Skip to content

Commit

Permalink
Merge pull request #2663 from cesanta/tls
Browse files Browse the repository at this point in the history
TLS client implementation
  • Loading branch information
scaprile authored Mar 25, 2024
2 parents 7a5cf11 + ba678b9 commit d042697
Show file tree
Hide file tree
Showing 27 changed files with 5,957 additions and 4,345 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/quicktest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ jobs:
matrix:
cc: [gcc, clang++]
target: [test, mip_test]
ssl: ["", MBEDTLS]
name: linux ${{ matrix.target }} CC=${{ matrix.cc }} SSL=${{ matrix.ssl }}}
ssl: ["", MBEDTLS, BUILTIN]
name: linux ${{ matrix.target }} CC=${{ matrix.cc }} SSL=${{ matrix.ssl }}
env:
CC: ${{ matrix.cc }}
SSL: ${{ matrix.ssl }}
Expand Down Expand Up @@ -57,7 +57,7 @@ jobs:
strategy:
fail-fast: false
matrix:
ssl: ["", MBEDTLS]
ssl: ["", MBEDTLS, BUILTIN]
name: macos SSL=${{ matrix.ssl }}
env:
SSL: ${{ matrix.ssl }}
Expand Down
10 changes: 7 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,10 @@ CFLAGS += -DMG_TLS=MG_TLS_OPENSSL -I$(OPENSSL)/include
LDFLAGS += -L$(OPENSSL)/lib -lssl -lcrypto
endif

ifeq "$(SSL)" "BUILTIN"
CFLAGS += -DMG_TLS=MG_TLS_BUILTIN
endif

all:
$(MAKE) -C examples/http-server

Expand Down Expand Up @@ -75,9 +79,9 @@ examples_win:
clean_examples_win:
$(foreach X, $(EXAMPLES_WIN), $(MAKE) -C $(X) clean &)

test/packed_fs.c: Makefile src/ssi.h test/fuzz.c test/data/a.txt test/data/ca.pem
test/packed_fs.c: Makefile src/ssi.h test/fuzz.c test/data/a.txt test/data/ca.pem test/certs/ca.crt test/certs/server.crt test/certs/server.key
$(CC) $(CFLAGS) test/pack.c -o pack
$(RUN) ./pack Makefile src/ssi.h test/fuzz.c test/data/a.txt test/data/range.txt test/data/ca.pem > $@
$(RUN) ./pack Makefile src/ssi.h test/fuzz.c test/data/a.txt test/data/range.txt test/data/ca.pem test/certs/ca.crt test/certs/server.crt test/certs/server.key test/certs/client.key test/certs/client.crt > $@

# Check that all external (exported) symbols have "mg_" prefix
mg_prefix: mongoose.c mongoose.h
Expand Down Expand Up @@ -184,7 +188,7 @@ mongoose.c: Makefile $(wildcard src/*.c) $(wildcard src/drivers/*.c)
(export LC_ALL=C ; cat src/license.h; echo; echo '#include "mongoose.h"' ; (for F in src/*.c src/drivers/*.c ; do echo; echo '#ifdef MG_ENABLE_LINES'; echo "#line 1 \"$$F\""; echo '#endif'; cat $$F | sed -e 's,#include ".*,,'; done))> $@

mongoose.h: $(HDRS) Makefile
(cat src/license.h; echo; echo '#ifndef MONGOOSE_H'; echo '#define MONGOOSE_H'; echo; cat src/version.h ; echo; echo '#ifdef __cplusplus'; echo 'extern "C" {'; echo '#endif'; cat src/arch.h src/arch_*.h src/net_ft.h src/net_lwip.h src/net_rl.h src/config.h src/str.h src/queue.h src/fmt.h src/printf.h src/log.h src/timer.h src/fs.h src/util.h src/url.h src/iobuf.h src/base64.h src/md5.h src/sha1.h src/sha256.h src/tls_aes128.h src/tls_uecc.h src/event.h src/net.h src/http.h src/ssi.h src/tls.h src/tls_mbed.h src/tls_openssl.h src/ws.h src/sntp.h src/mqtt.h src/dns.h src/json.h src/rpc.h src/ota.h src/device.h src/net_builtin.h src/profile.h src/drivers/*.h | sed -e '/keep/! s,#include ".*,,' -e 's,^#pragma once,,'; echo; echo '#ifdef __cplusplus'; echo '}'; echo '#endif'; echo '#endif // MONGOOSE_H')> $@
(cat src/license.h; echo; echo '#ifndef MONGOOSE_H'; echo '#define MONGOOSE_H'; echo; cat src/version.h ; echo; echo '#ifdef __cplusplus'; echo 'extern "C" {'; echo '#endif'; cat src/arch.h src/arch_*.h src/net_ft.h src/net_lwip.h src/net_rl.h src/config.h src/str.h src/queue.h src/fmt.h src/printf.h src/log.h src/timer.h src/fs.h src/util.h src/url.h src/iobuf.h src/base64.h src/md5.h src/sha1.h src/sha256.h src/tls_x25519.h src/tls_aes128.h src/tls_uecc.h src/event.h src/net.h src/http.h src/ssi.h src/tls.h src/tls_mbed.h src/tls_openssl.h src/ws.h src/sntp.h src/mqtt.h src/dns.h src/json.h src/rpc.h src/ota.h src/device.h src/net_builtin.h src/profile.h src/drivers/*.h | sed -e '/keep/! s,#include ".*,,' -e 's,^#pragma once,,'; echo; echo '#ifdef __cplusplus'; echo '}'; echo '#endif'; echo '#endif // MONGOOSE_H')> $@


clean: clean_examples clean_embedded
Expand Down
4,317 changes: 2,629 additions & 1,688 deletions mongoose.c

Large diffs are not rendered by default.

753 changes: 292 additions & 461 deletions mongoose.h

Large diffs are not rendered by default.

10 changes: 6 additions & 4 deletions src/drivers/phy.c
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ enum {
MG_PHY_KSZ8x_REG_PC2R = 31,
MG_PHY_LAN87x_REG_SCSR = 31,
MG_PHY_RTL8201_REG_RMSR = 16, // in page 7
MG_PHY_RTL8201_REG_PAGESEL = 31,
MG_PHY_RTL8201_REG_PAGESEL = 31
};

static const char *mg_phy_id_to_str(uint16_t id1, uint16_t id2) {
Expand All @@ -39,11 +39,12 @@ static const char *mg_phy_id_to_str(uint16_t id1, uint16_t id2) {
}

void mg_phy_init(struct mg_phy *phy, uint8_t phy_addr, uint8_t config) {
uint16_t id1, id2;
phy->write_reg(phy_addr, MG_PHY_REG_BCR, MG_BIT(15)); // Reset PHY
phy->write_reg(phy_addr, MG_PHY_REG_BCR, MG_BIT(12)); // Autonegotiation

uint16_t id1 = phy->read_reg(phy_addr, MG_PHY_REG_ID1);
uint16_t id2 = phy->read_reg(phy_addr, MG_PHY_REG_ID2);
id1 = phy->read_reg(phy_addr, MG_PHY_REG_ID1);
id2 = phy->read_reg(phy_addr, MG_PHY_REG_ID2);
MG_INFO(("PHY ID: %#04x %#04x (%s)", id1, id2, mg_phy_id_to_str(id1, id2)));

if (config & MG_PHY_CLOCKS_MAC) {
Expand Down Expand Up @@ -76,10 +77,11 @@ void mg_phy_init(struct mg_phy *phy, uint8_t phy_addr, uint8_t config) {

bool mg_phy_up(struct mg_phy *phy, uint8_t phy_addr, bool *full_duplex,
uint8_t *speed) {
bool up = false;
uint16_t bsr = phy->read_reg(phy_addr, MG_PHY_REG_BSR);
if ((bsr & MG_BIT(5)) && !(bsr & MG_BIT(2))) // some PHYs latch down events
bsr = phy->read_reg(phy_addr, MG_PHY_REG_BSR); // read again
bool up = bsr & MG_BIT(2);
up = bsr & MG_BIT(2);
if (up && full_duplex != NULL && speed != NULL) {
uint16_t id1 = phy->read_reg(phy_addr, MG_PHY_REG_ID1);
if (id1 == MG_PHY_DP83x) {
Expand Down
2 changes: 1 addition & 1 deletion src/drivers/phy.h
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ enum {
MG_PHY_LEDS_ACTIVE_HIGH =
(1 << 0), // Set if PHY LEDs are connected to ground
MG_PHY_CLOCKS_MAC =
(1 << 1), // Set when PHY clocks MAC. Otherwise, MAC clocks PHY
(1 << 1) // Set when PHY clocks MAC. Otherwise, MAC clocks PHY
};

enum { MG_PHY_SPEED_10M, MG_PHY_SPEED_100M, MG_PHY_SPEED_1000M };
Expand Down
15 changes: 11 additions & 4 deletions src/sha256.c
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
// https://github.com/B-Con/crypto-algorithms
// Author: Brad Conte (brad AT bradconte.com)
// Disclaimer: This code is presented "as is" without any guarantees.
// Details: Defines the API for the corresponding SHA1 implementation.
// Copyright: public domain

#include "sha256.h"

#define ror(x, n) (((x) >> (n)) | ((x) << (32 - (n))))
Expand Down Expand Up @@ -39,8 +45,10 @@ static void mg_sha256_chunk(mg_sha256_ctx *ctx) {
uint32_t a, b, c, d, e, f, g, h;
uint32_t m[64];
for (i = 0, j = 0; i < 16; ++i, j += 4)
m[i] = (uint32_t) ((ctx->buffer[j] << 24) | (ctx->buffer[j + 1] << 16) |
(ctx->buffer[j + 2] << 8) | (ctx->buffer[j + 3]));
m[i] = (uint32_t) (((uint32_t) ctx->buffer[j] << 24) |
((uint32_t) ctx->buffer[j + 1] << 16) |
((uint32_t) ctx->buffer[j + 2] << 8) |
((uint32_t) ctx->buffer[j + 3]));
for (; i < 64; ++i)
m[i] = sig1(m[i - 2]) + m[i - 7] + sig0(m[i - 15]) + m[i - 16];

Expand Down Expand Up @@ -138,7 +146,7 @@ void mg_hmac_sha256(uint8_t dst[32], uint8_t *key, size_t keysz, uint8_t *data,
memset(i_pad, 0x36, sizeof(i_pad));
memset(o_pad, 0x5c, sizeof(o_pad));
if (keysz < 64) {
memmove(k, key, keysz);
if (keysz > 0) memmove(k, key, keysz);
} else {
mg_sha256_init(&ctx);
mg_sha256_update(&ctx, key, keysz);
Expand All @@ -157,4 +165,3 @@ void mg_hmac_sha256(uint8_t dst[32], uint8_t *key, size_t keysz, uint8_t *data,
mg_sha256_update(&ctx, dst, 32);
mg_sha256_final(dst, &ctx);
}

6 changes: 6 additions & 0 deletions src/sha256.h
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
// https://github.com/B-Con/crypto-algorithms
// Author: Brad Conte (brad AT bradconte.com)
// Disclaimer: This code is presented "as is" without any guarantees.
// Details: Defines the API for the corresponding SHA1 implementation.
// Copyright: public domain

#pragma once

#include "arch.h"
Expand Down
9 changes: 5 additions & 4 deletions src/tls.h
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,11 @@
#include "tls_openssl.h"

struct mg_tls_opts {
struct mg_str ca; // PEM or DER
struct mg_str cert; // PEM or DER
struct mg_str key; // PEM or DER
struct mg_str name; // If not empty, enable host name verification
struct mg_str ca; // PEM or DER
struct mg_str cert; // PEM or DER
struct mg_str key; // PEM or DER
struct mg_str name; // If not empty, enable host name verification
int skip_verification; // Skip certificate and host name verification
};

void mg_tls_init(struct mg_connection *, const struct mg_tls_opts *opts);
Expand Down
Loading

0 comments on commit d042697

Please sign in to comment.