From 4b95e7d7a1c250faa3f59378127ed344f12c2315 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Tue, 23 Jul 2019 18:29:13 -0700 Subject: [PATCH 001/141] added mutual authentication, tweaked command line tool --- src/SSLClient.h | 29 ++++++++++- src/SSLClientImpl.cpp | 23 +++++++-- src/SSLClientImpl.h | 13 +++-- src/SSLClientParameters.h | 66 ++++++++++++++++++++++++++ tools/pycert_bearssl/pycert_bearssl.py | 19 +++++--- 5 files changed, 132 insertions(+), 18 deletions(-) create mode 100644 src/SSLClientParameters.h diff --git a/src/SSLClient.h b/src/SSLClient.h index cd9291e..0c078e1 100644 --- a/src/SSLClient.h +++ b/src/SSLClient.h @@ -22,6 +22,7 @@ #include "Client.h" #include "SSLClientImpl.h" #include "SSLSession.h" +#include "SSLClientParameters.h" #ifndef SSLClient_H_ #define SSLClient_H_ @@ -67,17 +68,41 @@ public: * @param trust_anchors_num The number of objects in the trust_anchors array. * @param analog_pin An analog pin to pull random bytes from, used in seeding the RNG. * @param debug The level of debug logging (use the ::DebugLevel enum). + * @param mutual_auth_params Configuration to use for mutual authentication, nullptr to disable mutual auth. (see ::SSLClientParameters). */ - explicit SSLClient(const C& client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug = SSL_WARN) + explicit SSLClient( const C& client, + const br_x509_trust_anchor *trust_anchors, + const size_t trust_anchors_num, + const int analog_pin, + const DebugLevel debug = SSL_WARN) : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug) , m_client(client) - , m_sessions{SSLSession()} + , m_sessions{} { // set the timeout to a reasonable number (it can always be changes later) // SSL Connections take a really long time so we don't want to time out a legitimate thing setTimeout(30 * 1000); } + /** + * Same as SSLClient::SSLClient(const C &, const br_x509_trust_anchor*, const size_t, const int, const DebugLevel), + * but can compile support for mutual authentication. + */ + explicit SSLClient( const C& client, + const br_x509_trust_anchor *trust_anchors, + const size_t trust_anchors_num, + const int analog_pin, + const DebugLevel debug, + const SSLClientParameters* mutual_auth_params) + : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug, mutual_auth_params) + , m_client(client) + , m_sessions{} + { + // set the timeout to a reasonable number (it can always be changes later) + // SSL Connections take a really long time so we don't want to time out a legitimate thing + setTimeout(30 * 1000); + } + //======================================== //= Functions implemented in SSLClientImpl //======================================== diff --git a/src/SSLClientImpl.cpp b/src/SSLClientImpl.cpp index d46faa6..d0d4255 100644 --- a/src/SSLClientImpl.cpp +++ b/src/SSLClientImpl.cpp @@ -52,9 +52,7 @@ static int freeMemory() { /* see SSLClientImpl.h */ SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug) - : m_trust_anchors(trust_anchors) - , m_trust_anchors_num(trust_anchors_num) - , m_analog_pin(analog_pin) + : m_analog_pin(analog_pin) , m_session_index(0) , m_debug(debug) , m_is_connected(false) @@ -63,7 +61,7 @@ SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, // zero the iobuf just in case it's still garbage memset(m_iobuf, 0, sizeof m_iobuf); // initlalize the various bearssl libraries so they're ready to go when we connect - br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num); + br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, trust_anchors, trust_anchors_num); // comment the above line and uncomment the line below if you're having trouble connecting over SSL // br_ssl_client_init_full(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num); // check if the buffer size is half or full duplex @@ -71,6 +69,23 @@ SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, br_ssl_engine_set_buffer(&m_sslctx.eng, m_iobuf, sizeof m_iobuf, duplex); } +/* see SSLClientImpl.h */ +SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, + const size_t trust_anchors_num, const int analog_pin, + const DebugLevel debug, const SSLClientParameters* mutual_auth_params) + : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug) { + // if mutual authentication if needed, configure bearssl to support it. + if (mutual_auth_params != nullptr) + br_ssl_client_set_single_ec( &m_sslctx, + mutual_auth_params->client_cert_chain, + mutual_auth_params->chain_len, + &mutual_auth_params->ec_key, + BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN, + BR_KEYTYPE_EC, + br_ssl_engine_get_ec(&m_sslctx.eng), + &br_ecdsa_i15_sign_asn1); + } + /* see SSLClientImpl.h*/ int SSLClientImpl::connect_impl(IPAddress ip, uint16_t port) { const char* func_name = __func__; diff --git a/src/SSLClientImpl.h b/src/SSLClientImpl.h index 896bc7e..f955194 100644 --- a/src/SSLClientImpl.h +++ b/src/SSLClientImpl.h @@ -22,6 +22,7 @@ #include "Arduino.h" #include "Client.h" #include "SSLSession.h" +#include "SSLClientParameters.h" #ifndef SSLClientImpl_H_ #define SSLClientImpl_H_ @@ -72,7 +73,13 @@ class SSLClientImpl : public Client { public: /** @see SSLClient::SSLClient */ explicit SSLClientImpl(const br_x509_trust_anchor *trust_anchors, - const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug); + const size_t trust_anchors_num, const int analog_pin, + const DebugLevel debug); + + /** @see SSLClient::SSLClient */ + explicit SSLClientImpl(const br_x509_trust_anchor *trust_anchors, + const size_t trust_anchors_num, const int analog_pin, + const DebugLevel debug, const SSLClientParameters* mutual_auth_params); //============================================ //= Functions implemented in SSLClientImpl.cpp @@ -171,10 +178,6 @@ private: //= Data Members //============================================ - // store pointers to the trust anchors - // should not be computed at runtime - const br_x509_trust_anchor *m_trust_anchors; - const size_t m_trust_anchors_num; // store the pin to fetch an RNG see from const int m_analog_pin; // store an index of where a new session can be placed if we don't have any corresponding sessions diff --git a/src/SSLClientParameters.h b/src/SSLClientParameters.h new file mode 100644 index 0000000..10d478d --- /dev/null +++ b/src/SSLClientParameters.h @@ -0,0 +1,66 @@ +/* Copyright 2019 OSU OPEnS Lab + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of this + * software and associated documentation files (the "Software"), to deal in the Software + * without restriction, including without limitation the rights to use, copy, modify, + * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +/** + * SSLClientParameters.h + * + * This file contains a simple utility class to store parameters about an SSL Session + * for reuse later. + */ + +#include "bearssl.h" + +#ifndef SSLClientParameters_H_ +#define SSLClientParameters_H_ + +/** + * This file contains a simple struct to package together all the data required to + * use client certificate authentication with SSLClient. + */ + +/** + * \brief This struct stores data required for SSLClient to use mutual authentication. + * + * TLS mutual authentication is a process in which both the server and client + * perform cryptographic operations to verify the authenticity of eachother, for more + * information check out this article: https://medium.com/sitewards/the-magic-of-tls-x509-and-mutual-authentication-explained-b2162dec4401 . + * If this struct is provided to SSLClient::SSLClient, SSLClient will automatically + * send a client certificate if one is requested by the server. This will happen for all + * SSLClient connections, and may cause issues for websites that do not need mutual authentication--- + * as a result, please only turn on mutual authentication if you are sure it is neccesary. + * + * At the moment SSLClient only supports mutual authentication using ECC client certificates. + */ + +struct SSLClientParameters { + /** + * \brief Pointer to the client certificate chain. + * + * Must be availible in memory AT ALL TIMES, should not be a local object. + * Certificates must be ordered from Client->Intermediate->...->Root. + */ + const br_x509_certificate* client_cert_chain; + /** The number of certificates in SSLClientParameters::client_cert_chain */ + const size_t chain_len; + /** The private key corresponding to the first certificate in SSLClientParameters::client_cert_chain */ + const br_ec_private_key ec_key; +}; + +#endif \ No newline at end of file diff --git a/tools/pycert_bearssl/pycert_bearssl.py b/tools/pycert_bearssl/pycert_bearssl.py index 327be0f..392838e 100644 --- a/tools/pycert_bearssl/pycert_bearssl.py +++ b/tools/pycert_bearssl/pycert_bearssl.py @@ -100,8 +100,10 @@ def download(port, cert_var, cert_length_var, output, use_store, keep_dupes, dom help='the location of the .pem file containing a list of trusted root certificates (default: use certifi.where())') @click.option('--keep-dupes', '-d', is_flag=True, default=False, help='write all certs including any duplicates (default: remove duplicates)') +@click.option('--no-verify', '-n', is_flag=True, default=False, + help='Do not attempt to match a root certificate to the provided PEM files') @click.argument('cert', type=click.File('r'), nargs=-1) -def convert(cert_var, cert_length_var, output, use_store, keep_dupes, cert): +def convert(cert_var, cert_length_var, output, use_store, keep_dupes, no_verify, cert): """Convert PEM certificates into a C header that can be imported into a sketch. Specify each certificate to encode as a separate argument (each must be in PEM format) and they will be merged into a single file. @@ -132,12 +134,15 @@ def convert(cert_var, cert_length_var, output, use_store, keep_dupes, cert): cert_objs.append(cert_parsed) # find a root certificate for each root_certs = [] - for i, c in enumerate(cert_objs): - cn_hash = c.get_issuer().hash() - if cn_hash not in cert_dict: - click.echo('Could not find a root certificate for {0}'.format(cert[i].name)) - else: - root_certs.append(cert_dict[cn_hash]) + if no_verify: + root_certs = cert_objs + else: + for i, c in enumerate(cert_objs): + cn_hash = c.get_issuer().hash() + if cn_hash not in cert_dict: + click.echo('Could not find a root certificate for {0}'.format(cert[i].name)) + else: + root_certs.append(cert_dict[cn_hash]) # Combine PEMs and write output header. cert_util.x509_to_header(root_certs, cert_var, cert_length_var, output, keep_dupes) From 97aee26a1f953714b808a272c46e5a06dc84928a Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Thu, 25 Jul 2019 09:16:58 -0700 Subject: [PATCH 002/141] Increased buffer again as the smaller buffer broke client certificates --- src/SSLClientImpl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/SSLClientImpl.h b/src/SSLClientImpl.h index f955194..7b6cd2c 100644 --- a/src/SSLClientImpl.h +++ b/src/SSLClientImpl.h @@ -202,7 +202,7 @@ private: * As a rule of thumb SSLClient will fail if it does not have at least 8000 bytes when starting a * connection. */ - unsigned char m_iobuf[1536]; + unsigned char m_iobuf[2048]; static_assert(sizeof m_iobuf <= BR_SSL_BUFSIZE_BIDI, "m_iobuf must be below maximum buffer size"); // store the index of where we are writing in the buffer // so we can send our records all at once to prevent From 2e2c247a0f56347cb06636cac10aebb2bbbefde4 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Tue, 30 Jul 2019 15:33:10 -0700 Subject: [PATCH 003/141] Removed support for some elliptical curves and removed support for SHA384 ciphers to save space --- src/TLS12_only_profile.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/src/TLS12_only_profile.c b/src/TLS12_only_profile.c index bfe242a..a9921f5 100644 --- a/src/TLS12_only_profile.c +++ b/src/TLS12_only_profile.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016 Thomas Pornin + * Copyright (c) 2019 OSU OPEnS Lab * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the @@ -79,21 +79,13 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, - BR_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - BR_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, - BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, - BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, }; /* @@ -125,7 +117,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, */ // br_ssl_engine_set_prf10(&cc->eng, &br_tls10_prf); br_ssl_engine_set_prf_sha256(&cc->eng, &br_tls12_sha256_prf); - br_ssl_engine_set_prf_sha384(&cc->eng, &br_tls12_sha384_prf); + // br_ssl_engine_set_prf_sha384(&cc->eng, &br_tls12_sha384_prf); /* * Set hash functions for the engine. Required hash functions @@ -158,7 +150,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, br_ssl_engine_set_hash(&cc->eng, br_sha224_ID, &br_sha224_vtable); br_ssl_engine_set_hash(&cc->eng, br_sha256_ID, &br_sha256_vtable); br_ssl_engine_set_hash(&cc->eng, br_sha384_ID, &br_sha384_vtable); - // br_ssl_engine_set_hash(&cc->eng, br_sha512_ID, &br_sha512_vtable); + br_ssl_engine_set_hash(&cc->eng, br_sha512_ID, &br_sha512_vtable); /* * Set the cipher suites. All specified cipher suite MUST be @@ -237,7 +229,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, //* Alternate: set implementations explicitly. // br_ssl_client_set_rsapub(cc, &br_rsa_i31_public); br_ssl_engine_set_rsavrfy(&cc->eng, &br_rsa_i15_pkcs1_vrfy); - br_ssl_engine_set_ec(&cc->eng, &br_ec_all_m15); + br_ssl_engine_set_ec(&cc->eng, &br_ec_prime_i15); br_ssl_engine_set_ecdsa(&cc->eng, &br_ecdsa_i15_vrfy_asn1); //*/ @@ -323,11 +315,12 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, * implementations only if duly measured performance issues make * it mandatory. */ + /* br_ssl_engine_set_aes_cbc(&cc->eng, &br_aes_ct_cbcenc_vtable, &br_aes_ct_cbcdec_vtable); br_ssl_engine_set_aes_ctr(&cc->eng, - &br_aes_ct_ctr_vtable); + &br_aes_ct_ctr_vtable); */ /* Alternate: aes_ct64 br_ssl_engine_set_aes_cbc(&cc->eng, &br_aes_ct64_cbcenc_vtable, @@ -335,13 +328,12 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, br_ssl_engine_set_aes_ctr(&cc->eng, &br_aes_ct64_ctr_vtable); */ - /* Alternate: aes_small + // Alternate: aes_small br_ssl_engine_set_aes_cbc(&cc->eng, &br_aes_small_cbcenc_vtable, &br_aes_small_cbcdec_vtable); br_ssl_engine_set_aes_ctr(&cc->eng, &br_aes_small_ctr_vtable); - */ /* Alternate: aes_big br_ssl_engine_set_aes_cbc(&cc->eng, &br_aes_big_cbcenc_vtable, @@ -472,7 +464,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, br_x509_minimal_set_hash(xc, br_sha224_ID, &br_sha224_vtable); br_x509_minimal_set_hash(xc, br_sha256_ID, &br_sha256_vtable); br_x509_minimal_set_hash(xc, br_sha384_ID, &br_sha384_vtable); - // br_x509_minimal_set_hash(xc, br_sha512_ID, &br_sha512_vtable); + br_x509_minimal_set_hash(xc, br_sha512_ID, &br_sha512_vtable); /* * Link the X.509 engine in the SSL engine. From 184aa438020c38526f5ce8c0ecdc6aa0342aa9c6 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Tue, 30 Jul 2019 15:35:45 -0700 Subject: [PATCH 004/141] fix readme and bump version --- README.md | 2 +- library.properties | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6ffe9c0..ca16297 100644 --- a/README.md +++ b/README.md @@ -204,7 +204,7 @@ In order to remedy this problem, the device must be able to read the data faster * If none of the above are viable, it is possible to implement your own Client class which has an internal buffer much larger than both the driver and BearSSL. This would require in-depth knowledge of programming and the communication shield you are working with, as well as a microcontroller with a significant amount of RAM. ### Cipher Support -By default, SSLClient supports only TLS1.2 and the ciphers listed in [this file](./src/TLS12_only_profile.c) under `suites[]`, and the list is relatively small to keep the connection secure and the flash footprint down. These ciphers should work for most applications, however if for some reason you would like to use an older version of TLS or a different cipher, you can change the BearSSL profile being used by SSLClient to an [alternate one with support for older protocols](./src/bearssl/src/ssl). To do this, edit `SSLClientImpl::SSLClientImpl` to change these lines: +By default, SSLClient supports only TLS1.2 and the ciphers listed in [this file](./src/TLS12_only_profile.c) under `suites[]`, and the list is relatively small to keep the connection secure and the flash footprint down. These ciphers should work for most applications, however if for some reason you would like to use an older version of TLS or a different cipher, you can change the BearSSL profile being used by SSLClient to an [alternate one with support for older protocols](./src/bearssl/src/ssl/ssl_client_full.c). To do this, edit `SSLClientImpl::SSLClientImpl` to change these lines: ```C++ br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num); // comment the above line and uncomment the line below if you're having trouble connecting over SSL diff --git a/library.properties b/library.properties index e9cec28..667b8eb 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.1.2 +version=1.1.3 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class From 02a8c5ff7c829411dd3b13b166c839799f842560 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Tue, 30 Jul 2019 15:37:01 -0700 Subject: [PATCH 005/141] bump version again --- library.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library.properties b/library.properties index 667b8eb..35182fe 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.1.3 +version=1.2.0 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class From 808bc15a1ec333d4eda44bc695f78e3465dfc367 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Tue, 30 Jul 2019 17:32:43 -0700 Subject: [PATCH 006/141] fixed a bug with stopping SSLClient in the middle of a connection --- library.properties | 2 +- src/SSLClientImpl.cpp | 16 ++++++---------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/library.properties b/library.properties index 35182fe..368f3ba 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.2.0 +version=1.2.1 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class diff --git a/src/SSLClientImpl.cpp b/src/SSLClientImpl.cpp index d0d4255..b94652b 100644 --- a/src/SSLClientImpl.cpp +++ b/src/SSLClientImpl.cpp @@ -248,10 +248,12 @@ void SSLClientImpl::stop_impl() { // tell the SSL connection to gracefully close br_ssl_engine_close(&m_sslctx.eng); // if the engine isn't closed, and the socket is still open + const auto state = br_ssl_engine_current_state(&m_sslctx.eng); while (getWriteError() == SSL_OK && m_is_connected - && br_ssl_engine_current_state(&m_sslctx.eng) != BR_SSL_CLOSED - && m_run_until(BR_SSL_RECVAPP) == 0) { + && state != BR_SSL_CLOSED + && state != 0 + && m_run_until(BR_SSL_SENDAPP | BR_SSL_RECVAPP) == 0) { /* * Discard any incoming application data. */ @@ -263,12 +265,6 @@ void SSLClientImpl::stop_impl() { } // close the ethernet socket get_arduino_client().flush(); - // clear the intake buffer, if any - const auto avail = get_arduino_client().available(); - if (avail > 0) { - m_info("Flushing bytes from client: ", func_name); - get_arduino_client().read(NULL, avail); - } get_arduino_client().stop(); // we are no longer connected m_is_connected = false; @@ -414,7 +410,7 @@ int SSLClientImpl::m_run_until(const unsigned target) { return -1; } // debug - if (state != lastState) { + if (state != lastState || lastState == 0) { lastState = state; m_info("m_run changed state:", func_name); if(m_debug == DebugLevel::SSL_INFO) { @@ -440,7 +436,7 @@ int SSLClientImpl::m_run_until(const unsigned target) { /* * If we reached our target, then we are finished. */ - if (state & target) return 0; + if (state & target || (target == 0 && state == 0)) return 0; /* * If some application data must be read, and we did not From 86607241611494fc11318858dd89ea56d9b1ae4b Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Wed, 31 Jul 2019 10:50:59 -0700 Subject: [PATCH 007/141] added back elliptical curves and reduced cipher suite --- library.properties | 2 +- src/TLS12_only_profile.c | 28 +++++++++------------------- 2 files changed, 10 insertions(+), 20 deletions(-) diff --git a/library.properties b/library.properties index 368f3ba..820100e 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.2.1 +version=1.2.2 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class diff --git a/src/TLS12_only_profile.c b/src/TLS12_only_profile.c index a9921f5..f464fbe 100644 --- a/src/TLS12_only_profile.c +++ b/src/TLS12_only_profile.c @@ -68,24 +68,14 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, * better than RSA key exchange (slightly more expensive on the * client, but much cheaper on the server, and it implies smaller * messages). - * -- ChaCha20+Poly1305 is better than AES/GCM (faster, smaller code). - * -- GCM is better than CBC. * -- AES-128 is preferred over AES-256 (AES-128 is already * strong enough, and AES-256 is 40% more expensive). */ - static const uint16_t suites[] = { - BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - + static const uint16_t suites[] = { BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, - BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, - BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, }; /* @@ -229,7 +219,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, //* Alternate: set implementations explicitly. // br_ssl_client_set_rsapub(cc, &br_rsa_i31_public); br_ssl_engine_set_rsavrfy(&cc->eng, &br_rsa_i15_pkcs1_vrfy); - br_ssl_engine_set_ec(&cc->eng, &br_ec_prime_i15); + br_ssl_engine_set_ec(&cc->eng, &br_ec_all_m15); br_ssl_engine_set_ecdsa(&cc->eng, &br_ecdsa_i15_vrfy_asn1); //*/ @@ -242,9 +232,9 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, * -- Cipher suites in CHACHA20_POLY1305 need the ChaCha20+Poly1305 * record handler ("set_chapol"). */ - br_ssl_engine_set_cbc(&cc->eng, - &br_sslrec_in_cbc_vtable, - &br_sslrec_out_cbc_vtable); + // br_ssl_engine_set_cbc(&cc->eng, + // &br_sslrec_in_cbc_vtable, + // &br_sslrec_out_cbc_vtable); br_ssl_engine_set_gcm(&cc->eng, &br_sslrec_in_gcm_vtable, &br_sslrec_out_gcm_vtable); @@ -256,7 +246,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, * Set the ChaCha20 and Poly1305 implementations * Not included in this file orignally for some reason */ - br_ssl_engine_set_default_chapol(&cc->eng); + // br_ssl_engine_set_default_chapol(&cc->eng); /* * Symmetric encryption: @@ -329,9 +319,9 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, &br_aes_ct64_ctr_vtable); */ // Alternate: aes_small - br_ssl_engine_set_aes_cbc(&cc->eng, - &br_aes_small_cbcenc_vtable, - &br_aes_small_cbcdec_vtable); + // br_ssl_engine_set_aes_cbc(&cc->eng, + // &br_aes_small_cbcenc_vtable, + // &br_aes_small_cbcdec_vtable);*/ br_ssl_engine_set_aes_ctr(&cc->eng, &br_aes_small_ctr_vtable); /* Alternate: aes_big From a7499cc9a4164348f0b5be7e9de65334e7d132bf Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Wed, 31 Jul 2019 15:32:06 -0700 Subject: [PATCH 008/141] small fix to cert_util.py to allow for ECC chains --- tools/pycert_bearssl/cert_util.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/pycert_bearssl/cert_util.py b/tools/pycert_bearssl/cert_util.py index 75b286e..7b854bb 100644 --- a/tools/pycert_bearssl/cert_util.py +++ b/tools/pycert_bearssl/cert_util.py @@ -154,6 +154,7 @@ def get_server_root_cert(address, port, certDict): soc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ssl_soc = SSL.Connection(ctx, soc) ssl_soc.connect((address, port)) + ssl_soc.set_tlsext_host_name(bytes(address, "utf8")) try: ssl_soc.do_handshake() cert = ssl_soc.get_peer_cert_chain()[-1] From a097b3c377a53a8f913be0cce9d89bde44ccb697 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Thu, 1 Aug 2019 10:00:00 -0700 Subject: [PATCH 009/141] Fixed a TLS timeout when connecting to servers with large ECC chains, removed curve25519 support to save space, added back chachapoly support for speed benefits --- library.properties | 2 +- src/SSLClientImpl.cpp | 3 ++ src/TLS12_only_profile.c | 10 +++-- src/bearssl_ec.h | 10 +++++ src/ec_prime_fast_256.c | 96 ++++++++++++++++++++++++++++++++++++++++ 5 files changed, 116 insertions(+), 5 deletions(-) create mode 100644 src/ec_prime_fast_256.c diff --git a/library.properties b/library.properties index 820100e..db0cf09 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.2.2 +version=1.2.3 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class diff --git a/src/SSLClientImpl.cpp b/src/SSLClientImpl.cpp index b94652b..13ed636 100644 --- a/src/SSLClientImpl.cpp +++ b/src/SSLClientImpl.cpp @@ -385,6 +385,9 @@ int SSLClientImpl::m_start_ssl(const char* host, SSLSession& ssl_ses) { // all good to go! the SSL socket should be up and running // overwrite the session we got with new parameters br_ssl_engine_get_session_parameters(&m_sslctx.eng, ssl_ses.to_br_session()); + // print the cipher suite + m_info("Used cipher suite: ", func_name); + m_info(ssl_ses.cipher_suite, func_name); // set the hostname and ip in the session as well ssl_ses.set_parameters(remoteIP(), host); return 1; diff --git a/src/TLS12_only_profile.c b/src/TLS12_only_profile.c index f464fbe..f812298 100644 --- a/src/TLS12_only_profile.c +++ b/src/TLS12_only_profile.c @@ -71,7 +71,9 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, * -- AES-128 is preferred over AES-256 (AES-128 is already * strong enough, and AES-256 is 40% more expensive). */ - static const uint16_t suites[] = { + static const uint16_t suites[] = { + BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, @@ -219,7 +221,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, //* Alternate: set implementations explicitly. // br_ssl_client_set_rsapub(cc, &br_rsa_i31_public); br_ssl_engine_set_rsavrfy(&cc->eng, &br_rsa_i15_pkcs1_vrfy); - br_ssl_engine_set_ec(&cc->eng, &br_ec_all_m15); + br_ssl_engine_set_ec(&cc->eng, &br_ec_p256_m15); br_ssl_engine_set_ecdsa(&cc->eng, &br_ecdsa_i15_vrfy_asn1); //*/ @@ -246,7 +248,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, * Set the ChaCha20 and Poly1305 implementations * Not included in this file orignally for some reason */ - // br_ssl_engine_set_default_chapol(&cc->eng); + br_ssl_engine_set_default_chapol(&cc->eng); /* * Symmetric encryption: @@ -437,7 +439,7 @@ br_client_init_TLS12_only(br_ssl_client_context *cc, // br_x509_minimal_set_ecdsa(xc, // &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1); br_x509_minimal_set_ecdsa(xc, - br_ssl_engine_get_ec(&cc->eng), + &br_ec_prime_fast_256, br_ssl_engine_get_ecdsa(&cc->eng)); /* diff --git a/src/bearssl_ec.h b/src/bearssl_ec.h index db22692..b03984a 100644 --- a/src/bearssl_ec.h +++ b/src/bearssl_ec.h @@ -529,6 +529,16 @@ extern const br_ec_impl br_ec_all_m15; */ extern const br_ec_impl br_ec_all_m31; +/** + * \brief Aggregate EC implementation "m31". + * + * This implementation is a wrapper for: + * + * - `br_ec_p256_m31` for NIST P-256 + * - `br_ec_prime_i31` for other curves (NIST P-384 and NIST-P512) + */ +extern const br_ec_impl br_ec_prime_fast_256; + /** * \brief Get the "default" EC implementation for the current system. * diff --git a/src/ec_prime_fast_256.c b/src/ec_prime_fast_256.c new file mode 100644 index 0000000..d418804 --- /dev/null +++ b/src/ec_prime_fast_256.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2019 OSU OPEnS Lab + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +static const unsigned char * +api_generator(int curve, size_t *len) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.generator(curve, len); + } + return br_ec_prime_i15.generator(curve, len); +} + +static const unsigned char * +api_order(int curve, size_t *len) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.order(curve, len); + } + return br_ec_prime_i15.order(curve, len); +} + +static size_t +api_xoff(int curve, size_t *len) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.xoff(curve, len); + } + return br_ec_prime_i15.xoff(curve, len); +} + +static uint32_t +api_mul(unsigned char *G, size_t Glen, + const unsigned char *kb, size_t kblen, int curve) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.mul(G, Glen, kb, kblen, curve); + } + return br_ec_prime_i15.mul(G, Glen, kb, kblen, curve); +} + +static size_t +api_mulgen(unsigned char *R, + const unsigned char *x, size_t xlen, int curve) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.mulgen(R, x, xlen, curve); + } + return br_ec_prime_i15.mulgen(R, x, xlen, curve); +} + +static uint32_t +api_muladd(unsigned char *A, const unsigned char *B, size_t len, + const unsigned char *x, size_t xlen, + const unsigned char *y, size_t ylen, int curve) +{ + if (curve == BR_EC_secp256r1) { + return br_ec_p256_m15.muladd(A, B, len, + x, xlen, y, ylen, curve); + } + return br_ec_prime_i15.muladd(A, B, len, + x, xlen, y, ylen, curve); +} + +/* see bearssl_ec.h */ +const br_ec_impl br_ec_prime_fast_256 = { + (uint32_t)0x03800000, + &api_generator, + &api_order, + &api_xoff, + &api_mul, + &api_mulgen, + &api_muladd +}; From 9766e41dee5539a35028c20bc89132eb000d7c53 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 5 Aug 2019 20:35:32 -0700 Subject: [PATCH 010/141] fix build compatibility issues, add travis build test --- .travis.yml | 22 ++++++++++++++++++++++ src/SSLClient.h | 30 +++++------------------------- src/SSLClientImpl.h | 1 - src/config.h | 2 ++ 4 files changed, 29 insertions(+), 26 deletions(-) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..8537ce1 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,22 @@ +language: c +sudo: false +cache: + directories: + - ~/arduino_ide + - ~/.arduino15/packages/ +git: + depth: false + quiet: true +env: + global: + # You can uncomment this to explicitly choose an (old) version of the Arduino IDE + #- ARDUINO_IDE_VERSION="1.8.7" + - INSTALL_PLATFORMS=samd +before_install: + - source <(curl -SLs https://raw.githubusercontent.com/adafruit/travis-ci-arduino/master/install.sh) +install: + # Note that every library should be installed in a seperate command + - if [! -d "$HOME/arduino_ide/libraries/EthernetLarge" ]; then git clone https://github.com/OPEnSLab-OSU/EthernetLarge.git $HOME/arduino_ide/libraries/EthernetLarge; fi + +script: + - build_platform zero \ No newline at end of file diff --git a/src/SSLClient.h b/src/SSLClient.h index 0c078e1..215a2b3 100644 --- a/src/SSLClient.h +++ b/src/SSLClient.h @@ -18,7 +18,6 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -#include #include "Client.h" #include "SSLClientImpl.h" #include "SSLSession.h" @@ -48,7 +47,6 @@ class SSLClient : public SSLClientImpl { * amount past that will require special modification of this library, and * assumes you know what you are doing. */ -static_assert(std::is_base_of::value, "SSLClient can only accept a type with base class Client!"); static_assert(SessionCache > 0 && SessionCache < 255, "There can be no less than one and no more than 255 sessions in the cache!"); static_assert(SessionCache <= 3, "You need to decrease the size of m_iobuf in order to have more than 3 sessions at once, otherwise memory issues will occur."); @@ -356,30 +354,12 @@ public: bool operator==(const C& rhs) { return m_client == rhs; } /** @brief Returns whether or not two SSLClient objects do not have the same underlying client object */ bool operator!=(const C& rhs) { return m_client != rhs; } - /** @brief Returns the local port, C::localPort exists. Else return 0. */ - uint16_t localPort() override { - if (std::is_member_function_pointer::value) return m_client.localPort(); - else { - m_warn("Client class has no localPort function, so localPort() will always return 0", __func__); - return 0; - } - } - /** @brief Returns the remote IP, if C::remoteIP exists. Else return INADDR_NONE. */ - IPAddress remoteIP() override { - if (std::is_member_function_pointer::value) return m_client.remoteIP(); - else { - m_warn("Client class has no remoteIP function, so remoteIP() will always return INADDR_NONE. This means that sessions caching will always be disabled.", __func__); - return INADDR_NONE; - } - } + /** @brief Returns the local port, if C::localPort exists */ + uint16_t localPort() override { return m_client.localPort(); } + /** @brief Returns the remote IP, if C::remoteIP exists. */ + IPAddress remoteIP() override { return m_client.remoteIP(); } /** @brief Returns the remote port, if C::remotePort exists. Else return 0. */ - uint16_t remotePort() override { - if (std::is_member_function_pointer::value) return m_client.remotePort(); - else { - m_warn("Client class has no remotePort function, so remotePort() will always return 0", __func__); - return 0; - } - } + uint16_t remotePort() override { return m_client.remotePort(); } /** @brief Returns a reference to the client object stored in this class. Take care not to break it. */ C& getClient() { return m_client; } diff --git a/src/SSLClientImpl.h b/src/SSLClientImpl.h index 7b6cd2c..01af2f1 100644 --- a/src/SSLClientImpl.h +++ b/src/SSLClientImpl.h @@ -203,7 +203,6 @@ private: * connection. */ unsigned char m_iobuf[2048]; - static_assert(sizeof m_iobuf <= BR_SSL_BUFSIZE_BIDI, "m_iobuf must be below maximum buffer size"); // store the index of where we are writing in the buffer // so we can send our records all at once to prevent // weird timing issues diff --git a/src/config.h b/src/config.h index 001b352..ad4969f 100644 --- a/src/config.h +++ b/src/config.h @@ -159,7 +159,9 @@ * Note: if BR_LOMUL is not explicitly enabled or disabled, then * enabling BR_ARMEL_CORTEXM_GCC also enables BR_LOMUL. */ +#ifdef ARDUINO_ARCH_SAMD #define BR_ARMEL_CORTEXM_GCC 1 +#endif /* * When BR_AES_X86NI is enabled, the AES implementation using the x86 "NI" From beaa07f60d9e29470972398922245da102ca5e84 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 5 Aug 2019 20:56:28 -0700 Subject: [PATCH 011/141] change platforms to fix build script --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 8537ce1..26883cb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,6 @@ env: global: # You can uncomment this to explicitly choose an (old) version of the Arduino IDE #- ARDUINO_IDE_VERSION="1.8.7" - - INSTALL_PLATFORMS=samd before_install: - source <(curl -SLs https://raw.githubusercontent.com/adafruit/travis-ci-arduino/master/install.sh) install: From 7922e59b1024889f117b27116b1041c62ca20167 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 5 Aug 2019 21:17:26 -0700 Subject: [PATCH 012/141] update travis build script --- .travis.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 26883cb..a5116e7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,9 +13,6 @@ env: #- ARDUINO_IDE_VERSION="1.8.7" before_install: - source <(curl -SLs https://raw.githubusercontent.com/adafruit/travis-ci-arduino/master/install.sh) -install: - # Note that every library should be installed in a seperate command - - if [! -d "$HOME/arduino_ide/libraries/EthernetLarge" ]; then git clone https://github.com/OPEnSLab-OSU/EthernetLarge.git $HOME/arduino_ide/libraries/EthernetLarge; fi - + - if [! -d "$HOME/arduino_ide/libraries/" ]; then git clone $HOME/arduino_ide/libraries/; fi script: - build_platform zero \ No newline at end of file From b335dea25673be13dcefbdac7c7b8ca3c15ea68d Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 5 Aug 2019 21:21:14 -0700 Subject: [PATCH 013/141] fix typo in travis --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index a5116e7..34b646c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,6 +13,7 @@ env: #- ARDUINO_IDE_VERSION="1.8.7" before_install: - source <(curl -SLs https://raw.githubusercontent.com/adafruit/travis-ci-arduino/master/install.sh) - - if [! -d "$HOME/arduino_ide/libraries/" ]; then git clone $HOME/arduino_ide/libraries/; fi + - if [! -d "$HOME/arduino_ide/libraries/EthernetLarge" ]; then git clone https://github.com/OPEnSLab-OSU/EthernetLarge.git $HOME/arduino_ide/libraries/EthernetLarge; fi + script: - build_platform zero \ No newline at end of file From 5d8d4925d4aabce55c9cb8067ef0547746d92172 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 5 Aug 2019 21:26:50 -0700 Subject: [PATCH 014/141] fix another typo --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 34b646c..6eac9e6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,7 @@ env: #- ARDUINO_IDE_VERSION="1.8.7" before_install: - source <(curl -SLs https://raw.githubusercontent.com/adafruit/travis-ci-arduino/master/install.sh) - - if [! -d "$HOME/arduino_ide/libraries/EthernetLarge" ]; then git clone https://github.com/OPEnSLab-OSU/EthernetLarge.git $HOME/arduino_ide/libraries/EthernetLarge; fi - +install: + - if [ ! -d "$HOME/arduino_ide/libraries/EthernetLarge" ]; then git clone https://github.com/OPEnSLab-OSU/EthernetLarge.git $HOME/arduino_ide/libraries/EthernetLarge; fi script: - build_platform zero \ No newline at end of file From d884e4d4edb1fe7db1d8addae07294d8dda95fa4 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 5 Aug 2019 21:33:03 -0700 Subject: [PATCH 015/141] fix analog pin assignment in examples --- examples/EthernetHTTPS/EthernetHTTPS.ino | 2 +- examples/EthernetMultiHTTPS/EthernetMultiHTTPS.ino | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/EthernetHTTPS/EthernetHTTPS.ino b/examples/EthernetHTTPS/EthernetHTTPS.ino index 5245554..4ab030c 100644 --- a/examples/EthernetHTTPS/EthernetHTTPS.ino +++ b/examples/EthernetHTTPS/EthernetHTTPS.ino @@ -38,7 +38,7 @@ IPAddress myDns(8, 8, 8, 8); // Choose the analog pin to get semi-random data from for SSL // Pick a pin that's not connected or attached to a randomish voltage source -const int rand_pin = A7; +const int rand_pin = A5; // Initialize the SSL client library // We input an EthernetClient, our trust anchors, and the analog pin diff --git a/examples/EthernetMultiHTTPS/EthernetMultiHTTPS.ino b/examples/EthernetMultiHTTPS/EthernetMultiHTTPS.ino index e21f0b1..08d919d 100644 --- a/examples/EthernetMultiHTTPS/EthernetMultiHTTPS.ino +++ b/examples/EthernetMultiHTTPS/EthernetMultiHTTPS.ino @@ -39,7 +39,7 @@ IPAddress myDns(8, 8, 8, 8); // Choose the analog pin to get semi-random data from for SSL // Pick a pin that's not connected or attached to a randomish voltage source -const int rand_pin = A7; +const int rand_pin = A5; // Initialize the SSL client library // We input an EthernetClient, our trust anchors, and the analog pin From 708b564d3002082a3b9512532056958bd26324a1 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 5 Aug 2019 21:39:49 -0700 Subject: [PATCH 016/141] remove unnecessary explicit ctor --- src/SSLSession.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/SSLSession.h b/src/SSLSession.h index b6ca188..ef6e997 100644 --- a/src/SSLSession.h +++ b/src/SSLSession.h @@ -57,7 +57,7 @@ public: * * Sets all parameters to zero, and invalidates the session */ - explicit SSLSession() + SSLSession() : m_valid_session(false) , m_hostname() , m_ip(INADDR_NONE) {} From 81cb0db8970b8dd8547b2ffce7f7a474bd874de7 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 5 Aug 2019 21:45:04 -0700 Subject: [PATCH 017/141] Add travis badge --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index ca16297..f37a77a 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # SSLClient - Arduino Library For SSL +[![Build Status](https://travis-ci.org/OPEnSLab-OSU/SSLClient.svg?branch=master)](https://travis-ci.org/OPEnSLab-OSU/SSLClient) + **SSLClient requires at least 110kb flash and 7kb RAM, and will not compile otherwise. This means that most Arduino boards are not supported. Check your board's specifications before attempting to use this library.** You can also view this README in [doxygen](https://openslab-osu.github.io/SSLClient/html/index.html). From d4e988f6f19dedda2c56dc74b3cccec8b907ba9a Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 5 Aug 2019 21:47:12 -0700 Subject: [PATCH 018/141] update doxy --- docs/html/_s_s_l_client_8h.html | 4 +- docs/html/_s_s_l_client_8h_source.html | 82 +++--- docs/html/_s_s_l_client_impl_8h.html | 1 + docs/html/_s_s_l_client_impl_8h_source.html | 64 ++--- docs/html/_s_s_l_client_parameters_8h.html | 118 +++++++++ .../_s_s_l_client_parameters_8h_source.html | 110 +++++++++ docs/html/_s_s_l_session_8h_source.html | 2 +- docs/html/annotated.html | 3 +- docs/html/annotated_dup.js | 1 + docs/html/class_s_s_l_client-members.html | 4 +- docs/html/class_s_s_l_client.html | 78 +++++- docs/html/class_s_s_l_client.js | 1 + .../html/class_s_s_l_client_impl-members.html | 5 +- docs/html/class_s_s_l_client_impl.html | 65 ++++- docs/html/class_s_s_l_client_impl.js | 1 + docs/html/class_s_s_l_session-members.html | 2 +- docs/html/class_s_s_l_session.html | 2 +- docs/html/classes.html | 8 +- .../dir_68267d1309a1af8e8297ef4c3efbcdba.html | 4 + .../dir_68267d1309a1af8e8297ef4c3efbcdba.js | 4 + docs/html/ec__prime__fast__256_8c.html | 130 ++++++++++ docs/html/ec__prime__fast__256_8c.js | 4 + docs/html/files.html | 16 +- docs/html/functions.html | 19 +- docs/html/functions_vars.html | 47 +--- docs/html/globals.html | 3 + docs/html/globals_vars.html | 3 + docs/html/hierarchy.html | 1 + docs/html/hierarchy.js | 3 +- docs/html/index.html | 8 +- docs/html/menudata.js | 4 +- docs/html/navtreedata.js | 3 +- docs/html/navtreeindex0.js | 233 +++++++++--------- docs/html/search/all_2.js | 3 +- docs/html/search/all_3.js | 2 + docs/html/search/all_5.js | 2 + docs/html/search/all_e.js | 6 +- docs/html/search/classes_0.js | 1 + docs/html/search/files_1.js | 2 +- docs/html/search/files_2.js | 6 +- docs/html/search/files_3.js | 11 +- docs/html/search/files_4.html | 30 +++ docs/html/search/files_4.js | 8 + docs/html/search/functions_b.js | 4 +- docs/html/search/searchdata.js | 4 +- docs/html/search/variables_1.js | 15 +- docs/html/search/variables_2.html | 30 +++ docs/html/search/variables_2.js | 5 + docs/html/search/variables_3.html | 30 +++ docs/html/search/variables_3.js | 4 + ...truct_s_s_l_client_parameters-members.html | 111 +++++++++ docs/html/struct_s_s_l_client_parameters.html | 181 ++++++++++++++ docs/html/struct_s_s_l_client_parameters.js | 6 + .../__pycache__/cert_util.cpython-37.pyc | Bin 0 -> 7329 bytes tools/pycert_bearssl/cert.cer | 20 ++ tools/pycert_bearssl/certificates.h | 77 ++++++ 56 files changed, 1299 insertions(+), 292 deletions(-) create mode 100644 docs/html/_s_s_l_client_parameters_8h.html create mode 100644 docs/html/_s_s_l_client_parameters_8h_source.html create mode 100644 docs/html/ec__prime__fast__256_8c.html create mode 100644 docs/html/ec__prime__fast__256_8c.js create mode 100644 docs/html/search/files_4.html create mode 100644 docs/html/search/files_4.js create mode 100644 docs/html/search/variables_2.html create mode 100644 docs/html/search/variables_2.js create mode 100644 docs/html/search/variables_3.html create mode 100644 docs/html/search/variables_3.js create mode 100644 docs/html/struct_s_s_l_client_parameters-members.html create mode 100644 docs/html/struct_s_s_l_client_parameters.html create mode 100644 docs/html/struct_s_s_l_client_parameters.js create mode 100644 tools/pycert_bearssl/__pycache__/cert_util.cpython-37.pyc create mode 100644 tools/pycert_bearssl/cert.cer create mode 100644 tools/pycert_bearssl/certificates.h diff --git a/docs/html/_s_s_l_client_8h.html b/docs/html/_s_s_l_client_8h.html index ce1fe0c..945261d 100644 --- a/docs/html/_s_s_l_client_8h.html +++ b/docs/html/_s_s_l_client_8h.html @@ -94,10 +94,10 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8h.html','');});
SSLClient.h File Reference
-
#include <type_traits>
-#include "Client.h"
+
#include "Client.h"
#include "SSLClientImpl.h"
#include "SSLSession.h"
+#include "SSLClientParameters.h"

Go to the source code of this file.

diff --git a/docs/html/_s_s_l_client_8h_source.html b/docs/html/_s_s_l_client_8h_source.html index 9ffa230..090a4ef 100644 --- a/docs/html/_s_s_l_client_8h_source.html +++ b/docs/html/_s_s_l_client_8h_source.html @@ -91,51 +91,53 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8h_source.html','');});
SSLClient.h
-Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
21 #include <type_traits>
22 #include "Client.h"
23 #include "SSLClientImpl.h"
24 #include "SSLSession.h"
25 
26 #ifndef SSLClient_H_
27 #define SSLClient_H_
28 
34 template <class C, size_t SessionCache = 1>
35 class SSLClient : public SSLClientImpl {
36 /*
37  * static checks
38  * I'm a java developer, so I want to ensure that my inheritance is safe.
39  * These checks ensure that all the functions we use on class C are
40  * actually present on class C. It does this by checking that the
41  * class inherits from Client.
42  *
43  * Additionally, I ran into a lot of memory issues with large sessions caches.
44  * Since each session contains at max 352 bytes of memory, they eat of the
45  * stack quite quickly and can cause overflows. As a result, I have added a
46  * warning here to discourage the use of more than 3 sessions at a time. Any
47  * amount past that will require special modification of this library, and
48  * assumes you know what you are doing.
49  */
50 static_assert(std::is_base_of<Client, C>::value, "SSLClient can only accept a type with base class Client!");
51 static_assert(SessionCache > 0 && SessionCache < 255, "There can be no less than one and no more than 255 sessions in the cache!");
52 static_assert(SessionCache <= 3, "You need to decrease the size of m_iobuf in order to have more than 3 sessions at once, otherwise memory issues will occur.");
53 
54 public:
71  explicit SSLClient(const C& client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug = SSL_WARN)
72  : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug)
73  , m_client(client)
74  , m_sessions{SSLSession()}
75  {
76  // set the timeout to a reasonable number (it can always be changes later)
77  // SSL Connections take a really long time so we don't want to time out a legitimate thing
78  setTimeout(30 * 1000);
79  }
80 
81  //========================================
82  //= Functions implemented in SSLClientImpl
83  //========================================
84 
124  int connect(IPAddress ip, uint16_t port) override { return connect_impl(ip, port); }
125 
162  int connect(const char *host, uint16_t port) override { return connect_impl(host, port); }
163 
165  size_t write(uint8_t b) override { return write_impl(&b, 1); }
189  size_t write(const uint8_t *buf, size_t size) override { return write_impl(buf, size); }
190 
209  int available() override { return available_impl(); }
210 
215  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
237  int read(uint8_t *buf, size_t size) override { return read_impl(buf, size); }
238 
247  int peek() override { return peek_impl(); }
248 
256  void flush() override { return flush_impl(); }
257 
266  void stop() override { return stop_impl(); }
267 
281  uint8_t connected() override { return connected_impl(); }
282 
283  //========================================
284  //= Functions Not in the Client Interface
285  //========================================
286 
301  SSLSession& getSession(const char* host, const IPAddress& addr) { return get_session_impl(host, addr); }
302 
311  void removeSession(const char* host, const IPAddress& addr) { return remove_session_impl(host, addr); }
312 
318  size_t getSessionCount() const override { return SessionCache; }
319 
325  operator bool() { return connected() > 0; }
327  bool operator==(const bool value) { return bool() == value; }
329  bool operator!=(const bool value) { return bool() != value; }
331  bool operator==(const C& rhs) { return m_client == rhs; }
333  bool operator!=(const C& rhs) { return m_client != rhs; }
335  uint16_t localPort() override {
336  if (std::is_member_function_pointer<decltype(&C::localPort)>::value) return m_client.localPort();
337  else {
338  m_warn("Client class has no localPort function, so localPort() will always return 0", __func__);
339  return 0;
340  }
341  }
343  IPAddress remoteIP() override {
344  if (std::is_member_function_pointer<decltype(&C::remoteIP)>::value) return m_client.remoteIP();
345  else {
346  m_warn("Client class has no remoteIP function, so remoteIP() will always return INADDR_NONE. This means that sessions caching will always be disabled.", __func__);
347  return INADDR_NONE;
348  }
349  }
351  uint16_t remotePort() override {
352  if (std::is_member_function_pointer<decltype(&C::remotePort)>::value) return m_client.remotePort();
353  else {
354  m_warn("Client class has no remotePort function, so remotePort() will always return 0", __func__);
355  return 0;
356  }
357  }
358 
360  C& getClient() { return m_client; }
361 
362 protected:
364  Client& get_arduino_client() override { return m_client; }
365  const Client& get_arduino_client() const override { return m_client; }
367  SSLSession* get_session_array() override { return m_sessions; }
368  const SSLSession* get_session_array() const override { return m_sessions; }
369 
370 private:
371  // create a copy of the client
372  C m_client;
373  // also store an array of SSLSessions, so we can resume communication with multiple websites
374  SSLSession m_sessions[SessionCache];
375 };
376 
377 #endif
SSLClientImpl::write_impl
size_t write_impl(const uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:132
-
SSLClient::get_session_array
const SSLSession * get_session_array() const override
Definition: SSLClient.h:368
-
SSLClient::remoteIP
IPAddress remoteIP() override
Returns the remote IP, if C::remoteIP exists. Else return INADDR_NONE.
Definition: SSLClient.h:343
-
SSLClient::write
size_t write(uint8_t b) override
Definition: SSLClient.h:165
-
SSL_WARN
Definition: SSLClientImpl.h:65
-
SSLClientImpl::get_session_impl
SSLSession & get_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:294
+Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
21 #include "Client.h"
22 #include "SSLClientImpl.h"
23 #include "SSLSession.h"
24 #include "SSLClientParameters.h"
25 
26 #ifndef SSLClient_H_
27 #define SSLClient_H_
28 
34 template <class C, size_t SessionCache = 1>
35 class SSLClient : public SSLClientImpl {
36 /*
37  * static checks
38  * I'm a java developer, so I want to ensure that my inheritance is safe.
39  * These checks ensure that all the functions we use on class C are
40  * actually present on class C. It does this by checking that the
41  * class inherits from Client.
42  *
43  * Additionally, I ran into a lot of memory issues with large sessions caches.
44  * Since each session contains at max 352 bytes of memory, they eat of the
45  * stack quite quickly and can cause overflows. As a result, I have added a
46  * warning here to discourage the use of more than 3 sessions at a time. Any
47  * amount past that will require special modification of this library, and
48  * assumes you know what you are doing.
49  */
50 static_assert(SessionCache > 0 && SessionCache < 255, "There can be no less than one and no more than 255 sessions in the cache!");
51 static_assert(SessionCache <= 3, "You need to decrease the size of m_iobuf in order to have more than 3 sessions at once, otherwise memory issues will occur.");
52 
53 public:
71  explicit SSLClient( const C& client,
72  const br_x509_trust_anchor *trust_anchors,
73  const size_t trust_anchors_num,
74  const int analog_pin,
75  const DebugLevel debug = SSL_WARN)
76  : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug)
77  , m_client(client)
78  , m_sessions{}
79  {
80  // set the timeout to a reasonable number (it can always be changes later)
81  // SSL Connections take a really long time so we don't want to time out a legitimate thing
82  setTimeout(30 * 1000);
83  }
84 
89  explicit SSLClient( const C& client,
90  const br_x509_trust_anchor *trust_anchors,
91  const size_t trust_anchors_num,
92  const int analog_pin,
93  const DebugLevel debug,
94  const SSLClientParameters* mutual_auth_params)
95  : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug, mutual_auth_params)
96  , m_client(client)
97  , m_sessions{}
98  {
99  // set the timeout to a reasonable number (it can always be changes later)
100  // SSL Connections take a really long time so we don't want to time out a legitimate thing
101  setTimeout(30 * 1000);
102  }
103 
104  //========================================
105  //= Functions implemented in SSLClientImpl
106  //========================================
107 
147  int connect(IPAddress ip, uint16_t port) override { return connect_impl(ip, port); }
148 
185  int connect(const char *host, uint16_t port) override { return connect_impl(host, port); }
186 
188  size_t write(uint8_t b) override { return write_impl(&b, 1); }
212  size_t write(const uint8_t *buf, size_t size) override { return write_impl(buf, size); }
213 
232  int available() override { return available_impl(); }
233 
238  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
260  int read(uint8_t *buf, size_t size) override { return read_impl(buf, size); }
261 
270  int peek() override { return peek_impl(); }
271 
279  void flush() override { return flush_impl(); }
280 
289  void stop() override { return stop_impl(); }
290 
304  uint8_t connected() override { return connected_impl(); }
305 
306  //========================================
307  //= Functions Not in the Client Interface
308  //========================================
309 
324  SSLSession& getSession(const char* host, const IPAddress& addr) { return get_session_impl(host, addr); }
325 
334  void removeSession(const char* host, const IPAddress& addr) { return remove_session_impl(host, addr); }
335 
341  size_t getSessionCount() const override { return SessionCache; }
342 
348  operator bool() { return connected() > 0; }
350  bool operator==(const bool value) { return bool() == value; }
352  bool operator!=(const bool value) { return bool() != value; }
354  bool operator==(const C& rhs) { return m_client == rhs; }
356  bool operator!=(const C& rhs) { return m_client != rhs; }
358  uint16_t localPort() override { return m_client.localPort(); }
360  IPAddress remoteIP() override { return m_client.remoteIP(); }
362  uint16_t remotePort() override { return m_client.remotePort(); }
363 
365  C& getClient() { return m_client; }
366 
367 protected:
369  Client& get_arduino_client() override { return m_client; }
370  const Client& get_arduino_client() const override { return m_client; }
372  SSLSession* get_session_array() override { return m_sessions; }
373  const SSLSession* get_session_array() const override { return m_sessions; }
374 
375 private:
376  // create a copy of the client
377  C m_client;
378  // also store an array of SSLSessions, so we can resume communication with multiple websites
379  SSLSession m_sessions[SessionCache];
380 };
381 
382 #endif
SSLClientImpl::write_impl
size_t write_impl(const uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:147
+
SSLClient::get_session_array
const SSLSession * get_session_array() const override
Definition: SSLClient.h:373
+
SSLClient::remoteIP
IPAddress remoteIP() override
Returns the remote IP, if C::remoteIP exists.
Definition: SSLClient.h:360
+
SSLClient::write
size_t write(uint8_t b) override
Definition: SSLClient.h:188
+
SSL_WARN
Definition: SSLClientImpl.h:66
+
SSLClientImpl::get_session_impl
SSLSession & get_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:305
SSLSession
This class stores values which allow SSLClient to save and resume SSL sessions.
Definition: SSLSession.h:52
-
SSLClient::operator!=
bool operator!=(const C &rhs)
Returns whether or not two SSLClient objects do not have the same underlying client object.
Definition: SSLClient.h:333
-
SSLClient::available
int available() override
Returns the number of bytes available to read from the data that has been received and decrypted.
Definition: SSLClient.h:209
-
SSLClient::getClient
C & getClient()
Returns a reference to the client object stored in this class. Take care not to break it.
Definition: SSLClient.h:360
-
SSLClientImpl::peek_impl
int peek_impl()
Definition: SSLClientImpl.cpp:211
-
SSLClient::flush
void flush() override
Force writing the buffered bytes from SSLClient::write to the network.
Definition: SSLClient.h:256
+
SSLClient::SSLClient
SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)
Definition: SSLClient.h:89
+
SSLClient::operator!=
bool operator!=(const C &rhs)
Returns whether or not two SSLClient objects do not have the same underlying client object.
Definition: SSLClient.h:356
+
SSLClient::available
int available() override
Returns the number of bytes available to read from the data that has been received and decrypted.
Definition: SSLClient.h:232
+
SSLClient::getClient
C & getClient()
Returns a reference to the client object stored in this class. Take care not to break it.
Definition: SSLClient.h:365
+
SSLClientImpl::peek_impl
int peek_impl()
Definition: SSLClientImpl.cpp:226
+
SSLClientParameters
This struct stores data required for SSLClient to use mutual authentication.
Definition: SSLClientParameters.h:52
+
SSLClient::flush
void flush() override
Force writing the buffered bytes from SSLClient::write to the network.
Definition: SSLClient.h:279
SSLClient
The main SSLClient class. Check out README.md for more info.
Definition: SSLClient.h:35
-
SSLClient::operator!=
bool operator!=(const bool value)
Definition: SSLClient.h:329
-
SSLClient::stop
void stop() override
Close the connection.
Definition: SSLClient.h:266
-
SSLClient::write
size_t write(const uint8_t *buf, size_t size) override
Write some bytes to the SSL connection.
Definition: SSLClient.h:189
+
SSLClient::operator!=
bool operator!=(const bool value)
Definition: SSLClient.h:352
+
SSLClient::stop
void stop() override
Close the connection.
Definition: SSLClient.h:289
+
SSLClient::write
size_t write(const uint8_t *buf, size_t size) override
Write some bytes to the SSL connection.
Definition: SSLClient.h:212
SSLClient::SSLClient
SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)
Initialize SSLClient with all of the prerequisites needed.
Definition: SSLClient.h:71
-
SSLClient::peek
int peek() override
View the first byte of the buffer, without removing it from the SSLClient Buffer.
Definition: SSLClient.h:247
-
SSLClientImpl::available_impl
int available_impl()
Definition: SSLClientImpl.cpp:175
-
SSLClient::operator==
bool operator==(const C &rhs)
Returns whether or not two SSLClient objects have the same underlying client object.
Definition: SSLClient.h:331
-
SSLClientImpl::read_impl
int read_impl(uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:196
-
SSLClient::get_session_array
SSLSession * get_session_array() override
Returns an instance of the session array that is on the stack.
Definition: SSLClient.h:367
-
SSLClientImpl::remove_session_impl
void remove_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:313
-
SSLClient::get_arduino_client
Client & get_arduino_client() override
Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl.
Definition: SSLClient.h:364
-
SSLClient::localPort
uint16_t localPort() override
Returns the local port, C::localPort exists. Else return 0.
Definition: SSLClient.h:335
+
SSLClient::peek
int peek() override
View the first byte of the buffer, without removing it from the SSLClient Buffer.
Definition: SSLClient.h:270
+
SSLClientImpl::available_impl
int available_impl()
Definition: SSLClientImpl.cpp:190
+
SSLClient::operator==
bool operator==(const C &rhs)
Returns whether or not two SSLClient objects have the same underlying client object.
Definition: SSLClient.h:354
+
SSLClientImpl::read_impl
int read_impl(uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:211
+
SSLClient::get_session_array
SSLSession * get_session_array() override
Returns an instance of the session array that is on the stack.
Definition: SSLClient.h:372
+
SSLClientImpl::remove_session_impl
void remove_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:324
+
SSLClient::get_arduino_client
Client & get_arduino_client() override
Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl.
Definition: SSLClient.h:369
+
SSLClient::localPort
uint16_t localPort() override
Returns the local port, if C::localPort exists.
Definition: SSLClient.h:358
SSLClientImpl.h
-
SSLClientImpl::m_warn
void m_warn(const T str, const char *func_name) const
Definition: SSLClientImpl.h:153
-
SSLClient::read
int read() override
Read a single byte, or -1 if none is available.
Definition: SSLClient.h:215
-
SSLClient::connected
uint8_t connected() override
Check if the device is connected.
Definition: SSLClient.h:281
+
SSLClient::read
int read() override
Read a single byte, or -1 if none is available.
Definition: SSLClient.h:238
+
SSLClientParameters.h
+
SSLClient::connected
uint8_t connected() override
Check if the device is connected.
Definition: SSLClient.h:304
SSLSession.h
-
SSLClient::get_arduino_client
const Client & get_arduino_client() const override
Definition: SSLClient.h:365
-
SSLClient::connect
int connect(const char *host, uint16_t port) override
Connect over SSL to a host specified by a hostname.
Definition: SSLClient.h:162
-
SSLClient::operator==
bool operator==(const bool value)
Definition: SSLClient.h:327
-
SSLClient::remotePort
uint16_t remotePort() override
Returns the remote port, if C::remotePort exists. Else return 0.
Definition: SSLClient.h:351
-
SSLClientImpl::connect_impl
int connect_impl(IPAddress ip, uint16_t port)
Definition: SSLClientImpl.cpp:75
-
SSLClient::getSessionCount
size_t getSessionCount() const override
Get the maximum number of SSL sessions that can be stored at once.
Definition: SSLClient.h:318
-
SSLClientImpl::stop_impl
void stop_impl()
Definition: SSLClientImpl.cpp:231
-
SSLClientImpl::flush_impl
void flush_impl()
Definition: SSLClientImpl.cpp:223
-
SSLClientImpl
Implementation code to be inherited by SSLClient.
Definition: SSLClientImpl.h:71
-
SSLClient::removeSession
void removeSession(const char *host, const IPAddress &addr)
Clear the session corresponding to a host and IP.
Definition: SSLClient.h:311
-
SSLClientImpl::connected_impl
uint8_t connected_impl()
Definition: SSLClientImpl.cpp:263
-
SSLClient::getSession
SSLSession & getSession(const char *host, const IPAddress &addr)
Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
Definition: SSLClient.h:301
-
DebugLevel
DebugLevel
Level of verbosity used in logging for SSLClient.
Definition: SSLClientImpl.h:59
-
SSLClient::read
int read(uint8_t *buf, size_t size) override
Read size bytes from the SSL client buffer, copying them into *buf, and return the number of bytes re...
Definition: SSLClient.h:237
-
SSLClient::connect
int connect(IPAddress ip, uint16_t port) override
Connect over SSL to a host specified by an IP address.
Definition: SSLClient.h:124
+
SSLClient::get_arduino_client
const Client & get_arduino_client() const override
Definition: SSLClient.h:370
+
SSLClient::connect
int connect(const char *host, uint16_t port) override
Connect over SSL to a host specified by a hostname.
Definition: SSLClient.h:185
+
SSLClient::operator==
bool operator==(const bool value)
Definition: SSLClient.h:350
+
SSLClient::remotePort
uint16_t remotePort() override
Returns the remote port, if C::remotePort exists. Else return 0.
Definition: SSLClient.h:362
+
SSLClientImpl::connect_impl
int connect_impl(IPAddress ip, uint16_t port)
Definition: SSLClientImpl.cpp:90
+
SSLClient::getSessionCount
size_t getSessionCount() const override
Get the maximum number of SSL sessions that can be stored at once.
Definition: SSLClient.h:341
+
SSLClientImpl::stop_impl
void stop_impl()
Definition: SSLClientImpl.cpp:246
+
SSLClientImpl::flush_impl
void flush_impl()
Definition: SSLClientImpl.cpp:238
+
SSLClientImpl
Implementation code to be inherited by SSLClient.
Definition: SSLClientImpl.h:72
+
SSLClient::removeSession
void removeSession(const char *host, const IPAddress &addr)
Clear the session corresponding to a host and IP.
Definition: SSLClient.h:334
+
SSLClientImpl::connected_impl
uint8_t connected_impl()
Definition: SSLClientImpl.cpp:274
+
SSLClient::getSession
SSLSession & getSession(const char *host, const IPAddress &addr)
Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
Definition: SSLClient.h:324
+
DebugLevel
DebugLevel
Level of verbosity used in logging for SSLClient.
Definition: SSLClientImpl.h:60
+
SSLClient::read
int read(uint8_t *buf, size_t size) override
Read size bytes from the SSL client buffer, copying them into *buf, and return the number of bytes re...
Definition: SSLClient.h:260
+
SSLClient::connect
int connect(IPAddress ip, uint16_t port) override
Connect over SSL to a host specified by an IP address.
Definition: SSLClient.h:147
diff --git a/docs/html/_s_s_l_client_impl_8h.html b/docs/html/_s_s_l_client_impl_8h.html index 0acd8c1..6e9ba5d 100644 --- a/docs/html/_s_s_l_client_impl_8h.html +++ b/docs/html/_s_s_l_client_impl_8h.html @@ -98,6 +98,7 @@ $(document).ready(function(){initNavTree('_s_s_l_client_impl_8h.html','');}); #include "Arduino.h"
#include "Client.h"
#include "SSLSession.h"
+#include "SSLClientParameters.h"

Go to the source code of this file.

diff --git a/docs/html/_s_s_l_client_impl_8h_source.html b/docs/html/_s_s_l_client_impl_8h_source.html index 6bd981b..6e50fd6 100644 --- a/docs/html/_s_s_l_client_impl_8h_source.html +++ b/docs/html/_s_s_l_client_impl_8h_source.html @@ -91,46 +91,48 @@ $(document).ready(function(){initNavTree('_s_s_l_client_impl_8h_source.html','')
SSLClientImpl.h
-Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
21 #include "bearssl.h"
22 #include "Arduino.h"
23 #include "Client.h"
24 #include "SSLSession.h"
25 
26 #ifndef SSLClientImpl_H_
27 #define SSLClientImpl_H_
28 
37 enum Error {
38  SSL_OK = 0,
40  SSL_CLIENT_CONNECT_FAIL,
42  SSL_BR_CONNECT_FAIL,
44  SSL_CLIENT_WRTIE_ERROR,
46  SSL_BR_WRITE_ERROR,
48  SSL_INTERNAL_ERROR,
50  SSL_OUT_OF_MEMORY
51 };
52 
59 enum DebugLevel {
61  SSL_NONE = 0,
63  SSL_ERROR = 1,
65  SSL_WARN = 2,
67  SSL_INFO = 3,
68 };
69 
71 class SSLClientImpl : public Client {
72 public:
74  explicit SSLClientImpl(const br_x509_trust_anchor *trust_anchors,
75  const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug);
76 
77  //============================================
78  //= Functions implemented in SSLClientImpl.cpp
79  //============================================
80 
82  int connect_impl(IPAddress ip, uint16_t port);
84  int connect_impl(const char *host, uint16_t port);
86  size_t write_impl(const uint8_t *buf, size_t size);
88  int available_impl();
90  int read_impl(uint8_t *buf, size_t size);
92  int peek_impl();
94  void flush_impl();
96  void stop_impl();
98  uint8_t connected_impl();
100  SSLSession& get_session_impl(const char* host, const IPAddress& addr);
102  void remove_session_impl(const char* host, const IPAddress& addr);
103 
104  //============================================
105  //= Functions implemented in SSLClient.h
106  //============================================
108  virtual uint16_t localPort() = 0;
110  virtual IPAddress remoteIP() = 0;
112  virtual uint16_t remotePort() = 0;
114  virtual size_t getSessionCount() const = 0;
115 
116 protected:
118  virtual Client& get_arduino_client() = 0;
119  virtual const Client& get_arduino_client() const = 0;
121  virtual SSLSession* get_session_array() = 0;
122  virtual const SSLSession* get_session_array() const = 0;
123 
124  //============================================
125  //= Functions implemented in SSLClientImpl.cpp
126  //============================================
127 
129  void m_print_prefix(const char* func_name, const DebugLevel level) const;
130 
132  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
133 
135  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
136 
138  template<typename T>
139  void m_print(const T str, const char* func_name, const DebugLevel level) const {
140  // check the current debug level and serial status
141  if (level > m_debug || !Serial) return;
142  // print prefix
143  m_print_prefix(func_name, level);
144  // print the message
145  Serial.println(str);
146  }
147 
149  template<typename T>
150  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
151 
152  template<typename T>
153  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
154 
155  template<typename T>
156  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
157 
158 private:
160  bool m_soft_connected(const char* func_name);
162  int m_start_ssl(const char* host, SSLSession& ssl_ses);
164  int m_run_until(const unsigned target);
166  unsigned m_update_engine();
168  int m_get_session_index(const char* host, const IPAddress& addr) const;
169 
170  //============================================
171  //= Data Members
172  //============================================
173 
174  // store pointers to the trust anchors
175  // should not be computed at runtime
176  const br_x509_trust_anchor *m_trust_anchors;
177  const size_t m_trust_anchors_num;
178  // store the pin to fetch an RNG see from
179  const int m_analog_pin;
180  // store an index of where a new session can be placed if we don't have any corresponding sessions
181  size_t m_session_index;
182  // store whether to enable debug logging
183  const DebugLevel m_debug;
184  // store if we are connected in bearssl or not
185  bool m_is_connected;
186  // store the context values required for SSL
187  br_ssl_client_context m_sslctx;
188  br_x509_minimal_context m_x509ctx;
189  // use a mono-directional buffer by default to cut memory in half
190  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
191  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
192  // simply edit this value to change the buffer size to the desired value
193  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
194  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
202  unsigned char m_iobuf[BR_SSL_BUFSIZE_MONO / 8];
203  static_assert(sizeof m_iobuf <= BR_SSL_BUFSIZE_BIDI, "m_iobuf must be below maximum buffer size");
204  // store the index of where we are writing in the buffer
205  // so we can send our records all at once to prevent
206  // weird timing issues
207  size_t m_write_idx;
208 };
209 
210 #endif /* SSLClientImpl_H_ */
SSLClientImpl::write_impl
size_t write_impl(const uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:132
+Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
21 #include "bearssl.h"
22 #include "Arduino.h"
23 #include "Client.h"
24 #include "SSLSession.h"
25 #include "SSLClientParameters.h"
26 
27 #ifndef SSLClientImpl_H_
28 #define SSLClientImpl_H_
29 
38 enum Error {
39  SSL_OK = 0,
41  SSL_CLIENT_CONNECT_FAIL,
43  SSL_BR_CONNECT_FAIL,
45  SSL_CLIENT_WRTIE_ERROR,
47  SSL_BR_WRITE_ERROR,
49  SSL_INTERNAL_ERROR,
51  SSL_OUT_OF_MEMORY
52 };
53 
60 enum DebugLevel {
62  SSL_NONE = 0,
64  SSL_ERROR = 1,
66  SSL_WARN = 2,
68  SSL_INFO = 3,
69 };
70 
72 class SSLClientImpl : public Client {
73 public:
75  explicit SSLClientImpl(const br_x509_trust_anchor *trust_anchors,
76  const size_t trust_anchors_num, const int analog_pin,
77  const DebugLevel debug);
78 
80  explicit SSLClientImpl(const br_x509_trust_anchor *trust_anchors,
81  const size_t trust_anchors_num, const int analog_pin,
82  const DebugLevel debug, const SSLClientParameters* mutual_auth_params);
83 
84  //============================================
85  //= Functions implemented in SSLClientImpl.cpp
86  //============================================
87 
89  int connect_impl(IPAddress ip, uint16_t port);
91  int connect_impl(const char *host, uint16_t port);
93  size_t write_impl(const uint8_t *buf, size_t size);
95  int available_impl();
97  int read_impl(uint8_t *buf, size_t size);
99  int peek_impl();
101  void flush_impl();
103  void stop_impl();
105  uint8_t connected_impl();
107  SSLSession& get_session_impl(const char* host, const IPAddress& addr);
109  void remove_session_impl(const char* host, const IPAddress& addr);
110 
111  //============================================
112  //= Functions implemented in SSLClient.h
113  //============================================
115  virtual uint16_t localPort() = 0;
117  virtual IPAddress remoteIP() = 0;
119  virtual uint16_t remotePort() = 0;
121  virtual size_t getSessionCount() const = 0;
122 
123 protected:
125  virtual Client& get_arduino_client() = 0;
126  virtual const Client& get_arduino_client() const = 0;
128  virtual SSLSession* get_session_array() = 0;
129  virtual const SSLSession* get_session_array() const = 0;
130 
131  //============================================
132  //= Functions implemented in SSLClientImpl.cpp
133  //============================================
134 
136  void m_print_prefix(const char* func_name, const DebugLevel level) const;
137 
139  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
140 
142  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
143 
145  template<typename T>
146  void m_print(const T str, const char* func_name, const DebugLevel level) const {
147  // check the current debug level and serial status
148  if (level > m_debug || !Serial) return;
149  // print prefix
150  m_print_prefix(func_name, level);
151  // print the message
152  Serial.println(str);
153  }
154 
156  template<typename T>
157  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
158 
159  template<typename T>
160  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
161 
162  template<typename T>
163  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
164 
165 private:
167  bool m_soft_connected(const char* func_name);
169  int m_start_ssl(const char* host, SSLSession& ssl_ses);
171  int m_run_until(const unsigned target);
173  unsigned m_update_engine();
175  int m_get_session_index(const char* host, const IPAddress& addr) const;
176 
177  //============================================
178  //= Data Members
179  //============================================
180 
181  // store the pin to fetch an RNG see from
182  const int m_analog_pin;
183  // store an index of where a new session can be placed if we don't have any corresponding sessions
184  size_t m_session_index;
185  // store whether to enable debug logging
186  const DebugLevel m_debug;
187  // store if we are connected in bearssl or not
188  bool m_is_connected;
189  // store the context values required for SSL
190  br_ssl_client_context m_sslctx;
191  br_x509_minimal_context m_x509ctx;
192  // use a mono-directional buffer by default to cut memory in half
193  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
194  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
195  // simply edit this value to change the buffer size to the desired value
196  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
197  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
205  unsigned char m_iobuf[2048];
206  // store the index of where we are writing in the buffer
207  // so we can send our records all at once to prevent
208  // weird timing issues
209  size_t m_write_idx;
210 };
211 
212 #endif /* SSLClientImpl_H_ */
SSLClientImpl::write_impl
size_t write_impl(const uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:147
SSLClientImpl::remotePort
virtual uint16_t remotePort()=0
-
SSLClientImpl::m_print
void m_print(const T str, const char *func_name, const DebugLevel level) const
debugging print function, only prints if m_debug is true
Definition: SSLClientImpl.h:139
-
SSL_WARN
Definition: SSLClientImpl.h:65
+
SSLClientImpl::m_print
void m_print(const T str, const char *func_name, const DebugLevel level) const
debugging print function, only prints if m_debug is true
Definition: SSLClientImpl.h:146
+
SSL_WARN
Definition: SSLClientImpl.h:66
SSLClientImpl::remoteIP
virtual IPAddress remoteIP()=0
-
SSLClientImpl::get_session_impl
SSLSession & get_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:294
+
SSLClientImpl::get_session_impl
SSLSession & get_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:305
SSLSession
This class stores values which allow SSLClient to save and resume SSL sessions.
Definition: SSLSession.h:52
-
SSLClientImpl::m_info
void m_info(const T str, const char *func_name) const
Prints a info message to serial, if info messages are enabled.
Definition: SSLClientImpl.h:150
+
SSLClientImpl::m_info
void m_info(const T str, const char *func_name) const
Prints a info message to serial, if info messages are enabled.
Definition: SSLClientImpl.h:157
SSLClientImpl::SSLClientImpl
SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)
Definition: SSLClientImpl.cpp:53
-
SSLClientImpl::m_error
void m_error(const T str, const char *func_name) const
Definition: SSLClientImpl.h:156
-
SSLClientImpl::peek_impl
int peek_impl()
Definition: SSLClientImpl.cpp:211
-
SSL_INFO
Definition: SSLClientImpl.h:67
-
SSL_ERROR
Definition: SSLClientImpl.h:63
-
SSL_INTERNAL_ERROR
Definition: SSLClientImpl.h:48
+
SSLClientImpl::m_error
void m_error(const T str, const char *func_name) const
Definition: SSLClientImpl.h:163
+
SSLClientImpl::peek_impl
int peek_impl()
Definition: SSLClientImpl.cpp:226
+
SSL_INFO
Definition: SSLClientImpl.h:68
+
SSL_ERROR
Definition: SSLClientImpl.h:64
+
SSLClientParameters
This struct stores data required for SSLClient to use mutual authentication.
Definition: SSLClientParameters.h:52
+
SSL_INTERNAL_ERROR
Definition: SSLClientImpl.h:49
SSLClientImpl::getSessionCount
virtual size_t getSessionCount() const =0
SSLClientImpl::get_session_array
virtual SSLSession * get_session_array()=0
-
SSL_BR_WRITE_ERROR
Definition: SSLClientImpl.h:46
-
SSL_OK
Definition: SSLClientImpl.h:38
-
SSLClientImpl::m_print_ssl_error
void m_print_ssl_error(const int ssl_error, const DebugLevel level) const
Prints the string associated with a write error.
Definition: SSLClientImpl.cpp:657
-
SSLClientImpl::available_impl
int available_impl()
Definition: SSLClientImpl.cpp:175
-
Error
Error
Static constants defining the possible errors encountered.
Definition: SSLClientImpl.h:37
-
SSL_BR_CONNECT_FAIL
Definition: SSLClientImpl.h:42
-
SSLClientImpl::read_impl
int read_impl(uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:196
-
SSLClientImpl::remove_session_impl
void remove_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:313
-
SSL_CLIENT_WRTIE_ERROR
Definition: SSLClientImpl.h:44
+
SSL_BR_WRITE_ERROR
Definition: SSLClientImpl.h:47
+
SSL_OK
Definition: SSLClientImpl.h:39
+
SSLClientImpl::m_print_ssl_error
void m_print_ssl_error(const int ssl_error, const DebugLevel level) const
Prints the string associated with a write error.
Definition: SSLClientImpl.cpp:671
+
SSLClientImpl::available_impl
int available_impl()
Definition: SSLClientImpl.cpp:190
+
Error
Error
Static constants defining the possible errors encountered.
Definition: SSLClientImpl.h:38
+
SSL_BR_CONNECT_FAIL
Definition: SSLClientImpl.h:43
+
SSLClientImpl::read_impl
int read_impl(uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:211
+
SSLClientImpl::remove_session_impl
void remove_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:324
+
SSL_CLIENT_WRTIE_ERROR
Definition: SSLClientImpl.h:45
SSLClientImpl::get_arduino_client
virtual Client & get_arduino_client()=0
-
SSL_CLIENT_CONNECT_FAIL
Definition: SSLClientImpl.h:40
-
SSLClientImpl::m_print_prefix
void m_print_prefix(const char *func_name, const DebugLevel level) const
Prints a debugging prefix to all logs, so we can attatch them to useful information.
Definition: SSLClientImpl.cpp:639
-
SSL_NONE
Definition: SSLClientImpl.h:61
-
SSLClientImpl::m_print_br_error
void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const
Print the text string associated with a BearSSL error code.
Definition: SSLClientImpl.cpp:672
-
SSLClientImpl::m_warn
void m_warn(const T str, const char *func_name) const
Definition: SSLClientImpl.h:153
+
SSL_CLIENT_CONNECT_FAIL
Definition: SSLClientImpl.h:41
+
SSLClientImpl::m_print_prefix
void m_print_prefix(const char *func_name, const DebugLevel level) const
Prints a debugging prefix to all logs, so we can attatch them to useful information.
Definition: SSLClientImpl.cpp:653
+
SSL_NONE
Definition: SSLClientImpl.h:62
+
SSLClientImpl::m_print_br_error
void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const
Print the text string associated with a BearSSL error code.
Definition: SSLClientImpl.cpp:686
+
SSLClientImpl::m_warn
void m_warn(const T str, const char *func_name) const
Definition: SSLClientImpl.h:160
+
SSLClientParameters.h
SSLSession.h
-
SSLClientImpl::connect_impl
int connect_impl(IPAddress ip, uint16_t port)
Definition: SSLClientImpl.cpp:75
-
SSL_OUT_OF_MEMORY
Definition: SSLClientImpl.h:50
-
SSLClientImpl::stop_impl
void stop_impl()
Definition: SSLClientImpl.cpp:231
-
SSLClientImpl::flush_impl
void flush_impl()
Definition: SSLClientImpl.cpp:223
-
SSLClientImpl
Implementation code to be inherited by SSLClient.
Definition: SSLClientImpl.h:71
+
SSLClientImpl::connect_impl
int connect_impl(IPAddress ip, uint16_t port)
Definition: SSLClientImpl.cpp:90
+
SSL_OUT_OF_MEMORY
Definition: SSLClientImpl.h:51
+
SSLClientImpl::stop_impl
void stop_impl()
Definition: SSLClientImpl.cpp:246
+
SSLClientImpl::flush_impl
void flush_impl()
Definition: SSLClientImpl.cpp:238
+
SSLClientImpl
Implementation code to be inherited by SSLClient.
Definition: SSLClientImpl.h:72
SSLClientImpl::localPort
virtual uint16_t localPort()=0
-
SSLClientImpl::connected_impl
uint8_t connected_impl()
Definition: SSLClientImpl.cpp:263
-
DebugLevel
DebugLevel
Level of verbosity used in logging for SSLClient.
Definition: SSLClientImpl.h:59
+
SSLClientImpl::connected_impl
uint8_t connected_impl()
Definition: SSLClientImpl.cpp:274
+
DebugLevel
DebugLevel
Level of verbosity used in logging for SSLClient.
Definition: SSLClientImpl.h:60
diff --git a/docs/html/_s_s_l_client_parameters_8h.html b/docs/html/_s_s_l_client_parameters_8h.html new file mode 100644 index 0000000..408fb5b --- /dev/null +++ b/docs/html/_s_s_l_client_parameters_8h.html @@ -0,0 +1,118 @@ + + + + + + + +SSLClient: C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLClientParameters.h File Reference + + + + + + + + + + + + + + +
+
+
+ + + + + +
+
SSLClient +  v1.1.1 +
+
Add TLS 1.2 functionality to any network library.
+
+
+ + + + + + + +
+
+ +
+
+
+ +
+ +
+
+ + +
+ +
+ +
+
+Classes
+
+
SSLClientParameters.h File Reference
+
+
+
#include "bearssl.h"
+
+

Go to the source code of this file.

+ + + + + +

+Classes

struct  SSLClientParameters
 This struct stores data required for SSLClient to use mutual authentication. More...
 
+
+
+ + + + diff --git a/docs/html/_s_s_l_client_parameters_8h_source.html b/docs/html/_s_s_l_client_parameters_8h_source.html new file mode 100644 index 0000000..f1aed41 --- /dev/null +++ b/docs/html/_s_s_l_client_parameters_8h_source.html @@ -0,0 +1,110 @@ + + + + + + + +SSLClient: C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLClientParameters.h Source File + + + + + + + + + + + + + + +
+
+ + + + + + +
+
SSLClient +  v1.1.1 +
+
Add TLS 1.2 functionality to any network library.
+
+
+ + + + + + + +
+
+ +
+
+
+ +
+ +
+
+ + +
+ +
+ +
+
+
SSLClientParameters.h
+
+
+Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
28 #include "bearssl.h"
29 
30 #ifndef SSLClientParameters_H_
31 #define SSLClientParameters_H_
32 
52 struct SSLClientParameters {
59  const br_x509_certificate* client_cert_chain;
61  const size_t chain_len;
63  const br_ec_private_key ec_key;
64 };
65 
66 #endif
SSLClientParameters::client_cert_chain
const br_x509_certificate * client_cert_chain
Pointer to the client certificate chain.
Definition: SSLClientParameters.h:59
+
SSLClientParameters
This struct stores data required for SSLClient to use mutual authentication.
Definition: SSLClientParameters.h:52
+
SSLClientParameters::chain_len
const size_t chain_len
Definition: SSLClientParameters.h:61
+
SSLClientParameters::ec_key
const br_ec_private_key ec_key
Definition: SSLClientParameters.h:63
+
+
+ + + + diff --git a/docs/html/_s_s_l_session_8h_source.html b/docs/html/_s_s_l_session_8h_source.html index 2a0f814..9623d0b 100644 --- a/docs/html/_s_s_l_session_8h_source.html +++ b/docs/html/_s_s_l_session_8h_source.html @@ -91,7 +91,7 @@ $(document).ready(function(){initNavTree('_s_s_l_session_8h_source.html','');});
SSLSession.h
-Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
28 #include "bearssl.h"
29 #include "Arduino.h"
30 #include "IPAddress.h"
31 
32 #ifndef SSLSession_H_
33 #define SSLSession_H_
34 
52 class SSLSession : public br_ssl_session_parameters {
53 
54 public:
60  explicit SSLSession()
61  : m_valid_session(false)
62  , m_hostname()
63  , m_ip(INADDR_NONE) {}
64 
66  SSLSession& operator=(const SSLSession&) = delete;
67 
76  const String& get_hostname() const { return m_hostname; }
77 
86  const IPAddress& get_ip() const { return m_ip; }
87 
88  bool is_valid_session() const { return m_valid_session; }
89 
109  void set_parameters(const IPAddress& ip, const char* hostname = NULL);
110 
118  void clear_parameters();
119 
121  br_ssl_session_parameters* to_br_session() { return (br_ssl_session_parameters *)this; }
122 
123 private:
124  bool m_valid_session;
125  // aparently a hostname has a max length of 256 chars. Go figure.
126  String m_hostname;
127  // store the IP Address we connected to
128  IPAddress m_ip;
129 };
130 
131 
132 
133 #endif /* SSLSession_H_ */
SSLSession
This class stores values which allow SSLClient to save and resume SSL sessions.
Definition: SSLSession.h:52
+Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
28 #include "bearssl.h"
29 #include "Arduino.h"
30 #include "IPAddress.h"
31 
32 #ifndef SSLSession_H_
33 #define SSLSession_H_
34 
52 class SSLSession : public br_ssl_session_parameters {
53 
54 public:
60  SSLSession()
61  : m_valid_session(false)
62  , m_hostname()
63  , m_ip(INADDR_NONE) {}
64 
66  SSLSession& operator=(const SSLSession&) = delete;
67 
76  const String& get_hostname() const { return m_hostname; }
77 
86  const IPAddress& get_ip() const { return m_ip; }
87 
88  bool is_valid_session() const { return m_valid_session; }
89 
109  void set_parameters(const IPAddress& ip, const char* hostname = NULL);
110 
118  void clear_parameters();
119 
121  br_ssl_session_parameters* to_br_session() { return (br_ssl_session_parameters *)this; }
122 
123 private:
124  bool m_valid_session;
125  // aparently a hostname has a max length of 256 chars. Go figure.
126  String m_hostname;
127  // store the IP Address we connected to
128  IPAddress m_ip;
129 };
130 
131 
132 
133 #endif /* SSLSession_H_ */
SSLSession
This class stores values which allow SSLClient to save and resume SSL sessions.
Definition: SSLSession.h:52
SSLSession::to_br_session
br_ssl_session_parameters * to_br_session()
Returns a pointer to the ::br_ssl_session_parameters component of this class.
Definition: SSLSession.h:121
SSLSession::set_parameters
void set_parameters(const IPAddress &ip, const char *hostname=NULL)
Set the ip address and hostname of the session.
Definition: SSLSession.cpp:4
SSLSession::clear_parameters
void clear_parameters()
Delete the parameters and invalidate the session.
Definition: SSLSession.cpp:19
diff --git a/docs/html/annotated.html b/docs/html/annotated.html index 10791df..2f4d32a 100644 --- a/docs/html/annotated.html +++ b/docs/html/annotated.html @@ -95,7 +95,8 @@ $(document).ready(function(){initNavTree('annotated.html','');}); - + +
 CSSLClientThe main SSLClient class. Check out README.md for more info
 CSSLClientImplImplementation code to be inherited by SSLClient
 CSSLSessionThis class stores values which allow SSLClient to save and resume SSL sessions
 CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication
 CSSLSessionThis class stores values which allow SSLClient to save and resume SSL sessions
diff --git a/docs/html/annotated_dup.js b/docs/html/annotated_dup.js index c7c5acd..1a3e527 100644 --- a/docs/html/annotated_dup.js +++ b/docs/html/annotated_dup.js @@ -2,5 +2,6 @@ var annotated_dup = [ [ "SSLClient", "class_s_s_l_client.html", "class_s_s_l_client" ], [ "SSLClientImpl", "class_s_s_l_client_impl.html", "class_s_s_l_client_impl" ], + [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", "struct_s_s_l_client_parameters" ], [ "SSLSession", "class_s_s_l_session.html", "class_s_s_l_session" ] ]; \ No newline at end of file diff --git a/docs/html/class_s_s_l_client-members.html b/docs/html/class_s_s_l_client-members.html index b0199db..2685ca5 100644 --- a/docs/html/class_s_s_l_client-members.html +++ b/docs/html/class_s_s_l_client-members.html @@ -135,7 +135,9 @@ $(document).ready(function(){initNavTree('class_s_s_l_client.html','');}); remove_session_impl(const char *host, const IPAddress &addr)SSLClientImpl removeSession(const char *host, const IPAddress &addr)SSLClient< C, SessionCache >inline SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)SSLClient< C, SessionCache >inlineexplicit - SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)SSLClientImplexplicit + SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)SSLClient< C, SessionCache >inlineexplicit + SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)SSLClientImplexplicit + SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)SSLClientImplexplicit stop() overrideSSLClient< C, SessionCache >inline stop_impl()SSLClientImpl write(uint8_t b) overrideSSLClient< C, SessionCache >inline diff --git a/docs/html/class_s_s_l_client.html b/docs/html/class_s_s_l_client.html index 00e645b..b9d4812 100644 --- a/docs/html/class_s_s_l_client.html +++ b/docs/html/class_s_s_l_client.html @@ -115,6 +115,8 @@ Public Member Functions  SSLClient (const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)  Initialize SSLClient with all of the prerequisites needed. More...
  + SSLClient (const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params) +  int connect (IPAddress ip, uint16_t port) override  Connect over SSL to a host specified by an IP address. More...
  @@ -170,10 +172,10 @@ Public Member Functions  Returns whether or not two SSLClient objects do not have the same underlying client object. More...
  uint16_t localPort () override - Returns the local port, C::localPort exists. Else return 0. More...
+ Returns the local port, if C::localPort exists. More...
  IPAddress remoteIP () override - Returns the remote IP, if C::remoteIP exists. Else return INADDR_NONE. More...
+ Returns the remote IP, if C::remoteIP exists. More...
  uint16_t remotePort () override  Returns the remote port, if C::remotePort exists. Else return 0. More...
@@ -184,6 +186,8 @@ Public Member Functions - Public Member Functions inherited from SSLClientImpl  SSLClientImpl (const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)   + SSLClientImpl (const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params) +  int connect_impl (IPAddress ip, uint16_t port)   int connect_impl (const char *host, uint16_t port) @@ -251,7 +255,7 @@ class SSLClient< C, SessionCache >

The main SSLClient class. Check out README.md for more info.

Constructor & Destructor Documentation

-

◆ SSLClient()

+

◆ SSLClient() [1/2]

@@ -315,10 +319,74 @@ The analog_pin should be set to input. trust_anchors_numThe number of objects in the trust_anchors array. analog_pinAn analog pin to pull random bytes from, used in seeding the RNG. debugThe level of debug logging (use the DebugLevel enum). + mutual_auth_paramsConfiguration to use for mutual authentication, nullptr to disable mutual auth. (see SSLClientParameters). +
+
+ +

◆ SSLClient() [2/2]

+ +
+
+
+template<class C , size_t SessionCache = 1>
+ + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SSLClient< C, SessionCache >::SSLClient (const C & client,
const br_x509_trust_anchor * trust_anchors,
const size_t trust_anchors_num,
const int analog_pin,
const DebugLevel debug,
const SSLClientParametersmutual_auth_params 
)
+ 		+inlineexplicit
+
+

Same as SSLClient::SSLClient(const C &, const br_x509_trust_anchor*, const size_t, const int, const DebugLevel), but can compile support for mutual authentication.

+

Member Function Documentation

@@ -791,7 +859,7 @@ template<class C , size_t SessionCache = 1>
-

Returns the local port, C::localPort exists. Else return 0.

+

Returns the local port, if C::localPort exists.

Implements SSLClientImpl.

@@ -1083,7 +1151,7 @@ template<class C , size_t SessionCache = 1>
-

Returns the remote IP, if C::remoteIP exists. Else return INADDR_NONE.

+

Returns the remote IP, if C::remoteIP exists.

Implements SSLClientImpl.

diff --git a/docs/html/class_s_s_l_client.js b/docs/html/class_s_s_l_client.js index 340f3b7..814f6b3 100644 --- a/docs/html/class_s_s_l_client.js +++ b/docs/html/class_s_s_l_client.js @@ -1,6 +1,7 @@ var class_s_s_l_client = [ [ "SSLClient", "class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0", null ], + [ "SSLClient", "class_s_s_l_client.html#ad7b20a2ac220d346a8047db77d97723d", null ], [ "available", "class_s_s_l_client.html#a5d13fd2f32ee2ea65a1f3820f758e77e", null ], [ "connect", "class_s_s_l_client.html#a4a2172aedfcc483ba2a256ad12148630", null ], [ "connect", "class_s_s_l_client.html#a91c63e35f31652c20faa5b9be95984bf", null ], diff --git a/docs/html/class_s_s_l_client_impl-members.html b/docs/html/class_s_s_l_client_impl-members.html index 62d86a9..a54731c 100644 --- a/docs/html/class_s_s_l_client_impl-members.html +++ b/docs/html/class_s_s_l_client_impl-members.html @@ -119,8 +119,9 @@ $(document).ready(function(){initNavTree('class_s_s_l_client_impl.html','');}); remotePort()=0SSLClientImplpure virtual remove_session_impl(const char *host, const IPAddress &addr)SSLClientImpl SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)SSLClientImplexplicit - stop_impl()SSLClientImpl - write_impl(const uint8_t *buf, size_t size)SSLClientImpl + SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)SSLClientImplexplicit + stop_impl()SSLClientImpl + write_impl(const uint8_t *buf, size_t size)SSLClientImpl
diff --git a/docs/html/class_s_s_l_client_impl.html b/docs/html/class_s_s_l_client_impl.html index 0cb6b98..bd14620 100644 --- a/docs/html/class_s_s_l_client_impl.html +++ b/docs/html/class_s_s_l_client_impl.html @@ -114,6 +114,8 @@ Inheritance diagram for SSLClientImpl: Public Member Functions  SSLClientImpl (const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)   + SSLClientImpl (const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params) +  int connect_impl (IPAddress ip, uint16_t port)   int connect_impl (const char *host, uint16_t port) @@ -183,7 +185,7 @@ Protected Member Functions

Implementation code to be inherited by SSLClient.

Constructor & Destructor Documentation

-

◆ SSLClientImpl()

+

◆ SSLClientImpl() [1/2]

@@ -229,6 +231,61 @@ Protected Member Functions
See also
SSLClient::SSLClient
+
+
+ +

◆ SSLClientImpl() [2/2]

+ +
+
+ + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SSLClientImpl::SSLClientImpl (const br_x509_trust_anchor * trust_anchors,
const size_t trust_anchors_num,
const int analog_pin,
const DebugLevel debug,
const SSLClientParametersmutual_auth_params 
)
+ 		+explicit
+
+
See also
SSLClient::SSLClient
+

Member Function Documentation

@@ -533,7 +590,7 @@ Protected Member Functions
-
See also
SSLClient::localPort
+
See also
SSLClient::localPort

Implemented in SSLClient< C, SessionCache >.

@@ -884,7 +941,7 @@ template<typename T >
-
See also
SSLClient::remoteIP
+
See also
SSLClient::remoteIP

Implemented in SSLClient< C, SessionCache >.

@@ -912,7 +969,7 @@ template<typename T >
-
See also
SSLClient::localPort
+
See also
SSLClient::localPort

Implemented in SSLClient< C, SessionCache >.

diff --git a/docs/html/class_s_s_l_client_impl.js b/docs/html/class_s_s_l_client_impl.js index 6a702fd..a423c6a 100644 --- a/docs/html/class_s_s_l_client_impl.js +++ b/docs/html/class_s_s_l_client_impl.js @@ -1,6 +1,7 @@ var class_s_s_l_client_impl = [ [ "SSLClientImpl", "class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b", null ], + [ "SSLClientImpl", "class_s_s_l_client_impl.html#a8314c7dab1d923db5624f8075a53e6ea", null ], [ "available_impl", "class_s_s_l_client_impl.html#abe33c793ec37f11087651cf4e586569b", null ], [ "connect_impl", "class_s_s_l_client_impl.html#aa5c14ecf301c268306946c85825e565b", null ], [ "connect_impl", "class_s_s_l_client_impl.html#ae6c947ad92979ab99364428004abbeba", null ], diff --git a/docs/html/class_s_s_l_session-members.html b/docs/html/class_s_s_l_session-members.html index 79365b7..8512fbe 100644 --- a/docs/html/class_s_s_l_session-members.html +++ b/docs/html/class_s_s_l_session-members.html @@ -100,7 +100,7 @@ $(document).ready(function(){initNavTree('class_s_s_l_session.html','');}); is_valid_session() constSSLSessioninline operator=(const SSLSession &)=deleteSSLSession set_parameters(const IPAddress &ip, const char *hostname=NULL)SSLSession - SSLSession()SSLSessioninlineexplicit + SSLSession()SSLSessioninline to_br_session()SSLSessioninline
diff --git a/docs/html/class_s_s_l_session.html b/docs/html/class_s_s_l_session.html index 777e8e2..bf83f7e 100644 --- a/docs/html/class_s_s_l_session.html +++ b/docs/html/class_s_s_l_session.html @@ -156,7 +156,7 @@ Public Member Functions -inlineexplicit +inline
diff --git a/docs/html/classes.html b/docs/html/classes.html index 8bd69a7..e47714d 100644 --- a/docs/html/classes.html +++ b/docs/html/classes.html @@ -94,10 +94,10 @@ $(document).ready(function(){initNavTree('classes.html','');});
s
- - - + + + +
  s  
-		SSLClientImpl   SSLSession   
SSLClient   
SSLClientImpl   SSLSession   
SSLClientParameters   
SSLClient   
s
diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html index c2517de..8c0fd50 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html @@ -94,12 +94,16 @@ $(document).ready(function(){initNavTree('dir_68267d1309a1af8e8297ef4c3efbcdba.h + + + + diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js index 4896506..703b1e3 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js @@ -1,8 +1,12 @@ var dir_68267d1309a1af8e8297ef4c3efbcdba = [ + [ "ec_prime_fast_256.c", "ec__prime__fast__256_8c.html", "ec__prime__fast__256_8c" ], [ "SSLClient.h", "_s_s_l_client_8h.html", "_s_s_l_client_8h" ], [ "SSLClientImpl.cpp", "_s_s_l_client_impl_8cpp.html", "_s_s_l_client_impl_8cpp" ], [ "SSLClientImpl.h", "_s_s_l_client_impl_8h.html", "_s_s_l_client_impl_8h" ], + [ "SSLClientParameters.h", "_s_s_l_client_parameters_8h.html", [ + [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", "struct_s_s_l_client_parameters" ] + ] ], [ "SSLSession.cpp", "_s_s_l_session_8cpp.html", null ], [ "SSLSession.h", "_s_s_l_session_8h.html", [ [ "SSLSession", "class_s_s_l_session.html", "class_s_s_l_session" ] diff --git a/docs/html/ec__prime__fast__256_8c.html b/docs/html/ec__prime__fast__256_8c.html new file mode 100644 index 0000000..e2edbfe --- /dev/null +++ b/docs/html/ec__prime__fast__256_8c.html @@ -0,0 +1,130 @@ + + + + + + + +SSLClient: C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/ec_prime_fast_256.c File Reference + + + + + + + + + + + + + + +
+
+

Files

file  ec_prime_fast_256.c
 
file  SSLClient.h [code]
 
file  SSLClientImpl.cpp
 
file  SSLClientImpl.h [code]
 
file  SSLClientParameters.h [code]
 
file  SSLSession.cpp
 
file  SSLSession.h [code]
+ + + + + +
+
SSLClient +  v1.1.1 +
+
Add TLS 1.2 functionality to any network library.
+
+ + + + + + + + + +
+ +
+
+
+ +
+ +
+
+ + +
+ +
+ +
+
+Variables
+
+
ec_prime_fast_256.c File Reference
+
+
+
#include "inner.h"
+
+ + + +

+Variables

const br_ec_impl br_ec_prime_fast_256
 
+

Variable Documentation

+ +

◆ br_ec_prime_fast_256

+ +
+
+ + + + +
const br_ec_impl br_ec_prime_fast_256
+
+Initial value:
= {
(uint32_t)0x03800000,
&api_generator,
&api_order,
&api_xoff,
&api_mul,
&api_mulgen,
&api_muladd
}
+
+
+
+
+ + + + diff --git a/docs/html/ec__prime__fast__256_8c.js b/docs/html/ec__prime__fast__256_8c.js new file mode 100644 index 0000000..633122d --- /dev/null +++ b/docs/html/ec__prime__fast__256_8c.js @@ -0,0 +1,4 @@ +var ec__prime__fast__256_8c = +[ + [ "br_ec_prime_fast_256", "ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab", null ] +]; \ No newline at end of file diff --git a/docs/html/files.html b/docs/html/files.html index dac1fdb..40e5214 100644 --- a/docs/html/files.html +++ b/docs/html/files.html @@ -101,13 +101,15 @@ $(document).ready(function(){initNavTree('files.html','');});   readme  cert.h   src - SSLClient.h - SSLClientImpl.cpp - SSLClientImpl.h - SSLSession.cpp - SSLSession.h - time_macros.h - TLS12_only_profile.c + ec_prime_fast_256.c + SSLClient.h + SSLClientImpl.cpp + SSLClientImpl.h + SSLClientParameters.h + SSLSession.cpp + SSLSession.h + time_macros.h + TLS12_only_profile.c diff --git a/docs/html/functions.html b/docs/html/functions.html index fe84459..b78e046 100644 --- a/docs/html/functions.html +++ b/docs/html/functions.html @@ -100,14 +100,20 @@ $(document).ready(function(){initNavTree('functions.html','');});

- c -

+

- e -

+ +

- f -

diff --git a/docs/html/hierarchy.html b/docs/html/hierarchy.html index 7595b1b..bee8ccf 100644 --- a/docs/html/hierarchy.html +++ b/docs/html/hierarchy.html @@ -98,6 +98,7 @@ $(document).ready(function(){initNavTree('hierarchy.html','');});  CClient  CSSLClientImplImplementation code to be inherited by SSLClient  CSSLClient< C, SessionCache >The main SSLClient class. Check out README.md for more info + CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication diff --git a/docs/html/hierarchy.js b/docs/html/hierarchy.js index 926851d..c7642c5 100644 --- a/docs/html/hierarchy.js +++ b/docs/html/hierarchy.js @@ -7,5 +7,6 @@ var hierarchy = [ "SSLClientImpl", "class_s_s_l_client_impl.html", [ [ "SSLClient< C, SessionCache >", "class_s_s_l_client.html", null ] ] ] - ] ] + ] ], + [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", null ] ]; \ No newline at end of file diff --git a/docs/html/index.html b/docs/html/index.html index 104e104..9411517 100644 --- a/docs/html/index.html +++ b/docs/html/index.html @@ -91,13 +91,15 @@ $(document).ready(function(){initNavTree('index.html','');});
SSLClient - Arduino Library For SSL
-

SSLClient requires at least 110kb flash and 8kb RAM, and will not compile otherwise. This means that most Arduino boards are not supported. Check your board's specifications before attempting to use this library.

+

Build Status +

+

SSLClient requires at least 110kb flash and 7kb RAM, and will not compile otherwise. This means that most Arduino boards are not supported. Check your board's specifications before attempting to use this library.

You can also view this README in doxygen.

SSLClient is a simple library to add TLS 1.2 functionality to any network library implementing the Arduino Client interface, including the Arduino EthernetClient and WiFiClient classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it.

Overview

Using SSLClient should be similar to using any other Arduino-based Client class, since this library was developed around compatibility with EthernetClient. There are a few extra things, however, that you will need to get started:

    -
  1. A board with a lot of resources (>110kb flash and >8kb RAM), and a network peripheral with a large internal buffer (>8kb). This library was tested with the Adafruit Feather M0 (256K flash, 32K RAM) and the Adafruit Ethernet Featherwing (16kb Buffer), and we still had to modify the Arduino Ethernet library to support larger internal buffers per socket (see the Implementation Gotchas).
    2. +
  2. A board with a lot of resources (>110kb flash and >7kb RAM), and a network peripheral with a large internal buffer (>7kb). This library was tested with the Adafruit Feather M0 (256K flash, 32K RAM) and the Adafruit Ethernet Featherwing (16kb Buffer), and we still had to modify the Arduino Ethernet library to support larger internal buffers per socket (see the Implementation Gotchas).
  3. A header containing array of trust anchors, which will look like this file. These are used to verify the SSL connection later on, and without them you will be unable to use this library. Check out this document on how to generate this file for your project, and for more information about what a trust anchor is.
  4. A Client class associated with a network interface. We tested this library using EthernetClient, however in theory it will work for any class implementing Client.
  5. An analog pin, used for generating random data at the start of the connection (see the Implementation Gotchas).
    6. @@ -159,7 +161,7 @@ $(document).ready(function(){initNavTree('index.html','');});
  6. If none of the above are viable, it is possible to implement your own Client class which has an internal buffer much larger than both the driver and BearSSL. This would require in-depth knowledge of programming and the communication shield you are working with, as well as a microcontroller with a significant amount of RAM.

    7. Cipher Support

    -

    By default, SSLClient supports only TLS1.2 and the ciphers listed in this file under suites[], and the list is relatively small to keep the connection secure and the flash footprint down. These ciphers should work for most applications, however if for some reason you would like to use an older version of TLS or a different cipher, you can change the BearSSL profile being used by SSLClient to an alternate one with support for older protocols. To do this, edit SSLClientImpl::SSLClientImpl to change these lines:

    {C++}
    br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
    // comment the above line and uncomment the line below if you're having trouble connecting over SSL
    // br_ssl_client_init_full(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);

    to this:

    {C++}
    // br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
    // comment the above line and uncomment the line below if you're having trouble connecting over SSL
    br_ssl_client_init_full(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);

    If for some unfortunate reason you need SSL 3.0 or SSL 2.0, you will need to modify the BearSSL profile to enable support. Check out the BearSSL profiles documentation and I wish you the best of luck.

    +

    By default, SSLClient supports only TLS1.2 and the ciphers listed in this file under suites[], and the list is relatively small to keep the connection secure and the flash footprint down. These ciphers should work for most applications, however if for some reason you would like to use an older version of TLS or a different cipher, you can change the BearSSL profile being used by SSLClient to an alternate one with support for older protocols. To do this, edit SSLClientImpl::SSLClientImpl to change these lines:

    {C++}
    br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
    // comment the above line and uncomment the line below if you're having trouble connecting over SSL
    // br_ssl_client_init_full(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);

    to this:

    {C++}
    // br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
    // comment the above line and uncomment the line below if you're having trouble connecting over SSL
    br_ssl_client_init_full(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);

    If for some unfortunate reason you need SSL 3.0 or SSL 2.0, you will need to modify the BearSSL profile to enable support. Check out the BearSSL profiles documentation and I wish you the best of luck.

diff --git a/docs/html/menudata.js b/docs/html/menudata.js index c2595e9..6d24172 100644 --- a/docs/html/menudata.js +++ b/docs/html/menudata.js @@ -32,6 +32,7 @@ var menudata={children:[ {text:"All",url:"functions.html",children:[ {text:"a",url:"functions.html#index_a"}, {text:"c",url:"functions.html#index_c"}, +{text:"e",url:"functions.html#index_e"}, {text:"f",url:"functions.html#index_f"}, {text:"g",url:"functions.html#index_g"}, {text:"i",url:"functions.html#index_i"}, @@ -56,7 +57,8 @@ var menudata={children:[ {text:"r",url:"functions_func.html#index_r"}, {text:"s",url:"functions_func.html#index_s"}, {text:"t",url:"functions_func.html#index_t"}, -{text:"w",url:"functions_func.html#index_w"}]}]}]}, +{text:"w",url:"functions_func.html#index_w"}]}, +{text:"Variables",url:"functions_vars.html"}]}]}, {text:"Files",url:"files.html",children:[ {text:"File List",url:"files.html"}, {text:"File Members",url:"globals.html",children:[ diff --git a/docs/html/navtreedata.js b/docs/html/navtreedata.js index 6bb2dc3..14992b6 100644 --- a/docs/html/navtreedata.js +++ b/docs/html/navtreedata.js @@ -32,7 +32,8 @@ var NAVTREE = [ "Class Hierarchy", "hierarchy.html", "hierarchy" ], [ "Class Members", "functions.html", [ [ "All", "functions.html", null ], - [ "Functions", "functions_func.html", null ] + [ "Functions", "functions_func.html", null ], + [ "Variables", "functions_vars.html", null ] ] ] ] ], [ "Files", "files.html", [ diff --git a/docs/html/navtreeindex0.js b/docs/html/navtreeindex0.js index cd95985..dbc5b10 100644 --- a/docs/html/navtreeindex0.js +++ b/docs/html/navtreeindex0.js @@ -1,109 +1,116 @@ var NAVTREEINDEX0 = { -"_s_s_l_client_8h.html":[3,0,2,0], -"_s_s_l_client_8h.html#a0e14869de8f634ff2fb63826ae583569":[3,0,2,0,1], -"_s_s_l_client_8h_source.html":[3,0,2,0], -"_s_s_l_client_impl_8cpp.html":[3,0,2,1], -"_s_s_l_client_impl_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56":[3,0,2,1,0], -"_s_s_l_client_impl_8h.html":[3,0,2,2], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5":[3,0,2,2,2], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1218c16a5bf50589e0c498983851612c":[3,0,2,2,2,0], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d5f8248fac85f56b05d49c7cb53494b":[3,0,2,2,2,3], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d9afd51e0012e791f099657797c9aa9":[3,0,2,2,2,4], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5aaa79045423a355885738cd239dff6c2b":[3,0,2,2,2,1], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5adec799caf92b4fe2b6d2b362136f6ef6":[3,0,2,2,2,6], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afb90a695332a7c96044dc97c577ee3c3":[3,0,2,2,2,2], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afd588a56dcccf4f6943defa7ab699afc":[3,0,2,2,2,5], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395":[3,0,2,2,1], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a86c8fdfc38831619d5ed73dff5b0911d":[3,0,2,2,1,2], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a8c0bb62be3d0e6bfe5ed2f7ebbed3d91":[3,0,2,2,1,3], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395ad3f9f0591dcabc4fac1222c462bf17ec":[3,0,2,2,1,1], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395af16e73d8cce9a2c987bde5afe5524d7f":[3,0,2,2,1,0], -"_s_s_l_client_impl_8h_source.html":[3,0,2,2], -"_s_s_l_session_8cpp.html":[3,0,2,3], -"_s_s_l_session_8h.html":[3,0,2,4], -"_s_s_l_session_8h_source.html":[3,0,2,4], -"_t_l_s12__only__profile_8c.html":[3,0,2,6], -"_t_l_s12__only__profile_8c.html#a32c8112a1c37ba21a05952eeefc435f3":[3,0,2,6,0], +"_s_s_l_client_8h.html":[3,0,2,1], +"_s_s_l_client_8h.html#a0e14869de8f634ff2fb63826ae583569":[3,0,2,1,1], +"_s_s_l_client_8h_source.html":[3,0,2,1], +"_s_s_l_client_impl_8cpp.html":[3,0,2,2], +"_s_s_l_client_impl_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56":[3,0,2,2,0], +"_s_s_l_client_impl_8h.html":[3,0,2,3], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5":[3,0,2,3,2], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1218c16a5bf50589e0c498983851612c":[3,0,2,3,2,0], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d5f8248fac85f56b05d49c7cb53494b":[3,0,2,3,2,3], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d9afd51e0012e791f099657797c9aa9":[3,0,2,3,2,4], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5aaa79045423a355885738cd239dff6c2b":[3,0,2,3,2,1], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5adec799caf92b4fe2b6d2b362136f6ef6":[3,0,2,3,2,6], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afb90a695332a7c96044dc97c577ee3c3":[3,0,2,3,2,2], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afd588a56dcccf4f6943defa7ab699afc":[3,0,2,3,2,5], +"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395":[3,0,2,3,1], +"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a86c8fdfc38831619d5ed73dff5b0911d":[3,0,2,3,1,2], +"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a8c0bb62be3d0e6bfe5ed2f7ebbed3d91":[3,0,2,3,1,3], +"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395ad3f9f0591dcabc4fac1222c462bf17ec":[3,0,2,3,1,1], +"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395af16e73d8cce9a2c987bde5afe5524d7f":[3,0,2,3,1,0], +"_s_s_l_client_impl_8h_source.html":[3,0,2,3], +"_s_s_l_client_parameters_8h.html":[3,0,2,4], +"_s_s_l_client_parameters_8h_source.html":[3,0,2,4], +"_s_s_l_session_8cpp.html":[3,0,2,5], +"_s_s_l_session_8h.html":[3,0,2,6], +"_s_s_l_session_8h_source.html":[3,0,2,6], +"_t_l_s12__only__profile_8c.html":[3,0,2,8], +"_t_l_s12__only__profile_8c.html#a32c8112a1c37ba21a05952eeefc435f3":[3,0,2,8,0], "annotated.html":[2,0], "cert_8h.html":[3,0,1,0], "cert_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[3,0,1,0,0], "cert_8h_source.html":[3,0,1,0], "class_s_s_l_client.html":[2,0,0], -"class_s_s_l_client.html#a18adfc074d6b8e996819d4beb4689cbd":[2,0,0,9], -"class_s_s_l_client.html#a25e4414ab0c9424d09592f9567a678dc":[2,0,0,4], -"class_s_s_l_client.html#a2d378fbb7b8f15a1691746572f9d95b1":[2,0,0,14], -"class_s_s_l_client.html#a2d71f00d6634092f50c5262ad25cdacd":[2,0,0,12], -"class_s_s_l_client.html#a2d8bf9b891151bc5b0b865d70cf9c086":[2,0,0,11], -"class_s_s_l_client.html#a2ee6a3134d07ca09cf61ee04d32c3d44":[2,0,0,5], -"class_s_s_l_client.html#a31742867b00bd8d130637af0935bacbd":[2,0,0,19], -"class_s_s_l_client.html#a353c875d17a85dbb7bfe10de155f3b52":[2,0,0,7], -"class_s_s_l_client.html#a4a2172aedfcc483ba2a256ad12148630":[2,0,0,2], -"class_s_s_l_client.html#a505bfb6831a45aebf58d84e3b89d4cfc":[2,0,0,17], -"class_s_s_l_client.html#a563c5f9829757075bf16742cffa4cf73":[2,0,0,13], -"class_s_s_l_client.html#a5974a5f8722a752f121af4fac498bb22":[2,0,0,23], -"class_s_s_l_client.html#a5b626703a24089dbb0480a9b6ddf348c":[2,0,0,24], -"class_s_s_l_client.html#a5d13fd2f32ee2ea65a1f3820f758e77e":[2,0,0,1], -"class_s_s_l_client.html#a5f40f8f4d26d21e14276c3e8162b62b9":[2,0,0,18], -"class_s_s_l_client.html#a6b8ff53c10fe34aab1dc2561410f70bb":[2,0,0,26], -"class_s_s_l_client.html#a6bcb7579ebc051c097acb794b95771a9":[2,0,0,27], -"class_s_s_l_client.html#a824b599264f893e1b206a9100bc52ee1":[2,0,0,15], -"class_s_s_l_client.html#a91c63e35f31652c20faa5b9be95984bf":[2,0,0,3], -"class_s_s_l_client.html#a9c5001bdfa75ccc0d93cc60dd872b38a":[2,0,0,6], -"class_s_s_l_client.html#a9e7769fed78825cf4723778f4b5aa3e9":[2,0,0,8], -"class_s_s_l_client.html#ad30db47248d78df7c12dedfb27f06529":[2,0,0,25], -"class_s_s_l_client.html#adab82ba09345fa070712d3124af30e1b":[2,0,0,16], +"class_s_s_l_client.html#a18adfc074d6b8e996819d4beb4689cbd":[2,0,0,10], +"class_s_s_l_client.html#a25e4414ab0c9424d09592f9567a678dc":[2,0,0,5], +"class_s_s_l_client.html#a2d378fbb7b8f15a1691746572f9d95b1":[2,0,0,15], +"class_s_s_l_client.html#a2d71f00d6634092f50c5262ad25cdacd":[2,0,0,13], +"class_s_s_l_client.html#a2d8bf9b891151bc5b0b865d70cf9c086":[2,0,0,12], +"class_s_s_l_client.html#a2ee6a3134d07ca09cf61ee04d32c3d44":[2,0,0,6], +"class_s_s_l_client.html#a31742867b00bd8d130637af0935bacbd":[2,0,0,20], +"class_s_s_l_client.html#a353c875d17a85dbb7bfe10de155f3b52":[2,0,0,8], +"class_s_s_l_client.html#a4a2172aedfcc483ba2a256ad12148630":[2,0,0,3], +"class_s_s_l_client.html#a505bfb6831a45aebf58d84e3b89d4cfc":[2,0,0,18], +"class_s_s_l_client.html#a563c5f9829757075bf16742cffa4cf73":[2,0,0,14], +"class_s_s_l_client.html#a5974a5f8722a752f121af4fac498bb22":[2,0,0,24], +"class_s_s_l_client.html#a5b626703a24089dbb0480a9b6ddf348c":[2,0,0,25], +"class_s_s_l_client.html#a5d13fd2f32ee2ea65a1f3820f758e77e":[2,0,0,2], +"class_s_s_l_client.html#a5f40f8f4d26d21e14276c3e8162b62b9":[2,0,0,19], +"class_s_s_l_client.html#a6b8ff53c10fe34aab1dc2561410f70bb":[2,0,0,27], +"class_s_s_l_client.html#a6bcb7579ebc051c097acb794b95771a9":[2,0,0,28], +"class_s_s_l_client.html#a824b599264f893e1b206a9100bc52ee1":[2,0,0,16], +"class_s_s_l_client.html#a91c63e35f31652c20faa5b9be95984bf":[2,0,0,4], +"class_s_s_l_client.html#a9c5001bdfa75ccc0d93cc60dd872b38a":[2,0,0,7], +"class_s_s_l_client.html#a9e7769fed78825cf4723778f4b5aa3e9":[2,0,0,9], +"class_s_s_l_client.html#ad30db47248d78df7c12dedfb27f06529":[2,0,0,26], +"class_s_s_l_client.html#ad7b20a2ac220d346a8047db77d97723d":[2,0,0,1], +"class_s_s_l_client.html#adab82ba09345fa070712d3124af30e1b":[2,0,0,17], "class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0":[2,0,0,0], -"class_s_s_l_client.html#aedf2746cc35da596faf8322776c2118e":[2,0,0,20], -"class_s_s_l_client.html#af76a0df76834e0d0999dbf44c7c0a174":[2,0,0,22], -"class_s_s_l_client.html#afd0d4d2c98433d60897d8828d8047d41":[2,0,0,10], -"class_s_s_l_client.html#afd6d7ae798c05cf566b2eb5651dba795":[2,0,0,21], +"class_s_s_l_client.html#aedf2746cc35da596faf8322776c2118e":[2,0,0,21], +"class_s_s_l_client.html#af76a0df76834e0d0999dbf44c7c0a174":[2,0,0,23], +"class_s_s_l_client.html#afd0d4d2c98433d60897d8828d8047d41":[2,0,0,11], +"class_s_s_l_client.html#afd6d7ae798c05cf566b2eb5651dba795":[2,0,0,22], "class_s_s_l_client_impl.html":[2,0,1], -"class_s_s_l_client_impl.html#a1b90e7df3a77eea5efb955cc15a17f7d":[2,0,1,20], -"class_s_s_l_client_impl.html#a20dd9a9794b95719e6f3df8cb39126e3":[2,0,1,6], -"class_s_s_l_client_impl.html#a21ab78a0917f74ae5383d688e1548788":[2,0,1,5], -"class_s_s_l_client_impl.html#a231b7b1bb2182cda1ed6e9d5ebf66afe":[2,0,1,21], +"class_s_s_l_client_impl.html#a1b90e7df3a77eea5efb955cc15a17f7d":[2,0,1,21], +"class_s_s_l_client_impl.html#a20dd9a9794b95719e6f3df8cb39126e3":[2,0,1,7], +"class_s_s_l_client_impl.html#a21ab78a0917f74ae5383d688e1548788":[2,0,1,6], +"class_s_s_l_client_impl.html#a231b7b1bb2182cda1ed6e9d5ebf66afe":[2,0,1,22], "class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b":[2,0,1,0], -"class_s_s_l_client_impl.html#a2bfb55bcde46d8d77a46bfe0f577bf3f":[2,0,1,19], -"class_s_s_l_client_impl.html#a2cf492a714cf787e54a17bb47cda43ed":[2,0,1,16], -"class_s_s_l_client_impl.html#a3b4cb1e9e510955078b83c9f84c0e18c":[2,0,1,14], -"class_s_s_l_client_impl.html#a44cfafd6f5cdcaa5dbac22961ab3a58b":[2,0,1,8], -"class_s_s_l_client_impl.html#a45a1967029784a2f0f3edc7f75a00117":[2,0,1,15], -"class_s_s_l_client_impl.html#a45f26385ee1975b12265943efb1ff0d5":[2,0,1,12], -"class_s_s_l_client_impl.html#a6baed094969874fb9d2bea3a00ecbee1":[2,0,1,24], -"class_s_s_l_client_impl.html#a6e701597178b81f10d0db671b81ab075":[2,0,1,18], -"class_s_s_l_client_impl.html#a807656f814f24cf6cd711e429b716c4d":[2,0,1,26], -"class_s_s_l_client_impl.html#a81eb5ede3a894f281ae586d463b624e6":[2,0,1,25], -"class_s_s_l_client_impl.html#a8e2385522ec04b1ce70871d4de23db6b":[2,0,1,11], -"class_s_s_l_client_impl.html#a93cdb32491fc08b035e40f840ff2e8f5":[2,0,1,23], -"class_s_s_l_client_impl.html#a957984fa392550a7df86f758e9b14bfb":[2,0,1,4], -"class_s_s_l_client_impl.html#a9ee82ad492f2297bd7cd0835c0d4556f":[2,0,1,17], -"class_s_s_l_client_impl.html#aa5c14ecf301c268306946c85825e565b":[2,0,1,2], -"class_s_s_l_client_impl.html#ab1c8f30bd3669c15e07fa1522ede4336":[2,0,1,7], -"class_s_s_l_client_impl.html#ab4e38d4319ec504395d67d2ab21a639e":[2,0,1,10], -"class_s_s_l_client_impl.html#abe33c793ec37f11087651cf4e586569b":[2,0,1,1], -"class_s_s_l_client_impl.html#ace6652307ba028d67c7ddbc4103fa9b4":[2,0,1,9], -"class_s_s_l_client_impl.html#ada595ed8f11673a9180ef0b762949c83":[2,0,1,13], -"class_s_s_l_client_impl.html#ae6c947ad92979ab99364428004abbeba":[2,0,1,3], -"class_s_s_l_client_impl.html#ae97adc55212c1aa96880aac28dd71387":[2,0,1,22], -"class_s_s_l_session.html":[2,0,2], -"class_s_s_l_session.html#a0c36cee72cfa862b7d4b2f5c112d5076":[2,0,2,4], -"class_s_s_l_session.html#a2fa15ce0b7caae25dfb567954175257e":[2,0,2,6], -"class_s_s_l_session.html#a3305941fa615f7134526b718917716ee":[2,0,2,1], -"class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820":[2,0,2,2], -"class_s_s_l_session.html#a878e1e8788634c5c42778369fbf7bab0":[2,0,2,3], -"class_s_s_l_session.html#abb3f7bbe70e3a59f9ce492c55507f36f":[2,0,2,5], -"class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc":[2,0,2,7], -"class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb":[2,0,2,0], +"class_s_s_l_client_impl.html#a2bfb55bcde46d8d77a46bfe0f577bf3f":[2,0,1,20], +"class_s_s_l_client_impl.html#a2cf492a714cf787e54a17bb47cda43ed":[2,0,1,17], +"class_s_s_l_client_impl.html#a3b4cb1e9e510955078b83c9f84c0e18c":[2,0,1,15], +"class_s_s_l_client_impl.html#a44cfafd6f5cdcaa5dbac22961ab3a58b":[2,0,1,9], +"class_s_s_l_client_impl.html#a45a1967029784a2f0f3edc7f75a00117":[2,0,1,16], +"class_s_s_l_client_impl.html#a45f26385ee1975b12265943efb1ff0d5":[2,0,1,13], +"class_s_s_l_client_impl.html#a6baed094969874fb9d2bea3a00ecbee1":[2,0,1,25], +"class_s_s_l_client_impl.html#a6e701597178b81f10d0db671b81ab075":[2,0,1,19], +"class_s_s_l_client_impl.html#a807656f814f24cf6cd711e429b716c4d":[2,0,1,27], +"class_s_s_l_client_impl.html#a81eb5ede3a894f281ae586d463b624e6":[2,0,1,26], +"class_s_s_l_client_impl.html#a8314c7dab1d923db5624f8075a53e6ea":[2,0,1,1], +"class_s_s_l_client_impl.html#a8e2385522ec04b1ce70871d4de23db6b":[2,0,1,12], +"class_s_s_l_client_impl.html#a93cdb32491fc08b035e40f840ff2e8f5":[2,0,1,24], +"class_s_s_l_client_impl.html#a957984fa392550a7df86f758e9b14bfb":[2,0,1,5], +"class_s_s_l_client_impl.html#a9ee82ad492f2297bd7cd0835c0d4556f":[2,0,1,18], +"class_s_s_l_client_impl.html#aa5c14ecf301c268306946c85825e565b":[2,0,1,3], +"class_s_s_l_client_impl.html#ab1c8f30bd3669c15e07fa1522ede4336":[2,0,1,8], +"class_s_s_l_client_impl.html#ab4e38d4319ec504395d67d2ab21a639e":[2,0,1,11], +"class_s_s_l_client_impl.html#abe33c793ec37f11087651cf4e586569b":[2,0,1,2], +"class_s_s_l_client_impl.html#ace6652307ba028d67c7ddbc4103fa9b4":[2,0,1,10], +"class_s_s_l_client_impl.html#ada595ed8f11673a9180ef0b762949c83":[2,0,1,14], +"class_s_s_l_client_impl.html#ae6c947ad92979ab99364428004abbeba":[2,0,1,4], +"class_s_s_l_client_impl.html#ae97adc55212c1aa96880aac28dd71387":[2,0,1,23], +"class_s_s_l_session.html":[2,0,3], +"class_s_s_l_session.html#a0c36cee72cfa862b7d4b2f5c112d5076":[2,0,3,4], +"class_s_s_l_session.html#a2fa15ce0b7caae25dfb567954175257e":[2,0,3,6], +"class_s_s_l_session.html#a3305941fa615f7134526b718917716ee":[2,0,3,1], +"class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820":[2,0,3,2], +"class_s_s_l_session.html#a878e1e8788634c5c42778369fbf7bab0":[2,0,3,3], +"class_s_s_l_session.html#abb3f7bbe70e3a59f9ce492c55507f36f":[2,0,3,5], +"class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc":[2,0,3,7], +"class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb":[2,0,3,0], "classes.html":[2,1], "dir_386349f6a9bc1e2cd0767d257d5e5b91.html":[3,0,0,1], "dir_68267d1309a1af8e8297ef4c3efbcdba.html":[3,0,2], "dir_9c42dc81377249a918256dbb9cfb2167.html":[3,0,0,0], "dir_d28a4824dc47e487b107a5db32ef43c4.html":[3,0,0], "dir_dfc5a9f91fbfb9426c406a3f10131a54.html":[3,0,1], +"ec__prime__fast__256_8c.html":[3,0,2,0], +"ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab":[3,0,2,0,0], "files.html":[3,0], "functions.html":[2,3,0], "functions_func.html":[2,3,1], +"functions_vars.html":[2,3,2], "globals.html":[3,1,0], "globals_defs.html":[3,1,5], "globals_enum.html":[3,1,3], @@ -111,33 +118,37 @@ var NAVTREEINDEX0 = "globals_func.html":[3,1,1], "globals_vars.html":[3,1,2], "hierarchy.html":[2,2], -"index.html":[0], "index.html":[], +"index.html":[0], "md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html":[1], "pages.html":[], -"time__macros_8h.html":[3,0,2,5], -"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[3,0,2,5,19], -"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[3,0,2,5,14], -"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[3,0,2,5,1], -"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[3,0,2,5,20], -"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[3,0,2,5,16], -"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[3,0,2,5,4], -"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[3,0,2,5,15], -"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[3,0,2,5,13], -"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[3,0,2,5,5], -"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[3,0,2,5,8], -"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[3,0,2,5,0], -"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[3,0,2,5,6], -"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[3,0,2,5,18], -"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[3,0,2,5,12], -"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[3,0,2,5,11], -"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[3,0,2,5,2], -"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[3,0,2,5,7], -"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[3,0,2,5,17], -"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[3,0,2,5,3], -"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[3,0,2,5,9], -"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[3,0,2,5,10], -"time__macros_8h_source.html":[3,0,2,5], +"struct_s_s_l_client_parameters.html":[2,0,2], +"struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95":[2,0,2,1], +"struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2":[2,0,2,0], +"struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449":[2,0,2,2], +"time__macros_8h.html":[3,0,2,7], +"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[3,0,2,7,19], +"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[3,0,2,7,14], +"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[3,0,2,7,1], +"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[3,0,2,7,20], +"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[3,0,2,7,16], +"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[3,0,2,7,4], +"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[3,0,2,7,15], +"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[3,0,2,7,13], +"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[3,0,2,7,5], +"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[3,0,2,7,8], +"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[3,0,2,7,0], +"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[3,0,2,7,6], +"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[3,0,2,7,18], +"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[3,0,2,7,12], +"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[3,0,2,7,11], +"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[3,0,2,7,2], +"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[3,0,2,7,7], +"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[3,0,2,7,17], +"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[3,0,2,7,3], +"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[3,0,2,7,9], +"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[3,0,2,7,10], +"time__macros_8h_source.html":[3,0,2,7], "trust__anchors_8h.html":[3,0,0,0,0], "trust__anchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[3,0,0,0,0,0], "trust__anchors_8h_source.html":[3,0,0,0,0], diff --git a/docs/html/search/all_2.js b/docs/html/search/all_2.js index 95d65d8..f6e5998 100644 --- a/docs/html/search/all_2.js +++ b/docs/html/search/all_2.js @@ -1,4 +1,5 @@ var searchData= [ - ['br_5fclient_5finit_5ftls12_5fonly',['br_client_init_TLS12_only',['../_t_l_s12__only__profile_8c.html#a32c8112a1c37ba21a05952eeefc435f3',1,'TLS12_only_profile.c']]] + ['br_5fclient_5finit_5ftls12_5fonly',['br_client_init_TLS12_only',['../_t_l_s12__only__profile_8c.html#a32c8112a1c37ba21a05952eeefc435f3',1,'TLS12_only_profile.c']]], + ['br_5fec_5fprime_5ffast_5f256',['br_ec_prime_fast_256',['../ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab',1,'ec_prime_fast_256.c']]] ]; diff --git a/docs/html/search/all_3.js b/docs/html/search/all_3.js index 659fa65..e6f18e0 100644 --- a/docs/html/search/all_3.js +++ b/docs/html/search/all_3.js @@ -1,7 +1,9 @@ var searchData= [ ['cert_2eh',['cert.h',['../cert_8h.html',1,'']]], + ['chain_5flen',['chain_len',['../struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2',1,'SSLClientParameters']]], ['clear_5fparameters',['clear_parameters',['../class_s_s_l_session.html#a3305941fa615f7134526b718917716ee',1,'SSLSession']]], + ['client_5fcert_5fchain',['client_cert_chain',['../struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95',1,'SSLClientParameters']]], ['connect',['connect',['../class_s_s_l_client.html#a4a2172aedfcc483ba2a256ad12148630',1,'SSLClient::connect(IPAddress ip, uint16_t port) override'],['../class_s_s_l_client.html#a91c63e35f31652c20faa5b9be95984bf',1,'SSLClient::connect(const char *host, uint16_t port) override']]], ['connect_5fimpl',['connect_impl',['../class_s_s_l_client_impl.html#aa5c14ecf301c268306946c85825e565b',1,'SSLClientImpl::connect_impl(IPAddress ip, uint16_t port)'],['../class_s_s_l_client_impl.html#ae6c947ad92979ab99364428004abbeba',1,'SSLClientImpl::connect_impl(const char *host, uint16_t port)']]], ['connected',['connected',['../class_s_s_l_client.html#a25e4414ab0c9424d09592f9567a678dc',1,'SSLClient']]], diff --git a/docs/html/search/all_5.js b/docs/html/search/all_5.js index 212a9a9..e49278d 100644 --- a/docs/html/search/all_5.js +++ b/docs/html/search/all_5.js @@ -1,4 +1,6 @@ var searchData= [ + ['ec_5fkey',['ec_key',['../struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449',1,'SSLClientParameters']]], + ['ec_5fprime_5ffast_5f256_2ec',['ec_prime_fast_256.c',['../ec__prime__fast__256_8c.html',1,'']]], ['error',['Error',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5',1,'SSLClientImpl.h']]] ]; diff --git a/docs/html/search/all_e.js b/docs/html/search/all_e.js index f399184..5c98031 100644 --- a/docs/html/search/all_e.js +++ b/docs/html/search/all_e.js @@ -17,12 +17,14 @@ var searchData= ['ssl_5fok',['SSL_OK',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1218c16a5bf50589e0c498983851612c',1,'SSLClientImpl.h']]], ['ssl_5fout_5fof_5fmemory',['SSL_OUT_OF_MEMORY',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5adec799caf92b4fe2b6d2b362136f6ef6',1,'SSLClientImpl.h']]], ['ssl_5fwarn',['SSL_WARN',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a86c8fdfc38831619d5ed73dff5b0911d',1,'SSLClientImpl.h']]], - ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'SSLClient< C, SessionCache >'],['../class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0',1,'SSLClient::SSLClient()']]], + ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'SSLClient< C, SessionCache >'],['../class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0',1,'SSLClient::SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)'],['../class_s_s_l_client.html#ad7b20a2ac220d346a8047db77d97723d',1,'SSLClient::SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)']]], ['sslclient_2eh',['SSLClient.h',['../_s_s_l_client_8h.html',1,'']]], ['sslclient_5fh_5f',['SSLClient_H_',['../_s_s_l_client_8h.html#a0e14869de8f634ff2fb63826ae583569',1,'SSLClient.h']]], - ['sslclientimpl',['SSLClientImpl',['../class_s_s_l_client_impl.html',1,'SSLClientImpl'],['../class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b',1,'SSLClientImpl::SSLClientImpl()']]], + ['sslclientimpl',['SSLClientImpl',['../class_s_s_l_client_impl.html',1,'SSLClientImpl'],['../class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)'],['../class_s_s_l_client_impl.html#a8314c7dab1d923db5624f8075a53e6ea',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)']]], ['sslclientimpl_2ecpp',['SSLClientImpl.cpp',['../_s_s_l_client_impl_8cpp.html',1,'']]], ['sslclientimpl_2eh',['SSLClientImpl.h',['../_s_s_l_client_impl_8h.html',1,'']]], + ['sslclientparameters',['SSLClientParameters',['../struct_s_s_l_client_parameters.html',1,'']]], + ['sslclientparameters_2eh',['SSLClientParameters.h',['../_s_s_l_client_parameters_8h.html',1,'']]], ['sslsession',['SSLSession',['../class_s_s_l_session.html',1,'SSLSession'],['../class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb',1,'SSLSession::SSLSession()']]], ['sslsession_2ecpp',['SSLSession.cpp',['../_s_s_l_session_8cpp.html',1,'']]], ['sslsession_2eh',['SSLSession.h',['../_s_s_l_session_8h.html',1,'']]], diff --git a/docs/html/search/classes_0.js b/docs/html/search/classes_0.js index 95b55ac..e9cbbc6 100644 --- a/docs/html/search/classes_0.js +++ b/docs/html/search/classes_0.js @@ -2,5 +2,6 @@ var searchData= [ ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'']]], ['sslclientimpl',['SSLClientImpl',['../class_s_s_l_client_impl.html',1,'']]], + ['sslclientparameters',['SSLClientParameters',['../struct_s_s_l_client_parameters.html',1,'']]], ['sslsession',['SSLSession',['../class_s_s_l_session.html',1,'']]] ]; diff --git a/docs/html/search/files_1.js b/docs/html/search/files_1.js index 66a27ec..c23f9f2 100644 --- a/docs/html/search/files_1.js +++ b/docs/html/search/files_1.js @@ -1,4 +1,4 @@ var searchData= [ - ['readme_2emd',['README.md',['../_r_e_a_d_m_e_8md.html',1,'']]] + ['ec_5fprime_5ffast_5f256_2ec',['ec_prime_fast_256.c',['../ec__prime__fast__256_8c.html',1,'']]] ]; diff --git a/docs/html/search/files_2.js b/docs/html/search/files_2.js index 1750530..66a27ec 100644 --- a/docs/html/search/files_2.js +++ b/docs/html/search/files_2.js @@ -1,8 +1,4 @@ var searchData= [ - ['sslclient_2eh',['SSLClient.h',['../_s_s_l_client_8h.html',1,'']]], - ['sslclientimpl_2ecpp',['SSLClientImpl.cpp',['../_s_s_l_client_impl_8cpp.html',1,'']]], - ['sslclientimpl_2eh',['SSLClientImpl.h',['../_s_s_l_client_impl_8h.html',1,'']]], - ['sslsession_2ecpp',['SSLSession.cpp',['../_s_s_l_session_8cpp.html',1,'']]], - ['sslsession_2eh',['SSLSession.h',['../_s_s_l_session_8h.html',1,'']]] + ['readme_2emd',['README.md',['../_r_e_a_d_m_e_8md.html',1,'']]] ]; diff --git a/docs/html/search/files_3.js b/docs/html/search/files_3.js index a75f15b..1b3b062 100644 --- a/docs/html/search/files_3.js +++ b/docs/html/search/files_3.js @@ -1,8 +1,9 @@ var searchData= [ - ['time_5fmacros_2eh',['time_macros.h',['../time__macros_8h.html',1,'']]], - ['tls12_5fonly_5fprofile_2ec',['TLS12_only_profile.c',['../_t_l_s12__only__profile_8c.html',1,'']]], - ['trust_5fanchors_2eh',['trust_anchors.h',['../trust__anchors_8h.html',1,'']]], - ['trustanchors_2eh',['trustanchors.h',['../trustanchors_8h.html',1,'']]], - ['trustanchors_2emd',['TrustAnchors.md',['../_trust_anchors_8md.html',1,'']]] + ['sslclient_2eh',['SSLClient.h',['../_s_s_l_client_8h.html',1,'']]], + ['sslclientimpl_2ecpp',['SSLClientImpl.cpp',['../_s_s_l_client_impl_8cpp.html',1,'']]], + ['sslclientimpl_2eh',['SSLClientImpl.h',['../_s_s_l_client_impl_8h.html',1,'']]], + ['sslclientparameters_2eh',['SSLClientParameters.h',['../_s_s_l_client_parameters_8h.html',1,'']]], + ['sslsession_2ecpp',['SSLSession.cpp',['../_s_s_l_session_8cpp.html',1,'']]], + ['sslsession_2eh',['SSLSession.h',['../_s_s_l_session_8h.html',1,'']]] ]; diff --git a/docs/html/search/files_4.html b/docs/html/search/files_4.html new file mode 100644 index 0000000..0eaa44a --- /dev/null +++ b/docs/html/search/files_4.html @@ -0,0 +1,30 @@ + + + + + + + + + +
+
Loading...
+
+ +
Searching...
+
No Matches
+ +
+ + diff --git a/docs/html/search/files_4.js b/docs/html/search/files_4.js new file mode 100644 index 0000000..a75f15b --- /dev/null +++ b/docs/html/search/files_4.js @@ -0,0 +1,8 @@ +var searchData= +[ + ['time_5fmacros_2eh',['time_macros.h',['../time__macros_8h.html',1,'']]], + ['tls12_5fonly_5fprofile_2ec',['TLS12_only_profile.c',['../_t_l_s12__only__profile_8c.html',1,'']]], + ['trust_5fanchors_2eh',['trust_anchors.h',['../trust__anchors_8h.html',1,'']]], + ['trustanchors_2eh',['trustanchors.h',['../trustanchors_8h.html',1,'']]], + ['trustanchors_2emd',['TrustAnchors.md',['../_trust_anchors_8md.html',1,'']]] +]; diff --git a/docs/html/search/functions_b.js b/docs/html/search/functions_b.js index ddd85b5..60bd456 100644 --- a/docs/html/search/functions_b.js +++ b/docs/html/search/functions_b.js @@ -1,8 +1,8 @@ var searchData= [ ['set_5fparameters',['set_parameters',['../class_s_s_l_session.html#a2fa15ce0b7caae25dfb567954175257e',1,'SSLSession']]], - ['sslclient',['SSLClient',['../class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0',1,'SSLClient']]], - ['sslclientimpl',['SSLClientImpl',['../class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b',1,'SSLClientImpl']]], + ['sslclient',['SSLClient',['../class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0',1,'SSLClient::SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)'],['../class_s_s_l_client.html#ad7b20a2ac220d346a8047db77d97723d',1,'SSLClient::SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)']]], + ['sslclientimpl',['SSLClientImpl',['../class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)'],['../class_s_s_l_client_impl.html#a8314c7dab1d923db5624f8075a53e6ea',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)']]], ['sslsession',['SSLSession',['../class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb',1,'SSLSession']]], ['stop',['stop',['../class_s_s_l_client.html#ad30db47248d78df7c12dedfb27f06529',1,'SSLClient']]], ['stop_5fimpl',['stop_impl',['../class_s_s_l_client_impl.html#a81eb5ede3a894f281ae586d463b624e6',1,'SSLClientImpl']]] diff --git a/docs/html/search/searchdata.js b/docs/html/search/searchdata.js index 26967e0..903807c 100644 --- a/docs/html/search/searchdata.js +++ b/docs/html/search/searchdata.js @@ -2,9 +2,9 @@ var indexSectionsWithContent = { 0: "_abcdefgilmoprstuw", 1: "s", - 2: "crst", + 2: "cerst", 3: "abcfgilmoprstw", - 4: "_", + 4: "_bce", 5: "de", 6: "s", 7: "_cgpstu", diff --git a/docs/html/search/variables_1.js b/docs/html/search/variables_1.js index 89036bd..814f51b 100644 --- a/docs/html/search/variables_1.js +++ b/docs/html/search/variables_1.js @@ -1,17 +1,4 @@ var searchData= [ - ['m_5fanalog_5fpin',['m_analog_pin',['../class_s_s_l_client_impl.html#a9fd03216e71ec0d250b3ed2874f08350',1,'SSLClientImpl']]], - ['m_5fclient',['m_client',['../class_s_s_l_client.html#a3fa6f4acf8149d76dd4fa443df4a2202',1,'SSLClient']]], - ['m_5fdebug',['m_debug',['../class_s_s_l_client_impl.html#a918195d260b3399056bd0477e5249321',1,'SSLClientImpl']]], - ['m_5fhostname',['m_hostname',['../class_s_s_l_session.html#ab5611a1eb7633019a9bfaa7cc86a1645',1,'SSLSession']]], - ['m_5fiobuf',['m_iobuf',['../class_s_s_l_client_impl.html#a6b8064ac811810e00b339f15fbe522c3',1,'SSLClientImpl']]], - ['m_5fip',['m_ip',['../class_s_s_l_session.html#ab080fda0553cff3be60ef134b68ad029',1,'SSLSession']]], - ['m_5fsession_5findex',['m_session_index',['../class_s_s_l_client_impl.html#a7cc5de19274e5ec689017cbb84aa008a',1,'SSLClientImpl']]], - ['m_5fsessions',['m_sessions',['../class_s_s_l_client.html#a680fa57f70d2f3164dd4b117bba8f001',1,'SSLClient']]], - ['m_5fsslctx',['m_sslctx',['../class_s_s_l_client_impl.html#ab6e5219b2edeb01bd949fbb51749adee',1,'SSLClientImpl']]], - ['m_5ftrust_5fanchors',['m_trust_anchors',['../class_s_s_l_client_impl.html#ac84af4c6b35f59642b6814c52cfde5db',1,'SSLClientImpl']]], - ['m_5ftrust_5fanchors_5fnum',['m_trust_anchors_num',['../class_s_s_l_client_impl.html#a4b86754cee9e04742728ca14e1b0db7f',1,'SSLClientImpl']]], - ['m_5fvalid_5fsession',['m_valid_session',['../class_s_s_l_session.html#abfe44b78c7c7d0f83919d6031d1d1857',1,'SSLSession']]], - ['m_5fwrite_5fidx',['m_write_idx',['../class_s_s_l_client_impl.html#a4bdc048774d8be220da7175e1369513f',1,'SSLClientImpl']]], - ['m_5fx509ctx',['m_x509ctx',['../class_s_s_l_client_impl.html#a942c7bd3ebbb03db249096c8bb591b8c',1,'SSLClientImpl']]] + ['br_5fec_5fprime_5ffast_5f256',['br_ec_prime_fast_256',['../ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab',1,'ec_prime_fast_256.c']]] ]; diff --git a/docs/html/search/variables_2.html b/docs/html/search/variables_2.html new file mode 100644 index 0000000..0cb98d3 --- /dev/null +++ b/docs/html/search/variables_2.html @@ -0,0 +1,30 @@ + + + + + + + + + +
+
Loading...
+
+ +
Searching...
+
No Matches
+ +
+ + diff --git a/docs/html/search/variables_2.js b/docs/html/search/variables_2.js new file mode 100644 index 0000000..faff15d --- /dev/null +++ b/docs/html/search/variables_2.js @@ -0,0 +1,5 @@ +var searchData= +[ + ['chain_5flen',['chain_len',['../struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2',1,'SSLClientParameters']]], + ['client_5fcert_5fchain',['client_cert_chain',['../struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95',1,'SSLClientParameters']]] +]; diff --git a/docs/html/search/variables_3.html b/docs/html/search/variables_3.html new file mode 100644 index 0000000..1e83bf5 --- /dev/null +++ b/docs/html/search/variables_3.html @@ -0,0 +1,30 @@ + + + + + + + + + +
+
Loading...
+
+ +
Searching...
+
No Matches
+ +
+ + diff --git a/docs/html/search/variables_3.js b/docs/html/search/variables_3.js new file mode 100644 index 0000000..eb3b769 --- /dev/null +++ b/docs/html/search/variables_3.js @@ -0,0 +1,4 @@ +var searchData= +[ + ['ec_5fkey',['ec_key',['../struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449',1,'SSLClientParameters']]] +]; diff --git a/docs/html/struct_s_s_l_client_parameters-members.html b/docs/html/struct_s_s_l_client_parameters-members.html new file mode 100644 index 0000000..3a9f4b6 --- /dev/null +++ b/docs/html/struct_s_s_l_client_parameters-members.html @@ -0,0 +1,111 @@ + + + + + + + +SSLClient: Member List + + + + + + + + + + + + + + +
+
+ + + + + + +
+
SSLClient +  v1.1.1 +
+
Add TLS 1.2 functionality to any network library.
+
+
+ + + + + + + +
+
+ +
+
+
+ +
+ +
+
+ + +
+ +
+ +
+
+
SSLClientParameters Member List
+
+
+ +

This is the complete list of members for SSLClientParameters, including all inherited members.

+ + + + +
chain_lenSSLClientParameters
client_cert_chainSSLClientParameters
ec_keySSLClientParameters
+
+ + + + diff --git a/docs/html/struct_s_s_l_client_parameters.html b/docs/html/struct_s_s_l_client_parameters.html new file mode 100644 index 0000000..df4ab25 --- /dev/null +++ b/docs/html/struct_s_s_l_client_parameters.html @@ -0,0 +1,181 @@ + + + + + + + +SSLClient: SSLClientParameters Struct Reference + + + + + + + + + + + + + + +
+
+ + + + + + +
+
SSLClient +  v1.1.1 +
+
Add TLS 1.2 functionality to any network library.
+
+
+ + + + + + + +
+
+ +
+
+
+ +
+ +
+
+ + +
+ +
+ +
+
+Public Attributes | +List of all members
+
+
SSLClientParameters Struct Reference
+
+
+ +

This struct stores data required for SSLClient to use mutual authentication. + More...

+ +

#include <SSLClientParameters.h>

+ + + + + + + + + +

+Public Attributes

const br_x509_certificate * client_cert_chain
 Pointer to the client certificate chain. More...
 
const size_t chain_len
 
const br_ec_private_key ec_key
 
+

Detailed Description

+

This struct stores data required for SSLClient to use mutual authentication.

+

SSLClientParameters.h

+

This file contains a simple utility class to store parameters about an SSL Session for reuse later.This file contains a simple struct to package together all the data required to use client certificate authentication with SSLClient.TLS mutual authentication is a process in which both the server and client perform cryptographic operations to verify the authenticity of eachother, for more information check out this article: https://medium.com/sitewards/the-magic-of-tls-x509-and-mutual-authentication-explained-b2162dec4401 . If this struct is provided to SSLClient::SSLClient, SSLClient will automatically send a client certificate if one is requested by the server. This will happen for all SSLClient connections, and may cause issues for websites that do not need mutual authentication— as a result, please only turn on mutual authentication if you are sure it is neccesary.

+

At the moment SSLClient only supports mutual authentication using ECC client certificates.

+

Member Data Documentation

+ +

◆ chain_len

+ +
+
+ + + + +
const size_t SSLClientParameters::chain_len
+
+

The number of certificates in SSLClientParameters::client_cert_chain

+ +
+
+ +

◆ client_cert_chain

+ +
+
+ + + + +
const br_x509_certificate* SSLClientParameters::client_cert_chain
+
+ +

Pointer to the client certificate chain.

+

Must be availible in memory AT ALL TIMES, should not be a local object. Certificates must be ordered from Client->Intermediate->...->Root.

+ +
+
+ +

◆ ec_key

+ +
+
+ + + + +
const br_ec_private_key SSLClientParameters::ec_key
+
+

The private key corresponding to the first certificate in SSLClientParameters::client_cert_chain

+ +
+
+
The documentation for this struct was generated from the following file: +
+
+ + + + diff --git a/docs/html/struct_s_s_l_client_parameters.js b/docs/html/struct_s_s_l_client_parameters.js new file mode 100644 index 0000000..b5e6dce --- /dev/null +++ b/docs/html/struct_s_s_l_client_parameters.js @@ -0,0 +1,6 @@ +var struct_s_s_l_client_parameters = +[ + [ "chain_len", "struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2", null ], + [ "client_cert_chain", "struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95", null ], + [ "ec_key", "struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449", null ] +]; \ No newline at end of file diff --git a/tools/pycert_bearssl/__pycache__/cert_util.cpython-37.pyc b/tools/pycert_bearssl/__pycache__/cert_util.cpython-37.pyc new file mode 100644 index 0000000000000000000000000000000000000000..ea89d36b868c479390e5430355bb49fcd87a5cd3 GIT binary patch literal 7329 zcmai3&vV>Hb_Ot*Um!UoC5n_}uhX`6Esl3Y(T)|{TCZ!VA!Vy9Q7Vy+*H|hja2n)* z!~mm4kN88FtyI~Ss;xvR=a{M-hB>4vw^WWfxb80fA784otYWO!1Y7z&Xd3WW5f7&dKq0d9)5#g`gbU}!Oh5U>25`4$8xPs!7Z4& z-ga%(UUZAsD>EZ5<-JH?CcG%vX`yzJI^#hv9ZjZOtyz{3G|L;x1xEAikJlJF2 z^ZlMLxEK4KpznR*IoD7d#=(yp91Kw-yjC~rrSx-xV;P8;z0-WhdH&qF7Q{T_8x0uM7S5WAO~Va!0uo)Y|D0qcYJI06Hkg>Dm_1LwG+Yi64CJ` zgx-r=QIBJ4nlZf%NzQXMISczdzZXjM) z@kcFVB}Wo}T3T@2{V7rB)vw6G3ig4D;Wd1OMNS_8iTAL3j&D<&#sw551hM=6ZV*k> zNA#{*wtBkMX^IS==`H0%2VmmlVP;dJ;|#uqX#Mt zWser!LSa-z73CNeR9C>SiC=mZg)}nY;>`Hg?3>)=)^|o`uHy|DDfmTTPO-&jxWExpwBf*^C}a}kvF zCajfD-@SK#Lopjx4Nl!!S#=A*h(d@iDj4~L^C6)YL2tFT8Jc(e$U zV!c!*B3St}N?LxDeujt9;JT%dklP~gdEIi0s;65eowjJuYZK>h{$DfvIjKVQVw9&X zF^hYPzLPG}ntlpm|AGf@_6sBPoSA)F76t`bIKcg&cxLsBXe(uQM$e_JG$?0);GT76 zng-q~vYH_p`&PZ5UPg^`W~i2_GlLhd82!T6m;v?Es=hdwq5E%*tia7fOZ>I0aXT}X z0BOW=fOS?F%$^y8xih0*&dQl}SQh_`KE+r1SXucB*0^5s--5l@qzpP;NjL`kU|Ryg z1ZV|nqOXZ{C9b4;kY2Lh~ODu?Q@PDlCpPMHxY<42>vv9 zJ#0yKj{dZr^dhcA!Iev*XPG-spP2L%IBLypk8p1TM7G>Ye55j>{# z6g-STZ_=bb?a@ak54%B37NxjBtEu;BgTc9MCWtb_J!N~XM~mzfUzco`s7EgwSB@x6 zI#lJSNvy`wdX1G-=H?;Sf#cZ1>Wj%mOem(gVKcXTa_{4p|BdVP`duGkDu^awdjWCZ zM0W@K7Lh>TK* z^V$jGU5W+s;_eAZ7)eaxA$aC#8>H)ABrJ6Ugi!QZp0cxBN!vZilcP8u#gXcC0bPFwc>=y6|ZW%$mhljk}ilIQ-ex02b z6s*?JVKl0l61^y=5f@jIEx z?Zbj_Widnl%se!NtNIpIpW9zU=0S-Q*MZk~nOE>v<<5&DIA`kgzpzYT1jHgf(i<5d zH$jX}nDSY3>rYv8SV1BBFeroXRpC#}DL6^rR&YjW!h)6k+idmt{SO)_*FJ18pi<+O zT04H*QwvRr6>S50QL{A=G;yXgmQkY)pNV1g7@3Tx8RcUm`kRmebd!U}1nuMqaib0h zhP5H(ox#dYsy%^4+?f7mq?N+ioq4LmB#! zr-ixmpt&@7+QW3Cs<~b4^FuF6;(hNZ5j?F|@@jw&QQ2c&p-pro{H|+LnHSo@abEJf zU>cqm@b#{ZkRrags0}O?tSQ_bmP8}N(-okT7vNh9@d~`1 zjrw)e+Y|MR@NiV`qP}=u51BSRVNn(jN|~7zvf@E`Pyy0QFADI+7B3%G#b0G5UdgN_ z<0FGSG%#8{{SUQXcU4YIIMq=&(<$&S5t;ug_o;BI0en#MOzpJvn%9&l9jU{=aD_Z- zrDZ)HAxedvXi~Yjg4c>l;F)%a#PYrpG!eZuh7(No8EHx^r$Mf`43IeQrR1ojK?eJQ z(ECOF3@f3+ujb}y5tM)9WA*m%tN)~2>mjlL9q2=p>nNcrU2~_^^Uwuvp3YKYx32ua za$3L5>ebvP|D8`wcxtysFBJ8`uOTzYOFU>LJaA_TNb2NgAAoJ2~$L@Q<7qE@$nSyj;Lma#Kw z!0V8{2wg8Nr_mDAsw$A2NstV~q=z4_!AWIWTaA-8pq#mr`Q`unU# zbe&BD@W0QB+yaPKv#D%)VC$AMvuIoaX=lZ3<_eVf2uabW#?w{wD2{p{$fS`K@ekS5 zpeRdOEt}P0Xngs+MoZxK3v55rkY$X<_8C;wCY{Tw80j3~I8aW@8H_iVjBJiJmkMud zgBmv9d^SH0NiRUcg@gHn3#hw@ZCJi)kZX7WH`2d2A#GtS?czw98hPp9f?OOdLB^%Q zWg7nm+|pRW!i0n?V+ji*37G?JuO3XD>ng|d$Z>zTDW(0>RRrEsgEz7%5YHt(ji)M} z7PCb@t-g5%Zm@=02O8ju6@4rs{C-pZ40F77@J9od6%O7;>nsTA9jw=-%#t&D9pN?? z`P>WTFgcxA%=3=l@rZ|dV-MAgctj{=9`o663W$(MD4(ZTU5 z5qAQAtK!@v0f!EHT47%XLD%EGE;4;Y4v2$r`VoMVv7B%V>dcnHee{U*i(X26@8}R} z!rW1?hX4f05;Cb}IFg`FDT4?)$ulhb@*YyP^{(Gne^=Jqa*=kluh{|6=0400QJS=&YS5JtI!_92FKuMO2} zuKD=k!|mqUxnjQ{#fpTrAg?v)9A?~>TSLDx?^(D7D-iJen z5A=&aAuCL2pnC-L+&LUWI4=(=K-{8kMOuVZd_>PP`dHpm5l!kAnro>(lksRBb%x~O zgg{(JZ{@Uyv4vU-GgGoU!yOk z5LVOYzd@ChqcEzrX%}p(r2i1iRxC=i-mxr;{Qd>&vQ2S-WjZ?fvfdoO{e1j{#0-Cn z1;=t!orQ4~b3w%njwv2tp1O&1RQ2z&pi`&3JUk3g>9C4c#0Augx2d>8#TTj@MNn7_ zxBB3#``h>KBPA9TS&Ls$@f#}Esra0V+f-~&u|frfCF*2LrHLBr3iYJWgoP+t7qsj1 t%BP)#_oCpldAzASREI$od{)J(A>PN|yS8I5*fX|OnZn;MoH^&s{{acqYM1~3 literal 0 HcmV?d00001 diff --git a/tools/pycert_bearssl/cert.cer b/tools/pycert_bearssl/cert.cer new file mode 100644 index 0000000..37b805a --- /dev/null +++ b/tools/pycert_bearssl/cert.cer @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPDCCAiQCCQCzrL/aem1hqTANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCT1IxEjAQBgNVBAcMCUNvcnZhbGxpczESMBAGA1UECgwJT1BF +blMgTGFiMQwwCgYDVQQLDANSJkQxDjAMBgNVBAMMBU9QRW5TMB4XDTE5MDcxODE4 +MzQzM1oXDTIwMDcxNzE4MzQzM1owYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk9S +MRIwEAYDVQQHDAlDb3J2YWxsaXMxEjAQBgNVBAoMCU9QRW5TIExhYjEMMAoGA1UE +CwwDUiZEMQ4wDAYDVQQDDAVPUEVuUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAJQmpP/fydEJL3yh8KdPNmlzuIpINMBjeVgog6zuRlUOrSHlMZx8Ritw +EtkrKfZciNOkEGef0Xn+HGQUBPwZilfEmp9cdaPg9Z1ORX7Vp8CsPIEghv/AR8py +Wg8MTPEde/t1lR1EznuEPkOkiaQrserknOYZPN/jPrqnhgujn3Q2IFhFqO4MId1F +SKdjgTod82wUDHUjnN8kZLUa68mI4UkKyIl+pZxM81MheA4P63x4eFahAzItoGbf +oCrmC6kb9pxjzGpQcyUukHNzfwFLQ/pKP2aXQvv6USt6LB37vqZBRjuaCV36ncGP +r5b7CmOw/1DJ/g6fVsVti/IWa7+eJjECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA +BpB3ljvK1WpKLh0mVHuI6n3TH08kbFSvDw44/SGrWRfMgHGqJOBP2cn1ENKKjQ6N +/fPh6S9i18n4rIP7B1+IphxMlYX8sQU/qIuqcFU8Y++Hsc1UN0SFvEBi3aHLuceN +jShQ9N+VIrk/oAJrrqcqDaeuGBsZdJ158q62lQ3G6bk9te/Ly1YeF/ddOOT4zyQp +VJO5ZlmWstpQIePk1I4ZEhh7TMjm/JjNI8Kn6MZWJw6PE8KodSr6m/YuxJ551pd4 +2u72Ve7UOAAdirVqMvwhKEd50tsaE71PLzyi3cv/A8/i6mHMzI86N1RJlMEbNf1k +VMO9Ofel+PbbwnnNhULR8w== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tools/pycert_bearssl/certificates.h b/tools/pycert_bearssl/certificates.h new file mode 100644 index 0000000..f271082 --- /dev/null +++ b/tools/pycert_bearssl/certificates.h @@ -0,0 +1,77 @@ +#ifndef _CERTIFICATES_H_ +#define _CERTIFICATES_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + +/* This file is auto-generated by the pycert_bearssl tool. Do not change it manually. + * Certificates are BearSSL br_x509_trust_anchor format. Included certs: + * + * Index: 0 + * Label: GlobalSign + * Subject: OU=GlobalSign Root CA - R2,O=GlobalSign,CN=GlobalSign + * Domain(s): script.google.com + */ + +#define TAs_NUM 1 + +static const unsigned char TA_DN0[] = { + 0x30, 0x4c, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, + 0x17, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, + 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x52, 0x32, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47, + 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x47, 0x6c, 0x6f, 0x62, + 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, +}; + +static const unsigned char TA_RSA_N0[] = { + 0xa6, 0xcf, 0x24, 0x0e, 0xbe, 0x2e, 0x6f, 0x28, 0x99, 0x45, 0x42, 0xc4, + 0xab, 0x3e, 0x21, 0x54, 0x9b, 0x0b, 0xd3, 0x7f, 0x84, 0x70, 0xfa, 0x12, + 0xb3, 0xcb, 0xbf, 0x87, 0x5f, 0xc6, 0x7f, 0x86, 0xd3, 0xb2, 0x30, 0x5c, + 0xd6, 0xfd, 0xad, 0xf1, 0x7b, 0xdc, 0xe5, 0xf8, 0x60, 0x96, 0x09, 0x92, + 0x10, 0xf5, 0xd0, 0x53, 0xde, 0xfb, 0x7b, 0x7e, 0x73, 0x88, 0xac, 0x52, + 0x88, 0x7b, 0x4a, 0xa6, 0xca, 0x49, 0xa6, 0x5e, 0xa8, 0xa7, 0x8c, 0x5a, + 0x11, 0xbc, 0x7a, 0x82, 0xeb, 0xbe, 0x8c, 0xe9, 0xb3, 0xac, 0x96, 0x25, + 0x07, 0x97, 0x4a, 0x99, 0x2a, 0x07, 0x2f, 0xb4, 0x1e, 0x77, 0xbf, 0x8a, + 0x0f, 0xb5, 0x02, 0x7c, 0x1b, 0x96, 0xb8, 0xc5, 0xb9, 0x3a, 0x2c, 0xbc, + 0xd6, 0x12, 0xb9, 0xeb, 0x59, 0x7d, 0xe2, 0xd0, 0x06, 0x86, 0x5f, 0x5e, + 0x49, 0x6a, 0xb5, 0x39, 0x5e, 0x88, 0x34, 0xec, 0xbc, 0x78, 0x0c, 0x08, + 0x98, 0x84, 0x6c, 0xa8, 0xcd, 0x4b, 0xb4, 0xa0, 0x7d, 0x0c, 0x79, 0x4d, + 0xf0, 0xb8, 0x2d, 0xcb, 0x21, 0xca, 0xd5, 0x6c, 0x5b, 0x7d, 0xe1, 0xa0, + 0x29, 0x84, 0xa1, 0xf9, 0xd3, 0x94, 0x49, 0xcb, 0x24, 0x62, 0x91, 0x20, + 0xbc, 0xdd, 0x0b, 0xd5, 0xd9, 0xcc, 0xf9, 0xea, 0x27, 0x0a, 0x2b, 0x73, + 0x91, 0xc6, 0x9d, 0x1b, 0xac, 0xc8, 0xcb, 0xe8, 0xe0, 0xa0, 0xf4, 0x2f, + 0x90, 0x8b, 0x4d, 0xfb, 0xb0, 0x36, 0x1b, 0xf6, 0x19, 0x7a, 0x85, 0xe0, + 0x6d, 0xf2, 0x61, 0x13, 0x88, 0x5c, 0x9f, 0xe0, 0x93, 0x0a, 0x51, 0x97, + 0x8a, 0x5a, 0xce, 0xaf, 0xab, 0xd5, 0xf7, 0xaa, 0x09, 0xaa, 0x60, 0xbd, + 0xdc, 0xd9, 0x5f, 0xdf, 0x72, 0xa9, 0x60, 0x13, 0x5e, 0x00, 0x01, 0xc9, + 0x4a, 0xfa, 0x3f, 0xa4, 0xea, 0x07, 0x03, 0x21, 0x02, 0x8e, 0x82, 0xca, + 0x03, 0xc2, 0x9b, 0x8f, +}; + +static const unsigned char TA_RSA_E0[] = { + 0x01, 0x00, 0x01, +}; + +static const br_x509_trust_anchor TAs[] = { + { + { (unsigned char *)TA_DN0, sizeof TA_DN0 }, + BR_X509_TA_CA, + { + BR_KEYTYPE_RSA, + { .rsa = { + (unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0, + (unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0, + } } + } + }, +}; + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* ifndef _CERTIFICATES_H_ */ From 43d517c9df5c1f8701cfabc0914070c320765d78 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 5 Aug 2019 21:47:52 -0700 Subject: [PATCH 019/141] remove output files --- .../__pycache__/cert_util.cpython-37.pyc | Bin 7329 -> 0 bytes tools/pycert_bearssl/cert.cer | 20 ----- tools/pycert_bearssl/certificates.h | 77 ------------------ 3 files changed, 97 deletions(-) delete mode 100644 tools/pycert_bearssl/__pycache__/cert_util.cpython-37.pyc delete mode 100644 tools/pycert_bearssl/cert.cer delete mode 100644 tools/pycert_bearssl/certificates.h diff --git a/tools/pycert_bearssl/__pycache__/cert_util.cpython-37.pyc b/tools/pycert_bearssl/__pycache__/cert_util.cpython-37.pyc deleted file mode 100644 index ea89d36b868c479390e5430355bb49fcd87a5cd3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7329 zcmai3&vV>Hb_Ot*Um!UoC5n_}uhX`6Esl3Y(T)|{TCZ!VA!Vy9Q7Vy+*H|hja2n)* z!~mm4kN88FtyI~Ss;xvR=a{M-hB>4vw^WWfxb80fA784otYWO!1Y7z&Xd3WW5f7&dKq0d9)5#g`gbU}!Oh5U>25`4$8xPs!7Z4& z-ga%(UUZAsD>EZ5<-JH?CcG%vX`yzJI^#hv9ZjZOtyz{3G|L;x1xEAikJlJF2 z^ZlMLxEK4KpznR*IoD7d#=(yp91Kw-yjC~rrSx-xV;P8;z0-WhdH&qF7Q{T_8x0uM7S5WAO~Va!0uo)Y|D0qcYJI06Hkg>Dm_1LwG+Yi64CJ` zgx-r=QIBJ4nlZf%NzQXMISczdzZXjM) z@kcFVB}Wo}T3T@2{V7rB)vw6G3ig4D;Wd1OMNS_8iTAL3j&D<&#sw551hM=6ZV*k> zNA#{*wtBkMX^IS==`H0%2VmmlVP;dJ;|#uqX#Mt zWser!LSa-z73CNeR9C>SiC=mZg)}nY;>`Hg?3>)=)^|o`uHy|DDfmTTPO-&jxWExpwBf*^C}a}kvF zCajfD-@SK#Lopjx4Nl!!S#=A*h(d@iDj4~L^C6)YL2tFT8Jc(e$U zV!c!*B3St}N?LxDeujt9;JT%dklP~gdEIi0s;65eowjJuYZK>h{$DfvIjKVQVw9&X zF^hYPzLPG}ntlpm|AGf@_6sBPoSA)F76t`bIKcg&cxLsBXe(uQM$e_JG$?0);GT76 zng-q~vYH_p`&PZ5UPg^`W~i2_GlLhd82!T6m;v?Es=hdwq5E%*tia7fOZ>I0aXT}X z0BOW=fOS?F%$^y8xih0*&dQl}SQh_`KE+r1SXucB*0^5s--5l@qzpP;NjL`kU|Ryg z1ZV|nqOXZ{C9b4;kY2Lh~ODu?Q@PDlCpPMHxY<42>vv9 zJ#0yKj{dZr^dhcA!Iev*XPG-spP2L%IBLypk8p1TM7G>Ye55j>{# z6g-STZ_=bb?a@ak54%B37NxjBtEu;BgTc9MCWtb_J!N~XM~mzfUzco`s7EgwSB@x6 zI#lJSNvy`wdX1G-=H?;Sf#cZ1>Wj%mOem(gVKcXTa_{4p|BdVP`duGkDu^awdjWCZ zM0W@K7Lh>TK* z^V$jGU5W+s;_eAZ7)eaxA$aC#8>H)ABrJ6Ugi!QZp0cxBN!vZilcP8u#gXcC0bPFwc>=y6|ZW%$mhljk}ilIQ-ex02b z6s*?JVKl0l61^y=5f@jIEx z?Zbj_Widnl%se!NtNIpIpW9zU=0S-Q*MZk~nOE>v<<5&DIA`kgzpzYT1jHgf(i<5d zH$jX}nDSY3>rYv8SV1BBFeroXRpC#}DL6^rR&YjW!h)6k+idmt{SO)_*FJ18pi<+O zT04H*QwvRr6>S50QL{A=G;yXgmQkY)pNV1g7@3Tx8RcUm`kRmebd!U}1nuMqaib0h zhP5H(ox#dYsy%^4+?f7mq?N+ioq4LmB#! zr-ixmpt&@7+QW3Cs<~b4^FuF6;(hNZ5j?F|@@jw&QQ2c&p-pro{H|+LnHSo@abEJf zU>cqm@b#{ZkRrags0}O?tSQ_bmP8}N(-okT7vNh9@d~`1 zjrw)e+Y|MR@NiV`qP}=u51BSRVNn(jN|~7zvf@E`Pyy0QFADI+7B3%G#b0G5UdgN_ z<0FGSG%#8{{SUQXcU4YIIMq=&(<$&S5t;ug_o;BI0en#MOzpJvn%9&l9jU{=aD_Z- zrDZ)HAxedvXi~Yjg4c>l;F)%a#PYrpG!eZuh7(No8EHx^r$Mf`43IeQrR1ojK?eJQ z(ECOF3@f3+ujb}y5tM)9WA*m%tN)~2>mjlL9q2=p>nNcrU2~_^^Uwuvp3YKYx32ua za$3L5>ebvP|D8`wcxtysFBJ8`uOTzYOFU>LJaA_TNb2NgAAoJ2~$L@Q<7qE@$nSyj;Lma#Kw z!0V8{2wg8Nr_mDAsw$A2NstV~q=z4_!AWIWTaA-8pq#mr`Q`unU# zbe&BD@W0QB+yaPKv#D%)VC$AMvuIoaX=lZ3<_eVf2uabW#?w{wD2{p{$fS`K@ekS5 zpeRdOEt}P0Xngs+MoZxK3v55rkY$X<_8C;wCY{Tw80j3~I8aW@8H_iVjBJiJmkMud zgBmv9d^SH0NiRUcg@gHn3#hw@ZCJi)kZX7WH`2d2A#GtS?czw98hPp9f?OOdLB^%Q zWg7nm+|pRW!i0n?V+ji*37G?JuO3XD>ng|d$Z>zTDW(0>RRrEsgEz7%5YHt(ji)M} z7PCb@t-g5%Zm@=02O8ju6@4rs{C-pZ40F77@J9od6%O7;>nsTA9jw=-%#t&D9pN?? z`P>WTFgcxA%=3=l@rZ|dV-MAgctj{=9`o663W$(MD4(ZTU5 z5qAQAtK!@v0f!EHT47%XLD%EGE;4;Y4v2$r`VoMVv7B%V>dcnHee{U*i(X26@8}R} z!rW1?hX4f05;Cb}IFg`FDT4?)$ulhb@*YyP^{(Gne^=Jqa*=kluh{|6=0400QJS=&YS5JtI!_92FKuMO2} zuKD=k!|mqUxnjQ{#fpTrAg?v)9A?~>TSLDx?^(D7D-iJen z5A=&aAuCL2pnC-L+&LUWI4=(=K-{8kMOuVZd_>PP`dHpm5l!kAnro>(lksRBb%x~O zgg{(JZ{@Uyv4vU-GgGoU!yOk z5LVOYzd@ChqcEzrX%}p(r2i1iRxC=i-mxr;{Qd>&vQ2S-WjZ?fvfdoO{e1j{#0-Cn z1;=t!orQ4~b3w%njwv2tp1O&1RQ2z&pi`&3JUk3g>9C4c#0Augx2d>8#TTj@MNn7_ zxBB3#``h>KBPA9TS&Ls$@f#}Esra0V+f-~&u|frfCF*2LrHLBr3iYJWgoP+t7qsj1 t%BP)#_oCpldAzASREI$od{)J(A>PN|yS8I5*fX|OnZn;MoH^&s{{acqYM1~3 diff --git a/tools/pycert_bearssl/cert.cer b/tools/pycert_bearssl/cert.cer deleted file mode 100644 index 37b805a..0000000 --- a/tools/pycert_bearssl/cert.cer +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDPDCCAiQCCQCzrL/aem1hqTANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJV -UzELMAkGA1UECAwCT1IxEjAQBgNVBAcMCUNvcnZhbGxpczESMBAGA1UECgwJT1BF -blMgTGFiMQwwCgYDVQQLDANSJkQxDjAMBgNVBAMMBU9QRW5TMB4XDTE5MDcxODE4 -MzQzM1oXDTIwMDcxNzE4MzQzM1owYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk9S -MRIwEAYDVQQHDAlDb3J2YWxsaXMxEjAQBgNVBAoMCU9QRW5TIExhYjEMMAoGA1UE -CwwDUiZEMQ4wDAYDVQQDDAVPUEVuUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAJQmpP/fydEJL3yh8KdPNmlzuIpINMBjeVgog6zuRlUOrSHlMZx8Ritw -EtkrKfZciNOkEGef0Xn+HGQUBPwZilfEmp9cdaPg9Z1ORX7Vp8CsPIEghv/AR8py -Wg8MTPEde/t1lR1EznuEPkOkiaQrserknOYZPN/jPrqnhgujn3Q2IFhFqO4MId1F -SKdjgTod82wUDHUjnN8kZLUa68mI4UkKyIl+pZxM81MheA4P63x4eFahAzItoGbf -oCrmC6kb9pxjzGpQcyUukHNzfwFLQ/pKP2aXQvv6USt6LB37vqZBRjuaCV36ncGP -r5b7CmOw/1DJ/g6fVsVti/IWa7+eJjECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA -BpB3ljvK1WpKLh0mVHuI6n3TH08kbFSvDw44/SGrWRfMgHGqJOBP2cn1ENKKjQ6N -/fPh6S9i18n4rIP7B1+IphxMlYX8sQU/qIuqcFU8Y++Hsc1UN0SFvEBi3aHLuceN -jShQ9N+VIrk/oAJrrqcqDaeuGBsZdJ158q62lQ3G6bk9te/Ly1YeF/ddOOT4zyQp -VJO5ZlmWstpQIePk1I4ZEhh7TMjm/JjNI8Kn6MZWJw6PE8KodSr6m/YuxJ551pd4 -2u72Ve7UOAAdirVqMvwhKEd50tsaE71PLzyi3cv/A8/i6mHMzI86N1RJlMEbNf1k -VMO9Ofel+PbbwnnNhULR8w== ------END CERTIFICATE----- \ No newline at end of file diff --git a/tools/pycert_bearssl/certificates.h b/tools/pycert_bearssl/certificates.h deleted file mode 100644 index f271082..0000000 --- a/tools/pycert_bearssl/certificates.h +++ /dev/null @@ -1,77 +0,0 @@ -#ifndef _CERTIFICATES_H_ -#define _CERTIFICATES_H_ - -#ifdef __cplusplus -extern "C" -{ -#endif - -/* This file is auto-generated by the pycert_bearssl tool. Do not change it manually. - * Certificates are BearSSL br_x509_trust_anchor format. Included certs: - * - * Index: 0 - * Label: GlobalSign - * Subject: OU=GlobalSign Root CA - R2,O=GlobalSign,CN=GlobalSign - * Domain(s): script.google.com - */ - -#define TAs_NUM 1 - -static const unsigned char TA_DN0[] = { - 0x30, 0x4c, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x17, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, - 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x52, 0x32, - 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x47, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x47, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, -}; - -static const unsigned char TA_RSA_N0[] = { - 0xa6, 0xcf, 0x24, 0x0e, 0xbe, 0x2e, 0x6f, 0x28, 0x99, 0x45, 0x42, 0xc4, - 0xab, 0x3e, 0x21, 0x54, 0x9b, 0x0b, 0xd3, 0x7f, 0x84, 0x70, 0xfa, 0x12, - 0xb3, 0xcb, 0xbf, 0x87, 0x5f, 0xc6, 0x7f, 0x86, 0xd3, 0xb2, 0x30, 0x5c, - 0xd6, 0xfd, 0xad, 0xf1, 0x7b, 0xdc, 0xe5, 0xf8, 0x60, 0x96, 0x09, 0x92, - 0x10, 0xf5, 0xd0, 0x53, 0xde, 0xfb, 0x7b, 0x7e, 0x73, 0x88, 0xac, 0x52, - 0x88, 0x7b, 0x4a, 0xa6, 0xca, 0x49, 0xa6, 0x5e, 0xa8, 0xa7, 0x8c, 0x5a, - 0x11, 0xbc, 0x7a, 0x82, 0xeb, 0xbe, 0x8c, 0xe9, 0xb3, 0xac, 0x96, 0x25, - 0x07, 0x97, 0x4a, 0x99, 0x2a, 0x07, 0x2f, 0xb4, 0x1e, 0x77, 0xbf, 0x8a, - 0x0f, 0xb5, 0x02, 0x7c, 0x1b, 0x96, 0xb8, 0xc5, 0xb9, 0x3a, 0x2c, 0xbc, - 0xd6, 0x12, 0xb9, 0xeb, 0x59, 0x7d, 0xe2, 0xd0, 0x06, 0x86, 0x5f, 0x5e, - 0x49, 0x6a, 0xb5, 0x39, 0x5e, 0x88, 0x34, 0xec, 0xbc, 0x78, 0x0c, 0x08, - 0x98, 0x84, 0x6c, 0xa8, 0xcd, 0x4b, 0xb4, 0xa0, 0x7d, 0x0c, 0x79, 0x4d, - 0xf0, 0xb8, 0x2d, 0xcb, 0x21, 0xca, 0xd5, 0x6c, 0x5b, 0x7d, 0xe1, 0xa0, - 0x29, 0x84, 0xa1, 0xf9, 0xd3, 0x94, 0x49, 0xcb, 0x24, 0x62, 0x91, 0x20, - 0xbc, 0xdd, 0x0b, 0xd5, 0xd9, 0xcc, 0xf9, 0xea, 0x27, 0x0a, 0x2b, 0x73, - 0x91, 0xc6, 0x9d, 0x1b, 0xac, 0xc8, 0xcb, 0xe8, 0xe0, 0xa0, 0xf4, 0x2f, - 0x90, 0x8b, 0x4d, 0xfb, 0xb0, 0x36, 0x1b, 0xf6, 0x19, 0x7a, 0x85, 0xe0, - 0x6d, 0xf2, 0x61, 0x13, 0x88, 0x5c, 0x9f, 0xe0, 0x93, 0x0a, 0x51, 0x97, - 0x8a, 0x5a, 0xce, 0xaf, 0xab, 0xd5, 0xf7, 0xaa, 0x09, 0xaa, 0x60, 0xbd, - 0xdc, 0xd9, 0x5f, 0xdf, 0x72, 0xa9, 0x60, 0x13, 0x5e, 0x00, 0x01, 0xc9, - 0x4a, 0xfa, 0x3f, 0xa4, 0xea, 0x07, 0x03, 0x21, 0x02, 0x8e, 0x82, 0xca, - 0x03, 0xc2, 0x9b, 0x8f, -}; - -static const unsigned char TA_RSA_E0[] = { - 0x01, 0x00, 0x01, -}; - -static const br_x509_trust_anchor TAs[] = { - { - { (unsigned char *)TA_DN0, sizeof TA_DN0 }, - BR_X509_TA_CA, - { - BR_KEYTYPE_RSA, - { .rsa = { - (unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0, - (unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0, - } } - } - }, -}; - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* ifndef _CERTIFICATES_H_ */ From 2b287f51799de1852f318228fd46eaeb008195c5 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 12 Aug 2019 17:27:14 -0700 Subject: [PATCH 020/141] Rework client certificates, add support for decoding a PEM object --- src/SSLClient.h | 27 ++++++-------------- src/SSLClientImpl.cpp | 31 +++++++++++------------ src/SSLClientImpl.h | 3 ++- src/SSLObj.cpp | 57 +++++++++++++++++++++++++++++++++++++++++++ src/SSLObj.h | 51 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 132 insertions(+), 37 deletions(-) create mode 100644 src/SSLObj.cpp create mode 100644 src/SSLObj.h diff --git a/src/SSLClient.h b/src/SSLClient.h index 215a2b3..6116d61 100644 --- a/src/SSLClient.h +++ b/src/SSLClient.h @@ -22,6 +22,7 @@ #include "SSLClientImpl.h" #include "SSLSession.h" #include "SSLClientParameters.h" +#include "SSLObj.h" #ifndef SSLClient_H_ #define SSLClient_H_ @@ -81,25 +82,6 @@ public: // SSL Connections take a really long time so we don't want to time out a legitimate thing setTimeout(30 * 1000); } - - /** - * Same as SSLClient::SSLClient(const C &, const br_x509_trust_anchor*, const size_t, const int, const DebugLevel), - * but can compile support for mutual authentication. - */ - explicit SSLClient( const C& client, - const br_x509_trust_anchor *trust_anchors, - const size_t trust_anchors_num, - const int analog_pin, - const DebugLevel debug, - const SSLClientParameters* mutual_auth_params) - : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug, mutual_auth_params) - , m_client(client) - , m_sessions{} - { - // set the timeout to a reasonable number (it can always be changes later) - // SSL Connections take a really long time so we don't want to time out a legitimate thing - setTimeout(30 * 1000); - } //======================================== //= Functions implemented in SSLClientImpl @@ -307,6 +289,13 @@ public: //= Functions Not in the Client Interface //======================================== + /** + * @brief Add a client certificate and enable support for mutual auth + * + * This function must be called BEFORE making an SSL connection. + */ + void setMutualAuthParams(const SSLClientParameters* params) { return set_mutual_impl(params); } + /** * @brief Gets a session reference corresponding to a host and IP, or a reference to a empty session if none exist * diff --git a/src/SSLClientImpl.cpp b/src/SSLClientImpl.cpp index 13ed636..eaa94aa 100644 --- a/src/SSLClientImpl.cpp +++ b/src/SSLClientImpl.cpp @@ -69,23 +69,6 @@ SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, br_ssl_engine_set_buffer(&m_sslctx.eng, m_iobuf, sizeof m_iobuf, duplex); } -/* see SSLClientImpl.h */ -SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, - const size_t trust_anchors_num, const int analog_pin, - const DebugLevel debug, const SSLClientParameters* mutual_auth_params) - : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug) { - // if mutual authentication if needed, configure bearssl to support it. - if (mutual_auth_params != nullptr) - br_ssl_client_set_single_ec( &m_sslctx, - mutual_auth_params->client_cert_chain, - mutual_auth_params->chain_len, - &mutual_auth_params->ec_key, - BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN, - BR_KEYTYPE_EC, - br_ssl_engine_get_ec(&m_sslctx.eng), - &br_ecdsa_i15_sign_asn1); - } - /* see SSLClientImpl.h*/ int SSLClientImpl::connect_impl(IPAddress ip, uint16_t port) { const char* func_name = __func__; @@ -331,6 +314,20 @@ void SSLClientImpl::remove_session_impl(const char* host, const IPAddress& addr) } } +/* see SSLClientImpl.h */ +void SSLClientImpl::set_mutual_impl(const SSLClientParameters* params) { + // if mutual authentication if needed, configure bearssl to support it. + if (params != nullptr) + br_ssl_client_set_single_ec( &m_sslctx, + params->client_cert_chain, + params->chain_len, + ¶ms->ec_key, + BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN, + BR_KEYTYPE_EC, + br_ssl_engine_get_ec(&m_sslctx.eng), + &br_ecdsa_i15_sign_asn1); +} + bool SSLClientImpl::m_soft_connected(const char* func_name) { // check if the socket is still open and such if (getWriteError()) { diff --git a/src/SSLClientImpl.h b/src/SSLClientImpl.h index 01af2f1..931ad77 100644 --- a/src/SSLClientImpl.h +++ b/src/SSLClientImpl.h @@ -107,7 +107,8 @@ public: SSLSession& get_session_impl(const char* host, const IPAddress& addr); /** @see SSLClient::removeSession */ void remove_session_impl(const char* host, const IPAddress& addr); - + /** @see SSLClient::setMutualAuthParams */ + void set_mutual_impl(const SSLClientParameters* params); //============================================ //= Functions implemented in SSLClient.h //============================================ diff --git a/src/SSLObj.cpp b/src/SSLObj.cpp new file mode 100644 index 0000000..68682ea --- /dev/null +++ b/src/SSLObj.cpp @@ -0,0 +1,57 @@ +#include "SSLObj.h" + +struct ssl_pem_decode_state { + std::vector* vect; + size_t index = 0; +}; + +static void ssl_pem_decode(void *dest_ctx, const void *src, size_t len) { + ssl_pem_decode_state* ctx = static_cast(dest_ctx); + // copy the recieved bytes into the vector, resizing if needed + if (ctx->vect->size() < len + ctx->index) { + Serial.println("Overflow!"); + return; + } + for (size_t i = 0; i < len; i++) (*(ctx->vect))[i + ctx->index] = static_cast(src)[i]; + // update index + ctx->index += len; +} + +const std::vector SSLObj::make_vector_pem(const char* data, const size_t len) { + if (data == nullptr || len == 0) return { 0 }; + // initialize the bearssl PEM context + br_pem_decoder_context pctx; + br_pem_decoder_init(&pctx); + // create a temporary vector + std::vector temp(len * 3 / 4 + 5); + // initialize the DER storage context + ssl_pem_decode_state state; + state.vect = &temp; + state.index = 0; + // set the byte reciever + br_pem_decoder_setdest(&pctx, &ssl_pem_decode, &state); + // start decoding! + int br_state = 0; + size_t index = 0; + do { + index += br_pem_decoder_push(&pctx, static_cast(&data[index]), len - index); + br_state = br_pem_decoder_event(&pctx); + } while (br_state != BR_PEM_ERROR && br_state != BR_PEM_END_OBJ); + // error check + if (br_state == BR_PEM_ERROR) { + // set data to error + temp.clear(); + } + // else we're good! + return { temp }; +} + +const std::vector SSLObj::make_vector_der(const char* data, const size_t len) { + if (data == nullptr || len == 0) return { 0 }; + // create a temporary vector + std::vector temp(len); + // copy the elements over + for (size_t i = 0; i < len; i++) temp[i] = data[i]; + // return the new SSLObj + return { temp }; +} \ No newline at end of file diff --git a/src/SSLObj.h b/src/SSLObj.h new file mode 100644 index 0000000..25e8827 --- /dev/null +++ b/src/SSLObj.h @@ -0,0 +1,51 @@ +/* Copyright 2019 OSU OPEnS Lab + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of this + * software and associated documentation files (the "Software"), to deal in the Software + * without restriction, including without limitation the rights to use, copy, modify, + * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following + * conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +/** + * SSLObj.h + * + * This file contains a utility class to take PEM input and store it as a DER object + * for later use by BearSSL. + */ + +#include +#include "bearssl_pem.h" +#include "Arduino.h" + +#ifndef SSLObj_H_ +#define SSLObj_H_ + +/** + * \brief This namespace works with raw DER byte arrays for use later with TLS mutual auth. + * + * This namespace was created to store some of the values stored in ::SSLClientParameters, + * which allow BearSSL use client certificates when creating a TLS connection. Since + * most certificates are transmitted over the internet in PEM format, a certificate can + * be provided in PEM or DER format, and will be converted internally to DER format for + * later use. A PEM file provided to this class MUST CONTAIN the `----BEGIN ... -----` + * header in order to be parsed correctly. + */ + +namespace SSLObj { + const std::vector make_vector_pem(const char* data, const size_t len); + const std::vector make_vector_der(const char* data, const size_t len); +} + +#endif \ No newline at end of file From 5e1a3b41ca9ed7ea86064f953e1304d766cc6756 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Tue, 13 Aug 2019 12:29:09 -0700 Subject: [PATCH 021/141] fix SSLObj functionality --- src/SSLObj.cpp | 32 ++++++++++++++++++++------------ src/SSLObj.h | 8 +++++--- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/src/SSLObj.cpp b/src/SSLObj.cpp index 68682ea..73ead13 100644 --- a/src/SSLObj.cpp +++ b/src/SSLObj.cpp @@ -1,5 +1,12 @@ #include "SSLObj.h" +// fix for non-exception arduino platforms +#ifdef ADAFRUIT_FEATHER_M0 +namespace std { + void __throw_length_error(char const*) {} +} +#endif + struct ssl_pem_decode_state { std::vector* vect; size_t index = 0; @@ -7,23 +14,18 @@ struct ssl_pem_decode_state { static void ssl_pem_decode(void *dest_ctx, const void *src, size_t len) { ssl_pem_decode_state* ctx = static_cast(dest_ctx); - // copy the recieved bytes into the vector, resizing if needed - if (ctx->vect->size() < len + ctx->index) { - Serial.println("Overflow!"); - return; - } - for (size_t i = 0; i < len; i++) (*(ctx->vect))[i + ctx->index] = static_cast(src)[i]; + for (size_t i = 0; i < len; i++) ctx->vect->emplace_back(static_cast(src)[i]); // update index ctx->index += len; } const std::vector SSLObj::make_vector_pem(const char* data, const size_t len) { - if (data == nullptr || len == 0) return { 0 }; + if (data == nullptr || len < 80) return {}; // initialize the bearssl PEM context br_pem_decoder_context pctx; br_pem_decoder_init(&pctx); // create a temporary vector - std::vector temp(len * 3 / 4 + 5); + std::vector temp; // initialize the DER storage context ssl_pem_decode_state state; state.vect = &temp; @@ -36,22 +38,28 @@ const std::vector SSLObj::make_vector_pem(const char* data, const do { index += br_pem_decoder_push(&pctx, static_cast(&data[index]), len - index); br_state = br_pem_decoder_event(&pctx); - } while (br_state != BR_PEM_ERROR && br_state != BR_PEM_END_OBJ); + // if we found the begining object, reserve the vector based on the remaining relavent bytes + if (br_state == BR_PEM_BEGIN_OBJ) { + // 22 = five dashes for header and footer + four newlines - character difference between `BEGIN` and `END` + const size_t relavant_bytes_base64 = len - (2*strlen(br_pem_decoder_name(&pctx)) + 22); + temp.reserve(relavant_bytes_base64 * 3 / 4); + } + } while (br_state != BR_PEM_ERROR && br_state != BR_PEM_END_OBJ && len != index); // error check if (br_state == BR_PEM_ERROR) { // set data to error temp.clear(); } // else we're good! - return { temp }; + return temp; } const std::vector SSLObj::make_vector_der(const char* data, const size_t len) { - if (data == nullptr || len == 0) return { 0 }; + if (data == nullptr || len == 0) return {}; // create a temporary vector std::vector temp(len); // copy the elements over for (size_t i = 0; i < len; i++) temp[i] = data[i]; // return the new SSLObj - return { temp }; + return temp; } \ No newline at end of file diff --git a/src/SSLObj.h b/src/SSLObj.h index 25e8827..8d5ecaf 100644 --- a/src/SSLObj.h +++ b/src/SSLObj.h @@ -24,14 +24,16 @@ * This file contains a utility class to take PEM input and store it as a DER object * for later use by BearSSL. */ - -#include +#include #include "bearssl_pem.h" -#include "Arduino.h" #ifndef SSLObj_H_ #define SSLObj_H_ +#undef min +#undef max +#include + /** * \brief This namespace works with raw DER byte arrays for use later with TLS mutual auth. * From c6ac76be2754e4da951c1250b39b88d374ce2b1d Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Wed, 14 Aug 2019 11:00:19 -0700 Subject: [PATCH 022/141] small bugfix with flushing behavior --- src/SSLClientImpl.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/SSLClientImpl.cpp b/src/SSLClientImpl.cpp index eaa94aa..a9cf890 100644 --- a/src/SSLClientImpl.cpp +++ b/src/SSLClientImpl.cpp @@ -219,10 +219,8 @@ int SSLClientImpl::peek_impl() { /* see SSLClientImpl.h */ void SSLClientImpl::flush_impl() { - // trigger a flush, incase there's any leftover data - br_ssl_engine_flush(&m_sslctx.eng, 0); - // run until application data is ready for pickup - if(m_run_until(BR_SSL_RECVAPP) < 0) m_error("Could not flush write buffer!", __func__); + if (m_write_idx > 0) + if(m_run_until(BR_SSL_RECVAPP) < 0) m_error("Could not flush write buffer!", __func__); } /* see SSLClientImpl.h */ @@ -524,6 +522,8 @@ unsigned SSLClientImpl::m_update_engine() { // data has been written to the io buffer, something is wrong if (!(state & BR_SSL_SENDAPP)) { m_error("Error m_write_idx > 0 but the ssl engine is not ready for data", func_name); + m_error(br_ssl_engine_current_state(&m_sslctx.eng), func_name); + m_error(br_ssl_engine_last_error(&m_sslctx.eng), func_name); setWriteError(SSL_BR_WRITE_ERROR); stop_impl(); return 0; From c832294902f3e5d8723046accfa67debefc63fdc Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Wed, 14 Aug 2019 11:12:06 -0700 Subject: [PATCH 023/141] Remove unnessecary functions in SSLObj, add comments to SSLObj and update docs --- docs/html/_s_s_l_client_8h.html | 1 + docs/html/_s_s_l_client_8h_source.html | 80 ++--- docs/html/_s_s_l_client_impl_8h_source.html | 35 +- docs/html/_s_s_l_obj_8cpp.html | 115 +++++++ docs/html/_s_s_l_obj_8cpp.js | 4 + docs/html/_s_s_l_obj_8h.html | 127 +++++++ docs/html/_s_s_l_obj_8h.js | 4 + docs/html/_s_s_l_obj_8h_source.html | 108 ++++++ docs/html/annotated.html | 9 +- docs/html/annotated_dup.js | 1 + docs/html/class_s_s_l_client-members.html | 17 +- docs/html/class_s_s_l_client.html | 103 +++--- docs/html/class_s_s_l_client.js | 2 +- .../html/class_s_s_l_client_impl-members.html | 9 +- docs/html/class_s_s_l_client_impl.html | 21 ++ docs/html/class_s_s_l_client_impl.js | 1 + docs/html/classes.html | 8 +- .../dir_68267d1309a1af8e8297ef4c3efbcdba.html | 4 + .../dir_68267d1309a1af8e8297ef4c3efbcdba.js | 2 + docs/html/files.html | 10 +- docs/html/functions.html | 22 +- docs/html/functions_func.html | 6 + docs/html/functions_vars.html | 6 + docs/html/hierarchy.html | 3 +- docs/html/hierarchy.js | 1 + docs/html/menudata.js | 6 + docs/html/namespace_s_s_l_obj.html | 159 +++++++++ docs/html/namespacemembers.html | 106 ++++++ docs/html/namespacemembers_func.html | 106 ++++++ docs/html/namespaces.html | 110 ++++++ docs/html/namespaces_dup.js | 4 + docs/html/navtreedata.js | 7 + docs/html/navtreeindex0.js | 314 +++++++++--------- docs/html/search/all_11.js | 3 +- docs/html/search/all_12.html | 30 ++ docs/html/search/all_12.js | 5 + docs/html/search/all_8.js | 1 + docs/html/search/all_a.js | 3 +- docs/html/search/all_e.js | 8 +- docs/html/search/classes_0.js | 1 + docs/html/search/files_3.js | 2 + docs/html/search/functions_7.js | 3 +- docs/html/search/functions_b.js | 4 +- docs/html/search/namespaces_0.html | 30 ++ docs/html/search/namespaces_0.js | 4 + docs/html/search/searchdata.js | 47 +-- docs/html/search/variables_4.html | 30 ++ docs/html/search/variables_4.js | 4 + docs/html/search/variables_5.html | 30 ++ docs/html/search/variables_5.js | 4 + ...structssl__pem__decode__state-members.html | 110 ++++++ docs/html/structssl__pem__decode__state.html | 149 +++++++++ docs/html/structssl__pem__decode__state.js | 5 + src/SSLObj.cpp | 14 +- src/SSLObj.h | 16 +- 55 files changed, 1669 insertions(+), 345 deletions(-) create mode 100644 docs/html/_s_s_l_obj_8cpp.html create mode 100644 docs/html/_s_s_l_obj_8cpp.js create mode 100644 docs/html/_s_s_l_obj_8h.html create mode 100644 docs/html/_s_s_l_obj_8h.js create mode 100644 docs/html/_s_s_l_obj_8h_source.html create mode 100644 docs/html/namespace_s_s_l_obj.html create mode 100644 docs/html/namespacemembers.html create mode 100644 docs/html/namespacemembers_func.html create mode 100644 docs/html/namespaces.html create mode 100644 docs/html/namespaces_dup.js create mode 100644 docs/html/search/all_12.html create mode 100644 docs/html/search/all_12.js create mode 100644 docs/html/search/namespaces_0.html create mode 100644 docs/html/search/namespaces_0.js create mode 100644 docs/html/search/variables_4.html create mode 100644 docs/html/search/variables_4.js create mode 100644 docs/html/search/variables_5.html create mode 100644 docs/html/search/variables_5.js create mode 100644 docs/html/structssl__pem__decode__state-members.html create mode 100644 docs/html/structssl__pem__decode__state.html create mode 100644 docs/html/structssl__pem__decode__state.js diff --git a/docs/html/_s_s_l_client_8h.html b/docs/html/_s_s_l_client_8h.html index 945261d..df7d798 100644 --- a/docs/html/_s_s_l_client_8h.html +++ b/docs/html/_s_s_l_client_8h.html @@ -98,6 +98,7 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8h.html','');}); #include "SSLClientImpl.h"
#include "SSLSession.h"
#include "SSLClientParameters.h"
+#include "SSLObj.h"

Go to the source code of this file.

diff --git a/docs/html/_s_s_l_client_8h_source.html b/docs/html/_s_s_l_client_8h_source.html index 090a4ef..69d4620 100644 --- a/docs/html/_s_s_l_client_8h_source.html +++ b/docs/html/_s_s_l_client_8h_source.html @@ -91,53 +91,55 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8h_source.html','');});
SSLClient.h
-Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
21 #include "Client.h"
22 #include "SSLClientImpl.h"
23 #include "SSLSession.h"
24 #include "SSLClientParameters.h"
25 
26 #ifndef SSLClient_H_
27 #define SSLClient_H_
28 
34 template <class C, size_t SessionCache = 1>
35 class SSLClient : public SSLClientImpl {
36 /*
37  * static checks
38  * I'm a java developer, so I want to ensure that my inheritance is safe.
39  * These checks ensure that all the functions we use on class C are
40  * actually present on class C. It does this by checking that the
41  * class inherits from Client.
42  *
43  * Additionally, I ran into a lot of memory issues with large sessions caches.
44  * Since each session contains at max 352 bytes of memory, they eat of the
45  * stack quite quickly and can cause overflows. As a result, I have added a
46  * warning here to discourage the use of more than 3 sessions at a time. Any
47  * amount past that will require special modification of this library, and
48  * assumes you know what you are doing.
49  */
50 static_assert(SessionCache > 0 && SessionCache < 255, "There can be no less than one and no more than 255 sessions in the cache!");
51 static_assert(SessionCache <= 3, "You need to decrease the size of m_iobuf in order to have more than 3 sessions at once, otherwise memory issues will occur.");
52 
53 public:
71  explicit SSLClient( const C& client,
72  const br_x509_trust_anchor *trust_anchors,
73  const size_t trust_anchors_num,
74  const int analog_pin,
75  const DebugLevel debug = SSL_WARN)
76  : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug)
77  , m_client(client)
78  , m_sessions{}
79  {
80  // set the timeout to a reasonable number (it can always be changes later)
81  // SSL Connections take a really long time so we don't want to time out a legitimate thing
82  setTimeout(30 * 1000);
83  }
84 
89  explicit SSLClient( const C& client,
90  const br_x509_trust_anchor *trust_anchors,
91  const size_t trust_anchors_num,
92  const int analog_pin,
93  const DebugLevel debug,
94  const SSLClientParameters* mutual_auth_params)
95  : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug, mutual_auth_params)
96  , m_client(client)
97  , m_sessions{}
98  {
99  // set the timeout to a reasonable number (it can always be changes later)
100  // SSL Connections take a really long time so we don't want to time out a legitimate thing
101  setTimeout(30 * 1000);
102  }
103 
104  //========================================
105  //= Functions implemented in SSLClientImpl
106  //========================================
107 
147  int connect(IPAddress ip, uint16_t port) override { return connect_impl(ip, port); }
148 
185  int connect(const char *host, uint16_t port) override { return connect_impl(host, port); }
186 
188  size_t write(uint8_t b) override { return write_impl(&b, 1); }
212  size_t write(const uint8_t *buf, size_t size) override { return write_impl(buf, size); }
213 
232  int available() override { return available_impl(); }
233 
238  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
260  int read(uint8_t *buf, size_t size) override { return read_impl(buf, size); }
261 
270  int peek() override { return peek_impl(); }
271 
279  void flush() override { return flush_impl(); }
280 
289  void stop() override { return stop_impl(); }
290 
304  uint8_t connected() override { return connected_impl(); }
305 
306  //========================================
307  //= Functions Not in the Client Interface
308  //========================================
309 
324  SSLSession& getSession(const char* host, const IPAddress& addr) { return get_session_impl(host, addr); }
325 
334  void removeSession(const char* host, const IPAddress& addr) { return remove_session_impl(host, addr); }
335 
341  size_t getSessionCount() const override { return SessionCache; }
342 
348  operator bool() { return connected() > 0; }
350  bool operator==(const bool value) { return bool() == value; }
352  bool operator!=(const bool value) { return bool() != value; }
354  bool operator==(const C& rhs) { return m_client == rhs; }
356  bool operator!=(const C& rhs) { return m_client != rhs; }
358  uint16_t localPort() override { return m_client.localPort(); }
360  IPAddress remoteIP() override { return m_client.remoteIP(); }
362  uint16_t remotePort() override { return m_client.remotePort(); }
363 
365  C& getClient() { return m_client; }
366 
367 protected:
369  Client& get_arduino_client() override { return m_client; }
370  const Client& get_arduino_client() const override { return m_client; }
372  SSLSession* get_session_array() override { return m_sessions; }
373  const SSLSession* get_session_array() const override { return m_sessions; }
374 
375 private:
376  // create a copy of the client
377  C m_client;
378  // also store an array of SSLSessions, so we can resume communication with multiple websites
379  SSLSession m_sessions[SessionCache];
380 };
381 
382 #endif
SSLClientImpl::write_impl
size_t write_impl(const uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:147
-
SSLClient::get_session_array
const SSLSession * get_session_array() const override
Definition: SSLClient.h:373
-
SSLClient::remoteIP
IPAddress remoteIP() override
Returns the remote IP, if C::remoteIP exists.
Definition: SSLClient.h:360
-
SSLClient::write
size_t write(uint8_t b) override
Definition: SSLClient.h:188
+Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
21 #include "Client.h"
22 #include "SSLClientImpl.h"
23 #include "SSLSession.h"
24 #include "SSLClientParameters.h"
25 #include "SSLObj.h"
26 
27 #ifndef SSLClient_H_
28 #define SSLClient_H_
29 
35 template <class C, size_t SessionCache = 1>
36 class SSLClient : public SSLClientImpl {
37 /*
38  * static checks
39  * I'm a java developer, so I want to ensure that my inheritance is safe.
40  * These checks ensure that all the functions we use on class C are
41  * actually present on class C. It does this by checking that the
42  * class inherits from Client.
43  *
44  * Additionally, I ran into a lot of memory issues with large sessions caches.
45  * Since each session contains at max 352 bytes of memory, they eat of the
46  * stack quite quickly and can cause overflows. As a result, I have added a
47  * warning here to discourage the use of more than 3 sessions at a time. Any
48  * amount past that will require special modification of this library, and
49  * assumes you know what you are doing.
50  */
51 static_assert(SessionCache > 0 && SessionCache < 255, "There can be no less than one and no more than 255 sessions in the cache!");
52 static_assert(SessionCache <= 3, "You need to decrease the size of m_iobuf in order to have more than 3 sessions at once, otherwise memory issues will occur.");
53 
54 public:
72  explicit SSLClient( const C& client,
73  const br_x509_trust_anchor *trust_anchors,
74  const size_t trust_anchors_num,
75  const int analog_pin,
76  const DebugLevel debug = SSL_WARN)
77  : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug)
78  , m_client(client)
79  , m_sessions{}
80  {
81  // set the timeout to a reasonable number (it can always be changes later)
82  // SSL Connections take a really long time so we don't want to time out a legitimate thing
83  setTimeout(30 * 1000);
84  }
85 
86  //========================================
87  //= Functions implemented in SSLClientImpl
88  //========================================
89 
129  int connect(IPAddress ip, uint16_t port) override { return connect_impl(ip, port); }
130 
167  int connect(const char *host, uint16_t port) override { return connect_impl(host, port); }
168 
170  size_t write(uint8_t b) override { return write_impl(&b, 1); }
194  size_t write(const uint8_t *buf, size_t size) override { return write_impl(buf, size); }
195 
214  int available() override { return available_impl(); }
215 
220  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
242  int read(uint8_t *buf, size_t size) override { return read_impl(buf, size); }
243 
252  int peek() override { return peek_impl(); }
253 
261  void flush() override { return flush_impl(); }
262 
271  void stop() override { return stop_impl(); }
272 
286  uint8_t connected() override { return connected_impl(); }
287 
288  //========================================
289  //= Functions Not in the Client Interface
290  //========================================
291 
297  void setMutualAuthParams(const SSLClientParameters* params) { return set_mutual_impl(params); }
298 
313  SSLSession& getSession(const char* host, const IPAddress& addr) { return get_session_impl(host, addr); }
314 
323  void removeSession(const char* host, const IPAddress& addr) { return remove_session_impl(host, addr); }
324 
330  size_t getSessionCount() const override { return SessionCache; }
331 
337  operator bool() { return connected() > 0; }
339  bool operator==(const bool value) { return bool() == value; }
341  bool operator!=(const bool value) { return bool() != value; }
343  bool operator==(const C& rhs) { return m_client == rhs; }
345  bool operator!=(const C& rhs) { return m_client != rhs; }
347  uint16_t localPort() override { return m_client.localPort(); }
349  IPAddress remoteIP() override { return m_client.remoteIP(); }
351  uint16_t remotePort() override { return m_client.remotePort(); }
352 
354  C& getClient() { return m_client; }
355 
356 protected:
358  Client& get_arduino_client() override { return m_client; }
359  const Client& get_arduino_client() const override { return m_client; }
361  SSLSession* get_session_array() override { return m_sessions; }
362  const SSLSession* get_session_array() const override { return m_sessions; }
363 
364 private:
365  // create a copy of the client
366  C m_client;
367  // also store an array of SSLSessions, so we can resume communication with multiple websites
368  SSLSession m_sessions[SessionCache];
369 };
370 
371 #endif
SSLClient::setMutualAuthParams
void setMutualAuthParams(const SSLClientParameters *params)
Add a client certificate and enable support for mutual auth.
Definition: SSLClient.h:297
+
SSLClientImpl::write_impl
size_t write_impl(const uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:130
+
SSLClient::get_session_array
const SSLSession * get_session_array() const override
Definition: SSLClient.h:362
+
SSLClient::remoteIP
IPAddress remoteIP() override
Returns the remote IP, if C::remoteIP exists.
Definition: SSLClient.h:349
+
SSLClient::write
size_t write(uint8_t b) override
Definition: SSLClient.h:170
SSL_WARN
Definition: SSLClientImpl.h:66
-
SSLClientImpl::get_session_impl
SSLSession & get_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:305
+
SSLClientImpl::get_session_impl
SSLSession & get_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:286
SSLSession
This class stores values which allow SSLClient to save and resume SSL sessions.
Definition: SSLSession.h:52
-
SSLClient::SSLClient
SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)
Definition: SSLClient.h:89
-
SSLClient::operator!=
bool operator!=(const C &rhs)
Returns whether or not two SSLClient objects do not have the same underlying client object.
Definition: SSLClient.h:356
-
SSLClient::available
int available() override
Returns the number of bytes available to read from the data that has been received and decrypted.
Definition: SSLClient.h:232
-
SSLClient::getClient
C & getClient()
Returns a reference to the client object stored in this class. Take care not to break it.
Definition: SSLClient.h:365
-
SSLClientImpl::peek_impl
int peek_impl()
Definition: SSLClientImpl.cpp:226
+
SSLClient::operator!=
bool operator!=(const C &rhs)
Returns whether or not two SSLClient objects do not have the same underlying client object.
Definition: SSLClient.h:345
+
SSLClient::available
int available() override
Returns the number of bytes available to read from the data that has been received and decrypted.
Definition: SSLClient.h:214
+
SSLClient::getClient
C & getClient()
Returns a reference to the client object stored in this class. Take care not to break it.
Definition: SSLClient.h:354
+
SSLClientImpl::peek_impl
int peek_impl()
Definition: SSLClientImpl.cpp:209
SSLClientParameters
This struct stores data required for SSLClient to use mutual authentication.
Definition: SSLClientParameters.h:52
-
SSLClient::flush
void flush() override
Force writing the buffered bytes from SSLClient::write to the network.
Definition: SSLClient.h:279
-
SSLClient
The main SSLClient class. Check out README.md for more info.
Definition: SSLClient.h:35
-
SSLClient::operator!=
bool operator!=(const bool value)
Definition: SSLClient.h:352
-
SSLClient::stop
void stop() override
Close the connection.
Definition: SSLClient.h:289
-
SSLClient::write
size_t write(const uint8_t *buf, size_t size) override
Write some bytes to the SSL connection.
Definition: SSLClient.h:212
-
SSLClient::SSLClient
SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)
Initialize SSLClient with all of the prerequisites needed.
Definition: SSLClient.h:71
-
SSLClient::peek
int peek() override
View the first byte of the buffer, without removing it from the SSLClient Buffer.
Definition: SSLClient.h:270
-
SSLClientImpl::available_impl
int available_impl()
Definition: SSLClientImpl.cpp:190
-
SSLClient::operator==
bool operator==(const C &rhs)
Returns whether or not two SSLClient objects have the same underlying client object.
Definition: SSLClient.h:354
-
SSLClientImpl::read_impl
int read_impl(uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:211
-
SSLClient::get_session_array
SSLSession * get_session_array() override
Returns an instance of the session array that is on the stack.
Definition: SSLClient.h:372
-
SSLClientImpl::remove_session_impl
void remove_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:324
-
SSLClient::get_arduino_client
Client & get_arduino_client() override
Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl.
Definition: SSLClient.h:369
-
SSLClient::localPort
uint16_t localPort() override
Returns the local port, if C::localPort exists.
Definition: SSLClient.h:358
+
SSLClient::flush
void flush() override
Force writing the buffered bytes from SSLClient::write to the network.
Definition: SSLClient.h:261
+
SSLClient
The main SSLClient class. Check out README.md for more info.
Definition: SSLClient.h:36
+
SSLClient::operator!=
bool operator!=(const bool value)
Definition: SSLClient.h:341
+
SSLClient::stop
void stop() override
Close the connection.
Definition: SSLClient.h:271
+
SSLClient::write
size_t write(const uint8_t *buf, size_t size) override
Write some bytes to the SSL connection.
Definition: SSLClient.h:194
+
SSLClient::SSLClient
SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)
Initialize SSLClient with all of the prerequisites needed.
Definition: SSLClient.h:72
+
SSLClient::peek
int peek() override
View the first byte of the buffer, without removing it from the SSLClient Buffer.
Definition: SSLClient.h:252
+
SSLClientImpl::available_impl
int available_impl()
Definition: SSLClientImpl.cpp:173
+
SSLClient::operator==
bool operator==(const C &rhs)
Returns whether or not two SSLClient objects have the same underlying client object.
Definition: SSLClient.h:343
+
SSLClientImpl::read_impl
int read_impl(uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:194
+
SSLClient::get_session_array
SSLSession * get_session_array() override
Returns an instance of the session array that is on the stack.
Definition: SSLClient.h:361
+
SSLClientImpl::remove_session_impl
void remove_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:305
+
SSLClient::get_arduino_client
Client & get_arduino_client() override
Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl.
Definition: SSLClient.h:358
+
SSLClient::localPort
uint16_t localPort() override
Returns the local port, if C::localPort exists.
Definition: SSLClient.h:347
SSLClientImpl.h
-
SSLClient::read
int read() override
Read a single byte, or -1 if none is available.
Definition: SSLClient.h:238
+
SSLClientImpl::set_mutual_impl
void set_mutual_impl(const SSLClientParameters *params)
Definition: SSLClientImpl.cpp:316
+
SSLClient::read
int read() override
Read a single byte, or -1 if none is available.
Definition: SSLClient.h:220
SSLClientParameters.h
-
SSLClient::connected
uint8_t connected() override
Check if the device is connected.
Definition: SSLClient.h:304
+
SSLClient::connected
uint8_t connected() override
Check if the device is connected.
Definition: SSLClient.h:286
SSLSession.h
-
SSLClient::get_arduino_client
const Client & get_arduino_client() const override
Definition: SSLClient.h:370
-
SSLClient::connect
int connect(const char *host, uint16_t port) override
Connect over SSL to a host specified by a hostname.
Definition: SSLClient.h:185
-
SSLClient::operator==
bool operator==(const bool value)
Definition: SSLClient.h:350
-
SSLClient::remotePort
uint16_t remotePort() override
Returns the remote port, if C::remotePort exists. Else return 0.
Definition: SSLClient.h:362
-
SSLClientImpl::connect_impl
int connect_impl(IPAddress ip, uint16_t port)
Definition: SSLClientImpl.cpp:90
-
SSLClient::getSessionCount
size_t getSessionCount() const override
Get the maximum number of SSL sessions that can be stored at once.
Definition: SSLClient.h:341
-
SSLClientImpl::stop_impl
void stop_impl()
Definition: SSLClientImpl.cpp:246
-
SSLClientImpl::flush_impl
void flush_impl()
Definition: SSLClientImpl.cpp:238
+
SSLClient::get_arduino_client
const Client & get_arduino_client() const override
Definition: SSLClient.h:359
+
SSLClient::connect
int connect(const char *host, uint16_t port) override
Connect over SSL to a host specified by a hostname.
Definition: SSLClient.h:167
+
SSLClient::operator==
bool operator==(const bool value)
Definition: SSLClient.h:339
+
SSLClient::remotePort
uint16_t remotePort() override
Returns the remote port, if C::remotePort exists. Else return 0.
Definition: SSLClient.h:351
+
SSLClientImpl::connect_impl
int connect_impl(IPAddress ip, uint16_t port)
Definition: SSLClientImpl.cpp:73
+
SSLClient::getSessionCount
size_t getSessionCount() const override
Get the maximum number of SSL sessions that can be stored at once.
Definition: SSLClient.h:330
+
SSLClientImpl::stop_impl
void stop_impl()
Definition: SSLClientImpl.cpp:227
+
SSLClientImpl::flush_impl
void flush_impl()
Definition: SSLClientImpl.cpp:221
+
SSLObj.h
SSLClientImpl
Implementation code to be inherited by SSLClient.
Definition: SSLClientImpl.h:72
-
SSLClient::removeSession
void removeSession(const char *host, const IPAddress &addr)
Clear the session corresponding to a host and IP.
Definition: SSLClient.h:334
-
SSLClientImpl::connected_impl
uint8_t connected_impl()
Definition: SSLClientImpl.cpp:274
-
SSLClient::getSession
SSLSession & getSession(const char *host, const IPAddress &addr)
Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
Definition: SSLClient.h:324
+
SSLClient::removeSession
void removeSession(const char *host, const IPAddress &addr)
Clear the session corresponding to a host and IP.
Definition: SSLClient.h:323
+
SSLClientImpl::connected_impl
uint8_t connected_impl()
Definition: SSLClientImpl.cpp:255
+
SSLClient::getSession
SSLSession & getSession(const char *host, const IPAddress &addr)
Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
Definition: SSLClient.h:313
DebugLevel
DebugLevel
Level of verbosity used in logging for SSLClient.
Definition: SSLClientImpl.h:60
-
SSLClient::read
int read(uint8_t *buf, size_t size) override
Read size bytes from the SSL client buffer, copying them into *buf, and return the number of bytes re...
Definition: SSLClient.h:260
-
SSLClient::connect
int connect(IPAddress ip, uint16_t port) override
Connect over SSL to a host specified by an IP address.
Definition: SSLClient.h:147
+
SSLClient::read
int read(uint8_t *buf, size_t size) override
Read size bytes from the SSL client buffer, copying them into *buf, and return the number of bytes re...
Definition: SSLClient.h:242
+
SSLClient::connect
int connect(IPAddress ip, uint16_t port) override
Connect over SSL to a host specified by an IP address.
Definition: SSLClient.h:129
diff --git a/docs/html/_s_s_l_client_impl_8h_source.html b/docs/html/_s_s_l_client_impl_8h_source.html index 6e50fd6..b7ff5ee 100644 --- a/docs/html/_s_s_l_client_impl_8h_source.html +++ b/docs/html/_s_s_l_client_impl_8h_source.html @@ -91,17 +91,17 @@ $(document).ready(function(){initNavTree('_s_s_l_client_impl_8h_source.html','')
SSLClientImpl.h
-Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
21 #include "bearssl.h"
22 #include "Arduino.h"
23 #include "Client.h"
24 #include "SSLSession.h"
25 #include "SSLClientParameters.h"
26 
27 #ifndef SSLClientImpl_H_
28 #define SSLClientImpl_H_
29 
38 enum Error {
39  SSL_OK = 0,
41  SSL_CLIENT_CONNECT_FAIL,
43  SSL_BR_CONNECT_FAIL,
45  SSL_CLIENT_WRTIE_ERROR,
47  SSL_BR_WRITE_ERROR,
49  SSL_INTERNAL_ERROR,
51  SSL_OUT_OF_MEMORY
52 };
53 
60 enum DebugLevel {
62  SSL_NONE = 0,
64  SSL_ERROR = 1,
66  SSL_WARN = 2,
68  SSL_INFO = 3,
69 };
70 
72 class SSLClientImpl : public Client {
73 public:
75  explicit SSLClientImpl(const br_x509_trust_anchor *trust_anchors,
76  const size_t trust_anchors_num, const int analog_pin,
77  const DebugLevel debug);
78 
80  explicit SSLClientImpl(const br_x509_trust_anchor *trust_anchors,
81  const size_t trust_anchors_num, const int analog_pin,
82  const DebugLevel debug, const SSLClientParameters* mutual_auth_params);
83 
84  //============================================
85  //= Functions implemented in SSLClientImpl.cpp
86  //============================================
87 
89  int connect_impl(IPAddress ip, uint16_t port);
91  int connect_impl(const char *host, uint16_t port);
93  size_t write_impl(const uint8_t *buf, size_t size);
95  int available_impl();
97  int read_impl(uint8_t *buf, size_t size);
99  int peek_impl();
101  void flush_impl();
103  void stop_impl();
105  uint8_t connected_impl();
107  SSLSession& get_session_impl(const char* host, const IPAddress& addr);
109  void remove_session_impl(const char* host, const IPAddress& addr);
110 
111  //============================================
112  //= Functions implemented in SSLClient.h
113  //============================================
115  virtual uint16_t localPort() = 0;
117  virtual IPAddress remoteIP() = 0;
119  virtual uint16_t remotePort() = 0;
121  virtual size_t getSessionCount() const = 0;
122 
123 protected:
125  virtual Client& get_arduino_client() = 0;
126  virtual const Client& get_arduino_client() const = 0;
128  virtual SSLSession* get_session_array() = 0;
129  virtual const SSLSession* get_session_array() const = 0;
130 
131  //============================================
132  //= Functions implemented in SSLClientImpl.cpp
133  //============================================
134 
136  void m_print_prefix(const char* func_name, const DebugLevel level) const;
137 
139  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
140 
142  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
143 
145  template<typename T>
146  void m_print(const T str, const char* func_name, const DebugLevel level) const {
147  // check the current debug level and serial status
148  if (level > m_debug || !Serial) return;
149  // print prefix
150  m_print_prefix(func_name, level);
151  // print the message
152  Serial.println(str);
153  }
154 
156  template<typename T>
157  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
158 
159  template<typename T>
160  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
161 
162  template<typename T>
163  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
164 
165 private:
167  bool m_soft_connected(const char* func_name);
169  int m_start_ssl(const char* host, SSLSession& ssl_ses);
171  int m_run_until(const unsigned target);
173  unsigned m_update_engine();
175  int m_get_session_index(const char* host, const IPAddress& addr) const;
176 
177  //============================================
178  //= Data Members
179  //============================================
180 
181  // store the pin to fetch an RNG see from
182  const int m_analog_pin;
183  // store an index of where a new session can be placed if we don't have any corresponding sessions
184  size_t m_session_index;
185  // store whether to enable debug logging
186  const DebugLevel m_debug;
187  // store if we are connected in bearssl or not
188  bool m_is_connected;
189  // store the context values required for SSL
190  br_ssl_client_context m_sslctx;
191  br_x509_minimal_context m_x509ctx;
192  // use a mono-directional buffer by default to cut memory in half
193  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
194  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
195  // simply edit this value to change the buffer size to the desired value
196  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
197  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
205  unsigned char m_iobuf[2048];
206  // store the index of where we are writing in the buffer
207  // so we can send our records all at once to prevent
208  // weird timing issues
209  size_t m_write_idx;
210 };
211 
212 #endif /* SSLClientImpl_H_ */
SSLClientImpl::write_impl
size_t write_impl(const uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:147
+Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
21 #include "bearssl.h"
22 #include "Arduino.h"
23 #include "Client.h"
24 #include "SSLSession.h"
25 #include "SSLClientParameters.h"
26 
27 #ifndef SSLClientImpl_H_
28 #define SSLClientImpl_H_
29 
38 enum Error {
39  SSL_OK = 0,
41  SSL_CLIENT_CONNECT_FAIL,
43  SSL_BR_CONNECT_FAIL,
45  SSL_CLIENT_WRTIE_ERROR,
47  SSL_BR_WRITE_ERROR,
49  SSL_INTERNAL_ERROR,
51  SSL_OUT_OF_MEMORY
52 };
53 
60 enum DebugLevel {
62  SSL_NONE = 0,
64  SSL_ERROR = 1,
66  SSL_WARN = 2,
68  SSL_INFO = 3,
69 };
70 
72 class SSLClientImpl : public Client {
73 public:
75  explicit SSLClientImpl(const br_x509_trust_anchor *trust_anchors,
76  const size_t trust_anchors_num, const int analog_pin,
77  const DebugLevel debug);
78 
80  explicit SSLClientImpl(const br_x509_trust_anchor *trust_anchors,
81  const size_t trust_anchors_num, const int analog_pin,
82  const DebugLevel debug, const SSLClientParameters* mutual_auth_params);
83 
84  //============================================
85  //= Functions implemented in SSLClientImpl.cpp
86  //============================================
87 
89  int connect_impl(IPAddress ip, uint16_t port);
91  int connect_impl(const char *host, uint16_t port);
93  size_t write_impl(const uint8_t *buf, size_t size);
95  int available_impl();
97  int read_impl(uint8_t *buf, size_t size);
99  int peek_impl();
101  void flush_impl();
103  void stop_impl();
105  uint8_t connected_impl();
107  SSLSession& get_session_impl(const char* host, const IPAddress& addr);
109  void remove_session_impl(const char* host, const IPAddress& addr);
111  void set_mutual_impl(const SSLClientParameters* params);
112  //============================================
113  //= Functions implemented in SSLClient.h
114  //============================================
116  virtual uint16_t localPort() = 0;
118  virtual IPAddress remoteIP() = 0;
120  virtual uint16_t remotePort() = 0;
122  virtual size_t getSessionCount() const = 0;
123 
124 protected:
126  virtual Client& get_arduino_client() = 0;
127  virtual const Client& get_arduino_client() const = 0;
129  virtual SSLSession* get_session_array() = 0;
130  virtual const SSLSession* get_session_array() const = 0;
131 
132  //============================================
133  //= Functions implemented in SSLClientImpl.cpp
134  //============================================
135 
137  void m_print_prefix(const char* func_name, const DebugLevel level) const;
138 
140  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
141 
143  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
144 
146  template<typename T>
147  void m_print(const T str, const char* func_name, const DebugLevel level) const {
148  // check the current debug level and serial status
149  if (level > m_debug || !Serial) return;
150  // print prefix
151  m_print_prefix(func_name, level);
152  // print the message
153  Serial.println(str);
154  }
155 
157  template<typename T>
158  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
159 
160  template<typename T>
161  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
162 
163  template<typename T>
164  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
165 
166 private:
168  bool m_soft_connected(const char* func_name);
170  int m_start_ssl(const char* host, SSLSession& ssl_ses);
172  int m_run_until(const unsigned target);
174  unsigned m_update_engine();
176  int m_get_session_index(const char* host, const IPAddress& addr) const;
177 
178  //============================================
179  //= Data Members
180  //============================================
181 
182  // store the pin to fetch an RNG see from
183  const int m_analog_pin;
184  // store an index of where a new session can be placed if we don't have any corresponding sessions
185  size_t m_session_index;
186  // store whether to enable debug logging
187  const DebugLevel m_debug;
188  // store if we are connected in bearssl or not
189  bool m_is_connected;
190  // store the context values required for SSL
191  br_ssl_client_context m_sslctx;
192  br_x509_minimal_context m_x509ctx;
193  // use a mono-directional buffer by default to cut memory in half
194  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
195  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
196  // simply edit this value to change the buffer size to the desired value
197  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
198  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
206  unsigned char m_iobuf[2048];
207  // store the index of where we are writing in the buffer
208  // so we can send our records all at once to prevent
209  // weird timing issues
210  size_t m_write_idx;
211 };
212 
213 #endif /* SSLClientImpl_H_ */
SSLClientImpl::write_impl
size_t write_impl(const uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:130
SSLClientImpl::remotePort
virtual uint16_t remotePort()=0
-
SSLClientImpl::m_print
void m_print(const T str, const char *func_name, const DebugLevel level) const
debugging print function, only prints if m_debug is true
Definition: SSLClientImpl.h:146
+
SSLClientImpl::m_print
void m_print(const T str, const char *func_name, const DebugLevel level) const
debugging print function, only prints if m_debug is true
Definition: SSLClientImpl.h:147
SSL_WARN
Definition: SSLClientImpl.h:66
SSLClientImpl::remoteIP
virtual IPAddress remoteIP()=0
-
SSLClientImpl::get_session_impl
SSLSession & get_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:305
+
SSLClientImpl::get_session_impl
SSLSession & get_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:286
SSLSession
This class stores values which allow SSLClient to save and resume SSL sessions.
Definition: SSLSession.h:52
-
SSLClientImpl::m_info
void m_info(const T str, const char *func_name) const
Prints a info message to serial, if info messages are enabled.
Definition: SSLClientImpl.h:157
+
SSLClientImpl::m_info
void m_info(const T str, const char *func_name) const
Prints a info message to serial, if info messages are enabled.
Definition: SSLClientImpl.h:158
SSLClientImpl::SSLClientImpl
SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)
Definition: SSLClientImpl.cpp:53
-
SSLClientImpl::m_error
void m_error(const T str, const char *func_name) const
Definition: SSLClientImpl.h:163
-
SSLClientImpl::peek_impl
int peek_impl()
Definition: SSLClientImpl.cpp:226
+
SSLClientImpl::m_error
void m_error(const T str, const char *func_name) const
Definition: SSLClientImpl.h:164
+
SSLClientImpl::peek_impl
int peek_impl()
Definition: SSLClientImpl.cpp:209
SSL_INFO
Definition: SSLClientImpl.h:68
SSL_ERROR
Definition: SSLClientImpl.h:64
SSLClientParameters
This struct stores data required for SSLClient to use mutual authentication.
Definition: SSLClientParameters.h:52
@@ -110,28 +110,29 @@ $(document).ready(function(){initNavTree('_s_s_l_client_impl_8h_source.html','')
SSLClientImpl::get_session_array
virtual SSLSession * get_session_array()=0
SSL_BR_WRITE_ERROR
Definition: SSLClientImpl.h:47
SSL_OK
Definition: SSLClientImpl.h:39
-
SSLClientImpl::m_print_ssl_error
void m_print_ssl_error(const int ssl_error, const DebugLevel level) const
Prints the string associated with a write error.
Definition: SSLClientImpl.cpp:671
-
SSLClientImpl::available_impl
int available_impl()
Definition: SSLClientImpl.cpp:190
+
SSLClientImpl::m_print_ssl_error
void m_print_ssl_error(const int ssl_error, const DebugLevel level) const
Prints the string associated with a write error.
Definition: SSLClientImpl.cpp:668
+
SSLClientImpl::available_impl
int available_impl()
Definition: SSLClientImpl.cpp:173
Error
Error
Static constants defining the possible errors encountered.
Definition: SSLClientImpl.h:38
SSL_BR_CONNECT_FAIL
Definition: SSLClientImpl.h:43
-
SSLClientImpl::read_impl
int read_impl(uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:211
-
SSLClientImpl::remove_session_impl
void remove_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:324
+
SSLClientImpl::read_impl
int read_impl(uint8_t *buf, size_t size)
Definition: SSLClientImpl.cpp:194
+
SSLClientImpl::remove_session_impl
void remove_session_impl(const char *host, const IPAddress &addr)
Definition: SSLClientImpl.cpp:305
SSL_CLIENT_WRTIE_ERROR
Definition: SSLClientImpl.h:45
SSLClientImpl::get_arduino_client
virtual Client & get_arduino_client()=0
SSL_CLIENT_CONNECT_FAIL
Definition: SSLClientImpl.h:41
-
SSLClientImpl::m_print_prefix
void m_print_prefix(const char *func_name, const DebugLevel level) const
Prints a debugging prefix to all logs, so we can attatch them to useful information.
Definition: SSLClientImpl.cpp:653
+
SSLClientImpl::m_print_prefix
void m_print_prefix(const char *func_name, const DebugLevel level) const
Prints a debugging prefix to all logs, so we can attatch them to useful information.
Definition: SSLClientImpl.cpp:650
+
SSLClientImpl::set_mutual_impl
void set_mutual_impl(const SSLClientParameters *params)
Definition: SSLClientImpl.cpp:316
SSL_NONE
Definition: SSLClientImpl.h:62
-
SSLClientImpl::m_print_br_error
void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const
Print the text string associated with a BearSSL error code.
Definition: SSLClientImpl.cpp:686
-
SSLClientImpl::m_warn
void m_warn(const T str, const char *func_name) const
Definition: SSLClientImpl.h:160
+
SSLClientImpl::m_print_br_error
void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const
Print the text string associated with a BearSSL error code.
Definition: SSLClientImpl.cpp:683
+
SSLClientImpl::m_warn
void m_warn(const T str, const char *func_name) const
Definition: SSLClientImpl.h:161
SSLClientParameters.h
SSLSession.h
-
SSLClientImpl::connect_impl
int connect_impl(IPAddress ip, uint16_t port)
Definition: SSLClientImpl.cpp:90
+
SSLClientImpl::connect_impl
int connect_impl(IPAddress ip, uint16_t port)
Definition: SSLClientImpl.cpp:73
SSL_OUT_OF_MEMORY
Definition: SSLClientImpl.h:51
-
SSLClientImpl::stop_impl
void stop_impl()
Definition: SSLClientImpl.cpp:246
-
SSLClientImpl::flush_impl
void flush_impl()
Definition: SSLClientImpl.cpp:238
+
SSLClientImpl::stop_impl
void stop_impl()
Definition: SSLClientImpl.cpp:227
+
SSLClientImpl::flush_impl
void flush_impl()
Definition: SSLClientImpl.cpp:221
SSLClientImpl
Implementation code to be inherited by SSLClient.
Definition: SSLClientImpl.h:72
SSLClientImpl::localPort
virtual uint16_t localPort()=0
-
SSLClientImpl::connected_impl
uint8_t connected_impl()
Definition: SSLClientImpl.cpp:274
+
SSLClientImpl::connected_impl
uint8_t connected_impl()
Definition: SSLClientImpl.cpp:255
DebugLevel
DebugLevel
Level of verbosity used in logging for SSLClient.
Definition: SSLClientImpl.h:60
diff --git a/docs/html/_s_s_l_obj_8cpp.html b/docs/html/_s_s_l_obj_8cpp.html new file mode 100644 index 0000000..b720439 --- /dev/null +++ b/docs/html/_s_s_l_obj_8cpp.html @@ -0,0 +1,115 @@ + + + + + + + +SSLClient: C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLObj.cpp File Reference + + + + + + + + + + + + + + +
+
+
+ + + + + +
+
SSLClient +  v1.1.1 +
+
Add TLS 1.2 functionality to any network library.
+
+ + + + + + + + + +
+ +
+
+
+ +
+ +
+
+ + +
+ +
+ +
+
+Classes
+
+
SSLObj.cpp File Reference
+
+
+
#include "SSLObj.h"
+
+ + + +

+Classes

struct  ssl_pem_decode_state
 
+
+
+ + + + diff --git a/docs/html/_s_s_l_obj_8cpp.js b/docs/html/_s_s_l_obj_8cpp.js new file mode 100644 index 0000000..41eb738 --- /dev/null +++ b/docs/html/_s_s_l_obj_8cpp.js @@ -0,0 +1,4 @@ +var _s_s_l_obj_8cpp = +[ + [ "ssl_pem_decode_state", "structssl__pem__decode__state.html", "structssl__pem__decode__state" ] +]; \ No newline at end of file diff --git a/docs/html/_s_s_l_obj_8h.html b/docs/html/_s_s_l_obj_8h.html new file mode 100644 index 0000000..c50d212 --- /dev/null +++ b/docs/html/_s_s_l_obj_8h.html @@ -0,0 +1,127 @@ + + + + + + + +SSLClient: C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLObj.h File Reference + + + + + + + + + + + + + + +
+
+ + + + + + +
+
SSLClient +  v1.1.1 +
+
Add TLS 1.2 functionality to any network library.
+
+
+ + + + + + + +
+
+ +
+
+
+ +
+ +
+
+ + +
+ +
+ +
+
+Namespaces | +Functions
+
+
SSLObj.h File Reference
+
+
+
#include <cstring>
+#include "bearssl_pem.h"
+#include <vector>
+
+

Go to the source code of this file.

+ + + + + +

+Namespaces

 SSLObj
 This namespace works with raw DER byte arrays for use later with TLS mutual auth.
 
+ + + + +

+Functions

const std::vector< unsigned char > SSLObj::make_vector_pem (const char *data, const size_t len)
 Convert a PEM buffer into a vector of raw DER bytes. More...
 
+
+
+ + + + diff --git a/docs/html/_s_s_l_obj_8h.js b/docs/html/_s_s_l_obj_8h.js new file mode 100644 index 0000000..815a655 --- /dev/null +++ b/docs/html/_s_s_l_obj_8h.js @@ -0,0 +1,4 @@ +var _s_s_l_obj_8h = +[ + [ "make_vector_pem", "_s_s_l_obj_8h.html#a9a58d01c9073b90f2b42c655828aea6d", null ] +]; \ No newline at end of file diff --git a/docs/html/_s_s_l_obj_8h_source.html b/docs/html/_s_s_l_obj_8h_source.html new file mode 100644 index 0000000..d32ef25 --- /dev/null +++ b/docs/html/_s_s_l_obj_8h_source.html @@ -0,0 +1,108 @@ + + + + + + + +SSLClient: C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLObj.h Source File + + + + + + + + + + + + + + +
+
+ + + + + + +
+
SSLClient +  v1.1.1 +
+
Add TLS 1.2 functionality to any network library.
+
+
+ + + + + + + +
+
+ +
+
+
+ +
+ +
+
+ + +
+ +
+ +
+
+
SSLObj.h
+
+
+Go to the documentation of this file.
1 /* Copyright 2019 OSU OPEnS Lab
2  *
3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
4  * software and associated documentation files (the "Software"), to deal in the Software
5  * without restriction, including without limitation the rights to use, copy, modify,
6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
7  * permit persons to whom the Software is furnished to do so, subject to the following
8  * conditions:
9  *
10  * The above copyright notice and this permission notice shall be included in all
11  * copies or substantial portions of the Software.
12  *
13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19  */
20 
27 #include <cstring>
28 #include "bearssl_pem.h"
29 
30 #ifndef SSLObj_H_
31 #define SSLObj_H_
32 
33 #undef min
34 #undef max
35 #include <vector>
36 
47 namespace SSLObj {
60  const std::vector<unsigned char> make_vector_pem(const char* data, const size_t len);
61 }
62 
63 #endif
SSLObj
This namespace works with raw DER byte arrays for use later with TLS mutual auth.
Definition: SSLObj.h:47
+
SSLObj::make_vector_pem
const std::vector< unsigned char > make_vector_pem(const char *data, const size_t len)
Convert a PEM buffer into a vector of raw DER bytes.
Definition: SSLObj.cpp:22
+
+
+ + + + diff --git a/docs/html/annotated.html b/docs/html/annotated.html index 2f4d32a..c49db68 100644 --- a/docs/html/annotated.html +++ b/docs/html/annotated.html @@ -93,10 +93,11 @@ $(document).ready(function(){initNavTree('annotated.html','');});
Here are the classes, structs, unions and interfaces with brief descriptions:
- - - - + + + + +
 CSSLClientThe main SSLClient class. Check out README.md for more info
 CSSLClientImplImplementation code to be inherited by SSLClient
 CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication
 CSSLSessionThis class stores values which allow SSLClient to save and resume SSL sessions
 Cssl_pem_decode_state
 CSSLClientThe main SSLClient class. Check out README.md for more info
 CSSLClientImplImplementation code to be inherited by SSLClient
 CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication
 CSSLSessionThis class stores values which allow SSLClient to save and resume SSL sessions
diff --git a/docs/html/annotated_dup.js b/docs/html/annotated_dup.js index 1a3e527..72e17b0 100644 --- a/docs/html/annotated_dup.js +++ b/docs/html/annotated_dup.js @@ -1,5 +1,6 @@ var annotated_dup = [ + [ "ssl_pem_decode_state", "structssl__pem__decode__state.html", "structssl__pem__decode__state" ], [ "SSLClient", "class_s_s_l_client.html", "class_s_s_l_client" ], [ "SSLClientImpl", "class_s_s_l_client_impl.html", "class_s_s_l_client_impl" ], [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", "struct_s_s_l_client_parameters" ], diff --git a/docs/html/class_s_s_l_client-members.html b/docs/html/class_s_s_l_client-members.html index 2685ca5..24a725e 100644 --- a/docs/html/class_s_s_l_client-members.html +++ b/docs/html/class_s_s_l_client-members.html @@ -134,15 +134,16 @@ $(document).ready(function(){initNavTree('class_s_s_l_client.html','');}); remotePort() overrideSSLClient< C, SessionCache >inlinevirtual remove_session_impl(const char *host, const IPAddress &addr)SSLClientImpl removeSession(const char *host, const IPAddress &addr)SSLClient< C, SessionCache >inline + set_mutual_impl(const SSLClientParameters *params)SSLClientImpl + setMutualAuthParams(const SSLClientParameters *params)SSLClient< C, SessionCache >inline SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)SSLClient< C, SessionCache >inlineexplicit - SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)SSLClient< C, SessionCache >inlineexplicit - SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)SSLClientImplexplicit - SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)SSLClientImplexplicit - stop() overrideSSLClient< C, SessionCache >inline - stop_impl()SSLClientImpl - write(uint8_t b) overrideSSLClient< C, SessionCache >inline - write(const uint8_t *buf, size_t size) overrideSSLClient< C, SessionCache >inline - write_impl(const uint8_t *buf, size_t size)SSLClientImpl + SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)SSLClientImplexplicit + SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)SSLClientImplexplicit + stop() overrideSSLClient< C, SessionCache >inline + stop_impl()SSLClientImpl + write(uint8_t b) overrideSSLClient< C, SessionCache >inline + write(const uint8_t *buf, size_t size) overrideSSLClient< C, SessionCache >inline + write_impl(const uint8_t *buf, size_t size)SSLClientImpl diff --git a/docs/html/class_s_s_l_client.html b/docs/html/class_s_s_l_client.html index b9d4812..d8df6fe 100644 --- a/docs/html/class_s_s_l_client.html +++ b/docs/html/class_s_s_l_client.html @@ -115,8 +115,6 @@ Public Member Functions  SSLClient (const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)  Initialize SSLClient with all of the prerequisites needed. More...
  - SSLClient (const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params) -  int connect (IPAddress ip, uint16_t port) override  Connect over SSL to a host specified by an IP address. More...
  @@ -149,6 +147,9 @@ Public Member Functions uint8_t connected () override  Check if the device is connected. More...
  +void setMutualAuthParams (const SSLClientParameters *params) + Add a client certificate and enable support for mutual auth. More...
SSLSessiongetSession (const char *host, const IPAddress &addr)  Gets a session reference corresponding to a host and IP, or a reference to a empty session if none exist. More...
  @@ -210,6 +211,8 @@ Public Member Functions   void remove_session_impl (const char *host, const IPAddress &addr)   +void set_mutual_impl (const SSLClientParameters *params) +  @@ -255,7 +258,7 @@ class SSLClient< C, SessionCache >

The main SSLClient class. Check out README.md for more info.

Constructor & Destructor Documentation

-

◆ SSLClient() [1/2]

+

◆ SSLClient()

@@ -324,69 +327,6 @@ The analog_pin should be set to input. -
-
- -

◆ SSLClient() [2/2]

- -
-
-
-template<class C , size_t SessionCache = 1>
-

Protected Member Functions

- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SSLClient< C, SessionCache >::SSLClient (const C & client,
const br_x509_trust_anchor * trust_anchors,
const size_t trust_anchors_num,
const int analog_pin,
const DebugLevel debug,
const SSLClientParametersmutual_auth_params 
)
- 		-inlineexplicit
-
-

Same as SSLClient::SSLClient(const C &, const br_x509_trust_anchor*, const size_t, const int, const DebugLevel), but can compile support for mutual authentication.

-

Member Function Documentation

@@ -1234,6 +1174,37 @@ template<class C , size_t SessionCache = 1> + + + +

◆ setMutualAuthParams()

+ +
+
+
+template<class C , size_t SessionCache = 1>
+ + + + + +
+ + + + + + + + +
void SSLClient< C, SessionCache >::setMutualAuthParams (const SSLClientParametersparams)
+ 		+inline
+
+ +

Add a client certificate and enable support for mutual auth.

+

This function must be called BEFORE making an SSL connection.

+
diff --git a/docs/html/class_s_s_l_client.js b/docs/html/class_s_s_l_client.js index 814f6b3..029693f 100644 --- a/docs/html/class_s_s_l_client.js +++ b/docs/html/class_s_s_l_client.js @@ -1,7 +1,6 @@ var class_s_s_l_client = [ [ "SSLClient", "class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0", null ], - [ "SSLClient", "class_s_s_l_client.html#ad7b20a2ac220d346a8047db77d97723d", null ], [ "available", "class_s_s_l_client.html#a5d13fd2f32ee2ea65a1f3820f758e77e", null ], [ "connect", "class_s_s_l_client.html#a4a2172aedfcc483ba2a256ad12148630", null ], [ "connect", "class_s_s_l_client.html#a91c63e35f31652c20faa5b9be95984bf", null ], @@ -26,6 +25,7 @@ var class_s_s_l_client = [ "remoteIP", "class_s_s_l_client.html#af76a0df76834e0d0999dbf44c7c0a174", null ], [ "remotePort", "class_s_s_l_client.html#a5974a5f8722a752f121af4fac498bb22", null ], [ "removeSession", "class_s_s_l_client.html#a5b626703a24089dbb0480a9b6ddf348c", null ], + [ "setMutualAuthParams", "class_s_s_l_client.html#a16aa9765bd450dcbba21c598456f464f", null ], [ "stop", "class_s_s_l_client.html#ad30db47248d78df7c12dedfb27f06529", null ], [ "write", "class_s_s_l_client.html#a6b8ff53c10fe34aab1dc2561410f70bb", null ], [ "write", "class_s_s_l_client.html#a6bcb7579ebc051c097acb794b95771a9", null ] diff --git a/docs/html/class_s_s_l_client_impl-members.html b/docs/html/class_s_s_l_client_impl-members.html index a54731c..d522108 100644 --- a/docs/html/class_s_s_l_client_impl-members.html +++ b/docs/html/class_s_s_l_client_impl-members.html @@ -118,10 +118,11 @@ $(document).ready(function(){initNavTree('class_s_s_l_client_impl.html','');}); remoteIP()=0SSLClientImplpure virtual remotePort()=0SSLClientImplpure virtual remove_session_impl(const char *host, const IPAddress &addr)SSLClientImpl - SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)SSLClientImplexplicit - SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)SSLClientImplexplicit - stop_impl()SSLClientImpl - write_impl(const uint8_t *buf, size_t size)SSLClientImpl + set_mutual_impl(const SSLClientParameters *params)SSLClientImpl + SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)SSLClientImplexplicit + SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)SSLClientImplexplicit + stop_impl()SSLClientImpl + write_impl(const uint8_t *buf, size_t size)SSLClientImpl diff --git a/docs/html/class_s_s_l_client_impl.html b/docs/html/class_s_s_l_client_impl.html index bd14620..ce4a622 100644 --- a/docs/html/class_s_s_l_client_impl.html +++ b/docs/html/class_s_s_l_client_impl.html @@ -138,6 +138,8 @@ Public Member Functions   void remove_session_impl (const char *host, const IPAddress &addr)   +void set_mutual_impl (const SSLClientParameters *params) +  virtual uint16_t localPort ()=0   virtual IPAddress remoteIP ()=0 @@ -1002,6 +1004,25 @@ template<typename T >
See also
SSLClient::removeSession
+
+ + +

◆ set_mutual_impl()

+ +
+
+ + + + + + + + +
void SSLClientImpl::set_mutual_impl (const SSLClientParametersparams)
+
+
See also
SSLClient::setMutualAuthParams
+
diff --git a/docs/html/class_s_s_l_client_impl.js b/docs/html/class_s_s_l_client_impl.js index a423c6a..d862475 100644 --- a/docs/html/class_s_s_l_client_impl.js +++ b/docs/html/class_s_s_l_client_impl.js @@ -26,6 +26,7 @@ var class_s_s_l_client_impl = [ "remoteIP", "class_s_s_l_client_impl.html#ae97adc55212c1aa96880aac28dd71387", null ], [ "remotePort", "class_s_s_l_client_impl.html#a93cdb32491fc08b035e40f840ff2e8f5", null ], [ "remove_session_impl", "class_s_s_l_client_impl.html#a6baed094969874fb9d2bea3a00ecbee1", null ], + [ "set_mutual_impl", "class_s_s_l_client_impl.html#a9dd694f8e0e65624b103dc781a7744af", null ], [ "stop_impl", "class_s_s_l_client_impl.html#a81eb5ede3a894f281ae586d463b624e6", null ], [ "write_impl", "class_s_s_l_client_impl.html#a807656f814f24cf6cd711e429b716c4d", null ] ]; \ No newline at end of file diff --git a/docs/html/classes.html b/docs/html/classes.html index e47714d..c18aed9 100644 --- a/docs/html/classes.html +++ b/docs/html/classes.html @@ -94,10 +94,10 @@ $(document).ready(function(){initNavTree('classes.html','');});
s
- - - + + + +
  s  
-		SSLClientImpl   SSLSession   
SSLClientParameters   
SSLClient   
SSLClient   SSLClientParameters   
SSLClientImpl   SSLSession   
ssl_pem_decode_state   
s
diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html index 8c0fd50..b4482c9 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html @@ -104,6 +104,10 @@ Files   file  SSLClientParameters.h [code]   +file  SSLObj.cpp +  +file  SSLObj.h [code] +  file  SSLSession.cpp   file  SSLSession.h [code] diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js index 703b1e3..6b5c86a 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js @@ -7,6 +7,8 @@ var dir_68267d1309a1af8e8297ef4c3efbcdba = [ "SSLClientParameters.h", "_s_s_l_client_parameters_8h.html", [ [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", "struct_s_s_l_client_parameters" ] ] ], + [ "SSLObj.cpp", "_s_s_l_obj_8cpp.html", "_s_s_l_obj_8cpp" ], + [ "SSLObj.h", "_s_s_l_obj_8h.html", "_s_s_l_obj_8h" ], [ "SSLSession.cpp", "_s_s_l_session_8cpp.html", null ], [ "SSLSession.h", "_s_s_l_session_8h.html", [ [ "SSLSession", "class_s_s_l_session.html", "class_s_s_l_session" ] diff --git a/docs/html/files.html b/docs/html/files.html index 40e5214..6f99fdf 100644 --- a/docs/html/files.html +++ b/docs/html/files.html @@ -106,10 +106,12 @@ $(document).ready(function(){initNavTree('files.html','');});  SSLClientImpl.cpp  SSLClientImpl.h  SSLClientParameters.h - SSLSession.cpp - SSLSession.h - time_macros.h - TLS12_only_profile.c + SSLObj.cpp + SSLObj.h + SSLSession.cpp + SSLSession.h + time_macros.h + TLS12_only_profile.c diff --git a/docs/html/functions.html b/docs/html/functions.html index b78e046..549139d 100644 --- a/docs/html/functions.html +++ b/docs/html/functions.html @@ -113,7 +113,7 @@ $(document).ready(function(){initNavTree('functions.html','');}); : SSLClient< C, SessionCache >
  • connect_impl() -: SSLClientImpl +: SSLClientImpl
  • connected() : SSLClient< C, SessionCache > @@ -144,7 +144,7 @@ $(document).ready(function(){initNavTree('functions.html','');});

    - g -

    • get_arduino_client() : SSLClient< C, SessionCache > -, SSLClientImpl +, SSLClientImpl
    • get_hostname() : SSLSession @@ -153,7 +153,7 @@ $(document).ready(function(){initNavTree('functions.html','');}); : SSLSession
    • get_session_array() -: SSLClient< C, SessionCache > +: SSLClient< C, SessionCache > , SSLClientImpl
    • get_session_impl() @@ -173,6 +173,9 @@ $(document).ready(function(){initNavTree('functions.html','');});

      - i -

        +
      • index +: ssl_pem_decode_state +
      • is_valid_session() : SSLSession
        • @@ -263,9 +266,15 @@ $(document).ready(function(){initNavTree('functions.html','');});

        - s -

        +

        - v -

        + +

        - w -

        • write() : SSLClient< C, SessionCache > diff --git a/docs/html/functions_func.html b/docs/html/functions_func.html index 9d99958..f610a78 100644 --- a/docs/html/functions_func.html +++ b/docs/html/functions_func.html @@ -250,9 +250,15 @@ $(document).ready(function(){initNavTree('functions_func.html','');});

          - s -

          diff --git a/docs/html/hierarchy.html b/docs/html/hierarchy.html index bee8ccf..50cd42e 100644 --- a/docs/html/hierarchy.html +++ b/docs/html/hierarchy.html @@ -98,7 +98,8 @@ $(document).ready(function(){initNavTree('hierarchy.html','');});  CClient  CSSLClientImplImplementation code to be inherited by SSLClient  CSSLClient< C, SessionCache >The main SSLClient class. Check out README.md for more info - CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication + Cssl_pem_decode_state + CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication diff --git a/docs/html/hierarchy.js b/docs/html/hierarchy.js index c7642c5..bfd3475 100644 --- a/docs/html/hierarchy.js +++ b/docs/html/hierarchy.js @@ -8,5 +8,6 @@ var hierarchy = [ "SSLClient< C, SessionCache >", "class_s_s_l_client.html", null ] ] ] ] ], + [ "ssl_pem_decode_state", "structssl__pem__decode__state.html", null ], [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", null ] ]; \ No newline at end of file diff --git a/docs/html/menudata.js b/docs/html/menudata.js index 6d24172..d7d7efc 100644 --- a/docs/html/menudata.js +++ b/docs/html/menudata.js @@ -24,6 +24,11 @@ for the JavaScript code in this file var menudata={children:[ {text:"Main Page",url:"index.html"}, {text:"Related Pages",url:"pages.html"}, +{text:"Namespaces",url:"namespaces.html",children:[ +{text:"Namespace List",url:"namespaces.html"}, +{text:"Namespace Members",url:"namespacemembers.html",children:[ +{text:"All",url:"namespacemembers.html"}, +{text:"Functions",url:"namespacemembers_func.html"}]}]}, {text:"Classes",url:"annotated.html",children:[ {text:"Class List",url:"annotated.html"}, {text:"Class Index",url:"classes.html"}, @@ -43,6 +48,7 @@ var menudata={children:[ {text:"r",url:"functions.html#index_r"}, {text:"s",url:"functions.html#index_s"}, {text:"t",url:"functions.html#index_t"}, +{text:"v",url:"functions.html#index_v"}, {text:"w",url:"functions.html#index_w"}]}, {text:"Functions",url:"functions_func.html",children:[ {text:"a",url:"functions_func.html#index_a"}, diff --git a/docs/html/namespace_s_s_l_obj.html b/docs/html/namespace_s_s_l_obj.html new file mode 100644 index 0000000..f347e91 --- /dev/null +++ b/docs/html/namespace_s_s_l_obj.html @@ -0,0 +1,159 @@ + + + + + + + +SSLClient: SSLObj Namespace Reference + + + + + + + + + + + + + + +
          +
          + + + + + + +
          +
          SSLClient +  v1.1.1 +
          +
          Add TLS 1.2 functionality to any network library.
          +
          +
          + + + + + + + +
          +
          + +
          +
          +
          + +
          + +
          +
          + + +
          + +
          + +
          +
          +Functions
          +
          +
          SSLObj Namespace Reference
          +
          +
          + +

          This namespace works with raw DER byte arrays for use later with TLS mutual auth. +More...

          + + + + + +

          +Functions

          const std::vector< unsigned char > make_vector_pem (const char *data, const size_t len)
           Convert a PEM buffer into a vector of raw DER bytes. More...
           
          +

          Detailed Description

          +

          This namespace works with raw DER byte arrays for use later with TLS mutual auth.

          +

          SSLObj.h

          +

          This file contains a utility class to take PEM input and store it as a DER object for later use by BearSSL.This namespace was created to store some of the values stored in SSLClientParameters, which allow BearSSL use client certificates when creating a TLS connection. Since most certificates are transmitted over the internet in PEM format, a certificate can be provided in PEM or DER format, and will be converted internally to DER format for later use.

          +

          Function Documentation

          + +

          ◆ make_vector_pem()

          + +
          +
          + + + + + + + + + + + + + + + + + + +
          const std::vector< unsigned char > SSLObj::make_vector_pem (const char * data,
          const size_t len 
          )
          +
          + +

          Convert a PEM buffer into a vector of raw DER bytes.

          +

          This function takes a PEM buffer (e.g. ----BEGIN CERTIFICATE...) and converts it into a vector of raw bytes. The bytes given to this function must:

            +
          • Contain both the -----BEGIN XXX----- and -----END XXX----- strings. These are removed during processing.
            • +
          • Have a base64 encoded body
            • +
          • Only contain a single object (certificate, private key, etc.).
            • +
          +
          Returns
          The raw bytes decoded from the PEM file.
          + +
          +
          +
          +
          + + + + diff --git a/docs/html/namespacemembers.html b/docs/html/namespacemembers.html new file mode 100644 index 0000000..5b0684e --- /dev/null +++ b/docs/html/namespacemembers.html @@ -0,0 +1,106 @@ + + + + + + + +SSLClient: Namespace Members + + + + + + + + + + + + + + +
          +
          + + + + + + +
          +
          SSLClient +  v1.1.1 +
          +
          Add TLS 1.2 functionality to any network library.
          +
          +
          + + + + + + + +
          +
          + +
          +
          +
          + +
          + +
          +
          + + +
          + +
          + +
          +
          Here is a list of all namespace members with links to the namespace documentation for each member:
            +
          • make_vector_pem() +: SSLObj +
            • +
          +
          +
          + + + + diff --git a/docs/html/namespacemembers_func.html b/docs/html/namespacemembers_func.html new file mode 100644 index 0000000..3b56928 --- /dev/null +++ b/docs/html/namespacemembers_func.html @@ -0,0 +1,106 @@ + + + + + + + +SSLClient: Namespace Members + + + + + + + + + + + + + + +
          +
          + + + + + + +
          +
          SSLClient +  v1.1.1 +
          +
          Add TLS 1.2 functionality to any network library.
          +
          +
          + + + + + + + +
          +
          + +
          +
          +
          + +
          + +
          +
          + + +
          + +
          + +
            +
          • make_vector_pem() +: SSLObj +
            • +
          +
          +
          + + + + diff --git a/docs/html/namespaces.html b/docs/html/namespaces.html new file mode 100644 index 0000000..5dde767 --- /dev/null +++ b/docs/html/namespaces.html @@ -0,0 +1,110 @@ + + + + + + + +SSLClient: Namespace List + + + + + + + + + + + + + + +
          +
          + + + + + + +
          +
          SSLClient +  v1.1.1 +
          +
          Add TLS 1.2 functionality to any network library.
          +
          +
          + + + + + + + +
          +
          + +
          +
          +
          + +
          + +
          +
          + + +
          + +
          + +
          +
          +
          Namespace List
          +
          +
          +
          Here is a list of all namespaces with brief descriptions:
          + + +
           NSSLObjThis namespace works with raw DER byte arrays for use later with TLS mutual auth
          +
          +
          +
          + + + + diff --git a/docs/html/namespaces_dup.js b/docs/html/namespaces_dup.js new file mode 100644 index 0000000..edcae9b --- /dev/null +++ b/docs/html/namespaces_dup.js @@ -0,0 +1,4 @@ +var namespaces_dup = +[ + [ "SSLObj", "namespace_s_s_l_obj.html", null ] +]; \ No newline at end of file diff --git a/docs/html/navtreedata.js b/docs/html/navtreedata.js index 14992b6..c0fedb9 100644 --- a/docs/html/navtreedata.js +++ b/docs/html/navtreedata.js @@ -26,6 +26,13 @@ var NAVTREE = [ "SSLClient", "index.html", [ [ "SSLClient - Arduino Library For SSL", "index.html", null ], [ "Trust Anchors", "md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html", null ], + [ "Namespaces", "namespaces.html", [ + [ "Namespace List", "namespaces.html", "namespaces_dup" ], + [ "Namespace Members", "namespacemembers.html", [ + [ "All", "namespacemembers.html", null ], + [ "Functions", "namespacemembers_func.html", null ] + ] ] + ] ], [ "Classes", "annotated.html", [ [ "Class List", "annotated.html", "annotated_dup" ], [ "Class Index", "classes.html", null ], diff --git a/docs/html/navtreeindex0.js b/docs/html/navtreeindex0.js index dbc5b10..e9bd31d 100644 --- a/docs/html/navtreeindex0.js +++ b/docs/html/navtreeindex0.js @@ -1,158 +1,170 @@ var NAVTREEINDEX0 = { -"_s_s_l_client_8h.html":[3,0,2,1], -"_s_s_l_client_8h.html#a0e14869de8f634ff2fb63826ae583569":[3,0,2,1,1], -"_s_s_l_client_8h_source.html":[3,0,2,1], -"_s_s_l_client_impl_8cpp.html":[3,0,2,2], -"_s_s_l_client_impl_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56":[3,0,2,2,0], -"_s_s_l_client_impl_8h.html":[3,0,2,3], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5":[3,0,2,3,2], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1218c16a5bf50589e0c498983851612c":[3,0,2,3,2,0], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d5f8248fac85f56b05d49c7cb53494b":[3,0,2,3,2,3], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d9afd51e0012e791f099657797c9aa9":[3,0,2,3,2,4], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5aaa79045423a355885738cd239dff6c2b":[3,0,2,3,2,1], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5adec799caf92b4fe2b6d2b362136f6ef6":[3,0,2,3,2,6], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afb90a695332a7c96044dc97c577ee3c3":[3,0,2,3,2,2], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afd588a56dcccf4f6943defa7ab699afc":[3,0,2,3,2,5], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395":[3,0,2,3,1], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a86c8fdfc38831619d5ed73dff5b0911d":[3,0,2,3,1,2], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a8c0bb62be3d0e6bfe5ed2f7ebbed3d91":[3,0,2,3,1,3], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395ad3f9f0591dcabc4fac1222c462bf17ec":[3,0,2,3,1,1], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395af16e73d8cce9a2c987bde5afe5524d7f":[3,0,2,3,1,0], -"_s_s_l_client_impl_8h_source.html":[3,0,2,3], -"_s_s_l_client_parameters_8h.html":[3,0,2,4], -"_s_s_l_client_parameters_8h_source.html":[3,0,2,4], -"_s_s_l_session_8cpp.html":[3,0,2,5], -"_s_s_l_session_8h.html":[3,0,2,6], -"_s_s_l_session_8h_source.html":[3,0,2,6], -"_t_l_s12__only__profile_8c.html":[3,0,2,8], -"_t_l_s12__only__profile_8c.html#a32c8112a1c37ba21a05952eeefc435f3":[3,0,2,8,0], -"annotated.html":[2,0], -"cert_8h.html":[3,0,1,0], -"cert_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[3,0,1,0,0], -"cert_8h_source.html":[3,0,1,0], -"class_s_s_l_client.html":[2,0,0], -"class_s_s_l_client.html#a18adfc074d6b8e996819d4beb4689cbd":[2,0,0,10], -"class_s_s_l_client.html#a25e4414ab0c9424d09592f9567a678dc":[2,0,0,5], -"class_s_s_l_client.html#a2d378fbb7b8f15a1691746572f9d95b1":[2,0,0,15], -"class_s_s_l_client.html#a2d71f00d6634092f50c5262ad25cdacd":[2,0,0,13], -"class_s_s_l_client.html#a2d8bf9b891151bc5b0b865d70cf9c086":[2,0,0,12], -"class_s_s_l_client.html#a2ee6a3134d07ca09cf61ee04d32c3d44":[2,0,0,6], -"class_s_s_l_client.html#a31742867b00bd8d130637af0935bacbd":[2,0,0,20], -"class_s_s_l_client.html#a353c875d17a85dbb7bfe10de155f3b52":[2,0,0,8], -"class_s_s_l_client.html#a4a2172aedfcc483ba2a256ad12148630":[2,0,0,3], -"class_s_s_l_client.html#a505bfb6831a45aebf58d84e3b89d4cfc":[2,0,0,18], -"class_s_s_l_client.html#a563c5f9829757075bf16742cffa4cf73":[2,0,0,14], -"class_s_s_l_client.html#a5974a5f8722a752f121af4fac498bb22":[2,0,0,24], -"class_s_s_l_client.html#a5b626703a24089dbb0480a9b6ddf348c":[2,0,0,25], -"class_s_s_l_client.html#a5d13fd2f32ee2ea65a1f3820f758e77e":[2,0,0,2], -"class_s_s_l_client.html#a5f40f8f4d26d21e14276c3e8162b62b9":[2,0,0,19], -"class_s_s_l_client.html#a6b8ff53c10fe34aab1dc2561410f70bb":[2,0,0,27], -"class_s_s_l_client.html#a6bcb7579ebc051c097acb794b95771a9":[2,0,0,28], -"class_s_s_l_client.html#a824b599264f893e1b206a9100bc52ee1":[2,0,0,16], -"class_s_s_l_client.html#a91c63e35f31652c20faa5b9be95984bf":[2,0,0,4], -"class_s_s_l_client.html#a9c5001bdfa75ccc0d93cc60dd872b38a":[2,0,0,7], -"class_s_s_l_client.html#a9e7769fed78825cf4723778f4b5aa3e9":[2,0,0,9], -"class_s_s_l_client.html#ad30db47248d78df7c12dedfb27f06529":[2,0,0,26], -"class_s_s_l_client.html#ad7b20a2ac220d346a8047db77d97723d":[2,0,0,1], -"class_s_s_l_client.html#adab82ba09345fa070712d3124af30e1b":[2,0,0,17], -"class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0":[2,0,0,0], -"class_s_s_l_client.html#aedf2746cc35da596faf8322776c2118e":[2,0,0,21], -"class_s_s_l_client.html#af76a0df76834e0d0999dbf44c7c0a174":[2,0,0,23], -"class_s_s_l_client.html#afd0d4d2c98433d60897d8828d8047d41":[2,0,0,11], -"class_s_s_l_client.html#afd6d7ae798c05cf566b2eb5651dba795":[2,0,0,22], -"class_s_s_l_client_impl.html":[2,0,1], -"class_s_s_l_client_impl.html#a1b90e7df3a77eea5efb955cc15a17f7d":[2,0,1,21], -"class_s_s_l_client_impl.html#a20dd9a9794b95719e6f3df8cb39126e3":[2,0,1,7], -"class_s_s_l_client_impl.html#a21ab78a0917f74ae5383d688e1548788":[2,0,1,6], -"class_s_s_l_client_impl.html#a231b7b1bb2182cda1ed6e9d5ebf66afe":[2,0,1,22], -"class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b":[2,0,1,0], -"class_s_s_l_client_impl.html#a2bfb55bcde46d8d77a46bfe0f577bf3f":[2,0,1,20], -"class_s_s_l_client_impl.html#a2cf492a714cf787e54a17bb47cda43ed":[2,0,1,17], -"class_s_s_l_client_impl.html#a3b4cb1e9e510955078b83c9f84c0e18c":[2,0,1,15], -"class_s_s_l_client_impl.html#a44cfafd6f5cdcaa5dbac22961ab3a58b":[2,0,1,9], -"class_s_s_l_client_impl.html#a45a1967029784a2f0f3edc7f75a00117":[2,0,1,16], -"class_s_s_l_client_impl.html#a45f26385ee1975b12265943efb1ff0d5":[2,0,1,13], -"class_s_s_l_client_impl.html#a6baed094969874fb9d2bea3a00ecbee1":[2,0,1,25], -"class_s_s_l_client_impl.html#a6e701597178b81f10d0db671b81ab075":[2,0,1,19], -"class_s_s_l_client_impl.html#a807656f814f24cf6cd711e429b716c4d":[2,0,1,27], -"class_s_s_l_client_impl.html#a81eb5ede3a894f281ae586d463b624e6":[2,0,1,26], -"class_s_s_l_client_impl.html#a8314c7dab1d923db5624f8075a53e6ea":[2,0,1,1], -"class_s_s_l_client_impl.html#a8e2385522ec04b1ce70871d4de23db6b":[2,0,1,12], -"class_s_s_l_client_impl.html#a93cdb32491fc08b035e40f840ff2e8f5":[2,0,1,24], -"class_s_s_l_client_impl.html#a957984fa392550a7df86f758e9b14bfb":[2,0,1,5], -"class_s_s_l_client_impl.html#a9ee82ad492f2297bd7cd0835c0d4556f":[2,0,1,18], -"class_s_s_l_client_impl.html#aa5c14ecf301c268306946c85825e565b":[2,0,1,3], -"class_s_s_l_client_impl.html#ab1c8f30bd3669c15e07fa1522ede4336":[2,0,1,8], -"class_s_s_l_client_impl.html#ab4e38d4319ec504395d67d2ab21a639e":[2,0,1,11], -"class_s_s_l_client_impl.html#abe33c793ec37f11087651cf4e586569b":[2,0,1,2], -"class_s_s_l_client_impl.html#ace6652307ba028d67c7ddbc4103fa9b4":[2,0,1,10], -"class_s_s_l_client_impl.html#ada595ed8f11673a9180ef0b762949c83":[2,0,1,14], -"class_s_s_l_client_impl.html#ae6c947ad92979ab99364428004abbeba":[2,0,1,4], -"class_s_s_l_client_impl.html#ae97adc55212c1aa96880aac28dd71387":[2,0,1,23], -"class_s_s_l_session.html":[2,0,3], -"class_s_s_l_session.html#a0c36cee72cfa862b7d4b2f5c112d5076":[2,0,3,4], -"class_s_s_l_session.html#a2fa15ce0b7caae25dfb567954175257e":[2,0,3,6], -"class_s_s_l_session.html#a3305941fa615f7134526b718917716ee":[2,0,3,1], -"class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820":[2,0,3,2], -"class_s_s_l_session.html#a878e1e8788634c5c42778369fbf7bab0":[2,0,3,3], -"class_s_s_l_session.html#abb3f7bbe70e3a59f9ce492c55507f36f":[2,0,3,5], -"class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc":[2,0,3,7], -"class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb":[2,0,3,0], -"classes.html":[2,1], -"dir_386349f6a9bc1e2cd0767d257d5e5b91.html":[3,0,0,1], -"dir_68267d1309a1af8e8297ef4c3efbcdba.html":[3,0,2], -"dir_9c42dc81377249a918256dbb9cfb2167.html":[3,0,0,0], -"dir_d28a4824dc47e487b107a5db32ef43c4.html":[3,0,0], -"dir_dfc5a9f91fbfb9426c406a3f10131a54.html":[3,0,1], -"ec__prime__fast__256_8c.html":[3,0,2,0], -"ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab":[3,0,2,0,0], -"files.html":[3,0], -"functions.html":[2,3,0], -"functions_func.html":[2,3,1], -"functions_vars.html":[2,3,2], -"globals.html":[3,1,0], -"globals_defs.html":[3,1,5], -"globals_enum.html":[3,1,3], -"globals_eval.html":[3,1,4], -"globals_func.html":[3,1,1], -"globals_vars.html":[3,1,2], -"hierarchy.html":[2,2], +"_s_s_l_client_8h.html":[4,0,2,1], +"_s_s_l_client_8h.html#a0e14869de8f634ff2fb63826ae583569":[4,0,2,1,1], +"_s_s_l_client_8h_source.html":[4,0,2,1], +"_s_s_l_client_impl_8cpp.html":[4,0,2,2], +"_s_s_l_client_impl_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56":[4,0,2,2,0], +"_s_s_l_client_impl_8h.html":[4,0,2,3], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5":[4,0,2,3,2], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1218c16a5bf50589e0c498983851612c":[4,0,2,3,2,0], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d5f8248fac85f56b05d49c7cb53494b":[4,0,2,3,2,3], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d9afd51e0012e791f099657797c9aa9":[4,0,2,3,2,4], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5aaa79045423a355885738cd239dff6c2b":[4,0,2,3,2,1], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5adec799caf92b4fe2b6d2b362136f6ef6":[4,0,2,3,2,6], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afb90a695332a7c96044dc97c577ee3c3":[4,0,2,3,2,2], +"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afd588a56dcccf4f6943defa7ab699afc":[4,0,2,3,2,5], +"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395":[4,0,2,3,1], +"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a86c8fdfc38831619d5ed73dff5b0911d":[4,0,2,3,1,2], +"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a8c0bb62be3d0e6bfe5ed2f7ebbed3d91":[4,0,2,3,1,3], +"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395ad3f9f0591dcabc4fac1222c462bf17ec":[4,0,2,3,1,1], +"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395af16e73d8cce9a2c987bde5afe5524d7f":[4,0,2,3,1,0], +"_s_s_l_client_impl_8h_source.html":[4,0,2,3], +"_s_s_l_client_parameters_8h.html":[4,0,2,4], +"_s_s_l_client_parameters_8h_source.html":[4,0,2,4], +"_s_s_l_obj_8cpp.html":[4,0,2,5], +"_s_s_l_obj_8h.html":[4,0,2,6], +"_s_s_l_obj_8h.html#a9a58d01c9073b90f2b42c655828aea6d":[4,0,2,6,0], +"_s_s_l_obj_8h_source.html":[4,0,2,6], +"_s_s_l_session_8cpp.html":[4,0,2,7], +"_s_s_l_session_8h.html":[4,0,2,8], +"_s_s_l_session_8h_source.html":[4,0,2,8], +"_t_l_s12__only__profile_8c.html":[4,0,2,10], +"_t_l_s12__only__profile_8c.html#a32c8112a1c37ba21a05952eeefc435f3":[4,0,2,10,0], +"annotated.html":[3,0], +"cert_8h.html":[4,0,1,0], +"cert_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[4,0,1,0,0], +"cert_8h_source.html":[4,0,1,0], +"class_s_s_l_client.html":[3,0,1], +"class_s_s_l_client.html#a16aa9765bd450dcbba21c598456f464f":[3,0,1,25], +"class_s_s_l_client.html#a18adfc074d6b8e996819d4beb4689cbd":[3,0,1,9], +"class_s_s_l_client.html#a25e4414ab0c9424d09592f9567a678dc":[3,0,1,4], +"class_s_s_l_client.html#a2d378fbb7b8f15a1691746572f9d95b1":[3,0,1,14], +"class_s_s_l_client.html#a2d71f00d6634092f50c5262ad25cdacd":[3,0,1,12], +"class_s_s_l_client.html#a2d8bf9b891151bc5b0b865d70cf9c086":[3,0,1,11], +"class_s_s_l_client.html#a2ee6a3134d07ca09cf61ee04d32c3d44":[3,0,1,5], +"class_s_s_l_client.html#a31742867b00bd8d130637af0935bacbd":[3,0,1,19], +"class_s_s_l_client.html#a353c875d17a85dbb7bfe10de155f3b52":[3,0,1,7], +"class_s_s_l_client.html#a4a2172aedfcc483ba2a256ad12148630":[3,0,1,2], +"class_s_s_l_client.html#a505bfb6831a45aebf58d84e3b89d4cfc":[3,0,1,17], +"class_s_s_l_client.html#a563c5f9829757075bf16742cffa4cf73":[3,0,1,13], +"class_s_s_l_client.html#a5974a5f8722a752f121af4fac498bb22":[3,0,1,23], +"class_s_s_l_client.html#a5b626703a24089dbb0480a9b6ddf348c":[3,0,1,24], +"class_s_s_l_client.html#a5d13fd2f32ee2ea65a1f3820f758e77e":[3,0,1,1], +"class_s_s_l_client.html#a5f40f8f4d26d21e14276c3e8162b62b9":[3,0,1,18], +"class_s_s_l_client.html#a6b8ff53c10fe34aab1dc2561410f70bb":[3,0,1,27], +"class_s_s_l_client.html#a6bcb7579ebc051c097acb794b95771a9":[3,0,1,28], +"class_s_s_l_client.html#a824b599264f893e1b206a9100bc52ee1":[3,0,1,15], +"class_s_s_l_client.html#a91c63e35f31652c20faa5b9be95984bf":[3,0,1,3], +"class_s_s_l_client.html#a9c5001bdfa75ccc0d93cc60dd872b38a":[3,0,1,6], +"class_s_s_l_client.html#a9e7769fed78825cf4723778f4b5aa3e9":[3,0,1,8], +"class_s_s_l_client.html#ad30db47248d78df7c12dedfb27f06529":[3,0,1,26], +"class_s_s_l_client.html#adab82ba09345fa070712d3124af30e1b":[3,0,1,16], +"class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0":[3,0,1,0], +"class_s_s_l_client.html#aedf2746cc35da596faf8322776c2118e":[3,0,1,20], +"class_s_s_l_client.html#af76a0df76834e0d0999dbf44c7c0a174":[3,0,1,22], +"class_s_s_l_client.html#afd0d4d2c98433d60897d8828d8047d41":[3,0,1,10], +"class_s_s_l_client.html#afd6d7ae798c05cf566b2eb5651dba795":[3,0,1,21], +"class_s_s_l_client_impl.html":[3,0,2], +"class_s_s_l_client_impl.html#a1b90e7df3a77eea5efb955cc15a17f7d":[3,0,2,21], +"class_s_s_l_client_impl.html#a20dd9a9794b95719e6f3df8cb39126e3":[3,0,2,7], +"class_s_s_l_client_impl.html#a21ab78a0917f74ae5383d688e1548788":[3,0,2,6], +"class_s_s_l_client_impl.html#a231b7b1bb2182cda1ed6e9d5ebf66afe":[3,0,2,22], +"class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b":[3,0,2,0], +"class_s_s_l_client_impl.html#a2bfb55bcde46d8d77a46bfe0f577bf3f":[3,0,2,20], +"class_s_s_l_client_impl.html#a2cf492a714cf787e54a17bb47cda43ed":[3,0,2,17], +"class_s_s_l_client_impl.html#a3b4cb1e9e510955078b83c9f84c0e18c":[3,0,2,15], +"class_s_s_l_client_impl.html#a44cfafd6f5cdcaa5dbac22961ab3a58b":[3,0,2,9], +"class_s_s_l_client_impl.html#a45a1967029784a2f0f3edc7f75a00117":[3,0,2,16], +"class_s_s_l_client_impl.html#a45f26385ee1975b12265943efb1ff0d5":[3,0,2,13], +"class_s_s_l_client_impl.html#a6baed094969874fb9d2bea3a00ecbee1":[3,0,2,25], +"class_s_s_l_client_impl.html#a6e701597178b81f10d0db671b81ab075":[3,0,2,19], +"class_s_s_l_client_impl.html#a807656f814f24cf6cd711e429b716c4d":[3,0,2,28], +"class_s_s_l_client_impl.html#a81eb5ede3a894f281ae586d463b624e6":[3,0,2,27], +"class_s_s_l_client_impl.html#a8314c7dab1d923db5624f8075a53e6ea":[3,0,2,1], +"class_s_s_l_client_impl.html#a8e2385522ec04b1ce70871d4de23db6b":[3,0,2,12], +"class_s_s_l_client_impl.html#a93cdb32491fc08b035e40f840ff2e8f5":[3,0,2,24], +"class_s_s_l_client_impl.html#a957984fa392550a7df86f758e9b14bfb":[3,0,2,5], +"class_s_s_l_client_impl.html#a9dd694f8e0e65624b103dc781a7744af":[3,0,2,26], +"class_s_s_l_client_impl.html#a9ee82ad492f2297bd7cd0835c0d4556f":[3,0,2,18], +"class_s_s_l_client_impl.html#aa5c14ecf301c268306946c85825e565b":[3,0,2,3], +"class_s_s_l_client_impl.html#ab1c8f30bd3669c15e07fa1522ede4336":[3,0,2,8], +"class_s_s_l_client_impl.html#ab4e38d4319ec504395d67d2ab21a639e":[3,0,2,11], +"class_s_s_l_client_impl.html#abe33c793ec37f11087651cf4e586569b":[3,0,2,2], +"class_s_s_l_client_impl.html#ace6652307ba028d67c7ddbc4103fa9b4":[3,0,2,10], +"class_s_s_l_client_impl.html#ada595ed8f11673a9180ef0b762949c83":[3,0,2,14], +"class_s_s_l_client_impl.html#ae6c947ad92979ab99364428004abbeba":[3,0,2,4], +"class_s_s_l_client_impl.html#ae97adc55212c1aa96880aac28dd71387":[3,0,2,23], +"class_s_s_l_session.html":[3,0,4], +"class_s_s_l_session.html#a0c36cee72cfa862b7d4b2f5c112d5076":[3,0,4,4], +"class_s_s_l_session.html#a2fa15ce0b7caae25dfb567954175257e":[3,0,4,6], +"class_s_s_l_session.html#a3305941fa615f7134526b718917716ee":[3,0,4,1], +"class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820":[3,0,4,2], +"class_s_s_l_session.html#a878e1e8788634c5c42778369fbf7bab0":[3,0,4,3], +"class_s_s_l_session.html#abb3f7bbe70e3a59f9ce492c55507f36f":[3,0,4,5], +"class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc":[3,0,4,7], +"class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb":[3,0,4,0], +"classes.html":[3,1], +"dir_386349f6a9bc1e2cd0767d257d5e5b91.html":[4,0,0,1], +"dir_68267d1309a1af8e8297ef4c3efbcdba.html":[4,0,2], +"dir_9c42dc81377249a918256dbb9cfb2167.html":[4,0,0,0], +"dir_d28a4824dc47e487b107a5db32ef43c4.html":[4,0,0], +"dir_dfc5a9f91fbfb9426c406a3f10131a54.html":[4,0,1], +"ec__prime__fast__256_8c.html":[4,0,2,0], +"ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab":[4,0,2,0,0], +"files.html":[4,0], +"functions.html":[3,3,0], +"functions_func.html":[3,3,1], +"functions_vars.html":[3,3,2], +"globals.html":[4,1,0], +"globals_defs.html":[4,1,5], +"globals_enum.html":[4,1,3], +"globals_eval.html":[4,1,4], +"globals_func.html":[4,1,1], +"globals_vars.html":[4,1,2], +"hierarchy.html":[3,2], "index.html":[], "index.html":[0], "md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html":[1], +"namespace_s_s_l_obj.html":[2,0,0], +"namespacemembers.html":[2,1,0], +"namespacemembers_func.html":[2,1,1], +"namespaces.html":[2,0], "pages.html":[], -"struct_s_s_l_client_parameters.html":[2,0,2], -"struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95":[2,0,2,1], -"struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2":[2,0,2,0], -"struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449":[2,0,2,2], -"time__macros_8h.html":[3,0,2,7], -"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[3,0,2,7,19], -"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[3,0,2,7,14], -"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[3,0,2,7,1], -"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[3,0,2,7,20], -"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[3,0,2,7,16], -"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[3,0,2,7,4], -"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[3,0,2,7,15], -"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[3,0,2,7,13], -"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[3,0,2,7,5], -"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[3,0,2,7,8], -"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[3,0,2,7,0], -"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[3,0,2,7,6], -"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[3,0,2,7,18], -"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[3,0,2,7,12], -"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[3,0,2,7,11], -"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[3,0,2,7,2], -"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[3,0,2,7,7], -"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[3,0,2,7,17], -"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[3,0,2,7,3], -"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[3,0,2,7,9], -"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[3,0,2,7,10], -"time__macros_8h_source.html":[3,0,2,7], -"trust__anchors_8h.html":[3,0,0,0,0], -"trust__anchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[3,0,0,0,0,0], -"trust__anchors_8h_source.html":[3,0,0,0,0], -"trustanchors_8h.html":[3,0,0,1,0], -"trustanchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[3,0,0,1,0,0], -"trustanchors_8h_source.html":[3,0,0,1,0] +"struct_s_s_l_client_parameters.html":[3,0,3], +"struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95":[3,0,3,1], +"struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2":[3,0,3,0], +"struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449":[3,0,3,2], +"structssl__pem__decode__state.html":[3,0,0], +"structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3":[3,0,0,0], +"structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9":[3,0,0,1], +"time__macros_8h.html":[4,0,2,9], +"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[4,0,2,9,19], +"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[4,0,2,9,14], +"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[4,0,2,9,1], +"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[4,0,2,9,20], +"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[4,0,2,9,16], +"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[4,0,2,9,4], +"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[4,0,2,9,15], +"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[4,0,2,9,13], +"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[4,0,2,9,5], +"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[4,0,2,9,8], +"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[4,0,2,9,0], +"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[4,0,2,9,6], +"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[4,0,2,9,18], +"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[4,0,2,9,12], +"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[4,0,2,9,11], +"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[4,0,2,9,2], +"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[4,0,2,9,7], +"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[4,0,2,9,17], +"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[4,0,2,9,3], +"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[4,0,2,9,9], +"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[4,0,2,9,10], +"time__macros_8h_source.html":[4,0,2,9], +"trust__anchors_8h.html":[4,0,0,0,0], +"trust__anchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[4,0,0,0,0,0], +"trust__anchors_8h_source.html":[4,0,0,0,0], +"trustanchors_8h.html":[4,0,0,1,0], +"trustanchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[4,0,0,1,0,0], +"trustanchors_8h_source.html":[4,0,0,1,0] }; diff --git a/docs/html/search/all_11.js b/docs/html/search/all_11.js index b1b7f3c..a18bd2a 100644 --- a/docs/html/search/all_11.js +++ b/docs/html/search/all_11.js @@ -1,5 +1,4 @@ var searchData= [ - ['write',['write',['../class_s_s_l_client.html#a6b8ff53c10fe34aab1dc2561410f70bb',1,'SSLClient::write(uint8_t b) override'],['../class_s_s_l_client.html#a6bcb7579ebc051c097acb794b95771a9',1,'SSLClient::write(const uint8_t *buf, size_t size) override']]], - ['write_5fimpl',['write_impl',['../class_s_s_l_client_impl.html#a807656f814f24cf6cd711e429b716c4d',1,'SSLClientImpl']]] + ['vect',['vect',['../structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9',1,'ssl_pem_decode_state']]] ]; diff --git a/docs/html/search/all_12.html b/docs/html/search/all_12.html new file mode 100644 index 0000000..0876adf --- /dev/null +++ b/docs/html/search/all_12.html @@ -0,0 +1,30 @@ + + + + + + + + + +
          +
          Loading...
          +
          + +
          Searching...
          +
          No Matches
          + +
          + + diff --git a/docs/html/search/all_12.js b/docs/html/search/all_12.js new file mode 100644 index 0000000..b1b7f3c --- /dev/null +++ b/docs/html/search/all_12.js @@ -0,0 +1,5 @@ +var searchData= +[ + ['write',['write',['../class_s_s_l_client.html#a6b8ff53c10fe34aab1dc2561410f70bb',1,'SSLClient::write(uint8_t b) override'],['../class_s_s_l_client.html#a6bcb7579ebc051c097acb794b95771a9',1,'SSLClient::write(const uint8_t *buf, size_t size) override']]], + ['write_5fimpl',['write_impl',['../class_s_s_l_client_impl.html#a807656f814f24cf6cd711e429b716c4d',1,'SSLClientImpl']]] +]; diff --git a/docs/html/search/all_8.js b/docs/html/search/all_8.js index 7fdc7da..c29a2f2 100644 --- a/docs/html/search/all_8.js +++ b/docs/html/search/all_8.js @@ -1,4 +1,5 @@ var searchData= [ + ['index',['index',['../structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3',1,'ssl_pem_decode_state']]], ['is_5fvalid_5fsession',['is_valid_session',['../class_s_s_l_session.html#a0c36cee72cfa862b7d4b2f5c112d5076',1,'SSLSession']]] ]; diff --git a/docs/html/search/all_a.js b/docs/html/search/all_a.js index e250434..f9c2b25 100644 --- a/docs/html/search/all_a.js +++ b/docs/html/search/all_a.js @@ -6,5 +6,6 @@ var searchData= ['m_5fprint_5fbr_5ferror',['m_print_br_error',['../class_s_s_l_client_impl.html#a2cf492a714cf787e54a17bb47cda43ed',1,'SSLClientImpl']]], ['m_5fprint_5fprefix',['m_print_prefix',['../class_s_s_l_client_impl.html#a9ee82ad492f2297bd7cd0835c0d4556f',1,'SSLClientImpl']]], ['m_5fprint_5fssl_5ferror',['m_print_ssl_error',['../class_s_s_l_client_impl.html#a6e701597178b81f10d0db671b81ab075',1,'SSLClientImpl']]], - ['m_5fwarn',['m_warn',['../class_s_s_l_client_impl.html#a2bfb55bcde46d8d77a46bfe0f577bf3f',1,'SSLClientImpl']]] + ['m_5fwarn',['m_warn',['../class_s_s_l_client_impl.html#a2bfb55bcde46d8d77a46bfe0f577bf3f',1,'SSLClientImpl']]], + ['make_5fvector_5fpem',['make_vector_pem',['../namespace_s_s_l_obj.html#a9a58d01c9073b90f2b42c655828aea6d',1,'SSLObj']]] ]; diff --git a/docs/html/search/all_e.js b/docs/html/search/all_e.js index 5c98031..0383728 100644 --- a/docs/html/search/all_e.js +++ b/docs/html/search/all_e.js @@ -5,7 +5,9 @@ var searchData= ['sec_5fper_5fhour',['SEC_PER_HOUR',['../time__macros_8h.html#a2d540510d5860d7f190d13124956bc57',1,'time_macros.h']]], ['sec_5fper_5fmin',['SEC_PER_MIN',['../time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76',1,'time_macros.h']]], ['sec_5fper_5fyear',['SEC_PER_YEAR',['../time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9',1,'time_macros.h']]], + ['set_5fmutual_5fimpl',['set_mutual_impl',['../class_s_s_l_client_impl.html#a9dd694f8e0e65624b103dc781a7744af',1,'SSLClientImpl']]], ['set_5fparameters',['set_parameters',['../class_s_s_l_session.html#a2fa15ce0b7caae25dfb567954175257e',1,'SSLSession']]], + ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#a16aa9765bd450dcbba21c598456f464f',1,'SSLClient']]], ['ssl_5fbr_5fconnect_5ffail',['SSL_BR_CONNECT_FAIL',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afb90a695332a7c96044dc97c577ee3c3',1,'SSLClientImpl.h']]], ['ssl_5fbr_5fwrite_5ferror',['SSL_BR_WRITE_ERROR',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d9afd51e0012e791f099657797c9aa9',1,'SSLClientImpl.h']]], ['ssl_5fclient_5fconnect_5ffail',['SSL_CLIENT_CONNECT_FAIL',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5aaa79045423a355885738cd239dff6c2b',1,'SSLClientImpl.h']]], @@ -16,8 +18,9 @@ var searchData= ['ssl_5fnone',['SSL_NONE',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395af16e73d8cce9a2c987bde5afe5524d7f',1,'SSLClientImpl.h']]], ['ssl_5fok',['SSL_OK',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1218c16a5bf50589e0c498983851612c',1,'SSLClientImpl.h']]], ['ssl_5fout_5fof_5fmemory',['SSL_OUT_OF_MEMORY',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5adec799caf92b4fe2b6d2b362136f6ef6',1,'SSLClientImpl.h']]], + ['ssl_5fpem_5fdecode_5fstate',['ssl_pem_decode_state',['../structssl__pem__decode__state.html',1,'']]], ['ssl_5fwarn',['SSL_WARN',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a86c8fdfc38831619d5ed73dff5b0911d',1,'SSLClientImpl.h']]], - ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'SSLClient< C, SessionCache >'],['../class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0',1,'SSLClient::SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)'],['../class_s_s_l_client.html#ad7b20a2ac220d346a8047db77d97723d',1,'SSLClient::SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)']]], + ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'SSLClient< C, SessionCache >'],['../class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0',1,'SSLClient::SSLClient()']]], ['sslclient_2eh',['SSLClient.h',['../_s_s_l_client_8h.html',1,'']]], ['sslclient_5fh_5f',['SSLClient_H_',['../_s_s_l_client_8h.html#a0e14869de8f634ff2fb63826ae583569',1,'SSLClient.h']]], ['sslclientimpl',['SSLClientImpl',['../class_s_s_l_client_impl.html',1,'SSLClientImpl'],['../class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)'],['../class_s_s_l_client_impl.html#a8314c7dab1d923db5624f8075a53e6ea',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)']]], @@ -25,6 +28,9 @@ var searchData= ['sslclientimpl_2eh',['SSLClientImpl.h',['../_s_s_l_client_impl_8h.html',1,'']]], ['sslclientparameters',['SSLClientParameters',['../struct_s_s_l_client_parameters.html',1,'']]], ['sslclientparameters_2eh',['SSLClientParameters.h',['../_s_s_l_client_parameters_8h.html',1,'']]], + ['sslobj',['SSLObj',['../namespace_s_s_l_obj.html',1,'']]], + ['sslobj_2ecpp',['SSLObj.cpp',['../_s_s_l_obj_8cpp.html',1,'']]], + ['sslobj_2eh',['SSLObj.h',['../_s_s_l_obj_8h.html',1,'']]], ['sslsession',['SSLSession',['../class_s_s_l_session.html',1,'SSLSession'],['../class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb',1,'SSLSession::SSLSession()']]], ['sslsession_2ecpp',['SSLSession.cpp',['../_s_s_l_session_8cpp.html',1,'']]], ['sslsession_2eh',['SSLSession.h',['../_s_s_l_session_8h.html',1,'']]], diff --git a/docs/html/search/classes_0.js b/docs/html/search/classes_0.js index e9cbbc6..f951cf3 100644 --- a/docs/html/search/classes_0.js +++ b/docs/html/search/classes_0.js @@ -1,5 +1,6 @@ var searchData= [ + ['ssl_5fpem_5fdecode_5fstate',['ssl_pem_decode_state',['../structssl__pem__decode__state.html',1,'']]], ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'']]], ['sslclientimpl',['SSLClientImpl',['../class_s_s_l_client_impl.html',1,'']]], ['sslclientparameters',['SSLClientParameters',['../struct_s_s_l_client_parameters.html',1,'']]], diff --git a/docs/html/search/files_3.js b/docs/html/search/files_3.js index 1b3b062..4b15112 100644 --- a/docs/html/search/files_3.js +++ b/docs/html/search/files_3.js @@ -4,6 +4,8 @@ var searchData= ['sslclientimpl_2ecpp',['SSLClientImpl.cpp',['../_s_s_l_client_impl_8cpp.html',1,'']]], ['sslclientimpl_2eh',['SSLClientImpl.h',['../_s_s_l_client_impl_8h.html',1,'']]], ['sslclientparameters_2eh',['SSLClientParameters.h',['../_s_s_l_client_parameters_8h.html',1,'']]], + ['sslobj_2ecpp',['SSLObj.cpp',['../_s_s_l_obj_8cpp.html',1,'']]], + ['sslobj_2eh',['SSLObj.h',['../_s_s_l_obj_8h.html',1,'']]], ['sslsession_2ecpp',['SSLSession.cpp',['../_s_s_l_session_8cpp.html',1,'']]], ['sslsession_2eh',['SSLSession.h',['../_s_s_l_session_8h.html',1,'']]] ]; diff --git a/docs/html/search/functions_7.js b/docs/html/search/functions_7.js index e250434..f9c2b25 100644 --- a/docs/html/search/functions_7.js +++ b/docs/html/search/functions_7.js @@ -6,5 +6,6 @@ var searchData= ['m_5fprint_5fbr_5ferror',['m_print_br_error',['../class_s_s_l_client_impl.html#a2cf492a714cf787e54a17bb47cda43ed',1,'SSLClientImpl']]], ['m_5fprint_5fprefix',['m_print_prefix',['../class_s_s_l_client_impl.html#a9ee82ad492f2297bd7cd0835c0d4556f',1,'SSLClientImpl']]], ['m_5fprint_5fssl_5ferror',['m_print_ssl_error',['../class_s_s_l_client_impl.html#a6e701597178b81f10d0db671b81ab075',1,'SSLClientImpl']]], - ['m_5fwarn',['m_warn',['../class_s_s_l_client_impl.html#a2bfb55bcde46d8d77a46bfe0f577bf3f',1,'SSLClientImpl']]] + ['m_5fwarn',['m_warn',['../class_s_s_l_client_impl.html#a2bfb55bcde46d8d77a46bfe0f577bf3f',1,'SSLClientImpl']]], + ['make_5fvector_5fpem',['make_vector_pem',['../namespace_s_s_l_obj.html#a9a58d01c9073b90f2b42c655828aea6d',1,'SSLObj']]] ]; diff --git a/docs/html/search/functions_b.js b/docs/html/search/functions_b.js index 60bd456..750a591 100644 --- a/docs/html/search/functions_b.js +++ b/docs/html/search/functions_b.js @@ -1,7 +1,9 @@ var searchData= [ + ['set_5fmutual_5fimpl',['set_mutual_impl',['../class_s_s_l_client_impl.html#a9dd694f8e0e65624b103dc781a7744af',1,'SSLClientImpl']]], ['set_5fparameters',['set_parameters',['../class_s_s_l_session.html#a2fa15ce0b7caae25dfb567954175257e',1,'SSLSession']]], - ['sslclient',['SSLClient',['../class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0',1,'SSLClient::SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)'],['../class_s_s_l_client.html#ad7b20a2ac220d346a8047db77d97723d',1,'SSLClient::SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)']]], + ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#a16aa9765bd450dcbba21c598456f464f',1,'SSLClient']]], + ['sslclient',['SSLClient',['../class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0',1,'SSLClient']]], ['sslclientimpl',['SSLClientImpl',['../class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)'],['../class_s_s_l_client_impl.html#a8314c7dab1d923db5624f8075a53e6ea',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)']]], ['sslsession',['SSLSession',['../class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb',1,'SSLSession']]], ['stop',['stop',['../class_s_s_l_client.html#ad30db47248d78df7c12dedfb27f06529',1,'SSLClient']]], diff --git a/docs/html/search/namespaces_0.html b/docs/html/search/namespaces_0.html new file mode 100644 index 0000000..c534537 --- /dev/null +++ b/docs/html/search/namespaces_0.html @@ -0,0 +1,30 @@ + + + + + + + + + +
          +
          Loading...
          +
          + +
          Searching...
          +
          No Matches
          + +
          + + diff --git a/docs/html/search/namespaces_0.js b/docs/html/search/namespaces_0.js new file mode 100644 index 0000000..923d09a --- /dev/null +++ b/docs/html/search/namespaces_0.js @@ -0,0 +1,4 @@ +var searchData= +[ + ['sslobj',['SSLObj',['../namespace_s_s_l_obj.html',1,'']]] +]; diff --git a/docs/html/search/searchdata.js b/docs/html/search/searchdata.js index 903807c..5109317 100644 --- a/docs/html/search/searchdata.js +++ b/docs/html/search/searchdata.js @@ -1,39 +1,42 @@ var indexSectionsWithContent = { - 0: "_abcdefgilmoprstuw", + 0: "_abcdefgilmoprstuvw", 1: "s", - 2: "cerst", - 3: "abcfgilmoprstw", - 4: "_bce", - 5: "de", - 6: "s", - 7: "_cgpstu", - 8: "st" + 2: "s", + 3: "cerst", + 4: "abcfgilmoprstw", + 5: "_bceiv", + 6: "de", + 7: "s", + 8: "_cgpstu", + 9: "st" }; var indexSectionNames = { 0: "all", 1: "classes", - 2: "files", - 3: "functions", - 4: "variables", - 5: "enums", - 6: "enumvalues", - 7: "defines", - 8: "pages" + 2: "namespaces", + 3: "files", + 4: "functions", + 5: "variables", + 6: "enums", + 7: "enumvalues", + 8: "defines", + 9: "pages" }; var indexSectionLabels = { 0: "All", 1: "Classes", - 2: "Files", - 3: "Functions", - 4: "Variables", - 5: "Enumerations", - 6: "Enumerator", - 7: "Macros", - 8: "Pages" + 2: "Namespaces", + 3: "Files", + 4: "Functions", + 5: "Variables", + 6: "Enumerations", + 7: "Enumerator", + 8: "Macros", + 9: "Pages" }; diff --git a/docs/html/search/variables_4.html b/docs/html/search/variables_4.html new file mode 100644 index 0000000..39883bd --- /dev/null +++ b/docs/html/search/variables_4.html @@ -0,0 +1,30 @@ + + + + + + + + + +
          +
          Loading...
          +
          + +
          Searching...
          +
          No Matches
          + +
          + + diff --git a/docs/html/search/variables_4.js b/docs/html/search/variables_4.js new file mode 100644 index 0000000..2d07945 --- /dev/null +++ b/docs/html/search/variables_4.js @@ -0,0 +1,4 @@ +var searchData= +[ + ['index',['index',['../structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3',1,'ssl_pem_decode_state']]] +]; diff --git a/docs/html/search/variables_5.html b/docs/html/search/variables_5.html new file mode 100644 index 0000000..f25879c --- /dev/null +++ b/docs/html/search/variables_5.html @@ -0,0 +1,30 @@ + + + + + + + + + +
          +
          Loading...
          +
          + +
          Searching...
          +
          No Matches
          + +
          + + diff --git a/docs/html/search/variables_5.js b/docs/html/search/variables_5.js new file mode 100644 index 0000000..a18bd2a --- /dev/null +++ b/docs/html/search/variables_5.js @@ -0,0 +1,4 @@ +var searchData= +[ + ['vect',['vect',['../structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9',1,'ssl_pem_decode_state']]] +]; diff --git a/docs/html/structssl__pem__decode__state-members.html b/docs/html/structssl__pem__decode__state-members.html new file mode 100644 index 0000000..3c72623 --- /dev/null +++ b/docs/html/structssl__pem__decode__state-members.html @@ -0,0 +1,110 @@ + + + + + + + +SSLClient: Member List + + + + + + + + + + + + + + +
          +
          + + + + + + +
          +
          SSLClient +  v1.1.1 +
          +
          Add TLS 1.2 functionality to any network library.
          +
          +
          + + + + + + + +
          +
          + +
          +
          +
          + +
          + +
          +
          + + +
          + +
          + +
          +
          +
          ssl_pem_decode_state Member List
          +
          +
          + +

          This is the complete list of members for ssl_pem_decode_state, including all inherited members.

          + + + +
          indexssl_pem_decode_state
          vectssl_pem_decode_state
          +
          + + + + diff --git a/docs/html/structssl__pem__decode__state.html b/docs/html/structssl__pem__decode__state.html new file mode 100644 index 0000000..8698fd3 --- /dev/null +++ b/docs/html/structssl__pem__decode__state.html @@ -0,0 +1,149 @@ + + + + + + + +SSLClient: ssl_pem_decode_state Struct Reference + + + + + + + + + + + + + + +
          +
          + + + + + + +
          +
          SSLClient +  v1.1.1 +
          +
          Add TLS 1.2 functionality to any network library.
          +
          +
          + + + + + + + +
          +
          + +
          +
          +
          + +
          + +
          +
          + + +
          + +
          + +
          +
          +Public Attributes | +List of all members
          +
          +
          ssl_pem_decode_state Struct Reference
          +
          +
          + + + + + + +

          +Public Attributes

          std::vector< unsigned char > * vect
           
          size_t index = 0
           
          +

          Member Data Documentation

          + +

          ◆ index

          + +
          +
          + + + + +
          size_t ssl_pem_decode_state::index = 0
          +
          + +
          +
          + +

          ◆ vect

          + +
          +
          + + + + +
          std::vector<unsigned char>* ssl_pem_decode_state::vect
          +
          + +
          +
          +
          The documentation for this struct was generated from the following file:
            +
          • C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLObj.cpp
            • +
          +
          +
          + + + + diff --git a/docs/html/structssl__pem__decode__state.js b/docs/html/structssl__pem__decode__state.js new file mode 100644 index 0000000..fe8cbfc --- /dev/null +++ b/docs/html/structssl__pem__decode__state.js @@ -0,0 +1,5 @@ +var structssl__pem__decode__state = +[ + [ "index", "structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3", null ], + [ "vect", "structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9", null ] +]; \ No newline at end of file diff --git a/src/SSLObj.cpp b/src/SSLObj.cpp index 73ead13..05fee81 100644 --- a/src/SSLObj.cpp +++ b/src/SSLObj.cpp @@ -12,7 +12,7 @@ struct ssl_pem_decode_state { size_t index = 0; }; -static void ssl_pem_decode(void *dest_ctx, const void *src, size_t len) { +static void ssl_pem_decode_callback(void *dest_ctx, const void *src, size_t len) { ssl_pem_decode_state* ctx = static_cast(dest_ctx); for (size_t i = 0; i < len; i++) ctx->vect->emplace_back(static_cast(src)[i]); // update index @@ -31,7 +31,7 @@ const std::vector SSLObj::make_vector_pem(const char* data, const state.vect = &temp; state.index = 0; // set the byte reciever - br_pem_decoder_setdest(&pctx, &ssl_pem_decode, &state); + br_pem_decoder_setdest(&pctx, &ssl_pem_decode_callback, &state); // start decoding! int br_state = 0; size_t index = 0; @@ -52,14 +52,4 @@ const std::vector SSLObj::make_vector_pem(const char* data, const } // else we're good! return temp; -} - -const std::vector SSLObj::make_vector_der(const char* data, const size_t len) { - if (data == nullptr || len == 0) return {}; - // create a temporary vector - std::vector temp(len); - // copy the elements over - for (size_t i = 0; i < len; i++) temp[i] = data[i]; - // return the new SSLObj - return temp; } \ No newline at end of file diff --git a/src/SSLObj.h b/src/SSLObj.h index 8d5ecaf..8f70ac8 100644 --- a/src/SSLObj.h +++ b/src/SSLObj.h @@ -41,13 +41,23 @@ * which allow BearSSL use client certificates when creating a TLS connection. Since * most certificates are transmitted over the internet in PEM format, a certificate can * be provided in PEM or DER format, and will be converted internally to DER format for - * later use. A PEM file provided to this class MUST CONTAIN the `----BEGIN ... -----` - * header in order to be parsed correctly. + * later use. */ namespace SSLObj { + /** + * @brief Convert a PEM buffer into a vector of raw DER bytes + * + * This function takes a PEM buffer (e.g. `----BEGIN CERTIFICATE...`) and converts + * it into a vector of raw bytes. The bytes given to this function must: + * * Contain both the `-----BEGIN XXX-----` and `-----END XXX-----` strings. These are + * removed during processing. + * * Have a base64 encoded body + * * Only contain a single object (certificate, private key, etc.). + * + * @returns The raw bytes decoded from the PEM file. + */ const std::vector make_vector_pem(const char* data, const size_t len); - const std::vector make_vector_der(const char* data, const size_t len); } #endif \ No newline at end of file From 26e054bd76ea711149136e8939d425dfbcaf78e0 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Wed, 14 Aug 2019 11:14:13 -0700 Subject: [PATCH 024/141] bump version --- docs/html/_r_e_a_d_m_e_8md.html | 2 +- docs/html/_s_s_l_client_8h.html | 2 +- docs/html/_s_s_l_client_8h_source.html | 2 +- docs/html/_s_s_l_client_impl_8cpp.html | 2 +- docs/html/_s_s_l_client_impl_8h.html | 2 +- docs/html/_s_s_l_client_impl_8h_source.html | 2 +- docs/html/_s_s_l_client_parameters_8h.html | 2 +- docs/html/_s_s_l_client_parameters_8h_source.html | 2 +- docs/html/_s_s_l_obj_8cpp.html | 2 +- docs/html/_s_s_l_obj_8h.html | 2 +- docs/html/_s_s_l_obj_8h_source.html | 2 +- docs/html/_s_s_l_session_8cpp.html | 2 +- docs/html/_s_s_l_session_8h.html | 2 +- docs/html/_s_s_l_session_8h_source.html | 2 +- docs/html/_t_l_s12__only__profile_8c.html | 2 +- docs/html/_trust_anchors_8md.html | 2 +- docs/html/annotated.html | 2 +- docs/html/cert_8h.html | 2 +- docs/html/cert_8h_source.html | 2 +- docs/html/class_s_s_l_client-members.html | 2 +- docs/html/class_s_s_l_client.html | 2 +- docs/html/class_s_s_l_client_impl-members.html | 2 +- docs/html/class_s_s_l_client_impl.html | 2 +- docs/html/class_s_s_l_session-members.html | 2 +- docs/html/class_s_s_l_session.html | 2 +- docs/html/classes.html | 2 +- docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html | 2 +- docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html | 2 +- docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html | 2 +- docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html | 2 +- docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html | 2 +- docs/html/ec__prime__fast__256_8c.html | 2 +- docs/html/files.html | 2 +- docs/html/functions.html | 2 +- docs/html/functions_func.html | 2 +- docs/html/functions_vars.html | 2 +- docs/html/globals.html | 2 +- docs/html/globals_defs.html | 2 +- docs/html/globals_enum.html | 2 +- docs/html/globals_eval.html | 2 +- docs/html/globals_func.html | 2 +- docs/html/globals_vars.html | 2 +- docs/html/hierarchy.html | 2 +- docs/html/index.html | 2 +- ...cuments__arduino_libraries__s_s_l_client__trust_anchors.html | 2 +- docs/html/namespace_s_s_l_obj.html | 2 +- docs/html/namespacemembers.html | 2 +- docs/html/namespacemembers_func.html | 2 +- docs/html/namespaces.html | 2 +- docs/html/pages.html | 2 +- docs/html/struct_s_s_l_client_parameters-members.html | 2 +- docs/html/struct_s_s_l_client_parameters.html | 2 +- docs/html/structssl__pem__decode__state-members.html | 2 +- docs/html/structssl__pem__decode__state.html | 2 +- docs/html/time__macros_8h.html | 2 +- docs/html/time__macros_8h_source.html | 2 +- docs/html/trust__anchors_8h.html | 2 +- docs/html/trust__anchors_8h_source.html | 2 +- docs/html/trustanchors_8h.html | 2 +- docs/html/trustanchors_8h_source.html | 2 +- library.properties | 2 +- 61 files changed, 61 insertions(+), 61 deletions(-) diff --git a/docs/html/_r_e_a_d_m_e_8md.html b/docs/html/_r_e_a_d_m_e_8md.html index 159a65b..301d463 100644 --- a/docs/html/_r_e_a_d_m_e_8md.html +++ b/docs/html/_r_e_a_d_m_e_8md.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_client_8h.html b/docs/html/_s_s_l_client_8h.html index df7d798..e4a92cf 100644 --- a/docs/html/_s_s_l_client_8h.html +++ b/docs/html/_s_s_l_client_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_client_8h_source.html b/docs/html/_s_s_l_client_8h_source.html index 69d4620..f30fb5d 100644 --- a/docs/html/_s_s_l_client_8h_source.html +++ b/docs/html/_s_s_l_client_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_client_impl_8cpp.html b/docs/html/_s_s_l_client_impl_8cpp.html index 07e3d3b..7a0a456 100644 --- a/docs/html/_s_s_l_client_impl_8cpp.html +++ b/docs/html/_s_s_l_client_impl_8cpp.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_client_impl_8h.html b/docs/html/_s_s_l_client_impl_8h.html index 6e9ba5d..cef1ffa 100644 --- a/docs/html/_s_s_l_client_impl_8h.html +++ b/docs/html/_s_s_l_client_impl_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_client_impl_8h_source.html b/docs/html/_s_s_l_client_impl_8h_source.html index b7ff5ee..a762cc8 100644 --- a/docs/html/_s_s_l_client_impl_8h_source.html +++ b/docs/html/_s_s_l_client_impl_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_client_parameters_8h.html b/docs/html/_s_s_l_client_parameters_8h.html index 408fb5b..a7c5050 100644 --- a/docs/html/_s_s_l_client_parameters_8h.html +++ b/docs/html/_s_s_l_client_parameters_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_client_parameters_8h_source.html b/docs/html/_s_s_l_client_parameters_8h_source.html index f1aed41..262cf99 100644 --- a/docs/html/_s_s_l_client_parameters_8h_source.html +++ b/docs/html/_s_s_l_client_parameters_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_obj_8cpp.html b/docs/html/_s_s_l_obj_8cpp.html index b720439..6a97a5e 100644 --- a/docs/html/_s_s_l_obj_8cpp.html +++ b/docs/html/_s_s_l_obj_8cpp.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_obj_8h.html b/docs/html/_s_s_l_obj_8h.html index c50d212..9024aa9 100644 --- a/docs/html/_s_s_l_obj_8h.html +++ b/docs/html/_s_s_l_obj_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_obj_8h_source.html b/docs/html/_s_s_l_obj_8h_source.html index d32ef25..b4a8442 100644 --- a/docs/html/_s_s_l_obj_8h_source.html +++ b/docs/html/_s_s_l_obj_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_session_8cpp.html b/docs/html/_s_s_l_session_8cpp.html index 458ced1..21494ea 100644 --- a/docs/html/_s_s_l_session_8cpp.html +++ b/docs/html/_s_s_l_session_8cpp.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_session_8h.html b/docs/html/_s_s_l_session_8h.html index 7f71f53..e0dbc53 100644 --- a/docs/html/_s_s_l_session_8h.html +++ b/docs/html/_s_s_l_session_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_s_s_l_session_8h_source.html b/docs/html/_s_s_l_session_8h_source.html index 9623d0b..1a0730f 100644 --- a/docs/html/_s_s_l_session_8h_source.html +++ b/docs/html/_s_s_l_session_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_t_l_s12__only__profile_8c.html b/docs/html/_t_l_s12__only__profile_8c.html index 0562e86..0e42728 100644 --- a/docs/html/_t_l_s12__only__profile_8c.html +++ b/docs/html/_t_l_s12__only__profile_8c.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/_trust_anchors_8md.html b/docs/html/_trust_anchors_8md.html index e73745c..a64bd86 100644 --- a/docs/html/_trust_anchors_8md.html +++ b/docs/html/_trust_anchors_8md.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/annotated.html b/docs/html/annotated.html index c49db68..3ddfa8e 100644 --- a/docs/html/annotated.html +++ b/docs/html/annotated.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/cert_8h.html b/docs/html/cert_8h.html index 9bb5578..88192ea 100644 --- a/docs/html/cert_8h.html +++ b/docs/html/cert_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/cert_8h_source.html b/docs/html/cert_8h_source.html index e1db8ed..6f4239c 100644 --- a/docs/html/cert_8h_source.html +++ b/docs/html/cert_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/class_s_s_l_client-members.html b/docs/html/class_s_s_l_client-members.html index 24a725e..0981301 100644 --- a/docs/html/class_s_s_l_client-members.html +++ b/docs/html/class_s_s_l_client-members.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/class_s_s_l_client.html b/docs/html/class_s_s_l_client.html index d8df6fe..66fcc3a 100644 --- a/docs/html/class_s_s_l_client.html +++ b/docs/html/class_s_s_l_client.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/class_s_s_l_client_impl-members.html b/docs/html/class_s_s_l_client_impl-members.html index d522108..0d3412e 100644 --- a/docs/html/class_s_s_l_client_impl-members.html +++ b/docs/html/class_s_s_l_client_impl-members.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/class_s_s_l_client_impl.html b/docs/html/class_s_s_l_client_impl.html index ce4a622..34f8e64 100644 --- a/docs/html/class_s_s_l_client_impl.html +++ b/docs/html/class_s_s_l_client_impl.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/class_s_s_l_session-members.html b/docs/html/class_s_s_l_session-members.html index 8512fbe..94cb202 100644 --- a/docs/html/class_s_s_l_session-members.html +++ b/docs/html/class_s_s_l_session-members.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/class_s_s_l_session.html b/docs/html/class_s_s_l_session.html index bf83f7e..b5d0811 100644 --- a/docs/html/class_s_s_l_session.html +++ b/docs/html/class_s_s_l_session.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/classes.html b/docs/html/classes.html index c18aed9..8a44185 100644 --- a/docs/html/classes.html +++ b/docs/html/classes.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html index e1f45cd..ad459b7 100644 --- a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html +++ b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html index b4482c9..213ba14 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html index 0f6fe49..fdd7d17 100644 --- a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html +++ b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html index d7796f8..98fae67 100644 --- a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html +++ b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html index e955a0c..544df56 100644 --- a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html +++ b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/ec__prime__fast__256_8c.html b/docs/html/ec__prime__fast__256_8c.html index e2edbfe..1dbbfeb 100644 --- a/docs/html/ec__prime__fast__256_8c.html +++ b/docs/html/ec__prime__fast__256_8c.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/files.html b/docs/html/files.html index 6f99fdf..6672f57 100644 --- a/docs/html/files.html +++ b/docs/html/files.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/functions.html b/docs/html/functions.html index 549139d..de3bd8b 100644 --- a/docs/html/functions.html +++ b/docs/html/functions.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/functions_func.html b/docs/html/functions_func.html index f610a78..7ff72b8 100644 --- a/docs/html/functions_func.html +++ b/docs/html/functions_func.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/functions_vars.html b/docs/html/functions_vars.html index 5a57c5b..5cc8e91 100644 --- a/docs/html/functions_vars.html +++ b/docs/html/functions_vars.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/globals.html b/docs/html/globals.html index 991b825..a3bb937 100644 --- a/docs/html/globals.html +++ b/docs/html/globals.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/globals_defs.html b/docs/html/globals_defs.html index 110a147..6b52f8f 100644 --- a/docs/html/globals_defs.html +++ b/docs/html/globals_defs.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/globals_enum.html b/docs/html/globals_enum.html index 44a509d..6161561 100644 --- a/docs/html/globals_enum.html +++ b/docs/html/globals_enum.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/globals_eval.html b/docs/html/globals_eval.html index ea1f9be..2494fd1 100644 --- a/docs/html/globals_eval.html +++ b/docs/html/globals_eval.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/globals_func.html b/docs/html/globals_func.html index bb7f1cb..f23d91b 100644 --- a/docs/html/globals_func.html +++ b/docs/html/globals_func.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/globals_vars.html b/docs/html/globals_vars.html index de931f5..3ac6bb8 100644 --- a/docs/html/globals_vars.html +++ b/docs/html/globals_vars.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/hierarchy.html b/docs/html/hierarchy.html index 50cd42e..a11880c 100644 --- a/docs/html/hierarchy.html +++ b/docs/html/hierarchy.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/index.html b/docs/html/index.html index 9411517..ed54c66 100644 --- a/docs/html/index.html +++ b/docs/html/index.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html index 8ea9d13..b719965 100644 --- a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html +++ b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/namespace_s_s_l_obj.html b/docs/html/namespace_s_s_l_obj.html index f347e91..ea568a5 100644 --- a/docs/html/namespace_s_s_l_obj.html +++ b/docs/html/namespace_s_s_l_obj.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/namespacemembers.html b/docs/html/namespacemembers.html index 5b0684e..193a83c 100644 --- a/docs/html/namespacemembers.html +++ b/docs/html/namespacemembers.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/namespacemembers_func.html b/docs/html/namespacemembers_func.html index 3b56928..f0b8146 100644 --- a/docs/html/namespacemembers_func.html +++ b/docs/html/namespacemembers_func.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/namespaces.html b/docs/html/namespaces.html index 5dde767..2f1ddb6 100644 --- a/docs/html/namespaces.html +++ b/docs/html/namespaces.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/pages.html b/docs/html/pages.html index 40f7260..356a0fd 100644 --- a/docs/html/pages.html +++ b/docs/html/pages.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/struct_s_s_l_client_parameters-members.html b/docs/html/struct_s_s_l_client_parameters-members.html index 3a9f4b6..7171d9f 100644 --- a/docs/html/struct_s_s_l_client_parameters-members.html +++ b/docs/html/struct_s_s_l_client_parameters-members.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/struct_s_s_l_client_parameters.html b/docs/html/struct_s_s_l_client_parameters.html index df4ab25..e5f31db 100644 --- a/docs/html/struct_s_s_l_client_parameters.html +++ b/docs/html/struct_s_s_l_client_parameters.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/structssl__pem__decode__state-members.html b/docs/html/structssl__pem__decode__state-members.html index 3c72623..4ee8da1 100644 --- a/docs/html/structssl__pem__decode__state-members.html +++ b/docs/html/structssl__pem__decode__state-members.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/structssl__pem__decode__state.html b/docs/html/structssl__pem__decode__state.html index 8698fd3..c314b41 100644 --- a/docs/html/structssl__pem__decode__state.html +++ b/docs/html/structssl__pem__decode__state.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/time__macros_8h.html b/docs/html/time__macros_8h.html index e7f6961..e22bf32 100644 --- a/docs/html/time__macros_8h.html +++ b/docs/html/time__macros_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/time__macros_8h_source.html b/docs/html/time__macros_8h_source.html index 38aa464..677a444 100644 --- a/docs/html/time__macros_8h_source.html +++ b/docs/html/time__macros_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/trust__anchors_8h.html b/docs/html/trust__anchors_8h.html index 9256c2b..ef2751e 100644 --- a/docs/html/trust__anchors_8h.html +++ b/docs/html/trust__anchors_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/trust__anchors_8h_source.html b/docs/html/trust__anchors_8h_source.html index 05a0dbe..e3690bc 100644 --- a/docs/html/trust__anchors_8h_source.html +++ b/docs/html/trust__anchors_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/trustanchors_8h.html b/docs/html/trustanchors_8h.html index 72d7454..729f06c 100644 --- a/docs/html/trustanchors_8h.html +++ b/docs/html/trustanchors_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/trustanchors_8h_source.html b/docs/html/trustanchors_8h_source.html index c21f425..7d967ea 100644 --- a/docs/html/trustanchors_8h_source.html +++ b/docs/html/trustanchors_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.1.1 +  v1.3.0
          Add TLS 1.2 functionality to any network library.
          diff --git a/library.properties b/library.properties index db0cf09..17f6405 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.2.3 +version=1.3.0 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class From c157c00f691b376f71f72590ca0f5c5e5128c806 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Wed, 14 Aug 2019 11:19:56 -0700 Subject: [PATCH 025/141] final update to documentation before version release --- docs/html/_s_s_l_client_8h_source.html | 32 +++++++++++++------------- docs/html/class_s_s_l_client.html | 3 ++- src/SSLClient.h | 5 +++- 3 files changed, 22 insertions(+), 18 deletions(-) diff --git a/docs/html/_s_s_l_client_8h_source.html b/docs/html/_s_s_l_client_8h_source.html index f30fb5d..ca4b889 100644 --- a/docs/html/_s_s_l_client_8h_source.html +++ b/docs/html/_s_s_l_client_8h_source.html @@ -91,52 +91,52 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8h_source.html','');});
          SSLClient.h
          -Go to the documentation of this file.
          1 /* Copyright 2019 OSU OPEnS Lab
          2  *
          3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
          4  * software and associated documentation files (the "Software"), to deal in the Software
          5  * without restriction, including without limitation the rights to use, copy, modify,
          6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
          7  * permit persons to whom the Software is furnished to do so, subject to the following
          8  * conditions:
          9  *
          10  * The above copyright notice and this permission notice shall be included in all
          11  * copies or substantial portions of the Software.
          12  *
          13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
          14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
          15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
          16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
          17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
          18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
          19  */
          20 
          21 #include "Client.h"
          22 #include "SSLClientImpl.h"
          23 #include "SSLSession.h"
          24 #include "SSLClientParameters.h"
          25 #include "SSLObj.h"
          26 
          27 #ifndef SSLClient_H_
          28 #define SSLClient_H_
          29 
          35 template <class C, size_t SessionCache = 1>
          36 class SSLClient : public SSLClientImpl {
          37 /*
          38  * static checks
          39  * I'm a java developer, so I want to ensure that my inheritance is safe.
          40  * These checks ensure that all the functions we use on class C are
          41  * actually present on class C. It does this by checking that the
          42  * class inherits from Client.
          43  *
          44  * Additionally, I ran into a lot of memory issues with large sessions caches.
          45  * Since each session contains at max 352 bytes of memory, they eat of the
          46  * stack quite quickly and can cause overflows. As a result, I have added a
          47  * warning here to discourage the use of more than 3 sessions at a time. Any
          48  * amount past that will require special modification of this library, and
          49  * assumes you know what you are doing.
          50  */
          51 static_assert(SessionCache > 0 && SessionCache < 255, "There can be no less than one and no more than 255 sessions in the cache!");
          52 static_assert(SessionCache <= 3, "You need to decrease the size of m_iobuf in order to have more than 3 sessions at once, otherwise memory issues will occur.");
          53 
          54 public:
          72  explicit SSLClient( const C& client,
          73  const br_x509_trust_anchor *trust_anchors,
          74  const size_t trust_anchors_num,
          75  const int analog_pin,
          76  const DebugLevel debug = SSL_WARN)
          77  : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug)
          78  , m_client(client)
          79  , m_sessions{}
          80  {
          81  // set the timeout to a reasonable number (it can always be changes later)
          82  // SSL Connections take a really long time so we don't want to time out a legitimate thing
          83  setTimeout(30 * 1000);
          84  }
          85 
          86  //========================================
          87  //= Functions implemented in SSLClientImpl
          88  //========================================
          89 
          129  int connect(IPAddress ip, uint16_t port) override { return connect_impl(ip, port); }
          130 
          167  int connect(const char *host, uint16_t port) override { return connect_impl(host, port); }
          168 
          170  size_t write(uint8_t b) override { return write_impl(&b, 1); }
          194  size_t write(const uint8_t *buf, size_t size) override { return write_impl(buf, size); }
          195 
          214  int available() override { return available_impl(); }
          215 
          220  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
          242  int read(uint8_t *buf, size_t size) override { return read_impl(buf, size); }
          243 
          252  int peek() override { return peek_impl(); }
          253 
          261  void flush() override { return flush_impl(); }
          262 
          271  void stop() override { return stop_impl(); }
          272 
          286  uint8_t connected() override { return connected_impl(); }
          287 
          288  //========================================
          289  //= Functions Not in the Client Interface
          290  //========================================
          291 
          297  void setMutualAuthParams(const SSLClientParameters* params) { return set_mutual_impl(params); }
          298 
          313  SSLSession& getSession(const char* host, const IPAddress& addr) { return get_session_impl(host, addr); }
          314 
          323  void removeSession(const char* host, const IPAddress& addr) { return remove_session_impl(host, addr); }
          324 
          330  size_t getSessionCount() const override { return SessionCache; }
          331 
          337  operator bool() { return connected() > 0; }
          339  bool operator==(const bool value) { return bool() == value; }
          341  bool operator!=(const bool value) { return bool() != value; }
          343  bool operator==(const C& rhs) { return m_client == rhs; }
          345  bool operator!=(const C& rhs) { return m_client != rhs; }
          347  uint16_t localPort() override { return m_client.localPort(); }
          349  IPAddress remoteIP() override { return m_client.remoteIP(); }
          351  uint16_t remotePort() override { return m_client.remotePort(); }
          352 
          354  C& getClient() { return m_client; }
          355 
          356 protected:
          358  Client& get_arduino_client() override { return m_client; }
          359  const Client& get_arduino_client() const override { return m_client; }
          361  SSLSession* get_session_array() override { return m_sessions; }
          362  const SSLSession* get_session_array() const override { return m_sessions; }
          363 
          364 private:
          365  // create a copy of the client
          366  C m_client;
          367  // also store an array of SSLSessions, so we can resume communication with multiple websites
          368  SSLSession m_sessions[SessionCache];
          369 };
          370 
          371 #endif
          SSLClient::setMutualAuthParams
          void setMutualAuthParams(const SSLClientParameters *params)
          Add a client certificate and enable support for mutual auth.
          Definition: SSLClient.h:297
          +Go to the documentation of this file.
          1 /* Copyright 2019 OSU OPEnS Lab
          2  *
          3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
          4  * software and associated documentation files (the "Software"), to deal in the Software
          5  * without restriction, including without limitation the rights to use, copy, modify,
          6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
          7  * permit persons to whom the Software is furnished to do so, subject to the following
          8  * conditions:
          9  *
          10  * The above copyright notice and this permission notice shall be included in all
          11  * copies or substantial portions of the Software.
          12  *
          13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
          14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
          15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
          16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
          17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
          18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
          19  */
          20 
          21 #include "Client.h"
          22 #include "SSLClientImpl.h"
          23 #include "SSLSession.h"
          24 #include "SSLClientParameters.h"
          25 #include "SSLObj.h"
          26 
          27 #ifndef SSLClient_H_
          28 #define SSLClient_H_
          29 
          35 template <class C, size_t SessionCache = 1>
          36 class SSLClient : public SSLClientImpl {
          37 /*
          38  * static checks
          39  * I'm a java developer, so I want to ensure that my inheritance is safe.
          40  * These checks ensure that all the functions we use on class C are
          41  * actually present on class C. It does this by checking that the
          42  * class inherits from Client.
          43  *
          44  * Additionally, I ran into a lot of memory issues with large sessions caches.
          45  * Since each session contains at max 352 bytes of memory, they eat of the
          46  * stack quite quickly and can cause overflows. As a result, I have added a
          47  * warning here to discourage the use of more than 3 sessions at a time. Any
          48  * amount past that will require special modification of this library, and
          49  * assumes you know what you are doing.
          50  */
          51 static_assert(SessionCache > 0 && SessionCache < 255, "There can be no less than one and no more than 255 sessions in the cache!");
          52 static_assert(SessionCache <= 3, "You need to decrease the size of m_iobuf in order to have more than 3 sessions at once, otherwise memory issues will occur.");
          53 
          54 public:
          72  explicit SSLClient( const C& client,
          73  const br_x509_trust_anchor *trust_anchors,
          74  const size_t trust_anchors_num,
          75  const int analog_pin,
          76  const DebugLevel debug = SSL_WARN)
          77  : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug)
          78  , m_client(client)
          79  , m_sessions{}
          80  {
          81  // set the timeout to a reasonable number (it can always be changes later)
          82  // SSL Connections take a really long time so we don't want to time out a legitimate thing
          83  setTimeout(30 * 1000);
          84  }
          85 
          86  //========================================
          87  //= Functions implemented in SSLClientImpl
          88  //========================================
          89 
          129  int connect(IPAddress ip, uint16_t port) override { return connect_impl(ip, port); }
          130 
          167  int connect(const char *host, uint16_t port) override { return connect_impl(host, port); }
          168 
          170  size_t write(uint8_t b) override { return write_impl(&b, 1); }
          194  size_t write(const uint8_t *buf, size_t size) override { return write_impl(buf, size); }
          195 
          214  int available() override { return available_impl(); }
          215 
          220  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
          242  int read(uint8_t *buf, size_t size) override { return read_impl(buf, size); }
          243 
          252  int peek() override { return peek_impl(); }
          253 
          261  void flush() override { return flush_impl(); }
          262 
          271  void stop() override { return stop_impl(); }
          272 
          286  uint8_t connected() override { return connected_impl(); }
          287 
          288  //========================================
          289  //= Functions Not in the Client Interface
          290  //========================================
          291 
          300  void setMutualAuthParams(const SSLClientParameters* params) { return set_mutual_impl(params); }
          301 
          316  SSLSession& getSession(const char* host, const IPAddress& addr) { return get_session_impl(host, addr); }
          317 
          326  void removeSession(const char* host, const IPAddress& addr) { return remove_session_impl(host, addr); }
          327 
          333  size_t getSessionCount() const override { return SessionCache; }
          334 
          340  operator bool() { return connected() > 0; }
          342  bool operator==(const bool value) { return bool() == value; }
          344  bool operator!=(const bool value) { return bool() != value; }
          346  bool operator==(const C& rhs) { return m_client == rhs; }
          348  bool operator!=(const C& rhs) { return m_client != rhs; }
          350  uint16_t localPort() override { return m_client.localPort(); }
          352  IPAddress remoteIP() override { return m_client.remoteIP(); }
          354  uint16_t remotePort() override { return m_client.remotePort(); }
          355 
          357  C& getClient() { return m_client; }
          358 
          359 protected:
          361  Client& get_arduino_client() override { return m_client; }
          362  const Client& get_arduino_client() const override { return m_client; }
          364  SSLSession* get_session_array() override { return m_sessions; }
          365  const SSLSession* get_session_array() const override { return m_sessions; }
          366 
          367 private:
          368  // create a copy of the client
          369  C m_client;
          370  // also store an array of SSLSessions, so we can resume communication with multiple websites
          371  SSLSession m_sessions[SessionCache];
          372 };
          373 
          374 #endif
          SSLClient::setMutualAuthParams
          void setMutualAuthParams(const SSLClientParameters *params)
          Add a client certificate and enable support for mutual auth.
          Definition: SSLClient.h:300
          SSLClientImpl::write_impl
          size_t write_impl(const uint8_t *buf, size_t size)
          Definition: SSLClientImpl.cpp:130
          -
          SSLClient::get_session_array
          const SSLSession * get_session_array() const override
          Definition: SSLClient.h:362
          -
          SSLClient::remoteIP
          IPAddress remoteIP() override
          Returns the remote IP, if C::remoteIP exists.
          Definition: SSLClient.h:349
          +
          SSLClient::get_session_array
          const SSLSession * get_session_array() const override
          Definition: SSLClient.h:365
          +
          SSLClient::remoteIP
          IPAddress remoteIP() override
          Returns the remote IP, if C::remoteIP exists.
          Definition: SSLClient.h:352
          SSLClient::write
          size_t write(uint8_t b) override
          Definition: SSLClient.h:170
          SSL_WARN
          Definition: SSLClientImpl.h:66
          SSLClientImpl::get_session_impl
          SSLSession & get_session_impl(const char *host, const IPAddress &addr)
          Definition: SSLClientImpl.cpp:286
          SSLSession
          This class stores values which allow SSLClient to save and resume SSL sessions.
          Definition: SSLSession.h:52
          -
          SSLClient::operator!=
          bool operator!=(const C &rhs)
          Returns whether or not two SSLClient objects do not have the same underlying client object.
          Definition: SSLClient.h:345
          +
          SSLClient::operator!=
          bool operator!=(const C &rhs)
          Returns whether or not two SSLClient objects do not have the same underlying client object.
          Definition: SSLClient.h:348
          SSLClient::available
          int available() override
          Returns the number of bytes available to read from the data that has been received and decrypted.
          Definition: SSLClient.h:214
          -
          SSLClient::getClient
          C & getClient()
          Returns a reference to the client object stored in this class. Take care not to break it.
          Definition: SSLClient.h:354
          +
          SSLClient::getClient
          C & getClient()
          Returns a reference to the client object stored in this class. Take care not to break it.
          Definition: SSLClient.h:357
          SSLClientImpl::peek_impl
          int peek_impl()
          Definition: SSLClientImpl.cpp:209
          SSLClientParameters
          This struct stores data required for SSLClient to use mutual authentication.
          Definition: SSLClientParameters.h:52
          SSLClient::flush
          void flush() override
          Force writing the buffered bytes from SSLClient::write to the network.
          Definition: SSLClient.h:261
          SSLClient
          The main SSLClient class. Check out README.md for more info.
          Definition: SSLClient.h:36
          -
          SSLClient::operator!=
          bool operator!=(const bool value)
          Definition: SSLClient.h:341
          +
          SSLClient::operator!=
          bool operator!=(const bool value)
          Definition: SSLClient.h:344
          SSLClient::stop
          void stop() override
          Close the connection.
          Definition: SSLClient.h:271
          SSLClient::write
          size_t write(const uint8_t *buf, size_t size) override
          Write some bytes to the SSL connection.
          Definition: SSLClient.h:194
          SSLClient::SSLClient
          SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)
          Initialize SSLClient with all of the prerequisites needed.
          Definition: SSLClient.h:72
          SSLClient::peek
          int peek() override
          View the first byte of the buffer, without removing it from the SSLClient Buffer.
          Definition: SSLClient.h:252
          SSLClientImpl::available_impl
          int available_impl()
          Definition: SSLClientImpl.cpp:173
          -
          SSLClient::operator==
          bool operator==(const C &rhs)
          Returns whether or not two SSLClient objects have the same underlying client object.
          Definition: SSLClient.h:343
          +
          SSLClient::operator==
          bool operator==(const C &rhs)
          Returns whether or not two SSLClient objects have the same underlying client object.
          Definition: SSLClient.h:346
          SSLClientImpl::read_impl
          int read_impl(uint8_t *buf, size_t size)
          Definition: SSLClientImpl.cpp:194
          -
          SSLClient::get_session_array
          SSLSession * get_session_array() override
          Returns an instance of the session array that is on the stack.
          Definition: SSLClient.h:361
          +
          SSLClient::get_session_array
          SSLSession * get_session_array() override
          Returns an instance of the session array that is on the stack.
          Definition: SSLClient.h:364
          SSLClientImpl::remove_session_impl
          void remove_session_impl(const char *host, const IPAddress &addr)
          Definition: SSLClientImpl.cpp:305
          -
          SSLClient::get_arduino_client
          Client & get_arduino_client() override
          Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl.
          Definition: SSLClient.h:358
          -
          SSLClient::localPort
          uint16_t localPort() override
          Returns the local port, if C::localPort exists.
          Definition: SSLClient.h:347
          +
          SSLClient::get_arduino_client
          Client & get_arduino_client() override
          Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl.
          Definition: SSLClient.h:361
          +
          SSLClient::localPort
          uint16_t localPort() override
          Returns the local port, if C::localPort exists.
          Definition: SSLClient.h:350
          SSLClientImpl.h
          SSLClientImpl::set_mutual_impl
          void set_mutual_impl(const SSLClientParameters *params)
          Definition: SSLClientImpl.cpp:316
          SSLClient::read
          int read() override
          Read a single byte, or -1 if none is available.
          Definition: SSLClient.h:220
          SSLClientParameters.h
          SSLClient::connected
          uint8_t connected() override
          Check if the device is connected.
          Definition: SSLClient.h:286
          SSLSession.h
          -
          SSLClient::get_arduino_client
          const Client & get_arduino_client() const override
          Definition: SSLClient.h:359
          +
          SSLClient::get_arduino_client
          const Client & get_arduino_client() const override
          Definition: SSLClient.h:362
          SSLClient::connect
          int connect(const char *host, uint16_t port) override
          Connect over SSL to a host specified by a hostname.
          Definition: SSLClient.h:167
          -
          SSLClient::operator==
          bool operator==(const bool value)
          Definition: SSLClient.h:339
          -
          SSLClient::remotePort
          uint16_t remotePort() override
          Returns the remote port, if C::remotePort exists. Else return 0.
          Definition: SSLClient.h:351
          +
          SSLClient::operator==
          bool operator==(const bool value)
          Definition: SSLClient.h:342
          +
          SSLClient::remotePort
          uint16_t remotePort() override
          Returns the remote port, if C::remotePort exists. Else return 0.
          Definition: SSLClient.h:354
          SSLClientImpl::connect_impl
          int connect_impl(IPAddress ip, uint16_t port)
          Definition: SSLClientImpl.cpp:73
          -
          SSLClient::getSessionCount
          size_t getSessionCount() const override
          Get the maximum number of SSL sessions that can be stored at once.
          Definition: SSLClient.h:330
          +
          SSLClient::getSessionCount
          size_t getSessionCount() const override
          Get the maximum number of SSL sessions that can be stored at once.
          Definition: SSLClient.h:333
          SSLClientImpl::stop_impl
          void stop_impl()
          Definition: SSLClientImpl.cpp:227
          SSLClientImpl::flush_impl
          void flush_impl()
          Definition: SSLClientImpl.cpp:221
          SSLObj.h
          SSLClientImpl
          Implementation code to be inherited by SSLClient.
          Definition: SSLClientImpl.h:72
          -
          SSLClient::removeSession
          void removeSession(const char *host, const IPAddress &addr)
          Clear the session corresponding to a host and IP.
          Definition: SSLClient.h:323
          +
          SSLClient::removeSession
          void removeSession(const char *host, const IPAddress &addr)
          Clear the session corresponding to a host and IP.
          Definition: SSLClient.h:326
          SSLClientImpl::connected_impl
          uint8_t connected_impl()
          Definition: SSLClientImpl.cpp:255
          -
          SSLClient::getSession
          SSLSession & getSession(const char *host, const IPAddress &addr)
          Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
          Definition: SSLClient.h:313
          +
          SSLClient::getSession
          SSLSession & getSession(const char *host, const IPAddress &addr)
          Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
          Definition: SSLClient.h:316
          DebugLevel
          DebugLevel
          Level of verbosity used in logging for SSLClient.
          Definition: SSLClientImpl.h:60
          SSLClient::read
          int read(uint8_t *buf, size_t size) override
          Read size bytes from the SSL client buffer, copying them into *buf, and return the number of bytes re...
          Definition: SSLClient.h:242
          SSLClient::connect
          int connect(IPAddress ip, uint16_t port) override
          Connect over SSL to a host specified by an IP address.
          Definition: SSLClient.h:129
          diff --git a/docs/html/class_s_s_l_client.html b/docs/html/class_s_s_l_client.html index 66fcc3a..44b769d 100644 --- a/docs/html/class_s_s_l_client.html +++ b/docs/html/class_s_s_l_client.html @@ -1203,7 +1203,8 @@ template<class C , size_t SessionCache = 1>

          Add a client certificate and enable support for mutual auth.

          -

          This function must be called BEFORE making an SSL connection.

          +

          Please ensure that the values in params are valid for the lifetime of SSLClient. You may want to make them global constants.

          +
          Precondition
          SSLClient has not already started an SSL connection.
          diff --git a/src/SSLClient.h b/src/SSLClient.h index 6116d61..6c635e1 100644 --- a/src/SSLClient.h +++ b/src/SSLClient.h @@ -292,7 +292,10 @@ public: /** * @brief Add a client certificate and enable support for mutual auth * - * This function must be called BEFORE making an SSL connection. + * Please ensure that the values in `params` are valid for the lifetime + * of SSLClient. You may want to make them global constants. + * + * @pre SSLClient has not already started an SSL connection. */ void setMutualAuthParams(const SSLClientParameters* params) { return set_mutual_impl(params); } From 6012a3e5ba79198909a168e5a8151a40f07e513b Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Wed, 6 Nov 2019 16:04:09 -0800 Subject: [PATCH 026/141] Updated travis to use latest version of ArduinoCLI --- .travis.yml | 47 +++++++++++++++++++++++++++++++++++----------- library.properties | 3 ++- 2 files changed, 38 insertions(+), 12 deletions(-) diff --git a/.travis.yml b/.travis.yml index 6eac9e6..57f01e6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,19 +1,44 @@ language: c -sudo: false -cache: - directories: - - ~/arduino_ide - - ~/.arduino15/packages/ -git: - depth: false - quiet: true env: global: # You can uncomment this to explicitly choose an (old) version of the Arduino IDE #- ARDUINO_IDE_VERSION="1.8.7" + - ADDITIONAL_URLS="https://adafruit.github.io/arduino-board-index/package_adafruit_index.json" +cache: + directories: + - ~/arduino_ide + - ~/.arduino15/packages/ +jobs: + include: + - env: + - ARCH="cortex-m0plus" + - CORE="adafruit:samd" + - BOARD="adafruit:samd:adafruit_feather_m0" + - DEPLOY=1 + - env: + - ARCH="cortex-m0plus" + - CORE="arduino:samd" + - BOARD="arduino:samd:mzero_bl" + - DEPLOY=0 + before_install: - - source <(curl -SLs https://raw.githubusercontent.com/adafruit/travis-ci-arduino/master/install.sh) + - curl -fsSL https://raw.githubusercontent.com/arduino/arduino-cli/master/install.sh | BINDIR=/usr/bin sudo sh + - arduino-cli core update-index --additional-urls $ADDITIONAL_URLS + - arduino-cli core install arduino:samd -v + - arduino-cli core install adafruit:samd -v --additional-urls $ADDITIONAL_URLS + - mkdir -p $HOME/Arduino/libraries + - git clone https://github.com/OPEnSLab-OSU/EthernetLarge.git $HOME/Arduino/libraries/EthernetLarge install: - - if [ ! -d "$HOME/arduino_ide/libraries/EthernetLarge" ]; then git clone https://github.com/OPEnSLab-OSU/EthernetLarge.git $HOME/arduino_ide/libraries/EthernetLarge; fi + - ln -s $PWD $HOME/Arduino/libraries/. script: - - build_platform zero \ No newline at end of file + - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/EthernetHTTPS + - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/EthernetMultiHTTPS +deploy: + - provider: script + script: bash .travis/upload_precompiled.sh + skip_cleanup: true + on: + tags: true + branch: develop + condition: $DEPLOY = 1 + \ No newline at end of file diff --git a/library.properties b/library.properties index 17f6405..3f10399 100644 --- a/library.properties +++ b/library.properties @@ -7,4 +7,5 @@ paragraph=including the Arduino EthernetClient and WiFiClient classes (though it category=Communication url=https://github.com/OPEnSLab-OSU/SSLClient architectures=samd -includes=SSLClient.h \ No newline at end of file +includes=SSLClient.h +dot_a_linkage=true \ No newline at end of file From a0f74b19a3a6116f3142411a965b8aabf808d2ad Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Wed, 6 Nov 2019 16:36:07 -0800 Subject: [PATCH 027/141] attempted to add autocompile and deploy feature --- .travis.yml | 22 +++++++++++++++------- .travis/library.properties | 12 ++++++++++++ 2 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 .travis/library.properties diff --git a/.travis.yml b/.travis.yml index 57f01e6..e604c7a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,12 +33,20 @@ install: script: - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/EthernetHTTPS - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/EthernetMultiHTTPS +before_deploy: + - mkdir src/$ARCH + - cp $(find /tmp/ -maxdepth 1 -type d -name "arduino-sketch*" -print)/libraries/SSLClient/SSLClient.a src/$ARCH/SSLClient.a + - cp .travis/library.properties library.properties + - find src/ -iname "*.c" -delete + - find src/ -iname "*.cpp" -delete + - zip -r SSLClient.zip . deploy: - - provider: script - script: bash .travis/upload_precompiled.sh - skip_cleanup: true - on: - tags: true - branch: develop - condition: $DEPLOY = 1 + provider: releases + api_key: "$GITHUB_TOKEN" + file: "SSLClient.zip" + skip_cleanup: true + on: + tags: true + branch: master + condition: $DEPLOY = 1 \ No newline at end of file diff --git a/.travis/library.properties b/.travis/library.properties new file mode 100644 index 0000000..3111be0 --- /dev/null +++ b/.travis/library.properties @@ -0,0 +1,12 @@ +name=SSLClient +version=1.3.0 +author=Noah Koontz +maintainer=OPEnS Lab +sentence=Arduino library to add SSL functionality to any Client class +paragraph=including the Arduino EthernetClient and WiFiClient classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. +category=Communication +url=https://github.com/OPEnSLab-OSU/SSLClient +architectures=samd +includes=SSLClient.h +precompiled=true +ldflags=-lSSLClient \ No newline at end of file From 0ca631c62752b3acfe7bb837ccdf224eed07e691 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Thu, 7 Nov 2019 09:41:27 -0800 Subject: [PATCH 028/141] update travis for autodeploy --- .travis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index e604c7a..5084d9a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -35,8 +35,9 @@ script: - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/EthernetMultiHTTPS before_deploy: - mkdir src/$ARCH - - cp $(find /tmp/ -maxdepth 1 -type d -name "arduino-sketch*" -print)/libraries/SSLClient/SSLClient.a src/$ARCH/SSLClient.a - - cp .travis/library.properties library.properties + - cp "$(find /tmp/ -maxdepth 1 -type d -name "arduino-sketch*" -print | head -n 1)/libraries/SSLClient/SSLClient.a" src/$ARCH/ + - cp .travis/library.properties . + - rm -rf .git - find src/ -iname "*.c" -delete - find src/ -iname "*.cpp" -delete - zip -r SSLClient.zip . From 00f78f18e868e8380d163d711e00308694fed355 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Thu, 7 Nov 2019 12:08:39 -0800 Subject: [PATCH 029/141] refactored SSLClient to use a reference to a client as opposed to an instance. --- README.md | 26 +- TrustAnchors.md | 2 +- examples/EthernetHTTPS/EthernetHTTPS.ino | 5 +- .../EthernetMultiHTTPS/EthernetMultiHTTPS.ino | 5 +- src/{SSLClientImpl.cpp => SSLClient.cpp} | 222 ++++++++--------- src/SSLClient.h | 229 ++++++++++++------ src/SSLClientImpl.h | 213 ---------------- src/SSLSession.cpp | 24 -- src/SSLSession.h | 55 +---- src/config.h | 5 +- 10 files changed, 281 insertions(+), 505 deletions(-) rename src/{SSLClientImpl.cpp => SSLClient.cpp} (85%) delete mode 100644 src/SSLClientImpl.h delete mode 100644 src/SSLSession.cpp diff --git a/README.md b/README.md index f37a77a..8231abc 100644 --- a/README.md +++ b/README.md @@ -19,18 +19,20 @@ Using SSLClient should be similar to using any other Arduino-based Client class, Once all those are ready, you can create a simple SSLClient object like this: ```C++ -SSLClient client(BaseClientInstance, TAs, (size_t)TAs_NUM, AnalogPin); +BaseClientType baseClientInstance; +SSLClient client(baseClientInstance, TAs, (size_t)TAs_NUM, AnalogPin); ``` Where: -* BaseClientType - The type of BaseClientInstance -* BaseClientInstance - An instance of the class you are using for SSLClient (the class associated with the network interface, from step 3) +* BaseClientType - The type of baseClientInstance +* BaseClientInstance - An instance of the class you are using for SSLClient (the class associated with the network interface, from step 3). It is important that this instance be stored *outside* the SSLClient declaration (for instance, `SSLClient(BaseClientType() ...)` wouldn't work). * TAs - The name of the trust anchor array created in step 2. If you generated a header using the tutorial this will probably be `TAs`. * TAs_NUM - The number of trust anchors in TAs. If you generated a header using the tutorial this will probably be `TAs_NUM`. * AnalogPin - The analog pin to pull random data from (step 4). For example, if I am using EthernetClient, a generated array of 2 trust anchors, and the analog pin A7, I would declare an SSLClient instance using: ```C++ -SSLClient client(EthernetClient(), TAs, 2, A7); +EthernetClient baseClient; +SSLClient client(baseClient, TAs, 2, A7); ``` Once that is setup, simply use SSLClient as you would the base client class: ```C++ @@ -62,7 +64,8 @@ Additionally, the bulk of SSLClient is split into two components: a template cla ### Logging SSLClient also allows for changing the debugging level by adding an additional parameter to the constructor: ```C++ -SSLClient client(EthernetClient(), TAs, (size_t)2, A7, SSL_INFO); +EthernetClient baseClient; +SSLClient client(baseClient, TAs, (size_t)2, A7, 1, SSLClient::SSL_INFO); ``` Logging is always outputted through the [Arduino Serial interface](https://www.arduino.cc/reference/en/language/functions/communication/serial/), so you'll need to setup Serial before you can view the SSL logs. Log levels are enumerated in ::DebugLevel. The log level is set to `SSL_WARN` by default. @@ -90,7 +93,8 @@ while (!client.available()) { /* ... */ } Notice that every single write() call immediately writes to the network, which is fine with most network clients. With SSL, however, if we are encrypting and writing to the network every write() call, this will result in a lot of small encryption tasks. Encryption takes a lot of time and code, so to reduce the overhead of an SSL connection, SSLClient::write implicitly buffers until the developer states that they are waiting for data to be received with SSLClient::available. A simple example can be found below: ```C++ -SSLClient client(EthernetClient(), TAs, 2, A7); +EthernetClient baseClient; +SSLClient client(baseClient, TAs, (size_t)2, A7); // ... // connect to ardiuino.cc over ssl (port 443 for websites) client.connect("www.arduino.cc", 443); @@ -114,17 +118,19 @@ In order to use SSL session resumption: * You must reuse the same SSLClient object (SSL Sessions are stored in the object itself). * You must reconnect to the exact same server. -SSLClient automatically stores an IP address and hostname in each session, ensuring that if you call `connect("www.google.com")` SSLClient will use a IP address that recognizes the SSL session instead of another IP address associated with `"www.google.com"`. However, because some websites have multiple servers on a single IP address (github.com being an example), you may find that even if you are connecting to the same host the connection does not resume. This is a flaw in the SSL session protocol — though it has been resolved in TLS 1.3, the lack of widespread adoption of the new protocol prevents it from being used here. SSL sessions can also expire based on server criteria, which will result in a standard 4-10 second connection. +SSLClient automatically stores an IP address and hostname in each session, ensuring that if you call `connect("www.google.com")` SSLClient will use the SSL session with that hostname. However, because some websites have multiple servers on a single IP address (github.com being an example), you may find that even if you are connecting to the same host the connection does not resume. This is a flaw in the SSL session protocol — though it has been resolved in TLS 1.3, the lack of widespread adoption of the new protocol prevents it from being used here. SSL sessions can also expire based on server criteria, which will result in a standard 4-10 second connection. You can test whether or not a website can resume SSL Sessions using the [Session Example](./examples/Session_Example/Session_Example.ino) included with this library. Because of all the confounding factors of SSL Sessions, it is generally prudent while programming to assume the session will always fail to resume. SSL sessions take a lot of memory to store, so by default SSLClient will only store one at a time. You can change this behavior by adding the following to your SSLClient declaration: ```C++ -SSLClient client(EthernetClient(), TAs, 2, A7); +EthernetClient baseClient; +SSLClient client(baseClient, TAs, (size_t)2, A7, SomeNumber); ``` Where `SomeNumber` is the number of sessions you would like to store. For example this declaration can store 3 sessions: ```C++ -SSLClient client(EthernetClient(), TAs, 2, A7); +EthernetClient baseClient; +SSLClient client(baseClient, TAs, (size_t)2, A7, 3); ``` Sessions are managed internally using the SSLSession::getSession function. This function will cycle through sessions in a rotating order, allowing the session cache to continually overwrite old sessions. In general, it is a good idea to use a SessionCache size equal to the number of domains you plan on connecting to. @@ -181,7 +187,7 @@ With this: ``` You may need to use `sudo` or administrator permissions to make this modification. We change `MAX_SOCK_NUM` and `ETHERNET_LARGE_BUFFERS` so the Ethernet hardware can allocate a larger space for SSLClient, however a downside of this modification is we are now only able to have two sockets concurrently. As most microprocessors barely have enough memory for one SSL connection, this limitation will rarely be encountered in practice. -### Random Data +### Seeding Random Data The SSL protocol requires that SSLClient generate some random bits before connecting with a server. BearSSL provides a random number generator but requires a [some entropy for a seed](https://bearssl.org/apidoc/bearssl__ssl_8h.html#a7d8e8de2afd49d6794eae02f56f81152). Normally this seed is generated by taking the microsecond time using the internal clock, however since most microcontrollers are not build with this feature another source must be found. As a simple solution, SSLClient uses a floating analog pin as an external source of random data, passed through to the constructor in the `analog_pin` argument. Before every connection, SSLClient will take the bottom byte from 16 analog reads on `analog_pin`, and combine these bytes into a 16 byte random number, which is used as a seed for BearSSL. To ensure the most random data, it is recommended that this analog pin be either floating or connected to a location not modifiable by the microcontroller (i.e. a battery voltage readout). ### Certificate Verification diff --git a/TrustAnchors.md b/TrustAnchors.md index a04e4cb..05cfa30 100644 --- a/TrustAnchors.md +++ b/TrustAnchors.md @@ -55,7 +55,7 @@ Once you've generated a trust anchor array, add it to your Arduino sketch using ```C++ #include "yourtrustanchorfile.h" // ... -SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin); +SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin); // ... ``` Where `yourtrustanchorfile.h` contains a generated trust anchor array names `TAs`, with length `TAs_NUM`. BearSSL will now automatically use these trust anchors when `SSLClient::connect` is called. \ No newline at end of file diff --git a/examples/EthernetHTTPS/EthernetHTTPS.ino b/examples/EthernetHTTPS/EthernetHTTPS.ino index 4ab030c..9250ced 100644 --- a/examples/EthernetHTTPS/EthernetHTTPS.ino +++ b/examples/EthernetHTTPS/EthernetHTTPS.ino @@ -42,7 +42,8 @@ const int rand_pin = A5; // Initialize the SSL client library // We input an EthernetClient, our trust anchors, and the analog pin -SSLClient client(EthernetClient(), TAs, (size_t)TAs_NUM, rand_pin); +EthernetClient base_client; +SSLClient client(base_client, TAs, (size_t)TAs_NUM, rand_pin); // Variables to measure the speed unsigned long beginMicros, endMicros; unsigned long byteCount = 0; @@ -95,8 +96,6 @@ void setup() { // specify the server and port, 443 is the standard port for HTTPS if (client.connect(server, 443)) { auto time = millis() - start; - Serial.print("connected to "); - Serial.println(client.remoteIP()); Serial.print("Took: "); Serial.println(time); // Make a HTTP request: diff --git a/examples/EthernetMultiHTTPS/EthernetMultiHTTPS.ino b/examples/EthernetMultiHTTPS/EthernetMultiHTTPS.ino index 08d919d..3c1d5a2 100644 --- a/examples/EthernetMultiHTTPS/EthernetMultiHTTPS.ino +++ b/examples/EthernetMultiHTTPS/EthernetMultiHTTPS.ino @@ -44,7 +44,8 @@ const int rand_pin = A5; // Initialize the SSL client library // We input an EthernetClient, our trust anchors, and the analog pin // Additionally specify that we want to store 2 sessions since we are connecting to 2 domains -SSLClient client(EthernetClient(), TAs, (size_t)TAs_NUM, rand_pin); +EthernetClient base_client; +SSLClient client(base_client, TAs, (size_t)TAs_NUM, rand_pin); // Variables to measure the speed unsigned long beginMicros, endMicros; unsigned long byteCount = 0; @@ -146,8 +147,6 @@ void connectSSL() { auto start = millis(); if (client.connect(server, 443)) { auto time = millis() - start; - Serial.print("connected to "); - Serial.println(client.remoteIP()); Serial.print("Took: "); Serial.println(time); // Make a HTTP request: diff --git a/src/SSLClientImpl.cpp b/src/SSLClient.cpp similarity index 85% rename from src/SSLClientImpl.cpp rename to src/SSLClient.cpp index a9cf890..783609a 100644 --- a/src/SSLClientImpl.cpp +++ b/src/SSLClient.cpp @@ -20,6 +20,7 @@ #include "SSLClient.h" +#if defined(ARDUINO_ARCH_SAMD) // system reset definitions static constexpr auto SYSRESETREQ = (1<<2); static constexpr auto VECTKEY = (0x05fa0000UL); @@ -29,6 +30,7 @@ static constexpr auto VECTKEY_MASK = (0x0000ffffUL); (*(uint32_t*)0xe000ed0cUL)=((*(uint32_t*)0xe000ed0cUL)&VECTKEY_MASK)|VECTKEY|SYSRESETREQ; while(1) { } } +#endif #ifdef __arm__ // should use uinstd.h to define sbrk but Due causes a conflict @@ -49,15 +51,22 @@ static int freeMemory() { #endif // __arm__ } -/* see SSLClientImpl.h */ -SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, - const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug) - : m_analog_pin(analog_pin) - , m_session_index(0) +/* see SSLClient.h */ +SSLClient::SSLClient( Client& client, + const br_x509_trust_anchor *trust_anchors, + const size_t trust_anchors_num, + const int analog_pin, + const size_t max_sessions, + const DebugLevel debug) + : m_client(client) + , m_sessions() + , m_max_sessions(max_sessions) + , m_analog_pin(analog_pin) , m_debug(debug) , m_is_connected(false) , m_write_idx(0) { - + + setTimeout(30*1000); // zero the iobuf just in case it's still garbage memset(m_iobuf, 0, sizeof m_iobuf); // initlalize the various bearssl libraries so they're ready to go when we connect @@ -69,8 +78,8 @@ SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, br_ssl_engine_set_buffer(&m_sslctx.eng, m_iobuf, sizeof m_iobuf, duplex); } -/* see SSLClientImpl.h*/ -int SSLClientImpl::connect_impl(IPAddress ip, uint16_t port) { +/* see SSLClient.h*/ +int SSLClient::connect(IPAddress ip, uint16_t port) { const char* func_name = __func__; // connection check if (get_arduino_client().connected()) { @@ -89,11 +98,11 @@ int SSLClientImpl::connect_impl(IPAddress ip, uint16_t port) { return 0; } m_info("Base client connected!", func_name); - return m_start_ssl(NULL, get_session_impl(NULL, ip)); + return m_start_ssl(nullptr); } -/* see SSLClientImpl.h*/ -int SSLClientImpl::connect_impl(const char *host, uint16_t port) { +/* see SSLClient.h*/ +int SSLClient::connect(const char *host, uint16_t port) { const char* func_name = __func__; // connection check if (get_arduino_client().connected()) { @@ -105,15 +114,7 @@ int SSLClientImpl::connect_impl(const char *host, uint16_t port) { m_write_idx = 0; // first, if we have a session, check if we're trying to resolve the same host // as before - bool connect_ok; - SSLSession& ses = get_session_impl(host, INADDR_NONE); - if (ses.is_valid_session()) { - // if so, then connect using the stored session - m_info("Connecting using a cached IP", func_name); - connect_ok = get_arduino_client().connect(ses.get_ip(), port); - } - // else connect with the provided hostname - else connect_ok = get_arduino_client().connect(host, port); + const bool connect_ok = get_arduino_client().connect(host, port); // first we need our hidden client member to negotiate the socket for us, // since most times socket functionality is implemented in hardeware. if (!connect_ok) { @@ -123,11 +124,11 @@ int SSLClientImpl::connect_impl(const char *host, uint16_t port) { } m_info("Base client connected!", func_name); // start ssl! - return m_start_ssl(host, ses); + return m_start_ssl(host, getSession(host)); } -/* see SSLClientImpl.h*/ -size_t SSLClientImpl::write_impl(const uint8_t *buf, size_t size) { +/* see SSLClient.h*/ +size_t SSLClient::write(const uint8_t *buf, size_t size) { const char* func_name = __func__; // check if the socket is still open and such if (!m_soft_connected(func_name) || !buf || !size) return 0; @@ -169,8 +170,8 @@ size_t SSLClientImpl::write_impl(const uint8_t *buf, size_t size) { return size; } -/* see SSLClientImpl.h*/ -int SSLClientImpl::available_impl() { +/* see SSLClient.h*/ +int SSLClient::available() { const char* func_name = __func__; // connection check if (!m_soft_connected(func_name)) return 0; @@ -190,10 +191,10 @@ int SSLClientImpl::available_impl() { return 0; } -/* see SSLClientImpl.h */ -int SSLClientImpl::read_impl(uint8_t *buf, size_t size) { +/* see SSLClient.h */ +int SSLClient::read(uint8_t *buf, size_t size) { // check that the engine is ready to read - if (available_impl() <= 0 || !size) return -1; + if (available() <= 0 || !size) return -1; // read the buffer, send the ack, and return the bytes read size_t alen; unsigned char* br_buf = br_ssl_engine_recvapp_buf(&m_sslctx.eng, &alen); @@ -205,10 +206,10 @@ int SSLClientImpl::read_impl(uint8_t *buf, size_t size) { return read_amount; } -/* see SSLClientImpl.h */ -int SSLClientImpl::peek_impl() { +/* see SSLClient.h */ +int SSLClient::peek() { // check that the engine is ready to read - if (available_impl() <= 0) return -1; + if (available() <= 0) return -1; // read the buffer, send the ack, and return the bytes read size_t alen; uint8_t read_num; @@ -217,15 +218,14 @@ int SSLClientImpl::peek_impl() { return (int)read_num; } -/* see SSLClientImpl.h */ -void SSLClientImpl::flush_impl() { +/* see SSLClient.h */ +void SSLClient::flush() { if (m_write_idx > 0) if(m_run_until(BR_SSL_RECVAPP) < 0) m_error("Could not flush write buffer!", __func__); } -/* see SSLClientImpl.h */ -void SSLClientImpl::stop_impl() { - const char* func_name = __func__; +/* see SSLClient.h */ +void SSLClient::stop() { // tell the SSL connection to gracefully close br_ssl_engine_close(&m_sslctx.eng); // if the engine isn't closed, and the socket is still open @@ -240,7 +240,7 @@ void SSLClientImpl::stop_impl() { */ size_t len; - if (br_ssl_engine_recvapp_buf(&m_sslctx.eng, &len) != NULL) { + if (br_ssl_engine_recvapp_buf(&m_sslctx.eng, &len) != nullptr) { br_ssl_engine_recvapp_ack(&m_sslctx.eng, len); } } @@ -251,8 +251,8 @@ void SSLClientImpl::stop_impl() { m_is_connected = false; } -/* see SSLClientImpl.h */ -uint8_t SSLClientImpl::connected_impl() { +/* see SSLClient.h */ +uint8_t SSLClient::connected() { const char* func_name = __func__; // check all of the error cases const auto c_con = get_arduino_client().connected(); @@ -273,7 +273,7 @@ uint8_t SSLClientImpl::connected_impl() { // we are not connected m_is_connected = false; // set the write error so the engine doesn't try to close the connection - stop_impl(); + stop(); } else if (!wr_ok) { m_error("Not connected because write error is set", func_name); @@ -282,38 +282,32 @@ uint8_t SSLClientImpl::connected_impl() { return c_con && br_con; } -/* see SSLClientImpl.h */ -SSLSession& SSLClientImpl::get_session_impl(const char* host, const IPAddress& addr) { +/* see SSLClient.h */ +SSLSession* SSLClient::getSession(const char* host) { const char* func_name = __func__; // search for a matching session with the IP - int temp_index = m_get_session_index(host, addr); + int temp_index = m_get_session_index(host); // if none are availible, use m_session_index - if (temp_index == -1) { - temp_index = m_session_index; - // reset the session so we don't try to send one sites session to another - get_session_array()[temp_index].clear_parameters(); - } - // increment m_session_index so the session cache is a circular buffer - if (temp_index == m_session_index && ++m_session_index >= getSessionCount()) m_session_index = 0; + if (temp_index < 0) return nullptr; // return the pointed to value m_info("Using session index: ", func_name); m_info(temp_index, func_name); - return get_session_array()[temp_index]; + return &(m_sessions[temp_index]); } -/* see SSLClientImpl.h */ -void SSLClientImpl::remove_session_impl(const char* host, const IPAddress& addr) { +/* see SSLClient.h */ +void SSLClient::removeSession(const char* host) { const char* func_name = __func__; - int temp_index = m_get_session_index(host, addr); - if (temp_index != -1) { + int temp_index = m_get_session_index(host); + if (temp_index >= 0) { m_info(" Deleted session ", func_name); m_info(temp_index, func_name); - get_session_array()[temp_index].clear_parameters(); + m_sessions.erase(m_sessions.begin() + static_cast(temp_index)); } } -/* see SSLClientImpl.h */ -void SSLClientImpl::set_mutual_impl(const SSLClientParameters* params) { +/* see SSLClient.h */ +void SSLClient::setMutualAuthParams(const SSLClientParameters* params) { // if mutual authentication if needed, configure bearssl to support it. if (params != nullptr) br_ssl_client_set_single_ec( &m_sslctx, @@ -326,7 +320,7 @@ void SSLClientImpl::set_mutual_impl(const SSLClientParameters* params) { &br_ecdsa_i15_sign_asn1); } -bool SSLClientImpl::m_soft_connected(const char* func_name) { +bool SSLClient::m_soft_connected(const char* func_name) { // check if the socket is still open and such if (getWriteError()) { m_error("Cannot operate if the write error is not reset: ", func_name); @@ -343,8 +337,8 @@ bool SSLClientImpl::m_soft_connected(const char* func_name) { return true; } -/* see SSLClientImpl.h */ -int SSLClientImpl::m_start_ssl(const char* host, SSLSession& ssl_ses) { +/* see SSLClient.h */ +int SSLClient::m_start_ssl(const char* host, SSLSession* ssl_ses) { const char* func_name = __func__; // clear the write error setWriteError(SSL_OK); @@ -352,11 +346,12 @@ int SSLClientImpl::m_start_ssl(const char* host, SSLSession& ssl_ses) { // we want 128 bits to be safe, as recommended by the bearssl docs uint8_t rng_seeds[16]; // take the bottom 8 bits of the analog read - for (uint8_t i = 0; i < sizeof rng_seeds; i++) rng_seeds[i] = static_cast(analogRead(m_analog_pin)); + for (uint8_t i = 0; i < sizeof rng_seeds; i++) + rng_seeds[i] = static_cast(analogRead(m_analog_pin)); br_ssl_engine_inject_entropy(&m_sslctx.eng, rng_seeds, sizeof rng_seeds); // inject session parameters for faster reconnection, if we have any - if(ssl_ses.is_valid_session()) { - br_ssl_engine_set_session_parameters(&m_sslctx.eng, ssl_ses.to_br_session()); + if(ssl_ses != nullptr) { + br_ssl_engine_set_session_parameters(&m_sslctx.eng, ssl_ses->to_br_session()); m_info("Set SSL session!", func_name); } // reset the engine, but make sure that it reset successfully @@ -379,24 +374,27 @@ int SSLClientImpl::m_start_ssl(const char* host, SSLSession& ssl_ses) { m_is_connected = true; // all good to go! the SSL socket should be up and running // overwrite the session we got with new parameters - br_ssl_engine_get_session_parameters(&m_sslctx.eng, ssl_ses.to_br_session()); - // print the cipher suite - m_info("Used cipher suite: ", func_name); - m_info(ssl_ses.cipher_suite, func_name); - // set the hostname and ip in the session as well - ssl_ses.set_parameters(remoteIP(), host); + if (ssl_ses != nullptr) + br_ssl_engine_get_session_parameters(&m_sslctx.eng, ssl_ses->to_br_session()); + else if (host != nullptr) { + if (m_sessions.size() >= m_max_sessions) + m_sessions.erase(m_sessions.begin()); + SSLSession session(host); + br_ssl_engine_get_session_parameters(&m_sslctx.eng, session.to_br_session()); + m_sessions.push_back(session); + } return 1; } -/* see SSLClientImpl.h*/ -int SSLClientImpl::m_run_until(const unsigned target) { +/* see SSLClient.h */ +int SSLClient::m_run_until(const unsigned target) { const char* func_name = __func__; unsigned lastState = 0; size_t lastLen = 0; const unsigned long start = millis(); for (;;) { unsigned state = m_update_engine(); - // error check + // error check if (state == BR_SSL_CLOSED || getWriteError() != SSL_OK) { return -1; } @@ -404,7 +402,7 @@ int SSLClientImpl::m_run_until(const unsigned target) { if (millis() - start > getTimeout()) { m_error("SSL internals timed out! This could be an internal error, bad data sent from the server, or data being discarded due to a buffer overflow. If you are using Ethernet, did you modify the library properly (see README)?", func_name); setWriteError(SSL_BR_WRITE_ERROR); - stop_impl(); + stop(); return -1; } // debug @@ -448,7 +446,7 @@ int SSLClientImpl::m_run_until(const unsigned target) { */ if (state & BR_SSL_RECVAPP && target & BR_SSL_SENDAPP) { size_t len; - if (br_ssl_engine_recvapp_buf(&m_sslctx.eng, &len) != NULL) { + if (br_ssl_engine_recvapp_buf(&m_sslctx.eng, &len) != nullptr) { m_write_idx = 0; m_warn("Discarded unread data to favor a write operation", func_name); br_ssl_engine_recvapp_ack(&m_sslctx.eng, len); @@ -457,7 +455,7 @@ int SSLClientImpl::m_run_until(const unsigned target) { else { m_error("SSL engine state is RECVAPP, however the buffer was null! (This is a problem with BearSSL internals)", func_name); setWriteError(SSL_BR_WRITE_ERROR); - stop_impl(); + stop(); return -1; } } @@ -473,8 +471,8 @@ int SSLClientImpl::m_run_until(const unsigned target) { } } -/* see SSLClientImpl.h*/ -unsigned SSLClientImpl::m_update_engine() { +/* see SSLClient.h*/ +unsigned SSLClient::m_update_engine() { const char* func_name = __func__; for(;;) { // get the state @@ -491,26 +489,21 @@ unsigned SSLClientImpl::m_update_engine() { buf = br_ssl_engine_sendrec_buf(&m_sslctx.eng, &len); wlen = get_arduino_client().write(buf, len); - // let the chip recover - if (wlen < 0) { - m_error("Error writing to m_client", func_name); - m_error(get_arduino_client().getWriteError(), func_name); - setWriteError(SSL_CLIENT_WRTIE_ERROR); - /* - * If we received a close_notify and we - * still send something, then we have our - * own response close_notify to send, and - * the peer is allowed by RFC 5246 not to - * wait for it. - */ - if (!&m_sslctx.eng.shutdown_recv) return 0; - stop_impl(); + if (wlen <= 0) { + // if the arduino client encountered an error + if (get_arduino_client().getWriteError() || !get_arduino_client().connected()) { + m_error("Error writing to m_client", func_name); + m_error(get_arduino_client().getWriteError(), func_name); + setWriteError(SSL_CLIENT_WRTIE_ERROR); + } + // else presumably the socket just closed itself, so just stop the engine + stop(); return 0; } if (wlen > 0) { br_ssl_engine_sendrec_ack(&m_sslctx.eng, wlen); } - continue; + continue; } /* @@ -525,7 +518,7 @@ unsigned SSLClientImpl::m_update_engine() { m_error(br_ssl_engine_current_state(&m_sslctx.eng), func_name); m_error(br_ssl_engine_last_error(&m_sslctx.eng), func_name); setWriteError(SSL_BR_WRITE_ERROR); - stop_impl(); + stop(); return 0; } // else time to send the application data @@ -533,17 +526,17 @@ unsigned SSLClientImpl::m_update_engine() { size_t alen; unsigned char *buf = br_ssl_engine_sendapp_buf(&m_sslctx.eng, &alen); // engine check - if (alen == 0 || buf == NULL) { + if (alen == 0 || buf == nullptr) { m_error("Engine set write flag but returned null buffer", func_name); setWriteError(SSL_BR_WRITE_ERROR); - stop_impl(); + stop(); return 0; } // sanity check if (alen < m_write_idx) { m_error("Alen is less than m_write_idx", func_name); setWriteError(SSL_INTERNAL_ERROR); - stop_impl(); + stop(); return 0; } // all good? lets send the data @@ -570,8 +563,9 @@ unsigned SSLClientImpl::m_update_engine() { unsigned char * buf = br_ssl_engine_recvrec_buf(&m_sslctx.eng, &len); // do we have the record you're looking for? const auto avail = get_arduino_client().available(); - if (avail > 0 && avail >= len) { + if (avail > 0 && static_cast(avail) >= len) { int mem = freeMemory(); +#if defined(ARDUINO_ARCH_SAMD) // check for a stack overflow // if the stack overflows we basically have to crash, and // hope the user is ok with that @@ -581,6 +575,7 @@ unsigned SSLClientImpl::m_update_engine() { // software reset RESET(); } +#endif // debug info m_info("Memory: ", func_name); m_info(mem, func_name); @@ -591,7 +586,7 @@ unsigned SSLClientImpl::m_update_engine() { if(mem < 7000) { m_error("Out of memory! Decrease the number of sessions or the size of m_iobuf", func_name); setWriteError(SSL_OUT_OF_MEMORY); - stop_impl(); + stop(); return 0; } // I suppose so! @@ -600,7 +595,7 @@ unsigned SSLClientImpl::m_update_engine() { m_error("Error reading bytes from m_client. Write Error: ", func_name); m_error(get_arduino_client().getWriteError(), func_name); setWriteError(SSL_CLIENT_WRTIE_ERROR); - stop_impl(); + stop(); return 0; } if (rlen > 0) { @@ -626,19 +621,14 @@ unsigned SSLClientImpl::m_update_engine() { } /* see SSLClientImpl.h */ -int SSLClientImpl::m_get_session_index(const char* host, const IPAddress& addr) const { +int SSLClient::m_get_session_index(const char* host) const { const char* func_name = __func__; + if(host == nullptr) return -1; // search for a matching session with the IP for (uint8_t i = 0; i < getSessionCount(); i++) { // if we're looking at a real session - if (get_session_array()[i].is_valid_session() - && ( - // and the hostname matches, or - (host != NULL && get_session_array()[i].get_hostname().equals(host)) - // there is no hostname and the IP address matches - || (host == NULL && addr == get_session_array()[i].get_ip()) - )) { - m_info(get_session_array()[i].get_hostname(), func_name); + if (m_sessions[i].get_hostname().equals(host)) { + m_info(m_sessions[i].get_hostname(), func_name); return i; } } @@ -646,8 +636,8 @@ int SSLClientImpl::m_get_session_index(const char* host, const IPAddress& addr) return -1; } -/* See SSLClientImpl.h */ -void SSLClientImpl::m_print_prefix(const char* func_name, const DebugLevel level) const +/* See SSLClient.h */ +void SSLClient::m_print_prefix(const char* func_name, const DebugLevel level) const { // print the sslclient prefix Serial.print("(SSLClient)"); @@ -664,8 +654,8 @@ void SSLClientImpl::m_print_prefix(const char* func_name, const DebugLevel level Serial.print("): "); } -/* See SSLClientImpl.h */ -void SSLClientImpl::m_print_ssl_error(const int ssl_error, const DebugLevel level) const { +/* See SSLClient.h */ +void SSLClient::m_print_ssl_error(const int ssl_error, const DebugLevel level) const { if (level > m_debug) return; m_print_prefix(__func__, level); switch(ssl_error) { @@ -679,8 +669,8 @@ void SSLClientImpl::m_print_ssl_error(const int ssl_error, const DebugLevel leve } } -/* See SSLClientImpl.h */ -void SSLClientImpl::m_print_br_error(const unsigned br_error_code, const DebugLevel level) const { +/* See SSLClient.h */ +void SSLClient::m_print_br_error(const unsigned br_error_code, const DebugLevel level) const { if (level > m_debug) return; m_print_prefix(__func__, level); switch (br_error_code) { @@ -744,4 +734,4 @@ void SSLClientImpl::m_print_br_error(const unsigned br_error_code, const DebugLe case BR_ERR_X509_NOT_TRUSTED: Serial.println("Chain could not be linked to a trust anchor."); break; default: Serial.println("Unknown error code."); break; } -} \ No newline at end of file +} diff --git a/src/SSLClient.h b/src/SSLClient.h index 6c635e1..89954cb 100644 --- a/src/SSLClient.h +++ b/src/SSLClient.h @@ -19,10 +19,10 @@ */ #include "Client.h" -#include "SSLClientImpl.h" #include "SSLSession.h" #include "SSLClientParameters.h" #include "SSLObj.h" +#include #ifndef SSLClient_H_ #define SSLClient_H_ @@ -32,26 +32,49 @@ * Check out README.md for more info. */ -template -class SSLClient : public SSLClientImpl { -/* - * static checks - * I'm a java developer, so I want to ensure that my inheritance is safe. - * These checks ensure that all the functions we use on class C are - * actually present on class C. It does this by checking that the - * class inherits from Client. - * - * Additionally, I ran into a lot of memory issues with large sessions caches. - * Since each session contains at max 352 bytes of memory, they eat of the - * stack quite quickly and can cause overflows. As a result, I have added a - * warning here to discourage the use of more than 3 sessions at a time. Any - * amount past that will require special modification of this library, and - * assumes you know what you are doing. - */ -static_assert(SessionCache > 0 && SessionCache < 255, "There can be no less than one and no more than 255 sessions in the cache!"); -static_assert(SessionCache <= 3, "You need to decrease the size of m_iobuf in order to have more than 3 sessions at once, otherwise memory issues will occur."); - +class SSLClient : public Client { public: + /** + * @brief Static constants defining the possible errors encountered. + * + * If SSLClient encounters an error, it will generally output + * logs into the serial monitor. If you need a way of programmatically + * checking the errors, you can do so with SSLClient::getWriteError(), + * which will return one of these values. + */ + enum Error { + SSL_OK = 0, + /** The underlying client failed to connect, probably not an issue with SSL */ + SSL_CLIENT_CONNECT_FAIL, + /** BearSSL failed to complete the SSL handshake, check logs for bear ssl error output */ + SSL_BR_CONNECT_FAIL, + /** The underlying client failed to write a payload, probably not an issue with SSL */ + SSL_CLIENT_WRTIE_ERROR, + /** An internal error occurred with BearSSL, check logs for diagnosis. */ + SSL_BR_WRITE_ERROR, + /** An internal error occurred with SSLClient, and you probably need to submit an issue on Github. */ + SSL_INTERNAL_ERROR, + /** SSLClient detected that there was not enough memory (>8000 bytes) to continue. */ + SSL_OUT_OF_MEMORY + }; + + /** + * @brief Level of verbosity used in logging for SSLClient. + * + * Use these values when initializing SSLClient to set how many logs you + * would like to see in the Serial monitor. + */ + enum DebugLevel { + /** No logging output */ + SSL_NONE = 0, + /** Only output errors that result in connection failure */ + SSL_ERROR = 1, + /** Output errors and warnings (useful when just starting to develop) */ + SSL_WARN = 2, + /** Output errors, warnings, and internal information (very verbose) */ + SSL_INFO = 3, + }; + /** * @brief Initialize SSLClient with all of the prerequisites needed. * @@ -66,25 +89,18 @@ public: * of the SSL server certificate. Check out TrustAnchors.md for more info. * @param trust_anchors_num The number of objects in the trust_anchors array. * @param analog_pin An analog pin to pull random bytes from, used in seeding the RNG. + * @param max_sessions The maximum number of SSL sessions to store connection information from. * @param debug The level of debug logging (use the ::DebugLevel enum). - * @param mutual_auth_params Configuration to use for mutual authentication, nullptr to disable mutual auth. (see ::SSLClientParameters). */ - explicit SSLClient( const C& client, + explicit SSLClient( Client& client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, - const DebugLevel debug = SSL_WARN) - : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug) - , m_client(client) - , m_sessions{} - { - // set the timeout to a reasonable number (it can always be changes later) - // SSL Connections take a really long time so we don't want to time out a legitimate thing - setTimeout(30 * 1000); - } + const size_t max_sessions = 1, + const DebugLevel debug = SSL_WARN); //======================================== - //= Functions implemented in SSLClientImpl + //= Functions implemented in SSLClient.cpp //======================================== /** @@ -126,7 +142,7 @@ public: * @param port the port to connect to * @returns 1 if success, 0 if failure */ - int connect(IPAddress ip, uint16_t port) override { return connect_impl(ip, port); } + int connect(IPAddress ip, uint16_t port) override; /** * @brief Connect over SSL to a host specified by a hostname. @@ -164,10 +180,8 @@ public: * @param port The port to connect to on the host (443 for HTTPS) * @returns 1 of success, 0 if failure */ - int connect(const char *host, uint16_t port) override { return connect_impl(host, port); } + int connect(const char *host, uint16_t port) override; - /** @see SSLClient::write(uint8_t*, size_t) */ - size_t write(uint8_t b) override { return write_impl(&b, 1); } /** * @brief Write some bytes to the SSL connection * @@ -191,7 +205,9 @@ public: * @returns The number of bytes copied to the buffer (size), or zero if the BearSSL engine * fails to become ready for writing data. */ - size_t write(const uint8_t *buf, size_t size) override { return write_impl(buf, size); } + size_t write(const uint8_t *buf, size_t size) override; + /** @see SSLClient::write(uint8_t*, size_t) */ + size_t write(uint8_t b) override { return write(&b, 1); } /** * @brief Returns the number of bytes available to read from the data that has been received and decrypted. @@ -211,13 +227,8 @@ public: * @returns The number of bytes available (can be zero), or zero if any of the pre * conditions aren't satisfied. */ - int available() override { return available_impl(); } + int available() override; - /** - * @brief Read a single byte, or -1 if none is available. - * @see SSLClient::read(uint8_t*, size_t) - */ - int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; }; /** * @brief Read size bytes from the SSL client buffer, copying them into *buf, and return the number of bytes read. * @@ -239,7 +250,12 @@ public: * * @returns The number of bytes copied (<= size), or -1 if the preconditions are not satisfied. */ - int read(uint8_t *buf, size_t size) override { return read_impl(buf, size); } + int read(uint8_t *buf, size_t size) override; + /** + * @brief Read a single byte, or -1 if none is available. + * @see SSLClient::read(uint8_t*, size_t) + */ + int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; }; /** * @brief View the first byte of the buffer, without removing it from the SSLClient Buffer @@ -249,7 +265,7 @@ public: * @returns The first byte received, or -1 if the preconditions are not satisfied (warning: * do not use if your data may be -1, as the return value is ambiguous) */ - int peek() override { return peek_impl(); } + int peek() override; /** * @brief Force writing the buffered bytes from SSLClient::write to the network. @@ -258,7 +274,7 @@ public: * an explanation of how writing with SSLClient works, please see SSLClient::write. * The implementation for this function can be found in SSLClientImpl::flush. */ - void flush() override { return flush_impl(); } + void flush() override; /** * @brief Close the connection @@ -268,7 +284,7 @@ public: * error was encountered previously, this function will simply call m_client::stop. * The implementation for this function can be found in SSLClientImpl::peek. */ - void stop() override { return stop_impl(); } + void stop() override; /** * @brief Check if the device is connected. @@ -283,7 +299,7 @@ public: * * @returns 1 if connected, 0 if not */ - uint8_t connected() override { return connected_impl(); } + uint8_t connected() override; //======================================== //= Functions Not in the Client Interface @@ -297,7 +313,7 @@ public: * * @pre SSLClient has not already started an SSL connection. */ - void setMutualAuthParams(const SSLClientParameters* params) { return set_mutual_impl(params); } + void setMutualAuthParams(const SSLClientParameters* params); /** * @brief Gets a session reference corresponding to a host and IP, or a reference to a empty session if none exist @@ -311,26 +327,26 @@ public: * * @param host A hostname c string, or NULL if one is not available * @param addr An IP address - * @returns A reference to an SSLSession object + * @returns A pointer to the SSLSession, or NULL of none matched the criteria available */ - SSLSession& getSession(const char* host, const IPAddress& addr) { return get_session_impl(host, addr); } + SSLSession* getSession(const char* host); /** * @brief Clear the session corresponding to a host and IP * * The implementation for this function can be found at SSLClientImpl::remove_session_impl. * - * @param host A hostname c string, or NULL if one is not available + * @param host A hostname c string, or nullptr if one is not available * @param addr An IP address */ - void removeSession(const char* host, const IPAddress& addr) { return remove_session_impl(host, addr); } + void removeSession(const char* host); /** * @brief Get the maximum number of SSL sessions that can be stored at once * * @returns The SessionCache template parameter. */ - size_t getSessionCount() const override { return SessionCache; } + size_t getSessionCount() const { return m_sessions.size(); } /** * @brief Equivalent to SSLClient::connected() > 0 @@ -338,37 +354,92 @@ public: * @returns true if connected, false if not */ operator bool() { return connected() > 0; } - /** @see SSLClient::operator bool */ - bool operator==(const bool value) { return bool() == value; } - /** @see SSLClient::operator bool */ - bool operator!=(const bool value) { return bool() != value; } - /** @brief Returns whether or not two SSLClient objects have the same underlying client object */ - bool operator==(const C& rhs) { return m_client == rhs; } - /** @brief Returns whether or not two SSLClient objects do not have the same underlying client object */ - bool operator!=(const C& rhs) { return m_client != rhs; } - /** @brief Returns the local port, if C::localPort exists */ - uint16_t localPort() override { return m_client.localPort(); } - /** @brief Returns the remote IP, if C::remoteIP exists. */ - IPAddress remoteIP() override { return m_client.remoteIP(); } - /** @brief Returns the remote port, if C::remotePort exists. Else return 0. */ - uint16_t remotePort() override { return m_client.remotePort(); } /** @brief Returns a reference to the client object stored in this class. Take care not to break it. */ - C& getClient() { return m_client; } - -protected: - /** @brief Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl */ - Client& get_arduino_client() override { return m_client; } - const Client& get_arduino_client() const override { return m_client; } - /** @brief Returns an instance of the session array that is on the stack */ - SSLSession* get_session_array() override { return m_sessions; } - const SSLSession* get_session_array() const override { return m_sessions; } + Client& getClient() { return m_client; } private: + /** @brief Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl */ + Client& get_arduino_client() { return m_client; } + const Client& get_arduino_client() const { return m_client; } + + /** Returns whether or not the engine is connected, without polling the client over SPI or other (as opposed to connected()) */ + bool m_soft_connected(const char* func_name); + /** start the ssl engine on the connected client */ + int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr); + /** run the bearssl engine until a certain state */ + int m_run_until(const unsigned target); + /** proxy for available that returns the state */ + unsigned m_update_engine(); + /** utility function to find a session index based off of a host and IP */ + int m_get_session_index(const char* host) const; + + /** @brief Prints a debugging prefix to all logs, so we can attatch them to useful information */ + void m_print_prefix(const char* func_name, const DebugLevel level) const; + + /** @brief Prints the string associated with a write error */ + void m_print_ssl_error(const int ssl_error, const DebugLevel level) const; + + /** @brief Print the text string associated with a BearSSL error code */ + void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const; + + /** @brief debugging print function, only prints if m_debug is true */ + template + void m_print(const T str, const char* func_name, const DebugLevel level) const { + // check the current debug level and serial status + if (level > m_debug || !Serial) return; + // print prefix + m_print_prefix(func_name, level); + // print the message + Serial.println(str); + } + + /** @brief Prints a info message to serial, if info messages are enabled */ + template + void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); } + + template + void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); } + + template + void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); } + + //============================================ + //= Data Members + //============================================ // create a copy of the client - C m_client; + Client& m_client; // also store an array of SSLSessions, so we can resume communication with multiple websites - SSLSession m_sessions[SessionCache]; + std::vector m_sessions; + // as well as the maximmum number of sessions we can store + const size_t m_max_sessions; + // store the pin to fetch an RNG see from + const int m_analog_pin; + // store whether to enable debug logging + const DebugLevel m_debug; + // store if we are connected in bearssl or not + bool m_is_connected; + // store the context values required for SSL + br_ssl_client_context m_sslctx; + br_x509_minimal_context m_x509ctx; + // use a mono-directional buffer by default to cut memory in half + // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI + // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically + // simply edit this value to change the buffer size to the desired value + // additionally, we need to correct buffer size based off of how many sessions we decide to cache + // since SSL takes so much memory if we don't it will cause the stack and heap to collide + /** + * @brief The internal buffer to use with BearSSL. + * This buffer controls how much data BearSSL can encrypt/decrypt at a given time. It can be expanded + * or shrunk to [255, BR_SSL_BUFSIZE_BIDI], depending on the memory and speed needs of your application. + * As a rule of thumb SSLClient will fail if it does not have at least 8000 bytes when starting a + * connection. + */ + unsigned char m_iobuf[2048]; + // store the index of where we are writing in the buffer + // so we can send our records all at once to prevent + // weird timing issues + size_t m_write_idx; }; #endif /** SSLClient_H_ */ \ No newline at end of file diff --git a/src/SSLClientImpl.h b/src/SSLClientImpl.h deleted file mode 100644 index 931ad77..0000000 --- a/src/SSLClientImpl.h +++ /dev/null @@ -1,213 +0,0 @@ -/* Copyright 2019 OSU OPEnS Lab - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of this - * software and associated documentation files (the "Software"), to deal in the Software - * without restriction, including without limitation the rights to use, copy, modify, - * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to the following - * conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, - * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A - * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION - * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -#include "bearssl.h" -#include "Arduino.h" -#include "Client.h" -#include "SSLSession.h" -#include "SSLClientParameters.h" - -#ifndef SSLClientImpl_H_ -#define SSLClientImpl_H_ - -/** - * @brief Static constants defining the possible errors encountered. - * - * If SSLClient encounters an error, it will generally output - * logs into the serial monitor. If you need a way of programmatically - * checking the errors, you can do so with SSLClient::getWriteError(), - * which will return one of these values. - */ -enum Error { - SSL_OK = 0, - /** The underlying client failed to connect, probably not an issue with SSL */ - SSL_CLIENT_CONNECT_FAIL, - /** BearSSL failed to complete the SSL handshake, check logs for bear ssl error output */ - SSL_BR_CONNECT_FAIL, - /** The underlying client failed to write a payload, probably not an issue with SSL */ - SSL_CLIENT_WRTIE_ERROR, - /** An internal error occurred with BearSSL, check logs for diagnosis. */ - SSL_BR_WRITE_ERROR, - /** An internal error occurred with SSLClient, and you probably need to submit an issue on Github. */ - SSL_INTERNAL_ERROR, - /** SSLClient detected that there was not enough memory (>8000 bytes) to continue. */ - SSL_OUT_OF_MEMORY -}; - -/** - * @brief Level of verbosity used in logging for SSLClient. - * - * Use these values when initializing SSLClient to set how many logs you - * would like to see in the Serial monitor. - */ -enum DebugLevel { - /** No logging output */ - SSL_NONE = 0, - /** Only output errors that result in connection failure */ - SSL_ERROR = 1, - /** Output errors and warnings (useful when just starting to develop) */ - SSL_WARN = 2, - /** Output errors, warnings, and internal information (very verbose) */ - SSL_INFO = 3, -}; - -/** @brief Implementation code to be inherited by SSLClient */ -class SSLClientImpl : public Client { -public: - /** @see SSLClient::SSLClient */ - explicit SSLClientImpl(const br_x509_trust_anchor *trust_anchors, - const size_t trust_anchors_num, const int analog_pin, - const DebugLevel debug); - - /** @see SSLClient::SSLClient */ - explicit SSLClientImpl(const br_x509_trust_anchor *trust_anchors, - const size_t trust_anchors_num, const int analog_pin, - const DebugLevel debug, const SSLClientParameters* mutual_auth_params); - - //============================================ - //= Functions implemented in SSLClientImpl.cpp - //============================================ - - /** @see SSLClient::connect(IPAddress, uint16_t) */ - int connect_impl(IPAddress ip, uint16_t port); - /** @see SSLClient::connect(const char*, uint16_t) */ - int connect_impl(const char *host, uint16_t port); - /** @see SSLClient::write(const uint8_t*, size_t) */ - size_t write_impl(const uint8_t *buf, size_t size); - /** @see SSLClient::available */ - int available_impl(); - /** @see SSLClient::read(uint8_t*, size_t) */ - int read_impl(uint8_t *buf, size_t size); - /** @see SSLClient::peek */ - int peek_impl(); - /** @see SSLClient::flush */ - void flush_impl(); - /** @see SSLClient::stop */ - void stop_impl(); - /** @see SSLClient::connected */ - uint8_t connected_impl(); - /** @see SSLClient::getSession */ - SSLSession& get_session_impl(const char* host, const IPAddress& addr); - /** @see SSLClient::removeSession */ - void remove_session_impl(const char* host, const IPAddress& addr); - /** @see SSLClient::setMutualAuthParams */ - void set_mutual_impl(const SSLClientParameters* params); - //============================================ - //= Functions implemented in SSLClient.h - //============================================ - /** @see SSLClient::localPort */ - virtual uint16_t localPort() = 0; - /** @see SSLClient::remoteIP */ - virtual IPAddress remoteIP() = 0; - /** @see SSLClient::localPort */ - virtual uint16_t remotePort() = 0; - /** @see SSLClient::getSessionCount */ - virtual size_t getSessionCount() const = 0; - -protected: - /** @see SSLClient::get_arduino_client */ - virtual Client& get_arduino_client() = 0; - virtual const Client& get_arduino_client() const = 0; - /** @see SSLClient::get_session_array */ - virtual SSLSession* get_session_array() = 0; - virtual const SSLSession* get_session_array() const = 0; - - //============================================ - //= Functions implemented in SSLClientImpl.cpp - //============================================ - - /** @brief Prints a debugging prefix to all logs, so we can attatch them to useful information */ - void m_print_prefix(const char* func_name, const DebugLevel level) const; - - /** @brief Prints the string associated with a write error */ - void m_print_ssl_error(const int ssl_error, const DebugLevel level) const; - - /** @brief Print the text string associated with a BearSSL error code */ - void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const; - - /** @brief debugging print function, only prints if m_debug is true */ - template - void m_print(const T str, const char* func_name, const DebugLevel level) const { - // check the current debug level and serial status - if (level > m_debug || !Serial) return; - // print prefix - m_print_prefix(func_name, level); - // print the message - Serial.println(str); - } - - /** @brief Prints a info message to serial, if info messages are enabled */ - template - void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); } - - template - void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); } - - template - void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); } - -private: - /** Returns whether or not the engine is connected, without polling the client over SPI or other (as opposed to connected()) */ - bool m_soft_connected(const char* func_name); - /** start the ssl engine on the connected client */ - int m_start_ssl(const char* host, SSLSession& ssl_ses); - /** run the bearssl engine until a certain state */ - int m_run_until(const unsigned target); - /** proxy for available that returns the state */ - unsigned m_update_engine(); - /** utility function to find a session index based off of a host and IP */ - int m_get_session_index(const char* host, const IPAddress& addr) const; - - //============================================ - //= Data Members - //============================================ - - // store the pin to fetch an RNG see from - const int m_analog_pin; - // store an index of where a new session can be placed if we don't have any corresponding sessions - size_t m_session_index; - // store whether to enable debug logging - const DebugLevel m_debug; - // store if we are connected in bearssl or not - bool m_is_connected; - // store the context values required for SSL - br_ssl_client_context m_sslctx; - br_x509_minimal_context m_x509ctx; - // use a mono-directional buffer by default to cut memory in half - // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI - // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically - // simply edit this value to change the buffer size to the desired value - // additionally, we need to correct buffer size based off of how many sessions we decide to cache - // since SSL takes so much memory if we don't it will cause the stack and heap to collide - /** - * @brief The internal buffer to use with BearSSL. - * This buffer controls how much data BearSSL can encrypt/decrypt at a given time. It can be expanded - * or shrunk to [255, BR_SSL_BUFSIZE_BIDI], depending on the memory and speed needs of your application. - * As a rule of thumb SSLClient will fail if it does not have at least 8000 bytes when starting a - * connection. - */ - unsigned char m_iobuf[2048]; - // store the index of where we are writing in the buffer - // so we can send our records all at once to prevent - // weird timing issues - size_t m_write_idx; -}; - -#endif /* SSLClientImpl_H_ */ \ No newline at end of file diff --git a/src/SSLSession.cpp b/src/SSLSession.cpp deleted file mode 100644 index 6338ad3..0000000 --- a/src/SSLSession.cpp +++ /dev/null @@ -1,24 +0,0 @@ -#include "SSLSession.h" - -/* See SSLSession.h */ -void SSLSession::set_parameters(const IPAddress& ip, const char* hostname) { - // copy the hostname - if (hostname != NULL) m_hostname = hostname; - // or if there's no hostname, clear the string - else m_hostname = ""; - // and the IP address - m_ip = ip; - // check if both values are valid, and if so set valid to true - if (m_ip != INADDR_NONE && session_id_len > 0 - && (hostname == NULL || m_hostname)) m_valid_session = true; - // else clear - else clear_parameters(); -} - -/* see SSLSession.h */ -void SSLSession::clear_parameters() { - // clear the hostname , ip, and valid session flags - m_hostname = ""; - m_ip = INADDR_NONE; - m_valid_session = false; -} \ No newline at end of file diff --git a/src/SSLSession.h b/src/SSLSession.h index ef6e997..aa413b1 100644 --- a/src/SSLSession.h +++ b/src/SSLSession.h @@ -27,7 +27,6 @@ #include "bearssl.h" #include "Arduino.h" -#include "IPAddress.h" #ifndef SSLSession_H_ #define SSLSession_H_ @@ -57,13 +56,8 @@ public: * * Sets all parameters to zero, and invalidates the session */ - SSLSession() - : m_valid_session(false) - , m_hostname() - , m_ip(INADDR_NONE) {} - - /** @brief use clear_parameters or set_parameters instead */ - SSLSession& operator=(const SSLSession&) = delete; + SSLSession(const char* hostname) + : m_hostname(hostname) {} /** * @brief Get the hostname string associated with this session @@ -75,57 +69,12 @@ public: */ const String& get_hostname() const { return m_hostname; } - /** - * @brief Get ::IPAddress associated with this session - * - * @returns A ::IPAddress object, #INADDR_NONE if there is no IP - * @pre must check isValidSession before getting this value, - * as if this session in invalid this value is not guarenteed - * to be reset to #INADDR_NONE. - */ - const IPAddress& get_ip() const { return m_ip; } - - bool is_valid_session() const { return m_valid_session; } - - /** - * @brief Set the ip address and hostname of the session. - * - * This function stores the ip Address object and hostname object into - * the session object. If hostname is not null or ip address is - * not blank, and the ::br_ssl_session_parameters values are non-zero - * it then validates the session. - * - * @pre You must call - * ::br_ssl_engine_get_session_parameters - * with this session before calling this function. This is because - * there is no way to completely validate the ::br_ssl_session_parameters - * and the session may end up in a corrupted state if this is not observed. - * - * @param ip The IP address of the host associated with the session - * @param hostname The string hostname ("www.google.com") associated with the session. - * Take care that this value is corrent, SSLSession performs no validation - * of the hostname. - */ - void set_parameters(const IPAddress& ip, const char* hostname = NULL); - - /** - * @brief Delete the parameters and invalidate the session. - * - * Roughly equivalent to this_session = SSLSession(), however - * this function preserves the String object, allowing it - * to better handle the dynamic memory needed. - */ - void clear_parameters(); - /** @brief Returns a pointer to the ::br_ssl_session_parameters component of this class. */ br_ssl_session_parameters* to_br_session() { return (br_ssl_session_parameters *)this; } private: - bool m_valid_session; // aparently a hostname has a max length of 256 chars. Go figure. String m_hostname; - // store the IP Address we connected to - IPAddress m_ip; }; diff --git a/src/config.h b/src/config.h index ad4969f..d7c2e19 100644 --- a/src/config.h +++ b/src/config.h @@ -133,8 +133,8 @@ * returned value (a 'time_t') is an integer that counts time in seconds * since the Unix Epoch (Jan 1st, 1970, 00:00 UTC). * -#define BR_USE_UNIX_TIME 1 */ +#define BR_USE_UNIX_TIME 0 /* * When BR_USE_WIN32_TIME is enabled, the X.509 validation engine obtains @@ -143,9 +143,8 @@ * * Note: if both BR_USE_UNIX_TIME and BR_USE_WIN32_TIME are defined, the * former takes precedence. - * -#define BR_USE_WIN32_TIME 1 */ +#define BR_USE_WIN32_TIME 0 /* * When BR_ARMEL_CORTEXM_GCC is enabled, some operations are replaced with From ab9a195124af6ab309784f6055acff4a90a9ff6b Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Thu, 7 Nov 2019 12:10:00 -0800 Subject: [PATCH 030/141] updated doxygen --- docs/html/_s_s_l_client_8cpp.html | 130 ++ docs/html/_s_s_l_client_8cpp.js | 4 + docs/html/_s_s_l_client_8h.html | 27 +- docs/html/_s_s_l_client_8h_source.html | 75 +- docs/html/_s_s_l_session_8h.html | 1 - docs/html/_s_s_l_session_8h_source.html | 13 +- docs/html/annotated.html | 5 +- docs/html/annotated_dup.js | 1 - docs/html/class_s_s_l_client-members.html | 85 +- docs/html/class_s_s_l_client.html | 1080 +++++------------ docs/html/class_s_s_l_client.js | 62 +- docs/html/class_s_s_l_client.png | Bin 861 -> 380 bytes docs/html/class_s_s_l_session-members.html | 11 +- docs/html/class_s_s_l_session.html | 171 +-- docs/html/class_s_s_l_session.js | 7 +- docs/html/classes.html | 8 +- .../dir_68267d1309a1af8e8297ef4c3efbcdba.html | 8 +- .../dir_68267d1309a1af8e8297ef4c3efbcdba.js | 8 +- docs/html/files.html | 18 +- docs/html/functions.html | 180 +-- docs/html/functions_enum.html | 109 ++ docs/html/functions_eval.html | 136 +++ docs/html/functions_func.html | 183 +-- docs/html/globals.html | 84 +- docs/html/globals_defs.html | 3 - docs/html/globals_vars.html | 2 +- docs/html/hierarchy.html | 9 +- docs/html/hierarchy.js | 4 +- docs/html/index.html | 28 +- ...ibraries__s_s_l_client__trust_anchors.html | 4 +- docs/html/menudata.js | 36 +- docs/html/navtreedata.js | 8 +- docs/html/navtreeindex0.js | 208 ++-- docs/html/search/all_0.js | 2 +- docs/html/search/all_1.js | 3 +- docs/html/search/all_10.js | 3 +- docs/html/search/all_11.js | 2 +- docs/html/search/all_3.js | 7 +- docs/html/search/all_4.js | 2 +- docs/html/search/all_5.js | 2 +- docs/html/search/all_6.js | 3 +- docs/html/search/all_7.js | 10 +- docs/html/search/all_8.js | 3 +- docs/html/search/all_9.js | 2 +- docs/html/search/all_a.js | 9 +- docs/html/search/all_b.js | 6 +- docs/html/search/all_c.js | 6 +- docs/html/search/all_d.js | 36 +- docs/html/search/all_e.js | 44 +- docs/html/search/all_f.js | 10 +- docs/html/search/classes_0.js | 1 - docs/html/search/defines_4.js | 3 +- docs/html/search/enums_0.js | 2 +- docs/html/search/enums_1.js | 2 +- docs/html/search/enumvalues_0.js | 22 +- docs/html/search/files_3.js | 4 +- docs/html/search/functions_0.js | 3 +- docs/html/search/functions_2.js | 7 +- docs/html/search/functions_3.js | 3 +- docs/html/search/functions_4.js | 10 +- docs/html/search/functions_5.js | 2 +- docs/html/search/functions_6.js | 2 +- docs/html/search/functions_7.js | 9 +- docs/html/search/functions_8.js | 6 +- docs/html/search/functions_9.js | 6 +- docs/html/search/functions_a.js | 7 +- docs/html/search/functions_b.js | 9 +- docs/html/search/searchdata.js | 4 +- docs/html/search/variables_0.js | 2 +- docs/html/struct_s_s_l_client_parameters.html | 2 +- 70 files changed, 1131 insertions(+), 1833 deletions(-) create mode 100644 docs/html/_s_s_l_client_8cpp.html create mode 100644 docs/html/_s_s_l_client_8cpp.js create mode 100644 docs/html/functions_enum.html create mode 100644 docs/html/functions_eval.html diff --git a/docs/html/_s_s_l_client_8cpp.html b/docs/html/_s_s_l_client_8cpp.html new file mode 100644 index 0000000..2717c69 --- /dev/null +++ b/docs/html/_s_s_l_client_8cpp.html @@ -0,0 +1,130 @@ + + + + + + + +SSLClient: C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLClient.cpp File Reference + + + + + + + + + + + + + + +
          +
          + + + + + + +
          +
          SSLClient +  v1.3.0 +
          +
          Add TLS 1.2 functionality to any network library.
          +
          +
          + + + + + + + +
          +
          + +
          +
          +
          + +
          + +
          +
          + + +
          + +
          + +
          +
          +Variables
          +
          +
          SSLClient.cpp File Reference
          +
          +
          +
          #include "SSLClient.h"
          +
          + + + +

          +Variables

          char * __brkval
           
          +

          Variable Documentation

          + +

          ◆ __brkval

          + +
          +
          + + + + +
          char* __brkval
          +
          + +
          +
          +
          +
          + + + + diff --git a/docs/html/_s_s_l_client_8cpp.js b/docs/html/_s_s_l_client_8cpp.js new file mode 100644 index 0000000..b150c92 --- /dev/null +++ b/docs/html/_s_s_l_client_8cpp.js @@ -0,0 +1,4 @@ +var _s_s_l_client_8cpp = +[ + [ "__brkval", "_s_s_l_client_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56", null ] +]; \ No newline at end of file diff --git a/docs/html/_s_s_l_client_8h.html b/docs/html/_s_s_l_client_8h.html index e4a92cf..dc0f248 100644 --- a/docs/html/_s_s_l_client_8h.html +++ b/docs/html/_s_s_l_client_8h.html @@ -88,46 +88,25 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8h.html','');});
          -Classes | -Macros
          +Classes
          SSLClient.h File Reference
          #include "Client.h"
          -#include "SSLClientImpl.h"
          #include "SSLSession.h"
          #include "SSLClientParameters.h"
          #include "SSLObj.h"
          +#include <vector>

          Go to the source code of this file.

          - + -

          Classes

          class  SSLClient< C, SessionCache >
          class  SSLClient
           The main SSLClient class. Check out README.md for more info. More...
           
          - - -

          -Macros

          #define SSLClient_H_
           
          -

          Macro Definition Documentation

          - -

          ◆ SSLClient_H_

          - -
          -
          - - - - -
          #define SSLClient_H_
          -
          - -
          -
          diff --git a/docs/html/_s_s_l_client_8h_source.html b/docs/html/_s_s_l_client_8h_source.html index ca4b889..a4e47ee 100644 --- a/docs/html/_s_s_l_client_8h_source.html +++ b/docs/html/_s_s_l_client_8h_source.html @@ -91,55 +91,40 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8h_source.html','');});
          SSLClient.h
          -Go to the documentation of this file.
          1 /* Copyright 2019 OSU OPEnS Lab
          2  *
          3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
          4  * software and associated documentation files (the "Software"), to deal in the Software
          5  * without restriction, including without limitation the rights to use, copy, modify,
          6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
          7  * permit persons to whom the Software is furnished to do so, subject to the following
          8  * conditions:
          9  *
          10  * The above copyright notice and this permission notice shall be included in all
          11  * copies or substantial portions of the Software.
          12  *
          13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
          14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
          15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
          16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
          17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
          18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
          19  */
          20 
          21 #include "Client.h"
          22 #include "SSLClientImpl.h"
          23 #include "SSLSession.h"
          24 #include "SSLClientParameters.h"
          25 #include "SSLObj.h"
          26 
          27 #ifndef SSLClient_H_
          28 #define SSLClient_H_
          29 
          35 template <class C, size_t SessionCache = 1>
          36 class SSLClient : public SSLClientImpl {
          37 /*
          38  * static checks
          39  * I'm a java developer, so I want to ensure that my inheritance is safe.
          40  * These checks ensure that all the functions we use on class C are
          41  * actually present on class C. It does this by checking that the
          42  * class inherits from Client.
          43  *
          44  * Additionally, I ran into a lot of memory issues with large sessions caches.
          45  * Since each session contains at max 352 bytes of memory, they eat of the
          46  * stack quite quickly and can cause overflows. As a result, I have added a
          47  * warning here to discourage the use of more than 3 sessions at a time. Any
          48  * amount past that will require special modification of this library, and
          49  * assumes you know what you are doing.
          50  */
          51 static_assert(SessionCache > 0 && SessionCache < 255, "There can be no less than one and no more than 255 sessions in the cache!");
          52 static_assert(SessionCache <= 3, "You need to decrease the size of m_iobuf in order to have more than 3 sessions at once, otherwise memory issues will occur.");
          53 
          54 public:
          72  explicit SSLClient( const C& client,
          73  const br_x509_trust_anchor *trust_anchors,
          74  const size_t trust_anchors_num,
          75  const int analog_pin,
          76  const DebugLevel debug = SSL_WARN)
          77  : SSLClientImpl(trust_anchors, trust_anchors_num, analog_pin, debug)
          78  , m_client(client)
          79  , m_sessions{}
          80  {
          81  // set the timeout to a reasonable number (it can always be changes later)
          82  // SSL Connections take a really long time so we don't want to time out a legitimate thing
          83  setTimeout(30 * 1000);
          84  }
          85 
          86  //========================================
          87  //= Functions implemented in SSLClientImpl
          88  //========================================
          89 
          129  int connect(IPAddress ip, uint16_t port) override { return connect_impl(ip, port); }
          130 
          167  int connect(const char *host, uint16_t port) override { return connect_impl(host, port); }
          168 
          170  size_t write(uint8_t b) override { return write_impl(&b, 1); }
          194  size_t write(const uint8_t *buf, size_t size) override { return write_impl(buf, size); }
          195 
          214  int available() override { return available_impl(); }
          215 
          220  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
          242  int read(uint8_t *buf, size_t size) override { return read_impl(buf, size); }
          243 
          252  int peek() override { return peek_impl(); }
          253 
          261  void flush() override { return flush_impl(); }
          262 
          271  void stop() override { return stop_impl(); }
          272 
          286  uint8_t connected() override { return connected_impl(); }
          287 
          288  //========================================
          289  //= Functions Not in the Client Interface
          290  //========================================
          291 
          300  void setMutualAuthParams(const SSLClientParameters* params) { return set_mutual_impl(params); }
          301 
          316  SSLSession& getSession(const char* host, const IPAddress& addr) { return get_session_impl(host, addr); }
          317 
          326  void removeSession(const char* host, const IPAddress& addr) { return remove_session_impl(host, addr); }
          327 
          333  size_t getSessionCount() const override { return SessionCache; }
          334 
          340  operator bool() { return connected() > 0; }
          342  bool operator==(const bool value) { return bool() == value; }
          344  bool operator!=(const bool value) { return bool() != value; }
          346  bool operator==(const C& rhs) { return m_client == rhs; }
          348  bool operator!=(const C& rhs) { return m_client != rhs; }
          350  uint16_t localPort() override { return m_client.localPort(); }
          352  IPAddress remoteIP() override { return m_client.remoteIP(); }
          354  uint16_t remotePort() override { return m_client.remotePort(); }
          355 
          357  C& getClient() { return m_client; }
          358 
          359 protected:
          361  Client& get_arduino_client() override { return m_client; }
          362  const Client& get_arduino_client() const override { return m_client; }
          364  SSLSession* get_session_array() override { return m_sessions; }
          365  const SSLSession* get_session_array() const override { return m_sessions; }
          366 
          367 private:
          368  // create a copy of the client
          369  C m_client;
          370  // also store an array of SSLSessions, so we can resume communication with multiple websites
          371  SSLSession m_sessions[SessionCache];
          372 };
          373 
          374 #endif
          SSLClient::setMutualAuthParams
          void setMutualAuthParams(const SSLClientParameters *params)
          Add a client certificate and enable support for mutual auth.
          Definition: SSLClient.h:300
          -
          SSLClientImpl::write_impl
          size_t write_impl(const uint8_t *buf, size_t size)
          Definition: SSLClientImpl.cpp:130
          -
          SSLClient::get_session_array
          const SSLSession * get_session_array() const override
          Definition: SSLClient.h:365
          -
          SSLClient::remoteIP
          IPAddress remoteIP() override
          Returns the remote IP, if C::remoteIP exists.
          Definition: SSLClient.h:352
          -
          SSLClient::write
          size_t write(uint8_t b) override
          Definition: SSLClient.h:170
          -
          SSL_WARN
          Definition: SSLClientImpl.h:66
          -
          SSLClientImpl::get_session_impl
          SSLSession & get_session_impl(const char *host, const IPAddress &addr)
          Definition: SSLClientImpl.cpp:286
          -
          SSLSession
          This class stores values which allow SSLClient to save and resume SSL sessions.
          Definition: SSLSession.h:52
          -
          SSLClient::operator!=
          bool operator!=(const C &rhs)
          Returns whether or not two SSLClient objects do not have the same underlying client object.
          Definition: SSLClient.h:348
          -
          SSLClient::available
          int available() override
          Returns the number of bytes available to read from the data that has been received and decrypted.
          Definition: SSLClient.h:214
          -
          SSLClient::getClient
          C & getClient()
          Returns a reference to the client object stored in this class. Take care not to break it.
          Definition: SSLClient.h:357
          -
          SSLClientImpl::peek_impl
          int peek_impl()
          Definition: SSLClientImpl.cpp:209
          +Go to the documentation of this file.
          1 /* Copyright 2019 OSU OPEnS Lab
          2  *
          3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
          4  * software and associated documentation files (the "Software"), to deal in the Software
          5  * without restriction, including without limitation the rights to use, copy, modify,
          6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
          7  * permit persons to whom the Software is furnished to do so, subject to the following
          8  * conditions:
          9  *
          10  * The above copyright notice and this permission notice shall be included in all
          11  * copies or substantial portions of the Software.
          12  *
          13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
          14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
          15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
          16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
          17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
          18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
          19  */
          20 
          21 #include "Client.h"
          22 #include "SSLSession.h"
          23 #include "SSLClientParameters.h"
          24 #include "SSLObj.h"
          25 #include <vector>
          26 
          27 #ifndef SSLClient_H_
          28 #define SSLClient_H_
          29 
          35 class SSLClient : public Client {
          36 public:
          45  enum Error {
          46  SSL_OK = 0,
          48  SSL_CLIENT_CONNECT_FAIL,
          50  SSL_BR_CONNECT_FAIL,
          52  SSL_CLIENT_WRTIE_ERROR,
          54  SSL_BR_WRITE_ERROR,
          56  SSL_INTERNAL_ERROR,
          58  SSL_OUT_OF_MEMORY
          59  };
          60 
          67  enum DebugLevel {
          69  SSL_NONE = 0,
          71  SSL_ERROR = 1,
          73  SSL_WARN = 2,
          75  SSL_INFO = 3,
          76  };
          77 
          95  explicit SSLClient( Client& client,
          96  const br_x509_trust_anchor *trust_anchors,
          97  const size_t trust_anchors_num,
          98  const int analog_pin,
          99  const size_t max_sessions = 1,
          100  const DebugLevel debug = SSL_WARN);
          101 
          102  //========================================
          103  //= Functions implemented in SSLClient.cpp
          104  //========================================
          105 
          145  int connect(IPAddress ip, uint16_t port) override;
          146 
          183  int connect(const char *host, uint16_t port) override;
          184 
          208  size_t write(const uint8_t *buf, size_t size) override;
          210  size_t write(uint8_t b) override { return write(&b, 1); }
          211 
          230  int available() override;
          231 
          253  int read(uint8_t *buf, size_t size) override;
          258  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
          259 
          268  int peek() override;
          269 
          277  void flush() override;
          278 
          287  void stop() override;
          288 
          302  uint8_t connected() override;
          303 
          304  //========================================
          305  //= Functions Not in the Client Interface
          306  //========================================
          307 
          316  void setMutualAuthParams(const SSLClientParameters* params);
          317 
          332  SSLSession* getSession(const char* host);
          333 
          342  void removeSession(const char* host);
          343 
          349  size_t getSessionCount() const { return m_sessions.size(); }
          350 
          356  operator bool() { return connected() > 0; }
          357 
          359  Client& getClient() { return m_client; }
          360 
          361 private:
          363  Client& get_arduino_client() { return m_client; }
          364  const Client& get_arduino_client() const { return m_client; }
          365 
          367  bool m_soft_connected(const char* func_name);
          369  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
          371  int m_run_until(const unsigned target);
          373  unsigned m_update_engine();
          375  int m_get_session_index(const char* host) const;
          376 
          378  void m_print_prefix(const char* func_name, const DebugLevel level) const;
          379 
          381  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
          382 
          384  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
          385 
          387  template<typename T>
          388  void m_print(const T str, const char* func_name, const DebugLevel level) const {
          389  // check the current debug level and serial status
          390  if (level > m_debug || !Serial) return;
          391  // print prefix
          392  m_print_prefix(func_name, level);
          393  // print the message
          394  Serial.println(str);
          395  }
          396 
          398  template<typename T>
          399  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
          400 
          401  template<typename T>
          402  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
          403 
          404  template<typename T>
          405  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
          406 
          407  //============================================
          408  //= Data Members
          409  //============================================
          410  // create a copy of the client
          411  Client& m_client;
          412  // also store an array of SSLSessions, so we can resume communication with multiple websites
          413  std::vector<SSLSession> m_sessions;
          414  // as well as the maximmum number of sessions we can store
          415  const size_t m_max_sessions;
          416  // store the pin to fetch an RNG see from
          417  const int m_analog_pin;
          418  // store whether to enable debug logging
          419  const DebugLevel m_debug;
          420  // store if we are connected in bearssl or not
          421  bool m_is_connected;
          422  // store the context values required for SSL
          423  br_ssl_client_context m_sslctx;
          424  br_x509_minimal_context m_x509ctx;
          425  // use a mono-directional buffer by default to cut memory in half
          426  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
          427  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
          428  // simply edit this value to change the buffer size to the desired value
          429  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
          430  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
          438  unsigned char m_iobuf[2048];
          439  // store the index of where we are writing in the buffer
          440  // so we can send our records all at once to prevent
          441  // weird timing issues
          442  size_t m_write_idx;
          443 };
          444 
          445 #endif
          SSLClient::connected
          uint8_t connected() override
          Check if the device is connected.
          Definition: SSLClient.cpp:255
          +
          SSLClient::SSL_OUT_OF_MEMORY
          Definition: SSLClient.h:58
          +
          SSLSession
          This class stores values which allow SSLClient to save and resume SSL sessions.
          Definition: SSLSession.h:51
          +
          SSLClient::SSL_CLIENT_CONNECT_FAIL
          Definition: SSLClient.h:48
          +
          SSLClient::SSL_INFO
          Definition: SSLClient.h:75
          +
          SSLClient::SSL_BR_WRITE_ERROR
          Definition: SSLClient.h:54
          +
          SSLClient::SSLClient
          SSLClient(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)
          Initialize SSLClient with all of the prerequisites needed.
          Definition: SSLClient.cpp:55
          +
          SSLClient::flush
          void flush() override
          Force writing the buffered bytes from SSLClient::write to the network.
          Definition: SSLClient.cpp:222
          +
          SSLClient::getSession
          SSLSession * getSession(const char *host)
          Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
          Definition: SSLClient.cpp:286
          SSLClientParameters
          This struct stores data required for SSLClient to use mutual authentication.
          Definition: SSLClientParameters.h:52
          -
          SSLClient::flush
          void flush() override
          Force writing the buffered bytes from SSLClient::write to the network.
          Definition: SSLClient.h:261
          -
          SSLClient
          The main SSLClient class. Check out README.md for more info.
          Definition: SSLClient.h:36
          -
          SSLClient::operator!=
          bool operator!=(const bool value)
          Definition: SSLClient.h:344
          -
          SSLClient::stop
          void stop() override
          Close the connection.
          Definition: SSLClient.h:271
          -
          SSLClient::write
          size_t write(const uint8_t *buf, size_t size) override
          Write some bytes to the SSL connection.
          Definition: SSLClient.h:194
          -
          SSLClient::SSLClient
          SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)
          Initialize SSLClient with all of the prerequisites needed.
          Definition: SSLClient.h:72
          -
          SSLClient::peek
          int peek() override
          View the first byte of the buffer, without removing it from the SSLClient Buffer.
          Definition: SSLClient.h:252
          -
          SSLClientImpl::available_impl
          int available_impl()
          Definition: SSLClientImpl.cpp:173
          -
          SSLClient::operator==
          bool operator==(const C &rhs)
          Returns whether or not two SSLClient objects have the same underlying client object.
          Definition: SSLClient.h:346
          -
          SSLClientImpl::read_impl
          int read_impl(uint8_t *buf, size_t size)
          Definition: SSLClientImpl.cpp:194
          -
          SSLClient::get_session_array
          SSLSession * get_session_array() override
          Returns an instance of the session array that is on the stack.
          Definition: SSLClient.h:364
          -
          SSLClientImpl::remove_session_impl
          void remove_session_impl(const char *host, const IPAddress &addr)
          Definition: SSLClientImpl.cpp:305
          -
          SSLClient::get_arduino_client
          Client & get_arduino_client() override
          Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl.
          Definition: SSLClient.h:361
          -
          SSLClient::localPort
          uint16_t localPort() override
          Returns the local port, if C::localPort exists.
          Definition: SSLClient.h:350
          -
          SSLClientImpl.h
          -
          SSLClientImpl::set_mutual_impl
          void set_mutual_impl(const SSLClientParameters *params)
          Definition: SSLClientImpl.cpp:316
          -
          SSLClient::read
          int read() override
          Read a single byte, or -1 if none is available.
          Definition: SSLClient.h:220
          +
          SSLClient::setMutualAuthParams
          void setMutualAuthParams(const SSLClientParameters *params)
          Add a client certificate and enable support for mutual auth.
          Definition: SSLClient.cpp:310
          +
          SSLClient::available
          int available() override
          Returns the number of bytes available to read from the data that has been received and decrypted.
          Definition: SSLClient.cpp:174
          +
          SSLClient
          The main SSLClient class. Check out README.md for more info.
          Definition: SSLClient.h:35
          +
          SSLClient::SSL_WARN
          Definition: SSLClient.h:73
          +
          SSLClient::stop
          void stop() override
          Close the connection.
          Definition: SSLClient.cpp:228
          +
          SSLClient::SSL_ERROR
          Definition: SSLClient.h:71
          +
          SSLClient::connect
          int connect(IPAddress ip, uint16_t port) override
          Connect over SSL to a host specified by an IP address.
          Definition: SSLClient.cpp:82
          +
          SSLClient::write
          size_t write(const uint8_t *buf, size_t size) override
          Write some bytes to the SSL connection.
          Definition: SSLClient.cpp:131
          +
          SSLClient::read
          int read() override
          Read a single byte, or -1 if none is available.
          Definition: SSLClient.h:258
          +
          SSLClient::Error
          Error
          Static constants defining the possible errors encountered.
          Definition: SSLClient.h:45
          +
          SSLClient::SSL_CLIENT_WRTIE_ERROR
          Definition: SSLClient.h:52
          +
          SSLClient::DebugLevel
          DebugLevel
          Level of verbosity used in logging for SSLClient.
          Definition: SSLClient.h:67
          +
          SSLClient::getSessionCount
          size_t getSessionCount() const
          Get the maximum number of SSL sessions that can be stored at once.
          Definition: SSLClient.h:349
          +
          SSLClient::peek
          int peek() override
          View the first byte of the buffer, without removing it from the SSLClient Buffer.
          Definition: SSLClient.cpp:210
          SSLClientParameters.h
          -
          SSLClient::connected
          uint8_t connected() override
          Check if the device is connected.
          Definition: SSLClient.h:286
          +
          SSLClient::SSL_BR_CONNECT_FAIL
          Definition: SSLClient.h:50
          SSLSession.h
          -
          SSLClient::get_arduino_client
          const Client & get_arduino_client() const override
          Definition: SSLClient.h:362
          -
          SSLClient::connect
          int connect(const char *host, uint16_t port) override
          Connect over SSL to a host specified by a hostname.
          Definition: SSLClient.h:167
          -
          SSLClient::operator==
          bool operator==(const bool value)
          Definition: SSLClient.h:342
          -
          SSLClient::remotePort
          uint16_t remotePort() override
          Returns the remote port, if C::remotePort exists. Else return 0.
          Definition: SSLClient.h:354
          -
          SSLClientImpl::connect_impl
          int connect_impl(IPAddress ip, uint16_t port)
          Definition: SSLClientImpl.cpp:73
          -
          SSLClient::getSessionCount
          size_t getSessionCount() const override
          Get the maximum number of SSL sessions that can be stored at once.
          Definition: SSLClient.h:333
          -
          SSLClientImpl::stop_impl
          void stop_impl()
          Definition: SSLClientImpl.cpp:227
          -
          SSLClientImpl::flush_impl
          void flush_impl()
          Definition: SSLClientImpl.cpp:221
          +
          SSLClient::write
          size_t write(uint8_t b) override
          Definition: SSLClient.h:210
          +
          SSLClient::getClient
          Client & getClient()
          Returns a reference to the client object stored in this class. Take care not to break it.
          Definition: SSLClient.h:359
          +
          SSLClient::removeSession
          void removeSession(const char *host)
          Clear the session corresponding to a host and IP.
          Definition: SSLClient.cpp:299
          SSLObj.h
          -
          SSLClientImpl
          Implementation code to be inherited by SSLClient.
          Definition: SSLClientImpl.h:72
          -
          SSLClient::removeSession
          void removeSession(const char *host, const IPAddress &addr)
          Clear the session corresponding to a host and IP.
          Definition: SSLClient.h:326
          -
          SSLClientImpl::connected_impl
          uint8_t connected_impl()
          Definition: SSLClientImpl.cpp:255
          -
          SSLClient::getSession
          SSLSession & getSession(const char *host, const IPAddress &addr)
          Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
          Definition: SSLClient.h:316
          -
          DebugLevel
          DebugLevel
          Level of verbosity used in logging for SSLClient.
          Definition: SSLClientImpl.h:60
          -
          SSLClient::read
          int read(uint8_t *buf, size_t size) override
          Read size bytes from the SSL client buffer, copying them into *buf, and return the number of bytes re...
          Definition: SSLClient.h:242
          -
          SSLClient::connect
          int connect(IPAddress ip, uint16_t port) override
          Connect over SSL to a host specified by an IP address.
          Definition: SSLClient.h:129
          +
          SSLClient::SSL_NONE
          Definition: SSLClient.h:69
          +
          SSLClient::SSL_OK
          Definition: SSLClient.h:46
          +
          SSLClient::SSL_INTERNAL_ERROR
          Definition: SSLClient.h:56
          diff --git a/docs/html/_s_s_l_session_8h.html b/docs/html/_s_s_l_session_8h.html index e0dbc53..086efc4 100644 --- a/docs/html/_s_s_l_session_8h.html +++ b/docs/html/_s_s_l_session_8h.html @@ -95,7 +95,6 @@ $(document).ready(function(){initNavTree('_s_s_l_session_8h.html','');});
          #include "bearssl.h"
          #include "Arduino.h"
          -#include "IPAddress.h"

          Go to the source code of this file.

          diff --git a/docs/html/_s_s_l_session_8h_source.html b/docs/html/_s_s_l_session_8h_source.html index 1a0730f..d70c2ba 100644 --- a/docs/html/_s_s_l_session_8h_source.html +++ b/docs/html/_s_s_l_session_8h_source.html @@ -91,15 +91,10 @@ $(document).ready(function(){initNavTree('_s_s_l_session_8h_source.html','');});
          SSLSession.h
          -Go to the documentation of this file.
          1 /* Copyright 2019 OSU OPEnS Lab
          2  *
          3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
          4  * software and associated documentation files (the "Software"), to deal in the Software
          5  * without restriction, including without limitation the rights to use, copy, modify,
          6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
          7  * permit persons to whom the Software is furnished to do so, subject to the following
          8  * conditions:
          9  *
          10  * The above copyright notice and this permission notice shall be included in all
          11  * copies or substantial portions of the Software.
          12  *
          13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
          14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
          15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
          16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
          17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
          18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
          19  */
          20 
          28 #include "bearssl.h"
          29 #include "Arduino.h"
          30 #include "IPAddress.h"
          31 
          32 #ifndef SSLSession_H_
          33 #define SSLSession_H_
          34 
          52 class SSLSession : public br_ssl_session_parameters {
          53 
          54 public:
          60  SSLSession()
          61  : m_valid_session(false)
          62  , m_hostname()
          63  , m_ip(INADDR_NONE) {}
          64 
          66  SSLSession& operator=(const SSLSession&) = delete;
          67 
          76  const String& get_hostname() const { return m_hostname; }
          77 
          86  const IPAddress& get_ip() const { return m_ip; }
          87 
          88  bool is_valid_session() const { return m_valid_session; }
          89 
          109  void set_parameters(const IPAddress& ip, const char* hostname = NULL);
          110 
          118  void clear_parameters();
          119 
          121  br_ssl_session_parameters* to_br_session() { return (br_ssl_session_parameters *)this; }
          122 
          123 private:
          124  bool m_valid_session;
          125  // aparently a hostname has a max length of 256 chars. Go figure.
          126  String m_hostname;
          127  // store the IP Address we connected to
          128  IPAddress m_ip;
          129 };
          130 
          131 
          132 
          133 #endif /* SSLSession_H_ */
          SSLSession
          This class stores values which allow SSLClient to save and resume SSL sessions.
          Definition: SSLSession.h:52
          -
          SSLSession::to_br_session
          br_ssl_session_parameters * to_br_session()
          Returns a pointer to the ::br_ssl_session_parameters component of this class.
          Definition: SSLSession.h:121
          -
          SSLSession::set_parameters
          void set_parameters(const IPAddress &ip, const char *hostname=NULL)
          Set the ip address and hostname of the session.
          Definition: SSLSession.cpp:4
          -
          SSLSession::clear_parameters
          void clear_parameters()
          Delete the parameters and invalidate the session.
          Definition: SSLSession.cpp:19
          -
          SSLSession::is_valid_session
          bool is_valid_session() const
          Definition: SSLSession.h:88
          -
          SSLSession::operator=
          SSLSession & operator=(const SSLSession &)=delete
          use clear_parameters or set_parameters instead
          -
          SSLSession::get_ip
          const IPAddress & get_ip() const
          Get ::IPAddress associated with this session.
          Definition: SSLSession.h:86
          -
          SSLSession::SSLSession
          SSLSession()
          SSLSession constructor.
          Definition: SSLSession.h:60
          -
          SSLSession::get_hostname
          const String & get_hostname() const
          Get the hostname string associated with this session.
          Definition: SSLSession.h:76
          +Go to the documentation of this file.
          1 /* Copyright 2019 OSU OPEnS Lab
          2  *
          3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
          4  * software and associated documentation files (the "Software"), to deal in the Software
          5  * without restriction, including without limitation the rights to use, copy, modify,
          6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
          7  * permit persons to whom the Software is furnished to do so, subject to the following
          8  * conditions:
          9  *
          10  * The above copyright notice and this permission notice shall be included in all
          11  * copies or substantial portions of the Software.
          12  *
          13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
          14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
          15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
          16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
          17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
          18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
          19  */
          20 
          28 #include "bearssl.h"
          29 #include "Arduino.h"
          30 
          31 #ifndef SSLSession_H_
          32 #define SSLSession_H_
          33 
          51 class SSLSession : public br_ssl_session_parameters {
          52 
          53 public:
          59  SSLSession(const char* hostname)
          60  : m_hostname(hostname) {}
          61 
          70  const String& get_hostname() const { return m_hostname; }
          71 
          73  br_ssl_session_parameters* to_br_session() { return (br_ssl_session_parameters *)this; }
          74 
          75 private:
          76  // aparently a hostname has a max length of 256 chars. Go figure.
          77  String m_hostname;
          78 };
          79 
          80 
          81 
          82 #endif /* SSLSession_H_ */
          SSLSession
          This class stores values which allow SSLClient to save and resume SSL sessions.
          Definition: SSLSession.h:51
          +
          SSLSession::to_br_session
          br_ssl_session_parameters * to_br_session()
          Returns a pointer to the ::br_ssl_session_parameters component of this class.
          Definition: SSLSession.h:73
          +
          SSLSession::SSLSession
          SSLSession(const char *hostname)
          SSLSession constructor.
          Definition: SSLSession.h:59
          +
          SSLSession::get_hostname
          const String & get_hostname() const
          Get the hostname string associated with this session.
          Definition: SSLSession.h:70
          diff --git a/docs/html/annotated.html b/docs/html/annotated.html index 3ddfa8e..cfc7655 100644 --- a/docs/html/annotated.html +++ b/docs/html/annotated.html @@ -95,9 +95,8 @@ $(document).ready(function(){initNavTree('annotated.html','');});
          - - - + +
           Cssl_pem_decode_state
           CSSLClientThe main SSLClient class. Check out README.md for more info
           CSSLClientImplImplementation code to be inherited by SSLClient
           CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication
           CSSLSessionThis class stores values which allow SSLClient to save and resume SSL sessions
           CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication
           CSSLSessionThis class stores values which allow SSLClient to save and resume SSL sessions
          diff --git a/docs/html/annotated_dup.js b/docs/html/annotated_dup.js index 72e17b0..997b666 100644 --- a/docs/html/annotated_dup.js +++ b/docs/html/annotated_dup.js @@ -2,7 +2,6 @@ var annotated_dup = [ [ "ssl_pem_decode_state", "structssl__pem__decode__state.html", "structssl__pem__decode__state" ], [ "SSLClient", "class_s_s_l_client.html", "class_s_s_l_client" ], - [ "SSLClientImpl", "class_s_s_l_client_impl.html", "class_s_s_l_client_impl" ], [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", "struct_s_s_l_client_parameters" ], [ "SSLSession", "class_s_s_l_session.html", "class_s_s_l_session" ] ]; \ No newline at end of file diff --git a/docs/html/class_s_s_l_client-members.html b/docs/html/class_s_s_l_client-members.html index 0981301..2927210 100644 --- a/docs/html/class_s_s_l_client-members.html +++ b/docs/html/class_s_s_l_client-members.html @@ -88,62 +88,43 @@ $(document).ready(function(){initNavTree('class_s_s_l_client.html','');});
          -
          SSLClient< C, SessionCache > Member List
          +
          SSLClient Member List
          -

          This is the complete list of members for SSLClient< C, SessionCache >, including all inherited members.

          +

          This is the complete list of members for SSLClient, including all inherited members.

          - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
          available() overrideSSLClient< C, SessionCache >inline
          available_impl()SSLClientImpl
          connect(IPAddress ip, uint16_t port) overrideSSLClient< C, SessionCache >inline
          connect(const char *host, uint16_t port) overrideSSLClient< C, SessionCache >inline
          connect_impl(IPAddress ip, uint16_t port)SSLClientImpl
          connect_impl(const char *host, uint16_t port)SSLClientImpl
          connected() overrideSSLClient< C, SessionCache >inline
          connected_impl()SSLClientImpl
          flush() overrideSSLClient< C, SessionCache >inline
          flush_impl()SSLClientImpl
          get_arduino_client() overrideSSLClient< C, SessionCache >inlineprotectedvirtual
          get_arduino_client() const overrideSSLClient< C, SessionCache >inlineprotectedvirtual
          get_session_array() overrideSSLClient< C, SessionCache >inlineprotectedvirtual
          get_session_array() const overrideSSLClient< C, SessionCache >inlineprotectedvirtual
          get_session_impl(const char *host, const IPAddress &addr)SSLClientImpl
          getClient()SSLClient< C, SessionCache >inline
          getSession(const char *host, const IPAddress &addr)SSLClient< C, SessionCache >inline
          getSessionCount() const overrideSSLClient< C, SessionCache >inlinevirtual
          localPort() overrideSSLClient< C, SessionCache >inlinevirtual
          m_error(const T str, const char *func_name) constSSLClientImplinlineprotected
          m_info(const T str, const char *func_name) constSSLClientImplinlineprotected
          m_print(const T str, const char *func_name, const DebugLevel level) constSSLClientImplinlineprotected
          m_print_br_error(const unsigned br_error_code, const DebugLevel level) constSSLClientImplprotected
          m_print_prefix(const char *func_name, const DebugLevel level) constSSLClientImplprotected
          m_print_ssl_error(const int ssl_error, const DebugLevel level) constSSLClientImplprotected
          m_warn(const T str, const char *func_name) constSSLClientImplinlineprotected
          operator bool()SSLClient< C, SessionCache >inline
          operator!=(const bool value)SSLClient< C, SessionCache >inline
          operator!=(const C &rhs)SSLClient< C, SessionCache >inline
          operator==(const bool value)SSLClient< C, SessionCache >inline
          operator==(const C &rhs)SSLClient< C, SessionCache >inline
          peek() overrideSSLClient< C, SessionCache >inline
          peek_impl()SSLClientImpl
          read() overrideSSLClient< C, SessionCache >inline
          read(uint8_t *buf, size_t size) overrideSSLClient< C, SessionCache >inline
          read_impl(uint8_t *buf, size_t size)SSLClientImpl
          remoteIP() overrideSSLClient< C, SessionCache >inlinevirtual
          remotePort() overrideSSLClient< C, SessionCache >inlinevirtual
          remove_session_impl(const char *host, const IPAddress &addr)SSLClientImpl
          removeSession(const char *host, const IPAddress &addr)SSLClient< C, SessionCache >inline
          set_mutual_impl(const SSLClientParameters *params)SSLClientImpl
          setMutualAuthParams(const SSLClientParameters *params)SSLClient< C, SessionCache >inline
          SSLClient(const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)SSLClient< C, SessionCache >inlineexplicit
          SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)SSLClientImplexplicit
          SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)SSLClientImplexplicit
          stop() overrideSSLClient< C, SessionCache >inline
          stop_impl()SSLClientImpl
          write(uint8_t b) overrideSSLClient< C, SessionCache >inline
          write(const uint8_t *buf, size_t size) overrideSSLClient< C, SessionCache >inline
          write_impl(const uint8_t *buf, size_t size)SSLClientImpl
          available() overrideSSLClient
          connect(IPAddress ip, uint16_t port) overrideSSLClient
          connect(const char *host, uint16_t port) overrideSSLClient
          connected() overrideSSLClient
          DebugLevel enum nameSSLClient
          Error enum nameSSLClient
          flush() overrideSSLClient
          getClient()SSLClientinline
          getSession(const char *host)SSLClient
          getSessionCount() constSSLClientinline
          operator bool()SSLClientinline
          peek() overrideSSLClient
          read(uint8_t *buf, size_t size) overrideSSLClient
          read() overrideSSLClientinline
          removeSession(const char *host)SSLClient
          setMutualAuthParams(const SSLClientParameters *params)SSLClient
          SSL_BR_CONNECT_FAIL enum valueSSLClient
          SSL_BR_WRITE_ERROR enum valueSSLClient
          SSL_CLIENT_CONNECT_FAIL enum valueSSLClient
          SSL_CLIENT_WRTIE_ERROR enum valueSSLClient
          SSL_ERROR enum valueSSLClient
          SSL_INFO enum valueSSLClient
          SSL_INTERNAL_ERROR enum valueSSLClient
          SSL_NONE enum valueSSLClient
          SSL_OK enum valueSSLClient
          SSL_OUT_OF_MEMORY enum valueSSLClient
          SSL_WARN enum valueSSLClient
          SSLClient(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)SSLClientexplicit
          stop() overrideSSLClient
          write(const uint8_t *buf, size_t size) overrideSSLClient
          write(uint8_t b) overrideSSLClientinline
          diff --git a/docs/html/class_s_s_l_client.html b/docs/html/class_s_s_l_client.html index 44b769d..1e4fddb 100644 --- a/docs/html/class_s_s_l_client.html +++ b/docs/html/class_s_s_l_client.html @@ -5,7 +5,7 @@ -SSLClient: SSLClient< C, SessionCache > Class Template Reference +SSLClient: SSLClient Class Reference @@ -88,11 +88,11 @@ $(document).ready(function(){initNavTree('class_s_s_l_client.html','');});
          +Public Types | Public Member Functions | -Protected Member Functions | List of all members
          -
          SSLClient< C, SessionCache > Class Template Reference
          +
          SSLClient Class Reference
          @@ -101,177 +101,167 @@ $(document).ready(function(){initNavTree('class_s_s_l_client.html','');});

          #include <SSLClient.h>

          -Inheritance diagram for SSLClient< C, SessionCache >:
          +Inheritance diagram for SSLClient:
          - - -SSLClientImpl - -
          + + + + + + + + + +

          +Public Types

          enum  Error {
          +  SSL_OK = 0, +SSL_CLIENT_CONNECT_FAIL, +SSL_BR_CONNECT_FAIL, +SSL_CLIENT_WRTIE_ERROR, +
          +  SSL_BR_WRITE_ERROR, +SSL_INTERNAL_ERROR, +SSL_OUT_OF_MEMORY +
          + }
           Static constants defining the possible errors encountered. More...
           
          enum  DebugLevel { SSL_NONE = 0, +SSL_ERROR = 1, +SSL_WARN = 2, +SSL_INFO = 3 + }
           Level of verbosity used in logging for SSLClient. More...
           
          - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

          Public Member Functions

           SSLClient (const C &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug=SSL_WARN)
           Initialize SSLClient with all of the prerequisites needed. More...
           
          int connect (IPAddress ip, uint16_t port) override
           Connect over SSL to a host specified by an IP address. More...
           
          int connect (const char *host, uint16_t port) override
           Connect over SSL to a host specified by a hostname. More...
           
          size_t write (uint8_t b) override
           
          size_t write (const uint8_t *buf, size_t size) override
           Write some bytes to the SSL connection. More...
           
          int available () override
           Returns the number of bytes available to read from the data that has been received and decrypted. More...
           
          int read () override
           Read a single byte, or -1 if none is available. More...
           
          int read (uint8_t *buf, size_t size) override
           Read size bytes from the SSL client buffer, copying them into *buf, and return the number of bytes read. More...
           
          int peek () override
           View the first byte of the buffer, without removing it from the SSLClient Buffer. More...
           
          void flush () override
           Force writing the buffered bytes from SSLClient::write to the network. More...
           
          void stop () override
           Close the connection. More...
           
          uint8_t connected () override
           Check if the device is connected. More...
           
          void setMutualAuthParams (const SSLClientParameters *params)
           Add a client certificate and enable support for mutual auth. More...
           
          SSLSessiongetSession (const char *host, const IPAddress &addr)
           Gets a session reference corresponding to a host and IP, or a reference to a empty session if none exist. More...
           
          void removeSession (const char *host, const IPAddress &addr)
           Clear the session corresponding to a host and IP. More...
           
          size_t getSessionCount () const override
           Get the maximum number of SSL sessions that can be stored at once. More...
           
           operator bool ()
           Equivalent to SSLClient::connected() > 0. More...
           
          bool operator== (const bool value)
           
          bool operator!= (const bool value)
           
          bool operator== (const C &rhs)
           Returns whether or not two SSLClient objects have the same underlying client object. More...
           
          bool operator!= (const C &rhs)
           Returns whether or not two SSLClient objects do not have the same underlying client object. More...
           
          uint16_t localPort () override
           Returns the local port, if C::localPort exists. More...
           
          IPAddress remoteIP () override
           Returns the remote IP, if C::remoteIP exists. More...
           
          uint16_t remotePort () override
           Returns the remote port, if C::remotePort exists. Else return 0. More...
           
          C & getClient ()
           Returns a reference to the client object stored in this class. Take care not to break it. More...
           
          - Public Member Functions inherited from SSLClientImpl
           SSLClientImpl (const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)
           
           SSLClientImpl (const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)
           
          int connect_impl (IPAddress ip, uint16_t port)
           
          int connect_impl (const char *host, uint16_t port)
           
          size_t write_impl (const uint8_t *buf, size_t size)
           
          int available_impl ()
           
          int read_impl (uint8_t *buf, size_t size)
           
          int peek_impl ()
           
          void flush_impl ()
           
          void stop_impl ()
           
          uint8_t connected_impl ()
           
          SSLSessionget_session_impl (const char *host, const IPAddress &addr)
           
          void remove_session_impl (const char *host, const IPAddress &addr)
           
          void set_mutual_impl (const SSLClientParameters *params)
           
          - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

          -Protected Member Functions

          Client & get_arduino_client () override
           Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl. More...
           
          const Client & get_arduino_client () const override
           
          SSLSessionget_session_array () override
           Returns an instance of the session array that is on the stack. More...
           
          const SSLSessionget_session_array () const override
           
          - Protected Member Functions inherited from SSLClientImpl
          void m_print_prefix (const char *func_name, const DebugLevel level) const
           Prints a debugging prefix to all logs, so we can attatch them to useful information. More...
           
          void m_print_ssl_error (const int ssl_error, const DebugLevel level) const
           Prints the string associated with a write error. More...
           
          void m_print_br_error (const unsigned br_error_code, const DebugLevel level) const
           Print the text string associated with a BearSSL error code. More...
           
          template<typename T >
          void m_print (const T str, const char *func_name, const DebugLevel level) const
           debugging print function, only prints if m_debug is true More...
           
          template<typename T >
          void m_info (const T str, const char *func_name) const
           Prints a info message to serial, if info messages are enabled. More...
           
          template<typename T >
          void m_warn (const T str, const char *func_name) const
           
          template<typename T >
          void m_error (const T str, const char *func_name) const
           
           SSLClient (Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)
           Initialize SSLClient with all of the prerequisites needed. More...
           
          int connect (IPAddress ip, uint16_t port) override
           Connect over SSL to a host specified by an IP address. More...
           
          int connect (const char *host, uint16_t port) override
           Connect over SSL to a host specified by a hostname. More...
           
          size_t write (const uint8_t *buf, size_t size) override
           Write some bytes to the SSL connection. More...
           
          size_t write (uint8_t b) override
           
          int available () override
           Returns the number of bytes available to read from the data that has been received and decrypted. More...
           
          int read (uint8_t *buf, size_t size) override
           Read size bytes from the SSL client buffer, copying them into *buf, and return the number of bytes read. More...
           
          int read () override
           Read a single byte, or -1 if none is available. More...
           
          int peek () override
           View the first byte of the buffer, without removing it from the SSLClient Buffer. More...
           
          void flush () override
           Force writing the buffered bytes from SSLClient::write to the network. More...
           
          void stop () override
           Close the connection. More...
           
          uint8_t connected () override
           Check if the device is connected. More...
           
          void setMutualAuthParams (const SSLClientParameters *params)
           Add a client certificate and enable support for mutual auth. More...
           
          SSLSessiongetSession (const char *host)
           Gets a session reference corresponding to a host and IP, or a reference to a empty session if none exist. More...
           
          void removeSession (const char *host)
           Clear the session corresponding to a host and IP. More...
           
          size_t getSessionCount () const
           Get the maximum number of SSL sessions that can be stored at once. More...
           
           operator bool ()
           Equivalent to SSLClient::connected() > 0. More...
           
          Client & getClient ()
           Returns a reference to the client object stored in this class. Take care not to break it. More...
           

          Detailed Description

          -

          template<class C, size_t SessionCache = 1>
          -class SSLClient< C, SessionCache >

          - -

          The main SSLClient class. Check out README.md for more info.

          -

          Constructor & Destructor Documentation

          - -

          ◆ SSLClient()

          +

          The main SSLClient class. Check out README.md for more info.

          +

          Member Enumeration Documentation

          + +

          ◆ DebugLevel

          + +
          +
          + + + + +
          enum SSLClient::DebugLevel
          +
          + +

          Level of verbosity used in logging for SSLClient.

          +

          Use these values when initializing SSLClient to set how many logs you would like to see in the Serial monitor.

          + + + + + +
          Enumerator
          SSL_NONE 

          No logging output

          +
          SSL_ERROR 

          Only output errors that result in connection failure

          +
          SSL_WARN 

          Output errors and warnings (useful when just starting to develop)

          +
          SSL_INFO 

          Output errors, warnings, and internal information (very verbose)

          +
          + +
          +
          + +

          ◆ Error

          + +
          +
          + + + + +
          enum SSLClient::Error
          +
          + +

          Static constants defining the possible errors encountered.

          +

          If SSLClient encounters an error, it will generally output logs into the serial monitor. If you need a way of programmatically checking the errors, you can do so with SSLClient::getWriteError(), which will return one of these values.

          + + + + + + + + +
          Enumerator
          SSL_OK 
          SSL_CLIENT_CONNECT_FAIL 

          The underlying client failed to connect, probably not an issue with SSL

          +
          SSL_BR_CONNECT_FAIL 

          BearSSL failed to complete the SSL handshake, check logs for bear ssl error output

          +
          SSL_CLIENT_WRTIE_ERROR 

          The underlying client failed to write a payload, probably not an issue with SSL

          +
          SSL_BR_WRITE_ERROR 

          An internal error occurred with BearSSL, check logs for diagnosis.

          +
          SSL_INTERNAL_ERROR 

          An internal error occurred with SSLClient, and you probably need to submit an issue on Github.

          +
          SSL_OUT_OF_MEMORY 

          SSLClient detected that there was not enough memory (>8000 bytes) to continue.

          +
          + +
          +
          +

          Constructor & Destructor Documentation

          + +

          ◆ SSLClient()

          -
          -template<class C , size_t SessionCache = 1>
          +explicit
          - + - + @@ -295,8 +285,14 @@ template<class C , size_t SessionCache = 1> - - + + + + + + + + @@ -306,7 +302,7 @@ template<class C , size_t SessionCache = 1>
          SSLClient< C, SessionCache >::SSLClient SSLClient::SSLClient (const C & Client &  client,
          const DebugLevel debug = SSL_WARN const size_t max_sessions = 1,
          const DebugLevel debug = SSL_WARN 
          		-inlineexplicit
          @@ -321,8 +317,8 @@ The analog_pin should be set to input. trust_anchorsTrust anchors used in the verification of the SSL server certificate. Check out TrustAnchors.md for more info. trust_anchors_numThe number of objects in the trust_anchors array. analog_pinAn analog pin to pull random bytes from, used in seeding the RNG. - debugThe level of debug logging (use the DebugLevel enum). - mutual_auth_paramsConfiguration to use for mutual authentication, nullptr to disable mutual auth. (see SSLClientParameters). + max_sessionsThe maximum number of SSL sessions to store connection information from. + debugThe level of debug logging (use the ::DebugLevel enum). @@ -330,19 +326,17 @@ The analog_pin should be set to input.

          Member Function Documentation

          - -

          ◆ available()

          + +

          ◆ available()

          -
          -template<class C , size_t SessionCache = 1>
          +override
          - + @@ -350,32 +344,30 @@ template<class C , size_t SessionCache = 1>
          int SSLClient< C, SessionCache >::available int SSLClient::available ( )
          		-inlineoverride

          Returns the number of bytes available to read from the data that has been received and decrypted.

          -

          This function updates the state of the SSL engine (including writing any data, see SSLClient::write) and as a result should be called periodically when expecting data. Additionally, since if there are no bytes and if SSLClient::connected is false this function returns zero (this same behavior is found in EthernetClient), it is prudent to ensure in your own code that the preconditions are met before checking this function to prevent an ambiguous result.

          +

          This function updates the state of the SSL engine (including writing any data, see SSLClient::write) and as a result should be called periodically when expecting data. Additionally, since if there are no bytes and if SSLClient::connected is false this function returns zero (this same behavior is found in EthernetClient), it is prudent to ensure in your own code that the preconditions are met before checking this function to prevent an ambiguous result.

          The implementation for this function can be found in SSLClientImpl::available

          -
          Precondition
          SSLClient::connected must be true. (Call SSLClient::connected before this function)
          +
          Precondition
          SSLClient::connected must be true. (Call SSLClient::connected before this function)
          Returns
          The number of bytes available (can be zero), or zero if any of the pre conditions aren't satisfied.
          - -

          ◆ connect() [1/2]

          + +

          ◆ connect() [1/2]

          -
          -template<class C , size_t SessionCache = 1>
          +override
          - + @@ -394,7 +386,7 @@ template<class C , size_t SessionCache = 1>
          int SSLClient< C, SessionCache >::connect int SSLClient::connect ( IPAddress  ip,
          		-inlineoverride
          @@ -403,7 +395,7 @@ template<class C , size_t SessionCache = 1>

          SSLClient::connect(host, port) should be preferred over this function, as verifying the domain name is a step in ensuring the certificate is legitimate, which is important to the security of the device. Additionally, SSL sessions cannot be resumed when using this function, which can drastically increase initial connect time.

          This function initializes the socket by calling m_client::connect(IPAddress, uint16_t) with the parameters supplied, then once the socket is open, uses BearSSL to to complete a SSL handshake. Due to the design of the SSL standard, this function will probably take an extended period (1-4sec) to negotiate the handshake and finish the connection. This function runs until the SSL handshake succeeds or fails.

          SSL requires the client to generate some random bits (to be later combined with some random bits from the server), so SSLClient uses the least significant bits from the analog pin supplied in the constructor. The random bits are generated from 16 consecutive analogReads, and given to BearSSL before the handshake starts.

          -

          The implementation for this function can be found in SSLClientImpl::connect_impl(IPAddress, uint16_t).

          +

          The implementation for this function can be found in SSLClientImpl::connect_impl(IPAddress, uint16_t).

          Precondition
          The underlying client object (passed in through the constructor) is in a non- error state, and must be able to access the IP.
          SSLClient can only have one connection at a time, so the client object must not already be connected.
          @@ -422,19 +414,17 @@ There must be a trust anchor given to the constructor that corresponds to the ce
          - -

          ◆ connect() [2/2]

          + +

          ◆ connect() [2/2]

          -
          -template<class C , size_t SessionCache = 1>
          +override
          - + @@ -453,7 +443,7 @@ template<class C , size_t SessionCache = 1>
          int SSLClient< C, SessionCache >::connect int SSLClient::connect ( const char *  host,
          		-inlineoverride
          @@ -462,7 +452,7 @@ template<class C , size_t SessionCache = 1>

          This function initializes the socket by calling m_client::connect(const char*, uint16_t) with the parameters supplied, then once the socket is open, uses BearSSL to complete a SSL handshake. This function runs until the SSL handshake succeeds or fails.

          SSL requires the client to generate some random bits (to be later combined with some random bits from the server), so SSLClient uses the least significant bits from the analog pin supplied in the constructor. The random bits are generated from 16 consecutive analogReads, and given to BearSSL before the handshake starts.

          This function will usually take around 4-10 seconds. If possible, this function also attempts to resume the SSL session if one is present matching the hostname string, which will reduce connection time to 100-500ms. To read more about this functionality, check out Session Caching in the README.

          -

          The implementation for this function can be found in SSLClientImpl::connect_impl(const char*, uint16_t)

          +

          The implementation for this function can be found in SSLClientImpl::connect_impl(const char*, uint16_t)

          Precondition
          The underlying client object (passed in through the constructor) is in a non- error state, and must be able to access the IP.
          SSLClient can only have one connection at a time, so the client object must not already be connected.
          @@ -481,19 +471,17 @@ There must be a trust anchor given to the constructor that corresponds to the ce
          - -

          ◆ connected()

          + +

          ◆ connected()

          -
          -template<class C , size_t SessionCache = 1>
          +override
          - + @@ -501,31 +489,29 @@ template<class C , size_t SessionCache = 1>
          uint8_t SSLClient< C, SessionCache >::connected uint8_t SSLClient::connected ( )
          		-inlineoverride

          Check if the device is connected.

          -

          Use this function to determine if SSLClient is still connected and a SSL connection is active. It should be noted that this function should be called before SSLClient::available– both functions send and receive data with the SSLClient::m_client device, however SSLClient::available has some delays built in to protect SSLClient::m_client from being polled too frequently, and SSLClient::connected contains logic to ensure that if the socket is dropped SSLClient will react accordingly.

          -

          The implementation for this function can be found in SSLClientImpl::connected_impl.

          +

          Use this function to determine if SSLClient is still connected and a SSL connection is active. It should be noted that this function should be called before SSLClient::available– both functions send and receive data with the SSLClient::m_client device, however SSLClient::available has some delays built in to protect SSLClient::m_client from being polled too frequently, and SSLClient::connected contains logic to ensure that if the socket is dropped SSLClient will react accordingly.

          +

          The implementation for this function can be found in SSLClientImpl::connected_impl.

          Returns
          1 if connected, 0 if not
          - -

          ◆ flush()

          + +

          ◆ flush()

          -
          -template<class C , size_t SessionCache = 1>
          +override
          - + @@ -533,149 +519,27 @@ template<class C , size_t SessionCache = 1>
          void SSLClient< C, SessionCache >::flush void SSLClient::flush ( )
          		-inlineoverride
          -

          Force writing the buffered bytes from SSLClient::write to the network.

          -

          This function is blocking until all bytes from the buffer are written. For an explanation of how writing with SSLClient works, please see SSLClient::write. The implementation for this function can be found in SSLClientImpl::flush.

          +

          Force writing the buffered bytes from SSLClient::write to the network.

          +

          This function is blocking until all bytes from the buffer are written. For an explanation of how writing with SSLClient works, please see SSLClient::write. The implementation for this function can be found in SSLClientImpl::flush.

          - -

          ◆ get_arduino_client() [1/2]

          + +

          ◆ getClient()

          -
          -template<class C , size_t SessionCache = 1>
          - - -
          - - - - - -
          Client& SSLClient< C, SessionCache >::get_arduino_client ()
          -           		-inlineoverrideprotectedvirtual
          -
          - -

          Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl.

          - -

          Implements SSLClientImpl.

          - -
          -
          - -

          ◆ get_arduino_client() [2/2]

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - - - -
          - - - - - - - -
          const Client& SSLClient< C, SessionCache >::get_arduino_client () const
          -           		-inlineoverrideprotectedvirtual
          -
          - -

          Implements SSLClientImpl.

          - -
          -
          - -

          ◆ get_session_array() [1/2]

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - - - -
          - - - - - - - -
          SSLSession* SSLClient< C, SessionCache >::get_session_array ()
          -           		-inlineoverrideprotectedvirtual
          -
          - -

          Returns an instance of the session array that is on the stack.

          - -

          Implements SSLClientImpl.

          - -
          -
          - -

          ◆ get_session_array() [2/2]

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - - - -
          - - - - - - - -
          const SSLSession* SSLClient< C, SessionCache >::get_session_array () const
          -           		-inlineoverrideprotectedvirtual
          -
          - -

          Implements SSLClientImpl.

          - -
          -
          - -

          ◆ getClient()

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - -
          The documentation for this class was generated from the following files:
            +
            The documentation for this class was generated from the following file:
            • C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLSession.h
              • -
            • C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLSession.cpp
            diff --git a/docs/html/class_s_s_l_session.js b/docs/html/class_s_s_l_session.js index c5d362a..6f58817 100644 --- a/docs/html/class_s_s_l_session.js +++ b/docs/html/class_s_s_l_session.js @@ -1,11 +1,6 @@ var class_s_s_l_session = [ - [ "SSLSession", "class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb", null ], - [ "clear_parameters", "class_s_s_l_session.html#a3305941fa615f7134526b718917716ee", null ], + [ "SSLSession", "class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74", null ], [ "get_hostname", "class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820", null ], - [ "get_ip", "class_s_s_l_session.html#a878e1e8788634c5c42778369fbf7bab0", null ], - [ "is_valid_session", "class_s_s_l_session.html#a0c36cee72cfa862b7d4b2f5c112d5076", null ], - [ "operator=", "class_s_s_l_session.html#abb3f7bbe70e3a59f9ce492c55507f36f", null ], - [ "set_parameters", "class_s_s_l_session.html#a2fa15ce0b7caae25dfb567954175257e", null ], [ "to_br_session", "class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc", null ] ]; \ No newline at end of file diff --git a/docs/html/classes.html b/docs/html/classes.html index 8a44185..b944012 100644 --- a/docs/html/classes.html +++ b/docs/html/classes.html @@ -94,10 +94,10 @@ $(document).ready(function(){initNavTree('classes.html','');});
            s
          - - - + @@ -692,45 +556,25 @@ template<class C , size_t SessionCache = 1> - -

          ◆ getSession()

          + +

          ◆ getSession()

          -
          -template<class C , size_t SessionCache = 1>
          -
          C& SSLClient< C, SessionCache >::getClient Client& SSLClient::getClient ( )
          - - - - -
          - + - - - - + - - - - - - -
          SSLSession& SSLClient< C, SessionCache >::getSession SSLSession * SSLClient::getSession ( const char * host,
          host) const IPAddress & addr 
          )
          -           		-inline

          Gets a session reference corresponding to a host and IP, or a reference to a empty session if none exist.

          If no session corresponding to the host and IP exist, then this function will cycle through sessions in a rotating order. This allows the session cache to continually store sessions, however it will also result in old sessions being cleared and returned. In general, it is a good idea to use a SessionCache size equal to the number of domains you plan on connecting to.

          -

          The implementation for this function can be found at SSLClientImpl::get_session_impl.

          +

          The implementation for this function can be found at SSLClientImpl::get_session_impl.

          Parameters
          @@ -738,23 +582,21 @@ template<class C , size_t SessionCache = 1>
          hostA hostname c string, or NULL if one is not available
          -
          Returns
          A reference to an SSLSession object
          +
          Returns
          A pointer to the SSLSession, or NULL of none matched the criteria available
          - -

          ◆ getSessionCount()

          + +

          ◆ getSessionCount()

          -
          -template<class C , size_t SessionCache = 1>
          +inline
          - + @@ -762,7 +604,7 @@ template<class C , size_t SessionCache = 1>
          size_t SSLClient< C, SessionCache >::getSessionCount size_t SSLClient::getSessionCount ( ) const
          		-inlineoverridevirtual
          @@ -770,54 +612,19 @@ template<class C , size_t SessionCache = 1>

          Get the maximum number of SSL sessions that can be stored at once.

          Returns
          The SessionCache template parameter.
          -

          Implements SSLClientImpl.

          -
          - -

          ◆ localPort()

          + +

          ◆ operator bool()

          -
          -template<class C , size_t SessionCache = 1>
          - - -
          - - - - - -
          uint16_t SSLClient< C, SessionCache >::localPort ()
          -           		-inlineoverridevirtual
          -
          - -

          Returns the local port, if C::localPort exists.

          - -

          Implements SSLClientImpl.

          - -
          -
          - -

          ◆ operator bool()

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - -
          Returns
          A String object or "" if there is no hostname
          Precondition
          must check isValidSession before getting this value, as if this session in invalid this value is not guarenteed to be reset to "".
          - - - -

          ◆ get_ip()

          - -
          -
          -
          - - - + @@ -830,142 +637,22 @@ template<class C , size_t SessionCache = 1>
          SSLClient< C, SessionCache >::operator bool SSLClient::operator bool ( )
          -

          Equivalent to SSLClient::connected() > 0.

          +

          Equivalent to SSLClient::connected() > 0.

          Returns
          true if connected, false if not
          - -

          ◆ operator!=() [1/2]

          + +

          ◆ peek()

          -
          -template<class C , size_t SessionCache = 1>
          - - -
          - - - - - - -
          bool SSLClient< C, SessionCache >::operator!= (const bool value)
          -           		-inline
          -
          -
          See also
          SSLClient::operator bool
          - -
          -
          - -

          ◆ operator!=() [2/2]

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - - - -
          - - - - - - - - -
          bool SSLClient< C, SessionCache >::operator!= (const C & rhs)
          -           		-inline
          -
          - -

          Returns whether or not two SSLClient objects do not have the same underlying client object.

          - -
          -
          - -

          ◆ operator==() [1/2]

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - - - -
          - - - - - - - - -
          bool SSLClient< C, SessionCache >::operator== (const bool value)
          -           		-inline
          -
          -
          See also
          SSLClient::operator bool
          - -
          -
          - -

          ◆ operator==() [2/2]

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - - - -
          - - - - - - - - -
          bool SSLClient< C, SessionCache >::operator== (const C & rhs)
          -           		-inline
          -
          - -

          Returns whether or not two SSLClient objects have the same underlying client object.

          - -
          -
          - -

          ◆ peek()

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - +override
          - - - + @@ -973,60 +660,28 @@ template<class C , size_t SessionCache = 1>
          int SSLClient< C, SessionCache >::peek int SSLClient::peek ( )
          		-inlineoverride

          View the first byte of the buffer, without removing it from the SSLClient Buffer.

          -

          The implementation for this function can be found in SSLClientImpl::peek

          Precondition
          SSLClient::available must be >0
          +

          The implementation for this function can be found in SSLClientImpl::peek

          Precondition
          SSLClient::available must be >0
          Returns
          The first byte received, or -1 if the preconditions are not satisfied (warning: do not use if your data may be -1, as the return value is ambiguous)
          - -

          ◆ read() [1/2]

          + +

          ◆ read() [1/2]

          -
          -template<class C , size_t SessionCache = 1>
          - - -
          - - - - - -
          int SSLClient< C, SessionCache >::read ()
          -           		-inlineoverride
          -
          - -

          Read a single byte, or -1 if none is available.

          -
          See also
          SSLClient::read(uint8_t*, size_t)
          - -
          -
          - -

          ◆ read() [2/2]

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - +override
          - - - + @@ -1045,16 +700,16 @@ template<class C , size_t SessionCache = 1>
          int SSLClient< C, SessionCache >::read int SSLClient::read ( uint8_t *  buf,
          		-inlineoverride

          Read size bytes from the SSL client buffer, copying them into *buf, and return the number of bytes read.

          -

          This function checks if bytes are ready to be read by calling SSLClient::available, and if so copies size number of bytes from the IO buffer into the buf pointer. Data read using this function will not include any SSL or socket commands, as the Client and BearSSL will capture those and process them separately.

          +

          This function checks if bytes are ready to be read by calling SSLClient::available, and if so copies size number of bytes from the IO buffer into the buf pointer. Data read using this function will not include any SSL or socket commands, as the Client and BearSSL will capture those and process them separately.

          If you find that you are having a lot of timeout errors, SSLClient may be experiencing a buffer overflow. Checkout README.md for more information.

          -

          The implementation for this function can be found in SSLClientImpl::read_impl(uint8_t*, size_t)

          -
          Precondition
          SSLClient::available must be >0
          +

          The implementation for this function can be found in SSLClientImpl::read_impl(uint8_t*, size_t)

          +
          Precondition
          SSLClient::available must be >0
          Parameters
          @@ -1066,161 +721,17 @@ template<class C , size_t SessionCache = 1> - -

          ◆ remoteIP()

          + +

          ◆ read() [2/2]

          -
          -template<class C , size_t SessionCache = 1>
          bufThe pointer to the buffer to put SSL application data into
          - - -
          - - - - - -
          IPAddress SSLClient< C, SessionCache >::remoteIP ()
          -           		-inlineoverridevirtual
          -
          - -

          Returns the remote IP, if C::remoteIP exists.

          - -

          Implements SSLClientImpl.

          - -
          -
          - -

          ◆ remotePort()

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - - - -
          - - - - - - - -
          uint16_t SSLClient< C, SessionCache >::remotePort ()
          -           		-inlineoverridevirtual
          -
          - -

          Returns the remote port, if C::remotePort exists. Else return 0.

          - -

          Implements SSLClientImpl.

          - -
          -
          - -

          ◆ removeSession()

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - - - -
          - - - - - - - - - - - - - - - - - - -
          void SSLClient< C, SessionCache >::removeSession (const char * host,
          const IPAddress & addr 
          )
          -           		-inline
          -
          - -

          Clear the session corresponding to a host and IP.

          -

          The implementation for this function can be found at SSLClientImpl::remove_session_impl.

          -
          Parameters
          - - - -
          hostA hostname c string, or NULL if one is not available
          addrAn IP address
          -
          -
          - -
          -
          - -

          ◆ setMutualAuthParams()

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - - - -
          - - - - - - - - -
          void SSLClient< C, SessionCache >::setMutualAuthParams (const SSLClientParametersparams)
          -           		-inline
          -
          - -

          Add a client certificate and enable support for mutual auth.

          -

          Please ensure that the values in params are valid for the lifetime of SSLClient. You may want to make them global constants.

          -
          Precondition
          SSLClient has not already started an SSL connection.
          - -
          -
          - -

          ◆ stop()

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - -

          Member Function Documentation

          - -

          ◆ clear_parameters()

          - -
          -
          -
          - - - + @@ -1233,53 +744,100 @@ template<class C , size_t SessionCache = 1>
          void SSLClient< C, SessionCache >::stop int SSLClient::read ( )
          +

          Read a single byte, or -1 if none is available.

          +
          See also
          SSLClient::read(uint8_t*, size_t)
          + +
          + + +

          ◆ removeSession()

          + +
          +
          + + + + + + + + +
          void SSLClient::removeSession (const char * host)
          +
          + +

          Clear the session corresponding to a host and IP.

          +

          The implementation for this function can be found at SSLClientImpl::remove_session_impl.

          +
          Parameters
          + + + +
          hostA hostname c string, or nullptr if one is not available
          addrAn IP address
          +
          +
          + +
          +
          + +

          ◆ setMutualAuthParams()

          + +
          +
          + + + + + + + + +
          void SSLClient::setMutualAuthParams (const SSLClientParametersparams)
          +
          + +

          Add a client certificate and enable support for mutual auth.

          +

          Please ensure that the values in params are valid for the lifetime of SSLClient. You may want to make them global constants.

          +
          Precondition
          SSLClient has not already started an SSL connection.
          + +
          +
          + +

          ◆ stop()

          + +
          +
          + + + + + +
          + + + + + + + +
          void SSLClient::stop ()
          +           		+override
          +
          +

          Close the connection.

          If the SSL session is still active, all incoming data is discarded and BearSSL will attempt to close the session gracefully (will write to the network), and then call m_client::stop. If the session is not active or an error was encountered previously, this function will simply call m_client::stop. The implementation for this function can be found in SSLClientImpl::peek.

          - -

          ◆ write() [1/2]

          + +

          ◆ write() [1/2]

          -
          -template<class C , size_t SessionCache = 1>
          - - -
          - - - - - - -
          size_t SSLClient< C, SessionCache >::write (uint8_t b)
          -           		-inlineoverride
          -
          -
          See also
          SSLClient::write(uint8_t*, size_t)
          - -
          -
          - -

          ◆ write() [2/2]

          - -
          -
          -
          -template<class C , size_t SessionCache = 1>
          - - - +override
          - - - + @@ -1298,15 +856,15 @@ template<class C , size_t SessionCache = 1>
          size_t SSLClient< C, SessionCache >::write size_t SSLClient::write ( const uint8_t *  buf,
          		-inlineoverride

          Write some bytes to the SSL connection.

          -

          Assuming all preconditions are met, this function writes data to the BearSSL IO buffer, BUT does not initially send the data. Instead, you must call SSLClient::available or SSLClient::flush, which will detect that the buffer is ready for writing, and will write the data to the network. Alternatively, if this function is requested to write a larger amount of data than SSLClientImpl::m_iobuf can handle, data will be written to the network in pages the size of SSLClientImpl::m_iobuf until all the data in buf is sent–attempting to keep all writes to the network grouped together. For information on why this is the case check out README.md .

          -

          The implementation for this function can be found in SSLClientImpl::write_impl(const uint8_t*, size_t)

          -
          Precondition
          The socket and SSL layer must be connected, meaning SSLClient::connected must be true.
          +

          Assuming all preconditions are met, this function writes data to the BearSSL IO buffer, BUT does not initially send the data. Instead, you must call SSLClient::available or SSLClient::flush, which will detect that the buffer is ready for writing, and will write the data to the network. Alternatively, if this function is requested to write a larger amount of data than SSLClientImpl::m_iobuf can handle, data will be written to the network in pages the size of SSLClientImpl::m_iobuf until all the data in buf is sent–attempting to keep all writes to the network grouped together. For information on why this is the case check out README.md .

          +

          The implementation for this function can be found in SSLClientImpl::write_impl(const uint8_t*, size_t)

          +
          Precondition
          The socket and SSL layer must be connected, meaning SSLClient::connected must be true.
          BearSSL must not be waiting for the recipt of user data (if it is, there is probably an error with how the protocol in implemented in your code).
          Parameters
          @@ -1320,8 +878,36 @@ BearSSL must not be waiting for the recipt of user data (if it is, there is prob
          -
          The documentation for this class was generated from the following file:
            + +

            ◆ write() [2/2]

            + +
            +
            + + + + + +
            + + + + + + + + +
            size_t SSLClient::write (uint8_t b)
            +             		+inlineoverride
            +
            +
            See also
            SSLClient::write(uint8_t*, size_t)
            + +
            +
            +
            The documentation for this class was generated from the following files:
            • C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLClient.h
              • +
            • C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLClient.cpp
            diff --git a/docs/html/class_s_s_l_client.js b/docs/html/class_s_s_l_client.js index 029693f..8b45e37 100644 --- a/docs/html/class_s_s_l_client.js +++ b/docs/html/class_s_s_l_client.js @@ -1,32 +1,36 @@ var class_s_s_l_client = [ - [ "SSLClient", "class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0", null ], - [ "available", "class_s_s_l_client.html#a5d13fd2f32ee2ea65a1f3820f758e77e", null ], - [ "connect", "class_s_s_l_client.html#a4a2172aedfcc483ba2a256ad12148630", null ], - [ "connect", "class_s_s_l_client.html#a91c63e35f31652c20faa5b9be95984bf", null ], - [ "connected", "class_s_s_l_client.html#a25e4414ab0c9424d09592f9567a678dc", null ], - [ "flush", "class_s_s_l_client.html#a2ee6a3134d07ca09cf61ee04d32c3d44", null ], - [ "get_arduino_client", "class_s_s_l_client.html#a9c5001bdfa75ccc0d93cc60dd872b38a", null ], - [ "get_arduino_client", "class_s_s_l_client.html#a353c875d17a85dbb7bfe10de155f3b52", null ], - [ "get_session_array", "class_s_s_l_client.html#a9e7769fed78825cf4723778f4b5aa3e9", null ], - [ "get_session_array", "class_s_s_l_client.html#a18adfc074d6b8e996819d4beb4689cbd", null ], - [ "getClient", "class_s_s_l_client.html#afd0d4d2c98433d60897d8828d8047d41", null ], - [ "getSession", "class_s_s_l_client.html#a2d8bf9b891151bc5b0b865d70cf9c086", null ], - [ "getSessionCount", "class_s_s_l_client.html#a2d71f00d6634092f50c5262ad25cdacd", null ], - [ "localPort", "class_s_s_l_client.html#a563c5f9829757075bf16742cffa4cf73", null ], - [ "operator bool", "class_s_s_l_client.html#a2d378fbb7b8f15a1691746572f9d95b1", null ], - [ "operator!=", "class_s_s_l_client.html#a824b599264f893e1b206a9100bc52ee1", null ], - [ "operator!=", "class_s_s_l_client.html#adab82ba09345fa070712d3124af30e1b", null ], - [ "operator==", "class_s_s_l_client.html#a505bfb6831a45aebf58d84e3b89d4cfc", null ], - [ "operator==", "class_s_s_l_client.html#a5f40f8f4d26d21e14276c3e8162b62b9", null ], - [ "peek", "class_s_s_l_client.html#a31742867b00bd8d130637af0935bacbd", null ], - [ "read", "class_s_s_l_client.html#aedf2746cc35da596faf8322776c2118e", null ], - [ "read", "class_s_s_l_client.html#afd6d7ae798c05cf566b2eb5651dba795", null ], - [ "remoteIP", "class_s_s_l_client.html#af76a0df76834e0d0999dbf44c7c0a174", null ], - [ "remotePort", "class_s_s_l_client.html#a5974a5f8722a752f121af4fac498bb22", null ], - [ "removeSession", "class_s_s_l_client.html#a5b626703a24089dbb0480a9b6ddf348c", null ], - [ "setMutualAuthParams", "class_s_s_l_client.html#a16aa9765bd450dcbba21c598456f464f", null ], - [ "stop", "class_s_s_l_client.html#ad30db47248d78df7c12dedfb27f06529", null ], - [ "write", "class_s_s_l_client.html#a6b8ff53c10fe34aab1dc2561410f70bb", null ], - [ "write", "class_s_s_l_client.html#a6bcb7579ebc051c097acb794b95771a9", null ] + [ "DebugLevel", "class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1", [ + [ "SSL_NONE", "class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a24122d1e1bb724237f305a0b4a21ff75", null ], + [ "SSL_ERROR", "class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a199742ec5c99c72d9cede1fda0f125c5", null ], + [ "SSL_WARN", "class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a26f3e5f1481f3ea22ea4ab5370b0fa97", null ], + [ "SSL_INFO", "class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a8d5f7561f9cc0a2f3e5f362b02f4a5b2", null ] + ] ], + [ "Error", "class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6cea", [ + [ "SSL_OK", "class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa18dbddc0a3d4a94ee0f298fe55a06a94", null ], + [ "SSL_CLIENT_CONNECT_FAIL", "class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd", null ], + [ "SSL_BR_CONNECT_FAIL", "class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5", null ], + [ "SSL_CLIENT_WRTIE_ERROR", "class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaab8581e1172fbf15067d435706d3a03a8", null ], + [ "SSL_BR_WRITE_ERROR", "class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016", null ], + [ "SSL_INTERNAL_ERROR", "class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaaf66f8d5f6601f9e7607b78bf7a07fc84", null ], + [ "SSL_OUT_OF_MEMORY", "class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa0a4f8af0226cf29ede8f6fe4a9047b08", null ] + ] ], + [ "SSLClient", "class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376", null ], + [ "available", "class_s_s_l_client.html#a0e775669b4a040fbd3f281dcbcd2de78", null ], + [ "connect", "class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3", null ], + [ "connect", "class_s_s_l_client.html#a248a5152cc3c3e7666bf5443bfd57c90", null ], + [ "connected", "class_s_s_l_client.html#a5488f01ccfddfd9e41f54dfbda48bcae", null ], + [ "flush", "class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c", null ], + [ "getClient", "class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21", null ], + [ "getSession", "class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3", null ], + [ "getSessionCount", "class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22", null ], + [ "operator bool", "class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b", null ], + [ "peek", "class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86", null ], + [ "read", "class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95", null ], + [ "read", "class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb", null ], + [ "removeSession", "class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4", null ], + [ "setMutualAuthParams", "class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29", null ], + [ "stop", "class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe", null ], + [ "write", "class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86", null ], + [ "write", "class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d", null ] ]; \ No newline at end of file diff --git a/docs/html/class_s_s_l_client.png b/docs/html/class_s_s_l_client.png index 0519c9e396e13e9d09044f374bcda247c9e4d98d..181cd65589bc4519aef334438686659647f5eb6f 100644 GIT binary patch delta 333 zcmV-T0kZzx2K)jciBL{Q4GJ0x0000DNk~Le0000(0000`2m=5B0CiS4bde!Ce*p_g zL_t(|0qvd3ZiFxlMUOY!|NrAofDi}5G_6^TG?uPqY{9{gWRICy&@f2~Su!L!jTvRw z#jTR$GmncOC0h5u$G}Qn700000NkvXXu0mjf_z#y7 literal 861 zcmeAS@N?(olHy`uVBq!ia0vp^`+&HEgBeKXbuN?#QW60^A+G=b{|7Q(y!l$%e`o@b z1;z&s9ANFd15(3L666=m08|75S5Ji)F)%Q_@pN$vsbG9N_jTW9D;@@Qw^jH5_xf|I zh9A1QUbj@Ya_Y^7oh6ejp6P2YeIh<-)v9o(_|U6e7s5lgKH~c8?pjfj9ej0F?XTl{ z7vke9p1gCi-~ZmSsa8|&ZrPeuzZCVZ-@m+K&dODFUF%<-7xoJM8oKWKeX~u`e}zgH z#)r$bpS*niZ_TFn387d01><8wL$%?iD}4zKUAyD;@+p&|8P+{vdmw)Q*Y?@j_4j|3 zSD*iP?(5=D3^xRSF@&|)HHa?cPjG#~9D$eX6FDvQBX@U42hja4N4hSE3vPTQ`?uu( z>R(@X*q&cl^HQNqLP+o@bN-9`SF!hxyDrJwzs&wys^GTAAiq4W;C+An+KS$P-!3n; zzjpt!M(31mS>}O)6U8g?Uz;&oTwl*zy7@}JQTn3&xlit2o}Y8K`DVS_53T0ude=YdY!{cn>_ zH+B5%sj0eu0>d65XgImn-#xzc{9>)=haHX|_$>SRz@M8Z&pzKg`>Xlab?+ZL-2HW< z?!66z!Q&s#>MzRw-o$bH<35r8yct;yZB?Ax_5Qz)53`NEv>-;dF2`ryGEgwAm@}2V z|FdGer@^*|sb|mLy?SrU?OkUX&V7CT)FS@5(bdWwXS2%0Z*P@jyUf2}t<6;%zc1V0 zPQ8C~&5N4JcJi+$r7w%GTYTyLx6-(4pVw9!{JuM7&e?xE-oIWs|Hby_?V zRQJ35&;BNU*6u(!M=gW4ll%d$|G$8#ciMl3_GPnL-A&t00rLWbr>mdKI;Vst092>5 AfB*mh diff --git a/docs/html/class_s_s_l_session-members.html b/docs/html/class_s_s_l_session-members.html index 94cb202..ca1bf32 100644 --- a/docs/html/class_s_s_l_session-members.html +++ b/docs/html/class_s_s_l_session-members.html @@ -94,14 +94,9 @@ $(document).ready(function(){initNavTree('class_s_s_l_session.html','');});

            This is the complete list of members for SSLSession, including all inherited members.

            - - - - - - - - + + +
            clear_parameters()SSLSession
            get_hostname() constSSLSessioninline
            get_ip() constSSLSessioninline
            is_valid_session() constSSLSessioninline
            operator=(const SSLSession &)=deleteSSLSession
            set_parameters(const IPAddress &ip, const char *hostname=NULL)SSLSession
            SSLSession()SSLSessioninline
            to_br_session()SSLSessioninline
            get_hostname() constSSLSessioninline
            SSLSession(const char *hostname)SSLSessioninline
            to_br_session()SSLSessioninline
            diff --git a/docs/html/class_s_s_l_session.html b/docs/html/class_s_s_l_session.html index b5d0811..79e8cca 100644 --- a/docs/html/class_s_s_l_session.html +++ b/docs/html/class_s_s_l_session.html @@ -108,26 +108,12 @@ Inheritance diagram for SSLSession: - - - - - - + + + - - - - - - - - - - - @@ -138,8 +124,8 @@ Public Member Functions

            This file contains a simple utility class to store parameters about an SSL Session for reuse later.This class was created to extend the values stored in br_ssl_session_parameters, which allow BearSSL to resume an SSL session. When testing BearSSL's session resumption feature, it was observed that BearSSL can only resume a session that was was started with the same server. This becomes an issue when using repeated requests to a domain name which can resolve to multiple IP addresses ("api.github.com"), as the device will switch between two or three servers. Since BearSSL only stores one session at a time, this results in session resumption being few and far between.

            To remedy this problem, an SSLSession stores the IPAddress and hostname, along with the parameters in br_ssl_session_parameters struct. Using this data, SSLClient is able to remember which IPAddress is associated with which session, allowing it to reconnect to the last IPAddress, as opposed to any associated with the domain.

            Constructor & Destructor Documentation

            - -

            ◆ SSLSession()

            + +

            ◆ SSLSession()

            @@ -150,7 +136,8 @@ Public Member Functions
            - + +

            Public Member Functions

             SSLSession ()
             SSLSession constructor. More...
             
            SSLSessionoperator= (const SSLSession &)=delete
             use clear_parameters or set_parameters instead More...
             
             SSLSession (const char *hostname)
             SSLSession constructor. More...
             
            const String & get_hostname () const
             Get the hostname string associated with this session. More...
             
            const IPAddress & get_ip () const
             Get ::IPAddress associated with this session. More...
             
            bool is_valid_session () const
             
            void set_parameters (const IPAddress &ip, const char *hostname=NULL)
             Set the ip address and hostname of the session. More...
             
            void clear_parameters ()
             Delete the parameters and invalidate the session. More...
             
            br_ssl_session_parameters * to_br_session ()
             Returns a pointer to the ::br_ssl_session_parameters component of this class. More...
             
            SSLSession::SSLSession ()const char * hostname)
            @@ -167,26 +154,6 @@ Public Member Functions
          - - - - - - -
          void SSLSession::clear_parameters ()
          -
          - -

          Delete the parameters and invalidate the session.

          -

          Roughly equivalent to this_session = SSLSession(), however this function preserves the String object, allowing it to better handle the dynamic memory needed.

          - -
          -

          ◆ get_hostname()

          @@ -214,127 +181,6 @@ Public Member Functions
          - - - - -
          - - - - - - - -
          const IPAddress& SSLSession::get_ip () const
          -           		-inline
          -
          - -

          Get ::IPAddress associated with this session.

          -
          Returns
          A ::IPAddress object, #INADDR_NONE if there is no IP
          -
          Precondition
          must check isValidSession before getting this value, as if this session in invalid this value is not guarenteed to be reset to #INADDR_NONE.
          - -
          -
          - -

          ◆ is_valid_session()

          - -
          -
          - - - - - -
          - - - - - - - -
          bool SSLSession::is_valid_session () const
          -           		-inline
          -
          - -
          -
          - -

          ◆ operator=()

          - -
          -
          - - - - - -
          - - - - - - - - -
          SSLSession& SSLSession::operator= (const SSLSession)
          -           		-delete
          -
          - -

          use clear_parameters or set_parameters instead

          - -
          -
          - -

          ◆ set_parameters()

          - -
          -
          - - - - - - - - - - - - - - - - - - -
          void SSLSession::set_parameters (const IPAddress & ip,
          const char * hostname = NULL 
          )
          -
          - -

          Set the ip address and hostname of the session.

          -

          This function stores the ip Address object and hostname object into the session object. If hostname is not null or ip address is not blank, and the ::br_ssl_session_parameters values are non-zero it then validates the session.

          -
          Precondition
          You must call ::br_ssl_engine_get_session_parameters with this session before calling this function. This is because there is no way to completely validate the ::br_ssl_session_parameters and the session may end up in a corrupted state if this is not observed.
          -
          Parameters
          - - - -
          ipThe IP address of the host associated with the session
          hostnameThe string hostname ("www.google.com") associated with the session. Take care that this value is corrent, SSLSession performs no validation of the hostname.
          -
          -
          -
          @@ -364,9 +210,8 @@ Public Member Functions
          - - - + + + +
            s  
          -          		SSLClient   SSLClientParameters   
          SSLClientImpl   SSLSession   
          ssl_pem_decode_state   
          SSLClient   SSLSession   
          SSLClientParameters   
          ssl_pem_decode_state   
          s
          diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html index 213ba14..97c64ed 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html @@ -96,20 +96,16 @@ $(document).ready(function(){initNavTree('dir_68267d1309a1af8e8297ef4c3efbcdba.h Files file  ec_prime_fast_256.c   +file  SSLClient.cpp +  file  SSLClient.h [code]   -file  SSLClientImpl.cpp -  -file  SSLClientImpl.h [code] -  file  SSLClientParameters.h [code]   file  SSLObj.cpp   file  SSLObj.h [code]   -file  SSLSession.cpp -  file  SSLSession.h [code]   file  time_macros.h [code] diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js index 6b5c86a..a47c04c 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js @@ -1,15 +1,15 @@ var dir_68267d1309a1af8e8297ef4c3efbcdba = [ [ "ec_prime_fast_256.c", "ec__prime__fast__256_8c.html", "ec__prime__fast__256_8c" ], - [ "SSLClient.h", "_s_s_l_client_8h.html", "_s_s_l_client_8h" ], - [ "SSLClientImpl.cpp", "_s_s_l_client_impl_8cpp.html", "_s_s_l_client_impl_8cpp" ], - [ "SSLClientImpl.h", "_s_s_l_client_impl_8h.html", "_s_s_l_client_impl_8h" ], + [ "SSLClient.cpp", "_s_s_l_client_8cpp.html", "_s_s_l_client_8cpp" ], + [ "SSLClient.h", "_s_s_l_client_8h.html", [ + [ "SSLClient", "class_s_s_l_client.html", "class_s_s_l_client" ] + ] ], [ "SSLClientParameters.h", "_s_s_l_client_parameters_8h.html", [ [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", "struct_s_s_l_client_parameters" ] ] ], [ "SSLObj.cpp", "_s_s_l_obj_8cpp.html", "_s_s_l_obj_8cpp" ], [ "SSLObj.h", "_s_s_l_obj_8h.html", "_s_s_l_obj_8h" ], - [ "SSLSession.cpp", "_s_s_l_session_8cpp.html", null ], [ "SSLSession.h", "_s_s_l_session_8h.html", [ [ "SSLSession", "class_s_s_l_session.html", "class_s_s_l_session" ] ] ], diff --git a/docs/html/files.html b/docs/html/files.html index 6672f57..95ada10 100644 --- a/docs/html/files.html +++ b/docs/html/files.html @@ -102,16 +102,14 @@ $(document).ready(function(){initNavTree('files.html','');});  cert.h   src  ec_prime_fast_256.c - SSLClient.h - SSLClientImpl.cpp - SSLClientImpl.h - SSLClientParameters.h - SSLObj.cpp - SSLObj.h - SSLSession.cpp - SSLSession.h - time_macros.h - TLS12_only_profile.c + SSLClient.cpp + SSLClient.h + SSLClientParameters.h + SSLObj.cpp + SSLObj.h + SSLSession.h + time_macros.h + TLS12_only_profile.c
          diff --git a/docs/html/functions.html b/docs/html/functions.html index de3bd8b..cc1ba07 100644 --- a/docs/html/functions.html +++ b/docs/html/functions.html @@ -91,10 +91,7 @@ $(document).ready(function(){initNavTree('functions.html','');});

          - a -

          @@ -103,23 +100,21 @@ $(document).ready(function(){initNavTree('functions.html','');});
        • chain_len : SSLClientParameters
          • -
        • clear_parameters() -: SSLSession -
        • client_cert_chain : SSLClientParameters
        • connect() -: SSLClient< C, SessionCache > -
          • -
        • connect_impl() -: SSLClientImpl +: SSLClient
        • connected() -: SSLClient< C, SessionCache > +: SSLClient
          • -
        • connected_impl() -: SSLClientImpl +
        + + +

        - d -

        @@ -128,46 +123,31 @@ $(document).ready(function(){initNavTree('functions.html','');});
      • ec_key : SSLClientParameters
        • +
      • Error +: SSLClient +

      - f -

      - g -

      @@ -176,119 +156,78 @@ $(document).ready(function(){initNavTree('functions.html','');});
    • index : ssl_pem_decode_state
      • -
    • is_valid_session() -: SSLSession -
      • -
    - - -

    - l -

    - - -

    - m -

    - o -

    - p -

    - r -

    - s -

    @@ -309,10 +248,7 @@ $(document).ready(function(){initNavTree('functions.html','');});

    - w -

    diff --git a/docs/html/functions_enum.html b/docs/html/functions_enum.html new file mode 100644 index 0000000..d14bd09 --- /dev/null +++ b/docs/html/functions_enum.html @@ -0,0 +1,109 @@ + + + + + + + +SSLClient: Class Members - Enumerations + + + + + + + + + + + + + + +
    +
    + + + + + + +
    +
    SSLClient +  v1.3.0 +
    +
    Add TLS 1.2 functionality to any network library.
    +
    +
    + + + + + + + +
    +
    + +
    +
    +
    + +
    + +
    +
    + + +
    + +
    + +
    +
    +
    + + + + diff --git a/docs/html/functions_eval.html b/docs/html/functions_eval.html new file mode 100644 index 0000000..0ff75bc --- /dev/null +++ b/docs/html/functions_eval.html @@ -0,0 +1,136 @@ + + + + + + + +SSLClient: Class Members - Enumerator + + + + + + + + + + + + + + +
    +
    + + + + + + +
    +
    SSLClient +  v1.3.0 +
    +
    Add TLS 1.2 functionality to any network library.
    +
    +
    + + + + + + + +
    +
    + +
    +
    +
    + +
    + +
    +
    + + +
    + +
    + +
    +
    +
    + + + + diff --git a/docs/html/functions_func.html b/docs/html/functions_func.html index 7ff72b8..799ae11 100644 --- a/docs/html/functions_func.html +++ b/docs/html/functions_func.html @@ -87,209 +87,60 @@ $(document).ready(function(){initNavTree('functions_func.html','');});
    -  - -

    - a -

    diff --git a/docs/html/globals.html b/docs/html/globals.html index a3bb937..b704556 100644 --- a/docs/html/globals.html +++ b/docs/html/globals.html @@ -87,11 +87,9 @@ $(document).ready(function(){initNavTree('globals.html','');});
    -
    Here is a list of all file members with links to the files they belong to:
    - -

    - _ -

      +
      Here is a list of all file members with links to the files they belong to:
      - - -

      - b -

      - - -

      - c -

      • CONV_STR2DEC_1 : time_macros.h
        • @@ -146,38 +136,12 @@ $(document).ready(function(){initNavTree('globals.html','');});
      • CONV_STR2DEC_4 : time_macros.h
        • -
      - - -

      - d -

      - - -

      - e -

      - - -

      - g -

      - - -

      - p -

      - - -

      - s -

      - - -

      - t -

      - - -

      - u -

      • UNIX_TIMESTAMP : time_macros.h
        • diff --git a/docs/html/globals_defs.html b/docs/html/globals_defs.html index 6b52f8f..fef2962 100644 --- a/docs/html/globals_defs.html +++ b/docs/html/globals_defs.html @@ -145,9 +145,6 @@ $(document).ready(function(){initNavTree('globals_defs.html','');});
      • SEC_PER_YEAR : time_macros.h
        • -
      • SSLClient_H_ -: SSLClient.h -
      • TAs_NUM : trust_anchors.h , cert.h diff --git a/docs/html/globals_vars.html b/docs/html/globals_vars.html index 3ac6bb8..34445a7 100644 --- a/docs/html/globals_vars.html +++ b/docs/html/globals_vars.html @@ -89,7 +89,7 @@ $(document).ready(function(){initNavTree('globals_vars.html','');});
         
        • __brkval -: SSLClientImpl.cpp +: SSLClient.cpp
        • br_ec_prime_fast_256 : ec_prime_fast_256.c diff --git a/docs/html/hierarchy.html b/docs/html/hierarchy.html index a11880c..f525e14 100644 --- a/docs/html/hierarchy.html +++ b/docs/html/hierarchy.html @@ -92,14 +92,13 @@ $(document).ready(function(){initNavTree('hierarchy.html','');});
        This inheritance list is sorted roughly, but not completely, alphabetically:
        -
        [detail level 123]
        +
        [detail level 12]
        - - - - + + +
         Cbr_ssl_session_parameters
         CSSLSessionThis class stores values which allow SSLClient to save and resume SSL sessions
         CClient
         CSSLClientImplImplementation code to be inherited by SSLClient
         CSSLClient< C, SessionCache >The main SSLClient class. Check out README.md for more info
         Cssl_pem_decode_state
         CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication
         CSSLClientThe main SSLClient class. Check out README.md for more info
         Cssl_pem_decode_state
         CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication
        diff --git a/docs/html/hierarchy.js b/docs/html/hierarchy.js index bfd3475..5a0d7ae 100644 --- a/docs/html/hierarchy.js +++ b/docs/html/hierarchy.js @@ -4,9 +4,7 @@ var hierarchy = [ "SSLSession", "class_s_s_l_session.html", null ] ] ], [ "Client", null, [ - [ "SSLClientImpl", "class_s_s_l_client_impl.html", [ - [ "SSLClient< C, SessionCache >", "class_s_s_l_client.html", null ] - ] ] + [ "SSLClient", "class_s_s_l_client.html", null ] ] ], [ "ssl_pem_decode_state", "structssl__pem__decode__state.html", null ], [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", null ] diff --git a/docs/html/index.html b/docs/html/index.html index ed54c66..2f790ee 100644 --- a/docs/html/index.html +++ b/docs/html/index.html @@ -104,13 +104,13 @@ $(document).ready(function(){initNavTree('index.html','');});
      • A Client class associated with a network interface. We tested this library using EthernetClient, however in theory it will work for any class implementing Client.
      • An analog pin, used for generating random data at the start of the connection (see the Implementation Gotchas).
        • -

        Once all those are ready, you can create a simple SSLClient object like this:

        {C++}
        SSLClient<BaseClientType> client(BaseClientInstance, TAs, (size_t)TAs_NUM, AnalogPin);

        Where:

          -
        • BaseClientType - The type of BaseClientInstance
          • -
        • BaseClientInstance - An instance of the class you are using for SSLClient (the class associated with the network interface, from step 3)
          • +

          Once all those are ready, you can create a simple SSLClient object like this:

          {C++}
          BaseClientType baseClientInstance;
          SSLClient client(baseClientInstance, TAs, (size_t)TAs_NUM, AnalogPin);

          Where:

            +
          • BaseClientType - The type of baseClientInstance
            • +
          • BaseClientInstance - An instance of the class you are using for SSLClient (the class associated with the network interface, from step 3). It is important that this instance be stored outside the SSLClient declaration (for instance, SSLClient(BaseClientType() ...) wouldn't work).
          • TAs - The name of the trust anchor array created in step 2. If you generated a header using the tutorial this will probably be TAs.
          • TAs_NUM - The number of trust anchors in TAs. If you generated a header using the tutorial this will probably be TAs_NUM.

          • AnalogPin - The analog pin to pull random data from (step 4).

            -

            For example, if I am using EthernetClient, a generated array of 2 trust anchors, and the analog pin A7, I would declare an SSLClient instance using:

            {C++}
            SSLClient<EthernetClient> client(EthernetClient(), TAs, 2, A7);

            Once that is setup, simply use SSLClient as you would the base client class:

            {C++}
            // connect to ardiuino.cc over ssl (port 443 for websites)
            client.connect("www.arduino.cc", 443);
            // Make a HTTP request
            client.println("GET /asciilogo.txt HTTP/1.1");
            client.println("User-Agent: AdafruitFeatherM0WiFi");
            client.print("Host: ");
            client.println(server);
            client.println("Connection: close");
            client.println();
            client.flush();
            // read and print the data
            ...

            Note: client.connect("www.arduino.cc", 443) can take 5-15 seconds to finish. This an unavoidable consequence of the SSL protocol, and is detailed in Implementation Notes.

            +

            For example, if I am using EthernetClient, a generated array of 2 trust anchors, and the analog pin A7, I would declare an SSLClient instance using:

            {C++}
            EthernetClient baseClient;
            SSLClient client(baseClient, TAs, 2, A7);

            Once that is setup, simply use SSLClient as you would the base client class:

            {C++}
            // connect to ardiuino.cc over ssl (port 443 for websites)
            client.connect("www.arduino.cc", 443);
            // Make a HTTP request
            client.println("GET /asciilogo.txt HTTP/1.1");
            client.println("User-Agent: AdafruitFeatherM0WiFi");
            client.print("Host: ");
            client.println(server);
            client.println("Connection: close");
            client.println();
            client.flush();
            // read and print the data
            ...

            Note: client.connect("www.arduino.cc", 443) can take 5-15 seconds to finish. This an unavoidable consequence of the SSL protocol, and is detailed in Implementation Notes.

          For more information on SSLClient, check out the examples, API documentation, or the rest of this README.

          @@ -119,13 +119,13 @@ $(document).ready(function(){initNavTree('index.html','');});

          Additionally, the bulk of SSLClient is split into two components: a template class SSLClient, and an implementation class SSLClientImpl. The template class serves to abstract some functions not implemented in the Arduino Client interface (such as EthernetClient::remoteIP), and the implementation class is the rest of the SSLClient library.

          Other Features

          Logging

          -

          SSLClient also allows for changing the debugging level by adding an additional parameter to the constructor:

          {C++}
          SSLClient<EthernetClient> client(EthernetClient(), TAs, (size_t)2, A7, SSL_INFO);

          Logging is always outputted through the Arduino Serial interface, so you'll need to setup Serial before you can view the SSL logs. Log levels are enumerated in DebugLevel. The log level is set to SSL_WARN by default.

          +

          SSLClient also allows for changing the debugging level by adding an additional parameter to the constructor:

          {C++}
          EthernetClient baseClient;
          SSLClient client(baseClient, TAs, (size_t)2, A7, 1, SSLClient::SSL_INFO);

          Logging is always outputted through the Arduino Serial interface, so you'll need to setup Serial before you can view the SSL logs. Log levels are enumerated in ::DebugLevel. The log level is set to SSL_WARN by default.

          Errors

          -

          When SSLClient encounters an error, it will attempt to terminate the SSL session gracefully if possible, and then close the socket. Simple error information can be found from SSLClient::getWriteError(), which will return a value from the Error enum. For more detailed diagnostics, you can look at the serial logs, which will be displayed if the log level is at SSL_ERROR or lower.

          +

          When SSLClient encounters an error, it will attempt to terminate the SSL session gracefully if possible, and then close the socket. Simple error information can be found from SSLClient::getWriteError(), which will return a value from the ::Error enum. For more detailed diagnostics, you can look at the serial logs, which will be displayed if the log level is at SSL_ERROR or lower.

          Write Buffering

          -

          As you may have noticed in the documentation for SSLClient::write, calling this function does not actually write to the network. Instead, you must call SSLClient::available or SSLClient::flush, which will detect that the buffer is ready and write to the network (see SSLClient::write for details).

          -

          This was implemented as a buffered function because examples in Arduino libraries will often write to the network like so:

          {C++}
          EthernetClient client;
          // ...
          // connect to ardiuino.cc over ssl (port 443 for websites)
          client.connect("www.arduino.cc", 443);
          // ...
          // write an http request to the network
          client.write("GET /asciilogo.txt HTTP/1.1\r\n");
          client.write("Host: arduino.cc\r\n");
          client.write("Connection: close\r\n");
          // wait for response
          while (!client.available()) { /* ... */ }
          // ...

          Notice that every single write() call immediately writes to the network, which is fine with most network clients. With SSL, however, if we are encrypting and writing to the network every write() call, this will result in a lot of small encryption tasks. Encryption takes a lot of time and code, so to reduce the overhead of an SSL connection, SSLClient::write implicitly buffers until the developer states that they are waiting for data to be received with SSLClient::available. A simple example can be found below:

          -
          {C++}
          SSLClient<EthernetClient> client(EthernetClient(), TAs, 2, A7);
          // ...
          // connect to ardiuino.cc over ssl (port 443 for websites)
          client.connect("www.arduino.cc", 443);
          // ...
          // add http request to the buffer
          client.write("GET /asciilogo.txt HTTP/1.1\r\n");
          client.write("Host: arduino.cc\r\n");
          client.write("Connection: close\r\n");
          // write the bytes to the network, then wait for response
          while (!client.available()) { /* ... */ }
          // ...

          If you would like to trigger a network write manually without using the SSLClient::available, you can also call SSLClient::flush, which will write all data and return when finished.

          +

          As you may have noticed in the documentation for SSLClient::write, calling this function does not actually write to the network. Instead, you must call SSLClient::available or SSLClient::flush, which will detect that the buffer is ready and write to the network (see SSLClient::write for details).

          +

          This was implemented as a buffered function because examples in Arduino libraries will often write to the network like so:

          {C++}
          EthernetClient client;
          // ...
          // connect to ardiuino.cc over ssl (port 443 for websites)
          client.connect("www.arduino.cc", 443);
          // ...
          // write an http request to the network
          client.write("GET /asciilogo.txt HTTP/1.1\r\n");
          client.write("Host: arduino.cc\r\n");
          client.write("Connection: close\r\n");
          // wait for response
          while (!client.available()) { /* ... */ }
          // ...

          Notice that every single write() call immediately writes to the network, which is fine with most network clients. With SSL, however, if we are encrypting and writing to the network every write() call, this will result in a lot of small encryption tasks. Encryption takes a lot of time and code, so to reduce the overhead of an SSL connection, SSLClient::write implicitly buffers until the developer states that they are waiting for data to be received with SSLClient::available. A simple example can be found below:

          +
          {C++}
          EthernetClient baseClient;
          SSLClient client(baseClient, TAs, (size_t)2, A7);
          // ...
          // connect to ardiuino.cc over ssl (port 443 for websites)
          client.connect("www.arduino.cc", 443);
          // ...
          // add http request to the buffer
          client.write("GET /asciilogo.txt HTTP/1.1\r\n");
          client.write("Host: arduino.cc\r\n");
          client.write("Connection: close\r\n");
          // write the bytes to the network, then wait for response
          while (!client.available()) { /* ... */ }
          // ...

          If you would like to trigger a network write manually without using the SSLClient::available, you can also call SSLClient::flush, which will write all data and return when finished.

          Session Caching

          As detailed in the resources section, SSL handshakes take an extended period (1-4sec) to negotiate. To remedy this problem, BearSSL is able to keep a SSL session cache of the clients it has connected to. If BearSSL successfully resumes an SSL session, it can reduce connection time to 100-500ms.

          In order to use SSL session resumption:

            @@ -133,9 +133,9 @@ $(document).ready(function(){initNavTree('index.html','');});
          • You must reuse the same SSLClient object (SSL Sessions are stored in the object itself).
          • You must reconnect to the exact same server.
          -

          SSLClient automatically stores an IP address and hostname in each session, ensuring that if you call connect("www.google.com") SSLClient will use a IP address that recognizes the SSL session instead of another IP address associated with "www.google.com". However, because some websites have multiple servers on a single IP address (github.com being an example), you may find that even if you are connecting to the same host the connection does not resume. This is a flaw in the SSL session protocol — though it has been resolved in TLS 1.3, the lack of widespread adoption of the new protocol prevents it from being used here. SSL sessions can also expire based on server criteria, which will result in a standard 4-10 second connection.

          +

          SSLClient automatically stores an IP address and hostname in each session, ensuring that if you call connect("www.google.com") SSLClient will use the SSL session with that hostname. However, because some websites have multiple servers on a single IP address (github.com being an example), you may find that even if you are connecting to the same host the connection does not resume. This is a flaw in the SSL session protocol — though it has been resolved in TLS 1.3, the lack of widespread adoption of the new protocol prevents it from being used here. SSL sessions can also expire based on server criteria, which will result in a standard 4-10 second connection.

          You can test whether or not a website can resume SSL Sessions using the Session Example included with this library. Because of all the confounding factors of SSL Sessions, it is generally prudent while programming to assume the session will always fail to resume.

          -

          SSL sessions take a lot of memory to store, so by default SSLClient will only store one at a time. You can change this behavior by adding the following to your SSLClient declaration:

          {C++}
          SSLClient<EthernetClient, SomeNumber> client(EthernetClient(), TAs, 2, A7);

          Where SomeNumber is the number of sessions you would like to store. For example this declaration can store 3 sessions:

          {C++}
          SSLClient<EthernetClient, 3> client(EthernetClient(), TAs, 2, A7);

          Sessions are managed internally using the SSLSession::getSession function. This function will cycle through sessions in a rotating order, allowing the session cache to continually overwrite old sessions. In general, it is a good idea to use a SessionCache size equal to the number of domains you plan on connecting to.

          +

          SSL sessions take a lot of memory to store, so by default SSLClient will only store one at a time. You can change this behavior by adding the following to your SSLClient declaration:

          {C++}
          EthernetClient baseClient;
          SSLClient client(baseClient, TAs, (size_t)2, A7, SomeNumber);

          Where SomeNumber is the number of sessions you would like to store. For example this declaration can store 3 sessions:

          {C++}
          EthernetClient baseClient;
          SSLClient client(baseClient, TAs, (size_t)2, A7, 3);

          Sessions are managed internally using the SSLSession::getSession function. This function will cycle through sessions in a rotating order, allowing the session cache to continually overwrite old sessions. In general, it is a good idea to use a SessionCache size equal to the number of domains you plan on connecting to.

          If you need to clear a session, you can do so using the SSLSession::removeSession function.

          Implementation Gotchas

          Some ideas that didn't quite fit in the API documentation.

          @@ -143,7 +143,7 @@ $(document).ready(function(){initNavTree('index.html','');});

          If you are using the Arduino Ethernet library, you will need to modify the library to support the large buffer sizes required by SSL (detailed in resources). You can either modify the library yourself, or use this fork of the Ethernet library with the modification. To use the fork, simply install the library using the "add a .zip library" button in Arduino, and replace #include "Ethernet.h" with #include "EthernetLarge.h" in your sketch. Alternatively if for some reason this solution does not work, you can apply the modification using the instructions below.

          Manual Modification

          First find the location of the library in the directory where Arduino is installed (C:\Program Files (x86)\Arduino on Windows). Inside of this directory, navigate to libraries\Ethernet\src (C:\Program Files (x86)\Arduino\libraries\Ethernet\src on Windows). Modify Ethernet.h to replace these lines:

          {C++}
          ...
          // Configure the maximum number of sockets to support. W5100 chips can have
          // up to 4 sockets. W5200 & W5500 can have up to 8 sockets. Several bytes
          // of RAM are used for each socket. Reducing the maximum can save RAM, but
          // you are limited to fewer simultaneous connections.
          #if defined(RAMEND) && defined(RAMSTART) && ((RAMEND - RAMSTART) <= 2048)
          #define MAX_SOCK_NUM 4
          #else
          #define MAX_SOCK_NUM 8
          #endif
          // By default, each socket uses 2K buffers inside the Wiznet chip. If
          // MAX_SOCK_NUM is set to fewer than the chip's maximum, uncommenting
          // this will use larger buffers within the Wiznet chip. Large buffers
          // can really help with UDP protocols like Artnet. In theory larger
          // buffers should allow faster TCP over high-latency links, but this
          // does not always seem to work in practice (maybe Wiznet bugs?)
          //#define ETHERNET_LARGE_BUFFERS
          ...

          With this:

          {C++}
          ...
          // Configure the maximum number of sockets to support. W5100 chips can have
          // up to 4 sockets. W5200 & W5500 can have up to 8 sockets. Several bytes
          // of RAM are used for each socket. Reducing the maximum can save RAM, but
          // you are limited to fewer simultaneous connections.
          #define MAX_SOCK_NUM 2
          // By default, each socket uses 2K buffers inside the Wiznet chip. If
          // MAX_SOCK_NUM is set to fewer than the chip's maximum, uncommenting
          // this will use larger buffers within the Wiznet chip. Large buffers
          // can really help with UDP protocols like Artnet. In theory larger
          // buffers should allow faster TCP over high-latency links, but this
          // does not always seem to work in practice (maybe Wiznet bugs?)
          #define ETHERNET_LARGE_BUFFERS
          ...

          You may need to use sudo or administrator permissions to make this modification. We change MAX_SOCK_NUM and ETHERNET_LARGE_BUFFERS so the Ethernet hardware can allocate a larger space for SSLClient, however a downside of this modification is we are now only able to have two sockets concurrently. As most microprocessors barely have enough memory for one SSL connection, this limitation will rarely be encountered in practice.

          -

          Random Data

          +

          Seeding Random Data

          The SSL protocol requires that SSLClient generate some random bits before connecting with a server. BearSSL provides a random number generator but requires a some entropy for a seed. Normally this seed is generated by taking the microsecond time using the internal clock, however since most microcontrollers are not build with this feature another source must be found. As a simple solution, SSLClient uses a floating analog pin as an external source of random data, passed through to the constructor in the analog_pin argument. Before every connection, SSLClient will take the bottom byte from 16 analog reads on analog_pin, and combine these bytes into a 16 byte random number, which is used as a seed for BearSSL. To ensure the most random data, it is recommended that this analog pin be either floating or connected to a location not modifiable by the microcontroller (i.e. a battery voltage readout).

          Certificate Verification

          SSLClient uses BearSSL's minimal x509 verification engine to verify the certificate of an SSL connection. This engine requires the developer create a trust anchor array using values stored in trusted root certificates. Check out this document for more details on this component of SSLClient.

          @@ -151,7 +151,7 @@ $(document).ready(function(){initNavTree('index.html','');});

          Resources

          The SSL protocol recommends a device support many different encryption algorithms, as well as protocols for SSL itself. The complexity of both of those components results in many medium sized components forming an extremely large whole. Additionally, most embedded processors lack the sophisticated math hardware commonly found in a modern CPU, and as a result require more instructions to create the encryption algorithms SSL requires. This not only increases size but makes the algorithms slow and memory intensive.

          To illustrate this, I will run some tests on various domains below. I haven't yet, but I will.

          -

          If flash footprint is becoming a problem, there are numerous debugging strings (~3kb estimated) that can be removed from SSLClient.h, SSLClientImpl.h, and SSLClientImpl.cpp. I have not figured out a way to configure compilation of these strings, so you will need to modify the library to remove them yourself.

          +

          If flash footprint is becoming a problem, there are numerous debugging strings (~3kb estimated) that can be removed from SSLClient.h, SSLClientImpl.h, and SSLClientImpl.cpp. I have not figured out a way to configure compilation of these strings, so you will need to modify the library to remove them yourself.

          Read Buffer Overflow

          SSL is a buffered protocol, and since most microcontrollers have limited resources (see Resources), SSLClient is limited in the size of its buffers. A common problem I encountered with SSL connections is buffer overflow, caused by the server sending too much data at once. This problem is caused by the microcontroller being unable to copy and decrypt data faster than it is being received, forcing some data to be discarded. This usually puts BearSSL in an unrecoverable state, forcing SSLClient to close the connection with a write error. If you are experiencing frequent timeout problems, this could be the reason why.

          In order to remedy this problem, the device must be able to read the data faster than it is being received, or alternatively have a cache large enough to store the entire payload. Since SSL's encryption forces the device to read slowly, this means we must increase the cache size. Depending on your platform, there are a number of ways this can be done:

            @@ -161,7 +161,7 @@ $(document).ready(function(){initNavTree('index.html','');});
          • If none of the above are viable, it is possible to implement your own Client class which has an internal buffer much larger than both the driver and BearSSL. This would require in-depth knowledge of programming and the communication shield you are working with, as well as a microcontroller with a significant amount of RAM.

          Cipher Support

          -

          By default, SSLClient supports only TLS1.2 and the ciphers listed in this file under suites[], and the list is relatively small to keep the connection secure and the flash footprint down. These ciphers should work for most applications, however if for some reason you would like to use an older version of TLS or a different cipher, you can change the BearSSL profile being used by SSLClient to an alternate one with support for older protocols. To do this, edit SSLClientImpl::SSLClientImpl to change these lines:

          {C++}
          br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
          // comment the above line and uncomment the line below if you're having trouble connecting over SSL
          // br_ssl_client_init_full(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);

          to this:

          {C++}
          // br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
          // comment the above line and uncomment the line below if you're having trouble connecting over SSL
          br_ssl_client_init_full(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);

          If for some unfortunate reason you need SSL 3.0 or SSL 2.0, you will need to modify the BearSSL profile to enable support. Check out the BearSSL profiles documentation and I wish you the best of luck.

          +

          By default, SSLClient supports only TLS1.2 and the ciphers listed in this file under suites[], and the list is relatively small to keep the connection secure and the flash footprint down. These ciphers should work for most applications, however if for some reason you would like to use an older version of TLS or a different cipher, you can change the BearSSL profile being used by SSLClient to an alternate one with support for older protocols. To do this, edit SSLClientImpl::SSLClientImpl to change these lines:

          {C++}
          br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
          // comment the above line and uncomment the line below if you're having trouble connecting over SSL
          // br_ssl_client_init_full(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);

          to this:

          {C++}
          // br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
          // comment the above line and uncomment the line below if you're having trouble connecting over SSL
          br_ssl_client_init_full(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);

          If for some unfortunate reason you need SSL 3.0 or SSL 2.0, you will need to modify the BearSSL profile to enable support. Check out the BearSSL profiles documentation and I wish you the best of luck.

    diff --git a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html index b719965..d307879 100644 --- a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html +++ b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html @@ -92,7 +92,7 @@ $(document).ready(function(){initNavTree('md__c_1__users__noah__documents__ardui

    SSLClient uses BearSSL's minimal x509 verification engine to verify the certificate of an SSL connection. This engine requires the developer create a trust anchor array using values stored in trusted root certificates. In short, these trust anchor arrays allow BearSSL to verify that the server being connected to is who they say they are, and not someone malicious. You can read more about certificates and why they are important here.

    -

    SSLClient stores trust anchors in hardcoded constant variables, passed into SSLClient::SSLClient during setup. These constants are generally stored in their own header file as found in the BearSSL docs. This header file will look something like:

    {C++}
    #define TAs_NUM 1
    static const unsigned char TA_DN0[] = {
    // lots of raw bytes here
    // ...
    };
    static const unsigned char TA_RSA_N0[] = {
    // lots of raw bytes here
    //...
    };
    static const unsigned char TA_RSA_E0[] = {
    // 1-3 bytes here
    };
    static const br_x509_trust_anchor TAs[] = {
    {
    { (unsigned char *)TA_DN0, sizeof TA_DN0 },
    BR_X509_TA_CA,
    {
    BR_KEYTYPE_RSA,
    { .rsa = {
    (unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0,
    (unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0,
    } }
    }
    },
    };

    A full example of a trust anchor header can be found in this file. Full documentation for the format of these variables can be found in the BearSSL documentation for br_x509_trust_anchor.

    +

    SSLClient stores trust anchors in hardcoded constant variables, passed into SSLClient::SSLClient during setup. These constants are generally stored in their own header file as found in the BearSSL docs. This header file will look something like:

    {C++}
    #define TAs_NUM 1
    static const unsigned char TA_DN0[] = {
    // lots of raw bytes here
    // ...
    };
    static const unsigned char TA_RSA_N0[] = {
    // lots of raw bytes here
    //...
    };
    static const unsigned char TA_RSA_E0[] = {
    // 1-3 bytes here
    };
    static const br_x509_trust_anchor TAs[] = {
    {
    { (unsigned char *)TA_DN0, sizeof TA_DN0 },
    BR_X509_TA_CA,
    {
    BR_KEYTYPE_RSA,
    { .rsa = {
    (unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0,
    (unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0,
    } }
    }
    },
    };

    A full example of a trust anchor header can be found in this file. Full documentation for the format of these variables can be found in the BearSSL documentation for br_x509_trust_anchor.

    Generating Trust Anchors

    HTTPS

    For HTTPS, there a couple of tools you can use. Ordered from easiest to hardest:

      @@ -103,7 +103,7 @@ $(document).ready(function(){initNavTree('md__c_1__users__noah__documents__ardui

      Other Connections

      For other kinds of SSL connections, you will need to find the root certificate being used by your host. You can check out this StackExchange post for numerous methods of acquiring this certificate from a server. If these methods are not sufficient, you may need to request this certificate from your network administrator. Once you have the certificate, convert it to PEM format if needed (I use this website), and use the pycert_bearssl.py convert command to convert the certificate into a trust anchor header.

      Using Trust Anchors

      -

      Once you've generated a trust anchor array, add it to your Arduino sketch using the Sketch->Add File button in the Arduino IDE, and link it to your SSLClient like so:

      {C++}
      #include "yourtrustanchorfile.h"
      // ...
      SSLClient<SomeClientType> client(SomeClient, TAs, (size_t)TAs_NUM, SomePin);
      // ...

      Where yourtrustanchorfile.h contains a generated trust anchor array names TAs, with length TAs_NUM. BearSSL will now automatically use these trust anchors when SSLClient::connect is called.

      +

      Once you've generated a trust anchor array, add it to your Arduino sketch using the Sketch->Add File button in the Arduino IDE, and link it to your SSLClient like so:

      {C++}
      #include "yourtrustanchorfile.h"
      // ...
      SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin);
      // ...

      Where yourtrustanchorfile.h contains a generated trust anchor array names TAs, with length TAs_NUM. BearSSL will now automatically use these trust anchors when SSLClient::connect is called.

    diff --git a/docs/html/menudata.js b/docs/html/menudata.js index d7d7efc..529ffec 100644 --- a/docs/html/menudata.js +++ b/docs/html/menudata.js @@ -37,12 +37,11 @@ var menudata={children:[ {text:"All",url:"functions.html",children:[ {text:"a",url:"functions.html#index_a"}, {text:"c",url:"functions.html#index_c"}, +{text:"d",url:"functions.html#index_d"}, {text:"e",url:"functions.html#index_e"}, {text:"f",url:"functions.html#index_f"}, {text:"g",url:"functions.html#index_g"}, {text:"i",url:"functions.html#index_i"}, -{text:"l",url:"functions.html#index_l"}, -{text:"m",url:"functions.html#index_m"}, {text:"o",url:"functions.html#index_o"}, {text:"p",url:"functions.html#index_p"}, {text:"r",url:"functions.html#index_r"}, @@ -50,37 +49,14 @@ var menudata={children:[ {text:"t",url:"functions.html#index_t"}, {text:"v",url:"functions.html#index_v"}, {text:"w",url:"functions.html#index_w"}]}, -{text:"Functions",url:"functions_func.html",children:[ -{text:"a",url:"functions_func.html#index_a"}, -{text:"c",url:"functions_func.html#index_c"}, -{text:"f",url:"functions_func.html#index_f"}, -{text:"g",url:"functions_func.html#index_g"}, -{text:"i",url:"functions_func.html#index_i"}, -{text:"l",url:"functions_func.html#index_l"}, -{text:"m",url:"functions_func.html#index_m"}, -{text:"o",url:"functions_func.html#index_o"}, -{text:"p",url:"functions_func.html#index_p"}, -{text:"r",url:"functions_func.html#index_r"}, -{text:"s",url:"functions_func.html#index_s"}, -{text:"t",url:"functions_func.html#index_t"}, -{text:"w",url:"functions_func.html#index_w"}]}, -{text:"Variables",url:"functions_vars.html"}]}]}, +{text:"Functions",url:"functions_func.html"}, +{text:"Variables",url:"functions_vars.html"}, +{text:"Enumerations",url:"functions_enum.html"}, +{text:"Enumerator",url:"functions_eval.html"}]}]}, {text:"Files",url:"files.html",children:[ {text:"File List",url:"files.html"}, {text:"File Members",url:"globals.html",children:[ -{text:"All",url:"globals.html",children:[ -{text:"_",url:"globals.html#index__5F"}, -{text:"b",url:"globals.html#index_b"}, -{text:"c",url:"globals.html#index_c"}, -{text:"d",url:"globals.html#index_d"}, -{text:"e",url:"globals.html#index_e"}, -{text:"g",url:"globals.html#index_g"}, -{text:"p",url:"globals.html#index_p"}, -{text:"s",url:"globals.html#index_s"}, -{text:"t",url:"globals.html#index_t"}, -{text:"u",url:"globals.html#index_u"}]}, +{text:"All",url:"globals.html"}, {text:"Functions",url:"globals_func.html"}, {text:"Variables",url:"globals_vars.html"}, -{text:"Enumerations",url:"globals_enum.html"}, -{text:"Enumerator",url:"globals_eval.html"}, {text:"Macros",url:"globals_defs.html"}]}]}]} diff --git a/docs/html/navtreedata.js b/docs/html/navtreedata.js index c0fedb9..10bfff6 100644 --- a/docs/html/navtreedata.js +++ b/docs/html/navtreedata.js @@ -40,7 +40,9 @@ var NAVTREE = [ "Class Members", "functions.html", [ [ "All", "functions.html", null ], [ "Functions", "functions_func.html", null ], - [ "Variables", "functions_vars.html", null ] + [ "Variables", "functions_vars.html", null ], + [ "Enumerations", "functions_enum.html", null ], + [ "Enumerator", "functions_eval.html", null ] ] ] ] ], [ "Files", "files.html", [ @@ -49,8 +51,6 @@ var NAVTREE = [ "All", "globals.html", null ], [ "Functions", "globals_func.html", null ], [ "Variables", "globals_vars.html", null ], - [ "Enumerations", "globals_enum.html", null ], - [ "Enumerator", "globals_eval.html", null ], [ "Macros", "globals_defs.html", null ] ] ] ] ] @@ -59,7 +59,7 @@ var NAVTREE = var NAVTREEINDEX = [ -"_s_s_l_client_8h.html" +"_s_s_l_client_8cpp.html" ]; var SYNCONMSG = 'click to disable panel synchronisation'; diff --git a/docs/html/navtreeindex0.js b/docs/html/navtreeindex0.js index e9bd31d..5640f49 100644 --- a/docs/html/navtreeindex0.js +++ b/docs/html/navtreeindex0.js @@ -1,109 +1,59 @@ var NAVTREEINDEX0 = { -"_s_s_l_client_8h.html":[4,0,2,1], -"_s_s_l_client_8h.html#a0e14869de8f634ff2fb63826ae583569":[4,0,2,1,1], -"_s_s_l_client_8h_source.html":[4,0,2,1], -"_s_s_l_client_impl_8cpp.html":[4,0,2,2], -"_s_s_l_client_impl_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56":[4,0,2,2,0], -"_s_s_l_client_impl_8h.html":[4,0,2,3], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5":[4,0,2,3,2], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1218c16a5bf50589e0c498983851612c":[4,0,2,3,2,0], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d5f8248fac85f56b05d49c7cb53494b":[4,0,2,3,2,3], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d9afd51e0012e791f099657797c9aa9":[4,0,2,3,2,4], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5aaa79045423a355885738cd239dff6c2b":[4,0,2,3,2,1], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5adec799caf92b4fe2b6d2b362136f6ef6":[4,0,2,3,2,6], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afb90a695332a7c96044dc97c577ee3c3":[4,0,2,3,2,2], -"_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afd588a56dcccf4f6943defa7ab699afc":[4,0,2,3,2,5], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395":[4,0,2,3,1], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a86c8fdfc38831619d5ed73dff5b0911d":[4,0,2,3,1,2], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a8c0bb62be3d0e6bfe5ed2f7ebbed3d91":[4,0,2,3,1,3], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395ad3f9f0591dcabc4fac1222c462bf17ec":[4,0,2,3,1,1], -"_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395af16e73d8cce9a2c987bde5afe5524d7f":[4,0,2,3,1,0], -"_s_s_l_client_impl_8h_source.html":[4,0,2,3], -"_s_s_l_client_parameters_8h.html":[4,0,2,4], -"_s_s_l_client_parameters_8h_source.html":[4,0,2,4], -"_s_s_l_obj_8cpp.html":[4,0,2,5], -"_s_s_l_obj_8h.html":[4,0,2,6], -"_s_s_l_obj_8h.html#a9a58d01c9073b90f2b42c655828aea6d":[4,0,2,6,0], -"_s_s_l_obj_8h_source.html":[4,0,2,6], -"_s_s_l_session_8cpp.html":[4,0,2,7], -"_s_s_l_session_8h.html":[4,0,2,8], -"_s_s_l_session_8h_source.html":[4,0,2,8], -"_t_l_s12__only__profile_8c.html":[4,0,2,10], -"_t_l_s12__only__profile_8c.html#a32c8112a1c37ba21a05952eeefc435f3":[4,0,2,10,0], +"_s_s_l_client_8cpp.html":[4,0,2,1], +"_s_s_l_client_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56":[4,0,2,1,0], +"_s_s_l_client_8h.html":[4,0,2,2], +"_s_s_l_client_8h_source.html":[4,0,2,2], +"_s_s_l_client_parameters_8h.html":[4,0,2,3], +"_s_s_l_client_parameters_8h_source.html":[4,0,2,3], +"_s_s_l_obj_8cpp.html":[4,0,2,4], +"_s_s_l_obj_8h.html":[4,0,2,5], +"_s_s_l_obj_8h.html#a9a58d01c9073b90f2b42c655828aea6d":[4,0,2,5,0], +"_s_s_l_obj_8h_source.html":[4,0,2,5], +"_s_s_l_session_8h.html":[4,0,2,6], +"_s_s_l_session_8h_source.html":[4,0,2,6], +"_t_l_s12__only__profile_8c.html":[4,0,2,8], +"_t_l_s12__only__profile_8c.html#a32c8112a1c37ba21a05952eeefc435f3":[4,0,2,8,0], "annotated.html":[3,0], "cert_8h.html":[4,0,1,0], "cert_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[4,0,1,0,0], "cert_8h_source.html":[4,0,1,0], "class_s_s_l_client.html":[3,0,1], -"class_s_s_l_client.html#a16aa9765bd450dcbba21c598456f464f":[3,0,1,25], -"class_s_s_l_client.html#a18adfc074d6b8e996819d4beb4689cbd":[3,0,1,9], -"class_s_s_l_client.html#a25e4414ab0c9424d09592f9567a678dc":[3,0,1,4], -"class_s_s_l_client.html#a2d378fbb7b8f15a1691746572f9d95b1":[3,0,1,14], -"class_s_s_l_client.html#a2d71f00d6634092f50c5262ad25cdacd":[3,0,1,12], -"class_s_s_l_client.html#a2d8bf9b891151bc5b0b865d70cf9c086":[3,0,1,11], -"class_s_s_l_client.html#a2ee6a3134d07ca09cf61ee04d32c3d44":[3,0,1,5], -"class_s_s_l_client.html#a31742867b00bd8d130637af0935bacbd":[3,0,1,19], -"class_s_s_l_client.html#a353c875d17a85dbb7bfe10de155f3b52":[3,0,1,7], -"class_s_s_l_client.html#a4a2172aedfcc483ba2a256ad12148630":[3,0,1,2], -"class_s_s_l_client.html#a505bfb6831a45aebf58d84e3b89d4cfc":[3,0,1,17], -"class_s_s_l_client.html#a563c5f9829757075bf16742cffa4cf73":[3,0,1,13], -"class_s_s_l_client.html#a5974a5f8722a752f121af4fac498bb22":[3,0,1,23], -"class_s_s_l_client.html#a5b626703a24089dbb0480a9b6ddf348c":[3,0,1,24], -"class_s_s_l_client.html#a5d13fd2f32ee2ea65a1f3820f758e77e":[3,0,1,1], -"class_s_s_l_client.html#a5f40f8f4d26d21e14276c3e8162b62b9":[3,0,1,18], -"class_s_s_l_client.html#a6b8ff53c10fe34aab1dc2561410f70bb":[3,0,1,27], -"class_s_s_l_client.html#a6bcb7579ebc051c097acb794b95771a9":[3,0,1,28], -"class_s_s_l_client.html#a824b599264f893e1b206a9100bc52ee1":[3,0,1,15], -"class_s_s_l_client.html#a91c63e35f31652c20faa5b9be95984bf":[3,0,1,3], -"class_s_s_l_client.html#a9c5001bdfa75ccc0d93cc60dd872b38a":[3,0,1,6], -"class_s_s_l_client.html#a9e7769fed78825cf4723778f4b5aa3e9":[3,0,1,8], -"class_s_s_l_client.html#ad30db47248d78df7c12dedfb27f06529":[3,0,1,26], -"class_s_s_l_client.html#adab82ba09345fa070712d3124af30e1b":[3,0,1,16], -"class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0":[3,0,1,0], -"class_s_s_l_client.html#aedf2746cc35da596faf8322776c2118e":[3,0,1,20], -"class_s_s_l_client.html#af76a0df76834e0d0999dbf44c7c0a174":[3,0,1,22], -"class_s_s_l_client.html#afd0d4d2c98433d60897d8828d8047d41":[3,0,1,10], -"class_s_s_l_client.html#afd6d7ae798c05cf566b2eb5651dba795":[3,0,1,21], -"class_s_s_l_client_impl.html":[3,0,2], -"class_s_s_l_client_impl.html#a1b90e7df3a77eea5efb955cc15a17f7d":[3,0,2,21], -"class_s_s_l_client_impl.html#a20dd9a9794b95719e6f3df8cb39126e3":[3,0,2,7], -"class_s_s_l_client_impl.html#a21ab78a0917f74ae5383d688e1548788":[3,0,2,6], -"class_s_s_l_client_impl.html#a231b7b1bb2182cda1ed6e9d5ebf66afe":[3,0,2,22], -"class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b":[3,0,2,0], -"class_s_s_l_client_impl.html#a2bfb55bcde46d8d77a46bfe0f577bf3f":[3,0,2,20], -"class_s_s_l_client_impl.html#a2cf492a714cf787e54a17bb47cda43ed":[3,0,2,17], -"class_s_s_l_client_impl.html#a3b4cb1e9e510955078b83c9f84c0e18c":[3,0,2,15], -"class_s_s_l_client_impl.html#a44cfafd6f5cdcaa5dbac22961ab3a58b":[3,0,2,9], -"class_s_s_l_client_impl.html#a45a1967029784a2f0f3edc7f75a00117":[3,0,2,16], -"class_s_s_l_client_impl.html#a45f26385ee1975b12265943efb1ff0d5":[3,0,2,13], -"class_s_s_l_client_impl.html#a6baed094969874fb9d2bea3a00ecbee1":[3,0,2,25], -"class_s_s_l_client_impl.html#a6e701597178b81f10d0db671b81ab075":[3,0,2,19], -"class_s_s_l_client_impl.html#a807656f814f24cf6cd711e429b716c4d":[3,0,2,28], -"class_s_s_l_client_impl.html#a81eb5ede3a894f281ae586d463b624e6":[3,0,2,27], -"class_s_s_l_client_impl.html#a8314c7dab1d923db5624f8075a53e6ea":[3,0,2,1], -"class_s_s_l_client_impl.html#a8e2385522ec04b1ce70871d4de23db6b":[3,0,2,12], -"class_s_s_l_client_impl.html#a93cdb32491fc08b035e40f840ff2e8f5":[3,0,2,24], -"class_s_s_l_client_impl.html#a957984fa392550a7df86f758e9b14bfb":[3,0,2,5], -"class_s_s_l_client_impl.html#a9dd694f8e0e65624b103dc781a7744af":[3,0,2,26], -"class_s_s_l_client_impl.html#a9ee82ad492f2297bd7cd0835c0d4556f":[3,0,2,18], -"class_s_s_l_client_impl.html#aa5c14ecf301c268306946c85825e565b":[3,0,2,3], -"class_s_s_l_client_impl.html#ab1c8f30bd3669c15e07fa1522ede4336":[3,0,2,8], -"class_s_s_l_client_impl.html#ab4e38d4319ec504395d67d2ab21a639e":[3,0,2,11], -"class_s_s_l_client_impl.html#abe33c793ec37f11087651cf4e586569b":[3,0,2,2], -"class_s_s_l_client_impl.html#ace6652307ba028d67c7ddbc4103fa9b4":[3,0,2,10], -"class_s_s_l_client_impl.html#ada595ed8f11673a9180ef0b762949c83":[3,0,2,14], -"class_s_s_l_client_impl.html#ae6c947ad92979ab99364428004abbeba":[3,0,2,4], -"class_s_s_l_client_impl.html#ae97adc55212c1aa96880aac28dd71387":[3,0,2,23], -"class_s_s_l_session.html":[3,0,4], -"class_s_s_l_session.html#a0c36cee72cfa862b7d4b2f5c112d5076":[3,0,4,4], -"class_s_s_l_session.html#a2fa15ce0b7caae25dfb567954175257e":[3,0,4,6], -"class_s_s_l_session.html#a3305941fa615f7134526b718917716ee":[3,0,4,1], -"class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820":[3,0,4,2], -"class_s_s_l_session.html#a878e1e8788634c5c42778369fbf7bab0":[3,0,4,3], -"class_s_s_l_session.html#abb3f7bbe70e3a59f9ce492c55507f36f":[3,0,4,5], -"class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc":[3,0,4,7], -"class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb":[3,0,4,0], +"class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86":[3,0,1,18], +"class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86":[3,0,1,12], +"class_s_s_l_client.html#a0e775669b4a040fbd3f281dcbcd2de78":[3,0,1,3], +"class_s_s_l_client.html#a248a5152cc3c3e7666bf5443bfd57c90":[3,0,1,5], +"class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3":[3,0,1,9], +"class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b":[3,0,1,11], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6cea":[3,0,1,1], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa0a4f8af0226cf29ede8f6fe4a9047b08":[3,0,1,1,6], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa18dbddc0a3d4a94ee0f298fe55a06a94":[3,0,1,1,0], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016":[3,0,1,1,4], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5":[3,0,1,1,2], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd":[3,0,1,1,1], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaab8581e1172fbf15067d435706d3a03a8":[3,0,1,1,3], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaaf66f8d5f6601f9e7607b78bf7a07fc84":[3,0,1,1,5], +"class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95":[3,0,1,13], +"class_s_s_l_client.html#a5488f01ccfddfd9e41f54dfbda48bcae":[3,0,1,6], +"class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376":[3,0,1,2], +"class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d":[3,0,1,19], +"class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21":[3,0,1,8], +"class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29":[3,0,1,16], +"class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c":[3,0,1,7], +"class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3":[3,0,1,4], +"class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4":[3,0,1,15], +"class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe":[3,0,1,17], +"class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22":[3,0,1,10], +"class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb":[3,0,1,14], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1":[3,0,1,0], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a199742ec5c99c72d9cede1fda0f125c5":[3,0,1,0,1], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a24122d1e1bb724237f305a0b4a21ff75":[3,0,1,0,0], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a26f3e5f1481f3ea22ea4ab5370b0fa97":[3,0,1,0,2], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a8d5f7561f9cc0a2f3e5f362b02f4a5b2":[3,0,1,0,3], +"class_s_s_l_session.html":[3,0,3], +"class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74":[3,0,3,0], +"class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820":[3,0,3,1], +"class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc":[3,0,3,2], "classes.html":[3,1], "dir_386349f6a9bc1e2cd0767d257d5e5b91.html":[4,0,0,1], "dir_68267d1309a1af8e8297ef4c3efbcdba.html":[4,0,2], @@ -114,12 +64,12 @@ var NAVTREEINDEX0 = "ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab":[4,0,2,0,0], "files.html":[4,0], "functions.html":[3,3,0], +"functions_enum.html":[3,3,3], +"functions_eval.html":[3,3,4], "functions_func.html":[3,3,1], "functions_vars.html":[3,3,2], "globals.html":[4,1,0], -"globals_defs.html":[4,1,5], -"globals_enum.html":[4,1,3], -"globals_eval.html":[4,1,4], +"globals_defs.html":[4,1,3], "globals_func.html":[4,1,1], "globals_vars.html":[4,1,2], "hierarchy.html":[3,2], @@ -131,36 +81,36 @@ var NAVTREEINDEX0 = "namespacemembers_func.html":[2,1,1], "namespaces.html":[2,0], "pages.html":[], -"struct_s_s_l_client_parameters.html":[3,0,3], -"struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95":[3,0,3,1], -"struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2":[3,0,3,0], -"struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449":[3,0,3,2], +"struct_s_s_l_client_parameters.html":[3,0,2], +"struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95":[3,0,2,1], +"struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2":[3,0,2,0], +"struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449":[3,0,2,2], "structssl__pem__decode__state.html":[3,0,0], "structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3":[3,0,0,0], "structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9":[3,0,0,1], -"time__macros_8h.html":[4,0,2,9], -"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[4,0,2,9,19], -"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[4,0,2,9,14], -"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[4,0,2,9,1], -"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[4,0,2,9,20], -"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[4,0,2,9,16], -"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[4,0,2,9,4], -"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[4,0,2,9,15], -"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[4,0,2,9,13], -"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[4,0,2,9,5], -"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[4,0,2,9,8], -"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[4,0,2,9,0], -"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[4,0,2,9,6], -"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[4,0,2,9,18], -"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[4,0,2,9,12], -"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[4,0,2,9,11], -"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[4,0,2,9,2], -"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[4,0,2,9,7], -"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[4,0,2,9,17], -"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[4,0,2,9,3], -"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[4,0,2,9,9], -"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[4,0,2,9,10], -"time__macros_8h_source.html":[4,0,2,9], +"time__macros_8h.html":[4,0,2,7], +"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[4,0,2,7,19], +"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[4,0,2,7,14], +"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[4,0,2,7,1], +"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[4,0,2,7,20], +"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[4,0,2,7,16], +"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[4,0,2,7,4], +"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[4,0,2,7,15], +"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[4,0,2,7,13], +"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[4,0,2,7,5], +"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[4,0,2,7,8], +"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[4,0,2,7,0], +"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[4,0,2,7,6], +"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[4,0,2,7,18], +"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[4,0,2,7,12], +"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[4,0,2,7,11], +"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[4,0,2,7,2], +"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[4,0,2,7,7], +"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[4,0,2,7,17], +"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[4,0,2,7,3], +"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[4,0,2,7,9], +"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[4,0,2,7,10], +"time__macros_8h_source.html":[4,0,2,7], "trust__anchors_8h.html":[4,0,0,0,0], "trust__anchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[4,0,0,0,0,0], "trust__anchors_8h_source.html":[4,0,0,0,0], diff --git a/docs/html/search/all_0.js b/docs/html/search/all_0.js index e3a632e..312f869 100644 --- a/docs/html/search/all_0.js +++ b/docs/html/search/all_0.js @@ -1,6 +1,6 @@ var searchData= [ - ['_5f_5fbrkval',['__brkval',['../_s_s_l_client_impl_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56',1,'SSLClientImpl.cpp']]], + ['_5f_5fbrkval',['__brkval',['../_s_s_l_client_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56',1,'SSLClient.cpp']]], ['_5f_5ftime_5fdays_5f_5f',['__TIME_DAYS__',['../time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf',1,'time_macros.h']]], ['_5f_5ftime_5fhours_5f_5f',['__TIME_HOURS__',['../time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4',1,'time_macros.h']]], ['_5f_5ftime_5fminutes_5f_5f',['__TIME_MINUTES__',['../time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8',1,'time_macros.h']]], diff --git a/docs/html/search/all_1.js b/docs/html/search/all_1.js index 6e54ada..0728bc1 100644 --- a/docs/html/search/all_1.js +++ b/docs/html/search/all_1.js @@ -1,5 +1,4 @@ var searchData= [ - ['available',['available',['../class_s_s_l_client.html#a5d13fd2f32ee2ea65a1f3820f758e77e',1,'SSLClient']]], - ['available_5fimpl',['available_impl',['../class_s_s_l_client_impl.html#abe33c793ec37f11087651cf4e586569b',1,'SSLClientImpl']]] + ['available',['available',['../class_s_s_l_client.html#a0e775669b4a040fbd3f281dcbcd2de78',1,'SSLClient']]] ]; diff --git a/docs/html/search/all_10.js b/docs/html/search/all_10.js index a658122..a18bd2a 100644 --- a/docs/html/search/all_10.js +++ b/docs/html/search/all_10.js @@ -1,5 +1,4 @@ var searchData= [ - ['unix_5ftimestamp',['UNIX_TIMESTAMP',['../time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487',1,'time_macros.h']]], - ['unix_5ftimestamp_5futc',['UNIX_TIMESTAMP_UTC',['../time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3',1,'time_macros.h']]] + ['vect',['vect',['../structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9',1,'ssl_pem_decode_state']]] ]; diff --git a/docs/html/search/all_11.js b/docs/html/search/all_11.js index a18bd2a..451bfc6 100644 --- a/docs/html/search/all_11.js +++ b/docs/html/search/all_11.js @@ -1,4 +1,4 @@ var searchData= [ - ['vect',['vect',['../structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9',1,'ssl_pem_decode_state']]] + ['write',['write',['../class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86',1,'SSLClient::write(const uint8_t *buf, size_t size) override'],['../class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d',1,'SSLClient::write(uint8_t b) override']]] ]; diff --git a/docs/html/search/all_3.js b/docs/html/search/all_3.js index e6f18e0..13385d1 100644 --- a/docs/html/search/all_3.js +++ b/docs/html/search/all_3.js @@ -2,12 +2,9 @@ var searchData= [ ['cert_2eh',['cert.h',['../cert_8h.html',1,'']]], ['chain_5flen',['chain_len',['../struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2',1,'SSLClientParameters']]], - ['clear_5fparameters',['clear_parameters',['../class_s_s_l_session.html#a3305941fa615f7134526b718917716ee',1,'SSLSession']]], ['client_5fcert_5fchain',['client_cert_chain',['../struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95',1,'SSLClientParameters']]], - ['connect',['connect',['../class_s_s_l_client.html#a4a2172aedfcc483ba2a256ad12148630',1,'SSLClient::connect(IPAddress ip, uint16_t port) override'],['../class_s_s_l_client.html#a91c63e35f31652c20faa5b9be95984bf',1,'SSLClient::connect(const char *host, uint16_t port) override']]], - ['connect_5fimpl',['connect_impl',['../class_s_s_l_client_impl.html#aa5c14ecf301c268306946c85825e565b',1,'SSLClientImpl::connect_impl(IPAddress ip, uint16_t port)'],['../class_s_s_l_client_impl.html#ae6c947ad92979ab99364428004abbeba',1,'SSLClientImpl::connect_impl(const char *host, uint16_t port)']]], - ['connected',['connected',['../class_s_s_l_client.html#a25e4414ab0c9424d09592f9567a678dc',1,'SSLClient']]], - ['connected_5fimpl',['connected_impl',['../class_s_s_l_client_impl.html#a957984fa392550a7df86f758e9b14bfb',1,'SSLClientImpl']]], + ['connect',['connect',['../class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3',1,'SSLClient::connect(IPAddress ip, uint16_t port) override'],['../class_s_s_l_client.html#a248a5152cc3c3e7666bf5443bfd57c90',1,'SSLClient::connect(const char *host, uint16_t port) override']]], + ['connected',['connected',['../class_s_s_l_client.html#a5488f01ccfddfd9e41f54dfbda48bcae',1,'SSLClient']]], ['conv_5fstr2dec_5f1',['CONV_STR2DEC_1',['../time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a',1,'time_macros.h']]], ['conv_5fstr2dec_5f2',['CONV_STR2DEC_2',['../time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3',1,'time_macros.h']]], ['conv_5fstr2dec_5f3',['CONV_STR2DEC_3',['../time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4',1,'time_macros.h']]], diff --git a/docs/html/search/all_4.js b/docs/html/search/all_4.js index a3cc239..1630eb3 100644 --- a/docs/html/search/all_4.js +++ b/docs/html/search/all_4.js @@ -1,4 +1,4 @@ var searchData= [ - ['debuglevel',['DebugLevel',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395',1,'SSLClientImpl.h']]] + ['debuglevel',['DebugLevel',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1',1,'SSLClient']]] ]; diff --git a/docs/html/search/all_5.js b/docs/html/search/all_5.js index e49278d..143336e 100644 --- a/docs/html/search/all_5.js +++ b/docs/html/search/all_5.js @@ -2,5 +2,5 @@ var searchData= [ ['ec_5fkey',['ec_key',['../struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449',1,'SSLClientParameters']]], ['ec_5fprime_5ffast_5f256_2ec',['ec_prime_fast_256.c',['../ec__prime__fast__256_8c.html',1,'']]], - ['error',['Error',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5',1,'SSLClientImpl.h']]] + ['error',['Error',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6cea',1,'SSLClient']]] ]; diff --git a/docs/html/search/all_6.js b/docs/html/search/all_6.js index 3dc70e4..47e3882 100644 --- a/docs/html/search/all_6.js +++ b/docs/html/search/all_6.js @@ -1,5 +1,4 @@ var searchData= [ - ['flush',['flush',['../class_s_s_l_client.html#a2ee6a3134d07ca09cf61ee04d32c3d44',1,'SSLClient']]], - ['flush_5fimpl',['flush_impl',['../class_s_s_l_client_impl.html#a21ab78a0917f74ae5383d688e1548788',1,'SSLClientImpl']]] + ['flush',['flush',['../class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c',1,'SSLClient']]] ]; diff --git a/docs/html/search/all_7.js b/docs/html/search/all_7.js index fcf2600..48ec004 100644 --- a/docs/html/search/all_7.js +++ b/docs/html/search/all_7.js @@ -1,12 +1,8 @@ var searchData= [ - ['get_5farduino_5fclient',['get_arduino_client',['../class_s_s_l_client.html#a9c5001bdfa75ccc0d93cc60dd872b38a',1,'SSLClient::get_arduino_client() override'],['../class_s_s_l_client.html#a353c875d17a85dbb7bfe10de155f3b52',1,'SSLClient::get_arduino_client() const override'],['../class_s_s_l_client_impl.html#a20dd9a9794b95719e6f3df8cb39126e3',1,'SSLClientImpl::get_arduino_client()=0'],['../class_s_s_l_client_impl.html#ab1c8f30bd3669c15e07fa1522ede4336',1,'SSLClientImpl::get_arduino_client() const =0']]], ['get_5fhostname',['get_hostname',['../class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820',1,'SSLSession']]], - ['get_5fip',['get_ip',['../class_s_s_l_session.html#a878e1e8788634c5c42778369fbf7bab0',1,'SSLSession']]], ['get_5fmonth',['GET_MONTH',['../time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994',1,'time_macros.h']]], - ['get_5fsession_5farray',['get_session_array',['../class_s_s_l_client.html#a9e7769fed78825cf4723778f4b5aa3e9',1,'SSLClient::get_session_array() override'],['../class_s_s_l_client.html#a18adfc074d6b8e996819d4beb4689cbd',1,'SSLClient::get_session_array() const override'],['../class_s_s_l_client_impl.html#a44cfafd6f5cdcaa5dbac22961ab3a58b',1,'SSLClientImpl::get_session_array()=0'],['../class_s_s_l_client_impl.html#ace6652307ba028d67c7ddbc4103fa9b4',1,'SSLClientImpl::get_session_array() const =0']]], - ['get_5fsession_5fimpl',['get_session_impl',['../class_s_s_l_client_impl.html#ab4e38d4319ec504395d67d2ab21a639e',1,'SSLClientImpl']]], - ['getclient',['getClient',['../class_s_s_l_client.html#afd0d4d2c98433d60897d8828d8047d41',1,'SSLClient']]], - ['getsession',['getSession',['../class_s_s_l_client.html#a2d8bf9b891151bc5b0b865d70cf9c086',1,'SSLClient']]], - ['getsessioncount',['getSessionCount',['../class_s_s_l_client.html#a2d71f00d6634092f50c5262ad25cdacd',1,'SSLClient::getSessionCount()'],['../class_s_s_l_client_impl.html#a8e2385522ec04b1ce70871d4de23db6b',1,'SSLClientImpl::getSessionCount()']]] + ['getclient',['getClient',['../class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21',1,'SSLClient']]], + ['getsession',['getSession',['../class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3',1,'SSLClient']]], + ['getsessioncount',['getSessionCount',['../class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22',1,'SSLClient']]] ]; diff --git a/docs/html/search/all_8.js b/docs/html/search/all_8.js index c29a2f2..2d07945 100644 --- a/docs/html/search/all_8.js +++ b/docs/html/search/all_8.js @@ -1,5 +1,4 @@ var searchData= [ - ['index',['index',['../structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3',1,'ssl_pem_decode_state']]], - ['is_5fvalid_5fsession',['is_valid_session',['../class_s_s_l_session.html#a0c36cee72cfa862b7d4b2f5c112d5076',1,'SSLSession']]] + ['index',['index',['../structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3',1,'ssl_pem_decode_state']]] ]; diff --git a/docs/html/search/all_9.js b/docs/html/search/all_9.js index 0773563..e4f8b0f 100644 --- a/docs/html/search/all_9.js +++ b/docs/html/search/all_9.js @@ -1,4 +1,4 @@ var searchData= [ - ['localport',['localPort',['../class_s_s_l_client.html#a563c5f9829757075bf16742cffa4cf73',1,'SSLClient::localPort()'],['../class_s_s_l_client_impl.html#a45f26385ee1975b12265943efb1ff0d5',1,'SSLClientImpl::localPort()']]] + ['make_5fvector_5fpem',['make_vector_pem',['../namespace_s_s_l_obj.html#a9a58d01c9073b90f2b42c655828aea6d',1,'SSLObj']]] ]; diff --git a/docs/html/search/all_a.js b/docs/html/search/all_a.js index f9c2b25..0aecf24 100644 --- a/docs/html/search/all_a.js +++ b/docs/html/search/all_a.js @@ -1,11 +1,4 @@ var searchData= [ - ['m_5ferror',['m_error',['../class_s_s_l_client_impl.html#ada595ed8f11673a9180ef0b762949c83',1,'SSLClientImpl']]], - ['m_5finfo',['m_info',['../class_s_s_l_client_impl.html#a3b4cb1e9e510955078b83c9f84c0e18c',1,'SSLClientImpl']]], - ['m_5fprint',['m_print',['../class_s_s_l_client_impl.html#a45a1967029784a2f0f3edc7f75a00117',1,'SSLClientImpl']]], - ['m_5fprint_5fbr_5ferror',['m_print_br_error',['../class_s_s_l_client_impl.html#a2cf492a714cf787e54a17bb47cda43ed',1,'SSLClientImpl']]], - ['m_5fprint_5fprefix',['m_print_prefix',['../class_s_s_l_client_impl.html#a9ee82ad492f2297bd7cd0835c0d4556f',1,'SSLClientImpl']]], - ['m_5fprint_5fssl_5ferror',['m_print_ssl_error',['../class_s_s_l_client_impl.html#a6e701597178b81f10d0db671b81ab075',1,'SSLClientImpl']]], - ['m_5fwarn',['m_warn',['../class_s_s_l_client_impl.html#a2bfb55bcde46d8d77a46bfe0f577bf3f',1,'SSLClientImpl']]], - ['make_5fvector_5fpem',['make_vector_pem',['../namespace_s_s_l_obj.html#a9a58d01c9073b90f2b42c655828aea6d',1,'SSLObj']]] + ['operator_20bool',['operator bool',['../class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b',1,'SSLClient']]] ]; diff --git a/docs/html/search/all_b.js b/docs/html/search/all_b.js index d7f8a71..95f21a7 100644 --- a/docs/html/search/all_b.js +++ b/docs/html/search/all_b.js @@ -1,7 +1,5 @@ var searchData= [ - ['operator_20bool',['operator bool',['../class_s_s_l_client.html#a2d378fbb7b8f15a1691746572f9d95b1',1,'SSLClient']]], - ['operator_21_3d',['operator!=',['../class_s_s_l_client.html#a824b599264f893e1b206a9100bc52ee1',1,'SSLClient::operator!=(const bool value)'],['../class_s_s_l_client.html#adab82ba09345fa070712d3124af30e1b',1,'SSLClient::operator!=(const C &rhs)']]], - ['operator_3d',['operator=',['../class_s_s_l_session.html#abb3f7bbe70e3a59f9ce492c55507f36f',1,'SSLSession']]], - ['operator_3d_3d',['operator==',['../class_s_s_l_client.html#a505bfb6831a45aebf58d84e3b89d4cfc',1,'SSLClient::operator==(const bool value)'],['../class_s_s_l_client.html#a5f40f8f4d26d21e14276c3e8162b62b9',1,'SSLClient::operator==(const C &rhs)']]] + ['peek',['peek',['../class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86',1,'SSLClient']]], + ['pst_5foffset',['PST_OFFSET',['../time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb',1,'time_macros.h']]] ]; diff --git a/docs/html/search/all_c.js b/docs/html/search/all_c.js index 6de2fa7..3e07012 100644 --- a/docs/html/search/all_c.js +++ b/docs/html/search/all_c.js @@ -1,6 +1,6 @@ var searchData= [ - ['peek',['peek',['../class_s_s_l_client.html#a31742867b00bd8d130637af0935bacbd',1,'SSLClient']]], - ['peek_5fimpl',['peek_impl',['../class_s_s_l_client_impl.html#a1b90e7df3a77eea5efb955cc15a17f7d',1,'SSLClientImpl']]], - ['pst_5foffset',['PST_OFFSET',['../time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb',1,'time_macros.h']]] + ['read',['read',['../class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95',1,'SSLClient::read(uint8_t *buf, size_t size) override'],['../class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb',1,'SSLClient::read() override']]], + ['readme_2emd',['README.md',['../_r_e_a_d_m_e_8md.html',1,'']]], + ['removesession',['removeSession',['../class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4',1,'SSLClient']]] ]; diff --git a/docs/html/search/all_d.js b/docs/html/search/all_d.js index 6283be9..cf50882 100644 --- a/docs/html/search/all_d.js +++ b/docs/html/search/all_d.js @@ -1,10 +1,32 @@ var searchData= [ - ['read',['read',['../class_s_s_l_client.html#aedf2746cc35da596faf8322776c2118e',1,'SSLClient::read() override'],['../class_s_s_l_client.html#afd6d7ae798c05cf566b2eb5651dba795',1,'SSLClient::read(uint8_t *buf, size_t size) override']]], - ['read_5fimpl',['read_impl',['../class_s_s_l_client_impl.html#a231b7b1bb2182cda1ed6e9d5ebf66afe',1,'SSLClientImpl']]], - ['readme_2emd',['README.md',['../_r_e_a_d_m_e_8md.html',1,'']]], - ['remoteip',['remoteIP',['../class_s_s_l_client.html#af76a0df76834e0d0999dbf44c7c0a174',1,'SSLClient::remoteIP()'],['../class_s_s_l_client_impl.html#ae97adc55212c1aa96880aac28dd71387',1,'SSLClientImpl::remoteIP()']]], - ['remoteport',['remotePort',['../class_s_s_l_client.html#a5974a5f8722a752f121af4fac498bb22',1,'SSLClient::remotePort()'],['../class_s_s_l_client_impl.html#a93cdb32491fc08b035e40f840ff2e8f5',1,'SSLClientImpl::remotePort()']]], - ['remove_5fsession_5fimpl',['remove_session_impl',['../class_s_s_l_client_impl.html#a6baed094969874fb9d2bea3a00ecbee1',1,'SSLClientImpl']]], - ['removesession',['removeSession',['../class_s_s_l_client.html#a5b626703a24089dbb0480a9b6ddf348c',1,'SSLClient']]] + ['sslclient_20_2d_20arduino_20library_20for_20ssl',['SSLClient - Arduino Library For SSL',['../index.html',1,'']]], + ['sec_5fper_5fday',['SEC_PER_DAY',['../time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2',1,'time_macros.h']]], + ['sec_5fper_5fhour',['SEC_PER_HOUR',['../time__macros_8h.html#a2d540510d5860d7f190d13124956bc57',1,'time_macros.h']]], + ['sec_5fper_5fmin',['SEC_PER_MIN',['../time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76',1,'time_macros.h']]], + ['sec_5fper_5fyear',['SEC_PER_YEAR',['../time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9',1,'time_macros.h']]], + ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29',1,'SSLClient']]], + ['ssl_5fbr_5fconnect_5ffail',['SSL_BR_CONNECT_FAIL',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5',1,'SSLClient']]], + ['ssl_5fbr_5fwrite_5ferror',['SSL_BR_WRITE_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016',1,'SSLClient']]], + ['ssl_5fclient_5fconnect_5ffail',['SSL_CLIENT_CONNECT_FAIL',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd',1,'SSLClient']]], + ['ssl_5fclient_5fwrtie_5ferror',['SSL_CLIENT_WRTIE_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaab8581e1172fbf15067d435706d3a03a8',1,'SSLClient']]], + ['ssl_5ferror',['SSL_ERROR',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a199742ec5c99c72d9cede1fda0f125c5',1,'SSLClient']]], + ['ssl_5finfo',['SSL_INFO',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a8d5f7561f9cc0a2f3e5f362b02f4a5b2',1,'SSLClient']]], + ['ssl_5finternal_5ferror',['SSL_INTERNAL_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaaf66f8d5f6601f9e7607b78bf7a07fc84',1,'SSLClient']]], + ['ssl_5fnone',['SSL_NONE',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a24122d1e1bb724237f305a0b4a21ff75',1,'SSLClient']]], + ['ssl_5fok',['SSL_OK',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa18dbddc0a3d4a94ee0f298fe55a06a94',1,'SSLClient']]], + ['ssl_5fout_5fof_5fmemory',['SSL_OUT_OF_MEMORY',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa0a4f8af0226cf29ede8f6fe4a9047b08',1,'SSLClient']]], + ['ssl_5fpem_5fdecode_5fstate',['ssl_pem_decode_state',['../structssl__pem__decode__state.html',1,'']]], + ['ssl_5fwarn',['SSL_WARN',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a26f3e5f1481f3ea22ea4ab5370b0fa97',1,'SSLClient']]], + ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'SSLClient'],['../class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376',1,'SSLClient::SSLClient()']]], + ['sslclient_2ecpp',['SSLClient.cpp',['../_s_s_l_client_8cpp.html',1,'']]], + ['sslclient_2eh',['SSLClient.h',['../_s_s_l_client_8h.html',1,'']]], + ['sslclientparameters',['SSLClientParameters',['../struct_s_s_l_client_parameters.html',1,'']]], + ['sslclientparameters_2eh',['SSLClientParameters.h',['../_s_s_l_client_parameters_8h.html',1,'']]], + ['sslobj',['SSLObj',['../namespace_s_s_l_obj.html',1,'']]], + ['sslobj_2ecpp',['SSLObj.cpp',['../_s_s_l_obj_8cpp.html',1,'']]], + ['sslobj_2eh',['SSLObj.h',['../_s_s_l_obj_8h.html',1,'']]], + ['sslsession',['SSLSession',['../class_s_s_l_session.html',1,'SSLSession'],['../class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74',1,'SSLSession::SSLSession()']]], + ['sslsession_2eh',['SSLSession.h',['../_s_s_l_session_8h.html',1,'']]], + ['stop',['stop',['../class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe',1,'SSLClient']]] ]; diff --git a/docs/html/search/all_e.js b/docs/html/search/all_e.js index 0383728..45a40de 100644 --- a/docs/html/search/all_e.js +++ b/docs/html/search/all_e.js @@ -1,39 +1,11 @@ var searchData= [ - ['sslclient_20_2d_20arduino_20library_20for_20ssl',['SSLClient - Arduino Library For SSL',['../index.html',1,'']]], - ['sec_5fper_5fday',['SEC_PER_DAY',['../time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2',1,'time_macros.h']]], - ['sec_5fper_5fhour',['SEC_PER_HOUR',['../time__macros_8h.html#a2d540510d5860d7f190d13124956bc57',1,'time_macros.h']]], - ['sec_5fper_5fmin',['SEC_PER_MIN',['../time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76',1,'time_macros.h']]], - ['sec_5fper_5fyear',['SEC_PER_YEAR',['../time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9',1,'time_macros.h']]], - ['set_5fmutual_5fimpl',['set_mutual_impl',['../class_s_s_l_client_impl.html#a9dd694f8e0e65624b103dc781a7744af',1,'SSLClientImpl']]], - ['set_5fparameters',['set_parameters',['../class_s_s_l_session.html#a2fa15ce0b7caae25dfb567954175257e',1,'SSLSession']]], - ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#a16aa9765bd450dcbba21c598456f464f',1,'SSLClient']]], - ['ssl_5fbr_5fconnect_5ffail',['SSL_BR_CONNECT_FAIL',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afb90a695332a7c96044dc97c577ee3c3',1,'SSLClientImpl.h']]], - ['ssl_5fbr_5fwrite_5ferror',['SSL_BR_WRITE_ERROR',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d9afd51e0012e791f099657797c9aa9',1,'SSLClientImpl.h']]], - ['ssl_5fclient_5fconnect_5ffail',['SSL_CLIENT_CONNECT_FAIL',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5aaa79045423a355885738cd239dff6c2b',1,'SSLClientImpl.h']]], - ['ssl_5fclient_5fwrtie_5ferror',['SSL_CLIENT_WRTIE_ERROR',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d5f8248fac85f56b05d49c7cb53494b',1,'SSLClientImpl.h']]], - ['ssl_5ferror',['SSL_ERROR',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395ad3f9f0591dcabc4fac1222c462bf17ec',1,'SSLClientImpl.h']]], - ['ssl_5finfo',['SSL_INFO',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a8c0bb62be3d0e6bfe5ed2f7ebbed3d91',1,'SSLClientImpl.h']]], - ['ssl_5finternal_5ferror',['SSL_INTERNAL_ERROR',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afd588a56dcccf4f6943defa7ab699afc',1,'SSLClientImpl.h']]], - ['ssl_5fnone',['SSL_NONE',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395af16e73d8cce9a2c987bde5afe5524d7f',1,'SSLClientImpl.h']]], - ['ssl_5fok',['SSL_OK',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1218c16a5bf50589e0c498983851612c',1,'SSLClientImpl.h']]], - ['ssl_5fout_5fof_5fmemory',['SSL_OUT_OF_MEMORY',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5adec799caf92b4fe2b6d2b362136f6ef6',1,'SSLClientImpl.h']]], - ['ssl_5fpem_5fdecode_5fstate',['ssl_pem_decode_state',['../structssl__pem__decode__state.html',1,'']]], - ['ssl_5fwarn',['SSL_WARN',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a86c8fdfc38831619d5ed73dff5b0911d',1,'SSLClientImpl.h']]], - ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'SSLClient< C, SessionCache >'],['../class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0',1,'SSLClient::SSLClient()']]], - ['sslclient_2eh',['SSLClient.h',['../_s_s_l_client_8h.html',1,'']]], - ['sslclient_5fh_5f',['SSLClient_H_',['../_s_s_l_client_8h.html#a0e14869de8f634ff2fb63826ae583569',1,'SSLClient.h']]], - ['sslclientimpl',['SSLClientImpl',['../class_s_s_l_client_impl.html',1,'SSLClientImpl'],['../class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)'],['../class_s_s_l_client_impl.html#a8314c7dab1d923db5624f8075a53e6ea',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)']]], - ['sslclientimpl_2ecpp',['SSLClientImpl.cpp',['../_s_s_l_client_impl_8cpp.html',1,'']]], - ['sslclientimpl_2eh',['SSLClientImpl.h',['../_s_s_l_client_impl_8h.html',1,'']]], - ['sslclientparameters',['SSLClientParameters',['../struct_s_s_l_client_parameters.html',1,'']]], - ['sslclientparameters_2eh',['SSLClientParameters.h',['../_s_s_l_client_parameters_8h.html',1,'']]], - ['sslobj',['SSLObj',['../namespace_s_s_l_obj.html',1,'']]], - ['sslobj_2ecpp',['SSLObj.cpp',['../_s_s_l_obj_8cpp.html',1,'']]], - ['sslobj_2eh',['SSLObj.h',['../_s_s_l_obj_8h.html',1,'']]], - ['sslsession',['SSLSession',['../class_s_s_l_session.html',1,'SSLSession'],['../class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb',1,'SSLSession::SSLSession()']]], - ['sslsession_2ecpp',['SSLSession.cpp',['../_s_s_l_session_8cpp.html',1,'']]], - ['sslsession_2eh',['SSLSession.h',['../_s_s_l_session_8h.html',1,'']]], - ['stop',['stop',['../class_s_s_l_client.html#ad30db47248d78df7c12dedfb27f06529',1,'SSLClient']]], - ['stop_5fimpl',['stop_impl',['../class_s_s_l_client_impl.html#a81eb5ede3a894f281ae586d463b624e6',1,'SSLClientImpl']]] + ['trust_20anchors',['Trust Anchors',['../md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html',1,'']]], + ['tas_5fnum',['TAs_NUM',['../trust__anchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948',1,'TAs_NUM(): trust_anchors.h'],['../trustanchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948',1,'TAs_NUM(): trustanchors.h'],['../cert_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948',1,'TAs_NUM(): cert.h']]], + ['time_5fmacros_2eh',['time_macros.h',['../time__macros_8h.html',1,'']]], + ['tls12_5fonly_5fprofile_2ec',['TLS12_only_profile.c',['../_t_l_s12__only__profile_8c.html',1,'']]], + ['to_5fbr_5fsession',['to_br_session',['../class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc',1,'SSLSession']]], + ['trust_5fanchors_2eh',['trust_anchors.h',['../trust__anchors_8h.html',1,'']]], + ['trustanchors_2eh',['trustanchors.h',['../trustanchors_8h.html',1,'']]], + ['trustanchors_2emd',['TrustAnchors.md',['../_trust_anchors_8md.html',1,'']]] ]; diff --git a/docs/html/search/all_f.js b/docs/html/search/all_f.js index 45a40de..a658122 100644 --- a/docs/html/search/all_f.js +++ b/docs/html/search/all_f.js @@ -1,11 +1,5 @@ var searchData= [ - ['trust_20anchors',['Trust Anchors',['../md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html',1,'']]], - ['tas_5fnum',['TAs_NUM',['../trust__anchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948',1,'TAs_NUM(): trust_anchors.h'],['../trustanchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948',1,'TAs_NUM(): trustanchors.h'],['../cert_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948',1,'TAs_NUM(): cert.h']]], - ['time_5fmacros_2eh',['time_macros.h',['../time__macros_8h.html',1,'']]], - ['tls12_5fonly_5fprofile_2ec',['TLS12_only_profile.c',['../_t_l_s12__only__profile_8c.html',1,'']]], - ['to_5fbr_5fsession',['to_br_session',['../class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc',1,'SSLSession']]], - ['trust_5fanchors_2eh',['trust_anchors.h',['../trust__anchors_8h.html',1,'']]], - ['trustanchors_2eh',['trustanchors.h',['../trustanchors_8h.html',1,'']]], - ['trustanchors_2emd',['TrustAnchors.md',['../_trust_anchors_8md.html',1,'']]] + ['unix_5ftimestamp',['UNIX_TIMESTAMP',['../time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487',1,'time_macros.h']]], + ['unix_5ftimestamp_5futc',['UNIX_TIMESTAMP_UTC',['../time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3',1,'time_macros.h']]] ]; diff --git a/docs/html/search/classes_0.js b/docs/html/search/classes_0.js index f951cf3..81431f8 100644 --- a/docs/html/search/classes_0.js +++ b/docs/html/search/classes_0.js @@ -2,7 +2,6 @@ var searchData= [ ['ssl_5fpem_5fdecode_5fstate',['ssl_pem_decode_state',['../structssl__pem__decode__state.html',1,'']]], ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'']]], - ['sslclientimpl',['SSLClientImpl',['../class_s_s_l_client_impl.html',1,'']]], ['sslclientparameters',['SSLClientParameters',['../struct_s_s_l_client_parameters.html',1,'']]], ['sslsession',['SSLSession',['../class_s_s_l_session.html',1,'']]] ]; diff --git a/docs/html/search/defines_4.js b/docs/html/search/defines_4.js index 2572f0d..1c7ae85 100644 --- a/docs/html/search/defines_4.js +++ b/docs/html/search/defines_4.js @@ -3,6 +3,5 @@ var searchData= ['sec_5fper_5fday',['SEC_PER_DAY',['../time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2',1,'time_macros.h']]], ['sec_5fper_5fhour',['SEC_PER_HOUR',['../time__macros_8h.html#a2d540510d5860d7f190d13124956bc57',1,'time_macros.h']]], ['sec_5fper_5fmin',['SEC_PER_MIN',['../time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76',1,'time_macros.h']]], - ['sec_5fper_5fyear',['SEC_PER_YEAR',['../time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9',1,'time_macros.h']]], - ['sslclient_5fh_5f',['SSLClient_H_',['../_s_s_l_client_8h.html#a0e14869de8f634ff2fb63826ae583569',1,'SSLClient.h']]] + ['sec_5fper_5fyear',['SEC_PER_YEAR',['../time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9',1,'time_macros.h']]] ]; diff --git a/docs/html/search/enums_0.js b/docs/html/search/enums_0.js index a3cc239..1630eb3 100644 --- a/docs/html/search/enums_0.js +++ b/docs/html/search/enums_0.js @@ -1,4 +1,4 @@ var searchData= [ - ['debuglevel',['DebugLevel',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395',1,'SSLClientImpl.h']]] + ['debuglevel',['DebugLevel',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1',1,'SSLClient']]] ]; diff --git a/docs/html/search/enums_1.js b/docs/html/search/enums_1.js index 212a9a9..2f4b1da 100644 --- a/docs/html/search/enums_1.js +++ b/docs/html/search/enums_1.js @@ -1,4 +1,4 @@ var searchData= [ - ['error',['Error',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5',1,'SSLClientImpl.h']]] + ['error',['Error',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6cea',1,'SSLClient']]] ]; diff --git a/docs/html/search/enumvalues_0.js b/docs/html/search/enumvalues_0.js index 0dc67d2..0455a1a 100644 --- a/docs/html/search/enumvalues_0.js +++ b/docs/html/search/enumvalues_0.js @@ -1,14 +1,14 @@ var searchData= [ - ['ssl_5fbr_5fconnect_5ffail',['SSL_BR_CONNECT_FAIL',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afb90a695332a7c96044dc97c577ee3c3',1,'SSLClientImpl.h']]], - ['ssl_5fbr_5fwrite_5ferror',['SSL_BR_WRITE_ERROR',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d9afd51e0012e791f099657797c9aa9',1,'SSLClientImpl.h']]], - ['ssl_5fclient_5fconnect_5ffail',['SSL_CLIENT_CONNECT_FAIL',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5aaa79045423a355885738cd239dff6c2b',1,'SSLClientImpl.h']]], - ['ssl_5fclient_5fwrtie_5ferror',['SSL_CLIENT_WRTIE_ERROR',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1d5f8248fac85f56b05d49c7cb53494b',1,'SSLClientImpl.h']]], - ['ssl_5ferror',['SSL_ERROR',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395ad3f9f0591dcabc4fac1222c462bf17ec',1,'SSLClientImpl.h']]], - ['ssl_5finfo',['SSL_INFO',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a8c0bb62be3d0e6bfe5ed2f7ebbed3d91',1,'SSLClientImpl.h']]], - ['ssl_5finternal_5ferror',['SSL_INTERNAL_ERROR',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5afd588a56dcccf4f6943defa7ab699afc',1,'SSLClientImpl.h']]], - ['ssl_5fnone',['SSL_NONE',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395af16e73d8cce9a2c987bde5afe5524d7f',1,'SSLClientImpl.h']]], - ['ssl_5fok',['SSL_OK',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5a1218c16a5bf50589e0c498983851612c',1,'SSLClientImpl.h']]], - ['ssl_5fout_5fof_5fmemory',['SSL_OUT_OF_MEMORY',['../_s_s_l_client_impl_8h.html#a2c3e4bb40f36b262a5214e2da2bca9c5adec799caf92b4fe2b6d2b362136f6ef6',1,'SSLClientImpl.h']]], - ['ssl_5fwarn',['SSL_WARN',['../_s_s_l_client_impl_8h.html#ab658e6d84759440dbf3c890446075395a86c8fdfc38831619d5ed73dff5b0911d',1,'SSLClientImpl.h']]] + ['ssl_5fbr_5fconnect_5ffail',['SSL_BR_CONNECT_FAIL',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5',1,'SSLClient']]], + ['ssl_5fbr_5fwrite_5ferror',['SSL_BR_WRITE_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016',1,'SSLClient']]], + ['ssl_5fclient_5fconnect_5ffail',['SSL_CLIENT_CONNECT_FAIL',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd',1,'SSLClient']]], + ['ssl_5fclient_5fwrtie_5ferror',['SSL_CLIENT_WRTIE_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaab8581e1172fbf15067d435706d3a03a8',1,'SSLClient']]], + ['ssl_5ferror',['SSL_ERROR',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a199742ec5c99c72d9cede1fda0f125c5',1,'SSLClient']]], + ['ssl_5finfo',['SSL_INFO',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a8d5f7561f9cc0a2f3e5f362b02f4a5b2',1,'SSLClient']]], + ['ssl_5finternal_5ferror',['SSL_INTERNAL_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaaf66f8d5f6601f9e7607b78bf7a07fc84',1,'SSLClient']]], + ['ssl_5fnone',['SSL_NONE',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a24122d1e1bb724237f305a0b4a21ff75',1,'SSLClient']]], + ['ssl_5fok',['SSL_OK',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa18dbddc0a3d4a94ee0f298fe55a06a94',1,'SSLClient']]], + ['ssl_5fout_5fof_5fmemory',['SSL_OUT_OF_MEMORY',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa0a4f8af0226cf29ede8f6fe4a9047b08',1,'SSLClient']]], + ['ssl_5fwarn',['SSL_WARN',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a26f3e5f1481f3ea22ea4ab5370b0fa97',1,'SSLClient']]] ]; diff --git a/docs/html/search/files_3.js b/docs/html/search/files_3.js index 4b15112..212b513 100644 --- a/docs/html/search/files_3.js +++ b/docs/html/search/files_3.js @@ -1,11 +1,9 @@ var searchData= [ + ['sslclient_2ecpp',['SSLClient.cpp',['../_s_s_l_client_8cpp.html',1,'']]], ['sslclient_2eh',['SSLClient.h',['../_s_s_l_client_8h.html',1,'']]], - ['sslclientimpl_2ecpp',['SSLClientImpl.cpp',['../_s_s_l_client_impl_8cpp.html',1,'']]], - ['sslclientimpl_2eh',['SSLClientImpl.h',['../_s_s_l_client_impl_8h.html',1,'']]], ['sslclientparameters_2eh',['SSLClientParameters.h',['../_s_s_l_client_parameters_8h.html',1,'']]], ['sslobj_2ecpp',['SSLObj.cpp',['../_s_s_l_obj_8cpp.html',1,'']]], ['sslobj_2eh',['SSLObj.h',['../_s_s_l_obj_8h.html',1,'']]], - ['sslsession_2ecpp',['SSLSession.cpp',['../_s_s_l_session_8cpp.html',1,'']]], ['sslsession_2eh',['SSLSession.h',['../_s_s_l_session_8h.html',1,'']]] ]; diff --git a/docs/html/search/functions_0.js b/docs/html/search/functions_0.js index 6e54ada..0728bc1 100644 --- a/docs/html/search/functions_0.js +++ b/docs/html/search/functions_0.js @@ -1,5 +1,4 @@ var searchData= [ - ['available',['available',['../class_s_s_l_client.html#a5d13fd2f32ee2ea65a1f3820f758e77e',1,'SSLClient']]], - ['available_5fimpl',['available_impl',['../class_s_s_l_client_impl.html#abe33c793ec37f11087651cf4e586569b',1,'SSLClientImpl']]] + ['available',['available',['../class_s_s_l_client.html#a0e775669b4a040fbd3f281dcbcd2de78',1,'SSLClient']]] ]; diff --git a/docs/html/search/functions_2.js b/docs/html/search/functions_2.js index 47de2ad..171bc1c 100644 --- a/docs/html/search/functions_2.js +++ b/docs/html/search/functions_2.js @@ -1,8 +1,5 @@ var searchData= [ - ['clear_5fparameters',['clear_parameters',['../class_s_s_l_session.html#a3305941fa615f7134526b718917716ee',1,'SSLSession']]], - ['connect',['connect',['../class_s_s_l_client.html#a4a2172aedfcc483ba2a256ad12148630',1,'SSLClient::connect(IPAddress ip, uint16_t port) override'],['../class_s_s_l_client.html#a91c63e35f31652c20faa5b9be95984bf',1,'SSLClient::connect(const char *host, uint16_t port) override']]], - ['connect_5fimpl',['connect_impl',['../class_s_s_l_client_impl.html#aa5c14ecf301c268306946c85825e565b',1,'SSLClientImpl::connect_impl(IPAddress ip, uint16_t port)'],['../class_s_s_l_client_impl.html#ae6c947ad92979ab99364428004abbeba',1,'SSLClientImpl::connect_impl(const char *host, uint16_t port)']]], - ['connected',['connected',['../class_s_s_l_client.html#a25e4414ab0c9424d09592f9567a678dc',1,'SSLClient']]], - ['connected_5fimpl',['connected_impl',['../class_s_s_l_client_impl.html#a957984fa392550a7df86f758e9b14bfb',1,'SSLClientImpl']]] + ['connect',['connect',['../class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3',1,'SSLClient::connect(IPAddress ip, uint16_t port) override'],['../class_s_s_l_client.html#a248a5152cc3c3e7666bf5443bfd57c90',1,'SSLClient::connect(const char *host, uint16_t port) override']]], + ['connected',['connected',['../class_s_s_l_client.html#a5488f01ccfddfd9e41f54dfbda48bcae',1,'SSLClient']]] ]; diff --git a/docs/html/search/functions_3.js b/docs/html/search/functions_3.js index 3dc70e4..47e3882 100644 --- a/docs/html/search/functions_3.js +++ b/docs/html/search/functions_3.js @@ -1,5 +1,4 @@ var searchData= [ - ['flush',['flush',['../class_s_s_l_client.html#a2ee6a3134d07ca09cf61ee04d32c3d44',1,'SSLClient']]], - ['flush_5fimpl',['flush_impl',['../class_s_s_l_client_impl.html#a21ab78a0917f74ae5383d688e1548788',1,'SSLClientImpl']]] + ['flush',['flush',['../class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c',1,'SSLClient']]] ]; diff --git a/docs/html/search/functions_4.js b/docs/html/search/functions_4.js index 18508ae..d68b4de 100644 --- a/docs/html/search/functions_4.js +++ b/docs/html/search/functions_4.js @@ -1,11 +1,7 @@ var searchData= [ - ['get_5farduino_5fclient',['get_arduino_client',['../class_s_s_l_client.html#a9c5001bdfa75ccc0d93cc60dd872b38a',1,'SSLClient::get_arduino_client() override'],['../class_s_s_l_client.html#a353c875d17a85dbb7bfe10de155f3b52',1,'SSLClient::get_arduino_client() const override'],['../class_s_s_l_client_impl.html#a20dd9a9794b95719e6f3df8cb39126e3',1,'SSLClientImpl::get_arduino_client()=0'],['../class_s_s_l_client_impl.html#ab1c8f30bd3669c15e07fa1522ede4336',1,'SSLClientImpl::get_arduino_client() const =0']]], ['get_5fhostname',['get_hostname',['../class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820',1,'SSLSession']]], - ['get_5fip',['get_ip',['../class_s_s_l_session.html#a878e1e8788634c5c42778369fbf7bab0',1,'SSLSession']]], - ['get_5fsession_5farray',['get_session_array',['../class_s_s_l_client.html#a9e7769fed78825cf4723778f4b5aa3e9',1,'SSLClient::get_session_array() override'],['../class_s_s_l_client.html#a18adfc074d6b8e996819d4beb4689cbd',1,'SSLClient::get_session_array() const override'],['../class_s_s_l_client_impl.html#a44cfafd6f5cdcaa5dbac22961ab3a58b',1,'SSLClientImpl::get_session_array()=0'],['../class_s_s_l_client_impl.html#ace6652307ba028d67c7ddbc4103fa9b4',1,'SSLClientImpl::get_session_array() const =0']]], - ['get_5fsession_5fimpl',['get_session_impl',['../class_s_s_l_client_impl.html#ab4e38d4319ec504395d67d2ab21a639e',1,'SSLClientImpl']]], - ['getclient',['getClient',['../class_s_s_l_client.html#afd0d4d2c98433d60897d8828d8047d41',1,'SSLClient']]], - ['getsession',['getSession',['../class_s_s_l_client.html#a2d8bf9b891151bc5b0b865d70cf9c086',1,'SSLClient']]], - ['getsessioncount',['getSessionCount',['../class_s_s_l_client.html#a2d71f00d6634092f50c5262ad25cdacd',1,'SSLClient::getSessionCount()'],['../class_s_s_l_client_impl.html#a8e2385522ec04b1ce70871d4de23db6b',1,'SSLClientImpl::getSessionCount()']]] + ['getclient',['getClient',['../class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21',1,'SSLClient']]], + ['getsession',['getSession',['../class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3',1,'SSLClient']]], + ['getsessioncount',['getSessionCount',['../class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22',1,'SSLClient']]] ]; diff --git a/docs/html/search/functions_5.js b/docs/html/search/functions_5.js index 7fdc7da..e4f8b0f 100644 --- a/docs/html/search/functions_5.js +++ b/docs/html/search/functions_5.js @@ -1,4 +1,4 @@ var searchData= [ - ['is_5fvalid_5fsession',['is_valid_session',['../class_s_s_l_session.html#a0c36cee72cfa862b7d4b2f5c112d5076',1,'SSLSession']]] + ['make_5fvector_5fpem',['make_vector_pem',['../namespace_s_s_l_obj.html#a9a58d01c9073b90f2b42c655828aea6d',1,'SSLObj']]] ]; diff --git a/docs/html/search/functions_6.js b/docs/html/search/functions_6.js index 0773563..0aecf24 100644 --- a/docs/html/search/functions_6.js +++ b/docs/html/search/functions_6.js @@ -1,4 +1,4 @@ var searchData= [ - ['localport',['localPort',['../class_s_s_l_client.html#a563c5f9829757075bf16742cffa4cf73',1,'SSLClient::localPort()'],['../class_s_s_l_client_impl.html#a45f26385ee1975b12265943efb1ff0d5',1,'SSLClientImpl::localPort()']]] + ['operator_20bool',['operator bool',['../class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b',1,'SSLClient']]] ]; diff --git a/docs/html/search/functions_7.js b/docs/html/search/functions_7.js index f9c2b25..53b8b47 100644 --- a/docs/html/search/functions_7.js +++ b/docs/html/search/functions_7.js @@ -1,11 +1,4 @@ var searchData= [ - ['m_5ferror',['m_error',['../class_s_s_l_client_impl.html#ada595ed8f11673a9180ef0b762949c83',1,'SSLClientImpl']]], - ['m_5finfo',['m_info',['../class_s_s_l_client_impl.html#a3b4cb1e9e510955078b83c9f84c0e18c',1,'SSLClientImpl']]], - ['m_5fprint',['m_print',['../class_s_s_l_client_impl.html#a45a1967029784a2f0f3edc7f75a00117',1,'SSLClientImpl']]], - ['m_5fprint_5fbr_5ferror',['m_print_br_error',['../class_s_s_l_client_impl.html#a2cf492a714cf787e54a17bb47cda43ed',1,'SSLClientImpl']]], - ['m_5fprint_5fprefix',['m_print_prefix',['../class_s_s_l_client_impl.html#a9ee82ad492f2297bd7cd0835c0d4556f',1,'SSLClientImpl']]], - ['m_5fprint_5fssl_5ferror',['m_print_ssl_error',['../class_s_s_l_client_impl.html#a6e701597178b81f10d0db671b81ab075',1,'SSLClientImpl']]], - ['m_5fwarn',['m_warn',['../class_s_s_l_client_impl.html#a2bfb55bcde46d8d77a46bfe0f577bf3f',1,'SSLClientImpl']]], - ['make_5fvector_5fpem',['make_vector_pem',['../namespace_s_s_l_obj.html#a9a58d01c9073b90f2b42c655828aea6d',1,'SSLObj']]] + ['peek',['peek',['../class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86',1,'SSLClient']]] ]; diff --git a/docs/html/search/functions_8.js b/docs/html/search/functions_8.js index d7f8a71..c66bc46 100644 --- a/docs/html/search/functions_8.js +++ b/docs/html/search/functions_8.js @@ -1,7 +1,5 @@ var searchData= [ - ['operator_20bool',['operator bool',['../class_s_s_l_client.html#a2d378fbb7b8f15a1691746572f9d95b1',1,'SSLClient']]], - ['operator_21_3d',['operator!=',['../class_s_s_l_client.html#a824b599264f893e1b206a9100bc52ee1',1,'SSLClient::operator!=(const bool value)'],['../class_s_s_l_client.html#adab82ba09345fa070712d3124af30e1b',1,'SSLClient::operator!=(const C &rhs)']]], - ['operator_3d',['operator=',['../class_s_s_l_session.html#abb3f7bbe70e3a59f9ce492c55507f36f',1,'SSLSession']]], - ['operator_3d_3d',['operator==',['../class_s_s_l_client.html#a505bfb6831a45aebf58d84e3b89d4cfc',1,'SSLClient::operator==(const bool value)'],['../class_s_s_l_client.html#a5f40f8f4d26d21e14276c3e8162b62b9',1,'SSLClient::operator==(const C &rhs)']]] + ['read',['read',['../class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95',1,'SSLClient::read(uint8_t *buf, size_t size) override'],['../class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb',1,'SSLClient::read() override']]], + ['removesession',['removeSession',['../class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4',1,'SSLClient']]] ]; diff --git a/docs/html/search/functions_9.js b/docs/html/search/functions_9.js index ceddcf3..5e05068 100644 --- a/docs/html/search/functions_9.js +++ b/docs/html/search/functions_9.js @@ -1,5 +1,7 @@ var searchData= [ - ['peek',['peek',['../class_s_s_l_client.html#a31742867b00bd8d130637af0935bacbd',1,'SSLClient']]], - ['peek_5fimpl',['peek_impl',['../class_s_s_l_client_impl.html#a1b90e7df3a77eea5efb955cc15a17f7d',1,'SSLClientImpl']]] + ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29',1,'SSLClient']]], + ['sslclient',['SSLClient',['../class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376',1,'SSLClient']]], + ['sslsession',['SSLSession',['../class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74',1,'SSLSession']]], + ['stop',['stop',['../class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe',1,'SSLClient']]] ]; diff --git a/docs/html/search/functions_a.js b/docs/html/search/functions_a.js index 6e82845..96d95c1 100644 --- a/docs/html/search/functions_a.js +++ b/docs/html/search/functions_a.js @@ -1,9 +1,4 @@ var searchData= [ - ['read',['read',['../class_s_s_l_client.html#aedf2746cc35da596faf8322776c2118e',1,'SSLClient::read() override'],['../class_s_s_l_client.html#afd6d7ae798c05cf566b2eb5651dba795',1,'SSLClient::read(uint8_t *buf, size_t size) override']]], - ['read_5fimpl',['read_impl',['../class_s_s_l_client_impl.html#a231b7b1bb2182cda1ed6e9d5ebf66afe',1,'SSLClientImpl']]], - ['remoteip',['remoteIP',['../class_s_s_l_client.html#af76a0df76834e0d0999dbf44c7c0a174',1,'SSLClient::remoteIP()'],['../class_s_s_l_client_impl.html#ae97adc55212c1aa96880aac28dd71387',1,'SSLClientImpl::remoteIP()']]], - ['remoteport',['remotePort',['../class_s_s_l_client.html#a5974a5f8722a752f121af4fac498bb22',1,'SSLClient::remotePort()'],['../class_s_s_l_client_impl.html#a93cdb32491fc08b035e40f840ff2e8f5',1,'SSLClientImpl::remotePort()']]], - ['remove_5fsession_5fimpl',['remove_session_impl',['../class_s_s_l_client_impl.html#a6baed094969874fb9d2bea3a00ecbee1',1,'SSLClientImpl']]], - ['removesession',['removeSession',['../class_s_s_l_client.html#a5b626703a24089dbb0480a9b6ddf348c',1,'SSLClient']]] + ['to_5fbr_5fsession',['to_br_session',['../class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc',1,'SSLSession']]] ]; diff --git a/docs/html/search/functions_b.js b/docs/html/search/functions_b.js index 750a591..451bfc6 100644 --- a/docs/html/search/functions_b.js +++ b/docs/html/search/functions_b.js @@ -1,11 +1,4 @@ var searchData= [ - ['set_5fmutual_5fimpl',['set_mutual_impl',['../class_s_s_l_client_impl.html#a9dd694f8e0e65624b103dc781a7744af',1,'SSLClientImpl']]], - ['set_5fparameters',['set_parameters',['../class_s_s_l_session.html#a2fa15ce0b7caae25dfb567954175257e',1,'SSLSession']]], - ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#a16aa9765bd450dcbba21c598456f464f',1,'SSLClient']]], - ['sslclient',['SSLClient',['../class_s_s_l_client.html#ae9a7509bc8a18f67e286547c19deb3c0',1,'SSLClient']]], - ['sslclientimpl',['SSLClientImpl',['../class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug)'],['../class_s_s_l_client_impl.html#a8314c7dab1d923db5624f8075a53e6ea',1,'SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const DebugLevel debug, const SSLClientParameters *mutual_auth_params)']]], - ['sslsession',['SSLSession',['../class_s_s_l_session.html#ae05648200cea66577f024d5d09a6fcbb',1,'SSLSession']]], - ['stop',['stop',['../class_s_s_l_client.html#ad30db47248d78df7c12dedfb27f06529',1,'SSLClient']]], - ['stop_5fimpl',['stop_impl',['../class_s_s_l_client_impl.html#a81eb5ede3a894f281ae586d463b624e6',1,'SSLClientImpl']]] + ['write',['write',['../class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86',1,'SSLClient::write(const uint8_t *buf, size_t size) override'],['../class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d',1,'SSLClient::write(uint8_t b) override']]] ]; diff --git a/docs/html/search/searchdata.js b/docs/html/search/searchdata.js index 5109317..cec0612 100644 --- a/docs/html/search/searchdata.js +++ b/docs/html/search/searchdata.js @@ -1,10 +1,10 @@ var indexSectionsWithContent = { - 0: "_abcdefgilmoprstuvw", + 0: "_abcdefgimoprstuvw", 1: "s", 2: "s", 3: "cerst", - 4: "abcfgilmoprstw", + 4: "abcfgmoprstw", 5: "_bceiv", 6: "de", 7: "s", diff --git a/docs/html/search/variables_0.js b/docs/html/search/variables_0.js index 3adb20a..631745b 100644 --- a/docs/html/search/variables_0.js +++ b/docs/html/search/variables_0.js @@ -1,4 +1,4 @@ var searchData= [ - ['_5f_5fbrkval',['__brkval',['../_s_s_l_client_impl_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56',1,'SSLClientImpl.cpp']]] + ['_5f_5fbrkval',['__brkval',['../_s_s_l_client_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56',1,'SSLClient.cpp']]] ]; diff --git a/docs/html/struct_s_s_l_client_parameters.html b/docs/html/struct_s_s_l_client_parameters.html index e5f31db..47d8224 100644 --- a/docs/html/struct_s_s_l_client_parameters.html +++ b/docs/html/struct_s_s_l_client_parameters.html @@ -113,7 +113,7 @@ Public Attributes

    Detailed Description

    This struct stores data required for SSLClient to use mutual authentication.

    SSLClientParameters.h

    -

    This file contains a simple utility class to store parameters about an SSL Session for reuse later.This file contains a simple struct to package together all the data required to use client certificate authentication with SSLClient.TLS mutual authentication is a process in which both the server and client perform cryptographic operations to verify the authenticity of eachother, for more information check out this article: https://medium.com/sitewards/the-magic-of-tls-x509-and-mutual-authentication-explained-b2162dec4401 . If this struct is provided to SSLClient::SSLClient, SSLClient will automatically send a client certificate if one is requested by the server. This will happen for all SSLClient connections, and may cause issues for websites that do not need mutual authentication— as a result, please only turn on mutual authentication if you are sure it is neccesary.

    +

    This file contains a simple utility class to store parameters about an SSL Session for reuse later.This file contains a simple struct to package together all the data required to use client certificate authentication with SSLClient.TLS mutual authentication is a process in which both the server and client perform cryptographic operations to verify the authenticity of eachother, for more information check out this article: https://medium.com/sitewards/the-magic-of-tls-x509-and-mutual-authentication-explained-b2162dec4401 . If this struct is provided to SSLClient::SSLClient, SSLClient will automatically send a client certificate if one is requested by the server. This will happen for all SSLClient connections, and may cause issues for websites that do not need mutual authentication— as a result, please only turn on mutual authentication if you are sure it is neccesary.

    At the moment SSLClient only supports mutual authentication using ECC client certificates.

    Member Data Documentation

    From 26b175844e7534fc8dfaaf54fac77703c686ec41 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 11 Nov 2019 12:18:58 -0800 Subject: [PATCH 031/141] Fixed a bug causing a buffer overflow in the WiFi101 library --- src/SSLClient.cpp | 4 ++-- src/SSLClient.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/SSLClient.cpp b/src/SSLClient.cpp index 783609a..87c4ea5 100644 --- a/src/SSLClient.cpp +++ b/src/SSLClient.cpp @@ -563,7 +563,7 @@ unsigned SSLClient::m_update_engine() { unsigned char * buf = br_ssl_engine_recvrec_buf(&m_sslctx.eng, &len); // do we have the record you're looking for? const auto avail = get_arduino_client().available(); - if (avail > 0 && static_cast(avail) >= len) { + if (avail > 0) { int mem = freeMemory(); #if defined(ARDUINO_ARCH_SAMD) // check for a stack overflow @@ -590,7 +590,7 @@ unsigned SSLClient::m_update_engine() { return 0; } // I suppose so! - int rlen = get_arduino_client().read(buf, len); + int rlen = get_arduino_client().read(buf, avail < len ? avail : len); if (rlen <= 0) { m_error("Error reading bytes from m_client. Write Error: ", func_name); m_error(get_arduino_client().getWriteError(), func_name); diff --git a/src/SSLClient.h b/src/SSLClient.h index 89954cb..1891f4f 100644 --- a/src/SSLClient.h +++ b/src/SSLClient.h @@ -407,7 +407,7 @@ private: //============================================ //= Data Members //============================================ - // create a copy of the client + // create a reference the client Client& m_client; // also store an array of SSLSessions, so we can resume communication with multiple websites std::vector m_sessions; From 957e09c3d3024e0b4d85fdffdc51849db90e7d9c Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 11 Nov 2019 12:26:24 -0800 Subject: [PATCH 032/141] remove quotes from API key --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 5084d9a..a3f3154 100644 --- a/.travis.yml +++ b/.travis.yml @@ -43,7 +43,7 @@ before_deploy: - zip -r SSLClient.zip . deploy: provider: releases - api_key: "$GITHUB_TOKEN" + api_key: $GITHUB_TOKEN file: "SSLClient.zip" skip_cleanup: true on: From 58a551aa385234b731a3f6f4c3d3bd645dbce2ac Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 11 Nov 2019 15:02:37 -0800 Subject: [PATCH 033/141] prevent conflict with SSLClient errors and common other client write errors --- src/SSLClient.cpp | 1 - src/SSLClient.h | 12 ++++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/SSLClient.cpp b/src/SSLClient.cpp index 87c4ea5..428e275 100644 --- a/src/SSLClient.cpp +++ b/src/SSLClient.cpp @@ -109,7 +109,6 @@ int SSLClient::connect(const char *host, uint16_t port) { m_error("Cannot have two connections at the same time! Please create another SSLClient instance.", func_name); return -1; } - m_info("Client not connected, continuing...", func_name); // reset indexs for saftey m_write_idx = 0; // first, if we have a session, check if we're trying to resolve the same host diff --git a/src/SSLClient.h b/src/SSLClient.h index 1891f4f..17c91d4 100644 --- a/src/SSLClient.h +++ b/src/SSLClient.h @@ -45,17 +45,17 @@ public: enum Error { SSL_OK = 0, /** The underlying client failed to connect, probably not an issue with SSL */ - SSL_CLIENT_CONNECT_FAIL, + SSL_CLIENT_CONNECT_FAIL = 2, /** BearSSL failed to complete the SSL handshake, check logs for bear ssl error output */ - SSL_BR_CONNECT_FAIL, + SSL_BR_CONNECT_FAIL = 3, /** The underlying client failed to write a payload, probably not an issue with SSL */ - SSL_CLIENT_WRTIE_ERROR, + SSL_CLIENT_WRTIE_ERROR = 4, /** An internal error occurred with BearSSL, check logs for diagnosis. */ - SSL_BR_WRITE_ERROR, + SSL_BR_WRITE_ERROR = 5, /** An internal error occurred with SSLClient, and you probably need to submit an issue on Github. */ - SSL_INTERNAL_ERROR, + SSL_INTERNAL_ERROR = 6, /** SSLClient detected that there was not enough memory (>8000 bytes) to continue. */ - SSL_OUT_OF_MEMORY + SSL_OUT_OF_MEMORY = 7 }; /** From 42a39222ef7cd7d48de1e9d03dbcbeba2fcab193 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Tue, 12 Nov 2019 11:46:23 -0800 Subject: [PATCH 034/141] bump version --- docs/html/_r_e_a_d_m_e_8md.html | 2 +- docs/html/_s_s_l_client_8cpp.html | 2 +- docs/html/_s_s_l_client_8h.html | 2 +- docs/html/_s_s_l_client_8h_source.html | 20 +++++++++---------- docs/html/_s_s_l_client_parameters_8h.html | 2 +- .../_s_s_l_client_parameters_8h_source.html | 2 +- docs/html/_s_s_l_obj_8cpp.html | 2 +- docs/html/_s_s_l_obj_8h.html | 2 +- docs/html/_s_s_l_obj_8h_source.html | 2 +- docs/html/_s_s_l_session_8h.html | 2 +- docs/html/_s_s_l_session_8h_source.html | 2 +- docs/html/_t_l_s12__only__profile_8c.html | 2 +- docs/html/_trust_anchors_8md.html | 2 +- docs/html/annotated.html | 2 +- docs/html/cert_8h.html | 2 +- docs/html/cert_8h_source.html | 2 +- docs/html/class_s_s_l_client-members.html | 2 +- docs/html/class_s_s_l_client.html | 14 ++++++------- docs/html/class_s_s_l_session-members.html | 2 +- docs/html/class_s_s_l_session.html | 2 +- docs/html/classes.html | 2 +- .../dir_386349f6a9bc1e2cd0767d257d5e5b91.html | 2 +- .../dir_68267d1309a1af8e8297ef4c3efbcdba.html | 2 +- .../dir_9c42dc81377249a918256dbb9cfb2167.html | 2 +- .../dir_d28a4824dc47e487b107a5db32ef43c4.html | 2 +- .../dir_dfc5a9f91fbfb9426c406a3f10131a54.html | 2 +- docs/html/ec__prime__fast__256_8c.html | 2 +- docs/html/files.html | 2 +- docs/html/functions.html | 2 +- docs/html/functions_enum.html | 2 +- docs/html/functions_eval.html | 2 +- docs/html/functions_func.html | 2 +- docs/html/functions_vars.html | 2 +- docs/html/globals.html | 2 +- docs/html/globals_defs.html | 2 +- docs/html/globals_func.html | 2 +- docs/html/globals_vars.html | 2 +- docs/html/hierarchy.html | 2 +- docs/html/index.html | 2 +- ...ibraries__s_s_l_client__trust_anchors.html | 2 +- docs/html/namespace_s_s_l_obj.html | 2 +- docs/html/namespacemembers.html | 2 +- docs/html/namespacemembers_func.html | 2 +- docs/html/namespaces.html | 2 +- docs/html/pages.html | 2 +- ...truct_s_s_l_client_parameters-members.html | 2 +- docs/html/struct_s_s_l_client_parameters.html | 2 +- ...structssl__pem__decode__state-members.html | 2 +- docs/html/structssl__pem__decode__state.html | 2 +- docs/html/time__macros_8h.html | 2 +- docs/html/time__macros_8h_source.html | 2 +- docs/html/trust__anchors_8h.html | 2 +- docs/html/trust__anchors_8h_source.html | 2 +- docs/html/trustanchors_8h.html | 2 +- docs/html/trustanchors_8h_source.html | 2 +- library.properties | 2 +- 56 files changed, 71 insertions(+), 71 deletions(-) diff --git a/docs/html/_r_e_a_d_m_e_8md.html b/docs/html/_r_e_a_d_m_e_8md.html index 301d463..c78e9c5 100644 --- a/docs/html/_r_e_a_d_m_e_8md.html +++ b/docs/html/_r_e_a_d_m_e_8md.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8cpp.html b/docs/html/_s_s_l_client_8cpp.html index 2717c69..c25e9a1 100644 --- a/docs/html/_s_s_l_client_8cpp.html +++ b/docs/html/_s_s_l_client_8cpp.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8h.html b/docs/html/_s_s_l_client_8h.html index dc0f248..0292567 100644 --- a/docs/html/_s_s_l_client_8h.html +++ b/docs/html/_s_s_l_client_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8h_source.html b/docs/html/_s_s_l_client_8h_source.html index a4e47ee..f7a521c 100644 --- a/docs/html/_s_s_l_client_8h_source.html +++ b/docs/html/_s_s_l_client_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    @@ -91,36 +91,36 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8h_source.html','');});
    SSLClient.h
    -Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    21 #include "Client.h"
    22 #include "SSLSession.h"
    23 #include "SSLClientParameters.h"
    24 #include "SSLObj.h"
    25 #include <vector>
    26 
    27 #ifndef SSLClient_H_
    28 #define SSLClient_H_
    29 
    35 class SSLClient : public Client {
    36 public:
    45  enum Error {
    46  SSL_OK = 0,
    48  SSL_CLIENT_CONNECT_FAIL,
    50  SSL_BR_CONNECT_FAIL,
    52  SSL_CLIENT_WRTIE_ERROR,
    54  SSL_BR_WRITE_ERROR,
    56  SSL_INTERNAL_ERROR,
    58  SSL_OUT_OF_MEMORY
    59  };
    60 
    67  enum DebugLevel {
    69  SSL_NONE = 0,
    71  SSL_ERROR = 1,
    73  SSL_WARN = 2,
    75  SSL_INFO = 3,
    76  };
    77 
    95  explicit SSLClient( Client& client,
    96  const br_x509_trust_anchor *trust_anchors,
    97  const size_t trust_anchors_num,
    98  const int analog_pin,
    99  const size_t max_sessions = 1,
    100  const DebugLevel debug = SSL_WARN);
    101 
    102  //========================================
    103  //= Functions implemented in SSLClient.cpp
    104  //========================================
    105 
    145  int connect(IPAddress ip, uint16_t port) override;
    146 
    183  int connect(const char *host, uint16_t port) override;
    184 
    208  size_t write(const uint8_t *buf, size_t size) override;
    210  size_t write(uint8_t b) override { return write(&b, 1); }
    211 
    230  int available() override;
    231 
    253  int read(uint8_t *buf, size_t size) override;
    258  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
    259 
    268  int peek() override;
    269 
    277  void flush() override;
    278 
    287  void stop() override;
    288 
    302  uint8_t connected() override;
    303 
    304  //========================================
    305  //= Functions Not in the Client Interface
    306  //========================================
    307 
    316  void setMutualAuthParams(const SSLClientParameters* params);
    317 
    332  SSLSession* getSession(const char* host);
    333 
    342  void removeSession(const char* host);
    343 
    349  size_t getSessionCount() const { return m_sessions.size(); }
    350 
    356  operator bool() { return connected() > 0; }
    357 
    359  Client& getClient() { return m_client; }
    360 
    361 private:
    363  Client& get_arduino_client() { return m_client; }
    364  const Client& get_arduino_client() const { return m_client; }
    365 
    367  bool m_soft_connected(const char* func_name);
    369  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
    371  int m_run_until(const unsigned target);
    373  unsigned m_update_engine();
    375  int m_get_session_index(const char* host) const;
    376 
    378  void m_print_prefix(const char* func_name, const DebugLevel level) const;
    379 
    381  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
    382 
    384  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
    385 
    387  template<typename T>
    388  void m_print(const T str, const char* func_name, const DebugLevel level) const {
    389  // check the current debug level and serial status
    390  if (level > m_debug || !Serial) return;
    391  // print prefix
    392  m_print_prefix(func_name, level);
    393  // print the message
    394  Serial.println(str);
    395  }
    396 
    398  template<typename T>
    399  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
    400 
    401  template<typename T>
    402  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
    403 
    404  template<typename T>
    405  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
    406 
    407  //============================================
    408  //= Data Members
    409  //============================================
    410  // create a copy of the client
    411  Client& m_client;
    412  // also store an array of SSLSessions, so we can resume communication with multiple websites
    413  std::vector<SSLSession> m_sessions;
    414  // as well as the maximmum number of sessions we can store
    415  const size_t m_max_sessions;
    416  // store the pin to fetch an RNG see from
    417  const int m_analog_pin;
    418  // store whether to enable debug logging
    419  const DebugLevel m_debug;
    420  // store if we are connected in bearssl or not
    421  bool m_is_connected;
    422  // store the context values required for SSL
    423  br_ssl_client_context m_sslctx;
    424  br_x509_minimal_context m_x509ctx;
    425  // use a mono-directional buffer by default to cut memory in half
    426  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
    427  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
    428  // simply edit this value to change the buffer size to the desired value
    429  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
    430  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
    438  unsigned char m_iobuf[2048];
    439  // store the index of where we are writing in the buffer
    440  // so we can send our records all at once to prevent
    441  // weird timing issues
    442  size_t m_write_idx;
    443 };
    444 
    445 #endif
    SSLClient::connected
    uint8_t connected() override
    Check if the device is connected.
    Definition: SSLClient.cpp:255
    +Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    21 #include "Client.h"
    22 #include "SSLSession.h"
    23 #include "SSLClientParameters.h"
    24 #include "SSLObj.h"
    25 #include <vector>
    26 
    27 #ifndef SSLClient_H_
    28 #define SSLClient_H_
    29 
    35 class SSLClient : public Client {
    36 public:
    45  enum Error {
    46  SSL_OK = 0,
    48  SSL_CLIENT_CONNECT_FAIL = 2,
    50  SSL_BR_CONNECT_FAIL = 3,
    52  SSL_CLIENT_WRTIE_ERROR = 4,
    54  SSL_BR_WRITE_ERROR = 5,
    56  SSL_INTERNAL_ERROR = 6,
    58  SSL_OUT_OF_MEMORY = 7
    59  };
    60 
    67  enum DebugLevel {
    69  SSL_NONE = 0,
    71  SSL_ERROR = 1,
    73  SSL_WARN = 2,
    75  SSL_INFO = 3,
    76  };
    77 
    95  explicit SSLClient( Client& client,
    96  const br_x509_trust_anchor *trust_anchors,
    97  const size_t trust_anchors_num,
    98  const int analog_pin,
    99  const size_t max_sessions = 1,
    100  const DebugLevel debug = SSL_WARN);
    101 
    102  //========================================
    103  //= Functions implemented in SSLClient.cpp
    104  //========================================
    105 
    145  int connect(IPAddress ip, uint16_t port) override;
    146 
    183  int connect(const char *host, uint16_t port) override;
    184 
    208  size_t write(const uint8_t *buf, size_t size) override;
    210  size_t write(uint8_t b) override { return write(&b, 1); }
    211 
    230  int available() override;
    231 
    253  int read(uint8_t *buf, size_t size) override;
    258  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
    259 
    268  int peek() override;
    269 
    277  void flush() override;
    278 
    287  void stop() override;
    288 
    302  uint8_t connected() override;
    303 
    304  //========================================
    305  //= Functions Not in the Client Interface
    306  //========================================
    307 
    316  void setMutualAuthParams(const SSLClientParameters* params);
    317 
    332  SSLSession* getSession(const char* host);
    333 
    342  void removeSession(const char* host);
    343 
    349  size_t getSessionCount() const { return m_sessions.size(); }
    350 
    356  operator bool() { return connected() > 0; }
    357 
    359  Client& getClient() { return m_client; }
    360 
    361 private:
    363  Client& get_arduino_client() { return m_client; }
    364  const Client& get_arduino_client() const { return m_client; }
    365 
    367  bool m_soft_connected(const char* func_name);
    369  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
    371  int m_run_until(const unsigned target);
    373  unsigned m_update_engine();
    375  int m_get_session_index(const char* host) const;
    376 
    378  void m_print_prefix(const char* func_name, const DebugLevel level) const;
    379 
    381  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
    382 
    384  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
    385 
    387  template<typename T>
    388  void m_print(const T str, const char* func_name, const DebugLevel level) const {
    389  // check the current debug level and serial status
    390  if (level > m_debug || !Serial) return;
    391  // print prefix
    392  m_print_prefix(func_name, level);
    393  // print the message
    394  Serial.println(str);
    395  }
    396 
    398  template<typename T>
    399  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
    400 
    401  template<typename T>
    402  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
    403 
    404  template<typename T>
    405  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
    406 
    407  //============================================
    408  //= Data Members
    409  //============================================
    410  // create a reference the client
    411  Client& m_client;
    412  // also store an array of SSLSessions, so we can resume communication with multiple websites
    413  std::vector<SSLSession> m_sessions;
    414  // as well as the maximmum number of sessions we can store
    415  const size_t m_max_sessions;
    416  // store the pin to fetch an RNG see from
    417  const int m_analog_pin;
    418  // store whether to enable debug logging
    419  const DebugLevel m_debug;
    420  // store if we are connected in bearssl or not
    421  bool m_is_connected;
    422  // store the context values required for SSL
    423  br_ssl_client_context m_sslctx;
    424  br_x509_minimal_context m_x509ctx;
    425  // use a mono-directional buffer by default to cut memory in half
    426  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
    427  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
    428  // simply edit this value to change the buffer size to the desired value
    429  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
    430  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
    438  unsigned char m_iobuf[2048];
    439  // store the index of where we are writing in the buffer
    440  // so we can send our records all at once to prevent
    441  // weird timing issues
    442  size_t m_write_idx;
    443 };
    444 
    445 #endif
    SSLClient::connected
    uint8_t connected() override
    Check if the device is connected.
    Definition: SSLClient.cpp:254
    SSLClient::SSL_OUT_OF_MEMORY
    Definition: SSLClient.h:58
    SSLSession
    This class stores values which allow SSLClient to save and resume SSL sessions.
    Definition: SSLSession.h:51
    SSLClient::SSL_CLIENT_CONNECT_FAIL
    Definition: SSLClient.h:48
    SSLClient::SSL_INFO
    Definition: SSLClient.h:75
    SSLClient::SSL_BR_WRITE_ERROR
    Definition: SSLClient.h:54
    SSLClient::SSLClient
    SSLClient(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)
    Initialize SSLClient with all of the prerequisites needed.
    Definition: SSLClient.cpp:55
    -
    SSLClient::flush
    void flush() override
    Force writing the buffered bytes from SSLClient::write to the network.
    Definition: SSLClient.cpp:222
    -
    SSLClient::getSession
    SSLSession * getSession(const char *host)
    Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
    Definition: SSLClient.cpp:286
    +
    SSLClient::flush
    void flush() override
    Force writing the buffered bytes from SSLClient::write to the network.
    Definition: SSLClient.cpp:221
    +
    SSLClient::getSession
    SSLSession * getSession(const char *host)
    Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
    Definition: SSLClient.cpp:285
    SSLClientParameters
    This struct stores data required for SSLClient to use mutual authentication.
    Definition: SSLClientParameters.h:52
    -
    SSLClient::setMutualAuthParams
    void setMutualAuthParams(const SSLClientParameters *params)
    Add a client certificate and enable support for mutual auth.
    Definition: SSLClient.cpp:310
    -
    SSLClient::available
    int available() override
    Returns the number of bytes available to read from the data that has been received and decrypted.
    Definition: SSLClient.cpp:174
    +
    SSLClient::setMutualAuthParams
    void setMutualAuthParams(const SSLClientParameters *params)
    Add a client certificate and enable support for mutual auth.
    Definition: SSLClient.cpp:309
    +
    SSLClient::available
    int available() override
    Returns the number of bytes available to read from the data that has been received and decrypted.
    Definition: SSLClient.cpp:173
    SSLClient
    The main SSLClient class. Check out README.md for more info.
    Definition: SSLClient.h:35
    SSLClient::SSL_WARN
    Definition: SSLClient.h:73
    -
    SSLClient::stop
    void stop() override
    Close the connection.
    Definition: SSLClient.cpp:228
    +
    SSLClient::stop
    void stop() override
    Close the connection.
    Definition: SSLClient.cpp:227
    SSLClient::SSL_ERROR
    Definition: SSLClient.h:71
    SSLClient::connect
    int connect(IPAddress ip, uint16_t port) override
    Connect over SSL to a host specified by an IP address.
    Definition: SSLClient.cpp:82
    -
    SSLClient::write
    size_t write(const uint8_t *buf, size_t size) override
    Write some bytes to the SSL connection.
    Definition: SSLClient.cpp:131
    +
    SSLClient::write
    size_t write(const uint8_t *buf, size_t size) override
    Write some bytes to the SSL connection.
    Definition: SSLClient.cpp:130
    SSLClient::read
    int read() override
    Read a single byte, or -1 if none is available.
    Definition: SSLClient.h:258
    SSLClient::Error
    Error
    Static constants defining the possible errors encountered.
    Definition: SSLClient.h:45
    SSLClient::SSL_CLIENT_WRTIE_ERROR
    Definition: SSLClient.h:52
    SSLClient::DebugLevel
    DebugLevel
    Level of verbosity used in logging for SSLClient.
    Definition: SSLClient.h:67
    SSLClient::getSessionCount
    size_t getSessionCount() const
    Get the maximum number of SSL sessions that can be stored at once.
    Definition: SSLClient.h:349
    -
    SSLClient::peek
    int peek() override
    View the first byte of the buffer, without removing it from the SSLClient Buffer.
    Definition: SSLClient.cpp:210
    +
    SSLClient::peek
    int peek() override
    View the first byte of the buffer, without removing it from the SSLClient Buffer.
    Definition: SSLClient.cpp:209
    SSLClientParameters.h
    SSLClient::SSL_BR_CONNECT_FAIL
    Definition: SSLClient.h:50
    SSLSession.h
    SSLClient::write
    size_t write(uint8_t b) override
    Definition: SSLClient.h:210
    SSLClient::getClient
    Client & getClient()
    Returns a reference to the client object stored in this class. Take care not to break it.
    Definition: SSLClient.h:359
    -
    SSLClient::removeSession
    void removeSession(const char *host)
    Clear the session corresponding to a host and IP.
    Definition: SSLClient.cpp:299
    +
    SSLClient::removeSession
    void removeSession(const char *host)
    Clear the session corresponding to a host and IP.
    Definition: SSLClient.cpp:298
    SSLObj.h
    SSLClient::SSL_NONE
    Definition: SSLClient.h:69
    SSLClient::SSL_OK
    Definition: SSLClient.h:46
    diff --git a/docs/html/_s_s_l_client_parameters_8h.html b/docs/html/_s_s_l_client_parameters_8h.html index a7c5050..47a5896 100644 --- a/docs/html/_s_s_l_client_parameters_8h.html +++ b/docs/html/_s_s_l_client_parameters_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_parameters_8h_source.html b/docs/html/_s_s_l_client_parameters_8h_source.html index 262cf99..6dedaae 100644 --- a/docs/html/_s_s_l_client_parameters_8h_source.html +++ b/docs/html/_s_s_l_client_parameters_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8cpp.html b/docs/html/_s_s_l_obj_8cpp.html index 6a97a5e..87fdb40 100644 --- a/docs/html/_s_s_l_obj_8cpp.html +++ b/docs/html/_s_s_l_obj_8cpp.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8h.html b/docs/html/_s_s_l_obj_8h.html index 9024aa9..c788182 100644 --- a/docs/html/_s_s_l_obj_8h.html +++ b/docs/html/_s_s_l_obj_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8h_source.html b/docs/html/_s_s_l_obj_8h_source.html index b4a8442..b7f9b53 100644 --- a/docs/html/_s_s_l_obj_8h_source.html +++ b/docs/html/_s_s_l_obj_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_session_8h.html b/docs/html/_s_s_l_session_8h.html index 086efc4..17d678f 100644 --- a/docs/html/_s_s_l_session_8h.html +++ b/docs/html/_s_s_l_session_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_session_8h_source.html b/docs/html/_s_s_l_session_8h_source.html index d70c2ba..32ea911 100644 --- a/docs/html/_s_s_l_session_8h_source.html +++ b/docs/html/_s_s_l_session_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_t_l_s12__only__profile_8c.html b/docs/html/_t_l_s12__only__profile_8c.html index 0e42728..176afce 100644 --- a/docs/html/_t_l_s12__only__profile_8c.html +++ b/docs/html/_t_l_s12__only__profile_8c.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_trust_anchors_8md.html b/docs/html/_trust_anchors_8md.html index a64bd86..3f11130 100644 --- a/docs/html/_trust_anchors_8md.html +++ b/docs/html/_trust_anchors_8md.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/annotated.html b/docs/html/annotated.html index cfc7655..04e5b27 100644 --- a/docs/html/annotated.html +++ b/docs/html/annotated.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/cert_8h.html b/docs/html/cert_8h.html index 88192ea..cb19e45 100644 --- a/docs/html/cert_8h.html +++ b/docs/html/cert_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/cert_8h_source.html b/docs/html/cert_8h_source.html index 6f4239c..caac9ef 100644 --- a/docs/html/cert_8h_source.html +++ b/docs/html/cert_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_client-members.html b/docs/html/class_s_s_l_client-members.html index 2927210..02df105 100644 --- a/docs/html/class_s_s_l_client-members.html +++ b/docs/html/class_s_s_l_client-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_client.html b/docs/html/class_s_s_l_client.html index 1e4fddb..62f1993 100644 --- a/docs/html/class_s_s_l_client.html +++ b/docs/html/class_s_s_l_client.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    @@ -111,13 +111,13 @@ Inheritance diagram for SSLClient:
    Public Types enum  Error {
      SSL_OK = 0, -SSL_CLIENT_CONNECT_FAIL, -SSL_BR_CONNECT_FAIL, -SSL_CLIENT_WRTIE_ERROR, +SSL_CLIENT_CONNECT_FAIL = 2, +SSL_BR_CONNECT_FAIL = 3, +SSL_CLIENT_WRTIE_ERROR = 4,
    -  SSL_BR_WRITE_ERROR, -SSL_INTERNAL_ERROR, -SSL_OUT_OF_MEMORY +  SSL_BR_WRITE_ERROR = 5, +SSL_INTERNAL_ERROR = 6, +SSL_OUT_OF_MEMORY = 7
    }  Static constants defining the possible errors encountered. More...
    diff --git a/docs/html/class_s_s_l_session-members.html b/docs/html/class_s_s_l_session-members.html index ca1bf32..1e878f3 100644 --- a/docs/html/class_s_s_l_session-members.html +++ b/docs/html/class_s_s_l_session-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_session.html b/docs/html/class_s_s_l_session.html index 79e8cca..454052a 100644 --- a/docs/html/class_s_s_l_session.html +++ b/docs/html/class_s_s_l_session.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/classes.html b/docs/html/classes.html index b944012..28e3204 100644 --- a/docs/html/classes.html +++ b/docs/html/classes.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html index ad459b7..0a0a250 100644 --- a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html +++ b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html index 97c64ed..b1509c0 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html index fdd7d17..9cc7f6a 100644 --- a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html +++ b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html index 98fae67..a201518 100644 --- a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html +++ b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html index 544df56..f42bc8d 100644 --- a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html +++ b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/ec__prime__fast__256_8c.html b/docs/html/ec__prime__fast__256_8c.html index 1dbbfeb..bb4d6f9 100644 --- a/docs/html/ec__prime__fast__256_8c.html +++ b/docs/html/ec__prime__fast__256_8c.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/files.html b/docs/html/files.html index 95ada10..d51797c 100644 --- a/docs/html/files.html +++ b/docs/html/files.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions.html b/docs/html/functions.html index cc1ba07..4e11d63 100644 --- a/docs/html/functions.html +++ b/docs/html/functions.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_enum.html b/docs/html/functions_enum.html index d14bd09..a59822a 100644 --- a/docs/html/functions_enum.html +++ b/docs/html/functions_enum.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_eval.html b/docs/html/functions_eval.html index 0ff75bc..77c9361 100644 --- a/docs/html/functions_eval.html +++ b/docs/html/functions_eval.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_func.html b/docs/html/functions_func.html index 799ae11..d277946 100644 --- a/docs/html/functions_func.html +++ b/docs/html/functions_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_vars.html b/docs/html/functions_vars.html index 5cc8e91..55e1d11 100644 --- a/docs/html/functions_vars.html +++ b/docs/html/functions_vars.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals.html b/docs/html/globals.html index b704556..fd21b44 100644 --- a/docs/html/globals.html +++ b/docs/html/globals.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_defs.html b/docs/html/globals_defs.html index fef2962..bbdd3d3 100644 --- a/docs/html/globals_defs.html +++ b/docs/html/globals_defs.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_func.html b/docs/html/globals_func.html index f23d91b..57f26c1 100644 --- a/docs/html/globals_func.html +++ b/docs/html/globals_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_vars.html b/docs/html/globals_vars.html index 34445a7..e2e73c4 100644 --- a/docs/html/globals_vars.html +++ b/docs/html/globals_vars.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/hierarchy.html b/docs/html/hierarchy.html index f525e14..59aaf82 100644 --- a/docs/html/hierarchy.html +++ b/docs/html/hierarchy.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/index.html b/docs/html/index.html index 2f790ee..6a02e39 100644 --- a/docs/html/index.html +++ b/docs/html/index.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html index d307879..71718cb 100644 --- a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html +++ b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespace_s_s_l_obj.html b/docs/html/namespace_s_s_l_obj.html index ea568a5..236cda0 100644 --- a/docs/html/namespace_s_s_l_obj.html +++ b/docs/html/namespace_s_s_l_obj.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespacemembers.html b/docs/html/namespacemembers.html index 193a83c..361e57e 100644 --- a/docs/html/namespacemembers.html +++ b/docs/html/namespacemembers.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespacemembers_func.html b/docs/html/namespacemembers_func.html index f0b8146..ba602f5 100644 --- a/docs/html/namespacemembers_func.html +++ b/docs/html/namespacemembers_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespaces.html b/docs/html/namespaces.html index 2f1ddb6..f7b1ebe 100644 --- a/docs/html/namespaces.html +++ b/docs/html/namespaces.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/pages.html b/docs/html/pages.html index 356a0fd..64f2340 100644 --- a/docs/html/pages.html +++ b/docs/html/pages.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/struct_s_s_l_client_parameters-members.html b/docs/html/struct_s_s_l_client_parameters-members.html index 7171d9f..1c4cb0f 100644 --- a/docs/html/struct_s_s_l_client_parameters-members.html +++ b/docs/html/struct_s_s_l_client_parameters-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/struct_s_s_l_client_parameters.html b/docs/html/struct_s_s_l_client_parameters.html index 47d8224..024c050 100644 --- a/docs/html/struct_s_s_l_client_parameters.html +++ b/docs/html/struct_s_s_l_client_parameters.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/structssl__pem__decode__state-members.html b/docs/html/structssl__pem__decode__state-members.html index 4ee8da1..108d3ce 100644 --- a/docs/html/structssl__pem__decode__state-members.html +++ b/docs/html/structssl__pem__decode__state-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/structssl__pem__decode__state.html b/docs/html/structssl__pem__decode__state.html index c314b41..9c58cb1 100644 --- a/docs/html/structssl__pem__decode__state.html +++ b/docs/html/structssl__pem__decode__state.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/time__macros_8h.html b/docs/html/time__macros_8h.html index e22bf32..68dcb80 100644 --- a/docs/html/time__macros_8h.html +++ b/docs/html/time__macros_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/time__macros_8h_source.html b/docs/html/time__macros_8h_source.html index 677a444..a5e2fa7 100644 --- a/docs/html/time__macros_8h_source.html +++ b/docs/html/time__macros_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trust__anchors_8h.html b/docs/html/trust__anchors_8h.html index ef2751e..0df213d 100644 --- a/docs/html/trust__anchors_8h.html +++ b/docs/html/trust__anchors_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trust__anchors_8h_source.html b/docs/html/trust__anchors_8h_source.html index e3690bc..2998bfc 100644 --- a/docs/html/trust__anchors_8h_source.html +++ b/docs/html/trust__anchors_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trustanchors_8h.html b/docs/html/trustanchors_8h.html index 729f06c..958a976 100644 --- a/docs/html/trustanchors_8h.html +++ b/docs/html/trustanchors_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trustanchors_8h_source.html b/docs/html/trustanchors_8h_source.html index 7d967ea..964016b 100644 --- a/docs/html/trustanchors_8h_source.html +++ b/docs/html/trustanchors_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.3.0 +  v1.4.2
    Add TLS 1.2 functionality to any network library.
    diff --git a/library.properties b/library.properties index 3f10399..90907dd 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.3.0 +version=1.4.2 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class From e8c7cc2f11ef779f7c06793d143d500887a58dfc Mon Sep 17 00:00:00 2001 From: Noah Date: Wed, 20 Nov 2019 19:47:59 -0800 Subject: [PATCH 035/141] Update readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8231abc..9d9ae7d 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# SSLClient - Arduino Library For SSL +# SSLClient [![Build Status](https://travis-ci.org/OPEnSLab-OSU/SSLClient.svg?branch=master)](https://travis-ci.org/OPEnSLab-OSU/SSLClient) From 106c124c58c690365ecee5fa21e28ceda9d9289a Mon Sep 17 00:00:00 2001 From: Noah Date: Wed, 20 Nov 2019 19:49:54 -0800 Subject: [PATCH 036/141] Update readme to remove old template implementation --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 9d9ae7d..1917370 100644 --- a/README.md +++ b/README.md @@ -55,9 +55,7 @@ For more information on SSLClient, check out the [examples](./examples), [API do ## How It Works -SSLClient was created to integrate SSL seamlessly with the Arduino infrastructure, and so it does just that: implementing the brilliant [BearSSL](https://bearssl.org/) as a proxy in front of any Arduino socket library. BearSSL is designed with low flash footprint in mind, and as a result does little verification of improper programming, relying on the developer to ensure the code is correct. Since SSLClient is built specifically for the Arduino ecosystem, most of the code adds those programming checks back in, making debugging a fast and simple process. The rest manages the state of BearSSL, and ensures a manageable memory footprint. - -Additionally, the bulk of SSLClient is split into two components: a template class [SSLClient](./src/SSLClient.h), and an implementation class [SSLClientImpl](./src/SSLClientImpl.h). The template class serves to abstract some functions not implemented in the Arduino Client interface (such as EthernetClient::remoteIP), and the implementation class is the rest of the SSLClient library. +SSLClient was created to integrate SSL seamlessly with the Arduino infrastructure, and so it does just that: implementing the brilliant [BearSSL](https://bearssl.org/) as a proxy in front of any Arduino socket library. BearSSL is designed with low flash footprint in mind, and as a result does little verification of improper programming, relying on the developer to ensure the code is correct. Since SSLClient is built specifically for the Arduino ecosystem, most of SSLClient's code adds those programming checks back in, making debugging a fast and simple process. ## Other Features From 539b088e82aa08457c1d90e800791b10782a32a3 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Thu, 26 Dec 2019 17:50:34 -0500 Subject: [PATCH 037/141] fix support for the esp8266 --- src/SSLClient.cpp | 5 +++++ src/SSLClient.h | 14 ++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/src/SSLClient.cpp b/src/SSLClient.cpp index 428e275..3529144 100644 --- a/src/SSLClient.cpp +++ b/src/SSLClient.cpp @@ -35,6 +35,8 @@ static constexpr auto VECTKEY_MASK = (0x0000ffffUL); #ifdef __arm__ // should use uinstd.h to define sbrk but Due causes a conflict extern "C" char* sbrk(int incr); +#elif defined(ESP8266) // esp8266 +#define SYSTEM_STACK_END_ADDRESS 0x3FFFC000 #else // __ARM__ extern char *__brkval; #endif // __arm__ @@ -44,6 +46,9 @@ static int freeMemory() { char top; #ifdef __arm__ return &top - reinterpret_cast(sbrk(0)); +#elif defined(ESP8266) // ESP8266 + register volatile uint32_t stackAddress asm("a1"); + return stackAddress-SYSTEM_STACK_END_ADDRESS; #elif defined(CORE_TEENSY) || (ARDUINO > 103 && ARDUINO != 151) return &top - __brkval; #else // __arm__ diff --git a/src/SSLClient.h b/src/SSLClient.h index 17c91d4..79d6827 100644 --- a/src/SSLClient.h +++ b/src/SSLClient.h @@ -358,6 +358,18 @@ public: /** @brief Returns a reference to the client object stored in this class. Take care not to break it. */ Client& getClient() { return m_client; } + /** + * @brief Set the timeout when waiting for an SSL response. + * @param t The timeout value, in milliseconds (defaults to 30 seconds if not set). Do not set to zero. + */ + void setTimeout(unsigned int t) { m_timeout = t; } + + /** + * @brief Get the timeout when waiting for an SSL response. + * @returns The timeout value in milliseconds. + */ + unsigned int getTimeout() const { return m_timeout; } + private: /** @brief Returns an instance of m_client that is polymorphic and can be used by SSLClientImpl */ Client& get_arduino_client() { return m_client; } @@ -419,6 +431,8 @@ private: const DebugLevel m_debug; // store if we are connected in bearssl or not bool m_is_connected; + // store the timeout for SSL internals + unsigned int m_timeout; // store the context values required for SSL br_ssl_client_context m_sslctx; br_x509_minimal_context m_x509ctx; From c2eca312f4e04c400baf4567b3a7820eddd9c222 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Thu, 26 Dec 2019 17:59:50 -0500 Subject: [PATCH 038/141] bump version in doxygen --- docs/html/_r_e_a_d_m_e_8md.html | 2 +- docs/html/_s_s_l_client_8cpp.html | 2 +- docs/html/_s_s_l_client_8h.html | 2 +- docs/html/_s_s_l_client_8h_source.html | 26 +- docs/html/_s_s_l_client_parameters_8h.html | 2 +- .../_s_s_l_client_parameters_8h_source.html | 2 +- docs/html/_s_s_l_obj_8cpp.html | 2 +- docs/html/_s_s_l_obj_8h.html | 2 +- docs/html/_s_s_l_obj_8h_source.html | 2 +- docs/html/_s_s_l_session_8h.html | 2 +- docs/html/_s_s_l_session_8h_source.html | 2 +- docs/html/_t_l_s12__only__profile_8c.html | 2 +- docs/html/_trust_anchors_8md.html | 2 +- docs/html/annotated.html | 2 +- docs/html/cert_8h.html | 2 +- docs/html/cert_8h_source.html | 2 +- docs/html/class_s_s_l_client-members.html | 16 +- docs/html/class_s_s_l_client.html | 70 +++++- docs/html/class_s_s_l_client.js | 2 + docs/html/class_s_s_l_session-members.html | 2 +- docs/html/class_s_s_l_session.html | 2 +- docs/html/classes.html | 2 +- .../dir_386349f6a9bc1e2cd0767d257d5e5b91.html | 2 +- .../dir_68267d1309a1af8e8297ef4c3efbcdba.html | 2 +- .../dir_9c42dc81377249a918256dbb9cfb2167.html | 2 +- .../dir_d28a4824dc47e487b107a5db32ef43c4.html | 2 +- .../dir_dfc5a9f91fbfb9426c406a3f10131a54.html | 2 +- docs/html/ec__prime__fast__256_8c.html | 2 +- docs/html/files.html | 2 +- docs/html/functions.html | 8 +- docs/html/functions_enum.html | 2 +- docs/html/functions_eval.html | 2 +- docs/html/functions_func.html | 8 +- docs/html/functions_vars.html | 2 +- docs/html/globals.html | 2 +- docs/html/globals_defs.html | 2 +- docs/html/globals_func.html | 2 +- docs/html/globals_vars.html | 2 +- docs/html/hierarchy.html | 2 +- docs/html/index.html | 9 +- ...ibraries__s_s_l_client__trust_anchors.html | 2 +- docs/html/namespace_s_s_l_obj.html | 2 +- docs/html/namespacemembers.html | 2 +- docs/html/namespacemembers_func.html | 2 +- docs/html/namespaces.html | 2 +- docs/html/navtreedata.js | 1 - docs/html/navtreeindex0.js | 231 +++++++++--------- docs/html/pages.html | 2 +- docs/html/search/all_7.js | 3 +- docs/html/search/all_d.js | 3 +- docs/html/search/functions_4.js | 3 +- docs/html/search/functions_9.js | 1 + docs/html/search/pages_0.js | 2 +- ...truct_s_s_l_client_parameters-members.html | 2 +- docs/html/struct_s_s_l_client_parameters.html | 2 +- ...structssl__pem__decode__state-members.html | 2 +- docs/html/structssl__pem__decode__state.html | 2 +- docs/html/time__macros_8h.html | 2 +- docs/html/time__macros_8h_source.html | 2 +- docs/html/trust__anchors_8h.html | 2 +- docs/html/trust__anchors_8h_source.html | 2 +- docs/html/trustanchors_8h.html | 2 +- docs/html/trustanchors_8h_source.html | 2 +- library.properties | 2 +- 64 files changed, 286 insertions(+), 197 deletions(-) diff --git a/docs/html/_r_e_a_d_m_e_8md.html b/docs/html/_r_e_a_d_m_e_8md.html index c78e9c5..ebee020 100644 --- a/docs/html/_r_e_a_d_m_e_8md.html +++ b/docs/html/_r_e_a_d_m_e_8md.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8cpp.html b/docs/html/_s_s_l_client_8cpp.html index c25e9a1..4c6ce71 100644 --- a/docs/html/_s_s_l_client_8cpp.html +++ b/docs/html/_s_s_l_client_8cpp.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8h.html b/docs/html/_s_s_l_client_8h.html index 0292567..c9700ea 100644 --- a/docs/html/_s_s_l_client_8h.html +++ b/docs/html/_s_s_l_client_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8h_source.html b/docs/html/_s_s_l_client_8h_source.html index f7a521c..804eb3b 100644 --- a/docs/html/_s_s_l_client_8h_source.html +++ b/docs/html/_s_s_l_client_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    @@ -91,36 +91,38 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8h_source.html','');});
    SSLClient.h
    -Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    21 #include "Client.h"
    22 #include "SSLSession.h"
    23 #include "SSLClientParameters.h"
    24 #include "SSLObj.h"
    25 #include <vector>
    26 
    27 #ifndef SSLClient_H_
    28 #define SSLClient_H_
    29 
    35 class SSLClient : public Client {
    36 public:
    45  enum Error {
    46  SSL_OK = 0,
    48  SSL_CLIENT_CONNECT_FAIL = 2,
    50  SSL_BR_CONNECT_FAIL = 3,
    52  SSL_CLIENT_WRTIE_ERROR = 4,
    54  SSL_BR_WRITE_ERROR = 5,
    56  SSL_INTERNAL_ERROR = 6,
    58  SSL_OUT_OF_MEMORY = 7
    59  };
    60 
    67  enum DebugLevel {
    69  SSL_NONE = 0,
    71  SSL_ERROR = 1,
    73  SSL_WARN = 2,
    75  SSL_INFO = 3,
    76  };
    77 
    95  explicit SSLClient( Client& client,
    96  const br_x509_trust_anchor *trust_anchors,
    97  const size_t trust_anchors_num,
    98  const int analog_pin,
    99  const size_t max_sessions = 1,
    100  const DebugLevel debug = SSL_WARN);
    101 
    102  //========================================
    103  //= Functions implemented in SSLClient.cpp
    104  //========================================
    105 
    145  int connect(IPAddress ip, uint16_t port) override;
    146 
    183  int connect(const char *host, uint16_t port) override;
    184 
    208  size_t write(const uint8_t *buf, size_t size) override;
    210  size_t write(uint8_t b) override { return write(&b, 1); }
    211 
    230  int available() override;
    231 
    253  int read(uint8_t *buf, size_t size) override;
    258  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
    259 
    268  int peek() override;
    269 
    277  void flush() override;
    278 
    287  void stop() override;
    288 
    302  uint8_t connected() override;
    303 
    304  //========================================
    305  //= Functions Not in the Client Interface
    306  //========================================
    307 
    316  void setMutualAuthParams(const SSLClientParameters* params);
    317 
    332  SSLSession* getSession(const char* host);
    333 
    342  void removeSession(const char* host);
    343 
    349  size_t getSessionCount() const { return m_sessions.size(); }
    350 
    356  operator bool() { return connected() > 0; }
    357 
    359  Client& getClient() { return m_client; }
    360 
    361 private:
    363  Client& get_arduino_client() { return m_client; }
    364  const Client& get_arduino_client() const { return m_client; }
    365 
    367  bool m_soft_connected(const char* func_name);
    369  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
    371  int m_run_until(const unsigned target);
    373  unsigned m_update_engine();
    375  int m_get_session_index(const char* host) const;
    376 
    378  void m_print_prefix(const char* func_name, const DebugLevel level) const;
    379 
    381  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
    382 
    384  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
    385 
    387  template<typename T>
    388  void m_print(const T str, const char* func_name, const DebugLevel level) const {
    389  // check the current debug level and serial status
    390  if (level > m_debug || !Serial) return;
    391  // print prefix
    392  m_print_prefix(func_name, level);
    393  // print the message
    394  Serial.println(str);
    395  }
    396 
    398  template<typename T>
    399  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
    400 
    401  template<typename T>
    402  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
    403 
    404  template<typename T>
    405  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
    406 
    407  //============================================
    408  //= Data Members
    409  //============================================
    410  // create a reference the client
    411  Client& m_client;
    412  // also store an array of SSLSessions, so we can resume communication with multiple websites
    413  std::vector<SSLSession> m_sessions;
    414  // as well as the maximmum number of sessions we can store
    415  const size_t m_max_sessions;
    416  // store the pin to fetch an RNG see from
    417  const int m_analog_pin;
    418  // store whether to enable debug logging
    419  const DebugLevel m_debug;
    420  // store if we are connected in bearssl or not
    421  bool m_is_connected;
    422  // store the context values required for SSL
    423  br_ssl_client_context m_sslctx;
    424  br_x509_minimal_context m_x509ctx;
    425  // use a mono-directional buffer by default to cut memory in half
    426  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
    427  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
    428  // simply edit this value to change the buffer size to the desired value
    429  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
    430  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
    438  unsigned char m_iobuf[2048];
    439  // store the index of where we are writing in the buffer
    440  // so we can send our records all at once to prevent
    441  // weird timing issues
    442  size_t m_write_idx;
    443 };
    444 
    445 #endif
    SSLClient::connected
    uint8_t connected() override
    Check if the device is connected.
    Definition: SSLClient.cpp:254
    +Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    21 #include "Client.h"
    22 #include "SSLSession.h"
    23 #include "SSLClientParameters.h"
    24 #include "SSLObj.h"
    25 #include <vector>
    26 
    27 #ifndef SSLClient_H_
    28 #define SSLClient_H_
    29 
    35 class SSLClient : public Client {
    36 public:
    45  enum Error {
    46  SSL_OK = 0,
    48  SSL_CLIENT_CONNECT_FAIL = 2,
    50  SSL_BR_CONNECT_FAIL = 3,
    52  SSL_CLIENT_WRTIE_ERROR = 4,
    54  SSL_BR_WRITE_ERROR = 5,
    56  SSL_INTERNAL_ERROR = 6,
    58  SSL_OUT_OF_MEMORY = 7
    59  };
    60 
    67  enum DebugLevel {
    69  SSL_NONE = 0,
    71  SSL_ERROR = 1,
    73  SSL_WARN = 2,
    75  SSL_INFO = 3,
    76  };
    77 
    95  explicit SSLClient( Client& client,
    96  const br_x509_trust_anchor *trust_anchors,
    97  const size_t trust_anchors_num,
    98  const int analog_pin,
    99  const size_t max_sessions = 1,
    100  const DebugLevel debug = SSL_WARN);
    101 
    102  //========================================
    103  //= Functions implemented in SSLClient.cpp
    104  //========================================
    105 
    145  int connect(IPAddress ip, uint16_t port) override;
    146 
    183  int connect(const char *host, uint16_t port) override;
    184 
    208  size_t write(const uint8_t *buf, size_t size) override;
    210  size_t write(uint8_t b) override { return write(&b, 1); }
    211 
    230  int available() override;
    231 
    253  int read(uint8_t *buf, size_t size) override;
    258  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
    259 
    268  int peek() override;
    269 
    277  void flush() override;
    278 
    287  void stop() override;
    288 
    302  uint8_t connected() override;
    303 
    304  //========================================
    305  //= Functions Not in the Client Interface
    306  //========================================
    307 
    316  void setMutualAuthParams(const SSLClientParameters* params);
    317 
    332  SSLSession* getSession(const char* host);
    333 
    342  void removeSession(const char* host);
    343 
    349  size_t getSessionCount() const { return m_sessions.size(); }
    350 
    356  operator bool() { return connected() > 0; }
    357 
    359  Client& getClient() { return m_client; }
    360 
    365  void setTimeout(unsigned int t) { m_timeout = t; }
    366 
    371  unsigned int getTimeout() const { return m_timeout; }
    372 
    373 private:
    375  Client& get_arduino_client() { return m_client; }
    376  const Client& get_arduino_client() const { return m_client; }
    377 
    379  bool m_soft_connected(const char* func_name);
    381  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
    383  int m_run_until(const unsigned target);
    385  unsigned m_update_engine();
    387  int m_get_session_index(const char* host) const;
    388 
    390  void m_print_prefix(const char* func_name, const DebugLevel level) const;
    391 
    393  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
    394 
    396  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
    397 
    399  template<typename T>
    400  void m_print(const T str, const char* func_name, const DebugLevel level) const {
    401  // check the current debug level and serial status
    402  if (level > m_debug || !Serial) return;
    403  // print prefix
    404  m_print_prefix(func_name, level);
    405  // print the message
    406  Serial.println(str);
    407  }
    408 
    410  template<typename T>
    411  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
    412 
    413  template<typename T>
    414  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
    415 
    416  template<typename T>
    417  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
    418 
    419  //============================================
    420  //= Data Members
    421  //============================================
    422  // create a reference the client
    423  Client& m_client;
    424  // also store an array of SSLSessions, so we can resume communication with multiple websites
    425  std::vector<SSLSession> m_sessions;
    426  // as well as the maximmum number of sessions we can store
    427  const size_t m_max_sessions;
    428  // store the pin to fetch an RNG see from
    429  const int m_analog_pin;
    430  // store whether to enable debug logging
    431  const DebugLevel m_debug;
    432  // store if we are connected in bearssl or not
    433  bool m_is_connected;
    434  // store the timeout for SSL internals
    435  unsigned int m_timeout;
    436  // store the context values required for SSL
    437  br_ssl_client_context m_sslctx;
    438  br_x509_minimal_context m_x509ctx;
    439  // use a mono-directional buffer by default to cut memory in half
    440  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
    441  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
    442  // simply edit this value to change the buffer size to the desired value
    443  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
    444  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
    452  unsigned char m_iobuf[2048];
    453  // store the index of where we are writing in the buffer
    454  // so we can send our records all at once to prevent
    455  // weird timing issues
    456  size_t m_write_idx;
    457 };
    458 
    459 #endif
    SSLClient::connected
    uint8_t connected() override
    Check if the device is connected.
    Definition: SSLClient.cpp:259
    SSLClient::SSL_OUT_OF_MEMORY
    Definition: SSLClient.h:58
    SSLSession
    This class stores values which allow SSLClient to save and resume SSL sessions.
    Definition: SSLSession.h:51
    +
    SSLClient::setTimeout
    void setTimeout(unsigned int t)
    Set the timeout when waiting for an SSL response.
    Definition: SSLClient.h:365
    SSLClient::SSL_CLIENT_CONNECT_FAIL
    Definition: SSLClient.h:48
    SSLClient::SSL_INFO
    Definition: SSLClient.h:75
    SSLClient::SSL_BR_WRITE_ERROR
    Definition: SSLClient.h:54
    -
    SSLClient::SSLClient
    SSLClient(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)
    Initialize SSLClient with all of the prerequisites needed.
    Definition: SSLClient.cpp:55
    -
    SSLClient::flush
    void flush() override
    Force writing the buffered bytes from SSLClient::write to the network.
    Definition: SSLClient.cpp:221
    -
    SSLClient::getSession
    SSLSession * getSession(const char *host)
    Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
    Definition: SSLClient.cpp:285
    +
    SSLClient::SSLClient
    SSLClient(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)
    Initialize SSLClient with all of the prerequisites needed.
    Definition: SSLClient.cpp:60
    +
    SSLClient::flush
    void flush() override
    Force writing the buffered bytes from SSLClient::write to the network.
    Definition: SSLClient.cpp:226
    +
    SSLClient::getSession
    SSLSession * getSession(const char *host)
    Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
    Definition: SSLClient.cpp:290
    SSLClientParameters
    This struct stores data required for SSLClient to use mutual authentication.
    Definition: SSLClientParameters.h:52
    -
    SSLClient::setMutualAuthParams
    void setMutualAuthParams(const SSLClientParameters *params)
    Add a client certificate and enable support for mutual auth.
    Definition: SSLClient.cpp:309
    -
    SSLClient::available
    int available() override
    Returns the number of bytes available to read from the data that has been received and decrypted.
    Definition: SSLClient.cpp:173
    +
    SSLClient::setMutualAuthParams
    void setMutualAuthParams(const SSLClientParameters *params)
    Add a client certificate and enable support for mutual auth.
    Definition: SSLClient.cpp:314
    +
    SSLClient::available
    int available() override
    Returns the number of bytes available to read from the data that has been received and decrypted.
    Definition: SSLClient.cpp:178
    SSLClient
    The main SSLClient class. Check out README.md for more info.
    Definition: SSLClient.h:35
    SSLClient::SSL_WARN
    Definition: SSLClient.h:73
    -
    SSLClient::stop
    void stop() override
    Close the connection.
    Definition: SSLClient.cpp:227
    +
    SSLClient::stop
    void stop() override
    Close the connection.
    Definition: SSLClient.cpp:232
    SSLClient::SSL_ERROR
    Definition: SSLClient.h:71
    -
    SSLClient::connect
    int connect(IPAddress ip, uint16_t port) override
    Connect over SSL to a host specified by an IP address.
    Definition: SSLClient.cpp:82
    -
    SSLClient::write
    size_t write(const uint8_t *buf, size_t size) override
    Write some bytes to the SSL connection.
    Definition: SSLClient.cpp:130
    +
    SSLClient::connect
    int connect(IPAddress ip, uint16_t port) override
    Connect over SSL to a host specified by an IP address.
    Definition: SSLClient.cpp:87
    +
    SSLClient::write
    size_t write(const uint8_t *buf, size_t size) override
    Write some bytes to the SSL connection.
    Definition: SSLClient.cpp:135
    SSLClient::read
    int read() override
    Read a single byte, or -1 if none is available.
    Definition: SSLClient.h:258
    SSLClient::Error
    Error
    Static constants defining the possible errors encountered.
    Definition: SSLClient.h:45
    SSLClient::SSL_CLIENT_WRTIE_ERROR
    Definition: SSLClient.h:52
    SSLClient::DebugLevel
    DebugLevel
    Level of verbosity used in logging for SSLClient.
    Definition: SSLClient.h:67
    SSLClient::getSessionCount
    size_t getSessionCount() const
    Get the maximum number of SSL sessions that can be stored at once.
    Definition: SSLClient.h:349
    -
    SSLClient::peek
    int peek() override
    View the first byte of the buffer, without removing it from the SSLClient Buffer.
    Definition: SSLClient.cpp:209
    +
    SSLClient::peek
    int peek() override
    View the first byte of the buffer, without removing it from the SSLClient Buffer.
    Definition: SSLClient.cpp:214
    SSLClientParameters.h
    SSLClient::SSL_BR_CONNECT_FAIL
    Definition: SSLClient.h:50
    SSLSession.h
    SSLClient::write
    size_t write(uint8_t b) override
    Definition: SSLClient.h:210
    SSLClient::getClient
    Client & getClient()
    Returns a reference to the client object stored in this class. Take care not to break it.
    Definition: SSLClient.h:359
    -
    SSLClient::removeSession
    void removeSession(const char *host)
    Clear the session corresponding to a host and IP.
    Definition: SSLClient.cpp:298
    +
    SSLClient::removeSession
    void removeSession(const char *host)
    Clear the session corresponding to a host and IP.
    Definition: SSLClient.cpp:303
    +
    SSLClient::getTimeout
    unsigned int getTimeout() const
    Get the timeout when waiting for an SSL response.
    Definition: SSLClient.h:371
    SSLObj.h
    SSLClient::SSL_NONE
    Definition: SSLClient.h:69
    SSLClient::SSL_OK
    Definition: SSLClient.h:46
    diff --git a/docs/html/_s_s_l_client_parameters_8h.html b/docs/html/_s_s_l_client_parameters_8h.html index 47a5896..2647c40 100644 --- a/docs/html/_s_s_l_client_parameters_8h.html +++ b/docs/html/_s_s_l_client_parameters_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_parameters_8h_source.html b/docs/html/_s_s_l_client_parameters_8h_source.html index 6dedaae..7d928bd 100644 --- a/docs/html/_s_s_l_client_parameters_8h_source.html +++ b/docs/html/_s_s_l_client_parameters_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8cpp.html b/docs/html/_s_s_l_obj_8cpp.html index 87fdb40..0a2fc2f 100644 --- a/docs/html/_s_s_l_obj_8cpp.html +++ b/docs/html/_s_s_l_obj_8cpp.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8h.html b/docs/html/_s_s_l_obj_8h.html index c788182..c027151 100644 --- a/docs/html/_s_s_l_obj_8h.html +++ b/docs/html/_s_s_l_obj_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8h_source.html b/docs/html/_s_s_l_obj_8h_source.html index b7f9b53..31eaa8d 100644 --- a/docs/html/_s_s_l_obj_8h_source.html +++ b/docs/html/_s_s_l_obj_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_session_8h.html b/docs/html/_s_s_l_session_8h.html index 17d678f..e6b2880 100644 --- a/docs/html/_s_s_l_session_8h.html +++ b/docs/html/_s_s_l_session_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_session_8h_source.html b/docs/html/_s_s_l_session_8h_source.html index 32ea911..11dbedc 100644 --- a/docs/html/_s_s_l_session_8h_source.html +++ b/docs/html/_s_s_l_session_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_t_l_s12__only__profile_8c.html b/docs/html/_t_l_s12__only__profile_8c.html index 176afce..c10b9ff 100644 --- a/docs/html/_t_l_s12__only__profile_8c.html +++ b/docs/html/_t_l_s12__only__profile_8c.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_trust_anchors_8md.html b/docs/html/_trust_anchors_8md.html index 3f11130..2224d5f 100644 --- a/docs/html/_trust_anchors_8md.html +++ b/docs/html/_trust_anchors_8md.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/annotated.html b/docs/html/annotated.html index 04e5b27..d9cbd2e 100644 --- a/docs/html/annotated.html +++ b/docs/html/annotated.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/cert_8h.html b/docs/html/cert_8h.html index cb19e45..7119de4 100644 --- a/docs/html/cert_8h.html +++ b/docs/html/cert_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/cert_8h_source.html b/docs/html/cert_8h_source.html index caac9ef..98ce4e3 100644 --- a/docs/html/cert_8h_source.html +++ b/docs/html/cert_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_client-members.html b/docs/html/class_s_s_l_client-members.html index 02df105..9bd680d 100644 --- a/docs/html/class_s_s_l_client-members.html +++ b/docs/html/class_s_s_l_client-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    @@ -104,12 +104,14 @@ $(document).ready(function(){initNavTree('class_s_s_l_client.html','');}); getClient()SSLClientinline getSession(const char *host)SSLClient getSessionCount() constSSLClientinline - operator bool()SSLClientinline - peek() overrideSSLClient - read(uint8_t *buf, size_t size) overrideSSLClient - read() overrideSSLClientinline - removeSession(const char *host)SSLClient - setMutualAuthParams(const SSLClientParameters *params)SSLClient + getTimeout() constSSLClientinline + operator bool()SSLClientinline + peek() overrideSSLClient + read(uint8_t *buf, size_t size) overrideSSLClient + read() overrideSSLClientinline + removeSession(const char *host)SSLClient + setMutualAuthParams(const SSLClientParameters *params)SSLClient + setTimeout(unsigned int t)SSLClientinline SSL_BR_CONNECT_FAIL enum valueSSLClient SSL_BR_WRITE_ERROR enum valueSSLClient SSL_CLIENT_CONNECT_FAIL enum valueSSLClient diff --git a/docs/html/class_s_s_l_client.html b/docs/html/class_s_s_l_client.html index 62f1993..8c54357 100644 --- a/docs/html/class_s_s_l_client.html +++ b/docs/html/class_s_s_l_client.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    @@ -185,6 +185,12 @@ Public Member Functions Client & getClient ()  Returns a reference to the client object stored in this class. Take care not to break it. More...
      +void setTimeout (unsigned int t) + Set the timeout when waiting for an SSL response. More...
    +  +unsigned int getTimeout () const + Get the timeout when waiting for an SSL response. More...

    Detailed Description

    The main SSLClient class. Check out README.md for more info.

    @@ -612,6 +618,34 @@ There must be a trust anchor given to the constructor that corresponds to the ce

    Get the maximum number of SSL sessions that can be stored at once.

    Returns
    The SessionCache template parameter.
    +
    +
    + +

    ◆ getTimeout()

    + +
    +
    + + + + + +
    + + + + + + + +
    unsigned int SSLClient::getTimeout () const
    +     		+inline
    +
    + +

    Get the timeout when waiting for an SSL response.

    +
    Returns
    The timeout value in milliseconds.
    +
    @@ -797,6 +831,40 @@ There must be a trust anchor given to the constructor that corresponds to the ce

    Please ensure that the values in params are valid for the lifetime of SSLClient. You may want to make them global constants.

    Precondition
    SSLClient has not already started an SSL connection.
    +
    +
    + +

    ◆ setTimeout()

    + +
    +
    + + + + + +
    + + + + + + + + +
    void SSLClient::setTimeout (unsigned int t)
    +     		+inline
    +
    + +

    Set the timeout when waiting for an SSL response.

    +
    Parameters
    + + +
    tThe timeout value, in milliseconds (defaults to 30 seconds if not set). Do not set to zero.
    +
    +
    +
    diff --git a/docs/html/class_s_s_l_client.js b/docs/html/class_s_s_l_client.js index 8b45e37..d2eadc2 100644 --- a/docs/html/class_s_s_l_client.js +++ b/docs/html/class_s_s_l_client.js @@ -24,12 +24,14 @@ var class_s_s_l_client = [ "getClient", "class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21", null ], [ "getSession", "class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3", null ], [ "getSessionCount", "class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22", null ], + [ "getTimeout", "class_s_s_l_client.html#a2a178251978e0622f7e241da702ae498", null ], [ "operator bool", "class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b", null ], [ "peek", "class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86", null ], [ "read", "class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95", null ], [ "read", "class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb", null ], [ "removeSession", "class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4", null ], [ "setMutualAuthParams", "class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29", null ], + [ "setTimeout", "class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae", null ], [ "stop", "class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe", null ], [ "write", "class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86", null ], [ "write", "class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d", null ] diff --git a/docs/html/class_s_s_l_session-members.html b/docs/html/class_s_s_l_session-members.html index 1e878f3..f3b1d0e 100644 --- a/docs/html/class_s_s_l_session-members.html +++ b/docs/html/class_s_s_l_session-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_session.html b/docs/html/class_s_s_l_session.html index 454052a..917abdc 100644 --- a/docs/html/class_s_s_l_session.html +++ b/docs/html/class_s_s_l_session.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/classes.html b/docs/html/classes.html index 28e3204..b6041e9 100644 --- a/docs/html/classes.html +++ b/docs/html/classes.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html index 0a0a250..825ca7b 100644 --- a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html +++ b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html index b1509c0..456518e 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html index 9cc7f6a..d5e0dd3 100644 --- a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html +++ b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html index a201518..5d8ba54 100644 --- a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html +++ b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html index f42bc8d..16f74f7 100644 --- a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html +++ b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/ec__prime__fast__256_8c.html b/docs/html/ec__prime__fast__256_8c.html index bb4d6f9..7699c72 100644 --- a/docs/html/ec__prime__fast__256_8c.html +++ b/docs/html/ec__prime__fast__256_8c.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/files.html b/docs/html/files.html index d51797c..cf9a5ac 100644 --- a/docs/html/files.html +++ b/docs/html/files.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions.html b/docs/html/functions.html index 4e11d63..85678f0 100644 --- a/docs/html/functions.html +++ b/docs/html/functions.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    @@ -149,6 +149,9 @@ $(document).ready(function(){initNavTree('functions.html','');});
  • getSessionCount() : SSLClient
    • +
  • getTimeout() +: SSLClient +
    • @@ -187,6 +190,9 @@ $(document).ready(function(){initNavTree('functions.html','');});
  • setMutualAuthParams() : SSLClient
    • +
  • setTimeout() +: SSLClient +
  • SSL_BR_CONNECT_FAIL : SSLClient
    • diff --git a/docs/html/functions_enum.html b/docs/html/functions_enum.html index a59822a..37cf15a 100644 --- a/docs/html/functions_enum.html +++ b/docs/html/functions_enum.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_eval.html b/docs/html/functions_eval.html index 77c9361..2e9b13d 100644 --- a/docs/html/functions_eval.html +++ b/docs/html/functions_eval.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_func.html b/docs/html/functions_func.html index d277946..581a9bf 100644 --- a/docs/html/functions_func.html +++ b/docs/html/functions_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    @@ -112,6 +112,9 @@ $(document).ready(function(){initNavTree('functions_func.html','');});
  • getSessionCount() : SSLClient
    • +
  • getTimeout() +: SSLClient +
  • operator bool() : SSLClient
    • @@ -127,6 +130,9 @@ $(document).ready(function(){initNavTree('functions_func.html','');});
  • setMutualAuthParams() : SSLClient
    • +
  • setTimeout() +: SSLClient +
  • SSLClient() : SSLClient
    • diff --git a/docs/html/functions_vars.html b/docs/html/functions_vars.html index 55e1d11..a8687fc 100644 --- a/docs/html/functions_vars.html +++ b/docs/html/functions_vars.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals.html b/docs/html/globals.html index fd21b44..c2e3cd5 100644 --- a/docs/html/globals.html +++ b/docs/html/globals.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_defs.html b/docs/html/globals_defs.html index bbdd3d3..0b0d8dc 100644 --- a/docs/html/globals_defs.html +++ b/docs/html/globals_defs.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_func.html b/docs/html/globals_func.html index 57f26c1..739b50a 100644 --- a/docs/html/globals_func.html +++ b/docs/html/globals_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_vars.html b/docs/html/globals_vars.html index e2e73c4..66a165d 100644 --- a/docs/html/globals_vars.html +++ b/docs/html/globals_vars.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/hierarchy.html b/docs/html/hierarchy.html index 59aaf82..35e7bf0 100644 --- a/docs/html/hierarchy.html +++ b/docs/html/hierarchy.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/index.html b/docs/html/index.html index 6a02e39..ebde966 100644 --- a/docs/html/index.html +++ b/docs/html/index.html @@ -5,7 +5,7 @@ -SSLClient: SSLClient - Arduino Library For SSL +SSLClient: SSLClient @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    @@ -88,7 +88,7 @@ $(document).ready(function(){initNavTree('index.html','');});
    -
    SSLClient - Arduino Library For SSL
    +
    SSLClient

    Build Status @@ -115,8 +115,7 @@ $(document).ready(function(){initNavTree('index.html','');});

    For more information on SSLClient, check out the examples, API documentation, or the rest of this README.

    How It Works

    -

    SSLClient was created to integrate SSL seamlessly with the Arduino infrastructure, and so it does just that: implementing the brilliant BearSSL as a proxy in front of any Arduino socket library. BearSSL is designed with low flash footprint in mind, and as a result does little verification of improper programming, relying on the developer to ensure the code is correct. Since SSLClient is built specifically for the Arduino ecosystem, most of the code adds those programming checks back in, making debugging a fast and simple process. The rest manages the state of BearSSL, and ensures a manageable memory footprint.

    -

    Additionally, the bulk of SSLClient is split into two components: a template class SSLClient, and an implementation class SSLClientImpl. The template class serves to abstract some functions not implemented in the Arduino Client interface (such as EthernetClient::remoteIP), and the implementation class is the rest of the SSLClient library.

    +

    SSLClient was created to integrate SSL seamlessly with the Arduino infrastructure, and so it does just that: implementing the brilliant BearSSL as a proxy in front of any Arduino socket library. BearSSL is designed with low flash footprint in mind, and as a result does little verification of improper programming, relying on the developer to ensure the code is correct. Since SSLClient is built specifically for the Arduino ecosystem, most of SSLClient's code adds those programming checks back in, making debugging a fast and simple process.

    Other Features

    Logging

    SSLClient also allows for changing the debugging level by adding an additional parameter to the constructor:

    {C++}
    EthernetClient baseClient;
    SSLClient client(baseClient, TAs, (size_t)2, A7, 1, SSLClient::SSL_INFO);

    Logging is always outputted through the Arduino Serial interface, so you'll need to setup Serial before you can view the SSL logs. Log levels are enumerated in ::DebugLevel. The log level is set to SSL_WARN by default.

    diff --git a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html index 71718cb..e5b45f8 100644 --- a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html +++ b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespace_s_s_l_obj.html b/docs/html/namespace_s_s_l_obj.html index 236cda0..057d37a 100644 --- a/docs/html/namespace_s_s_l_obj.html +++ b/docs/html/namespace_s_s_l_obj.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespacemembers.html b/docs/html/namespacemembers.html index 361e57e..2f32e3b 100644 --- a/docs/html/namespacemembers.html +++ b/docs/html/namespacemembers.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespacemembers_func.html b/docs/html/namespacemembers_func.html index ba602f5..59c906e 100644 --- a/docs/html/namespacemembers_func.html +++ b/docs/html/namespacemembers_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespaces.html b/docs/html/namespaces.html index f7b1ebe..3f434c7 100644 --- a/docs/html/namespaces.html +++ b/docs/html/namespaces.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/navtreedata.js b/docs/html/navtreedata.js index 10bfff6..8d74ad1 100644 --- a/docs/html/navtreedata.js +++ b/docs/html/navtreedata.js @@ -24,7 +24,6 @@ for the JavaScript code in this file var NAVTREE = [ [ "SSLClient", "index.html", [ - [ "SSLClient - Arduino Library For SSL", "index.html", null ], [ "Trust Anchors", "md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html", null ], [ "Namespaces", "namespaces.html", [ [ "Namespace List", "namespaces.html", "namespaces_dup" ], diff --git a/docs/html/navtreeindex0.js b/docs/html/navtreeindex0.js index 5640f49..55158e2 100644 --- a/docs/html/navtreeindex0.js +++ b/docs/html/navtreeindex0.js @@ -1,120 +1,121 @@ var NAVTREEINDEX0 = { -"_s_s_l_client_8cpp.html":[4,0,2,1], -"_s_s_l_client_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56":[4,0,2,1,0], -"_s_s_l_client_8h.html":[4,0,2,2], -"_s_s_l_client_8h_source.html":[4,0,2,2], -"_s_s_l_client_parameters_8h.html":[4,0,2,3], -"_s_s_l_client_parameters_8h_source.html":[4,0,2,3], -"_s_s_l_obj_8cpp.html":[4,0,2,4], -"_s_s_l_obj_8h.html":[4,0,2,5], -"_s_s_l_obj_8h.html#a9a58d01c9073b90f2b42c655828aea6d":[4,0,2,5,0], -"_s_s_l_obj_8h_source.html":[4,0,2,5], -"_s_s_l_session_8h.html":[4,0,2,6], -"_s_s_l_session_8h_source.html":[4,0,2,6], -"_t_l_s12__only__profile_8c.html":[4,0,2,8], -"_t_l_s12__only__profile_8c.html#a32c8112a1c37ba21a05952eeefc435f3":[4,0,2,8,0], -"annotated.html":[3,0], -"cert_8h.html":[4,0,1,0], -"cert_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[4,0,1,0,0], -"cert_8h_source.html":[4,0,1,0], -"class_s_s_l_client.html":[3,0,1], -"class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86":[3,0,1,18], -"class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86":[3,0,1,12], -"class_s_s_l_client.html#a0e775669b4a040fbd3f281dcbcd2de78":[3,0,1,3], -"class_s_s_l_client.html#a248a5152cc3c3e7666bf5443bfd57c90":[3,0,1,5], -"class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3":[3,0,1,9], -"class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b":[3,0,1,11], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6cea":[3,0,1,1], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa0a4f8af0226cf29ede8f6fe4a9047b08":[3,0,1,1,6], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa18dbddc0a3d4a94ee0f298fe55a06a94":[3,0,1,1,0], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016":[3,0,1,1,4], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5":[3,0,1,1,2], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd":[3,0,1,1,1], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaab8581e1172fbf15067d435706d3a03a8":[3,0,1,1,3], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaaf66f8d5f6601f9e7607b78bf7a07fc84":[3,0,1,1,5], -"class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95":[3,0,1,13], -"class_s_s_l_client.html#a5488f01ccfddfd9e41f54dfbda48bcae":[3,0,1,6], -"class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376":[3,0,1,2], -"class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d":[3,0,1,19], -"class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21":[3,0,1,8], -"class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29":[3,0,1,16], -"class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c":[3,0,1,7], -"class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3":[3,0,1,4], -"class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4":[3,0,1,15], -"class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe":[3,0,1,17], -"class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22":[3,0,1,10], -"class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb":[3,0,1,14], -"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1":[3,0,1,0], -"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a199742ec5c99c72d9cede1fda0f125c5":[3,0,1,0,1], -"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a24122d1e1bb724237f305a0b4a21ff75":[3,0,1,0,0], -"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a26f3e5f1481f3ea22ea4ab5370b0fa97":[3,0,1,0,2], -"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a8d5f7561f9cc0a2f3e5f362b02f4a5b2":[3,0,1,0,3], -"class_s_s_l_session.html":[3,0,3], -"class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74":[3,0,3,0], -"class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820":[3,0,3,1], -"class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc":[3,0,3,2], -"classes.html":[3,1], -"dir_386349f6a9bc1e2cd0767d257d5e5b91.html":[4,0,0,1], -"dir_68267d1309a1af8e8297ef4c3efbcdba.html":[4,0,2], -"dir_9c42dc81377249a918256dbb9cfb2167.html":[4,0,0,0], -"dir_d28a4824dc47e487b107a5db32ef43c4.html":[4,0,0], -"dir_dfc5a9f91fbfb9426c406a3f10131a54.html":[4,0,1], -"ec__prime__fast__256_8c.html":[4,0,2,0], -"ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab":[4,0,2,0,0], -"files.html":[4,0], -"functions.html":[3,3,0], -"functions_enum.html":[3,3,3], -"functions_eval.html":[3,3,4], -"functions_func.html":[3,3,1], -"functions_vars.html":[3,3,2], -"globals.html":[4,1,0], -"globals_defs.html":[4,1,3], -"globals_func.html":[4,1,1], -"globals_vars.html":[4,1,2], -"hierarchy.html":[3,2], +"_s_s_l_client_8cpp.html":[3,0,2,1], +"_s_s_l_client_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56":[3,0,2,1,0], +"_s_s_l_client_8h.html":[3,0,2,2], +"_s_s_l_client_8h_source.html":[3,0,2,2], +"_s_s_l_client_parameters_8h.html":[3,0,2,3], +"_s_s_l_client_parameters_8h_source.html":[3,0,2,3], +"_s_s_l_obj_8cpp.html":[3,0,2,4], +"_s_s_l_obj_8h.html":[3,0,2,5], +"_s_s_l_obj_8h.html#a9a58d01c9073b90f2b42c655828aea6d":[3,0,2,5,0], +"_s_s_l_obj_8h_source.html":[3,0,2,5], +"_s_s_l_session_8h.html":[3,0,2,6], +"_s_s_l_session_8h_source.html":[3,0,2,6], +"_t_l_s12__only__profile_8c.html":[3,0,2,8], +"_t_l_s12__only__profile_8c.html#a32c8112a1c37ba21a05952eeefc435f3":[3,0,2,8,0], +"annotated.html":[2,0], +"cert_8h.html":[3,0,1,0], +"cert_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[3,0,1,0,0], +"cert_8h_source.html":[3,0,1,0], +"class_s_s_l_client.html":[2,0,1], +"class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86":[2,0,1,20], +"class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86":[2,0,1,13], +"class_s_s_l_client.html#a0e775669b4a040fbd3f281dcbcd2de78":[2,0,1,3], +"class_s_s_l_client.html#a248a5152cc3c3e7666bf5443bfd57c90":[2,0,1,5], +"class_s_s_l_client.html#a2a178251978e0622f7e241da702ae498":[2,0,1,11], +"class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3":[2,0,1,9], +"class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b":[2,0,1,12], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6cea":[2,0,1,1], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa0a4f8af0226cf29ede8f6fe4a9047b08":[2,0,1,1,6], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa18dbddc0a3d4a94ee0f298fe55a06a94":[2,0,1,1,0], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016":[2,0,1,1,4], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5":[2,0,1,1,2], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd":[2,0,1,1,1], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaab8581e1172fbf15067d435706d3a03a8":[2,0,1,1,3], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaaf66f8d5f6601f9e7607b78bf7a07fc84":[2,0,1,1,5], +"class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95":[2,0,1,14], +"class_s_s_l_client.html#a5488f01ccfddfd9e41f54dfbda48bcae":[2,0,1,6], +"class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376":[2,0,1,2], +"class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d":[2,0,1,21], +"class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae":[2,0,1,18], +"class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21":[2,0,1,8], +"class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29":[2,0,1,17], +"class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c":[2,0,1,7], +"class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3":[2,0,1,4], +"class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4":[2,0,1,16], +"class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe":[2,0,1,19], +"class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22":[2,0,1,10], +"class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb":[2,0,1,15], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1":[2,0,1,0], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a199742ec5c99c72d9cede1fda0f125c5":[2,0,1,0,1], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a24122d1e1bb724237f305a0b4a21ff75":[2,0,1,0,0], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a26f3e5f1481f3ea22ea4ab5370b0fa97":[2,0,1,0,2], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a8d5f7561f9cc0a2f3e5f362b02f4a5b2":[2,0,1,0,3], +"class_s_s_l_session.html":[2,0,3], +"class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74":[2,0,3,0], +"class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820":[2,0,3,1], +"class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc":[2,0,3,2], +"classes.html":[2,1], +"dir_386349f6a9bc1e2cd0767d257d5e5b91.html":[3,0,0,1], +"dir_68267d1309a1af8e8297ef4c3efbcdba.html":[3,0,2], +"dir_9c42dc81377249a918256dbb9cfb2167.html":[3,0,0,0], +"dir_d28a4824dc47e487b107a5db32ef43c4.html":[3,0,0], +"dir_dfc5a9f91fbfb9426c406a3f10131a54.html":[3,0,1], +"ec__prime__fast__256_8c.html":[3,0,2,0], +"ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab":[3,0,2,0,0], +"files.html":[3,0], +"functions.html":[2,3,0], +"functions_enum.html":[2,3,3], +"functions_eval.html":[2,3,4], +"functions_func.html":[2,3,1], +"functions_vars.html":[2,3,2], +"globals.html":[3,1,0], +"globals_defs.html":[3,1,3], +"globals_func.html":[3,1,1], +"globals_vars.html":[3,1,2], +"hierarchy.html":[2,2], "index.html":[], -"index.html":[0], -"md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html":[1], -"namespace_s_s_l_obj.html":[2,0,0], -"namespacemembers.html":[2,1,0], -"namespacemembers_func.html":[2,1,1], -"namespaces.html":[2,0], +"md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html":[0], +"namespace_s_s_l_obj.html":[1,0,0], +"namespacemembers.html":[1,1,0], +"namespacemembers_func.html":[1,1,1], +"namespaces.html":[1,0], "pages.html":[], -"struct_s_s_l_client_parameters.html":[3,0,2], -"struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95":[3,0,2,1], -"struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2":[3,0,2,0], -"struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449":[3,0,2,2], -"structssl__pem__decode__state.html":[3,0,0], -"structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3":[3,0,0,0], -"structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9":[3,0,0,1], -"time__macros_8h.html":[4,0,2,7], -"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[4,0,2,7,19], -"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[4,0,2,7,14], -"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[4,0,2,7,1], -"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[4,0,2,7,20], -"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[4,0,2,7,16], -"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[4,0,2,7,4], -"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[4,0,2,7,15], -"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[4,0,2,7,13], -"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[4,0,2,7,5], -"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[4,0,2,7,8], -"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[4,0,2,7,0], -"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[4,0,2,7,6], -"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[4,0,2,7,18], -"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[4,0,2,7,12], -"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[4,0,2,7,11], -"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[4,0,2,7,2], -"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[4,0,2,7,7], -"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[4,0,2,7,17], -"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[4,0,2,7,3], -"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[4,0,2,7,9], -"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[4,0,2,7,10], -"time__macros_8h_source.html":[4,0,2,7], -"trust__anchors_8h.html":[4,0,0,0,0], -"trust__anchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[4,0,0,0,0,0], -"trust__anchors_8h_source.html":[4,0,0,0,0], -"trustanchors_8h.html":[4,0,0,1,0], -"trustanchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[4,0,0,1,0,0], -"trustanchors_8h_source.html":[4,0,0,1,0] +"struct_s_s_l_client_parameters.html":[2,0,2], +"struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95":[2,0,2,1], +"struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2":[2,0,2,0], +"struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449":[2,0,2,2], +"structssl__pem__decode__state.html":[2,0,0], +"structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3":[2,0,0,0], +"structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9":[2,0,0,1], +"time__macros_8h.html":[3,0,2,7], +"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[3,0,2,7,19], +"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[3,0,2,7,14], +"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[3,0,2,7,1], +"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[3,0,2,7,20], +"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[3,0,2,7,16], +"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[3,0,2,7,4], +"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[3,0,2,7,15], +"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[3,0,2,7,13], +"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[3,0,2,7,5], +"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[3,0,2,7,8], +"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[3,0,2,7,0], +"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[3,0,2,7,6], +"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[3,0,2,7,18], +"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[3,0,2,7,12], +"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[3,0,2,7,11], +"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[3,0,2,7,2], +"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[3,0,2,7,7], +"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[3,0,2,7,17], +"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[3,0,2,7,3], +"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[3,0,2,7,9], +"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[3,0,2,7,10], +"time__macros_8h_source.html":[3,0,2,7], +"trust__anchors_8h.html":[3,0,0,0,0], +"trust__anchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[3,0,0,0,0,0], +"trust__anchors_8h_source.html":[3,0,0,0,0], +"trustanchors_8h.html":[3,0,0,1,0], +"trustanchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[3,0,0,1,0,0], +"trustanchors_8h_source.html":[3,0,0,1,0] }; diff --git a/docs/html/pages.html b/docs/html/pages.html index 64f2340..6e99f9f 100644 --- a/docs/html/pages.html +++ b/docs/html/pages.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/search/all_7.js b/docs/html/search/all_7.js index 48ec004..e8142e4 100644 --- a/docs/html/search/all_7.js +++ b/docs/html/search/all_7.js @@ -4,5 +4,6 @@ var searchData= ['get_5fmonth',['GET_MONTH',['../time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994',1,'time_macros.h']]], ['getclient',['getClient',['../class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21',1,'SSLClient']]], ['getsession',['getSession',['../class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3',1,'SSLClient']]], - ['getsessioncount',['getSessionCount',['../class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22',1,'SSLClient']]] + ['getsessioncount',['getSessionCount',['../class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22',1,'SSLClient']]], + ['gettimeout',['getTimeout',['../class_s_s_l_client.html#a2a178251978e0622f7e241da702ae498',1,'SSLClient']]] ]; diff --git a/docs/html/search/all_d.js b/docs/html/search/all_d.js index cf50882..1b4cde8 100644 --- a/docs/html/search/all_d.js +++ b/docs/html/search/all_d.js @@ -1,11 +1,12 @@ var searchData= [ - ['sslclient_20_2d_20arduino_20library_20for_20ssl',['SSLClient - Arduino Library For SSL',['../index.html',1,'']]], + ['sslclient',['SSLClient',['../index.html',1,'']]], ['sec_5fper_5fday',['SEC_PER_DAY',['../time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2',1,'time_macros.h']]], ['sec_5fper_5fhour',['SEC_PER_HOUR',['../time__macros_8h.html#a2d540510d5860d7f190d13124956bc57',1,'time_macros.h']]], ['sec_5fper_5fmin',['SEC_PER_MIN',['../time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76',1,'time_macros.h']]], ['sec_5fper_5fyear',['SEC_PER_YEAR',['../time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9',1,'time_macros.h']]], ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29',1,'SSLClient']]], + ['settimeout',['setTimeout',['../class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae',1,'SSLClient']]], ['ssl_5fbr_5fconnect_5ffail',['SSL_BR_CONNECT_FAIL',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5',1,'SSLClient']]], ['ssl_5fbr_5fwrite_5ferror',['SSL_BR_WRITE_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016',1,'SSLClient']]], ['ssl_5fclient_5fconnect_5ffail',['SSL_CLIENT_CONNECT_FAIL',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd',1,'SSLClient']]], diff --git a/docs/html/search/functions_4.js b/docs/html/search/functions_4.js index d68b4de..7554e48 100644 --- a/docs/html/search/functions_4.js +++ b/docs/html/search/functions_4.js @@ -3,5 +3,6 @@ var searchData= ['get_5fhostname',['get_hostname',['../class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820',1,'SSLSession']]], ['getclient',['getClient',['../class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21',1,'SSLClient']]], ['getsession',['getSession',['../class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3',1,'SSLClient']]], - ['getsessioncount',['getSessionCount',['../class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22',1,'SSLClient']]] + ['getsessioncount',['getSessionCount',['../class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22',1,'SSLClient']]], + ['gettimeout',['getTimeout',['../class_s_s_l_client.html#a2a178251978e0622f7e241da702ae498',1,'SSLClient']]] ]; diff --git a/docs/html/search/functions_9.js b/docs/html/search/functions_9.js index 5e05068..d2a5842 100644 --- a/docs/html/search/functions_9.js +++ b/docs/html/search/functions_9.js @@ -1,6 +1,7 @@ var searchData= [ ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29',1,'SSLClient']]], + ['settimeout',['setTimeout',['../class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae',1,'SSLClient']]], ['sslclient',['SSLClient',['../class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376',1,'SSLClient']]], ['sslsession',['SSLSession',['../class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74',1,'SSLSession']]], ['stop',['stop',['../class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe',1,'SSLClient']]] diff --git a/docs/html/search/pages_0.js b/docs/html/search/pages_0.js index 54d5ef5..11688e5 100644 --- a/docs/html/search/pages_0.js +++ b/docs/html/search/pages_0.js @@ -1,4 +1,4 @@ var searchData= [ - ['sslclient_20_2d_20arduino_20library_20for_20ssl',['SSLClient - Arduino Library For SSL',['../index.html',1,'']]] + ['sslclient',['SSLClient',['../index.html',1,'']]] ]; diff --git a/docs/html/struct_s_s_l_client_parameters-members.html b/docs/html/struct_s_s_l_client_parameters-members.html index 1c4cb0f..a4011c1 100644 --- a/docs/html/struct_s_s_l_client_parameters-members.html +++ b/docs/html/struct_s_s_l_client_parameters-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/struct_s_s_l_client_parameters.html b/docs/html/struct_s_s_l_client_parameters.html index 024c050..8ea35ed 100644 --- a/docs/html/struct_s_s_l_client_parameters.html +++ b/docs/html/struct_s_s_l_client_parameters.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/structssl__pem__decode__state-members.html b/docs/html/structssl__pem__decode__state-members.html index 108d3ce..46edec2 100644 --- a/docs/html/structssl__pem__decode__state-members.html +++ b/docs/html/structssl__pem__decode__state-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/structssl__pem__decode__state.html b/docs/html/structssl__pem__decode__state.html index 9c58cb1..d2eb9fc 100644 --- a/docs/html/structssl__pem__decode__state.html +++ b/docs/html/structssl__pem__decode__state.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/time__macros_8h.html b/docs/html/time__macros_8h.html index 68dcb80..9afa61a 100644 --- a/docs/html/time__macros_8h.html +++ b/docs/html/time__macros_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/time__macros_8h_source.html b/docs/html/time__macros_8h_source.html index a5e2fa7..6bb9fff 100644 --- a/docs/html/time__macros_8h_source.html +++ b/docs/html/time__macros_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trust__anchors_8h.html b/docs/html/trust__anchors_8h.html index 0df213d..bca7bac 100644 --- a/docs/html/trust__anchors_8h.html +++ b/docs/html/trust__anchors_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trust__anchors_8h_source.html b/docs/html/trust__anchors_8h_source.html index 2998bfc..50718a5 100644 --- a/docs/html/trust__anchors_8h_source.html +++ b/docs/html/trust__anchors_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trustanchors_8h.html b/docs/html/trustanchors_8h.html index 958a976..8d88809 100644 --- a/docs/html/trustanchors_8h.html +++ b/docs/html/trustanchors_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trustanchors_8h_source.html b/docs/html/trustanchors_8h_source.html index 964016b..4217857 100644 --- a/docs/html/trustanchors_8h_source.html +++ b/docs/html/trustanchors_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.2 +  v1.4.4
    Add TLS 1.2 functionality to any network library.
    diff --git a/library.properties b/library.properties index 90907dd..b0f5f66 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.4.2 +version=1.4.4 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class From f9e4d2574c1293edca4bffadedf267f35f5443cb Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 30 Dec 2019 08:00:00 -0800 Subject: [PATCH 039/141] fix incorrect cast from bool to int, and an invalid return value --- src/SSLClient.cpp | 9 +++------ src/SSLClient.h | 2 +- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/SSLClient.cpp b/src/SSLClient.cpp index 3529144..0b09baa 100644 --- a/src/SSLClient.cpp +++ b/src/SSLClient.cpp @@ -89,7 +89,7 @@ int SSLClient::connect(IPAddress ip, uint16_t port) { // connection check if (get_arduino_client().connected()) { m_error("Cannot have two connections at the same time! Please create another SSLClient instance.", func_name); - return -1; + return 0; } // reset indexs for saftey m_write_idx = 0; @@ -112,16 +112,13 @@ int SSLClient::connect(const char *host, uint16_t port) { // connection check if (get_arduino_client().connected()) { m_error("Cannot have two connections at the same time! Please create another SSLClient instance.", func_name); - return -1; + return 0; } // reset indexs for saftey m_write_idx = 0; - // first, if we have a session, check if we're trying to resolve the same host - // as before - const bool connect_ok = get_arduino_client().connect(host, port); // first we need our hidden client member to negotiate the socket for us, // since most times socket functionality is implemented in hardeware. - if (!connect_ok) { + if (!get_arduino_client().connect(host, port)) { m_error("Failed to connect using m_client. Are you connected to the internet?", func_name); setWriteError(SSL_CLIENT_CONNECT_FAIL); return 0; diff --git a/src/SSLClient.h b/src/SSLClient.h index 79d6827..28fc932 100644 --- a/src/SSLClient.h +++ b/src/SSLClient.h @@ -165,7 +165,7 @@ public: * * The implementation for this function can be found in SSLClientImpl::connect_impl(const char*, uint16_t) * - * @pre The underlying client object (passed in through the constructor) is in a non- + * @pre The underlying client object (passed in through the constructor) is in a non- * error state, and must be able to access the IP. * @pre SSLClient can only have one connection at a time, so the client * object must not already be connected. From 7f7deb5e658857f70a94578751f0e7cd797875d4 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 30 Dec 2019 08:02:36 -0800 Subject: [PATCH 040/141] bump version to v1.4.5 --- .travis/library.properties | 2 +- docs/html/_r_e_a_d_m_e_8md.html | 2 +- docs/html/_s_s_l_client_8cpp.html | 2 +- docs/html/_s_s_l_client_8h.html | 2 +- docs/html/_s_s_l_client_8h_source.html | 20 +++++++++---------- docs/html/_s_s_l_client_parameters_8h.html | 2 +- .../_s_s_l_client_parameters_8h_source.html | 2 +- docs/html/_s_s_l_obj_8cpp.html | 2 +- docs/html/_s_s_l_obj_8h.html | 2 +- docs/html/_s_s_l_obj_8h_source.html | 2 +- docs/html/_s_s_l_session_8h.html | 2 +- docs/html/_s_s_l_session_8h_source.html | 2 +- docs/html/_t_l_s12__only__profile_8c.html | 2 +- docs/html/_trust_anchors_8md.html | 2 +- docs/html/annotated.html | 2 +- docs/html/cert_8h.html | 2 +- docs/html/cert_8h_source.html | 2 +- docs/html/class_s_s_l_client-members.html | 2 +- docs/html/class_s_s_l_client.html | 2 +- docs/html/class_s_s_l_session-members.html | 2 +- docs/html/class_s_s_l_session.html | 2 +- docs/html/classes.html | 2 +- .../dir_386349f6a9bc1e2cd0767d257d5e5b91.html | 2 +- .../dir_68267d1309a1af8e8297ef4c3efbcdba.html | 2 +- .../dir_9c42dc81377249a918256dbb9cfb2167.html | 2 +- .../dir_d28a4824dc47e487b107a5db32ef43c4.html | 2 +- .../dir_dfc5a9f91fbfb9426c406a3f10131a54.html | 2 +- docs/html/ec__prime__fast__256_8c.html | 2 +- docs/html/files.html | 2 +- docs/html/functions.html | 2 +- docs/html/functions_enum.html | 2 +- docs/html/functions_eval.html | 2 +- docs/html/functions_func.html | 2 +- docs/html/functions_vars.html | 2 +- docs/html/globals.html | 2 +- docs/html/globals_defs.html | 2 +- docs/html/globals_func.html | 2 +- docs/html/globals_vars.html | 2 +- docs/html/hierarchy.html | 2 +- docs/html/index.html | 2 +- ...ibraries__s_s_l_client__trust_anchors.html | 2 +- docs/html/namespace_s_s_l_obj.html | 2 +- docs/html/namespacemembers.html | 2 +- docs/html/namespacemembers_func.html | 2 +- docs/html/namespaces.html | 2 +- docs/html/pages.html | 2 +- ...truct_s_s_l_client_parameters-members.html | 2 +- docs/html/struct_s_s_l_client_parameters.html | 2 +- ...structssl__pem__decode__state-members.html | 2 +- docs/html/structssl__pem__decode__state.html | 2 +- docs/html/time__macros_8h.html | 2 +- docs/html/time__macros_8h_source.html | 2 +- docs/html/trust__anchors_8h.html | 2 +- docs/html/trust__anchors_8h_source.html | 2 +- docs/html/trustanchors_8h.html | 2 +- docs/html/trustanchors_8h_source.html | 2 +- library.properties | 2 +- 57 files changed, 66 insertions(+), 66 deletions(-) diff --git a/.travis/library.properties b/.travis/library.properties index 3111be0..f9a3cbf 100644 --- a/.travis/library.properties +++ b/.travis/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.3.0 +version=1.4.5 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class diff --git a/docs/html/_r_e_a_d_m_e_8md.html b/docs/html/_r_e_a_d_m_e_8md.html index ebee020..fae2ace 100644 --- a/docs/html/_r_e_a_d_m_e_8md.html +++ b/docs/html/_r_e_a_d_m_e_8md.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8cpp.html b/docs/html/_s_s_l_client_8cpp.html index 4c6ce71..fb00945 100644 --- a/docs/html/_s_s_l_client_8cpp.html +++ b/docs/html/_s_s_l_client_8cpp.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8h.html b/docs/html/_s_s_l_client_8h.html index c9700ea..419fe33 100644 --- a/docs/html/_s_s_l_client_8h.html +++ b/docs/html/_s_s_l_client_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8h_source.html b/docs/html/_s_s_l_client_8h_source.html index 804eb3b..d512294 100644 --- a/docs/html/_s_s_l_client_8h_source.html +++ b/docs/html/_s_s_l_client_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    @@ -91,7 +91,7 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8h_source.html','');});
    SSLClient.h
    -Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    21 #include "Client.h"
    22 #include "SSLSession.h"
    23 #include "SSLClientParameters.h"
    24 #include "SSLObj.h"
    25 #include <vector>
    26 
    27 #ifndef SSLClient_H_
    28 #define SSLClient_H_
    29 
    35 class SSLClient : public Client {
    36 public:
    45  enum Error {
    46  SSL_OK = 0,
    48  SSL_CLIENT_CONNECT_FAIL = 2,
    50  SSL_BR_CONNECT_FAIL = 3,
    52  SSL_CLIENT_WRTIE_ERROR = 4,
    54  SSL_BR_WRITE_ERROR = 5,
    56  SSL_INTERNAL_ERROR = 6,
    58  SSL_OUT_OF_MEMORY = 7
    59  };
    60 
    67  enum DebugLevel {
    69  SSL_NONE = 0,
    71  SSL_ERROR = 1,
    73  SSL_WARN = 2,
    75  SSL_INFO = 3,
    76  };
    77 
    95  explicit SSLClient( Client& client,
    96  const br_x509_trust_anchor *trust_anchors,
    97  const size_t trust_anchors_num,
    98  const int analog_pin,
    99  const size_t max_sessions = 1,
    100  const DebugLevel debug = SSL_WARN);
    101 
    102  //========================================
    103  //= Functions implemented in SSLClient.cpp
    104  //========================================
    105 
    145  int connect(IPAddress ip, uint16_t port) override;
    146 
    183  int connect(const char *host, uint16_t port) override;
    184 
    208  size_t write(const uint8_t *buf, size_t size) override;
    210  size_t write(uint8_t b) override { return write(&b, 1); }
    211 
    230  int available() override;
    231 
    253  int read(uint8_t *buf, size_t size) override;
    258  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
    259 
    268  int peek() override;
    269 
    277  void flush() override;
    278 
    287  void stop() override;
    288 
    302  uint8_t connected() override;
    303 
    304  //========================================
    305  //= Functions Not in the Client Interface
    306  //========================================
    307 
    316  void setMutualAuthParams(const SSLClientParameters* params);
    317 
    332  SSLSession* getSession(const char* host);
    333 
    342  void removeSession(const char* host);
    343 
    349  size_t getSessionCount() const { return m_sessions.size(); }
    350 
    356  operator bool() { return connected() > 0; }
    357 
    359  Client& getClient() { return m_client; }
    360 
    365  void setTimeout(unsigned int t) { m_timeout = t; }
    366 
    371  unsigned int getTimeout() const { return m_timeout; }
    372 
    373 private:
    375  Client& get_arduino_client() { return m_client; }
    376  const Client& get_arduino_client() const { return m_client; }
    377 
    379  bool m_soft_connected(const char* func_name);
    381  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
    383  int m_run_until(const unsigned target);
    385  unsigned m_update_engine();
    387  int m_get_session_index(const char* host) const;
    388 
    390  void m_print_prefix(const char* func_name, const DebugLevel level) const;
    391 
    393  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
    394 
    396  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
    397 
    399  template<typename T>
    400  void m_print(const T str, const char* func_name, const DebugLevel level) const {
    401  // check the current debug level and serial status
    402  if (level > m_debug || !Serial) return;
    403  // print prefix
    404  m_print_prefix(func_name, level);
    405  // print the message
    406  Serial.println(str);
    407  }
    408 
    410  template<typename T>
    411  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
    412 
    413  template<typename T>
    414  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
    415 
    416  template<typename T>
    417  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
    418 
    419  //============================================
    420  //= Data Members
    421  //============================================
    422  // create a reference the client
    423  Client& m_client;
    424  // also store an array of SSLSessions, so we can resume communication with multiple websites
    425  std::vector<SSLSession> m_sessions;
    426  // as well as the maximmum number of sessions we can store
    427  const size_t m_max_sessions;
    428  // store the pin to fetch an RNG see from
    429  const int m_analog_pin;
    430  // store whether to enable debug logging
    431  const DebugLevel m_debug;
    432  // store if we are connected in bearssl or not
    433  bool m_is_connected;
    434  // store the timeout for SSL internals
    435  unsigned int m_timeout;
    436  // store the context values required for SSL
    437  br_ssl_client_context m_sslctx;
    438  br_x509_minimal_context m_x509ctx;
    439  // use a mono-directional buffer by default to cut memory in half
    440  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
    441  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
    442  // simply edit this value to change the buffer size to the desired value
    443  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
    444  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
    452  unsigned char m_iobuf[2048];
    453  // store the index of where we are writing in the buffer
    454  // so we can send our records all at once to prevent
    455  // weird timing issues
    456  size_t m_write_idx;
    457 };
    458 
    459 #endif
    SSLClient::connected
    uint8_t connected() override
    Check if the device is connected.
    Definition: SSLClient.cpp:259
    +Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    21 #include "Client.h"
    22 #include "SSLSession.h"
    23 #include "SSLClientParameters.h"
    24 #include "SSLObj.h"
    25 #include <vector>
    26 
    27 #ifndef SSLClient_H_
    28 #define SSLClient_H_
    29 
    35 class SSLClient : public Client {
    36 public:
    45  enum Error {
    46  SSL_OK = 0,
    48  SSL_CLIENT_CONNECT_FAIL = 2,
    50  SSL_BR_CONNECT_FAIL = 3,
    52  SSL_CLIENT_WRTIE_ERROR = 4,
    54  SSL_BR_WRITE_ERROR = 5,
    56  SSL_INTERNAL_ERROR = 6,
    58  SSL_OUT_OF_MEMORY = 7
    59  };
    60 
    67  enum DebugLevel {
    69  SSL_NONE = 0,
    71  SSL_ERROR = 1,
    73  SSL_WARN = 2,
    75  SSL_INFO = 3,
    76  };
    77 
    95  explicit SSLClient( Client& client,
    96  const br_x509_trust_anchor *trust_anchors,
    97  const size_t trust_anchors_num,
    98  const int analog_pin,
    99  const size_t max_sessions = 1,
    100  const DebugLevel debug = SSL_WARN);
    101 
    102  //========================================
    103  //= Functions implemented in SSLClient.cpp
    104  //========================================
    105 
    145  int connect(IPAddress ip, uint16_t port) override;
    146 
    183  int connect(const char *host, uint16_t port) override;
    184 
    208  size_t write(const uint8_t *buf, size_t size) override;
    210  size_t write(uint8_t b) override { return write(&b, 1); }
    211 
    230  int available() override;
    231 
    253  int read(uint8_t *buf, size_t size) override;
    258  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
    259 
    268  int peek() override;
    269 
    277  void flush() override;
    278 
    287  void stop() override;
    288 
    302  uint8_t connected() override;
    303 
    304  //========================================
    305  //= Functions Not in the Client Interface
    306  //========================================
    307 
    316  void setMutualAuthParams(const SSLClientParameters* params);
    317 
    332  SSLSession* getSession(const char* host);
    333 
    342  void removeSession(const char* host);
    343 
    349  size_t getSessionCount() const { return m_sessions.size(); }
    350 
    356  operator bool() { return connected() > 0; }
    357 
    359  Client& getClient() { return m_client; }
    360 
    365  void setTimeout(unsigned int t) { m_timeout = t; }
    366 
    371  unsigned int getTimeout() const { return m_timeout; }
    372 
    373 private:
    375  Client& get_arduino_client() { return m_client; }
    376  const Client& get_arduino_client() const { return m_client; }
    377 
    379  bool m_soft_connected(const char* func_name);
    381  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
    383  int m_run_until(const unsigned target);
    385  unsigned m_update_engine();
    387  int m_get_session_index(const char* host) const;
    388 
    390  void m_print_prefix(const char* func_name, const DebugLevel level) const;
    391 
    393  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
    394 
    396  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
    397 
    399  template<typename T>
    400  void m_print(const T str, const char* func_name, const DebugLevel level) const {
    401  // check the current debug level and serial status
    402  if (level > m_debug || !Serial) return;
    403  // print prefix
    404  m_print_prefix(func_name, level);
    405  // print the message
    406  Serial.println(str);
    407  }
    408 
    410  template<typename T>
    411  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
    412 
    413  template<typename T>
    414  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
    415 
    416  template<typename T>
    417  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
    418 
    419  //============================================
    420  //= Data Members
    421  //============================================
    422  // create a reference the client
    423  Client& m_client;
    424  // also store an array of SSLSessions, so we can resume communication with multiple websites
    425  std::vector<SSLSession> m_sessions;
    426  // as well as the maximmum number of sessions we can store
    427  const size_t m_max_sessions;
    428  // store the pin to fetch an RNG see from
    429  const int m_analog_pin;
    430  // store whether to enable debug logging
    431  const DebugLevel m_debug;
    432  // store if we are connected in bearssl or not
    433  bool m_is_connected;
    434  // store the timeout for SSL internals
    435  unsigned int m_timeout;
    436  // store the context values required for SSL
    437  br_ssl_client_context m_sslctx;
    438  br_x509_minimal_context m_x509ctx;
    439  // use a mono-directional buffer by default to cut memory in half
    440  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
    441  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
    442  // simply edit this value to change the buffer size to the desired value
    443  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
    444  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
    452  unsigned char m_iobuf[2048];
    453  // store the index of where we are writing in the buffer
    454  // so we can send our records all at once to prevent
    455  // weird timing issues
    456  size_t m_write_idx;
    457 };
    458 
    459 #endif
    SSLClient::connected
    uint8_t connected() override
    Check if the device is connected.
    Definition: SSLClient.cpp:256
    SSLClient::SSL_OUT_OF_MEMORY
    Definition: SSLClient.h:58
    SSLSession
    This class stores values which allow SSLClient to save and resume SSL sessions.
    Definition: SSLSession.h:51
    SSLClient::setTimeout
    void setTimeout(unsigned int t)
    Set the timeout when waiting for an SSL response.
    Definition: SSLClient.h:365
    @@ -99,29 +99,29 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8h_source.html','');});
    SSLClient::SSL_INFO
    Definition: SSLClient.h:75
    SSLClient::SSL_BR_WRITE_ERROR
    Definition: SSLClient.h:54
    SSLClient::SSLClient
    SSLClient(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)
    Initialize SSLClient with all of the prerequisites needed.
    Definition: SSLClient.cpp:60
    -
    SSLClient::flush
    void flush() override
    Force writing the buffered bytes from SSLClient::write to the network.
    Definition: SSLClient.cpp:226
    -
    SSLClient::getSession
    SSLSession * getSession(const char *host)
    Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
    Definition: SSLClient.cpp:290
    +
    SSLClient::flush
    void flush() override
    Force writing the buffered bytes from SSLClient::write to the network.
    Definition: SSLClient.cpp:223
    +
    SSLClient::getSession
    SSLSession * getSession(const char *host)
    Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
    Definition: SSLClient.cpp:287
    SSLClientParameters
    This struct stores data required for SSLClient to use mutual authentication.
    Definition: SSLClientParameters.h:52
    -
    SSLClient::setMutualAuthParams
    void setMutualAuthParams(const SSLClientParameters *params)
    Add a client certificate and enable support for mutual auth.
    Definition: SSLClient.cpp:314
    -
    SSLClient::available
    int available() override
    Returns the number of bytes available to read from the data that has been received and decrypted.
    Definition: SSLClient.cpp:178
    +
    SSLClient::setMutualAuthParams
    void setMutualAuthParams(const SSLClientParameters *params)
    Add a client certificate and enable support for mutual auth.
    Definition: SSLClient.cpp:311
    +
    SSLClient::available
    int available() override
    Returns the number of bytes available to read from the data that has been received and decrypted.
    Definition: SSLClient.cpp:175
    SSLClient
    The main SSLClient class. Check out README.md for more info.
    Definition: SSLClient.h:35
    SSLClient::SSL_WARN
    Definition: SSLClient.h:73
    -
    SSLClient::stop
    void stop() override
    Close the connection.
    Definition: SSLClient.cpp:232
    +
    SSLClient::stop
    void stop() override
    Close the connection.
    Definition: SSLClient.cpp:229
    SSLClient::SSL_ERROR
    Definition: SSLClient.h:71
    SSLClient::connect
    int connect(IPAddress ip, uint16_t port) override
    Connect over SSL to a host specified by an IP address.
    Definition: SSLClient.cpp:87
    -
    SSLClient::write
    size_t write(const uint8_t *buf, size_t size) override
    Write some bytes to the SSL connection.
    Definition: SSLClient.cpp:135
    +
    SSLClient::write
    size_t write(const uint8_t *buf, size_t size) override
    Write some bytes to the SSL connection.
    Definition: SSLClient.cpp:132
    SSLClient::read
    int read() override
    Read a single byte, or -1 if none is available.
    Definition: SSLClient.h:258
    SSLClient::Error
    Error
    Static constants defining the possible errors encountered.
    Definition: SSLClient.h:45
    SSLClient::SSL_CLIENT_WRTIE_ERROR
    Definition: SSLClient.h:52
    SSLClient::DebugLevel
    DebugLevel
    Level of verbosity used in logging for SSLClient.
    Definition: SSLClient.h:67
    SSLClient::getSessionCount
    size_t getSessionCount() const
    Get the maximum number of SSL sessions that can be stored at once.
    Definition: SSLClient.h:349
    -
    SSLClient::peek
    int peek() override
    View the first byte of the buffer, without removing it from the SSLClient Buffer.
    Definition: SSLClient.cpp:214
    +
    SSLClient::peek
    int peek() override
    View the first byte of the buffer, without removing it from the SSLClient Buffer.
    Definition: SSLClient.cpp:211
    SSLClientParameters.h
    SSLClient::SSL_BR_CONNECT_FAIL
    Definition: SSLClient.h:50
    SSLSession.h
    SSLClient::write
    size_t write(uint8_t b) override
    Definition: SSLClient.h:210
    SSLClient::getClient
    Client & getClient()
    Returns a reference to the client object stored in this class. Take care not to break it.
    Definition: SSLClient.h:359
    -
    SSLClient::removeSession
    void removeSession(const char *host)
    Clear the session corresponding to a host and IP.
    Definition: SSLClient.cpp:303
    +
    SSLClient::removeSession
    void removeSession(const char *host)
    Clear the session corresponding to a host and IP.
    Definition: SSLClient.cpp:300
    SSLClient::getTimeout
    unsigned int getTimeout() const
    Get the timeout when waiting for an SSL response.
    Definition: SSLClient.h:371
    SSLObj.h
    SSLClient::SSL_NONE
    Definition: SSLClient.h:69
    diff --git a/docs/html/_s_s_l_client_parameters_8h.html b/docs/html/_s_s_l_client_parameters_8h.html index 2647c40..5f949e2 100644 --- a/docs/html/_s_s_l_client_parameters_8h.html +++ b/docs/html/_s_s_l_client_parameters_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_parameters_8h_source.html b/docs/html/_s_s_l_client_parameters_8h_source.html index 7d928bd..12859e2 100644 --- a/docs/html/_s_s_l_client_parameters_8h_source.html +++ b/docs/html/_s_s_l_client_parameters_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8cpp.html b/docs/html/_s_s_l_obj_8cpp.html index 0a2fc2f..c386639 100644 --- a/docs/html/_s_s_l_obj_8cpp.html +++ b/docs/html/_s_s_l_obj_8cpp.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8h.html b/docs/html/_s_s_l_obj_8h.html index c027151..c77e4bb 100644 --- a/docs/html/_s_s_l_obj_8h.html +++ b/docs/html/_s_s_l_obj_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8h_source.html b/docs/html/_s_s_l_obj_8h_source.html index 31eaa8d..36d79e8 100644 --- a/docs/html/_s_s_l_obj_8h_source.html +++ b/docs/html/_s_s_l_obj_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_session_8h.html b/docs/html/_s_s_l_session_8h.html index e6b2880..654ceb4 100644 --- a/docs/html/_s_s_l_session_8h.html +++ b/docs/html/_s_s_l_session_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_session_8h_source.html b/docs/html/_s_s_l_session_8h_source.html index 11dbedc..bab8f33 100644 --- a/docs/html/_s_s_l_session_8h_source.html +++ b/docs/html/_s_s_l_session_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_t_l_s12__only__profile_8c.html b/docs/html/_t_l_s12__only__profile_8c.html index c10b9ff..f691a67 100644 --- a/docs/html/_t_l_s12__only__profile_8c.html +++ b/docs/html/_t_l_s12__only__profile_8c.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_trust_anchors_8md.html b/docs/html/_trust_anchors_8md.html index 2224d5f..043deb4 100644 --- a/docs/html/_trust_anchors_8md.html +++ b/docs/html/_trust_anchors_8md.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/annotated.html b/docs/html/annotated.html index d9cbd2e..344e56b 100644 --- a/docs/html/annotated.html +++ b/docs/html/annotated.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/cert_8h.html b/docs/html/cert_8h.html index 7119de4..2b064e2 100644 --- a/docs/html/cert_8h.html +++ b/docs/html/cert_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/cert_8h_source.html b/docs/html/cert_8h_source.html index 98ce4e3..2b2e4d0 100644 --- a/docs/html/cert_8h_source.html +++ b/docs/html/cert_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_client-members.html b/docs/html/class_s_s_l_client-members.html index 9bd680d..77a9bdc 100644 --- a/docs/html/class_s_s_l_client-members.html +++ b/docs/html/class_s_s_l_client-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_client.html b/docs/html/class_s_s_l_client.html index 8c54357..dc4755c 100644 --- a/docs/html/class_s_s_l_client.html +++ b/docs/html/class_s_s_l_client.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_session-members.html b/docs/html/class_s_s_l_session-members.html index f3b1d0e..3dbefa9 100644 --- a/docs/html/class_s_s_l_session-members.html +++ b/docs/html/class_s_s_l_session-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_session.html b/docs/html/class_s_s_l_session.html index 917abdc..dd8f652 100644 --- a/docs/html/class_s_s_l_session.html +++ b/docs/html/class_s_s_l_session.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/classes.html b/docs/html/classes.html index b6041e9..674145d 100644 --- a/docs/html/classes.html +++ b/docs/html/classes.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html index 825ca7b..b0f91e2 100644 --- a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html +++ b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html index 456518e..949ebde 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html index d5e0dd3..8c7286b 100644 --- a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html +++ b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html index 5d8ba54..e4c5a38 100644 --- a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html +++ b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html index 16f74f7..d8380fc 100644 --- a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html +++ b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/ec__prime__fast__256_8c.html b/docs/html/ec__prime__fast__256_8c.html index 7699c72..8ed139f 100644 --- a/docs/html/ec__prime__fast__256_8c.html +++ b/docs/html/ec__prime__fast__256_8c.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/files.html b/docs/html/files.html index cf9a5ac..f9a5fa2 100644 --- a/docs/html/files.html +++ b/docs/html/files.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions.html b/docs/html/functions.html index 85678f0..353df3b 100644 --- a/docs/html/functions.html +++ b/docs/html/functions.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_enum.html b/docs/html/functions_enum.html index 37cf15a..005750c 100644 --- a/docs/html/functions_enum.html +++ b/docs/html/functions_enum.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_eval.html b/docs/html/functions_eval.html index 2e9b13d..d283e2e 100644 --- a/docs/html/functions_eval.html +++ b/docs/html/functions_eval.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_func.html b/docs/html/functions_func.html index 581a9bf..6fd009a 100644 --- a/docs/html/functions_func.html +++ b/docs/html/functions_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_vars.html b/docs/html/functions_vars.html index a8687fc..de9b743 100644 --- a/docs/html/functions_vars.html +++ b/docs/html/functions_vars.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals.html b/docs/html/globals.html index c2e3cd5..d237227 100644 --- a/docs/html/globals.html +++ b/docs/html/globals.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_defs.html b/docs/html/globals_defs.html index 0b0d8dc..ad42bfd 100644 --- a/docs/html/globals_defs.html +++ b/docs/html/globals_defs.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_func.html b/docs/html/globals_func.html index 739b50a..c99467d 100644 --- a/docs/html/globals_func.html +++ b/docs/html/globals_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_vars.html b/docs/html/globals_vars.html index 66a165d..8998ead 100644 --- a/docs/html/globals_vars.html +++ b/docs/html/globals_vars.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/hierarchy.html b/docs/html/hierarchy.html index 35e7bf0..4533ba4 100644 --- a/docs/html/hierarchy.html +++ b/docs/html/hierarchy.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/index.html b/docs/html/index.html index ebde966..9ceb7fd 100644 --- a/docs/html/index.html +++ b/docs/html/index.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html index e5b45f8..20dd978 100644 --- a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html +++ b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespace_s_s_l_obj.html b/docs/html/namespace_s_s_l_obj.html index 057d37a..1b9f603 100644 --- a/docs/html/namespace_s_s_l_obj.html +++ b/docs/html/namespace_s_s_l_obj.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespacemembers.html b/docs/html/namespacemembers.html index 2f32e3b..4fe7911 100644 --- a/docs/html/namespacemembers.html +++ b/docs/html/namespacemembers.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespacemembers_func.html b/docs/html/namespacemembers_func.html index 59c906e..4a04138 100644 --- a/docs/html/namespacemembers_func.html +++ b/docs/html/namespacemembers_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespaces.html b/docs/html/namespaces.html index 3f434c7..b210ae9 100644 --- a/docs/html/namespaces.html +++ b/docs/html/namespaces.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/pages.html b/docs/html/pages.html index 6e99f9f..06ad112 100644 --- a/docs/html/pages.html +++ b/docs/html/pages.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/struct_s_s_l_client_parameters-members.html b/docs/html/struct_s_s_l_client_parameters-members.html index a4011c1..5d6d7d6 100644 --- a/docs/html/struct_s_s_l_client_parameters-members.html +++ b/docs/html/struct_s_s_l_client_parameters-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/struct_s_s_l_client_parameters.html b/docs/html/struct_s_s_l_client_parameters.html index 8ea35ed..e9f54fb 100644 --- a/docs/html/struct_s_s_l_client_parameters.html +++ b/docs/html/struct_s_s_l_client_parameters.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/structssl__pem__decode__state-members.html b/docs/html/structssl__pem__decode__state-members.html index 46edec2..990bfa5 100644 --- a/docs/html/structssl__pem__decode__state-members.html +++ b/docs/html/structssl__pem__decode__state-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/structssl__pem__decode__state.html b/docs/html/structssl__pem__decode__state.html index d2eb9fc..5305782 100644 --- a/docs/html/structssl__pem__decode__state.html +++ b/docs/html/structssl__pem__decode__state.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/time__macros_8h.html b/docs/html/time__macros_8h.html index 9afa61a..e6feab8 100644 --- a/docs/html/time__macros_8h.html +++ b/docs/html/time__macros_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/time__macros_8h_source.html b/docs/html/time__macros_8h_source.html index 6bb9fff..6076167 100644 --- a/docs/html/time__macros_8h_source.html +++ b/docs/html/time__macros_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trust__anchors_8h.html b/docs/html/trust__anchors_8h.html index bca7bac..2fea34b 100644 --- a/docs/html/trust__anchors_8h.html +++ b/docs/html/trust__anchors_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trust__anchors_8h_source.html b/docs/html/trust__anchors_8h_source.html index 50718a5..ee59654 100644 --- a/docs/html/trust__anchors_8h_source.html +++ b/docs/html/trust__anchors_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trustanchors_8h.html b/docs/html/trustanchors_8h.html index 8d88809..7970dba 100644 --- a/docs/html/trustanchors_8h.html +++ b/docs/html/trustanchors_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trustanchors_8h_source.html b/docs/html/trustanchors_8h_source.html index 4217857..8cee1b9 100644 --- a/docs/html/trustanchors_8h_source.html +++ b/docs/html/trustanchors_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.4 +  v1.4.5
    Add TLS 1.2 functionality to any network library.
    diff --git a/library.properties b/library.properties index b0f5f66..4069e7e 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.4.4 +version=1.4.5 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class From 6d014c5f0a3a4abed1cab461099a453dd25489b1 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 30 Dec 2019 08:21:19 -0800 Subject: [PATCH 041/141] Fix the adafruit SAMD core version used by travis --- .travis.yml | 3 +-- .travis/library.properties | 2 +- docs/html/_r_e_a_d_m_e_8md.html | 2 +- docs/html/_s_s_l_client_8cpp.html | 2 +- docs/html/_s_s_l_client_8h.html | 2 +- docs/html/_s_s_l_client_8h_source.html | 2 +- docs/html/_s_s_l_client_parameters_8h.html | 2 +- docs/html/_s_s_l_client_parameters_8h_source.html | 2 +- docs/html/_s_s_l_obj_8cpp.html | 2 +- docs/html/_s_s_l_obj_8h.html | 2 +- docs/html/_s_s_l_obj_8h_source.html | 2 +- docs/html/_s_s_l_session_8h.html | 2 +- docs/html/_s_s_l_session_8h_source.html | 2 +- docs/html/_t_l_s12__only__profile_8c.html | 2 +- docs/html/_trust_anchors_8md.html | 2 +- docs/html/annotated.html | 2 +- docs/html/cert_8h.html | 2 +- docs/html/cert_8h_source.html | 2 +- docs/html/class_s_s_l_client-members.html | 2 +- docs/html/class_s_s_l_client.html | 2 +- docs/html/class_s_s_l_session-members.html | 2 +- docs/html/class_s_s_l_session.html | 2 +- docs/html/classes.html | 2 +- docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html | 2 +- docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html | 2 +- docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html | 2 +- docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html | 2 +- docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html | 2 +- docs/html/ec__prime__fast__256_8c.html | 2 +- docs/html/files.html | 2 +- docs/html/functions.html | 2 +- docs/html/functions_enum.html | 2 +- docs/html/functions_eval.html | 2 +- docs/html/functions_func.html | 2 +- docs/html/functions_vars.html | 2 +- docs/html/globals.html | 2 +- docs/html/globals_defs.html | 2 +- docs/html/globals_func.html | 2 +- docs/html/globals_vars.html | 2 +- docs/html/hierarchy.html | 2 +- docs/html/index.html | 2 +- ...uments__arduino_libraries__s_s_l_client__trust_anchors.html | 2 +- docs/html/namespace_s_s_l_obj.html | 2 +- docs/html/namespacemembers.html | 2 +- docs/html/namespacemembers_func.html | 2 +- docs/html/namespaces.html | 2 +- docs/html/pages.html | 2 +- docs/html/struct_s_s_l_client_parameters-members.html | 2 +- docs/html/struct_s_s_l_client_parameters.html | 2 +- docs/html/structssl__pem__decode__state-members.html | 2 +- docs/html/structssl__pem__decode__state.html | 2 +- docs/html/time__macros_8h.html | 2 +- docs/html/time__macros_8h_source.html | 2 +- docs/html/trust__anchors_8h.html | 2 +- docs/html/trust__anchors_8h_source.html | 2 +- docs/html/trustanchors_8h.html | 2 +- docs/html/trustanchors_8h_source.html | 2 +- library.properties | 2 +- 58 files changed, 58 insertions(+), 59 deletions(-) diff --git a/.travis.yml b/.travis.yml index a3f3154..fc5ffb6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,7 +25,7 @@ before_install: - curl -fsSL https://raw.githubusercontent.com/arduino/arduino-cli/master/install.sh | BINDIR=/usr/bin sudo sh - arduino-cli core update-index --additional-urls $ADDITIONAL_URLS - arduino-cli core install arduino:samd -v - - arduino-cli core install adafruit:samd -v --additional-urls $ADDITIONAL_URLS + - arduino-cli core install adafruit:samd@1.5.6 -v --additional-urls $ADDITIONAL_URLS - mkdir -p $HOME/Arduino/libraries - git clone https://github.com/OPEnSLab-OSU/EthernetLarge.git $HOME/Arduino/libraries/EthernetLarge install: @@ -50,4 +50,3 @@ deploy: tags: true branch: master condition: $DEPLOY = 1 - \ No newline at end of file diff --git a/.travis/library.properties b/.travis/library.properties index f9a3cbf..2cd6ee3 100644 --- a/.travis/library.properties +++ b/.travis/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.4.5 +version=1.4.6 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class diff --git a/docs/html/_r_e_a_d_m_e_8md.html b/docs/html/_r_e_a_d_m_e_8md.html index fae2ace..fd61056 100644 --- a/docs/html/_r_e_a_d_m_e_8md.html +++ b/docs/html/_r_e_a_d_m_e_8md.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8cpp.html b/docs/html/_s_s_l_client_8cpp.html index fb00945..d000e4c 100644 --- a/docs/html/_s_s_l_client_8cpp.html +++ b/docs/html/_s_s_l_client_8cpp.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8h.html b/docs/html/_s_s_l_client_8h.html index 419fe33..42b94a3 100644 --- a/docs/html/_s_s_l_client_8h.html +++ b/docs/html/_s_s_l_client_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8h_source.html b/docs/html/_s_s_l_client_8h_source.html index d512294..43e3f0e 100644 --- a/docs/html/_s_s_l_client_8h_source.html +++ b/docs/html/_s_s_l_client_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_parameters_8h.html b/docs/html/_s_s_l_client_parameters_8h.html index 5f949e2..dcf4562 100644 --- a/docs/html/_s_s_l_client_parameters_8h.html +++ b/docs/html/_s_s_l_client_parameters_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_parameters_8h_source.html b/docs/html/_s_s_l_client_parameters_8h_source.html index 12859e2..7782ab4 100644 --- a/docs/html/_s_s_l_client_parameters_8h_source.html +++ b/docs/html/_s_s_l_client_parameters_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8cpp.html b/docs/html/_s_s_l_obj_8cpp.html index c386639..dd949ae 100644 --- a/docs/html/_s_s_l_obj_8cpp.html +++ b/docs/html/_s_s_l_obj_8cpp.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8h.html b/docs/html/_s_s_l_obj_8h.html index c77e4bb..7a3fa88 100644 --- a/docs/html/_s_s_l_obj_8h.html +++ b/docs/html/_s_s_l_obj_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8h_source.html b/docs/html/_s_s_l_obj_8h_source.html index 36d79e8..5224fe6 100644 --- a/docs/html/_s_s_l_obj_8h_source.html +++ b/docs/html/_s_s_l_obj_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_session_8h.html b/docs/html/_s_s_l_session_8h.html index 654ceb4..4017c51 100644 --- a/docs/html/_s_s_l_session_8h.html +++ b/docs/html/_s_s_l_session_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_session_8h_source.html b/docs/html/_s_s_l_session_8h_source.html index bab8f33..f86c947 100644 --- a/docs/html/_s_s_l_session_8h_source.html +++ b/docs/html/_s_s_l_session_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_t_l_s12__only__profile_8c.html b/docs/html/_t_l_s12__only__profile_8c.html index f691a67..74153aa 100644 --- a/docs/html/_t_l_s12__only__profile_8c.html +++ b/docs/html/_t_l_s12__only__profile_8c.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_trust_anchors_8md.html b/docs/html/_trust_anchors_8md.html index 043deb4..da6e691 100644 --- a/docs/html/_trust_anchors_8md.html +++ b/docs/html/_trust_anchors_8md.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/annotated.html b/docs/html/annotated.html index 344e56b..018732e 100644 --- a/docs/html/annotated.html +++ b/docs/html/annotated.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/cert_8h.html b/docs/html/cert_8h.html index 2b064e2..ced538b 100644 --- a/docs/html/cert_8h.html +++ b/docs/html/cert_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/cert_8h_source.html b/docs/html/cert_8h_source.html index 2b2e4d0..de6ff00 100644 --- a/docs/html/cert_8h_source.html +++ b/docs/html/cert_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_client-members.html b/docs/html/class_s_s_l_client-members.html index 77a9bdc..136231e 100644 --- a/docs/html/class_s_s_l_client-members.html +++ b/docs/html/class_s_s_l_client-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_client.html b/docs/html/class_s_s_l_client.html index dc4755c..0a9e1da 100644 --- a/docs/html/class_s_s_l_client.html +++ b/docs/html/class_s_s_l_client.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_session-members.html b/docs/html/class_s_s_l_session-members.html index 3dbefa9..d035c58 100644 --- a/docs/html/class_s_s_l_session-members.html +++ b/docs/html/class_s_s_l_session-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_session.html b/docs/html/class_s_s_l_session.html index dd8f652..1a1574a 100644 --- a/docs/html/class_s_s_l_session.html +++ b/docs/html/class_s_s_l_session.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/classes.html b/docs/html/classes.html index 674145d..59bf48a 100644 --- a/docs/html/classes.html +++ b/docs/html/classes.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html index b0f91e2..c9720d1 100644 --- a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html +++ b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html index 949ebde..24f9953 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html index 8c7286b..6c302ee 100644 --- a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html +++ b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html index e4c5a38..b81fe87 100644 --- a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html +++ b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html index d8380fc..d5742ed 100644 --- a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html +++ b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/ec__prime__fast__256_8c.html b/docs/html/ec__prime__fast__256_8c.html index 8ed139f..a3cc4e7 100644 --- a/docs/html/ec__prime__fast__256_8c.html +++ b/docs/html/ec__prime__fast__256_8c.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/files.html b/docs/html/files.html index f9a5fa2..f7dae12 100644 --- a/docs/html/files.html +++ b/docs/html/files.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions.html b/docs/html/functions.html index 353df3b..8ecc386 100644 --- a/docs/html/functions.html +++ b/docs/html/functions.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_enum.html b/docs/html/functions_enum.html index 005750c..20b6fd0 100644 --- a/docs/html/functions_enum.html +++ b/docs/html/functions_enum.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_eval.html b/docs/html/functions_eval.html index d283e2e..8bd2041 100644 --- a/docs/html/functions_eval.html +++ b/docs/html/functions_eval.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_func.html b/docs/html/functions_func.html index 6fd009a..d2ff505 100644 --- a/docs/html/functions_func.html +++ b/docs/html/functions_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_vars.html b/docs/html/functions_vars.html index de9b743..f6b963a 100644 --- a/docs/html/functions_vars.html +++ b/docs/html/functions_vars.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals.html b/docs/html/globals.html index d237227..0ed24c6 100644 --- a/docs/html/globals.html +++ b/docs/html/globals.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_defs.html b/docs/html/globals_defs.html index ad42bfd..303137a 100644 --- a/docs/html/globals_defs.html +++ b/docs/html/globals_defs.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_func.html b/docs/html/globals_func.html index c99467d..3631b47 100644 --- a/docs/html/globals_func.html +++ b/docs/html/globals_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals_vars.html b/docs/html/globals_vars.html index 8998ead..272494e 100644 --- a/docs/html/globals_vars.html +++ b/docs/html/globals_vars.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/hierarchy.html b/docs/html/hierarchy.html index 4533ba4..20f90ea 100644 --- a/docs/html/hierarchy.html +++ b/docs/html/hierarchy.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/index.html b/docs/html/index.html index 9ceb7fd..9b90264 100644 --- a/docs/html/index.html +++ b/docs/html/index.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html index 20dd978..cf764ef 100644 --- a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html +++ b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespace_s_s_l_obj.html b/docs/html/namespace_s_s_l_obj.html index 1b9f603..ecb8ff8 100644 --- a/docs/html/namespace_s_s_l_obj.html +++ b/docs/html/namespace_s_s_l_obj.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespacemembers.html b/docs/html/namespacemembers.html index 4fe7911..ce98c51 100644 --- a/docs/html/namespacemembers.html +++ b/docs/html/namespacemembers.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespacemembers_func.html b/docs/html/namespacemembers_func.html index 4a04138..f1b956c 100644 --- a/docs/html/namespacemembers_func.html +++ b/docs/html/namespacemembers_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespaces.html b/docs/html/namespaces.html index b210ae9..04490c1 100644 --- a/docs/html/namespaces.html +++ b/docs/html/namespaces.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/pages.html b/docs/html/pages.html index 06ad112..c0a2370 100644 --- a/docs/html/pages.html +++ b/docs/html/pages.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/struct_s_s_l_client_parameters-members.html b/docs/html/struct_s_s_l_client_parameters-members.html index 5d6d7d6..17b2d29 100644 --- a/docs/html/struct_s_s_l_client_parameters-members.html +++ b/docs/html/struct_s_s_l_client_parameters-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/struct_s_s_l_client_parameters.html b/docs/html/struct_s_s_l_client_parameters.html index e9f54fb..378f2f4 100644 --- a/docs/html/struct_s_s_l_client_parameters.html +++ b/docs/html/struct_s_s_l_client_parameters.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/structssl__pem__decode__state-members.html b/docs/html/structssl__pem__decode__state-members.html index 990bfa5..aa97d7a 100644 --- a/docs/html/structssl__pem__decode__state-members.html +++ b/docs/html/structssl__pem__decode__state-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/structssl__pem__decode__state.html b/docs/html/structssl__pem__decode__state.html index 5305782..d83b13e 100644 --- a/docs/html/structssl__pem__decode__state.html +++ b/docs/html/structssl__pem__decode__state.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/time__macros_8h.html b/docs/html/time__macros_8h.html index e6feab8..e83dae8 100644 --- a/docs/html/time__macros_8h.html +++ b/docs/html/time__macros_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/time__macros_8h_source.html b/docs/html/time__macros_8h_source.html index 6076167..3438408 100644 --- a/docs/html/time__macros_8h_source.html +++ b/docs/html/time__macros_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trust__anchors_8h.html b/docs/html/trust__anchors_8h.html index 2fea34b..051c11e 100644 --- a/docs/html/trust__anchors_8h.html +++ b/docs/html/trust__anchors_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trust__anchors_8h_source.html b/docs/html/trust__anchors_8h_source.html index ee59654..2d6add6 100644 --- a/docs/html/trust__anchors_8h_source.html +++ b/docs/html/trust__anchors_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trustanchors_8h.html b/docs/html/trustanchors_8h.html index 7970dba..0602f16 100644 --- a/docs/html/trustanchors_8h.html +++ b/docs/html/trustanchors_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/trustanchors_8h_source.html b/docs/html/trustanchors_8h_source.html index 8cee1b9..c5088dd 100644 --- a/docs/html/trustanchors_8h_source.html +++ b/docs/html/trustanchors_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.5 +  v1.4.6
    Add TLS 1.2 functionality to any network library.
    diff --git a/library.properties b/library.properties index 4069e7e..bc8cd08 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.4.5 +version=1.4.6 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class From 90572ac065d546a384072e09a0b65214d5f86e87 Mon Sep 17 00:00:00 2001 From: Noah Date: Tue, 31 Dec 2019 10:16:27 -0800 Subject: [PATCH 042/141] Update README to specify non-compatibility with the ESP family --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 1917370..29fb769 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,8 @@ You can also view this README in [doxygen](https://openslab-osu.github.io/SSLCli SSLClient is a simple library to add [TLS 1.2](https://www.websecurity.symantec.com/security-topics/what-is-ssl-tls-https) functionality to any network library implementing the [Arduino Client interface](https://www.arduino.cc/en/Reference/ClientConstructor), including the Arduino [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient) and [WiFiClient](https://www.arduino.cc/en/Reference/WiFiClient) classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. +SSLClient has been tested on the SAMD21 and STM32 (in progress). SSClient does not currently support the ESP8266/ESP32 family (see [this issue](https://github.com/OPEnSLab-OSU/SSLClient/issues/5)). + ## Overview Using SSLClient should be similar to using any other Arduino-based Client class, since this library was developed around compatibility with [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient). There are a few extra things, however, that you will need to get started: From 231da377627a9ad67f215d7df9d19c7421ed8557 Mon Sep 17 00:00:00 2001 From: Noah Date: Tue, 31 Dec 2019 10:18:12 -0800 Subject: [PATCH 043/141] Update issue link in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 29fb769..52c882c 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ You can also view this README in [doxygen](https://openslab-osu.github.io/SSLCli SSLClient is a simple library to add [TLS 1.2](https://www.websecurity.symantec.com/security-topics/what-is-ssl-tls-https) functionality to any network library implementing the [Arduino Client interface](https://www.arduino.cc/en/Reference/ClientConstructor), including the Arduino [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient) and [WiFiClient](https://www.arduino.cc/en/Reference/WiFiClient) classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. -SSLClient has been tested on the SAMD21 and STM32 (in progress). SSClient does not currently support the ESP8266/ESP32 family (see [this issue](https://github.com/OPEnSLab-OSU/SSLClient/issues/5)). +SSLClient has been tested on the SAMD21 and STM32 (in progress). SSClient does not currently support the ESP8266/ESP32 family (see [this issue](https://github.com/OPEnSLab-OSU/SSLClient/issues/5#issuecomment-569968546)). ## Overview From 576e34487ea563512c6a35cb27a183274f59a445 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 6 Jan 2020 09:38:39 -0800 Subject: [PATCH 044/141] Fix memory checker for ESP32 compatibility --- .travis.yml | 2 +- .travis/library.properties | 2 +- README.md | 2 +- docs/html/_r_e_a_d_m_e_8md.html | 2 +- docs/html/_s_s_l_client_8cpp.html | 27 ++----------------- docs/html/_s_s_l_client_8h.html | 2 +- docs/html/_s_s_l_client_8h_source.html | 24 ++++++++--------- docs/html/_s_s_l_client_parameters_8h.html | 2 +- .../_s_s_l_client_parameters_8h_source.html | 2 +- docs/html/_s_s_l_obj_8cpp.html | 2 +- docs/html/_s_s_l_obj_8h.html | 2 +- docs/html/_s_s_l_obj_8h_source.html | 2 +- docs/html/_s_s_l_session_8h.html | 2 +- docs/html/_s_s_l_session_8h_source.html | 2 +- docs/html/_t_l_s12__only__profile_8c.html | 2 +- docs/html/_trust_anchors_8md.html | 2 +- docs/html/annotated.html | 2 +- docs/html/cert_8h.html | 2 +- docs/html/cert_8h_source.html | 2 +- docs/html/class_s_s_l_client-members.html | 2 +- docs/html/class_s_s_l_client.html | 2 +- docs/html/class_s_s_l_session-members.html | 2 +- docs/html/class_s_s_l_session.html | 2 +- docs/html/classes.html | 2 +- .../dir_386349f6a9bc1e2cd0767d257d5e5b91.html | 2 +- .../dir_68267d1309a1af8e8297ef4c3efbcdba.html | 2 +- .../dir_68267d1309a1af8e8297ef4c3efbcdba.js | 2 +- .../dir_9c42dc81377249a918256dbb9cfb2167.html | 2 +- .../dir_d28a4824dc47e487b107a5db32ef43c4.html | 2 +- .../dir_dfc5a9f91fbfb9426c406a3f10131a54.html | 2 +- docs/html/ec__prime__fast__256_8c.html | 2 +- docs/html/files.html | 2 +- docs/html/functions.html | 2 +- docs/html/functions_enum.html | 2 +- docs/html/functions_eval.html | 2 +- docs/html/functions_func.html | 2 +- docs/html/functions_vars.html | 2 +- docs/html/globals.html | 5 +--- docs/html/globals_defs.html | 2 +- docs/html/globals_func.html | 2 +- docs/html/globals_vars.html | 5 +--- docs/html/hierarchy.html | 2 +- docs/html/index.html | 3 ++- ...ibraries__s_s_l_client__trust_anchors.html | 2 +- docs/html/namespace_s_s_l_obj.html | 2 +- docs/html/namespacemembers.html | 2 +- docs/html/namespacemembers_func.html | 2 +- docs/html/namespaces.html | 2 +- docs/html/navtreeindex0.js | 1 - docs/html/pages.html | 2 +- docs/html/search/all_0.js | 1 - docs/html/search/searchdata.js | 2 +- docs/html/search/variables_0.js | 2 +- docs/html/search/variables_1.js | 3 ++- docs/html/search/variables_2.js | 3 +-- docs/html/search/variables_3.js | 2 +- docs/html/search/variables_4.js | 2 +- ...truct_s_s_l_client_parameters-members.html | 2 +- docs/html/struct_s_s_l_client_parameters.html | 2 +- ...structssl__pem__decode__state-members.html | 2 +- docs/html/structssl__pem__decode__state.html | 2 +- docs/html/time__macros_8h.html | 2 +- docs/html/time__macros_8h_source.html | 2 +- docs/html/trust__anchors_8h.html | 2 +- docs/html/trust__anchors_8h_source.html | 2 +- docs/html/trustanchors_8h.html | 2 +- docs/html/trustanchors_8h_source.html | 2 +- library.properties | 2 +- src/SSLClient.cpp | 11 +++----- 69 files changed, 83 insertions(+), 118 deletions(-) diff --git a/.travis.yml b/.travis.yml index fc5ffb6..cf23d60 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,7 +25,7 @@ before_install: - curl -fsSL https://raw.githubusercontent.com/arduino/arduino-cli/master/install.sh | BINDIR=/usr/bin sudo sh - arduino-cli core update-index --additional-urls $ADDITIONAL_URLS - arduino-cli core install arduino:samd -v - - arduino-cli core install adafruit:samd@1.5.6 -v --additional-urls $ADDITIONAL_URLS + - arduino-cli core install adafruit:samd -v --additional-urls $ADDITIONAL_URLS - mkdir -p $HOME/Arduino/libraries - git clone https://github.com/OPEnSLab-OSU/EthernetLarge.git $HOME/Arduino/libraries/EthernetLarge install: diff --git a/.travis/library.properties b/.travis/library.properties index 2cd6ee3..3bc0cad 100644 --- a/.travis/library.properties +++ b/.travis/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.4.6 +version=1.4.7 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class diff --git a/README.md b/README.md index 52c882c..027f60f 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ You can also view this README in [doxygen](https://openslab-osu.github.io/SSLCli SSLClient is a simple library to add [TLS 1.2](https://www.websecurity.symantec.com/security-topics/what-is-ssl-tls-https) functionality to any network library implementing the [Arduino Client interface](https://www.arduino.cc/en/Reference/ClientConstructor), including the Arduino [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient) and [WiFiClient](https://www.arduino.cc/en/Reference/WiFiClient) classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. -SSLClient has been tested on the SAMD21 and STM32 (in progress). SSClient does not currently support the ESP8266/ESP32 family (see [this issue](https://github.com/OPEnSLab-OSU/SSLClient/issues/5#issuecomment-569968546)). +SSLClient has been tested on the SAMD21, ESP32, and STM32 (in progress). SSClient does not currently support the ESP8266 (see [this issue](https://github.com/OPEnSLab-OSU/SSLClient/issues/5#issuecomment-569968546)). ## Overview diff --git a/docs/html/_r_e_a_d_m_e_8md.html b/docs/html/_r_e_a_d_m_e_8md.html index fd61056..af50fef 100644 --- a/docs/html/_r_e_a_d_m_e_8md.html +++ b/docs/html/_r_e_a_d_m_e_8md.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_8cpp.html b/docs/html/_s_s_l_client_8cpp.html index d000e4c..25e3925 100644 --- a/docs/html/_s_s_l_client_8cpp.html +++ b/docs/html/_s_s_l_client_8cpp.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    @@ -87,35 +87,12 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8cpp.html','');});
    -
    -Variables
    SSLClient.cpp File Reference
    #include "SSLClient.h"
    -
    - - - -

    -Variables

    char * __brkval
     
    -

    Variable Documentation

    - -

    ◆ __brkval

    - -
    -
    - - - - -
    char* __brkval
    -
    - -
    -
    -
    +
    -Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    21 #include "Client.h"
    22 #include "SSLSession.h"
    23 #include "SSLClientParameters.h"
    24 #include "SSLObj.h"
    25 #include <vector>
    26 
    27 #ifndef SSLClient_H_
    28 #define SSLClient_H_
    29 
    35 class SSLClient : public Client {
    36 public:
    45  enum Error {
    46  SSL_OK = 0,
    48  SSL_CLIENT_CONNECT_FAIL = 2,
    50  SSL_BR_CONNECT_FAIL = 3,
    52  SSL_CLIENT_WRTIE_ERROR = 4,
    54  SSL_BR_WRITE_ERROR = 5,
    56  SSL_INTERNAL_ERROR = 6,
    58  SSL_OUT_OF_MEMORY = 7
    59  };
    60 
    67  enum DebugLevel {
    69  SSL_NONE = 0,
    71  SSL_ERROR = 1,
    73  SSL_WARN = 2,
    75  SSL_INFO = 3,
    76  };
    77 
    95  explicit SSLClient( Client& client,
    96  const br_x509_trust_anchor *trust_anchors,
    97  const size_t trust_anchors_num,
    98  const int analog_pin,
    99  const size_t max_sessions = 1,
    100  const DebugLevel debug = SSL_WARN);
    101 
    102  //========================================
    103  //= Functions implemented in SSLClient.cpp
    104  //========================================
    105 
    145  int connect(IPAddress ip, uint16_t port) override;
    146 
    183  int connect(const char *host, uint16_t port) override;
    184 
    208  size_t write(const uint8_t *buf, size_t size) override;
    210  size_t write(uint8_t b) override { return write(&b, 1); }
    211 
    230  int available() override;
    231 
    253  int read(uint8_t *buf, size_t size) override;
    258  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
    259 
    268  int peek() override;
    269 
    277  void flush() override;
    278 
    287  void stop() override;
    288 
    302  uint8_t connected() override;
    303 
    304  //========================================
    305  //= Functions Not in the Client Interface
    306  //========================================
    307 
    316  void setMutualAuthParams(const SSLClientParameters* params);
    317 
    332  SSLSession* getSession(const char* host);
    333 
    342  void removeSession(const char* host);
    343 
    349  size_t getSessionCount() const { return m_sessions.size(); }
    350 
    356  operator bool() { return connected() > 0; }
    357 
    359  Client& getClient() { return m_client; }
    360 
    365  void setTimeout(unsigned int t) { m_timeout = t; }
    366 
    371  unsigned int getTimeout() const { return m_timeout; }
    372 
    373 private:
    375  Client& get_arduino_client() { return m_client; }
    376  const Client& get_arduino_client() const { return m_client; }
    377 
    379  bool m_soft_connected(const char* func_name);
    381  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
    383  int m_run_until(const unsigned target);
    385  unsigned m_update_engine();
    387  int m_get_session_index(const char* host) const;
    388 
    390  void m_print_prefix(const char* func_name, const DebugLevel level) const;
    391 
    393  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
    394 
    396  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
    397 
    399  template<typename T>
    400  void m_print(const T str, const char* func_name, const DebugLevel level) const {
    401  // check the current debug level and serial status
    402  if (level > m_debug || !Serial) return;
    403  // print prefix
    404  m_print_prefix(func_name, level);
    405  // print the message
    406  Serial.println(str);
    407  }
    408 
    410  template<typename T>
    411  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
    412 
    413  template<typename T>
    414  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
    415 
    416  template<typename T>
    417  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
    418 
    419  //============================================
    420  //= Data Members
    421  //============================================
    422  // create a reference the client
    423  Client& m_client;
    424  // also store an array of SSLSessions, so we can resume communication with multiple websites
    425  std::vector<SSLSession> m_sessions;
    426  // as well as the maximmum number of sessions we can store
    427  const size_t m_max_sessions;
    428  // store the pin to fetch an RNG see from
    429  const int m_analog_pin;
    430  // store whether to enable debug logging
    431  const DebugLevel m_debug;
    432  // store if we are connected in bearssl or not
    433  bool m_is_connected;
    434  // store the timeout for SSL internals
    435  unsigned int m_timeout;
    436  // store the context values required for SSL
    437  br_ssl_client_context m_sslctx;
    438  br_x509_minimal_context m_x509ctx;
    439  // use a mono-directional buffer by default to cut memory in half
    440  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
    441  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
    442  // simply edit this value to change the buffer size to the desired value
    443  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
    444  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
    452  unsigned char m_iobuf[2048];
    453  // store the index of where we are writing in the buffer
    454  // so we can send our records all at once to prevent
    455  // weird timing issues
    456  size_t m_write_idx;
    457 };
    458 
    459 #endif
    SSLClient::connected
    uint8_t connected() override
    Check if the device is connected.
    Definition: SSLClient.cpp:256
    +Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    21 #include "Client.h"
    22 #include "SSLSession.h"
    23 #include "SSLClientParameters.h"
    24 #include "SSLObj.h"
    25 #include <vector>
    26 
    27 #ifndef SSLClient_H_
    28 #define SSLClient_H_
    29 
    35 class SSLClient : public Client {
    36 public:
    45  enum Error {
    46  SSL_OK = 0,
    48  SSL_CLIENT_CONNECT_FAIL = 2,
    50  SSL_BR_CONNECT_FAIL = 3,
    52  SSL_CLIENT_WRTIE_ERROR = 4,
    54  SSL_BR_WRITE_ERROR = 5,
    56  SSL_INTERNAL_ERROR = 6,
    58  SSL_OUT_OF_MEMORY = 7
    59  };
    60 
    67  enum DebugLevel {
    69  SSL_NONE = 0,
    71  SSL_ERROR = 1,
    73  SSL_WARN = 2,
    75  SSL_INFO = 3,
    76  };
    77 
    95  explicit SSLClient( Client& client,
    96  const br_x509_trust_anchor *trust_anchors,
    97  const size_t trust_anchors_num,
    98  const int analog_pin,
    99  const size_t max_sessions = 1,
    100  const DebugLevel debug = SSL_WARN);
    101 
    102  //========================================
    103  //= Functions implemented in SSLClient.cpp
    104  //========================================
    105 
    145  int connect(IPAddress ip, uint16_t port) override;
    146 
    183  int connect(const char *host, uint16_t port) override;
    184 
    208  size_t write(const uint8_t *buf, size_t size) override;
    210  size_t write(uint8_t b) override { return write(&b, 1); }
    211 
    230  int available() override;
    231 
    253  int read(uint8_t *buf, size_t size) override;
    258  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
    259 
    268  int peek() override;
    269 
    277  void flush() override;
    278 
    287  void stop() override;
    288 
    302  uint8_t connected() override;
    303 
    304  //========================================
    305  //= Functions Not in the Client Interface
    306  //========================================
    307 
    316  void setMutualAuthParams(const SSLClientParameters* params);
    317 
    332  SSLSession* getSession(const char* host);
    333 
    342  void removeSession(const char* host);
    343 
    349  size_t getSessionCount() const { return m_sessions.size(); }
    350 
    356  operator bool() { return connected() > 0; }
    357 
    359  Client& getClient() { return m_client; }
    360 
    365  void setTimeout(unsigned int t) { m_timeout = t; }
    366 
    371  unsigned int getTimeout() const { return m_timeout; }
    372 
    373 private:
    375  Client& get_arduino_client() { return m_client; }
    376  const Client& get_arduino_client() const { return m_client; }
    377 
    379  bool m_soft_connected(const char* func_name);
    381  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
    383  int m_run_until(const unsigned target);
    385  unsigned m_update_engine();
    387  int m_get_session_index(const char* host) const;
    388 
    390  void m_print_prefix(const char* func_name, const DebugLevel level) const;
    391 
    393  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
    394 
    396  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
    397 
    399  template<typename T>
    400  void m_print(const T str, const char* func_name, const DebugLevel level) const {
    401  // check the current debug level and serial status
    402  if (level > m_debug || !Serial) return;
    403  // print prefix
    404  m_print_prefix(func_name, level);
    405  // print the message
    406  Serial.println(str);
    407  }
    408 
    410  template<typename T>
    411  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
    412 
    413  template<typename T>
    414  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
    415 
    416  template<typename T>
    417  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
    418 
    419  //============================================
    420  //= Data Members
    421  //============================================
    422  // create a reference the client
    423  Client& m_client;
    424  // also store an array of SSLSessions, so we can resume communication with multiple websites
    425  std::vector<SSLSession> m_sessions;
    426  // as well as the maximmum number of sessions we can store
    427  const size_t m_max_sessions;
    428  // store the pin to fetch an RNG see from
    429  const int m_analog_pin;
    430  // store whether to enable debug logging
    431  const DebugLevel m_debug;
    432  // store if we are connected in bearssl or not
    433  bool m_is_connected;
    434  // store the timeout for SSL internals
    435  unsigned int m_timeout;
    436  // store the context values required for SSL
    437  br_ssl_client_context m_sslctx;
    438  br_x509_minimal_context m_x509ctx;
    439  // use a mono-directional buffer by default to cut memory in half
    440  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
    441  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
    442  // simply edit this value to change the buffer size to the desired value
    443  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
    444  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
    452  unsigned char m_iobuf[2048];
    453  // store the index of where we are writing in the buffer
    454  // so we can send our records all at once to prevent
    455  // weird timing issues
    456  size_t m_write_idx;
    457 };
    458 
    459 #endif
    SSLClient::connected
    uint8_t connected() override
    Check if the device is connected.
    Definition: SSLClient.cpp:251
    SSLClient::SSL_OUT_OF_MEMORY
    Definition: SSLClient.h:58
    SSLSession
    This class stores values which allow SSLClient to save and resume SSL sessions.
    Definition: SSLSession.h:51
    SSLClient::setTimeout
    void setTimeout(unsigned int t)
    Set the timeout when waiting for an SSL response.
    Definition: SSLClient.h:365
    SSLClient::SSL_CLIENT_CONNECT_FAIL
    Definition: SSLClient.h:48
    SSLClient::SSL_INFO
    Definition: SSLClient.h:75
    SSLClient::SSL_BR_WRITE_ERROR
    Definition: SSLClient.h:54
    -
    SSLClient::SSLClient
    SSLClient(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)
    Initialize SSLClient with all of the prerequisites needed.
    Definition: SSLClient.cpp:60
    -
    SSLClient::flush
    void flush() override
    Force writing the buffered bytes from SSLClient::write to the network.
    Definition: SSLClient.cpp:223
    -
    SSLClient::getSession
    SSLSession * getSession(const char *host)
    Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
    Definition: SSLClient.cpp:287
    +
    SSLClient::SSLClient
    SSLClient(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)
    Initialize SSLClient with all of the prerequisites needed.
    Definition: SSLClient.cpp:55
    +
    SSLClient::flush
    void flush() override
    Force writing the buffered bytes from SSLClient::write to the network.
    Definition: SSLClient.cpp:218
    +
    SSLClient::getSession
    SSLSession * getSession(const char *host)
    Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
    Definition: SSLClient.cpp:282
    SSLClientParameters
    This struct stores data required for SSLClient to use mutual authentication.
    Definition: SSLClientParameters.h:52
    -
    SSLClient::setMutualAuthParams
    void setMutualAuthParams(const SSLClientParameters *params)
    Add a client certificate and enable support for mutual auth.
    Definition: SSLClient.cpp:311
    -
    SSLClient::available
    int available() override
    Returns the number of bytes available to read from the data that has been received and decrypted.
    Definition: SSLClient.cpp:175
    +
    SSLClient::setMutualAuthParams
    void setMutualAuthParams(const SSLClientParameters *params)
    Add a client certificate and enable support for mutual auth.
    Definition: SSLClient.cpp:306
    +
    SSLClient::available
    int available() override
    Returns the number of bytes available to read from the data that has been received and decrypted.
    Definition: SSLClient.cpp:170
    SSLClient
    The main SSLClient class. Check out README.md for more info.
    Definition: SSLClient.h:35
    SSLClient::SSL_WARN
    Definition: SSLClient.h:73
    -
    SSLClient::stop
    void stop() override
    Close the connection.
    Definition: SSLClient.cpp:229
    +
    SSLClient::stop
    void stop() override
    Close the connection.
    Definition: SSLClient.cpp:224
    SSLClient::SSL_ERROR
    Definition: SSLClient.h:71
    -
    SSLClient::connect
    int connect(IPAddress ip, uint16_t port) override
    Connect over SSL to a host specified by an IP address.
    Definition: SSLClient.cpp:87
    -
    SSLClient::write
    size_t write(const uint8_t *buf, size_t size) override
    Write some bytes to the SSL connection.
    Definition: SSLClient.cpp:132
    +
    SSLClient::connect
    int connect(IPAddress ip, uint16_t port) override
    Connect over SSL to a host specified by an IP address.
    Definition: SSLClient.cpp:82
    +
    SSLClient::write
    size_t write(const uint8_t *buf, size_t size) override
    Write some bytes to the SSL connection.
    Definition: SSLClient.cpp:127
    SSLClient::read
    int read() override
    Read a single byte, or -1 if none is available.
    Definition: SSLClient.h:258
    SSLClient::Error
    Error
    Static constants defining the possible errors encountered.
    Definition: SSLClient.h:45
    SSLClient::SSL_CLIENT_WRTIE_ERROR
    Definition: SSLClient.h:52
    SSLClient::DebugLevel
    DebugLevel
    Level of verbosity used in logging for SSLClient.
    Definition: SSLClient.h:67
    SSLClient::getSessionCount
    size_t getSessionCount() const
    Get the maximum number of SSL sessions that can be stored at once.
    Definition: SSLClient.h:349
    -
    SSLClient::peek
    int peek() override
    View the first byte of the buffer, without removing it from the SSLClient Buffer.
    Definition: SSLClient.cpp:211
    +
    SSLClient::peek
    int peek() override
    View the first byte of the buffer, without removing it from the SSLClient Buffer.
    Definition: SSLClient.cpp:206
    SSLClientParameters.h
    SSLClient::SSL_BR_CONNECT_FAIL
    Definition: SSLClient.h:50
    SSLSession.h
    SSLClient::write
    size_t write(uint8_t b) override
    Definition: SSLClient.h:210
    SSLClient::getClient
    Client & getClient()
    Returns a reference to the client object stored in this class. Take care not to break it.
    Definition: SSLClient.h:359
    -
    SSLClient::removeSession
    void removeSession(const char *host)
    Clear the session corresponding to a host and IP.
    Definition: SSLClient.cpp:300
    +
    SSLClient::removeSession
    void removeSession(const char *host)
    Clear the session corresponding to a host and IP.
    Definition: SSLClient.cpp:295
    SSLClient::getTimeout
    unsigned int getTimeout() const
    Get the timeout when waiting for an SSL response.
    Definition: SSLClient.h:371
    SSLObj.h
    SSLClient::SSL_NONE
    Definition: SSLClient.h:69
    diff --git a/docs/html/_s_s_l_client_parameters_8h.html b/docs/html/_s_s_l_client_parameters_8h.html index dcf4562..5a55ac2 100644 --- a/docs/html/_s_s_l_client_parameters_8h.html +++ b/docs/html/_s_s_l_client_parameters_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_client_parameters_8h_source.html b/docs/html/_s_s_l_client_parameters_8h_source.html index 7782ab4..af183a5 100644 --- a/docs/html/_s_s_l_client_parameters_8h_source.html +++ b/docs/html/_s_s_l_client_parameters_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8cpp.html b/docs/html/_s_s_l_obj_8cpp.html index dd949ae..c8534c5 100644 --- a/docs/html/_s_s_l_obj_8cpp.html +++ b/docs/html/_s_s_l_obj_8cpp.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8h.html b/docs/html/_s_s_l_obj_8h.html index 7a3fa88..a6251c2 100644 --- a/docs/html/_s_s_l_obj_8h.html +++ b/docs/html/_s_s_l_obj_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_obj_8h_source.html b/docs/html/_s_s_l_obj_8h_source.html index 5224fe6..91e6b8c 100644 --- a/docs/html/_s_s_l_obj_8h_source.html +++ b/docs/html/_s_s_l_obj_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_session_8h.html b/docs/html/_s_s_l_session_8h.html index 4017c51..74704ae 100644 --- a/docs/html/_s_s_l_session_8h.html +++ b/docs/html/_s_s_l_session_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_s_s_l_session_8h_source.html b/docs/html/_s_s_l_session_8h_source.html index f86c947..f0f131f 100644 --- a/docs/html/_s_s_l_session_8h_source.html +++ b/docs/html/_s_s_l_session_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_t_l_s12__only__profile_8c.html b/docs/html/_t_l_s12__only__profile_8c.html index 74153aa..b3dbb37 100644 --- a/docs/html/_t_l_s12__only__profile_8c.html +++ b/docs/html/_t_l_s12__only__profile_8c.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/_trust_anchors_8md.html b/docs/html/_trust_anchors_8md.html index da6e691..4b062a2 100644 --- a/docs/html/_trust_anchors_8md.html +++ b/docs/html/_trust_anchors_8md.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/annotated.html b/docs/html/annotated.html index 018732e..a3d9322 100644 --- a/docs/html/annotated.html +++ b/docs/html/annotated.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/cert_8h.html b/docs/html/cert_8h.html index ced538b..08da610 100644 --- a/docs/html/cert_8h.html +++ b/docs/html/cert_8h.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/cert_8h_source.html b/docs/html/cert_8h_source.html index de6ff00..42ec87d 100644 --- a/docs/html/cert_8h_source.html +++ b/docs/html/cert_8h_source.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_client-members.html b/docs/html/class_s_s_l_client-members.html index 136231e..e5da38e 100644 --- a/docs/html/class_s_s_l_client-members.html +++ b/docs/html/class_s_s_l_client-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_client.html b/docs/html/class_s_s_l_client.html index 0a9e1da..079f3f6 100644 --- a/docs/html/class_s_s_l_client.html +++ b/docs/html/class_s_s_l_client.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_session-members.html b/docs/html/class_s_s_l_session-members.html index d035c58..ec7afaa 100644 --- a/docs/html/class_s_s_l_session-members.html +++ b/docs/html/class_s_s_l_session-members.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/class_s_s_l_session.html b/docs/html/class_s_s_l_session.html index 1a1574a..57c9ffb 100644 --- a/docs/html/class_s_s_l_session.html +++ b/docs/html/class_s_s_l_session.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/classes.html b/docs/html/classes.html index 59bf48a..18a590c 100644 --- a/docs/html/classes.html +++ b/docs/html/classes.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html index c9720d1..9b24b34 100644 --- a/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html +++ b/docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html index 24f9953..f375e51 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js index a47c04c..55154a2 100644 --- a/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js +++ b/docs/html/dir_68267d1309a1af8e8297ef4c3efbcdba.js @@ -1,7 +1,7 @@ var dir_68267d1309a1af8e8297ef4c3efbcdba = [ [ "ec_prime_fast_256.c", "ec__prime__fast__256_8c.html", "ec__prime__fast__256_8c" ], - [ "SSLClient.cpp", "_s_s_l_client_8cpp.html", "_s_s_l_client_8cpp" ], + [ "SSLClient.cpp", "_s_s_l_client_8cpp.html", null ], [ "SSLClient.h", "_s_s_l_client_8h.html", [ [ "SSLClient", "class_s_s_l_client.html", "class_s_s_l_client" ] ] ], diff --git a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html index 6c302ee..3cb8b1e 100644 --- a/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html +++ b/docs/html/dir_9c42dc81377249a918256dbb9cfb2167.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html index b81fe87..38f25f1 100644 --- a/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html +++ b/docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html index d5742ed..29b244d 100644 --- a/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html +++ b/docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/ec__prime__fast__256_8c.html b/docs/html/ec__prime__fast__256_8c.html index a3cc4e7..8767b85 100644 --- a/docs/html/ec__prime__fast__256_8c.html +++ b/docs/html/ec__prime__fast__256_8c.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/files.html b/docs/html/files.html index f7dae12..2058c75 100644 --- a/docs/html/files.html +++ b/docs/html/files.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions.html b/docs/html/functions.html index 8ecc386..665c985 100644 --- a/docs/html/functions.html +++ b/docs/html/functions.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_enum.html b/docs/html/functions_enum.html index 20b6fd0..f10ee4c 100644 --- a/docs/html/functions_enum.html +++ b/docs/html/functions_enum.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_eval.html b/docs/html/functions_eval.html index 8bd2041..3ebca65 100644 --- a/docs/html/functions_eval.html +++ b/docs/html/functions_eval.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_func.html b/docs/html/functions_func.html index d2ff505..4cd56f5 100644 --- a/docs/html/functions_func.html +++ b/docs/html/functions_func.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/functions_vars.html b/docs/html/functions_vars.html index f6b963a..77e1787 100644 --- a/docs/html/functions_vars.html +++ b/docs/html/functions_vars.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/globals.html b/docs/html/globals.html index 0ed24c6..4dd9ecb 100644 --- a/docs/html/globals.html +++ b/docs/html/globals.html @@ -30,7 +30,7 @@
    SSLClient -  v1.4.6 +  v1.4.7
    Add TLS 1.2 functionality to any network library.
    @@ -88,9 +88,6 @@ $(document).ready(function(){initNavTree('globals.html','');});
    Here is a list of all file members with links to the files they belong to:
      -
    • __brkval -: SSLClient.cpp -
    • __TIME_DAYS__ : time_macros.h
      • diff --git a/docs/html/globals_defs.html b/docs/html/globals_defs.html index 303137a..6e00765 100644 --- a/docs/html/globals_defs.html +++ b/docs/html/globals_defs.html @@ -30,7 +30,7 @@
      SSLClient -  v1.4.6 +  v1.4.7
      Add TLS 1.2 functionality to any network library.
      diff --git a/docs/html/globals_func.html b/docs/html/globals_func.html index 3631b47..c559d52 100644 --- a/docs/html/globals_func.html +++ b/docs/html/globals_func.html @@ -30,7 +30,7 @@
      SSLClient -  v1.4.6 +  v1.4.7
      Add TLS 1.2 functionality to any network library.
      diff --git a/docs/html/globals_vars.html b/docs/html/globals_vars.html index 272494e..9cbe008 100644 --- a/docs/html/globals_vars.html +++ b/docs/html/globals_vars.html @@ -30,7 +30,7 @@
      SSLClient -  v1.4.6 +  v1.4.7
      Add TLS 1.2 functionality to any network library.
      @@ -88,9 +88,6 @@ $(document).ready(function(){initNavTree('globals_vars.html','');});
       
        -
      • __brkval -: SSLClient.cpp -
      • br_ec_prime_fast_256 : ec_prime_fast_256.c
        • diff --git a/docs/html/hierarchy.html b/docs/html/hierarchy.html index 20f90ea..b123abe 100644 --- a/docs/html/hierarchy.html +++ b/docs/html/hierarchy.html @@ -30,7 +30,7 @@
        SSLClient -  v1.4.6 +  v1.4.7
        Add TLS 1.2 functionality to any network library.
        diff --git a/docs/html/index.html b/docs/html/index.html index 9b90264..9e50380 100644 --- a/docs/html/index.html +++ b/docs/html/index.html @@ -30,7 +30,7 @@
        SSLClient -  v1.4.6 +  v1.4.7
        Add TLS 1.2 functionality to any network library.
        @@ -96,6 +96,7 @@ $(document).ready(function(){initNavTree('index.html','');});

        SSLClient requires at least 110kb flash and 7kb RAM, and will not compile otherwise. This means that most Arduino boards are not supported. Check your board's specifications before attempting to use this library.

        You can also view this README in doxygen.

        SSLClient is a simple library to add TLS 1.2 functionality to any network library implementing the Arduino Client interface, including the Arduino EthernetClient and WiFiClient classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it.

        +

        SSLClient has been tested on the SAMD21, ESP32, and STM32 (in progress). SSClient does not currently support the ESP8266 (see this issue).

        Overview

        Using SSLClient should be similar to using any other Arduino-based Client class, since this library was developed around compatibility with EthernetClient. There are a few extra things, however, that you will need to get started:

          diff --git a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html index cf764ef..36fb4df 100644 --- a/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html +++ b/docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/namespace_s_s_l_obj.html b/docs/html/namespace_s_s_l_obj.html index ecb8ff8..5d3af7a 100644 --- a/docs/html/namespace_s_s_l_obj.html +++ b/docs/html/namespace_s_s_l_obj.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/namespacemembers.html b/docs/html/namespacemembers.html index ce98c51..53d7762 100644 --- a/docs/html/namespacemembers.html +++ b/docs/html/namespacemembers.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/namespacemembers_func.html b/docs/html/namespacemembers_func.html index f1b956c..46f8a15 100644 --- a/docs/html/namespacemembers_func.html +++ b/docs/html/namespacemembers_func.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/namespaces.html b/docs/html/namespaces.html index 04490c1..edad91b 100644 --- a/docs/html/namespaces.html +++ b/docs/html/namespaces.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/navtreeindex0.js b/docs/html/navtreeindex0.js index 55158e2..0dde6b3 100644 --- a/docs/html/navtreeindex0.js +++ b/docs/html/navtreeindex0.js @@ -1,7 +1,6 @@ var NAVTREEINDEX0 = { "_s_s_l_client_8cpp.html":[3,0,2,1], -"_s_s_l_client_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56":[3,0,2,1,0], "_s_s_l_client_8h.html":[3,0,2,2], "_s_s_l_client_8h_source.html":[3,0,2,2], "_s_s_l_client_parameters_8h.html":[3,0,2,3], diff --git a/docs/html/pages.html b/docs/html/pages.html index c0a2370..73a881b 100644 --- a/docs/html/pages.html +++ b/docs/html/pages.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/search/all_0.js b/docs/html/search/all_0.js index 312f869..7708a75 100644 --- a/docs/html/search/all_0.js +++ b/docs/html/search/all_0.js @@ -1,6 +1,5 @@ var searchData= [ - ['_5f_5fbrkval',['__brkval',['../_s_s_l_client_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56',1,'SSLClient.cpp']]], ['_5f_5ftime_5fdays_5f_5f',['__TIME_DAYS__',['../time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf',1,'time_macros.h']]], ['_5f_5ftime_5fhours_5f_5f',['__TIME_HOURS__',['../time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4',1,'time_macros.h']]], ['_5f_5ftime_5fminutes_5f_5f',['__TIME_MINUTES__',['../time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8',1,'time_macros.h']]], diff --git a/docs/html/search/searchdata.js b/docs/html/search/searchdata.js index cec0612..a1efc7e 100644 --- a/docs/html/search/searchdata.js +++ b/docs/html/search/searchdata.js @@ -5,7 +5,7 @@ var indexSectionsWithContent = 2: "s", 3: "cerst", 4: "abcfgmoprstw", - 5: "_bceiv", + 5: "bceiv", 6: "de", 7: "s", 8: "_cgpstu", diff --git a/docs/html/search/variables_0.js b/docs/html/search/variables_0.js index 631745b..814f51b 100644 --- a/docs/html/search/variables_0.js +++ b/docs/html/search/variables_0.js @@ -1,4 +1,4 @@ var searchData= [ - ['_5f_5fbrkval',['__brkval',['../_s_s_l_client_8cpp.html#ad193a2cc121e0d4614a1c21eb463fb56',1,'SSLClient.cpp']]] + ['br_5fec_5fprime_5ffast_5f256',['br_ec_prime_fast_256',['../ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab',1,'ec_prime_fast_256.c']]] ]; diff --git a/docs/html/search/variables_1.js b/docs/html/search/variables_1.js index 814f51b..faff15d 100644 --- a/docs/html/search/variables_1.js +++ b/docs/html/search/variables_1.js @@ -1,4 +1,5 @@ var searchData= [ - ['br_5fec_5fprime_5ffast_5f256',['br_ec_prime_fast_256',['../ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab',1,'ec_prime_fast_256.c']]] + ['chain_5flen',['chain_len',['../struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2',1,'SSLClientParameters']]], + ['client_5fcert_5fchain',['client_cert_chain',['../struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95',1,'SSLClientParameters']]] ]; diff --git a/docs/html/search/variables_2.js b/docs/html/search/variables_2.js index faff15d..eb3b769 100644 --- a/docs/html/search/variables_2.js +++ b/docs/html/search/variables_2.js @@ -1,5 +1,4 @@ var searchData= [ - ['chain_5flen',['chain_len',['../struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2',1,'SSLClientParameters']]], - ['client_5fcert_5fchain',['client_cert_chain',['../struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95',1,'SSLClientParameters']]] + ['ec_5fkey',['ec_key',['../struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449',1,'SSLClientParameters']]] ]; diff --git a/docs/html/search/variables_3.js b/docs/html/search/variables_3.js index eb3b769..2d07945 100644 --- a/docs/html/search/variables_3.js +++ b/docs/html/search/variables_3.js @@ -1,4 +1,4 @@ var searchData= [ - ['ec_5fkey',['ec_key',['../struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449',1,'SSLClientParameters']]] + ['index',['index',['../structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3',1,'ssl_pem_decode_state']]] ]; diff --git a/docs/html/search/variables_4.js b/docs/html/search/variables_4.js index 2d07945..a18bd2a 100644 --- a/docs/html/search/variables_4.js +++ b/docs/html/search/variables_4.js @@ -1,4 +1,4 @@ var searchData= [ - ['index',['index',['../structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3',1,'ssl_pem_decode_state']]] + ['vect',['vect',['../structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9',1,'ssl_pem_decode_state']]] ]; diff --git a/docs/html/struct_s_s_l_client_parameters-members.html b/docs/html/struct_s_s_l_client_parameters-members.html index 17b2d29..b326fb4 100644 --- a/docs/html/struct_s_s_l_client_parameters-members.html +++ b/docs/html/struct_s_s_l_client_parameters-members.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/struct_s_s_l_client_parameters.html b/docs/html/struct_s_s_l_client_parameters.html index 378f2f4..c889f7c 100644 --- a/docs/html/struct_s_s_l_client_parameters.html +++ b/docs/html/struct_s_s_l_client_parameters.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/structssl__pem__decode__state-members.html b/docs/html/structssl__pem__decode__state-members.html index aa97d7a..de3d26c 100644 --- a/docs/html/structssl__pem__decode__state-members.html +++ b/docs/html/structssl__pem__decode__state-members.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/structssl__pem__decode__state.html b/docs/html/structssl__pem__decode__state.html index d83b13e..df3c8e2 100644 --- a/docs/html/structssl__pem__decode__state.html +++ b/docs/html/structssl__pem__decode__state.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/time__macros_8h.html b/docs/html/time__macros_8h.html index e83dae8..7709738 100644 --- a/docs/html/time__macros_8h.html +++ b/docs/html/time__macros_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/time__macros_8h_source.html b/docs/html/time__macros_8h_source.html index 3438408..aca40e9 100644 --- a/docs/html/time__macros_8h_source.html +++ b/docs/html/time__macros_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/trust__anchors_8h.html b/docs/html/trust__anchors_8h.html index 051c11e..421a2de 100644 --- a/docs/html/trust__anchors_8h.html +++ b/docs/html/trust__anchors_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/trust__anchors_8h_source.html b/docs/html/trust__anchors_8h_source.html index 2d6add6..fb9291f 100644 --- a/docs/html/trust__anchors_8h_source.html +++ b/docs/html/trust__anchors_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/trustanchors_8h.html b/docs/html/trustanchors_8h.html index 0602f16..63a48c3 100644 --- a/docs/html/trustanchors_8h.html +++ b/docs/html/trustanchors_8h.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/docs/html/trustanchors_8h_source.html b/docs/html/trustanchors_8h_source.html index c5088dd..b4cd9a0 100644 --- a/docs/html/trustanchors_8h_source.html +++ b/docs/html/trustanchors_8h_source.html @@ -30,7 +30,7 @@
          SSLClient -  v1.4.6 +  v1.4.7
          Add TLS 1.2 functionality to any network library.
          diff --git a/library.properties b/library.properties index bc8cd08..e345065 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.4.6 +version=1.4.7 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class diff --git a/src/SSLClient.cpp b/src/SSLClient.cpp index 0b09baa..1d62fea 100644 --- a/src/SSLClient.cpp +++ b/src/SSLClient.cpp @@ -30,13 +30,10 @@ static constexpr auto VECTKEY_MASK = (0x0000ffffUL); (*(uint32_t*)0xe000ed0cUL)=((*(uint32_t*)0xe000ed0cUL)&VECTKEY_MASK)|VECTKEY|SYSRESETREQ; while(1) { } } -#endif #ifdef __arm__ // should use uinstd.h to define sbrk but Due causes a conflict extern "C" char* sbrk(int incr); -#elif defined(ESP8266) // esp8266 -#define SYSTEM_STACK_END_ADDRESS 0x3FFFC000 #else // __ARM__ extern char *__brkval; #endif // __arm__ @@ -46,15 +43,13 @@ static int freeMemory() { char top; #ifdef __arm__ return &top - reinterpret_cast(sbrk(0)); -#elif defined(ESP8266) // ESP8266 - register volatile uint32_t stackAddress asm("a1"); - return stackAddress-SYSTEM_STACK_END_ADDRESS; #elif defined(CORE_TEENSY) || (ARDUINO > 103 && ARDUINO != 151) return &top - __brkval; #else // __arm__ return __brkval ? &top - __brkval : &top - __malloc_heap_start; #endif // __arm__ } +#endif // ARDUINO_ARCH_SAMD /* see SSLClient.h */ SSLClient::SSLClient( Client& client, @@ -565,8 +560,8 @@ unsigned SSLClient::m_update_engine() { // do we have the record you're looking for? const auto avail = get_arduino_client().available(); if (avail > 0) { - int mem = freeMemory(); #if defined(ARDUINO_ARCH_SAMD) + int mem = freeMemory(); // check for a stack overflow // if the stack overflows we basically have to crash, and // hope the user is ok with that @@ -576,7 +571,6 @@ unsigned SSLClient::m_update_engine() { // software reset RESET(); } -#endif // debug info m_info("Memory: ", func_name); m_info(mem, func_name); @@ -590,6 +584,7 @@ unsigned SSLClient::m_update_engine() { stop(); return 0; } +#endif // I suppose so! int rlen = get_arduino_client().read(buf, avail < len ? avail : len); if (rlen <= 0) { From c045607b39219fe3b71d1cc80a2bd85b2af5666d Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Fri, 10 Jan 2020 17:04:37 -0800 Subject: [PATCH 045/141] Clarification edits for trust anchor generation --- TrustAnchors.md | 6 +++--- tools/pycert_bearssl/pycert_bearssl.py | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/TrustAnchors.md b/TrustAnchors.md index 05cfa30..f9b7eb6 100644 --- a/TrustAnchors.md +++ b/TrustAnchors.md @@ -43,11 +43,11 @@ A full example of a trust anchor header can be found in [this file](./readme/cer For HTTPS, there a couple of tools you can use. Ordered from easiest to hardest: * [This website, written to simplify the creation of trust anchor headers](https://openslab-osu.github.io/bearssl-certificate-utility/). Simply plug and play. * [pycert_bearssl](./tools/pycert_bearssl/pycert_bearssl.py), a command line utility based on a [pycert](https://learn.adafruit.com/introducing-the-adafruit-wiced-feather-wifi/pycert-dot-py). You will need to install Python 3, and follow the instructions in the [pycert_bearssl.py file](./tools/pycert_bearssl/pycert_bearssl.py). You'll want to use the `pycert_bearssl.py download` command once the utility is set up. -* The brssl command line utility, included in the [BearSSL source](https://bearssl.org/gitweb/?p=BearSSL;a=blob_plain;f=tools/brssl.h;hb=HEAD). You will need to compile this file yourself. +* The `brssl` command line utility, included in the [BearSSL source](https://bearssl.org/gitweb/?p=BearSSL;a=blob_plain;f=tools/brssl.h;hb=HEAD). You will need to compile this file yourself. ### Other Connections -For other kinds of SSL connections, you will need to find the root certificate being used by your host. You can check out [this StackExchange post](https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file) for numerous methods of acquiring this certificate from a server. If these methods are not sufficient, you may need to request this certificate from your network administrator. Once you have the certificate, convert it to PEM format if needed (I use [this website](https://www.sslshopper.com/ssl-converter.html)), and use the `pycert_bearssl.py convert` command to convert the certificate into a trust anchor header. +For other kinds of SSL connections, you will need to find the root certificate being used by your host. You can check out [this StackExchange post](https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file) for numerous methods of acquiring this certificate from a server. If these methods are not sufficient, you may need to request this certificate from your network administrator. Once you have the certificate, convert it to PEM format if needed (I use [this website](https://www.sslshopper.com/ssl-converter.html)), and use the `pycert_bearssl.py convet --no-search` command to convert the certificate into a trust anchor header. ## Using Trust Anchors @@ -55,7 +55,7 @@ Once you've generated a trust anchor array, add it to your Arduino sketch using ```C++ #include "yourtrustanchorfile.h" // ... -SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin); +SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin); // ... ``` Where `yourtrustanchorfile.h` contains a generated trust anchor array names `TAs`, with length `TAs_NUM`. BearSSL will now automatically use these trust anchors when `SSLClient::connect` is called. \ No newline at end of file diff --git a/tools/pycert_bearssl/pycert_bearssl.py b/tools/pycert_bearssl/pycert_bearssl.py index 392838e..475c59c 100644 --- a/tools/pycert_bearssl/pycert_bearssl.py +++ b/tools/pycert_bearssl/pycert_bearssl.py @@ -69,7 +69,7 @@ def download(port, cert_var, cert_length_var, output, use_store, keep_dupes, dom Note that the certificates will be validated before they are downloaded! """ # if array is emptey, exit - if len(domain) is 0: + if len(domain) == 0: return # prepare the root certificate store cert_obj_store = cert_util.parse_root_certificate_store(use_store) @@ -100,8 +100,8 @@ def download(port, cert_var, cert_length_var, output, use_store, keep_dupes, dom help='the location of the .pem file containing a list of trusted root certificates (default: use certifi.where())') @click.option('--keep-dupes', '-d', is_flag=True, default=False, help='write all certs including any duplicates (default: remove duplicates)') -@click.option('--no-verify', '-n', is_flag=True, default=False, - help='Do not attempt to match a root certificate to the provided PEM files') +@click.option('--no-search', '-n', is_flag=True, default=False, + help='Do not attempt to search for a root certificate to the provided PEM files, instead treat the PEM files as the root certificates') @click.argument('cert', type=click.File('r'), nargs=-1) def convert(cert_var, cert_length_var, output, use_store, keep_dupes, no_verify, cert): """Convert PEM certificates into a C header that can be imported into a @@ -117,7 +117,7 @@ def convert(cert_var, cert_length_var, output, use_store, keep_dupes, no_verify, pycert convert foo.pem bar.pem """ # if array is emptey, exit - if len(cert) is 0: + if len(cert) == 0: return # prepare root certificate store cert_obj_store = cert_util.parse_root_certificate_store(use_store) From c8030dfe4e7436a9694cece3c1a9f1bc98610e93 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Fri, 10 Jan 2020 17:05:29 -0800 Subject: [PATCH 046/141] remove old template reference in trustanchors guide --- TrustAnchors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TrustAnchors.md b/TrustAnchors.md index f9b7eb6..539b696 100644 --- a/TrustAnchors.md +++ b/TrustAnchors.md @@ -55,7 +55,7 @@ Once you've generated a trust anchor array, add it to your Arduino sketch using ```C++ #include "yourtrustanchorfile.h" // ... -SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin); +SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin); // ... ``` Where `yourtrustanchorfile.h` contains a generated trust anchor array names `TAs`, with length `TAs_NUM`. BearSSL will now automatically use these trust anchors when `SSLClient::connect` is called. \ No newline at end of file From 32eec1d4294826cfa2a70a1cc7ebf40bf67ec205 Mon Sep 17 00:00:00 2001 From: Alberto Panu Date: Fri, 7 Feb 2020 00:50:32 +0100 Subject: [PATCH 047/141] Tested the library with TI Tiva C TM4C1294 I have tested the lib on EK-TM4C1294XL Tiva C evaluation board and it works. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 027f60f..1576632 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ You can also view this README in [doxygen](https://openslab-osu.github.io/SSLCli SSLClient is a simple library to add [TLS 1.2](https://www.websecurity.symantec.com/security-topics/what-is-ssl-tls-https) functionality to any network library implementing the [Arduino Client interface](https://www.arduino.cc/en/Reference/ClientConstructor), including the Arduino [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient) and [WiFiClient](https://www.arduino.cc/en/Reference/WiFiClient) classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. -SSLClient has been tested on the SAMD21, ESP32, and STM32 (in progress). SSClient does not currently support the ESP8266 (see [this issue](https://github.com/OPEnSLab-OSU/SSLClient/issues/5#issuecomment-569968546)). +SSLClient has been tested on the SAMD21, ESP32, TIVA C, and STM32 (in progress). SSClient does not currently support the ESP8266 (see [this issue](https://github.com/OPEnSLab-OSU/SSLClient/issues/5#issuecomment-569968546)). ## Overview From eeeb385e33b0d20096a9728cad37e9ba1a4f0145 Mon Sep 17 00:00:00 2001 From: Alberto Panu Date: Fri, 7 Feb 2020 01:08:21 +0100 Subject: [PATCH 048/141] Added tivac architecture --- .travis/library.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis/library.properties b/.travis/library.properties index 3bc0cad..a69a9fe 100644 --- a/.travis/library.properties +++ b/.travis/library.properties @@ -6,7 +6,7 @@ sentence=Arduino library to add SSL functionality to any Client class paragraph=including the Arduino EthernetClient and WiFiClient classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. category=Communication url=https://github.com/OPEnSLab-OSU/SSLClient -architectures=samd +architectures=samd,tivac includes=SSLClient.h precompiled=true -ldflags=-lSSLClient \ No newline at end of file +ldflags=-lSSLClient From 8b554f21451f961e79f3e2ebd2b2bb48e9d0d03f Mon Sep 17 00:00:00 2001 From: Alberto Panu Date: Fri, 7 Feb 2020 01:09:08 +0100 Subject: [PATCH 049/141] Added tivac architecture --- library.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library.properties b/library.properties index e345065..abaccf9 100644 --- a/library.properties +++ b/library.properties @@ -6,6 +6,6 @@ sentence=Arduino library to add SSL functionality to any Client class paragraph=including the Arduino EthernetClient and WiFiClient classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. category=Communication url=https://github.com/OPEnSLab-OSU/SSLClient -architectures=samd +architectures=samd,tivac includes=SSLClient.h -dot_a_linkage=true \ No newline at end of file +dot_a_linkage=true From 65eb61d27c9cda8b90f430b4301ca99c8fb23628 Mon Sep 17 00:00:00 2001 From: Alberto Panu Date: Fri, 7 Feb 2020 01:15:34 +0100 Subject: [PATCH 050/141] Added sample for Texas Instruments Tiva C TM4C1294 Tested on EK-TM4C1294XL board with Energia 1.8.11E23 --- .../EthernetHTTPStivac/EthernetHTTPStivac.ino | 161 ++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 examples/EthernetHTTPStivac/EthernetHTTPStivac.ino diff --git a/examples/EthernetHTTPStivac/EthernetHTTPStivac.ino b/examples/EthernetHTTPStivac/EthernetHTTPStivac.ino new file mode 100644 index 0000000..b1f52da --- /dev/null +++ b/examples/EthernetHTTPStivac/EthernetHTTPStivac.ino @@ -0,0 +1,161 @@ +/* + Web client + + This sketch connects to a website (http://www.arduino.cc/asciilogo.txt) + using an Arduino Wiznet Ethernet shield. + + Circuit: + * Ethernet shield attached to pins 10, 11, 12, 13 + + created 18 Dec 2009 + by David A. Mellis + modified 9 Apr 2012 + by Noah Koontz, based on work by Adrian McEwen and Tom Igoe + + */ + + // NOTE: This example REQUIRES the EthernetLarge library. + // You can get it here: https://github.com/OPEnSLab-OSU/EthernetLarge + +#include +//#include +#include "Ethernet.h" +#include +#include "trust_anchors.h" + +#define BUFFLEN 80 + +// Enter a MAC address for your controller below. +// Newer Ethernet shields have a MAC address printed on a sticker on the shield +// byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED }; +// With Tiva C the mac address could be changed with LM Flash Programmer + +// if you don't want to use DNS (and reduce your sketch size) +// use the numeric IP instead of the name for the server: +//IPAddress server(54,85,55,79); // numeric IP for Google (no DNS) +const char server[] = "www.arduino.cc"; // name address for Arduino (using DNS) +const char server_host[] = "www.arduino.cc"; // leave this alone, change only above two + +// Set the static IP address to use if the DHCP fails to assign +IPAddress ip(192,168,2,177); +IPAddress myDns(8, 8, 8, 8); +IPAddress gw = IPAddress(192,168,2,1); +IPAddress mask = IPAddress(255,255,255,0); + +// Choose the analog pin to get semi-random data from for SSL +// Pick a pin that's not connected or attached to a randomish voltage source +const int rand_pin = A5; + +// Initialize the SSL client library +// We input an EthernetClient, our trust anchors, and the analog pin +EthernetClient base_client; +SSLClient client(base_client, TAs, (size_t)TAs_NUM, rand_pin); +// Variables to measure the speed +unsigned long beginMicros, endMicros; +unsigned long byteCount = 0; +bool printWebData = true; // set to false for better speed measurement + +void setup() { + // You can use Ethernet.init(pin) to configure the CS pin + //Ethernet.init(10); // Most Arduino shields + //Ethernet.init(5); // MKR ETH shield + //Ethernet.init(0); // Teensy 2.0 + //Ethernet.init(20); // Teensy++ 2.0 + //Ethernet.init(15); // ESP8266 with Adafruit Featherwing Ethernet + //Ethernet.init(33); // ESP32 with Adafruit Featherwing Ethernet + + // Open serial communications and wait for port to open: + Serial.begin(115200); + while (!Serial) { + ; // wait for serial port to connect. Needed for native USB port only + } + + // start the Ethernet connection: + Serial.println(F("Initialize Ethernet with DHCP:")); + //if (Ethernet.begin(mac) == 0) { + if (Ethernet.begin(0) == 0) { + Serial.println(F("Failed to configure Ethernet using DHCP")); + // Check for Ethernet hardware present +/* if (Ethernet.hardwareStatus() == EthernetNoHardware) { + Serial.println("Ethernet shield was not found. Sorry, can't run without hardware. :("); + while (true) { + delay(1); // do nothing, no point running without Ethernet hardware + } + }*/ +/* if (Ethernet.linkStatus() == LinkOFF) { + Serial.println("Ethernet cable is not connected."); + }*/ + // try to configure using IP address instead of DHCP: + //Ethernet.begin(mac, ip, myDns); + Ethernet.begin(0, ip, myDns, gw, mask); + } else { + Serial.print(F(" DHCP assigned IP ")); + Serial.println(Ethernet.localIP()); + } + // give the Ethernet shield a second to initialize: + delay(2000); + + Serial.print(F("connecting to ")); + Serial.print(server); + Serial.println(F("...")); + + // if you get a connection, report back via serial: + auto start = millis(); + // specify the server and port, 443 is the standard port for HTTPS + if (client.connect(server, 443)) { + auto time = millis() - start; + Serial.print(F("Took: ")); + Serial.println(time); + // Make a HTTP request: + client.println(F("GET /asciilogo.txt HTTP/1.1")); + client.println(F("User-Agent: SSLClientOverEthernet")); + client.print(F("Host: ")); + client.println(server_host); + client.println(F("Connection: close")); + client.println(); + } else { + // if you didn't get a connection to the server: + Serial.println(F("connection failed")); + } + beginMicros = micros(); +} + +void loop() { + // if there are incoming bytes available + // from the server, read them and print them: + int len = client.available(); + while (len > 0) { + //if (len > 0) { + byte buffer[BUFFLEN]; + if (len > BUFFLEN) len = BUFFLEN; + client.read(buffer, len); + if (printWebData) { + Serial.write(buffer, len); // show in the serial monitor (slows some boards) + } + byteCount = byteCount + len; + len = client.available(); + } + + // if the server's disconnected, stop the client: + if (!client.connected()) { + endMicros = micros(); + Serial.println(); + Serial.println(F("disconnecting.")); + client.stop(); + Serial.print(F("Received ")); + Serial.print(byteCount); + Serial.print(F(" bytes in ")); + float seconds = (float)(endMicros - beginMicros) / 1000000.0; + Serial.print(seconds, 4); + float rate = (float)byteCount / seconds / 1000.0; + Serial.print(F(", rate = ")); + Serial.print(rate); + Serial.print(F(" kbytes/second")); + Serial.println(); + + // do nothing forevermore: + while (true) { + delay(1); + } + } +} From 39e5211178cdf20717e20a66363b95038e7a055f Mon Sep 17 00:00:00 2001 From: Alberto Panu Date: Fri, 7 Feb 2020 01:16:08 +0100 Subject: [PATCH 051/141] Create trust_anchors.h --- examples/EthernetHTTPStivac/trust_anchors.h | 80 +++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 examples/EthernetHTTPStivac/trust_anchors.h diff --git a/examples/EthernetHTTPStivac/trust_anchors.h b/examples/EthernetHTTPStivac/trust_anchors.h new file mode 100644 index 0000000..c456e9b --- /dev/null +++ b/examples/EthernetHTTPStivac/trust_anchors.h @@ -0,0 +1,80 @@ +#ifndef _CERTIFICATES_H_ +#define _CERTIFICATES_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + +/* This file is auto-generated by the pycert_bearssl tool. Do not change it manually. + * Certificates are BearSSL br_x509_trust_anchor format. Included certs: + * + * Index: 0 + * Label: AddTrust External CA Root + * Subject: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root + * Domain(s): www.arduino.cc + */ + +#define TAs_NUM 1 + +static const unsigned char TA_DN0[] = { + 0x30, 0x6f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x53, 0x45, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x41, + 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, + 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, + 0x20, 0x52, 0x6f, 0x6f, 0x74, +}; + +static const unsigned char TA_RSA_N0[] = { + 0xb7, 0xf7, 0x1a, 0x33, 0xe6, 0xf2, 0x00, 0x04, 0x2d, 0x39, 0xe0, 0x4e, + 0x5b, 0xed, 0x1f, 0xbc, 0x6c, 0x0f, 0xcd, 0xb5, 0xfa, 0x23, 0xb6, 0xce, + 0xde, 0x9b, 0x11, 0x33, 0x97, 0xa4, 0x29, 0x4c, 0x7d, 0x93, 0x9f, 0xbd, + 0x4a, 0xbc, 0x93, 0xed, 0x03, 0x1a, 0xe3, 0x8f, 0xcf, 0xe5, 0x6d, 0x50, + 0x5a, 0xd6, 0x97, 0x29, 0x94, 0x5a, 0x80, 0xb0, 0x49, 0x7a, 0xdb, 0x2e, + 0x95, 0xfd, 0xb8, 0xca, 0xbf, 0x37, 0x38, 0x2d, 0x1e, 0x3e, 0x91, 0x41, + 0xad, 0x70, 0x56, 0xc7, 0xf0, 0x4f, 0x3f, 0xe8, 0x32, 0x9e, 0x74, 0xca, + 0xc8, 0x90, 0x54, 0xe9, 0xc6, 0x5f, 0x0f, 0x78, 0x9d, 0x9a, 0x40, 0x3c, + 0x0e, 0xac, 0x61, 0xaa, 0x5e, 0x14, 0x8f, 0x9e, 0x87, 0xa1, 0x6a, 0x50, + 0xdc, 0xd7, 0x9a, 0x4e, 0xaf, 0x05, 0xb3, 0xa6, 0x71, 0x94, 0x9c, 0x71, + 0xb3, 0x50, 0x60, 0x0a, 0xc7, 0x13, 0x9d, 0x38, 0x07, 0x86, 0x02, 0xa8, + 0xe9, 0xa8, 0x69, 0x26, 0x18, 0x90, 0xab, 0x4c, 0xb0, 0x4f, 0x23, 0xab, + 0x3a, 0x4f, 0x84, 0xd8, 0xdf, 0xce, 0x9f, 0xe1, 0x69, 0x6f, 0xbb, 0xd7, + 0x42, 0xd7, 0x6b, 0x44, 0xe4, 0xc7, 0xad, 0xee, 0x6d, 0x41, 0x5f, 0x72, + 0x5a, 0x71, 0x08, 0x37, 0xb3, 0x79, 0x65, 0xa4, 0x59, 0xa0, 0x94, 0x37, + 0xf7, 0x00, 0x2f, 0x0d, 0xc2, 0x92, 0x72, 0xda, 0xd0, 0x38, 0x72, 0xdb, + 0x14, 0xa8, 0x45, 0xc4, 0x5d, 0x2a, 0x7d, 0xb7, 0xb4, 0xd6, 0xc4, 0xee, + 0xac, 0xcd, 0x13, 0x44, 0xb7, 0xc9, 0x2b, 0xdd, 0x43, 0x00, 0x25, 0xfa, + 0x61, 0xb9, 0x69, 0x6a, 0x58, 0x23, 0x11, 0xb7, 0xa7, 0x33, 0x8f, 0x56, + 0x75, 0x59, 0xf5, 0xcd, 0x29, 0xd7, 0x46, 0xb7, 0x0a, 0x2b, 0x65, 0xb6, + 0xd3, 0x42, 0x6f, 0x15, 0xb2, 0xb8, 0x7b, 0xfb, 0xef, 0xe9, 0x5d, 0x53, + 0xd5, 0x34, 0x5a, 0x27, +}; + +static const unsigned char TA_RSA_E0[] = { + 0x01, 0x00, 0x01, +}; + +static const br_x509_trust_anchor TAs[] = { + { + { (unsigned char *)TA_DN0, sizeof TA_DN0 }, + BR_X509_TA_CA, + { + BR_KEYTYPE_RSA, + { .rsa = { + (unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0, + (unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0, + } } + } + }, +}; + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* ifndef _CERTIFICATES_H_ */ From 089f842558678e03edb2a549ae92f2a2864ecd8b Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Fri, 7 Feb 2020 12:30:46 -0800 Subject: [PATCH 052/141] Upgrade bearssl to acc70b1be60a6f321e2da618cd35d901b1a598a4 --- src/SSLClient.cpp | 11 +- src/bearssl/src/ec/ec_all_m31.c | 50 + src/bearssl/src/ec/ec_c25519_i15.c | 12 +- src/bearssl/src/ec/ec_c25519_i31.c | 17 +- src/bearssl/src/ec/ec_c25519_m15.c | 12 +- src/bearssl/src/ec/ec_c25519_m31.c | 105 +- src/bearssl/src/ec/ec_c25519_m62.c | 605 +++++++ src/bearssl/src/ec/ec_c25519_m64.c | 831 +++++++++ src/bearssl/src/ec/ec_p256_m15.c | 2 +- src/bearssl/src/ec/ec_p256_m31.c | 2 +- src/bearssl/src/ec/ec_p256_m62.c | 1765 ++++++++++++++++++++ src/bearssl/src/ec/ec_p256_m64.c | 1730 +++++++++++++++++++ src/bearssl/src/int/i31_montmul.c | 44 +- src/bearssl/src/int/i31_mulacc.c | 13 + src/bearssl/src/int/i32_mulacc.c | 4 + src/bearssl/src/kdf/shake.c | 590 +++++++ src/bearssl/src/rand/sysrng.c | 91 +- src/bearssl/src/rsa/rsa_default_pss_sign.c | 38 + src/bearssl/src/rsa/rsa_default_pss_vrfy.c | 38 + src/bearssl/src/rsa/rsa_i15_keygen.c | 6 +- src/bearssl/src/rsa/rsa_i15_modulus.c | 2 +- src/bearssl/src/rsa/rsa_i15_pss_sign.c | 40 + src/bearssl/src/rsa/rsa_i15_pss_vrfy.c | 44 + src/bearssl/src/rsa/rsa_i31_keygen_inner.c | 6 +- src/bearssl/src/rsa/rsa_i31_modulus.c | 2 +- src/bearssl/src/rsa/rsa_i31_pss_sign.c | 40 + src/bearssl/src/rsa/rsa_i31_pss_vrfy.c | 44 + src/bearssl/src/rsa/rsa_i32_pss_sign.c | 40 + src/bearssl/src/rsa/rsa_i32_pss_vrfy.c | 44 + src/bearssl/src/rsa/rsa_i62_pss_sign.c | 60 + src/bearssl/src/rsa/rsa_i62_pss_vrfy.c | 64 + src/bearssl/src/rsa/rsa_pss_sig_pad.c | 106 ++ src/bearssl/src/rsa/rsa_pss_sig_unpad.c | 121 ++ src/bearssl/src/ssl/ssl_client_full.c | 1 - src/bearssl/src/ssl/ssl_engine.c | 15 + src/bearssl/src/ssl/ssl_io.c | 12 +- src/bearssl/src/x509/asn1.t0 | 2 +- src/bearssl/src/x509/skey_decoder.c | 2 +- src/bearssl/src/x509/skey_decoder.t0 | 2 +- src/bearssl/src/x509/x509_minimal.c | 2 +- src/bearssl/src/x509/x509_minimal.t0 | 2 +- src/bearssl_ec.h | 86 +- src/bearssl_hash.h | 4 +- src/bearssl_kdf.h | 99 ++ src/bearssl_rsa.h | 313 +++- src/bearssl_ssl.h | 22 +- src/config.h | 29 +- src/inner.h | 53 +- 48 files changed, 7091 insertions(+), 132 deletions(-) create mode 100644 src/bearssl/src/ec/ec_c25519_m62.c create mode 100644 src/bearssl/src/ec/ec_c25519_m64.c create mode 100644 src/bearssl/src/ec/ec_p256_m62.c create mode 100644 src/bearssl/src/ec/ec_p256_m64.c create mode 100644 src/bearssl/src/kdf/shake.c create mode 100644 src/bearssl/src/rsa/rsa_default_pss_sign.c create mode 100644 src/bearssl/src/rsa/rsa_default_pss_vrfy.c create mode 100644 src/bearssl/src/rsa/rsa_i15_pss_sign.c create mode 100644 src/bearssl/src/rsa/rsa_i15_pss_vrfy.c create mode 100644 src/bearssl/src/rsa/rsa_i31_pss_sign.c create mode 100644 src/bearssl/src/rsa/rsa_i31_pss_vrfy.c create mode 100644 src/bearssl/src/rsa/rsa_i32_pss_sign.c create mode 100644 src/bearssl/src/rsa/rsa_i32_pss_vrfy.c create mode 100644 src/bearssl/src/rsa/rsa_i62_pss_sign.c create mode 100644 src/bearssl/src/rsa/rsa_i62_pss_vrfy.c create mode 100644 src/bearssl/src/rsa/rsa_pss_sig_pad.c create mode 100644 src/bearssl/src/rsa/rsa_pss_sig_unpad.c diff --git a/src/SSLClient.cpp b/src/SSLClient.cpp index 1d62fea..d1314be 100644 --- a/src/SSLClient.cpp +++ b/src/SSLClient.cpp @@ -392,6 +392,13 @@ int SSLClient::m_run_until(const unsigned target) { unsigned state = m_update_engine(); // error check if (state == BR_SSL_CLOSED || getWriteError() != SSL_OK) { + if (state == BR_SSL_CLOSED) { + m_warn("Terminating because the ssl engine closed", func_name); + } + else { + m_warn("Terminating with write error: ", func_name); + m_warn(getWriteError(), func_name); + } return -1; } // timeout check @@ -406,7 +413,7 @@ int SSLClient::m_run_until(const unsigned target) { lastState = state; m_info("m_run changed state:", func_name); if(m_debug == DebugLevel::SSL_INFO) { - m_info("State: ", __func__); + m_info("State: ", func_name); if(state == 0) Serial.println(" Invalid"); else if (state & BR_SSL_CLOSED) Serial.println(" Connection closed"); else { @@ -728,6 +735,6 @@ void SSLClient::m_print_br_error(const unsigned br_error_code, const DebugLevel case BR_ERR_X509_FORBIDDEN_KEY_USAGE: Serial.println("Key Usage extension prohibits intended usage."); break; case BR_ERR_X509_WEAK_PUBLIC_KEY: Serial.println("Public key found in certificate is too small."); break; case BR_ERR_X509_NOT_TRUSTED: Serial.println("Chain could not be linked to a trust anchor."); break; - default: Serial.println("Unknown error code."); break; + default: Serial.print("Unknown error code: "); Serial.println(br_error_code); break; } } diff --git a/src/bearssl/src/ec/ec_all_m31.c b/src/bearssl/src/ec/ec_all_m31.c index 0552c4b..8fd8c3c 100644 --- a/src/bearssl/src/ec/ec_all_m31.c +++ b/src/bearssl/src/ec/ec_all_m31.c @@ -29,9 +29,17 @@ api_generator(int curve, size_t *len) { switch (curve) { case BR_EC_secp256r1: +#if BR_INT128 || BR_UMUL128 + return br_ec_p256_m64.generator(curve, len); +#else return br_ec_p256_m31.generator(curve, len); +#endif case BR_EC_curve25519: +#if BR_INT128 || BR_UMUL128 + return br_ec_c25519_m64.generator(curve, len); +#else return br_ec_c25519_m31.generator(curve, len); +#endif default: return br_ec_prime_i31.generator(curve, len); } @@ -42,9 +50,17 @@ api_order(int curve, size_t *len) { switch (curve) { case BR_EC_secp256r1: +#if BR_INT128 || BR_UMUL128 + return br_ec_p256_m64.order(curve, len); +#else return br_ec_p256_m31.order(curve, len); +#endif case BR_EC_curve25519: +#if BR_INT128 || BR_UMUL128 + return br_ec_c25519_m64.order(curve, len); +#else return br_ec_c25519_m31.order(curve, len); +#endif default: return br_ec_prime_i31.order(curve, len); } @@ -55,9 +71,17 @@ api_xoff(int curve, size_t *len) { switch (curve) { case BR_EC_secp256r1: +#if BR_INT128 || BR_UMUL128 + return br_ec_p256_m64.xoff(curve, len); +#else return br_ec_p256_m31.xoff(curve, len); +#endif case BR_EC_curve25519: +#if BR_INT128 || BR_UMUL128 + return br_ec_c25519_m64.xoff(curve, len); +#else return br_ec_c25519_m31.xoff(curve, len); +#endif default: return br_ec_prime_i31.xoff(curve, len); } @@ -69,9 +93,17 @@ api_mul(unsigned char *G, size_t Glen, { switch (curve) { case BR_EC_secp256r1: +#if BR_INT128 || BR_UMUL128 + return br_ec_p256_m64.mul(G, Glen, kb, kblen, curve); +#else return br_ec_p256_m31.mul(G, Glen, kb, kblen, curve); +#endif case BR_EC_curve25519: +#if BR_INT128 || BR_UMUL128 + return br_ec_c25519_m64.mul(G, Glen, kb, kblen, curve); +#else return br_ec_c25519_m31.mul(G, Glen, kb, kblen, curve); +#endif default: return br_ec_prime_i31.mul(G, Glen, kb, kblen, curve); } @@ -83,9 +115,17 @@ api_mulgen(unsigned char *R, { switch (curve) { case BR_EC_secp256r1: +#if BR_INT128 || BR_UMUL128 + return br_ec_p256_m64.mulgen(R, x, xlen, curve); +#else return br_ec_p256_m31.mulgen(R, x, xlen, curve); +#endif case BR_EC_curve25519: +#if BR_INT128 || BR_UMUL128 + return br_ec_c25519_m64.mulgen(R, x, xlen, curve); +#else return br_ec_c25519_m31.mulgen(R, x, xlen, curve); +#endif default: return br_ec_prime_i31.mulgen(R, x, xlen, curve); } @@ -98,11 +138,21 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len, { switch (curve) { case BR_EC_secp256r1: +#if BR_INT128 || BR_UMUL128 + return br_ec_p256_m64.muladd(A, B, len, + x, xlen, y, ylen, curve); +#else return br_ec_p256_m31.muladd(A, B, len, x, xlen, y, ylen, curve); +#endif case BR_EC_curve25519: +#if BR_INT128 || BR_UMUL128 + return br_ec_c25519_m64.muladd(A, B, len, + x, xlen, y, ylen, curve); +#else return br_ec_c25519_m31.muladd(A, B, len, x, xlen, y, ylen, curve); +#endif default: return br_ec_prime_i31.muladd(A, B, len, x, xlen, y, ylen, curve); diff --git a/src/bearssl/src/ec/ec_c25519_i15.c b/src/bearssl/src/ec/ec_c25519_i15.c index 361e75f..8fadcf4 100644 --- a/src/bearssl/src/ec/ec_c25519_i15.c +++ b/src/bearssl/src/ec/ec_c25519_i15.c @@ -239,11 +239,11 @@ api_mul(unsigned char *G, size_t Glen, x2[1] = 19; memcpy(z3, x2, ILEN); - memcpy(k, kb, kblen); - memset(k + kblen, 0, (sizeof k) - kblen); - k[0] &= 0xF8; - k[31] &= 0x7F; - k[31] |= 0x40; + memset(k, 0, (sizeof k) - kblen); + memcpy(k + (sizeof k) - kblen, kb, kblen); + k[31] &= 0xF8; + k[0] &= 0x7F; + k[0] |= 0x40; /* obsolete print_int_mont("x1", x1); @@ -253,7 +253,7 @@ api_mul(unsigned char *G, size_t Glen, for (i = 254; i >= 0; i --) { uint32_t kt; - kt = (k[i >> 3] >> (i & 7)) & 1; + kt = (k[31 - (i >> 3)] >> (i & 7)) & 1; swap ^= kt; cswap(x2, x3, swap); cswap(z2, z3, swap); diff --git a/src/bearssl/src/ec/ec_c25519_i31.c b/src/bearssl/src/ec/ec_c25519_i31.c index aa88dd6..f8ffc2c 100644 --- a/src/bearssl/src/ec/ec_c25519_i31.c +++ b/src/bearssl/src/ec/ec_c25519_i31.c @@ -214,7 +214,7 @@ api_mul(unsigned char *G, size_t Glen, * br_i31_decode_reduce(a, G, 32, C255_P); */ br_i31_zero(b, 0x108); - b[9] = 0x0100; + b[9] = 0x0080; br_i31_decode_mod(a, G, 32, b); a[0] = 0x107; br_i31_sub(a, C255_P, NOT(br_i31_sub(a, C255_P, 0))); @@ -230,11 +230,14 @@ api_mul(unsigned char *G, size_t Glen, x2[1] = 0x13000000; memcpy(z3, x2, sizeof x2); - memcpy(k, kb, kblen); - memset(k + kblen, 0, (sizeof k) - kblen); - k[0] &= 0xF8; - k[31] &= 0x7F; - k[31] |= 0x40; + /* + * kb[] is in big-endian notation, but possibly shorter than k[]. + */ + memset(k, 0, (sizeof k) - kblen); + memcpy(k + (sizeof k) - kblen, kb, kblen); + k[31] &= 0xF8; + k[0] &= 0x7F; + k[0] |= 0x40; /* obsolete print_int_mont("x1", x1); @@ -244,7 +247,7 @@ api_mul(unsigned char *G, size_t Glen, for (i = 254; i >= 0; i --) { uint32_t kt; - kt = (k[i >> 3] >> (i & 7)) & 1; + kt = (k[31 - (i >> 3)] >> (i & 7)) & 1; swap ^= kt; cswap(x2, x3, swap); cswap(z2, z3, swap); diff --git a/src/bearssl/src/ec/ec_c25519_m15.c b/src/bearssl/src/ec/ec_c25519_m15.c index 0373197..deff55b 100644 --- a/src/bearssl/src/ec/ec_c25519_m15.c +++ b/src/bearssl/src/ec/ec_c25519_m15.c @@ -1332,11 +1332,11 @@ api_mul(unsigned char *G, size_t Glen, memset(z3, 0, sizeof z3); z3[0] = 1; - memcpy(k, kb, kblen); - memset(k + kblen, 0, (sizeof k) - kblen); - k[0] &= 0xF8; - k[31] &= 0x7F; - k[31] |= 0x40; + memset(k, 0, (sizeof k) - kblen); + memcpy(k + (sizeof k) - kblen, kb, kblen); + k[31] &= 0xF8; + k[0] &= 0x7F; + k[0] |= 0x40; /* obsolete print_int("x1", x1); @@ -1346,7 +1346,7 @@ api_mul(unsigned char *G, size_t Glen, for (i = 254; i >= 0; i --) { uint32_t kt; - kt = (k[i >> 3] >> (i & 7)) & 1; + kt = (k[31 - (i >> 3)] >> (i & 7)) & 1; swap ^= kt; cswap(x2, x3, swap); cswap(z2, z3, swap); diff --git a/src/bearssl/src/ec/ec_c25519_m31.c b/src/bearssl/src/ec/ec_c25519_m31.c index b249634..1dd6d51 100644 --- a/src/bearssl/src/ec/ec_c25519_m31.c +++ b/src/bearssl/src/ec/ec_c25519_m31.c @@ -372,8 +372,7 @@ reduce_final_f255(uint32_t *d) static void f255_mul(uint32_t *d, const uint32_t *a, const uint32_t *b) { - uint32_t t[18]; - uint64_t cc, w; + uint32_t t[18], cc; int i; /* @@ -389,21 +388,42 @@ f255_mul(uint32_t *d, const uint32_t *a, const uint32_t *b) * offset 9*30 = 270, word 9+k must be added to word k with * a factor of 19*2^15 = 622592. The extra bits in word 8 are also * added that way. + * + * Keeping the carry on 32 bits helps with 32-bit architectures, + * and does not noticeably impact performance on 64-bit systems. */ - cc = MUL31(t[8] >> 15, 19); + cc = MUL15(t[8] >> 15, 19); /* at most 19*(2^15-1) = 622573 */ t[8] &= 0x7FFF; for (i = 0; i < 9; i ++) { - w = (uint64_t)t[i] + cc + MUL31(t[i + 9], 622592); + uint64_t w; + + w = (uint64_t)t[i] + (uint64_t)cc + MUL31(t[i + 9], 622592); t[i] = (uint32_t)w & 0x3FFFFFFF; - cc = w >> 30; + cc = (uint32_t)(w >> 30); /* at most 622592 */ } - cc = MUL31(w >> 15, 19); + + /* + * Original product was up to (2^256-1)^2, i.e. a 512-bit integer. + * This was split into two parts (upper of 257 bits, lower of 255 + * bits), and the upper was added to the lower with a factor 19, + * which means that the intermediate value is less than 77*2^255 + * (19*2^257 + 2^255). Therefore, the extra bits "t[8] >> 15" are + * less than 77, and the initial carry cc is at most 76*19 = 1444. + */ + cc = MUL15(t[8] >> 15, 19); t[8] &= 0x7FFF; for (i = 0; i < 9; i ++) { - w = t[i] + cc; - d[i] = (uint32_t)w & 0x3FFFFFFF; - cc = w >> 30; + uint32_t z; + + z = t[i] + cc; + d[i] = z & 0x3FFFFFFF; + cc = z >> 30; } + + /* + * Final result is at most 2^255 + 1443. In particular, the last + * carry is necessarily 0, since t[8] was truncated to 15 bits. + */ } /* @@ -415,8 +435,7 @@ f255_mul(uint32_t *d, const uint32_t *a, const uint32_t *b) static void f255_square(uint32_t *d, const uint32_t *a) { - uint32_t t[18]; - uint64_t cc, w; + uint32_t t[18], cc; int i; /* @@ -428,24 +447,25 @@ f255_square(uint32_t *d, const uint32_t *a) /* * Modular reduction: each high word is added where necessary. - * Since the modulus is 2^255-19 and word 9 corresponds to - * offset 9*30 = 270, word 9+k must be added to word k with - * a factor of 19*2^15 = 622592. The extra bits in word 8 are also - * added that way. + * See f255_mul() for details on the reduction and carry limits. */ - cc = MUL31(t[8] >> 15, 19); + cc = MUL15(t[8] >> 15, 19); t[8] &= 0x7FFF; for (i = 0; i < 9; i ++) { - w = (uint64_t)t[i] + cc + MUL31(t[i + 9], 622592); + uint64_t w; + + w = (uint64_t)t[i] + (uint64_t)cc + MUL31(t[i + 9], 622592); t[i] = (uint32_t)w & 0x3FFFFFFF; - cc = w >> 30; + cc = (uint32_t)(w >> 30); } - cc = MUL31(w >> 15, 19); + cc = MUL15(t[8] >> 15, 19); t[8] &= 0x7FFF; for (i = 0; i < 9; i ++) { - w = t[i] + cc; - d[i] = (uint32_t)w & 0x3FFFFFFF; - cc = w >> 30; + uint32_t z; + + z = t[i] + cc; + d[i] = z & 0x3FFFFFFF; + cc = z >> 30; } } @@ -515,20 +535,31 @@ static void f255_mul_a24(uint32_t *d, const uint32_t *a) { int i; - uint64_t cc, w; + uint64_t w; + uint32_t cc; + /* + * a[] is over 256 bits, thus a[8] has length at most 16 bits. + * We single out the processing of the last word: intermediate + * value w is up to 121665*2^16, yielding a carry for the next + * loop of at most 19*(121665*2^16/2^15) = 4623289. + */ cc = 0; - for (i = 0; i < 9; i ++) { - w = MUL31(a[i], 121665) + cc; + for (i = 0; i < 8; i ++) { + w = MUL31(a[i], 121665) + (uint64_t)cc; d[i] = (uint32_t)w & 0x3FFFFFFF; - cc = w >> 30; + cc = (uint32_t)(w >> 30); } - cc = MUL31((uint32_t)(w >> 15), 19); - d[8] &= 0x7FFF; + w = MUL31(a[8], 121665) + (uint64_t)cc; + d[8] = (uint32_t)w & 0x7FFF; + cc = MUL15((uint32_t)(w >> 15), 19); + for (i = 0; i < 9; i ++) { - w = (uint64_t)d[i] + cc; - d[i] = w & 0x3FFFFFFF; - cc = w >> 30; + uint32_t z; + + z = d[i] + cc; + d[i] = z & 0x3FFFFFFF; + cc = z >> 30; } } @@ -623,11 +654,11 @@ api_mul(unsigned char *G, size_t Glen, memset(z3, 0, sizeof z3); z3[0] = 1; - memcpy(k, kb, kblen); - memset(k + kblen, 0, (sizeof k) - kblen); - k[0] &= 0xF8; - k[31] &= 0x7F; - k[31] |= 0x40; + memset(k, 0, (sizeof k) - kblen); + memcpy(k + (sizeof k) - kblen, kb, kblen); + k[31] &= 0xF8; + k[0] &= 0x7F; + k[0] |= 0x40; /* obsolete print_int("x1", x1); @@ -637,7 +668,7 @@ api_mul(unsigned char *G, size_t Glen, for (i = 254; i >= 0; i --) { uint32_t kt; - kt = (k[i >> 3] >> (i & 7)) & 1; + kt = (k[31 - (i >> 3)] >> (i & 7)) & 1; swap ^= kt; cswap(x2, x3, swap); cswap(z2, z3, swap); diff --git a/src/bearssl/src/ec/ec_c25519_m62.c b/src/bearssl/src/ec/ec_c25519_m62.c new file mode 100644 index 0000000..6b058eb --- /dev/null +++ b/src/bearssl/src/ec/ec_c25519_m62.c @@ -0,0 +1,605 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +#if BR_INT128 || BR_UMUL128 + +#if BR_UMUL128 +#include +#endif + +static const unsigned char GEN[] = { + 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + +static const unsigned char ORDER[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; + +static const unsigned char * +api_generator(int curve, size_t *len) +{ + (void)curve; + *len = 32; + return GEN; +} + +static const unsigned char * +api_order(int curve, size_t *len) +{ + (void)curve; + *len = 32; + return ORDER; +} + +static size_t +api_xoff(int curve, size_t *len) +{ + (void)curve; + *len = 32; + return 0; +} + +/* + * A field element is encoded as five 64-bit integers, in basis 2^51. + * Limbs may be occasionally larger than 2^51, to save on carry + * propagation costs. + */ + +#define MASK51 (((uint64_t)1 << 51) - (uint64_t)1) + +/* + * Swap two field elements, conditionally on a flag. + */ +static inline void +f255_cswap(uint64_t *a, uint64_t *b, uint32_t ctl) +{ + uint64_t m, w; + + m = -(uint64_t)ctl; + w = m & (a[0] ^ b[0]); a[0] ^= w; b[0] ^= w; + w = m & (a[1] ^ b[1]); a[1] ^= w; b[1] ^= w; + w = m & (a[2] ^ b[2]); a[2] ^= w; b[2] ^= w; + w = m & (a[3] ^ b[3]); a[3] ^= w; b[3] ^= w; + w = m & (a[4] ^ b[4]); a[4] ^= w; b[4] ^= w; +} + +/* + * Addition with no carry propagation. Limbs double in size. + */ +static inline void +f255_add(uint64_t *d, const uint64_t *a, const uint64_t *b) +{ + d[0] = a[0] + b[0]; + d[1] = a[1] + b[1]; + d[2] = a[2] + b[2]; + d[3] = a[3] + b[3]; + d[4] = a[4] + b[4]; +} + +/* + * Subtraction. + * On input, limbs must fit on 60 bits each. On output, result is + * partially reduced, with max value 2^255+19456; moreover, all + * limbs will fit on 51 bits, except the low limb, which may have + * value up to 2^51+19455. + */ +static inline void +f255_sub(uint64_t *d, const uint64_t *a, const uint64_t *b) +{ + uint64_t cc, w; + + /* + * We compute d = (2^255-19)*1024 + a - b. Since the limbs + * fit on 60 bits, the maximum value of operands are slightly + * more than 2^264, but much less than 2^265-19456. This + * ensures that the result is positive. + */ + + /* + * Initial carry is 19456, since we add 2^265-19456. Each + * individual subtraction may yield a carry up to 513. + */ + w = a[0] - b[0] - 19456; + d[0] = w & MASK51; + cc = -(w >> 51) & 0x3FF; + w = a[1] - b[1] - cc; + d[1] = w & MASK51; + cc = -(w >> 51) & 0x3FF; + w = a[2] - b[2] - cc; + d[2] = w & MASK51; + cc = -(w >> 51) & 0x3FF; + w = a[3] - b[3] - cc; + d[3] = w & MASK51; + cc = -(w >> 51) & 0x3FF; + d[4] = ((uint64_t)1 << 61) + a[4] - b[4] - cc; + + /* + * Partial reduction. The intermediate result may be up to + * slightly above 2^265, but less than 2^265+2^255. When we + * truncate to 255 bits, the upper bits will be at most 1024. + */ + d[0] += 19 * (d[4] >> 51); + d[4] &= MASK51; +} + +/* + * UMUL51(hi, lo, x, y) computes: + * + * hi = floor((x * y) / (2^51)) + * lo = x * y mod 2^51 + * + * Note that lo < 2^51, but "hi" may be larger, if the input operands are + * larger. + */ +#if BR_INT128 + +#define UMUL51(hi, lo, x, y) do { \ + unsigned __int128 umul_tmp; \ + umul_tmp = (unsigned __int128)(x) * (unsigned __int128)(y); \ + (hi) = (uint64_t)(umul_tmp >> 51); \ + (lo) = (uint64_t)umul_tmp & MASK51; \ + } while (0) + +#elif BR_UMUL128 + +#define UMUL51(hi, lo, x, y) do { \ + uint64_t umul_hi, umul_lo; \ + umul_lo = _umul128((x), (y), &umul_hi); \ + (hi) = (umul_hi << 13) | (umul_lo >> 51); \ + (lo) = umul_lo & MASK51; \ + } while (0) + +#endif + +/* + * Multiplication. + * On input, limbs must fit on 54 bits each. + * On output, limb 0 is at most 2^51 + 155647, and other limbs fit + * on 51 bits each. + */ +static inline void +f255_mul(uint64_t *d, uint64_t *a, uint64_t *b) +{ + uint64_t t[10], hi, lo, w, cc; + + /* + * Perform cross products, accumulating values without carry + * propagation. + * + * Since input limbs fit on 54 bits each, each individual + * UMUL51 will produce a "hi" of less than 2^57. The maximum + * sum will be at most 5*(2^57-1) + 4*(2^51-1) (for t[5]), + * i.e. less than 324*2^51. + */ + + UMUL51(t[1], t[0], a[0], b[0]); + + UMUL51(t[2], lo, a[1], b[0]); t[1] += lo; + UMUL51(hi, lo, a[0], b[1]); t[1] += lo; t[2] += hi; + + UMUL51(t[3], lo, a[2], b[0]); t[2] += lo; + UMUL51(hi, lo, a[1], b[1]); t[2] += lo; t[3] += hi; + UMUL51(hi, lo, a[0], b[2]); t[2] += lo; t[3] += hi; + + UMUL51(t[4], lo, a[3], b[0]); t[3] += lo; + UMUL51(hi, lo, a[2], b[1]); t[3] += lo; t[4] += hi; + UMUL51(hi, lo, a[1], b[2]); t[3] += lo; t[4] += hi; + UMUL51(hi, lo, a[0], b[3]); t[3] += lo; t[4] += hi; + + UMUL51(t[5], lo, a[4], b[0]); t[4] += lo; + UMUL51(hi, lo, a[3], b[1]); t[4] += lo; t[5] += hi; + UMUL51(hi, lo, a[2], b[2]); t[4] += lo; t[5] += hi; + UMUL51(hi, lo, a[1], b[3]); t[4] += lo; t[5] += hi; + UMUL51(hi, lo, a[0], b[4]); t[4] += lo; t[5] += hi; + + UMUL51(t[6], lo, a[4], b[1]); t[5] += lo; + UMUL51(hi, lo, a[3], b[2]); t[5] += lo; t[6] += hi; + UMUL51(hi, lo, a[2], b[3]); t[5] += lo; t[6] += hi; + UMUL51(hi, lo, a[1], b[4]); t[5] += lo; t[6] += hi; + + UMUL51(t[7], lo, a[4], b[2]); t[6] += lo; + UMUL51(hi, lo, a[3], b[3]); t[6] += lo; t[7] += hi; + UMUL51(hi, lo, a[2], b[4]); t[6] += lo; t[7] += hi; + + UMUL51(t[8], lo, a[4], b[3]); t[7] += lo; + UMUL51(hi, lo, a[3], b[4]); t[7] += lo; t[8] += hi; + + UMUL51(t[9], lo, a[4], b[4]); t[8] += lo; + + /* + * The upper words t[5]..t[9] are folded back into the lower + * words, using the rule that 2^255 = 19 in the field. + * + * Since each t[i] is less than 324*2^51, the additions below + * will yield less than 6480*2^51 in each limb; this fits in + * 64 bits (6480*2^51 < 8192*2^51 = 2^64), hence there is + * no overflow. + */ + t[0] += 19 * t[5]; + t[1] += 19 * t[6]; + t[2] += 19 * t[7]; + t[3] += 19 * t[8]; + t[4] += 19 * t[9]; + + /* + * Propagate carries. + */ + w = t[0]; + d[0] = w & MASK51; + cc = w >> 51; + w = t[1] + cc; + d[1] = w & MASK51; + cc = w >> 51; + w = t[2] + cc; + d[2] = w & MASK51; + cc = w >> 51; + w = t[3] + cc; + d[3] = w & MASK51; + cc = w >> 51; + w = t[4] + cc; + d[4] = w & MASK51; + cc = w >> 51; + + /* + * Since the limbs were 64-bit values, the top carry is at + * most 8192 (in practice, that cannot be reached). We simply + * performed a partial reduction. + */ + d[0] += 19 * cc; +} + +/* + * Multiplication by A24 = 121665. + * Input must have limbs of 60 bits at most. + */ +static inline void +f255_mul_a24(uint64_t *d, const uint64_t *a) +{ + uint64_t t[5], cc, w; + + /* + * 121665 = 15 * 8111. We first multiply by 15, with carry + * propagation and partial reduction. + */ + w = a[0] * 15; + t[0] = w & MASK51; + cc = w >> 51; + w = a[1] * 15 + cc; + t[1] = w & MASK51; + cc = w >> 51; + w = a[2] * 15 + cc; + t[2] = w & MASK51; + cc = w >> 51; + w = a[3] * 15 + cc; + t[3] = w & MASK51; + cc = w >> 51; + w = a[4] * 15 + cc; + t[4] = w & MASK51; + t[0] += 19 * (w >> 51); + + /* + * Then multiplication by 8111. At that point, we known that + * t[0] is less than 2^51 + 19*8192, and other limbs are less + * than 2^51; thus, there will be no overflow. + */ + w = t[0] * 8111; + d[0] = w & MASK51; + cc = w >> 51; + w = t[1] * 8111 + cc; + d[1] = w & MASK51; + cc = w >> 51; + w = t[2] * 8111 + cc; + d[2] = w & MASK51; + cc = w >> 51; + w = t[3] * 8111 + cc; + d[3] = w & MASK51; + cc = w >> 51; + w = t[4] * 8111 + cc; + d[4] = w & MASK51; + d[0] += 19 * (w >> 51); +} + +/* + * Finalize reduction. + * On input, limbs must fit on 51 bits, except possibly the low limb, + * which may be slightly above 2^51. + */ +static inline void +f255_final_reduce(uint64_t *a) +{ + uint64_t t[5], cc, w; + + /* + * We add 19. If the result (in t[]) is below 2^255, then a[] + * is already less than 2^255-19, thus already reduced. + * Otherwise, we subtract 2^255 from t[], in which case we + * have t = a - (2^255-19), and that's our result. + */ + w = a[0] + 19; + t[0] = w & MASK51; + cc = w >> 51; + w = a[1] + cc; + t[1] = w & MASK51; + cc = w >> 51; + w = a[2] + cc; + t[2] = w & MASK51; + cc = w >> 51; + w = a[3] + cc; + t[3] = w & MASK51; + cc = w >> 51; + w = a[4] + cc; + t[4] = w & MASK51; + cc = w >> 51; + + /* + * The bit 255 of t is in cc. If that bit is 0, when a[] must + * be unchanged; otherwise, it must be replaced with t[]. + */ + cc = -cc; + a[0] ^= cc & (a[0] ^ t[0]); + a[1] ^= cc & (a[1] ^ t[1]); + a[2] ^= cc & (a[2] ^ t[2]); + a[3] ^= cc & (a[3] ^ t[3]); + a[4] ^= cc & (a[4] ^ t[4]); +} + +static uint32_t +api_mul(unsigned char *G, size_t Glen, + const unsigned char *kb, size_t kblen, int curve) +{ + unsigned char k[32]; + uint64_t x1[5], x2[5], z2[5], x3[5], z3[5]; + uint32_t swap; + int i; + + (void)curve; + + /* + * Points are encoded over exactly 32 bytes. Multipliers must fit + * in 32 bytes as well. + */ + if (Glen != 32 || kblen > 32) { + return 0; + } + + /* + * RFC 7748 mandates that the high bit of the last point byte must + * be ignored/cleared; the "& MASK51" in the initialization for + * x1[4] clears that bit. + */ + x1[0] = br_dec64le(&G[0]) & MASK51; + x1[1] = (br_dec64le(&G[6]) >> 3) & MASK51; + x1[2] = (br_dec64le(&G[12]) >> 6) & MASK51; + x1[3] = (br_dec64le(&G[19]) >> 1) & MASK51; + x1[4] = (br_dec64le(&G[24]) >> 12) & MASK51; + + /* + * We can use memset() to clear values, because exact-width types + * like uint64_t are guaranteed to have no padding bits or + * trap representations. + */ + memset(x2, 0, sizeof x2); + x2[0] = 1; + memset(z2, 0, sizeof z2); + memcpy(x3, x1, sizeof x1); + memcpy(z3, x2, sizeof x2); + + /* + * The multiplier is provided in big-endian notation, and + * possibly shorter than 32 bytes. + */ + memset(k, 0, (sizeof k) - kblen); + memcpy(k + (sizeof k) - kblen, kb, kblen); + k[31] &= 0xF8; + k[0] &= 0x7F; + k[0] |= 0x40; + + swap = 0; + + for (i = 254; i >= 0; i --) { + uint64_t a[5], aa[5], b[5], bb[5], e[5]; + uint64_t c[5], d[5], da[5], cb[5]; + uint32_t kt; + + kt = (k[31 - (i >> 3)] >> (i & 7)) & 1; + swap ^= kt; + f255_cswap(x2, x3, swap); + f255_cswap(z2, z3, swap); + swap = kt; + + /* + * At that point, limbs of x_2 and z_2 are assumed to fit + * on at most 52 bits each. + * + * Each f255_add() adds one bit to the maximum range of + * the values, but f255_sub() and f255_mul() bring back + * the limbs into 52 bits. All f255_add() outputs are + * used only as inputs for f255_mul(), which ensures + * that limbs remain in the proper range. + */ + + /* A = x_2 + z_2 -- limbs fit on 53 bits each */ + f255_add(a, x2, z2); + + /* AA = A^2 */ + f255_mul(aa, a, a); + + /* B = x_2 - z_2 */ + f255_sub(b, x2, z2); + + /* BB = B^2 */ + f255_mul(bb, b, b); + + /* E = AA - BB */ + f255_sub(e, aa, bb); + + /* C = x_3 + z_3 -- limbs fit on 53 bits each */ + f255_add(c, x3, z3); + + /* D = x_3 - z_3 */ + f255_sub(d, x3, z3); + + /* DA = D * A */ + f255_mul(da, d, a); + + /* CB = C * B */ + f255_mul(cb, c, b); + + /* x_3 = (DA + CB)^2 */ + f255_add(x3, da, cb); + f255_mul(x3, x3, x3); + + /* z_3 = x_1 * (DA - CB)^2 */ + f255_sub(z3, da, cb); + f255_mul(z3, z3, z3); + f255_mul(z3, x1, z3); + + /* x_2 = AA * BB */ + f255_mul(x2, aa, bb); + + /* z_2 = E * (AA + a24 * E) */ + f255_mul_a24(z2, e); + f255_add(z2, aa, z2); + f255_mul(z2, e, z2); + } + + f255_cswap(x2, x3, swap); + f255_cswap(z2, z3, swap); + + /* + * Compute 1/z2 = z2^(p-2). Since p = 2^255-19, we can mutualize + * most non-squarings. We use x1 and x3, now useless, as temporaries. + */ + memcpy(x1, z2, sizeof z2); + for (i = 0; i < 15; i ++) { + f255_mul(x1, x1, x1); + f255_mul(x1, x1, z2); + } + memcpy(x3, x1, sizeof x1); + for (i = 0; i < 14; i ++) { + int j; + + for (j = 0; j < 16; j ++) { + f255_mul(x3, x3, x3); + } + f255_mul(x3, x3, x1); + } + for (i = 14; i >= 0; i --) { + f255_mul(x3, x3, x3); + if ((0xFFEB >> i) & 1) { + f255_mul(x3, z2, x3); + } + } + + /* + * Compute x2/z2. We have 1/z2 in x3. + */ + f255_mul(x2, x2, x3); + f255_final_reduce(x2); + + /* + * Encode the final x2 value in little-endian. We first assemble + * the limbs into 64-bit values. + */ + x2[0] |= x2[1] << 51; + x2[1] = (x2[1] >> 13) | (x2[2] << 38); + x2[2] = (x2[2] >> 26) | (x2[3] << 25); + x2[3] = (x2[3] >> 39) | (x2[4] << 12); + br_enc64le(G, x2[0]); + br_enc64le(G + 8, x2[1]); + br_enc64le(G + 16, x2[2]); + br_enc64le(G + 24, x2[3]); + return 1; +} + +static size_t +api_mulgen(unsigned char *R, + const unsigned char *x, size_t xlen, int curve) +{ + const unsigned char *G; + size_t Glen; + + G = api_generator(curve, &Glen); + memcpy(R, G, Glen); + api_mul(R, Glen, x, xlen, curve); + return Glen; +} + +static uint32_t +api_muladd(unsigned char *A, const unsigned char *B, size_t len, + const unsigned char *x, size_t xlen, + const unsigned char *y, size_t ylen, int curve) +{ + /* + * We don't implement this method, since it is used for ECDSA + * only, and there is no ECDSA over Curve25519 (which instead + * uses EdDSA). + */ + (void)A; + (void)B; + (void)len; + (void)x; + (void)xlen; + (void)y; + (void)ylen; + (void)curve; + return 0; +} + +/* see bearssl_ec.h */ +const br_ec_impl br_ec_c25519_m62 = { + (uint32_t)0x20000000, + &api_generator, + &api_order, + &api_xoff, + &api_mul, + &api_mulgen, + &api_muladd +}; + +/* see bearssl_ec.h */ +const br_ec_impl * +br_ec_c25519_m62_get(void) +{ + return &br_ec_c25519_m62; +} + +#else + +/* see bearssl_ec.h */ +const br_ec_impl * +br_ec_c25519_m62_get(void) +{ + return 0; +} + +#endif diff --git a/src/bearssl/src/ec/ec_c25519_m64.c b/src/bearssl/src/ec/ec_c25519_m64.c new file mode 100644 index 0000000..df48834 --- /dev/null +++ b/src/bearssl/src/ec/ec_c25519_m64.c @@ -0,0 +1,831 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +#if BR_INT128 || BR_UMUL128 + +#if BR_UMUL128 +#include +#endif + +static const unsigned char GEN[] = { + 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + +static const unsigned char ORDER[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; + +static const unsigned char * +api_generator(int curve, size_t *len) +{ + (void)curve; + *len = 32; + return GEN; +} + +static const unsigned char * +api_order(int curve, size_t *len) +{ + (void)curve; + *len = 32; + return ORDER; +} + +static size_t +api_xoff(int curve, size_t *len) +{ + (void)curve; + *len = 32; + return 0; +} + +/* + * A field element is encoded as four 64-bit integers, in basis 2^63. + * Operations return partially reduced values, which may range up to + * 2^255+37. + */ + +#define MASK63 (((uint64_t)1 << 63) - (uint64_t)1) + +/* + * Swap two field elements, conditionally on a flag. + */ +static inline void +f255_cswap(uint64_t *a, uint64_t *b, uint32_t ctl) +{ + uint64_t m, w; + + m = -(uint64_t)ctl; + w = m & (a[0] ^ b[0]); a[0] ^= w; b[0] ^= w; + w = m & (a[1] ^ b[1]); a[1] ^= w; b[1] ^= w; + w = m & (a[2] ^ b[2]); a[2] ^= w; b[2] ^= w; + w = m & (a[3] ^ b[3]); a[3] ^= w; b[3] ^= w; +} + +/* + * Addition in the field. + */ +static inline void +f255_add(uint64_t *d, const uint64_t *a, const uint64_t *b) +{ +#if BR_INT128 + + uint64_t t0, t1, t2, t3, cc; + unsigned __int128 z; + + z = (unsigned __int128)a[0] + (unsigned __int128)b[0]; + t0 = (uint64_t)z; + z = (unsigned __int128)a[1] + (unsigned __int128)b[1] + (z >> 64); + t1 = (uint64_t)z; + z = (unsigned __int128)a[2] + (unsigned __int128)b[2] + (z >> 64); + t2 = (uint64_t)z; + z = (unsigned __int128)a[3] + (unsigned __int128)b[3] + (z >> 64); + t3 = (uint64_t)z & MASK63; + cc = (uint64_t)(z >> 63); + + /* + * Since operands are at most 2^255+37, the sum is at most + * 2^256+74; thus, the carry cc is equal to 0, 1 or 2. + * + * We use: 2^255 = 19 mod p. + * Since we add 0, 19 or 38 to a value that fits on 255 bits, + * the result is at most 2^255+37. + */ + z = (unsigned __int128)t0 + (unsigned __int128)(19 * cc); + d[0] = (uint64_t)z; + z = (unsigned __int128)t1 + (z >> 64); + d[1] = (uint64_t)z; + z = (unsigned __int128)t2 + (z >> 64); + d[2] = (uint64_t)z; + d[3] = t3 + (uint64_t)(z >> 64); + +#elif BR_UMUL128 + + uint64_t t0, t1, t2, t3, cc; + unsigned char k; + + k = _addcarry_u64(0, a[0], b[0], &t0); + k = _addcarry_u64(k, a[1], b[1], &t1); + k = _addcarry_u64(k, a[2], b[2], &t2); + k = _addcarry_u64(k, a[3], b[3], &t3); + cc = (k << 1) + (t3 >> 63); + t3 &= MASK63; + + /* + * Since operands are at most 2^255+37, the sum is at most + * 2^256+74; thus, the carry cc is equal to 0, 1 or 2. + * + * We use: 2^255 = 19 mod p. + * Since we add 0, 19 or 38 to a value that fits on 255 bits, + * the result is at most 2^255+37. + */ + k = _addcarry_u64(0, t0, 19 * cc, &d[0]); + k = _addcarry_u64(k, t1, 0, &d[1]); + k = _addcarry_u64(k, t2, 0, &d[2]); + (void)_addcarry_u64(k, t3, 0, &d[3]); + +#endif +} + +/* + * Subtraction. + */ +static inline void +f255_sub(uint64_t *d, const uint64_t *a, const uint64_t *b) +{ +#if BR_INT128 + + /* + * We compute t = 2^256 - 38 + a - b, which is necessarily + * positive but lower than 2^256 + 2^255, since a <= 2^255 + 37 + * and b <= 2^255 + 37. We then subtract 0, p or 2*p, depending + * on the two upper bits of t (bits 255 and 256). + */ + + uint64_t t0, t1, t2, t3, t4, cc; + unsigned __int128 z; + + z = (unsigned __int128)a[0] - (unsigned __int128)b[0] - 38; + t0 = (uint64_t)z; + cc = -(uint64_t)(z >> 64); + z = (unsigned __int128)a[1] - (unsigned __int128)b[1] + - (unsigned __int128)cc; + t1 = (uint64_t)z; + cc = -(uint64_t)(z >> 64); + z = (unsigned __int128)a[2] - (unsigned __int128)b[2] + - (unsigned __int128)cc; + t2 = (uint64_t)z; + cc = -(uint64_t)(z >> 64); + z = (unsigned __int128)a[3] - (unsigned __int128)b[3] + - (unsigned __int128)cc; + t3 = (uint64_t)z; + t4 = 1 + (uint64_t)(z >> 64); + + /* + * We have a 257-bit result. The two top bits can be 00, 01 or 10, + * but not 11 (value t <= 2^256 - 38 + 2^255 + 37 = 2^256 + 2^255 - 1). + * Therefore, we can truncate to 255 bits, and add 0, 19 or 38. + * This guarantees that the result is at most 2^255+37. + */ + cc = (38 & -t4) + (19 & -(t3 >> 63)); + t3 &= MASK63; + z = (unsigned __int128)t0 + (unsigned __int128)cc; + d[0] = (uint64_t)z; + z = (unsigned __int128)t1 + (z >> 64); + d[1] = (uint64_t)z; + z = (unsigned __int128)t2 + (z >> 64); + d[2] = (uint64_t)z; + d[3] = t3 + (uint64_t)(z >> 64); + +#elif BR_UMUL128 + + /* + * We compute t = 2^256 - 38 + a - b, which is necessarily + * positive but lower than 2^256 + 2^255, since a <= 2^255 + 37 + * and b <= 2^255 + 37. We then subtract 0, p or 2*p, depending + * on the two upper bits of t (bits 255 and 256). + */ + + uint64_t t0, t1, t2, t3, t4; + unsigned char k; + + k = _subborrow_u64(0, a[0], b[0], &t0); + k = _subborrow_u64(k, a[1], b[1], &t1); + k = _subborrow_u64(k, a[2], b[2], &t2); + k = _subborrow_u64(k, a[3], b[3], &t3); + (void)_subborrow_u64(k, 1, 0, &t4); + + k = _subborrow_u64(0, t0, 38, &t0); + k = _subborrow_u64(k, t1, 0, &t1); + k = _subborrow_u64(k, t2, 0, &t2); + k = _subborrow_u64(k, t3, 0, &t3); + (void)_subborrow_u64(k, t4, 0, &t4); + + /* + * We have a 257-bit result. The two top bits can be 00, 01 or 10, + * but not 11 (value t <= 2^256 - 38 + 2^255 + 37 = 2^256 + 2^255 - 1). + * Therefore, we can truncate to 255 bits, and add 0, 19 or 38. + * This guarantees that the result is at most 2^255+37. + */ + t4 = (38 & -t4) + (19 & -(t3 >> 63)); + t3 &= MASK63; + k = _addcarry_u64(0, t0, t4, &d[0]); + k = _addcarry_u64(k, t1, 0, &d[1]); + k = _addcarry_u64(k, t2, 0, &d[2]); + (void)_addcarry_u64(k, t3, 0, &d[3]); + +#endif +} + +/* + * Multiplication. + */ +static inline void +f255_mul(uint64_t *d, uint64_t *a, uint64_t *b) +{ +#if BR_INT128 + + unsigned __int128 z; + uint64_t t0, t1, t2, t3, t4, t5, t6, t7, th; + + /* + * Compute the product a*b over plain integers. + */ + z = (unsigned __int128)a[0] * (unsigned __int128)b[0]; + t0 = (uint64_t)z; + z = (unsigned __int128)a[0] * (unsigned __int128)b[1] + (z >> 64); + t1 = (uint64_t)z; + z = (unsigned __int128)a[0] * (unsigned __int128)b[2] + (z >> 64); + t2 = (uint64_t)z; + z = (unsigned __int128)a[0] * (unsigned __int128)b[3] + (z >> 64); + t3 = (uint64_t)z; + t4 = (uint64_t)(z >> 64); + + z = (unsigned __int128)a[1] * (unsigned __int128)b[0] + + (unsigned __int128)t1; + t1 = (uint64_t)z; + z = (unsigned __int128)a[1] * (unsigned __int128)b[1] + + (unsigned __int128)t2 + (z >> 64); + t2 = (uint64_t)z; + z = (unsigned __int128)a[1] * (unsigned __int128)b[2] + + (unsigned __int128)t3 + (z >> 64); + t3 = (uint64_t)z; + z = (unsigned __int128)a[1] * (unsigned __int128)b[3] + + (unsigned __int128)t4 + (z >> 64); + t4 = (uint64_t)z; + t5 = (uint64_t)(z >> 64); + + z = (unsigned __int128)a[2] * (unsigned __int128)b[0] + + (unsigned __int128)t2; + t2 = (uint64_t)z; + z = (unsigned __int128)a[2] * (unsigned __int128)b[1] + + (unsigned __int128)t3 + (z >> 64); + t3 = (uint64_t)z; + z = (unsigned __int128)a[2] * (unsigned __int128)b[2] + + (unsigned __int128)t4 + (z >> 64); + t4 = (uint64_t)z; + z = (unsigned __int128)a[2] * (unsigned __int128)b[3] + + (unsigned __int128)t5 + (z >> 64); + t5 = (uint64_t)z; + t6 = (uint64_t)(z >> 64); + + z = (unsigned __int128)a[3] * (unsigned __int128)b[0] + + (unsigned __int128)t3; + t3 = (uint64_t)z; + z = (unsigned __int128)a[3] * (unsigned __int128)b[1] + + (unsigned __int128)t4 + (z >> 64); + t4 = (uint64_t)z; + z = (unsigned __int128)a[3] * (unsigned __int128)b[2] + + (unsigned __int128)t5 + (z >> 64); + t5 = (uint64_t)z; + z = (unsigned __int128)a[3] * (unsigned __int128)b[3] + + (unsigned __int128)t6 + (z >> 64); + t6 = (uint64_t)z; + t7 = (uint64_t)(z >> 64); + + /* + * Modulo p, we have: + * + * 2^255 = 19 + * 2^510 = 19*19 = 361 + * + * We split the intermediate t into three parts, in basis + * 2^255. The low one will be in t0..t3; the middle one in t4..t7. + * The upper one can only be a single bit (th), since the + * multiplication operands are at most 2^255+37 each. + */ + th = t7 >> 62; + t7 = ((t7 << 1) | (t6 >> 63)) & MASK63; + t6 = (t6 << 1) | (t5 >> 63); + t5 = (t5 << 1) | (t4 >> 63); + t4 = (t4 << 1) | (t3 >> 63); + t3 &= MASK63; + + /* + * Multiply the middle part (t4..t7) by 19. We truncate it to + * 255 bits; the extra bits will go along with th. + */ + z = (unsigned __int128)t4 * 19; + t4 = (uint64_t)z; + z = (unsigned __int128)t5 * 19 + (z >> 64); + t5 = (uint64_t)z; + z = (unsigned __int128)t6 * 19 + (z >> 64); + t6 = (uint64_t)z; + z = (unsigned __int128)t7 * 19 + (z >> 64); + t7 = (uint64_t)z & MASK63; + + th = (361 & -th) + (19 * (uint64_t)(z >> 63)); + + /* + * Add elements together. + * At this point: + * t0..t3 fits on 255 bits. + * t4..t7 fits on 255 bits. + * th <= 361 + 342 = 703. + */ + z = (unsigned __int128)t0 + (unsigned __int128)t4 + + (unsigned __int128)th; + t0 = (uint64_t)z; + z = (unsigned __int128)t1 + (unsigned __int128)t5 + (z >> 64); + t1 = (uint64_t)z; + z = (unsigned __int128)t2 + (unsigned __int128)t6 + (z >> 64); + t2 = (uint64_t)z; + z = (unsigned __int128)t3 + (unsigned __int128)t7 + (z >> 64); + t3 = (uint64_t)z & MASK63; + th = (uint64_t)(z >> 63); + + /* + * Since the sum is at most 2^256 + 703, the two upper bits, in th, + * can only have value 0, 1 or 2. We just add th*19, which + * guarantees a result of at most 2^255+37. + */ + z = (unsigned __int128)t0 + (19 * th); + d[0] = (uint64_t)z; + z = (unsigned __int128)t1 + (z >> 64); + d[1] = (uint64_t)z; + z = (unsigned __int128)t2 + (z >> 64); + d[2] = (uint64_t)z; + d[3] = t3 + (uint64_t)(z >> 64); + +#elif BR_UMUL128 + + uint64_t t0, t1, t2, t3, t4, t5, t6, t7, th; + uint64_t h0, h1, h2, h3; + unsigned char k; + + /* + * Compute the product a*b over plain integers. + */ + t0 = _umul128(a[0], b[0], &h0); + t1 = _umul128(a[0], b[1], &h1); + k = _addcarry_u64(0, t1, h0, &t1); + t2 = _umul128(a[0], b[2], &h2); + k = _addcarry_u64(k, t2, h1, &t2); + t3 = _umul128(a[0], b[3], &h3); + k = _addcarry_u64(k, t3, h2, &t3); + (void)_addcarry_u64(k, h3, 0, &t4); + + k = _addcarry_u64(0, _umul128(a[1], b[0], &h0), t1, &t1); + k = _addcarry_u64(k, _umul128(a[1], b[1], &h1), t2, &t2); + k = _addcarry_u64(k, _umul128(a[1], b[2], &h2), t3, &t3); + k = _addcarry_u64(k, _umul128(a[1], b[3], &h3), t4, &t4); + t5 = k; + k = _addcarry_u64(0, t2, h0, &t2); + k = _addcarry_u64(k, t3, h1, &t3); + k = _addcarry_u64(k, t4, h2, &t4); + (void)_addcarry_u64(k, t5, h3, &t5); + + k = _addcarry_u64(0, _umul128(a[2], b[0], &h0), t2, &t2); + k = _addcarry_u64(k, _umul128(a[2], b[1], &h1), t3, &t3); + k = _addcarry_u64(k, _umul128(a[2], b[2], &h2), t4, &t4); + k = _addcarry_u64(k, _umul128(a[2], b[3], &h3), t5, &t5); + t6 = k; + k = _addcarry_u64(0, t3, h0, &t3); + k = _addcarry_u64(k, t4, h1, &t4); + k = _addcarry_u64(k, t5, h2, &t5); + (void)_addcarry_u64(k, t6, h3, &t6); + + k = _addcarry_u64(0, _umul128(a[3], b[0], &h0), t3, &t3); + k = _addcarry_u64(k, _umul128(a[3], b[1], &h1), t4, &t4); + k = _addcarry_u64(k, _umul128(a[3], b[2], &h2), t5, &t5); + k = _addcarry_u64(k, _umul128(a[3], b[3], &h3), t6, &t6); + t7 = k; + k = _addcarry_u64(0, t4, h0, &t4); + k = _addcarry_u64(k, t5, h1, &t5); + k = _addcarry_u64(k, t6, h2, &t6); + (void)_addcarry_u64(k, t7, h3, &t7); + + /* + * Modulo p, we have: + * + * 2^255 = 19 + * 2^510 = 19*19 = 361 + * + * We split the intermediate t into three parts, in basis + * 2^255. The low one will be in t0..t3; the middle one in t4..t7. + * The upper one can only be a single bit (th), since the + * multiplication operands are at most 2^255+37 each. + */ + th = t7 >> 62; + t7 = ((t7 << 1) | (t6 >> 63)) & MASK63; + t6 = (t6 << 1) | (t5 >> 63); + t5 = (t5 << 1) | (t4 >> 63); + t4 = (t4 << 1) | (t3 >> 63); + t3 &= MASK63; + + /* + * Multiply the middle part (t4..t7) by 19. We truncate it to + * 255 bits; the extra bits will go along with th. + */ + t4 = _umul128(t4, 19, &h0); + t5 = _umul128(t5, 19, &h1); + t6 = _umul128(t6, 19, &h2); + t7 = _umul128(t7, 19, &h3); + k = _addcarry_u64(0, t5, h0, &t5); + k = _addcarry_u64(k, t6, h1, &t6); + k = _addcarry_u64(k, t7, h2, &t7); + (void)_addcarry_u64(k, h3, 0, &h3); + th = (361 & -th) + (19 * ((h3 << 1) + (t7 >> 63))); + t7 &= MASK63; + + /* + * Add elements together. + * At this point: + * t0..t3 fits on 255 bits. + * t4..t7 fits on 255 bits. + * th <= 361 + 342 = 703. + */ + k = _addcarry_u64(0, t0, t4, &t0); + k = _addcarry_u64(k, t1, t5, &t1); + k = _addcarry_u64(k, t2, t6, &t2); + k = _addcarry_u64(k, t3, t7, &t3); + t4 = k; + k = _addcarry_u64(0, t0, th, &t0); + k = _addcarry_u64(k, t1, 0, &t1); + k = _addcarry_u64(k, t2, 0, &t2); + k = _addcarry_u64(k, t3, 0, &t3); + (void)_addcarry_u64(k, t4, 0, &t4); + + th = (t4 << 1) + (t3 >> 63); + t3 &= MASK63; + + /* + * Since the sum is at most 2^256 + 703, the two upper bits, in th, + * can only have value 0, 1 or 2. We just add th*19, which + * guarantees a result of at most 2^255+37. + */ + k = _addcarry_u64(0, t0, 19 * th, &d[0]); + k = _addcarry_u64(k, t1, 0, &d[1]); + k = _addcarry_u64(k, t2, 0, &d[2]); + (void)_addcarry_u64(k, t3, 0, &d[3]); + +#endif +} + +/* + * Multiplication by A24 = 121665. + */ +static inline void +f255_mul_a24(uint64_t *d, const uint64_t *a) +{ +#if BR_INT128 + + uint64_t t0, t1, t2, t3; + unsigned __int128 z; + + z = (unsigned __int128)a[0] * 121665; + t0 = (uint64_t)z; + z = (unsigned __int128)a[1] * 121665 + (z >> 64); + t1 = (uint64_t)z; + z = (unsigned __int128)a[2] * 121665 + (z >> 64); + t2 = (uint64_t)z; + z = (unsigned __int128)a[3] * 121665 + (z >> 64); + t3 = (uint64_t)z & MASK63; + + z = (unsigned __int128)t0 + (19 * (uint64_t)(z >> 63)); + t0 = (uint64_t)z; + z = (unsigned __int128)t1 + (z >> 64); + t1 = (uint64_t)z; + z = (unsigned __int128)t2 + (z >> 64); + t2 = (uint64_t)z; + t3 = t3 + (uint64_t)(z >> 64); + + z = (unsigned __int128)t0 + (19 & -(t3 >> 63)); + d[0] = (uint64_t)z; + z = (unsigned __int128)t1 + (z >> 64); + d[1] = (uint64_t)z; + z = (unsigned __int128)t2 + (z >> 64); + d[2] = (uint64_t)z; + d[3] = (t3 & MASK63) + (uint64_t)(z >> 64); + +#elif BR_UMUL128 + + uint64_t t0, t1, t2, t3, t4, h0, h1, h2, h3; + unsigned char k; + + t0 = _umul128(a[0], 121665, &h0); + t1 = _umul128(a[1], 121665, &h1); + k = _addcarry_u64(0, t1, h0, &t1); + t2 = _umul128(a[2], 121665, &h2); + k = _addcarry_u64(k, t2, h1, &t2); + t3 = _umul128(a[3], 121665, &h3); + k = _addcarry_u64(k, t3, h2, &t3); + (void)_addcarry_u64(k, h3, 0, &t4); + + t4 = (t4 << 1) + (t3 >> 63); + t3 &= MASK63; + k = _addcarry_u64(0, t0, 19 * t4, &t0); + k = _addcarry_u64(k, t1, 0, &t1); + k = _addcarry_u64(k, t2, 0, &t2); + (void)_addcarry_u64(k, t3, 0, &t3); + + t4 = 19 & -(t3 >> 63); + t3 &= MASK63; + k = _addcarry_u64(0, t0, t4, &d[0]); + k = _addcarry_u64(k, t1, 0, &d[1]); + k = _addcarry_u64(k, t2, 0, &d[2]); + (void)_addcarry_u64(k, t3, 0, &d[3]); + +#endif +} + +/* + * Finalize reduction. + */ +static inline void +f255_final_reduce(uint64_t *a) +{ +#if BR_INT128 + + uint64_t t0, t1, t2, t3, m; + unsigned __int128 z; + + /* + * We add 19. If the result (in t) is below 2^255, then a[] + * is already less than 2^255-19, thus already reduced. + * Otherwise, we subtract 2^255 from t[], in which case we + * have t = a - (2^255-19), and that's our result. + */ + z = (unsigned __int128)a[0] + 19; + t0 = (uint64_t)z; + z = (unsigned __int128)a[1] + (z >> 64); + t1 = (uint64_t)z; + z = (unsigned __int128)a[2] + (z >> 64); + t2 = (uint64_t)z; + t3 = a[3] + (uint64_t)(z >> 64); + + m = -(t3 >> 63); + t3 &= MASK63; + a[0] ^= m & (a[0] ^ t0); + a[1] ^= m & (a[1] ^ t1); + a[2] ^= m & (a[2] ^ t2); + a[3] ^= m & (a[3] ^ t3); + +#elif BR_UMUL128 + + uint64_t t0, t1, t2, t3, m; + unsigned char k; + + /* + * We add 19. If the result (in t) is below 2^255, then a[] + * is already less than 2^255-19, thus already reduced. + * Otherwise, we subtract 2^255 from t[], in which case we + * have t = a - (2^255-19), and that's our result. + */ + k = _addcarry_u64(0, a[0], 19, &t0); + k = _addcarry_u64(k, a[1], 0, &t1); + k = _addcarry_u64(k, a[2], 0, &t2); + (void)_addcarry_u64(k, a[3], 0, &t3); + + m = -(t3 >> 63); + t3 &= MASK63; + a[0] ^= m & (a[0] ^ t0); + a[1] ^= m & (a[1] ^ t1); + a[2] ^= m & (a[2] ^ t2); + a[3] ^= m & (a[3] ^ t3); + +#endif +} + +static uint32_t +api_mul(unsigned char *G, size_t Glen, + const unsigned char *kb, size_t kblen, int curve) +{ + unsigned char k[32]; + uint64_t x1[4], x2[4], z2[4], x3[4], z3[4]; + uint32_t swap; + int i; + + (void)curve; + + /* + * Points are encoded over exactly 32 bytes. Multipliers must fit + * in 32 bytes as well. + */ + if (Glen != 32 || kblen > 32) { + return 0; + } + + /* + * RFC 7748 mandates that the high bit of the last point byte must + * be ignored/cleared. + */ + x1[0] = br_dec64le(&G[ 0]); + x1[1] = br_dec64le(&G[ 8]); + x1[2] = br_dec64le(&G[16]); + x1[3] = br_dec64le(&G[24]) & MASK63; + + /* + * We can use memset() to clear values, because exact-width types + * like uint64_t are guaranteed to have no padding bits or + * trap representations. + */ + memset(x2, 0, sizeof x2); + x2[0] = 1; + memset(z2, 0, sizeof z2); + memcpy(x3, x1, sizeof x1); + memcpy(z3, x2, sizeof x2); + + /* + * The multiplier is provided in big-endian notation, and + * possibly shorter than 32 bytes. + */ + memset(k, 0, (sizeof k) - kblen); + memcpy(k + (sizeof k) - kblen, kb, kblen); + k[31] &= 0xF8; + k[0] &= 0x7F; + k[0] |= 0x40; + + swap = 0; + + for (i = 254; i >= 0; i --) { + uint64_t a[4], aa[4], b[4], bb[4], e[4]; + uint64_t c[4], d[4], da[4], cb[4]; + uint32_t kt; + + kt = (k[31 - (i >> 3)] >> (i & 7)) & 1; + swap ^= kt; + f255_cswap(x2, x3, swap); + f255_cswap(z2, z3, swap); + swap = kt; + + /* A = x_2 + z_2 */ + f255_add(a, x2, z2); + + /* AA = A^2 */ + f255_mul(aa, a, a); + + /* B = x_2 - z_2 */ + f255_sub(b, x2, z2); + + /* BB = B^2 */ + f255_mul(bb, b, b); + + /* E = AA - BB */ + f255_sub(e, aa, bb); + + /* C = x_3 + z_3 */ + f255_add(c, x3, z3); + + /* D = x_3 - z_3 */ + f255_sub(d, x3, z3); + + /* DA = D * A */ + f255_mul(da, d, a); + + /* CB = C * B */ + f255_mul(cb, c, b); + + /* x_3 = (DA + CB)^2 */ + f255_add(x3, da, cb); + f255_mul(x3, x3, x3); + + /* z_3 = x_1 * (DA - CB)^2 */ + f255_sub(z3, da, cb); + f255_mul(z3, z3, z3); + f255_mul(z3, x1, z3); + + /* x_2 = AA * BB */ + f255_mul(x2, aa, bb); + + /* z_2 = E * (AA + a24 * E) */ + f255_mul_a24(z2, e); + f255_add(z2, aa, z2); + f255_mul(z2, e, z2); + } + + f255_cswap(x2, x3, swap); + f255_cswap(z2, z3, swap); + + /* + * Compute 1/z2 = z2^(p-2). Since p = 2^255-19, we can mutualize + * most non-squarings. We use x1 and x3, now useless, as temporaries. + */ + memcpy(x1, z2, sizeof z2); + for (i = 0; i < 15; i ++) { + f255_mul(x1, x1, x1); + f255_mul(x1, x1, z2); + } + memcpy(x3, x1, sizeof x1); + for (i = 0; i < 14; i ++) { + int j; + + for (j = 0; j < 16; j ++) { + f255_mul(x3, x3, x3); + } + f255_mul(x3, x3, x1); + } + for (i = 14; i >= 0; i --) { + f255_mul(x3, x3, x3); + if ((0xFFEB >> i) & 1) { + f255_mul(x3, z2, x3); + } + } + + /* + * Compute x2/z2. We have 1/z2 in x3. + */ + f255_mul(x2, x2, x3); + f255_final_reduce(x2); + + /* + * Encode the final x2 value in little-endian. + */ + br_enc64le(G, x2[0]); + br_enc64le(G + 8, x2[1]); + br_enc64le(G + 16, x2[2]); + br_enc64le(G + 24, x2[3]); + return 1; +} + +static size_t +api_mulgen(unsigned char *R, + const unsigned char *x, size_t xlen, int curve) +{ + const unsigned char *G; + size_t Glen; + + G = api_generator(curve, &Glen); + memcpy(R, G, Glen); + api_mul(R, Glen, x, xlen, curve); + return Glen; +} + +static uint32_t +api_muladd(unsigned char *A, const unsigned char *B, size_t len, + const unsigned char *x, size_t xlen, + const unsigned char *y, size_t ylen, int curve) +{ + /* + * We don't implement this method, since it is used for ECDSA + * only, and there is no ECDSA over Curve25519 (which instead + * uses EdDSA). + */ + (void)A; + (void)B; + (void)len; + (void)x; + (void)xlen; + (void)y; + (void)ylen; + (void)curve; + return 0; +} + +/* see bearssl_ec.h */ +const br_ec_impl br_ec_c25519_m64 = { + (uint32_t)0x20000000, + &api_generator, + &api_order, + &api_xoff, + &api_mul, + &api_mulgen, + &api_muladd +}; + +/* see bearssl_ec.h */ +const br_ec_impl * +br_ec_c25519_m64_get(void) +{ + return &br_ec_c25519_m64; +} + +#else + +/* see bearssl_ec.h */ +const br_ec_impl * +br_ec_c25519_m64_get(void) +{ + return 0; +} + +#endif diff --git a/src/bearssl/src/ec/ec_p256_m15.c b/src/bearssl/src/ec/ec_p256_m15.c index 6ce57e0..8d68d1d 100644 --- a/src/bearssl/src/ec/ec_p256_m15.c +++ b/src/bearssl/src/ec/ec_p256_m15.c @@ -1739,7 +1739,7 @@ p256_decode(p256_jacobian *P, const void *src, size_t len) memcpy(P->y, ty, sizeof ty); memset(P->z, 0, sizeof P->z); P->z[0] = 1; - return NEQ(bad, 0) ^ 1; + return EQ(bad, 0); } /* diff --git a/src/bearssl/src/ec/ec_p256_m31.c b/src/bearssl/src/ec/ec_p256_m31.c index ec22c3e..d57ef7b 100644 --- a/src/bearssl/src/ec/ec_p256_m31.c +++ b/src/bearssl/src/ec/ec_p256_m31.c @@ -1089,7 +1089,7 @@ p256_decode(p256_jacobian *P, const void *src, size_t len) memcpy(P->y, ty, sizeof ty); memset(P->z, 0, sizeof P->z); P->z[0] = 1; - return NEQ(bad, 0) ^ 1; + return EQ(bad, 0); } /* diff --git a/src/bearssl/src/ec/ec_p256_m62.c b/src/bearssl/src/ec/ec_p256_m62.c new file mode 100644 index 0000000..a431790 --- /dev/null +++ b/src/bearssl/src/ec/ec_p256_m62.c @@ -0,0 +1,1765 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +#if BR_INT128 || BR_UMUL128 + +#if BR_UMUL128 +#include +#endif + +static const unsigned char P256_G[] = { + 0x04, 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, + 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, + 0x81, 0x2D, 0xEB, 0x33, 0xA0, 0xF4, 0xA1, 0x39, 0x45, 0xD8, + 0x98, 0xC2, 0x96, 0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, + 0x9B, 0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16, 0x2B, + 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE, 0xCB, 0xB6, 0x40, + 0x68, 0x37, 0xBF, 0x51, 0xF5 +}; + +static const unsigned char P256_N[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, + 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, + 0x25, 0x51 +}; + +static const unsigned char * +api_generator(int curve, size_t *len) +{ + (void)curve; + *len = sizeof P256_G; + return P256_G; +} + +static const unsigned char * +api_order(int curve, size_t *len) +{ + (void)curve; + *len = sizeof P256_N; + return P256_N; +} + +static size_t +api_xoff(int curve, size_t *len) +{ + (void)curve; + *len = 32; + return 1; +} + +/* + * A field element is encoded as five 64-bit integers, in basis 2^52. + * Limbs may occasionally exceed 2^52. + * + * A _partially reduced_ value is such that the following hold: + * - top limb is less than 2^48 + 2^30 + * - the other limbs fit on 53 bits each + * In particular, such a value is less than twice the modulus p. + */ + +#define BIT(n) ((uint64_t)1 << (n)) +#define MASK48 (BIT(48) - BIT(0)) +#define MASK52 (BIT(52) - BIT(0)) + +/* R = 2^260 mod p */ +static const uint64_t F256_R[] = { + 0x0000000000010, 0xF000000000000, 0xFFFFFFFFFFFFF, + 0xFFEFFFFFFFFFF, 0x00000000FFFFF +}; + +/* Curve equation is y^2 = x^3 - 3*x + B. This constant is B*R mod p + (Montgomery representation of B). */ +static const uint64_t P256_B_MONTY[] = { + 0xDF6229C4BDDFD, 0xCA8843090D89C, 0x212ED6ACF005C, + 0x83415A220ABF7, 0x0C30061DD4874 +}; + +/* + * Addition in the field. Carry propagation is not performed. + * On input, limbs may be up to 63 bits each; on output, they will + * be up to one bit more than on input. + */ +static inline void +f256_add(uint64_t *d, const uint64_t *a, const uint64_t *b) +{ + d[0] = a[0] + b[0]; + d[1] = a[1] + b[1]; + d[2] = a[2] + b[2]; + d[3] = a[3] + b[3]; + d[4] = a[4] + b[4]; +} + +/* + * Partially reduce the provided value. + * Input: limbs can go up to 61 bits each. + * Output: partially reduced. + */ +static inline void +f256_partial_reduce(uint64_t *a) +{ + uint64_t w, cc, s; + + /* + * Propagate carries. + */ + w = a[0]; + a[0] = w & MASK52; + cc = w >> 52; + w = a[1] + cc; + a[1] = w & MASK52; + cc = w >> 52; + w = a[2] + cc; + a[2] = w & MASK52; + cc = w >> 52; + w = a[3] + cc; + a[3] = w & MASK52; + cc = w >> 52; + a[4] += cc; + + s = a[4] >> 48; /* s < 2^14 */ + a[0] += s; /* a[0] < 2^52 + 2^14 */ + w = a[1] - (s << 44); + a[1] = w & MASK52; /* a[1] < 2^52 */ + cc = -(w >> 52) & 0xFFF; /* cc < 16 */ + w = a[2] - cc; + a[2] = w & MASK52; /* a[2] < 2^52 */ + cc = w >> 63; /* cc = 0 or 1 */ + w = a[3] - cc - (s << 36); + a[3] = w & MASK52; /* a[3] < 2^52 */ + cc = w >> 63; /* cc = 0 or 1 */ + w = a[4] & MASK48; + a[4] = w + (s << 16) - cc; /* a[4] < 2^48 + 2^30 */ +} + +/* + * Subtraction in the field. + * Input: limbs must fit on 60 bits each; in particular, the complete + * integer will be less than 2^268 + 2^217. + * Output: partially reduced. + */ +static inline void +f256_sub(uint64_t *d, const uint64_t *a, const uint64_t *b) +{ + uint64_t t[5], w, s, cc; + + /* + * We compute d = 2^13*p + a - b; this ensures a positive + * intermediate value. + * + * Each individual addition/subtraction may yield a positive or + * negative result; thus, we need to handle a signed carry, thus + * with sign extension. We prefer not to use signed types (int64_t) + * because conversion from unsigned to signed is cumbersome (a + * direct cast with the top bit set is undefined behavior; instead, + * we have to use pointer aliasing, using the guaranteed properties + * of exact-width types, but this requires the compiler to optimize + * away the writes and reads from RAM), and right-shifting a + * signed negative value is implementation-defined. Therefore, + * we use a custom sign extension. + */ + + w = a[0] - b[0] - BIT(13); + t[0] = w & MASK52; + cc = w >> 52; + cc |= -(cc & BIT(11)); + w = a[1] - b[1] + cc; + t[1] = w & MASK52; + cc = w >> 52; + cc |= -(cc & BIT(11)); + w = a[2] - b[2] + cc; + t[2] = (w & MASK52) + BIT(5); + cc = w >> 52; + cc |= -(cc & BIT(11)); + w = a[3] - b[3] + cc; + t[3] = (w & MASK52) + BIT(49); + cc = w >> 52; + cc |= -(cc & BIT(11)); + t[4] = (BIT(61) - BIT(29)) + a[4] - b[4] + cc; + + /* + * Perform partial reduction. Rule is: + * 2^256 = 2^224 - 2^192 - 2^96 + 1 mod p + * + * At that point: + * 0 <= t[0] <= 2^52 - 1 + * 0 <= t[1] <= 2^52 - 1 + * 2^5 <= t[2] <= 2^52 + 2^5 - 1 + * 2^49 <= t[3] <= 2^52 + 2^49 - 1 + * 2^59 < t[4] <= 2^61 + 2^60 - 2^29 + * + * Thus, the value 's' (t[4] / 2^48) will be necessarily + * greater than 2048, and less than 12288. + */ + s = t[4] >> 48; + + d[0] = t[0] + s; /* d[0] <= 2^52 + 12287 */ + w = t[1] - (s << 44); + d[1] = w & MASK52; /* d[1] <= 2^52 - 1 */ + cc = -(w >> 52) & 0xFFF; /* cc <= 48 */ + w = t[2] - cc; + cc = w >> 63; /* cc = 0 or 1 */ + d[2] = w + (cc << 52); /* d[2] <= 2^52 + 31 */ + w = t[3] - cc - (s << 36); + cc = w >> 63; /* cc = 0 or 1 */ + d[3] = w + (cc << 52); /* t[3] <= 2^52 + 2^49 - 1 */ + d[4] = (t[4] & MASK48) + (s << 16) - cc; /* d[4] < 2^48 + 2^30 */ + + /* + * If s = 0, then none of the limbs is modified, and there cannot + * be an overflow; if s != 0, then (s << 16) > cc, and there is + * no overflow either. + */ +} + +/* + * Montgomery multiplication in the field. + * Input: limbs must fit on 56 bits each. + * Output: partially reduced. + */ +static void +f256_montymul(uint64_t *d, const uint64_t *a, const uint64_t *b) +{ +#if BR_INT128 + + int i; + uint64_t t[5]; + + t[0] = 0; + t[1] = 0; + t[2] = 0; + t[3] = 0; + t[4] = 0; + for (i = 0; i < 5; i ++) { + uint64_t x, f, cc, w, s; + unsigned __int128 z; + + /* + * Since limbs of a[] and b[] fit on 56 bits each, + * each individual product fits on 112 bits. Also, + * the factor f fits on 52 bits, so f<<48 fits on + * 112 bits too. This guarantees that carries (cc) + * will fit on 62 bits, thus no overflow. + * + * The operations below compute: + * t <- (t + x*b + f*p) / 2^64 + */ + x = a[i]; + z = (unsigned __int128)b[0] * (unsigned __int128)x + + (unsigned __int128)t[0]; + f = (uint64_t)z & MASK52; + cc = (uint64_t)(z >> 52); + z = (unsigned __int128)b[1] * (unsigned __int128)x + + (unsigned __int128)t[1] + cc + + ((unsigned __int128)f << 44); + t[0] = (uint64_t)z & MASK52; + cc = (uint64_t)(z >> 52); + z = (unsigned __int128)b[2] * (unsigned __int128)x + + (unsigned __int128)t[2] + cc; + t[1] = (uint64_t)z & MASK52; + cc = (uint64_t)(z >> 52); + z = (unsigned __int128)b[3] * (unsigned __int128)x + + (unsigned __int128)t[3] + cc + + ((unsigned __int128)f << 36); + t[2] = (uint64_t)z & MASK52; + cc = (uint64_t)(z >> 52); + z = (unsigned __int128)b[4] * (unsigned __int128)x + + (unsigned __int128)t[4] + cc + + ((unsigned __int128)f << 48) + - ((unsigned __int128)f << 16); + t[3] = (uint64_t)z & MASK52; + t[4] = (uint64_t)(z >> 52); + + /* + * t[4] may be up to 62 bits here; we need to do a + * partial reduction. Note that limbs t[0] to t[3] + * fit on 52 bits each. + */ + s = t[4] >> 48; /* s < 2^14 */ + t[0] += s; /* t[0] < 2^52 + 2^14 */ + w = t[1] - (s << 44); + t[1] = w & MASK52; /* t[1] < 2^52 */ + cc = -(w >> 52) & 0xFFF; /* cc < 16 */ + w = t[2] - cc; + t[2] = w & MASK52; /* t[2] < 2^52 */ + cc = w >> 63; /* cc = 0 or 1 */ + w = t[3] - cc - (s << 36); + t[3] = w & MASK52; /* t[3] < 2^52 */ + cc = w >> 63; /* cc = 0 or 1 */ + w = t[4] & MASK48; + t[4] = w + (s << 16) - cc; /* t[4] < 2^48 + 2^30 */ + + /* + * The final t[4] cannot overflow because cc is 0 or 1, + * and cc can be 1 only if s != 0. + */ + } + + d[0] = t[0]; + d[1] = t[1]; + d[2] = t[2]; + d[3] = t[3]; + d[4] = t[4]; + +#elif BR_UMUL128 + + int i; + uint64_t t[5]; + + t[0] = 0; + t[1] = 0; + t[2] = 0; + t[3] = 0; + t[4] = 0; + for (i = 0; i < 5; i ++) { + uint64_t x, f, cc, w, s, zh, zl; + unsigned char k; + + /* + * Since limbs of a[] and b[] fit on 56 bits each, + * each individual product fits on 112 bits. Also, + * the factor f fits on 52 bits, so f<<48 fits on + * 112 bits too. This guarantees that carries (cc) + * will fit on 62 bits, thus no overflow. + * + * The operations below compute: + * t <- (t + x*b + f*p) / 2^64 + */ + x = a[i]; + zl = _umul128(b[0], x, &zh); + k = _addcarry_u64(0, t[0], zl, &zl); + (void)_addcarry_u64(k, 0, zh, &zh); + f = zl & MASK52; + cc = (zl >> 52) | (zh << 12); + + zl = _umul128(b[1], x, &zh); + k = _addcarry_u64(0, t[1], zl, &zl); + (void)_addcarry_u64(k, 0, zh, &zh); + k = _addcarry_u64(0, cc, zl, &zl); + (void)_addcarry_u64(k, 0, zh, &zh); + k = _addcarry_u64(0, f << 44, zl, &zl); + (void)_addcarry_u64(k, f >> 20, zh, &zh); + t[0] = zl & MASK52; + cc = (zl >> 52) | (zh << 12); + + zl = _umul128(b[2], x, &zh); + k = _addcarry_u64(0, t[2], zl, &zl); + (void)_addcarry_u64(k, 0, zh, &zh); + k = _addcarry_u64(0, cc, zl, &zl); + (void)_addcarry_u64(k, 0, zh, &zh); + t[1] = zl & MASK52; + cc = (zl >> 52) | (zh << 12); + + zl = _umul128(b[3], x, &zh); + k = _addcarry_u64(0, t[3], zl, &zl); + (void)_addcarry_u64(k, 0, zh, &zh); + k = _addcarry_u64(0, cc, zl, &zl); + (void)_addcarry_u64(k, 0, zh, &zh); + k = _addcarry_u64(0, f << 36, zl, &zl); + (void)_addcarry_u64(k, f >> 28, zh, &zh); + t[2] = zl & MASK52; + cc = (zl >> 52) | (zh << 12); + + zl = _umul128(b[4], x, &zh); + k = _addcarry_u64(0, t[4], zl, &zl); + (void)_addcarry_u64(k, 0, zh, &zh); + k = _addcarry_u64(0, cc, zl, &zl); + (void)_addcarry_u64(k, 0, zh, &zh); + k = _addcarry_u64(0, f << 48, zl, &zl); + (void)_addcarry_u64(k, f >> 16, zh, &zh); + k = _subborrow_u64(0, zl, f << 16, &zl); + (void)_subborrow_u64(k, zh, f >> 48, &zh); + t[3] = zl & MASK52; + t[4] = (zl >> 52) | (zh << 12); + + /* + * t[4] may be up to 62 bits here; we need to do a + * partial reduction. Note that limbs t[0] to t[3] + * fit on 52 bits each. + */ + s = t[4] >> 48; /* s < 2^14 */ + t[0] += s; /* t[0] < 2^52 + 2^14 */ + w = t[1] - (s << 44); + t[1] = w & MASK52; /* t[1] < 2^52 */ + cc = -(w >> 52) & 0xFFF; /* cc < 16 */ + w = t[2] - cc; + t[2] = w & MASK52; /* t[2] < 2^52 */ + cc = w >> 63; /* cc = 0 or 1 */ + w = t[3] - cc - (s << 36); + t[3] = w & MASK52; /* t[3] < 2^52 */ + cc = w >> 63; /* cc = 0 or 1 */ + w = t[4] & MASK48; + t[4] = w + (s << 16) - cc; /* t[4] < 2^48 + 2^30 */ + + /* + * The final t[4] cannot overflow because cc is 0 or 1, + * and cc can be 1 only if s != 0. + */ + } + + d[0] = t[0]; + d[1] = t[1]; + d[2] = t[2]; + d[3] = t[3]; + d[4] = t[4]; + +#endif +} + +/* + * Montgomery squaring in the field; currently a basic wrapper around + * multiplication (inline, should be optimized away). + * TODO: see if some extra speed can be gained here. + */ +static inline void +f256_montysquare(uint64_t *d, const uint64_t *a) +{ + f256_montymul(d, a, a); +} + +/* + * Convert to Montgomery representation. + */ +static void +f256_tomonty(uint64_t *d, const uint64_t *a) +{ + /* + * R2 = 2^520 mod p. + * If R = 2^260 mod p, then R2 = R^2 mod p; and the Montgomery + * multiplication of a by R2 is: a*R2/R = a*R mod p, i.e. the + * conversion to Montgomery representation. + */ + static const uint64_t R2[] = { + 0x0000000000300, 0xFFFFFFFF00000, 0xFFFFEFFFFFFFB, + 0xFDFFFFFFFFFFF, 0x0000004FFFFFF + }; + + f256_montymul(d, a, R2); +} + +/* + * Convert from Montgomery representation. + */ +static void +f256_frommonty(uint64_t *d, const uint64_t *a) +{ + /* + * Montgomery multiplication by 1 is division by 2^260 modulo p. + */ + static const uint64_t one[] = { 1, 0, 0, 0, 0 }; + + f256_montymul(d, a, one); +} + +/* + * Inversion in the field. If the source value is 0 modulo p, then this + * returns 0 or p. This function uses Montgomery representation. + */ +static void +f256_invert(uint64_t *d, const uint64_t *a) +{ + /* + * We compute a^(p-2) mod p. The exponent pattern (from high to + * low) is: + * - 32 bits of value 1 + * - 31 bits of value 0 + * - 1 bit of value 1 + * - 96 bits of value 0 + * - 94 bits of value 1 + * - 1 bit of value 0 + * - 1 bit of value 1 + * To speed up the square-and-multiply algorithm, we precompute + * a^(2^31-1). + */ + + uint64_t r[5], t[5]; + int i; + + memcpy(t, a, sizeof t); + for (i = 0; i < 30; i ++) { + f256_montysquare(t, t); + f256_montymul(t, t, a); + } + + memcpy(r, t, sizeof t); + for (i = 224; i >= 0; i --) { + f256_montysquare(r, r); + switch (i) { + case 0: + case 2: + case 192: + case 224: + f256_montymul(r, r, a); + break; + case 3: + case 34: + case 65: + f256_montymul(r, r, t); + break; + } + } + memcpy(d, r, sizeof r); +} + +/* + * Finalize reduction. + * Input value should be partially reduced. + * On output, limbs a[0] to a[3] fit on 52 bits each, limb a[4] fits + * on 48 bits, and the integer is less than p. + */ +static inline void +f256_final_reduce(uint64_t *a) +{ + uint64_t r[5], t[5], w, cc; + int i; + + /* + * Propagate carries to ensure that limbs 0 to 3 fit on 52 bits. + */ + cc = 0; + for (i = 0; i < 5; i ++) { + w = a[i] + cc; + r[i] = w & MASK52; + cc = w >> 52; + } + + /* + * We compute t = r + (2^256 - p) = r + 2^224 - 2^192 - 2^96 + 1. + * If t < 2^256, then r < p, and we return r. Otherwise, we + * want to return r - p = t - 2^256. + */ + + /* + * Add 2^224 + 1, and propagate carries to ensure that limbs + * t[0] to t[3] fit in 52 bits each. + */ + w = r[0] + 1; + t[0] = w & MASK52; + cc = w >> 52; + w = r[1] + cc; + t[1] = w & MASK52; + cc = w >> 52; + w = r[2] + cc; + t[2] = w & MASK52; + cc = w >> 52; + w = r[3] + cc; + t[3] = w & MASK52; + cc = w >> 52; + t[4] = r[4] + cc + BIT(16); + + /* + * Subtract 2^192 + 2^96. Since we just added 2^224 + 1, the + * result cannot be negative. + */ + w = t[1] - BIT(44); + t[1] = w & MASK52; + cc = w >> 63; + w = t[2] - cc; + t[2] = w & MASK52; + cc = w >> 63; + w = t[3] - BIT(36) - cc; + t[3] = w & MASK52; + cc = w >> 63; + t[4] -= cc; + + /* + * If the top limb t[4] fits on 48 bits, then r[] is already + * in the proper range. Otherwise, t[] is the value to return + * (truncated to 256 bits). + */ + cc = -(t[4] >> 48); + t[4] &= MASK48; + for (i = 0; i < 5; i ++) { + a[i] = r[i] ^ (cc & (r[i] ^ t[i])); + } +} + +/* + * Points in affine and Jacobian coordinates. + * + * - In affine coordinates, the point-at-infinity cannot be encoded. + * - Jacobian coordinates (X,Y,Z) correspond to affine (X/Z^2,Y/Z^3); + * if Z = 0 then this is the point-at-infinity. + */ +typedef struct { + uint64_t x[5]; + uint64_t y[5]; +} p256_affine; + +typedef struct { + uint64_t x[5]; + uint64_t y[5]; + uint64_t z[5]; +} p256_jacobian; + +/* + * Decode a field element (unsigned big endian notation). + */ +static void +f256_decode(uint64_t *a, const unsigned char *buf) +{ + uint64_t w0, w1, w2, w3; + + w3 = br_dec64be(buf + 0); + w2 = br_dec64be(buf + 8); + w1 = br_dec64be(buf + 16); + w0 = br_dec64be(buf + 24); + a[0] = w0 & MASK52; + a[1] = ((w0 >> 52) | (w1 << 12)) & MASK52; + a[2] = ((w1 >> 40) | (w2 << 24)) & MASK52; + a[3] = ((w2 >> 28) | (w3 << 36)) & MASK52; + a[4] = w3 >> 16; +} + +/* + * Encode a field element (unsigned big endian notation). The field + * element MUST be fully reduced. + */ +static void +f256_encode(unsigned char *buf, const uint64_t *a) +{ + uint64_t w0, w1, w2, w3; + + w0 = a[0] | (a[1] << 52); + w1 = (a[1] >> 12) | (a[2] << 40); + w2 = (a[2] >> 24) | (a[3] << 28); + w3 = (a[3] >> 36) | (a[4] << 16); + br_enc64be(buf + 0, w3); + br_enc64be(buf + 8, w2); + br_enc64be(buf + 16, w1); + br_enc64be(buf + 24, w0); +} + +/* + * Decode a point. The returned point is in Jacobian coordinates, but + * with z = 1. If the encoding is invalid, or encodes a point which is + * not on the curve, or encodes the point at infinity, then this function + * returns 0. Otherwise, 1 is returned. + * + * The buffer is assumed to have length exactly 65 bytes. + */ +static uint32_t +point_decode(p256_jacobian *P, const unsigned char *buf) +{ + uint64_t x[5], y[5], t[5], x3[5], tt; + uint32_t r; + + /* + * Header byte shall be 0x04. + */ + r = EQ(buf[0], 0x04); + + /* + * Decode X and Y coordinates, and convert them into + * Montgomery representation. + */ + f256_decode(x, buf + 1); + f256_decode(y, buf + 33); + f256_tomonty(x, x); + f256_tomonty(y, y); + + /* + * Verify y^2 = x^3 + A*x + B. In curve P-256, A = -3. + * Note that the Montgomery representation of 0 is 0. We must + * take care to apply the final reduction to make sure we have + * 0 and not p. + */ + f256_montysquare(t, y); + f256_montysquare(x3, x); + f256_montymul(x3, x3, x); + f256_sub(t, t, x3); + f256_add(t, t, x); + f256_add(t, t, x); + f256_add(t, t, x); + f256_sub(t, t, P256_B_MONTY); + f256_final_reduce(t); + tt = t[0] | t[1] | t[2] | t[3] | t[4]; + r &= EQ((uint32_t)(tt | (tt >> 32)), 0); + + /* + * Return the point in Jacobian coordinates (and Montgomery + * representation). + */ + memcpy(P->x, x, sizeof x); + memcpy(P->y, y, sizeof y); + memcpy(P->z, F256_R, sizeof F256_R); + return r; +} + +/* + * Final conversion for a point: + * - The point is converted back to affine coordinates. + * - Final reduction is performed. + * - The point is encoded into the provided buffer. + * + * If the point is the point-at-infinity, all operations are performed, + * but the buffer contents are indeterminate, and 0 is returned. Otherwise, + * the encoded point is written in the buffer, and 1 is returned. + */ +static uint32_t +point_encode(unsigned char *buf, const p256_jacobian *P) +{ + uint64_t t1[5], t2[5], z; + + /* Set t1 = 1/z^2 and t2 = 1/z^3. */ + f256_invert(t2, P->z); + f256_montysquare(t1, t2); + f256_montymul(t2, t2, t1); + + /* Compute affine coordinates x (in t1) and y (in t2). */ + f256_montymul(t1, P->x, t1); + f256_montymul(t2, P->y, t2); + + /* Convert back from Montgomery representation, and finalize + reductions. */ + f256_frommonty(t1, t1); + f256_frommonty(t2, t2); + f256_final_reduce(t1); + f256_final_reduce(t2); + + /* Encode. */ + buf[0] = 0x04; + f256_encode(buf + 1, t1); + f256_encode(buf + 33, t2); + + /* Return success if and only if P->z != 0. */ + z = P->z[0] | P->z[1] | P->z[2] | P->z[3] | P->z[4]; + return NEQ((uint32_t)(z | z >> 32), 0); +} + +/* + * Point doubling in Jacobian coordinates: point P is doubled. + * Note: if the source point is the point-at-infinity, then the result is + * still the point-at-infinity, which is correct. Moreover, if the three + * coordinates were zero, then they still are zero in the returned value. + */ +static void +p256_double(p256_jacobian *P) +{ + /* + * Doubling formulas are: + * + * s = 4*x*y^2 + * m = 3*(x + z^2)*(x - z^2) + * x' = m^2 - 2*s + * y' = m*(s - x') - 8*y^4 + * z' = 2*y*z + * + * These formulas work for all points, including points of order 2 + * and points at infinity: + * - If y = 0 then z' = 0. But there is no such point in P-256 + * anyway. + * - If z = 0 then z' = 0. + */ + uint64_t t1[5], t2[5], t3[5], t4[5]; + + /* + * Compute z^2 in t1. + */ + f256_montysquare(t1, P->z); + + /* + * Compute x-z^2 in t2 and x+z^2 in t1. + */ + f256_add(t2, P->x, t1); + f256_sub(t1, P->x, t1); + + /* + * Compute 3*(x+z^2)*(x-z^2) in t1. + */ + f256_montymul(t3, t1, t2); + f256_add(t1, t3, t3); + f256_add(t1, t3, t1); + + /* + * Compute 4*x*y^2 (in t2) and 2*y^2 (in t3). + */ + f256_montysquare(t3, P->y); + f256_add(t3, t3, t3); + f256_montymul(t2, P->x, t3); + f256_add(t2, t2, t2); + + /* + * Compute x' = m^2 - 2*s. + */ + f256_montysquare(P->x, t1); + f256_sub(P->x, P->x, t2); + f256_sub(P->x, P->x, t2); + + /* + * Compute z' = 2*y*z. + */ + f256_montymul(t4, P->y, P->z); + f256_add(P->z, t4, t4); + f256_partial_reduce(P->z); + + /* + * Compute y' = m*(s - x') - 8*y^4. Note that we already have + * 2*y^2 in t3. + */ + f256_sub(t2, t2, P->x); + f256_montymul(P->y, t1, t2); + f256_montysquare(t4, t3); + f256_add(t4, t4, t4); + f256_sub(P->y, P->y, t4); +} + +/* + * Point addition (Jacobian coordinates): P1 is replaced with P1+P2. + * This function computes the wrong result in the following cases: + * + * - If P1 == 0 but P2 != 0 + * - If P1 != 0 but P2 == 0 + * - If P1 == P2 + * + * In all three cases, P1 is set to the point at infinity. + * + * Returned value is 0 if one of the following occurs: + * + * - P1 and P2 have the same Y coordinate. + * - P1 == 0 and P2 == 0. + * - The Y coordinate of one of the points is 0 and the other point is + * the point at infinity. + * + * The third case cannot actually happen with valid points, since a point + * with Y == 0 is a point of order 2, and there is no point of order 2 on + * curve P-256. + * + * Therefore, assuming that P1 != 0 and P2 != 0 on input, then the caller + * can apply the following: + * + * - If the result is not the point at infinity, then it is correct. + * - Otherwise, if the returned value is 1, then this is a case of + * P1+P2 == 0, so the result is indeed the point at infinity. + * - Otherwise, P1 == P2, so a "double" operation should have been + * performed. + * + * Note that you can get a returned value of 0 with a correct result, + * e.g. if P1 and P2 have the same Y coordinate, but distinct X coordinates. + */ +static uint32_t +p256_add(p256_jacobian *P1, const p256_jacobian *P2) +{ + /* + * Addtions formulas are: + * + * u1 = x1 * z2^2 + * u2 = x2 * z1^2 + * s1 = y1 * z2^3 + * s2 = y2 * z1^3 + * h = u2 - u1 + * r = s2 - s1 + * x3 = r^2 - h^3 - 2 * u1 * h^2 + * y3 = r * (u1 * h^2 - x3) - s1 * h^3 + * z3 = h * z1 * z2 + */ + uint64_t t1[5], t2[5], t3[5], t4[5], t5[5], t6[5], t7[5], tt; + uint32_t ret; + + /* + * Compute u1 = x1*z2^2 (in t1) and s1 = y1*z2^3 (in t3). + */ + f256_montysquare(t3, P2->z); + f256_montymul(t1, P1->x, t3); + f256_montymul(t4, P2->z, t3); + f256_montymul(t3, P1->y, t4); + + /* + * Compute u2 = x2*z1^2 (in t2) and s2 = y2*z1^3 (in t4). + */ + f256_montysquare(t4, P1->z); + f256_montymul(t2, P2->x, t4); + f256_montymul(t5, P1->z, t4); + f256_montymul(t4, P2->y, t5); + + /* + * Compute h = h2 - u1 (in t2) and r = s2 - s1 (in t4). + * We need to test whether r is zero, so we will do some extra + * reduce. + */ + f256_sub(t2, t2, t1); + f256_sub(t4, t4, t3); + f256_final_reduce(t4); + tt = t4[0] | t4[1] | t4[2] | t4[3] | t4[4]; + ret = (uint32_t)(tt | (tt >> 32)); + ret = (ret | -ret) >> 31; + + /* + * Compute u1*h^2 (in t6) and h^3 (in t5); + */ + f256_montysquare(t7, t2); + f256_montymul(t6, t1, t7); + f256_montymul(t5, t7, t2); + + /* + * Compute x3 = r^2 - h^3 - 2*u1*h^2. + */ + f256_montysquare(P1->x, t4); + f256_sub(P1->x, P1->x, t5); + f256_sub(P1->x, P1->x, t6); + f256_sub(P1->x, P1->x, t6); + + /* + * Compute y3 = r*(u1*h^2 - x3) - s1*h^3. + */ + f256_sub(t6, t6, P1->x); + f256_montymul(P1->y, t4, t6); + f256_montymul(t1, t5, t3); + f256_sub(P1->y, P1->y, t1); + + /* + * Compute z3 = h*z1*z2. + */ + f256_montymul(t1, P1->z, P2->z); + f256_montymul(P1->z, t1, t2); + + return ret; +} + +/* + * Point addition (mixed coordinates): P1 is replaced with P1+P2. + * This is a specialised function for the case when P2 is a non-zero point + * in affine coordinates. + * + * This function computes the wrong result in the following cases: + * + * - If P1 == 0 + * - If P1 == P2 + * + * In both cases, P1 is set to the point at infinity. + * + * Returned value is 0 if one of the following occurs: + * + * - P1 and P2 have the same Y (affine) coordinate. + * - The Y coordinate of P2 is 0 and P1 is the point at infinity. + * + * The second case cannot actually happen with valid points, since a point + * with Y == 0 is a point of order 2, and there is no point of order 2 on + * curve P-256. + * + * Therefore, assuming that P1 != 0 on input, then the caller + * can apply the following: + * + * - If the result is not the point at infinity, then it is correct. + * - Otherwise, if the returned value is 1, then this is a case of + * P1+P2 == 0, so the result is indeed the point at infinity. + * - Otherwise, P1 == P2, so a "double" operation should have been + * performed. + * + * Again, a value of 0 may be returned in some cases where the addition + * result is correct. + */ +static uint32_t +p256_add_mixed(p256_jacobian *P1, const p256_affine *P2) +{ + /* + * Addtions formulas are: + * + * u1 = x1 + * u2 = x2 * z1^2 + * s1 = y1 + * s2 = y2 * z1^3 + * h = u2 - u1 + * r = s2 - s1 + * x3 = r^2 - h^3 - 2 * u1 * h^2 + * y3 = r * (u1 * h^2 - x3) - s1 * h^3 + * z3 = h * z1 + */ + uint64_t t1[5], t2[5], t3[5], t4[5], t5[5], t6[5], t7[5], tt; + uint32_t ret; + + /* + * Compute u1 = x1 (in t1) and s1 = y1 (in t3). + */ + memcpy(t1, P1->x, sizeof t1); + memcpy(t3, P1->y, sizeof t3); + + /* + * Compute u2 = x2*z1^2 (in t2) and s2 = y2*z1^3 (in t4). + */ + f256_montysquare(t4, P1->z); + f256_montymul(t2, P2->x, t4); + f256_montymul(t5, P1->z, t4); + f256_montymul(t4, P2->y, t5); + + /* + * Compute h = h2 - u1 (in t2) and r = s2 - s1 (in t4). + * We need to test whether r is zero, so we will do some extra + * reduce. + */ + f256_sub(t2, t2, t1); + f256_sub(t4, t4, t3); + f256_final_reduce(t4); + tt = t4[0] | t4[1] | t4[2] | t4[3] | t4[4]; + ret = (uint32_t)(tt | (tt >> 32)); + ret = (ret | -ret) >> 31; + + /* + * Compute u1*h^2 (in t6) and h^3 (in t5); + */ + f256_montysquare(t7, t2); + f256_montymul(t6, t1, t7); + f256_montymul(t5, t7, t2); + + /* + * Compute x3 = r^2 - h^3 - 2*u1*h^2. + */ + f256_montysquare(P1->x, t4); + f256_sub(P1->x, P1->x, t5); + f256_sub(P1->x, P1->x, t6); + f256_sub(P1->x, P1->x, t6); + + /* + * Compute y3 = r*(u1*h^2 - x3) - s1*h^3. + */ + f256_sub(t6, t6, P1->x); + f256_montymul(P1->y, t4, t6); + f256_montymul(t1, t5, t3); + f256_sub(P1->y, P1->y, t1); + + /* + * Compute z3 = h*z1*z2. + */ + f256_montymul(P1->z, P1->z, t2); + + return ret; +} + +#if 0 +/* unused */ +/* + * Point addition (mixed coordinates, complete): P1 is replaced with P1+P2. + * This is a specialised function for the case when P2 is a non-zero point + * in affine coordinates. + * + * This function returns the correct result in all cases. + */ +static uint32_t +p256_add_complete_mixed(p256_jacobian *P1, const p256_affine *P2) +{ + /* + * Addtions formulas, in the general case, are: + * + * u1 = x1 + * u2 = x2 * z1^2 + * s1 = y1 + * s2 = y2 * z1^3 + * h = u2 - u1 + * r = s2 - s1 + * x3 = r^2 - h^3 - 2 * u1 * h^2 + * y3 = r * (u1 * h^2 - x3) - s1 * h^3 + * z3 = h * z1 + * + * These formulas mishandle the two following cases: + * + * - If P1 is the point-at-infinity (z1 = 0), then z3 is + * incorrectly set to 0. + * + * - If P1 = P2, then u1 = u2 and s1 = s2, and x3, y3 and z3 + * are all set to 0. + * + * However, if P1 + P2 = 0, then u1 = u2 but s1 != s2, and then + * we correctly get z3 = 0 (the point-at-infinity). + * + * To fix the case P1 = 0, we perform at the end a copy of P2 + * over P1, conditional to z1 = 0. + * + * For P1 = P2: in that case, both h and r are set to 0, and + * we get x3, y3 and z3 equal to 0. We can test for that + * occurrence to make a mask which will be all-one if P1 = P2, + * or all-zero otherwise; then we can compute the double of P2 + * and add it, combined with the mask, to (x3,y3,z3). + * + * Using the doubling formulas in p256_double() on (x2,y2), + * simplifying since P2 is affine (i.e. z2 = 1, implicitly), + * we get: + * s = 4*x2*y2^2 + * m = 3*(x2 + 1)*(x2 - 1) + * x' = m^2 - 2*s + * y' = m*(s - x') - 8*y2^4 + * z' = 2*y2 + * which requires only 6 multiplications. Added to the 11 + * multiplications of the normal mixed addition in Jacobian + * coordinates, we get a cost of 17 multiplications in total. + */ + uint64_t t1[5], t2[5], t3[5], t4[5], t5[5], t6[5], t7[5], tt, zz; + int i; + + /* + * Set zz to -1 if P1 is the point at infinity, 0 otherwise. + */ + zz = P1->z[0] | P1->z[1] | P1->z[2] | P1->z[3] | P1->z[4]; + zz = ((zz | -zz) >> 63) - (uint64_t)1; + + /* + * Compute u1 = x1 (in t1) and s1 = y1 (in t3). + */ + memcpy(t1, P1->x, sizeof t1); + memcpy(t3, P1->y, sizeof t3); + + /* + * Compute u2 = x2*z1^2 (in t2) and s2 = y2*z1^3 (in t4). + */ + f256_montysquare(t4, P1->z); + f256_montymul(t2, P2->x, t4); + f256_montymul(t5, P1->z, t4); + f256_montymul(t4, P2->y, t5); + + /* + * Compute h = h2 - u1 (in t2) and r = s2 - s1 (in t4). + * reduce. + */ + f256_sub(t2, t2, t1); + f256_sub(t4, t4, t3); + + /* + * If both h = 0 and r = 0, then P1 = P2, and we want to set + * the mask tt to -1; otherwise, the mask will be 0. + */ + f256_final_reduce(t2); + f256_final_reduce(t4); + tt = t2[0] | t2[1] | t2[2] | t2[3] | t2[4] + | t4[0] | t4[1] | t4[2] | t4[3] | t4[4]; + tt = ((tt | -tt) >> 63) - (uint64_t)1; + + /* + * Compute u1*h^2 (in t6) and h^3 (in t5); + */ + f256_montysquare(t7, t2); + f256_montymul(t6, t1, t7); + f256_montymul(t5, t7, t2); + + /* + * Compute x3 = r^2 - h^3 - 2*u1*h^2. + */ + f256_montysquare(P1->x, t4); + f256_sub(P1->x, P1->x, t5); + f256_sub(P1->x, P1->x, t6); + f256_sub(P1->x, P1->x, t6); + + /* + * Compute y3 = r*(u1*h^2 - x3) - s1*h^3. + */ + f256_sub(t6, t6, P1->x); + f256_montymul(P1->y, t4, t6); + f256_montymul(t1, t5, t3); + f256_sub(P1->y, P1->y, t1); + + /* + * Compute z3 = h*z1. + */ + f256_montymul(P1->z, P1->z, t2); + + /* + * The "double" result, in case P1 = P2. + */ + + /* + * Compute z' = 2*y2 (in t1). + */ + f256_add(t1, P2->y, P2->y); + f256_partial_reduce(t1); + + /* + * Compute 2*(y2^2) (in t2) and s = 4*x2*(y2^2) (in t3). + */ + f256_montysquare(t2, P2->y); + f256_add(t2, t2, t2); + f256_add(t3, t2, t2); + f256_montymul(t3, P2->x, t3); + + /* + * Compute m = 3*(x2^2 - 1) (in t4). + */ + f256_montysquare(t4, P2->x); + f256_sub(t4, t4, F256_R); + f256_add(t5, t4, t4); + f256_add(t4, t4, t5); + + /* + * Compute x' = m^2 - 2*s (in t5). + */ + f256_montysquare(t5, t4); + f256_sub(t5, t3); + f256_sub(t5, t3); + + /* + * Compute y' = m*(s - x') - 8*y2^4 (in t6). + */ + f256_sub(t6, t3, t5); + f256_montymul(t6, t6, t4); + f256_montysquare(t7, t2); + f256_sub(t6, t6, t7); + f256_sub(t6, t6, t7); + + /* + * We now have the alternate (doubling) coordinates in (t5,t6,t1). + * We combine them with (x3,y3,z3). + */ + for (i = 0; i < 5; i ++) { + P1->x[i] |= tt & t5[i]; + P1->y[i] |= tt & t6[i]; + P1->z[i] |= tt & t1[i]; + } + + /* + * If P1 = 0, then we get z3 = 0 (which is invalid); if z1 is 0, + * then we want to replace the result with a copy of P2. The + * test on z1 was done at the start, in the zz mask. + */ + for (i = 0; i < 5; i ++) { + P1->x[i] ^= zz & (P1->x[i] ^ P2->x[i]); + P1->y[i] ^= zz & (P1->y[i] ^ P2->y[i]); + P1->z[i] ^= zz & (P1->z[i] ^ F256_R[i]); + } +} +#endif + +/* + * Inner function for computing a point multiplication. A window is + * provided, with points 1*P to 15*P in affine coordinates. + * + * Assumptions: + * - All provided points are valid points on the curve. + * - Multiplier is non-zero, and smaller than the curve order. + * - Everything is in Montgomery representation. + */ +static void +point_mul_inner(p256_jacobian *R, const p256_affine *W, + const unsigned char *k, size_t klen) +{ + p256_jacobian Q; + uint32_t qz; + + memset(&Q, 0, sizeof Q); + qz = 1; + while (klen -- > 0) { + int i; + unsigned bk; + + bk = *k ++; + for (i = 0; i < 2; i ++) { + uint32_t bits; + uint32_t bnz; + p256_affine T; + p256_jacobian U; + uint32_t n; + int j; + uint64_t m; + + p256_double(&Q); + p256_double(&Q); + p256_double(&Q); + p256_double(&Q); + bits = (bk >> 4) & 0x0F; + bnz = NEQ(bits, 0); + + /* + * Lookup point in window. If the bits are 0, + * we get something invalid, which is not a + * problem because we will use it only if the + * bits are non-zero. + */ + memset(&T, 0, sizeof T); + for (n = 0; n < 15; n ++) { + m = -(uint64_t)EQ(bits, n + 1); + T.x[0] |= m & W[n].x[0]; + T.x[1] |= m & W[n].x[1]; + T.x[2] |= m & W[n].x[2]; + T.x[3] |= m & W[n].x[3]; + T.x[4] |= m & W[n].x[4]; + T.y[0] |= m & W[n].y[0]; + T.y[1] |= m & W[n].y[1]; + T.y[2] |= m & W[n].y[2]; + T.y[3] |= m & W[n].y[3]; + T.y[4] |= m & W[n].y[4]; + } + + U = Q; + p256_add_mixed(&U, &T); + + /* + * If qz is still 1, then Q was all-zeros, and this + * is conserved through p256_double(). + */ + m = -(uint64_t)(bnz & qz); + for (j = 0; j < 5; j ++) { + Q.x[j] ^= m & (Q.x[j] ^ T.x[j]); + Q.y[j] ^= m & (Q.y[j] ^ T.y[j]); + Q.z[j] ^= m & (Q.z[j] ^ F256_R[j]); + } + CCOPY(bnz & ~qz, &Q, &U, sizeof Q); + qz &= ~bnz; + bk <<= 4; + } + } + *R = Q; +} + +/* + * Convert a window from Jacobian to affine coordinates. A single + * field inversion is used. This function works for windows up to + * 32 elements. + * + * The destination array (aff[]) and the source array (jac[]) may + * overlap, provided that the start of aff[] is not after the start of + * jac[]. Even if the arrays do _not_ overlap, the source array is + * modified. + */ +static void +window_to_affine(p256_affine *aff, p256_jacobian *jac, int num) +{ + /* + * Convert the window points to affine coordinates. We use the + * following trick to mutualize the inversion computation: if + * we have z1, z2, z3, and z4, and want to invert all of them, + * we compute u = 1/(z1*z2*z3*z4), and then we have: + * 1/z1 = u*z2*z3*z4 + * 1/z2 = u*z1*z3*z4 + * 1/z3 = u*z1*z2*z4 + * 1/z4 = u*z1*z2*z3 + * + * The partial products are computed recursively: + * + * - on input (z_1,z_2), return (z_2,z_1) and z_1*z_2 + * - on input (z_1,z_2,... z_n): + * recurse on (z_1,z_2,... z_(n/2)) -> r1 and m1 + * recurse on (z_(n/2+1),z_(n/2+2)... z_n) -> r2 and m2 + * multiply elements of r1 by m2 -> s1 + * multiply elements of r2 by m1 -> s2 + * return r1||r2 and m1*m2 + * + * In the example below, we suppose that we have 14 elements. + * Let z1, z2,... zE be the 14 values to invert (index noted in + * hexadecimal, starting at 1). + * + * - Depth 1: + * swap(z1, z2); z12 = z1*z2 + * swap(z3, z4); z34 = z3*z4 + * swap(z5, z6); z56 = z5*z6 + * swap(z7, z8); z78 = z7*z8 + * swap(z9, zA); z9A = z9*zA + * swap(zB, zC); zBC = zB*zC + * swap(zD, zE); zDE = zD*zE + * + * - Depth 2: + * z1 <- z1*z34, z2 <- z2*z34, z3 <- z3*z12, z4 <- z4*z12 + * z1234 = z12*z34 + * z5 <- z5*z78, z6 <- z6*z78, z7 <- z7*z56, z8 <- z8*z56 + * z5678 = z56*z78 + * z9 <- z9*zBC, zA <- zA*zBC, zB <- zB*z9A, zC <- zC*z9A + * z9ABC = z9A*zBC + * + * - Depth 3: + * z1 <- z1*z5678, z2 <- z2*z5678, z3 <- z3*z5678, z4 <- z4*z5678 + * z5 <- z5*z1234, z6 <- z6*z1234, z7 <- z7*z1234, z8 <- z8*z1234 + * z12345678 = z1234*z5678 + * z9 <- z9*zDE, zA <- zA*zDE, zB <- zB*zDE, zC <- zC*zDE + * zD <- zD*z9ABC, zE*z9ABC + * z9ABCDE = z9ABC*zDE + * + * - Depth 4: + * multiply z1..z8 by z9ABCDE + * multiply z9..zE by z12345678 + * final z = z12345678*z9ABCDE + */ + + uint64_t z[16][5]; + int i, k, s; +#define zt (z[15]) +#define zu (z[14]) +#define zv (z[13]) + + /* + * First recursion step (pairwise swapping and multiplication). + * If there is an odd number of elements, then we "invent" an + * extra one with coordinate Z = 1 (in Montgomery representation). + */ + for (i = 0; (i + 1) < num; i += 2) { + memcpy(zt, jac[i].z, sizeof zt); + memcpy(jac[i].z, jac[i + 1].z, sizeof zt); + memcpy(jac[i + 1].z, zt, sizeof zt); + f256_montymul(z[i >> 1], jac[i].z, jac[i + 1].z); + } + if ((num & 1) != 0) { + memcpy(z[num >> 1], jac[num - 1].z, sizeof zt); + memcpy(jac[num - 1].z, F256_R, sizeof F256_R); + } + + /* + * Perform further recursion steps. At the entry of each step, + * the process has been done for groups of 's' points. The + * integer k is the log2 of s. + */ + for (k = 1, s = 2; s < num; k ++, s <<= 1) { + int n; + + for (i = 0; i < num; i ++) { + f256_montymul(jac[i].z, jac[i].z, z[(i >> k) ^ 1]); + } + n = (num + s - 1) >> k; + for (i = 0; i < (n >> 1); i ++) { + f256_montymul(z[i], z[i << 1], z[(i << 1) + 1]); + } + if ((n & 1) != 0) { + memmove(z[n >> 1], z[n], sizeof zt); + } + } + + /* + * Invert the final result, and convert all points. + */ + f256_invert(zt, z[0]); + for (i = 0; i < num; i ++) { + f256_montymul(zv, jac[i].z, zt); + f256_montysquare(zu, zv); + f256_montymul(zv, zv, zu); + f256_montymul(aff[i].x, jac[i].x, zu); + f256_montymul(aff[i].y, jac[i].y, zv); + } +} + +/* + * Multiply the provided point by an integer. + * Assumptions: + * - Source point is a valid curve point. + * - Source point is not the point-at-infinity. + * - Integer is not 0, and is lower than the curve order. + * If these conditions are not met, then the result is indeterminate + * (but the process is still constant-time). + */ +static void +p256_mul(p256_jacobian *P, const unsigned char *k, size_t klen) +{ + union { + p256_affine aff[15]; + p256_jacobian jac[15]; + } window; + int i; + + /* + * Compute window, in Jacobian coordinates. + */ + window.jac[0] = *P; + for (i = 2; i < 16; i ++) { + window.jac[i - 1] = window.jac[(i >> 1) - 1]; + if ((i & 1) == 0) { + p256_double(&window.jac[i - 1]); + } else { + p256_add(&window.jac[i - 1], &window.jac[i >> 1]); + } + } + + /* + * Convert the window points to affine coordinates. Point + * window[0] is the source point, already in affine coordinates. + */ + window_to_affine(window.aff, window.jac, 15); + + /* + * Perform point multiplication. + */ + point_mul_inner(P, window.aff, k, klen); +} + +/* + * Precomputed window for the conventional generator: P256_Gwin[n] + * contains (n+1)*G (affine coordinates, in Montgomery representation). + */ +static const p256_affine P256_Gwin[] = { + { + { 0x30D418A9143C1, 0xC4FEDB60179E7, 0x62251075BA95F, + 0x5C669FB732B77, 0x08905F76B5375 }, + { 0x5357CE95560A8, 0x43A19E45CDDF2, 0x21F3258B4AB8E, + 0xD8552E88688DD, 0x0571FF18A5885 } + }, + { + { 0x46D410DDD64DF, 0x0B433827D8500, 0x1490D9AA6AE3C, + 0xA3A832205038D, 0x06BB32E52DCF3 }, + { 0x48D361BEE1A57, 0xB7B236FF82F36, 0x042DBE152CD7C, + 0xA3AA9A8FB0E92, 0x08C577517A5B8 } + }, + { + { 0x3F904EEBC1272, 0x9E87D81FBFFAC, 0xCBBC98B027F84, + 0x47E46AD77DD87, 0x06936A3FD6FF7 }, + { 0x5C1FC983A7EBD, 0xC3861FE1AB04C, 0x2EE98E583E47A, + 0xC06A88208311A, 0x05F06A2AB587C } + }, + { + { 0xB50D46918DCC5, 0xD7623C17374B0, 0x100AF24650A6E, + 0x76ABCDAACACE8, 0x077362F591B01 }, + { 0xF24CE4CBABA68, 0x17AD6F4472D96, 0xDDD22E1762847, + 0x862EB6C36DEE5, 0x04B14C39CC5AB } + }, + { + { 0x8AAEC45C61F5C, 0x9D4B9537DBE1B, 0x76C20C90EC649, + 0x3C7D41CB5AAD0, 0x0907960649052 }, + { 0x9B4AE7BA4F107, 0xF75EB882BEB30, 0x7A1F6873C568E, + 0x915C540A9877E, 0x03A076BB9DD1E } + }, + { + { 0x47373E77664A1, 0xF246CEE3E4039, 0x17A3AD55AE744, + 0x673C50A961A5B, 0x03074B5964213 }, + { 0x6220D377E44BA, 0x30DFF14B593D3, 0x639F11299C2B5, + 0x75F5424D44CEF, 0x04C9916DEA07F } + }, + { + { 0x354EA0173B4F1, 0x3C23C00F70746, 0x23BB082BD2021, + 0xE03E43EAAB50C, 0x03BA5119D3123 }, + { 0xD0303F5B9D4DE, 0x17DA67BDD2847, 0xC941956742F2F, + 0x8670F933BDC77, 0x0AEDD9164E240 } + }, + { + { 0x4CD19499A78FB, 0x4BF9B345527F1, 0x2CFC6B462AB5C, + 0x30CDF90F02AF0, 0x0763891F62652 }, + { 0xA3A9532D49775, 0xD7F9EBA15F59D, 0x60BBF021E3327, + 0xF75C23C7B84BE, 0x06EC12F2C706D } + }, + { + { 0x6E8F264E20E8E, 0xC79A7A84175C9, 0xC8EB00ABE6BFE, + 0x16A4CC09C0444, 0x005B3081D0C4E }, + { 0x777AA45F33140, 0xDCE5D45E31EB7, 0xB12F1A56AF7BE, + 0xF9B2B6E019A88, 0x086659CDFD835 } + }, + { + { 0xDBD19DC21EC8C, 0x94FCF81392C18, 0x250B4998F9868, + 0x28EB37D2CD648, 0x0C61C947E4B34 }, + { 0x407880DD9E767, 0x0C83FBE080C2B, 0x9BE5D2C43A899, + 0xAB4EF7D2D6577, 0x08719A555B3B4 } + }, + { + { 0x260A6245E4043, 0x53E7FDFE0EA7D, 0xAC1AB59DE4079, + 0x072EFF3A4158D, 0x0E7090F1949C9 }, + { 0x85612B944E886, 0xE857F61C81A76, 0xAD643D250F939, + 0x88DAC0DAA891E, 0x089300244125B } + }, + { + { 0x1AA7D26977684, 0x58A345A3304B7, 0x37385EABDEDEF, + 0x155E409D29DEE, 0x0EE1DF780B83E }, + { 0x12D91CBB5B437, 0x65A8956370CAC, 0xDE6D66170ED2F, + 0xAC9B8228CFA8A, 0x0FF57C95C3238 } + }, + { + { 0x25634B2ED7097, 0x9156FD30DCCC4, 0x9E98110E35676, + 0x7594CBCD43F55, 0x038477ACC395B }, + { 0x2B90C00EE17FF, 0xF842ED2E33575, 0x1F5BC16874838, + 0x7968CD06422BD, 0x0BC0876AB9E7B } + }, + { + { 0xA35BB0CF664AF, 0x68F9707E3A242, 0x832660126E48F, + 0x72D2717BF54C6, 0x0AAE7333ED12C }, + { 0x2DB7995D586B1, 0xE732237C227B5, 0x65E7DBBE29569, + 0xBBBD8E4193E2A, 0x052706DC3EAA1 } + }, + { + { 0xD8B7BC60055BE, 0xD76E27E4B72BC, 0x81937003CC23E, + 0xA090E337424E4, 0x02AA0E43EAD3D }, + { 0x524F6383C45D2, 0x422A41B2540B8, 0x8A4797D766355, + 0xDF444EFA6DE77, 0x0042170A9079A } + }, +}; + +/* + * Multiply the conventional generator of the curve by the provided + * integer. Return is written in *P. + * + * Assumptions: + * - Integer is not 0, and is lower than the curve order. + * If this conditions is not met, then the result is indeterminate + * (but the process is still constant-time). + */ +static void +p256_mulgen(p256_jacobian *P, const unsigned char *k, size_t klen) +{ + point_mul_inner(P, P256_Gwin, k, klen); +} + +/* + * Return 1 if all of the following hold: + * - klen <= 32 + * - k != 0 + * - k is lower than the curve order + * Otherwise, return 0. + * + * Constant-time behaviour: only klen may be observable. + */ +static uint32_t +check_scalar(const unsigned char *k, size_t klen) +{ + uint32_t z; + int32_t c; + size_t u; + + if (klen > 32) { + return 0; + } + z = 0; + for (u = 0; u < klen; u ++) { + z |= k[u]; + } + if (klen == 32) { + c = 0; + for (u = 0; u < klen; u ++) { + c |= -(int32_t)EQ0(c) & CMP(k[u], P256_N[u]); + } + } else { + c = -1; + } + return NEQ(z, 0) & LT0(c); +} + +static uint32_t +api_mul(unsigned char *G, size_t Glen, + const unsigned char *k, size_t klen, int curve) +{ + uint32_t r; + p256_jacobian P; + + (void)curve; + if (Glen != 65) { + return 0; + } + r = check_scalar(k, klen); + r &= point_decode(&P, G); + p256_mul(&P, k, klen); + r &= point_encode(G, &P); + return r; +} + +static size_t +api_mulgen(unsigned char *R, + const unsigned char *k, size_t klen, int curve) +{ + p256_jacobian P; + + (void)curve; + p256_mulgen(&P, k, klen); + point_encode(R, &P); + return 65; +} + +static uint32_t +api_muladd(unsigned char *A, const unsigned char *B, size_t len, + const unsigned char *x, size_t xlen, + const unsigned char *y, size_t ylen, int curve) +{ + /* + * We might want to use Shamir's trick here: make a composite + * window of u*P+v*Q points, to merge the two doubling-ladders + * into one. This, however, has some complications: + * + * - During the computation, we may hit the point-at-infinity. + * Thus, we would need p256_add_complete_mixed() (complete + * formulas for point addition), with a higher cost (17 muls + * instead of 11). + * + * - A 4-bit window would be too large, since it would involve + * 16*16-1 = 255 points. For the same window size as in the + * p256_mul() case, we would need to reduce the window size + * to 2 bits, and thus perform twice as many non-doubling + * point additions. + * + * - The window may itself contain the point-at-infinity, and + * thus cannot be in all generality be made of affine points. + * Instead, we would need to make it a window of points in + * Jacobian coordinates. Even p256_add_complete_mixed() would + * be inappropriate. + * + * For these reasons, the code below performs two separate + * point multiplications, then computes the final point addition + * (which is both a "normal" addition, and a doubling, to handle + * all cases). + */ + + p256_jacobian P, Q; + uint32_t r, t, s; + uint64_t z; + + (void)curve; + if (len != 65) { + return 0; + } + r = point_decode(&P, A); + p256_mul(&P, x, xlen); + if (B == NULL) { + p256_mulgen(&Q, y, ylen); + } else { + r &= point_decode(&Q, B); + p256_mul(&Q, y, ylen); + } + + /* + * The final addition may fail in case both points are equal. + */ + t = p256_add(&P, &Q); + f256_final_reduce(P.z); + z = P.z[0] | P.z[1] | P.z[2] | P.z[3] | P.z[4]; + s = EQ((uint32_t)(z | (z >> 32)), 0); + p256_double(&Q); + + /* + * If s is 1 then either P+Q = 0 (t = 1) or P = Q (t = 0). So we + * have the following: + * + * s = 0, t = 0 return P (normal addition) + * s = 0, t = 1 return P (normal addition) + * s = 1, t = 0 return Q (a 'double' case) + * s = 1, t = 1 report an error (P+Q = 0) + */ + CCOPY(s & ~t, &P, &Q, sizeof Q); + point_encode(A, &P); + r &= ~(s & t); + return r; +} + +/* see bearssl_ec.h */ +const br_ec_impl br_ec_p256_m62 = { + (uint32_t)0x00800000, + &api_generator, + &api_order, + &api_xoff, + &api_mul, + &api_mulgen, + &api_muladd +}; + +/* see bearssl_ec.h */ +const br_ec_impl * +br_ec_p256_m62_get(void) +{ + return &br_ec_p256_m62; +} + +#else + +/* see bearssl_ec.h */ +const br_ec_impl * +br_ec_p256_m62_get(void) +{ + return 0; +} + +#endif diff --git a/src/bearssl/src/ec/ec_p256_m64.c b/src/bearssl/src/ec/ec_p256_m64.c new file mode 100644 index 0000000..5a7ea17 --- /dev/null +++ b/src/bearssl/src/ec/ec_p256_m64.c @@ -0,0 +1,1730 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +#if BR_INT128 || BR_UMUL128 + +#if BR_UMUL128 +#include +#endif + +static const unsigned char P256_G[] = { + 0x04, 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, + 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, + 0x81, 0x2D, 0xEB, 0x33, 0xA0, 0xF4, 0xA1, 0x39, 0x45, 0xD8, + 0x98, 0xC2, 0x96, 0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, + 0x9B, 0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16, 0x2B, + 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE, 0xCB, 0xB6, 0x40, + 0x68, 0x37, 0xBF, 0x51, 0xF5 +}; + +static const unsigned char P256_N[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, + 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, + 0x25, 0x51 +}; + +static const unsigned char * +api_generator(int curve, size_t *len) +{ + (void)curve; + *len = sizeof P256_G; + return P256_G; +} + +static const unsigned char * +api_order(int curve, size_t *len) +{ + (void)curve; + *len = sizeof P256_N; + return P256_N; +} + +static size_t +api_xoff(int curve, size_t *len) +{ + (void)curve; + *len = 32; + return 1; +} + +/* + * A field element is encoded as four 64-bit integers, in basis 2^64. + * Values may reach up to 2^256-1. Montgomery multiplication is used. + */ + +/* R = 2^256 mod p */ +static const uint64_t F256_R[] = { + 0x0000000000000001, 0xFFFFFFFF00000000, + 0xFFFFFFFFFFFFFFFF, 0x00000000FFFFFFFE +}; + +/* Curve equation is y^2 = x^3 - 3*x + B. This constant is B*R mod p + (Montgomery representation of B). */ +static const uint64_t P256_B_MONTY[] = { + 0xD89CDF6229C4BDDF, 0xACF005CD78843090, + 0xE5A220ABF7212ED6, 0xDC30061D04874834 +}; + +/* + * Addition in the field. + */ +static inline void +f256_add(uint64_t *d, const uint64_t *a, const uint64_t *b) +{ +#if BR_INT128 + unsigned __int128 w; + uint64_t t; + + w = (unsigned __int128)a[0] + b[0]; + d[0] = (uint64_t)w; + w = (unsigned __int128)a[1] + b[1] + (w >> 64); + d[1] = (uint64_t)w; + w = (unsigned __int128)a[2] + b[2] + (w >> 64); + d[2] = (uint64_t)w; + w = (unsigned __int128)a[3] + b[3] + (w >> 64); + d[3] = (uint64_t)w; + t = (uint64_t)(w >> 64); + + /* + * 2^256 = 2^224 - 2^192 - 2^96 + 1 in the field. + */ + w = (unsigned __int128)d[0] + t; + d[0] = (uint64_t)w; + w = (unsigned __int128)d[1] + (w >> 64) - (t << 32); + d[1] = (uint64_t)w; + /* Here, carry "w >> 64" can only be 0 or -1 */ + w = (unsigned __int128)d[2] - ((w >> 64) & 1); + d[2] = (uint64_t)w; + /* Again, carry is 0 or -1 */ + d[3] += (uint64_t)(w >> 64) + (t << 32) - t; + +#elif BR_UMUL128 + + unsigned char cc; + uint64_t t; + + cc = _addcarry_u64(0, a[0], b[0], &d[0]); + cc = _addcarry_u64(cc, a[1], b[1], &d[1]); + cc = _addcarry_u64(cc, a[2], b[2], &d[2]); + cc = _addcarry_u64(cc, a[3], b[3], &d[3]); + + /* + * If there is a carry, then we want to subtract p, which we + * do by adding 2^256 - p. + */ + t = cc; + cc = _addcarry_u64(cc, d[0], 0, &d[0]); + cc = _addcarry_u64(cc, d[1], -(t << 32), &d[1]); + cc = _addcarry_u64(cc, d[2], -t, &d[2]); + (void)_addcarry_u64(cc, d[3], (t << 32) - (t << 1), &d[3]); + +#endif +} + +/* + * Subtraction in the field. + */ +static inline void +f256_sub(uint64_t *d, const uint64_t *a, const uint64_t *b) +{ +#if BR_INT128 + + unsigned __int128 w; + uint64_t t; + + w = (unsigned __int128)a[0] - b[0]; + d[0] = (uint64_t)w; + w = (unsigned __int128)a[1] - b[1] - ((w >> 64) & 1); + d[1] = (uint64_t)w; + w = (unsigned __int128)a[2] - b[2] - ((w >> 64) & 1); + d[2] = (uint64_t)w; + w = (unsigned __int128)a[3] - b[3] - ((w >> 64) & 1); + d[3] = (uint64_t)w; + t = (uint64_t)(w >> 64) & 1; + + /* + * p = 2^256 - 2^224 + 2^192 + 2^96 - 1. + */ + w = (unsigned __int128)d[0] - t; + d[0] = (uint64_t)w; + w = (unsigned __int128)d[1] + (t << 32) - ((w >> 64) & 1); + d[1] = (uint64_t)w; + /* Here, carry "w >> 64" can only be 0 or +1 */ + w = (unsigned __int128)d[2] + (w >> 64); + d[2] = (uint64_t)w; + /* Again, carry is 0 or +1 */ + d[3] += (uint64_t)(w >> 64) - (t << 32) + t; + +#elif BR_UMUL128 + + unsigned char cc; + uint64_t t; + + cc = _subborrow_u64(0, a[0], b[0], &d[0]); + cc = _subborrow_u64(cc, a[1], b[1], &d[1]); + cc = _subborrow_u64(cc, a[2], b[2], &d[2]); + cc = _subborrow_u64(cc, a[3], b[3], &d[3]); + + /* + * If there is a carry, then we need to add p. + */ + t = cc; + cc = _addcarry_u64(0, d[0], -t, &d[0]); + cc = _addcarry_u64(cc, d[1], (-t) >> 32, &d[1]); + cc = _addcarry_u64(cc, d[2], 0, &d[2]); + (void)_addcarry_u64(cc, d[3], t - (t << 32), &d[3]); + +#endif +} + +/* + * Montgomery multiplication in the field. + */ +static void +f256_montymul(uint64_t *d, const uint64_t *a, const uint64_t *b) +{ +#if BR_INT128 + + uint64_t x, f, t0, t1, t2, t3, t4; + unsigned __int128 z, ff; + int i; + + /* + * When computing d <- d + a[u]*b, we also add f*p such + * that d + a[u]*b + f*p is a multiple of 2^64. Since + * p = -1 mod 2^64, we can compute f = d[0] + a[u]*b[0] mod 2^64. + */ + + /* + * Step 1: t <- (a[0]*b + f*p) / 2^64 + * We have f = a[0]*b[0] mod 2^64. Since p = -1 mod 2^64, this + * ensures that (a[0]*b + f*p) is a multiple of 2^64. + * + * We also have: f*p = f*2^256 - f*2^224 + f*2^192 + f*2^96 - f. + */ + x = a[0]; + z = (unsigned __int128)b[0] * x; + f = (uint64_t)z; + z = (unsigned __int128)b[1] * x + (z >> 64) + (uint64_t)(f << 32); + t0 = (uint64_t)z; + z = (unsigned __int128)b[2] * x + (z >> 64) + (uint64_t)(f >> 32); + t1 = (uint64_t)z; + z = (unsigned __int128)b[3] * x + (z >> 64) + f; + t2 = (uint64_t)z; + t3 = (uint64_t)(z >> 64); + ff = ((unsigned __int128)f << 64) - ((unsigned __int128)f << 32); + z = (unsigned __int128)t2 + (uint64_t)ff; + t2 = (uint64_t)z; + z = (unsigned __int128)t3 + (z >> 64) + (ff >> 64); + t3 = (uint64_t)z; + t4 = (uint64_t)(z >> 64); + + /* + * Steps 2 to 4: t <- (t + a[i]*b + f*p) / 2^64 + */ + for (i = 1; i < 4; i ++) { + x = a[i]; + + /* t <- (t + x*b - f) / 2^64 */ + z = (unsigned __int128)b[0] * x + t0; + f = (uint64_t)z; + z = (unsigned __int128)b[1] * x + t1 + (z >> 64); + t0 = (uint64_t)z; + z = (unsigned __int128)b[2] * x + t2 + (z >> 64); + t1 = (uint64_t)z; + z = (unsigned __int128)b[3] * x + t3 + (z >> 64); + t2 = (uint64_t)z; + z = t4 + (z >> 64); + t3 = (uint64_t)z; + t4 = (uint64_t)(z >> 64); + + /* t <- t + f*2^32, carry in the upper half of z */ + z = (unsigned __int128)t0 + (uint64_t)(f << 32); + t0 = (uint64_t)z; + z = (z >> 64) + (unsigned __int128)t1 + (uint64_t)(f >> 32); + t1 = (uint64_t)z; + + /* t <- t + f*2^192 - f*2^160 + f*2^128 */ + ff = ((unsigned __int128)f << 64) + - ((unsigned __int128)f << 32) + f; + z = (z >> 64) + (unsigned __int128)t2 + (uint64_t)ff; + t2 = (uint64_t)z; + z = (unsigned __int128)t3 + (z >> 64) + (ff >> 64); + t3 = (uint64_t)z; + t4 += (uint64_t)(z >> 64); + } + + /* + * At that point, we have computed t = (a*b + F*p) / 2^256, where + * F is a 256-bit integer whose limbs are the "f" coefficients + * in the steps above. We have: + * a <= 2^256-1 + * b <= 2^256-1 + * F <= 2^256-1 + * Hence: + * a*b + F*p <= (2^256-1)*(2^256-1) + p*(2^256-1) + * a*b + F*p <= 2^256*(2^256 - 2 + p) + 1 - p + * Therefore: + * t < 2^256 + p - 2 + * Since p < 2^256, it follows that: + * t4 can be only 0 or 1 + * t - p < 2^256 + * We can therefore subtract p from t, conditionally on t4, to + * get a nonnegative result that fits on 256 bits. + */ + z = (unsigned __int128)t0 + t4; + t0 = (uint64_t)z; + z = (unsigned __int128)t1 - (t4 << 32) + (z >> 64); + t1 = (uint64_t)z; + z = (unsigned __int128)t2 - (z >> 127); + t2 = (uint64_t)z; + t3 = t3 - (uint64_t)(z >> 127) - t4 + (t4 << 32); + + d[0] = t0; + d[1] = t1; + d[2] = t2; + d[3] = t3; + +#elif BR_UMUL128 + + uint64_t x, f, t0, t1, t2, t3, t4; + uint64_t zl, zh, ffl, ffh; + unsigned char k, m; + int i; + + /* + * When computing d <- d + a[u]*b, we also add f*p such + * that d + a[u]*b + f*p is a multiple of 2^64. Since + * p = -1 mod 2^64, we can compute f = d[0] + a[u]*b[0] mod 2^64. + */ + + /* + * Step 1: t <- (a[0]*b + f*p) / 2^64 + * We have f = a[0]*b[0] mod 2^64. Since p = -1 mod 2^64, this + * ensures that (a[0]*b + f*p) is a multiple of 2^64. + * + * We also have: f*p = f*2^256 - f*2^224 + f*2^192 + f*2^96 - f. + */ + x = a[0]; + + zl = _umul128(b[0], x, &zh); + f = zl; + t0 = zh; + + zl = _umul128(b[1], x, &zh); + k = _addcarry_u64(0, zl, t0, &zl); + (void)_addcarry_u64(k, zh, 0, &zh); + k = _addcarry_u64(0, zl, f << 32, &zl); + (void)_addcarry_u64(k, zh, 0, &zh); + t0 = zl; + t1 = zh; + + zl = _umul128(b[2], x, &zh); + k = _addcarry_u64(0, zl, t1, &zl); + (void)_addcarry_u64(k, zh, 0, &zh); + k = _addcarry_u64(0, zl, f >> 32, &zl); + (void)_addcarry_u64(k, zh, 0, &zh); + t1 = zl; + t2 = zh; + + zl = _umul128(b[3], x, &zh); + k = _addcarry_u64(0, zl, t2, &zl); + (void)_addcarry_u64(k, zh, 0, &zh); + k = _addcarry_u64(0, zl, f, &zl); + (void)_addcarry_u64(k, zh, 0, &zh); + t2 = zl; + t3 = zh; + + t4 = _addcarry_u64(0, t3, f, &t3); + k = _subborrow_u64(0, t2, f << 32, &t2); + k = _subborrow_u64(k, t3, f >> 32, &t3); + (void)_subborrow_u64(k, t4, 0, &t4); + + /* + * Steps 2 to 4: t <- (t + a[i]*b + f*p) / 2^64 + */ + for (i = 1; i < 4; i ++) { + x = a[i]; + /* f = t0 + x * b[0]; -- computed below */ + + /* t <- (t + x*b - f) / 2^64 */ + zl = _umul128(b[0], x, &zh); + k = _addcarry_u64(0, zl, t0, &f); + (void)_addcarry_u64(k, zh, 0, &t0); + + zl = _umul128(b[1], x, &zh); + k = _addcarry_u64(0, zl, t0, &zl); + (void)_addcarry_u64(k, zh, 0, &zh); + k = _addcarry_u64(0, zl, t1, &t0); + (void)_addcarry_u64(k, zh, 0, &t1); + + zl = _umul128(b[2], x, &zh); + k = _addcarry_u64(0, zl, t1, &zl); + (void)_addcarry_u64(k, zh, 0, &zh); + k = _addcarry_u64(0, zl, t2, &t1); + (void)_addcarry_u64(k, zh, 0, &t2); + + zl = _umul128(b[3], x, &zh); + k = _addcarry_u64(0, zl, t2, &zl); + (void)_addcarry_u64(k, zh, 0, &zh); + k = _addcarry_u64(0, zl, t3, &t2); + (void)_addcarry_u64(k, zh, 0, &t3); + + t4 = _addcarry_u64(0, t3, t4, &t3); + + /* t <- t + f*2^32, carry in k */ + k = _addcarry_u64(0, t0, f << 32, &t0); + k = _addcarry_u64(k, t1, f >> 32, &t1); + + /* t <- t + f*2^192 - f*2^160 + f*2^128 */ + m = _subborrow_u64(0, f, f << 32, &ffl); + (void)_subborrow_u64(m, f, f >> 32, &ffh); + k = _addcarry_u64(k, t2, ffl, &t2); + k = _addcarry_u64(k, t3, ffh, &t3); + (void)_addcarry_u64(k, t4, 0, &t4); + } + + /* + * At that point, we have computed t = (a*b + F*p) / 2^256, where + * F is a 256-bit integer whose limbs are the "f" coefficients + * in the steps above. We have: + * a <= 2^256-1 + * b <= 2^256-1 + * F <= 2^256-1 + * Hence: + * a*b + F*p <= (2^256-1)*(2^256-1) + p*(2^256-1) + * a*b + F*p <= 2^256*(2^256 - 2 + p) + 1 - p + * Therefore: + * t < 2^256 + p - 2 + * Since p < 2^256, it follows that: + * t4 can be only 0 or 1 + * t - p < 2^256 + * We can therefore subtract p from t, conditionally on t4, to + * get a nonnegative result that fits on 256 bits. + */ + k = _addcarry_u64(0, t0, t4, &t0); + k = _addcarry_u64(k, t1, -(t4 << 32), &t1); + k = _addcarry_u64(k, t2, -t4, &t2); + (void)_addcarry_u64(k, t3, (t4 << 32) - (t4 << 1), &t3); + + d[0] = t0; + d[1] = t1; + d[2] = t2; + d[3] = t3; + +#endif +} + +/* + * Montgomery squaring in the field; currently a basic wrapper around + * multiplication (inline, should be optimized away). + * TODO: see if some extra speed can be gained here. + */ +static inline void +f256_montysquare(uint64_t *d, const uint64_t *a) +{ + f256_montymul(d, a, a); +} + +/* + * Convert to Montgomery representation. + */ +static void +f256_tomonty(uint64_t *d, const uint64_t *a) +{ + /* + * R2 = 2^512 mod p. + * If R = 2^256 mod p, then R2 = R^2 mod p; and the Montgomery + * multiplication of a by R2 is: a*R2/R = a*R mod p, i.e. the + * conversion to Montgomery representation. + */ + static const uint64_t R2[] = { + 0x0000000000000003, + 0xFFFFFFFBFFFFFFFF, + 0xFFFFFFFFFFFFFFFE, + 0x00000004FFFFFFFD + }; + + f256_montymul(d, a, R2); +} + +/* + * Convert from Montgomery representation. + */ +static void +f256_frommonty(uint64_t *d, const uint64_t *a) +{ + /* + * Montgomery multiplication by 1 is division by 2^256 modulo p. + */ + static const uint64_t one[] = { 1, 0, 0, 0 }; + + f256_montymul(d, a, one); +} + +/* + * Inversion in the field. If the source value is 0 modulo p, then this + * returns 0 or p. This function uses Montgomery representation. + */ +static void +f256_invert(uint64_t *d, const uint64_t *a) +{ + /* + * We compute a^(p-2) mod p. The exponent pattern (from high to + * low) is: + * - 32 bits of value 1 + * - 31 bits of value 0 + * - 1 bit of value 1 + * - 96 bits of value 0 + * - 94 bits of value 1 + * - 1 bit of value 0 + * - 1 bit of value 1 + * To speed up the square-and-multiply algorithm, we precompute + * a^(2^31-1). + */ + + uint64_t r[4], t[4]; + int i; + + memcpy(t, a, sizeof t); + for (i = 0; i < 30; i ++) { + f256_montysquare(t, t); + f256_montymul(t, t, a); + } + + memcpy(r, t, sizeof t); + for (i = 224; i >= 0; i --) { + f256_montysquare(r, r); + switch (i) { + case 0: + case 2: + case 192: + case 224: + f256_montymul(r, r, a); + break; + case 3: + case 34: + case 65: + f256_montymul(r, r, t); + break; + } + } + memcpy(d, r, sizeof r); +} + +/* + * Finalize reduction. + * Input value fits on 256 bits. This function subtracts p if and only + * if the input is greater than or equal to p. + */ +static inline void +f256_final_reduce(uint64_t *a) +{ +#if BR_INT128 + + uint64_t t0, t1, t2, t3, cc; + unsigned __int128 z; + + /* + * We add 2^224 - 2^192 - 2^96 + 1 to a. If there is no carry, + * then a < p; otherwise, the addition result we computed is + * the value we must return. + */ + z = (unsigned __int128)a[0] + 1; + t0 = (uint64_t)z; + z = (unsigned __int128)a[1] + (z >> 64) - ((uint64_t)1 << 32); + t1 = (uint64_t)z; + z = (unsigned __int128)a[2] - (z >> 127); + t2 = (uint64_t)z; + z = (unsigned __int128)a[3] - (z >> 127) + 0xFFFFFFFF; + t3 = (uint64_t)z; + cc = -(uint64_t)(z >> 64); + + a[0] ^= cc & (a[0] ^ t0); + a[1] ^= cc & (a[1] ^ t1); + a[2] ^= cc & (a[2] ^ t2); + a[3] ^= cc & (a[3] ^ t3); + +#elif BR_UMUL128 + + uint64_t t0, t1, t2, t3, m; + unsigned char k; + + k = _addcarry_u64(0, a[0], (uint64_t)1, &t0); + k = _addcarry_u64(k, a[1], -((uint64_t)1 << 32), &t1); + k = _addcarry_u64(k, a[2], -(uint64_t)1, &t2); + k = _addcarry_u64(k, a[3], ((uint64_t)1 << 32) - 2, &t3); + m = -(uint64_t)k; + + a[0] ^= m & (a[0] ^ t0); + a[1] ^= m & (a[1] ^ t1); + a[2] ^= m & (a[2] ^ t2); + a[3] ^= m & (a[3] ^ t3); + +#endif +} + +/* + * Points in affine and Jacobian coordinates. + * + * - In affine coordinates, the point-at-infinity cannot be encoded. + * - Jacobian coordinates (X,Y,Z) correspond to affine (X/Z^2,Y/Z^3); + * if Z = 0 then this is the point-at-infinity. + */ +typedef struct { + uint64_t x[4]; + uint64_t y[4]; +} p256_affine; + +typedef struct { + uint64_t x[4]; + uint64_t y[4]; + uint64_t z[4]; +} p256_jacobian; + +/* + * Decode a point. The returned point is in Jacobian coordinates, but + * with z = 1. If the encoding is invalid, or encodes a point which is + * not on the curve, or encodes the point at infinity, then this function + * returns 0. Otherwise, 1 is returned. + * + * The buffer is assumed to have length exactly 65 bytes. + */ +static uint32_t +point_decode(p256_jacobian *P, const unsigned char *buf) +{ + uint64_t x[4], y[4], t[4], x3[4], tt; + uint32_t r; + + /* + * Header byte shall be 0x04. + */ + r = EQ(buf[0], 0x04); + + /* + * Decode X and Y coordinates, and convert them into + * Montgomery representation. + */ + x[3] = br_dec64be(buf + 1); + x[2] = br_dec64be(buf + 9); + x[1] = br_dec64be(buf + 17); + x[0] = br_dec64be(buf + 25); + y[3] = br_dec64be(buf + 33); + y[2] = br_dec64be(buf + 41); + y[1] = br_dec64be(buf + 49); + y[0] = br_dec64be(buf + 57); + f256_tomonty(x, x); + f256_tomonty(y, y); + + /* + * Verify y^2 = x^3 + A*x + B. In curve P-256, A = -3. + * Note that the Montgomery representation of 0 is 0. We must + * take care to apply the final reduction to make sure we have + * 0 and not p. + */ + f256_montysquare(t, y); + f256_montysquare(x3, x); + f256_montymul(x3, x3, x); + f256_sub(t, t, x3); + f256_add(t, t, x); + f256_add(t, t, x); + f256_add(t, t, x); + f256_sub(t, t, P256_B_MONTY); + f256_final_reduce(t); + tt = t[0] | t[1] | t[2] | t[3]; + r &= EQ((uint32_t)(tt | (tt >> 32)), 0); + + /* + * Return the point in Jacobian coordinates (and Montgomery + * representation). + */ + memcpy(P->x, x, sizeof x); + memcpy(P->y, y, sizeof y); + memcpy(P->z, F256_R, sizeof F256_R); + return r; +} + +/* + * Final conversion for a point: + * - The point is converted back to affine coordinates. + * - Final reduction is performed. + * - The point is encoded into the provided buffer. + * + * If the point is the point-at-infinity, all operations are performed, + * but the buffer contents are indeterminate, and 0 is returned. Otherwise, + * the encoded point is written in the buffer, and 1 is returned. + */ +static uint32_t +point_encode(unsigned char *buf, const p256_jacobian *P) +{ + uint64_t t1[4], t2[4], z; + + /* Set t1 = 1/z^2 and t2 = 1/z^3. */ + f256_invert(t2, P->z); + f256_montysquare(t1, t2); + f256_montymul(t2, t2, t1); + + /* Compute affine coordinates x (in t1) and y (in t2). */ + f256_montymul(t1, P->x, t1); + f256_montymul(t2, P->y, t2); + + /* Convert back from Montgomery representation, and finalize + reductions. */ + f256_frommonty(t1, t1); + f256_frommonty(t2, t2); + f256_final_reduce(t1); + f256_final_reduce(t2); + + /* Encode. */ + buf[0] = 0x04; + br_enc64be(buf + 1, t1[3]); + br_enc64be(buf + 9, t1[2]); + br_enc64be(buf + 17, t1[1]); + br_enc64be(buf + 25, t1[0]); + br_enc64be(buf + 33, t2[3]); + br_enc64be(buf + 41, t2[2]); + br_enc64be(buf + 49, t2[1]); + br_enc64be(buf + 57, t2[0]); + + /* Return success if and only if P->z != 0. */ + z = P->z[0] | P->z[1] | P->z[2] | P->z[3]; + return NEQ((uint32_t)(z | z >> 32), 0); +} + +/* + * Point doubling in Jacobian coordinates: point P is doubled. + * Note: if the source point is the point-at-infinity, then the result is + * still the point-at-infinity, which is correct. Moreover, if the three + * coordinates were zero, then they still are zero in the returned value. + * + * (Note: this is true even without the final reduction: if the three + * coordinates are encoded as four words of value zero each, then the + * result will also have all-zero coordinate encodings, not the alternate + * encoding as the integer p.) + */ +static void +p256_double(p256_jacobian *P) +{ + /* + * Doubling formulas are: + * + * s = 4*x*y^2 + * m = 3*(x + z^2)*(x - z^2) + * x' = m^2 - 2*s + * y' = m*(s - x') - 8*y^4 + * z' = 2*y*z + * + * These formulas work for all points, including points of order 2 + * and points at infinity: + * - If y = 0 then z' = 0. But there is no such point in P-256 + * anyway. + * - If z = 0 then z' = 0. + */ + uint64_t t1[4], t2[4], t3[4], t4[4]; + + /* + * Compute z^2 in t1. + */ + f256_montysquare(t1, P->z); + + /* + * Compute x-z^2 in t2 and x+z^2 in t1. + */ + f256_add(t2, P->x, t1); + f256_sub(t1, P->x, t1); + + /* + * Compute 3*(x+z^2)*(x-z^2) in t1. + */ + f256_montymul(t3, t1, t2); + f256_add(t1, t3, t3); + f256_add(t1, t3, t1); + + /* + * Compute 4*x*y^2 (in t2) and 2*y^2 (in t3). + */ + f256_montysquare(t3, P->y); + f256_add(t3, t3, t3); + f256_montymul(t2, P->x, t3); + f256_add(t2, t2, t2); + + /* + * Compute x' = m^2 - 2*s. + */ + f256_montysquare(P->x, t1); + f256_sub(P->x, P->x, t2); + f256_sub(P->x, P->x, t2); + + /* + * Compute z' = 2*y*z. + */ + f256_montymul(t4, P->y, P->z); + f256_add(P->z, t4, t4); + + /* + * Compute y' = m*(s - x') - 8*y^4. Note that we already have + * 2*y^2 in t3. + */ + f256_sub(t2, t2, P->x); + f256_montymul(P->y, t1, t2); + f256_montysquare(t4, t3); + f256_add(t4, t4, t4); + f256_sub(P->y, P->y, t4); +} + +/* + * Point addition (Jacobian coordinates): P1 is replaced with P1+P2. + * This function computes the wrong result in the following cases: + * + * - If P1 == 0 but P2 != 0 + * - If P1 != 0 but P2 == 0 + * - If P1 == P2 + * + * In all three cases, P1 is set to the point at infinity. + * + * Returned value is 0 if one of the following occurs: + * + * - P1 and P2 have the same Y coordinate. + * - P1 == 0 and P2 == 0. + * - The Y coordinate of one of the points is 0 and the other point is + * the point at infinity. + * + * The third case cannot actually happen with valid points, since a point + * with Y == 0 is a point of order 2, and there is no point of order 2 on + * curve P-256. + * + * Therefore, assuming that P1 != 0 and P2 != 0 on input, then the caller + * can apply the following: + * + * - If the result is not the point at infinity, then it is correct. + * - Otherwise, if the returned value is 1, then this is a case of + * P1+P2 == 0, so the result is indeed the point at infinity. + * - Otherwise, P1 == P2, so a "double" operation should have been + * performed. + * + * Note that you can get a returned value of 0 with a correct result, + * e.g. if P1 and P2 have the same Y coordinate, but distinct X coordinates. + */ +static uint32_t +p256_add(p256_jacobian *P1, const p256_jacobian *P2) +{ + /* + * Addtions formulas are: + * + * u1 = x1 * z2^2 + * u2 = x2 * z1^2 + * s1 = y1 * z2^3 + * s2 = y2 * z1^3 + * h = u2 - u1 + * r = s2 - s1 + * x3 = r^2 - h^3 - 2 * u1 * h^2 + * y3 = r * (u1 * h^2 - x3) - s1 * h^3 + * z3 = h * z1 * z2 + */ + uint64_t t1[4], t2[4], t3[4], t4[4], t5[4], t6[4], t7[4], tt; + uint32_t ret; + + /* + * Compute u1 = x1*z2^2 (in t1) and s1 = y1*z2^3 (in t3). + */ + f256_montysquare(t3, P2->z); + f256_montymul(t1, P1->x, t3); + f256_montymul(t4, P2->z, t3); + f256_montymul(t3, P1->y, t4); + + /* + * Compute u2 = x2*z1^2 (in t2) and s2 = y2*z1^3 (in t4). + */ + f256_montysquare(t4, P1->z); + f256_montymul(t2, P2->x, t4); + f256_montymul(t5, P1->z, t4); + f256_montymul(t4, P2->y, t5); + + /* + * Compute h = h2 - u1 (in t2) and r = s2 - s1 (in t4). + * We need to test whether r is zero, so we will do some extra + * reduce. + */ + f256_sub(t2, t2, t1); + f256_sub(t4, t4, t3); + f256_final_reduce(t4); + tt = t4[0] | t4[1] | t4[2] | t4[3]; + ret = (uint32_t)(tt | (tt >> 32)); + ret = (ret | -ret) >> 31; + + /* + * Compute u1*h^2 (in t6) and h^3 (in t5); + */ + f256_montysquare(t7, t2); + f256_montymul(t6, t1, t7); + f256_montymul(t5, t7, t2); + + /* + * Compute x3 = r^2 - h^3 - 2*u1*h^2. + */ + f256_montysquare(P1->x, t4); + f256_sub(P1->x, P1->x, t5); + f256_sub(P1->x, P1->x, t6); + f256_sub(P1->x, P1->x, t6); + + /* + * Compute y3 = r*(u1*h^2 - x3) - s1*h^3. + */ + f256_sub(t6, t6, P1->x); + f256_montymul(P1->y, t4, t6); + f256_montymul(t1, t5, t3); + f256_sub(P1->y, P1->y, t1); + + /* + * Compute z3 = h*z1*z2. + */ + f256_montymul(t1, P1->z, P2->z); + f256_montymul(P1->z, t1, t2); + + return ret; +} + +/* + * Point addition (mixed coordinates): P1 is replaced with P1+P2. + * This is a specialised function for the case when P2 is a non-zero point + * in affine coordinates. + * + * This function computes the wrong result in the following cases: + * + * - If P1 == 0 + * - If P1 == P2 + * + * In both cases, P1 is set to the point at infinity. + * + * Returned value is 0 if one of the following occurs: + * + * - P1 and P2 have the same Y (affine) coordinate. + * - The Y coordinate of P2 is 0 and P1 is the point at infinity. + * + * The second case cannot actually happen with valid points, since a point + * with Y == 0 is a point of order 2, and there is no point of order 2 on + * curve P-256. + * + * Therefore, assuming that P1 != 0 on input, then the caller + * can apply the following: + * + * - If the result is not the point at infinity, then it is correct. + * - Otherwise, if the returned value is 1, then this is a case of + * P1+P2 == 0, so the result is indeed the point at infinity. + * - Otherwise, P1 == P2, so a "double" operation should have been + * performed. + * + * Again, a value of 0 may be returned in some cases where the addition + * result is correct. + */ +static uint32_t +p256_add_mixed(p256_jacobian *P1, const p256_affine *P2) +{ + /* + * Addtions formulas are: + * + * u1 = x1 + * u2 = x2 * z1^2 + * s1 = y1 + * s2 = y2 * z1^3 + * h = u2 - u1 + * r = s2 - s1 + * x3 = r^2 - h^3 - 2 * u1 * h^2 + * y3 = r * (u1 * h^2 - x3) - s1 * h^3 + * z3 = h * z1 + */ + uint64_t t1[4], t2[4], t3[4], t4[4], t5[4], t6[4], t7[4], tt; + uint32_t ret; + + /* + * Compute u1 = x1 (in t1) and s1 = y1 (in t3). + */ + memcpy(t1, P1->x, sizeof t1); + memcpy(t3, P1->y, sizeof t3); + + /* + * Compute u2 = x2*z1^2 (in t2) and s2 = y2*z1^3 (in t4). + */ + f256_montysquare(t4, P1->z); + f256_montymul(t2, P2->x, t4); + f256_montymul(t5, P1->z, t4); + f256_montymul(t4, P2->y, t5); + + /* + * Compute h = h2 - u1 (in t2) and r = s2 - s1 (in t4). + * We need to test whether r is zero, so we will do some extra + * reduce. + */ + f256_sub(t2, t2, t1); + f256_sub(t4, t4, t3); + f256_final_reduce(t4); + tt = t4[0] | t4[1] | t4[2] | t4[3]; + ret = (uint32_t)(tt | (tt >> 32)); + ret = (ret | -ret) >> 31; + + /* + * Compute u1*h^2 (in t6) and h^3 (in t5); + */ + f256_montysquare(t7, t2); + f256_montymul(t6, t1, t7); + f256_montymul(t5, t7, t2); + + /* + * Compute x3 = r^2 - h^3 - 2*u1*h^2. + */ + f256_montysquare(P1->x, t4); + f256_sub(P1->x, P1->x, t5); + f256_sub(P1->x, P1->x, t6); + f256_sub(P1->x, P1->x, t6); + + /* + * Compute y3 = r*(u1*h^2 - x3) - s1*h^3. + */ + f256_sub(t6, t6, P1->x); + f256_montymul(P1->y, t4, t6); + f256_montymul(t1, t5, t3); + f256_sub(P1->y, P1->y, t1); + + /* + * Compute z3 = h*z1*z2. + */ + f256_montymul(P1->z, P1->z, t2); + + return ret; +} + +#if 0 +/* unused */ +/* + * Point addition (mixed coordinates, complete): P1 is replaced with P1+P2. + * This is a specialised function for the case when P2 is a non-zero point + * in affine coordinates. + * + * This function returns the correct result in all cases. + */ +static uint32_t +p256_add_complete_mixed(p256_jacobian *P1, const p256_affine *P2) +{ + /* + * Addtions formulas, in the general case, are: + * + * u1 = x1 + * u2 = x2 * z1^2 + * s1 = y1 + * s2 = y2 * z1^3 + * h = u2 - u1 + * r = s2 - s1 + * x3 = r^2 - h^3 - 2 * u1 * h^2 + * y3 = r * (u1 * h^2 - x3) - s1 * h^3 + * z3 = h * z1 + * + * These formulas mishandle the two following cases: + * + * - If P1 is the point-at-infinity (z1 = 0), then z3 is + * incorrectly set to 0. + * + * - If P1 = P2, then u1 = u2 and s1 = s2, and x3, y3 and z3 + * are all set to 0. + * + * However, if P1 + P2 = 0, then u1 = u2 but s1 != s2, and then + * we correctly get z3 = 0 (the point-at-infinity). + * + * To fix the case P1 = 0, we perform at the end a copy of P2 + * over P1, conditional to z1 = 0. + * + * For P1 = P2: in that case, both h and r are set to 0, and + * we get x3, y3 and z3 equal to 0. We can test for that + * occurrence to make a mask which will be all-one if P1 = P2, + * or all-zero otherwise; then we can compute the double of P2 + * and add it, combined with the mask, to (x3,y3,z3). + * + * Using the doubling formulas in p256_double() on (x2,y2), + * simplifying since P2 is affine (i.e. z2 = 1, implicitly), + * we get: + * s = 4*x2*y2^2 + * m = 3*(x2 + 1)*(x2 - 1) + * x' = m^2 - 2*s + * y' = m*(s - x') - 8*y2^4 + * z' = 2*y2 + * which requires only 6 multiplications. Added to the 11 + * multiplications of the normal mixed addition in Jacobian + * coordinates, we get a cost of 17 multiplications in total. + */ + uint64_t t1[4], t2[4], t3[4], t4[4], t5[4], t6[4], t7[4], tt, zz; + int i; + + /* + * Set zz to -1 if P1 is the point at infinity, 0 otherwise. + */ + zz = P1->z[0] | P1->z[1] | P1->z[2] | P1->z[3]; + zz = ((zz | -zz) >> 63) - (uint64_t)1; + + /* + * Compute u1 = x1 (in t1) and s1 = y1 (in t3). + */ + memcpy(t1, P1->x, sizeof t1); + memcpy(t3, P1->y, sizeof t3); + + /* + * Compute u2 = x2*z1^2 (in t2) and s2 = y2*z1^3 (in t4). + */ + f256_montysquare(t4, P1->z); + f256_montymul(t2, P2->x, t4); + f256_montymul(t5, P1->z, t4); + f256_montymul(t4, P2->y, t5); + + /* + * Compute h = h2 - u1 (in t2) and r = s2 - s1 (in t4). + * reduce. + */ + f256_sub(t2, t2, t1); + f256_sub(t4, t4, t3); + + /* + * If both h = 0 and r = 0, then P1 = P2, and we want to set + * the mask tt to -1; otherwise, the mask will be 0. + */ + f256_final_reduce(t2); + f256_final_reduce(t4); + tt = t2[0] | t2[1] | t2[2] | t2[3] | t4[0] | t4[1] | t4[2] | t4[3]; + tt = ((tt | -tt) >> 63) - (uint64_t)1; + + /* + * Compute u1*h^2 (in t6) and h^3 (in t5); + */ + f256_montysquare(t7, t2); + f256_montymul(t6, t1, t7); + f256_montymul(t5, t7, t2); + + /* + * Compute x3 = r^2 - h^3 - 2*u1*h^2. + */ + f256_montysquare(P1->x, t4); + f256_sub(P1->x, P1->x, t5); + f256_sub(P1->x, P1->x, t6); + f256_sub(P1->x, P1->x, t6); + + /* + * Compute y3 = r*(u1*h^2 - x3) - s1*h^3. + */ + f256_sub(t6, t6, P1->x); + f256_montymul(P1->y, t4, t6); + f256_montymul(t1, t5, t3); + f256_sub(P1->y, P1->y, t1); + + /* + * Compute z3 = h*z1. + */ + f256_montymul(P1->z, P1->z, t2); + + /* + * The "double" result, in case P1 = P2. + */ + + /* + * Compute z' = 2*y2 (in t1). + */ + f256_add(t1, P2->y, P2->y); + + /* + * Compute 2*(y2^2) (in t2) and s = 4*x2*(y2^2) (in t3). + */ + f256_montysquare(t2, P2->y); + f256_add(t2, t2, t2); + f256_add(t3, t2, t2); + f256_montymul(t3, P2->x, t3); + + /* + * Compute m = 3*(x2^2 - 1) (in t4). + */ + f256_montysquare(t4, P2->x); + f256_sub(t4, t4, F256_R); + f256_add(t5, t4, t4); + f256_add(t4, t4, t5); + + /* + * Compute x' = m^2 - 2*s (in t5). + */ + f256_montysquare(t5, t4); + f256_sub(t5, t3); + f256_sub(t5, t3); + + /* + * Compute y' = m*(s - x') - 8*y2^4 (in t6). + */ + f256_sub(t6, t3, t5); + f256_montymul(t6, t6, t4); + f256_montysquare(t7, t2); + f256_sub(t6, t6, t7); + f256_sub(t6, t6, t7); + + /* + * We now have the alternate (doubling) coordinates in (t5,t6,t1). + * We combine them with (x3,y3,z3). + */ + for (i = 0; i < 4; i ++) { + P1->x[i] |= tt & t5[i]; + P1->y[i] |= tt & t6[i]; + P1->z[i] |= tt & t1[i]; + } + + /* + * If P1 = 0, then we get z3 = 0 (which is invalid); if z1 is 0, + * then we want to replace the result with a copy of P2. The + * test on z1 was done at the start, in the zz mask. + */ + for (i = 0; i < 4; i ++) { + P1->x[i] ^= zz & (P1->x[i] ^ P2->x[i]); + P1->y[i] ^= zz & (P1->y[i] ^ P2->y[i]); + P1->z[i] ^= zz & (P1->z[i] ^ F256_R[i]); + } +} +#endif + +/* + * Inner function for computing a point multiplication. A window is + * provided, with points 1*P to 15*P in affine coordinates. + * + * Assumptions: + * - All provided points are valid points on the curve. + * - Multiplier is non-zero, and smaller than the curve order. + * - Everything is in Montgomery representation. + */ +static void +point_mul_inner(p256_jacobian *R, const p256_affine *W, + const unsigned char *k, size_t klen) +{ + p256_jacobian Q; + uint32_t qz; + + memset(&Q, 0, sizeof Q); + qz = 1; + while (klen -- > 0) { + int i; + unsigned bk; + + bk = *k ++; + for (i = 0; i < 2; i ++) { + uint32_t bits; + uint32_t bnz; + p256_affine T; + p256_jacobian U; + uint32_t n; + int j; + uint64_t m; + + p256_double(&Q); + p256_double(&Q); + p256_double(&Q); + p256_double(&Q); + bits = (bk >> 4) & 0x0F; + bnz = NEQ(bits, 0); + + /* + * Lookup point in window. If the bits are 0, + * we get something invalid, which is not a + * problem because we will use it only if the + * bits are non-zero. + */ + memset(&T, 0, sizeof T); + for (n = 0; n < 15; n ++) { + m = -(uint64_t)EQ(bits, n + 1); + T.x[0] |= m & W[n].x[0]; + T.x[1] |= m & W[n].x[1]; + T.x[2] |= m & W[n].x[2]; + T.x[3] |= m & W[n].x[3]; + T.y[0] |= m & W[n].y[0]; + T.y[1] |= m & W[n].y[1]; + T.y[2] |= m & W[n].y[2]; + T.y[3] |= m & W[n].y[3]; + } + + U = Q; + p256_add_mixed(&U, &T); + + /* + * If qz is still 1, then Q was all-zeros, and this + * is conserved through p256_double(). + */ + m = -(uint64_t)(bnz & qz); + for (j = 0; j < 4; j ++) { + Q.x[j] |= m & T.x[j]; + Q.y[j] |= m & T.y[j]; + Q.z[j] |= m & F256_R[j]; + } + CCOPY(bnz & ~qz, &Q, &U, sizeof Q); + qz &= ~bnz; + bk <<= 4; + } + } + *R = Q; +} + +/* + * Convert a window from Jacobian to affine coordinates. A single + * field inversion is used. This function works for windows up to + * 32 elements. + * + * The destination array (aff[]) and the source array (jac[]) may + * overlap, provided that the start of aff[] is not after the start of + * jac[]. Even if the arrays do _not_ overlap, the source array is + * modified. + */ +static void +window_to_affine(p256_affine *aff, p256_jacobian *jac, int num) +{ + /* + * Convert the window points to affine coordinates. We use the + * following trick to mutualize the inversion computation: if + * we have z1, z2, z3, and z4, and want to inverse all of them, + * we compute u = 1/(z1*z2*z3*z4), and then we have: + * 1/z1 = u*z2*z3*z4 + * 1/z2 = u*z1*z3*z4 + * 1/z3 = u*z1*z2*z4 + * 1/z4 = u*z1*z2*z3 + * + * The partial products are computed recursively: + * + * - on input (z_1,z_2), return (z_2,z_1) and z_1*z_2 + * - on input (z_1,z_2,... z_n): + * recurse on (z_1,z_2,... z_(n/2)) -> r1 and m1 + * recurse on (z_(n/2+1),z_(n/2+2)... z_n) -> r2 and m2 + * multiply elements of r1 by m2 -> s1 + * multiply elements of r2 by m1 -> s2 + * return r1||r2 and m1*m2 + * + * In the example below, we suppose that we have 14 elements. + * Let z1, z2,... zE be the 14 values to invert (index noted in + * hexadecimal, starting at 1). + * + * - Depth 1: + * swap(z1, z2); z12 = z1*z2 + * swap(z3, z4); z34 = z3*z4 + * swap(z5, z6); z56 = z5*z6 + * swap(z7, z8); z78 = z7*z8 + * swap(z9, zA); z9A = z9*zA + * swap(zB, zC); zBC = zB*zC + * swap(zD, zE); zDE = zD*zE + * + * - Depth 2: + * z1 <- z1*z34, z2 <- z2*z34, z3 <- z3*z12, z4 <- z4*z12 + * z1234 = z12*z34 + * z5 <- z5*z78, z6 <- z6*z78, z7 <- z7*z56, z8 <- z8*z56 + * z5678 = z56*z78 + * z9 <- z9*zBC, zA <- zA*zBC, zB <- zB*z9A, zC <- zC*z9A + * z9ABC = z9A*zBC + * + * - Depth 3: + * z1 <- z1*z5678, z2 <- z2*z5678, z3 <- z3*z5678, z4 <- z4*z5678 + * z5 <- z5*z1234, z6 <- z6*z1234, z7 <- z7*z1234, z8 <- z8*z1234 + * z12345678 = z1234*z5678 + * z9 <- z9*zDE, zA <- zA*zDE, zB <- zB*zDE, zC <- zC*zDE + * zD <- zD*z9ABC, zE*z9ABC + * z9ABCDE = z9ABC*zDE + * + * - Depth 4: + * multiply z1..z8 by z9ABCDE + * multiply z9..zE by z12345678 + * final z = z12345678*z9ABCDE + */ + + uint64_t z[16][4]; + int i, k, s; +#define zt (z[15]) +#define zu (z[14]) +#define zv (z[13]) + + /* + * First recursion step (pairwise swapping and multiplication). + * If there is an odd number of elements, then we "invent" an + * extra one with coordinate Z = 1 (in Montgomery representation). + */ + for (i = 0; (i + 1) < num; i += 2) { + memcpy(zt, jac[i].z, sizeof zt); + memcpy(jac[i].z, jac[i + 1].z, sizeof zt); + memcpy(jac[i + 1].z, zt, sizeof zt); + f256_montymul(z[i >> 1], jac[i].z, jac[i + 1].z); + } + if ((num & 1) != 0) { + memcpy(z[num >> 1], jac[num - 1].z, sizeof zt); + memcpy(jac[num - 1].z, F256_R, sizeof F256_R); + } + + /* + * Perform further recursion steps. At the entry of each step, + * the process has been done for groups of 's' points. The + * integer k is the log2 of s. + */ + for (k = 1, s = 2; s < num; k ++, s <<= 1) { + int n; + + for (i = 0; i < num; i ++) { + f256_montymul(jac[i].z, jac[i].z, z[(i >> k) ^ 1]); + } + n = (num + s - 1) >> k; + for (i = 0; i < (n >> 1); i ++) { + f256_montymul(z[i], z[i << 1], z[(i << 1) + 1]); + } + if ((n & 1) != 0) { + memmove(z[n >> 1], z[n], sizeof zt); + } + } + + /* + * Invert the final result, and convert all points. + */ + f256_invert(zt, z[0]); + for (i = 0; i < num; i ++) { + f256_montymul(zv, jac[i].z, zt); + f256_montysquare(zu, zv); + f256_montymul(zv, zv, zu); + f256_montymul(aff[i].x, jac[i].x, zu); + f256_montymul(aff[i].y, jac[i].y, zv); + } +} + +/* + * Multiply the provided point by an integer. + * Assumptions: + * - Source point is a valid curve point. + * - Source point is not the point-at-infinity. + * - Integer is not 0, and is lower than the curve order. + * If these conditions are not met, then the result is indeterminate + * (but the process is still constant-time). + */ +static void +p256_mul(p256_jacobian *P, const unsigned char *k, size_t klen) +{ + union { + p256_affine aff[15]; + p256_jacobian jac[15]; + } window; + int i; + + /* + * Compute window, in Jacobian coordinates. + */ + window.jac[0] = *P; + for (i = 2; i < 16; i ++) { + window.jac[i - 1] = window.jac[(i >> 1) - 1]; + if ((i & 1) == 0) { + p256_double(&window.jac[i - 1]); + } else { + p256_add(&window.jac[i - 1], &window.jac[i >> 1]); + } + } + + /* + * Convert the window points to affine coordinates. Point + * window[0] is the source point, already in affine coordinates. + */ + window_to_affine(window.aff, window.jac, 15); + + /* + * Perform point multiplication. + */ + point_mul_inner(P, window.aff, k, klen); +} + +/* + * Precomputed window for the conventional generator: P256_Gwin[n] + * contains (n+1)*G (affine coordinates, in Montgomery representation). + */ +static const p256_affine P256_Gwin[] = { + { + { 0x79E730D418A9143C, 0x75BA95FC5FEDB601, + 0x79FB732B77622510, 0x18905F76A53755C6 }, + { 0xDDF25357CE95560A, 0x8B4AB8E4BA19E45C, + 0xD2E88688DD21F325, 0x8571FF1825885D85 } + }, + { + { 0x850046D410DDD64D, 0xAA6AE3C1A433827D, + 0x732205038D1490D9, 0xF6BB32E43DCF3A3B }, + { 0x2F3648D361BEE1A5, 0x152CD7CBEB236FF8, + 0x19A8FB0E92042DBE, 0x78C577510A5B8A3B } + }, + { + { 0xFFAC3F904EEBC127, 0xB027F84A087D81FB, + 0x66AD77DD87CBBC98, 0x26936A3FB6FF747E }, + { 0xB04C5C1FC983A7EB, 0x583E47AD0861FE1A, + 0x788208311A2EE98E, 0xD5F06A29E587CC07 } + }, + { + { 0x74B0B50D46918DCC, 0x4650A6EDC623C173, + 0x0CDAACACE8100AF2, 0x577362F541B0176B }, + { 0x2D96F24CE4CBABA6, 0x17628471FAD6F447, + 0x6B6C36DEE5DDD22E, 0x84B14C394C5AB863 } + }, + { + { 0xBE1B8AAEC45C61F5, 0x90EC649A94B9537D, + 0x941CB5AAD076C20C, 0xC9079605890523C8 }, + { 0xEB309B4AE7BA4F10, 0x73C568EFE5EB882B, + 0x3540A9877E7A1F68, 0x73A076BB2DD1E916 } + }, + { + { 0x403947373E77664A, 0x55AE744F346CEE3E, + 0xD50A961A5B17A3AD, 0x13074B5954213673 }, + { 0x93D36220D377E44B, 0x299C2B53ADFF14B5, + 0xF424D44CEF639F11, 0xA4C9916D4A07F75F } + }, + { + { 0x0746354EA0173B4F, 0x2BD20213D23C00F7, + 0xF43EAAB50C23BB08, 0x13BA5119C3123E03 }, + { 0x2847D0303F5B9D4D, 0x6742F2F25DA67BDD, + 0xEF933BDC77C94195, 0xEAEDD9156E240867 } + }, + { + { 0x27F14CD19499A78F, 0x462AB5C56F9B3455, + 0x8F90F02AF02CFC6B, 0xB763891EB265230D }, + { 0xF59DA3A9532D4977, 0x21E3327DCF9EBA15, + 0x123C7B84BE60BBF0, 0x56EC12F27706DF76 } + }, + { + { 0x75C96E8F264E20E8, 0xABE6BFED59A7A841, + 0x2CC09C0444C8EB00, 0xE05B3080F0C4E16B }, + { 0x1EB7777AA45F3314, 0x56AF7BEDCE5D45E3, + 0x2B6E019A88B12F1A, 0x086659CDFD835F9B } + }, + { + { 0x2C18DBD19DC21EC8, 0x98F9868A0FCF8139, + 0x737D2CD648250B49, 0xCC61C94724B3428F }, + { 0x0C2B407880DD9E76, 0xC43A8991383FBE08, + 0x5F7D2D65779BE5D2, 0x78719A54EB3B4AB5 } + }, + { + { 0xEA7D260A6245E404, 0x9DE407956E7FDFE0, + 0x1FF3A4158DAC1AB5, 0x3E7090F1649C9073 }, + { 0x1A7685612B944E88, 0x250F939EE57F61C8, + 0x0C0DAA891EAD643D, 0x68930023E125B88E } + }, + { + { 0x04B71AA7D2697768, 0xABDEDEF5CA345A33, + 0x2409D29DEE37385E, 0x4EE1DF77CB83E156 }, + { 0x0CAC12D91CBB5B43, 0x170ED2F6CA895637, + 0x28228CFA8ADE6D66, 0x7FF57C9553238ACA } + }, + { + { 0xCCC425634B2ED709, 0x0E356769856FD30D, + 0xBCBCD43F559E9811, 0x738477AC5395B759 }, + { 0x35752B90C00EE17F, 0x68748390742ED2E3, + 0x7CD06422BD1F5BC1, 0xFBC08769C9E7B797 } + }, + { + { 0xA242A35BB0CF664A, 0x126E48F77F9707E3, + 0x1717BF54C6832660, 0xFAAE7332FD12C72E }, + { 0x27B52DB7995D586B, 0xBE29569E832237C2, + 0xE8E4193E2A65E7DB, 0x152706DC2EAA1BBB } + }, + { + { 0x72BCD8B7BC60055B, 0x03CC23EE56E27E4B, + 0xEE337424E4819370, 0xE2AA0E430AD3DA09 }, + { 0x40B8524F6383C45D, 0xD766355442A41B25, + 0x64EFA6DE778A4797, 0x2042170A7079ADF4 } + } +}; + +/* + * Multiply the conventional generator of the curve by the provided + * integer. Return is written in *P. + * + * Assumptions: + * - Integer is not 0, and is lower than the curve order. + * If this conditions is not met, then the result is indeterminate + * (but the process is still constant-time). + */ +static void +p256_mulgen(p256_jacobian *P, const unsigned char *k, size_t klen) +{ + point_mul_inner(P, P256_Gwin, k, klen); +} + +/* + * Return 1 if all of the following hold: + * - klen <= 32 + * - k != 0 + * - k is lower than the curve order + * Otherwise, return 0. + * + * Constant-time behaviour: only klen may be observable. + */ +static uint32_t +check_scalar(const unsigned char *k, size_t klen) +{ + uint32_t z; + int32_t c; + size_t u; + + if (klen > 32) { + return 0; + } + z = 0; + for (u = 0; u < klen; u ++) { + z |= k[u]; + } + if (klen == 32) { + c = 0; + for (u = 0; u < klen; u ++) { + c |= -(int32_t)EQ0(c) & CMP(k[u], P256_N[u]); + } + } else { + c = -1; + } + return NEQ(z, 0) & LT0(c); +} + +static uint32_t +api_mul(unsigned char *G, size_t Glen, + const unsigned char *k, size_t klen, int curve) +{ + uint32_t r; + p256_jacobian P; + + (void)curve; + if (Glen != 65) { + return 0; + } + r = check_scalar(k, klen); + r &= point_decode(&P, G); + p256_mul(&P, k, klen); + r &= point_encode(G, &P); + return r; +} + +static size_t +api_mulgen(unsigned char *R, + const unsigned char *k, size_t klen, int curve) +{ + p256_jacobian P; + + (void)curve; + p256_mulgen(&P, k, klen); + point_encode(R, &P); + return 65; +} + +static uint32_t +api_muladd(unsigned char *A, const unsigned char *B, size_t len, + const unsigned char *x, size_t xlen, + const unsigned char *y, size_t ylen, int curve) +{ + /* + * We might want to use Shamir's trick here: make a composite + * window of u*P+v*Q points, to merge the two doubling-ladders + * into one. This, however, has some complications: + * + * - During the computation, we may hit the point-at-infinity. + * Thus, we would need p256_add_complete_mixed() (complete + * formulas for point addition), with a higher cost (17 muls + * instead of 11). + * + * - A 4-bit window would be too large, since it would involve + * 16*16-1 = 255 points. For the same window size as in the + * p256_mul() case, we would need to reduce the window size + * to 2 bits, and thus perform twice as many non-doubling + * point additions. + * + * - The window may itself contain the point-at-infinity, and + * thus cannot be in all generality be made of affine points. + * Instead, we would need to make it a window of points in + * Jacobian coordinates. Even p256_add_complete_mixed() would + * be inappropriate. + * + * For these reasons, the code below performs two separate + * point multiplications, then computes the final point addition + * (which is both a "normal" addition, and a doubling, to handle + * all cases). + */ + + p256_jacobian P, Q; + uint32_t r, t, s; + uint64_t z; + + (void)curve; + if (len != 65) { + return 0; + } + r = point_decode(&P, A); + p256_mul(&P, x, xlen); + if (B == NULL) { + p256_mulgen(&Q, y, ylen); + } else { + r &= point_decode(&Q, B); + p256_mul(&Q, y, ylen); + } + + /* + * The final addition may fail in case both points are equal. + */ + t = p256_add(&P, &Q); + f256_final_reduce(P.z); + z = P.z[0] | P.z[1] | P.z[2] | P.z[3]; + s = EQ((uint32_t)(z | (z >> 32)), 0); + p256_double(&Q); + + /* + * If s is 1 then either P+Q = 0 (t = 1) or P = Q (t = 0). So we + * have the following: + * + * s = 0, t = 0 return P (normal addition) + * s = 0, t = 1 return P (normal addition) + * s = 1, t = 0 return Q (a 'double' case) + * s = 1, t = 1 report an error (P+Q = 0) + */ + CCOPY(s & ~t, &P, &Q, sizeof Q); + point_encode(A, &P); + r &= ~(s & t); + return r; +} + +/* see bearssl_ec.h */ +const br_ec_impl br_ec_p256_m64 = { + (uint32_t)0x00800000, + &api_generator, + &api_order, + &api_xoff, + &api_mul, + &api_mulgen, + &api_muladd +}; + +/* see bearssl_ec.h */ +const br_ec_impl * +br_ec_p256_m64_get(void) +{ + return &br_ec_p256_m64; +} + +#else + +/* see bearssl_ec.h */ +const br_ec_impl * +br_ec_p256_m64_get(void) +{ + return 0; +} + +#endif diff --git a/src/bearssl/src/int/i31_montmul.c b/src/bearssl/src/int/i31_montmul.c index 8066808..758f8f4 100644 --- a/src/bearssl/src/int/i31_montmul.c +++ b/src/bearssl/src/int/i31_montmul.c @@ -29,16 +29,45 @@ void br_i31_montymul(uint32_t *d, const uint32_t *x, const uint32_t *y, const uint32_t *m, uint32_t m0i) { + /* + * Each outer loop iteration computes: + * d <- (d + xu*y + f*m) / 2^31 + * We have xu <= 2^31-1 and f <= 2^31-1. + * Thus, if d <= 2*m-1 on input, then: + * 2*m-1 + 2*(2^31-1)*m <= (2^32)*m-1 + * and the new d value is less than 2*m. + * + * We represent d over 31-bit words, with an extra word 'dh' + * which can thus be only 0 or 1. + */ size_t len, len4, u, v; - uint64_t dh; + uint32_t dh; len = (m[0] + 31) >> 5; len4 = len & ~(size_t)3; br_i31_zero(d, m[0]); dh = 0; for (u = 0; u < len; u ++) { + /* + * The carry for each operation fits on 32 bits: + * d[v+1] <= 2^31-1 + * xu*y[v+1] <= (2^31-1)*(2^31-1) + * f*m[v+1] <= (2^31-1)*(2^31-1) + * r <= 2^32-1 + * (2^31-1) + 2*(2^31-1)*(2^31-1) + (2^32-1) = 2^63 - 2^31 + * After division by 2^31, the new r is then at most 2^32-1 + * + * Using a 32-bit carry has performance benefits on 32-bit + * systems; however, on 64-bit architectures, we prefer to + * keep the carry (r) in a 64-bit register, thus avoiding some + * "clear high bits" operations. + */ uint32_t f, xu; - uint64_t r, zh; +#if BR_64 + uint64_t r; +#else + uint32_t r; +#endif xu = x[u + 1]; f = MUL31_lo((d[1] + MUL31_lo(x[u + 1], y[1])), m0i); @@ -73,9 +102,14 @@ br_i31_montymul(uint32_t *d, const uint32_t *x, const uint32_t *y, d[v] = (uint32_t)z & 0x7FFFFFFF; } - zh = dh + r; - d[len] = (uint32_t)zh & 0x7FFFFFFF; - dh = zh >> 31; + /* + * Since the new dh can only be 0 or 1, the addition of + * the old dh with the carry MUST fit on 32 bits, and + * thus can be done into dh itself. + */ + dh += r; + d[len] = dh & 0x7FFFFFFF; + dh >>= 31; } /* diff --git a/src/bearssl/src/int/i31_mulacc.c b/src/bearssl/src/int/i31_mulacc.c index 024d095..7410e54 100644 --- a/src/bearssl/src/int/i31_mulacc.c +++ b/src/bearssl/src/int/i31_mulacc.c @@ -45,7 +45,20 @@ br_i31_mulacc(uint32_t *d, const uint32_t *a, const uint32_t *b) for (u = 0; u < blen; u ++) { uint32_t f; size_t v; + + /* + * Carry always fits on 31 bits; we want to keep it in a + * 32-bit register on 32-bit architectures (on a 64-bit + * architecture, cast down from 64 to 32 bits means + * clearing the high bits, which is not free; on a 32-bit + * architecture, the same operation really means ignoring + * the top register, which has negative or zero cost). + */ +#if BR_64 uint64_t cc; +#else + uint32_t cc; +#endif f = b[1 + u]; cc = 0; diff --git a/src/bearssl/src/int/i32_mulacc.c b/src/bearssl/src/int/i32_mulacc.c index f62c782..55da385 100644 --- a/src/bearssl/src/int/i32_mulacc.c +++ b/src/bearssl/src/int/i32_mulacc.c @@ -36,7 +36,11 @@ br_i32_mulacc(uint32_t *d, const uint32_t *a, const uint32_t *b) for (u = 0; u < blen; u ++) { uint32_t f; size_t v; +#if BR_64 uint64_t cc; +#else + uint32_t cc; +#endif f = b[1 + u]; cc = 0; diff --git a/src/bearssl/src/kdf/shake.c b/src/bearssl/src/kdf/shake.c new file mode 100644 index 0000000..80d7176 --- /dev/null +++ b/src/bearssl/src/kdf/shake.c @@ -0,0 +1,590 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* + * Round constants. + */ +static const uint64_t RC[] = { + 0x0000000000000001, 0x0000000000008082, + 0x800000000000808A, 0x8000000080008000, + 0x000000000000808B, 0x0000000080000001, + 0x8000000080008081, 0x8000000000008009, + 0x000000000000008A, 0x0000000000000088, + 0x0000000080008009, 0x000000008000000A, + 0x000000008000808B, 0x800000000000008B, + 0x8000000000008089, 0x8000000000008003, + 0x8000000000008002, 0x8000000000000080, + 0x000000000000800A, 0x800000008000000A, + 0x8000000080008081, 0x8000000000008080, + 0x0000000080000001, 0x8000000080008008 +}; + +/* + * XOR a block of data into the provided state. This supports only + * blocks whose length is a multiple of 64 bits. + */ +static void +xor_block(uint64_t *A, const void *data, size_t rate) +{ + size_t u; + + for (u = 0; u < rate; u += 8) { + A[u >> 3] ^= br_dec64le((const unsigned char *)data + u); + } +} + +/* + * Process a block with the provided data. The data length must be a + * multiple of 8 (in bytes); normally, this is the "rate". + */ +static void +process_block(uint64_t *A) +{ + uint64_t t0, t1, t2, t3, t4; + uint64_t tt0, tt1, tt2, tt3; + uint64_t t, kt; + uint64_t c0, c1, c2, c3, c4, bnn; + int j; + + /* + * Compute the 24 rounds. This loop is partially unrolled (each + * iteration computes two rounds). + */ + for (j = 0; j < 24; j += 2) { + + tt0 = A[ 1] ^ A[ 6]; + tt1 = A[11] ^ A[16]; + tt0 ^= A[21] ^ tt1; + tt0 = (tt0 << 1) | (tt0 >> 63); + tt2 = A[ 4] ^ A[ 9]; + tt3 = A[14] ^ A[19]; + tt0 ^= A[24]; + tt2 ^= tt3; + t0 = tt0 ^ tt2; + + tt0 = A[ 2] ^ A[ 7]; + tt1 = A[12] ^ A[17]; + tt0 ^= A[22] ^ tt1; + tt0 = (tt0 << 1) | (tt0 >> 63); + tt2 = A[ 0] ^ A[ 5]; + tt3 = A[10] ^ A[15]; + tt0 ^= A[20]; + tt2 ^= tt3; + t1 = tt0 ^ tt2; + + tt0 = A[ 3] ^ A[ 8]; + tt1 = A[13] ^ A[18]; + tt0 ^= A[23] ^ tt1; + tt0 = (tt0 << 1) | (tt0 >> 63); + tt2 = A[ 1] ^ A[ 6]; + tt3 = A[11] ^ A[16]; + tt0 ^= A[21]; + tt2 ^= tt3; + t2 = tt0 ^ tt2; + + tt0 = A[ 4] ^ A[ 9]; + tt1 = A[14] ^ A[19]; + tt0 ^= A[24] ^ tt1; + tt0 = (tt0 << 1) | (tt0 >> 63); + tt2 = A[ 2] ^ A[ 7]; + tt3 = A[12] ^ A[17]; + tt0 ^= A[22]; + tt2 ^= tt3; + t3 = tt0 ^ tt2; + + tt0 = A[ 0] ^ A[ 5]; + tt1 = A[10] ^ A[15]; + tt0 ^= A[20] ^ tt1; + tt0 = (tt0 << 1) | (tt0 >> 63); + tt2 = A[ 3] ^ A[ 8]; + tt3 = A[13] ^ A[18]; + tt0 ^= A[23]; + tt2 ^= tt3; + t4 = tt0 ^ tt2; + + A[ 0] = A[ 0] ^ t0; + A[ 5] = A[ 5] ^ t0; + A[10] = A[10] ^ t0; + A[15] = A[15] ^ t0; + A[20] = A[20] ^ t0; + A[ 1] = A[ 1] ^ t1; + A[ 6] = A[ 6] ^ t1; + A[11] = A[11] ^ t1; + A[16] = A[16] ^ t1; + A[21] = A[21] ^ t1; + A[ 2] = A[ 2] ^ t2; + A[ 7] = A[ 7] ^ t2; + A[12] = A[12] ^ t2; + A[17] = A[17] ^ t2; + A[22] = A[22] ^ t2; + A[ 3] = A[ 3] ^ t3; + A[ 8] = A[ 8] ^ t3; + A[13] = A[13] ^ t3; + A[18] = A[18] ^ t3; + A[23] = A[23] ^ t3; + A[ 4] = A[ 4] ^ t4; + A[ 9] = A[ 9] ^ t4; + A[14] = A[14] ^ t4; + A[19] = A[19] ^ t4; + A[24] = A[24] ^ t4; + A[ 5] = (A[ 5] << 36) | (A[ 5] >> (64 - 36)); + A[10] = (A[10] << 3) | (A[10] >> (64 - 3)); + A[15] = (A[15] << 41) | (A[15] >> (64 - 41)); + A[20] = (A[20] << 18) | (A[20] >> (64 - 18)); + A[ 1] = (A[ 1] << 1) | (A[ 1] >> (64 - 1)); + A[ 6] = (A[ 6] << 44) | (A[ 6] >> (64 - 44)); + A[11] = (A[11] << 10) | (A[11] >> (64 - 10)); + A[16] = (A[16] << 45) | (A[16] >> (64 - 45)); + A[21] = (A[21] << 2) | (A[21] >> (64 - 2)); + A[ 2] = (A[ 2] << 62) | (A[ 2] >> (64 - 62)); + A[ 7] = (A[ 7] << 6) | (A[ 7] >> (64 - 6)); + A[12] = (A[12] << 43) | (A[12] >> (64 - 43)); + A[17] = (A[17] << 15) | (A[17] >> (64 - 15)); + A[22] = (A[22] << 61) | (A[22] >> (64 - 61)); + A[ 3] = (A[ 3] << 28) | (A[ 3] >> (64 - 28)); + A[ 8] = (A[ 8] << 55) | (A[ 8] >> (64 - 55)); + A[13] = (A[13] << 25) | (A[13] >> (64 - 25)); + A[18] = (A[18] << 21) | (A[18] >> (64 - 21)); + A[23] = (A[23] << 56) | (A[23] >> (64 - 56)); + A[ 4] = (A[ 4] << 27) | (A[ 4] >> (64 - 27)); + A[ 9] = (A[ 9] << 20) | (A[ 9] >> (64 - 20)); + A[14] = (A[14] << 39) | (A[14] >> (64 - 39)); + A[19] = (A[19] << 8) | (A[19] >> (64 - 8)); + A[24] = (A[24] << 14) | (A[24] >> (64 - 14)); + bnn = ~A[12]; + kt = A[ 6] | A[12]; + c0 = A[ 0] ^ kt; + kt = bnn | A[18]; + c1 = A[ 6] ^ kt; + kt = A[18] & A[24]; + c2 = A[12] ^ kt; + kt = A[24] | A[ 0]; + c3 = A[18] ^ kt; + kt = A[ 0] & A[ 6]; + c4 = A[24] ^ kt; + A[ 0] = c0; + A[ 6] = c1; + A[12] = c2; + A[18] = c3; + A[24] = c4; + bnn = ~A[22]; + kt = A[ 9] | A[10]; + c0 = A[ 3] ^ kt; + kt = A[10] & A[16]; + c1 = A[ 9] ^ kt; + kt = A[16] | bnn; + c2 = A[10] ^ kt; + kt = A[22] | A[ 3]; + c3 = A[16] ^ kt; + kt = A[ 3] & A[ 9]; + c4 = A[22] ^ kt; + A[ 3] = c0; + A[ 9] = c1; + A[10] = c2; + A[16] = c3; + A[22] = c4; + bnn = ~A[19]; + kt = A[ 7] | A[13]; + c0 = A[ 1] ^ kt; + kt = A[13] & A[19]; + c1 = A[ 7] ^ kt; + kt = bnn & A[20]; + c2 = A[13] ^ kt; + kt = A[20] | A[ 1]; + c3 = bnn ^ kt; + kt = A[ 1] & A[ 7]; + c4 = A[20] ^ kt; + A[ 1] = c0; + A[ 7] = c1; + A[13] = c2; + A[19] = c3; + A[20] = c4; + bnn = ~A[17]; + kt = A[ 5] & A[11]; + c0 = A[ 4] ^ kt; + kt = A[11] | A[17]; + c1 = A[ 5] ^ kt; + kt = bnn | A[23]; + c2 = A[11] ^ kt; + kt = A[23] & A[ 4]; + c3 = bnn ^ kt; + kt = A[ 4] | A[ 5]; + c4 = A[23] ^ kt; + A[ 4] = c0; + A[ 5] = c1; + A[11] = c2; + A[17] = c3; + A[23] = c4; + bnn = ~A[ 8]; + kt = bnn & A[14]; + c0 = A[ 2] ^ kt; + kt = A[14] | A[15]; + c1 = bnn ^ kt; + kt = A[15] & A[21]; + c2 = A[14] ^ kt; + kt = A[21] | A[ 2]; + c3 = A[15] ^ kt; + kt = A[ 2] & A[ 8]; + c4 = A[21] ^ kt; + A[ 2] = c0; + A[ 8] = c1; + A[14] = c2; + A[15] = c3; + A[21] = c4; + A[ 0] = A[ 0] ^ RC[j + 0]; + + tt0 = A[ 6] ^ A[ 9]; + tt1 = A[ 7] ^ A[ 5]; + tt0 ^= A[ 8] ^ tt1; + tt0 = (tt0 << 1) | (tt0 >> 63); + tt2 = A[24] ^ A[22]; + tt3 = A[20] ^ A[23]; + tt0 ^= A[21]; + tt2 ^= tt3; + t0 = tt0 ^ tt2; + + tt0 = A[12] ^ A[10]; + tt1 = A[13] ^ A[11]; + tt0 ^= A[14] ^ tt1; + tt0 = (tt0 << 1) | (tt0 >> 63); + tt2 = A[ 0] ^ A[ 3]; + tt3 = A[ 1] ^ A[ 4]; + tt0 ^= A[ 2]; + tt2 ^= tt3; + t1 = tt0 ^ tt2; + + tt0 = A[18] ^ A[16]; + tt1 = A[19] ^ A[17]; + tt0 ^= A[15] ^ tt1; + tt0 = (tt0 << 1) | (tt0 >> 63); + tt2 = A[ 6] ^ A[ 9]; + tt3 = A[ 7] ^ A[ 5]; + tt0 ^= A[ 8]; + tt2 ^= tt3; + t2 = tt0 ^ tt2; + + tt0 = A[24] ^ A[22]; + tt1 = A[20] ^ A[23]; + tt0 ^= A[21] ^ tt1; + tt0 = (tt0 << 1) | (tt0 >> 63); + tt2 = A[12] ^ A[10]; + tt3 = A[13] ^ A[11]; + tt0 ^= A[14]; + tt2 ^= tt3; + t3 = tt0 ^ tt2; + + tt0 = A[ 0] ^ A[ 3]; + tt1 = A[ 1] ^ A[ 4]; + tt0 ^= A[ 2] ^ tt1; + tt0 = (tt0 << 1) | (tt0 >> 63); + tt2 = A[18] ^ A[16]; + tt3 = A[19] ^ A[17]; + tt0 ^= A[15]; + tt2 ^= tt3; + t4 = tt0 ^ tt2; + + A[ 0] = A[ 0] ^ t0; + A[ 3] = A[ 3] ^ t0; + A[ 1] = A[ 1] ^ t0; + A[ 4] = A[ 4] ^ t0; + A[ 2] = A[ 2] ^ t0; + A[ 6] = A[ 6] ^ t1; + A[ 9] = A[ 9] ^ t1; + A[ 7] = A[ 7] ^ t1; + A[ 5] = A[ 5] ^ t1; + A[ 8] = A[ 8] ^ t1; + A[12] = A[12] ^ t2; + A[10] = A[10] ^ t2; + A[13] = A[13] ^ t2; + A[11] = A[11] ^ t2; + A[14] = A[14] ^ t2; + A[18] = A[18] ^ t3; + A[16] = A[16] ^ t3; + A[19] = A[19] ^ t3; + A[17] = A[17] ^ t3; + A[15] = A[15] ^ t3; + A[24] = A[24] ^ t4; + A[22] = A[22] ^ t4; + A[20] = A[20] ^ t4; + A[23] = A[23] ^ t4; + A[21] = A[21] ^ t4; + A[ 3] = (A[ 3] << 36) | (A[ 3] >> (64 - 36)); + A[ 1] = (A[ 1] << 3) | (A[ 1] >> (64 - 3)); + A[ 4] = (A[ 4] << 41) | (A[ 4] >> (64 - 41)); + A[ 2] = (A[ 2] << 18) | (A[ 2] >> (64 - 18)); + A[ 6] = (A[ 6] << 1) | (A[ 6] >> (64 - 1)); + A[ 9] = (A[ 9] << 44) | (A[ 9] >> (64 - 44)); + A[ 7] = (A[ 7] << 10) | (A[ 7] >> (64 - 10)); + A[ 5] = (A[ 5] << 45) | (A[ 5] >> (64 - 45)); + A[ 8] = (A[ 8] << 2) | (A[ 8] >> (64 - 2)); + A[12] = (A[12] << 62) | (A[12] >> (64 - 62)); + A[10] = (A[10] << 6) | (A[10] >> (64 - 6)); + A[13] = (A[13] << 43) | (A[13] >> (64 - 43)); + A[11] = (A[11] << 15) | (A[11] >> (64 - 15)); + A[14] = (A[14] << 61) | (A[14] >> (64 - 61)); + A[18] = (A[18] << 28) | (A[18] >> (64 - 28)); + A[16] = (A[16] << 55) | (A[16] >> (64 - 55)); + A[19] = (A[19] << 25) | (A[19] >> (64 - 25)); + A[17] = (A[17] << 21) | (A[17] >> (64 - 21)); + A[15] = (A[15] << 56) | (A[15] >> (64 - 56)); + A[24] = (A[24] << 27) | (A[24] >> (64 - 27)); + A[22] = (A[22] << 20) | (A[22] >> (64 - 20)); + A[20] = (A[20] << 39) | (A[20] >> (64 - 39)); + A[23] = (A[23] << 8) | (A[23] >> (64 - 8)); + A[21] = (A[21] << 14) | (A[21] >> (64 - 14)); + bnn = ~A[13]; + kt = A[ 9] | A[13]; + c0 = A[ 0] ^ kt; + kt = bnn | A[17]; + c1 = A[ 9] ^ kt; + kt = A[17] & A[21]; + c2 = A[13] ^ kt; + kt = A[21] | A[ 0]; + c3 = A[17] ^ kt; + kt = A[ 0] & A[ 9]; + c4 = A[21] ^ kt; + A[ 0] = c0; + A[ 9] = c1; + A[13] = c2; + A[17] = c3; + A[21] = c4; + bnn = ~A[14]; + kt = A[22] | A[ 1]; + c0 = A[18] ^ kt; + kt = A[ 1] & A[ 5]; + c1 = A[22] ^ kt; + kt = A[ 5] | bnn; + c2 = A[ 1] ^ kt; + kt = A[14] | A[18]; + c3 = A[ 5] ^ kt; + kt = A[18] & A[22]; + c4 = A[14] ^ kt; + A[18] = c0; + A[22] = c1; + A[ 1] = c2; + A[ 5] = c3; + A[14] = c4; + bnn = ~A[23]; + kt = A[10] | A[19]; + c0 = A[ 6] ^ kt; + kt = A[19] & A[23]; + c1 = A[10] ^ kt; + kt = bnn & A[ 2]; + c2 = A[19] ^ kt; + kt = A[ 2] | A[ 6]; + c3 = bnn ^ kt; + kt = A[ 6] & A[10]; + c4 = A[ 2] ^ kt; + A[ 6] = c0; + A[10] = c1; + A[19] = c2; + A[23] = c3; + A[ 2] = c4; + bnn = ~A[11]; + kt = A[ 3] & A[ 7]; + c0 = A[24] ^ kt; + kt = A[ 7] | A[11]; + c1 = A[ 3] ^ kt; + kt = bnn | A[15]; + c2 = A[ 7] ^ kt; + kt = A[15] & A[24]; + c3 = bnn ^ kt; + kt = A[24] | A[ 3]; + c4 = A[15] ^ kt; + A[24] = c0; + A[ 3] = c1; + A[ 7] = c2; + A[11] = c3; + A[15] = c4; + bnn = ~A[16]; + kt = bnn & A[20]; + c0 = A[12] ^ kt; + kt = A[20] | A[ 4]; + c1 = bnn ^ kt; + kt = A[ 4] & A[ 8]; + c2 = A[20] ^ kt; + kt = A[ 8] | A[12]; + c3 = A[ 4] ^ kt; + kt = A[12] & A[16]; + c4 = A[ 8] ^ kt; + A[12] = c0; + A[16] = c1; + A[20] = c2; + A[ 4] = c3; + A[ 8] = c4; + A[ 0] = A[ 0] ^ RC[j + 1]; + t = A[ 5]; + A[ 5] = A[18]; + A[18] = A[11]; + A[11] = A[10]; + A[10] = A[ 6]; + A[ 6] = A[22]; + A[22] = A[20]; + A[20] = A[12]; + A[12] = A[19]; + A[19] = A[15]; + A[15] = A[24]; + A[24] = A[ 8]; + A[ 8] = t; + t = A[ 1]; + A[ 1] = A[ 9]; + A[ 9] = A[14]; + A[14] = A[ 2]; + A[ 2] = A[13]; + A[13] = A[23]; + A[23] = A[ 4]; + A[ 4] = A[21]; + A[21] = A[16]; + A[16] = A[ 3]; + A[ 3] = A[17]; + A[17] = A[ 7]; + A[ 7] = t; + } +} + +/* see bearssl_kdf.h */ +void +br_shake_init(br_shake_context *sc, int security_level) +{ + sc->rate = 200 - (size_t)(security_level >> 2); + sc->dptr = 0; + memset(sc->A, 0, sizeof sc->A); + sc->A[ 1] = ~(uint64_t)0; + sc->A[ 2] = ~(uint64_t)0; + sc->A[ 8] = ~(uint64_t)0; + sc->A[12] = ~(uint64_t)0; + sc->A[17] = ~(uint64_t)0; + sc->A[20] = ~(uint64_t)0; +} + +/* see bearssl_kdf.h */ +void +br_shake_inject(br_shake_context *sc, const void *data, size_t len) +{ + const unsigned char *buf; + size_t rate, dptr; + + buf = data; + rate = sc->rate; + dptr = sc->dptr; + while (len > 0) { + size_t clen; + + clen = rate - dptr; + if (clen > len) { + clen = len; + } + memcpy(sc->dbuf + dptr, buf, clen); + dptr += clen; + buf += clen; + len -= clen; + if (dptr == rate) { + xor_block(sc->A, sc->dbuf, rate); + process_block(sc->A); + dptr = 0; + } + } + sc->dptr = dptr; +} + +/* see bearssl_kdf.h */ +void +br_shake_flip(br_shake_context *sc) +{ + /* + * We apply padding and pre-XOR the value into the state. We + * set dptr to the end of the buffer, so that first call to + * shake_extract() will process the block. + */ + if ((sc->dptr + 1) == sc->rate) { + sc->dbuf[sc->dptr ++] = 0x9F; + } else { + sc->dbuf[sc->dptr ++] = 0x1F; + memset(sc->dbuf + sc->dptr, 0x00, sc->rate - sc->dptr - 1); + sc->dbuf[sc->rate - 1] = 0x80; + sc->dptr = sc->rate; + } + xor_block(sc->A, sc->dbuf, sc->rate); +} + +/* see bearssl_kdf.h */ +void +br_shake_produce(br_shake_context *sc, void *out, size_t len) +{ + unsigned char *buf; + size_t dptr, rate; + + buf = out; + dptr = sc->dptr; + rate = sc->rate; + while (len > 0) { + size_t clen; + + if (dptr == rate) { + unsigned char *dbuf; + uint64_t *A; + + A = sc->A; + dbuf = sc->dbuf; + process_block(A); + br_enc64le(dbuf + 0, A[ 0]); + br_enc64le(dbuf + 8, ~A[ 1]); + br_enc64le(dbuf + 16, ~A[ 2]); + br_enc64le(dbuf + 24, A[ 3]); + br_enc64le(dbuf + 32, A[ 4]); + br_enc64le(dbuf + 40, A[ 5]); + br_enc64le(dbuf + 48, A[ 6]); + br_enc64le(dbuf + 56, A[ 7]); + br_enc64le(dbuf + 64, ~A[ 8]); + br_enc64le(dbuf + 72, A[ 9]); + br_enc64le(dbuf + 80, A[10]); + br_enc64le(dbuf + 88, A[11]); + br_enc64le(dbuf + 96, ~A[12]); + br_enc64le(dbuf + 104, A[13]); + br_enc64le(dbuf + 112, A[14]); + br_enc64le(dbuf + 120, A[15]); + br_enc64le(dbuf + 128, A[16]); + br_enc64le(dbuf + 136, ~A[17]); + br_enc64le(dbuf + 144, A[18]); + br_enc64le(dbuf + 152, A[19]); + br_enc64le(dbuf + 160, ~A[20]); + br_enc64le(dbuf + 168, A[21]); + br_enc64le(dbuf + 176, A[22]); + br_enc64le(dbuf + 184, A[23]); + br_enc64le(dbuf + 192, A[24]); + dptr = 0; + } + clen = rate - dptr; + if (clen > len) { + clen = len; + } + memcpy(buf, sc->dbuf + dptr, clen); + dptr += clen; + buf += clen; + len -= clen; + } + sc->dptr = dptr; +} diff --git a/src/bearssl/src/rand/sysrng.c b/src/bearssl/src/rand/sysrng.c index bec06be..5a92114 100644 --- a/src/bearssl/src/rand/sysrng.c +++ b/src/bearssl/src/rand/sysrng.c @@ -25,6 +25,10 @@ #define BR_ENABLE_INTRINSICS 1 #include "inner.h" +#if BR_USE_GETENTROPY +#include +#endif + #if BR_USE_URANDOM #include #include @@ -38,6 +42,9 @@ #pragma comment(lib, "advapi32") #endif +/* + * Seeder that uses the RDRAND opcodes (on x86 CPU). + */ #if BR_RDRAND BR_TARGETS_X86_UP BR_TARGET("rdrnd") @@ -57,9 +64,24 @@ seeder_rdrand(const br_prng_class **ctx) * * Intel recommends trying at least 10 times in case of * failure. + * + * AMD bug: there are reports that some AMD processors + * have a bug that makes them fail silently after a + * suspend/resume cycle, in which case RDRAND will report + * a success but always return 0xFFFFFFFF. + * see: https://bugzilla.kernel.org/show_bug.cgi?id=85911 + * + * As a mitigation, if the 32-bit value is 0 or -1, then + * it is considered a failure and tried again. This should + * reliably detect the buggy case, at least. This also + * implies that the selected seed values can never be + * 0x00000000 or 0xFFFFFFFF, which is not a problem since + * we are generating a seed for a PRNG, and we overdo it + * a bit (we generate 32 bytes of randomness, and 256 bits + * of entropy are really overkill). */ for (j = 0; j < 10; j ++) { - if (_rdrand32_step(&x)) { + if (_rdrand32_step(&x) && x != 0 && x != (uint32_t)-1) { goto next_word; } } @@ -80,9 +102,11 @@ rdrand_supported(void) */ return br_cpuid(0, 0, 0x40000000, 0); } - #endif +/* + * Seeder that uses /dev/urandom (on Unix-like systems). + */ #if BR_USE_URANDOM static int seeder_urandom(const br_prng_class **ctx) @@ -116,6 +140,32 @@ seeder_urandom(const br_prng_class **ctx) } #endif +/* + * Seeder that uses getentropy() (backed by getrandom() on some systems, + * e.g. Linux). On failure, it will use the /dev/urandom seeder (if + * enabled). + */ +#if BR_USE_GETENTROPY +static int +seeder_getentropy(const br_prng_class **ctx) +{ + unsigned char tmp[32]; + + if (getentropy(tmp, sizeof tmp) == 0) { + (*ctx)->update(ctx, tmp, sizeof tmp); + return 1; + } +#if BR_USE_URANDOM + return seeder_urandom(ctx); +#else + return 0; +#endif +} +#endif + +/* + * Seeder that uses CryptGenRandom() (on Windows). + */ #if BR_USE_WIN32_RAND static int seeder_win32(const br_prng_class **ctx) @@ -139,6 +189,29 @@ seeder_win32(const br_prng_class **ctx) } #endif +/* + * An aggregate seeder that uses RDRAND, and falls back to an OS-provided + * source if RDRAND fails. + */ +#if BR_RDRAND && (BR_USE_GETENTROPY || BR_USE_URANDOM || BR_USE_WIN32_RAND) +static int +seeder_rdrand_with_fallback(const br_prng_class **ctx) +{ + if (!seeder_rdrand(ctx)) { +#if BR_USE_GETENTROPY + return seeder_getentropy(ctx); +#elif BR_USE_URANDOM + return seeder_urandom(ctx); +#elif BR_USE_WIN32_RAND + return seeder_win32(ctx); +#else +#error "macro selection has gone wrong" +#endif + } + return 1; +} +#endif + /* see bearssl_rand.h */ br_prng_seeder br_prng_seeder_system(const char **name) @@ -148,10 +221,19 @@ br_prng_seeder_system(const char **name) if (name != NULL) { *name = "rdrand"; } +#if BR_USE_GETENTROPY || BR_USE_URANDOM || BR_USE_WIN32_RAND + return &seeder_rdrand_with_fallback; +#else return &seeder_rdrand; +#endif } #endif -#if BR_USE_URANDOM +#if BR_USE_GETENTROPY + if (name != NULL) { + *name = "getentropy"; + } + return &seeder_getentropy; +#elif BR_USE_URANDOM if (name != NULL) { *name = "urandom"; } @@ -161,9 +243,10 @@ br_prng_seeder_system(const char **name) *name = "win32"; } return &seeder_win32; -#endif +#else if (name != NULL) { *name = "none"; } return 0; +#endif } diff --git a/src/bearssl/src/rsa/rsa_default_pss_sign.c b/src/bearssl/src/rsa/rsa_default_pss_sign.c new file mode 100644 index 0000000..ce4f3e0 --- /dev/null +++ b/src/bearssl/src/rsa/rsa_default_pss_sign.c @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see bearssl_rsa.h */ +br_rsa_pss_sign +br_rsa_pss_sign_get_default(void) +{ +#if BR_INT128 || BR_UMUL128 + return &br_rsa_i62_pss_sign; +#elif BR_LOMUL + return &br_rsa_i15_pss_sign; +#else + return &br_rsa_i31_pss_sign; +#endif +} diff --git a/src/bearssl/src/rsa/rsa_default_pss_vrfy.c b/src/bearssl/src/rsa/rsa_default_pss_vrfy.c new file mode 100644 index 0000000..e3a9ad9 --- /dev/null +++ b/src/bearssl/src/rsa/rsa_default_pss_vrfy.c @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see bearssl_rsa.h */ +br_rsa_pss_vrfy +br_rsa_pss_vrfy_get_default(void) +{ +#if BR_INT128 || BR_UMUL128 + return &br_rsa_i62_pss_vrfy; +#elif BR_LOMUL + return &br_rsa_i15_pss_vrfy; +#else + return &br_rsa_i31_pss_vrfy; +#endif +} diff --git a/src/bearssl/src/rsa/rsa_i15_keygen.c b/src/bearssl/src/rsa/rsa_i15_keygen.c index 1c011fe..e8da419 100644 --- a/src/bearssl/src/rsa/rsa_i15_keygen.c +++ b/src/bearssl/src/rsa/rsa_i15_keygen.c @@ -318,9 +318,9 @@ mkprime(const br_prng_class **rng, uint16_t *x, uint32_t esize, continue; } if ((pubexp == 3 && m3 == 1) - || (pubexp == 5 && m5 == 5) - || (pubexp == 7 && m5 == 7) - || (pubexp == 11 && m5 == 11)) + || (pubexp == 5 && m5 == 1) + || (pubexp == 7 && m7 == 1) + || (pubexp == 11 && m11 == 1)) { continue; } diff --git a/src/bearssl/src/rsa/rsa_i15_modulus.c b/src/bearssl/src/rsa/rsa_i15_modulus.c index d61c794..16458c3 100644 --- a/src/bearssl/src/rsa/rsa_i15_modulus.c +++ b/src/bearssl/src/rsa/rsa_i15_modulus.c @@ -28,7 +28,7 @@ size_t br_rsa_i15_compute_modulus(void *n, const br_rsa_private_key *sk) { - uint16_t tmp[2 * ((BR_MAX_RSA_SIZE + 14) / 15) + 5]; + uint16_t tmp[4 * (((BR_MAX_RSA_SIZE / 2) + 14) / 15) + 5]; uint16_t *t, *p, *q; const unsigned char *pbuf, *qbuf; size_t nlen, plen, qlen, tlen; diff --git a/src/bearssl/src/rsa/rsa_i15_pss_sign.c b/src/bearssl/src/rsa/rsa_i15_pss_sign.c new file mode 100644 index 0000000..dd9385b --- /dev/null +++ b/src/bearssl/src/rsa/rsa_i15_pss_sign.c @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see bearssl_rsa.h */ +uint32_t +br_rsa_i15_pss_sign(const br_prng_class **rng, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash, size_t salt_len, + const br_rsa_private_key *sk, unsigned char *x) +{ + if (!br_rsa_pss_sig_pad(rng, hf_data, hf_mgf1, hash, + salt_len, sk->n_bitlen, x)) + { + return 0; + } + return br_rsa_i15_private(x, sk); +} diff --git a/src/bearssl/src/rsa/rsa_i15_pss_vrfy.c b/src/bearssl/src/rsa/rsa_i15_pss_vrfy.c new file mode 100644 index 0000000..7d9f2cb --- /dev/null +++ b/src/bearssl/src/rsa/rsa_i15_pss_vrfy.c @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see bearssl_rsa.h */ +uint32_t +br_rsa_i15_pss_vrfy(const unsigned char *x, size_t xlen, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const void *hash, size_t salt_len, const br_rsa_public_key *pk) +{ + unsigned char sig[BR_MAX_RSA_SIZE >> 3]; + + if (xlen > (sizeof sig)) { + return 0; + } + memcpy(sig, x, xlen); + if (!br_rsa_i15_public(sig, xlen, pk)) { + return 0; + } + return br_rsa_pss_sig_unpad(hf_data, hf_mgf1, + hash, salt_len, pk, sig); +} diff --git a/src/bearssl/src/rsa/rsa_i31_keygen_inner.c b/src/bearssl/src/rsa/rsa_i31_keygen_inner.c index 9ec881b..98df445 100644 --- a/src/bearssl/src/rsa/rsa_i31_keygen_inner.c +++ b/src/bearssl/src/rsa/rsa_i31_keygen_inner.c @@ -340,9 +340,9 @@ mkprime(const br_prng_class **rng, uint32_t *x, uint32_t esize, continue; } if ((pubexp == 3 && m3 == 1) - || (pubexp == 5 && m5 == 5) - || (pubexp == 7 && m5 == 7) - || (pubexp == 11 && m5 == 11)) + || (pubexp == 5 && m5 == 1) + || (pubexp == 7 && m7 == 1) + || (pubexp == 11 && m11 == 1)) { continue; } diff --git a/src/bearssl/src/rsa/rsa_i31_modulus.c b/src/bearssl/src/rsa/rsa_i31_modulus.c index c469cf3..f5f997f 100644 --- a/src/bearssl/src/rsa/rsa_i31_modulus.c +++ b/src/bearssl/src/rsa/rsa_i31_modulus.c @@ -28,7 +28,7 @@ size_t br_rsa_i31_compute_modulus(void *n, const br_rsa_private_key *sk) { - uint32_t tmp[2 * ((BR_MAX_RSA_SIZE + 30) / 31) + 5]; + uint32_t tmp[4 * (((BR_MAX_RSA_SIZE / 2) + 30) / 31) + 5]; uint32_t *t, *p, *q; const unsigned char *pbuf, *qbuf; size_t nlen, plen, qlen, tlen; diff --git a/src/bearssl/src/rsa/rsa_i31_pss_sign.c b/src/bearssl/src/rsa/rsa_i31_pss_sign.c new file mode 100644 index 0000000..b06f3e2 --- /dev/null +++ b/src/bearssl/src/rsa/rsa_i31_pss_sign.c @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see bearssl_rsa.h */ +uint32_t +br_rsa_i31_pss_sign(const br_prng_class **rng, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash, size_t salt_len, + const br_rsa_private_key *sk, unsigned char *x) +{ + if (!br_rsa_pss_sig_pad(rng, hf_data, hf_mgf1, hash, + salt_len, sk->n_bitlen, x)) + { + return 0; + } + return br_rsa_i31_private(x, sk); +} diff --git a/src/bearssl/src/rsa/rsa_i31_pss_vrfy.c b/src/bearssl/src/rsa/rsa_i31_pss_vrfy.c new file mode 100644 index 0000000..77a9b28 --- /dev/null +++ b/src/bearssl/src/rsa/rsa_i31_pss_vrfy.c @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see bearssl_rsa.h */ +uint32_t +br_rsa_i31_pss_vrfy(const unsigned char *x, size_t xlen, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const void *hash, size_t salt_len, const br_rsa_public_key *pk) +{ + unsigned char sig[BR_MAX_RSA_SIZE >> 3]; + + if (xlen > (sizeof sig)) { + return 0; + } + memcpy(sig, x, xlen); + if (!br_rsa_i31_public(sig, xlen, pk)) { + return 0; + } + return br_rsa_pss_sig_unpad(hf_data, hf_mgf1, + hash, salt_len, pk, sig); +} diff --git a/src/bearssl/src/rsa/rsa_i32_pss_sign.c b/src/bearssl/src/rsa/rsa_i32_pss_sign.c new file mode 100644 index 0000000..0f72f92 --- /dev/null +++ b/src/bearssl/src/rsa/rsa_i32_pss_sign.c @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see bearssl_rsa.h */ +uint32_t +br_rsa_i32_pss_sign(const br_prng_class **rng, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash, size_t salt_len, + const br_rsa_private_key *sk, unsigned char *x) +{ + if (!br_rsa_pss_sig_pad(rng, hf_data, hf_mgf1, hash, + salt_len, sk->n_bitlen, x)) + { + return 0; + } + return br_rsa_i32_private(x, sk); +} diff --git a/src/bearssl/src/rsa/rsa_i32_pss_vrfy.c b/src/bearssl/src/rsa/rsa_i32_pss_vrfy.c new file mode 100644 index 0000000..2e70d23 --- /dev/null +++ b/src/bearssl/src/rsa/rsa_i32_pss_vrfy.c @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see bearssl_rsa.h */ +uint32_t +br_rsa_i32_pss_vrfy(const unsigned char *x, size_t xlen, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const void *hash, size_t salt_len, const br_rsa_public_key *pk) +{ + unsigned char sig[BR_MAX_RSA_SIZE >> 3]; + + if (xlen > (sizeof sig)) { + return 0; + } + memcpy(sig, x, xlen); + if (!br_rsa_i32_public(sig, xlen, pk)) { + return 0; + } + return br_rsa_pss_sig_unpad(hf_data, hf_mgf1, + hash, salt_len, pk, sig); +} diff --git a/src/bearssl/src/rsa/rsa_i62_pss_sign.c b/src/bearssl/src/rsa/rsa_i62_pss_sign.c new file mode 100644 index 0000000..7232f6d --- /dev/null +++ b/src/bearssl/src/rsa/rsa_i62_pss_sign.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +#if BR_INT128 || BR_UMUL128 + +/* see bearssl_rsa.h */ +uint32_t +br_rsa_i62_pss_sign(const br_prng_class **rng, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash, size_t salt_len, + const br_rsa_private_key *sk, unsigned char *x) +{ + if (!br_rsa_pss_sig_pad(rng, hf_data, hf_mgf1, hash, + salt_len, sk->n_bitlen, x)) + { + return 0; + } + return br_rsa_i62_private(x, sk); +} + +/* see bearssl_rsa.h */ +br_rsa_pss_sign +br_rsa_i62_pss_sign_get(void) +{ + return &br_rsa_i62_pss_sign; +} + +#else + +/* see bearssl_rsa.h */ +br_rsa_pss_sign +br_rsa_i62_pss_sign_get(void) +{ + return 0; +} + +#endif diff --git a/src/bearssl/src/rsa/rsa_i62_pss_vrfy.c b/src/bearssl/src/rsa/rsa_i62_pss_vrfy.c new file mode 100644 index 0000000..e726e82 --- /dev/null +++ b/src/bearssl/src/rsa/rsa_i62_pss_vrfy.c @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +#if BR_INT128 || BR_UMUL128 + +/* see bearssl_rsa.h */ +uint32_t +br_rsa_i62_pss_vrfy(const unsigned char *x, size_t xlen, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const void *hash, size_t salt_len, const br_rsa_public_key *pk) +{ + unsigned char sig[BR_MAX_RSA_SIZE >> 3]; + + if (xlen > (sizeof sig)) { + return 0; + } + memcpy(sig, x, xlen); + if (!br_rsa_i62_public(sig, xlen, pk)) { + return 0; + } + return br_rsa_pss_sig_unpad(hf_data, hf_mgf1, + hash, salt_len, pk, sig); +} + +/* see bearssl_rsa.h */ +br_rsa_pss_vrfy +br_rsa_i62_pss_vrfy_get(void) +{ + return &br_rsa_i62_pss_vrfy; +} + +#else + +/* see bearssl_rsa.h */ +br_rsa_pss_vrfy +br_rsa_i62_pss_vrfy_get(void) +{ + return 0; +} + +#endif diff --git a/src/bearssl/src/rsa/rsa_pss_sig_pad.c b/src/bearssl/src/rsa/rsa_pss_sig_pad.c new file mode 100644 index 0000000..13e9027 --- /dev/null +++ b/src/bearssl/src/rsa/rsa_pss_sig_pad.c @@ -0,0 +1,106 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see inner.h */ +uint32_t +br_rsa_pss_sig_pad(const br_prng_class **rng, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash, size_t salt_len, + uint32_t n_bitlen, unsigned char *x) +{ + size_t xlen, hash_len; + br_hash_compat_context hc; + unsigned char *salt, *seed; + + hash_len = br_digest_size(hf_data); + + /* + * The padded string is one bit smaller than the modulus; + * notably, if the modulus length is equal to 1 modulo 8, then + * the padded string will be one _byte_ smaller, and the first + * byte will be set to 0. We apply these transformations here. + */ + n_bitlen --; + if ((n_bitlen & 7) == 0) { + *x ++ = 0; + } + xlen = (n_bitlen + 7) >> 3; + + /* + * Check that the modulus is large enough for the hash value + * length combined with the intended salt length. + */ + if (hash_len > xlen || salt_len > xlen + || (hash_len + salt_len + 2) > xlen) + { + return 0; + } + + /* + * Produce a random salt. + */ + salt = x + xlen - hash_len - salt_len - 1; + if (salt_len != 0) { + (*rng)->generate(rng, salt, salt_len); + } + + /* + * Compute the seed for MGF1. + */ + seed = x + xlen - hash_len - 1; + hf_data->init(&hc.vtable); + memset(seed, 0, 8); + hf_data->update(&hc.vtable, seed, 8); + hf_data->update(&hc.vtable, hash, hash_len); + hf_data->update(&hc.vtable, salt, salt_len); + hf_data->out(&hc.vtable, seed); + + /* + * Prepare string PS (padded salt). The salt is already at the + * right place. + */ + memset(x, 0, xlen - salt_len - hash_len - 2); + x[xlen - salt_len - hash_len - 2] = 0x01; + + /* + * Generate the mask and XOR it into PS. + */ + br_mgf1_xor(x, xlen - hash_len - 1, hf_mgf1, seed, hash_len); + + /* + * Clear the top bits to ensure the value is lower than the + * modulus. + */ + x[0] &= 0xFF >> (((uint32_t)xlen << 3) - n_bitlen); + + /* + * The seed (H) is already in the right place. We just set the + * last byte. + */ + x[xlen - 1] = 0xBC; + + return 1; +} diff --git a/src/bearssl/src/rsa/rsa_pss_sig_unpad.c b/src/bearssl/src/rsa/rsa_pss_sig_unpad.c new file mode 100644 index 0000000..a9f8ca3 --- /dev/null +++ b/src/bearssl/src/rsa/rsa_pss_sig_unpad.c @@ -0,0 +1,121 @@ +/* + * Copyright (c) 2018 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see inner.h */ +uint32_t +br_rsa_pss_sig_unpad(const br_hash_class *hf_data, + const br_hash_class *hf_mgf1, + const unsigned char *hash, size_t salt_len, + const br_rsa_public_key *pk, unsigned char *x) +{ + size_t u, xlen, hash_len; + br_hash_compat_context hc; + unsigned char *seed, *salt; + unsigned char tmp[64]; + uint32_t r, n_bitlen; + + hash_len = br_digest_size(hf_data); + + /* + * Value r will be set to a non-zero value is any test fails. + */ + r = 0; + + /* + * The value bit length (as an integer) must be strictly less than + * that of the modulus. + */ + for (u = 0; u < pk->nlen; u ++) { + if (pk->n[u] != 0) { + break; + } + } + if (u == pk->nlen) { + return 0; + } + n_bitlen = BIT_LENGTH(pk->n[u]) + ((uint32_t)(pk->nlen - u - 1) << 3); + n_bitlen --; + if ((n_bitlen & 7) == 0) { + r |= *x ++; + } else { + r |= x[0] & (0xFF << (n_bitlen & 7)); + } + xlen = (n_bitlen + 7) >> 3; + + /* + * Check that the modulus is large enough for the hash value + * length combined with the intended salt length. + */ + if (hash_len > xlen || salt_len > xlen + || (hash_len + salt_len + 2) > xlen) + { + return 0; + } + + /* + * Check value of rightmost byte. + */ + r |= x[xlen - 1] ^ 0xBC; + + /* + * Generate the mask and XOR it into the first bytes to reveal PS; + * we must also mask out the leading bits. + */ + seed = x + xlen - hash_len - 1; + br_mgf1_xor(x, xlen - hash_len - 1, hf_mgf1, seed, hash_len); + if ((n_bitlen & 7) != 0) { + x[0] &= 0xFF >> (8 - (n_bitlen & 7)); + } + + /* + * Check that all padding bytes have the expected value. + */ + for (u = 0; u < (xlen - hash_len - salt_len - 2); u ++) { + r |= x[u]; + } + r |= x[xlen - hash_len - salt_len - 2] ^ 0x01; + + /* + * Recompute H. + */ + salt = x + xlen - hash_len - salt_len - 1; + hf_data->init(&hc.vtable); + memset(tmp, 0, 8); + hf_data->update(&hc.vtable, tmp, 8); + hf_data->update(&hc.vtable, hash, hash_len); + hf_data->update(&hc.vtable, salt, salt_len); + hf_data->out(&hc.vtable, tmp); + + /* + * Check that the recomputed H value matches the one appearing + * in the string. + */ + for (u = 0; u < hash_len; u ++) { + r |= tmp[u] ^ x[(xlen - salt_len - 1) + u]; + } + + return EQ0(r); +} diff --git a/src/bearssl/src/ssl/ssl_client_full.c b/src/bearssl/src/ssl/ssl_client_full.c index bc34e92..fd35b3c 100644 --- a/src/bearssl/src/ssl/ssl_client_full.c +++ b/src/bearssl/src/ssl/ssl_client_full.c @@ -119,7 +119,6 @@ br_ssl_client_init_full(br_ssl_client_context *cc, * to TLS-1.2 (inclusive). */ br_ssl_client_zero(cc); - memset(xc, 0, sizeof *xc); br_ssl_engine_set_versions(&cc->eng, BR_TLS10, BR_TLS12); /* diff --git a/src/bearssl/src/ssl/ssl_engine.c b/src/bearssl/src/ssl/ssl_engine.c index f4ffe18..f59fe1a 100644 --- a/src/bearssl/src/ssl/ssl_engine.c +++ b/src/bearssl/src/ssl/ssl_engine.c @@ -1232,6 +1232,21 @@ void br_ssl_engine_close(br_ssl_engine_context *cc) { if (!br_ssl_engine_closed(cc)) { + /* + * If we are not already closed, then we need to + * initiate the closure. Once closing, any incoming + * application data is discarded; we should also discard + * application data which is already there but has not + * been acknowledged by the application yet (this mimics + * usual semantics on BSD sockets: you cannot read() + * once you called close(), even if there was some + * unread data already buffered). + */ + size_t len; + + if (br_ssl_engine_recvapp_buf(cc, &len) != NULL && len != 0) { + br_ssl_engine_recvapp_ack(cc, len); + } jump_handshake(cc, 1); } } diff --git a/src/bearssl/src/ssl/ssl_io.c b/src/bearssl/src/ssl/ssl_io.c index e929228..1952615 100644 --- a/src/bearssl/src/ssl/ssl_io.c +++ b/src/bearssl/src/ssl/ssl_io.c @@ -48,8 +48,8 @@ br_sslio_init(br_sslio_context *ctx, * combination of both (the combination matches either). When a match is * achieved, this function returns 0. On error, it returns -1. */ -int -br_run_until(br_sslio_context *ctx, unsigned target) +static int +run_until(br_sslio_context *ctx, unsigned target) { for (;;) { unsigned state; @@ -152,7 +152,7 @@ br_sslio_read(br_sslio_context *ctx, void *dst, size_t len) if (len == 0) { return 0; } - if (br_run_until(ctx, BR_SSL_RECVAPP) < 0) { + if (run_until(ctx, BR_SSL_RECVAPP) < 0) { return -1; } buf = br_ssl_engine_recvapp_buf(ctx->engine, &alen); @@ -194,7 +194,7 @@ br_sslio_write(br_sslio_context *ctx, const void *src, size_t len) if (len == 0) { return 0; } - if (br_run_until(ctx, BR_SSL_SENDAPP) < 0) { + if (run_until(ctx, BR_SSL_SENDAPP) < 0) { return -1; } buf = br_ssl_engine_sendapp_buf(ctx->engine, &alen); @@ -238,7 +238,7 @@ br_sslio_flush(br_sslio_context *ctx) * first sent down the wire before considering anything else. */ br_ssl_engine_flush(ctx->engine, 0); - return br_run_until(ctx, BR_SSL_SENDAPP | BR_SSL_RECVAPP); + return run_until(ctx, BR_SSL_SENDAPP | BR_SSL_RECVAPP); } /* see bearssl_ssl.h */ @@ -252,7 +252,7 @@ br_sslio_close(br_sslio_context *ctx) */ size_t len; - br_run_until(ctx, BR_SSL_RECVAPP); + run_until(ctx, BR_SSL_RECVAPP); if (br_ssl_engine_recvapp_buf(ctx->engine, &len) != NULL) { br_ssl_engine_recvapp_ack(ctx->engine, len); } diff --git a/src/bearssl/src/x509/asn1.t0 b/src/bearssl/src/x509/asn1.t0 index ba59252..c329514 100644 --- a/src/bearssl/src/x509/asn1.t0 +++ b/src/bearssl/src/x509/asn1.t0 @@ -480,7 +480,7 @@ OID: id-at-commonName 2.5.4.3 \ 66 noncharacters, and also the surrogate range; this function does NOT \ check that the value is in the 0..10FFFF range. : valid-unicode? ( val -- bool ) - dup 0xFDD0 0xFEDF between? if drop 0 ret then + dup 0xFDD0 0xFDEF between? if drop 0 ret then dup 0xD800 0xDFFF between? if drop 0 ret then 0xFFFF and 0xFFFE < ; diff --git a/src/bearssl/src/x509/skey_decoder.c b/src/bearssl/src/x509/skey_decoder.c index f4e43e7..9e285d7 100644 --- a/src/bearssl/src/x509/skey_decoder.c +++ b/src/bearssl/src/x509/skey_decoder.c @@ -155,7 +155,7 @@ static const unsigned char t0_codeblock[] = { 0x02, 0x06, 0x1E, 0x00, 0x00, 0x19, 0x19, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x20, 0x14, 0x06, 0x08, 0x01, 0x01, 0x21, 0x20, 0x22, 0x20, 0x04, 0x75, 0x13, 0x00, 0x00, 0x01, - T0_INT2(3 * BR_X509_BUFSIZE_KEY), 0x00, 0x01, 0x01, 0x87, 0xFF, 0xFF, + T0_INT2(3 * BR_X509_BUFSIZE_SIG), 0x00, 0x01, 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x54, 0x57, 0x01, 0x02, 0x3E, 0x55, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x30, 0x16, 0x57, 0x01, 0x02, 0x19, 0x0D, 0x06, 0x06, 0x13, 0x3B, 0x44, 0x32, 0x04, 0x1C, 0x01, 0x04, 0x19, 0x0D, 0x06, 0x08, 0x13, 0x3B, 0x01, diff --git a/src/bearssl/src/x509/skey_decoder.t0 b/src/bearssl/src/x509/skey_decoder.t0 index 5b59421..f00e614 100644 --- a/src/bearssl/src/x509/skey_decoder.t0 +++ b/src/bearssl/src/x509/skey_decoder.t0 @@ -80,7 +80,7 @@ cc: read-blob-inner ( addr len -- addr len ) { \ Get the length of the key_data buffer. : len-key_data - CX 0 8191 { 3 * BR_X509_BUFSIZE_KEY } ; + CX 0 8191 { 3 * BR_X509_BUFSIZE_SIG } ; \ Get the address and length for the key_data buffer. : addr-len-key_data ( -- addr len ) diff --git a/src/bearssl/src/x509/x509_minimal.c b/src/bearssl/src/x509/x509_minimal.c index 3b876ef..6103c08 100644 --- a/src/bearssl/src/x509/x509_minimal.c +++ b/src/bearssl/src/x509/x509_minimal.c @@ -703,7 +703,7 @@ static const unsigned char t0_codeblock[] = { 0x76, 0x00, 0x00, 0x01, 0x00, 0x30, 0x31, 0x0B, 0x42, 0x00, 0x00, 0x01, 0x81, 0x70, 0x00, 0x00, 0x01, 0x82, 0x0D, 0x00, 0x00, 0x01, 0x82, 0x22, 0x00, 0x00, 0x01, 0x82, 0x05, 0x00, 0x00, 0x01, 0x03, 0x33, 0x01, 0x03, - 0x33, 0x00, 0x00, 0x25, 0x01, 0x83, 0xFB, 0x50, 0x01, 0x83, 0xFD, 0x5F, + 0x33, 0x00, 0x00, 0x25, 0x01, 0x83, 0xFB, 0x50, 0x01, 0x83, 0xFB, 0x6F, 0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x25, 0x01, 0x83, 0xB0, 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x15, 0x01, 0x83, 0xFF, 0x7E, 0x0D, 0x00 diff --git a/src/bearssl/src/x509/x509_minimal.t0 b/src/bearssl/src/x509/x509_minimal.t0 index 1e60016..50995dc 100644 --- a/src/bearssl/src/x509/x509_minimal.t0 +++ b/src/bearssl/src/x509/x509_minimal.t0 @@ -106,7 +106,7 @@ preamble { * -- Extensions: extension values are processed in due order. * * -- Basic Constraints: for all certificates except EE, must be - * present, indicate a CA, and have a path legnth compatible with + * present, indicate a CA, and have a path length compatible with * the chain length so far. * * -- Key Usage: for the EE, if present, must allow signatures diff --git a/src/bearssl_ec.h b/src/bearssl_ec.h index b03984a..9c76c95 100644 --- a/src/bearssl_ec.h +++ b/src/bearssl_ec.h @@ -108,7 +108,7 @@ extern "C" { * * - The multipliers (integers) MUST be lower than the subgroup order. * If this property is not met, then the result is indeterminate, - * but an error value is not ncessearily returned. + * but an error value is not necessarily returned. * * * ## ECDSA @@ -451,6 +451,42 @@ extern const br_ec_impl br_ec_p256_m15; */ extern const br_ec_impl br_ec_p256_m31; +/** + * \brief EC implementation "m62" (specialised code) for P-256. + * + * This implementation uses custom code relying on multiplication of + * integers up to 64 bits, with a 128-bit result. This implementation is + * defined only on platforms that offer the 64x64->128 multiplication + * support; use `br_ec_p256_m62_get()` to dynamically obtain a pointer + * to that implementation. + */ +extern const br_ec_impl br_ec_p256_m62; + +/** + * \brief Get the "m62" implementation of P-256, if available. + * + * \return the implementation, or 0. + */ +const br_ec_impl *br_ec_p256_m62_get(void); + +/** + * \brief EC implementation "m64" (specialised code) for P-256. + * + * This implementation uses custom code relying on multiplication of + * integers up to 64 bits, with a 128-bit result. This implementation is + * defined only on platforms that offer the 64x64->128 multiplication + * support; use `br_ec_p256_m64_get()` to dynamically obtain a pointer + * to that implementation. + */ +extern const br_ec_impl br_ec_p256_m64; + +/** + * \brief Get the "m64" implementation of P-256, if available. + * + * \return the implementation, or 0. + */ +const br_ec_impl *br_ec_p256_m64_get(void); + /** * \brief EC implementation "i15" (generic code) for Curve25519. * @@ -507,6 +543,54 @@ extern const br_ec_impl br_ec_c25519_m15; */ extern const br_ec_impl br_ec_c25519_m31; +/** + * \brief EC implementation "m62" (specialised code) for Curve25519. + * + * This implementation uses custom code relying on multiplication of + * integers up to 62 bits, with a 124-bit result. This implementation is + * defined only on platforms that offer the 64x64->128 multiplication + * support; use `br_ec_c25519_m62_get()` to dynamically obtain a pointer + * to that implementation. Due to the specificities of the curve + * definition, the following applies: + * + * - `muladd()` is not implemented (the function returns 0 systematically). + * - `order()` returns 2^255-1, since the point multiplication algorithm + * accepts any 32-bit integer as input (it clears the top bit and low + * three bits systematically). + */ +extern const br_ec_impl br_ec_c25519_m62; + +/** + * \brief Get the "m62" implementation of Curve25519, if available. + * + * \return the implementation, or 0. + */ +const br_ec_impl *br_ec_c25519_m62_get(void); + +/** + * \brief EC implementation "m64" (specialised code) for Curve25519. + * + * This implementation uses custom code relying on multiplication of + * integers up to 64 bits, with a 128-bit result. This implementation is + * defined only on platforms that offer the 64x64->128 multiplication + * support; use `br_ec_c25519_m64_get()` to dynamically obtain a pointer + * to that implementation. Due to the specificities of the curve + * definition, the following applies: + * + * - `muladd()` is not implemented (the function returns 0 systematically). + * - `order()` returns 2^255-1, since the point multiplication algorithm + * accepts any 32-bit integer as input (it clears the top bit and low + * three bits systematically). + */ +extern const br_ec_impl br_ec_c25519_m64; + +/** + * \brief Get the "m64" implementation of Curve25519, if available. + * + * \return the implementation, or 0. + */ +const br_ec_impl *br_ec_c25519_m64_get(void); + /** * \brief Aggregate EC implementation "m15". * diff --git a/src/bearssl_hash.h b/src/bearssl_hash.h index 3b15ba7..ca4fa26 100644 --- a/src/bearssl_hash.h +++ b/src/bearssl_hash.h @@ -724,7 +724,7 @@ void br_sha256_update(br_sha256_context *ctx, const void *data, size_t len); */ void br_sha256_out(const br_sha256_context *ctx, void *out); -#if BR_DOXYGEN_IGNORE +#ifdef BR_DOXYGEN_IGNORE /** * \brief Save SHA-256 running state. * @@ -742,7 +742,7 @@ uint64_t br_sha256_state(const br_sha256_context *ctx, void *out); #define br_sha256_state br_sha224_state #endif -#if BR_DOXYGEN_IGNORE +#ifdef BR_DOXYGEN_IGNORE /** * \brief Restore SHA-256 running state. * diff --git a/src/bearssl_kdf.h b/src/bearssl_kdf.h index f018d7e..955b843 100644 --- a/src/bearssl_kdf.h +++ b/src/bearssl_kdf.h @@ -81,6 +81,30 @@ extern "C" { * Note that the HKDF total output size (the number of bytes that * HKDF-Expand is willing to produce) is limited: if the hash output size * is _n_ bytes, then the maximum output size is _255*n_. + * + * ## SHAKE + * + * SHAKE is defined in + * [FIPS 202](https://csrc.nist.gov/publications/detail/fips/202/final) + * under two versions: SHAKE128 and SHAKE256, offering an alleged + * "security level" of 128 and 256 bits, respectively (SHAKE128 is + * about 20 to 25% faster than SHAKE256). SHAKE internally relies on + * the Keccak family of sponge functions, not on any externally provided + * hash function. Contrary to HKDF, SHAKE does not have a concept of + * either a "salt" or an "info" string. The API consists in four + * functions: + * + * - `br_shake_init()`: initialize a SHAKE context for a given + * security level. + * + * - `br_shake_inject()`: inject more input bytes. This function may be + * called repeatedly if the input data is provided by chunks. + * + * - `br_shake_flip()`: end the data injection process, and start the + * data production process. + * + * - `br_shake_produce()`: get the next bytes of output. This function + * may be called several times to obtain the full output by chunks. */ /** @@ -178,6 +202,81 @@ void br_hkdf_flip(br_hkdf_context *hc); size_t br_hkdf_produce(br_hkdf_context *hc, const void *info, size_t info_len, void *out, size_t out_len); +/** + * \brief SHAKE context. + * + * The HKDF context is initialized with a "security level". The internal + * notion is called "capacity"; the capacity is twice the security level + * (for instance, SHAKE128 has capacity 256). + * + * The caller is responsible for allocating the context where + * appropriate. Context initialisation and usage incurs no dynamic + * allocation, so there is no release function. + */ +typedef struct { +#ifndef BR_DOXYGEN_IGNORE + unsigned char dbuf[200]; + size_t dptr; + size_t rate; + uint64_t A[25]; +#endif +} br_shake_context; + +/** + * \brief SHAKE context initialization. + * + * The context is initialized for the provided "security level". + * Internally, this sets the "capacity" to twice the security level; + * thus, for SHAKE128, the `security_level` parameter should be 128, + * which corresponds to a 256-bit capacity. + * + * Allowed security levels are all multiples of 32, from 32 to 768, + * inclusive. Larger security levels imply lower performance; levels + * beyond 256 bits don't make much sense. Standard levels are 128 + * and 256 bits (for SHAKE128 and SHAKE256, respectively). + * + * \param sc SHAKE context to initialise. + * \param security_level security level (in bits). + */ +void br_shake_init(br_shake_context *sc, int security_level); + +/** + * \brief SHAKE input injection. + * + * This function injects some more input bytes ("key material") into + * SHAKE. This function may be called several times, after `br_shake_init()` + * but before `br_shake_flip()`. + * + * \param sc SHAKE context. + * \param data extra input bytes. + * \param len number of extra input bytes. + */ +void br_shake_inject(br_shake_context *sc, const void *data, size_t len); + +/** + * \brief SHAKE switch to production phase. + * + * This call terminates the input injection process, and starts the + * output production process. + * + * \param sc SHAKE context. + */ +void br_shake_flip(br_shake_context *hc); + +/** + * \brief SHAKE output production. + * + * Produce more output bytes from the current state. This function may be + * called several times, but only after `br_shake_flip()`. + * + * There is no practical limit to the number of bytes that may be produced. + * + * \param sc SHAKE context. + * \param out destination buffer for the SHAKE output. + * \param len the length of the requested output (in bytes). + */ +void br_shake_produce(br_shake_context *sc, void *out, size_t len); + #ifdef __cplusplus } #endif diff --git a/src/bearssl_rsa.h b/src/bearssl_rsa.h index 0eaf2a2..0a069fd 100644 --- a/src/bearssl_rsa.h +++ b/src/bearssl_rsa.h @@ -28,6 +28,7 @@ #include #include +#include "bearssl_hash.h" #include "bearssl_rand.h" #ifdef __cplusplus @@ -279,6 +280,55 @@ typedef uint32_t (*br_rsa_pkcs1_vrfy)(const unsigned char *x, size_t xlen, const unsigned char *hash_oid, size_t hash_len, const br_rsa_public_key *pk, unsigned char *hash_out); +/** + * \brief Type for a RSA signature verification engine (PSS). + * + * Parameters are: + * + * - The signature itself. The provided array is NOT modified. + * + * - The hash function which was used to hash the message. + * + * - The hash function to use with MGF1 within the PSS padding. This + * is not necessarily the same hash function as the one which was + * used to hash the signed message. + * + * - The hashed message (as an array of bytes). + * + * - The PSS salt length (in bytes). + * + * - The public key. + * + * **Constraints:** + * + * - Hash message length MUST be no more than 64 bytes. + * + * Note that, contrary to PKCS#1 v1.5 signature, the hash value of the + * signed data cannot be extracted from the signature; it must be + * provided to the verification function. + * + * This function verifies that the signature length (`xlen`) matches the + * modulus length (this function returns 0 on mismatch). If the modulus + * size exceeds the maximum supported RSA size, then the function also + * returns 0. + * + * Returned value is 1 on success, 0 on error. + * + * Implementations of this type need not be constant-time. + * + * \param x signature buffer. + * \param xlen signature length (in bytes). + * \param hf_data hash function applied on the message. + * \param hf_mgf1 hash function to use with MGF1. + * \param hash hash value of the signed message. + * \param salt_len PSS salt length (in bytes). + * \param pk RSA public key. + * \return 1 on success, 0 on error. + */ +typedef uint32_t (*br_rsa_pss_vrfy)(const unsigned char *x, size_t xlen, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const void *hash, size_t salt_len, const br_rsa_public_key *pk); + /** * \brief Type for a RSA encryption engine (OAEP). * @@ -385,6 +435,53 @@ typedef uint32_t (*br_rsa_pkcs1_sign)(const unsigned char *hash_oid, const unsigned char *hash, size_t hash_len, const br_rsa_private_key *sk, unsigned char *x); +/** + * \brief Type for a RSA signature generation engine (PSS). + * + * Parameters are: + * + * - An initialized PRNG for salt generation. If the salt length is + * zero (`salt_len` parameter), then the PRNG is optional (this is + * not the typical case, as the security proof of RSA/PSS is + * tighter when a non-empty salt is used). + * + * - The hash function which was used to hash the message. + * + * - The hash function to use with MGF1 within the PSS padding. This + * is not necessarily the same function as the one used to hash the + * message. + * + * - The hashed message. + * + * - The salt length, in bytes. + * + * - The RSA private key. + * + * - The output buffer, that receives the signature. + * + * Returned value is 1 on success, 0 on error. Error conditions include + * a too small modulus for the provided hash and salt lengths, or some + * invalid key parameters. The signature length is exactly + * `(sk->n_bitlen+7)/8` bytes. + * + * This function is expected to be constant-time with regards to the + * private key bytes (lengths of the modulus and the individual factors + * may leak, though) and to the hashed data. + * + * \param rng PRNG for salt generation (`NULL` if `salt_len` is zero). + * \param hf_data hash function used to hash the signed data. + * \param hf_mgf1 hash function to use with MGF1. + * \param hash hashed message. + * \param salt_len salt length (in bytes). + * \param sk RSA private key. + * \param x output buffer for the signature value. + * \return 1 on success, 0 on error. + */ +typedef uint32_t (*br_rsa_pss_sign)(const br_prng_class **rng, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash_value, size_t salt_len, + const br_rsa_private_key *sk, unsigned char *x); + /** * \brief Encoded OID for SHA-1 (in RSA PKCS#1 signatures). */ @@ -476,7 +573,7 @@ uint32_t br_rsa_i32_public(unsigned char *x, size_t xlen, const br_rsa_public_key *pk); /** - * \brief RSA signature verification engine "i32". + * \brief RSA signature verification engine "i32" (PKCS#1 v1.5 signatures). * * \see br_rsa_pkcs1_vrfy * @@ -492,6 +589,24 @@ uint32_t br_rsa_i32_pkcs1_vrfy(const unsigned char *x, size_t xlen, const unsigned char *hash_oid, size_t hash_len, const br_rsa_public_key *pk, unsigned char *hash_out); +/** + * \brief RSA signature verification engine "i32" (PSS signatures). + * + * \see br_rsa_pss_vrfy + * + * \param x signature buffer. + * \param xlen signature length (in bytes). + * \param hf_data hash function applied on the message. + * \param hf_mgf1 hash function to use with MGF1. + * \param hash hash value of the signed message. + * \param salt_len PSS salt length (in bytes). + * \param pk RSA public key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i32_pss_vrfy(const unsigned char *x, size_t xlen, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const void *hash, size_t salt_len, const br_rsa_public_key *pk); + /** * \brief RSA private key engine "i32". * @@ -505,7 +620,7 @@ uint32_t br_rsa_i32_private(unsigned char *x, const br_rsa_private_key *sk); /** - * \brief RSA signature generation engine "i32". + * \brief RSA signature generation engine "i32" (PKCS#1 v1.5 signatures). * * \see br_rsa_pkcs1_sign * @@ -520,6 +635,25 @@ uint32_t br_rsa_i32_pkcs1_sign(const unsigned char *hash_oid, const unsigned char *hash, size_t hash_len, const br_rsa_private_key *sk, unsigned char *x); +/** + * \brief RSA signature generation engine "i32" (PSS signatures). + * + * \see br_rsa_pss_sign + * + * \param rng PRNG for salt generation (`NULL` if `salt_len` is zero). + * \param hf_data hash function used to hash the signed data. + * \param hf_mgf1 hash function to use with MGF1. + * \param hash hashed message. + * \param salt_len salt length (in bytes). + * \param sk RSA private key. + * \param x output buffer for the signature value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i32_pss_sign(const br_prng_class **rng, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash_value, size_t salt_len, + const br_rsa_private_key *sk, unsigned char *x); + /* * RSA "i31" engine. Similar to i32, but only 31 bits are used per 32-bit * word. This uses slightly more stack space (about 4% more) and code @@ -540,7 +674,7 @@ uint32_t br_rsa_i31_public(unsigned char *x, size_t xlen, const br_rsa_public_key *pk); /** - * \brief RSA signature verification engine "i31". + * \brief RSA signature verification engine "i31" (PKCS#1 v1.5 signatures). * * \see br_rsa_pkcs1_vrfy * @@ -556,6 +690,24 @@ uint32_t br_rsa_i31_pkcs1_vrfy(const unsigned char *x, size_t xlen, const unsigned char *hash_oid, size_t hash_len, const br_rsa_public_key *pk, unsigned char *hash_out); +/** + * \brief RSA signature verification engine "i31" (PSS signatures). + * + * \see br_rsa_pss_vrfy + * + * \param x signature buffer. + * \param xlen signature length (in bytes). + * \param hf_data hash function applied on the message. + * \param hf_mgf1 hash function to use with MGF1. + * \param hash hash value of the signed message. + * \param salt_len PSS salt length (in bytes). + * \param pk RSA public key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i31_pss_vrfy(const unsigned char *x, size_t xlen, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const void *hash, size_t salt_len, const br_rsa_public_key *pk); + /** * \brief RSA private key engine "i31". * @@ -569,7 +721,7 @@ uint32_t br_rsa_i31_private(unsigned char *x, const br_rsa_private_key *sk); /** - * \brief RSA signature generation engine "i31". + * \brief RSA signature generation engine "i31" (PKCS#1 v1.5 signatures). * * \see br_rsa_pkcs1_sign * @@ -584,6 +736,25 @@ uint32_t br_rsa_i31_pkcs1_sign(const unsigned char *hash_oid, const unsigned char *hash, size_t hash_len, const br_rsa_private_key *sk, unsigned char *x); +/** + * \brief RSA signature generation engine "i31" (PSS signatures). + * + * \see br_rsa_pss_sign + * + * \param rng PRNG for salt generation (`NULL` if `salt_len` is zero). + * \param hf_data hash function used to hash the signed data. + * \param hf_mgf1 hash function to use with MGF1. + * \param hash hashed message. + * \param salt_len salt length (in bytes). + * \param sk RSA private key. + * \param x output buffer for the signature value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i31_pss_sign(const br_prng_class **rng, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash_value, size_t salt_len, + const br_rsa_private_key *sk, unsigned char *x); + /* * RSA "i62" engine. Similar to i31, but internal multiplication use * 64x64->128 multiplications. This is available only on architecture @@ -608,7 +779,7 @@ uint32_t br_rsa_i62_public(unsigned char *x, size_t xlen, const br_rsa_public_key *pk); /** - * \brief RSA signature verification engine "i62". + * \brief RSA signature verification engine "i62" (PKCS#1 v1.5 signatures). * * This function is defined only on architecture that offer a 64x64->128 * opcode. Use `br_rsa_i62_pkcs1_vrfy_get()` to dynamically obtain a pointer @@ -628,6 +799,28 @@ uint32_t br_rsa_i62_pkcs1_vrfy(const unsigned char *x, size_t xlen, const unsigned char *hash_oid, size_t hash_len, const br_rsa_public_key *pk, unsigned char *hash_out); +/** + * \brief RSA signature verification engine "i62" (PSS signatures). + * + * This function is defined only on architecture that offer a 64x64->128 + * opcode. Use `br_rsa_i62_pss_vrfy_get()` to dynamically obtain a pointer + * to that function. + * + * \see br_rsa_pss_vrfy + * + * \param x signature buffer. + * \param xlen signature length (in bytes). + * \param hf_data hash function applied on the message. + * \param hf_mgf1 hash function to use with MGF1. + * \param hash hash value of the signed message. + * \param salt_len PSS salt length (in bytes). + * \param pk RSA public key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i62_pss_vrfy(const unsigned char *x, size_t xlen, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const void *hash, size_t salt_len, const br_rsa_public_key *pk); + /** * \brief RSA private key engine "i62". * @@ -645,7 +838,7 @@ uint32_t br_rsa_i62_private(unsigned char *x, const br_rsa_private_key *sk); /** - * \brief RSA signature generation engine "i62". + * \brief RSA signature generation engine "i62" (PKCS#1 v1.5 signatures). * * This function is defined only on architecture that offer a 64x64->128 * opcode. Use `br_rsa_i62_pkcs1_sign_get()` to dynamically obtain a pointer @@ -664,6 +857,29 @@ uint32_t br_rsa_i62_pkcs1_sign(const unsigned char *hash_oid, const unsigned char *hash, size_t hash_len, const br_rsa_private_key *sk, unsigned char *x); +/** + * \brief RSA signature generation engine "i62" (PSS signatures). + * + * This function is defined only on architecture that offer a 64x64->128 + * opcode. Use `br_rsa_i62_pss_sign_get()` to dynamically obtain a pointer + * to that function. + * + * \see br_rsa_pss_sign + * + * \param rng PRNG for salt generation (`NULL` if `salt_len` is zero). + * \param hf_data hash function used to hash the signed data. + * \param hf_mgf1 hash function to use with MGF1. + * \param hash hashed message. + * \param salt_len salt length (in bytes). + * \param sk RSA private key. + * \param x output buffer for the signature value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i62_pss_sign(const br_prng_class **rng, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash_value, size_t salt_len, + const br_rsa_private_key *sk, unsigned char *x); + /** * \brief Get the RSA "i62" implementation (public key operations), * if available. @@ -673,13 +889,21 @@ uint32_t br_rsa_i62_pkcs1_sign(const unsigned char *hash_oid, br_rsa_public br_rsa_i62_public_get(void); /** - * \brief Get the RSA "i62" implementation (PKCS#1 signature verification), + * \brief Get the RSA "i62" implementation (PKCS#1 v1.5 signature verification), * if available. * * \return the implementation, or 0. */ br_rsa_pkcs1_vrfy br_rsa_i62_pkcs1_vrfy_get(void); +/** + * \brief Get the RSA "i62" implementation (PSS signature verification), + * if available. + * + * \return the implementation, or 0. + */ +br_rsa_pss_vrfy br_rsa_i62_pss_vrfy_get(void); + /** * \brief Get the RSA "i62" implementation (private key operations), * if available. @@ -689,13 +913,21 @@ br_rsa_pkcs1_vrfy br_rsa_i62_pkcs1_vrfy_get(void); br_rsa_private br_rsa_i62_private_get(void); /** - * \brief Get the RSA "i62" implementation (PKCS#1 signature generation), + * \brief Get the RSA "i62" implementation (PKCS#1 v1.5 signature generation), * if available. * * \return the implementation, or 0. */ br_rsa_pkcs1_sign br_rsa_i62_pkcs1_sign_get(void); +/** + * \brief Get the RSA "i62" implementation (PSS signature generation), + * if available. + * + * \return the implementation, or 0. + */ +br_rsa_pss_sign br_rsa_i62_pss_sign_get(void); + /** * \brief Get the RSA "i62" implementation (OAEP encryption), * if available. @@ -732,7 +964,7 @@ uint32_t br_rsa_i15_public(unsigned char *x, size_t xlen, const br_rsa_public_key *pk); /** - * \brief RSA signature verification engine "i15". + * \brief RSA signature verification engine "i15" (PKCS#1 v1.5 signatures). * * \see br_rsa_pkcs1_vrfy * @@ -748,6 +980,24 @@ uint32_t br_rsa_i15_pkcs1_vrfy(const unsigned char *x, size_t xlen, const unsigned char *hash_oid, size_t hash_len, const br_rsa_public_key *pk, unsigned char *hash_out); +/** + * \brief RSA signature verification engine "i15" (PSS signatures). + * + * \see br_rsa_pss_vrfy + * + * \param x signature buffer. + * \param xlen signature length (in bytes). + * \param hf_data hash function applied on the message. + * \param hf_mgf1 hash function to use with MGF1. + * \param hash hash value of the signed message. + * \param salt_len PSS salt length (in bytes). + * \param pk RSA public key. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i15_pss_vrfy(const unsigned char *x, size_t xlen, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const void *hash, size_t salt_len, const br_rsa_public_key *pk); + /** * \brief RSA private key engine "i15". * @@ -761,7 +1011,7 @@ uint32_t br_rsa_i15_private(unsigned char *x, const br_rsa_private_key *sk); /** - * \brief RSA signature generation engine "i15". + * \brief RSA signature generation engine "i15" (PKCS#1 v1.5 signatures). * * \see br_rsa_pkcs1_sign * @@ -776,6 +1026,25 @@ uint32_t br_rsa_i15_pkcs1_sign(const unsigned char *hash_oid, const unsigned char *hash, size_t hash_len, const br_rsa_private_key *sk, unsigned char *x); +/** + * \brief RSA signature generation engine "i15" (PSS signatures). + * + * \see br_rsa_pss_sign + * + * \param rng PRNG for salt generation (`NULL` if `salt_len` is zero). + * \param hf_data hash function used to hash the signed data. + * \param hf_mgf1 hash function to use with MGF1. + * \param hash hashed message. + * \param salt_len salt length (in bytes). + * \param sk RSA private key. + * \param x output buffer for the signature value. + * \return 1 on success, 0 on error. + */ +uint32_t br_rsa_i15_pss_sign(const br_prng_class **rng, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash_value, size_t salt_len, + const br_rsa_private_key *sk, unsigned char *x); + /** * \brief Get "default" RSA implementation (public-key operations). * @@ -797,7 +1066,7 @@ br_rsa_public br_rsa_public_get_default(void); br_rsa_private br_rsa_private_get_default(void); /** - * \brief Get "default" RSA implementation (PKCS#1 signature verification). + * \brief Get "default" RSA implementation (PKCS#1 v1.5 signature verification). * * This returns the preferred implementation of RSA (signature verification) * on the current system. @@ -807,7 +1076,17 @@ br_rsa_private br_rsa_private_get_default(void); br_rsa_pkcs1_vrfy br_rsa_pkcs1_vrfy_get_default(void); /** - * \brief Get "default" RSA implementation (PKCS#1 signature generation). + * \brief Get "default" RSA implementation (PSS signature verification). + * + * This returns the preferred implementation of RSA (signature verification) + * on the current system. + * + * \return the default implementation. + */ +br_rsa_pss_vrfy br_rsa_pss_vrfy_get_default(void); + +/** + * \brief Get "default" RSA implementation (PKCS#1 v1.5 signature generation). * * This returns the preferred implementation of RSA (signature generation) * on the current system. @@ -816,6 +1095,16 @@ br_rsa_pkcs1_vrfy br_rsa_pkcs1_vrfy_get_default(void); */ br_rsa_pkcs1_sign br_rsa_pkcs1_sign_get_default(void); +/** + * \brief Get "default" RSA implementation (PSS signature generation). + * + * This returns the preferred implementation of RSA (signature generation) + * on the current system. + * + * \return the default implementation. + */ +br_rsa_pss_sign br_rsa_pss_sign_get_default(void); + /** * \brief Get "default" RSA implementation (OAEP encryption). * diff --git a/src/bearssl_ssl.h b/src/bearssl_ssl.h index d28405a..5dc2228 100644 --- a/src/bearssl_ssl.h +++ b/src/bearssl_ssl.h @@ -1250,8 +1250,8 @@ static inline void br_ssl_engine_set_versions(br_ssl_engine_context *cc, unsigned version_min, unsigned version_max) { - cc->version_min = version_min; - cc->version_max = version_max; + cc->version_min = (uint16_t)version_min; + cc->version_max = (uint16_t)version_max; } /** @@ -1324,7 +1324,7 @@ br_ssl_engine_set_protocol_names(br_ssl_engine_context *ctx, const char **names, size_t num) { ctx->protocol_names = names; - ctx->protocol_names_num = num; + ctx->protocol_names_num = (uint16_t)num; } /** @@ -2102,7 +2102,7 @@ void br_ssl_engine_sendapp_ack(br_ssl_engine_context *cc, size_t len); /** * \brief Get buffer for received application data. * - * If the engine has received application data from the peer, hen this + * If the engine has received application data from the peer, then this * call returns a pointer to the buffer from where such data shall be * read, and its length is written in `*len`. Otherwise, `*len` is set * to 0 and `NULL` is returned. @@ -4154,20 +4154,6 @@ int br_sslio_flush(br_sslio_context *cc); */ int br_sslio_close(br_sslio_context *cc); -/* - * Run the engine, until the specified target state is achieved, or - * an error occurs. The target state is SENDAPP, RECVAPP, or the - * combination of both (the combination matches either). When a match is - * achieved, this function returns 0. On error, it returns -1. - * - * Static function made public since we would like to be able to - * initialize the ssl socket in a single function - * - * \return 0 on success, or -1 on error. - */ -int -br_run_until(br_sslio_context *ctx, unsigned target); - /* ===================================================================== */ /* diff --git a/src/config.h b/src/config.h index d7c2e19..d07408a 100644 --- a/src/config.h +++ b/src/config.h @@ -108,9 +108,27 @@ #define BR_RDRAND 1 */ +/* + * When BR_USE_GETENTROPY is enabled, the SSL engine will use the + * getentropy() function to obtain quality randomness for seeding its + * internal PRNG. On Linux and FreeBSD, getentropy() is implemented by + * the standard library with the system call getrandom(); on OpenBSD, + * getentropy() is the system call, and there is no getrandom() wrapper, + * hence the use of the getentropy() function for maximum portability. + * + * If the getentropy() call fails, and BR_USE_URANDOM is not explicitly + * disabled, then /dev/urandom will be used as a fallback mechanism. On + * FreeBSD and OpenBSD, this does not change much, since /dev/urandom + * will block if not enough entropy has been obtained since last boot. + * On Linux, /dev/urandom might not block, which can be troublesome in + * early boot stages, which is why getentropy() is preferred. + * +#define BR_USE_GETENTROPY 1 + */ + /* * When BR_USE_URANDOM is enabled, the SSL engine will use /dev/urandom - * to automatically obtain quality randomness for seedings its internal + * to automatically obtain quality randomness for seeding its internal * PRNG. * #define BR_USE_URANDOM 1 @@ -119,7 +137,7 @@ /* * When BR_USE_WIN32_RAND is enabled, the SSL engine will use the Win32 * (CryptoAPI) functions (CryptAcquireContext(), CryptGenRandom()...) to - * automatically obtain quality randomness for seedings its internal PRNG. + * automatically obtain quality randomness for seeding its internal PRNG. * * Note: if both BR_USE_URANDOM and BR_USE_WIN32_RAND are defined, the * former takes precedence. @@ -132,10 +150,10 @@ * the current time from the OS by calling time(), and assuming that the * returned value (a 'time_t') is an integer that counts time in seconds * since the Unix Epoch (Jan 1st, 1970, 00:00 UTC). - * */ #define BR_USE_UNIX_TIME 0 + /* * When BR_USE_WIN32_TIME is enabled, the X.509 validation engine obtains * the current time from the OS by calling the Win32 function @@ -143,8 +161,9 @@ * * Note: if both BR_USE_UNIX_TIME and BR_USE_WIN32_TIME are defined, the * former takes precedence. + * +#define BR_USE_WIN32_TIME 1 */ -#define BR_USE_WIN32_TIME 0 /* * When BR_ARMEL_CORTEXM_GCC is enabled, some operations are replaced with @@ -158,9 +177,7 @@ * Note: if BR_LOMUL is not explicitly enabled or disabled, then * enabling BR_ARMEL_CORTEXM_GCC also enables BR_LOMUL. */ -#ifdef ARDUINO_ARCH_SAMD #define BR_ARMEL_CORTEXM_GCC 1 -#endif /* * When BR_AES_X86NI is enabled, the AES implementation using the x86 "NI" diff --git a/src/inner.h b/src/inner.h index 8c7f04e..07e1d0a 100644 --- a/src/inner.h +++ b/src/inner.h @@ -114,6 +114,10 @@ #define BR_64 1 #elif defined(__x86_64__) || defined(_M_X64) #define BR_64 1 +#elif defined(__aarch64__) || defined(_M_ARM64) +#define BR_64 1 +#elif defined(__mips64) +#define BR_64 1 #endif #endif @@ -305,9 +309,20 @@ * values are documented on: * https://sourceforge.net/p/predef/wiki/OperatingSystems/ * - * TODO: enrich the list of detected system. Also add detection for - * alternate system calls like getentropy(), which are usually - * preferable when available. + * Win32's CryptGenRandom() should be available on Windows systems. + * + * /dev/urandom should work on all Unix-like systems (including macOS X). + * + * getentropy() is present on Linux (Glibc 2.25+), FreeBSD (12.0+) and + * OpenBSD (5.6+). For OpenBSD, there does not seem to be easy to use + * macros to test the minimum version, so we just assume that it is + * recent enough (last version without getentropy() has gone out of + * support in May 2015). + * + * Ideally we should use getentropy() on macOS (10.12+) too, but I don't + * know how to test the exact OS version with preprocessor macros. + * + * TODO: enrich the list of detected system. */ #ifndef BR_USE_URANDOM @@ -324,6 +339,15 @@ #endif #endif +#ifndef BR_USE_GETENTROPY +#if (defined __linux__ \ + && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25))) \ + || (defined __FreeBSD__ && __FreeBSD__ >= 12) \ + || defined __OpenBSD__ +#define BR_USE_GETENTROPY 1 +#endif +#endif + #ifndef BR_USE_WIN32_RAND #if defined _WIN32 || defined _WIN64 #define BR_USE_WIN32_RAND 1 @@ -1943,6 +1967,27 @@ uint32_t br_rsa_pkcs1_sig_unpad(const unsigned char *sig, size_t sig_len, const unsigned char *hash_oid, size_t hash_len, unsigned char *hash_out); +/* + * Apply proper PSS padding. The 'x' buffer is output only: it + * receives the value that is to be exponentiated. + */ +uint32_t br_rsa_pss_sig_pad(const br_prng_class **rng, + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash, size_t salt_len, + uint32_t n_bitlen, unsigned char *x); + +/* + * Check PSS padding. The provided value is the one _after_ + * the modular exponentiation; it is modified by this function. + * This function infers the signature length from the public key + * size, i.e. it assumes that this has already been verified (as + * part of the exponentiation). + */ +uint32_t br_rsa_pss_sig_unpad( + const br_hash_class *hf_data, const br_hash_class *hf_mgf1, + const unsigned char *hash, size_t salt_len, + const br_rsa_public_key *pk, unsigned char *x); + /* * Apply OAEP padding. Returned value is the actual padded string length, * or zero on error. @@ -2448,8 +2493,8 @@ int br_ssl_choose_hash(unsigned bf); #else #define BR_TARGETS_X86_UP \ _Pragma("GCC target(\"sse2,ssse3,sse4.1,aes,pclmul\")") -#endif #define BR_TARGETS_X86_DOWN +#endif #pragma GCC diagnostic ignored "-Wpsabi" #endif From 650aec2e1d6b1bafafde214a319575482d40a842 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 10 Feb 2020 11:38:06 -0800 Subject: [PATCH 053/141] Upgrade docs, and bump version --- .travis/library.properties | 2 +- docs/{html => }/_r_e_a_d_m_e_8md.html | 7 +- docs/{html => }/_s_s_l_client_8cpp.html | 7 +- docs/{html => }/_s_s_l_client_8h.html | 7 +- docs/{html => }/_s_s_l_client_8h_source.html | 7 +- .../_s_s_l_client_parameters_8h.html | 7 +- .../_s_s_l_client_parameters_8h_source.html | 7 +- docs/{html => }/_s_s_l_obj_8cpp.html | 7 +- docs/{html => }/_s_s_l_obj_8cpp.js | 0 docs/{html => }/_s_s_l_obj_8h.html | 7 +- docs/{html => }/_s_s_l_obj_8h.js | 0 docs/{html => }/_s_s_l_obj_8h_source.html | 7 +- docs/{html => }/_s_s_l_session_8h.html | 7 +- docs/{html => }/_s_s_l_session_8h_source.html | 7 +- docs/{html => }/_trust_anchors_8md.html | 7 +- docs/{html => }/annotated.html | 3 +- docs/{html => }/annotated_dup.js | 0 docs/{html => }/bc_s.png | Bin docs/{html => }/bdwn.png | Bin .../class_s_s_l_client-members.html | 3 +- docs/{html => }/class_s_s_l_client.html | 7 +- docs/{html => }/class_s_s_l_client.js | 0 docs/{html => }/class_s_s_l_client.png | Bin .../class_s_s_l_session-members.html | 3 +- docs/{html => }/class_s_s_l_session.html | 5 +- docs/{html => }/class_s_s_l_session.js | 0 docs/{html => }/class_s_s_l_session.png | Bin docs/{html => }/classes.html | 3 +- docs/{html => }/closed.png | Bin ...dir_08af369098809553e22f6e2d01d17ab8.html} | 15 +- ...dir_2b7ad9a5497045797632e667f22e5690.html} | 17 +- ...dir_3d74bfb32a2df79d6a95a208a23e6425.html} | 17 +- ...dir_732ec7fb04c2890977d3e4bc2bf648f7.html} | 13 +- ...dir_74140a1086282c406444869b48f08cd0.html} | 17 +- .../dir_c9cc9f7bc7a220ef9764bcae1bd480a3.html | 111 ++ ...dir_d522931ffa1371640980b621734a4381.html} | 20 +- docs/{html => }/doc.png | Bin docs/{html => }/doxygen.css | 0 docs/{html => }/doxygen.png | Bin docs/{html => }/dynsections.js | 0 ...s_s_l_client_impl_8cpp.html => files.html} | 43 +- ...a1af8e8297ef4c3efbcdba.js => files_dup.js} | 6 +- docs/{html => }/folderclosed.png | Bin docs/{html => }/folderopen.png | Bin docs/{html => }/functions.html | 3 +- docs/{html => }/functions_enum.html | 3 +- docs/{html => }/functions_eval.html | 3 +- docs/{html => }/functions_func.html | 3 +- docs/{html => }/functions_vars.html | 3 +- docs/{html => }/globals.html | 14 +- docs/{html => }/globals_defs.html | 8 +- docs/{html => }/hierarchy.html | 3 +- docs/{html => }/hierarchy.js | 0 docs/html/_s_s_l_client_8cpp.js | 4 - docs/html/_s_s_l_client_8h.js | 5 - docs/html/_s_s_l_client_impl_8cpp.js | 4 - docs/html/_s_s_l_client_impl_8h.html | 206 ---- docs/html/_s_s_l_client_impl_8h.js | 19 - docs/html/_s_s_l_client_impl_8h_source.html | 149 --- docs/html/_t_l_s12__only__profile_8c.html | 158 --- docs/html/_t_l_s12__only__profile_8c.js | 4 - docs/html/cert_8h.html | 131 -- docs/html/cert_8h.js | 4 - docs/html/cert_8h_source.html | 106 -- .../html/class_s_s_l_client_impl-members.html | 137 --- docs/html/class_s_s_l_client_impl.html | 1091 ----------------- docs/html/class_s_s_l_client_impl.js | 32 - docs/html/class_s_s_l_client_impl.png | Bin 870 -> 0 bytes .../dir_386349f6a9bc1e2cd0767d257d5e5b91.js | 4 - .../dir_9c42dc81377249a918256dbb9cfb2167.js | 4 - .../dir_d28a4824dc47e487b107a5db32ef43c4.js | 5 - .../dir_dfc5a9f91fbfb9426c406a3f10131a54.js | 4 - docs/html/ec__prime__fast__256_8c.html | 130 -- docs/html/ec__prime__fast__256_8c.js | 4 - docs/html/files.html | 126 -- docs/html/files_dup.js | 6 - docs/html/globals_enum.html | 109 -- docs/html/globals_eval.html | 136 -- docs/html/globals_func.html | 106 -- docs/html/globals_vars.html | 106 -- docs/html/index.html | 177 --- ..._libraries__s_s_l_client__r_e_a_d_m_e.html | 166 --- docs/html/search/all_11.html | 30 - docs/html/search/all_12.html | 30 - docs/html/search/all_12.js | 5 - docs/html/search/all_2.js | 5 - docs/html/search/all_e.js | 11 - docs/html/search/defines_5.js | 4 - docs/html/search/defines_6.html | 30 - docs/html/search/files_0.js | 4 - docs/html/search/files_1.js | 4 - docs/html/search/files_3.html | 30 - docs/html/search/files_4.html | 30 - docs/html/search/files_4.js | 8 - docs/html/search/functions_1.js | 4 - docs/html/search/functions_b.html | 30 - docs/html/search/functions_c.html | 30 - docs/html/search/functions_c.js | 4 - docs/html/search/functions_d.html | 30 - docs/html/search/functions_d.js | 5 - docs/html/search/pages_1.js | 4 - docs/html/search/variables_0.js | 4 - docs/html/search/variables_4.html | 30 - docs/html/search/variables_5.html | 30 - docs/html/search/variables_5.js | 4 - docs/html/trust__anchors_8h.html | 131 -- docs/html/trust__anchors_8h.js | 4 - docs/html/trust__anchors_8h_source.html | 106 -- docs/html/trustanchors_8h.html | 131 -- docs/html/trustanchors_8h.js | 4 - docs/html/trustanchors_8h_source.html | 106 -- docs/index.html | 187 ++- docs/{html => }/jquery.js | 0 ...braries__s_s_l_client__trust_anchors.html} | 9 +- docs/{html => }/menu.js | 0 docs/{html => }/menudata.js | 2 - docs/{html => }/namespace_s_s_l_obj.html | 3 +- docs/{html => }/namespacemembers.html | 3 +- docs/{html => }/namespacemembers_func.html | 3 +- docs/{html => }/namespaces.html | 3 +- docs/{html => }/namespaces_dup.js | 0 docs/{html => }/nav_f.png | Bin docs/{html => }/nav_g.png | Bin docs/{html => }/nav_h.png | Bin docs/{html => }/navtree.css | 0 docs/{html => }/navtree.js | 0 docs/{html => }/navtreedata.js | 4 +- docs/{html => }/navtreeindex0.js | 92 +- docs/{html => }/open.png | Bin docs/{html => }/pages.html | 5 +- docs/{html => }/resize.js | 0 docs/{html => }/search/all_0.html | 0 docs/{html => }/search/all_0.js | 0 docs/{html => }/search/all_1.html | 0 docs/{html => }/search/all_1.js | 0 docs/{html => }/search/all_10.html | 0 .../search/all_11.js => search/all_10.js} | 0 docs/{html => }/search/all_2.html | 0 .../{html/search/all_3.js => search/all_2.js} | 1 - docs/{html => }/search/all_3.html | 0 .../{html/search/all_4.js => search/all_3.js} | 0 docs/{html => }/search/all_4.html | 0 .../{html/search/all_5.js => search/all_4.js} | 1 - docs/{html => }/search/all_5.html | 0 .../{html/search/all_6.js => search/all_5.js} | 0 docs/{html => }/search/all_6.html | 0 .../{html/search/all_7.js => search/all_6.js} | 0 docs/{html => }/search/all_7.html | 0 .../{html/search/all_8.js => search/all_7.js} | 0 docs/{html => }/search/all_8.html | 0 .../{html/search/all_9.js => search/all_8.js} | 0 docs/{html => }/search/all_9.html | 0 .../{html/search/all_a.js => search/all_9.js} | 0 docs/{html => }/search/all_a.html | 0 .../{html/search/all_b.js => search/all_a.js} | 0 docs/{html => }/search/all_b.html | 0 .../{html/search/all_c.js => search/all_b.js} | 0 docs/{html => }/search/all_c.html | 0 .../{html/search/all_d.js => search/all_c.js} | 0 docs/{html => }/search/all_d.html | 0 docs/search/all_d.js | 7 + docs/{html => }/search/all_e.html | 0 .../{html/search/all_f.js => search/all_e.js} | 0 docs/{html => }/search/all_f.html | 0 .../search/all_10.js => search/all_f.js} | 0 docs/{html => }/search/classes_0.html | 0 docs/{html => }/search/classes_0.js | 0 docs/{html => }/search/close.png | Bin docs/{html => }/search/defines_0.html | 0 docs/{html => }/search/defines_0.js | 0 docs/{html => }/search/defines_1.html | 0 docs/{html => }/search/defines_1.js | 0 docs/{html => }/search/defines_2.html | 0 docs/{html => }/search/defines_2.js | 0 docs/{html => }/search/defines_3.html | 0 docs/{html => }/search/defines_3.js | 0 docs/{html => }/search/defines_4.html | 0 docs/{html => }/search/defines_4.js | 0 docs/{html => }/search/defines_5.html | 0 .../defines_6.js => search/defines_5.js} | 0 docs/{html => }/search/enums_0.html | 0 docs/{html => }/search/enums_0.js | 0 docs/{html => }/search/enums_1.html | 0 docs/{html => }/search/enums_1.js | 0 docs/{html => }/search/enumvalues_0.html | 0 docs/{html => }/search/enumvalues_0.js | 0 docs/{html => }/search/files_0.html | 0 .../search/files_2.js => search/files_0.js} | 0 docs/{html => }/search/files_1.html | 0 .../search/files_3.js => search/files_1.js} | 0 docs/{html => }/search/files_2.html | 0 docs/search/files_2.js | 5 + docs/{html => }/search/functions_0.html | 0 docs/{html => }/search/functions_0.js | 0 docs/{html => }/search/functions_1.html | 0 .../functions_2.js => search/functions_1.js} | 0 docs/{html => }/search/functions_2.html | 0 .../functions_3.js => search/functions_2.js} | 0 docs/{html => }/search/functions_3.html | 0 .../functions_4.js => search/functions_3.js} | 0 docs/{html => }/search/functions_4.html | 0 .../functions_5.js => search/functions_4.js} | 0 docs/{html => }/search/functions_5.html | 0 .../functions_6.js => search/functions_5.js} | 0 docs/{html => }/search/functions_6.html | 0 .../functions_7.js => search/functions_6.js} | 0 docs/{html => }/search/functions_7.html | 0 .../functions_8.js => search/functions_7.js} | 0 docs/{html => }/search/functions_8.html | 0 .../functions_9.js => search/functions_8.js} | 0 docs/{html => }/search/functions_9.html | 0 .../functions_a.js => search/functions_9.js} | 0 docs/{html => }/search/functions_a.html | 0 .../functions_b.js => search/functions_a.js} | 0 docs/{html => }/search/mag_sel.png | Bin docs/{html => }/search/namespaces_0.html | 0 docs/{html => }/search/namespaces_0.js | 0 docs/{html => }/search/nomatches.html | 0 docs/{html => }/search/pages_0.html | 0 docs/{html => }/search/pages_0.js | 0 docs/{html => }/search/pages_1.html | 0 docs/search/pages_1.js | 4 + docs/{html => }/search/search.css | 0 docs/{html => }/search/search.js | 0 docs/{html => }/search/search_l.png | Bin docs/{html => }/search/search_m.png | Bin docs/{html => }/search/search_r.png | Bin docs/{html => }/search/searchdata.js | 10 +- docs/{html => }/search/variables_0.html | 0 .../variables_1.js => search/variables_0.js} | 0 docs/{html => }/search/variables_1.html | 0 .../variables_2.js => search/variables_1.js} | 0 docs/{html => }/search/variables_2.html | 0 .../variables_3.js => search/variables_2.js} | 0 docs/{html => }/search/variables_3.html | 0 .../variables_4.js => search/variables_3.js} | 0 docs/{html => }/splitbar.png | Bin ...truct_s_s_l_client_parameters-members.html | 3 +- .../struct_s_s_l_client_parameters.html | 5 +- .../struct_s_s_l_client_parameters.js | 0 ...structssl__pem__decode__state-members.html | 3 +- .../structssl__pem__decode__state.html | 5 +- .../structssl__pem__decode__state.js | 0 docs/{html => }/sync_off.png | Bin docs/{html => }/sync_on.png | Bin docs/{html => }/tab_a.png | Bin docs/{html => }/tab_b.png | Bin docs/{html => }/tab_h.png | Bin docs/{html => }/tab_s.png | Bin docs/{html => }/tabs.css | 0 docs/{html => }/time__macros_8h.html | 7 +- docs/{html => }/time__macros_8h.js | 0 docs/{html => }/time__macros_8h_source.html | 7 +- library.properties | 2 +- 254 files changed, 484 insertions(+), 4277 deletions(-) rename docs/{html => }/_r_e_a_d_m_e_8md.html (91%) rename docs/{html => }/_s_s_l_client_8cpp.html (81%) rename docs/{html => }/_s_s_l_client_8h.html (85%) rename docs/{html => }/_s_s_l_client_8h_source.html (98%) rename docs/{html => }/_s_s_l_client_parameters_8h.html (84%) rename docs/{html => }/_s_s_l_client_parameters_8h_source.html (92%) rename docs/{html => }/_s_s_l_obj_8cpp.html (83%) rename docs/{html => }/_s_s_l_obj_8cpp.js (100%) rename docs/{html => }/_s_s_l_obj_8h.html (86%) rename docs/{html => }/_s_s_l_obj_8h.js (100%) rename docs/{html => }/_s_s_l_obj_8h_source.html (92%) rename docs/{html => }/_s_s_l_session_8h.html (84%) rename docs/{html => }/_s_s_l_session_8h_source.html (93%) rename docs/{html => }/_trust_anchors_8md.html (91%) rename docs/{html => }/annotated.html (97%) rename docs/{html => }/annotated_dup.js (100%) rename docs/{html => }/bc_s.png (100%) rename docs/{html => }/bdwn.png (100%) rename docs/{html => }/class_s_s_l_client-members.html (99%) rename docs/{html => }/class_s_s_l_client.html (99%) rename docs/{html => }/class_s_s_l_client.js (100%) rename docs/{html => }/class_s_s_l_client.png (100%) rename docs/{html => }/class_s_s_l_session-members.html (97%) rename docs/{html => }/class_s_s_l_session.html (97%) rename docs/{html => }/class_s_s_l_session.js (100%) rename docs/{html => }/class_s_s_l_session.png (100%) rename docs/{html => }/classes.html (97%) rename docs/{html => }/closed.png (100%) rename docs/{html/dir_d28a4824dc47e487b107a5db32ef43c4.html => dir_08af369098809553e22f6e2d01d17ab8.html} (80%) rename docs/{html/dir_386349f6a9bc1e2cd0767d257d5e5b91.html => dir_2b7ad9a5497045797632e667f22e5690.html} (80%) rename docs/{html/dir_dfc5a9f91fbfb9426c406a3f10131a54.html => dir_3d74bfb32a2df79d6a95a208a23e6425.html} (83%) rename docs/{html/dir_68267d1309a1af8e8297ef4c3efbcdba.html => dir_732ec7fb04c2890977d3e4bc2bf648f7.html} (85%) rename docs/{html/dir_9c42dc81377249a918256dbb9cfb2167.html => dir_74140a1086282c406444869b48f08cd0.html} (80%) create mode 100644 docs/dir_c9cc9f7bc7a220ef9764bcae1bd480a3.html rename docs/{html/_s_s_l_session_8cpp.html => dir_d522931ffa1371640980b621734a4381.html} (81%) rename docs/{html => }/doc.png (100%) rename docs/{html => }/doxygen.css (100%) rename docs/{html => }/doxygen.png (100%) rename docs/{html => }/dynsections.js (100%) rename docs/{html/_s_s_l_client_impl_8cpp.html => files.html} (62%) rename docs/{html/dir_68267d1309a1af8e8297ef4c3efbcdba.js => files_dup.js} (74%) rename docs/{html => }/folderclosed.png (100%) rename docs/{html => }/folderopen.png (100%) rename docs/{html => }/functions.html (98%) rename docs/{html => }/functions_enum.html (96%) rename docs/{html => }/functions_eval.html (97%) rename docs/{html => }/functions_func.html (97%) rename docs/{html => }/functions_vars.html (97%) rename docs/{html => }/globals.html (89%) rename docs/{html => }/globals_defs.html (93%) rename docs/{html => }/hierarchy.html (98%) rename docs/{html => }/hierarchy.js (100%) delete mode 100644 docs/html/_s_s_l_client_8cpp.js delete mode 100644 docs/html/_s_s_l_client_8h.js delete mode 100644 docs/html/_s_s_l_client_impl_8cpp.js delete mode 100644 docs/html/_s_s_l_client_impl_8h.html delete mode 100644 docs/html/_s_s_l_client_impl_8h.js delete mode 100644 docs/html/_s_s_l_client_impl_8h_source.html delete mode 100644 docs/html/_t_l_s12__only__profile_8c.html delete mode 100644 docs/html/_t_l_s12__only__profile_8c.js delete mode 100644 docs/html/cert_8h.html delete mode 100644 docs/html/cert_8h.js delete mode 100644 docs/html/cert_8h_source.html delete mode 100644 docs/html/class_s_s_l_client_impl-members.html delete mode 100644 docs/html/class_s_s_l_client_impl.html delete mode 100644 docs/html/class_s_s_l_client_impl.js delete mode 100644 docs/html/class_s_s_l_client_impl.png delete mode 100644 docs/html/dir_386349f6a9bc1e2cd0767d257d5e5b91.js delete mode 100644 docs/html/dir_9c42dc81377249a918256dbb9cfb2167.js delete mode 100644 docs/html/dir_d28a4824dc47e487b107a5db32ef43c4.js delete mode 100644 docs/html/dir_dfc5a9f91fbfb9426c406a3f10131a54.js delete mode 100644 docs/html/ec__prime__fast__256_8c.html delete mode 100644 docs/html/ec__prime__fast__256_8c.js delete mode 100644 docs/html/files.html delete mode 100644 docs/html/files_dup.js delete mode 100644 docs/html/globals_enum.html delete mode 100644 docs/html/globals_eval.html delete mode 100644 docs/html/globals_func.html delete mode 100644 docs/html/globals_vars.html delete mode 100644 docs/html/index.html delete mode 100644 docs/html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__r_e_a_d_m_e.html delete mode 100644 docs/html/search/all_11.html delete mode 100644 docs/html/search/all_12.html delete mode 100644 docs/html/search/all_12.js delete mode 100644 docs/html/search/all_2.js delete mode 100644 docs/html/search/all_e.js delete mode 100644 docs/html/search/defines_5.js delete mode 100644 docs/html/search/defines_6.html delete mode 100644 docs/html/search/files_0.js delete mode 100644 docs/html/search/files_1.js delete mode 100644 docs/html/search/files_3.html delete mode 100644 docs/html/search/files_4.html delete mode 100644 docs/html/search/files_4.js delete mode 100644 docs/html/search/functions_1.js delete mode 100644 docs/html/search/functions_b.html delete mode 100644 docs/html/search/functions_c.html delete mode 100644 docs/html/search/functions_c.js delete mode 100644 docs/html/search/functions_d.html delete mode 100644 docs/html/search/functions_d.js delete mode 100644 docs/html/search/pages_1.js delete mode 100644 docs/html/search/variables_0.js delete mode 100644 docs/html/search/variables_4.html delete mode 100644 docs/html/search/variables_5.html delete mode 100644 docs/html/search/variables_5.js delete mode 100644 docs/html/trust__anchors_8h.html delete mode 100644 docs/html/trust__anchors_8h.js delete mode 100644 docs/html/trust__anchors_8h_source.html delete mode 100644 docs/html/trustanchors_8h.html delete mode 100644 docs/html/trustanchors_8h.js delete mode 100644 docs/html/trustanchors_8h_source.html rename docs/{html => }/jquery.js (100%) rename docs/{html/md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html => md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html} (93%) rename docs/{html => }/menu.js (100%) rename docs/{html => }/menudata.js (96%) rename docs/{html => }/namespace_s_s_l_obj.html (98%) rename docs/{html => }/namespacemembers.html (96%) rename docs/{html => }/namespacemembers_func.html (96%) rename docs/{html => }/namespaces.html (97%) rename docs/{html => }/namespaces_dup.js (100%) rename docs/{html => }/nav_f.png (100%) rename docs/{html => }/nav_g.png (100%) rename docs/{html => }/nav_h.png (100%) rename docs/{html => }/navtree.css (100%) rename docs/{html => }/navtree.js (100%) rename docs/{html => }/navtreedata.js (90%) rename docs/{html => }/navtreeindex0.js (55%) rename docs/{html => }/open.png (100%) rename docs/{html => }/pages.html (93%) rename docs/{html => }/resize.js (100%) rename docs/{html => }/search/all_0.html (100%) rename docs/{html => }/search/all_0.js (100%) rename docs/{html => }/search/all_1.html (100%) rename docs/{html => }/search/all_1.js (100%) rename docs/{html => }/search/all_10.html (100%) rename docs/{html/search/all_11.js => search/all_10.js} (100%) rename docs/{html => }/search/all_2.html (100%) rename docs/{html/search/all_3.js => search/all_2.js} (95%) rename docs/{html => }/search/all_3.html (100%) rename docs/{html/search/all_4.js => search/all_3.js} (100%) rename docs/{html => }/search/all_4.html (100%) rename docs/{html/search/all_5.js => search/all_4.js} (71%) rename docs/{html => }/search/all_5.html (100%) rename docs/{html/search/all_6.js => search/all_5.js} (100%) rename docs/{html => }/search/all_6.html (100%) rename docs/{html/search/all_7.js => search/all_6.js} (100%) rename docs/{html => }/search/all_7.html (100%) rename docs/{html/search/all_8.js => search/all_7.js} (100%) rename docs/{html => }/search/all_8.html (100%) rename docs/{html/search/all_9.js => search/all_8.js} (100%) rename docs/{html => }/search/all_9.html (100%) rename docs/{html/search/all_a.js => search/all_9.js} (100%) rename docs/{html => }/search/all_a.html (100%) rename docs/{html/search/all_b.js => search/all_a.js} (100%) rename docs/{html => }/search/all_b.html (100%) rename docs/{html/search/all_c.js => search/all_b.js} (100%) rename docs/{html => }/search/all_c.html (100%) rename docs/{html/search/all_d.js => search/all_c.js} (100%) rename docs/{html => }/search/all_d.html (100%) create mode 100644 docs/search/all_d.js rename docs/{html => }/search/all_e.html (100%) rename docs/{html/search/all_f.js => search/all_e.js} (100%) rename docs/{html => }/search/all_f.html (100%) rename docs/{html/search/all_10.js => search/all_f.js} (100%) rename docs/{html => }/search/classes_0.html (100%) rename docs/{html => }/search/classes_0.js (100%) rename docs/{html => }/search/close.png (100%) rename docs/{html => }/search/defines_0.html (100%) rename docs/{html => }/search/defines_0.js (100%) rename docs/{html => }/search/defines_1.html (100%) rename docs/{html => }/search/defines_1.js (100%) rename docs/{html => }/search/defines_2.html (100%) rename docs/{html => }/search/defines_2.js (100%) rename docs/{html => }/search/defines_3.html (100%) rename docs/{html => }/search/defines_3.js (100%) rename docs/{html => }/search/defines_4.html (100%) rename docs/{html => }/search/defines_4.js (100%) rename docs/{html => }/search/defines_5.html (100%) rename docs/{html/search/defines_6.js => search/defines_5.js} (100%) rename docs/{html => }/search/enums_0.html (100%) rename docs/{html => }/search/enums_0.js (100%) rename docs/{html => }/search/enums_1.html (100%) rename docs/{html => }/search/enums_1.js (100%) rename docs/{html => }/search/enumvalues_0.html (100%) rename docs/{html => }/search/enumvalues_0.js (100%) rename docs/{html => }/search/files_0.html (100%) rename docs/{html/search/files_2.js => search/files_0.js} (100%) rename docs/{html => }/search/files_1.html (100%) rename docs/{html/search/files_3.js => search/files_1.js} (100%) rename docs/{html => }/search/files_2.html (100%) create mode 100644 docs/search/files_2.js rename docs/{html => }/search/functions_0.html (100%) rename docs/{html => }/search/functions_0.js (100%) rename docs/{html => }/search/functions_1.html (100%) rename docs/{html/search/functions_2.js => search/functions_1.js} (100%) rename docs/{html => }/search/functions_2.html (100%) rename docs/{html/search/functions_3.js => search/functions_2.js} (100%) rename docs/{html => }/search/functions_3.html (100%) rename docs/{html/search/functions_4.js => search/functions_3.js} (100%) rename docs/{html => }/search/functions_4.html (100%) rename docs/{html/search/functions_5.js => search/functions_4.js} (100%) rename docs/{html => }/search/functions_5.html (100%) rename docs/{html/search/functions_6.js => search/functions_5.js} (100%) rename docs/{html => }/search/functions_6.html (100%) rename docs/{html/search/functions_7.js => search/functions_6.js} (100%) rename docs/{html => }/search/functions_7.html (100%) rename docs/{html/search/functions_8.js => search/functions_7.js} (100%) rename docs/{html => }/search/functions_8.html (100%) rename docs/{html/search/functions_9.js => search/functions_8.js} (100%) rename docs/{html => }/search/functions_9.html (100%) rename docs/{html/search/functions_a.js => search/functions_9.js} (100%) rename docs/{html => }/search/functions_a.html (100%) rename docs/{html/search/functions_b.js => search/functions_a.js} (100%) rename docs/{html => }/search/mag_sel.png (100%) rename docs/{html => }/search/namespaces_0.html (100%) rename docs/{html => }/search/namespaces_0.js (100%) rename docs/{html => }/search/nomatches.html (100%) rename docs/{html => }/search/pages_0.html (100%) rename docs/{html => }/search/pages_0.js (100%) rename docs/{html => }/search/pages_1.html (100%) create mode 100644 docs/search/pages_1.js rename docs/{html => }/search/search.css (100%) rename docs/{html => }/search/search.js (100%) rename docs/{html => }/search/search_l.png (100%) rename docs/{html => }/search/search_m.png (100%) rename docs/{html => }/search/search_r.png (100%) rename docs/{html => }/search/searchdata.js (83%) rename docs/{html => }/search/variables_0.html (100%) rename docs/{html/search/variables_1.js => search/variables_0.js} (100%) rename docs/{html => }/search/variables_1.html (100%) rename docs/{html/search/variables_2.js => search/variables_1.js} (100%) rename docs/{html => }/search/variables_2.html (100%) rename docs/{html/search/variables_3.js => search/variables_2.js} (100%) rename docs/{html => }/search/variables_3.html (100%) rename docs/{html/search/variables_4.js => search/variables_3.js} (100%) rename docs/{html => }/splitbar.png (100%) rename docs/{html => }/struct_s_s_l_client_parameters-members.html (97%) rename docs/{html => }/struct_s_s_l_client_parameters.html (97%) rename docs/{html => }/struct_s_s_l_client_parameters.js (100%) rename docs/{html => }/structssl__pem__decode__state-members.html (97%) rename docs/{html => }/structssl__pem__decode__state.html (96%) rename docs/{html => }/structssl__pem__decode__state.js (100%) rename docs/{html => }/sync_off.png (100%) rename docs/{html => }/sync_on.png (100%) rename docs/{html => }/tab_a.png (100%) rename docs/{html => }/tab_b.png (100%) rename docs/{html => }/tab_h.png (100%) rename docs/{html => }/tab_s.png (100%) rename docs/{html => }/tabs.css (100%) rename docs/{html => }/time__macros_8h.html (97%) rename docs/{html => }/time__macros_8h.js (100%) rename docs/{html => }/time__macros_8h_source.html (96%) diff --git a/.travis/library.properties b/.travis/library.properties index a69a9fe..c356157 100644 --- a/.travis/library.properties +++ b/.travis/library.properties @@ -1,5 +1,5 @@ name=SSLClient -version=1.4.7 +version=1.5.0 author=Noah Koontz maintainer=OPEnS Lab sentence=Arduino library to add SSL functionality to any Client class diff --git a/docs/html/_r_e_a_d_m_e_8md.html b/docs/_r_e_a_d_m_e_8md.html similarity index 91% rename from docs/html/_r_e_a_d_m_e_8md.html rename to docs/_r_e_a_d_m_e_8md.html index af50fef..700c3e4 100644 --- a/docs/html/_r_e_a_d_m_e_8md.html +++ b/docs/_r_e_a_d_m_e_8md.html @@ -5,7 +5,7 @@ -SSLClient: C:/Users/Noah/Documents/Arduino/libraries/SSLClient/README.md File Reference +SSLClient: README.md File Reference @@ -30,9 +30,8 @@
          SSLClient -  v1.4.7 +  v1.5.0
          -
          Add TLS 1.2 functionality to any network library.
          @@ -88,7 +87,7 @@ $(document).ready(function(){initNavTree('_r_e_a_d_m_e_8md.html','');});
          -
          C:/Users/Noah/Documents/Arduino/libraries/SSLClient/README.md File Reference
          +
          README.md File Reference
      diff --git a/docs/html/_s_s_l_client_8cpp.html b/docs/_s_s_l_client_8cpp.html similarity index 81% rename from docs/html/_s_s_l_client_8cpp.html rename to docs/_s_s_l_client_8cpp.html index 25e3925..bbbf26e 100644 --- a/docs/html/_s_s_l_client_8cpp.html +++ b/docs/_s_s_l_client_8cpp.html @@ -5,7 +5,7 @@ -SSLClient: C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/SSLClient.cpp File Reference +SSLClient: SSLClient.cpp File Reference @@ -30,9 +30,8 @@
      SSLClient -  v1.4.7 +  v1.5.0
      -
      Add TLS 1.2 functionality to any network library.
      @@ -97,7 +96,7 @@ $(document).ready(function(){initNavTree('_s_s_l_client_8cpp.html','');});
      @@ -88,15 +87,13 @@ $(document).ready(function(){initNavTree('dir_d28a4824dc47e487b107a5db32ef43c4.h
      -
      examples Directory Reference
      +
      libraries Directory Reference
      - - - +

      Directories

      directory  EthernetHTTPS
       
      directory  EthernetMultiHTTPS
      directory  SSLClient
       
      @@ -104,7 +101,7 @@ Directories
      @@ -88,13 +87,13 @@ $(document).ready(function(){initNavTree('dir_386349f6a9bc1e2cd0767d257d5e5b91.h
      -
      EthernetMultiHTTPS Directory Reference
      +
      Arduino Directory Reference
      - - + +

      -Files

      file  trustanchors.h [code]

      +Directories

      directory  libraries
       
      @@ -102,7 +101,7 @@ Files
      @@ -88,13 +87,13 @@ $(document).ready(function(){initNavTree('dir_dfc5a9f91fbfb9426c406a3f10131a54.h
      -
      readme Directory Reference
      +
      Noah Directory Reference
      - - + +

      -Files

      file  cert.h [code]

      +Directories

      directory  Documents
       
      @@ -102,7 +101,7 @@ Files
      @@ -94,8 +93,6 @@ $(document).ready(function(){initNavTree('dir_68267d1309a1af8e8297ef4c3efbcdba.h - - @@ -110,15 +107,13 @@ Files - -

      Files

      file  ec_prime_fast_256.c
       
      file  SSLClient.cpp
       
      file  SSLClient.h [code]
       
      file  time_macros.h [code]
       
      file  TLS12_only_profile.c
       
    @@ -88,13 +87,13 @@ $(document).ready(function(){initNavTree('dir_9c42dc81377249a918256dbb9cfb2167.h
    -
    EthernetHTTPS Directory Reference
    +
    Documents Directory Reference
    - - + +

    -Files

    file  trust_anchors.h [code]

    +Directories

    directory  Arduino
     
    @@ -102,7 +101,7 @@ Files
    @@ -88,16 +87,21 @@ $(document).ready(function(){initNavTree('_s_s_l_session_8cpp.html','');});
    -
    SSLSession.cpp File Reference
    +
    Users Directory Reference
    -
    #include "SSLSession.h"
    -
    + + + + +

    +Directories

    directory  Noah
     
    +
    @@ -87,40 +86,26 @@ $(document).ready(function(){initNavTree('_s_s_l_client_impl_8cpp.html','');});
    -
    -Variables
    -
    SSLClientImpl.cpp File Reference
    +
    File List
    -
    #include "SSLClient.h"
    -
    - - - +
    Here is a list of all files with brief descriptions:
    +

    -Variables

    char * __brkval
     
    + + + + + + +
     SSLClient.cpp
     SSLClient.h
     SSLClientParameters.h
     SSLObj.cpp
     SSLObj.h
     SSLSession.h
     time_macros.h
    -

    Variable Documentation

    - -

    ◆ __brkval

    - -
    -
    - - - - -
    char* __brkval
    -
    - -
    -
    +
    @@ -98,10 +97,10 @@ $(document).ready(function(){initNavTree('md__c_1__users__noah__documents__ardui

    For HTTPS, there a couple of tools you can use. Ordered from easiest to hardest:

    Other Connections

    -

    For other kinds of SSL connections, you will need to find the root certificate being used by your host. You can check out this StackExchange post for numerous methods of acquiring this certificate from a server. If these methods are not sufficient, you may need to request this certificate from your network administrator. Once you have the certificate, convert it to PEM format if needed (I use this website), and use the pycert_bearssl.py convert command to convert the certificate into a trust anchor header.

    +

    For other kinds of SSL connections, you will need to find the root certificate being used by your host. You can check out this StackExchange post for numerous methods of acquiring this certificate from a server. If these methods are not sufficient, you may need to request this certificate from your network administrator. Once you have the certificate, convert it to PEM format if needed (I use this website), and use the pycert_bearssl.py convet --no-search command to convert the certificate into a trust anchor header.

    Using Trust Anchors

    Once you've generated a trust anchor array, add it to your Arduino sketch using the Sketch->Add File button in the Arduino IDE, and link it to your SSLClient like so:

    {C++}
    #include "yourtrustanchorfile.h"
    // ...
    SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin);
    // ...

    Where yourtrustanchorfile.h contains a generated trust anchor array names TAs, with length TAs_NUM. BearSSL will now automatically use these trust anchors when SSLClient::connect is called.

    diff --git a/docs/html/menu.js b/docs/menu.js similarity index 100% rename from docs/html/menu.js rename to docs/menu.js diff --git a/docs/html/menudata.js b/docs/menudata.js similarity index 96% rename from docs/html/menudata.js rename to docs/menudata.js index 529ffec..5407264 100644 --- a/docs/html/menudata.js +++ b/docs/menudata.js @@ -57,6 +57,4 @@ var menudata={children:[ {text:"File List",url:"files.html"}, {text:"File Members",url:"globals.html",children:[ {text:"All",url:"globals.html"}, -{text:"Functions",url:"globals_func.html"}, -{text:"Variables",url:"globals_vars.html"}, {text:"Macros",url:"globals_defs.html"}]}]}]} diff --git a/docs/html/namespace_s_s_l_obj.html b/docs/namespace_s_s_l_obj.html similarity index 98% rename from docs/html/namespace_s_s_l_obj.html rename to docs/namespace_s_s_l_obj.html index 5d3af7a..d4f55e3 100644 --- a/docs/html/namespace_s_s_l_obj.html +++ b/docs/namespace_s_s_l_obj.html @@ -30,9 +30,8 @@
    SSLClient -  v1.4.7 +  v1.5.0
    -
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespacemembers.html b/docs/namespacemembers.html similarity index 96% rename from docs/html/namespacemembers.html rename to docs/namespacemembers.html index 53d7762..cac29f8 100644 --- a/docs/html/namespacemembers.html +++ b/docs/namespacemembers.html @@ -30,9 +30,8 @@
    SSLClient -  v1.4.7 +  v1.5.0
    -
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespacemembers_func.html b/docs/namespacemembers_func.html similarity index 96% rename from docs/html/namespacemembers_func.html rename to docs/namespacemembers_func.html index 46f8a15..07aea65 100644 --- a/docs/html/namespacemembers_func.html +++ b/docs/namespacemembers_func.html @@ -30,9 +30,8 @@
    SSLClient -  v1.4.7 +  v1.5.0
    -
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespaces.html b/docs/namespaces.html similarity index 97% rename from docs/html/namespaces.html rename to docs/namespaces.html index edad91b..01c331b 100644 --- a/docs/html/namespaces.html +++ b/docs/namespaces.html @@ -30,9 +30,8 @@
    SSLClient -  v1.4.7 +  v1.5.0
    -
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/namespaces_dup.js b/docs/namespaces_dup.js similarity index 100% rename from docs/html/namespaces_dup.js rename to docs/namespaces_dup.js diff --git a/docs/html/nav_f.png b/docs/nav_f.png similarity index 100% rename from docs/html/nav_f.png rename to docs/nav_f.png diff --git a/docs/html/nav_g.png b/docs/nav_g.png similarity index 100% rename from docs/html/nav_g.png rename to docs/nav_g.png diff --git a/docs/html/nav_h.png b/docs/nav_h.png similarity index 100% rename from docs/html/nav_h.png rename to docs/nav_h.png diff --git a/docs/html/navtree.css b/docs/navtree.css similarity index 100% rename from docs/html/navtree.css rename to docs/navtree.css diff --git a/docs/html/navtree.js b/docs/navtree.js similarity index 100% rename from docs/html/navtree.js rename to docs/navtree.js diff --git a/docs/html/navtreedata.js b/docs/navtreedata.js similarity index 90% rename from docs/html/navtreedata.js rename to docs/navtreedata.js index 8d74ad1..d766bc3 100644 --- a/docs/html/navtreedata.js +++ b/docs/navtreedata.js @@ -24,7 +24,7 @@ for the JavaScript code in this file var NAVTREE = [ [ "SSLClient", "index.html", [ - [ "Trust Anchors", "md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html", null ], + [ "Trust Anchors", "md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html", null ], [ "Namespaces", "namespaces.html", [ [ "Namespace List", "namespaces.html", "namespaces_dup" ], [ "Namespace Members", "namespacemembers.html", [ @@ -48,8 +48,6 @@ var NAVTREE = [ "File List", "files.html", "files_dup" ], [ "File Members", "globals.html", [ [ "All", "globals.html", null ], - [ "Functions", "globals_func.html", null ], - [ "Variables", "globals_vars.html", null ], [ "Macros", "globals_defs.html", null ] ] ] ] ] diff --git a/docs/html/navtreeindex0.js b/docs/navtreeindex0.js similarity index 55% rename from docs/html/navtreeindex0.js rename to docs/navtreeindex0.js index 0dde6b3..142b068 100644 --- a/docs/html/navtreeindex0.js +++ b/docs/navtreeindex0.js @@ -1,22 +1,17 @@ var NAVTREEINDEX0 = { -"_s_s_l_client_8cpp.html":[3,0,2,1], -"_s_s_l_client_8h.html":[3,0,2,2], -"_s_s_l_client_8h_source.html":[3,0,2,2], -"_s_s_l_client_parameters_8h.html":[3,0,2,3], -"_s_s_l_client_parameters_8h_source.html":[3,0,2,3], -"_s_s_l_obj_8cpp.html":[3,0,2,4], -"_s_s_l_obj_8h.html":[3,0,2,5], -"_s_s_l_obj_8h.html#a9a58d01c9073b90f2b42c655828aea6d":[3,0,2,5,0], -"_s_s_l_obj_8h_source.html":[3,0,2,5], -"_s_s_l_session_8h.html":[3,0,2,6], -"_s_s_l_session_8h_source.html":[3,0,2,6], -"_t_l_s12__only__profile_8c.html":[3,0,2,8], -"_t_l_s12__only__profile_8c.html#a32c8112a1c37ba21a05952eeefc435f3":[3,0,2,8,0], +"_s_s_l_client_8cpp.html":[3,0,0], +"_s_s_l_client_8h.html":[3,0,1], +"_s_s_l_client_8h_source.html":[3,0,1], +"_s_s_l_client_parameters_8h.html":[3,0,2], +"_s_s_l_client_parameters_8h_source.html":[3,0,2], +"_s_s_l_obj_8cpp.html":[3,0,3], +"_s_s_l_obj_8h.html":[3,0,4], +"_s_s_l_obj_8h.html#a9a58d01c9073b90f2b42c655828aea6d":[3,0,4,0], +"_s_s_l_obj_8h_source.html":[3,0,4], +"_s_s_l_session_8h.html":[3,0,5], +"_s_s_l_session_8h_source.html":[3,0,5], "annotated.html":[2,0], -"cert_8h.html":[3,0,1,0], -"cert_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[3,0,1,0,0], -"cert_8h_source.html":[3,0,1,0], "class_s_s_l_client.html":[2,0,1], "class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86":[2,0,1,20], "class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86":[2,0,1,13], @@ -56,13 +51,6 @@ var NAVTREEINDEX0 = "class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820":[2,0,3,1], "class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc":[2,0,3,2], "classes.html":[2,1], -"dir_386349f6a9bc1e2cd0767d257d5e5b91.html":[3,0,0,1], -"dir_68267d1309a1af8e8297ef4c3efbcdba.html":[3,0,2], -"dir_9c42dc81377249a918256dbb9cfb2167.html":[3,0,0,0], -"dir_d28a4824dc47e487b107a5db32ef43c4.html":[3,0,0], -"dir_dfc5a9f91fbfb9426c406a3f10131a54.html":[3,0,1], -"ec__prime__fast__256_8c.html":[3,0,2,0], -"ec__prime__fast__256_8c.html#aedcd6aae4367c3fdfe7db296b4da85ab":[3,0,2,0,0], "files.html":[3,0], "functions.html":[2,3,0], "functions_enum.html":[2,3,3], @@ -70,12 +58,10 @@ var NAVTREEINDEX0 = "functions_func.html":[2,3,1], "functions_vars.html":[2,3,2], "globals.html":[3,1,0], -"globals_defs.html":[3,1,3], -"globals_func.html":[3,1,1], -"globals_vars.html":[3,1,2], +"globals_defs.html":[3,1,1], "hierarchy.html":[2,2], "index.html":[], -"md__c_1__users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html":[0], +"md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html":[0], "namespace_s_s_l_obj.html":[1,0,0], "namespacemembers.html":[1,1,0], "namespacemembers_func.html":[1,1,1], @@ -88,33 +74,27 @@ var NAVTREEINDEX0 = "structssl__pem__decode__state.html":[2,0,0], "structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3":[2,0,0,0], "structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9":[2,0,0,1], -"time__macros_8h.html":[3,0,2,7], -"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[3,0,2,7,19], -"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[3,0,2,7,14], -"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[3,0,2,7,1], -"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[3,0,2,7,20], -"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[3,0,2,7,16], -"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[3,0,2,7,4], -"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[3,0,2,7,15], -"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[3,0,2,7,13], -"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[3,0,2,7,5], -"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[3,0,2,7,8], -"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[3,0,2,7,0], -"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[3,0,2,7,6], -"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[3,0,2,7,18], -"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[3,0,2,7,12], -"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[3,0,2,7,11], -"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[3,0,2,7,2], -"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[3,0,2,7,7], -"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[3,0,2,7,17], -"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[3,0,2,7,3], -"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[3,0,2,7,9], -"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[3,0,2,7,10], -"time__macros_8h_source.html":[3,0,2,7], -"trust__anchors_8h.html":[3,0,0,0,0], -"trust__anchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[3,0,0,0,0,0], -"trust__anchors_8h_source.html":[3,0,0,0,0], -"trustanchors_8h.html":[3,0,0,1,0], -"trustanchors_8h.html#ae2e26a4e8e97b0f15c18ba1ace062948":[3,0,0,1,0,0], -"trustanchors_8h_source.html":[3,0,0,1,0] +"time__macros_8h.html":[3,0,6], +"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[3,0,6,19], +"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[3,0,6,14], +"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[3,0,6,1], +"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[3,0,6,20], +"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[3,0,6,16], +"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[3,0,6,4], +"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[3,0,6,15], +"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[3,0,6,13], +"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[3,0,6,5], +"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[3,0,6,8], +"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[3,0,6,0], +"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[3,0,6,6], +"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[3,0,6,18], +"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[3,0,6,12], +"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[3,0,6,11], +"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[3,0,6,2], +"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[3,0,6,7], +"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[3,0,6,17], +"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[3,0,6,3], +"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[3,0,6,9], +"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[3,0,6,10], +"time__macros_8h_source.html":[3,0,6] }; diff --git a/docs/html/open.png b/docs/open.png similarity index 100% rename from docs/html/open.png rename to docs/open.png diff --git a/docs/html/pages.html b/docs/pages.html similarity index 93% rename from docs/html/pages.html rename to docs/pages.html index 73a881b..37ed9e0 100644 --- a/docs/html/pages.html +++ b/docs/pages.html @@ -30,9 +30,8 @@
    SSLClient -  v1.4.7 +  v1.5.0
    -
    Add TLS 1.2 functionality to any network library.
    @@ -93,7 +92,7 @@ $(document).ready(function(){initNavTree('pages.html','');});
    Here is a list of all related documentation pages:
    - +
     Trust Anchors
     Trust Anchors
    diff --git a/docs/html/resize.js b/docs/resize.js similarity index 100% rename from docs/html/resize.js rename to docs/resize.js diff --git a/docs/html/search/all_0.html b/docs/search/all_0.html similarity index 100% rename from docs/html/search/all_0.html rename to docs/search/all_0.html diff --git a/docs/html/search/all_0.js b/docs/search/all_0.js similarity index 100% rename from docs/html/search/all_0.js rename to docs/search/all_0.js diff --git a/docs/html/search/all_1.html b/docs/search/all_1.html similarity index 100% rename from docs/html/search/all_1.html rename to docs/search/all_1.html diff --git a/docs/html/search/all_1.js b/docs/search/all_1.js similarity index 100% rename from docs/html/search/all_1.js rename to docs/search/all_1.js diff --git a/docs/html/search/all_10.html b/docs/search/all_10.html similarity index 100% rename from docs/html/search/all_10.html rename to docs/search/all_10.html diff --git a/docs/html/search/all_11.js b/docs/search/all_10.js similarity index 100% rename from docs/html/search/all_11.js rename to docs/search/all_10.js diff --git a/docs/html/search/all_2.html b/docs/search/all_2.html similarity index 100% rename from docs/html/search/all_2.html rename to docs/search/all_2.html diff --git a/docs/html/search/all_3.js b/docs/search/all_2.js similarity index 95% rename from docs/html/search/all_3.js rename to docs/search/all_2.js index 13385d1..0b06fcf 100644 --- a/docs/html/search/all_3.js +++ b/docs/search/all_2.js @@ -1,6 +1,5 @@ var searchData= [ - ['cert_2eh',['cert.h',['../cert_8h.html',1,'']]], ['chain_5flen',['chain_len',['../struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2',1,'SSLClientParameters']]], ['client_5fcert_5fchain',['client_cert_chain',['../struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95',1,'SSLClientParameters']]], ['connect',['connect',['../class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3',1,'SSLClient::connect(IPAddress ip, uint16_t port) override'],['../class_s_s_l_client.html#a248a5152cc3c3e7666bf5443bfd57c90',1,'SSLClient::connect(const char *host, uint16_t port) override']]], diff --git a/docs/html/search/all_3.html b/docs/search/all_3.html similarity index 100% rename from docs/html/search/all_3.html rename to docs/search/all_3.html diff --git a/docs/html/search/all_4.js b/docs/search/all_3.js similarity index 100% rename from docs/html/search/all_4.js rename to docs/search/all_3.js diff --git a/docs/html/search/all_4.html b/docs/search/all_4.html similarity index 100% rename from docs/html/search/all_4.html rename to docs/search/all_4.html diff --git a/docs/html/search/all_5.js b/docs/search/all_4.js similarity index 71% rename from docs/html/search/all_5.js rename to docs/search/all_4.js index 143336e..8369997 100644 --- a/docs/html/search/all_5.js +++ b/docs/search/all_4.js @@ -1,6 +1,5 @@ var searchData= [ ['ec_5fkey',['ec_key',['../struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449',1,'SSLClientParameters']]], - ['ec_5fprime_5ffast_5f256_2ec',['ec_prime_fast_256.c',['../ec__prime__fast__256_8c.html',1,'']]], ['error',['Error',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6cea',1,'SSLClient']]] ]; diff --git a/docs/html/search/all_5.html b/docs/search/all_5.html similarity index 100% rename from docs/html/search/all_5.html rename to docs/search/all_5.html diff --git a/docs/html/search/all_6.js b/docs/search/all_5.js similarity index 100% rename from docs/html/search/all_6.js rename to docs/search/all_5.js diff --git a/docs/html/search/all_6.html b/docs/search/all_6.html similarity index 100% rename from docs/html/search/all_6.html rename to docs/search/all_6.html diff --git a/docs/html/search/all_7.js b/docs/search/all_6.js similarity index 100% rename from docs/html/search/all_7.js rename to docs/search/all_6.js diff --git a/docs/html/search/all_7.html b/docs/search/all_7.html similarity index 100% rename from docs/html/search/all_7.html rename to docs/search/all_7.html diff --git a/docs/html/search/all_8.js b/docs/search/all_7.js similarity index 100% rename from docs/html/search/all_8.js rename to docs/search/all_7.js diff --git a/docs/html/search/all_8.html b/docs/search/all_8.html similarity index 100% rename from docs/html/search/all_8.html rename to docs/search/all_8.html diff --git a/docs/html/search/all_9.js b/docs/search/all_8.js similarity index 100% rename from docs/html/search/all_9.js rename to docs/search/all_8.js diff --git a/docs/html/search/all_9.html b/docs/search/all_9.html similarity index 100% rename from docs/html/search/all_9.html rename to docs/search/all_9.html diff --git a/docs/html/search/all_a.js b/docs/search/all_9.js similarity index 100% rename from docs/html/search/all_a.js rename to docs/search/all_9.js diff --git a/docs/html/search/all_a.html b/docs/search/all_a.html similarity index 100% rename from docs/html/search/all_a.html rename to docs/search/all_a.html diff --git a/docs/html/search/all_b.js b/docs/search/all_a.js similarity index 100% rename from docs/html/search/all_b.js rename to docs/search/all_a.js diff --git a/docs/html/search/all_b.html b/docs/search/all_b.html similarity index 100% rename from docs/html/search/all_b.html rename to docs/search/all_b.html diff --git a/docs/html/search/all_c.js b/docs/search/all_b.js similarity index 100% rename from docs/html/search/all_c.js rename to docs/search/all_b.js diff --git a/docs/html/search/all_c.html b/docs/search/all_c.html similarity index 100% rename from docs/html/search/all_c.html rename to docs/search/all_c.html diff --git a/docs/html/search/all_d.js b/docs/search/all_c.js similarity index 100% rename from docs/html/search/all_d.js rename to docs/search/all_c.js diff --git a/docs/html/search/all_d.html b/docs/search/all_d.html similarity index 100% rename from docs/html/search/all_d.html rename to docs/search/all_d.html diff --git a/docs/search/all_d.js b/docs/search/all_d.js new file mode 100644 index 0000000..4b4b251 --- /dev/null +++ b/docs/search/all_d.js @@ -0,0 +1,7 @@ +var searchData= +[ + ['trust_20anchors',['Trust Anchors',['../md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html',1,'']]], + ['time_5fmacros_2eh',['time_macros.h',['../time__macros_8h.html',1,'']]], + ['to_5fbr_5fsession',['to_br_session',['../class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc',1,'SSLSession']]], + ['trustanchors_2emd',['TrustAnchors.md',['../_trust_anchors_8md.html',1,'']]] +]; diff --git a/docs/html/search/all_e.html b/docs/search/all_e.html similarity index 100% rename from docs/html/search/all_e.html rename to docs/search/all_e.html diff --git a/docs/html/search/all_f.js b/docs/search/all_e.js similarity index 100% rename from docs/html/search/all_f.js rename to docs/search/all_e.js diff --git a/docs/html/search/all_f.html b/docs/search/all_f.html similarity index 100% rename from docs/html/search/all_f.html rename to docs/search/all_f.html diff --git a/docs/html/search/all_10.js b/docs/search/all_f.js similarity index 100% rename from docs/html/search/all_10.js rename to docs/search/all_f.js diff --git a/docs/html/search/classes_0.html b/docs/search/classes_0.html similarity index 100% rename from docs/html/search/classes_0.html rename to docs/search/classes_0.html diff --git a/docs/html/search/classes_0.js b/docs/search/classes_0.js similarity index 100% rename from docs/html/search/classes_0.js rename to docs/search/classes_0.js diff --git a/docs/html/search/close.png b/docs/search/close.png similarity index 100% rename from docs/html/search/close.png rename to docs/search/close.png diff --git a/docs/html/search/defines_0.html b/docs/search/defines_0.html similarity index 100% rename from docs/html/search/defines_0.html rename to docs/search/defines_0.html diff --git a/docs/html/search/defines_0.js b/docs/search/defines_0.js similarity index 100% rename from docs/html/search/defines_0.js rename to docs/search/defines_0.js diff --git a/docs/html/search/defines_1.html b/docs/search/defines_1.html similarity index 100% rename from docs/html/search/defines_1.html rename to docs/search/defines_1.html diff --git a/docs/html/search/defines_1.js b/docs/search/defines_1.js similarity index 100% rename from docs/html/search/defines_1.js rename to docs/search/defines_1.js diff --git a/docs/html/search/defines_2.html b/docs/search/defines_2.html similarity index 100% rename from docs/html/search/defines_2.html rename to docs/search/defines_2.html diff --git a/docs/html/search/defines_2.js b/docs/search/defines_2.js similarity index 100% rename from docs/html/search/defines_2.js rename to docs/search/defines_2.js diff --git a/docs/html/search/defines_3.html b/docs/search/defines_3.html similarity index 100% rename from docs/html/search/defines_3.html rename to docs/search/defines_3.html diff --git a/docs/html/search/defines_3.js b/docs/search/defines_3.js similarity index 100% rename from docs/html/search/defines_3.js rename to docs/search/defines_3.js diff --git a/docs/html/search/defines_4.html b/docs/search/defines_4.html similarity index 100% rename from docs/html/search/defines_4.html rename to docs/search/defines_4.html diff --git a/docs/html/search/defines_4.js b/docs/search/defines_4.js similarity index 100% rename from docs/html/search/defines_4.js rename to docs/search/defines_4.js diff --git a/docs/html/search/defines_5.html b/docs/search/defines_5.html similarity index 100% rename from docs/html/search/defines_5.html rename to docs/search/defines_5.html diff --git a/docs/html/search/defines_6.js b/docs/search/defines_5.js similarity index 100% rename from docs/html/search/defines_6.js rename to docs/search/defines_5.js diff --git a/docs/html/search/enums_0.html b/docs/search/enums_0.html similarity index 100% rename from docs/html/search/enums_0.html rename to docs/search/enums_0.html diff --git a/docs/html/search/enums_0.js b/docs/search/enums_0.js similarity index 100% rename from docs/html/search/enums_0.js rename to docs/search/enums_0.js diff --git a/docs/html/search/enums_1.html b/docs/search/enums_1.html similarity index 100% rename from docs/html/search/enums_1.html rename to docs/search/enums_1.html diff --git a/docs/html/search/enums_1.js b/docs/search/enums_1.js similarity index 100% rename from docs/html/search/enums_1.js rename to docs/search/enums_1.js diff --git a/docs/html/search/enumvalues_0.html b/docs/search/enumvalues_0.html similarity index 100% rename from docs/html/search/enumvalues_0.html rename to docs/search/enumvalues_0.html diff --git a/docs/html/search/enumvalues_0.js b/docs/search/enumvalues_0.js similarity index 100% rename from docs/html/search/enumvalues_0.js rename to docs/search/enumvalues_0.js diff --git a/docs/html/search/files_0.html b/docs/search/files_0.html similarity index 100% rename from docs/html/search/files_0.html rename to docs/search/files_0.html diff --git a/docs/html/search/files_2.js b/docs/search/files_0.js similarity index 100% rename from docs/html/search/files_2.js rename to docs/search/files_0.js diff --git a/docs/html/search/files_1.html b/docs/search/files_1.html similarity index 100% rename from docs/html/search/files_1.html rename to docs/search/files_1.html diff --git a/docs/html/search/files_3.js b/docs/search/files_1.js similarity index 100% rename from docs/html/search/files_3.js rename to docs/search/files_1.js diff --git a/docs/html/search/files_2.html b/docs/search/files_2.html similarity index 100% rename from docs/html/search/files_2.html rename to docs/search/files_2.html diff --git a/docs/search/files_2.js b/docs/search/files_2.js new file mode 100644 index 0000000..a77b038 --- /dev/null +++ b/docs/search/files_2.js @@ -0,0 +1,5 @@ +var searchData= +[ + ['time_5fmacros_2eh',['time_macros.h',['../time__macros_8h.html',1,'']]], + ['trustanchors_2emd',['TrustAnchors.md',['../_trust_anchors_8md.html',1,'']]] +]; diff --git a/docs/html/search/functions_0.html b/docs/search/functions_0.html similarity index 100% rename from docs/html/search/functions_0.html rename to docs/search/functions_0.html diff --git a/docs/html/search/functions_0.js b/docs/search/functions_0.js similarity index 100% rename from docs/html/search/functions_0.js rename to docs/search/functions_0.js diff --git a/docs/html/search/functions_1.html b/docs/search/functions_1.html similarity index 100% rename from docs/html/search/functions_1.html rename to docs/search/functions_1.html diff --git a/docs/html/search/functions_2.js b/docs/search/functions_1.js similarity index 100% rename from docs/html/search/functions_2.js rename to docs/search/functions_1.js diff --git a/docs/html/search/functions_2.html b/docs/search/functions_2.html similarity index 100% rename from docs/html/search/functions_2.html rename to docs/search/functions_2.html diff --git a/docs/html/search/functions_3.js b/docs/search/functions_2.js similarity index 100% rename from docs/html/search/functions_3.js rename to docs/search/functions_2.js diff --git a/docs/html/search/functions_3.html b/docs/search/functions_3.html similarity index 100% rename from docs/html/search/functions_3.html rename to docs/search/functions_3.html diff --git a/docs/html/search/functions_4.js b/docs/search/functions_3.js similarity index 100% rename from docs/html/search/functions_4.js rename to docs/search/functions_3.js diff --git a/docs/html/search/functions_4.html b/docs/search/functions_4.html similarity index 100% rename from docs/html/search/functions_4.html rename to docs/search/functions_4.html diff --git a/docs/html/search/functions_5.js b/docs/search/functions_4.js similarity index 100% rename from docs/html/search/functions_5.js rename to docs/search/functions_4.js diff --git a/docs/html/search/functions_5.html b/docs/search/functions_5.html similarity index 100% rename from docs/html/search/functions_5.html rename to docs/search/functions_5.html diff --git a/docs/html/search/functions_6.js b/docs/search/functions_5.js similarity index 100% rename from docs/html/search/functions_6.js rename to docs/search/functions_5.js diff --git a/docs/html/search/functions_6.html b/docs/search/functions_6.html similarity index 100% rename from docs/html/search/functions_6.html rename to docs/search/functions_6.html diff --git a/docs/html/search/functions_7.js b/docs/search/functions_6.js similarity index 100% rename from docs/html/search/functions_7.js rename to docs/search/functions_6.js diff --git a/docs/html/search/functions_7.html b/docs/search/functions_7.html similarity index 100% rename from docs/html/search/functions_7.html rename to docs/search/functions_7.html diff --git a/docs/html/search/functions_8.js b/docs/search/functions_7.js similarity index 100% rename from docs/html/search/functions_8.js rename to docs/search/functions_7.js diff --git a/docs/html/search/functions_8.html b/docs/search/functions_8.html similarity index 100% rename from docs/html/search/functions_8.html rename to docs/search/functions_8.html diff --git a/docs/html/search/functions_9.js b/docs/search/functions_8.js similarity index 100% rename from docs/html/search/functions_9.js rename to docs/search/functions_8.js diff --git a/docs/html/search/functions_9.html b/docs/search/functions_9.html similarity index 100% rename from docs/html/search/functions_9.html rename to docs/search/functions_9.html diff --git a/docs/html/search/functions_a.js b/docs/search/functions_9.js similarity index 100% rename from docs/html/search/functions_a.js rename to docs/search/functions_9.js diff --git a/docs/html/search/functions_a.html b/docs/search/functions_a.html similarity index 100% rename from docs/html/search/functions_a.html rename to docs/search/functions_a.html diff --git a/docs/html/search/functions_b.js b/docs/search/functions_a.js similarity index 100% rename from docs/html/search/functions_b.js rename to docs/search/functions_a.js diff --git a/docs/html/search/mag_sel.png b/docs/search/mag_sel.png similarity index 100% rename from docs/html/search/mag_sel.png rename to docs/search/mag_sel.png diff --git a/docs/html/search/namespaces_0.html b/docs/search/namespaces_0.html similarity index 100% rename from docs/html/search/namespaces_0.html rename to docs/search/namespaces_0.html diff --git a/docs/html/search/namespaces_0.js b/docs/search/namespaces_0.js similarity index 100% rename from docs/html/search/namespaces_0.js rename to docs/search/namespaces_0.js diff --git a/docs/html/search/nomatches.html b/docs/search/nomatches.html similarity index 100% rename from docs/html/search/nomatches.html rename to docs/search/nomatches.html diff --git a/docs/html/search/pages_0.html b/docs/search/pages_0.html similarity index 100% rename from docs/html/search/pages_0.html rename to docs/search/pages_0.html diff --git a/docs/html/search/pages_0.js b/docs/search/pages_0.js similarity index 100% rename from docs/html/search/pages_0.js rename to docs/search/pages_0.js diff --git a/docs/html/search/pages_1.html b/docs/search/pages_1.html similarity index 100% rename from docs/html/search/pages_1.html rename to docs/search/pages_1.html diff --git a/docs/search/pages_1.js b/docs/search/pages_1.js new file mode 100644 index 0000000..7918701 --- /dev/null +++ b/docs/search/pages_1.js @@ -0,0 +1,4 @@ +var searchData= +[ + ['trust_20anchors',['Trust Anchors',['../md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html',1,'']]] +]; diff --git a/docs/html/search/search.css b/docs/search/search.css similarity index 100% rename from docs/html/search/search.css rename to docs/search/search.css diff --git a/docs/html/search/search.js b/docs/search/search.js similarity index 100% rename from docs/html/search/search.js rename to docs/search/search.js diff --git a/docs/html/search/search_l.png b/docs/search/search_l.png similarity index 100% rename from docs/html/search/search_l.png rename to docs/search/search_l.png diff --git a/docs/html/search/search_m.png b/docs/search/search_m.png similarity index 100% rename from docs/html/search/search_m.png rename to docs/search/search_m.png diff --git a/docs/html/search/search_r.png b/docs/search/search_r.png similarity index 100% rename from docs/html/search/search_r.png rename to docs/search/search_r.png diff --git a/docs/html/search/searchdata.js b/docs/search/searchdata.js similarity index 83% rename from docs/html/search/searchdata.js rename to docs/search/searchdata.js index a1efc7e..25ef3f7 100644 --- a/docs/html/search/searchdata.js +++ b/docs/search/searchdata.js @@ -1,14 +1,14 @@ var indexSectionsWithContent = { - 0: "_abcdefgimoprstuvw", + 0: "_acdefgimoprstuvw", 1: "s", 2: "s", - 3: "cerst", - 4: "abcfgmoprstw", - 5: "bceiv", + 3: "rst", + 4: "acfgmoprstw", + 5: "ceiv", 6: "de", 7: "s", - 8: "_cgpstu", + 8: "_cgpsu", 9: "st" }; diff --git a/docs/html/search/variables_0.html b/docs/search/variables_0.html similarity index 100% rename from docs/html/search/variables_0.html rename to docs/search/variables_0.html diff --git a/docs/html/search/variables_1.js b/docs/search/variables_0.js similarity index 100% rename from docs/html/search/variables_1.js rename to docs/search/variables_0.js diff --git a/docs/html/search/variables_1.html b/docs/search/variables_1.html similarity index 100% rename from docs/html/search/variables_1.html rename to docs/search/variables_1.html diff --git a/docs/html/search/variables_2.js b/docs/search/variables_1.js similarity index 100% rename from docs/html/search/variables_2.js rename to docs/search/variables_1.js diff --git a/docs/html/search/variables_2.html b/docs/search/variables_2.html similarity index 100% rename from docs/html/search/variables_2.html rename to docs/search/variables_2.html diff --git a/docs/html/search/variables_3.js b/docs/search/variables_2.js similarity index 100% rename from docs/html/search/variables_3.js rename to docs/search/variables_2.js diff --git a/docs/html/search/variables_3.html b/docs/search/variables_3.html similarity index 100% rename from docs/html/search/variables_3.html rename to docs/search/variables_3.html diff --git a/docs/html/search/variables_4.js b/docs/search/variables_3.js similarity index 100% rename from docs/html/search/variables_4.js rename to docs/search/variables_3.js diff --git a/docs/html/splitbar.png b/docs/splitbar.png similarity index 100% rename from docs/html/splitbar.png rename to docs/splitbar.png diff --git a/docs/html/struct_s_s_l_client_parameters-members.html b/docs/struct_s_s_l_client_parameters-members.html similarity index 97% rename from docs/html/struct_s_s_l_client_parameters-members.html rename to docs/struct_s_s_l_client_parameters-members.html index b326fb4..6246a74 100644 --- a/docs/html/struct_s_s_l_client_parameters-members.html +++ b/docs/struct_s_s_l_client_parameters-members.html @@ -30,9 +30,8 @@
    SSLClient -  v1.4.7 +  v1.5.0
    -
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/struct_s_s_l_client_parameters.html b/docs/struct_s_s_l_client_parameters.html similarity index 97% rename from docs/html/struct_s_s_l_client_parameters.html rename to docs/struct_s_s_l_client_parameters.html index c889f7c..142f1e3 100644 --- a/docs/html/struct_s_s_l_client_parameters.html +++ b/docs/struct_s_s_l_client_parameters.html @@ -30,9 +30,8 @@
    SSLClient -  v1.4.7 +  v1.5.0
    -
    Add TLS 1.2 functionality to any network library.
    @@ -164,7 +163,7 @@ Public Attributes
    The documentation for this struct was generated from the following file: diff --git a/docs/html/struct_s_s_l_client_parameters.js b/docs/struct_s_s_l_client_parameters.js similarity index 100% rename from docs/html/struct_s_s_l_client_parameters.js rename to docs/struct_s_s_l_client_parameters.js diff --git a/docs/html/structssl__pem__decode__state-members.html b/docs/structssl__pem__decode__state-members.html similarity index 97% rename from docs/html/structssl__pem__decode__state-members.html rename to docs/structssl__pem__decode__state-members.html index de3d26c..ac3c7aa 100644 --- a/docs/html/structssl__pem__decode__state-members.html +++ b/docs/structssl__pem__decode__state-members.html @@ -30,9 +30,8 @@
    SSLClient -  v1.4.7 +  v1.5.0
    -
    Add TLS 1.2 functionality to any network library.
    diff --git a/docs/html/structssl__pem__decode__state.html b/docs/structssl__pem__decode__state.html similarity index 96% rename from docs/html/structssl__pem__decode__state.html rename to docs/structssl__pem__decode__state.html index df3c8e2..c050a22 100644 --- a/docs/html/structssl__pem__decode__state.html +++ b/docs/structssl__pem__decode__state.html @@ -30,9 +30,8 @@
    SSLClient -  v1.4.7 +  v1.5.0
    -
    Add TLS 1.2 functionality to any network library.
    @@ -132,7 +131,7 @@ Public Attributes
    The documentation for this struct was generated from the following file: diff --git a/docs/html/structssl__pem__decode__state.js b/docs/structssl__pem__decode__state.js similarity index 100% rename from docs/html/structssl__pem__decode__state.js rename to docs/structssl__pem__decode__state.js diff --git a/docs/html/sync_off.png b/docs/sync_off.png similarity index 100% rename from docs/html/sync_off.png rename to docs/sync_off.png diff --git a/docs/html/sync_on.png b/docs/sync_on.png similarity index 100% rename from docs/html/sync_on.png rename to docs/sync_on.png diff --git a/docs/html/tab_a.png b/docs/tab_a.png similarity index 100% rename from docs/html/tab_a.png rename to docs/tab_a.png diff --git a/docs/html/tab_b.png b/docs/tab_b.png similarity index 100% rename from docs/html/tab_b.png rename to docs/tab_b.png diff --git a/docs/html/tab_h.png b/docs/tab_h.png similarity index 100% rename from docs/html/tab_h.png rename to docs/tab_h.png diff --git a/docs/html/tab_s.png b/docs/tab_s.png similarity index 100% rename from docs/html/tab_s.png rename to docs/tab_s.png diff --git a/docs/html/tabs.css b/docs/tabs.css similarity index 100% rename from docs/html/tabs.css rename to docs/tabs.css diff --git a/docs/html/time__macros_8h.html b/docs/time__macros_8h.html similarity index 97% rename from docs/html/time__macros_8h.html rename to docs/time__macros_8h.html index 7709738..aee4b86 100644 --- a/docs/html/time__macros_8h.html +++ b/docs/time__macros_8h.html @@ -5,7 +5,7 @@ -SSLClient: C:/Users/Noah/Documents/Arduino/libraries/SSLClient/src/time_macros.h File Reference +SSLClient: time_macros.h File Reference @@ -30,9 +30,8 @@
    SSLClient -  v1.4.7 +  v1.5.0
    -
    Add TLS 1.2 functionality to any network library.
    @@ -579,7 +578,7 @@ Macros
    -Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    21 #include "Client.h"
    22 #include "SSLSession.h"
    23 #include "SSLClientParameters.h"
    24 #include "SSLObj.h"
    25 #include <vector>
    26 
    27 #ifndef SSLClient_H_
    28 #define SSLClient_H_
    29 
    35 class SSLClient : public Client {
    36 public:
    45  enum Error {
    46  SSL_OK = 0,
    48  SSL_CLIENT_CONNECT_FAIL = 2,
    50  SSL_BR_CONNECT_FAIL = 3,
    52  SSL_CLIENT_WRTIE_ERROR = 4,
    54  SSL_BR_WRITE_ERROR = 5,
    56  SSL_INTERNAL_ERROR = 6,
    58  SSL_OUT_OF_MEMORY = 7
    59  };
    60 
    67  enum DebugLevel {
    69  SSL_NONE = 0,
    71  SSL_ERROR = 1,
    73  SSL_WARN = 2,
    75  SSL_INFO = 3,
    76  };
    77 
    95  explicit SSLClient( Client& client,
    96  const br_x509_trust_anchor *trust_anchors,
    97  const size_t trust_anchors_num,
    98  const int analog_pin,
    99  const size_t max_sessions = 1,
    100  const DebugLevel debug = SSL_WARN);
    101 
    102  //========================================
    103  //= Functions implemented in SSLClient.cpp
    104  //========================================
    105 
    145  int connect(IPAddress ip, uint16_t port) override;
    146 
    183  int connect(const char *host, uint16_t port) override;
    184 
    208  size_t write(const uint8_t *buf, size_t size) override;
    210  size_t write(uint8_t b) override { return write(&b, 1); }
    211 
    230  int available() override;
    231 
    253  int read(uint8_t *buf, size_t size) override;
    258  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
    259 
    268  int peek() override;
    269 
    277  void flush() override;
    278 
    287  void stop() override;
    288 
    302  uint8_t connected() override;
    303 
    304  //========================================
    305  //= Functions Not in the Client Interface
    306  //========================================
    307 
    316  void setMutualAuthParams(const SSLClientParameters* params);
    317 
    332  SSLSession* getSession(const char* host);
    333 
    342  void removeSession(const char* host);
    343 
    349  size_t getSessionCount() const { return m_sessions.size(); }
    350 
    356  operator bool() { return connected() > 0; }
    357 
    359  Client& getClient() { return m_client; }
    360 
    365  void setTimeout(unsigned int t) { m_timeout = t; }
    366 
    371  unsigned int getTimeout() const { return m_timeout; }
    372 
    373 private:
    375  Client& get_arduino_client() { return m_client; }
    376  const Client& get_arduino_client() const { return m_client; }
    377 
    379  bool m_soft_connected(const char* func_name);
    381  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
    383  int m_run_until(const unsigned target);
    385  unsigned m_update_engine();
    387  int m_get_session_index(const char* host) const;
    388 
    390  void m_print_prefix(const char* func_name, const DebugLevel level) const;
    391 
    393  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
    394 
    396  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
    397 
    399  template<typename T>
    400  void m_print(const T str, const char* func_name, const DebugLevel level) const {
    401  // check the current debug level and serial status
    402  if (level > m_debug || !Serial) return;
    403  // print prefix
    404  m_print_prefix(func_name, level);
    405  // print the message
    406  Serial.println(str);
    407  }
    408 
    410  template<typename T>
    411  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
    412 
    413  template<typename T>
    414  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
    415 
    416  template<typename T>
    417  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
    418 
    419  //============================================
    420  //= Data Members
    421  //============================================
    422  // create a reference the client
    423  Client& m_client;
    424  // also store an array of SSLSessions, so we can resume communication with multiple websites
    425  std::vector<SSLSession> m_sessions;
    426  // as well as the maximmum number of sessions we can store
    427  const size_t m_max_sessions;
    428  // store the pin to fetch an RNG see from
    429  const int m_analog_pin;
    430  // store whether to enable debug logging
    431  const DebugLevel m_debug;
    432  // store if we are connected in bearssl or not
    433  bool m_is_connected;
    434  // store the timeout for SSL internals
    435  unsigned int m_timeout;
    436  // store the context values required for SSL
    437  br_ssl_client_context m_sslctx;
    438  br_x509_minimal_context m_x509ctx;
    439  // use a mono-directional buffer by default to cut memory in half
    440  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
    441  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
    442  // simply edit this value to change the buffer size to the desired value
    443  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
    444  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
    452  unsigned char m_iobuf[2048];
    453  // store the index of where we are writing in the buffer
    454  // so we can send our records all at once to prevent
    455  // weird timing issues
    456  size_t m_write_idx;
    457 };
    458 
    459 #endif
    SSLClient::connected
    uint8_t connected() override
    Check if the device is connected.
    Definition: SSLClient.cpp:251
    -
    SSLClient::SSL_OUT_OF_MEMORY
    Definition: SSLClient.h:58
    +Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    21 #include "Client.h"
    22 #include "SSLSession.h"
    23 #include "SSLClientParameters.h"
    24 #include <vector>
    25 
    26 #ifndef SSLClient_H_
    27 #define SSLClient_H_
    28 
    34 class SSLClient : public Client {
    35 public:
    44  enum Error {
    45  SSL_OK = 0,
    47  SSL_CLIENT_CONNECT_FAIL = 2,
    49  SSL_BR_CONNECT_FAIL = 3,
    51  SSL_CLIENT_WRTIE_ERROR = 4,
    53  SSL_BR_WRITE_ERROR = 5,
    55  SSL_INTERNAL_ERROR = 6,
    57  SSL_OUT_OF_MEMORY = 7
    58  };
    59 
    66  enum DebugLevel {
    68  SSL_NONE = 0,
    70  SSL_ERROR = 1,
    72  SSL_WARN = 2,
    74  SSL_INFO = 3,
    75  };
    76 
    94  explicit SSLClient( Client& client,
    95  const br_x509_trust_anchor *trust_anchors,
    96  const size_t trust_anchors_num,
    97  const int analog_pin,
    98  const size_t max_sessions = 1,
    99  const DebugLevel debug = SSL_WARN);
    100 
    101  //========================================
    102  //= Functions implemented in SSLClient.cpp
    103  //========================================
    104 
    144  int connect(IPAddress ip, uint16_t port) override;
    145 
    182  int connect(const char *host, uint16_t port) override;
    183 
    207  size_t write(const uint8_t *buf, size_t size) override;
    209  size_t write(uint8_t b) override { return write(&b, 1); }
    210 
    229  int available() override;
    230 
    252  int read(uint8_t *buf, size_t size) override;
    257  int read() override { uint8_t read_val; return read(&read_val, 1) > 0 ? read_val : -1; };
    258 
    267  int peek() override;
    268 
    276  void flush() override;
    277 
    286  void stop() override;
    287 
    301  uint8_t connected() override;
    302 
    303  //========================================
    304  //= Functions Not in the Client Interface
    305  //========================================
    306 
    315  void setMutualAuthParams(const SSLClientParameters& params);
    316 
    331  SSLSession* getSession(const char* host);
    332 
    341  void removeSession(const char* host);
    342 
    348  size_t getSessionCount() const { return m_sessions.size(); }
    349 
    355  operator bool() { return connected() > 0; }
    356 
    358  Client& getClient() { return m_client; }
    359 
    364  void setTimeout(unsigned int t) { m_timeout = t; }
    365 
    370  unsigned int getTimeout() const { return m_timeout; }
    371 
    372 private:
    374  Client& get_arduino_client() { return m_client; }
    375  const Client& get_arduino_client() const { return m_client; }
    376 
    378  bool m_soft_connected(const char* func_name);
    380  int m_start_ssl(const char* host = nullptr, SSLSession* ssl_ses = nullptr);
    382  int m_run_until(const unsigned target);
    384  unsigned m_update_engine();
    386  int m_get_session_index(const char* host) const;
    387 
    389  void m_print_prefix(const char* func_name, const DebugLevel level) const;
    390 
    392  void m_print_ssl_error(const int ssl_error, const DebugLevel level) const;
    393 
    395  void m_print_br_error(const unsigned br_error_code, const DebugLevel level) const;
    396 
    398  template<typename T>
    399  void m_print(const T str, const char* func_name, const DebugLevel level) const {
    400  // check the current debug level and serial status
    401  if (level > m_debug || !Serial) return;
    402  // print prefix
    403  m_print_prefix(func_name, level);
    404  // print the message
    405  Serial.println(str);
    406  }
    407 
    409  template<typename T>
    410  void m_info(const T str, const char* func_name) const { m_print(str, func_name, SSL_INFO); }
    411 
    412  template<typename T>
    413  void m_warn(const T str, const char* func_name) const { m_print(str, func_name, SSL_WARN); }
    414 
    415  template<typename T>
    416  void m_error(const T str, const char* func_name) const { m_print(str, func_name, SSL_ERROR); }
    417 
    418  //============================================
    419  //= Data Members
    420  //============================================
    421  // create a reference the client
    422  Client& m_client;
    423  // also store an array of SSLSessions, so we can resume communication with multiple websites
    424  std::vector<SSLSession> m_sessions;
    425  // as well as the maximmum number of sessions we can store
    426  const size_t m_max_sessions;
    427  // store the pin to fetch an RNG see from
    428  const int m_analog_pin;
    429  // store whether to enable debug logging
    430  const DebugLevel m_debug;
    431  // store if we are connected in bearssl or not
    432  bool m_is_connected;
    433  // store the timeout for SSL internals
    434  unsigned int m_timeout;
    435  // store the context values required for SSL
    436  br_ssl_client_context m_sslctx;
    437  br_x509_minimal_context m_x509ctx;
    438  // use a mono-directional buffer by default to cut memory in half
    439  // can expand to a bi-directional buffer with maximum of BR_SSL_BUFSIZE_BIDI
    440  // or shrink to below BR_SSL_BUFSIZE_MONO, and bearSSL will adapt automatically
    441  // simply edit this value to change the buffer size to the desired value
    442  // additionally, we need to correct buffer size based off of how many sessions we decide to cache
    443  // since SSL takes so much memory if we don't it will cause the stack and heap to collide
    451  unsigned char m_iobuf[2048];
    452  // store the index of where we are writing in the buffer
    453  // so we can send our records all at once to prevent
    454  // weird timing issues
    455  size_t m_write_idx;
    456 };
    457 
    458 #endif
    SSLClient::connected
    uint8_t connected() override
    Check if the device is connected.
    Definition: SSLClient.cpp:220
    +
    SSLClient::SSL_OUT_OF_MEMORY
    Definition: SSLClient.h:57
    SSLSession
    This class stores values which allow SSLClient to save and resume SSL sessions.
    Definition: SSLSession.h:51
    -
    SSLClient::setTimeout
    void setTimeout(unsigned int t)
    Set the timeout when waiting for an SSL response.
    Definition: SSLClient.h:365
    -
    SSLClient::SSL_CLIENT_CONNECT_FAIL
    Definition: SSLClient.h:48
    -
    SSLClient::SSL_INFO
    Definition: SSLClient.h:75
    -
    SSLClient::SSL_BR_WRITE_ERROR
    Definition: SSLClient.h:54
    -
    SSLClient::SSLClient
    SSLClient(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)
    Initialize SSLClient with all of the prerequisites needed.
    Definition: SSLClient.cpp:55
    -
    SSLClient::flush
    void flush() override
    Force writing the buffered bytes from SSLClient::write to the network.
    Definition: SSLClient.cpp:218
    -
    SSLClient::getSession
    SSLSession * getSession(const char *host)
    Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
    Definition: SSLClient.cpp:282
    -
    SSLClientParameters
    This struct stores data required for SSLClient to use mutual authentication.
    Definition: SSLClientParameters.h:52
    -
    SSLClient::setMutualAuthParams
    void setMutualAuthParams(const SSLClientParameters *params)
    Add a client certificate and enable support for mutual auth.
    Definition: SSLClient.cpp:306
    -
    SSLClient::available
    int available() override
    Returns the number of bytes available to read from the data that has been received and decrypted.
    Definition: SSLClient.cpp:170
    -
    SSLClient
    The main SSLClient class. Check out README.md for more info.
    Definition: SSLClient.h:35
    -
    SSLClient::SSL_WARN
    Definition: SSLClient.h:73
    -
    SSLClient::stop
    void stop() override
    Close the connection.
    Definition: SSLClient.cpp:224
    -
    SSLClient::SSL_ERROR
    Definition: SSLClient.h:71
    -
    SSLClient::connect
    int connect(IPAddress ip, uint16_t port) override
    Connect over SSL to a host specified by an IP address.
    Definition: SSLClient.cpp:82
    -
    SSLClient::write
    size_t write(const uint8_t *buf, size_t size) override
    Write some bytes to the SSL connection.
    Definition: SSLClient.cpp:127
    -
    SSLClient::read
    int read() override
    Read a single byte, or -1 if none is available.
    Definition: SSLClient.h:258
    -
    SSLClient::Error
    Error
    Static constants defining the possible errors encountered.
    Definition: SSLClient.h:45
    -
    SSLClient::SSL_CLIENT_WRTIE_ERROR
    Definition: SSLClient.h:52
    -
    SSLClient::DebugLevel
    DebugLevel
    Level of verbosity used in logging for SSLClient.
    Definition: SSLClient.h:67
    -
    SSLClient::getSessionCount
    size_t getSessionCount() const
    Get the maximum number of SSL sessions that can be stored at once.
    Definition: SSLClient.h:349
    -
    SSLClient::peek
    int peek() override
    View the first byte of the buffer, without removing it from the SSLClient Buffer.
    Definition: SSLClient.cpp:206
    +
    SSLClient::setTimeout
    void setTimeout(unsigned int t)
    Set the timeout when waiting for an SSL response.
    Definition: SSLClient.h:364
    +
    SSLClient::SSL_CLIENT_CONNECT_FAIL
    Definition: SSLClient.h:47
    +
    SSLClient::SSL_INFO
    Definition: SSLClient.h:74
    +
    SSLClient::SSL_BR_WRITE_ERROR
    Definition: SSLClient.h:53
    +
    SSLClient::SSLClient
    SSLClient(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)
    Initialize SSLClient with all of the prerequisites needed.
    Definition: SSLClient.cpp:24
    +
    SSLClient::flush
    void flush() override
    Force writing the buffered bytes from SSLClient::write to the network.
    Definition: SSLClient.cpp:187
    +
    SSLClient::getSession
    SSLSession * getSession(const char *host)
    Gets a session reference corresponding to a host and IP, or a reference to a empty session if none ex...
    Definition: SSLClient.cpp:251
    +
    SSLClient::available
    int available() override
    Returns the number of bytes available to read from the data that has been received and decrypted.
    Definition: SSLClient.cpp:139
    +
    SSLClient
    The main SSLClient class. Check out README.md for more info.
    Definition: SSLClient.h:34
    +
    SSLClient::SSL_WARN
    Definition: SSLClient.h:72
    +
    SSLClient::stop
    void stop() override
    Close the connection.
    Definition: SSLClient.cpp:193
    +
    SSLClient::SSL_ERROR
    Definition: SSLClient.h:70
    +
    SSLClient::connect
    int connect(IPAddress ip, uint16_t port) override
    Connect over SSL to a host specified by an IP address.
    Definition: SSLClient.cpp:51
    +
    SSLClient::write
    size_t write(const uint8_t *buf, size_t size) override
    Write some bytes to the SSL connection.
    Definition: SSLClient.cpp:96
    +
    SSLClient::read
    int read() override
    Read a single byte, or -1 if none is available.
    Definition: SSLClient.h:257
    +
    SSLClient::setMutualAuthParams
    void setMutualAuthParams(const SSLClientParameters &params)
    Add a client certificate and enable support for mutual auth.
    Definition: SSLClient.cpp:275
    +
    SSLClient::Error
    Error
    Static constants defining the possible errors encountered.
    Definition: SSLClient.h:44
    +
    SSLClient::SSL_CLIENT_WRTIE_ERROR
    Definition: SSLClient.h:51
    +
    SSLClient::DebugLevel
    DebugLevel
    Level of verbosity used in logging for SSLClient.
    Definition: SSLClient.h:66
    +
    SSLClient::getSessionCount
    size_t getSessionCount() const
    Get the maximum number of SSL sessions that can be stored at once.
    Definition: SSLClient.h:348
    +
    SSLClient::peek
    int peek() override
    View the first byte of the buffer, without removing it from the SSLClient Buffer.
    Definition: SSLClient.cpp:175
    SSLClientParameters.h
    -
    SSLClient::SSL_BR_CONNECT_FAIL
    Definition: SSLClient.h:50
    +
    SSLClient::SSL_BR_CONNECT_FAIL
    Definition: SSLClient.h:49
    SSLSession.h
    -
    SSLClient::write
    size_t write(uint8_t b) override
    Definition: SSLClient.h:210
    -
    SSLClient::getClient
    Client & getClient()
    Returns a reference to the client object stored in this class. Take care not to break it.
    Definition: SSLClient.h:359
    -
    SSLClient::removeSession
    void removeSession(const char *host)
    Clear the session corresponding to a host and IP.
    Definition: SSLClient.cpp:295
    -
    SSLClient::getTimeout
    unsigned int getTimeout() const
    Get the timeout when waiting for an SSL response.
    Definition: SSLClient.h:371
    -
    SSLObj.h
    -
    SSLClient::SSL_NONE
    Definition: SSLClient.h:69
    -
    SSLClient::SSL_OK
    Definition: SSLClient.h:46
    -
    SSLClient::SSL_INTERNAL_ERROR
    Definition: SSLClient.h:56
    +
    SSLClient::write
    size_t write(uint8_t b) override
    Definition: SSLClient.h:209
    +
    SSLClient::getClient
    Client & getClient()
    Returns a reference to the client object stored in this class. Take care not to break it.
    Definition: SSLClient.h:358
    +
    SSLClient::removeSession
    void removeSession(const char *host)
    Clear the session corresponding to a host and IP.
    Definition: SSLClient.cpp:264
    +
    SSLClient::getTimeout
    unsigned int getTimeout() const
    Get the timeout when waiting for an SSL response.
    Definition: SSLClient.h:370
    +
    SSLClientParameters
    This class stores data required for SSLClient to use mutual authentication.
    Definition: SSLClientParameters.h:52
    +
    SSLClient::SSL_NONE
    Definition: SSLClient.h:68
    +
    SSLClient::SSL_OK
    Definition: SSLClient.h:45
    +
    SSLClient::SSL_INTERNAL_ERROR
    Definition: SSLClient.h:55
    diff --git a/docs/_s_s_l_client_parameters_8cpp.html b/docs/_s_s_l_client_parameters_8cpp.html new file mode 100644 index 0000000..7abe07a --- /dev/null +++ b/docs/_s_s_l_client_parameters_8cpp.html @@ -0,0 +1,114 @@ + + + + + + + +SSLClient: SSLClientParameters.cpp File Reference + + + + + + + + + + + + + + +
    +
    + + + + + + +
    +
    SSLClient +  v1.5.0 +
    +
    +
    + + + + + + + +
    +
    + +
    +
    +
    + +
    + +
    +
    + + +
    + +
    + +
    +
    +Classes
    +
    +
    SSLClientParameters.cpp File Reference
    +
    +
    +
    #include "SSLClientParameters.h"
    +
    + + + +

    +Classes

    struct  ssl_pem_decode_state
     
    +
    +
    + + + + diff --git a/docs/_s_s_l_client_parameters_8cpp.js b/docs/_s_s_l_client_parameters_8cpp.js new file mode 100644 index 0000000..3671b5b --- /dev/null +++ b/docs/_s_s_l_client_parameters_8cpp.js @@ -0,0 +1,4 @@ +var _s_s_l_client_parameters_8cpp = +[ + [ "ssl_pem_decode_state", "structssl__pem__decode__state.html", "structssl__pem__decode__state" ] +]; \ No newline at end of file diff --git a/docs/_s_s_l_client_parameters_8h.html b/docs/_s_s_l_client_parameters_8h.html index 6c8b9fa..a9ad155 100644 --- a/docs/_s_s_l_client_parameters_8h.html +++ b/docs/_s_s_l_client_parameters_8h.html @@ -93,13 +93,14 @@ $(document).ready(function(){initNavTree('_s_s_l_client_parameters_8h.html','');
    #include "bearssl.h"
    +#include <vector>

    Go to the source code of this file.

    - - + +

    Classes

    struct  SSLClientParameters
     This struct stores data required for SSLClient to use mutual authentication. More...
    class  SSLClientParameters
     This class stores data required for SSLClient to use mutual authentication. More...
     
    diff --git a/docs/_s_s_l_client_parameters_8h_source.html b/docs/_s_s_l_client_parameters_8h_source.html index 0abb581..5656b99 100644 --- a/docs/_s_s_l_client_parameters_8h_source.html +++ b/docs/_s_s_l_client_parameters_8h_source.html @@ -90,10 +90,14 @@ $(document).ready(function(){initNavTree('_s_s_l_client_parameters_8h_source.htm
    SSLClientParameters.h
    -Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    28 #include "bearssl.h"
    29 
    30 #ifndef SSLClientParameters_H_
    31 #define SSLClientParameters_H_
    32 
    52 struct SSLClientParameters {
    59  const br_x509_certificate* client_cert_chain;
    61  const size_t chain_len;
    63  const br_ec_private_key ec_key;
    64 };
    65 
    66 #endif
    SSLClientParameters::client_cert_chain
    const br_x509_certificate * client_cert_chain
    Pointer to the client certificate chain.
    Definition: SSLClientParameters.h:59
    -
    SSLClientParameters
    This struct stores data required for SSLClient to use mutual authentication.
    Definition: SSLClientParameters.h:52
    -
    SSLClientParameters::chain_len
    const size_t chain_len
    Definition: SSLClientParameters.h:61
    -
    SSLClientParameters::ec_key
    const br_ec_private_key ec_key
    Definition: SSLClientParameters.h:63
    +Go to the documentation of this file.
    1 /* Copyright 2019 OSU OPEnS Lab
    2  *
    3  * Permission is hereby granted, free of charge, to any person obtaining a copy of this
    4  * software and associated documentation files (the "Software"), to deal in the Software
    5  * without restriction, including without limitation the rights to use, copy, modify,
    6  * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
    7  * permit persons to whom the Software is furnished to do so, subject to the following
    8  * conditions:
    9  *
    10  * The above copyright notice and this permission notice shall be included in all
    11  * copies or substantial portions of the Software.
    12  *
    13  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
    14  * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
    15  * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
    16  * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    17  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    18  * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    19  */
    20 
    28 #include "bearssl.h"
    29 #undef min
    30 #undef max
    31 #include <vector>
    32 
    33 #ifndef SSLClientParameters_H_
    34 #define SSLClientParameters_H_
    35 
    52 class SSLClientParameters {
    53 public:
    84  static SSLClientParameters fromPEM(const char* cert_pem, const size_t cert_len, const char* key_pem, const size_t key_len);
    85 
    112  static SSLClientParameters fromDER(const char* cert_der, const size_t cert_len, const char* key_der, const size_t key_len);
    113 
    115  const br_x509_certificate* getCertChain() const { return &m_cert_struct; }
    116 
    118  int getCertType() const { return br_skey_decoder_key_type(&m_key_struct); }
    119 
    121  const br_ec_private_key* getECKey() const { return br_skey_decoder_get_ec(&m_key_struct); }
    122 
    124  const br_rsa_private_key* getRSAKey() const { return br_skey_decoder_get_rsa(&m_key_struct); }
    125 
    126 protected:
    127  SSLClientParameters(const char* cert, const size_t cert_len, const char* key, const size_t key_len, bool is_der);
    128 
    129 private:
    130  const std::vector<char> m_cert;
    131  const br_x509_certificate m_cert_struct;
    132  const br_skey_decoder_context m_key_struct;
    133 };
    134 
    135 #endif
    SSLClientParameters::getCertType
    int getCertType() const
    Definition: SSLClientParameters.h:118
    +
    SSLClientParameters::fromDER
    static SSLClientParameters fromDER(const char *cert_der, const size_t cert_len, const char *key_der, const size_t key_len)
    Create mutual authentication parameters from a DER certificate and private key.
    Definition: SSLClientParameters.cpp:92
    +
    SSLClientParameters::fromPEM
    static SSLClientParameters fromPEM(const char *cert_pem, const size_t cert_len, const char *key_pem, const size_t key_len)
    Create mutual authentication parameters from a PEM certificate and private key.
    Definition: SSLClientParameters.cpp:87
    +
    SSLClientParameters::getRSAKey
    const br_rsa_private_key * getRSAKey() const
    Definition: SSLClientParameters.h:124
    +
    SSLClientParameters::SSLClientParameters
    SSLClientParameters(const char *cert, const size_t cert_len, const char *key, const size_t key_len, bool is_der)
    Definition: SSLClientParameters.cpp:81
    +
    SSLClientParameters::getCertChain
    const br_x509_certificate * getCertChain() const
    Definition: SSLClientParameters.h:115
    +
    SSLClientParameters
    This class stores data required for SSLClient to use mutual authentication.
    Definition: SSLClientParameters.h:52
    +
    SSLClientParameters::getECKey
    const br_ec_private_key * getECKey() const
    Definition: SSLClientParameters.h:121
    diff --git a/docs/annotated.html b/docs/annotated.html index a1783da..24db1d6 100644 --- a/docs/annotated.html +++ b/docs/annotated.html @@ -94,7 +94,7 @@ $(document).ready(function(){initNavTree('annotated.html','');}); - +
     Cssl_pem_decode_state
     CSSLClientThe main SSLClient class. Check out README.md for more info
     CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication
     CSSLClientParametersThis class stores data required for SSLClient to use mutual authentication
     CSSLSessionThis class stores values which allow SSLClient to save and resume SSL sessions
    diff --git a/docs/annotated_dup.js b/docs/annotated_dup.js index 997b666..a72472c 100644 --- a/docs/annotated_dup.js +++ b/docs/annotated_dup.js @@ -2,6 +2,6 @@ var annotated_dup = [ [ "ssl_pem_decode_state", "structssl__pem__decode__state.html", "structssl__pem__decode__state" ], [ "SSLClient", "class_s_s_l_client.html", "class_s_s_l_client" ], - [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", "struct_s_s_l_client_parameters" ], + [ "SSLClientParameters", "class_s_s_l_client_parameters.html", "class_s_s_l_client_parameters" ], [ "SSLSession", "class_s_s_l_session.html", "class_s_s_l_session" ] ]; \ No newline at end of file diff --git a/docs/class_s_s_l_client-members.html b/docs/class_s_s_l_client-members.html index c43c371..b0ba8c6 100644 --- a/docs/class_s_s_l_client-members.html +++ b/docs/class_s_s_l_client-members.html @@ -109,7 +109,7 @@ $(document).ready(function(){initNavTree('class_s_s_l_client.html','');}); read(uint8_t *buf, size_t size) overrideSSLClient read() overrideSSLClientinline removeSession(const char *host)SSLClient - setMutualAuthParams(const SSLClientParameters *params)SSLClient + setMutualAuthParams(const SSLClientParameters &params)SSLClient setTimeout(unsigned int t)SSLClientinline SSL_BR_CONNECT_FAIL enum valueSSLClient SSL_BR_WRITE_ERROR enum valueSSLClient diff --git a/docs/class_s_s_l_client.html b/docs/class_s_s_l_client.html index a22ac7e..66de223 100644 --- a/docs/class_s_s_l_client.html +++ b/docs/class_s_s_l_client.html @@ -166,9 +166,9 @@ Public Member Functions uint8_t connected () override  Check if the device is connected. More...
      -void setMutualAuthParams (const SSLClientParameters *params) - Add a client certificate and enable support for mutual auth. More...
    -  +void setMutualAuthParams (const SSLClientParameters &params) + Add a client certificate and enable support for mutual auth. More...
    SSLSessiongetSession (const char *host)  Gets a session reference corresponding to a host and IP, or a reference to a empty session if none exist. More...
      @@ -810,8 +810,8 @@ There must be a trust anchor given to the constructor that corresponds to the ce - -

    ◆ setMutualAuthParams()

    + +

    ◆ setMutualAuthParams()

    @@ -819,7 +819,7 @@ There must be a trust anchor given to the constructor that corresponds to the ce void SSLClient::setMutualAuthParams ( - const SSLClientParameters *  + const SSLClientParametersparams) diff --git a/docs/class_s_s_l_client.js b/docs/class_s_s_l_client.js index d2eadc2..861496f 100644 --- a/docs/class_s_s_l_client.js +++ b/docs/class_s_s_l_client.js @@ -30,7 +30,7 @@ var class_s_s_l_client = [ "read", "class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95", null ], [ "read", "class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb", null ], [ "removeSession", "class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4", null ], - [ "setMutualAuthParams", "class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29", null ], + [ "setMutualAuthParams", "class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256", null ], [ "setTimeout", "class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae", null ], [ "stop", "class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe", null ], [ "write", "class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86", null ], diff --git a/docs/class_s_s_l_client_parameters-members.html b/docs/class_s_s_l_client_parameters-members.html new file mode 100644 index 0000000..caa4047 --- /dev/null +++ b/docs/class_s_s_l_client_parameters-members.html @@ -0,0 +1,114 @@ + + + + + + + +SSLClient: Member List + + + + + + + + + + + + + + +
    +
    + + + + + + +
    +
    SSLClient +  v1.5.0 +
    +
    +
    + + + + + + + +
    +
    + +
    +
    +
    + +
    + +
    +
    + + +
    + +
    + +
    +
    +
    SSLClientParameters Member List
    +
    +
    + +

    This is the complete list of members for SSLClientParameters, including all inherited members.

    + + + + + + + + +
    fromDER(const char *cert_der, const size_t cert_len, const char *key_der, const size_t key_len)SSLClientParametersstatic
    fromPEM(const char *cert_pem, const size_t cert_len, const char *key_pem, const size_t key_len)SSLClientParametersstatic
    getCertChain() constSSLClientParametersinline
    getCertType() constSSLClientParametersinline
    getECKey() constSSLClientParametersinline
    getRSAKey() constSSLClientParametersinline
    SSLClientParameters(const char *cert, const size_t cert_len, const char *key, const size_t key_len, bool is_der)SSLClientParametersprotected
    +
    + + + + diff --git a/docs/class_s_s_l_client_parameters.html b/docs/class_s_s_l_client_parameters.html new file mode 100644 index 0000000..9811c6e --- /dev/null +++ b/docs/class_s_s_l_client_parameters.html @@ -0,0 +1,436 @@ + + + + + + + +SSLClient: SSLClientParameters Class Reference + + + + + + + + + + + + + + +
    +
    + + + + + + +
    +
    SSLClient +  v1.5.0 +
    +
    +
    + + + + + + + +
    +
    + +
    +
    +
    + +
    + +
    +
    + + +
    + +
    + +
    +
    +Public Member Functions | +Static Public Member Functions | +Protected Member Functions | +List of all members
    +
    +
    SSLClientParameters Class Reference
    +
    +
    + +

    This class stores data required for SSLClient to use mutual authentication. + More...

    + +

    #include <SSLClientParameters.h>

    + + + + + + + + + + +

    +Public Member Functions

    const br_x509_certificate * getCertChain () const
     
    int getCertType () const
     
    const br_ec_private_key * getECKey () const
     
    const br_rsa_private_key * getRSAKey () const
     
    + + + + + + + +

    +Static Public Member Functions

    static SSLClientParameters fromPEM (const char *cert_pem, const size_t cert_len, const char *key_pem, const size_t key_len)
     Create mutual authentication parameters from a PEM certificate and private key. More...
     
    static SSLClientParameters fromDER (const char *cert_der, const size_t cert_len, const char *key_der, const size_t key_len)
     Create mutual authentication parameters from a DER certificate and private key. More...
     
    + + + +

    +Protected Member Functions

     SSLClientParameters (const char *cert, const size_t cert_len, const char *key, const size_t key_len, bool is_der)
     
    +

    Detailed Description

    +

    This class stores data required for SSLClient to use mutual authentication.

    +

    SSLClientParameters.h

    +

    This file contains a simple utility class to store parameters about an SSL Session for reuse later.TLS mutual authentication is a process in which both the server and client perform cryptographic operations to verify the authenticity of eachother, for more information check out this article: https://medium.com/sitewards/the-magic-of-tls-x509-and-mutual-authentication-explained-b2162dec4401 . If this struct is provided to SSLClient::SSLClient via SSLClient::setMutualAuthParams, SSLClient will automatically send a client certificate if one is requested by the server. This will happen for all SSLClient connections, and may cause issues for websites that do not need mutual authentication—as a result, please only turn on mutual authentication if you are sure it is neccesary.

    +

    SSLClientParameters supports both ECC and RSA client certificates. I recommend using ECC certificates if possible, as SSLClientParameters will make a copy of both the certificate and the private key in memory, and ECC keys tend to be smaller than RSA ones.

    +

    Constructor & Destructor Documentation

    + +

    ◆ SSLClientParameters()

    + +
    +
    + + + + + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    SSLClientParameters::SSLClientParameters (const char * cert,
    const size_t cert_len,
    const char * key,
    const size_t key_len,
    bool is_der 
    )
    +     		+protected
    +
    + +
    +
    +

    Member Function Documentation

    + +

    ◆ fromDER()

    + +
    +
    + + + + + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    SSLClientParameters SSLClientParameters::fromDER (const char * cert_der,
    const size_t cert_len,
    const char * key_der,
    const size_t key_len 
    )
    +     		+static
    +
    + +

    Create mutual authentication parameters from a DER certificate and private key.

    +

    Use this function to create a mutual tls context from a DER client certificate and DER private key. This function will copy the certificate and private key, extract the needed information from the private key, and store both that information and the copied cert into a SSLClientParameters object. Given the key parsed correctly, you can then use SSLClient::setMutualAuthParams at the begining of your sketch to enable mTLS with SSLClient. This function supports both ECC and RSA certificate/private keys (use EC keys wherever possible, as they are signifigantly smaller and faster), however SSLClient only supports the p256, p384, and p512 curves for ECC.

    +

    Because SSLClientParameters creates a copy of both the certificate and key, you do not need to ensure that the data pointed to by cert_der or key_der is accessible after this function (i.e. you can free them afterwards).

    +

    Please note that if the private key is incorrect, this function will not report an error, and instead SSLClient will fall back to regular TLS when making a connection.

    +
    Parameters
    + + + + + +
    cert_derA DER encoded certificate, can be ECC or RSA.
    cert_lenThe number of bytes in cert_der.
    key_derA DER encoded private key, can be ECC or RSA.
    key_lenThe number of bytes in key_ders
    +
    +
    +
    Returns
    An SSLClientParameters context, to be used with SSLClient::setMutualAuthParams.
    + +
    +
    + +

    ◆ fromPEM()

    + +
    +
    + + + + + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    SSLClientParameters SSLClientParameters::fromPEM (const char * cert_pem,
    const size_t cert_len,
    const char * key_pem,
    const size_t key_len 
    )
    +     		+static
    +
    + +

    Create mutual authentication parameters from a PEM certificate and private key.

    +

    Use this function to create a mutual tls context from a PEM client certificate and PEM private key. This function will convert the PEM certificates into DER format (creating a copy in the process), extract the needed information from the private key, and store that information into a SSLClientParameters object. Given the certifiate and key parsed correctly, you can then use SSLClient::setMutualAuthParams at the begining of your sketch to enable mTLS with SSLClient. This function supports both ECC and RSA certificate/private keys (use EC keys wherever possible, as they are signifigantly smaller and faster), however SSLClient only supports the p256, p384, and p512 curves for ECC.

    +

    Because SSLClientParameters creates a copy of both the certificate and key, you do not need to ensure that the data pointed to by cert_pem or key_pem is accessible after this function (i.e. you can free them afterwards).

    +

    Please note that if the certificate or private key are incorrect, this function will not report an error, and instead SSLClient will fall back to regular TLS when making a connection.

    +
    Parameters
    + + + + + +
    cert_pemA PEM formatted certificate, including the "BEGIN" and "END" header/footers. Can be ECC or RSA. cert_pem supports both LF and CRLF for endlines, but all other constraints on a valid PEM file apply.
    cert_lenThe number of bytes in cert_pem.
    key_pemA PEM formatted private key, including the "BEGIN" and "END" header/footers. Can be ECC or RSA. key_pem supports both LF and CRLF for endlines, but all other constraints \ on a valid PEM file apply.
    key_lenThe number of bytes in key_pem
    +
    +
    +
    Returns
    An SSLClientParameters context, to be used with SSLClient::setMutualAuthParams.
    + +
    +
    + +

    ◆ getCertChain()

    + +
    +
    + + + + + +
    + + + + + + + +
    const br_x509_certificate* SSLClientParameters::getCertChain () const
    +     		+inline
    +
    +

    mTLS information used by SSLClient during authentication

    + +
    +
    + +

    ◆ getCertType()

    + +
    +
    + + + + + +
    + + + + + + + +
    int SSLClientParameters::getCertType () const
    +     		+inline
    +
    +

    mTLS information used by SSLClient during authentication

    + +
    +
    + +

    ◆ getECKey()

    + +
    +
    + + + + + +
    + + + + + + + +
    const br_ec_private_key* SSLClientParameters::getECKey () const
    +     		+inline
    +
    +

    mTLS information used by SSLClient during authentication

    + +
    +
    + +

    ◆ getRSAKey()

    + +
    +
    + + + + + +
    + + + + + + + +
    const br_rsa_private_key* SSLClientParameters::getRSAKey () const
    +     		+inline
    +
    +

    mTLS information used by SSLClient during authentication

    + +
    +
    +
    The documentation for this class was generated from the following files: +
    +
    + + + + diff --git a/docs/class_s_s_l_client_parameters.js b/docs/class_s_s_l_client_parameters.js new file mode 100644 index 0000000..11f9ac1 --- /dev/null +++ b/docs/class_s_s_l_client_parameters.js @@ -0,0 +1,8 @@ +var class_s_s_l_client_parameters = +[ + [ "SSLClientParameters", "class_s_s_l_client_parameters.html#a97213b5554e90908fbf284669b5f22f3", null ], + [ "getCertChain", "class_s_s_l_client_parameters.html#af5686b2c601812f55477a7089b3b2c2d", null ], + [ "getCertType", "class_s_s_l_client_parameters.html#a90d581703308881714d64d1ada785ad2", null ], + [ "getECKey", "class_s_s_l_client_parameters.html#ad9beb80ce98ed9aa34db28783f0264c5", null ], + [ "getRSAKey", "class_s_s_l_client_parameters.html#a82c21b0ae4690a6b7842a0d74b12f67f", null ] +]; \ No newline at end of file diff --git a/docs/classes.html b/docs/classes.html index 31016db..c746b99 100644 --- a/docs/classes.html +++ b/docs/classes.html @@ -94,7 +94,7 @@ $(document).ready(function(){initNavTree('classes.html','');}); - +
      s  
    		SSLClient   SSLSession   
    SSLClientParameters   
    SSLClientParameters   
    ssl_pem_decode_state   
    diff --git a/docs/dir_732ec7fb04c2890977d3e4bc2bf648f7.html b/docs/dir_732ec7fb04c2890977d3e4bc2bf648f7.html index b5a4cd0..55fc22c 100644 --- a/docs/dir_732ec7fb04c2890977d3e4bc2bf648f7.html +++ b/docs/dir_732ec7fb04c2890977d3e4bc2bf648f7.html @@ -97,12 +97,10 @@ Files   file  SSLClient.h [code]   +file  SSLClientParameters.cpp +  file  SSLClientParameters.h [code]   -file  SSLObj.cpp -  -file  SSLObj.h [code] -  file  SSLSession.h [code]   file  time_macros.h [code] diff --git a/docs/files.html b/docs/files.html index 7c976e6..ff8604b 100644 --- a/docs/files.html +++ b/docs/files.html @@ -94,11 +94,10 @@ $(document).ready(function(){initNavTree('files.html','');}); - - - - - + + + +
     SSLClient.cpp
     SSLClient.h
     SSLClientParameters.h
     SSLObj.cpp
     SSLObj.h
     SSLSession.h
     time_macros.h
     SSLClientParameters.cpp
     SSLClientParameters.h
     SSLSession.h
     time_macros.h
    diff --git a/docs/files_dup.js b/docs/files_dup.js index 8050b9b..be727b1 100644 --- a/docs/files_dup.js +++ b/docs/files_dup.js @@ -4,11 +4,10 @@ var files_dup = [ "SSLClient.h", "_s_s_l_client_8h.html", [ [ "SSLClient", "class_s_s_l_client.html", "class_s_s_l_client" ] ] ], + [ "SSLClientParameters.cpp", "_s_s_l_client_parameters_8cpp.html", "_s_s_l_client_parameters_8cpp" ], [ "SSLClientParameters.h", "_s_s_l_client_parameters_8h.html", [ - [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", "struct_s_s_l_client_parameters" ] + [ "SSLClientParameters", "class_s_s_l_client_parameters.html", "class_s_s_l_client_parameters" ] ] ], - [ "SSLObj.cpp", "_s_s_l_obj_8cpp.html", "_s_s_l_obj_8cpp" ], - [ "SSLObj.h", "_s_s_l_obj_8h.html", "_s_s_l_obj_8h" ], [ "SSLSession.h", "_s_s_l_session_8h.html", [ [ "SSLSession", "class_s_s_l_session.html", "class_s_s_l_session" ] ] ], diff --git a/docs/functions.html b/docs/functions.html index 7359072..9ec5b7f 100644 --- a/docs/functions.html +++ b/docs/functions.html @@ -96,12 +96,6 @@ $(document).ready(function(){initNavTree('functions.html','');});

    - c -

      -
    • chain_len -: SSLClientParameters -
      • -
    • client_cert_chain -: SSLClientParameters -
    • connect() : SSLClient
      • @@ -119,9 +113,6 @@ $(document).ready(function(){initNavTree('functions.html','');});

      - e -

      @@ -139,9 +136,21 @@ $(document).ready(function(){initNavTree('functions.html','');});
    • get_hostname() : SSLSession
      • +
    • getCertChain() +: SSLClientParameters +
      • +
    • getCertType() +: SSLClientParameters +
    • getClient() : SSLClient
      • +
    • getECKey() +: SSLClientParameters +
      • +
    • getRSAKey() +: SSLClientParameters +
    • getSession() : SSLClient
      • @@ -187,7 +196,7 @@ $(document).ready(function(){initNavTree('functions.html','');});

      - s -

      • setMutualAuthParams() -: SSLClient +: SSLClient
      • setTimeout() : SSLClient @@ -228,6 +237,9 @@ $(document).ready(function(){initNavTree('functions.html','');});
      • SSLClient() : SSLClient
        • +
      • SSLClientParameters() +: SSLClientParameters +
      • SSLSession() : SSLSession
        • @@ -246,7 +258,7 @@ $(document).ready(function(){initNavTree('functions.html','');});

        - v -

        diff --git a/docs/functions_func.html b/docs/functions_func.html index 7b31d7e..345da92 100644 --- a/docs/functions_func.html +++ b/docs/functions_func.html @@ -99,12 +99,30 @@ $(document).ready(function(){initNavTree('functions_func.html','');});
      • flush() : SSLClient
        • +
      • fromDER() +: SSLClientParameters +
        • +
      • fromPEM() +: SSLClientParameters +
      • get_hostname() : SSLSession
        • +
      • getCertChain() +: SSLClientParameters +
        • +
      • getCertType() +: SSLClientParameters +
      • getClient() : SSLClient
        • +
      • getECKey() +: SSLClientParameters +
        • +
      • getRSAKey() +: SSLClientParameters +
      • getSession() : SSLClient
        • @@ -127,7 +145,7 @@ $(document).ready(function(){initNavTree('functions_func.html','');}); : SSLClient
      • setMutualAuthParams() -: SSLClient +: SSLClient
      • setTimeout() : SSLClient @@ -135,6 +153,9 @@ $(document).ready(function(){initNavTree('functions_func.html','');});
      • SSLClient() : SSLClient
        • +
      • SSLClientParameters() +: SSLClientParameters +
      • SSLSession() : SSLSession
        • diff --git a/docs/functions_vars.html b/docs/functions_vars.html index b608684..7906622 100644 --- a/docs/functions_vars.html +++ b/docs/functions_vars.html @@ -87,20 +87,11 @@ $(document).ready(function(){initNavTree('functions_vars.html','');});
         
        diff --git a/docs/hierarchy.html b/docs/hierarchy.html index a60c3c8..f3f3709 100644 --- a/docs/hierarchy.html +++ b/docs/hierarchy.html @@ -97,7 +97,7 @@ $(document).ready(function(){initNavTree('hierarchy.html','');});  CClient  CSSLClientThe main SSLClient class. Check out README.md for more info  Cssl_pem_decode_state - CSSLClientParametersThis struct stores data required for SSLClient to use mutual authentication + CSSLClientParametersThis class stores data required for SSLClient to use mutual authentication diff --git a/docs/hierarchy.js b/docs/hierarchy.js index 5a0d7ae..20eae65 100644 --- a/docs/hierarchy.js +++ b/docs/hierarchy.js @@ -7,5 +7,5 @@ var hierarchy = [ "SSLClient", "class_s_s_l_client.html", null ] ] ], [ "ssl_pem_decode_state", "structssl__pem__decode__state.html", null ], - [ "SSLClientParameters", "struct_s_s_l_client_parameters.html", null ] + [ "SSLClientParameters", "class_s_s_l_client_parameters.html", null ] ]; \ No newline at end of file diff --git a/docs/index.html b/docs/index.html index 40684c1..17415d0 100644 --- a/docs/index.html +++ b/docs/index.html @@ -93,7 +93,7 @@ $(document).ready(function(){initNavTree('index.html','');});

        Build Status

        SSLClient requires at least 110kb flash and 7kb RAM, and will not compile otherwise. This means that most Arduino boards are not supported. Check your board's specifications before attempting to use this library.

        -

        You can also view this README in doxygen.

        +

        You can also view this README in doxygen.

        SSLClient is a simple library to add TLS 1.2 functionality to any network library implementing the Arduino Client interface, including the Arduino EthernetClient and WiFiClient classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it.

        SSLClient has been tested on the SAMD21, ESP32, TIVA C, and STM32 (in progress). SSClient does not currently support the ESP8266 (see this issue).

        Overview

        diff --git a/docs/md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html b/docs/md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html index 1c0c115..8acf101 100644 --- a/docs/md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html +++ b/docs/md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html @@ -100,7 +100,7 @@ $(document).ready(function(){initNavTree('md___users__noah__documents__arduino_l
      • The brssl command line utility, included in the BearSSL source. You will need to compile this file yourself.

      Other Connections

      -

      For other kinds of SSL connections, you will need to find the root certificate being used by your host. You can check out this StackExchange post for numerous methods of acquiring this certificate from a server. If these methods are not sufficient, you may need to request this certificate from your network administrator. Once you have the certificate, convert it to PEM format if needed (I use this website), and use the pycert_bearssl.py convet --no-search command to convert the certificate into a trust anchor header.

      +

      For other kinds of SSL connections, you will need to find the root certificate being used by your host. You can check out this StackExchange post for numerous methods of acquiring this certificate from a server. If these methods are not sufficient, you may need to request this certificate from your network administrator. Once you have the certificate, convert it to PEM format if needed (I use this website), and use the pycert_bearssl.py convert --no-search command to convert the certificate into a trust anchor header.

      Using Trust Anchors

      Once you've generated a trust anchor array, add it to your Arduino sketch using the Sketch->Add File button in the Arduino IDE, and link it to your SSLClient like so:

      {C++}
      #include "yourtrustanchorfile.h"
      // ...
      SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin);
      // ...

      Where yourtrustanchorfile.h contains a generated trust anchor array names TAs, with length TAs_NUM. BearSSL will now automatically use these trust anchors when SSLClient::connect is called.

      diff --git a/docs/menudata.js b/docs/menudata.js index 5407264..41d28dc 100644 --- a/docs/menudata.js +++ b/docs/menudata.js @@ -24,11 +24,6 @@ for the JavaScript code in this file var menudata={children:[ {text:"Main Page",url:"index.html"}, {text:"Related Pages",url:"pages.html"}, -{text:"Namespaces",url:"namespaces.html",children:[ -{text:"Namespace List",url:"namespaces.html"}, -{text:"Namespace Members",url:"namespacemembers.html",children:[ -{text:"All",url:"namespacemembers.html"}, -{text:"Functions",url:"namespacemembers_func.html"}]}]}, {text:"Classes",url:"annotated.html",children:[ {text:"Class List",url:"annotated.html"}, {text:"Class Index",url:"classes.html"}, diff --git a/docs/navtreedata.js b/docs/navtreedata.js index d766bc3..a0f3d5c 100644 --- a/docs/navtreedata.js +++ b/docs/navtreedata.js @@ -25,13 +25,6 @@ var NAVTREE = [ [ "SSLClient", "index.html", [ [ "Trust Anchors", "md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html", null ], - [ "Namespaces", "namespaces.html", [ - [ "Namespace List", "namespaces.html", "namespaces_dup" ], - [ "Namespace Members", "namespacemembers.html", [ - [ "All", "namespacemembers.html", null ], - [ "Functions", "namespacemembers_func.html", null ] - ] ] - ] ], [ "Classes", "annotated.html", [ [ "Class List", "annotated.html", "annotated_dup" ], [ "Class Index", "classes.html", null ], diff --git a/docs/navtreeindex0.js b/docs/navtreeindex0.js index 142b068..00e0e20 100644 --- a/docs/navtreeindex0.js +++ b/docs/navtreeindex0.js @@ -1,100 +1,95 @@ var NAVTREEINDEX0 = { -"_s_s_l_client_8cpp.html":[3,0,0], -"_s_s_l_client_8h.html":[3,0,1], -"_s_s_l_client_8h_source.html":[3,0,1], -"_s_s_l_client_parameters_8h.html":[3,0,2], -"_s_s_l_client_parameters_8h_source.html":[3,0,2], -"_s_s_l_obj_8cpp.html":[3,0,3], -"_s_s_l_obj_8h.html":[3,0,4], -"_s_s_l_obj_8h.html#a9a58d01c9073b90f2b42c655828aea6d":[3,0,4,0], -"_s_s_l_obj_8h_source.html":[3,0,4], -"_s_s_l_session_8h.html":[3,0,5], -"_s_s_l_session_8h_source.html":[3,0,5], -"annotated.html":[2,0], -"class_s_s_l_client.html":[2,0,1], -"class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86":[2,0,1,20], -"class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86":[2,0,1,13], -"class_s_s_l_client.html#a0e775669b4a040fbd3f281dcbcd2de78":[2,0,1,3], -"class_s_s_l_client.html#a248a5152cc3c3e7666bf5443bfd57c90":[2,0,1,5], -"class_s_s_l_client.html#a2a178251978e0622f7e241da702ae498":[2,0,1,11], -"class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3":[2,0,1,9], -"class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b":[2,0,1,12], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6cea":[2,0,1,1], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa0a4f8af0226cf29ede8f6fe4a9047b08":[2,0,1,1,6], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa18dbddc0a3d4a94ee0f298fe55a06a94":[2,0,1,1,0], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016":[2,0,1,1,4], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5":[2,0,1,1,2], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd":[2,0,1,1,1], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaab8581e1172fbf15067d435706d3a03a8":[2,0,1,1,3], -"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaaf66f8d5f6601f9e7607b78bf7a07fc84":[2,0,1,1,5], -"class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95":[2,0,1,14], -"class_s_s_l_client.html#a5488f01ccfddfd9e41f54dfbda48bcae":[2,0,1,6], -"class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376":[2,0,1,2], -"class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d":[2,0,1,21], -"class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae":[2,0,1,18], -"class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21":[2,0,1,8], -"class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29":[2,0,1,17], -"class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c":[2,0,1,7], -"class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3":[2,0,1,4], -"class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4":[2,0,1,16], -"class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe":[2,0,1,19], -"class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22":[2,0,1,10], -"class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb":[2,0,1,15], -"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1":[2,0,1,0], -"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a199742ec5c99c72d9cede1fda0f125c5":[2,0,1,0,1], -"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a24122d1e1bb724237f305a0b4a21ff75":[2,0,1,0,0], -"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a26f3e5f1481f3ea22ea4ab5370b0fa97":[2,0,1,0,2], -"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a8d5f7561f9cc0a2f3e5f362b02f4a5b2":[2,0,1,0,3], -"class_s_s_l_session.html":[2,0,3], -"class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74":[2,0,3,0], -"class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820":[2,0,3,1], -"class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc":[2,0,3,2], -"classes.html":[2,1], -"files.html":[3,0], -"functions.html":[2,3,0], -"functions_enum.html":[2,3,3], -"functions_eval.html":[2,3,4], -"functions_func.html":[2,3,1], -"functions_vars.html":[2,3,2], -"globals.html":[3,1,0], -"globals_defs.html":[3,1,1], -"hierarchy.html":[2,2], +"_s_s_l_client_8cpp.html":[2,0,0], +"_s_s_l_client_8h.html":[2,0,1], +"_s_s_l_client_8h_source.html":[2,0,1], +"_s_s_l_client_parameters_8cpp.html":[2,0,2], +"_s_s_l_client_parameters_8h.html":[2,0,3], +"_s_s_l_client_parameters_8h_source.html":[2,0,3], +"_s_s_l_session_8h.html":[2,0,4], +"_s_s_l_session_8h_source.html":[2,0,4], +"annotated.html":[1,0], +"class_s_s_l_client.html":[1,0,1], +"class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86":[1,0,1,20], +"class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86":[1,0,1,13], +"class_s_s_l_client.html#a0e775669b4a040fbd3f281dcbcd2de78":[1,0,1,3], +"class_s_s_l_client.html#a248a5152cc3c3e7666bf5443bfd57c90":[1,0,1,5], +"class_s_s_l_client.html#a2a178251978e0622f7e241da702ae498":[1,0,1,11], +"class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3":[1,0,1,9], +"class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b":[1,0,1,12], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6cea":[1,0,1,1], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa0a4f8af0226cf29ede8f6fe4a9047b08":[1,0,1,1,6], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa18dbddc0a3d4a94ee0f298fe55a06a94":[1,0,1,1,0], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016":[1,0,1,1,4], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5":[1,0,1,1,2], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd":[1,0,1,1,1], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaab8581e1172fbf15067d435706d3a03a8":[1,0,1,1,3], +"class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaaf66f8d5f6601f9e7607b78bf7a07fc84":[1,0,1,1,5], +"class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95":[1,0,1,14], +"class_s_s_l_client.html#a5488f01ccfddfd9e41f54dfbda48bcae":[1,0,1,6], +"class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376":[1,0,1,2], +"class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d":[1,0,1,21], +"class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae":[1,0,1,18], +"class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21":[1,0,1,8], +"class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c":[1,0,1,7], +"class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3":[1,0,1,4], +"class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4":[1,0,1,16], +"class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe":[1,0,1,19], +"class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22":[1,0,1,10], +"class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256":[1,0,1,17], +"class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb":[1,0,1,15], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1":[1,0,1,0], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a199742ec5c99c72d9cede1fda0f125c5":[1,0,1,0,1], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a24122d1e1bb724237f305a0b4a21ff75":[1,0,1,0,0], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a26f3e5f1481f3ea22ea4ab5370b0fa97":[1,0,1,0,2], +"class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a8d5f7561f9cc0a2f3e5f362b02f4a5b2":[1,0,1,0,3], +"class_s_s_l_client_parameters.html":[1,0,2], +"class_s_s_l_client_parameters.html#a82c21b0ae4690a6b7842a0d74b12f67f":[1,0,2,4], +"class_s_s_l_client_parameters.html#a90d581703308881714d64d1ada785ad2":[1,0,2,2], +"class_s_s_l_client_parameters.html#a97213b5554e90908fbf284669b5f22f3":[1,0,2,0], +"class_s_s_l_client_parameters.html#ad9beb80ce98ed9aa34db28783f0264c5":[1,0,2,3], +"class_s_s_l_client_parameters.html#af5686b2c601812f55477a7089b3b2c2d":[1,0,2,1], +"class_s_s_l_session.html":[1,0,3], +"class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74":[1,0,3,0], +"class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820":[1,0,3,1], +"class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc":[1,0,3,2], +"classes.html":[1,1], +"files.html":[2,0], +"functions.html":[1,3,0], +"functions_enum.html":[1,3,3], +"functions_eval.html":[1,3,4], +"functions_func.html":[1,3,1], +"functions_vars.html":[1,3,2], +"globals.html":[2,1,0], +"globals_defs.html":[2,1,1], +"hierarchy.html":[1,2], "index.html":[], "md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html":[0], -"namespace_s_s_l_obj.html":[1,0,0], -"namespacemembers.html":[1,1,0], -"namespacemembers_func.html":[1,1,1], -"namespaces.html":[1,0], "pages.html":[], -"struct_s_s_l_client_parameters.html":[2,0,2], -"struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95":[2,0,2,1], -"struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2":[2,0,2,0], -"struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449":[2,0,2,2], -"structssl__pem__decode__state.html":[2,0,0], -"structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3":[2,0,0,0], -"structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9":[2,0,0,1], -"time__macros_8h.html":[3,0,6], -"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[3,0,6,19], -"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[3,0,6,14], -"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[3,0,6,1], -"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[3,0,6,20], -"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[3,0,6,16], -"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[3,0,6,4], -"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[3,0,6,15], -"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[3,0,6,13], -"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[3,0,6,5], -"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[3,0,6,8], -"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[3,0,6,0], -"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[3,0,6,6], -"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[3,0,6,18], -"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[3,0,6,12], -"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[3,0,6,11], -"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[3,0,6,2], -"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[3,0,6,7], -"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[3,0,6,17], -"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[3,0,6,3], -"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[3,0,6,9], -"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[3,0,6,10], -"time__macros_8h_source.html":[3,0,6] +"structssl__pem__decode__state.html":[1,0,0], +"structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3":[1,0,0,0], +"structssl__pem__decode__state.html#aa004af7ee6bfb65161dc47558e3a2ac2":[1,0,0,1], +"time__macros_8h.html":[2,0,5], +"time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487":[2,0,5,19], +"time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb":[2,0,5,14], +"time__macros_8h.html#a2488d1ddab7e5fa119da3421462231c4":[2,0,5,1], +"time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3":[2,0,5,20], +"time__macros_8h.html#a2d540510d5860d7f190d13124956bc57":[2,0,5,16], +"time__macros_8h.html#a38ac93dd8bfe385ff915a82c92bbfc97":[2,0,5,4], +"time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2":[2,0,5,15], +"time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994":[2,0,5,13], +"time__macros_8h.html#a56482fcc86a55713dee595c2092ed376":[2,0,5,5], +"time__macros_8h.html#a5ab60a7e3e1b6e0a919b3a37bc0d4b97":[2,0,5,8], +"time__macros_8h.html#a7f2cdee2eebbccd45c179a50a0bbabcf":[2,0,5,0], +"time__macros_8h.html#a868143e0521daf07b25a2f3947cf54a3":[2,0,5,6], +"time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9":[2,0,5,18], +"time__macros_8h.html#a9da779a8ca64782ea49babce14122d34":[2,0,5,12], +"time__macros_8h.html#aad01b5fb233c0091aff2a837a8de32f4":[2,0,5,11], +"time__macros_8h.html#ab3592442029a102b388fafeadc4a6ab8":[2,0,5,2], +"time__macros_8h.html#ab6c76862964ff7e543fd9d5807b2fa79":[2,0,5,7], +"time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76":[2,0,5,17], +"time__macros_8h.html#ac8f6b75d9e04634818984ba400d0dee1":[2,0,5,3], +"time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a":[2,0,5,9], +"time__macros_8h.html#ae90924c33a05839b3eb1426472f40eb3":[2,0,5,10], +"time__macros_8h_source.html":[2,0,5] }; diff --git a/docs/search/all_2.js b/docs/search/all_2.js index 0b06fcf..58b9073 100644 --- a/docs/search/all_2.js +++ b/docs/search/all_2.js @@ -1,7 +1,5 @@ var searchData= [ - ['chain_5flen',['chain_len',['../struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2',1,'SSLClientParameters']]], - ['client_5fcert_5fchain',['client_cert_chain',['../struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95',1,'SSLClientParameters']]], ['connect',['connect',['../class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3',1,'SSLClient::connect(IPAddress ip, uint16_t port) override'],['../class_s_s_l_client.html#a248a5152cc3c3e7666bf5443bfd57c90',1,'SSLClient::connect(const char *host, uint16_t port) override']]], ['connected',['connected',['../class_s_s_l_client.html#a5488f01ccfddfd9e41f54dfbda48bcae',1,'SSLClient']]], ['conv_5fstr2dec_5f1',['CONV_STR2DEC_1',['../time__macros_8h.html#ae0574ced3f997b97d357c1cb68000e3a',1,'time_macros.h']]], diff --git a/docs/search/all_4.js b/docs/search/all_4.js index 8369997..2f4b1da 100644 --- a/docs/search/all_4.js +++ b/docs/search/all_4.js @@ -1,5 +1,4 @@ var searchData= [ - ['ec_5fkey',['ec_key',['../struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449',1,'SSLClientParameters']]], ['error',['Error',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6cea',1,'SSLClient']]] ]; diff --git a/docs/search/all_5.js b/docs/search/all_5.js index 47e3882..af098e6 100644 --- a/docs/search/all_5.js +++ b/docs/search/all_5.js @@ -1,4 +1,6 @@ var searchData= [ - ['flush',['flush',['../class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c',1,'SSLClient']]] + ['flush',['flush',['../class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c',1,'SSLClient']]], + ['fromder',['fromDER',['../class_s_s_l_client_parameters.html#a12e44f4b8340ef7f1dcbbed7649e4bef',1,'SSLClientParameters']]], + ['frompem',['fromPEM',['../class_s_s_l_client_parameters.html#ac5ddf993f7d560581297471593051ea6',1,'SSLClientParameters']]] ]; diff --git a/docs/search/all_6.js b/docs/search/all_6.js index e8142e4..0a27338 100644 --- a/docs/search/all_6.js +++ b/docs/search/all_6.js @@ -2,7 +2,11 @@ var searchData= [ ['get_5fhostname',['get_hostname',['../class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820',1,'SSLSession']]], ['get_5fmonth',['GET_MONTH',['../time__macros_8h.html#a4dbe4cf7c879a2cdac386ce72c5e5994',1,'time_macros.h']]], + ['getcertchain',['getCertChain',['../class_s_s_l_client_parameters.html#af5686b2c601812f55477a7089b3b2c2d',1,'SSLClientParameters']]], + ['getcerttype',['getCertType',['../class_s_s_l_client_parameters.html#a90d581703308881714d64d1ada785ad2',1,'SSLClientParameters']]], ['getclient',['getClient',['../class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21',1,'SSLClient']]], + ['geteckey',['getECKey',['../class_s_s_l_client_parameters.html#ad9beb80ce98ed9aa34db28783f0264c5',1,'SSLClientParameters']]], + ['getrsakey',['getRSAKey',['../class_s_s_l_client_parameters.html#a82c21b0ae4690a6b7842a0d74b12f67f',1,'SSLClientParameters']]], ['getsession',['getSession',['../class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3',1,'SSLClient']]], ['getsessioncount',['getSessionCount',['../class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22',1,'SSLClient']]], ['gettimeout',['getTimeout',['../class_s_s_l_client.html#a2a178251978e0622f7e241da702ae498',1,'SSLClient']]] diff --git a/docs/search/all_8.js b/docs/search/all_8.js index e4f8b0f..0aecf24 100644 --- a/docs/search/all_8.js +++ b/docs/search/all_8.js @@ -1,4 +1,4 @@ var searchData= [ - ['make_5fvector_5fpem',['make_vector_pem',['../namespace_s_s_l_obj.html#a9a58d01c9073b90f2b42c655828aea6d',1,'SSLObj']]] + ['operator_20bool',['operator bool',['../class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b',1,'SSLClient']]] ]; diff --git a/docs/search/all_9.js b/docs/search/all_9.js index 0aecf24..95f21a7 100644 --- a/docs/search/all_9.js +++ b/docs/search/all_9.js @@ -1,4 +1,5 @@ var searchData= [ - ['operator_20bool',['operator bool',['../class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b',1,'SSLClient']]] + ['peek',['peek',['../class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86',1,'SSLClient']]], + ['pst_5foffset',['PST_OFFSET',['../time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb',1,'time_macros.h']]] ]; diff --git a/docs/search/all_a.js b/docs/search/all_a.js index 95f21a7..3e07012 100644 --- a/docs/search/all_a.js +++ b/docs/search/all_a.js @@ -1,5 +1,6 @@ var searchData= [ - ['peek',['peek',['../class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86',1,'SSLClient']]], - ['pst_5foffset',['PST_OFFSET',['../time__macros_8h.html#a243cf438274412bbecf4b8d5eeb02ccb',1,'time_macros.h']]] + ['read',['read',['../class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95',1,'SSLClient::read(uint8_t *buf, size_t size) override'],['../class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb',1,'SSLClient::read() override']]], + ['readme_2emd',['README.md',['../_r_e_a_d_m_e_8md.html',1,'']]], + ['removesession',['removeSession',['../class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4',1,'SSLClient']]] ]; diff --git a/docs/search/all_b.js b/docs/search/all_b.js index 3e07012..3d35fb2 100644 --- a/docs/search/all_b.js +++ b/docs/search/all_b.js @@ -1,6 +1,31 @@ var searchData= [ - ['read',['read',['../class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95',1,'SSLClient::read(uint8_t *buf, size_t size) override'],['../class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb',1,'SSLClient::read() override']]], - ['readme_2emd',['README.md',['../_r_e_a_d_m_e_8md.html',1,'']]], - ['removesession',['removeSession',['../class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4',1,'SSLClient']]] + ['sslclient',['SSLClient',['../index.html',1,'']]], + ['sec_5fper_5fday',['SEC_PER_DAY',['../time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2',1,'time_macros.h']]], + ['sec_5fper_5fhour',['SEC_PER_HOUR',['../time__macros_8h.html#a2d540510d5860d7f190d13124956bc57',1,'time_macros.h']]], + ['sec_5fper_5fmin',['SEC_PER_MIN',['../time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76',1,'time_macros.h']]], + ['sec_5fper_5fyear',['SEC_PER_YEAR',['../time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9',1,'time_macros.h']]], + ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256',1,'SSLClient']]], + ['settimeout',['setTimeout',['../class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae',1,'SSLClient']]], + ['ssl_5fbr_5fconnect_5ffail',['SSL_BR_CONNECT_FAIL',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5',1,'SSLClient']]], + ['ssl_5fbr_5fwrite_5ferror',['SSL_BR_WRITE_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016',1,'SSLClient']]], + ['ssl_5fclient_5fconnect_5ffail',['SSL_CLIENT_CONNECT_FAIL',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd',1,'SSLClient']]], + ['ssl_5fclient_5fwrtie_5ferror',['SSL_CLIENT_WRTIE_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaab8581e1172fbf15067d435706d3a03a8',1,'SSLClient']]], + ['ssl_5ferror',['SSL_ERROR',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a199742ec5c99c72d9cede1fda0f125c5',1,'SSLClient']]], + ['ssl_5finfo',['SSL_INFO',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a8d5f7561f9cc0a2f3e5f362b02f4a5b2',1,'SSLClient']]], + ['ssl_5finternal_5ferror',['SSL_INTERNAL_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaaf66f8d5f6601f9e7607b78bf7a07fc84',1,'SSLClient']]], + ['ssl_5fnone',['SSL_NONE',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a24122d1e1bb724237f305a0b4a21ff75',1,'SSLClient']]], + ['ssl_5fok',['SSL_OK',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa18dbddc0a3d4a94ee0f298fe55a06a94',1,'SSLClient']]], + ['ssl_5fout_5fof_5fmemory',['SSL_OUT_OF_MEMORY',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa0a4f8af0226cf29ede8f6fe4a9047b08',1,'SSLClient']]], + ['ssl_5fpem_5fdecode_5fstate',['ssl_pem_decode_state',['../structssl__pem__decode__state.html',1,'']]], + ['ssl_5fwarn',['SSL_WARN',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a26f3e5f1481f3ea22ea4ab5370b0fa97',1,'SSLClient']]], + ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'SSLClient'],['../class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376',1,'SSLClient::SSLClient()']]], + ['sslclient_2ecpp',['SSLClient.cpp',['../_s_s_l_client_8cpp.html',1,'']]], + ['sslclient_2eh',['SSLClient.h',['../_s_s_l_client_8h.html',1,'']]], + ['sslclientparameters',['SSLClientParameters',['../class_s_s_l_client_parameters.html',1,'SSLClientParameters'],['../class_s_s_l_client_parameters.html#a97213b5554e90908fbf284669b5f22f3',1,'SSLClientParameters::SSLClientParameters()']]], + ['sslclientparameters_2ecpp',['SSLClientParameters.cpp',['../_s_s_l_client_parameters_8cpp.html',1,'']]], + ['sslclientparameters_2eh',['SSLClientParameters.h',['../_s_s_l_client_parameters_8h.html',1,'']]], + ['sslsession',['SSLSession',['../class_s_s_l_session.html',1,'SSLSession'],['../class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74',1,'SSLSession::SSLSession()']]], + ['sslsession_2eh',['SSLSession.h',['../_s_s_l_session_8h.html',1,'']]], + ['stop',['stop',['../class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe',1,'SSLClient']]] ]; diff --git a/docs/search/all_c.js b/docs/search/all_c.js index 1b4cde8..4b4b251 100644 --- a/docs/search/all_c.js +++ b/docs/search/all_c.js @@ -1,33 +1,7 @@ var searchData= [ - ['sslclient',['SSLClient',['../index.html',1,'']]], - ['sec_5fper_5fday',['SEC_PER_DAY',['../time__macros_8h.html#a3aaee30ddedb3f6675aac341a66e39e2',1,'time_macros.h']]], - ['sec_5fper_5fhour',['SEC_PER_HOUR',['../time__macros_8h.html#a2d540510d5860d7f190d13124956bc57',1,'time_macros.h']]], - ['sec_5fper_5fmin',['SEC_PER_MIN',['../time__macros_8h.html#ac47b302f1b8d2a7a9c035c417247be76',1,'time_macros.h']]], - ['sec_5fper_5fyear',['SEC_PER_YEAR',['../time__macros_8h.html#a8cd8e04105fec7cd442d078c303e46b9',1,'time_macros.h']]], - ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29',1,'SSLClient']]], - ['settimeout',['setTimeout',['../class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae',1,'SSLClient']]], - ['ssl_5fbr_5fconnect_5ffail',['SSL_BR_CONNECT_FAIL',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5',1,'SSLClient']]], - ['ssl_5fbr_5fwrite_5ferror',['SSL_BR_WRITE_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016',1,'SSLClient']]], - ['ssl_5fclient_5fconnect_5ffail',['SSL_CLIENT_CONNECT_FAIL',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd',1,'SSLClient']]], - ['ssl_5fclient_5fwrtie_5ferror',['SSL_CLIENT_WRTIE_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaab8581e1172fbf15067d435706d3a03a8',1,'SSLClient']]], - ['ssl_5ferror',['SSL_ERROR',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a199742ec5c99c72d9cede1fda0f125c5',1,'SSLClient']]], - ['ssl_5finfo',['SSL_INFO',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a8d5f7561f9cc0a2f3e5f362b02f4a5b2',1,'SSLClient']]], - ['ssl_5finternal_5ferror',['SSL_INTERNAL_ERROR',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaaf66f8d5f6601f9e7607b78bf7a07fc84',1,'SSLClient']]], - ['ssl_5fnone',['SSL_NONE',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a24122d1e1bb724237f305a0b4a21ff75',1,'SSLClient']]], - ['ssl_5fok',['SSL_OK',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa18dbddc0a3d4a94ee0f298fe55a06a94',1,'SSLClient']]], - ['ssl_5fout_5fof_5fmemory',['SSL_OUT_OF_MEMORY',['../class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa0a4f8af0226cf29ede8f6fe4a9047b08',1,'SSLClient']]], - ['ssl_5fpem_5fdecode_5fstate',['ssl_pem_decode_state',['../structssl__pem__decode__state.html',1,'']]], - ['ssl_5fwarn',['SSL_WARN',['../class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a26f3e5f1481f3ea22ea4ab5370b0fa97',1,'SSLClient']]], - ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'SSLClient'],['../class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376',1,'SSLClient::SSLClient()']]], - ['sslclient_2ecpp',['SSLClient.cpp',['../_s_s_l_client_8cpp.html',1,'']]], - ['sslclient_2eh',['SSLClient.h',['../_s_s_l_client_8h.html',1,'']]], - ['sslclientparameters',['SSLClientParameters',['../struct_s_s_l_client_parameters.html',1,'']]], - ['sslclientparameters_2eh',['SSLClientParameters.h',['../_s_s_l_client_parameters_8h.html',1,'']]], - ['sslobj',['SSLObj',['../namespace_s_s_l_obj.html',1,'']]], - ['sslobj_2ecpp',['SSLObj.cpp',['../_s_s_l_obj_8cpp.html',1,'']]], - ['sslobj_2eh',['SSLObj.h',['../_s_s_l_obj_8h.html',1,'']]], - ['sslsession',['SSLSession',['../class_s_s_l_session.html',1,'SSLSession'],['../class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74',1,'SSLSession::SSLSession()']]], - ['sslsession_2eh',['SSLSession.h',['../_s_s_l_session_8h.html',1,'']]], - ['stop',['stop',['../class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe',1,'SSLClient']]] + ['trust_20anchors',['Trust Anchors',['../md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html',1,'']]], + ['time_5fmacros_2eh',['time_macros.h',['../time__macros_8h.html',1,'']]], + ['to_5fbr_5fsession',['to_br_session',['../class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc',1,'SSLSession']]], + ['trustanchors_2emd',['TrustAnchors.md',['../_trust_anchors_8md.html',1,'']]] ]; diff --git a/docs/search/all_d.js b/docs/search/all_d.js index 4b4b251..a658122 100644 --- a/docs/search/all_d.js +++ b/docs/search/all_d.js @@ -1,7 +1,5 @@ var searchData= [ - ['trust_20anchors',['Trust Anchors',['../md___users__noah__documents__arduino_libraries__s_s_l_client__trust_anchors.html',1,'']]], - ['time_5fmacros_2eh',['time_macros.h',['../time__macros_8h.html',1,'']]], - ['to_5fbr_5fsession',['to_br_session',['../class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc',1,'SSLSession']]], - ['trustanchors_2emd',['TrustAnchors.md',['../_trust_anchors_8md.html',1,'']]] + ['unix_5ftimestamp',['UNIX_TIMESTAMP',['../time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487',1,'time_macros.h']]], + ['unix_5ftimestamp_5futc',['UNIX_TIMESTAMP_UTC',['../time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3',1,'time_macros.h']]] ]; diff --git a/docs/search/all_e.js b/docs/search/all_e.js index a658122..5a20807 100644 --- a/docs/search/all_e.js +++ b/docs/search/all_e.js @@ -1,5 +1,4 @@ var searchData= [ - ['unix_5ftimestamp',['UNIX_TIMESTAMP',['../time__macros_8h.html#a04e76e262f0920441e5f0c5552e83487',1,'time_macros.h']]], - ['unix_5ftimestamp_5futc',['UNIX_TIMESTAMP_UTC',['../time__macros_8h.html#a2af3d1d741ae2b49627adf56bbc95dc3',1,'time_macros.h']]] + ['vect',['vect',['../structssl__pem__decode__state.html#aa004af7ee6bfb65161dc47558e3a2ac2',1,'ssl_pem_decode_state']]] ]; diff --git a/docs/search/all_f.js b/docs/search/all_f.js index a18bd2a..451bfc6 100644 --- a/docs/search/all_f.js +++ b/docs/search/all_f.js @@ -1,4 +1,4 @@ var searchData= [ - ['vect',['vect',['../structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9',1,'ssl_pem_decode_state']]] + ['write',['write',['../class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86',1,'SSLClient::write(const uint8_t *buf, size_t size) override'],['../class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d',1,'SSLClient::write(uint8_t b) override']]] ]; diff --git a/docs/search/classes_0.js b/docs/search/classes_0.js index 81431f8..30a6271 100644 --- a/docs/search/classes_0.js +++ b/docs/search/classes_0.js @@ -2,6 +2,6 @@ var searchData= [ ['ssl_5fpem_5fdecode_5fstate',['ssl_pem_decode_state',['../structssl__pem__decode__state.html',1,'']]], ['sslclient',['SSLClient',['../class_s_s_l_client.html',1,'']]], - ['sslclientparameters',['SSLClientParameters',['../struct_s_s_l_client_parameters.html',1,'']]], + ['sslclientparameters',['SSLClientParameters',['../class_s_s_l_client_parameters.html',1,'']]], ['sslsession',['SSLSession',['../class_s_s_l_session.html',1,'']]] ]; diff --git a/docs/search/files_1.js b/docs/search/files_1.js index 212b513..2f119fd 100644 --- a/docs/search/files_1.js +++ b/docs/search/files_1.js @@ -2,8 +2,7 @@ var searchData= [ ['sslclient_2ecpp',['SSLClient.cpp',['../_s_s_l_client_8cpp.html',1,'']]], ['sslclient_2eh',['SSLClient.h',['../_s_s_l_client_8h.html',1,'']]], + ['sslclientparameters_2ecpp',['SSLClientParameters.cpp',['../_s_s_l_client_parameters_8cpp.html',1,'']]], ['sslclientparameters_2eh',['SSLClientParameters.h',['../_s_s_l_client_parameters_8h.html',1,'']]], - ['sslobj_2ecpp',['SSLObj.cpp',['../_s_s_l_obj_8cpp.html',1,'']]], - ['sslobj_2eh',['SSLObj.h',['../_s_s_l_obj_8h.html',1,'']]], ['sslsession_2eh',['SSLSession.h',['../_s_s_l_session_8h.html',1,'']]] ]; diff --git a/docs/search/functions_2.js b/docs/search/functions_2.js index 47e3882..af098e6 100644 --- a/docs/search/functions_2.js +++ b/docs/search/functions_2.js @@ -1,4 +1,6 @@ var searchData= [ - ['flush',['flush',['../class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c',1,'SSLClient']]] + ['flush',['flush',['../class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c',1,'SSLClient']]], + ['fromder',['fromDER',['../class_s_s_l_client_parameters.html#a12e44f4b8340ef7f1dcbbed7649e4bef',1,'SSLClientParameters']]], + ['frompem',['fromPEM',['../class_s_s_l_client_parameters.html#ac5ddf993f7d560581297471593051ea6',1,'SSLClientParameters']]] ]; diff --git a/docs/search/functions_3.js b/docs/search/functions_3.js index 7554e48..4e3c32e 100644 --- a/docs/search/functions_3.js +++ b/docs/search/functions_3.js @@ -1,7 +1,11 @@ var searchData= [ ['get_5fhostname',['get_hostname',['../class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820',1,'SSLSession']]], + ['getcertchain',['getCertChain',['../class_s_s_l_client_parameters.html#af5686b2c601812f55477a7089b3b2c2d',1,'SSLClientParameters']]], + ['getcerttype',['getCertType',['../class_s_s_l_client_parameters.html#a90d581703308881714d64d1ada785ad2',1,'SSLClientParameters']]], ['getclient',['getClient',['../class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21',1,'SSLClient']]], + ['geteckey',['getECKey',['../class_s_s_l_client_parameters.html#ad9beb80ce98ed9aa34db28783f0264c5',1,'SSLClientParameters']]], + ['getrsakey',['getRSAKey',['../class_s_s_l_client_parameters.html#a82c21b0ae4690a6b7842a0d74b12f67f',1,'SSLClientParameters']]], ['getsession',['getSession',['../class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3',1,'SSLClient']]], ['getsessioncount',['getSessionCount',['../class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22',1,'SSLClient']]], ['gettimeout',['getTimeout',['../class_s_s_l_client.html#a2a178251978e0622f7e241da702ae498',1,'SSLClient']]] diff --git a/docs/search/functions_4.js b/docs/search/functions_4.js index e4f8b0f..0aecf24 100644 --- a/docs/search/functions_4.js +++ b/docs/search/functions_4.js @@ -1,4 +1,4 @@ var searchData= [ - ['make_5fvector_5fpem',['make_vector_pem',['../namespace_s_s_l_obj.html#a9a58d01c9073b90f2b42c655828aea6d',1,'SSLObj']]] + ['operator_20bool',['operator bool',['../class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b',1,'SSLClient']]] ]; diff --git a/docs/search/functions_5.js b/docs/search/functions_5.js index 0aecf24..53b8b47 100644 --- a/docs/search/functions_5.js +++ b/docs/search/functions_5.js @@ -1,4 +1,4 @@ var searchData= [ - ['operator_20bool',['operator bool',['../class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b',1,'SSLClient']]] + ['peek',['peek',['../class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86',1,'SSLClient']]] ]; diff --git a/docs/search/functions_6.js b/docs/search/functions_6.js index 53b8b47..c66bc46 100644 --- a/docs/search/functions_6.js +++ b/docs/search/functions_6.js @@ -1,4 +1,5 @@ var searchData= [ - ['peek',['peek',['../class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86',1,'SSLClient']]] + ['read',['read',['../class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95',1,'SSLClient::read(uint8_t *buf, size_t size) override'],['../class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb',1,'SSLClient::read() override']]], + ['removesession',['removeSession',['../class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4',1,'SSLClient']]] ]; diff --git a/docs/search/functions_7.js b/docs/search/functions_7.js index c66bc46..0caa7b0 100644 --- a/docs/search/functions_7.js +++ b/docs/search/functions_7.js @@ -1,5 +1,9 @@ var searchData= [ - ['read',['read',['../class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95',1,'SSLClient::read(uint8_t *buf, size_t size) override'],['../class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb',1,'SSLClient::read() override']]], - ['removesession',['removeSession',['../class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4',1,'SSLClient']]] + ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256',1,'SSLClient']]], + ['settimeout',['setTimeout',['../class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae',1,'SSLClient']]], + ['sslclient',['SSLClient',['../class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376',1,'SSLClient']]], + ['sslclientparameters',['SSLClientParameters',['../class_s_s_l_client_parameters.html#a97213b5554e90908fbf284669b5f22f3',1,'SSLClientParameters']]], + ['sslsession',['SSLSession',['../class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74',1,'SSLSession']]], + ['stop',['stop',['../class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe',1,'SSLClient']]] ]; diff --git a/docs/search/functions_8.js b/docs/search/functions_8.js index d2a5842..96d95c1 100644 --- a/docs/search/functions_8.js +++ b/docs/search/functions_8.js @@ -1,8 +1,4 @@ var searchData= [ - ['setmutualauthparams',['setMutualAuthParams',['../class_s_s_l_client.html#a9e7ce7f8a72d7cdc071be3fa7a4c8f29',1,'SSLClient']]], - ['settimeout',['setTimeout',['../class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae',1,'SSLClient']]], - ['sslclient',['SSLClient',['../class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376',1,'SSLClient']]], - ['sslsession',['SSLSession',['../class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74',1,'SSLSession']]], - ['stop',['stop',['../class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe',1,'SSLClient']]] + ['to_5fbr_5fsession',['to_br_session',['../class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc',1,'SSLSession']]] ]; diff --git a/docs/search/functions_9.js b/docs/search/functions_9.js index 96d95c1..451bfc6 100644 --- a/docs/search/functions_9.js +++ b/docs/search/functions_9.js @@ -1,4 +1,4 @@ var searchData= [ - ['to_5fbr_5fsession',['to_br_session',['../class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc',1,'SSLSession']]] + ['write',['write',['../class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86',1,'SSLClient::write(const uint8_t *buf, size_t size) override'],['../class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d',1,'SSLClient::write(uint8_t b) override']]] ]; diff --git a/docs/search/searchdata.js b/docs/search/searchdata.js index 25ef3f7..2c637cb 100644 --- a/docs/search/searchdata.js +++ b/docs/search/searchdata.js @@ -1,42 +1,39 @@ var indexSectionsWithContent = { - 0: "_acdefgimoprstuvw", + 0: "_acdefgioprstuvw", 1: "s", - 2: "s", - 3: "rst", - 4: "acfgmoprstw", - 5: "ceiv", - 6: "de", - 7: "s", - 8: "_cgpsu", - 9: "st" + 2: "rst", + 3: "acfgoprstw", + 4: "iv", + 5: "de", + 6: "s", + 7: "_cgpsu", + 8: "st" }; var indexSectionNames = { 0: "all", 1: "classes", - 2: "namespaces", - 3: "files", - 4: "functions", - 5: "variables", - 6: "enums", - 7: "enumvalues", - 8: "defines", - 9: "pages" + 2: "files", + 3: "functions", + 4: "variables", + 5: "enums", + 6: "enumvalues", + 7: "defines", + 8: "pages" }; var indexSectionLabels = { 0: "All", 1: "Classes", - 2: "Namespaces", - 3: "Files", - 4: "Functions", - 5: "Variables", - 6: "Enumerations", - 7: "Enumerator", - 8: "Macros", - 9: "Pages" + 2: "Files", + 3: "Functions", + 4: "Variables", + 5: "Enumerations", + 6: "Enumerator", + 7: "Macros", + 8: "Pages" }; diff --git a/docs/search/variables_0.js b/docs/search/variables_0.js index faff15d..2d07945 100644 --- a/docs/search/variables_0.js +++ b/docs/search/variables_0.js @@ -1,5 +1,4 @@ var searchData= [ - ['chain_5flen',['chain_len',['../struct_s_s_l_client_parameters.html#aa523f407ac673da95bf651617fbf94b2',1,'SSLClientParameters']]], - ['client_5fcert_5fchain',['client_cert_chain',['../struct_s_s_l_client_parameters.html#a3e0440790d1acdee221b8ef6be6def95',1,'SSLClientParameters']]] + ['index',['index',['../structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3',1,'ssl_pem_decode_state']]] ]; diff --git a/docs/search/variables_1.js b/docs/search/variables_1.js index eb3b769..5a20807 100644 --- a/docs/search/variables_1.js +++ b/docs/search/variables_1.js @@ -1,4 +1,4 @@ var searchData= [ - ['ec_5fkey',['ec_key',['../struct_s_s_l_client_parameters.html#aca2dba04e30c8d7b962add0c353fc449',1,'SSLClientParameters']]] + ['vect',['vect',['../structssl__pem__decode__state.html#aa004af7ee6bfb65161dc47558e3a2ac2',1,'ssl_pem_decode_state']]] ]; diff --git a/docs/structssl__pem__decode__state-members.html b/docs/structssl__pem__decode__state-members.html index ac3c7aa..a9a31c6 100644 --- a/docs/structssl__pem__decode__state-members.html +++ b/docs/structssl__pem__decode__state-members.html @@ -94,7 +94,7 @@ $(document).ready(function(){initNavTree('structssl__pem__decode__state.html',''

      This is the complete list of members for ssl_pem_decode_state, including all inherited members.

      - +
      indexssl_pem_decode_state
      vectssl_pem_decode_state
      vectssl_pem_decode_state
      diff --git a/docs/structssl__pem__decode__state.html b/docs/structssl__pem__decode__state.html index c050a22..6117c99 100644 --- a/docs/structssl__pem__decode__state.html +++ b/docs/structssl__pem__decode__state.html @@ -96,8 +96,8 @@ $(document).ready(function(){initNavTree('structssl__pem__decode__state.html','' - - + +

      Public Attributes

      std::vector< unsigned char > * vect
       
      std::vector< char > * vect
       
      size_t index = 0
       
      @@ -116,14 +116,14 @@ Public Attributes - -

      ◆ vect

      + +

      ◆ vect

      - +
      std::vector<unsigned char>* ssl_pem_decode_state::vectstd::vector<char>* ssl_pem_decode_state::vect
      @@ -131,7 +131,7 @@ Public Attributes
      The documentation for this struct was generated from the following file: diff --git a/docs/structssl__pem__decode__state.js b/docs/structssl__pem__decode__state.js index fe8cbfc..613852e 100644 --- a/docs/structssl__pem__decode__state.js +++ b/docs/structssl__pem__decode__state.js @@ -1,5 +1,5 @@ var structssl__pem__decode__state = [ [ "index", "structssl__pem__decode__state.html#a8abbaad636bfcf50ef38f529e3cfd5f3", null ], - [ "vect", "structssl__pem__decode__state.html#a95f2366376d5f958f9bc1e859b59bae9", null ] + [ "vect", "structssl__pem__decode__state.html#aa004af7ee6bfb65161dc47558e3a2ac2", null ] ]; \ No newline at end of file From 3b9082cec9d94be2d3a1398e232bb2ca2988dccf Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 2 Mar 2020 16:39:30 -0800 Subject: [PATCH 062/141] fix a typo in the convert parameters --- tools/pycert_bearssl/pycert_bearssl.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/pycert_bearssl/pycert_bearssl.py b/tools/pycert_bearssl/pycert_bearssl.py index 082fe6f..14cd792 100644 --- a/tools/pycert_bearssl/pycert_bearssl.py +++ b/tools/pycert_bearssl/pycert_bearssl.py @@ -100,10 +100,10 @@ def download(port, cert_var, cert_length_var, output, use_store, keep_dupes, dom help='the location of the .pem file containing a list of trusted root certificates (default: use certifi.where())') @click.option('--keep-dupes', '-d', is_flag=True, default=False, help='write all certs including any duplicates (default: remove duplicates)') -@click.option('--no-verify', '-n', is_flag=True, default=False, +@click.option('--no-search', '-n', is_flag=True, default=False, help='Do not attempt to search for a root certificate to the provided PEM files, instead treat the PEM files as the root certificates') @click.argument('cert', type=click.File('r'), nargs=-1) -def convert(cert_var, cert_length_var, output, use_store, keep_dupes, no_verify, cert): +def convert(cert_var, cert_length_var, output, use_store, keep_dupes, no_search, cert): """Convert PEM certificates into a C header that can be imported into a sketch. Specify each certificate to encode as a separate argument (each must be in PEM format) and they will be merged into a single file. @@ -134,7 +134,7 @@ def convert(cert_var, cert_length_var, output, use_store, keep_dupes, no_verify, cert_objs.append(cert_parsed) # find a root certificate for each root_certs = [] - if no_verify: + if no_search: root_certs = cert_objs else: for i, c in enumerate(cert_objs): From 7a1a2a823babc0944339e130122957c93b3f1407 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Tue, 3 Mar 2020 14:52:47 -0800 Subject: [PATCH 063/141] update README for clarification and mTLS documentation --- README.md | 55 ++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index ed9c15a..c748618 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ You can also view this README in [doxygen](https://openslab-osu.github.io/SSLClient/index.html). -SSLClient is a simple library to add [TLS 1.2](https://www.websecurity.symantec.com/security-topics/what-is-ssl-tls-https) functionality to any network library implementing the [Arduino Client interface](https://www.arduino.cc/en/Reference/ClientConstructor), including the Arduino [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient) and [WiFiClient](https://www.arduino.cc/en/Reference/WiFiClient) classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. +SSLClient is a simple library to add [TLS 1.2](https://www.websecurity.symantec.com/security-topics/what-is-ssl-tls-https) functionality to any network library implementing the [Arduino Client interface](https://www.arduino.cc/en/Reference/ClientConstructor), including the Arduino [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient) and [WiFiClient](https://www.arduino.cc/en/Reference/WiFiClient) classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through TLS on devices that do not otherwise support it. SSLClient has been tested on the SAMD21, ESP32, TIVA C, and STM32 (in progress). SSClient does not currently support the ESP8266 (see [this issue](https://github.com/OPEnSLab-OSU/SSLClient/issues/5#issuecomment-569968546)). @@ -14,12 +14,12 @@ SSLClient has been tested on the SAMD21, ESP32, TIVA C, and STM32 (in progress). Using SSLClient should be similar to using any other Arduino-based Client class, since this library was developed around compatibility with [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient). There are a few extra things, however, that you will need to get started: -1. A board with a lot of resources (>110kb flash and >7kb RAM), and a network peripheral with a large internal buffer (>7kb). This library was tested with the [Adafruit Feather M0](https://www.adafruit.com/product/2772) (256K flash, 32K RAM) and the [Adafruit Ethernet Featherwing](https://www.adafruit.com/product/3201) (16kb Buffer), and we still had to modify the Arduino Ethernet library to support larger internal buffers per socket (see the [Implementation Gotchas](#sslclient-with-ethernet)). -2. A header containing array of trust anchors, which will look like [this file](./readme/cert.h). These are used to verify the SSL connection later on, and without them you will be unable to use this library. Check out [this document](./TrustAnchors.md) on how to generate this file for your project, and for more information about what a trust anchor is. -3. A Client class associated with a network interface. We tested this library using [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient), however in theory it will work for any class implementing Client. -4. An analog pin, used for generating random data at the start of the connection (see the [Implementation Gotchas](#implementation-gotchas)). +1. **Board and Network Peripheral** - Your board should have a lot of resources (>110kb flash and >7kb RAM), and your network peripheral should have a large internal buffer (>7kb). This library was tested with the [Adafruit Feather M0](https://www.adafruit.com/product/2772) (256K flash, 32K RAM) and the [Adafruit Ethernet Featherwing](https://www.adafruit.com/product/3201) (16kb Buffer), and we still had to modify the Arduino Ethernet library to support larger internal buffers per socket (see the [Implementation Gotchas](#sslclient-with-ethernet)). +2. **Trust Anchors** - You will need a header containing array of trust anchors ([example](./readme/cert.h)), which are used to verify the SSL connection later on. **This file must generated for every project.** Check out [TrustAnchors.md](./TrustAnchors.md) on how to generate this file for your project, and for more information about what a trust anchor is. +3. **Network Peripheral Driver Implementing `Client`** - Examples include `EthernetClient`, `WiFiClient`, and so on—SSLClient will run on top of any network driver exposing the `Client` interface. We tested this library using [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient). +4. **Analog Pin** - Used for generating random data at the start of the connection (see the [Implementation Gotchas](#implementation-gotchas)). -Once all those are ready, you can create a simple SSLClient object like this: +Once all those are ready, you can create an SSLClient object like this: ```C++ BaseClientType baseClientInstance; SSLClient client(baseClientInstance, TAs, (size_t)TAs_NUM, AnalogPin); @@ -36,7 +36,7 @@ Where: EthernetClient baseClient; SSLClient client(baseClient, TAs, 2, A7); ``` -Once that is setup, simply use SSLClient as you would the base client class: +Given this client, simply use SSLClient as you would the base client class: ```C++ // connect to ardiuino.cc over ssl (port 443 for websites) client.connect("www.arduino.cc", 443); @@ -136,6 +136,47 @@ Sessions are managed internally using the SSLSession::getSession function. This If you need to clear a session, you can do so using the SSLSession::removeSession function. +### mTLS + +As of `v1.6.0`, SSLClient supports [mutual TLS authentication](https://developers.cloudflare.com/access/service-auth/mtls/). mTLS is a varient of TLS that verifys both the server and device identities before a connection, and is commonly used in IoT protocols as a secure layer (MQTT over TLS, HTTPS over TLS, etc.). + +To use mTLS with SSLClient you will need to a client certificate and client private key associated with the server you are attempting to connect to. Depending on your use case, you will either generate these yourself (ex. [Mosquito MQTT setup](http://www.steves-internet-guide.com/creating-and-using-client-certificates-with-mqtt-and-mosquitto/)), or have them generated for you (ex. [AWS IoT Certificate Generation](https://docs.aws.amazon.com/iot/latest/developerguide/create-device-certificate.html)). Given this cryptographic information, you can modify the standard SSLClient connection sketch to enable mTLS authentication: +```C++ +... +/* Somewhere above setup() */ + +// The client certificate, can be PEM or DER format +// DER format will be an array of raw bytes, and PEM format will be a string +// PEM format is shown below +const char my_cert[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIDpDCCAowCCQC7mCk5Iu3YmDANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC\n" +... +"-----END CERTIFICATE-----\n"; + +// The client private key, must be the same format as the client certificate +// Both RSA and ECC are supported, ECC is shown below +const char my_key[] = +"-----BEGIN EC PRIVATE KEY-----\n" +... +"-----END EC PRIVATE KEY-----\n"; + +// This line will parse and store the above information so SSLClient can use it later +// Replace `fromPEM` with `fromDER` if you are using DER formatted certificates. +SSLClientParameters mTLS = SSLClientParameters::fromPEM(my_cert, sizeof(cert), my_key, sizeof(key)); +SSLClient my_client(...); +... +void setup() { + ... + /* Before SSLClient connects */ + + my_client.setMutualAuthParams(mTLS); + ... +} +... +``` +Note that both the above client information *as well as* the correct trust anchors associated with the server are needed for the connection to succeed. Additionally, the certificate must be formatted correctly (according to [BearSSL's specification](https://bearssl.org/apidoc/bearssl__pem_8h.html)) in order for mTLS to work. If the certificate is improperly formatted, SSLClient will attempt to make a regular TLS connection instead of an mTLS one, and fail to connect as a result. Because of this, if you are seeing errors similar to `"peer did not send certificate chain"` on your server, check that your certificate and key are formatted correctly (see https://github.com/OPEnSLab-OSU/SSLClient/issues/7#issuecomment-593704969). For more information on SSLClient's mTLS functionality, please see the [SSLClientParameters documentation](https://openslab-osu.github.io/SSLClient/class_s_s_l_client_parameters.html). + ## Implementation Gotchas Some ideas that didn't quite fit in the API documentation. From 5ae689bf726055c3b7f4a515b96a21922fd09236 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 9 Mar 2020 09:39:03 -0700 Subject: [PATCH 064/141] Add EthernetMQTT example to demonstrate mTLS (credit @Atalonica) --- examples/EthernetMQTT/EthernetMQTT.ino | 87 ++++++++++++++++++++++++++ tools/pycert_bearssl/certificates.h | 75 ++++++++++++++++++++++ 2 files changed, 162 insertions(+) create mode 100644 examples/EthernetMQTT/EthernetMQTT.ino create mode 100644 tools/pycert_bearssl/certificates.h diff --git a/examples/EthernetMQTT/EthernetMQTT.ino b/examples/EthernetMQTT/EthernetMQTT.ino new file mode 100644 index 0000000..5eab3fe --- /dev/null +++ b/examples/EthernetMQTT/EthernetMQTT.ino @@ -0,0 +1,87 @@ +/* + Basic MQTT example (with SSL!) + This sketch demonstrates the basic capabilities of the library. + It connects to an MQTT server then: + - publishes "hello world" to the topic "outTopic" + - subscribes to the topic "inTopic", printing out any messages + it receives. NB - it assumes the received payloads are strings not binary + It will reconnect to the server if the connection is lost using a blocking + reconnect function. See the 'mqtt_reconnect_nonblocking' example for how to + achieve the same result without blocking the main loop. + + You will need to populate "certificates.h" with your trust anchors + (see https://github.com/OPEnSLab-OSU/SSLClient/blob/master/TrustAnchors.md) + and my_cert/my_key with your certificate/private key pair + (see https://github.com/OPEnSLab-OSU/SSLClient#mtls). +*/ +#include +#include +#include +#include "certificates.h" // This file must be regenerated +#include + +const char my_cert[] = "FIXME"; +const char my_key[] = "FIXME"; +SSLClientParameters mTLS = SSLClientParameters::fromPEM(my_cert, sizeof my_cert, my_key, sizeof my_key); + +byte mac[] = { 0xDE, 0xED, 0xBA, 0xFE, 0xFE, 0xED }; +const char* mqttServer = "broker.example"; // Broker address +IPAddress ip (192, 168, 1, 2); // Custom client static IP + +void callback(char* topic, byte* payload, unsigned int length) { + Serial.print("Message arrived ["); + Serial.print(topic); + Serial.print("] "); + for (int i=0;i Date: Mon, 9 Mar 2020 09:40:25 -0700 Subject: [PATCH 065/141] add trust anchors to example --- examples/EthernetMQTT/certificates.h | 46 +++++++++++++++++ tools/pycert_bearssl/certificates.h | 75 ---------------------------- 2 files changed, 46 insertions(+), 75 deletions(-) create mode 100644 examples/EthernetMQTT/certificates.h delete mode 100644 tools/pycert_bearssl/certificates.h diff --git a/examples/EthernetMQTT/certificates.h b/examples/EthernetMQTT/certificates.h new file mode 100644 index 0000000..146187f --- /dev/null +++ b/examples/EthernetMQTT/certificates.h @@ -0,0 +1,46 @@ +#ifndef _CERTIFICATES_H_ +#define _CERTIFICATES_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + +/* You will need to generate the information in this file manually + * using pycert_bearssl. For more information, please see + * https://github.com/OPEnSLab-OSU/SSLClient/blob/master/TrustAnchors.md + */ + +#define TAs_NUM 1 + +static const unsigned char TA_DN0[] = { + // FIXME +}; + +static const unsigned char TA_RSA_N0[] = { + // FIXME +}; + +static const unsigned char TA_RSA_E0[] = { + // FIXME +}; + +static const br_x509_trust_anchor TAs[] = { + { + { (unsigned char *)TA_DN0, sizeof TA_DN0 }, + BR_X509_TA_CA, + { + BR_KEYTYPE_RSA, + { .rsa = { + (unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0, + (unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0, + } } + } + }, +}; + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* ifndef _CERTIFICATES_H_ */ \ No newline at end of file diff --git a/tools/pycert_bearssl/certificates.h b/tools/pycert_bearssl/certificates.h deleted file mode 100644 index ed91009..0000000 --- a/tools/pycert_bearssl/certificates.h +++ /dev/null @@ -1,75 +0,0 @@ -#ifndef _CERTIFICATES_H_ -#define _CERTIFICATES_H_ - -#ifdef __cplusplus -extern "C" -{ -#endif - -/* This file is auto-generated by the pycert_bearssl tool. Do not change it manually. - * Certificates are BearSSL br_x509_trust_anchor format. Included certs: - * - * Index: 0 - * Label: OPEnS - * Subject: C=US,ST=OR,L=Corvallis,O=OPEnS - */ - -#define TAs_NUM 1 - -static const unsigned char TA_DN0[] = { - 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, - 0x0c, 0x02, 0x4f, 0x52, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, - 0x07, 0x0c, 0x09, 0x43, 0x6f, 0x72, 0x76, 0x61, 0x6c, 0x6c, 0x69, 0x73, - 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x05, 0x4f, - 0x50, 0x45, 0x6e, 0x53, -}; - -static const unsigned char TA_RSA_N0[] = { - 0xe2, 0x80, 0x32, 0x18, 0xe7, 0xa6, 0x94, 0x04, 0x62, 0x43, 0xbc, 0x1e, - 0x14, 0x13, 0xaf, 0x40, 0x82, 0x0e, 0x14, 0x57, 0xe8, 0x50, 0x98, 0x38, - 0xa4, 0xd9, 0xf1, 0x8a, 0x20, 0x5f, 0x37, 0xae, 0xd1, 0xdf, 0xc1, 0xc0, - 0x53, 0x47, 0xd2, 0x4b, 0x10, 0x63, 0xe8, 0x8f, 0xb5, 0x58, 0x9f, 0xd8, - 0x69, 0x86, 0x31, 0xbc, 0x9f, 0x39, 0xf5, 0x88, 0xb3, 0xae, 0xcb, 0x25, - 0x50, 0xc0, 0x47, 0x7c, 0xde, 0x68, 0xdc, 0x5c, 0xb6, 0x68, 0xef, 0x17, - 0xe3, 0xf1, 0xd9, 0x41, 0xb1, 0x8a, 0xde, 0x31, 0x74, 0x82, 0xa9, 0x14, - 0x4b, 0x12, 0x7d, 0x7a, 0xbc, 0x2a, 0x8e, 0x6c, 0xf6, 0xfc, 0xeb, 0xda, - 0xe3, 0x55, 0x11, 0x77, 0x98, 0x71, 0xe6, 0xa7, 0x0d, 0x9a, 0x10, 0x47, - 0xe9, 0xde, 0x38, 0x71, 0x68, 0xe6, 0xbc, 0x8a, 0xec, 0xdd, 0xac, 0x53, - 0xdf, 0x20, 0x13, 0x55, 0x59, 0x70, 0xf1, 0xd5, 0x38, 0xc0, 0x4b, 0x46, - 0x3b, 0xe4, 0x82, 0x56, 0x27, 0x36, 0xaf, 0x4e, 0x80, 0x4d, 0xc4, 0xbc, - 0x21, 0x4c, 0x20, 0xc8, 0x4e, 0x87, 0x7d, 0x6c, 0x6f, 0xa2, 0x7b, 0x61, - 0xf1, 0x0b, 0xdc, 0xaa, 0x0c, 0xbb, 0x95, 0xdd, 0xe0, 0x1b, 0x92, 0x29, - 0x96, 0xf8, 0xf3, 0x5e, 0x47, 0x5b, 0x88, 0xe3, 0x8e, 0xb0, 0x4b, 0x89, - 0xaf, 0x73, 0x55, 0x08, 0x7d, 0xcc, 0xdf, 0x84, 0x7e, 0xaf, 0xba, 0x7c, - 0xdd, 0x6e, 0x5c, 0xc7, 0xd8, 0x2b, 0x25, 0x35, 0xdb, 0x2e, 0x53, 0x90, - 0xd1, 0x46, 0x20, 0x77, 0x5a, 0x39, 0xed, 0x5f, 0xcd, 0xee, 0x12, 0xe4, - 0x12, 0xdf, 0xaa, 0xa3, 0x18, 0x82, 0x69, 0x31, 0xc6, 0x0c, 0x7b, 0xa4, - 0x5b, 0x11, 0x9a, 0xd5, 0x0e, 0x21, 0x7d, 0x68, 0xc0, 0x5b, 0x2a, 0xb4, - 0xb5, 0x89, 0x18, 0x7d, 0x01, 0x27, 0xa7, 0x2e, 0x60, 0x0a, 0xc4, 0x58, - 0xca, 0x8e, 0x26, 0x03, -}; - -static const unsigned char TA_RSA_E0[] = { - 0x01, 0x00, 0x01, -}; - -static const br_x509_trust_anchor TAs[] = { - { - { (unsigned char *)TA_DN0, sizeof TA_DN0 }, - BR_X509_TA_CA, - { - BR_KEYTYPE_RSA, - { .rsa = { - (unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0, - (unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0, - } } - } - }, -}; - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* ifndef _CERTIFICATES_H_ */ From 8cbf028b986429e78595b5289bb3f7c50ce1a3cb Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 9 Mar 2020 10:12:01 -0700 Subject: [PATCH 066/141] restructure examples, validate stm32 (don't have hardware to test, so I can hope). Address https://github.com/OPEnSLab-OSU/SSLClient/issues/3. --- .../EthernetHTTPSstm32/EthernetHTTPSstm32.ino | 130 ++++++++++++++++++ .../stm32/EthernetHTTPSstm32/trust_anchors.h | 80 +++++++++++ .../EthernetHTTPStivac/EthernetHTTPStivac.ino | 32 +---- .../EthernetHTTPStivac/trust_anchors.h | 0 library.properties | 4 +- 5 files changed, 215 insertions(+), 31 deletions(-) create mode 100644 examples/stm32/EthernetHTTPSstm32/EthernetHTTPSstm32.ino create mode 100644 examples/stm32/EthernetHTTPSstm32/trust_anchors.h rename examples/{ => tivac}/EthernetHTTPStivac/EthernetHTTPStivac.ino (78%) rename examples/{ => tivac}/EthernetHTTPStivac/trust_anchors.h (100%) diff --git a/examples/stm32/EthernetHTTPSstm32/EthernetHTTPSstm32.ino b/examples/stm32/EthernetHTTPSstm32/EthernetHTTPSstm32.ino new file mode 100644 index 0000000..e685813 --- /dev/null +++ b/examples/stm32/EthernetHTTPSstm32/EthernetHTTPSstm32.ino @@ -0,0 +1,130 @@ +/* + Web client + + This sketch connects to a website (http://www.arduino.cc/asciilogo.txt) + using an Arduino Wiznet Ethernet shield or STM32 built-in Ethernet. + Tested on ST Micro Nucleo-F767ZI. + + Circuit: + * Ethernet shield attached to pins 10, 11, 12, 13 + + created 18 Dec 2009 + by David A. Mellis + modified 9 Apr 2012 + by Noah Koontz, based on work by Adrian McEwen and Tom Igoe + + Modified 16 Oct 2019 by gdsports625@gmail.com for STM32duino_STM32Ethernet + */ + +#include +#include +#include +#include "trust_anchors.h" + +// if you don't want to use DNS (and reduce your sketch size) +// use the numeric IP instead of the name for the server: +//IPAddress server(54,85,55,79); // numeric IP for Google (no DNS) +const char server[] = "www.arduino.cc"; // name address for Arduino (using DNS) +const char server_host[] = "www.arduino.cc"; // leave this alone, change only above two + +// Set the static IP address to use if the DHCP fails to assign +IPAddress ip(192, 168, 0, 177); +IPAddress myDns(8, 8, 8, 8); + +// Choose the analog pin to get semi-random data from for SSL +// Pick a pin that's not connected or attached to a randomish voltage source +const int rand_pin = A5; + +// Initialize the SSL client library +// We input an EthernetClient, our trust anchors, and the analog pin +EthernetClient base_client; +SSLClient client(base_client, TAs, (size_t)TAs_NUM, rand_pin); +// Variables to measure the speed +unsigned long beginMicros, endMicros; +unsigned long byteCount = 0; +bool printWebData = true; // set to false for better speed measurement + +void setup() { + // Open serial communications and wait for port to open: + Serial.begin(115200); + while (!Serial) { + ; // wait for serial port to connect. Needed for native USB port only + } + + // start the Ethernet connection: + Serial.println("Initialize Ethernet with DHCP:"); + // STM32 built-in Ethernet has a factory installed MAC address. + if (Ethernet.begin() == 0) { + Serial.println("Failed to configure Ethernet using DHCP"); + while (1) delay(1); + } else { + Serial.print(" DHCP assigned IP "); + Serial.println(Ethernet.localIP()); + } + // give the Ethernet shield a second to initialize: + delay(2000); + + Serial.print("connecting to "); + Serial.print(server); + Serial.println("..."); + + // if you get a connection, report back via serial: + auto start = millis(); + // specify the server and port, 443 is the standard port for HTTPS + if (client.connect(server, 443)) { + auto time = millis() - start; + Serial.print("connected to "); + Serial.println(base_client.remoteIP()); + Serial.print("Took: "); + Serial.println(time); + // Make a HTTP request: + client.println("GET /asciilogo.txt HTTP/1.1"); + client.println("User-Agent: SSLClientOverEthernet"); + client.print("Host: "); + client.println(server_host); + client.println("Connection: close"); + client.println(); + } else { + // if you didn't get a connection to the server: + Serial.println("connection failed"); + } + beginMicros = micros(); +} + +void loop() { + // if there are incoming bytes available + // from the server, read them and print them: + int len = client.available(); + if (len > 0) { + byte buffer[80]; + if (len > 80) len = 80; + client.read(buffer, len); + if (printWebData) { + Serial.write(buffer, len); // show in the serial monitor (slows some boards) + } + byteCount = byteCount + len; + } + + // if the server's disconnected, stop the client: + if (!client.connected()) { + endMicros = micros(); + Serial.println(); + Serial.println("disconnecting."); + client.stop(); + Serial.print("Received "); + Serial.print(byteCount); + Serial.print(" bytes in "); + float seconds = (float)(endMicros - beginMicros) / 1000000.0; + Serial.print(seconds, 4); + float rate = (float)byteCount / seconds / 1000.0; + Serial.print(", rate = "); + Serial.print(rate); + Serial.print(" kbytes/second"); + Serial.println(); + + // do nothing forevermore: + while (true) { + delay(1); + } + } +} \ No newline at end of file diff --git a/examples/stm32/EthernetHTTPSstm32/trust_anchors.h b/examples/stm32/EthernetHTTPSstm32/trust_anchors.h new file mode 100644 index 0000000..0ecbe4b --- /dev/null +++ b/examples/stm32/EthernetHTTPSstm32/trust_anchors.h @@ -0,0 +1,80 @@ +#ifndef _CERTIFICATES_H_ +#define _CERTIFICATES_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + +/* This file is auto-generated by the pycert_bearssl tool. Do not change it manually. + * Certificates are BearSSL br_x509_trust_anchor format. Included certs: + * + * Index: 0 + * Label: AddTrust External CA Root + * Subject: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root + * Domain(s): www.arduino.cc + */ + +#define TAs_NUM 1 + +static const unsigned char TA_DN0[] = { + 0x30, 0x6f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x53, 0x45, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x41, + 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, + 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, + 0x20, 0x52, 0x6f, 0x6f, 0x74, +}; + +static const unsigned char TA_RSA_N0[] = { + 0xb7, 0xf7, 0x1a, 0x33, 0xe6, 0xf2, 0x00, 0x04, 0x2d, 0x39, 0xe0, 0x4e, + 0x5b, 0xed, 0x1f, 0xbc, 0x6c, 0x0f, 0xcd, 0xb5, 0xfa, 0x23, 0xb6, 0xce, + 0xde, 0x9b, 0x11, 0x33, 0x97, 0xa4, 0x29, 0x4c, 0x7d, 0x93, 0x9f, 0xbd, + 0x4a, 0xbc, 0x93, 0xed, 0x03, 0x1a, 0xe3, 0x8f, 0xcf, 0xe5, 0x6d, 0x50, + 0x5a, 0xd6, 0x97, 0x29, 0x94, 0x5a, 0x80, 0xb0, 0x49, 0x7a, 0xdb, 0x2e, + 0x95, 0xfd, 0xb8, 0xca, 0xbf, 0x37, 0x38, 0x2d, 0x1e, 0x3e, 0x91, 0x41, + 0xad, 0x70, 0x56, 0xc7, 0xf0, 0x4f, 0x3f, 0xe8, 0x32, 0x9e, 0x74, 0xca, + 0xc8, 0x90, 0x54, 0xe9, 0xc6, 0x5f, 0x0f, 0x78, 0x9d, 0x9a, 0x40, 0x3c, + 0x0e, 0xac, 0x61, 0xaa, 0x5e, 0x14, 0x8f, 0x9e, 0x87, 0xa1, 0x6a, 0x50, + 0xdc, 0xd7, 0x9a, 0x4e, 0xaf, 0x05, 0xb3, 0xa6, 0x71, 0x94, 0x9c, 0x71, + 0xb3, 0x50, 0x60, 0x0a, 0xc7, 0x13, 0x9d, 0x38, 0x07, 0x86, 0x02, 0xa8, + 0xe9, 0xa8, 0x69, 0x26, 0x18, 0x90, 0xab, 0x4c, 0xb0, 0x4f, 0x23, 0xab, + 0x3a, 0x4f, 0x84, 0xd8, 0xdf, 0xce, 0x9f, 0xe1, 0x69, 0x6f, 0xbb, 0xd7, + 0x42, 0xd7, 0x6b, 0x44, 0xe4, 0xc7, 0xad, 0xee, 0x6d, 0x41, 0x5f, 0x72, + 0x5a, 0x71, 0x08, 0x37, 0xb3, 0x79, 0x65, 0xa4, 0x59, 0xa0, 0x94, 0x37, + 0xf7, 0x00, 0x2f, 0x0d, 0xc2, 0x92, 0x72, 0xda, 0xd0, 0x38, 0x72, 0xdb, + 0x14, 0xa8, 0x45, 0xc4, 0x5d, 0x2a, 0x7d, 0xb7, 0xb4, 0xd6, 0xc4, 0xee, + 0xac, 0xcd, 0x13, 0x44, 0xb7, 0xc9, 0x2b, 0xdd, 0x43, 0x00, 0x25, 0xfa, + 0x61, 0xb9, 0x69, 0x6a, 0x58, 0x23, 0x11, 0xb7, 0xa7, 0x33, 0x8f, 0x56, + 0x75, 0x59, 0xf5, 0xcd, 0x29, 0xd7, 0x46, 0xb7, 0x0a, 0x2b, 0x65, 0xb6, + 0xd3, 0x42, 0x6f, 0x15, 0xb2, 0xb8, 0x7b, 0xfb, 0xef, 0xe9, 0x5d, 0x53, + 0xd5, 0x34, 0x5a, 0x27, +}; + +static const unsigned char TA_RSA_E0[] = { + 0x01, 0x00, 0x01, +}; + +static const br_x509_trust_anchor TAs[] = { + { + { (unsigned char *)TA_DN0, sizeof TA_DN0 }, + BR_X509_TA_CA, + { + BR_KEYTYPE_RSA, + { .rsa = { + (unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0, + (unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0, + } } + } + }, +}; + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* ifndef _CERTIFICATES_H_ */ \ No newline at end of file diff --git a/examples/EthernetHTTPStivac/EthernetHTTPStivac.ino b/examples/tivac/EthernetHTTPStivac/EthernetHTTPStivac.ino similarity index 78% rename from examples/EthernetHTTPStivac/EthernetHTTPStivac.ino rename to examples/tivac/EthernetHTTPStivac/EthernetHTTPStivac.ino index b1f52da..62b2a5d 100644 --- a/examples/EthernetHTTPStivac/EthernetHTTPStivac.ino +++ b/examples/tivac/EthernetHTTPStivac/EthernetHTTPStivac.ino @@ -2,24 +2,19 @@ Web client This sketch connects to a website (http://www.arduino.cc/asciilogo.txt) - using an Arduino Wiznet Ethernet shield. + using an Arduino Wiznet Ethernet shield and TLS. This Circuit: * Ethernet shield attached to pins 10, 11, 12, 13 created 18 Dec 2009 by David A. Mellis - modified 9 Apr 2012 + modified 9 March 2020 by Noah Koontz, based on work by Adrian McEwen and Tom Igoe - */ - // NOTE: This example REQUIRES the EthernetLarge library. - // You can get it here: https://github.com/OPEnSLab-OSU/EthernetLarge - #include -//#include -#include "Ethernet.h" +#include #include #include "trust_anchors.h" @@ -56,14 +51,6 @@ unsigned long byteCount = 0; bool printWebData = true; // set to false for better speed measurement void setup() { - // You can use Ethernet.init(pin) to configure the CS pin - //Ethernet.init(10); // Most Arduino shields - //Ethernet.init(5); // MKR ETH shield - //Ethernet.init(0); // Teensy 2.0 - //Ethernet.init(20); // Teensy++ 2.0 - //Ethernet.init(15); // ESP8266 with Adafruit Featherwing Ethernet - //Ethernet.init(33); // ESP32 with Adafruit Featherwing Ethernet - // Open serial communications and wait for port to open: Serial.begin(115200); while (!Serial) { @@ -75,18 +62,6 @@ void setup() { //if (Ethernet.begin(mac) == 0) { if (Ethernet.begin(0) == 0) { Serial.println(F("Failed to configure Ethernet using DHCP")); - // Check for Ethernet hardware present -/* if (Ethernet.hardwareStatus() == EthernetNoHardware) { - Serial.println("Ethernet shield was not found. Sorry, can't run without hardware. :("); - while (true) { - delay(1); // do nothing, no point running without Ethernet hardware - } - }*/ -/* if (Ethernet.linkStatus() == LinkOFF) { - Serial.println("Ethernet cable is not connected."); - }*/ - // try to configure using IP address instead of DHCP: - //Ethernet.begin(mac, ip, myDns); Ethernet.begin(0, ip, myDns, gw, mask); } else { Serial.print(F(" DHCP assigned IP ")); @@ -125,7 +100,6 @@ void loop() { // from the server, read them and print them: int len = client.available(); while (len > 0) { - //if (len > 0) { byte buffer[BUFFLEN]; if (len > BUFFLEN) len = BUFFLEN; client.read(buffer, len); diff --git a/examples/EthernetHTTPStivac/trust_anchors.h b/examples/tivac/EthernetHTTPStivac/trust_anchors.h similarity index 100% rename from examples/EthernetHTTPStivac/trust_anchors.h rename to examples/tivac/EthernetHTTPStivac/trust_anchors.h diff --git a/library.properties b/library.properties index f8382d6..b924bc5 100644 --- a/library.properties +++ b/library.properties @@ -2,9 +2,9 @@ name=SSLClient version=1.5.0 author=Noah Koontz maintainer=OPEnS Lab -sentence=Arduino library to add SSL functionality to any Client class +sentence=Arduino library to add TLS functionality to any Client class paragraph=including the Arduino EthernetClient and WiFiClient classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. category=Communication url=https://github.com/OPEnSLab-OSU/SSLClient -architectures=samd,tivac +architectures=samd,tivac,stm32 includes=SSLClient.h From 79aa5b8fd95f8c2c60aa47424a0987f0de8492ea Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 9 Mar 2020 11:09:25 -0700 Subject: [PATCH 067/141] update travis to include esp32, stm32, removed precompiled releases for now --- .travis.yml | 56 +++++++++++++++++++++++++++-------------------------- 1 file changed, 29 insertions(+), 27 deletions(-) diff --git a/.travis.yml b/.travis.yml index 92f62d3..410af9c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,47 +3,49 @@ env: global: # You can uncomment this to explicitly choose an (old) version of the Arduino IDE #- ARDUINO_IDE_VERSION="1.8.7" - - ADDITIONAL_URLS="https://adafruit.github.io/arduino-board-index/package_adafruit_index.json" + - ADDITIONAL_URLS="https://adafruit.github.io/arduino-board-index/package_adafruit_index.json,https://raw.githubusercontent.com/espressif/arduino-esp32/gh-pages/package_esp32_index.json,https://github.com/stm32duino/BoardManagerFiles/raw/master/STM32/package_stm_index.json" cache: directories: - ~/arduino_ide - ~/.arduino15/packages/ + jobs: include: - - stage: "Feather M0" - env: BOARD_NAME="FeatherM0" ARCH="cortex-m0plus" CORE="adafruit:samd" BOARD="adafruit:samd:adafruit_feather_m0" - - stage: "Arduino Zero" - env: BOARD_NAME="ArduinoZero" ARCH="cortex-m0plus" CORE="arduino:samd" BOARD="arduino:samd:mzero_bl" + - stage: "Build" + name: "Feather M0" + env: CORE="adafruit:samd" BOARD="adafruit:samd:adafruit_feather_m0" + - name: "Arduino Zero" + env: CORE="arduino:samd" BOARD="arduino:samd:mzero_bl" + - name: "ESP32" + env: CORE="esp32:esp32" BOARD="esp32:esp32:d32" + - name: "STM32" + env: CORE="STM32:stm32" BOARD="STM32:stm32:Nucleo_144" + script: + - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/stm32/EthernetHTTPSstm32 + - stage: "Deploy" + if: branch = master AND tag is present + env: DEPLOY=1 + script: skip + deploy: + provider: releases + api_key: $GITHUB_TOKEN + file: "SSLClient.zip" + skip_cleanup: true -before_install: + +install: - curl -fsSL https://raw.githubusercontent.com/arduino/arduino-cli/master/install.sh | BINDIR=/usr/bin sudo sh - arduino-cli core update-index --additional-urls $ADDITIONAL_URLS - arduino-cli core install arduino:samd -v - - arduino-cli core install adafruit:samd -v --additional-urls $ADDITIONAL_URLS + - arduino-cli core install $CORE -v --additional-urls $ADDITIONAL_URLS - mkdir -p $HOME/Arduino/libraries - rm -rf $HOME/Arduino/libraries/EthernetLarge - git clone https://github.com/OPEnSLab-OSU/EthernetLarge.git $HOME/Arduino/libraries/EthernetLarge -install: + - arduino-cli lib install "STM32duino STM32Ethernet" + - arduino-cli lib install "PubSubClient" - ln -s $PWD $HOME/Arduino/libraries/. - - echo "dot_a_linkage=true" >> library.properties + script: - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/EthernetHTTPS - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/EthernetMultiHTTPS -before_deploy: - - mkdir src/$ARCH - - cp "$(find /tmp/ -maxdepth 1 -type d -name "arduino-sketch*" -print | head -n 1)/libraries/SSLClient/SSLClient.a" src/$ARCH/ - - cp .travis/library.properties . - - rm -rf .git - - find src/ -iname "*.c" -delete - - find src/ -iname "*.cpp" -delete - - zip -r SSLClient-$BOARD_NAME.zip . -deploy: - provider: releases - api_key: $GITHUB_TOKEN - file: "SSLClient-$BOARD_NAME.zip" - skip_cleanup: true - draft: true - overwrite: true - on: - tags: true - branch: master + - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/EthernetMQTT \ No newline at end of file From b8144e4c2ebeeb843861040aa27cd08c62cd5ed3 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Mon, 9 Mar 2020 11:24:41 -0700 Subject: [PATCH 068/141] fix travis overflowing the log (impressive), and fix stm32 build --- .travis.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 410af9c..78e0d99 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,12 +19,11 @@ jobs: - name: "ESP32" env: CORE="esp32:esp32" BOARD="esp32:esp32:d32" - name: "STM32" - env: CORE="STM32:stm32" BOARD="STM32:stm32:Nucleo_144" + env: CORE="STM32:stm32" BOARD="STM32:stm32:Nucleo_144:pnum=NUCLEO_F767ZI" script: - - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/stm32/EthernetHTTPSstm32 + - arduino-cli compile --warnings all --fqbn $BOARD $PWD/examples/stm32/EthernetHTTPSstm32 - stage: "Deploy" if: branch = master AND tag is present - env: DEPLOY=1 script: skip deploy: provider: releases @@ -46,6 +45,6 @@ install: - ln -s $PWD $HOME/Arduino/libraries/. script: - - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/EthernetHTTPS - - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/EthernetMultiHTTPS - - arduino-cli compile --verbose --warnings all --fqbn $BOARD $PWD/examples/EthernetMQTT \ No newline at end of file + - arduino-cli compile --warnings all --fqbn $BOARD $PWD/examples/EthernetHTTPS + - arduino-cli compile --warnings all --fqbn $BOARD $PWD/examples/EthernetMultiHTTPS + - arduino-cli compile --warnings all --fqbn $BOARD $PWD/examples/EthernetMQTT \ No newline at end of file From 26c80b61d1777c057f5fe44447f4cac25eed6724 Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Wed, 11 Mar 2020 12:40:48 -0700 Subject: [PATCH 069/141] Update travis to autogenerate documentation --- .travis.yml | 30 +- .travis/Doxyfile | 2572 ++++++++++++++++++++++++++++++++++++ .travis/library.properties | 12 - 3 files changed, 2601 insertions(+), 13 deletions(-) create mode 100644 .travis/Doxyfile delete mode 100644 .travis/library.properties diff --git a/.travis.yml b/.travis.yml index 78e0d99..3eb6cd2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,11 +4,28 @@ env: # You can uncomment this to explicitly choose an (old) version of the Arduino IDE #- ARDUINO_IDE_VERSION="1.8.7" - ADDITIONAL_URLS="https://adafruit.github.io/arduino-board-index/package_adafruit_index.json,https://raw.githubusercontent.com/espressif/arduino-esp32/gh-pages/package_esp32_index.json,https://github.com/stm32duino/BoardManagerFiles/raw/master/STM32/package_stm_index.json" + - DOXYFILE=$TRAVIS_BUILD_DIR/.travis/Doxyfile + cache: directories: - ~/arduino_ide - ~/.arduino15/packages/ +# Blacklist +branches: + except: + - gh-pages + +# Install dependencies +addons: + apt: + packages: + - doxygen + - doxygen-doc + - doxygen-latex + - doxygen-gui + - graphviz + jobs: include: - stage: "Build" @@ -22,6 +39,18 @@ jobs: env: CORE="STM32:stm32" BOARD="STM32:stm32:Nucleo_144:pnum=NUCLEO_F767ZI" script: - arduino-cli compile --warnings all --fqbn $BOARD $PWD/examples/stm32/EthernetHTTPSstm32 + + - stage: "Documentation" + if: branch = master + install: skip + script: + - doxygen $DOXYFILE + deploy: + provider: pages + skip_cleanup: true + local_dir: docs/html + github_token: $GITHUB_TOKEN + - stage: "Deploy" if: branch = master AND tag is present script: skip @@ -31,7 +60,6 @@ jobs: file: "SSLClient.zip" skip_cleanup: true - install: - curl -fsSL https://raw.githubusercontent.com/arduino/arduino-cli/master/install.sh | BINDIR=/usr/bin sudo sh - arduino-cli core update-index --additional-urls $ADDITIONAL_URLS diff --git a/.travis/Doxyfile b/.travis/Doxyfile new file mode 100644 index 0000000..092d4f5 --- /dev/null +++ b/.travis/Doxyfile @@ -0,0 +1,2572 @@ +# Doxyfile 1.8.15 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project. +# +# All text after a double hash (##) is considered a comment and is placed in +# front of the TAG it is preceding. +# +# All text after a single hash (#) is considered a comment and will be ignored. +# The format is: +# TAG = value [value, ...] +# For lists, items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (\" \"). + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the configuration +# file that follow. The default is UTF-8 which is also the encoding used for all +# text before the first occurrence of this tag. Doxygen uses libiconv (or the +# iconv built into libc) for the transcoding. See +# https://www.gnu.org/software/libiconv/ for the list of possible encodings. +# The default value is: UTF-8. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded by +# double-quotes, unless you are using Doxywizard) that should identify the +# project for which the documentation is generated. This name is used in the +# title of most generated pages and in a few other places. +# The default value is: My Project. + +PROJECT_NAME = SSLClient + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. This +# could be handy for archiving the generated documentation or if some version +# control system is used. + +PROJECT_NUMBER = v1.6.0 + +# Using the PROJECT_BRIEF tag one can provide an optional one line description +# for a project that appears at the top of each page and should give viewer a +# quick idea about the purpose of the project. Keep the description short. + +PROJECT_BRIEF = + +# With the PROJECT_LOGO tag one can specify a logo or an icon that is included +# in the documentation. The maximum height of the logo should not exceed 55 +# pixels and the maximum width should not exceed 200 pixels. Doxygen will copy +# the logo to the output directory. + +PROJECT_LOGO = + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path +# into which the generated documentation will be written. If a relative path is +# entered, it will be relative to the location where doxygen was started. If +# left blank the current directory will be used. + +OUTPUT_DIRECTORY = docs + +# If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub- +# directories (in 2 levels) under the output directory of each output format and +# will distribute the generated files over these directories. Enabling this +# option can be useful when feeding doxygen a huge amount of source files, where +# putting all generated files in the same directory would otherwise causes +# performance problems for the file system. +# The default value is: NO. + +CREATE_SUBDIRS = NO + +# If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII +# characters to appear in the names of generated files. If set to NO, non-ASCII +# characters will be escaped, for example _xE3_x81_x84 will be used for Unicode +# U+3044. +# The default value is: NO. + +ALLOW_UNICODE_NAMES = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese, +# Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States), +# Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian, +# Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages), +# Korean, Korean-en (Korean with English messages), Latvian, Lithuanian, +# Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian, +# Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish, +# Ukrainian and Vietnamese. +# The default value is: English. + +OUTPUT_LANGUAGE = English + +# The OUTPUT_TEXT_DIRECTION tag is used to specify the direction in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all generated output in the proper direction. +# Possible values are: None, LTR, RTL and Context. +# The default value is: None. + +OUTPUT_TEXT_DIRECTION = None + +# If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member +# descriptions after the members that are listed in the file and class +# documentation (similar to Javadoc). Set to NO to disable this. +# The default value is: YES. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES, doxygen will prepend the brief +# description of a member or function before the detailed description +# +# Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. +# The default value is: YES. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator that is +# used to form the text in various listings. Each string in this list, if found +# as the leading text of the brief description, will be stripped from the text +# and the result, after processing the whole list, is used as the annotated +# text. Otherwise, the brief description is used as-is. If left blank, the +# following values are used ($name is automatically replaced with the name of +# the entity):The $name class, The $name widget, The $name file, is, provides, +# specifies, contains, represents, a, an and the. + +ABBREVIATE_BRIEF = "The $name class" \ + "The $name widget" \ + "The $name file" \ + is \ + provides \ + specifies \ + contains \ + represents \ + a \ + an \ + the + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# doxygen will generate a detailed section even if there is only a brief +# description. +# The default value is: NO. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. +# The default value is: NO. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES, doxygen will prepend the full path +# before files name in the file list and in the header files. If set to NO the +# shortest path that makes the file name unique will be used +# The default value is: YES. + +FULL_PATH_NAMES = YES + +# The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path. +# Stripping is only done if one of the specified strings matches the left-hand +# part of the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the path to +# strip. +# +# Note that you can specify absolute paths here, but also relative paths, which +# will be relative from the directory where doxygen is started. +# This tag requires that the tag FULL_PATH_NAMES is set to YES. + +STRIP_FROM_PATH = + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the +# path mentioned in the documentation of a class, which tells the reader which +# header file to include in order to use a class. If left blank only the name of +# the header file containing the class definition is used. Otherwise one should +# specify the list of include paths that are normally passed to the compiler +# using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but +# less readable) file names. This can be useful is your file systems doesn't +# support long names like on DOS, Mac, or CD-ROM. +# The default value is: NO. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the +# first line (until the first dot) of a Javadoc-style comment as the brief +# description. If set to NO, the Javadoc-style will behave just like regular Qt- +# style comments (thus requiring an explicit @brief command for a brief +# description.) +# The default value is: NO. + +JAVADOC_AUTOBRIEF = NO + +# If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first +# line (until the first dot) of a Qt-style comment as the brief description. If +# set to NO, the Qt-style will behave just like regular Qt-style comments (thus +# requiring an explicit \brief command for a brief description.) +# The default value is: NO. + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a +# multi-line C++ special comment block (i.e. a block of //! or /// comments) as +# a brief description. This used to be the default behavior. The new default is +# to treat a multi-line C++ comment block as a detailed description. Set this +# tag to YES if you prefer the old behavior instead. +# +# Note that setting this tag to YES also means that rational rose comments are +# not recognized any more. +# The default value is: NO. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the +# documentation from any documented member that it re-implements. +# The default value is: YES. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES then doxygen will produce a new +# page for each member. If set to NO, the documentation of a member will be part +# of the file/class/namespace that contains it. +# The default value is: NO. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen +# uses this value to replace tabs by spaces in code fragments. +# Minimum value: 1, maximum value: 16, default value: 4. + +TAB_SIZE = 4 + +# This tag can be used to specify a number of aliases that act as commands in +# the documentation. An alias has the form: +# name=value +# For example adding +# "sideeffect=@par Side Effects:\n" +# will allow you to put the command \sideeffect (or @sideeffect) in the +# documentation, which will result in a user-defined paragraph with heading +# "Side Effects:". You can put \n's in the value part of an alias to insert +# newlines (in the resulting output). You can put ^^ in the value part of an +# alias to insert a newline as if a physical newline was in the original file. +# When you need a literal { or } or , in the value part of an alias you have to +# escape them by means of a backslash (\), this can lead to conflicts with the +# commands \{ and \} for these it is advised to use the version @{ and @} or use +# a double escape (\\{ and \\}) + +ALIASES = + +# This tag can be used to specify a number of word-keyword mappings (TCL only). +# A mapping has the form "name=value". For example adding "class=itcl::class" +# will allow you to use the command class in the itcl::class meaning. + +TCL_SUBST = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources +# only. Doxygen will then generate output that is more tailored for C. For +# instance, some of the names that are used will be different. The list of all +# members will be omitted, etc. +# The default value is: NO. + +OPTIMIZE_OUTPUT_FOR_C = NO + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or +# Python sources only. Doxygen will then generate output that is more tailored +# for that language. For instance, namespaces will be presented as packages, +# qualified scopes will look different, etc. +# The default value is: NO. + +OPTIMIZE_OUTPUT_JAVA = NO + +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources. Doxygen will then generate output that is tailored for Fortran. +# The default value is: NO. + +OPTIMIZE_FOR_FORTRAN = NO + +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for VHDL. +# The default value is: NO. + +OPTIMIZE_OUTPUT_VHDL = NO + +# Set the OPTIMIZE_OUTPUT_SLICE tag to YES if your project consists of Slice +# sources only. Doxygen will then generate output that is more tailored for that +# language. For instance, namespaces will be presented as modules, types will be +# separated into more groups, etc. +# The default value is: NO. + +OPTIMIZE_OUTPUT_SLICE = NO + +# Doxygen selects the parser to use depending on the extension of the files it +# parses. With this tag you can assign which parser to use for a given +# extension. Doxygen has a built-in mapping, but you can override or extend it +# using this tag. The format is ext=language, where ext is a file extension, and +# language is one of the parsers supported by doxygen: IDL, Java, Javascript, +# Csharp (C#), C, C++, D, PHP, md (Markdown), Objective-C, Python, Slice, +# Fortran (fixed format Fortran: FortranFixed, free formatted Fortran: +# FortranFree, unknown formatted Fortran: Fortran. In the later case the parser +# tries to guess whether the code is fixed or free formatted code, this is the +# default for Fortran type files), VHDL, tcl. For instance to make doxygen treat +# .inc files as Fortran files (default is PHP), and .f files as C (default is +# Fortran), use: inc=Fortran f=C. +# +# Note: For files without extension you can use no_extension as a placeholder. +# +# Note that for custom extensions you also need to set FILE_PATTERNS otherwise +# the files are not read by doxygen. + +EXTENSION_MAPPING = + +# If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments +# according to the Markdown format, which allows for more readable +# documentation. See https://daringfireball.net/projects/markdown/ for details. +# The output of markdown processing is further processed by doxygen, so you can +# mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in +# case of backward compatibilities issues. +# The default value is: YES. + +MARKDOWN_SUPPORT = YES + +# When the TOC_INCLUDE_HEADINGS tag is set to a non-zero value, all headings up +# to that level are automatically included in the table of contents, even if +# they do not have an id attribute. +# Note: This feature currently applies only to Markdown headings. +# Minimum value: 0, maximum value: 99, default value: 0. +# This tag requires that the tag MARKDOWN_SUPPORT is set to YES. + +TOC_INCLUDE_HEADINGS = 0 + +# When enabled doxygen tries to link words that correspond to documented +# classes, or namespaces to their corresponding documentation. Such a link can +# be prevented in individual cases by putting a % sign in front of the word or +# globally by setting AUTOLINK_SUPPORT to NO. +# The default value is: YES. + +AUTOLINK_SUPPORT = YES + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should set this +# tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); +# versus func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. +# The default value is: NO. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. +# The default value is: NO. + +CPP_CLI_SUPPORT = NO + +# Set the SIP_SUPPORT tag to YES if your project consists of sip (see: +# https://www.riverbankcomputing.com/software/sip/intro) sources only. Doxygen +# will parse them like normal C++ but will assume all classes use public instead +# of private inheritance when no explicit protection keyword is present. +# The default value is: NO. + +SIP_SUPPORT = NO + +# For Microsoft's IDL there are propget and propput attributes to indicate +# getter and setter methods for a property. Setting this option to YES will make +# doxygen to replace the get and set methods by a property in the documentation. +# This will only work if the methods are indeed getting or setting a simple +# type. If this is not the case, or you want to show the methods anyway, you +# should set this option to NO. +# The default value is: YES. + +IDL_PROPERTY_SUPPORT = YES + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. +# The default value is: NO. + +DISTRIBUTE_GROUP_DOC = NO + +# If one adds a struct or class to a group and this option is enabled, then also +# any nested class or struct is added to the same group. By default this option +# is disabled and one has to add nested compounds explicitly via \ingroup. +# The default value is: NO. + +GROUP_NESTED_COMPOUNDS = NO + +# Set the SUBGROUPING tag to YES to allow class member groups of the same type +# (for instance a group of public functions) to be put as a subgroup of that +# type (e.g. under the Public Functions section). Set it to NO to prevent +# subgrouping. Alternatively, this can be done per class using the +# \nosubgrouping command. +# The default value is: YES. + +SUBGROUPING = YES + +# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions +# are shown inside the group in which they are included (e.g. using \ingroup) +# instead of on a separate page (for HTML and Man pages) or section (for LaTeX +# and RTF). +# +# Note that this feature does not work in combination with +# SEPARATE_MEMBER_PAGES. +# The default value is: NO. + +INLINE_GROUPED_CLASSES = NO + +# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions +# with only public data fields or simple typedef fields will be shown inline in +# the documentation of the scope in which they are defined (i.e. file, +# namespace, or group documentation), provided this scope is documented. If set +# to NO, structs, classes, and unions are shown on a separate page (for HTML and +# Man pages) or section (for LaTeX and RTF). +# The default value is: NO. + +INLINE_SIMPLE_STRUCTS = NO + +# When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or +# enum is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically be +# useful for C code in case the coding convention dictates that all compound +# types are typedef'ed and only the typedef is referenced, never the tag name. +# The default value is: NO. + +TYPEDEF_HIDES_STRUCT = NO + +# The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This +# cache is used to resolve symbols given their name and scope. Since this can be +# an expensive process and often the same symbol appears multiple times in the +# code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small +# doxygen will become slower. If the cache is too large, memory is wasted. The +# cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range +# is 0..9, the default is 0, corresponding to a cache size of 2^16=65536 +# symbols. At the end of a run doxygen will report the cache usage and suggest +# the optimal cache size from a speed point of view. +# Minimum value: 0, maximum value: 9, default value: 0. + +LOOKUP_CACHE_SIZE = 0 + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES, doxygen will assume all entities in +# documentation are documented, even if no documentation was available. Private +# class members and static file members will be hidden unless the +# EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES. +# Note: This will also disable the warnings about undocumented members that are +# normally produced when WARNINGS is set to YES. +# The default value is: NO. + +EXTRACT_ALL = YES + +# If the EXTRACT_PRIVATE tag is set to YES, all private members of a class will +# be included in the documentation. +# The default value is: NO. + +EXTRACT_PRIVATE = NO + +# If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal +# scope will be included in the documentation. +# The default value is: NO. + +EXTRACT_PACKAGE = NO + +# If the EXTRACT_STATIC tag is set to YES, all static members of a file will be +# included in the documentation. +# The default value is: NO. + +EXTRACT_STATIC = NO + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES, classes (and structs) defined +# locally in source files will be included in the documentation. If set to NO, +# only classes defined in header files are included. Does not have any effect +# for Java sources. +# The default value is: YES. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. If set to YES, local methods, +# which are defined in the implementation section but not in the interface are +# included in the documentation. If set to NO, only methods in the interface are +# included. +# The default value is: NO. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base name of +# the file that contains the anonymous namespace. By default anonymous namespace +# are hidden. +# The default value is: NO. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all +# undocumented members inside documented classes or files. If set to NO these +# members will be included in the various overviews, but no documentation +# section is generated. This option has no effect if EXTRACT_ALL is enabled. +# The default value is: NO. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. If set +# to NO, these classes will be included in the various overviews. This option +# has no effect if EXTRACT_ALL is enabled. +# The default value is: NO. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend +# (class|struct|union) declarations. If set to NO, these declarations will be +# included in the documentation. +# The default value is: NO. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any +# documentation blocks found inside the body of a function. If set to NO, these +# blocks will be appended to the function's detailed documentation block. +# The default value is: NO. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation that is typed after a +# \internal command is included. If the tag is set to NO then the documentation +# will be excluded. Set it to YES to include the internal documentation. +# The default value is: NO. + +INTERNAL_DOCS = NO + +# If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file +# names in lower-case letters. If set to YES, upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. +# The default value is: system dependent. + +CASE_SENSE_NAMES = NO + +# If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with +# their full class and namespace scopes in the documentation. If set to YES, the +# scope will be hidden. +# The default value is: NO. + +HIDE_SCOPE_NAMES = NO + +# If the HIDE_COMPOUND_REFERENCE tag is set to NO (default) then doxygen will +# append additional text to a page's title, such as Class Reference. If set to +# YES the compound reference will be hidden. +# The default value is: NO. + +HIDE_COMPOUND_REFERENCE= NO + +# If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of +# the files that are included by a file in the documentation of that file. +# The default value is: YES. + +SHOW_INCLUDE_FILES = YES + +# If the SHOW_GROUPED_MEMB_INC tag is set to YES then Doxygen will add for each +# grouped member an include statement to the documentation, telling the reader +# which file to include in order to use the member. +# The default value is: NO. + +SHOW_GROUPED_MEMB_INC = NO + +# If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include +# files with double quotes in the documentation rather than with sharp brackets. +# The default value is: NO. + +FORCE_LOCAL_INCLUDES = NO + +# If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the +# documentation for inline members. +# The default value is: YES. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the +# (detailed) documentation of file and class members alphabetically by member +# name. If set to NO, the members will appear in declaration order. +# The default value is: YES. + +SORT_MEMBER_DOCS = YES + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief +# descriptions of file, namespace and class members alphabetically by member +# name. If set to NO, the members will appear in declaration order. Note that +# this will also influence the order of the classes in the class list. +# The default value is: NO. + +SORT_BRIEF_DOCS = NO + +# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the +# (brief and detailed) documentation of class members so that constructors and +# destructors are listed first. If set to NO the constructors will appear in the +# respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS. +# Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief +# member documentation. +# Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting +# detailed member documentation. +# The default value is: NO. + +SORT_MEMBERS_CTORS_1ST = NO + +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy +# of group names into alphabetical order. If set to NO the group names will +# appear in their defined order. +# The default value is: NO. + +SORT_GROUP_NAMES = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by +# fully-qualified names, including namespaces. If set to NO, the class list will +# be sorted only by class name, not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the alphabetical +# list. +# The default value is: NO. + +SORT_BY_SCOPE_NAME = NO + +# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper +# type resolution of all parameters of a function it will reject a match between +# the prototype and the implementation of a member function even if there is +# only one candidate or it is obvious which candidate to choose by doing a +# simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still +# accept a match between prototype and implementation in such cases. +# The default value is: NO. + +STRICT_PROTO_MATCHING = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or disable (NO) the todo +# list. This list is created by putting \todo commands in the documentation. +# The default value is: YES. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable (YES) or disable (NO) the test +# list. This list is created by putting \test commands in the documentation. +# The default value is: YES. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable (YES) or disable (NO) the bug +# list. This list is created by putting \bug commands in the documentation. +# The default value is: YES. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or disable (NO) +# the deprecated list. This list is created by putting \deprecated commands in +# the documentation. +# The default value is: YES. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional documentation +# sections, marked by \if ... \endif and \cond +# ... \endcond blocks. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the +# initial value of a variable or macro / define can have for it to appear in the +# documentation. If the initializer consists of more lines than specified here +# it will be hidden. Use a value of 0 to hide initializers completely. The +# appearance of the value of individual variables and macros / defines can be +# controlled using \showinitializer or \hideinitializer command in the +# documentation regardless of this setting. +# Minimum value: 0, maximum value: 10000, default value: 30. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated at +# the bottom of the documentation of classes and structs. If set to YES, the +# list will mention the files that were used to generate the documentation. +# The default value is: YES. + +SHOW_USED_FILES = YES + +# Set the SHOW_FILES tag to NO to disable the generation of the Files page. This +# will remove the Files entry from the Quick Index and from the Folder Tree View +# (if specified). +# The default value is: YES. + +SHOW_FILES = YES + +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces +# page. This will remove the Namespaces entry from the Quick Index and from the +# Folder Tree View (if specified). +# The default value is: YES. + +SHOW_NAMESPACES = YES + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command command input-file, where command is the value of the +# FILE_VERSION_FILTER tag, and input-file is the name of an input file provided +# by doxygen. Whatever the program writes to standard output is used as the file +# version. For an example see the documentation. + +FILE_VERSION_FILTER = + +# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed +# by doxygen. The layout file controls the global structure of the generated +# output files in an output format independent way. To create the layout file +# that represents doxygen's defaults, run doxygen with the -l option. You can +# optionally specify a file name after the option, if omitted DoxygenLayout.xml +# will be used as the name of the layout file. +# +# Note that if you run doxygen from a directory containing a file called +# DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE +# tag is left empty. + +LAYOUT_FILE = + +# The CITE_BIB_FILES tag can be used to specify one or more bib files containing +# the reference definitions. This must be a list of .bib files. The .bib +# extension is automatically appended if omitted. This requires the bibtex tool +# to be installed. See also https://en.wikipedia.org/wiki/BibTeX for more info. +# For LaTeX the style of the bibliography can be controlled using +# LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the +# search path. See also \cite for info how to create references. + +CITE_BIB_FILES = + +#--------------------------------------------------------------------------- +# Configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated to +# standard output by doxygen. If QUIET is set to YES this implies that the +# messages are off. +# The default value is: NO. + +QUIET = NO + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated to standard error (stderr) by doxygen. If WARNINGS is set to YES +# this implies that the warnings are on. +# +# Tip: Turn warnings on while writing the documentation. +# The default value is: YES. + +WARNINGS = YES + +# If the WARN_IF_UNDOCUMENTED tag is set to YES then doxygen will generate +# warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag +# will automatically be disabled. +# The default value is: YES. + +WARN_IF_UNDOCUMENTED = YES + +# If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some parameters +# in a documented function, or documenting parameters that don't exist or using +# markup commands wrongly. +# The default value is: YES. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that +# are documented, but have no documentation for their parameters or return +# value. If set to NO, doxygen will only warn about wrong or incomplete +# parameter documentation, but not about the absence of documentation. If +# EXTRACT_ALL is set to YES then this flag will automatically be disabled. +# The default value is: NO. + +WARN_NO_PARAMDOC = NO + +# If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when +# a warning is encountered. +# The default value is: NO. + +WARN_AS_ERROR = NO + +# The WARN_FORMAT tag determines the format of the warning messages that doxygen +# can produce. The string should contain the $file, $line, and $text tags, which +# will be replaced by the file and line number from which the warning originated +# and the warning text. Optionally the format may contain $version, which will +# be replaced by the version of the file (if it could be obtained via +# FILE_VERSION_FILTER) +# The default value is: $file:$line: $text. + +WARN_FORMAT = "$file:$line: $text" + +# The WARN_LOGFILE tag can be used to specify a file to which warning and error +# messages should be written. If left blank the output is written to standard +# error (stderr). + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# Configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag is used to specify the files and/or directories that contain +# documented source files. You may enter file names like myfile.cpp or +# directories like /usr/src/myproject. Separate the files or directories with +# spaces. See also FILE_PATTERNS and EXTENSION_MAPPING +# Note: If this tag is empty the current directory is searched. + +INPUT = + +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses +# libiconv (or the iconv built into libc) for the transcoding. See the libiconv +# documentation (see: https://www.gnu.org/software/libiconv/) for the list of +# possible encodings. +# The default value is: UTF-8. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and +# *.h) to filter out the source-files in the directories. +# +# Note that for custom extensions or not directly supported extensions you also +# need to set EXTENSION_MAPPING for the extension otherwise the files are not +# read by doxygen. +# +# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp, +# *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, +# *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, +# *.m, *.markdown, *.md, *.mm, *.dox, *.py, *.pyw, *.f90, *.f95, *.f03, *.f08, +# *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf, *.qsf and *.ice. + +FILE_PATTERNS = *.cc \ + *.cxx \ + *.cpp \ + *.c++ \ + *.java \ + *.ii \ + *.ixx \ + *.ipp \ + *.i++ \ + *.inl \ + *.idl \ + *.ddl \ + *.odl \ + *.h \ + *.hh \ + *.hxx \ + *.hpp \ + *.h++ \ + *.cs \ + *.d \ + *.php \ + *.php4 \ + *.php5 \ + *.phtml \ + *.inc \ + *.m \ + *.markdown \ + *.md \ + *.mm \ + *.dox \ + *.py \ + *.pyw \ + *.f90 \ + *.f95 \ + *.f03 \ + *.f08 \ + *.f \ + *.for \ + *.tcl \ + *.vhd \ + *.vhdl \ + *.ucf \ + *.qsf \ + *.ice + +# The RECURSIVE tag can be used to specify whether or not subdirectories should +# be searched for input files as well. +# The default value is: NO. + +RECURSIVE = YES + +# The EXCLUDE tag can be used to specify files and/or directories that should be +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. +# +# Note that relative paths are relative to the directory from which doxygen is +# run. + +EXCLUDE = + +# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or +# directories that are symbolic links (a Unix file system feature) are excluded +# from the input. +# The default value is: NO. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. +# +# Note that the wildcards are matched against the file with absolute path, so to +# exclude all test directories for example use the pattern */test/* + +EXCLUDE_PATTERNS = */bearssl/** \ + */examples/** \ + */tools/** \ + */.travis/** \ + */docs/** \ + */config.h \ + */inner.h \ + bearssl* \ + */readme/** + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, +# AClass::ANamespace, ANamespace::*Test +# +# Note that the wildcards are matched against the file with absolute path, so to +# exclude all test directories use the pattern */test/* + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or directories +# that contain example code fragments that are included (see the \include +# command). + +EXAMPLE_PATH = + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and +# *.h) to filter out the source-files in the directories. If left blank all +# files are included. + +EXAMPLE_PATTERNS = * + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude commands +# irrespective of the value of the RECURSIVE tag. +# The default value is: NO. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or directories +# that contain images that are to be included in the documentation (see the +# \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command: +# +# +# +# where is the value of the INPUT_FILTER tag, and is the +# name of an input file. Doxygen will then use the output that the filter +# program writes to standard output. If FILTER_PATTERNS is specified, this tag +# will be ignored. +# +# Note that the filter must not add or remove lines; it is applied before the +# code is scanned, but not when the output code is generated. If lines are added +# or removed, the anchors will not be placed correctly. +# +# Note that for custom extensions or not directly supported extensions you also +# need to set EXTENSION_MAPPING for the extension otherwise the files are not +# properly processed by doxygen. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: pattern=filter +# (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how +# filters are used. If the FILTER_PATTERNS tag is empty or if none of the +# patterns match the file name, INPUT_FILTER is applied. +# +# Note that for custom extensions or not directly supported extensions you also +# need to set EXTENSION_MAPPING for the extension otherwise the files are not +# properly processed by doxygen. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will also be used to filter the input files that are used for +# producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES). +# The default value is: NO. + +FILTER_SOURCE_FILES = NO + +# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file +# pattern. A pattern will override the setting for FILTER_PATTERN (if any) and +# it is also possible to disable source filtering for a specific pattern using +# *.ext= (so without naming a filter). +# This tag requires that the tag FILTER_SOURCE_FILES is set to YES. + +FILTER_SOURCE_PATTERNS = + +# If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that +# is part of the input, its contents will be placed on the main page +# (index.html). This can be useful if you have a project on for instance GitHub +# and want to reuse the introduction page also for the doxygen output. + +USE_MDFILE_AS_MAINPAGE = README.md + +#--------------------------------------------------------------------------- +# Configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will be +# generated. Documented entities will be cross-referenced with these sources. +# +# Note: To get rid of all source code in the generated output, make sure that +# also VERBATIM_HEADERS is set to NO. +# The default value is: NO. + +SOURCE_BROWSER = NO + +# Setting the INLINE_SOURCES tag to YES will include the body of functions, +# classes and enums directly into the documentation. +# The default value is: NO. + +INLINE_SOURCES = NO + +# Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any +# special comment blocks from generated source code fragments. Normal C, C++ and +# Fortran comments will always remain visible. +# The default value is: YES. + +STRIP_CODE_COMMENTS = YES + +# If the REFERENCED_BY_RELATION tag is set to YES then for each documented +# entity all documented functions referencing it will be listed. +# The default value is: NO. + +REFERENCED_BY_RELATION = NO + +# If the REFERENCES_RELATION tag is set to YES then for each documented function +# all documented entities called/used by that function will be listed. +# The default value is: NO. + +REFERENCES_RELATION = NO + +# If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set +# to YES then the hyperlinks from functions in REFERENCES_RELATION and +# REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will +# link to the documentation. +# The default value is: YES. + +REFERENCES_LINK_SOURCE = YES + +# If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the +# source code will show a tooltip with additional information such as prototype, +# brief description and links to the definition and documentation. Since this +# will make the HTML file larger and loading of large files a bit slower, you +# can opt to disable this feature. +# The default value is: YES. +# This tag requires that the tag SOURCE_BROWSER is set to YES. + +SOURCE_TOOLTIPS = YES + +# If the USE_HTAGS tag is set to YES then the references to source code will +# point to the HTML generated by the htags(1) tool instead of doxygen built-in +# source browser. The htags tool is part of GNU's global source tagging system +# (see https://www.gnu.org/software/global/global.html). You will need version +# 4.8.6 or higher. +# +# To use it do the following: +# - Install the latest version of global +# - Enable SOURCE_BROWSER and USE_HTAGS in the configuration file +# - Make sure the INPUT points to the root of the source tree +# - Run doxygen as normal +# +# Doxygen will invoke htags (and that will in turn invoke gtags), so these +# tools must be available from the command line (i.e. in the search path). +# +# The result: instead of the source browser generated by doxygen, the links to +# source code will now point to the output of htags. +# The default value is: NO. +# This tag requires that the tag SOURCE_BROWSER is set to YES. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a +# verbatim copy of the header file for each class for which an include is +# specified. Set to NO to disable this. +# See also: Section \class. +# The default value is: YES. + +VERBATIM_HEADERS = YES + +# If the CLANG_ASSISTED_PARSING tag is set to YES then doxygen will use the +# clang parser (see: http://clang.llvm.org/) for more accurate parsing at the +# cost of reduced performance. This can be particularly helpful with template +# rich C++ code for which doxygen's built-in parser lacks the necessary type +# information. +# Note: The availability of this option depends on whether or not doxygen was +# generated with the -Duse_libclang=ON option for CMake. +# The default value is: NO. + +CLANG_ASSISTED_PARSING = NO + +# If clang assisted parsing is enabled you can provide the compiler with command +# line options that you would normally use when invoking the compiler. Note that +# the include paths will already be set by doxygen for the files and directories +# specified with INPUT and INCLUDE_PATH. +# This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES. + +CLANG_OPTIONS = + +# If clang assisted parsing is enabled you can provide the clang parser with the +# path to the compilation database (see: +# http://clang.llvm.org/docs/HowToSetupToolingForLLVM.html) used when the files +# were built. This is equivalent to specifying the "-p" option to a clang tool, +# such as clang-check. These options will then be passed to the parser. +# Note: The availability of this option depends on whether or not doxygen was +# generated with the -Duse_libclang=ON option for CMake. + +CLANG_DATABASE_PATH = + +#--------------------------------------------------------------------------- +# Configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all +# compounds will be generated. Enable this if the project contains a lot of +# classes, structs, unions or interfaces. +# The default value is: YES. + +ALPHABETICAL_INDEX = YES + +# The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in +# which the alphabetical index list will be split. +# Minimum value: 1, maximum value: 20, default value: 5. +# This tag requires that the tag ALPHABETICAL_INDEX is set to YES. + +COLS_IN_ALPHA_INDEX = 5 + +# In case all classes in a project start with a common prefix, all classes will +# be put under the same header in the alphabetical index. The IGNORE_PREFIX tag +# can be used to specify a prefix (or a list of prefixes) that should be ignored +# while generating the index headers. +# This tag requires that the tag ALPHABETICAL_INDEX is set to YES. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES, doxygen will generate HTML output +# The default value is: YES. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a +# relative path is entered the value of OUTPUT_DIRECTORY will be put in front of +# it. +# The default directory is: html. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_OUTPUT = . + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for each +# generated HTML page (for example: .htm, .php, .asp). +# The default value is: .html. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a user-defined HTML header file for +# each generated HTML page. If the tag is left blank doxygen will generate a +# standard header. +# +# To get valid HTML the header file that includes any scripts and style sheets +# that doxygen needs, which is dependent on the configuration options used (e.g. +# the setting GENERATE_TREEVIEW). It is highly recommended to start with a +# default header using +# doxygen -w html new_header.html new_footer.html new_stylesheet.css +# YourConfigFile +# and then modify the file new_header.html. See also section "Doxygen usage" +# for information on how to generate the default header that doxygen normally +# uses. +# Note: The header is subject to change so you typically have to regenerate the +# default header when upgrading to a newer version of doxygen. For a description +# of the possible markers and block names see the documentation. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each +# generated HTML page. If the tag is left blank doxygen will generate a standard +# footer. See HTML_HEADER for more information on how to generate a default +# footer and what special commands can be used inside the footer. See also +# section "Doxygen usage" for information on how to generate the default footer +# that doxygen normally uses. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading style +# sheet that is used by each HTML page. It can be used to fine-tune the look of +# the HTML output. If left blank doxygen will generate a default style sheet. +# See also section "Doxygen usage" for information on how to generate the style +# sheet that doxygen normally uses. +# Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as +# it is more robust and this tag (HTML_STYLESHEET) will in the future become +# obsolete. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_STYLESHEET = + +# The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined +# cascading style sheets that are included after the standard style sheets +# created by doxygen. Using this option one can overrule certain style aspects. +# This is preferred over using HTML_STYLESHEET since it does not replace the +# standard style sheet and is therefore more robust against future updates. +# Doxygen will copy the style sheet files to the output directory. +# Note: The order of the extra style sheet files is of importance (e.g. the last +# style sheet in the list overrules the setting of the previous ones in the +# list). For an example see the documentation. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_EXTRA_STYLESHEET = + +# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or +# other source files which should be copied to the HTML output directory. Note +# that these files will be copied to the base HTML output directory. Use the +# $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these +# files. In the HTML_STYLESHEET file, use the file name only. Also note that the +# files will be copied as-is; there are no commands or markers available. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_EXTRA_FILES = + +# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen +# will adjust the colors in the style sheet and background images according to +# this color. Hue is specified as an angle on a colorwheel, see +# https://en.wikipedia.org/wiki/Hue for more information. For instance the value +# 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300 +# purple, and 360 is red again. +# Minimum value: 0, maximum value: 359, default value: 220. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_COLORSTYLE_HUE = 220 + +# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors +# in the HTML output. For a value of 0 the output will use grayscales only. A +# value of 255 will produce the most vivid colors. +# Minimum value: 0, maximum value: 255, default value: 100. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_COLORSTYLE_SAT = 100 + +# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the +# luminance component of the colors in the HTML output. Values below 100 +# gradually make the output lighter, whereas values above 100 make the output +# darker. The value divided by 100 is the actual gamma applied, so 80 represents +# a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not +# change the gamma. +# Minimum value: 40, maximum value: 240, default value: 80. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_COLORSTYLE_GAMMA = 80 + +# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML +# page will contain the date and time when the page was generated. Setting this +# to YES can help to show when doxygen was last run and thus if the +# documentation is up to date. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_TIMESTAMP = NO + +# If the HTML_DYNAMIC_MENUS tag is set to YES then the generated HTML +# documentation will contain a main index with vertical navigation menus that +# are dynamically created via Javascript. If disabled, the navigation index will +# consists of multiple levels of tabs that are statically embedded in every HTML +# page. Disable this option to support browsers that do not have Javascript, +# like the Qt help browser. +# The default value is: YES. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_DYNAMIC_MENUS = YES + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_DYNAMIC_SECTIONS = NO + +# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries +# shown in the various tree structured indices initially; the user can expand +# and collapse entries dynamically later on. Doxygen will expand the tree to +# such a level that at most the specified number of entries are visible (unless +# a fully collapsed tree already exceeds this amount). So setting the number of +# entries 1 will produce a full collapsed tree by default. 0 is a special value +# representing an infinite number of entries and will result in a full expanded +# tree by default. +# Minimum value: 0, maximum value: 9999, default value: 100. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_INDEX_NUM_ENTRIES = 100 + +# If the GENERATE_DOCSET tag is set to YES, additional index files will be +# generated that can be used as input for Apple's Xcode 3 integrated development +# environment (see: https://developer.apple.com/xcode/), introduced with OSX +# 10.5 (Leopard). To create a documentation set, doxygen will generate a +# Makefile in the HTML output directory. Running make will produce the docset in +# that directory and running make install will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at +# startup. See https://developer.apple.com/library/archive/featuredarticles/Doxy +# genXcode/_index.html for more information. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_DOCSET = NO + +# This tag determines the name of the docset feed. A documentation feed provides +# an umbrella under which multiple documentation sets from a single provider +# (such as a company or product suite) can be grouped. +# The default value is: Doxygen generated docs. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_FEEDNAME = "Doxygen generated docs" + +# This tag specifies a string that should uniquely identify the documentation +# set bundle. This should be a reverse domain-name style string, e.g. +# com.mycompany.MyDocSet. Doxygen will append .docset to the name. +# The default value is: org.doxygen.Project. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_BUNDLE_ID = org.doxygen.Project + +# The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify +# the documentation publisher. This should be a reverse domain-name style +# string, e.g. com.mycompany.MyDocSet.documentation. +# The default value is: org.doxygen.Publisher. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_PUBLISHER_ID = org.doxygen.Publisher + +# The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher. +# The default value is: Publisher. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_PUBLISHER_NAME = Publisher + +# If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three +# additional HTML index files: index.hhp, index.hhc, and index.hhk. The +# index.hhp is a project file that can be read by Microsoft's HTML Help Workshop +# (see: https://www.microsoft.com/en-us/download/details.aspx?id=21138) on +# Windows. +# +# The HTML Help Workshop contains a compiler that can convert all HTML output +# generated by doxygen into a single compiled HTML file (.chm). Compiled HTML +# files are now used as the Windows 98 help format, and will replace the old +# Windows help format (.hlp) on all Windows platforms in the future. Compressed +# HTML files also contain an index, a table of contents, and you can search for +# words in the documentation. The HTML workshop also contains a viewer for +# compressed HTML files. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_HTMLHELP = NO + +# The CHM_FILE tag can be used to specify the file name of the resulting .chm +# file. You can add a path in front of the file if the result should not be +# written to the html output directory. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +CHM_FILE = + +# The HHC_LOCATION tag can be used to specify the location (absolute path +# including file name) of the HTML help compiler (hhc.exe). If non-empty, +# doxygen will try to run the HTML help compiler on the generated index.hhp. +# The file has to be specified with full path. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +HHC_LOCATION = + +# The GENERATE_CHI flag controls if a separate .chi index file is generated +# (YES) or that it should be included in the master .chm file (NO). +# The default value is: NO. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +GENERATE_CHI = NO + +# The CHM_INDEX_ENCODING is used to encode HtmlHelp index (hhk), content (hhc) +# and project file content. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +CHM_INDEX_ENCODING = + +# The BINARY_TOC flag controls whether a binary table of contents is generated +# (YES) or a normal table of contents (NO) in the .chm file. Furthermore it +# enables the Previous and Next buttons. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members to +# the table of contents of the HTML help documentation and to the tree view. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +TOC_EXPAND = NO + +# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and +# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that +# can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help +# (.qch) of the generated HTML documentation. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_QHP = NO + +# If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify +# the file name of the resulting .qch file. The path specified is relative to +# the HTML output folder. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QCH_FILE = + +# The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help +# Project output. For more information please see Qt Help Project / Namespace +# (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#namespace). +# The default value is: org.doxygen.Project. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_NAMESPACE = org.doxygen.Project + +# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt +# Help Project output. For more information please see Qt Help Project / Virtual +# Folders (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#virtual- +# folders). +# The default value is: doc. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_VIRTUAL_FOLDER = doc + +# If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom +# filter to add. For more information please see Qt Help Project / Custom +# Filters (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom- +# filters). +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_CUST_FILTER_NAME = + +# The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the +# custom filter to add. For more information please see Qt Help Project / Custom +# Filters (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom- +# filters). +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_CUST_FILTER_ATTRS = + +# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this +# project's filter section matches. Qt Help Project / Filter Attributes (see: +# http://doc.qt.io/archives/qt-4.8/qthelpproject.html#filter-attributes). +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_SECT_FILTER_ATTRS = + +# The QHG_LOCATION tag can be used to specify the location of Qt's +# qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the +# generated .qhp file. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHG_LOCATION = + +# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be +# generated, together with the HTML files, they form an Eclipse help plugin. To +# install this plugin and make it available under the help contents menu in +# Eclipse, the contents of the directory containing the HTML and XML files needs +# to be copied into the plugins directory of eclipse. The name of the directory +# within the plugins directory should be the same as the ECLIPSE_DOC_ID value. +# After copying Eclipse needs to be restarted before the help appears. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_ECLIPSEHELP = NO + +# A unique identifier for the Eclipse help plugin. When installing the plugin +# the directory name containing the HTML and XML files should also have this +# name. Each documentation set should have its own identifier. +# The default value is: org.doxygen.Project. +# This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES. + +ECLIPSE_DOC_ID = org.doxygen.Project + +# If you want full control over the layout of the generated HTML pages it might +# be necessary to disable the index and replace it with your own. The +# DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top +# of each HTML page. A value of NO enables the index and the value YES disables +# it. Since the tabs in the index contain the same information as the navigation +# tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +DISABLE_INDEX = NO + +# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index +# structure should be generated to display hierarchical information. If the tag +# value is set to YES, a side panel will be generated containing a tree-like +# index structure (just like the one that is generated for HTML Help). For this +# to work a browser that supports JavaScript, DHTML, CSS and frames is required +# (i.e. any modern browser). Windows users are probably better off using the +# HTML help feature. Via custom style sheets (see HTML_EXTRA_STYLESHEET) one can +# further fine-tune the look of the index. As an example, the default style +# sheet generated by doxygen has an example that shows how to put an image at +# the root of the tree instead of the PROJECT_NAME. Since the tree basically has +# the same information as the tab index, you could consider setting +# DISABLE_INDEX to YES when enabling this option. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_TREEVIEW = YES + +# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that +# doxygen will group on one line in the generated HTML documentation. +# +# Note that a value of 0 will completely suppress the enum values from appearing +# in the overview section. +# Minimum value: 0, maximum value: 20, default value: 4. +# This tag requires that the tag GENERATE_HTML is set to YES. + +ENUM_VALUES_PER_LINE = 4 + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used +# to set the initial width (in pixels) of the frame in which the tree is shown. +# Minimum value: 0, maximum value: 1500, default value: 250. +# This tag requires that the tag GENERATE_HTML is set to YES. + +TREEVIEW_WIDTH = 250 + +# If the EXT_LINKS_IN_WINDOW option is set to YES, doxygen will open links to +# external symbols imported via tag files in a separate window. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +EXT_LINKS_IN_WINDOW = NO + +# Use this tag to change the font size of LaTeX formulas included as images in +# the HTML documentation. When you change the font size after a successful +# doxygen run you need to manually remove any form_*.png images from the HTML +# output directory to force them to be regenerated. +# Minimum value: 8, maximum value: 50, default value: 10. +# This tag requires that the tag GENERATE_HTML is set to YES. + +FORMULA_FONTSIZE = 10 + +# Use the FORMULA_TRANSPARENT tag to determine whether or not the images +# generated for formulas are transparent PNGs. Transparent PNGs are not +# supported properly for IE 6.0, but are supported on all modern browsers. +# +# Note that when changing this option you need to delete any form_*.png files in +# the HTML output directory before the changes have effect. +# The default value is: YES. +# This tag requires that the tag GENERATE_HTML is set to YES. + +FORMULA_TRANSPARENT = YES + +# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see +# https://www.mathjax.org) which uses client side Javascript for the rendering +# instead of using pre-rendered bitmaps. Use this if you do not have LaTeX +# installed or if you want to formulas look prettier in the HTML output. When +# enabled you may also need to install MathJax separately and configure the path +# to it using the MATHJAX_RELPATH option. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +USE_MATHJAX = NO + +# When MathJax is enabled you can set the default output format to be used for +# the MathJax output. See the MathJax site (see: +# http://docs.mathjax.org/en/latest/output.html) for more details. +# Possible values are: HTML-CSS (which is slower, but has the best +# compatibility), NativeMML (i.e. MathML) and SVG. +# The default value is: HTML-CSS. +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_FORMAT = HTML-CSS + +# When MathJax is enabled you need to specify the location relative to the HTML +# output directory using the MATHJAX_RELPATH option. The destination directory +# should contain the MathJax.js script. For instance, if the mathjax directory +# is located at the same level as the HTML output directory, then +# MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax +# Content Delivery Network so you can quickly see the result without installing +# MathJax. However, it is strongly recommended to install a local copy of +# MathJax from https://www.mathjax.org before deployment. +# The default value is: https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/. +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_RELPATH = https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/ + +# The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax +# extension names that should be enabled during MathJax rendering. For example +# MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_EXTENSIONS = + +# The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces +# of code that will be used on startup of the MathJax code. See the MathJax site +# (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an +# example see the documentation. +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_CODEFILE = + +# When the SEARCHENGINE tag is enabled doxygen will generate a search box for +# the HTML output. The underlying search engine uses javascript and DHTML and +# should work on any modern browser. Note that when using HTML help +# (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET) +# there is already a search function so this one should typically be disabled. +# For large projects the javascript based search engine can be slow, then +# enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to +# search using the keyboard; to jump to the search box use + S +# (what the is depends on the OS and browser, but it is typically +# , /