MirrorSave
/
nodemcu-firmware
mirror of https://github.com/nodemcu/nodemcu-firmware.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nodemcu-firmware/app/include/mbedtls/ccm.h

311 lines
14 KiB
C
Raw Normal View History

Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
/**
* \file ccm.h
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \brief This file provides an API for the CCM authenticated encryption
* mode for block ciphers.
*
* CCM combines Counter mode encryption with CBC-MAC authentication
* for 128-bit block ciphers.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* Input to CCM includes the following elements:
* <ul><li>Payload - data that is both authenticated and encrypted.</li>
* <li>Associated data (Adata) - data that is authenticated but not
* encrypted, For example, a header.</li>
* <li>Nonce - A unique value that is assigned to the payload and the
* associated data.</li></ul>
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* Definition of CCM:
* http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
* RFC 3610 "Counter with CBC-MAC (CCM)"
*
* Related:
* RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
*
* Definition of CCM*:
* IEEE 802.15.4 - IEEE Standard for Local and metropolitan area networks
* Integer representation is fixed most-significant-octet-first order and
* the representation of octets is most-significant-bit-first order. This is
* consistent with RFC 3610.
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
*/
/*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* This file is part of Mbed TLS (https://tls.mbed.org)
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*/
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
#ifndef MBEDTLS_CCM_H
#define MBEDTLS_CCM_H
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
#include "cipher.h"
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
/* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
#ifdef __cplusplus
extern "C" {
#endif
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
#if !defined(MBEDTLS_CCM_ALT)
// Regular implementation
//
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
/**
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \brief The CCM context-type definition. The CCM context is passed
* to the APIs called.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*/
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
typedef struct mbedtls_ccm_context
{
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
}
mbedtls_ccm_context;
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
#else /* MBEDTLS_CCM_ALT */
#include "ccm_alt.h"
#endif /* MBEDTLS_CCM_ALT */
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
/**
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \brief This function initializes the specified CCM context,
* to make references valid, and prepare the context
* for mbedtls_ccm_setkey() or mbedtls_ccm_free().
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \param ctx The CCM context to initialize. This must not be \c NULL.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*/
void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
/**
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \brief This function initializes the CCM context set in the
* \p ctx parameter and sets the encryption key.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \param ctx The CCM context to initialize. This must be an initialized
* context.
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \param cipher The 128-bit block cipher to use.
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \param key The encryption key. This must not be \c NULL.
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \param keybits The key size in bits. This must be acceptable by the cipher.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*/
int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keybits );
/**
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \brief This function releases and clears the specified CCM context
* and underlying cipher sub-context.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \param ctx The CCM context to clear. If this is \c NULL, the function
* has no effect. Otherwise, this must be initialized.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*/
void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
/**
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \brief This function encrypts a buffer using CCM.
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \note The tag is written to a separate buffer. To concatenate
* the \p tag with the \p output, as done in <em>RFC-3610:
* Counter with CBC-MAC (CCM)</em>, use
* \p tag = \p output + \p length, and make sure that the
* output buffer is at least \p length + \p tag_len wide.
*
* \param ctx The CCM context to use for encryption. This must be
* initialized and bound to a key.
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \param length The length of the input data in Bytes.
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \param iv The initialization vector (nonce). This must be a readable
* buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. If \p add_len is greater than
* zero, \p add must be a readable buffer of at least that
* length.
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \param add_len The length of additional data in Bytes.
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* This must be less than `2^16 - 2^8`.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
* that length.
* \param output The buffer holding the output data. If \p length is greater
* than zero, \p output must be a writable buffer of at least
* that length.
* \param tag The buffer holding the authentication field. This must be a
* readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field to generate in Bytes:
Update TLS protocol support (#2587) * Update TLS protocol support TLS1.0 is past PCI's EOL; BEAST is no more Enable elliptic curve key exchanges Do not enable the smallest ECs for security Do not enable the largest ECs for computational time Do not enable 25519 (sad) because it doesn't go across the wire Drop non-PFS key exchanges Drop ARC4, Blowfish, DES, genprime, XTEA code Drop renegotiation support completely It takes so much heap that it's not likely to work out well Tidy handling of SSL_BUFFER_SIZE Update docs Drop mention of startcom, since they are no more, for letsencrypt * Update mbedtls to 2.7.7 Preserve our vsnprintf and platform hacks * Introduce TLS maximum fragment size knob Reduce buffer size to 4Ki by default and advertize that. That's the largest we can advertize with the TLS MFL extension, so there's no point in making them larger. The truly adventurous can re-raise SSL_BUFFER_SIZE and undefine the SSL_MAX_FRAGMENT_LENGTH_CODE and get back to the earlier behavior. * Default to mbedTLS debug with DEVELOP_VERSION
2019-01-15 17:02:32 +01:00
* 4, 6, 8, 10, 12, 14 or 16.
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \return \c 0 on success.
* \return A CCM or cipher-specific error code on failure.
*/
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
/**
* \brief This function encrypts a buffer using CCM*.
*
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \note The tag is written to a separate buffer. To concatenate
* the \p tag with the \p output, as done in <em>RFC-3610:
* Counter with CBC-MAC (CCM)</em>, use
* \p tag = \p output + \p length, and make sure that the
* output buffer is at least \p length + \p tag_len wide.
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \note When using this function in a variable tag length context,
* the tag length has to be encoded into the \p iv passed to
* this function.
*
* \param ctx The CCM context to use for encryption. This must be
* initialized and bound to a key.
* \param length The length of the input data in Bytes.
* \param iv The initialization vector (nonce). This must be a readable
* buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. This must be a readable buffer of
* at least \p add_len Bytes.
* \param add_len The length of additional data in Bytes.
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
* that length.
* \param output The buffer holding the output data. If \p length is greater
* than zero, \p output must be a writable buffer of at least
* that length.
* \param tag The buffer holding the authentication field. This must be a
* readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field to generate in Bytes:
* 0, 4, 6, 8, 10, 12, 14 or 16.
*
* \warning Passing \c 0 as \p tag_len means that the message is no
* longer authenticated.
*
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \return \c 0 on success.
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \return A CCM or cipher-specific error code on failure.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*/
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
/**
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \brief This function performs a CCM authenticated decryption of a
* buffer.
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \param ctx The CCM context to use for decryption. This must be
* initialized and bound to a key.
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \param length The length of the input data in Bytes.
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \param iv The initialization vector (nonce). This must be a readable
* buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. This must be a readable buffer
* of at least that \p add_len Bytes..
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \param add_len The length of additional data in Bytes.
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
* that length.
* \param output The buffer holding the output data. If \p length is greater
* than zero, \p output must be a writable buffer of at least
* that length.
* \param tag The buffer holding the authentication field. This must be a
* readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field to generate in Bytes:
Update TLS protocol support (#2587) * Update TLS protocol support TLS1.0 is past PCI's EOL; BEAST is no more Enable elliptic curve key exchanges Do not enable the smallest ECs for security Do not enable the largest ECs for computational time Do not enable 25519 (sad) because it doesn't go across the wire Drop non-PFS key exchanges Drop ARC4, Blowfish, DES, genprime, XTEA code Drop renegotiation support completely It takes so much heap that it's not likely to work out well Tidy handling of SSL_BUFFER_SIZE Update docs Drop mention of startcom, since they are no more, for letsencrypt * Update mbedtls to 2.7.7 Preserve our vsnprintf and platform hacks * Introduce TLS maximum fragment size knob Reduce buffer size to 4Ki by default and advertize that. That's the largest we can advertize with the TLS MFL extension, so there's no point in making them larger. The truly adventurous can re-raise SSL_BUFFER_SIZE and undefine the SSL_MAX_FRAGMENT_LENGTH_CODE and get back to the earlier behavior. * Default to mbedTLS debug with DEVELOP_VERSION
2019-01-15 17:02:32 +01:00
* 4, 6, 8, 10, 12, 14 or 16.
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \return \c 0 on success. This indicates that the message is authentic.
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*/
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
/**
* \brief This function performs a CCM* authenticated decryption of a
* buffer.
*
* \note When using this function in a variable tag length context,
* the tag length has to be decoded from \p iv and passed to
* this function as \p tag_len. (\p tag needs to be adjusted
* accordingly.)
*
* \param ctx The CCM context to use for decryption. This must be
* initialized and bound to a key.
* \param length The length of the input data in Bytes.
* \param iv The initialization vector (nonce). This must be a readable
* buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
* \param add The additional data field. This must be a readable buffer of
* at least that \p add_len Bytes.
* \param add_len The length of additional data in Bytes.
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
* that length.
* \param output The buffer holding the output data. If \p length is greater
* than zero, \p output must be a writable buffer of at least
* that length.
* \param tag The buffer holding the authentication field. This must be a
* readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field in Bytes.
* 0, 4, 6, 8, 10, 12, 14 or 16.
*
* \warning Passing \c 0 as \p tag_len means that the message is nos
* longer authenticated.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
* \return A cipher-specific error code on calculation failure.
*/
int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
* \brief The CCM checkup routine.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*
SSL rampage (#2938) * Remove stale putative MD2 support This hasn't worked in a while, presumably since one of our upstream merges. Don't bother making it work, since MD2 is generally considered insecure. * Land mbedtls 2.16.3-77-gf02988e57 * TLS: remove some dead code from espconn_mbedtls There was some... frankly kind of scary buffer and data shuffling if ESP8266_PLATFORM was defined. Since we don't, in fact, define that preprocessor symbol, just drop the code lest anyone (possibly future-me) be scared. * TLS: espconn_mbedtls: run through astyle No functional changes * TLS: espconn_mbedtls: put the file_params on the stack There's no need to malloc a structure that's used only locally. * TLS: Further minor tidying of mbedtls glue What an absolute shitshow this is. mbedtls should absolutely not be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not so much glue as it as a complete copy of a random subset of lwIP; it should go, but we aren't there yet. Get rid of the mysterious "mbedlts_record" struct, which housed merely a length of bytes sent solely for gating the "record sent" callback. Remove spurious __attribute__((weak)) from symbols not otherwise defined and rename them to emphasize that they are not actually part of mbedtls proper. * TLS: Rampage esp mbedtls glue and delete unused code This at least makes the shitshow smaller * TLS: lwip: fix some memp definitions I presume these also need the new arguments * TLS: Remove more non-NodeMCU code from our mbedtls * TLS: drop support for 1.1 Depending on who you ask it's either EOL already or EOL soon, so we may as well get rid of it now.
2019-12-27 14:17:44 +01:00
* \return \c 0 on success.
* \return \c 1 on failure.
Upgrade to SDK 2.0.0 (#1435) * Update LWIP from SDK * mbedTLS integration * Fix argument type in dbg_printf (#1624) * Migrate to espressif’s download center (#1604) * Fixed BBS links to firmware * Adjust net module docs with mbedTLS info * Remove unrelevant axTLS notice
2016-12-11 21:03:00 +01:00
*/
int mbedtls_ccm_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_CCM_H */