ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8);
}
@ -88,6 +102,7 @@ void sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen )
void sha256_finish( SHA256_CTX *ctx, unsigned char output[32] )
{
ets_sha_finish(&ctx->context, ctx->context_type, output);
SHA256_UNLOCK();
}
/*

16
components/mbedtls/port/sha512_alt.c
View file

@ -26,6 +26,7 @@
#if defined(ESP_SHA512_C)
#include <string.h>
#include "multi_thread.h"
/* Implementation that should never be optimized out by the compiler */
static void sha512_zeroize( void *v, size_t n ) {
@ -35,7 +36,11 @@ static void sha512_zeroize( void *v, size_t n ) {
void sha512_init( SHA512_CTX *ctx )
{
memset( ctx, 0, sizeof( SHA512_CTX ) );
SHA512_LOCK();
SHA512_TAKE();
ets_sha_enable();
SHA512_UNLOCK();
}
void sha512_free( SHA512_CTX *ctx )
@ -44,7 +49,12 @@ void sha512_free( SHA512_CTX *ctx )
return;
sha512_zeroize( ctx, sizeof( SHA512_CTX ) );
ets_sha_disable();
SHA512_LOCK();
SHA512_GIVE();
if (false == SHA512_IS_USED())
ets_sha_disable();
SHA512_UNLOCK();
}
void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src )
@ -57,7 +67,9 @@ void sha512_clone( SHA512_CTX *dst, const SHA512_CTX *src )
*/
void sha512_starts( SHA512_CTX *ctx, int is384 )
{
SHA512_LOCK();
ets_sha_init(&ctx->context);
SHA512_UNLOCK();
if( is384 == 0 )
{
/* SHA-512 */
@ -75,6 +87,7 @@ void sha512_starts( SHA512_CTX *ctx, int is384 )
*/
void sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen )
{
SHA512_LOCK();
ets_sha_update(&ctx->context, ctx->context_type, input, ilen * 8);
}
@ -84,6 +97,7 @@ void sha512_update( SHA512_CTX *ctx, const unsigned char *input,size_t ilen )
void sha512_finish( SHA512_CTX *ctx, unsigned char output[64] )
{
ets_sha_finish(&ctx->context, ctx->context_type, output);
SHA512_UNLOCK();
}
/*