1 /* 2 * ��Ȩ���� (c) ��Ϊ��������˾ 2014-2022 3 * ��������: 2022��7��20�� 4 * ��������: ��mbedtls���У�����polarssl��API�ӿڡ� 5 * ʹ�ñ����VENDOR_POLARSSL_API_C���и��롣 6 */ 7 #ifndef HW_POLARSSL_API_H 8 #define HW_POLARSSL_API_H 9 10 #include "mbedtls/debug.h" 11 #include "mbedtls/x509_crt.h" 12 #include "mbedtls/ssl.h" 13 #include "mbedtls/platform.h" 14 #include "mbedtls/net_sockets.h" 15 #include "mbedtls/entropy.h" 16 #include "mbedtls/ctr_drbg.h" 17 #include "mbedtls/pem.h" 18 #include "mbedtls/des.h" 19 #include "mbedtls/ssl_cache.h" 20 #include "mbedtls/pkcs5.h" 21 #include "mbedtls/md5.h" 22 #include "mbedtls/sha1.h" 23 #include "mbedtls/dhm.h" 24 #include "mbedtls/oid.h" 25 #include "mbedtls/pk.h" 26 27 /* ��һģ�� ����cyassl��ʹ�÷�ʽ */ 28 typedef struct { 29 mbedtls_ssl_config * config; 30 mbedtls_entropy_context * entropy; 31 mbedtls_ctr_drbg_context * ctr_drbg; 32 mbedtls_x509_crt * pubcert; 33 mbedtls_pk_context *prv; 34 mbedtls_x509_crt * chainHead; /* calist */ 35 mbedtls_ssl_cache_context *cache; 36 } mbedtls_ssl_config_adapt; 37 38 typedef struct { 39 mbedtls_ssl_context *ssl; 40 mbedtls_net_context bio; 41 mbedtls_ssl_session *saved_session; 42 } mbedtls_ssl_adapt; 43 44 /* polarssl Ĭ��������hostname�ͷ���sni �˲�����Ҫ���� */ 45 #define MAX_SNI_LEN 256 46 typedef struct { 47 int send_sni; 48 char hostname[MAX_SNI_LEN]; 49 } mbedtls_ssl_sni; 50 51 #if !defined(CIVETWEB_SSL) 52 /* ���仪Ϊ���� */ 53 #define POLAR_SSL mbedtls_ssl_adapt 54 #define POLAR_SSL_CFG mbedtls_ssl_config_adapt 55 #define POLAR_CRT mbedtls_x509_crt 56 #define POLAR_PUBKEY mbedtls_pk_context 57 #define POLAR_RSA mbedtls_rsa_context 58 #define POLAR_MD_CTX mbedtls_md_context_t 59 #define SSL_CTX POLAR_SSL_CFG 60 #define SSL POLAR_SSL 61 #define DH_KEY mbedtls_dhm_context 62 #define AES_KEY mbedtls_aes_context 63 #define PEM_CRT mbedtls_pem_context 64 #define POLAR_MPI mbedtls_mpi 65 #endif 66 67 /* ���仪Ϊ����ģʽ */ 68 #define Polarssl_New_Ssl polarssl_new_ssl 69 #define Polarssl_New_Ctx_Ssl_Conf polarssl_new_ctx_ssl_conf 70 #define Polarssl_Ssl_Set_Bio polarssl_ssl_set_bio 71 #define Polarssl_Enable_Ca_Update polarssl_enable_ca_update 72 #define Polarssl_Ssl_Get_Ciphersuite polarssl_ssl_get_ciphersuite 73 #define Polarssl_Conf_SetCaList polarssl_conf_setCaList 74 #define Polarssl_Rsassl_Vertify polarssl_rsassl_vertify 75 #define Polarssl_Ssl_Get_Version polarssl_ssl_get_version 76 #define Polarssl_Ssl_Write polarssl_ssl_write 77 #define Polarssl_Ssl_Read polarssl_ssl_read 78 #define Polarssl_Set_Pub_Prv_To_Conf polarssl_set_pub_prv_to_conf 79 #define Polarssl_Pk_Parse_Subpubkey polarssl_pk_parse_subpubkey 80 #define Polarssl_X509_Crt_Parse_File polarssl_x509_crt_parse_file 81 #define Polarssl_Hmac_With_Sha256 polarssl_hmac_with_sha256 82 #define Polarssl_Conf_Authmode polarssl_conf_authmode 83 #define Polarssl_Free_Config_Adapt polarssl_free_config_adapt 84 #define Polarssl_Free polarssl_free 85 #define Polarssl_Accept polarssl_accept 86 #define Polarssl_Connect polarssl_connect 87 #define Polarssl_X509_Crt_Free polarssl_x509_crt_free 88 #define Polarssl_X509_Crt_Check_Date polarssl_x509_crt_check_date 89 #define Polarssl_Shutdown polarssl_shutdown 90 #define Polarssl_Set_Hostname polarssl_ssl_set_hostname 91 #define Polarssl_Dgst polarssl_dgst 92 #define Polarssl_Dgst_Init polarssl_dgst_init 93 #define Polarssl_Dgst_Update polarssl_dgst_update 94 #define Polarssl_Dgst_Final polarssl_dgst_final 95 #define Polarssl_Md_Hmac512 polarssl_md_hmac512 96 #define Polarssl_Md_Hmacsha1 polarssl_hmac_with_sha1 97 #define Polarssl_Sha512 polarssl_sha512 98 #define PolarssL_Pk_Free polarssl_pk_free 99 #define Polarssl_Dhm_Free polarssl_dhm_free 100 #define Polarssl_Dhm_Init polarssl_dhm_init 101 #define Polarssl_Mpi_Read_String polarssl_mpi_read_string 102 #define Polarssl_Mpi_Size polarssl_mpi_size 103 #define Polarssl_Dhm_Make_Public polarssl_dhm_make_public 104 #define Polarssl_Aes_Init polarssl_aes_init 105 #define Polarssl_Aes_SetKey_Dec polarssl_aes_setkey_dec 106 #define Polarssl_Aes_Crypt_Cbc polarssl_aes_crypt_cbc 107 #define Polarssl_Aes_SetKey_Enc polarssl_aes_setkey_enc 108 #define Polarssl_Mpi_Write_Binary polarssl_mpi_write_binary 109 #define Polarssl_Mpi_Read_Binary polarssl_mpi_read_binary 110 #define Polarssl_Dhm_Calc_Secret polarssl_dhm_calc_secret 111 #define Polarssl_Ssl_Conf_Ciphersuites polarssl_ssl_conf_ciphersuites 112 #define Polarssl_Pem_Read_Buffer polarssl_pem_read_buffer 113 #define Polarssl_Pem_Free polarssl_pem_free 114 #define Polarssl_Set_Sni polarssl_ssl_set_sni 115 #define Polarssl_SetIgnoreTime SetIgnoreTime 116 117 /* AES�ļ���ģ���СΪ16�ֽ� */ 118 #define AES_BLOCK_SIZE 16 119 120 /* ����sni */ 121 int polarssl_ssl_set_sni(mbedtls_ssl_adapt *ssl, const char *hostname); 122 123 /* hmac��װ��ժҪ����Ϊsha1 */ 124 int polarssl_hmac_with_sha1(const unsigned char *key, size_t keylen, 125 const unsigned char *input, size_t ilen, 126 unsigned char *output,size_t *outlen); 127 128 /* free */ 129 void polarssl_pem_free(mbedtls_pem_context *ctx); 130 131 /* ����PUBLIC KEY֤�� */ 132 int polarssl_pem_read_buffer(mbedtls_pem_context *pem,unsigned char *pub); 133 134 /* ����Э��ʱ���㷨����,�ⲿ��ʹ�þ�̬���� */ 135 void polarssl_ssl_conf_ciphersuites(mbedtls_ssl_config_adapt *conf, const int *ciphersuites); 136 137 /* Derive and export the shared secret (G^Y)^X mod P */ 138 int polarssl_dhm_calc_secret(mbedtls_dhm_context *ctx, 139 unsigned char *output, size_t output_size, unsigned int *olen); 140 141 /* Import X from unsigned binary data, big endian */ 142 int polarssl_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, unsigned int buflen); 143 144 /* Export X into unsigned binary data, big endian */ 145 int polarssl_mpi_write_binary(const mbedtls_mpi *X, unsigned char *buf, size_t buflen); 146 147 /* setAesKey */ 148 int polarssl_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits); 149 150 /* AES-CBC buffer encryption/decryption */ 151 int polarssl_aes_crypt_cbc(mbedtls_aes_context *ctx, int mode, unsigned int length, 152 unsigned char iv[16], const unsigned char *input, unsigned char *output); 153 154 /* setAesKey */ 155 int polarssl_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits); 156 157 /* init the para */ 158 void polarssl_aes_init(mbedtls_aes_context *ctx); 159 160 /* Create own private value X and export G^X */ 161 int polarssl_dhm_make_public(mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t olen); 162 163 /* Return the total size in bytes */ 164 size_t polarssl_mpi_size(const mbedtls_mpi *X); 165 166 /* Import from an ASCII string */ 167 int polarssl_mpi_read_string(mbedtls_mpi *X, int radix, const char *s); 168 169 /* init the dh */ 170 void polarssl_dhm_init(mbedtls_dhm_context *ctx); 171 172 /* Free the components of a DHM key */ 173 void polarssl_dhm_free(mbedtls_dhm_context *ctx); 174 175 /* free pk */ 176 void polarssl_pk_free(mbedtls_pk_context *ctx); 177 178 /* sha512 */ 179 void polarssl_sha512(const unsigned char *input, size_t ilen, unsigned char output[64], int is384); 180 181 /* hmac512 */ 182 int polarssl_md_hmac512(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, 183 unsigned char *output); 184 185 /* ���cyasslģ�ʹ���ssl���� */ 186 mbedtls_ssl_adapt *polarssl_new_ssl(mbedtls_ssl_config_adapt * config); 187 188 /* ���cyassl����ģ�� ���亯�� */ 189 mbedtls_ssl_config_adapt *polarssl_new_ctx_ssl_conf(int connect_type); 190 191 /* ��socket���õ�ssl������ */ 192 void polarssl_ssl_set_bio(mbedtls_ssl_adapt *ssl, int fd); 193 194 /* scp�е�����ҵ������ */ 195 void polarssl_enable_ca_update(int enable); 196 197 int polarssl_get_caupdate(void); 198 199 /* ��ȡssl������ʹ�õļ����㷨 */ 200 const char *polarssl_ssl_get_ciphersuite(const mbedtls_ssl_adapt *ssl); 201 202 /* ��cafile��cadirĿ¼�µ������ļ����õ�conf��ȥ,û����Ч֤����ʧ�� */ 203 int polarssl_conf_setCaList(mbedtls_ssl_config_adapt *conf, char *cafile, char *cadir, char *crlFile); 204 205 /* hash256 ժҪ�� x509 rsa֤��У���ж� */; 206 int polarssl_rsassl_vertify(unsigned char *sig, unsigned int siglen, 207 unsigned char *data, unsigned int datalen, 208 mbedtls_rsa_context * rsa); 209 /* SSL��ȡversion */ 210 const char *polarssl_ssl_get_version(const mbedtls_ssl_adapt *ssl); 211 212 /* SSL��write���� */ 213 int polarssl_ssl_write(mbedtls_ssl_adapt *ssl, const unsigned char *buf, size_t len); 214 215 /* SSL��read���� */ 216 int polarssl_ssl_read(mbedtls_ssl_adapt *ssl, unsigned char *buf, size_t len); 217 218 /* ��һ��pub/priv key���õ����� */ 219 int polarssl_set_pub_prv_to_conf(mbedtls_ssl_config_adapt *conf, const char *prvPath, 220 const char *pubPath, const char *prvPassword); 221 222 /* ��der��ʽ�Ĺ�Կ�н�����N/E rsa key��Ҫ��der��ʽ����ֻ������һ�� */ 223 int polarssl_pk_parse_subpubkey(unsigned char *buf, int len, mbedtls_pk_context *pk); 224 225 /* �����ļ�����crt/der��ʽ��֤�� */ 226 mbedtls_x509_crt *polarssl_x509_crt_parse_file(const char *path); 227 228 /* hmac��װ��ժҪ����Ϊsha256 */ 229 int polarssl_hmac_with_sha256(const unsigned char *key, size_t keylen, 230 const unsigned char *input, size_t ilen, 231 unsigned char *output, size_t outlen); 232 /* ������֤ģʽ */ 233 void polarssl_conf_authmode(mbedtls_ssl_config_adapt *conf, int authmode); 234 235 /* SSL���ñ����ͷ� */ 236 void polarssl_free_config_adapt(mbedtls_ssl_config_adapt *conf); 237 238 /* SSL free���� */ 239 void polarssl_free(mbedtls_ssl_adapt *ssl); 240 241 /* SSL accept���� */ 242 int polarssl_accept(mbedtls_ssl_adapt *ssl); 243 244 /* SSL accept���� */ 245 int polarssl_connect(mbedtls_ssl_adapt *ssl); 246 247 /* free crt ֤�� */ 248 void polarssl_x509_crt_free(mbedtls_x509_crt *crt); 249 250 /* У��֤�������Ƿ���Ч */ 251 int polarssl_x509_crt_check_date(const char* filename); 252 253 /* ֪ͨ�Զ˹ر����� */ 254 int polarssl_shutdown(mbedtls_ssl_adapt *ssl); 255 256 /* ����CN��������������У��,ͬʱ�ᷢ��SNI */ 257 int polarssl_ssl_set_hostname(mbedtls_ssl_adapt *ssl, const char *hostname); 258 259 /* ժҪ�㷨�ϼ�ռʱ֧��md5/sha1 */ 260 void polarssl_dgst(int type, unsigned char *input, size_t ilen, unsigned char *output, size_t *olen); 261 262 /* ����init/update/finalժҪ�㷨��ʽ�ϼ� */ 263 int polarssl_dgst_init(mbedtls_md_context_t *ctx, int type); 264 265 /* ����init/update/finalժҪ�㷨��ʽ�ϼ� */ 266 void polarssl_dgst_update(mbedtls_md_context_t *ctx, unsigned char *input, size_t ilen); 267 268 /* ����init/update/finalժҪ�㷨��ʽ�ϼ� */ 269 void polarssl_dgst_final(mbedtls_md_context_t *ctx, unsigned char *output); 270 271 /* ���ò�У��ʱ���־ */ 272 int SetIgnoreTime(int value); 273 int polarssl_get_checktime(void); 274 275 int polarssl_ischeck_crttime(mbedtls_x509_crt *crt); 276 /* ��Ʒ������Ƿ�ҪУ��֤��ʱ��ĺ�����ҪУ�鷵��1����У������0 */ 277 typedef int (*PdtCertTimeCheckFunc)(const mbedtls_x509_crt *crt); 278 int SetPdtCertTimeCheckFunc(PdtCertTimeCheckFunc func); 279 280 int polarssl_ischeck_crltime(mbedtls_x509_crl *crl); 281 /* ��Ʒ������Ƿ�ҪУ��CRLʱ��ĺ�����ҪУ�鷵��1����У������0 */ 282 typedef int (*PdtCrlTimeCheckFunc)(const mbedtls_x509_crl *crl); 283 int SetPdtCrlTimeCheckFunc(PdtCrlTimeCheckFunc func); 284 285 int x509_info_subject_alt_name(char **buf, size_t *size, const mbedtls_x509_sequence *subject_alt_name, const char *prefix ); 286 287 /* ����dh���� */ 288 int polarssl_ssl_conf_dh_param_ctx(mbedtls_ssl_config_adapt *conf, mbedtls_dhm_context *ctx); 289 290 /* ���㹲����Կ */ 291 int polarssl_ssl_calc_key(const unsigned char *pw, unsigned int pwLen, const unsigned char *salt, unsigned int saltLen, 292 unsigned char *key, unsigned int keyLen); 293 294 /* ���ù�����Կ */ 295 void polarssl_ssl_conf_psk(mbedtls_ssl_config_adapt *ctx, unsigned char *key, unsigned int keyLen, 296 const unsigned char *ident, unsigned int identLen); 297 298 /* aes�ӽ��� */ 299 int mbedtls_aescrypt2( int mode, const char *filein, const char *fileout, unsigned char *key, size_t keylen ); 300 301 /* ʹ�ܷ���˻��� */ 302 void polarssl_enable_server_cache(mbedtls_ssl_config_adapt *conf, uint32_t cache_num, uint32_t timeout); 303 304 /* ʹ�ܿͻ��˻��� */ 305 void polarssl_enable_client_cache(mbedtls_ssl_adapt *ssl); 306 307 int polarssl_pk_parse_keyfile(mbedtls_pk_context *ctx, const char *path, const char *password); 308 309 int polarssl_pk_parse_key(mbedtls_pk_context *ctx, const unsigned char *key, size_t keylen, 310 const unsigned char *pwd, size_t pwdlen); 311 312 int polarssl_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv); 313 314 int polarss_feather_support(char *featureName); 315 316 int ssl_deprecated_kexsize_support(void); 317 318 void mbedtls_set_udm_ssl_conf(mbedtls_ssl_config_adapt *config); 319 320 // ��x509_crt.h���ƹ�����API 321 int mbedtls_x509_crt_check_date(const char* filename); 322 323 // ��pk.h���ƹ�����API 324 int mbedtls_pk_write_crypt_key_pem(mbedtls_pk_context *key, const unsigned char *pwd, unsigned char *buf, size_t size); 325 326 // ��pem.h���ƹ�����API 327 int mbedtls_pem_write_crypt_buffer(const char *header, const char *footer, 328 unsigned char *der_data, size_t der_len, 329 const unsigned char * pwd, size_t pwdlen, 330 unsigned char *buf, size_t buf_len, size_t *olen); 331 332 /*?????? md2,md4?????? */ 333 int polarssl_dgst_check(mbedtls_md_type_t md_alg); 334 335 #endif 336