diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 312cd01..8399171 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -19,6 +19,7 @@ jobs: - name: compile runtime run: | make ARCH=${{ matrix.platform }} lo +# ./lo build binding core - name: check if: ${{ matrix.platform == 'x64' }} run: | @@ -45,6 +46,7 @@ jobs: - name: compile run: | make lo +# ./lo build binding core - name: check run: | make check diff --git a/Makefile b/Makefile index 533380e..943eff8 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ CCARGS=-std=c++17 -c -fno-omit-frame-pointer -fno-rtti -fno-exceptions CARGS=-c -fno-omit-frame-pointer WARN=-Werror -Wpedantic -Wall -Wextra -Wno-unused-parameter OPT=-O3 -VERSION=0.0.9-pre +VERSION=0.0.10-pre V8_VERSION=1.0.0 RUNTIME=lo LO_HOME=$(shell pwd) @@ -45,6 +45,13 @@ ifneq ($(os),win) rm -f v8-include.tar.gz endif +v8/src: ## download the v8 source code for debugging + curl -L -o v8-src.tar.gz https://github.com/just-js/v8/releases/download/${V8_VERSION}/src.tar.gz + tar -xf v8-src.tar.gz +ifneq ($(os),win) + rm -f v8-src.tar.gz +endif + v8/libv8_monolith.a: ## download the v8 static libary for linux/macos curl -L -o v8/libv8_monolith.a.gz https://github.com/just-js/v8/releases/download/${V8_VERSION}/libv8_monolith-${os}-${ARCH}.a.gz gzip -d v8/libv8_monolith.a.gz diff --git a/TODO.md b/TODO.md index 97b1bad..39bfa09 100644 --- a/TODO.md +++ b/TODO.md @@ -59,6 +59,9 @@ - [ ] **bug**: for static libraries, we need to compile without -fPIC: https://stackoverflow.com/questions/28187163/how-do-you-link-a-static-library-to-a-shared-library - [ ] **todo**: change inflate builder to download the depencies rather than having them embedded in the runtime - [ ] **todo**: we need an SSE4 alternative (NEON?) for arm64 for picohttpparser +- [ ] **todo**: handle bindings methods that are optional based on defines +- [ ] **todo**: think about how we handle fork. can we handle it? +- [ ] **bug**: we open file twice with the LO_HOME core loader - refactor this so it works better ## features diff --git a/builtins.S b/builtins.S index 498f623..61e604c 100644 --- a/builtins.S +++ b/builtins.S @@ -33,16 +33,16 @@ __binary_lib_path_js_start: .incbin "lib/path.js" .global __binary_lib_path_js_end __binary_lib_path_js_end: -.global __binary_lib_inflate_js_start -__binary_lib_inflate_js_start: - .incbin "lib/inflate.js" - .global __binary_lib_inflate_js_end -__binary_lib_inflate_js_end: .global __binary_lib_curl_js_start __binary_lib_curl_js_start: .incbin "lib/curl.js" .global __binary_lib_curl_js_end __binary_lib_curl_js_end: +.global __binary_lib_inflate_js_start +__binary_lib_inflate_js_start: + .incbin "lib/inflate.js" + .global __binary_lib_inflate_js_end +__binary_lib_inflate_js_end: .global __binary_lib_build_js_start __binary_lib_build_js_start: .incbin "lib/build.js" @@ -118,16 +118,6 @@ __binary_lib_lz4_api_js_start: .incbin "lib/lz4/api.js" .global __binary_lib_lz4_api_js_end __binary_lib_lz4_api_js_end: -.global __binary_lib_inflate_em_inflate_c_start -__binary_lib_inflate_em_inflate_c_start: - .incbin "lib/inflate/em_inflate.c" - .global __binary_lib_inflate_em_inflate_c_end -__binary_lib_inflate_em_inflate_c_end: -.global __binary_lib_inflate_em_inflate_h_start -__binary_lib_inflate_em_inflate_h_start: - .incbin "lib/inflate/em_inflate.h" - .global __binary_lib_inflate_em_inflate_h_end -__binary_lib_inflate_em_inflate_h_end: .global __binary_lib_mbedtls_api_js_start __binary_lib_mbedtls_api_js_start: .incbin "lib/mbedtls/api.js" diff --git a/builtins_linux.S b/builtins_linux.S index f3dae9a..7c8858a 100644 --- a/builtins_linux.S +++ b/builtins_linux.S @@ -33,16 +33,16 @@ _binary_lib_path_js_start: .incbin "lib/path.js" .global _binary_lib_path_js_end _binary_lib_path_js_end: -.global _binary_lib_inflate_js_start -_binary_lib_inflate_js_start: - .incbin "lib/inflate.js" - .global _binary_lib_inflate_js_end -_binary_lib_inflate_js_end: .global _binary_lib_curl_js_start _binary_lib_curl_js_start: .incbin "lib/curl.js" .global _binary_lib_curl_js_end _binary_lib_curl_js_end: +.global _binary_lib_inflate_js_start +_binary_lib_inflate_js_start: + .incbin "lib/inflate.js" + .global _binary_lib_inflate_js_end +_binary_lib_inflate_js_end: .global _binary_lib_build_js_start _binary_lib_build_js_start: .incbin "lib/build.js" @@ -118,16 +118,6 @@ _binary_lib_lz4_api_js_start: .incbin "lib/lz4/api.js" .global _binary_lib_lz4_api_js_end _binary_lib_lz4_api_js_end: -.global _binary_lib_inflate_em_inflate_c_start -_binary_lib_inflate_em_inflate_c_start: - .incbin "lib/inflate/em_inflate.c" - .global _binary_lib_inflate_em_inflate_c_end -_binary_lib_inflate_em_inflate_c_end: -.global _binary_lib_inflate_em_inflate_h_start -_binary_lib_inflate_em_inflate_h_start: - .incbin "lib/inflate/em_inflate.h" - .global _binary_lib_inflate_em_inflate_h_end -_binary_lib_inflate_em_inflate_h_end: .global _binary_lib_mbedtls_api_js_start _binary_lib_mbedtls_api_js_start: .incbin "lib/mbedtls/api.js" diff --git a/globals.d.ts b/globals.d.ts index 3908a82..d772ec5 100644 --- a/globals.d.ts +++ b/globals.d.ts @@ -33,6 +33,15 @@ interface RuntimeVersion { interface Core { open(path: string, flags: number, mode: number); + dlsym(handle: number, name: string): number; + dlopen(path: string, flags: number): number; + strnlen(str: string, size: number); + readFile(path: string): Uint8Array; +} + +declare class CString extends Uint8Array { + ptr: number; + size: number; } interface Runtime { @@ -46,7 +55,7 @@ interface Runtime { libraries(): Array; builtins(): Array; assert(expression: any, message?: string | Function): any; - cstr(str: string): Uint8Array; + cstr(str: string): CString; load(name: string): any; library(name: string): any; /** @@ -63,11 +72,10 @@ interface Runtime { utf8EncodeInto(str: string, buf: TypedArray): number; utf8EncodeIntoAtOffset(str: string, buf: TypedArray, off: number): number; utf8Decode(address: number, len?: number): string; + latin1Decode(address: number, len?: number): string; utf8Encode(str: sring): TypedArray; wrap(handle: TypedArray, fn: Function, plen: number): function; addr(handle: TypedArray): number; - dlsym(handle: number, name: string): number; - dlopen(path: string, flags: number): number; version: RuntimeVersion; args: Array; workerSource: string; diff --git a/lib/build.js b/lib/build.js index c5ca123..5e696b8 100644 --- a/lib/build.js +++ b/lib/build.js @@ -80,6 +80,7 @@ async function compile_bindings (lib, verbose = false) { const lib_dir = `lib/${lib}` const binding_path = `${lib_dir}/api.js` + // todo: download the lib if we don't have it internally console.log(`${AM}compile binding${AD} ${lib} ${AY}in${AD} ${lib_dir}`) if (!isDir(lib_dir) && lo.builtins().includes(binding_path)) { console.log(`${AM}create dir${AD} ${lib_dir}`) @@ -95,12 +96,16 @@ async function compile_bindings (lib, verbose = false) { console.log(`${AY}create ${AD} ${lib_dir}/${def.name}.cc`) writeFile(`${lib_dir}/${def.name}.cc`, encoder.encode(src)) - console.log(`${AY}change dir to ${AD} ${lib_dir}`) - assert(chdir(lib_dir) === 0) - - if (def.build) { + const binding_build_path = `${lib_dir}/build.js` + if (isFile(binding_build_path)) { console.log(`${AM}building dependencies${AD} ${lib} ${AY}in${AD} ${lib_dir}`) - await def.build(C, CC) + const { build } = await import (binding_build_path) + console.log(`${AY}change dir to ${AD} ${lib_dir}`) + assert(chdir(lib_dir) === 0) + await build(C, CC) + } else { + console.log(`${AY}change dir to ${AD} ${lib_dir}`) + assert(chdir(lib_dir) === 0) } console.log(`${AY}compile${AD} ${def.name}.cc ${AY}with${AG} ${CC}${AD}`) @@ -112,7 +117,8 @@ async function compile_bindings (lib, verbose = false) { console.log(`${AY}static lib ${AD} ${def.name}.a`) unlink(`${def.name}.a`) if (def.obj && def.obj.length) { - exec2(['ar', 'crsT', `${def.name}.a`, `${def.name}.o`, ...def.obj.filter(f => extName(f) === 'o')], verbose) + exec2(['ar', 'crsT', `${def.name}.a`, `${def.name}.o`, + ...def.obj.filter(f => extName(f) === 'o')], verbose) } else { exec2(['ar', 'crsT', `${def.name}.a`, `${def.name}.o`], verbose) } @@ -123,14 +129,16 @@ async function compile_bindings (lib, verbose = false) { unlink(`${def.name}.so`) if (os === 'mac') { exec2([...LINK.split(' '), ...LARGS, OPT, '-bundle', ...WARN, '-o', - `${def.name}.so`, `${def.name}.o`, ...(def.obj || []).filter(f => extName(f) === 'a'), + `${def.name}.so`, `${def.name}.o`, + ...(def.obj || []).filter(f => extName(f) === 'a'), ...(def.libs || []).map(l => `-l${l}`)], verbose) } else if (os === 'linux') { // todo: why do we not include .o obj files here? // confused by this. why does linking against the .a file not work? exec2([...LINK.split(' '), ...LARGS, OPT, '-shared', ...WARN, '-o', - `${def.name}.so`, `${def.name}.o`, ...(def.obj || []).filter(f => extName(f) === 'a'), + `${def.name}.so`, `${def.name}.o`, + ...(def.obj || []).filter(f => extName(f) === 'a'), ...(def.libs || []).map(l => `-l${l}`)], verbose) } @@ -145,28 +153,26 @@ function create_builtins (libs = [], os) { // config.os = 'win' // writeFile(`${LO_HOME}/builtins.h`, encoder.encode([`main.js`, ...libs].map(linkerScript).join(''))) config.os = 'linux' - writeFile(`${LO_HOME}/builtins_linux.S`, encoder.encode([`main.js`, ...libs].map(linkerScript).join(''))) + writeFile(`${LO_HOME}/builtins_linux.S`, + encoder.encode([`main.js`, ...libs].map(linkerScript).join(''))) config.os = 'mac' - writeFile(`${LO_HOME}/builtins.S`, encoder.encode([`main.js`, ...libs].map(linkerScript).join(''))) + writeFile(`${LO_HOME}/builtins.S`, + encoder.encode([`main.js`, ...libs].map(linkerScript).join(''))) config.os = os } -/* -function create_header (libs = [], bindings = [], opts) { - const main_h = headerFile([...libs, ...bindings.map(n => `lib/${n}/${n}.a`)], opts) - writeFile(`${LO_HOME}/main.h`, encoder.encode(main_h)) -} -*/ - function create_header (libs = [], bindings = [], opts) { const os = config.os config.os = 'win' - writeFile(`${LO_HOME}/main_win.h`, encoder.encode(headerFile([...libs, ...bindings.map(n => `lib/${n}/${n}.a`)], opts))) + writeFile(`${LO_HOME}/main_win.h`, encoder.encode(headerFile([...libs, + ...bindings.map(n => `lib/${n}/${n}.a`)], opts))) config.os = os - writeFile(`${LO_HOME}/main.h`, encoder.encode(headerFile([...libs, ...bindings.map(n => `lib/${n}/${n}.a`)], opts))) + writeFile(`${LO_HOME}/main.h`, encoder.encode(headerFile([...libs, + ...bindings.map(n => `lib/${n}/${n}.a`)], opts))) } -async function build_runtime ({ libs = lo.builtins(), bindings = lo.libraries(), embeds = [] }, verbose = false) { +async function build_runtime ({ libs = lo.builtins(), bindings = lo.libraries(), + embeds = [] }, verbose = false) { const cwd = getcwd() console.log(`${AY}create${AD} builtins`) create_builtins([...libs, ...embeds], config.os) @@ -232,7 +238,7 @@ const encoder = new TextEncoder() const status = new Int32Array(2) // todo: clean up api so we can pass a config in and run builds through api -const VERSION = getenv('VERSION') || '"0.0.9pre"' +const VERSION = getenv('VERSION') || '"0.0.10pre"' const RUNTIME = getenv('RUNTIME') || '"lo"' const TARGET = getenv('TARGET') || 'lo' const LINK_TYPE = (getenv('LINK_TYPE') || '-rdynamic').split(' ') @@ -263,10 +269,6 @@ config.os = os const so_ext = (os === 'linux' ? 'so' : (os === 'mac' ? 'dylib' : 'dll')) const runtimes = { - custom: { - bindings: [], - libs: [] - }, core: { bindings: [ 'core' @@ -274,11 +276,24 @@ const runtimes = { libs: [] }, builder: { - bindings: ['core', 'inflate', 'curl'], + bindings: [ + 'core', + 'inflate', + 'curl', + ], libs: [ - 'lib/bench.js', 'lib/gen.js', 'lib/fs.js', 'lib/untar.js', 'lib/proc.js', - 'lib/path.js', 'lib/inflate.js', 'lib/curl.js', 'lib/build.js', - 'lib/asm.js', 'lib/ffi.js', 'lib/binary.js' + 'lib/bench.js', + 'lib/gen.js', + 'lib/fs.js', + 'lib/untar.js', + 'lib/proc.js', + 'lib/path.js', + 'lib/curl.js', + 'lib/inflate.js', + 'lib/build.js', + 'lib/asm.js', + 'lib/ffi.js', + 'lib/binary.js' ], embeds: [ 'main.cc', @@ -292,8 +307,6 @@ const runtimes = { 'lib/libffi/api.js', 'lib/libssl/api.js', 'lib/lz4/api.js', - 'lib/inflate/em_inflate.c', - 'lib/inflate/em_inflate.h', 'lib/mbedtls/api.js', 'lib/net/api.js', 'lib/pico/api.js', @@ -304,7 +317,7 @@ const runtimes = { 'lib/tcc/api.js', 'lib/wireguard/api.js', 'lib/zlib/api.js', - 'lib/duckdb/api.js', + 'lib/duckdb/api.js' ] }, full: { @@ -365,7 +378,7 @@ const runtimes = { 'lib/tcc/api.js', 'lib/wireguard/api.js', 'lib/zlib/api.js', - 'lib/duckdb/api.js', + 'lib/duckdb/api.js' ] }, mbedtls: { @@ -392,7 +405,6 @@ async function build (args) { args = args.filter(a => a !== '-v') verbose = true } - // ./lo eval "console.log(parseInt(lo.utf8Decode(lo.ptr(lo.core.readFile('/proc/self/stat', 0, 1024)).ptr, -1).match(/(\d+)\s/g)[21], 10) * 4096)" // it's 11 ms versus 7ms for ```hyperfine "lo eval 1"``` for curl build versus mbedtls // use ```lo LINK="mold -run g++" CC="ccache g++" build.js``` for fast builds await create_lo_home(LO_HOME) diff --git a/lib/duckdb/api.js b/lib/duckdb/api.js index 5ff6581..7235720 100644 --- a/lib/duckdb/api.js +++ b/lib/duckdb/api.js @@ -165,30 +165,4 @@ int set_config (duckdb_config* config, const char* key, const char* value) { } ` -import { isDir, isFile } from 'lib/fs.js' -import { exec } from 'lib/proc.js' - -async function build (C = 'gcc', CC = 'g++') { - const { assert } = lo - const { chdir, mkdir, S_IRWXU, S_IRWXG, S_IROTH, S_IXOTH } = lo.core - const status = new Int32Array(2) - - if (!isDir('deps/duckdb')) { - mkdir('deps', S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) - assert(chdir('deps') === 0) - exec('git', ['clone', '--depth', '1', '--single-branch', '-b', 'v0.9.2', 'https://github.com/duckdb/duckdb.git'], status) - assert(status[0] === 0) - assert(chdir('../') === 0) - } - - if (obj.some(o => !isFile(o))) { - assert(chdir('deps/duckdb') === 0) - exec('python3', ['scripts/amalgamation.py'], status) - exec(CC.split(' ')[0], [...CC.split(' ').slice(1), '-fPIC', '-c', '-O3', '-o', 'duckdb.o', '-Isrc/amalgamation', 'src/amalgamation/duckdb.cpp'], status) - assert(status[0] === 0) - assert(chdir('../../') === 0) - } - -} - -export { name, api, constants, structs, obj, build, include_paths, includes, preamble } +export { name, api, constants, structs, obj, include_paths, includes, preamble } diff --git a/lib/duckdb/build.js b/lib/duckdb/build.js new file mode 100644 index 0000000..a0f6e8c --- /dev/null +++ b/lib/duckdb/build.js @@ -0,0 +1,27 @@ +import { isDir, isFile } from 'lib/fs.js' +import { exec } from 'lib/proc.js' +import { obj } from 'lib/duckdb/api.js' + +async function build (C = 'gcc', CC = 'g++') { + const { assert } = lo + const { chdir, mkdir, S_IRWXU, S_IRWXG, S_IROTH, S_IXOTH } = lo.core + const status = new Int32Array(2) + + if (!isDir('deps/duckdb')) { + mkdir('deps', S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) + assert(chdir('deps') === 0) + exec('git', ['clone', '--depth', '1', '--single-branch', '-b', 'v0.9.2', 'https://github.com/duckdb/duckdb.git'], status) + assert(status[0] === 0) + assert(chdir('../') === 0) + } + + if (obj.some(o => !isFile(o))) { + assert(chdir('deps/duckdb') === 0) + exec('python3', ['scripts/amalgamation.py'], status) + exec(CC.split(' ')[0], [...CC.split(' ').slice(1), '-fPIC', '-c', '-O3', '-o', 'duckdb.o', '-Isrc/amalgamation', 'src/amalgamation/duckdb.cpp'], status) + assert(status[0] === 0) + assert(chdir('../../') === 0) + } +} + +export { build } diff --git a/lib/fs.js b/lib/fs.js index ce5d8c7..7f6704d 100644 --- a/lib/fs.js +++ b/lib/fs.js @@ -2,7 +2,8 @@ const { assert, readMemory, utf8Decode, wrap, core } = lo const { closedir, unlink, rmdir, open, fstat, close, access, mkdir, strnlen, F_OK, O_RDONLY, S_IFMT, S_IFDIR, S_IFREG, - S_IRWXU, S_IRWXG, S_IROTH, NAME_MAX + S_IRWXU, S_IRWXG, NAME_MAX, + O_WRONLY, O_CREAT, O_TRUNC, S_IRUSR, S_IWUSR, S_IRGRP, S_IROTH } = core const handle = new Uint32Array(2) @@ -16,6 +17,10 @@ const stat32 = new Uint32Array(stat.buffer) let MODE_WORD = 6 if (core.arch === 'arm64') MODE_WORD = 4 +const write_flags = O_WRONLY | O_CREAT | O_TRUNC +const write_mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH +const read_flags = O_RDONLY + function checkMode (val, mode) { return (val & S_IFMT) === mode } @@ -98,4 +103,7 @@ function rmDirAll (path) { assert(rmdir(path) === 0) } -export { mkDirAll, rmDirAll, isFile, isDir } +export { + mkDirAll, rmDirAll, isFile, isDir, + write_flags, read_flags, write_mode +} diff --git a/lib/gen.js b/lib/gen.js index 393fec1..5deb94d 100644 --- a/lib/gen.js +++ b/lib/gen.js @@ -72,8 +72,16 @@ function getFastParameterCast (parameter, index, pointers, override) { const pType = pointers[index] || 'void*' return ` ${pType} v${index} = reinterpret_cast<${pType}>(p${index}->data);` } - if (override[index]) { - return ` ${getType(parameter)} v${index} = p${override[index].param}${override[index].fastfield};` + if (override.length > index && override[index] !== undefined) { + if (override[index].constructor.name === 'Object') { + return ` ${getType(parameter)} v${index} = p${override[index].param}${override[index].fastfield};` + } else if (override[index].constructor.name === 'Number') { + return ` ${getType(parameter)} v${index} = ${override[index]};` + } else if (override[index].constructor.name === 'String') { + return ` ${getType(parameter)} v${index} = "${override[index]}";` + } else { + throw new Error('unsupported override type') + } } else { return ` ${getType(parameter)} v${index} = p${index};` } @@ -203,7 +211,7 @@ void ${n}Slow(const FunctionCallbackInfo &args) {\n` //} src += `${parameters.map((p, i) => getSlowParameterCast(p, i, pointers, override)).join('\n')}\n` if (result === 'void') { - src += ` ${name}(${parameters.map((p, i) => `${p === 'string' ? '*' : getCast(i)}v${i}`).join(', ')});\n` + src += ` ${name}(${parameters.map((p, i) => `${p === 'string' ? getCast(i) + '*' : getCast(i)}v${i}`).join(', ')});\n` } else { src += ` ${rpointer || getType(result)} rc = ${name}(${parameters.map((p, i) => `${p === 'string' ? '*' : getCast(i)}v${i}`).join(', ')});\n` } @@ -502,6 +510,7 @@ all: ## make all } function init_application (dir_path) { + const { S_IRWXU, S_IRWXG, S_IROTH, S_IXOTH } = lo.core const rc = lo.core.mkdir(`${dir_path}\0`, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) //console.log(rc) } @@ -512,7 +521,6 @@ const defaultOpts = { v8flags: '--stack-trace-limit=10 --use-strict --turbo-fast-api-calls --no-freeze-flags-after-init', on_exit: 0 } -const { S_IRWXU, S_IRWXG, S_IROTH, S_IXOTH } = lo.core const config = { os: 'linux', diff --git a/lib/hash.js b/lib/hash.js new file mode 100644 index 0000000..f4fc26e --- /dev/null +++ b/lib/hash.js @@ -0,0 +1,81 @@ +const { libssl } = lo.load('libssl') + +const { assert, utf8Length, ptr, wrap } = lo + +const sizes = { + md5: 16, sha1: 20, sha256: 32, sha384: 48, sha512: 64 +} + +const handle = new Uint32Array(2) + +libssl.EVP_get_digestbyname = wrap(handle, libssl.EVP_get_digestbyname, 1) +libssl.EVP_MD_CTX_new = wrap(handle, libssl.EVP_MD_CTX_new, 0) + +const { + EVP_get_digestbyname, EVP_MD_CTX_new, EVP_DigestInit_ex, + EVP_DigestUpdateBuffer, EVP_DigestFinal, EVP_MD_CTX_reset, EVP_Digest, + EVP_DigestUpdateString, EVP_DigestUpdate +} = libssl + +class Digest { + method = 'md5' + + constructor (method = 'md5') { + const size = sizes[method] + this.method = method + this.hasher = EVP_get_digestbyname(method) + this.hsize = new Uint32Array(2) + this.digest = ptr(new Uint8Array(size)) + this.ctx = EVP_MD_CTX_new() + } + + init () { + assert(EVP_DigestInit_ex(this.ctx, this.hasher, 0) === 1) + } + + update (buf) { + assert(EVP_DigestUpdateBuffer(this.ctx, buf, buf.length) === 1) + } + + finish () { + const { hsize, digest, ctx } = this + assert(EVP_DigestFinal(ctx, digest, hsize) === 1) + EVP_MD_CTX_reset(ctx) + return digest + } + + hash (buf) { + const { hasher, hsize, digest, ctx } = this + assert(EVP_DigestInit_ex(ctx, hasher, 0) === 1) + assert(EVP_DigestUpdateBuffer(ctx, buf, buf.length) === 1) + assert(EVP_DigestFinal(ctx, digest, hsize) === 1) + EVP_MD_CTX_reset(ctx) + return digest + } + + hash_string (str) { + const { hasher, hsize, digest, ctx } = this + assert(EVP_DigestInit_ex(ctx, hasher, 0) === 1) + assert(EVP_DigestUpdateString(ctx, str, utf8Length(str)) === 1) + assert(EVP_DigestFinal(ctx, digest, hsize) === 1) + EVP_MD_CTX_reset(ctx) + return digest + } + + hash_pointer (c_str) { + const { hasher, hsize, digest, ctx } = this + assert(EVP_DigestInit_ex(ctx, hasher, 0) === 1) + assert(EVP_DigestUpdate(ctx, c_str.ptr, c_str.size) === 1) + assert(EVP_DigestFinal(ctx, digest, hsize) === 1) + EVP_MD_CTX_reset(ctx) + return digest + } + + hashonce (buf) { + const { hasher, hsize, digest } = this + assert(EVP_Digest(buf, buf.length, digest, hsize, hasher, 0) === 1) + return digest + } +} + +export { Digest } diff --git a/lib/inflate.js b/lib/inflate.js index d9da8d6..3f540fc 100644 --- a/lib/inflate.js +++ b/lib/inflate.js @@ -22,6 +22,7 @@ function header (buf) { } } +// todo: pass in destination buffer - do not allocate function inflate (buf) { const { size } = header(buf) const dest = new Uint8Array(size) diff --git a/lib/inflate/api.js b/lib/inflate/api.js index ac6e1c3..58e8cab 100644 --- a/lib/inflate/api.js +++ b/lib/inflate/api.js @@ -1,7 +1,3 @@ -import { exec } from 'lib/proc.js' - -const { assert } = lo - const api = { inflate: { parameters: ['buffer', 'u32', 'buffer', 'u32'], @@ -14,17 +10,6 @@ const api = { const name = 'inflate' const includes = ['em_inflate.h'] -import { fetch } from 'lib/curl.js' - -function build (C = 'gcc', CC = 'g++') { - fetch('https://raw.githubusercontent.com/emmanuel-marty/em_inflate/master/lib/em_inflate.h', 'em_inflate.h') - fetch('https://raw.githubusercontent.com/emmanuel-marty/em_inflate/master/lib/em_inflate.c', 'em_inflate.c') - const status = new Int32Array(2) - const CARGS = C.split(' ') - exec(CARGS[0], [...CARGS.slice(1), '-I.', '-c', '-o', 'em_inflate.o', '-O3', '-fomit-frame-pointer', 'em_inflate.c'], status) - assert(status[0] === 0) -} - const obj = ['em_inflate.o'] -export { name, api, build, includes, obj } +export { name, api, includes, obj } diff --git a/lib/inflate/build.js b/lib/inflate/build.js new file mode 100644 index 0000000..8fe912e --- /dev/null +++ b/lib/inflate/build.js @@ -0,0 +1,15 @@ +import { exec } from 'lib/proc.js' +import { fetch } from 'lib/curl.js' + +const { assert } = lo + +function build (C = 'gcc', CC = 'g++') { + fetch('https://raw.githubusercontent.com/emmanuel-marty/em_inflate/master/lib/em_inflate.h', 'em_inflate.h') + fetch('https://raw.githubusercontent.com/emmanuel-marty/em_inflate/master/lib/em_inflate.c', 'em_inflate.c') + const status = new Int32Array(2) + const CARGS = C.split(' ') + exec(CARGS[0], [...CARGS.slice(1), '-I.', '-c', '-o', 'em_inflate.o', '-O3', '-fomit-frame-pointer', 'em_inflate.c'], status) + assert(status[0] === 0) +} + +export { build } diff --git a/lib/loop.js b/lib/loop.js new file mode 100644 index 0000000..7e0a6c9 --- /dev/null +++ b/lib/loop.js @@ -0,0 +1,117 @@ +const { epoll } = lo.load('epoll') + +const { create, wait, modify, close } = epoll + +const EPOLLIN = 0x1 +const EPOLLOUT = 0x4 +const EPOLLERR = 0x8 +const EPOLLHUP = 0x10 +const EPOLL_CLOEXEC = 524288 +const EPOLLEXCLUSIVE = 1 << 28 +const EPOLLWAKEUP = 1 << 29 +const EPOLLONESHOT = 1 << 30 +const EPOLLET = 1 << 31 +const EPOLL_CTL_ADD = 1 +const EPOLL_CTL_DEL = 2 +const EPOLL_CTL_MOD = 3 +const EVENT_SIZE = 12 +const EAGAIN = 11 + +epoll.constants = { + EPOLLIN, EPOLLOUT, EPOLLERR, EPOLLHUP, EPOLL_CLOEXEC, EPOLLEXCLUSIVE, + EPOLLWAKEUP, EPOLLONESHOT, EPOLLET, EPOLL_CTL_ADD, EPOLL_CTL_DEL, + EPOLL_CTL_MOD, EAGAIN +} + +function event (fd, mask = EPOLLIN | EPOLLOUT) { + const buf = new ArrayBuffer(EVENT_SIZE) + const dv = new DataView(buf) + dv.setUint32(0, mask, true) + dv.setUint32(4, fd, true) + return new Uint8Array(buf) +} + +function events (nevents = 1024) { + const buf = new ArrayBuffer(nevents * EVENT_SIZE) + return new Uint32Array(buf) +} + +epoll.types = { + event, + events +} + +const noop = () => {} +const nullptr = new Uint8Array(8) + +class Loop { + #size = 0 + + constructor (nevents = 4096, flags = EPOLL_CLOEXEC) { + this.maxEvents = nevents + this.events = events(nevents) + this.fd = create(flags) + this.callbacks = {} + this.errors = {} + this.handles = {} + } + + get size () { + return this.#size + } + + add (fd, callback, flags = EPOLLIN, errHandler = noop) { + const ev = event(fd, flags) + const rc = modify(this.fd, EPOLL_CTL_ADD, fd, ev) + if (rc === -1) return rc + this.callbacks[fd] = callback + this.errors[fd] = errHandler + this.#size++ + return rc + } + + // todo - make add/modify same signature, just use .callbacks, not .handles + modify (fd, flags = EPOLLIN, callback = this.handles[fd], onerror = noop) { + const ev = event(fd, flags) + this.callbacks[fd] = callback + return modify(this.fd, EPOLL_CTL_MOD, fd, ev) + } + + remove (fd) { + // TODO: don't delete these = pre-allocate an array + delete this.callbacks[fd] + delete this.errors[fd] + this.#size-- + return modify(this.fd, EPOLL_CTL_DEL, fd, nullptr) + } + + poll (timeout = -1) { + const { fd, maxEvents, events, callbacks, errors } = this + const n = wait(fd, events, maxEvents, timeout) + let off = 0 + for (let i = 0; i < n; i++) { + const mask = events[off++] + const fd = events[off++] + if (mask & EPOLLERR || mask & EPOLLHUP) { + errors[fd](fd, mask) + close(fd) + delete callbacks[fd] + delete errors[fd] + this.#size-- + off++ + continue + } + callbacks[fd](fd) + off++ + } + return n + } +} + +Loop.Readable = EPOLLIN +Loop.Writable = EPOLLOUT +Loop.ReadableWritable = EPOLLIN | EPOLLOUT +Loop.EdgeTriggered = EPOLLET +Loop.Blocked = EAGAIN + +export { Loop } diff --git a/lib/mbedtls/api.js b/lib/mbedtls/api.js index 603c1bf..23dbe43 100644 --- a/lib/mbedtls/api.js +++ b/lib/mbedtls/api.js @@ -1,77 +1,363 @@ const api = { - mbedtls_x509_crt_init: { + x509_crt_init: { parameters: ['pointer'], pointers: ['mbedtls_x509_crt*'], - result: 'void' + result: 'void', + name: 'mbedtls_x509_crt_init' }, - mbedtls_net_init: { + net_init: { parameters: ['pointer'], pointers: ['mbedtls_net_context*'], - result: 'void' + result: 'void', + name: 'mbedtls_net_init' }, - mbedtls_ssl_init: { + ssl_init: { parameters: ['pointer'], pointers: ['mbedtls_ssl_context*'], - result: 'void' + result: 'void', + name: 'mbedtls_ssl_init' }, - mbedtls_ssl_config_init: { + ssl_config_init: { parameters: ['pointer'], pointers: ['mbedtls_ssl_config*'], - result: 'void' + result: 'void', + name: 'mbedtls_ssl_config_init' }, - mbedtls_entropy_init: { + entropy_init: { parameters: ['pointer'], pointers: ['mbedtls_entropy_context*'], - result: 'void' + result: 'void', + name: 'mbedtls_entropy_init' }, - mbedtls_x509_crt_parse_der: { + ctr_drbg_init: { + parameters: ['pointer'], + pointers: ['mbedtls_ctr_drbg_context*'], + result: 'void', + name: 'mbedtls_ctr_drbg_init' + }, + x509_crt_parse_der: { parameters: ['pointer', 'pointer', 'u32'], pointers: ['mbedtls_x509_crt*', 'const unsigned char*'], - result: 'i32' - } + result: 'i32', + name: 'mbedtls_x509_crt_parse_der' + }, + debug_set_threshold: { + parameters: ['i32'], + result: 'void', + name: 'mbedtls_debug_set_threshold' + }, + ctr_drbg_seed: { + parameters: ['pointer', 'pointer', 'pointer', 'pointer', 'u32'], + pointers: ['mbedtls_ctr_drbg_context*', 'mbedtls_entropy_callback', , 'const unsigned char*'], + result: 'i32', + name: 'mbedtls_ctr_drbg_seed' + }, + exit: { + parameters: ['i32'], + result: 'void', + name: 'mbedtls_exit' + }, + x509_crt_parse: { + parameters: ['pointer', 'pointer', 'u32'], + pointers: ['mbedtls_x509_crt*', 'const unsigned char*'], + result: 'i32', + name: 'mbedtls_x509_crt_parse' + }, + ssl_config_defaults: { + parameters: ['pointer', 'i32', 'i32', 'i32'], + pointers: ['mbedtls_ssl_config*'], + result: 'i32', + name: 'mbedtls_ssl_config_defaults' + }, + ssl_conf_max_frag_len: { + parameters: ['pointer', 'u8'], + pointers: ['mbedtls_ssl_config*'], + result: 'i32', + name: 'mbedtls_ssl_conf_max_frag_len' + }, + ssl_conf_rng: { + parameters: ['pointer', 'pointer', 'pointer'], + pointers: ['mbedtls_ssl_config*', 'mbedtls_rng_callback'], + result: 'void', + name: 'mbedtls_ssl_conf_rng' + }, + ssl_conf_dbg: { + parameters: ['pointer', 'pointer', 'pointer'], + pointers: ['mbedtls_ssl_config*', 'mbedtls_dbg_callback'], + result: 'void', + name: 'mbedtls_ssl_conf_dbg' + }, + ssl_conf_read_timeout: { + parameters: ['pointer', 'u32'], + pointers: ['mbedtls_ssl_config*'], + result: 'void', + name: 'mbedtls_ssl_conf_read_timeout' + }, + ssl_conf_session_tickets: { + parameters: ['pointer', 'i32'], + pointers: ['mbedtls_ssl_config*'], + result: 'void', + name: 'mbedtls_ssl_conf_session_tickets' + }, +/* + ssl_conf_tls13_key_exchange_modes: { + parameters: ['pointer', 'i32'], + pointers: ['mbedtls_ssl_config*'], + result: 'void', + name: 'mbedtls_ssl_conf_tls13_key_exchange_modes' + }, +*/ + ssl_conf_renegotiation: { + parameters: ['pointer', 'i32'], + pointers: ['mbedtls_ssl_config*'], + result: 'void', + name: 'mbedtls_ssl_conf_renegotiation' + }, + ssl_conf_ca_chain: { + parameters: ['pointer', 'pointer', 'pointer'], + pointers: ['mbedtls_ssl_config*', 'mbedtls_x509_crt*', 'mbedtls_x509_crl*'], + result: 'void', + name: 'mbedtls_ssl_conf_ca_chain' + }, + ssl_conf_min_version: { + parameters: ['pointer', 'i32', 'i32'], + pointers: ['mbedtls_ssl_config*'], + result: 'void', + name: 'mbedtls_ssl_conf_min_version' + }, + ssl_conf_max_version: { + parameters: ['pointer', 'i32', 'i32'], + pointers: ['mbedtls_ssl_config*'], + result: 'void', + name: 'mbedtls_ssl_conf_max_version' + }, + ssl_setup: { + parameters: ['pointer', 'pointer'], + pointers: ['mbedtls_ssl_context*', 'mbedtls_ssl_config*'], + result: 'i32', + name: 'mbedtls_ssl_setup' + }, + ssl_set_hostname: { + parameters: ['pointer', 'string'], + pointers: ['mbedtls_ssl_context*'], + result: 'i32', + name: 'mbedtls_ssl_set_hostname' + }, + ssl_set_bio: { + parameters: ['pointer', 'pointer', 'pointer', 'pointer', 'pointer'], + pointers: ['mbedtls_ssl_context*', , 'mbedtls_ssl_send_t*', 'mbedtls_ssl_recv_t*', 'mbedtls_ssl_recv_timeout_t*'], + result: 'void', + name: 'mbedtls_ssl_set_bio' + }, + net_connect: { + parameters: ['pointer', 'string', 'string', 'i32'], + pointers: ['mbedtls_net_context*'], + result: 'i32', + name: 'mbedtls_net_connect' + }, + net_set_block: { + parameters: ['pointer'], + pointers: ['mbedtls_net_context*'], + result: 'i32', + name: 'mbedtls_net_set_block' + }, + ssl_handshake: { + parameters: ['pointer'], + pointers: ['mbedtls_ssl_context*'], + result: 'i32', + name: 'mbedtls_ssl_handshake' + }, + ssl_get_version: { + parameters: ['pointer'], + pointers: ['mbedtls_ssl_context*'], + result: 'pointer', + rpointer: 'const char*', + name: 'mbedtls_ssl_get_version' + }, + ssl_get_ciphersuite: { + parameters: ['pointer'], + pointers: ['mbedtls_ssl_context*'], + result: 'pointer', + rpointer: 'const char*', + name: 'mbedtls_ssl_get_ciphersuite' + }, + ssl_get_verify_result: { + parameters: ['pointer'], + pointers: ['mbedtls_ssl_context*'], + result: 'u32', + name: 'mbedtls_ssl_get_verify_result' + }, + ssl_write: { + parameters: ['pointer', 'pointer', 'u32'], + pointers: ['mbedtls_ssl_context*', 'const unsigned char*'], + result: 'i32', + name: 'mbedtls_ssl_write' + }, + ssl_read: { + parameters: ['pointer', 'pointer', 'u32'], + pointers: ['mbedtls_ssl_context*', 'unsigned char*'], + result: 'i32', + name: 'mbedtls_ssl_read' + }, + ssl_close_notify: { + parameters: ['pointer'], + pointers: ['mbedtls_ssl_context*'], + result: 'i32', + name: 'mbedtls_ssl_close_notify' + }, + net_free: { + parameters: ['pointer'], + pointers: ['mbedtls_net_context*'], + result: 'void', + name: 'mbedtls_net_free' + }, + ssl_free: { + parameters: ['pointer'], + pointers: ['mbedtls_ssl_context*'], + result: 'void', + name: 'mbedtls_ssl_free' + }, + ssl_config_free: { + parameters: ['pointer'], + pointers: ['mbedtls_ssl_config*'], + result: 'void', + name: 'mbedtls_ssl_config_free' + }, + x509_crt_free: { + parameters: ['pointer'], + pointers: ['mbedtls_x509_crt*'], + result: 'void', + name: 'mbedtls_x509_crt_free' + }, + ctr_drbg_free: { + parameters: ['pointer'], + pointers: ['mbedtls_ctr_drbg_context*'], + result: 'void', + name: 'mbedtls_ctr_drbg_free' + }, + entropy_free: { + parameters: ['pointer'], + pointers: ['mbedtls_entropy_context*'], + result: 'void', + name: 'mbedtls_entropy_free' + }, + dhm_init: { + parameters: ['pointer'], + pointers: ['mbedtls_dhm_context*'], + result: 'void', + name: 'mbedtls_dhm_init' + }, + md5_init: { + parameters: ['pointer'], + pointers: ['mbedtls_md5_context *'], + result: 'void', + name: 'mbedtls_md5_init' + }, + md5_free: { + parameters: ['pointer'], + pointers: ['mbedtls_md5_context *'], + result: 'void', + name: 'mbedtls_md5_free' + }, + md5_starts: { + parameters: ['pointer'], + pointers: ['mbedtls_md5_context *'], + result: 'void', + name: 'mbedtls_md5_starts' + }, + md5_update: { + parameters: ['pointer', 'pointer', 'u32'], + pointers: ['mbedtls_md5_context *', 'const unsigned char*'], + result: 'void', + name: 'mbedtls_md5_update' + }, + md5_finish: { + parameters: ['pointer', 'pointer'], + pointers: ['mbedtls_md5_context *', 'unsigned char*'], + result: 'void', + name: 'mbedtls_md5_finish' + }, +/* + md5_update_string: { + parameters: ['pointer', 'string', 'u32'], + pointers: ['mbedtls_md5_context *'], + casts: [, '(const unsigned char*)'], + result: 'void', + name: 'mbedtls_md5_update' + }, +*/ + sha256_init: { + parameters: ['pointer'], + pointers: ['mbedtls_sha256_context *'], + result: 'void', + name: 'mbedtls_sha256_init' + }, + sha256_free: { + parameters: ['pointer'], + pointers: ['mbedtls_sha256_context *'], + result: 'void', + name: 'mbedtls_sha256_free' + }, + sha256_starts: { + parameters: ['pointer', 'i32'], + pointers: ['mbedtls_sha256_context *'], + result: 'void', + name: 'mbedtls_sha256_starts' + }, + sha256_update: { + parameters: ['pointer', 'pointer', 'u32'], + pointers: ['mbedtls_sha256_context *', 'const unsigned char*'], + result: 'void', + name: 'mbedtls_sha256_update' + }, + sha256_finish: { + parameters: ['pointer', 'pointer'], + pointers: ['mbedtls_sha256_context *', 'unsigned char*'], + result: 'void', + name: 'mbedtls_sha256_finish' + }, } -const includes = ['mbedtls/x509.h', 'mbedtls/entropy.h', 'mbedtls/ssl.h', 'mbedtls/net_sockets.h'] +const includes = [ + 'mbedtls/x509.h', 'mbedtls/entropy.h', 'mbedtls/ssl.h', + 'mbedtls/net_sockets.h', + 'mbedtls/ctr_drbg.h', 'mbedtls/debug.h', + 'mbedtls/platform.h' +] const include_paths = ['./deps/mbedtls/include'] const name = 'mbedtls' const libs = [] const obj = [ - 'deps/mbedtls/library/libmbedx509.a', 'deps/mbedtls/library/libmbedcrypto.a', 'deps/mbedtls/library/libmbedtls.a' + 'deps/mbedtls/library/libmbedx509.a', 'deps/mbedtls/library/libmbedcrypto.a', + 'deps/mbedtls/library/libmbedtls.a' ] const structs = [ - 'mbedtls_net_context', 'mbedtls_x509_crt', 'mbedtls_entropy_context', 'mbedtls_ssl_context', 'mbedtls_ssl_config' + 'mbedtls_net_context', 'mbedtls_x509_crt', 'mbedtls_entropy_context', + 'mbedtls_ssl_context', 'mbedtls_ssl_config', 'mbedtls_ctr_drbg_context', + 'mbedtls_dhm_context', 'mbedtls_md5_context', 'mbedtls_sha256_context' ] - -import { fetch } from 'lib/curl.js' -import { inflate } from 'lib/inflate.js' -import { untar } from 'lib/untar.js' -import { isDir, isFile } from 'lib/fs.js' -import { exec } from 'lib/proc.js' - -async function build (C = 'gcc', CC = 'g++') { - const { assert } = lo - const { chdir, mkdir, S_IRWXU, S_IRWXG, S_IROTH, S_IXOTH, readFile } = lo.core - if (!isDir('deps/mbedtls')) { - mkdir('deps', S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) - assert(chdir('deps') === 0) - if (!isFile('v3.5.1.tar.gz')) { - console.log('fetching release') - fetch('https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v3.5.1.tar.gz', 'v3.5.1.tar.gz') - } - const bytes = readFile('v3.5.1.tar.gz') - const dir_name = untar(inflate(bytes)) - const cwd = lo.getcwd() - assert(lo.core.rename(`${cwd}/${dir_name}`, `${cwd}/mbedtls`) === 0) - assert(chdir('../') === 0) - } - if (obj.some(o => !isFile(o))) { - assert(chdir('deps/mbedtls') === 0) - const status = new Int32Array(2) - // this fixes an issue using g++ to compile C code as CC should really be the C compiler, not the C++ one. need to fix - exec('make', [`CC="${C}"`, 'CFLAGS=-fPIC', 'lib'], status) - assert(status[0] === 0) - assert(chdir('../../') === 0) - } +const preamble = ` +typedef int (*mbedtls_entropy_callback)(void *, unsigned char *, size_t); +typedef int (*mbedtls_rng_callback)(void *, unsigned char *, size_t); +typedef void (*mbedtls_dbg_callback)(void *, int, const char *, int, const char *); +` +const constants = { + MBEDTLS_SSL_IS_CLIENT: 'i32', + MBEDTLS_SSL_TRANSPORT_STREAM: 'i32', + MBEDTLS_SSL_PRESET_DEFAULT: 'i32', + MBEDTLS_SSL_MAX_FRAG_LEN_NONE: 'i32', + MBEDTLS_SSL_SESSION_TICKETS_ENABLED: 'i32', + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL: 'i32', + MBEDTLS_SSL_RENEGOTIATION_DISABLED: 'i32', + MBEDTLS_SSL_MAJOR_VERSION_3: 'i32', + MBEDTLS_SSL_MINOR_VERSION_4: 'i32', + MBEDTLS_NET_PROTO_TCP: 'i32', + MBEDTLS_ERR_SSL_WANT_READ: 'i32', + MBEDTLS_ERR_SSL_WANT_WRITE: 'i32', + MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS: 'i32', + MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: 'i32' } -export { name, api, libs, obj, includes, include_paths, structs, build } +export { + name, api, libs, obj, includes, include_paths, structs, preamble, constants +} diff --git a/lib/mbedtls/build.js b/lib/mbedtls/build.js new file mode 100644 index 0000000..a9219aa --- /dev/null +++ b/lib/mbedtls/build.js @@ -0,0 +1,38 @@ +import { fetch } from 'lib/curl.js' +import { inflate } from 'lib/inflate.js' +import { untar } from 'lib/untar.js' +import { isDir, isFile } from 'lib/fs.js' +import { exec } from 'lib/proc.js' +import { obj } from 'lib/mbedtls/api.js' + +async function build (C = 'gcc', CC = 'g++') { + const { assert, core } = lo + const { + chdir, mkdir, S_IRWXU, S_IRWXG, S_IROTH, S_IXOTH, readFile, writeFile + } = core + if (!isDir('deps/mbedtls')) { + mkdir('deps', S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) + assert(chdir('deps') === 0) + if (!isFile('v3.5.1.tar.gz')) { + console.log('fetching release') + fetch('https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v3.5.1.tar.gz', + 'v3.5.1.tar.gz') + } + const bytes = readFile('v3.5.1.tar.gz') + const dir_name = untar(inflate(bytes)) + const cwd = lo.getcwd() + assert(lo.core.rename(`${cwd}/${dir_name}`, `${cwd}/mbedtls`) === 0) + assert(chdir('../') === 0) + } + if (obj.some(o => !isFile(o))) { + writeFile('deps/mbedtls/include/mbedtls/mbedtls_config.h', readFile('./mbedtls_config.h')) + assert(chdir('deps/mbedtls') === 0) + const status = new Int32Array(2) + // this fixes an issue using g++ to compile C code as CC should really be the C compiler, not the C++ one. need to fix + exec('make', [`CC="${C}"`, 'CFLAGS="-fPIC"', 'lib'], status) + assert(status[0] === 0) + assert(chdir('../../') === 0) + } +} + +export { build } diff --git a/lib/mbedtls/mbedtls.cc b/lib/mbedtls/mbedtls.cc index 40fc70a..15eebba 100644 --- a/lib/mbedtls/mbedtls.cc +++ b/lib/mbedtls/mbedtls.cc @@ -5,6 +5,9 @@ #include #include #include +#include +#include +#include #include namespace lo { @@ -65,111 +68,565 @@ using v8::V8; using v8::BigInt; +typedef int (*mbedtls_entropy_callback)(void *, unsigned char *, size_t); +typedef int (*mbedtls_rng_callback)(void *, unsigned char *, size_t); +typedef void (*mbedtls_dbg_callback)(void *, int, const char *, int, const char *); -void mbedtls_x509_crt_initFast(void* p, void* p0); -v8::CTypeInfo cargsmbedtls_x509_crt_init[2] = { + +void x509_crt_initFast(void* p, void* p0); +v8::CTypeInfo cargsx509_crt_init[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcx509_crt_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infox509_crt_init = v8::CFunctionInfo(rcx509_crt_init, 2, cargsx509_crt_init); +v8::CFunction pFx509_crt_init = v8::CFunction((const void*)&x509_crt_initFast, &infox509_crt_init); + +void net_initFast(void* p, void* p0); +v8::CTypeInfo cargsnet_init[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcnet_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infonet_init = v8::CFunctionInfo(rcnet_init, 2, cargsnet_init); +v8::CFunction pFnet_init = v8::CFunction((const void*)&net_initFast, &infonet_init); + +void ssl_initFast(void* p, void* p0); +v8::CTypeInfo cargsssl_init[2] = { v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), }; -v8::CTypeInfo rcmbedtls_x509_crt_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); -v8::CFunctionInfo infombedtls_x509_crt_init = v8::CFunctionInfo(rcmbedtls_x509_crt_init, 2, cargsmbedtls_x509_crt_init); -v8::CFunction pFmbedtls_x509_crt_init = v8::CFunction((const void*)&mbedtls_x509_crt_initFast, &infombedtls_x509_crt_init); +v8::CTypeInfo rcssl_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_init = v8::CFunctionInfo(rcssl_init, 2, cargsssl_init); +v8::CFunction pFssl_init = v8::CFunction((const void*)&ssl_initFast, &infossl_init); -void mbedtls_net_initFast(void* p, void* p0); -v8::CTypeInfo cargsmbedtls_net_init[2] = { +void ssl_config_initFast(void* p, void* p0); +v8::CTypeInfo cargsssl_config_init[2] = { v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), }; -v8::CTypeInfo rcmbedtls_net_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); -v8::CFunctionInfo infombedtls_net_init = v8::CFunctionInfo(rcmbedtls_net_init, 2, cargsmbedtls_net_init); -v8::CFunction pFmbedtls_net_init = v8::CFunction((const void*)&mbedtls_net_initFast, &infombedtls_net_init); +v8::CTypeInfo rcssl_config_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_config_init = v8::CFunctionInfo(rcssl_config_init, 2, cargsssl_config_init); +v8::CFunction pFssl_config_init = v8::CFunction((const void*)&ssl_config_initFast, &infossl_config_init); -void mbedtls_ssl_initFast(void* p, void* p0); -v8::CTypeInfo cargsmbedtls_ssl_init[2] = { +void entropy_initFast(void* p, void* p0); +v8::CTypeInfo cargsentropy_init[2] = { v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), }; -v8::CTypeInfo rcmbedtls_ssl_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); -v8::CFunctionInfo infombedtls_ssl_init = v8::CFunctionInfo(rcmbedtls_ssl_init, 2, cargsmbedtls_ssl_init); -v8::CFunction pFmbedtls_ssl_init = v8::CFunction((const void*)&mbedtls_ssl_initFast, &infombedtls_ssl_init); +v8::CTypeInfo rcentropy_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infoentropy_init = v8::CFunctionInfo(rcentropy_init, 2, cargsentropy_init); +v8::CFunction pFentropy_init = v8::CFunction((const void*)&entropy_initFast, &infoentropy_init); -void mbedtls_ssl_config_initFast(void* p, void* p0); -v8::CTypeInfo cargsmbedtls_ssl_config_init[2] = { +void ctr_drbg_initFast(void* p, void* p0); +v8::CTypeInfo cargsctr_drbg_init[2] = { v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), }; -v8::CTypeInfo rcmbedtls_ssl_config_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); -v8::CFunctionInfo infombedtls_ssl_config_init = v8::CFunctionInfo(rcmbedtls_ssl_config_init, 2, cargsmbedtls_ssl_config_init); -v8::CFunction pFmbedtls_ssl_config_init = v8::CFunction((const void*)&mbedtls_ssl_config_initFast, &infombedtls_ssl_config_init); +v8::CTypeInfo rcctr_drbg_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infoctr_drbg_init = v8::CFunctionInfo(rcctr_drbg_init, 2, cargsctr_drbg_init); +v8::CFunction pFctr_drbg_init = v8::CFunction((const void*)&ctr_drbg_initFast, &infoctr_drbg_init); + +int32_t x509_crt_parse_derFast(void* p, void* p0, void* p1, uint32_t p2); +v8::CTypeInfo cargsx509_crt_parse_der[4] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), +}; +v8::CTypeInfo rcx509_crt_parse_der = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infox509_crt_parse_der = v8::CFunctionInfo(rcx509_crt_parse_der, 4, cargsx509_crt_parse_der); +v8::CFunction pFx509_crt_parse_der = v8::CFunction((const void*)&x509_crt_parse_derFast, &infox509_crt_parse_der); + +void debug_set_thresholdFast(void* p, int32_t p0); +v8::CTypeInfo cargsdebug_set_threshold[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), +}; +v8::CTypeInfo rcdebug_set_threshold = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infodebug_set_threshold = v8::CFunctionInfo(rcdebug_set_threshold, 2, cargsdebug_set_threshold); +v8::CFunction pFdebug_set_threshold = v8::CFunction((const void*)&debug_set_thresholdFast, &infodebug_set_threshold); -void mbedtls_entropy_initFast(void* p, void* p0); -v8::CTypeInfo cargsmbedtls_entropy_init[2] = { +int32_t ctr_drbg_seedFast(void* p, void* p0, void* p1, void* p2, void* p3, uint32_t p4); +v8::CTypeInfo cargsctr_drbg_seed[6] = { v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), +}; +v8::CTypeInfo rcctr_drbg_seed = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infoctr_drbg_seed = v8::CFunctionInfo(rcctr_drbg_seed, 6, cargsctr_drbg_seed); +v8::CFunction pFctr_drbg_seed = v8::CFunction((const void*)&ctr_drbg_seedFast, &infoctr_drbg_seed); + +void exitFast(void* p, int32_t p0); +v8::CTypeInfo cargsexit[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), }; -v8::CTypeInfo rcmbedtls_entropy_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); -v8::CFunctionInfo infombedtls_entropy_init = v8::CFunctionInfo(rcmbedtls_entropy_init, 2, cargsmbedtls_entropy_init); -v8::CFunction pFmbedtls_entropy_init = v8::CFunction((const void*)&mbedtls_entropy_initFast, &infombedtls_entropy_init); +v8::CTypeInfo rcexit = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infoexit = v8::CFunctionInfo(rcexit, 2, cargsexit); +v8::CFunction pFexit = v8::CFunction((const void*)&exitFast, &infoexit); -int32_t mbedtls_x509_crt_parse_derFast(void* p, void* p0, void* p1, uint32_t p2); -v8::CTypeInfo cargsmbedtls_x509_crt_parse_der[4] = { +int32_t x509_crt_parseFast(void* p, void* p0, void* p1, uint32_t p2); +v8::CTypeInfo cargsx509_crt_parse[4] = { v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), }; -v8::CTypeInfo rcmbedtls_x509_crt_parse_der = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); -v8::CFunctionInfo infombedtls_x509_crt_parse_der = v8::CFunctionInfo(rcmbedtls_x509_crt_parse_der, 4, cargsmbedtls_x509_crt_parse_der); -v8::CFunction pFmbedtls_x509_crt_parse_der = v8::CFunction((const void*)&mbedtls_x509_crt_parse_derFast, &infombedtls_x509_crt_parse_der); +v8::CTypeInfo rcx509_crt_parse = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infox509_crt_parse = v8::CFunctionInfo(rcx509_crt_parse, 4, cargsx509_crt_parse); +v8::CFunction pFx509_crt_parse = v8::CFunction((const void*)&x509_crt_parseFast, &infox509_crt_parse); + +int32_t ssl_config_defaultsFast(void* p, void* p0, int32_t p1, int32_t p2, int32_t p3); +v8::CTypeInfo cargsssl_config_defaults[5] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), +}; +v8::CTypeInfo rcssl_config_defaults = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infossl_config_defaults = v8::CFunctionInfo(rcssl_config_defaults, 5, cargsssl_config_defaults); +v8::CFunction pFssl_config_defaults = v8::CFunction((const void*)&ssl_config_defaultsFast, &infossl_config_defaults); + +int32_t ssl_conf_max_frag_lenFast(void* p, void* p0, uint8_t p1); +v8::CTypeInfo cargsssl_conf_max_frag_len[3] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kVoid), +}; +v8::CTypeInfo rcssl_conf_max_frag_len = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infossl_conf_max_frag_len = v8::CFunctionInfo(rcssl_conf_max_frag_len, 3, cargsssl_conf_max_frag_len); +v8::CFunction pFssl_conf_max_frag_len = v8::CFunction((const void*)&ssl_conf_max_frag_lenFast, &infossl_conf_max_frag_len); + +void ssl_conf_rngFast(void* p, void* p0, void* p1, void* p2); +v8::CTypeInfo cargsssl_conf_rng[4] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcssl_conf_rng = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_conf_rng = v8::CFunctionInfo(rcssl_conf_rng, 4, cargsssl_conf_rng); +v8::CFunction pFssl_conf_rng = v8::CFunction((const void*)&ssl_conf_rngFast, &infossl_conf_rng); + +void ssl_conf_dbgFast(void* p, void* p0, void* p1, void* p2); +v8::CTypeInfo cargsssl_conf_dbg[4] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcssl_conf_dbg = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_conf_dbg = v8::CFunctionInfo(rcssl_conf_dbg, 4, cargsssl_conf_dbg); +v8::CFunction pFssl_conf_dbg = v8::CFunction((const void*)&ssl_conf_dbgFast, &infossl_conf_dbg); + +void ssl_conf_read_timeoutFast(void* p, void* p0, uint32_t p1); +v8::CTypeInfo cargsssl_conf_read_timeout[3] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), +}; +v8::CTypeInfo rcssl_conf_read_timeout = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_conf_read_timeout = v8::CFunctionInfo(rcssl_conf_read_timeout, 3, cargsssl_conf_read_timeout); +v8::CFunction pFssl_conf_read_timeout = v8::CFunction((const void*)&ssl_conf_read_timeoutFast, &infossl_conf_read_timeout); + +void ssl_conf_session_ticketsFast(void* p, void* p0, int32_t p1); +v8::CTypeInfo cargsssl_conf_session_tickets[3] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), +}; +v8::CTypeInfo rcssl_conf_session_tickets = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_conf_session_tickets = v8::CFunctionInfo(rcssl_conf_session_tickets, 3, cargsssl_conf_session_tickets); +v8::CFunction pFssl_conf_session_tickets = v8::CFunction((const void*)&ssl_conf_session_ticketsFast, &infossl_conf_session_tickets); + +void ssl_conf_renegotiationFast(void* p, void* p0, int32_t p1); +v8::CTypeInfo cargsssl_conf_renegotiation[3] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), +}; +v8::CTypeInfo rcssl_conf_renegotiation = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_conf_renegotiation = v8::CFunctionInfo(rcssl_conf_renegotiation, 3, cargsssl_conf_renegotiation); +v8::CFunction pFssl_conf_renegotiation = v8::CFunction((const void*)&ssl_conf_renegotiationFast, &infossl_conf_renegotiation); + +void ssl_conf_ca_chainFast(void* p, void* p0, void* p1, void* p2); +v8::CTypeInfo cargsssl_conf_ca_chain[4] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcssl_conf_ca_chain = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_conf_ca_chain = v8::CFunctionInfo(rcssl_conf_ca_chain, 4, cargsssl_conf_ca_chain); +v8::CFunction pFssl_conf_ca_chain = v8::CFunction((const void*)&ssl_conf_ca_chainFast, &infossl_conf_ca_chain); + +void ssl_conf_min_versionFast(void* p, void* p0, int32_t p1, int32_t p2); +v8::CTypeInfo cargsssl_conf_min_version[4] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), +}; +v8::CTypeInfo rcssl_conf_min_version = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_conf_min_version = v8::CFunctionInfo(rcssl_conf_min_version, 4, cargsssl_conf_min_version); +v8::CFunction pFssl_conf_min_version = v8::CFunction((const void*)&ssl_conf_min_versionFast, &infossl_conf_min_version); + +void ssl_conf_max_versionFast(void* p, void* p0, int32_t p1, int32_t p2); +v8::CTypeInfo cargsssl_conf_max_version[4] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), +}; +v8::CTypeInfo rcssl_conf_max_version = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_conf_max_version = v8::CFunctionInfo(rcssl_conf_max_version, 4, cargsssl_conf_max_version); +v8::CFunction pFssl_conf_max_version = v8::CFunction((const void*)&ssl_conf_max_versionFast, &infossl_conf_max_version); +int32_t ssl_setupFast(void* p, void* p0, void* p1); +v8::CTypeInfo cargsssl_setup[3] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcssl_setup = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infossl_setup = v8::CFunctionInfo(rcssl_setup, 3, cargsssl_setup); +v8::CFunction pFssl_setup = v8::CFunction((const void*)&ssl_setupFast, &infossl_setup); +int32_t ssl_set_hostnameFast(void* p, void* p0, struct FastOneByteString* const p1); +v8::CTypeInfo cargsssl_set_hostname[3] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kSeqOneByteString), +}; +v8::CTypeInfo rcssl_set_hostname = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infossl_set_hostname = v8::CFunctionInfo(rcssl_set_hostname, 3, cargsssl_set_hostname); +v8::CFunction pFssl_set_hostname = v8::CFunction((const void*)&ssl_set_hostnameFast, &infossl_set_hostname); -void mbedtls_x509_crt_initSlow(const FunctionCallbackInfo &args) { +void ssl_set_bioFast(void* p, void* p0, void* p1, void* p2, void* p3, void* p4); +v8::CTypeInfo cargsssl_set_bio[6] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcssl_set_bio = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_set_bio = v8::CFunctionInfo(rcssl_set_bio, 6, cargsssl_set_bio); +v8::CFunction pFssl_set_bio = v8::CFunction((const void*)&ssl_set_bioFast, &infossl_set_bio); + +int32_t net_connectFast(void* p, void* p0, struct FastOneByteString* const p1, struct FastOneByteString* const p2, int32_t p3); +v8::CTypeInfo cargsnet_connect[5] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kSeqOneByteString), + v8::CTypeInfo(v8::CTypeInfo::Type::kSeqOneByteString), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), +}; +v8::CTypeInfo rcnet_connect = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infonet_connect = v8::CFunctionInfo(rcnet_connect, 5, cargsnet_connect); +v8::CFunction pFnet_connect = v8::CFunction((const void*)&net_connectFast, &infonet_connect); + +int32_t net_set_blockFast(void* p, void* p0); +v8::CTypeInfo cargsnet_set_block[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcnet_set_block = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infonet_set_block = v8::CFunctionInfo(rcnet_set_block, 2, cargsnet_set_block); +v8::CFunction pFnet_set_block = v8::CFunction((const void*)&net_set_blockFast, &infonet_set_block); + +int32_t ssl_handshakeFast(void* p, void* p0); +v8::CTypeInfo cargsssl_handshake[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcssl_handshake = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infossl_handshake = v8::CFunctionInfo(rcssl_handshake, 2, cargsssl_handshake); +v8::CFunction pFssl_handshake = v8::CFunction((const void*)&ssl_handshakeFast, &infossl_handshake); + +void ssl_get_versionFast(void* p, void* p0, struct FastApiTypedArray* const p_ret); +v8::CTypeInfo cargsssl_get_version[3] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32, v8::CTypeInfo::SequenceType::kIsTypedArray, v8::CTypeInfo::Flags::kNone) +}; +v8::CTypeInfo rcssl_get_version = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_get_version = v8::CFunctionInfo(rcssl_get_version, 3, cargsssl_get_version); +v8::CFunction pFssl_get_version = v8::CFunction((const void*)&ssl_get_versionFast, &infossl_get_version); + +void ssl_get_ciphersuiteFast(void* p, void* p0, struct FastApiTypedArray* const p_ret); +v8::CTypeInfo cargsssl_get_ciphersuite[3] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32, v8::CTypeInfo::SequenceType::kIsTypedArray, v8::CTypeInfo::Flags::kNone) +}; +v8::CTypeInfo rcssl_get_ciphersuite = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_get_ciphersuite = v8::CFunctionInfo(rcssl_get_ciphersuite, 3, cargsssl_get_ciphersuite); +v8::CFunction pFssl_get_ciphersuite = v8::CFunction((const void*)&ssl_get_ciphersuiteFast, &infossl_get_ciphersuite); + +uint32_t ssl_get_verify_resultFast(void* p, void* p0); +v8::CTypeInfo cargsssl_get_verify_result[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcssl_get_verify_result = v8::CTypeInfo(v8::CTypeInfo::Type::kUint32); +v8::CFunctionInfo infossl_get_verify_result = v8::CFunctionInfo(rcssl_get_verify_result, 2, cargsssl_get_verify_result); +v8::CFunction pFssl_get_verify_result = v8::CFunction((const void*)&ssl_get_verify_resultFast, &infossl_get_verify_result); + +int32_t ssl_writeFast(void* p, void* p0, void* p1, uint32_t p2); +v8::CTypeInfo cargsssl_write[4] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), +}; +v8::CTypeInfo rcssl_write = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infossl_write = v8::CFunctionInfo(rcssl_write, 4, cargsssl_write); +v8::CFunction pFssl_write = v8::CFunction((const void*)&ssl_writeFast, &infossl_write); + +int32_t ssl_readFast(void* p, void* p0, void* p1, uint32_t p2); +v8::CTypeInfo cargsssl_read[4] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), +}; +v8::CTypeInfo rcssl_read = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infossl_read = v8::CFunctionInfo(rcssl_read, 4, cargsssl_read); +v8::CFunction pFssl_read = v8::CFunction((const void*)&ssl_readFast, &infossl_read); + +int32_t ssl_close_notifyFast(void* p, void* p0); +v8::CTypeInfo cargsssl_close_notify[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcssl_close_notify = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infossl_close_notify = v8::CFunctionInfo(rcssl_close_notify, 2, cargsssl_close_notify); +v8::CFunction pFssl_close_notify = v8::CFunction((const void*)&ssl_close_notifyFast, &infossl_close_notify); + +void net_freeFast(void* p, void* p0); +v8::CTypeInfo cargsnet_free[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcnet_free = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infonet_free = v8::CFunctionInfo(rcnet_free, 2, cargsnet_free); +v8::CFunction pFnet_free = v8::CFunction((const void*)&net_freeFast, &infonet_free); + +void ssl_freeFast(void* p, void* p0); +v8::CTypeInfo cargsssl_free[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcssl_free = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_free = v8::CFunctionInfo(rcssl_free, 2, cargsssl_free); +v8::CFunction pFssl_free = v8::CFunction((const void*)&ssl_freeFast, &infossl_free); + +void ssl_config_freeFast(void* p, void* p0); +v8::CTypeInfo cargsssl_config_free[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcssl_config_free = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infossl_config_free = v8::CFunctionInfo(rcssl_config_free, 2, cargsssl_config_free); +v8::CFunction pFssl_config_free = v8::CFunction((const void*)&ssl_config_freeFast, &infossl_config_free); + +void x509_crt_freeFast(void* p, void* p0); +v8::CTypeInfo cargsx509_crt_free[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcx509_crt_free = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infox509_crt_free = v8::CFunctionInfo(rcx509_crt_free, 2, cargsx509_crt_free); +v8::CFunction pFx509_crt_free = v8::CFunction((const void*)&x509_crt_freeFast, &infox509_crt_free); + +void ctr_drbg_freeFast(void* p, void* p0); +v8::CTypeInfo cargsctr_drbg_free[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcctr_drbg_free = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infoctr_drbg_free = v8::CFunctionInfo(rcctr_drbg_free, 2, cargsctr_drbg_free); +v8::CFunction pFctr_drbg_free = v8::CFunction((const void*)&ctr_drbg_freeFast, &infoctr_drbg_free); + +void entropy_freeFast(void* p, void* p0); +v8::CTypeInfo cargsentropy_free[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcentropy_free = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infoentropy_free = v8::CFunctionInfo(rcentropy_free, 2, cargsentropy_free); +v8::CFunction pFentropy_free = v8::CFunction((const void*)&entropy_freeFast, &infoentropy_free); + +void dhm_initFast(void* p, void* p0); +v8::CTypeInfo cargsdhm_init[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcdhm_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infodhm_init = v8::CFunctionInfo(rcdhm_init, 2, cargsdhm_init); +v8::CFunction pFdhm_init = v8::CFunction((const void*)&dhm_initFast, &infodhm_init); + +void md5_initFast(void* p, void* p0); +v8::CTypeInfo cargsmd5_init[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcmd5_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infomd5_init = v8::CFunctionInfo(rcmd5_init, 2, cargsmd5_init); +v8::CFunction pFmd5_init = v8::CFunction((const void*)&md5_initFast, &infomd5_init); + +void md5_freeFast(void* p, void* p0); +v8::CTypeInfo cargsmd5_free[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcmd5_free = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infomd5_free = v8::CFunctionInfo(rcmd5_free, 2, cargsmd5_free); +v8::CFunction pFmd5_free = v8::CFunction((const void*)&md5_freeFast, &infomd5_free); + +void md5_startsFast(void* p, void* p0); +v8::CTypeInfo cargsmd5_starts[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcmd5_starts = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infomd5_starts = v8::CFunctionInfo(rcmd5_starts, 2, cargsmd5_starts); +v8::CFunction pFmd5_starts = v8::CFunction((const void*)&md5_startsFast, &infomd5_starts); + +void md5_updateFast(void* p, void* p0, void* p1, uint32_t p2); +v8::CTypeInfo cargsmd5_update[4] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), +}; +v8::CTypeInfo rcmd5_update = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infomd5_update = v8::CFunctionInfo(rcmd5_update, 4, cargsmd5_update); +v8::CFunction pFmd5_update = v8::CFunction((const void*)&md5_updateFast, &infomd5_update); + +void md5_finishFast(void* p, void* p0, void* p1); +v8::CTypeInfo cargsmd5_finish[3] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcmd5_finish = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infomd5_finish = v8::CFunctionInfo(rcmd5_finish, 3, cargsmd5_finish); +v8::CFunction pFmd5_finish = v8::CFunction((const void*)&md5_finishFast, &infomd5_finish); + +void sha256_initFast(void* p, void* p0); +v8::CTypeInfo cargssha256_init[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcsha256_init = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infosha256_init = v8::CFunctionInfo(rcsha256_init, 2, cargssha256_init); +v8::CFunction pFsha256_init = v8::CFunction((const void*)&sha256_initFast, &infosha256_init); + +void sha256_freeFast(void* p, void* p0); +v8::CTypeInfo cargssha256_free[2] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcsha256_free = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infosha256_free = v8::CFunctionInfo(rcsha256_free, 2, cargssha256_free); +v8::CFunction pFsha256_free = v8::CFunction((const void*)&sha256_freeFast, &infosha256_free); + +void sha256_startsFast(void* p, void* p0, int32_t p1); +v8::CTypeInfo cargssha256_starts[3] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), +}; +v8::CTypeInfo rcsha256_starts = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infosha256_starts = v8::CFunctionInfo(rcsha256_starts, 3, cargssha256_starts); +v8::CFunction pFsha256_starts = v8::CFunction((const void*)&sha256_startsFast, &infosha256_starts); + +void sha256_updateFast(void* p, void* p0, void* p1, uint32_t p2); +v8::CTypeInfo cargssha256_update[4] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), +}; +v8::CTypeInfo rcsha256_update = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infosha256_update = v8::CFunctionInfo(rcsha256_update, 4, cargssha256_update); +v8::CFunction pFsha256_update = v8::CFunction((const void*)&sha256_updateFast, &infosha256_update); + +void sha256_finishFast(void* p, void* p0, void* p1); +v8::CTypeInfo cargssha256_finish[3] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcsha256_finish = v8::CTypeInfo(v8::CTypeInfo::Type::kVoid); +v8::CFunctionInfo infosha256_finish = v8::CFunctionInfo(rcsha256_finish, 3, cargssha256_finish); +v8::CFunction pFsha256_finish = v8::CFunction((const void*)&sha256_finishFast, &infosha256_finish); + + + +void x509_crt_initSlow(const FunctionCallbackInfo &args) { mbedtls_x509_crt* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); mbedtls_x509_crt_init(v0); } -void mbedtls_x509_crt_initFast(void* p, void* p0) { +void x509_crt_initFast(void* p, void* p0) { mbedtls_x509_crt* v0 = reinterpret_cast(p0); mbedtls_x509_crt_init(v0); } -void mbedtls_net_initSlow(const FunctionCallbackInfo &args) { +void net_initSlow(const FunctionCallbackInfo &args) { mbedtls_net_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); mbedtls_net_init(v0); } -void mbedtls_net_initFast(void* p, void* p0) { +void net_initFast(void* p, void* p0) { mbedtls_net_context* v0 = reinterpret_cast(p0); mbedtls_net_init(v0); } -void mbedtls_ssl_initSlow(const FunctionCallbackInfo &args) { +void ssl_initSlow(const FunctionCallbackInfo &args) { mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); mbedtls_ssl_init(v0); } -void mbedtls_ssl_initFast(void* p, void* p0) { +void ssl_initFast(void* p, void* p0) { mbedtls_ssl_context* v0 = reinterpret_cast(p0); mbedtls_ssl_init(v0); } -void mbedtls_ssl_config_initSlow(const FunctionCallbackInfo &args) { +void ssl_config_initSlow(const FunctionCallbackInfo &args) { mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); mbedtls_ssl_config_init(v0); } -void mbedtls_ssl_config_initFast(void* p, void* p0) { +void ssl_config_initFast(void* p, void* p0) { mbedtls_ssl_config* v0 = reinterpret_cast(p0); mbedtls_ssl_config_init(v0); } -void mbedtls_entropy_initSlow(const FunctionCallbackInfo &args) { +void entropy_initSlow(const FunctionCallbackInfo &args) { mbedtls_entropy_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); mbedtls_entropy_init(v0); } -void mbedtls_entropy_initFast(void* p, void* p0) { +void entropy_initFast(void* p, void* p0) { mbedtls_entropy_context* v0 = reinterpret_cast(p0); mbedtls_entropy_init(v0); } -void mbedtls_x509_crt_parse_derSlow(const FunctionCallbackInfo &args) { +void ctr_drbg_initSlow(const FunctionCallbackInfo &args) { + mbedtls_ctr_drbg_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_ctr_drbg_init(v0); +} + +void ctr_drbg_initFast(void* p, void* p0) { + mbedtls_ctr_drbg_context* v0 = reinterpret_cast(p0); + mbedtls_ctr_drbg_init(v0); +} +void x509_crt_parse_derSlow(const FunctionCallbackInfo &args) { Isolate *isolate = args.GetIsolate(); mbedtls_x509_crt* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); const unsigned char* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); @@ -178,28 +635,597 @@ void mbedtls_x509_crt_parse_derSlow(const FunctionCallbackInfo &args) { args.GetReturnValue().Set(Number::New(isolate, rc)); } -int32_t mbedtls_x509_crt_parse_derFast(void* p, void* p0, void* p1, uint32_t p2) { +int32_t x509_crt_parse_derFast(void* p, void* p0, void* p1, uint32_t p2) { mbedtls_x509_crt* v0 = reinterpret_cast(p0); const unsigned char* v1 = reinterpret_cast(p1); uint32_t v2 = p2; return mbedtls_x509_crt_parse_der(v0, v1, v2); } +void debug_set_thresholdSlow(const FunctionCallbackInfo &args) { + int32_t v0 = Local::Cast(args[0])->Value(); + mbedtls_debug_set_threshold(v0); +} + +void debug_set_thresholdFast(void* p, int32_t p0) { + int32_t v0 = p0; + mbedtls_debug_set_threshold(v0); +} +void ctr_drbg_seedSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_ctr_drbg_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_entropy_callback v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + void* v2 = reinterpret_cast((uint64_t)Local::Cast(args[2])->Value()); + const unsigned char* v3 = reinterpret_cast((uint64_t)Local::Cast(args[3])->Value()); + uint32_t v4 = Local::Cast(args[4])->Value(); + int32_t rc = mbedtls_ctr_drbg_seed(v0, v1, v2, v3, v4); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t ctr_drbg_seedFast(void* p, void* p0, void* p1, void* p2, void* p3, uint32_t p4) { + mbedtls_ctr_drbg_context* v0 = reinterpret_cast(p0); + mbedtls_entropy_callback v1 = reinterpret_cast(p1); + void* v2 = reinterpret_cast(p2); + const unsigned char* v3 = reinterpret_cast(p3); + uint32_t v4 = p4; + return mbedtls_ctr_drbg_seed(v0, v1, v2, v3, v4); +} +void exitSlow(const FunctionCallbackInfo &args) { + int32_t v0 = Local::Cast(args[0])->Value(); + mbedtls_exit(v0); +} + +void exitFast(void* p, int32_t p0) { + int32_t v0 = p0; + mbedtls_exit(v0); +} +void x509_crt_parseSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_x509_crt* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + const unsigned char* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + uint32_t v2 = Local::Cast(args[2])->Value(); + int32_t rc = mbedtls_x509_crt_parse(v0, v1, v2); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t x509_crt_parseFast(void* p, void* p0, void* p1, uint32_t p2) { + mbedtls_x509_crt* v0 = reinterpret_cast(p0); + const unsigned char* v1 = reinterpret_cast(p1); + uint32_t v2 = p2; + return mbedtls_x509_crt_parse(v0, v1, v2); +} +void ssl_config_defaultsSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + int32_t v1 = Local::Cast(args[1])->Value(); + int32_t v2 = Local::Cast(args[2])->Value(); + int32_t v3 = Local::Cast(args[3])->Value(); + int32_t rc = mbedtls_ssl_config_defaults(v0, v1, v2, v3); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t ssl_config_defaultsFast(void* p, void* p0, int32_t p1, int32_t p2, int32_t p3) { + mbedtls_ssl_config* v0 = reinterpret_cast(p0); + int32_t v1 = p1; + int32_t v2 = p2; + int32_t v3 = p3; + return mbedtls_ssl_config_defaults(v0, v1, v2, v3); +} +void ssl_conf_max_frag_lenSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + uint8_t v1 = Local::Cast(args[1])->Value(); + int32_t rc = mbedtls_ssl_conf_max_frag_len(v0, v1); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t ssl_conf_max_frag_lenFast(void* p, void* p0, uint8_t p1) { + mbedtls_ssl_config* v0 = reinterpret_cast(p0); + uint8_t v1 = p1; + return mbedtls_ssl_conf_max_frag_len(v0, v1); +} +void ssl_conf_rngSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_rng_callback v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + void* v2 = reinterpret_cast((uint64_t)Local::Cast(args[2])->Value()); + mbedtls_ssl_conf_rng(v0, v1, v2); +} + +void ssl_conf_rngFast(void* p, void* p0, void* p1, void* p2) { + mbedtls_ssl_config* v0 = reinterpret_cast(p0); + mbedtls_rng_callback v1 = reinterpret_cast(p1); + void* v2 = reinterpret_cast(p2); + mbedtls_ssl_conf_rng(v0, v1, v2); +} +void ssl_conf_dbgSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_dbg_callback v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + void* v2 = reinterpret_cast((uint64_t)Local::Cast(args[2])->Value()); + mbedtls_ssl_conf_dbg(v0, v1, v2); +} + +void ssl_conf_dbgFast(void* p, void* p0, void* p1, void* p2) { + mbedtls_ssl_config* v0 = reinterpret_cast(p0); + mbedtls_dbg_callback v1 = reinterpret_cast(p1); + void* v2 = reinterpret_cast(p2); + mbedtls_ssl_conf_dbg(v0, v1, v2); +} +void ssl_conf_read_timeoutSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + uint32_t v1 = Local::Cast(args[1])->Value(); + mbedtls_ssl_conf_read_timeout(v0, v1); +} + +void ssl_conf_read_timeoutFast(void* p, void* p0, uint32_t p1) { + mbedtls_ssl_config* v0 = reinterpret_cast(p0); + uint32_t v1 = p1; + mbedtls_ssl_conf_read_timeout(v0, v1); +} +void ssl_conf_session_ticketsSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + int32_t v1 = Local::Cast(args[1])->Value(); + mbedtls_ssl_conf_session_tickets(v0, v1); +} + +void ssl_conf_session_ticketsFast(void* p, void* p0, int32_t p1) { + mbedtls_ssl_config* v0 = reinterpret_cast(p0); + int32_t v1 = p1; + mbedtls_ssl_conf_session_tickets(v0, v1); +} +void ssl_conf_renegotiationSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + int32_t v1 = Local::Cast(args[1])->Value(); + mbedtls_ssl_conf_renegotiation(v0, v1); +} + +void ssl_conf_renegotiationFast(void* p, void* p0, int32_t p1) { + mbedtls_ssl_config* v0 = reinterpret_cast(p0); + int32_t v1 = p1; + mbedtls_ssl_conf_renegotiation(v0, v1); +} +void ssl_conf_ca_chainSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_x509_crt* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + mbedtls_x509_crl* v2 = reinterpret_cast((uint64_t)Local::Cast(args[2])->Value()); + mbedtls_ssl_conf_ca_chain(v0, v1, v2); +} + +void ssl_conf_ca_chainFast(void* p, void* p0, void* p1, void* p2) { + mbedtls_ssl_config* v0 = reinterpret_cast(p0); + mbedtls_x509_crt* v1 = reinterpret_cast(p1); + mbedtls_x509_crl* v2 = reinterpret_cast(p2); + mbedtls_ssl_conf_ca_chain(v0, v1, v2); +} +void ssl_conf_min_versionSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + int32_t v1 = Local::Cast(args[1])->Value(); + int32_t v2 = Local::Cast(args[2])->Value(); + mbedtls_ssl_conf_min_version(v0, v1, v2); +} + +void ssl_conf_min_versionFast(void* p, void* p0, int32_t p1, int32_t p2) { + mbedtls_ssl_config* v0 = reinterpret_cast(p0); + int32_t v1 = p1; + int32_t v2 = p2; + mbedtls_ssl_conf_min_version(v0, v1, v2); +} +void ssl_conf_max_versionSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + int32_t v1 = Local::Cast(args[1])->Value(); + int32_t v2 = Local::Cast(args[2])->Value(); + mbedtls_ssl_conf_max_version(v0, v1, v2); +} + +void ssl_conf_max_versionFast(void* p, void* p0, int32_t p1, int32_t p2) { + mbedtls_ssl_config* v0 = reinterpret_cast(p0); + int32_t v1 = p1; + int32_t v2 = p2; + mbedtls_ssl_conf_max_version(v0, v1, v2); +} +void ssl_setupSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_ssl_config* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + int32_t rc = mbedtls_ssl_setup(v0, v1); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t ssl_setupFast(void* p, void* p0, void* p1) { + mbedtls_ssl_context* v0 = reinterpret_cast(p0); + mbedtls_ssl_config* v1 = reinterpret_cast(p1); + return mbedtls_ssl_setup(v0, v1); +} +void ssl_set_hostnameSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + String::Utf8Value v1(isolate, args[1]); + int32_t rc = mbedtls_ssl_set_hostname(v0, *v1); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t ssl_set_hostnameFast(void* p, void* p0, struct FastOneByteString* const p1) { + mbedtls_ssl_context* v0 = reinterpret_cast(p0); + struct FastOneByteString* const v1 = p1; + return mbedtls_ssl_set_hostname(v0, v1->data); +} +void ssl_set_bioSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + void* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + mbedtls_ssl_send_t* v2 = reinterpret_cast((uint64_t)Local::Cast(args[2])->Value()); + mbedtls_ssl_recv_t* v3 = reinterpret_cast((uint64_t)Local::Cast(args[3])->Value()); + mbedtls_ssl_recv_timeout_t* v4 = reinterpret_cast((uint64_t)Local::Cast(args[4])->Value()); + mbedtls_ssl_set_bio(v0, v1, v2, v3, v4); +} + +void ssl_set_bioFast(void* p, void* p0, void* p1, void* p2, void* p3, void* p4) { + mbedtls_ssl_context* v0 = reinterpret_cast(p0); + void* v1 = reinterpret_cast(p1); + mbedtls_ssl_send_t* v2 = reinterpret_cast(p2); + mbedtls_ssl_recv_t* v3 = reinterpret_cast(p3); + mbedtls_ssl_recv_timeout_t* v4 = reinterpret_cast(p4); + mbedtls_ssl_set_bio(v0, v1, v2, v3, v4); +} +void net_connectSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_net_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + String::Utf8Value v1(isolate, args[1]); + String::Utf8Value v2(isolate, args[2]); + int32_t v3 = Local::Cast(args[3])->Value(); + int32_t rc = mbedtls_net_connect(v0, *v1, *v2, v3); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t net_connectFast(void* p, void* p0, struct FastOneByteString* const p1, struct FastOneByteString* const p2, int32_t p3) { + mbedtls_net_context* v0 = reinterpret_cast(p0); + struct FastOneByteString* const v1 = p1; + struct FastOneByteString* const v2 = p2; + int32_t v3 = p3; + return mbedtls_net_connect(v0, v1->data, v2->data, v3); +} +void net_set_blockSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_net_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + int32_t rc = mbedtls_net_set_block(v0); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t net_set_blockFast(void* p, void* p0) { + mbedtls_net_context* v0 = reinterpret_cast(p0); + return mbedtls_net_set_block(v0); +} +void ssl_handshakeSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + int32_t rc = mbedtls_ssl_handshake(v0); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t ssl_handshakeFast(void* p, void* p0) { + mbedtls_ssl_context* v0 = reinterpret_cast(p0); + return mbedtls_ssl_handshake(v0); +} +void ssl_get_versionSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + const char* rc = mbedtls_ssl_get_version(v0); + Local ab = args[1].As()->Buffer(); + ((const char**)ab->Data())[0] = rc; +} + +void ssl_get_versionFast(void* p, void* p0, struct FastApiTypedArray* const p_ret) { + mbedtls_ssl_context* v0 = reinterpret_cast(p0); + const char* r = mbedtls_ssl_get_version(v0); + ((const char**)p_ret->data)[0] = r; + +} +void ssl_get_ciphersuiteSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + const char* rc = mbedtls_ssl_get_ciphersuite(v0); + Local ab = args[1].As()->Buffer(); + ((const char**)ab->Data())[0] = rc; +} + +void ssl_get_ciphersuiteFast(void* p, void* p0, struct FastApiTypedArray* const p_ret) { + mbedtls_ssl_context* v0 = reinterpret_cast(p0); + const char* r = mbedtls_ssl_get_ciphersuite(v0); + ((const char**)p_ret->data)[0] = r; + +} +void ssl_get_verify_resultSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + uint32_t rc = mbedtls_ssl_get_verify_result(v0); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +uint32_t ssl_get_verify_resultFast(void* p, void* p0) { + mbedtls_ssl_context* v0 = reinterpret_cast(p0); + return mbedtls_ssl_get_verify_result(v0); +} +void ssl_writeSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + const unsigned char* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + uint32_t v2 = Local::Cast(args[2])->Value(); + int32_t rc = mbedtls_ssl_write(v0, v1, v2); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t ssl_writeFast(void* p, void* p0, void* p1, uint32_t p2) { + mbedtls_ssl_context* v0 = reinterpret_cast(p0); + const unsigned char* v1 = reinterpret_cast(p1); + uint32_t v2 = p2; + return mbedtls_ssl_write(v0, v1, v2); +} +void ssl_readSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + unsigned char* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + uint32_t v2 = Local::Cast(args[2])->Value(); + int32_t rc = mbedtls_ssl_read(v0, v1, v2); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t ssl_readFast(void* p, void* p0, void* p1, uint32_t p2) { + mbedtls_ssl_context* v0 = reinterpret_cast(p0); + unsigned char* v1 = reinterpret_cast(p1); + uint32_t v2 = p2; + return mbedtls_ssl_read(v0, v1, v2); +} +void ssl_close_notifySlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + int32_t rc = mbedtls_ssl_close_notify(v0); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t ssl_close_notifyFast(void* p, void* p0) { + mbedtls_ssl_context* v0 = reinterpret_cast(p0); + return mbedtls_ssl_close_notify(v0); +} +void net_freeSlow(const FunctionCallbackInfo &args) { + mbedtls_net_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_net_free(v0); +} + +void net_freeFast(void* p, void* p0) { + mbedtls_net_context* v0 = reinterpret_cast(p0); + mbedtls_net_free(v0); +} +void ssl_freeSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_ssl_free(v0); +} + +void ssl_freeFast(void* p, void* p0) { + mbedtls_ssl_context* v0 = reinterpret_cast(p0); + mbedtls_ssl_free(v0); +} +void ssl_config_freeSlow(const FunctionCallbackInfo &args) { + mbedtls_ssl_config* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_ssl_config_free(v0); +} + +void ssl_config_freeFast(void* p, void* p0) { + mbedtls_ssl_config* v0 = reinterpret_cast(p0); + mbedtls_ssl_config_free(v0); +} +void x509_crt_freeSlow(const FunctionCallbackInfo &args) { + mbedtls_x509_crt* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_x509_crt_free(v0); +} + +void x509_crt_freeFast(void* p, void* p0) { + mbedtls_x509_crt* v0 = reinterpret_cast(p0); + mbedtls_x509_crt_free(v0); +} +void ctr_drbg_freeSlow(const FunctionCallbackInfo &args) { + mbedtls_ctr_drbg_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_ctr_drbg_free(v0); +} + +void ctr_drbg_freeFast(void* p, void* p0) { + mbedtls_ctr_drbg_context* v0 = reinterpret_cast(p0); + mbedtls_ctr_drbg_free(v0); +} +void entropy_freeSlow(const FunctionCallbackInfo &args) { + mbedtls_entropy_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_entropy_free(v0); +} + +void entropy_freeFast(void* p, void* p0) { + mbedtls_entropy_context* v0 = reinterpret_cast(p0); + mbedtls_entropy_free(v0); +} +void dhm_initSlow(const FunctionCallbackInfo &args) { + mbedtls_dhm_context* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_dhm_init(v0); +} + +void dhm_initFast(void* p, void* p0) { + mbedtls_dhm_context* v0 = reinterpret_cast(p0); + mbedtls_dhm_init(v0); +} +void md5_initSlow(const FunctionCallbackInfo &args) { + mbedtls_md5_context * v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_md5_init(v0); +} + +void md5_initFast(void* p, void* p0) { + mbedtls_md5_context * v0 = reinterpret_cast(p0); + mbedtls_md5_init(v0); +} +void md5_freeSlow(const FunctionCallbackInfo &args) { + mbedtls_md5_context * v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_md5_free(v0); +} + +void md5_freeFast(void* p, void* p0) { + mbedtls_md5_context * v0 = reinterpret_cast(p0); + mbedtls_md5_free(v0); +} +void md5_startsSlow(const FunctionCallbackInfo &args) { + mbedtls_md5_context * v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_md5_starts(v0); +} + +void md5_startsFast(void* p, void* p0) { + mbedtls_md5_context * v0 = reinterpret_cast(p0); + mbedtls_md5_starts(v0); +} +void md5_updateSlow(const FunctionCallbackInfo &args) { + mbedtls_md5_context * v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + const unsigned char* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + uint32_t v2 = Local::Cast(args[2])->Value(); + mbedtls_md5_update(v0, v1, v2); +} + +void md5_updateFast(void* p, void* p0, void* p1, uint32_t p2) { + mbedtls_md5_context * v0 = reinterpret_cast(p0); + const unsigned char* v1 = reinterpret_cast(p1); + uint32_t v2 = p2; + mbedtls_md5_update(v0, v1, v2); +} +void md5_finishSlow(const FunctionCallbackInfo &args) { + mbedtls_md5_context * v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + unsigned char* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + mbedtls_md5_finish(v0, v1); +} + +void md5_finishFast(void* p, void* p0, void* p1) { + mbedtls_md5_context * v0 = reinterpret_cast(p0); + unsigned char* v1 = reinterpret_cast(p1); + mbedtls_md5_finish(v0, v1); +} +void sha256_initSlow(const FunctionCallbackInfo &args) { + mbedtls_sha256_context * v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_sha256_init(v0); +} + +void sha256_initFast(void* p, void* p0) { + mbedtls_sha256_context * v0 = reinterpret_cast(p0); + mbedtls_sha256_init(v0); +} +void sha256_freeSlow(const FunctionCallbackInfo &args) { + mbedtls_sha256_context * v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + mbedtls_sha256_free(v0); +} + +void sha256_freeFast(void* p, void* p0) { + mbedtls_sha256_context * v0 = reinterpret_cast(p0); + mbedtls_sha256_free(v0); +} +void sha256_startsSlow(const FunctionCallbackInfo &args) { + mbedtls_sha256_context * v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + int32_t v1 = Local::Cast(args[1])->Value(); + mbedtls_sha256_starts(v0, v1); +} + +void sha256_startsFast(void* p, void* p0, int32_t p1) { + mbedtls_sha256_context * v0 = reinterpret_cast(p0); + int32_t v1 = p1; + mbedtls_sha256_starts(v0, v1); +} +void sha256_updateSlow(const FunctionCallbackInfo &args) { + mbedtls_sha256_context * v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + const unsigned char* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + uint32_t v2 = Local::Cast(args[2])->Value(); + mbedtls_sha256_update(v0, v1, v2); +} + +void sha256_updateFast(void* p, void* p0, void* p1, uint32_t p2) { + mbedtls_sha256_context * v0 = reinterpret_cast(p0); + const unsigned char* v1 = reinterpret_cast(p1); + uint32_t v2 = p2; + mbedtls_sha256_update(v0, v1, v2); +} +void sha256_finishSlow(const FunctionCallbackInfo &args) { + mbedtls_sha256_context * v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + unsigned char* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + mbedtls_sha256_finish(v0, v1); +} + +void sha256_finishFast(void* p, void* p0, void* p1) { + mbedtls_sha256_context * v0 = reinterpret_cast(p0); + unsigned char* v1 = reinterpret_cast(p1); + mbedtls_sha256_finish(v0, v1); +} void Init(Isolate* isolate, Local target) { Local module = ObjectTemplate::New(isolate); - SET_FAST_METHOD(isolate, module, "mbedtls_x509_crt_init", &pFmbedtls_x509_crt_init, mbedtls_x509_crt_initSlow); - SET_FAST_METHOD(isolate, module, "mbedtls_net_init", &pFmbedtls_net_init, mbedtls_net_initSlow); - SET_FAST_METHOD(isolate, module, "mbedtls_ssl_init", &pFmbedtls_ssl_init, mbedtls_ssl_initSlow); - SET_FAST_METHOD(isolate, module, "mbedtls_ssl_config_init", &pFmbedtls_ssl_config_init, mbedtls_ssl_config_initSlow); - SET_FAST_METHOD(isolate, module, "mbedtls_entropy_init", &pFmbedtls_entropy_init, mbedtls_entropy_initSlow); - SET_FAST_METHOD(isolate, module, "mbedtls_x509_crt_parse_der", &pFmbedtls_x509_crt_parse_der, mbedtls_x509_crt_parse_derSlow); + SET_FAST_METHOD(isolate, module, "x509_crt_init", &pFx509_crt_init, x509_crt_initSlow); + SET_FAST_METHOD(isolate, module, "net_init", &pFnet_init, net_initSlow); + SET_FAST_METHOD(isolate, module, "ssl_init", &pFssl_init, ssl_initSlow); + SET_FAST_METHOD(isolate, module, "ssl_config_init", &pFssl_config_init, ssl_config_initSlow); + SET_FAST_METHOD(isolate, module, "entropy_init", &pFentropy_init, entropy_initSlow); + SET_FAST_METHOD(isolate, module, "ctr_drbg_init", &pFctr_drbg_init, ctr_drbg_initSlow); + SET_FAST_METHOD(isolate, module, "x509_crt_parse_der", &pFx509_crt_parse_der, x509_crt_parse_derSlow); + SET_FAST_METHOD(isolate, module, "debug_set_threshold", &pFdebug_set_threshold, debug_set_thresholdSlow); + SET_FAST_METHOD(isolate, module, "ctr_drbg_seed", &pFctr_drbg_seed, ctr_drbg_seedSlow); + SET_FAST_METHOD(isolate, module, "exit", &pFexit, exitSlow); + SET_FAST_METHOD(isolate, module, "x509_crt_parse", &pFx509_crt_parse, x509_crt_parseSlow); + SET_FAST_METHOD(isolate, module, "ssl_config_defaults", &pFssl_config_defaults, ssl_config_defaultsSlow); + SET_FAST_METHOD(isolate, module, "ssl_conf_max_frag_len", &pFssl_conf_max_frag_len, ssl_conf_max_frag_lenSlow); + SET_FAST_METHOD(isolate, module, "ssl_conf_rng", &pFssl_conf_rng, ssl_conf_rngSlow); + SET_FAST_METHOD(isolate, module, "ssl_conf_dbg", &pFssl_conf_dbg, ssl_conf_dbgSlow); + SET_FAST_METHOD(isolate, module, "ssl_conf_read_timeout", &pFssl_conf_read_timeout, ssl_conf_read_timeoutSlow); + SET_FAST_METHOD(isolate, module, "ssl_conf_session_tickets", &pFssl_conf_session_tickets, ssl_conf_session_ticketsSlow); + SET_FAST_METHOD(isolate, module, "ssl_conf_renegotiation", &pFssl_conf_renegotiation, ssl_conf_renegotiationSlow); + SET_FAST_METHOD(isolate, module, "ssl_conf_ca_chain", &pFssl_conf_ca_chain, ssl_conf_ca_chainSlow); + SET_FAST_METHOD(isolate, module, "ssl_conf_min_version", &pFssl_conf_min_version, ssl_conf_min_versionSlow); + SET_FAST_METHOD(isolate, module, "ssl_conf_max_version", &pFssl_conf_max_version, ssl_conf_max_versionSlow); + SET_FAST_METHOD(isolate, module, "ssl_setup", &pFssl_setup, ssl_setupSlow); + SET_FAST_METHOD(isolate, module, "ssl_set_hostname", &pFssl_set_hostname, ssl_set_hostnameSlow); + SET_FAST_METHOD(isolate, module, "ssl_set_bio", &pFssl_set_bio, ssl_set_bioSlow); + SET_FAST_METHOD(isolate, module, "net_connect", &pFnet_connect, net_connectSlow); + SET_FAST_METHOD(isolate, module, "net_set_block", &pFnet_set_block, net_set_blockSlow); + SET_FAST_METHOD(isolate, module, "ssl_handshake", &pFssl_handshake, ssl_handshakeSlow); + SET_FAST_METHOD(isolate, module, "ssl_get_version", &pFssl_get_version, ssl_get_versionSlow); + SET_FAST_METHOD(isolate, module, "ssl_get_ciphersuite", &pFssl_get_ciphersuite, ssl_get_ciphersuiteSlow); + SET_FAST_METHOD(isolate, module, "ssl_get_verify_result", &pFssl_get_verify_result, ssl_get_verify_resultSlow); + SET_FAST_METHOD(isolate, module, "ssl_write", &pFssl_write, ssl_writeSlow); + SET_FAST_METHOD(isolate, module, "ssl_read", &pFssl_read, ssl_readSlow); + SET_FAST_METHOD(isolate, module, "ssl_close_notify", &pFssl_close_notify, ssl_close_notifySlow); + SET_FAST_METHOD(isolate, module, "net_free", &pFnet_free, net_freeSlow); + SET_FAST_METHOD(isolate, module, "ssl_free", &pFssl_free, ssl_freeSlow); + SET_FAST_METHOD(isolate, module, "ssl_config_free", &pFssl_config_free, ssl_config_freeSlow); + SET_FAST_METHOD(isolate, module, "x509_crt_free", &pFx509_crt_free, x509_crt_freeSlow); + SET_FAST_METHOD(isolate, module, "ctr_drbg_free", &pFctr_drbg_free, ctr_drbg_freeSlow); + SET_FAST_METHOD(isolate, module, "entropy_free", &pFentropy_free, entropy_freeSlow); + SET_FAST_METHOD(isolate, module, "dhm_init", &pFdhm_init, dhm_initSlow); + SET_FAST_METHOD(isolate, module, "md5_init", &pFmd5_init, md5_initSlow); + SET_FAST_METHOD(isolate, module, "md5_free", &pFmd5_free, md5_freeSlow); + SET_FAST_METHOD(isolate, module, "md5_starts", &pFmd5_starts, md5_startsSlow); + SET_FAST_METHOD(isolate, module, "md5_update", &pFmd5_update, md5_updateSlow); + SET_FAST_METHOD(isolate, module, "md5_finish", &pFmd5_finish, md5_finishSlow); + SET_FAST_METHOD(isolate, module, "sha256_init", &pFsha256_init, sha256_initSlow); + SET_FAST_METHOD(isolate, module, "sha256_free", &pFsha256_free, sha256_freeSlow); + SET_FAST_METHOD(isolate, module, "sha256_starts", &pFsha256_starts, sha256_startsSlow); + SET_FAST_METHOD(isolate, module, "sha256_update", &pFsha256_update, sha256_updateSlow); + SET_FAST_METHOD(isolate, module, "sha256_finish", &pFsha256_finish, sha256_finishSlow); + SET_VALUE(isolate, module, "MBEDTLS_SSL_IS_CLIENT", Integer::New(isolate, MBEDTLS_SSL_IS_CLIENT)); + SET_VALUE(isolate, module, "MBEDTLS_SSL_TRANSPORT_STREAM", Integer::New(isolate, MBEDTLS_SSL_TRANSPORT_STREAM)); + SET_VALUE(isolate, module, "MBEDTLS_SSL_PRESET_DEFAULT", Integer::New(isolate, MBEDTLS_SSL_PRESET_DEFAULT)); + SET_VALUE(isolate, module, "MBEDTLS_SSL_MAX_FRAG_LEN_NONE", Integer::New(isolate, MBEDTLS_SSL_MAX_FRAG_LEN_NONE)); + SET_VALUE(isolate, module, "MBEDTLS_SSL_SESSION_TICKETS_ENABLED", Integer::New(isolate, MBEDTLS_SSL_SESSION_TICKETS_ENABLED)); + SET_VALUE(isolate, module, "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL", Integer::New(isolate, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL)); + SET_VALUE(isolate, module, "MBEDTLS_SSL_RENEGOTIATION_DISABLED", Integer::New(isolate, MBEDTLS_SSL_RENEGOTIATION_DISABLED)); + SET_VALUE(isolate, module, "MBEDTLS_SSL_MAJOR_VERSION_3", Integer::New(isolate, MBEDTLS_SSL_MAJOR_VERSION_3)); + SET_VALUE(isolate, module, "MBEDTLS_SSL_MINOR_VERSION_4", Integer::New(isolate, MBEDTLS_SSL_MINOR_VERSION_4)); + SET_VALUE(isolate, module, "MBEDTLS_NET_PROTO_TCP", Integer::New(isolate, MBEDTLS_NET_PROTO_TCP)); + SET_VALUE(isolate, module, "MBEDTLS_ERR_SSL_WANT_READ", Integer::New(isolate, MBEDTLS_ERR_SSL_WANT_READ)); + SET_VALUE(isolate, module, "MBEDTLS_ERR_SSL_WANT_WRITE", Integer::New(isolate, MBEDTLS_ERR_SSL_WANT_WRITE)); + SET_VALUE(isolate, module, "MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS", Integer::New(isolate, MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS)); + SET_VALUE(isolate, module, "MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY", Integer::New(isolate, MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)); SET_VALUE(isolate, module, "struct_mbedtls_net_context_size", Integer::New(isolate, sizeof(mbedtls_net_context))); SET_VALUE(isolate, module, "struct_mbedtls_x509_crt_size", Integer::New(isolate, sizeof(mbedtls_x509_crt))); SET_VALUE(isolate, module, "struct_mbedtls_entropy_context_size", Integer::New(isolate, sizeof(mbedtls_entropy_context))); SET_VALUE(isolate, module, "struct_mbedtls_ssl_context_size", Integer::New(isolate, sizeof(mbedtls_ssl_context))); SET_VALUE(isolate, module, "struct_mbedtls_ssl_config_size", Integer::New(isolate, sizeof(mbedtls_ssl_config))); + SET_VALUE(isolate, module, "struct_mbedtls_ctr_drbg_context_size", Integer::New(isolate, sizeof(mbedtls_ctr_drbg_context))); + SET_VALUE(isolate, module, "struct_mbedtls_dhm_context_size", Integer::New(isolate, sizeof(mbedtls_dhm_context))); + SET_VALUE(isolate, module, "struct_mbedtls_md5_context_size", Integer::New(isolate, sizeof(mbedtls_md5_context))); + SET_VALUE(isolate, module, "struct_mbedtls_sha256_context_size", Integer::New(isolate, sizeof(mbedtls_sha256_context))); SET_MODULE(isolate, target, "mbedtls", module); } diff --git a/lib/mbedtls/mbedtls_config.h b/lib/mbedtls/mbedtls_config.h new file mode 100644 index 0000000..e1456b9 --- /dev/null +++ b/lib/mbedtls/mbedtls_config.h @@ -0,0 +1,4116 @@ +/** + * \file mbedtls_config.h + * + * \brief Configuration options (set of defines) + * + * This set of compile-time options may be used to enable + * or disable features selectively, and reduce the global + * memory footprint. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +/** + * This is an optional version symbol that enables compatibility handling of + * config files. + * + * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that + * introduced the config format we want to be compatible with. + */ +//#define MBEDTLS_CONFIG_VERSION 0x03000000 + +/** + * \name SECTION: System support + * + * This section sets system specific settings. + * \{ + */ + +/** + * \def MBEDTLS_HAVE_ASM + * + * The compiler has support for asm(). + * + * Requires support for asm() in compiler. + * + * Used in: + * library/aesni.h + * library/aria.c + * library/bn_mul.h + * library/constant_time.c + * library/padlock.h + * + * Required by: + * MBEDTLS_AESCE_C + * MBEDTLS_AESNI_C (on some platforms) + * MBEDTLS_PADLOCK_C + * + * Comment to disable the use of assembly code. + */ +#define MBEDTLS_HAVE_ASM + +/** + * \def MBEDTLS_NO_UDBL_DIVISION + * + * The platform lacks support for double-width integer division (64-bit + * division on a 32-bit platform, 128-bit division on a 64-bit platform). + * + * Used in: + * include/mbedtls/bignum.h + * library/bignum.c + * + * The bignum code uses double-width division to speed up some operations. + * Double-width division is often implemented in software that needs to + * be linked with the program. The presence of a double-width integer + * type is usually detected automatically through preprocessor macros, + * but the automatic detection cannot know whether the code needs to + * and can be linked with an implementation of division for that type. + * By default division is assumed to be usable if the type is present. + * Uncomment this option to prevent the use of double-width division. + * + * Note that division for the native integer type is always required. + * Furthermore, a 64-bit type is always required even on a 32-bit + * platform, but it need not support multiplication or division. In some + * cases it is also desirable to disable some double-width operations. For + * example, if double-width division is implemented in software, disabling + * it can reduce code size in some embedded targets. + */ +//#define MBEDTLS_NO_UDBL_DIVISION + +/** + * \def MBEDTLS_NO_64BIT_MULTIPLICATION + * + * The platform lacks support for 32x32 -> 64-bit multiplication. + * + * Used in: + * library/poly1305.c + * + * Some parts of the library may use multiplication of two unsigned 32-bit + * operands with a 64-bit result in order to speed up computations. On some + * platforms, this is not available in hardware and has to be implemented in + * software, usually in a library provided by the toolchain. + * + * Sometimes it is not desirable to have to link to that library. This option + * removes the dependency of that library on platforms that lack a hardware + * 64-bit multiplier by embedding a software implementation in Mbed TLS. + * + * Note that depending on the compiler, this may decrease performance compared + * to using the library function provided by the toolchain. + */ +//#define MBEDTLS_NO_64BIT_MULTIPLICATION + +/** + * \def MBEDTLS_HAVE_SSE2 + * + * CPU supports SSE2 instruction set. + * + * Uncomment if the CPU supports SSE2 (IA-32 specific). + */ +//#define MBEDTLS_HAVE_SSE2 + +/** + * \def MBEDTLS_HAVE_TIME + * + * System has time.h and time(). + * The time does not need to be correct, only time differences are used, + * by contrast with MBEDTLS_HAVE_TIME_DATE + * + * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, + * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and + * MBEDTLS_PLATFORM_STD_TIME. + * + * Comment if your system does not support time functions. + * + * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing + * interface - timing.c will include time.h on suitable platforms + * regardless of the setting of MBEDTLS_HAVE_TIME, unless + * MBEDTLS_TIMING_ALT is used. See timing.c for more information. + */ +#define MBEDTLS_HAVE_TIME + +/** + * \def MBEDTLS_HAVE_TIME_DATE + * + * System has time.h, time(), and an implementation for + * mbedtls_platform_gmtime_r() (see below). + * The time needs to be correct (not necessarily very accurate, but at least + * the date should be correct). This is used to verify the validity period of + * X.509 certificates. + * + * Comment if your system does not have a correct clock. + * + * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that + * behaves similarly to the gmtime_r() function from the C standard. Refer to + * the documentation for mbedtls_platform_gmtime_r() for more information. + * + * \note It is possible to configure an implementation for + * mbedtls_platform_gmtime_r() at compile-time by using the macro + * MBEDTLS_PLATFORM_GMTIME_R_ALT. + */ +#define MBEDTLS_HAVE_TIME_DATE + +/** + * \def MBEDTLS_PLATFORM_MEMORY + * + * Enable the memory allocation layer. + * + * By default Mbed TLS uses the system-provided calloc() and free(). + * This allows different allocators (self-implemented or provided) to be + * provided to the platform abstraction layer. + * + * Enabling #MBEDTLS_PLATFORM_MEMORY without the + * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide + * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and + * free() function pointer at runtime. + * + * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying + * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the + * alternate function at compile time. + * + * An overview of how the value of mbedtls_calloc is determined: + * + * - if !MBEDTLS_PLATFORM_MEMORY + * - mbedtls_calloc = calloc + * - if MBEDTLS_PLATFORM_MEMORY + * - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO): + * - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO + * - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO): + * - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC. + * - How is MBEDTLS_PLATFORM_STD_CALLOC handled? + * - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS: + * - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything; + * - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present; + * - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS: + * - if MBEDTLS_PLATFORM_STD_CALLOC is present: + * - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected; + * - if !MBEDTLS_PLATFORM_STD_CALLOC: + * - MBEDTLS_PLATFORM_STD_CALLOC = calloc + * + * - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked. + * - if !MBEDTLS_PLATFORM_STD_CALLOC + * - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc + * + * - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC. + * + * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible. + * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time. + * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used, + * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases. + * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer. + * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything. + * + * Requires: MBEDTLS_PLATFORM_C + * + * Enable this layer to allow use of alternative memory allocators. + */ +//#define MBEDTLS_PLATFORM_MEMORY + +/** + * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + * + * Do not assign standard functions in the platform layer (e.g. calloc() to + * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) + * + * This makes sure there are no linking errors on platforms that do not support + * these functions. You will HAVE to provide alternatives, either at runtime + * via the platform_set_xxx() functions or at compile time by setting + * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a + * MBEDTLS_PLATFORM_XXX_MACRO. + * + * Requires: MBEDTLS_PLATFORM_C + * + * Uncomment to prevent default assignment of standard functions in the + * platform layer. + */ +//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + +/** + * \def MBEDTLS_PLATFORM_EXIT_ALT + * + * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the + * function in the platform abstraction layer. + * + * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will + * provide a function "mbedtls_platform_set_printf()" that allows you to set an + * alternative printf function pointer. + * + * All these define require MBEDTLS_PLATFORM_C to be defined! + * + * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; + * it will be enabled automatically by check_config.h + * + * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as + * MBEDTLS_PLATFORM_XXX_MACRO! + * + * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME + * + * Uncomment a macro to enable alternate implementation of specific base + * platform function + */ +//#define MBEDTLS_PLATFORM_SETBUF_ALT +//#define MBEDTLS_PLATFORM_EXIT_ALT +//#define MBEDTLS_PLATFORM_TIME_ALT +//#define MBEDTLS_PLATFORM_FPRINTF_ALT +//#define MBEDTLS_PLATFORM_PRINTF_ALT +//#define MBEDTLS_PLATFORM_SNPRINTF_ALT +//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT +//#define MBEDTLS_PLATFORM_NV_SEED_ALT +//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT +//#define MBEDTLS_PLATFORM_MS_TIME_ALT + +/** + * Uncomment the macro to let Mbed TLS use your alternate implementation of + * mbedtls_platform_gmtime_r(). This replaces the default implementation in + * platform_util.c. + * + * gmtime() is not a thread-safe function as defined in the C standard. The + * library will try to use safer implementations of this function, such as + * gmtime_r() when available. However, if Mbed TLS cannot identify the target + * system, the implementation of mbedtls_platform_gmtime_r() will default to + * using the standard gmtime(). In this case, calls from the library to + * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex + * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the + * library are also guarded with this mutex to avoid race conditions. However, + * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will + * unconditionally use the implementation for mbedtls_platform_gmtime_r() + * supplied at compile time. + */ +//#define MBEDTLS_PLATFORM_GMTIME_R_ALT + +/** + * Uncomment the macro to let Mbed TLS use your alternate implementation of + * mbedtls_platform_zeroize(), to wipe sensitive data in memory. This replaces + * the default implementation in platform_util.c. + * + * By default, the library uses a system function such as memset_s() + * (optional feature of C11), explicit_bzero() (BSD and compatible), or + * SecureZeroMemory (Windows). If no such function is detected, the library + * falls back to a plain C implementation. Compilers are technically + * permitted to optimize this implementation out, meaning that the memory is + * not actually wiped. The library tries to prevent that, but the C language + * makes it impossible to guarantee that the memory will always be wiped. + * + * If your platform provides a guaranteed method to wipe memory which + * `platform_util.c` does not detect, define this macro to the name of + * a function that takes two arguments, a `void *` pointer and a length, + * and wipes that many bytes starting at the specified address. For example, + * if your platform has explicit_bzero() but `platform_util.c` does not + * detect its presence, define `MBEDTLS_PLATFORM_ZEROIZE_ALT` to be + * `explicit_bzero` to use that function as mbedtls_platform_zeroize(). + */ +//#define MBEDTLS_PLATFORM_ZEROIZE_ALT + +/** + * \def MBEDTLS_DEPRECATED_WARNING + * + * Mark deprecated functions and features so that they generate a warning if + * used. Functionality deprecated in one version will usually be removed in the + * next version. You can enable this to help you prepare the transition to a + * new major version by making sure your code is not using this functionality. + * + * This only works with GCC and Clang. With other compilers, you may want to + * use MBEDTLS_DEPRECATED_REMOVED + * + * Uncomment to get warnings on using deprecated functions and features. + */ +//#define MBEDTLS_DEPRECATED_WARNING + +/** + * \def MBEDTLS_DEPRECATED_REMOVED + * + * Remove deprecated functions and features so that they generate an error if + * used. Functionality deprecated in one version will usually be removed in the + * next version. You can enable this to help you prepare the transition to a + * new major version by making sure your code is not using this functionality. + * + * Uncomment to get errors on using deprecated functions and features. + */ +//#define MBEDTLS_DEPRECATED_REMOVED + +/** \} name SECTION: System support */ + +/** + * \name SECTION: Mbed TLS feature support + * + * This section sets support for features that are or are not needed + * within the modules that are enabled. + * \{ + */ + +/** + * \def MBEDTLS_TIMING_ALT + * + * Uncomment to provide your own alternate implementation for + * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() + * + * Only works if you have MBEDTLS_TIMING_C enabled. + * + * You will need to provide a header "timing_alt.h" and an implementation at + * compile time. + */ +//#define MBEDTLS_TIMING_ALT + +/** + * \def MBEDTLS_AES_ALT + * + * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your + * alternate core implementation of a symmetric crypto, an arithmetic or hash + * module (e.g. platform specific assembly optimized implementations). Keep + * in mind that the function prototypes should remain the same. + * + * This replaces the whole module. If you only want to replace one of the + * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. + * + * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer + * provide the "struct mbedtls_aes_context" definition and omit the base + * function declarations and implementations. "aes_alt.h" will be included from + * "aes.h" to include the new function definitions. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * module. + * + * \warning MD5, DES and SHA-1 are considered weak and their + * use constitutes a security risk. If possible, we recommend + * avoiding dependencies on them, and considering stronger message + * digests and ciphers instead. + * + */ +//#define MBEDTLS_AES_ALT +//#define MBEDTLS_ARIA_ALT +//#define MBEDTLS_CAMELLIA_ALT +//#define MBEDTLS_CCM_ALT +//#define MBEDTLS_CHACHA20_ALT +//#define MBEDTLS_CHACHAPOLY_ALT +//#define MBEDTLS_CMAC_ALT +//#define MBEDTLS_DES_ALT +//#define MBEDTLS_DHM_ALT +//#define MBEDTLS_ECJPAKE_ALT +//#define MBEDTLS_GCM_ALT +//#define MBEDTLS_NIST_KW_ALT +//#define MBEDTLS_MD5_ALT +//#define MBEDTLS_POLY1305_ALT +//#define MBEDTLS_RIPEMD160_ALT +//#define MBEDTLS_RSA_ALT +//#define MBEDTLS_SHA1_ALT +//#define MBEDTLS_SHA256_ALT +//#define MBEDTLS_SHA512_ALT + +/* + * When replacing the elliptic curve module, please consider, that it is + * implemented with two .c files: + * - ecp.c + * - ecp_curves.c + * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT + * macros as described above. The only difference is that you have to make sure + * that you provide functionality for both .c files. + */ +//#define MBEDTLS_ECP_ALT + +/** + * \def MBEDTLS_SHA256_PROCESS_ALT + * + * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you + * alternate core implementation of symmetric crypto or hash function. Keep in + * mind that function prototypes should remain the same. + * + * This replaces only one function. The header file from Mbed TLS is still + * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. + * + * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will + * no longer provide the mbedtls_sha1_process() function, but it will still provide + * the other function (using your mbedtls_sha1_process() function) and the definition + * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible + * with this definition. + * + * \note If you use the AES_xxx_ALT macros, then it is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * function. + * + * \warning MD5, DES and SHA-1 are considered weak and their use + * constitutes a security risk. If possible, we recommend avoiding + * dependencies on them, and considering stronger message digests + * and ciphers instead. + * + * \warning If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are + * enabled, then the deterministic ECDH signature functions pass the + * the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore + * alternative implementations should use the RNG only for generating + * the ephemeral key and nothing else. If this is not possible, then + * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative + * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). + * + */ +//#define MBEDTLS_MD5_PROCESS_ALT +//#define MBEDTLS_RIPEMD160_PROCESS_ALT +//#define MBEDTLS_SHA1_PROCESS_ALT +//#define MBEDTLS_SHA256_PROCESS_ALT +//#define MBEDTLS_SHA512_PROCESS_ALT +//#define MBEDTLS_DES_SETKEY_ALT +//#define MBEDTLS_DES_CRYPT_ECB_ALT +//#define MBEDTLS_DES3_CRYPT_ECB_ALT +//#define MBEDTLS_AES_SETKEY_ENC_ALT +//#define MBEDTLS_AES_SETKEY_DEC_ALT +//#define MBEDTLS_AES_ENCRYPT_ALT +//#define MBEDTLS_AES_DECRYPT_ALT +//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT +//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT +//#define MBEDTLS_ECDSA_VERIFY_ALT +//#define MBEDTLS_ECDSA_SIGN_ALT +//#define MBEDTLS_ECDSA_GENKEY_ALT + +/** + * \def MBEDTLS_ECP_INTERNAL_ALT + * + * Expose a part of the internal interface of the Elliptic Curve Point module. + * + * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your + * alternative core implementation of elliptic curve arithmetic. Keep in mind + * that function prototypes should remain the same. + * + * This partially replaces one function. The header file from Mbed TLS is still + * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation + * is still present and it is used for group structures not supported by the + * alternative. + * + * The original implementation can in addition be removed by setting the + * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the + * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be + * able to fallback to curves not supported by the alternative implementation. + * + * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT + * and implementing the following functions: + * unsigned char mbedtls_internal_ecp_grp_capable( + * const mbedtls_ecp_group *grp ) + * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) + * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) + * The mbedtls_internal_ecp_grp_capable function should return 1 if the + * replacement functions implement arithmetic for the given group and 0 + * otherwise. + * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are + * called before and after each point operation and provide an opportunity to + * implement optimized set up and tear down instructions. + * + * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and + * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac() + * function, but will use your mbedtls_internal_ecp_double_jac() if the group + * for the operation is supported by your implementation (i.e. your + * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the + * group is not supported by your implementation, then the original Mbed TLS + * implementation of ecp_double_jac() is used instead, unless this fallback + * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case + * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE). + * + * The function prototypes and the definition of mbedtls_ecp_group and + * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your + * implementation of mbedtls_internal_ecp__function_name__ must be compatible + * with their definitions. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * function. + */ +/* Required for all the functions in this section */ +//#define MBEDTLS_ECP_INTERNAL_ALT +/* Turn off software fallback for curves not supported in hardware */ +//#define MBEDTLS_ECP_NO_FALLBACK +/* Support for Weierstrass curves with Jacobi representation */ +//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT +//#define MBEDTLS_ECP_ADD_MIXED_ALT +//#define MBEDTLS_ECP_DOUBLE_JAC_ALT +//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT +//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT +/* Support for curves with Montgomery arithmetic */ +//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT +//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT +//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT + +/** + * \def MBEDTLS_ENTROPY_HARDWARE_ALT + * + * Uncomment this macro to let Mbed TLS use your own implementation of a + * hardware entropy collector. + * + * Your function must be called \c mbedtls_hardware_poll(), have the same + * prototype as declared in library/entropy_poll.h, and accept NULL as first + * argument. + * + * Uncomment to use your own hardware entropy collector. + */ +//#define MBEDTLS_ENTROPY_HARDWARE_ALT + +/** + * \def MBEDTLS_AES_ROM_TABLES + * + * Use precomputed AES tables stored in ROM. + * + * Uncomment this macro to use precomputed AES tables stored in ROM. + * Comment this macro to generate AES tables in RAM at runtime. + * + * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb + * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the + * initialization time before the first AES operation can be performed. + * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c + * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded + * performance if ROM access is slower than RAM access. + * + * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. + */ +//#define MBEDTLS_AES_ROM_TABLES + +/** + * \def MBEDTLS_AES_FEWER_TABLES + * + * Use less ROM/RAM for AES tables. + * + * Uncommenting this macro omits 75% of the AES tables from + * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) + * by computing their values on the fly during operations + * (the tables are entry-wise rotations of one another). + * + * Tradeoff: Uncommenting this reduces the RAM / ROM footprint + * by ~6kb but at the cost of more arithmetic operations during + * runtime. Specifically, one has to compare 4 accesses within + * different tables to 4 accesses with additional arithmetic + * operations within the same table. The performance gain/loss + * depends on the system and memory details. + * + * This option is independent of \c MBEDTLS_AES_ROM_TABLES. + */ +//#define MBEDTLS_AES_FEWER_TABLES + +/** + * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + * + * Use only 128-bit keys in AES operations to save ROM. + * + * Uncomment this macro to remove support for AES operations that use 192- + * or 256-bit keys. + * + * Uncommenting this macro reduces the size of AES code by ~300 bytes + * on v8-M/Thumb2. + * + * Module: library/aes.c + * + * Requires: MBEDTLS_AES_C + */ +//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + +/* + * Disable plain C implementation for AES. + * + * When the plain C implementation is enabled, and an implementation using a + * special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime + * detection will be used to select between them. + * + * If only one implementation is present, runtime detection will not be used. + * This configuration will crash at runtime if running on a CPU without the + * necessary features. It will not build unless at least one of MBEDTLS_AESCE_C + * and/or MBEDTLS_AESNI_C is enabled & present in the build. + */ +//#define MBEDTLS_AES_USE_HARDWARE_ONLY + +/** + * \def MBEDTLS_CAMELLIA_SMALL_MEMORY + * + * Use less ROM for the Camellia implementation (saves about 768 bytes). + * + * Uncomment this macro to use less memory for Camellia. + */ +//#define MBEDTLS_CAMELLIA_SMALL_MEMORY + +/** + * \def MBEDTLS_CHECK_RETURN_WARNING + * + * If this macro is defined, emit a compile-time warning if application code + * calls a function without checking its return value, but the return value + * should generally be checked in portable applications. + * + * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is + * implemented. Otherwise this option has no effect. + * + * Uncomment to get warnings on using fallible functions without checking + * their return value. + * + * \note This feature is a work in progress. + * Warnings will be added to more functions in the future. + * + * \note A few functions are considered critical, and ignoring the return + * value of these functions will trigger a warning even if this + * macro is not defined. To completely disable return value check + * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion. + */ +//#define MBEDTLS_CHECK_RETURN_WARNING + +/** + * \def MBEDTLS_CIPHER_MODE_CBC + * + * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_CBC + +/** + * \def MBEDTLS_CIPHER_MODE_CFB + * + * Enable Cipher Feedback mode (CFB) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_CFB + +/** + * \def MBEDTLS_CIPHER_MODE_CTR + * + * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_CTR + +/** + * \def MBEDTLS_CIPHER_MODE_OFB + * + * Enable Output Feedback mode (OFB) for symmetric ciphers. + */ +#define MBEDTLS_CIPHER_MODE_OFB + +/** + * \def MBEDTLS_CIPHER_MODE_XTS + * + * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. + */ +#define MBEDTLS_CIPHER_MODE_XTS + +/** + * \def MBEDTLS_CIPHER_NULL_CIPHER + * + * Enable NULL cipher. + * Warning: Only do so when you know what you are doing. This allows for + * encryption or channels without any security! + * + * To enable the following ciphersuites: + * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA + * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA + * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 + * MBEDTLS_TLS_RSA_WITH_NULL_SHA + * MBEDTLS_TLS_RSA_WITH_NULL_MD5 + * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA + * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 + * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 + * MBEDTLS_TLS_PSK_WITH_NULL_SHA + * + * Uncomment this macro to enable the NULL cipher and ciphersuites + */ +//#define MBEDTLS_CIPHER_NULL_CIPHER + +/** + * \def MBEDTLS_CIPHER_PADDING_PKCS7 + * + * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for + * specific padding modes in the cipher layer with cipher modes that support + * padding (e.g. CBC) + * + * If you disable all padding modes, only full blocks can be used with CBC. + * + * Enable padding modes in the cipher layer. + */ +#define MBEDTLS_CIPHER_PADDING_PKCS7 +#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN +#define MBEDTLS_CIPHER_PADDING_ZEROS + +/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + * + * Uncomment this macro to use a 128-bit key in the CTR_DRBG module. + * Without this, CTR_DRBG uses a 256-bit key + * unless \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set. + */ +//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + +/** + * Enable the verified implementations of ECDH primitives from Project Everest + * (currently only Curve25519). This feature changes the layout of ECDH + * contexts and therefore is a compatibility break for applications that access + * fields of a mbedtls_ecdh_context structure directly. See also + * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. + * + * The Everest code is provided under the Apache 2.0 license only; therefore enabling this + * option is not compatible with taking the library under the GPL v2.0-or-later license. + */ +//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + +/** + * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED + * + * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve + * module. By default all supported curves are enabled. + * + * Comment macros to disable the curve and functions for it + */ +/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */ +#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +#define MBEDTLS_ECP_DP_SECP224R1_ENABLED +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +#define MBEDTLS_ECP_DP_SECP224K1_ENABLED +#define MBEDTLS_ECP_DP_SECP256K1_ENABLED +#define MBEDTLS_ECP_DP_BP256R1_ENABLED +#define MBEDTLS_ECP_DP_BP384R1_ENABLED +#define MBEDTLS_ECP_DP_BP512R1_ENABLED +/* Montgomery curves (supporting ECP) */ +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_ECP_DP_CURVE448_ENABLED + +/** + * \def MBEDTLS_ECP_NIST_OPTIM + * + * Enable specific 'modulo p' routines for each NIST prime. + * Depending on the prime and architecture, makes operations 4 to 8 times + * faster on the corresponding curve. + * + * Comment this macro to disable NIST curves optimisation. + */ +#define MBEDTLS_ECP_NIST_OPTIM + +/** + * \def MBEDTLS_ECP_RESTARTABLE + * + * Enable "non-blocking" ECC operations that can return early and be resumed. + * + * This allows various functions to pause by returning + * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in + * order to further progress and eventually complete their operation. This is + * controlled through mbedtls_ecp_set_max_ops() which limits the maximum + * number of ECC operations a function may perform before pausing; see + * mbedtls_ecp_set_max_ops() for more information. + * + * This is useful in non-threaded environments if you want to avoid blocking + * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. + * + * This option: + * - Adds xxx_restartable() variants of existing operations in the + * following modules, with corresponding restart context types: + * - ECP (for Short Weierstrass curves only): scalar multiplication (mul), + * linear combination (muladd); + * - ECDSA: signature generation & verification; + * - PK: signature generation & verification; + * - X509: certificate chain verification. + * - Adds mbedtls_ecdh_enable_restart() in the ECDH module. + * - Changes the behaviour of TLS 1.2 clients (not servers) when using the + * ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC + * computations restartable: + * - ECDH operations from the key exchange, only for Short Weierstrass + * curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled. + * - verification of the server's key exchange signature; + * - verification of the server's certificate chain; + * - generation of the client's signature if client authentication is used, + * with an ECC key/certificate. + * + * \note In the cases above, the usual SSL/TLS functions, such as + * mbedtls_ssl_handshake(), can now return + * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS. + * + * \note When this option and MBEDTLS_USE_PSA_CRYPTO are both enabled, + * restartable operations in PK, X.509 and TLS (see above) are not + * using PSA. On the other hand, ECDH computations in TLS are using + * PSA, and are not restartable. These are temporary limitations that + * should be lifted in the future. + * + * \note This option only works with the default software implementation of + * elliptic curve functionality. It is incompatible with + * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. + * + * Requires: MBEDTLS_ECP_C + * + * Uncomment this macro to enable restartable ECC computations. + */ +//#define MBEDTLS_ECP_RESTARTABLE + +/** + * Uncomment to enable using new bignum code in the ECC modules. + * + * \warning This is currently experimental, incomplete and therefore should not + * be used in production. + */ +//#define MBEDTLS_ECP_WITH_MPI_UINT + +/** + * \def MBEDTLS_ECDSA_DETERMINISTIC + * + * Enable deterministic ECDSA (RFC 6979). + * Standard ECDSA is "fragile" in the sense that lack of entropy when signing + * may result in a compromise of the long-term signing key. This is avoided by + * the deterministic variant. + * + * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C + * + * Comment this macro to disable deterministic ECDSA. + */ +#define MBEDTLS_ECDSA_DETERMINISTIC + +/** + * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED + * + * Enable the PSK based ciphersuite modes in SSL / TLS. + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + * + * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_DHM_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. + * + */ +#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + * + * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + * + * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED + * + * Enable the RSA-only based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + */ +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + * + * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + * + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. + * + */ +#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + * + * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) + * MBEDTLS_RSA_C + * MBEDTLS_PKCS1_V15 + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + * + * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) + * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA) + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + * + * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) + * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA) + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + * + * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. + * + * Requires: MBEDTLS_ECDH_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDH) + * MBEDTLS_RSA_C + * MBEDTLS_X509_CRT_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 + */ +#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + +/** + * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + * + * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. + * + * \warning This is currently experimental. EC J-PAKE support is based on the + * Thread v1.0.0 specification; incompatible changes to the specification + * might still happen. For this reason, this is disabled by default. + * + * Requires: MBEDTLS_ECJPAKE_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_JPAKE) + * SHA-256 (via MBEDTLS_SHA256_C or a PSA driver) + * MBEDTLS_ECP_DP_SECP256R1_ENABLED + * + * \warning If SHA-256 is provided only by a PSA driver, you must call + * psa_crypto_init() before the first hanshake (even if + * MBEDTLS_USE_PSA_CRYPTO is disabled). + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 + */ +//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + +/** + * \def MBEDTLS_PK_PARSE_EC_EXTENDED + * + * Enhance support for reading EC keys using variants of SEC1 not allowed by + * RFC 5915 and RFC 5480. + * + * Currently this means parsing the SpecifiedECDomain choice of EC + * parameters (only known groups are supported, not arbitrary domains, to + * avoid validation issues). + * + * Disable if you only need to support RFC 5915 + 5480 key formats. + */ +#define MBEDTLS_PK_PARSE_EC_EXTENDED + +/** + * \def MBEDTLS_PK_PARSE_EC_COMPRESSED + * + * Enable the support for parsing public keys of type Short Weierstrass + * (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX) which are using the + * compressed point format. This parsing is done through ECP module's functions. + * + * \note As explained in the description of MBEDTLS_ECP_PF_COMPRESSED (in ecp.h) + * the only unsupported curves are MBEDTLS_ECP_DP_SECP224R1 and + * MBEDTLS_ECP_DP_SECP224K1. + */ +#define MBEDTLS_PK_PARSE_EC_COMPRESSED + +/** + * \def MBEDTLS_ERROR_STRERROR_DUMMY + * + * Enable a dummy error function to make use of mbedtls_strerror() in + * third party libraries easier when MBEDTLS_ERROR_C is disabled + * (no effect when MBEDTLS_ERROR_C is enabled). + * + * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're + * not using mbedtls_strerror() or error_strerror() in your application. + * + * Disable if you run into name conflicts and want to really remove the + * mbedtls_strerror() + */ +#define MBEDTLS_ERROR_STRERROR_DUMMY + +/** + * \def MBEDTLS_GENPRIME + * + * Enable the prime-number generation code. + * + * Requires: MBEDTLS_BIGNUM_C + */ +#define MBEDTLS_GENPRIME + +/** + * \def MBEDTLS_FS_IO + * + * Enable functions that use the filesystem. + */ +#define MBEDTLS_FS_IO + +/** + * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + * + * Do not add default entropy sources in mbedtls_entropy_init(). + * + * This is useful to have more control over the added entropy sources in an + * application. + * + * Uncomment this macro to prevent loading of default entropy functions. + */ +//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + +/** + * \def MBEDTLS_NO_PLATFORM_ENTROPY + * + * Do not use built-in platform entropy functions. + * This is useful if your platform does not support + * standards like the /dev/urandom or Windows CryptoAPI. + * + * Uncomment this macro to disable the built-in platform entropy functions. + */ +//#define MBEDTLS_NO_PLATFORM_ENTROPY + +/** + * \def MBEDTLS_ENTROPY_FORCE_SHA256 + * + * Force the entropy accumulator to use a SHA-256 accumulator instead of the + * default SHA-512 based one (if both are available). + * + * Requires: MBEDTLS_SHA256_C + * + * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option + * if you have performance concerns. + * + * This option is only useful if both MBEDTLS_SHA256_C and + * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. + */ +//#define MBEDTLS_ENTROPY_FORCE_SHA256 + +/** + * \def MBEDTLS_ENTROPY_NV_SEED + * + * Enable the non-volatile (NV) seed file-based entropy source. + * (Also enables the NV seed read/write functions in the platform layer) + * + * This is crucial (if not required) on systems that do not have a + * cryptographic entropy source (in hardware or kernel) available. + * + * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C + * + * \note The read/write functions that are used by the entropy source are + * determined in the platform layer, and can be modified at runtime and/or + * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. + * + * \note If you use the default implementation functions that read a seedfile + * with regular fopen(), please make sure you make a seedfile with the + * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at + * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from + * and written to or you will get an entropy source error! The default + * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE + * bytes from the file. + * + * \note The entropy collector will write to the seed file before entropy is + * given to an external source, to update it. + */ +//#define MBEDTLS_ENTROPY_NV_SEED + +/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + * + * Enable key identifiers that encode a key owner identifier. + * + * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t + * which is currently hard-coded to be int32_t. + * + * Note that this option is meant for internal use only and may be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + +/** + * \def MBEDTLS_MEMORY_DEBUG + * + * Enable debugging of buffer allocator memory issues. Automatically prints + * (to stderr) all (fatal) messages on memory allocation issues. Enables + * function for 'debug output' of allocated memory. + * + * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C + * + * Uncomment this macro to let the buffer allocator print out error messages. + */ +//#define MBEDTLS_MEMORY_DEBUG + +/** + * \def MBEDTLS_MEMORY_BACKTRACE + * + * Include backtrace information with each allocated block. + * + * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C + * GLIBC-compatible backtrace() and backtrace_symbols() support + * + * Uncomment this macro to include backtrace information + */ +//#define MBEDTLS_MEMORY_BACKTRACE + +/** + * \def MBEDTLS_PK_RSA_ALT_SUPPORT + * + * Support external private RSA keys (eg from a HSM) in the PK layer. + * + * Comment this macro to disable support for external private RSA keys. + */ +#define MBEDTLS_PK_RSA_ALT_SUPPORT + +/** + * \def MBEDTLS_PKCS1_V15 + * + * Enable support for PKCS#1 v1.5 encoding. + * + * Requires: MBEDTLS_RSA_C + * + * This enables support for PKCS#1 v1.5 operations. + */ +#define MBEDTLS_PKCS1_V15 + +/** + * \def MBEDTLS_PKCS1_V21 + * + * Enable support for PKCS#1 v2.1 encoding. + * + * Requires: MBEDTLS_RSA_C + * + * \warning If using a hash that is only provided by PSA drivers, you must + * call psa_crypto_init() before doing any PKCS#1 v2.1 operation. + * + * This enables support for RSAES-OAEP and RSASSA-PSS operations. + */ +#define MBEDTLS_PKCS1_V21 + +/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + * + * Enable support for platform built-in keys. If you enable this feature, + * you must implement the function mbedtls_psa_platform_get_builtin_key(). + * See the documentation of that function for more information. + * + * Built-in keys are typically derived from a hardware unique key or + * stored in a secure element. + * + * Requires: MBEDTLS_PSA_CRYPTO_C. + * + * \warning This interface is experimental and may change or be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + +/** \def MBEDTLS_PSA_CRYPTO_CLIENT + * + * Enable support for PSA crypto client. + * + * \note This option allows to include the code necessary for a PSA + * crypto client when the PSA crypto implementation is not included in + * the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the + * code to set and get PSA key attributes. + * The development of PSA drivers partially relying on the library to + * fulfill the hardware gaps is another possible usage of this option. + * + * \warning This interface is experimental and may change or be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_CLIENT + +/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + * + * Make the PSA Crypto module use an external random generator provided + * by a driver, instead of Mbed TLS's entropy and DRBG modules. + * + * \note This random generator must deliver random numbers with cryptographic + * quality and high performance. It must supply unpredictable numbers + * with a uniform distribution. The implementation of this function + * is responsible for ensuring that the random generator is seeded + * with sufficient entropy. If you have a hardware TRNG which is slow + * or delivers non-uniform output, declare it as an entropy source + * with mbedtls_entropy_add_source() instead of enabling this option. + * + * If you enable this option, you must configure the type + * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h + * and define a function called mbedtls_psa_external_get_random() + * with the following prototype: + * ``` + * psa_status_t mbedtls_psa_external_get_random( + * mbedtls_psa_external_random_context_t *context, + * uint8_t *output, size_t output_size, size_t *output_length); + * ); + * ``` + * The \c context value is initialized to 0 before the first call. + * The function must fill the \c output buffer with \c output_size bytes + * of random data and set \c *output_length to \c output_size. + * + * Requires: MBEDTLS_PSA_CRYPTO_C + * + * \warning If you enable this option, code that uses the PSA cryptography + * interface will not use any of the entropy sources set up for + * the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED + * enables. + * + * \note This option is experimental and may be removed without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + +/** + * \def MBEDTLS_PSA_CRYPTO_SPM + * + * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure + * Partition Manager) integration which separates the code into two parts: a + * NSPE (Non-Secure Process Environment) and an SPE (Secure Process + * Environment). + * + * If you enable this option, your build environment must include a header + * file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS + * header files, or in another directory on the compiler's include search + * path). Alternatively, your platform may customize the header + * `psa/crypto_platform.h`, in which case it can skip or replace the + * inclusion of `"crypto_spe.h"`. + * + * Module: library/psa_crypto.c + * Requires: MBEDTLS_PSA_CRYPTO_C + * + */ +//#define MBEDTLS_PSA_CRYPTO_SPM + +/** + * Uncomment to enable p256-m. This is an alternative implementation of + * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. + * Compared to the default implementation: + * + * - p256-m has a much smaller code size and RAM footprint. + * - p256-m is only available via the PSA API. This includes the pk module + * when #MBEDTLS_USE_PSA_CRYPTO is enabled. + * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols + * over the core arithmetic, or deterministic derivation of keys. + * + * We recommend enabling this option if your application uses the PSA API + * and the only elliptic curve support it needs is ECDH and ECDSA over + * SECP256R1. + * + * If you enable this option, you do not need to enable any ECC-related + * MBEDTLS_xxx option. You do need to separately request support for the + * cryptographic mechanisms through the PSA API: + * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based + * configuration; + * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS; + * - #PSA_WANT_ECC_SECP_R1_256; + * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; + * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. + * + * \note To benefit from the smaller code size of p256-m, make sure that you + * do not enable any ECC-related option not supported by p256-m: this + * would cause the built-in ECC implementation to be built as well, in + * order to provide the required option. + * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than + * SECP256R1 are disabled as they are not supported by this driver. + * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or + * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of + * the built-in ECC implementation, see docs/driver-only-builds.md. + */ +//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED + +/** + * \def MBEDTLS_PSA_INJECT_ENTROPY + * + * Enable support for entropy injection at first boot. This feature is + * required on systems that do not have a built-in entropy source (TRNG). + * This feature is currently not supported on systems that have a built-in + * entropy source. + * + * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED + * + */ +//#define MBEDTLS_PSA_INJECT_ENTROPY + +/** + * \def MBEDTLS_RSA_NO_CRT + * + * Do not use the Chinese Remainder Theorem + * for the RSA private operation. + * + * Uncomment this macro to disable the use of CRT in RSA. + * + */ +//#define MBEDTLS_RSA_NO_CRT + +/** + * \def MBEDTLS_SELF_TEST + * + * Enable the checkup functions (*_self_test). + */ +#define MBEDTLS_SELF_TEST + +/** + * \def MBEDTLS_SHA256_SMALLER + * + * Enable an implementation of SHA-256 that has lower ROM footprint but also + * lower performance. + * + * The default implementation is meant to be a reasonable compromise between + * performance and size. This version optimizes more aggressively for size at + * the expense of performance. Eg on Cortex-M4 it reduces the size of + * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about + * 30%. + * + * Uncomment to enable the smaller implementation of SHA256. + */ +//#define MBEDTLS_SHA256_SMALLER + +/** + * \def MBEDTLS_SHA512_SMALLER + * + * Enable an implementation of SHA-512 that has lower ROM footprint but also + * lower performance. + * + * Uncomment to enable the smaller implementation of SHA512. + */ +//#define MBEDTLS_SHA512_SMALLER + +/** + * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES + * + * Enable sending of alert messages in case of encountered errors as per RFC. + * If you choose not to send the alert messages, Mbed TLS can still communicate + * with other servers, only debugging of failures is harder. + * + * The advantage of not sending alert messages, is that no information is given + * about reasons for failures thus preventing adversaries of gaining intel. + * + * Enable sending of all alert messages + */ +#define MBEDTLS_SSL_ALL_ALERT_MESSAGES + +/** + * \def MBEDTLS_SSL_DTLS_CONNECTION_ID + * + * Enable support for the DTLS Connection ID (CID) extension, + * which allows to identify DTLS connections across changes + * in the underlying transport. The CID functionality is described + * in RFC 9146. + * + * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`, + * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and + * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for + * more information. + * + * The maximum lengths of outgoing and incoming CIDs can be configured + * through the options + * - MBEDTLS_SSL_CID_OUT_LEN_MAX + * - MBEDTLS_SSL_CID_IN_LEN_MAX. + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + * + * Uncomment to enable the Connection ID extension. + */ +#define MBEDTLS_SSL_DTLS_CONNECTION_ID + + +/** + * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT + * + * Defines whether RFC 9146 (default) or the legacy version + * (version draft-ietf-tls-dtls-connection-id-05, + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) + * is used. + * + * Set the value to 0 for the standard version, and + * 1 for the legacy draft version. + * + * \deprecated Support for the legacy version of the DTLS + * Connection ID feature is deprecated. Please + * switch to the standardized version defined + * in RFC 9146 enabled by utilizing + * MBEDTLS_SSL_DTLS_CONNECTION_ID without use + * of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. + * + * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID + */ +#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 + +/** + * \def MBEDTLS_SSL_ASYNC_PRIVATE + * + * Enable asynchronous external private key operations in SSL. This allows + * you to configure an SSL connection to call an external cryptographic + * module to perform private key operations instead of performing the + * operation inside the library. + * + * Requires: MBEDTLS_X509_CRT_PARSE_C + */ +//#define MBEDTLS_SSL_ASYNC_PRIVATE + +/** + * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION + * + * Enable serialization of the TLS context structures, through use of the + * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load(). + * + * This pair of functions allows one side of a connection to serialize the + * context associated with the connection, then free or re-use that context + * while the serialized state is persisted elsewhere, and finally deserialize + * that state to a live context for resuming read/write operations on the + * connection. From a protocol perspective, the state of the connection is + * unaffected, in particular this is entirely transparent to the peer. + * + * Note: this is distinct from TLS session resumption, which is part of the + * protocol and fully visible by the peer. TLS session resumption enables + * establishing new connections associated to a saved session with shorter, + * lighter handshakes, while context serialization is a local optimization in + * handling a single, potentially long-lived connection. + * + * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are + * saved after the handshake to allow for more efficient serialization, so if + * you don't need this feature you'll save RAM by disabling it. + * + * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C + * + * Comment to disable the context serialization APIs. + */ +#define MBEDTLS_SSL_CONTEXT_SERIALIZATION + +/** + * \def MBEDTLS_SSL_DEBUG_ALL + * + * Enable the debug messages in SSL module for all issues. + * Debug messages have been disabled in some places to prevent timing + * attacks due to (unbalanced) debugging function calls. + * + * If you need all error reporting you should enable this during debugging, + * but remove this for production servers that should log as well. + * + * Uncomment this macro to report all debug messages on errors introducing + * a timing side-channel. + * + */ +//#define MBEDTLS_SSL_DEBUG_ALL + +/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC + * + * Enable support for Encrypt-then-MAC, RFC 7366. + * + * This allows peers that both support it to use a more robust protection for + * ciphersuites using CBC, providing deep resistance against timing attacks + * on the padding or underlying cipher. + * + * This only affects CBC ciphersuites, and is useless if none is defined. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * + * Comment this macro to disable support for Encrypt-then-MAC + */ +#define MBEDTLS_SSL_ENCRYPT_THEN_MAC + +/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET + * + * Enable support for RFC 7627: Session Hash and Extended Master Secret + * Extension. + * + * This was introduced as "the proper fix" to the Triple Handshake family of + * attacks, but it is recommended to always use it (even if you disable + * renegotiation), since it actually fixes a more fundamental issue in the + * original SSL/TLS design, and has implications beyond Triple Handshake. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * + * Comment this macro to disable support for Extended Master Secret. + */ +#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET + +/** + * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE + * + * This option controls the availability of the API mbedtls_ssl_get_peer_cert() + * giving access to the peer's certificate after completion of the handshake. + * + * Unless you need mbedtls_ssl_peer_cert() in your application, it is + * recommended to disable this option for reduced RAM usage. + * + * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still + * defined, but always returns \c NULL. + * + * \note This option has no influence on the protection against the + * triple handshake attack. Even if it is disabled, Mbed TLS will + * still ensure that certificates do not change during renegotiation, + * for example by keeping a hash of the peer's certificate. + * + * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set. + * + * Comment this macro to disable storing the peer's certificate + * after the handshake. + */ +#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE + +/** + * \def MBEDTLS_SSL_RENEGOTIATION + * + * Enable support for TLS renegotiation. + * + * The two main uses of renegotiation are (1) refresh keys on long-lived + * connections and (2) client authentication after the initial handshake. + * If you don't need renegotiation, it's probably better to disable it, since + * it has been associated with security issues in the past and is easy to + * misuse/misunderstand. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * + * Comment this to disable support for renegotiation. + * + * \note Even if this option is disabled, both client and server are aware + * of the Renegotiation Indication Extension (RFC 5746) used to + * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). + * (See \c mbedtls_ssl_conf_legacy_renegotiation for the + * configuration of this extension). + * + */ +#define MBEDTLS_SSL_RENEGOTIATION + +/** + * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + * + * Enable support for RFC 6066 max_fragment_length extension in SSL. + * + * Comment this macro to disable support for the max_fragment_length extension + */ +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + +/** + * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT + * + * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only). + * + * \warning This extension is currently in development and must NOT be used except + * for testing purposes. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_3 + * + * Uncomment this macro to enable support for the record_size_limit extension + */ +//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT + +/** + * \def MBEDTLS_SSL_PROTO_TLS1_2 + * + * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). + * + * Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and + * (MBEDTLS_SHA256_C or MBEDTLS_SHA384_C or + * SHA-256 or SHA-512 provided by a PSA driver) + * With MBEDTLS_USE_PSA_CRYPTO: + * PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384 + * + * \warning If building with MBEDTLS_USE_PSA_CRYPTO, or if the hash(es) used + * are only provided by PSA drivers, you must call psa_crypto_init() before + * doing any TLS operations. + * + * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 + */ +#define MBEDTLS_SSL_PROTO_TLS1_2 + +/** + * \def MBEDTLS_SSL_PROTO_TLS1_3 + * + * Enable support for TLS 1.3. + * + * \note See docs/architecture/tls13-support.md for a description of the TLS + * 1.3 support that this option enables. + * + * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE + * Requires: MBEDTLS_PSA_CRYPTO_C + * + * \note TLS 1.3 uses PSA crypto for cryptographic operations that are + * directly performed by TLS 1.3 code. As a consequence, you must + * call psa_crypto_init() before the first TLS 1.3 handshake. + * + * \note Cryptographic operations performed indirectly via another module + * (X.509, PK) or by code shared with TLS 1.2 (record protection, + * running handshake hash) only use PSA crypto if + * #MBEDTLS_USE_PSA_CRYPTO is enabled. + * + * Uncomment this macro to enable the support for TLS 1.3. + */ +//#define MBEDTLS_SSL_PROTO_TLS1_3 + +/** + * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + * + * Enable TLS 1.3 middlebox compatibility mode. + * + * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility + * mode to make a TLS 1.3 connection more likely to pass through middle boxes + * expecting TLS 1.2 traffic. + * + * Turning on the compatibility mode comes at the cost of a few added bytes + * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations + * that don't use it. Therefore, unless transmission bandwidth is critical and + * you know that middlebox compatibility issues won't occur, it is therefore + * recommended to set this option. + * + * Comment to disable compatibility mode for TLS 1.3. If + * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any + * effect on the build. + * + */ +//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + +/** + * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED + * + * Enable TLS 1.3 PSK key exchange mode. + * + * Comment to disable support for the PSK key exchange mode in TLS 1.3. If + * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any + * effect on the build. + * + */ +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED + +/** + * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + * + * Enable TLS 1.3 ephemeral key exchange mode. + * + * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH + * MBEDTLS_X509_CRT_PARSE_C + * and at least one of: + * MBEDTLS_ECDSA_C or (MBEDTLS_USE_PSA_CRYPTO and PSA_WANT_ALG_ECDSA) + * MBEDTLS_PKCS1_V21 + * + * Comment to disable support for the ephemeral key exchange mode in TLS 1.3. + * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any + * effect on the build. + * + */ +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + +/** + * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + * + * Enable TLS 1.3 PSK ephemeral key exchange mode. + * + * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH + * + * Comment to disable support for the PSK ephemeral key exchange mode in + * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not + * have any effect on the build. + * + */ +#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + +/** + * \def MBEDTLS_SSL_EARLY_DATA + * + * Enable support for RFC 8446 TLS 1.3 early data. + * + * Requires: MBEDTLS_SSL_SESSION_TICKETS and either + * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or + * MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + * + * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3 + * is not enabled, this option does not have any effect on the build. + * + * This feature is experimental, not completed and thus not ready for + * production. + * + * \note The maximum amount of early data can be set with + * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. + * + */ +//#define MBEDTLS_SSL_EARLY_DATA + +/** + * \def MBEDTLS_SSL_PROTO_DTLS + * + * Enable support for DTLS (all available versions). + * + * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. + * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * + * Comment this macro to disable support for DTLS + */ +#define MBEDTLS_SSL_PROTO_DTLS + +/** + * \def MBEDTLS_SSL_ALPN + * + * Enable support for RFC 7301 Application Layer Protocol Negotiation. + * + * Comment this macro to disable support for ALPN. + */ +#define MBEDTLS_SSL_ALPN + +/** + * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY + * + * Enable support for the anti-replay mechanism in DTLS. + * + * Requires: MBEDTLS_SSL_TLS_C + * MBEDTLS_SSL_PROTO_DTLS + * + * \warning Disabling this is often a security risk! + * See mbedtls_ssl_conf_dtls_anti_replay() for details. + * + * Comment this to disable anti-replay in DTLS. + */ +#define MBEDTLS_SSL_DTLS_ANTI_REPLAY + +/** + * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY + * + * Enable support for HelloVerifyRequest on DTLS servers. + * + * This feature is highly recommended to prevent DTLS servers being used as + * amplifiers in DoS attacks against other hosts. It should always be enabled + * unless you know for sure amplification cannot be a problem in the + * environment in which your server operates. + * + * \warning Disabling this can be a security risk! (see above) + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + * + * Comment this to disable support for HelloVerifyRequest. + */ +#define MBEDTLS_SSL_DTLS_HELLO_VERIFY + +/** + * \def MBEDTLS_SSL_DTLS_SRTP + * + * Enable support for negotiation of DTLS-SRTP (RFC 5764) + * through the use_srtp extension. + * + * \note This feature provides the minimum functionality required + * to negotiate the use of DTLS-SRTP and to allow the derivation of + * the associated SRTP packet protection key material. + * In particular, the SRTP packet protection itself, as well as the + * demultiplexing of RTP and DTLS packets at the datagram layer + * (see Section 5 of RFC 5764), are not handled by this feature. + * Instead, after successful completion of a handshake negotiating + * the use of DTLS-SRTP, the extended key exporter API + * mbedtls_ssl_conf_export_keys_cb() should be used to implement + * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705 + * (this is implemented in the SSL example programs). + * The resulting key should then be passed to an SRTP stack. + * + * Setting this option enables the runtime API + * mbedtls_ssl_conf_dtls_srtp_protection_profiles() + * through which the supported DTLS-SRTP protection + * profiles can be configured. You must call this API at + * runtime if you wish to negotiate the use of DTLS-SRTP. + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + * + * Uncomment this to enable support for use_srtp extension. + */ +//#define MBEDTLS_SSL_DTLS_SRTP + +/** + * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE + * + * Enable server-side support for clients that reconnect from the same port. + * + * Some clients unexpectedly close the connection and try to reconnect using the + * same source port. This needs special support from the server to handle the + * new connection securely, as described in section 4.2.8 of RFC 6347. This + * flag enables that support. + * + * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY + * + * Comment this to disable support for clients reusing the source port. + */ +#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE + +/** + * \def MBEDTLS_SSL_SESSION_TICKETS + * + * Enable support for RFC 5077 session tickets in SSL. + * Client-side, provides full support for session tickets (maintenance of a + * session store remains the responsibility of the application, though). + * Server-side, you also need to provide callbacks for writing and parsing + * tickets, including authenticated encryption and key management. Example + * callbacks are provided by MBEDTLS_SSL_TICKET_C. + * + * Comment this macro to disable support for SSL session tickets + */ +#define MBEDTLS_SSL_SESSION_TICKETS + +/** + * \def MBEDTLS_SSL_SERVER_NAME_INDICATION + * + * Enable support for RFC 6066 server name indication (SNI) in SSL. + * + * Requires: MBEDTLS_X509_CRT_PARSE_C + * + * Comment this macro to disable support for server name indication in SSL + */ +#define MBEDTLS_SSL_SERVER_NAME_INDICATION + +/** + * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH + * + * When this option is enabled, the SSL buffer will be resized automatically + * based on the negotiated maximum fragment length in each direction. + * + * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + */ +//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH + +/** + * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN + * + * Enable testing of the constant-flow nature of some sensitive functions with + * clang's MemorySanitizer. This causes some existing tests to also test + * this non-functional property of the code under test. + * + * This setting requires compiling with clang -fsanitize=memory. The test + * suites can then be run normally. + * + * \warning This macro is only used for extended testing; it is not considered + * part of the library's API, so it may change or disappear at any time. + * + * Uncomment to enable testing of the constant-flow nature of selected code. + */ +//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN + +/** + * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + * + * Enable testing of the constant-flow nature of some sensitive functions with + * valgrind's memcheck tool. This causes some existing tests to also test + * this non-functional property of the code under test. + * + * This setting requires valgrind headers for building, and is only useful for + * testing if the tests suites are run with valgrind's memcheck. This can be + * done for an individual test suite with 'valgrind ./test_suite_xxx', or when + * using CMake, this can be done for all test suites with 'make memcheck'. + * + * \warning This macro is only used for extended testing; it is not considered + * part of the library's API, so it may change or disappear at any time. + * + * Uncomment to enable testing of the constant-flow nature of selected code. + */ +//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND + +/** + * \def MBEDTLS_TEST_HOOKS + * + * Enable features for invasive testing such as introspection functions and + * hooks for fault injection. This enables additional unit tests. + * + * Merely enabling this feature should not change the behavior of the product. + * It only adds new code, and new branching points where the default behavior + * is the same as when this feature is disabled. + * However, this feature increases the attack surface: there is an added + * risk of vulnerabilities, and more gadgets that can make exploits easier. + * Therefore this feature must never be enabled in production. + * + * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more + * information. + * + * Uncomment to enable invasive tests. + */ +//#define MBEDTLS_TEST_HOOKS + +/** + * \def MBEDTLS_THREADING_ALT + * + * Provide your own alternate threading implementation. + * + * Requires: MBEDTLS_THREADING_C + * + * Uncomment this to allow your own alternate threading implementation. + */ +//#define MBEDTLS_THREADING_ALT + +/** + * \def MBEDTLS_THREADING_PTHREAD + * + * Enable the pthread wrapper layer for the threading layer. + * + * Requires: MBEDTLS_THREADING_C + * + * Uncomment this to enable pthread mutexes. + */ +//#define MBEDTLS_THREADING_PTHREAD + +/** + * \def MBEDTLS_USE_PSA_CRYPTO + * + * Make the X.509 and TLS libraries use PSA for cryptographic operations as + * much as possible, and enable new APIs for using keys handled by PSA Crypto. + * + * \note Development of this option is currently in progress, and parts of Mbed + * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts + * will still continue to work as usual, so enabling this option should not + * break backwards compatibility. + * + * \warning If you enable this option, you need to call `psa_crypto_init()` + * before calling any function from the SSL/TLS, X.509 or PK modules, except + * for the various mbedtls_xxx_init() functions which can be called at any time. + * + * \note An important and desirable effect of this option is that it allows + * PK, X.509 and TLS to take advantage of PSA drivers. For example, enabling + * this option is what allows use of drivers for ECDSA, ECDH and EC J-PAKE in + * those modules. However, note that even with this option disabled, some code + * in PK, X.509, TLS or the crypto library might still use PSA drivers, if it + * can determine it's safe to do so; currently that's the case for hashes. + * + * \note See docs/use-psa-crypto.md for a complete description this option. + * + * Requires: MBEDTLS_PSA_CRYPTO_C. + * + * Uncomment this to enable internal use of PSA Crypto and new associated APIs. + */ +//#define MBEDTLS_USE_PSA_CRYPTO + +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG + * + * This setting allows support for cryptographic mechanisms through the PSA + * API to be configured separately from support through the mbedtls API. + * + * When this option is disabled, the PSA API exposes the cryptographic + * mechanisms that can be implemented on top of the `mbedtls_xxx` API + * configured with `MBEDTLS_XXX` symbols. + * + * When this option is enabled, the PSA API exposes the cryptographic + * mechanisms requested by the `PSA_WANT_XXX` symbols defined in + * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are + * automatically enabled if required (i.e. if no PSA driver provides the + * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols + * in mbedtls_config.h. + * + * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies + * an alternative header to include instead of include/psa/crypto_config.h. + * + * \warning This option is experimental, in that the set of `PSA_WANT_XXX` + * symbols is not completely finalized yet, and the configuration + * tooling is not ideally adapted to having two separate configuration + * files. + * Future minor releases of Mbed TLS may make minor changes to those + * symbols, but we will endeavor to provide a transition path. + * Nonetheless, this option is considered mature enough to use in + * production, as long as you accept that you may need to make + * minor changes to psa/crypto_config.h when upgrading Mbed TLS. + */ +//#define MBEDTLS_PSA_CRYPTO_CONFIG + +/** + * \def MBEDTLS_VERSION_FEATURES + * + * Allow run-time checking of compile-time enabled features. Thus allowing users + * to check at run-time if the library is for instance compiled with threading + * support via mbedtls_version_check_feature(). + * + * Requires: MBEDTLS_VERSION_C + * + * Comment this to disable run-time checking and save ROM space + */ +#define MBEDTLS_VERSION_FEATURES + +/** + * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK + * + * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()` + * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure + * the set of trusted certificates through a callback instead of a linked + * list. + * + * This is useful for example in environments where a large number of trusted + * certificates is present and storing them in a linked list isn't efficient + * enough, or when the set of trusted certificates changes frequently. + * + * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and + * `mbedtls_ssl_conf_ca_cb()` for more information. + * + * Requires: MBEDTLS_X509_CRT_PARSE_C + * + * Uncomment to enable trusted certificate callbacks. + */ +//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK + +/** + * \def MBEDTLS_X509_REMOVE_INFO + * + * Disable mbedtls_x509_*_info() and related APIs. + * + * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt() + * and other functions/constants only used by these functions, thus reducing + * the code footprint by several KB. + */ +//#define MBEDTLS_X509_REMOVE_INFO + +/** + * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT + * + * Enable parsing and verification of X.509 certificates, CRLs and CSRS + * signed with RSASSA-PSS (aka PKCS#1 v2.1). + * + * Comment this macro to disallow using RSASSA-PSS in certificates. + */ +#define MBEDTLS_X509_RSASSA_PSS_SUPPORT +/** \} name SECTION: Mbed TLS feature support */ + +/** + * \name SECTION: Mbed TLS modules + * + * This section enables or disables entire modules in Mbed TLS + * \{ + */ + +/** + * \def MBEDTLS_AESNI_C + * + * Enable AES-NI support on x86-64 or x86-32. + * + * \note AESNI is only supported with certain compilers and target options: + * - Visual Studio 2013: supported. + * - GCC, x86-64, target not explicitly supporting AESNI: + * requires MBEDTLS_HAVE_ASM. + * - GCC, x86-32, target not explicitly supporting AESNI: + * not supported. + * - GCC, x86-64 or x86-32, target supporting AESNI: supported. + * For this assembly-less implementation, you must currently compile + * `library/aesni.c` and `library/aes.c` with machine options to enable + * SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or + * `clang -maes -mpclmul`. + * - Non-x86 targets: this option is silently ignored. + * - Other compilers: this option is silently ignored. + * + * \note + * Above, "GCC" includes compatible compilers such as Clang. + * The limitations on target support are likely to be relaxed in the future. + * + * Module: library/aesni.c + * Caller: library/aes.c + * + * Requires: MBEDTLS_HAVE_ASM (on some platforms, see note) + * + * This modules adds support for the AES-NI instructions on x86. + */ +#define MBEDTLS_AESNI_C + +/** + * \def MBEDTLS_AESCE_C + * + * Enable AES cryptographic extension support on 64-bit Arm. + * + * Module: library/aesce.c + * Caller: library/aes.c + * + * Requires: MBEDTLS_AES_C + * + * \warning Runtime detection only works on Linux. For non-Linux operating + * system, Armv8-A Cryptographic Extensions must be supported by + * the CPU when this option is enabled. + * + * \note Minimum compiler versions for this feature are Clang 4.0, + * armclang 6.6, GCC 6.0 or MSVC 2019 version 16.11.2. + * + * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for + * armclang <= 6.9 + * + * This module adds support for the AES Armv8-A Cryptographic Extensions on Aarch64 systems. + */ +#define MBEDTLS_AESCE_C + +/** + * \def MBEDTLS_AES_C + * + * Enable the AES block cipher. + * + * Module: library/aes.c + * Caller: library/cipher.c + * library/pem.c + * library/ctr_drbg.c + * + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA + * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA + * + * PEM_PARSE uses AES for decrypting encrypted keys. + */ +#define MBEDTLS_AES_C + +/** + * \def MBEDTLS_ASN1_PARSE_C + * + * Enable the generic ASN1 parser. + * + * Module: library/asn1.c + * Caller: library/x509.c + * library/dhm.c + * library/pkcs12.c + * library/pkcs5.c + * library/pkparse.c + */ +#define MBEDTLS_ASN1_PARSE_C + +/** + * \def MBEDTLS_ASN1_WRITE_C + * + * Enable the generic ASN1 writer. + * + * Module: library/asn1write.c + * Caller: library/ecdsa.c + * library/pkwrite.c + * library/x509_create.c + * library/x509write_crt.c + * library/x509write_csr.c + */ +#define MBEDTLS_ASN1_WRITE_C + +/** + * \def MBEDTLS_BASE64_C + * + * Enable the Base64 module. + * + * Module: library/base64.c + * Caller: library/pem.c + * + * This module is required for PEM support (required by X.509). + */ +#define MBEDTLS_BASE64_C + +/** + * \def MBEDTLS_BIGNUM_C + * + * Enable the multi-precision integer library. + * + * Module: library/bignum.c + * library/bignum_core.c + * library/bignum_mod.c + * library/bignum_mod_raw.c + * Caller: library/dhm.c + * library/ecp.c + * library/ecdsa.c + * library/rsa.c + * library/rsa_alt_helpers.c + * library/ssl_tls.c + * + * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. + */ +#define MBEDTLS_BIGNUM_C + +/** + * \def MBEDTLS_CAMELLIA_C + * + * Enable the Camellia block cipher. + * + * Module: library/camellia.c + * Caller: library/cipher.c + * + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 + */ +#define MBEDTLS_CAMELLIA_C + +/** + * \def MBEDTLS_ARIA_C + * + * Enable the ARIA block cipher. + * + * Module: library/aria.c + * Caller: library/cipher.c + * + * This module enables the following ciphersuites (if other requisites are + * enabled as well): + * + * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 + * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 + * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 + * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 + * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 + */ +#define MBEDTLS_ARIA_C + +/** + * \def MBEDTLS_CCM_C + * + * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. + * + * Module: library/ccm.c + * + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or + * MBEDTLS_ARIA_C + * + * This module enables the AES-CCM ciphersuites, if other requisites are + * enabled as well. + */ +#define MBEDTLS_CCM_C + +/** + * \def MBEDTLS_CHACHA20_C + * + * Enable the ChaCha20 stream cipher. + * + * Module: library/chacha20.c + */ +#define MBEDTLS_CHACHA20_C + +/** + * \def MBEDTLS_CHACHAPOLY_C + * + * Enable the ChaCha20-Poly1305 AEAD algorithm. + * + * Module: library/chachapoly.c + * + * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C + */ +#define MBEDTLS_CHACHAPOLY_C + +/** + * \def MBEDTLS_CIPHER_C + * + * Enable the generic cipher layer. + * + * Module: library/cipher.c + * Caller: library/ccm.c + * library/cmac.c + * library/gcm.c + * library/nist_kw.c + * library/pkcs12.c + * library/pkcs5.c + * library/psa_crypto_aead.c + * library/psa_crypto_mac.c + * library/ssl_ciphersuites.c + * library/ssl_msg.c + * library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled) + * + * Uncomment to enable generic cipher wrappers. + */ +#define MBEDTLS_CIPHER_C + +/** + * \def MBEDTLS_CMAC_C + * + * Enable the CMAC (Cipher-based Message Authentication Code) mode for block + * ciphers. + * + * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying + * implementation of the CMAC algorithm is provided by an alternate + * implementation, that alternate implementation may opt to not support + * AES-192 or 3DES as underlying block ciphers for the CMAC operation. + * + * Module: library/cmac.c + * + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C + * + */ +#define MBEDTLS_CMAC_C + +/** + * \def MBEDTLS_CTR_DRBG_C + * + * Enable the CTR_DRBG AES-based random generator. + * The CTR_DRBG generator uses AES-256 by default. + * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above. + * + * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set. + * + * \note To achieve a 256-bit security strength with CTR_DRBG, + * you must use AES-256 *and* use sufficient entropy. + * See ctr_drbg.h for more details. + * + * Module: library/ctr_drbg.c + * Caller: + * + * Requires: MBEDTLS_AES_C + * + * This module provides the CTR_DRBG AES random number generator. + */ +#define MBEDTLS_CTR_DRBG_C + +/** + * \def MBEDTLS_DEBUG_C + * + * Enable the debug functions. + * + * Module: library/debug.c + * Caller: library/ssl_msg.c + * library/ssl_tls.c + * library/ssl_tls12_*.c + * library/ssl_tls13_*.c + * + * This module provides debugging functions. + */ +#define MBEDTLS_DEBUG_C + +/** + * \def MBEDTLS_DES_C + * + * Enable the DES block cipher. + * + * Module: library/des.c + * Caller: library/pem.c + * library/cipher.c + * + * PEM_PARSE uses DES/3DES for decrypting encrypted keys. + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers instead. + */ +#define MBEDTLS_DES_C + +/** + * \def MBEDTLS_DHM_C + * + * Enable the Diffie-Hellman-Merkle module. + * + * Module: library/dhm.c + * Caller: library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c + * + * This module is used by the following key exchanges: + * DHE-RSA, DHE-PSK + * + * \warning Using DHE constitutes a security risk as it + * is not possible to validate custom DH parameters. + * If possible, it is recommended users should consider + * preferring other methods of key exchange. + * See dhm.h for more details. + * + */ +#define MBEDTLS_DHM_C + +/** + * \def MBEDTLS_ECDH_C + * + * Enable the elliptic curve Diffie-Hellman library. + * + * Module: library/ecdh.c + * Caller: library/psa_crypto.c + * library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c + * + * This module is used by the following key exchanges: + * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK + * + * Requires: MBEDTLS_ECP_C + */ +#define MBEDTLS_ECDH_C + +/** + * \def MBEDTLS_ECDSA_C + * + * Enable the elliptic curve DSA library. + * + * Module: library/ecdsa.c + * Caller: + * + * This module is used by the following key exchanges: + * ECDHE-ECDSA + * + * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C, + * and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a + * short Weierstrass curve. + */ +#define MBEDTLS_ECDSA_C + +/** + * \def MBEDTLS_ECJPAKE_C + * + * Enable the elliptic curve J-PAKE library. + * + * \note EC J-PAKE support is based on the Thread v1.0.0 specification. + * It has not been reviewed for compliance with newer standards such as + * Thread v1.1 or RFC 8236. + * + * Module: library/ecjpake.c + * Caller: + * + * This module is used by the following key exchanges: + * ECJPAKE + * + * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C + * + * \warning If using a hash that is only provided by PSA drivers, you must + * call psa_crypto_init() before doing any EC J-PAKE operations. + */ +#define MBEDTLS_ECJPAKE_C + +/** + * \def MBEDTLS_ECP_C + * + * Enable the elliptic curve over GF(p) library. + * + * Module: library/ecp.c + * Caller: library/ecdh.c + * library/ecdsa.c + * library/ecjpake.c + * + * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED + */ +#define MBEDTLS_ECP_C + +/** + * \def MBEDTLS_ENTROPY_C + * + * Enable the platform-specific entropy code. + * + * Module: library/entropy.c + * Caller: + * + * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C + * + * This module provides a generic entropy pool + */ +#define MBEDTLS_ENTROPY_C + +/** + * \def MBEDTLS_ERROR_C + * + * Enable error code to error string conversion. + * + * Module: library/error.c + * Caller: + * + * This module enables mbedtls_strerror(). + */ +#define MBEDTLS_ERROR_C + +/** + * \def MBEDTLS_GCM_C + * + * Enable the Galois/Counter Mode (GCM). + * + * Module: library/gcm.c + * + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or + * MBEDTLS_ARIA_C + * + * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other + * requisites are enabled as well. + */ +#define MBEDTLS_GCM_C + +/** + * \def MBEDTLS_HKDF_C + * + * Enable the HKDF algorithm (RFC 5869). + * + * Module: library/hkdf.c + * Caller: + * + * Requires: MBEDTLS_MD_C + * + * This module adds support for the Hashed Message Authentication Code + * (HMAC)-based key derivation function (HKDF). + */ +#define MBEDTLS_HKDF_C + +/** + * \def MBEDTLS_HMAC_DRBG_C + * + * Enable the HMAC_DRBG random generator. + * + * Module: library/hmac_drbg.c + * Caller: + * + * Requires: MBEDTLS_MD_C + * + * Uncomment to enable the HMAC_DRBG random number generator. + */ +#define MBEDTLS_HMAC_DRBG_C + +/** + * \def MBEDTLS_LMS_C + * + * Enable the LMS stateful-hash asymmetric signature algorithm. + * + * Module: library/lms.c + * Caller: + * + * Requires: MBEDTLS_PSA_CRYPTO_C + * + * Uncomment to enable the LMS verification algorithm and public key operations. + */ +#define MBEDTLS_LMS_C + +/** + * \def MBEDTLS_LMS_PRIVATE + * + * Enable LMS private-key operations and signing code. Functions enabled by this + * option are experimental, and should not be used in production. + * + * Requires: MBEDTLS_LMS_C + * + * Uncomment to enable the LMS signature algorithm and private key operations. + */ +//#define MBEDTLS_LMS_PRIVATE + +/** + * \def MBEDTLS_NIST_KW_C + * + * Enable the Key Wrapping mode for 128-bit block ciphers, + * as defined in NIST SP 800-38F. Only KW and KWP modes + * are supported. At the moment, only AES is approved by NIST. + * + * Module: library/nist_kw.c + * + * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C + */ +#define MBEDTLS_NIST_KW_C + +/** + * \def MBEDTLS_MD_C + * + * Enable the generic layer for message digest (hashing) and HMAC. + * + * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, + * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, + * MBEDTLS_SHA512_C, or MBEDTLS_PSA_CRYPTO_C with at least + * one hash. + * Module: library/md.c + * Caller: library/constant_time.c + * library/ecdsa.c + * library/ecjpake.c + * library/hkdf.c + * library/hmac_drbg.c + * library/pk.c + * library/pkcs5.c + * library/pkcs12.c + * library/psa_crypto_ecp.c + * library/psa_crypto_rsa.c + * library/rsa.c + * library/ssl_cookie.c + * library/ssl_msg.c + * library/ssl_tls.c + * library/x509.c + * library/x509_crt.c + * library/x509write_crt.c + * library/x509write_csr.c + * + * Uncomment to enable generic message digest wrappers. + */ +#define MBEDTLS_MD_C + +/** + * \def MBEDTLS_MD5_C + * + * Enable the MD5 hash algorithm. + * + * Module: library/md5.c + * Caller: library/md.c + * library/pem.c + * library/ssl_tls.c + * + * This module is required for TLS 1.2 depending on the handshake parameters. + * Further, it is used for checking MD5-signed certificates, and for PBKDF1 + * when decrypting PEM-encoded encrypted keys. + * + * \warning MD5 is considered a weak message digest and its use constitutes a + * security risk. If possible, we recommend avoiding dependencies on + * it, and considering stronger message digests instead. + * + */ +#define MBEDTLS_MD5_C + +/** + * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C + * + * Enable the buffer allocator implementation that makes use of a (stack) + * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() + * calls) + * + * Module: library/memory_buffer_alloc.c + * + * Requires: MBEDTLS_PLATFORM_C + * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS) + * + * Enable this module to enable the buffer memory allocator. + */ +//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C + +/** + * \def MBEDTLS_NET_C + * + * Enable the TCP and UDP over IPv6/IPv4 networking routines. + * + * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) + * and Windows. For other platforms, you'll want to disable it, and write your + * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). + * + * \note See also our Knowledge Base article about porting to a new + * environment: + * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * + * Module: library/net_sockets.c + * + * This module provides networking routines. + */ +#define MBEDTLS_NET_C + +/** + * \def MBEDTLS_OID_C + * + * Enable the OID database. + * + * Module: library/oid.c + * Caller: library/asn1write.c + * library/pkcs5.c + * library/pkparse.c + * library/pkwrite.c + * library/rsa.c + * library/x509.c + * library/x509_create.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c + * library/x509write_crt.c + * library/x509write_csr.c + * + * This modules translates between OIDs and internal values. + */ +#define MBEDTLS_OID_C + +/** + * \def MBEDTLS_PADLOCK_C + * + * Enable VIA Padlock support on x86. + * + * Module: library/padlock.c + * Caller: library/aes.c + * + * Requires: MBEDTLS_HAVE_ASM + * + * This modules adds support for the VIA PadLock on x86. + */ +#define MBEDTLS_PADLOCK_C + +/** + * \def MBEDTLS_PEM_PARSE_C + * + * Enable PEM decoding / parsing. + * + * Module: library/pem.c + * Caller: library/dhm.c + * library/pkparse.c + * library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c + * + * Requires: MBEDTLS_BASE64_C + * optionally MBEDTLS_MD5_C, or PSA Crypto with MD5 (see below) + * + * \warning When parsing password-protected files, if MD5 is provided only by + * a PSA driver, you must call psa_crypto_init() before the first file. + * + * This modules adds support for decoding / parsing PEM files. + */ +#define MBEDTLS_PEM_PARSE_C + +/** + * \def MBEDTLS_PEM_WRITE_C + * + * Enable PEM encoding / writing. + * + * Module: library/pem.c + * Caller: library/pkwrite.c + * library/x509write_crt.c + * library/x509write_csr.c + * + * Requires: MBEDTLS_BASE64_C + * + * This modules adds support for encoding / writing PEM files. + */ +#define MBEDTLS_PEM_WRITE_C + +/** + * \def MBEDTLS_PK_C + * + * Enable the generic public (asymmetric) key layer. + * + * Module: library/pk.c + * Caller: library/psa_crypto_rsa.c + * library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c + * library/x509.c + * + * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C + * + * Uncomment to enable generic public key wrappers. + */ +#define MBEDTLS_PK_C + +/** + * \def MBEDTLS_PK_PARSE_C + * + * Enable the generic public (asymmetric) key parser. + * + * Module: library/pkparse.c + * Caller: library/x509_crt.c + * library/x509_csr.c + * + * Requires: MBEDTLS_PK_C + * + * Uncomment to enable generic public key parse functions. + */ +#define MBEDTLS_PK_PARSE_C + +/** + * \def MBEDTLS_PK_WRITE_C + * + * Enable the generic public (asymmetric) key writer. + * + * Module: library/pkwrite.c + * Caller: library/x509write.c + * + * Requires: MBEDTLS_PK_C + * + * Uncomment to enable generic public key write functions. + */ +#define MBEDTLS_PK_WRITE_C + +/** + * \def MBEDTLS_PKCS5_C + * + * Enable PKCS#5 functions. + * + * Module: library/pkcs5.c + * + * Requires: MBEDTLS_CIPHER_C + * Auto-enables: MBEDTLS_MD_C + * + * \warning If using a hash that is only provided by PSA drivers, you must + * call psa_crypto_init() before doing any PKCS5 operations. + * + * This module adds support for the PKCS#5 functions. + */ +#define MBEDTLS_PKCS5_C + +/** + * \def MBEDTLS_PKCS7_C + * + * Enable PKCS #7 core for using PKCS #7-formatted signatures. + * RFC Link - https://tools.ietf.org/html/rfc2315 + * + * Module: library/pkcs7.c + * + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, + * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C + * + * This module is required for the PKCS #7 parsing modules. + */ +#define MBEDTLS_PKCS7_C + +/** + * \def MBEDTLS_PKCS12_C + * + * Enable PKCS#12 PBE functions. + * Adds algorithms for parsing PKCS#8 encrypted private keys + * + * Module: library/pkcs12.c + * Caller: library/pkparse.c + * + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C and either + * MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C. + * + * \warning If using a hash that is only provided by PSA drivers, you must + * call psa_crypto_init() before doing any PKCS12 operations. + * + * This module enables PKCS#12 functions. + */ +#define MBEDTLS_PKCS12_C + +/** + * \def MBEDTLS_PLATFORM_C + * + * Enable the platform abstraction layer that allows you to re-assign + * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). + * + * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT + * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned + * above to be specified at runtime or compile time respectively. + * + * \note This abstraction layer must be enabled on Windows (including MSYS2) + * as other modules rely on it for a fixed snprintf implementation. + * + * Module: library/platform.c + * Caller: Most other .c files + * + * This module enables abstraction of common (libc) functions. + */ +#define MBEDTLS_PLATFORM_C + +/** + * \def MBEDTLS_POLY1305_C + * + * Enable the Poly1305 MAC algorithm. + * + * Module: library/poly1305.c + * Caller: library/chachapoly.c + */ +#define MBEDTLS_POLY1305_C + +/** + * \def MBEDTLS_PSA_CRYPTO_C + * + * Enable the Platform Security Architecture cryptography API. + * + * Module: library/psa_crypto.c + * + * Requires: MBEDTLS_CIPHER_C, + * either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, + * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, + * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. + * + */ +#define MBEDTLS_PSA_CRYPTO_C + +/** + * \def MBEDTLS_PSA_CRYPTO_SE_C + * + * Enable dynamic secure element support in the Platform Security Architecture + * cryptography API. + * + * \deprecated This feature is deprecated. Please switch to the PSA driver + * interface. + * + * Module: library/psa_crypto_se.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C + * + */ +//#define MBEDTLS_PSA_CRYPTO_SE_C + +/** + * \def MBEDTLS_PSA_CRYPTO_STORAGE_C + * + * Enable the Platform Security Architecture persistent key storage. + * + * Module: library/psa_crypto_storage.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, + * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of + * the PSA ITS interface + */ +#define MBEDTLS_PSA_CRYPTO_STORAGE_C + +/** + * \def MBEDTLS_PSA_ITS_FILE_C + * + * Enable the emulation of the Platform Security Architecture + * Internal Trusted Storage (PSA ITS) over files. + * + * Module: library/psa_its_file.c + * + * Requires: MBEDTLS_FS_IO + */ +#define MBEDTLS_PSA_ITS_FILE_C + +/** + * \def MBEDTLS_RIPEMD160_C + * + * Enable the RIPEMD-160 hash algorithm. + * + * Module: library/ripemd160.c + * Caller: library/md.c + * + */ +#define MBEDTLS_RIPEMD160_C + +/** + * \def MBEDTLS_RSA_C + * + * Enable the RSA public-key cryptosystem. + * + * Module: library/rsa.c + * library/rsa_alt_helpers.c + * Caller: library/pk.c + * library/psa_crypto.c + * library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c + * + * This module is used by the following key exchanges: + * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK + * + * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C + */ +#define MBEDTLS_RSA_C + +/** + * \def MBEDTLS_SHA1_C + * + * Enable the SHA1 cryptographic hash algorithm. + * + * Module: library/sha1.c + * Caller: library/md.c + * library/psa_crypto_hash.c + * + * This module is required for TLS 1.2 depending on the handshake parameters, + * and for SHA1-signed certificates. + * + * \warning SHA-1 is considered a weak message digest and its use constitutes + * a security risk. If possible, we recommend avoiding dependencies + * on it, and considering stronger message digests instead. + * + */ +#define MBEDTLS_SHA1_C + +/** + * \def MBEDTLS_SHA224_C + * + * Enable the SHA-224 cryptographic hash algorithm. + * + * Module: library/sha256.c + * Caller: library/md.c + * library/ssl_cookie.c + * + * This module adds support for SHA-224. + */ +#define MBEDTLS_SHA224_C + +/** + * \def MBEDTLS_SHA256_C + * + * Enable the SHA-256 cryptographic hash algorithm. + * + * Module: library/sha256.c + * Caller: library/entropy.c + * library/md.c + * library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c + * + * This module adds support for SHA-256. + * This module is required for the SSL/TLS 1.2 PRF function. + */ +#define MBEDTLS_SHA256_C + +/** + * \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT + * + * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms + * with the ARMv8 cryptographic extensions if they are available at runtime. + * If not, the library will fall back to the C implementation. + * + * \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building + * for a non-Aarch64 build it will be silently ignored. + * + * \note Minimum compiler versions for this feature are Clang 4.0, + * armclang 6.6 or GCC 6.0. + * + * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for + * armclang <= 6.9 + * + * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the + * same time as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. + * + * Requires: MBEDTLS_SHA256_C. + * + * Module: library/sha256.c + * + * Uncomment to have the library check for the A64 SHA-256 crypto extensions + * and use them if available. + */ +//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT + +/** + * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY + * + * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms + * with the ARMv8 cryptographic extensions, which must be available at runtime + * or else an illegal instruction fault will occur. + * + * \note This allows builds with a smaller code size than with + * MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT + * + * \note Minimum compiler versions for this feature are Clang 4.0, + * armclang 6.6 or GCC 6.0. + * + * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for + * armclang <= 6.9 + * + * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY cannot be defined at the same + * time as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT. + * + * Requires: MBEDTLS_SHA256_C. + * + * Module: library/sha256.c + * + * Uncomment to have the library use the A64 SHA-256 crypto extensions + * unconditionally. + */ +//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY + +/** + * \def MBEDTLS_SHA384_C + * + * Enable the SHA-384 cryptographic hash algorithm. + * + * Module: library/sha512.c + * Caller: library/md.c + * library/psa_crypto_hash.c + * library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c + * + * Comment to disable SHA-384 + */ +#define MBEDTLS_SHA384_C + +/** + * \def MBEDTLS_SHA512_C + * + * Enable SHA-512 cryptographic hash algorithms. + * + * Module: library/sha512.c + * Caller: library/entropy.c + * library/md.c + * library/ssl_tls.c + * library/ssl_cookie.c + * + * This module adds support for SHA-512. + */ +#define MBEDTLS_SHA512_C + +/** + * \def MBEDTLS_SHA3_C + * + * Enable the SHA3 cryptographic hash algorithm. + * + * Module: library/sha3.c + * + * This module adds support for SHA3. + */ +#define MBEDTLS_SHA3_C + +/** + * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT + * + * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms + * with the ARMv8 cryptographic extensions if they are available at runtime. + * If not, the library will fall back to the C implementation. + * + * \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building + * for a non-Aarch64 build it will be silently ignored. + * + * \note Minimum compiler versions for this feature are Clang 7.0, + * armclang 6.9 or GCC 8.0. + * + * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for + * armclang 6.9 + * + * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the + * same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. + * + * Requires: MBEDTLS_SHA512_C. + * + * Module: library/sha512.c + * + * Uncomment to have the library check for the A64 SHA-512 crypto extensions + * and use them if available. + */ +//#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT + +/** + * \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY + * + * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms + * with the ARMv8 cryptographic extensions, which must be available at runtime + * or else an illegal instruction fault will occur. + * + * \note This allows builds with a smaller code size than with + * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT + * + * \note Minimum compiler versions for this feature are Clang 7.0, + * armclang 6.9 or GCC 8.0. + * + * \note \c CFLAGS must be set to a minimum of \c -march=armv8.2-a+sha3 for + * armclang 6.9 + * + * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same + * time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT. + * + * Requires: MBEDTLS_SHA512_C. + * + * Module: library/sha512.c + * + * Uncomment to have the library use the A64 SHA-512 crypto extensions + * unconditionally. + */ +//#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY + +/** + * \def MBEDTLS_SSL_CACHE_C + * + * Enable simple SSL cache implementation. + * + * Module: library/ssl_cache.c + * Caller: + * + * Requires: MBEDTLS_SSL_CACHE_C + */ +#define MBEDTLS_SSL_CACHE_C + +/** + * \def MBEDTLS_SSL_COOKIE_C + * + * Enable basic implementation of DTLS cookies for hello verification. + * + * Module: library/ssl_cookie.c + * Caller: + */ +#define MBEDTLS_SSL_COOKIE_C + +/** + * \def MBEDTLS_SSL_TICKET_C + * + * Enable an implementation of TLS server-side callbacks for session tickets. + * + * Module: library/ssl_ticket.c + * Caller: + * + * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) && + * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) + */ +#define MBEDTLS_SSL_TICKET_C + +/** + * \def MBEDTLS_SSL_CLI_C + * + * Enable the SSL/TLS client code. + * + * Module: library/ssl*_client.c + * Caller: + * + * Requires: MBEDTLS_SSL_TLS_C + * + * This module is required for SSL/TLS client support. + */ +#define MBEDTLS_SSL_CLI_C + +/** + * \def MBEDTLS_SSL_SRV_C + * + * Enable the SSL/TLS server code. + * + * Module: library/ssl*_server.c + * Caller: + * + * Requires: MBEDTLS_SSL_TLS_C + * + * This module is required for SSL/TLS server support. + */ +#define MBEDTLS_SSL_SRV_C + +/** + * \def MBEDTLS_SSL_TLS_C + * + * Enable the generic SSL/TLS code. + * + * Module: library/ssl_tls.c + * Caller: library/ssl*_client.c + * library/ssl*_server.c + * + * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C + * and at least one of the MBEDTLS_SSL_PROTO_XXX defines + * + * This module is required for SSL/TLS. + */ +#define MBEDTLS_SSL_TLS_C + +/** + * \def MBEDTLS_THREADING_C + * + * Enable the threading abstraction layer. + * By default Mbed TLS assumes it is used in a non-threaded environment or that + * contexts are not shared between threads. If you do intend to use contexts + * between threads, you will need to enable this layer to prevent race + * conditions. See also our Knowledge Base article about threading: + * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading + * + * Module: library/threading.c + * + * This allows different threading implementations (self-implemented or + * provided). + * + * You will have to enable either MBEDTLS_THREADING_ALT or + * MBEDTLS_THREADING_PTHREAD. + * + * Enable this layer to allow use of mutexes within Mbed TLS + */ +//#define MBEDTLS_THREADING_C + +/** + * \def MBEDTLS_TIMING_C + * + * Enable the semi-portable timing interface. + * + * \note The provided implementation only works on POSIX/Unix (including Linux, + * BSD and OS X) and Windows. On other platforms, you can either disable that + * module and provide your own implementations of the callbacks needed by + * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide + * your own implementation of the whole module by setting + * \c MBEDTLS_TIMING_ALT in the current file. + * + * \note The timing module will include time.h on suitable platforms + * regardless of the setting of MBEDTLS_HAVE_TIME, unless + * MBEDTLS_TIMING_ALT is used. See timing.c for more information. + * + * \note See also our Knowledge Base article about porting to a new + * environment: + * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * + * Module: library/timing.c + */ +#define MBEDTLS_TIMING_C + +/** + * \def MBEDTLS_VERSION_C + * + * Enable run-time version information. + * + * Module: library/version.c + * + * This module provides run-time version information. + */ +#define MBEDTLS_VERSION_C + +/** + * \def MBEDTLS_X509_USE_C + * + * Enable X.509 core for using certificates. + * + * Module: library/x509.c + * Caller: library/x509_crl.c + * library/x509_crt.c + * library/x509_csr.c + * + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO) + * + * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call + * psa_crypto_init() before doing any X.509 operation. + * + * This module is required for the X.509 parsing modules. + */ +#define MBEDTLS_X509_USE_C + +/** + * \def MBEDTLS_X509_CRT_PARSE_C + * + * Enable X.509 certificate parsing. + * + * Module: library/x509_crt.c + * Caller: library/ssl_tls.c + * library/ssl*_client.c + * library/ssl*_server.c + * + * Requires: MBEDTLS_X509_USE_C + * + * This module is required for X.509 certificate parsing. + */ +#define MBEDTLS_X509_CRT_PARSE_C + +/** + * \def MBEDTLS_X509_CRL_PARSE_C + * + * Enable X.509 CRL parsing. + * + * Module: library/x509_crl.c + * Caller: library/x509_crt.c + * + * Requires: MBEDTLS_X509_USE_C + * + * This module is required for X.509 CRL parsing. + */ +#define MBEDTLS_X509_CRL_PARSE_C + +/** + * \def MBEDTLS_X509_CSR_PARSE_C + * + * Enable X.509 Certificate Signing Request (CSR) parsing. + * + * Module: library/x509_csr.c + * Caller: library/x509_crt_write.c + * + * Requires: MBEDTLS_X509_USE_C + * + * This module is used for reading X.509 certificate request. + */ +#define MBEDTLS_X509_CSR_PARSE_C + +/** + * \def MBEDTLS_X509_CREATE_C + * + * Enable X.509 core for creating certificates. + * + * Module: library/x509_create.c + * + * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO) + * + * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call + * psa_crypto_init() before doing any X.509 create operation. + * + * This module is the basis for creating X.509 certificates and CSRs. + */ +#define MBEDTLS_X509_CREATE_C + +/** + * \def MBEDTLS_X509_CRT_WRITE_C + * + * Enable creating X.509 certificates. + * + * Module: library/x509_crt_write.c + * + * Requires: MBEDTLS_X509_CREATE_C + * + * This module is required for X.509 certificate creation. + */ +#define MBEDTLS_X509_CRT_WRITE_C + +/** + * \def MBEDTLS_X509_CSR_WRITE_C + * + * Enable creating X.509 Certificate Signing Requests (CSR). + * + * Module: library/x509_csr_write.c + * + * Requires: MBEDTLS_X509_CREATE_C + * + * This module is required for X.509 certificate request writing. + */ +#define MBEDTLS_X509_CSR_WRITE_C + +/** \} name SECTION: Mbed TLS modules */ + +/** + * \name SECTION: General configuration options + * + * This section contains Mbed TLS build settings that are not associated + * with a particular module. + * + * \{ + */ + +/** + * \def MBEDTLS_CONFIG_FILE + * + * If defined, this is a header which will be included instead of + * `"mbedtls/mbedtls_config.h"`. + * This header file specifies the compile-time configuration of Mbed TLS. + * Unlike other configuration options, this one must be defined on the + * compiler command line: a definition in `mbedtls_config.h` would have + * no effect. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h" + +/** + * \def MBEDTLS_USER_CONFIG_FILE + * + * If defined, this is a header which will be included after + * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE. + * This allows you to modify the default configuration, including the ability + * to undefine options that are enabled by default. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_USER_CONFIG_FILE "/dev/null" + +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE + * + * If defined, this is a header which will be included instead of + * `"psa/crypto_config.h"`. + * This header file specifies which cryptographic mechanisms are available + * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and + * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h" + +/** + * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE + * + * If defined, this is a header which will be included after + * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE. + * This allows you to modify the default configuration, including the ability + * to undefine options that are enabled by default. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null" + +/** + * \def MBEDTLS_PSA_CRYPTO_PLATFORM_FILE + * + * If defined, this is a header which will be included instead of + * `"psa/crypto_platform.h"`. This file should declare the same identifiers + * as the one in Mbed TLS, but with definitions adapted to the platform on + * which the library code will run. + * + * \note The required content of this header can vary from one version of + * Mbed TLS to the next. Integrators who provide an alternative file + * should review the changes in the original file whenever they + * upgrade Mbed TLS. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h" + +/** + * \def MBEDTLS_PSA_CRYPTO_STRUCT_FILE + * + * If defined, this is a header which will be included instead of + * `"psa/crypto_struct.h"`. This file should declare the same identifiers + * as the one in Mbed TLS, but with definitions adapted to the environment + * in which the library code will run. The typical use for this feature + * is to provide alternative type definitions on the client side in + * client-server integrations of PSA crypto, where operation structures + * contain handles instead of cryptographic data. + * + * \note The required content of this header can vary from one version of + * Mbed TLS to the next. Integrators who provide an alternative file + * should review the changes in the original file whenever they + * upgrade Mbed TLS. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h" + +/** \} name SECTION: General configuration options */ + +/** + * \name SECTION: Module configuration options + * + * This section allows for the setting of module specific sizes and + * configuration options. The default values are already present in the + * relevant header files and should suffice for the regular use cases. + * + * Our advice is to enable options and change their values here + * only if you have a good reason and know the consequences. + * \{ + */ +/* The Doxygen documentation here is used when a user comments out a + * setting and runs doxygen themselves. On the other hand, when we typeset + * the full documentation including disabled settings, the documentation + * in specific modules' header files is used if present. When editing this + * file, make sure that each option is documented in exactly one place, + * plus optionally a same-line Doxygen comment here if there is a Doxygen + * comment in the specific module. */ + +/* MPI / BIGNUM options */ +//#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */ +//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ + +/* CTR_DRBG options */ +//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ +//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ + +/* HMAC_DRBG options */ +//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ + +/* ECP options */ +//#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */ +//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ + +/* Entropy options */ +//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ +//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ +//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ + +/* Memory buffer allocator options */ +//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ + +/* Platform options */ +//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ + +/** \def MBEDTLS_PLATFORM_STD_CALLOC + * + * Default allocator to use, can be undefined. + * It must initialize the allocated buffer memory to zeroes. + * The size of the buffer is the product of the two parameters. + * The calloc function returns either a null pointer or a pointer to the allocated space. + * If the product is 0, the function may either return NULL or a valid pointer to an array of size 0 which is a valid input to the deallocation function. + * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer. + * See the description of #MBEDTLS_PLATFORM_MEMORY for more details. + * The corresponding deallocation function is #MBEDTLS_PLATFORM_STD_FREE. + */ +//#define MBEDTLS_PLATFORM_STD_CALLOC calloc + +/** \def MBEDTLS_PLATFORM_STD_FREE + * + * Default free to use, can be undefined. + * NULL is a valid parameter, and the function must do nothing. + * A non-null parameter will always be a pointer previously returned by #MBEDTLS_PLATFORM_STD_CALLOC and not yet freed. + * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything. + * See the description of #MBEDTLS_PLATFORM_MEMORY for more details (same principles as for MBEDTLS_PLATFORM_STD_CALLOC apply). + */ +//#define MBEDTLS_PLATFORM_STD_FREE free +//#define MBEDTLS_PLATFORM_STD_SETBUF setbuf /**< Default setbuf to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ +/* Note: your snprintf must correctly zero-terminate the buffer! */ +//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ + +/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */ +/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ +//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_CALLOC for requirements. */ +//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_FREE for requirements. */ +//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_SETBUF_MACRO setbuf /**< Default setbuf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ +/* Note: your snprintf must correctly zero-terminate the buffer! */ +//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */ +//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +//#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t //#define MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO int64_t /**< Default milliseconds time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled. It must be signed, and at least 64 bits. If it is changed from the default, MBEDTLS_PRINTF_MS_TIME must be updated to match.*/ +//#define MBEDTLS_PRINTF_MS_TIME PRId64 /**< Default fmt for printf. That's avoid compiler warning if mbedtls_ms_time_t is redefined */ + +/** \def MBEDTLS_CHECK_RETURN + * + * This macro is used at the beginning of the declaration of a function + * to indicate that its return value should be checked. It should + * instruct the compiler to emit a warning or an error if the function + * is called without checking its return value. + * + * There is a default implementation for popular compilers in platform_util.h. + * You can override the default implementation by defining your own here. + * + * If the implementation here is empty, this will effectively disable the + * checking of functions' return values. + */ +//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__)) + +/** \def MBEDTLS_IGNORE_RETURN + * + * This macro requires one argument, which should be a C function call. + * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this + * warning is suppressed. + */ +//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result)) + +/* PSA options */ +/** + * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the + * PSA crypto subsystem. + * + * If this option is unset: + * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG. + * - Otherwise, the PSA subsystem uses HMAC_DRBG with either + * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and + * on unspecified heuristics. + */ +//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 + +/** \def MBEDTLS_PSA_KEY_SLOT_COUNT + * Restrict the PSA library to supporting a maximum amount of simultaneously + * loaded keys. A loaded key is a key stored by the PSA Crypto core as a + * volatile key, or a persistent key which is loaded temporarily by the + * library as part of a crypto operation in flight. + * + * If this option is unset, the library will fall back to a default value of + * 32 keys. + */ +//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 + +/* RSA OPTIONS */ +//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */ + +/* SSL Cache options */ +//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ +//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ + +/* SSL options */ + +/** \def MBEDTLS_SSL_IN_CONTENT_LEN + * + * Maximum length (in bytes) of incoming plaintext fragments. + * + * This determines the size of the incoming TLS I/O buffer in such a way + * that it is capable of holding the specified amount of plaintext data, + * regardless of the protection mechanism used. + * + * \note When using a value less than the default of 16KB on the client, it is + * recommended to use the Maximum Fragment Length (MFL) extension to + * inform the server about this limitation. On the server, there + * is no supported, standardized way of informing the client about + * restriction on the maximum size of incoming messages, and unless + * the limitation has been communicated by other means, it is recommended + * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN + * while keeping the default value of 16KB for the incoming buffer. + * + * Uncomment to set the maximum plaintext size of the incoming I/O buffer. + */ +//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 + +/** \def MBEDTLS_SSL_CID_IN_LEN_MAX + * + * The maximum length of CIDs used for incoming DTLS messages. + * + */ +//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32 + +/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX + * + * The maximum length of CIDs used for outgoing DTLS messages. + * + */ +//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32 + +/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY + * + * This option controls the use of record plaintext padding + * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2. + * + * The padding will always be chosen so that the length of the + * padded plaintext is a multiple of the value of this option. + * + * Note: A value of \c 1 means that no padding will be used + * for outgoing records. + * + * Note: On systems lacking division instructions, + * a power of two should be preferred. + */ +//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 + +/** \def MBEDTLS_SSL_OUT_CONTENT_LEN + * + * Maximum length (in bytes) of outgoing plaintext fragments. + * + * This determines the size of the outgoing TLS I/O buffer in such a way + * that it is capable of holding the specified amount of plaintext data, + * regardless of the protection mechanism used. + * + * It is possible to save RAM by setting a smaller outward buffer, while keeping + * the default inward 16384 byte buffer to conform to the TLS specification. + * + * The minimum required outward buffer size is determined by the handshake + * protocol's usage. Handshaking will fail if the outward buffer is too small. + * The specific size requirement depends on the configured ciphers and any + * certificate data which is sent during the handshake. + * + * Uncomment to set the maximum plaintext size of the outgoing I/O buffer. + */ +//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 + +/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING + * + * Maximum number of heap-allocated bytes for the purpose of + * DTLS handshake message reassembly and future message buffering. + * + * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN + * to account for a reassembled handshake message of maximum size, + * together with its reassembly bitmap. + * + * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) + * should be sufficient for all practical situations as it allows + * to reassembly a large handshake message (such as a certificate) + * while buffering multiple smaller handshake messages. + * + */ +//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 + +//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */ +//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ + +/** + * Complete list of ciphersuites to use, in order of preference. + * + * \warning No dependency checking is done on that field! This option can only + * be used to restrict the set of available ciphersuites. It is your + * responsibility to make sure the needed modules are active. + * + * Use this to save a few hundred bytes of ROM (default ordering of all + * available ciphersuites) and a few to a few hundred bytes of RAM. + * + * The value below is only an example, not the default. + */ +//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + +/** + * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE + * + * The default maximum amount of 0-RTT data. See the documentation of + * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information. + * + * It must be positive and smaller than UINT32_MAX. + * + * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not + * have any impact on the build. + * + * This feature is experimental, not completed and thus not ready for + * production. + * + */ +//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 + +/** + * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + * + * Maximum time difference in milliseconds tolerated between the age of a + * ticket from the server and client point of view. + * From the client point of view, the age of a ticket is the time difference + * between the time when the client proposes to the server to use the ticket + * (time of writing of the Pre-Shared Key Extension including the ticket) and + * the time the client received the ticket from the server. + * From the server point of view, the age of a ticket is the time difference + * between the time when the server receives a proposition from the client + * to use the ticket and the time when the ticket was created by the server. + * The server age is expected to be always greater than the client one and + * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the + * maximum difference tolerated for the server to accept the ticket. + * This is not used in TLS 1.2. + * + */ +//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 + +/** + * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH + * + * Size in bytes of a ticket nonce. This is not used in TLS 1.2. + * + * This must be less than 256. + */ +//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 + +/** + * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS + * + * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server + * after handshake completion. This is not used in TLS 1.2 and relevant only if + * the MBEDTLS_SSL_SESSION_TICKETS option is enabled. + * + */ +//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 + +/* X509 options */ +//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ +//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ + +/** \} name SECTION: Module configuration options */ diff --git a/lib/net.js b/lib/net.js new file mode 100644 index 0000000..522468b --- /dev/null +++ b/lib/net.js @@ -0,0 +1,81 @@ +const { net } = lo.load('net') + +const AF_INET = 2 +const SOCK_STREAM = 1 +const SOCK_NONBLOCK = 2048 +const O_NONBLOCK = 2048 +const SOL_SOCKET = 1 +const SO_REUSEPORT = 15 +const SOCKADDR_LEN = 16 +const SOMAXCONN = 128 +const O_CLOEXEC = 0x80000 +const SOCK_CLOEXEC = 524288 +const MSG_NOSIGNAL = 16384 +const PF_PACKET = 17 +const SOCK_DGRAM = 2 // for IP frames +const SOCK_RAW = 3 // for Ethernet frames +const ETH_P_ALL = 3 +const ETH_P_ARP = 0x0806 +const SIOCGIFHWADDR = 0x8927 +const SIOCGIFINDEX = 0x8933 +const SIOCGIFADDR = 0x8915 +const SIOCSIFADDR = 0x8916 +const IPPROTO_RAW = 255 + +const IFF_TUN = 0x0001 +const IFF_TAP = 0x0002 +const IFF_NO_PI = 0x1000 +const IFF_UP = 1 +const IFF_DOWN = 0 +const SIOCSIFFLAGS = 0x8914 +const SIOCSIFNETMASK = 0x891c +const TUNSETIFF = 1074025674 +const TUNSETPERSIST = 1074025675 +const EAGAIN = 11 + +net.constants = { + AF_INET, SOCK_STREAM, SOCK_NONBLOCK, O_NONBLOCK, SOL_SOCKET, SO_REUSEPORT, + SOCKADDR_LEN, SOMAXCONN, O_CLOEXEC, SOCK_CLOEXEC, MSG_NOSIGNAL, PF_PACKET, + SOCK_DGRAM, SOCK_RAW, ETH_P_ALL, ETH_P_ARP, SIOCGIFADDR, SIOCGIFHWADDR, + SIOCGIFINDEX, IPPROTO_RAW, IFF_TUN, IFF_TAP, IFF_NO_PI, IFF_UP, IFF_DOWN, + SIOCSIFFLAGS, SIOCSIFADDR, SIOCSIFNETMASK, TUNSETIFF, TUNSETPERSIST, EAGAIN +} + +function inet_aton(ip){ + const [b0, b1, b2, b3] = ip.split('.').map(v => (parseInt(v, 10) & 0xff)) + return (b0 << 24) + (b1 << 16) + (b2 << 8) + b3 +} + +function sockaddr_in (ip, port) { + const buf = new ArrayBuffer(16) + const dv = new DataView(buf) + dv.setInt16(0, AF_INET, true) + dv.setUint16(2, port & 0xffff) + dv.setUint32(4, inet_aton(ip)) + return new Uint8Array(buf) +} + +net.pipe = (pipes, flags = O_CLOEXEC) => { + const fds = new Uint32Array(2) + const rc = net.pipe2(fds, flags) + if (rc === 0) { + pipes[0] = fds[0] + pipes[1] = fds[1] + } + return rc +} + +net.inet_aton = inet_aton + +const on = new Uint32Array([1]) +const off = new Uint32Array([0]) + +net.on = on +net.off = off + +net.types = { + sockaddr_in, + inet_aton +} + +export { net } diff --git a/lib/net/api.js b/lib/net/api.js index 885b756..5fc62c5 100644 --- a/lib/net/api.js +++ b/lib/net/api.js @@ -34,6 +34,12 @@ const api = { parameters: ['i32', 'buffer', 'u32', 'i32'], result: 'i32' }, + send_string: { + parameters: ['i32', 'string', 'i32', 'u32'], + override: [, , { param: 1, fastfield: '->length', slowfield: '.length()' }, 0], + result: 'i32', + name: 'send' + }, send2: { parameters: ['i32', 'pointer', 'i32', 'u32'], result: 'i32', @@ -84,7 +90,7 @@ const api = { }, write_string: { parameters: ['i32', 'string', 'i32'], -// override: [, , { param: 1, fastfield: '->length', slowfield: '.length()' }], + override: [, , { param: 1, fastfield: '->length', slowfield: '.length()' }], result: 'i32', name: 'write' }, @@ -112,6 +118,39 @@ const api = { } } +const constants = { + EINPROGRESS: 'i32', + EAGAIN: 'i32', + AF_INET: 'i32', + SOCK_STREAM: 'i32', + SOCK_NONBLOCK: 'i32', + SOL_SOCKET: 'i32', + SO_REUSEPORT: 'i32', +// SOCKADDR_LEN: 'i32', + SOMAXCONN: 'i32', + SOCK_CLOEXEC: 'i32', + MSG_NOSIGNAL: 'i32', + PF_PACKET: 'i32', + SOCK_DGRAM: 'i32', + SOCK_RAW: 'i32', + ETH_P_ALL: 'i32', + ETH_P_ARP: 'i32', + SIOCGIFADDR: 'i32', + SIOCGIFHWADDR: 'i32', + SIOCGIFINDEX: 'i32', + IPPROTO_RAW: 'i32', +// IFF_TUN: 'i32', +// IFF_TAP: 'i32', +// IFF_NO_PI: 'i32', +// IFF_UP: 'i32', +// IFF_DOWN: 'i32', + SIOCSIFFLAGS: 'i32', + SIOCSIFADDR: 'i32', + SIOCSIFNETMASK: 'i32', +// TUNSETIFF: 'i32', +// TUNSETPERSIST: 'i32', +} + const includes = [ 'sys/socket.h', 'arpa/inet.h', @@ -127,4 +166,4 @@ const includes = [ ] const name = 'net' -export { api, includes, name } +export { api, includes, name, constants } diff --git a/lib/net/net.cc b/lib/net/net.cc index d420218..31de341 100644 --- a/lib/net/net.cc +++ b/lib/net/net.cc @@ -162,6 +162,18 @@ v8::CTypeInfo rcsend = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); v8::CFunctionInfo infosend = v8::CFunctionInfo(rcsend, 5, cargssend); v8::CFunction pFsend = v8::CFunction((const void*)&sendFast, &infosend); +int32_t send_stringFast(void* p, int32_t p0, struct FastOneByteString* const p1, uint32_t p3); +v8::CTypeInfo cargssend_string[5] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), + v8::CTypeInfo(v8::CTypeInfo::Type::kSeqOneByteString), + v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), +}; +v8::CTypeInfo rcsend_string = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infosend_string = v8::CFunctionInfo(rcsend_string, 5, cargssend_string); +v8::CFunction pFsend_string = v8::CFunction((const void*)&send_stringFast, &infosend_string); + int32_t send2Fast(void* p, int32_t p0, void* p1, int32_t p2, uint32_t p3); v8::CTypeInfo cargssend2[5] = { v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), @@ -284,7 +296,7 @@ v8::CTypeInfo rcread = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); v8::CFunctionInfo inforead = v8::CFunctionInfo(rcread, 4, cargsread); v8::CFunction pFread = v8::CFunction((const void*)&readFast, &inforead); -int32_t write_stringFast(void* p, int32_t p0, struct FastOneByteString* const p1, int32_t p2); +int32_t write_stringFast(void* p, int32_t p0, struct FastOneByteString* const p1); v8::CTypeInfo cargswrite_string[4] = { v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), v8::CTypeInfo(v8::CTypeInfo::Type::kInt32), @@ -480,6 +492,23 @@ int32_t sendFast(void* p, int32_t p0, struct FastApiTypedArray* const p1, uint32 int32_t v3 = p3; return send(v0, v1, v2, v3); } +void send_stringSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + int32_t v0 = Local::Cast(args[0])->Value(); + String::Utf8Value v1(isolate, args[1]); + int32_t v2 = v1.length(); + uint32_t v3 = Local::Cast(args[3])->Value(); + int32_t rc = send(v0, *v1, v2, v3); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t send_stringFast(void* p, int32_t p0, struct FastOneByteString* const p1, uint32_t p3) { + int32_t v0 = p0; + struct FastOneByteString* const v1 = p1; + int32_t v2 = p1->length; + uint32_t v3 = 0; + return send(v0, v1->data, v2, v3); +} void send2Slow(const FunctionCallbackInfo &args) { Isolate *isolate = args.GetIsolate(); int32_t v0 = Local::Cast(args[0])->Value(); @@ -682,15 +711,15 @@ void write_stringSlow(const FunctionCallbackInfo &args) { Isolate *isolate = args.GetIsolate(); int32_t v0 = Local::Cast(args[0])->Value(); String::Utf8Value v1(isolate, args[1]); - int32_t v2 = Local::Cast(args[2])->Value(); + int32_t v2 = v1.length(); int32_t rc = write(v0, *v1, v2); args.GetReturnValue().Set(Number::New(isolate, rc)); } -int32_t write_stringFast(void* p, int32_t p0, struct FastOneByteString* const p1, int32_t p2) { +int32_t write_stringFast(void* p, int32_t p0, struct FastOneByteString* const p1) { int32_t v0 = p0; struct FastOneByteString* const v1 = p1; - int32_t v2 = p2; + int32_t v2 = p1->length; return write(v0, v1->data, v2); } void writeSlow(const FunctionCallbackInfo &args) { @@ -781,6 +810,7 @@ void Init(Isolate* isolate, Local target) { SET_FAST_METHOD(isolate, module, "close", &pFclose, closeSlow); SET_FAST_METHOD(isolate, module, "accept4", &pFaccept4, accept4Slow); SET_FAST_METHOD(isolate, module, "send", &pFsend, sendSlow); + SET_FAST_METHOD(isolate, module, "send_string", &pFsend_string, send_stringSlow); SET_FAST_METHOD(isolate, module, "send2", &pFsend2, send2Slow); SET_FAST_METHOD(isolate, module, "sendto", &pFsendto, sendtoSlow); SET_FAST_METHOD(isolate, module, "recv", &pFrecv, recvSlow); @@ -798,6 +828,28 @@ void Init(Isolate* isolate, Local target) { SET_FAST_METHOD(isolate, module, "ioctl", &pFioctl, ioctlSlow); SET_FAST_METHOD(isolate, module, "ioctl2", &pFioctl2, ioctl2Slow); + SET_VALUE(isolate, module, "EINPROGRESS", Integer::New(isolate, EINPROGRESS)); + SET_VALUE(isolate, module, "EAGAIN", Integer::New(isolate, EAGAIN)); + SET_VALUE(isolate, module, "AF_INET", Integer::New(isolate, AF_INET)); + SET_VALUE(isolate, module, "SOCK_STREAM", Integer::New(isolate, SOCK_STREAM)); + SET_VALUE(isolate, module, "SOCK_NONBLOCK", Integer::New(isolate, SOCK_NONBLOCK)); + SET_VALUE(isolate, module, "SOL_SOCKET", Integer::New(isolate, SOL_SOCKET)); + SET_VALUE(isolate, module, "SO_REUSEPORT", Integer::New(isolate, SO_REUSEPORT)); + SET_VALUE(isolate, module, "SOMAXCONN", Integer::New(isolate, SOMAXCONN)); + SET_VALUE(isolate, module, "SOCK_CLOEXEC", Integer::New(isolate, SOCK_CLOEXEC)); + SET_VALUE(isolate, module, "MSG_NOSIGNAL", Integer::New(isolate, MSG_NOSIGNAL)); + SET_VALUE(isolate, module, "PF_PACKET", Integer::New(isolate, PF_PACKET)); + SET_VALUE(isolate, module, "SOCK_DGRAM", Integer::New(isolate, SOCK_DGRAM)); + SET_VALUE(isolate, module, "SOCK_RAW", Integer::New(isolate, SOCK_RAW)); + SET_VALUE(isolate, module, "ETH_P_ALL", Integer::New(isolate, ETH_P_ALL)); + SET_VALUE(isolate, module, "ETH_P_ARP", Integer::New(isolate, ETH_P_ARP)); + SET_VALUE(isolate, module, "SIOCGIFADDR", Integer::New(isolate, SIOCGIFADDR)); + SET_VALUE(isolate, module, "SIOCGIFHWADDR", Integer::New(isolate, SIOCGIFHWADDR)); + SET_VALUE(isolate, module, "SIOCGIFINDEX", Integer::New(isolate, SIOCGIFINDEX)); + SET_VALUE(isolate, module, "IPPROTO_RAW", Integer::New(isolate, IPPROTO_RAW)); + SET_VALUE(isolate, module, "SIOCSIFFLAGS", Integer::New(isolate, SIOCSIFFLAGS)); + SET_VALUE(isolate, module, "SIOCSIFADDR", Integer::New(isolate, SIOCSIFADDR)); + SET_VALUE(isolate, module, "SIOCSIFNETMASK", Integer::New(isolate, SIOCSIFNETMASK)); SET_MODULE(isolate, target, "net", module); diff --git a/lib/pico.js b/lib/pico.js new file mode 100644 index 0000000..4b8aebf --- /dev/null +++ b/lib/pico.js @@ -0,0 +1,117 @@ +const { pico } = lo.load('pico') + +const { ptr, addr, latin1Decode } = lo + +const rx = /-/g + +class ResponseParser { + #minor_version = ptr(new Uint32Array(1)) + #status_code = ptr(new Uint32Array(1)) + #num_headers = ptr(new Uint32Array(1)) + #message = ptr(new Uint32Array(2)) + #message_len = ptr(new Uint32Array(1)) + #raw_headers = ptr(new Uint32Array(8 * 16)) + rb = new Uint8Array(0) + + constructor (rb, n_headers = 16) { + this.rb = rb.ptr ? rb : ptr(rb) + this.#num_headers[0] = n_headers + if (n_headers !== 16) { + this.#raw_headers = ptr(new Uint32Array(8 * n_headers)) + } + this.parse = (new Function('parse', 'ptr', 'size', ` + return function (len = size) { + return parse(ptr, len, ${this.#minor_version.ptr}, + ${this.#status_code.ptr}, ${this.#message.ptr}, ${this.#message_len.ptr}, + ${this.#raw_headers.ptr}, ${this.#num_headers.ptr}, 0) + } + `))(pico.parse_response, rb.ptr, rb.size) + } + + get status () { + return this.#status_code[0] + } + + get minor_version () { + return this.#minor_version[9] + } + + get headers () { + const nhead = this.#num_headers[0] + const raw_headers = this.#raw_headers + let n = 0 + const result = {} + for (let i = 0; i < nhead; i++) { + const key_address = addr(raw_headers.subarray(n, n + 2)) + const key_len = raw_headers[n + 2] + const val_address = addr(raw_headers.subarray(n + 4, n + 6)) + const val_len = raw_headers[n + 6] + const key_string = latin1Decode(key_address, key_len).toLowerCase().replace(rx, '_') + const val_string = latin1Decode(val_address, val_len) + result[key_string] = val_string + n += 8 + } + return result + } +} + + +class RequestParser { + #method = ptr(new Uint32Array(2)) + #method_len = ptr(new Uint32Array(2)) + #path = ptr(new Uint32Array(2)) + #path_len = ptr(new Uint32Array(2)) + #minor_version = ptr(new Uint32Array(1)) + #raw_headers = ptr(new Uint32Array(8 * 16)) + #num_headers = ptr(new Uint32Array(2)) + rb = new Uint8Array(0) + + constructor (rb, n_headers = 16) { + this.rb = rb.ptr ? rb : ptr(rb) + this.#num_headers[0] = n_headers + if (n_headers !== 16) { + this.#raw_headers = ptr(new Uint32Array(8 * n_headers)) + } + this.parse = (new Function('parse', 'ptr', 'size', ` + return function (len = size) { + return parse(ptr, len, ${this.#method.ptr}, + ${this.#method_len.ptr}, ${this.#path.ptr}, ${this.#path_len.ptr}, + ${this.#minor_version.ptr}, ${this.#raw_headers.ptr}, ${this.#num_headers.ptr}, 0) + } + `))(pico.parse_request, rb.ptr, rb.size) + } + + get method () { + const method_address = addr(this.#method) + return latin1Decode(method_address, this.#method_len[0]) + } + + get path () { + const path_address = addr(this.#path) + return latin1Decode(path_address, this.#path_len[0]) + } + + get minor_version () { + return this.#minor_version[9] + } + + get headers () { + const nhead = this.#num_headers[0] + const raw_headers = this.#raw_headers + let n = 0 + const result = {} + for (let i = 0; i < nhead; i++) { + const key_address = addr(raw_headers.subarray(n, n + 2)) + const key_len = raw_headers[n + 2] + const val_address = addr(raw_headers.subarray(n + 4, n + 6)) + const val_len = raw_headers[n + 6] + const key_string = latin1Decode(key_address, key_len).toLowerCase().replace(rx, '_') + const val_string = latin1Decode(val_address, val_len) + result[key_string] = val_string + n += 8 + } + return result + } +} + +export { RequestParser, ResponseParser, pico } diff --git a/lib/pico/api.js b/lib/pico/api.js index 70982b6..1510743 100644 --- a/lib/pico/api.js +++ b/lib/pico/api.js @@ -22,12 +22,51 @@ const api = { pointers: ['char*', ,'httpResponse*'], result: 'i32', name: 'parse_response' + }, +/* +int phr_parse_request(const char *buf, size_t len, const char **method, + size_t *method_len, const char **path, size_t *path_len, int *minor_version, + struct phr_header *headers, size_t *num_headers, size_t last_len); + +int phr_parse_response(const char *_buf, size_t len, int *minor_version, + int *status, const char **msg, size_t *msg_len, struct phr_header *headers, + size_t *num_headers, size_t last_len); +*/ + parse_request: { + parameters: [ + 'pointer', 'u32', 'pointer', 'pointer', 'pointer', 'pointer', + 'pointer', 'pointer', 'pointer', 'u64' + ], + pointers: [ + 'const char*', ,'const char **', 'size_t *', 'const char **', 'size_t *', + 'int*', 'struct phr_header *', 'size_t *' + ], + result: 'i32', + name: 'phr_parse_request' + }, + parse_response: { + parameters: [ + 'pointer', 'u32', 'pointer', 'pointer', 'pointer', 'pointer', + 'pointer', 'pointer', 'u32' + ], + pointers: [ + 'const char*', ,'int *', 'int *', 'const char **', 'size_t *', + 'struct phr_header *', 'size_t *' + ], + result: 'i32', + name: 'phr_parse_response' + }, + decode_chunked: { + parameters: ['pointer', 'pointer', 'pointer'], + pointers: ['struct phr_chunked_decoder *', 'char*', 'size_t*'], + result: 'i32', + name: 'phr_decode_chunked' } } const name = 'pico' const includes = ['picohttpparser.h'] -const obj = ['picohttpparser.o'] +const obj = ['picohttpparser.o', 'pico.a'] const preamble = ` #define JUST_MAX_HEADERS 14 @@ -113,17 +152,5 @@ int parse_response(char* next, ssize_t bytes, httpResponse* res) { ` -import { fetch } from 'lib/curl.js' -import { exec } from 'lib/proc.js' - -async function build (C = 'gcc', CC = 'g++') { - fetch('https://raw.githubusercontent.com/h2o/picohttpparser/master/picohttpparser.h', 'picohttpparser.h') - fetch('https://raw.githubusercontent.com/h2o/picohttpparser/master/picohttpparser.c', 'picohttpparser.c') - const status = new Int32Array(2) - const CARGS = C.split(' ') - const ARCH_ARGS = ['-fPIC', '-O3', '-Wall', '-Wextra', '-std=c11'] - if (lo.core.arch === 'x64') ARCH_ARGS.push('-msse4') - exec(CARGS[0], [...CARGS.slice(1), '-c', '-I.', ...ARCH_ARGS, '-o', 'picohttpparser.o', 'picohttpparser.c'], status) -} - -export { name, api, includes, obj, preamble, build } +const structs = ['phr_chunked_decoder'] +export { name, api, includes, obj, preamble, structs } diff --git a/lib/pico/build.js b/lib/pico/build.js new file mode 100644 index 0000000..0093bed --- /dev/null +++ b/lib/pico/build.js @@ -0,0 +1,14 @@ +import { fetch } from 'lib/curl.js' +import { exec } from 'lib/proc.js' + +async function build (C = 'gcc', CC = 'g++') { + fetch('https://raw.githubusercontent.com/h2o/picohttpparser/master/picohttpparser.h', 'picohttpparser.h') + fetch('https://raw.githubusercontent.com/h2o/picohttpparser/master/picohttpparser.c', 'picohttpparser.c') + const status = new Int32Array(2) + const CARGS = C.split(' ') + const ARCH_ARGS = ['-fPIC', '-O3', '-Wall', '-Wextra', '-std=c11'] + if (lo.core.arch === 'x64') ARCH_ARGS.push('-msse4') + exec(CARGS[0], [...CARGS.slice(1), '-c', '-I.', ...ARCH_ARGS, '-o', 'picohttpparser.o', 'picohttpparser.c'], status) +} + +export { build } diff --git a/lib/pico/pico.cc b/lib/pico/pico.cc index 3f22424..5493f24 100644 --- a/lib/pico/pico.cc +++ b/lib/pico/pico.cc @@ -189,6 +189,52 @@ v8::CTypeInfo rcparseResponse2 = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); v8::CFunctionInfo infoparseResponse2 = v8::CFunctionInfo(rcparseResponse2, 4, cargsparseResponse2); v8::CFunction pFparseResponse2 = v8::CFunction((const void*)&parseResponse2Fast, &infoparseResponse2); +int32_t parse_requestFast(void* p, void* p0, uint32_t p1, void* p2, void* p3, void* p4, void* p5, void* p6, void* p7, void* p8, uint64_t p9); +v8::CTypeInfo cargsparse_request[11] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcparse_request = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infoparse_request = v8::CFunctionInfo(rcparse_request, 11, cargsparse_request); +v8::CFunction pFparse_request = v8::CFunction((const void*)&parse_requestFast, &infoparse_request); + +int32_t parse_responseFast(void* p, void* p0, uint32_t p1, void* p2, void* p3, void* p4, void* p5, void* p6, void* p7, uint32_t p8); +v8::CTypeInfo cargsparse_response[10] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint32), +}; +v8::CTypeInfo rcparse_response = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infoparse_response = v8::CFunctionInfo(rcparse_response, 10, cargsparse_response); +v8::CFunction pFparse_response = v8::CFunction((const void*)&parse_responseFast, &infoparse_response); + +int32_t decode_chunkedFast(void* p, void* p0, void* p1, void* p2); +v8::CTypeInfo cargsdecode_chunked[4] = { + v8::CTypeInfo(v8::CTypeInfo::Type::kV8Value), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), + v8::CTypeInfo(v8::CTypeInfo::Type::kUint64), +}; +v8::CTypeInfo rcdecode_chunked = v8::CTypeInfo(v8::CTypeInfo::Type::kInt32); +v8::CFunctionInfo infodecode_chunked = v8::CFunctionInfo(rcdecode_chunked, 4, cargsdecode_chunked); +v8::CFunction pFdecode_chunked = v8::CFunction((const void*)&decode_chunkedFast, &infodecode_chunked); + void parseRequestSlow(const FunctionCallbackInfo &args) { @@ -259,6 +305,77 @@ int32_t parseResponse2Fast(void* p, void* p0, uint32_t p1, void* p2) { httpResponse* v2 = reinterpret_cast(p2); return parse_response(v0, v1, v2); } +void parse_requestSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + const char* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + uint32_t v1 = Local::Cast(args[1])->Value(); + const char ** v2 = reinterpret_cast((uint64_t)Local::Cast(args[2])->Value()); + size_t * v3 = reinterpret_cast((uint64_t)Local::Cast(args[3])->Value()); + const char ** v4 = reinterpret_cast((uint64_t)Local::Cast(args[4])->Value()); + size_t * v5 = reinterpret_cast((uint64_t)Local::Cast(args[5])->Value()); + int* v6 = reinterpret_cast((uint64_t)Local::Cast(args[6])->Value()); + struct phr_header * v7 = reinterpret_cast((uint64_t)Local::Cast(args[7])->Value()); + size_t * v8 = reinterpret_cast((uint64_t)Local::Cast(args[8])->Value()); + uint64_t v9 = Local::Cast(args[9])->Value(); + int32_t rc = phr_parse_request(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t parse_requestFast(void* p, void* p0, uint32_t p1, void* p2, void* p3, void* p4, void* p5, void* p6, void* p7, void* p8, uint64_t p9) { + const char* v0 = reinterpret_cast(p0); + uint32_t v1 = p1; + const char ** v2 = reinterpret_cast(p2); + size_t * v3 = reinterpret_cast(p3); + const char ** v4 = reinterpret_cast(p4); + size_t * v5 = reinterpret_cast(p5); + int* v6 = reinterpret_cast(p6); + struct phr_header * v7 = reinterpret_cast(p7); + size_t * v8 = reinterpret_cast(p8); + uint64_t v9 = p9; + return phr_parse_request(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9); +} +void parse_responseSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + const char* v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + uint32_t v1 = Local::Cast(args[1])->Value(); + int * v2 = reinterpret_cast((uint64_t)Local::Cast(args[2])->Value()); + int * v3 = reinterpret_cast((uint64_t)Local::Cast(args[3])->Value()); + const char ** v4 = reinterpret_cast((uint64_t)Local::Cast(args[4])->Value()); + size_t * v5 = reinterpret_cast((uint64_t)Local::Cast(args[5])->Value()); + struct phr_header * v6 = reinterpret_cast((uint64_t)Local::Cast(args[6])->Value()); + size_t * v7 = reinterpret_cast((uint64_t)Local::Cast(args[7])->Value()); + uint32_t v8 = Local::Cast(args[8])->Value(); + int32_t rc = phr_parse_response(v0, v1, v2, v3, v4, v5, v6, v7, v8); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t parse_responseFast(void* p, void* p0, uint32_t p1, void* p2, void* p3, void* p4, void* p5, void* p6, void* p7, uint32_t p8) { + const char* v0 = reinterpret_cast(p0); + uint32_t v1 = p1; + int * v2 = reinterpret_cast(p2); + int * v3 = reinterpret_cast(p3); + const char ** v4 = reinterpret_cast(p4); + size_t * v5 = reinterpret_cast(p5); + struct phr_header * v6 = reinterpret_cast(p6); + size_t * v7 = reinterpret_cast(p7); + uint32_t v8 = p8; + return phr_parse_response(v0, v1, v2, v3, v4, v5, v6, v7, v8); +} +void decode_chunkedSlow(const FunctionCallbackInfo &args) { + Isolate *isolate = args.GetIsolate(); + struct phr_chunked_decoder * v0 = reinterpret_cast((uint64_t)Local::Cast(args[0])->Value()); + char* v1 = reinterpret_cast((uint64_t)Local::Cast(args[1])->Value()); + size_t* v2 = reinterpret_cast((uint64_t)Local::Cast(args[2])->Value()); + int32_t rc = phr_decode_chunked(v0, v1, v2); + args.GetReturnValue().Set(Number::New(isolate, rc)); +} + +int32_t decode_chunkedFast(void* p, void* p0, void* p1, void* p2) { + struct phr_chunked_decoder * v0 = reinterpret_cast(p0); + char* v1 = reinterpret_cast(p1); + size_t* v2 = reinterpret_cast(p2); + return phr_decode_chunked(v0, v1, v2); +} void Init(Isolate* isolate, Local target) { Local module = ObjectTemplate::New(isolate); @@ -266,8 +383,12 @@ void Init(Isolate* isolate, Local target) { SET_FAST_METHOD(isolate, module, "parseRequest2", &pFparseRequest2, parseRequest2Slow); SET_FAST_METHOD(isolate, module, "parseResponse", &pFparseResponse, parseResponseSlow); SET_FAST_METHOD(isolate, module, "parseResponse2", &pFparseResponse2, parseResponse2Slow); + SET_FAST_METHOD(isolate, module, "parse_request", &pFparse_request, parse_requestSlow); + SET_FAST_METHOD(isolate, module, "parse_response", &pFparse_response, parse_responseSlow); + SET_FAST_METHOD(isolate, module, "decode_chunked", &pFdecode_chunked, decode_chunkedSlow); + SET_VALUE(isolate, module, "struct_phr_chunked_decoder_size", Integer::New(isolate, sizeof(phr_chunked_decoder))); SET_MODULE(isolate, target, "pico", module); } diff --git a/lib/tcc/api.js b/lib/tcc/api.js index ca76d6f..d0d6bde 100644 --- a/lib/tcc/api.js +++ b/lib/tcc/api.js @@ -70,36 +70,4 @@ const includes = ['libtcc.h'] const libs = ['tcc'] const obj = ['deps/libtcc/libtcc.a'] -import { fetch } from 'lib/curl.js' -import { inflate } from 'lib/inflate.js' -import { untar } from 'lib/untar.js' -import { isDir, isFile } from 'lib/fs.js' -import { exec_env, exec } from 'lib/proc.js' - -async function build (C = 'gcc', CC = 'g++') { - const { assert } = lo - const { chdir, mkdir, S_IRWXU, S_IRWXG, S_IROTH, S_IXOTH, readFile } = lo.core - if (!isDir('deps/libtcc')) { - mkdir('deps', S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) - fetch('https://github.com/TinyCC/tinycc/archive/refs/heads/mob.tar.gz', 'deps/mob.tar.gz') - assert(chdir('deps') === 0) - const bytes = readFile('mob.tar.gz') - const dir_name = untar(inflate(bytes)) - const cwd = lo.getcwd() - assert(lo.core.rename(`${cwd}/${dir_name}`, `${cwd}/libtcc`) === 0) - assert(chdir('../') === 0) - } - if (obj.some(o => !isFile(o))) { - assert(chdir('deps/libtcc') === 0) - const status = new Int32Array(2) - let EXTRA_FLAGS = '-fPIC' - if (lo.core.arch === 'x64') EXTRA_FLAGS += ' -mstackrealign' - exec('./configure', [`--extra-cflags=${EXTRA_FLAGS}`], status) - assert(status[0] === 0) - exec('make', [`CC=${C}`, 'clean', 'libtcc.a'], status) - assert(status[0] === 0) - assert(chdir('../../') === 0) - } -} - -export { api, includes, name, libs, obj, build } +export { api, includes, name, libs, obj } diff --git a/lib/tcc/build.js b/lib/tcc/build.js new file mode 100644 index 0000000..a067aa9 --- /dev/null +++ b/lib/tcc/build.js @@ -0,0 +1,34 @@ +import { fetch } from 'lib/curl.js' +import { inflate } from 'lib/inflate.js' +import { untar } from 'lib/untar.js' +import { isDir, isFile } from 'lib/fs.js' +import { exec_env, exec } from 'lib/proc.js' +import { obj } from 'lib/tcc/api.js' + +async function build (C = 'gcc', CC = 'g++') { + const { assert } = lo + const { chdir, mkdir, S_IRWXU, S_IRWXG, S_IROTH, S_IXOTH, readFile } = lo.core + if (!isDir('deps/libtcc')) { + mkdir('deps', S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) + fetch('https://github.com/TinyCC/tinycc/archive/refs/heads/mob.tar.gz', 'deps/mob.tar.gz') + assert(chdir('deps') === 0) + const bytes = readFile('mob.tar.gz') + const dir_name = untar(inflate(bytes)) + const cwd = lo.getcwd() + assert(lo.core.rename(`${cwd}/${dir_name}`, `${cwd}/libtcc`) === 0) + assert(chdir('../') === 0) + } + if (obj.some(o => !isFile(o))) { + assert(chdir('deps/libtcc') === 0) + const status = new Int32Array(2) + let EXTRA_FLAGS = '-fPIC' + if (lo.core.arch === 'x64') EXTRA_FLAGS += ' -mstackrealign' + exec('./configure', [`--extra-cflags=${EXTRA_FLAGS}`], status) + assert(status[0] === 0) + exec('make', [`CC=${C}`, 'clean', 'libtcc.a'], status) + assert(status[0] === 0) + assert(chdir('../../') === 0) + } +} + +export { build } diff --git a/lib/timer.js b/lib/timer.js new file mode 100644 index 0000000..b7c883d --- /dev/null +++ b/lib/timer.js @@ -0,0 +1,49 @@ +const { assert, core } = lo +const { read, close } = core +const { system } = lo.load('system') + +const CLOCK_MONOTONIC = 1 +const TFD_NONBLOCK = 2048 +const TFD_CLOEXEC = 524288 + +function timer (repeat, timeout = repeat) { + const itimerspec = new Uint8Array(32) + const u64 = new BigUint64Array(itimerspec.buffer) + u64[0] = BigInt(Math.floor(repeat / 1000)) + u64[1] = BigInt((repeat % 1000) * 1000000) + u64[2] = BigInt(Math.floor(timeout / 1000)) + u64[3] = BigInt((timeout % 1000) * 1000000) + const fd = system.timerfd_create(CLOCK_MONOTONIC, TFD_NONBLOCK | TFD_CLOEXEC) + if (fd < 0) return fd + const rc = system.timerfd_settime(fd, 0, itimerspec, 0); + if (rc < 0) return rc + return fd +} + +class Timer { + fd = 0 + loop = undefined + timeout = 1000 + repeat = 1000 + callback = undefined + + constructor (loop, timeout, callback, repeat = timeout) { + this.loop = loop + this.timeout = timeout + this.callback = callback + this.repeat = repeat + this.fd = timer(this.timeout, this.repeat) + assert(this.fd > 2) + const tb = new Uint8Array(8) + loop.add(this.fd, () => { + read(this.fd, tb, 8) + callback() + }) + } + + close () { + close(this.fd) + } +} + +export { Timer, timer } diff --git a/lib/wireguard/api.js b/lib/wireguard/api.js index 60660e5..3166038 100644 --- a/lib/wireguard/api.js +++ b/lib/wireguard/api.js @@ -77,30 +77,4 @@ const name = 'wireguard' const obj = ['wg.o'] const libs = [] -import { fetch } from 'lib/curl.js' -import { exec } from 'lib/proc.js' -import { inflate } from 'lib/inflate.js' -import { untar } from 'lib/untar.js' - -// todo: we should pass everything above in so it can be driven from non lo js runtimes -// or we could have a separate build.js script in the same directory as api.js? -async function build (C = 'gcc', CC = 'g++') { - const { assert } = lo - const { chdir, mkdir, S_IRWXU, S_IRWXG, S_IROTH, S_IXOTH, readFile, writeFile } = lo.core - mkdir('deps', S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) - fetch('https://codeload.github.com/WireGuard/wireguard-tools/tar.gz/master', 'deps/wireguard-tools.tar.gz') - chdir('deps') - const bytes = readFile('wireguard-tools.tar.gz') - untar(inflate(bytes)) - chdir('../') - const status = new Int32Array(2) - const CARGS = C.split(' ') - const ARCH_ARGS = ['-fPIC', '-O3'] - if (lo.core.arch === 'x64') ARCH_ARGS.push('-mstackrealign') - exec(CARGS[0], [...CARGS.slice(1), '-c', '-I.', ...ARCH_ARGS, '-Ideps/wireguard-tools-master/contrib/embeddable-wg-library', '-o', 'wg.o', 'deps/wireguard-tools-master/contrib/embeddable-wg-library/wireguard.c'], status) - assert(status[0] === 0) - const header = readFile('deps/wireguard-tools-master/contrib/embeddable-wg-library/wireguard.h') - writeFile('wireguard.h', header) -} - -export { api, includes, name, obj, libs, build } +export { api, includes, name, obj, libs } diff --git a/lib/wireguard/build.js b/lib/wireguard/build.js new file mode 100644 index 0000000..233eb8a --- /dev/null +++ b/lib/wireguard/build.js @@ -0,0 +1,27 @@ +import { fetch } from 'lib/curl.js' +import { exec } from 'lib/proc.js' +import { inflate } from 'lib/inflate.js' +import { untar } from 'lib/untar.js' + +// todo: we should pass everything above in so it can be driven from non lo js runtimes +// or we could have a separate build.js script in the same directory as api.js? +async function build (C = 'gcc', CC = 'g++') { + const { assert } = lo + const { chdir, mkdir, S_IRWXU, S_IRWXG, S_IROTH, S_IXOTH, readFile, writeFile } = lo.core + mkdir('deps', S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) + fetch('https://codeload.github.com/WireGuard/wireguard-tools/tar.gz/master', 'deps/wireguard-tools.tar.gz') + chdir('deps') + const bytes = readFile('wireguard-tools.tar.gz') + untar(inflate(bytes)) + chdir('../') + const status = new Int32Array(2) + const CARGS = C.split(' ') + const ARCH_ARGS = ['-fPIC', '-O3'] + if (lo.core.arch === 'x64') ARCH_ARGS.push('-mstackrealign') + exec(CARGS[0], [...CARGS.slice(1), '-c', '-I.', ...ARCH_ARGS, '-Ideps/wireguard-tools-master/contrib/embeddable-wg-library', '-o', 'wg.o', 'deps/wireguard-tools-master/contrib/embeddable-wg-library/wireguard.c'], status) + assert(status[0] === 0) + const header = readFile('deps/wireguard-tools-master/contrib/embeddable-wg-library/wireguard.h') + writeFile('wireguard.h', header) +} + +export { build } diff --git a/main.h b/main.h index 14b9182..fa30f26 100644 --- a/main.h +++ b/main.h @@ -19,10 +19,10 @@ extern char _binary_lib_proc_js_start[]; extern char _binary_lib_proc_js_end[]; extern char _binary_lib_path_js_start[]; extern char _binary_lib_path_js_end[]; -extern char _binary_lib_inflate_js_start[]; -extern char _binary_lib_inflate_js_end[]; extern char _binary_lib_curl_js_start[]; extern char _binary_lib_curl_js_end[]; +extern char _binary_lib_inflate_js_start[]; +extern char _binary_lib_inflate_js_end[]; extern char _binary_lib_build_js_start[]; extern char _binary_lib_build_js_end[]; extern char _binary_lib_asm_js_start[]; @@ -53,10 +53,6 @@ extern char _binary_lib_libssl_api_js_start[]; extern char _binary_lib_libssl_api_js_end[]; extern char _binary_lib_lz4_api_js_start[]; extern char _binary_lib_lz4_api_js_end[]; -extern char _binary_lib_inflate_em_inflate_c_start[]; -extern char _binary_lib_inflate_em_inflate_c_end[]; -extern char _binary_lib_inflate_em_inflate_h_start[]; -extern char _binary_lib_inflate_em_inflate_h_end[]; extern char _binary_lib_mbedtls_api_js_start[]; extern char _binary_lib_mbedtls_api_js_end[]; extern char _binary_lib_net_api_js_start[]; @@ -94,8 +90,8 @@ void register_builtins() { lo::builtins_add("lib/untar.js", _binary_lib_untar_js_start, _binary_lib_untar_js_end - _binary_lib_untar_js_start); lo::builtins_add("lib/proc.js", _binary_lib_proc_js_start, _binary_lib_proc_js_end - _binary_lib_proc_js_start); lo::builtins_add("lib/path.js", _binary_lib_path_js_start, _binary_lib_path_js_end - _binary_lib_path_js_start); - lo::builtins_add("lib/inflate.js", _binary_lib_inflate_js_start, _binary_lib_inflate_js_end - _binary_lib_inflate_js_start); lo::builtins_add("lib/curl.js", _binary_lib_curl_js_start, _binary_lib_curl_js_end - _binary_lib_curl_js_start); + lo::builtins_add("lib/inflate.js", _binary_lib_inflate_js_start, _binary_lib_inflate_js_end - _binary_lib_inflate_js_start); lo::builtins_add("lib/build.js", _binary_lib_build_js_start, _binary_lib_build_js_end - _binary_lib_build_js_start); lo::builtins_add("lib/asm.js", _binary_lib_asm_js_start, _binary_lib_asm_js_end - _binary_lib_asm_js_start); lo::builtins_add("lib/ffi.js", _binary_lib_ffi_js_start, _binary_lib_ffi_js_end - _binary_lib_ffi_js_start); @@ -111,8 +107,6 @@ void register_builtins() { lo::builtins_add("lib/libffi/api.js", _binary_lib_libffi_api_js_start, _binary_lib_libffi_api_js_end - _binary_lib_libffi_api_js_start); lo::builtins_add("lib/libssl/api.js", _binary_lib_libssl_api_js_start, _binary_lib_libssl_api_js_end - _binary_lib_libssl_api_js_start); lo::builtins_add("lib/lz4/api.js", _binary_lib_lz4_api_js_start, _binary_lib_lz4_api_js_end - _binary_lib_lz4_api_js_start); - lo::builtins_add("lib/inflate/em_inflate.c", _binary_lib_inflate_em_inflate_c_start, _binary_lib_inflate_em_inflate_c_end - _binary_lib_inflate_em_inflate_c_start); - lo::builtins_add("lib/inflate/em_inflate.h", _binary_lib_inflate_em_inflate_h_start, _binary_lib_inflate_em_inflate_h_end - _binary_lib_inflate_em_inflate_h_start); lo::builtins_add("lib/mbedtls/api.js", _binary_lib_mbedtls_api_js_start, _binary_lib_mbedtls_api_js_end - _binary_lib_mbedtls_api_js_start); lo::builtins_add("lib/net/api.js", _binary_lib_net_api_js_start, _binary_lib_net_api_js_end - _binary_lib_net_api_js_start); lo::builtins_add("lib/pico/api.js", _binary_lib_pico_api_js_start, _binary_lib_pico_api_js_end - _binary_lib_pico_api_js_start); diff --git a/main.js b/main.js index e2c1d54..92f0b61 100644 --- a/main.js +++ b/main.js @@ -69,6 +69,18 @@ function addr (u32) { return u32[0] + ((2 ** 32) * u32[1]) } +function check_mode (val, mode) { + return (val & S_IFMT) === mode +} + +function is_file (path) { + const fd = open(path, O_RDONLY) + if (fd <= 2) return false + if (fstat(fd, stat) !== 0) return false + close(fd) + return check_mode(stat32[MODE_WORD], S_IFREG) +} + function read_file (path, flags = O_RDONLY, size = 0) { const fd = open(path, flags) assert(fd > 0, `failed to open ${path} with flags ${flags}`) @@ -129,6 +141,7 @@ function load (name) { const sym = core.dlsym(handle, `_register_${name}`) if (!sym) return lib = library(sym) + lib.handle = handle if (!lib) return lib.fileName = `lib/${name}/${name}.so` libCache.set(name, lib) @@ -284,12 +297,13 @@ const { const { core } = library('core') const { O_WRONLY, O_CREAT, O_TRUNC, O_RDONLY, S_IWUSR, S_IRUSR, S_IRGRP, S_IROTH, - STDIN, STDOUT, STDERR + S_IFREG, STDOUT, STDERR, S_IFMT } = core const { write_string, open, fstat, read, write, close } = core const noop = () => {} +const MODE_WORD = core.arch === 'arm64' ? 4 : 6 const AD = '\u001b[0m' // ANSI Default const A0 = '\u001b[30m' // ANSI Black const AR = '\u001b[31m' // ANSI Red @@ -305,6 +319,7 @@ const encoder = new TextEncoder() const decoder = new TextDecoder() const handle = new Uint32Array(2) const stat = new Uint8Array(160) +const stat32 = new Uint32Array(stat.buffer) const st = new BigUint64Array(stat.buffer) const moduleCache = new Map() const requireCache = new Map() @@ -343,14 +358,36 @@ const LO_CACHE = parseInt(lo.getenv('LO_CACHE') || '0', 10) core.dlopen = wrap(handle, core.dlopen, 2) core.dlsym = wrap(handle, core.dlsym, 2) core.mmap = wrap(handle, core.mmap, 6) +core.isFile = is_file core.readFile = read_file core.writeFile = write_file // todo: optimize this - return numbers and make a single call to get both core.os = lo.os() core.arch = lo.arch() -core.loader = core.sync_loader = noop +//core.loader = core.sync_loader = noop lo.setModuleCallbacks(on_module_load, on_module_instantiate) +// todo: fix this and write up/decide exactly what module resolution does +// currently we check/open each file twice +core.loader = specifier => { + if (is_file(specifier)) return + const home_path = `${LO_HOME}/${specifier}` + if (is_file(home_path)) return decoder.decode(read_file(home_path)) +} + +core.binding_loader = name => { + const handle = core.dlopen(`${LO_HOME}/lib/${name}/${name}.so`, 1) + if (!handle) return + const sym = core.dlsym(handle, `_register_${name}`) + if (!sym) return + const lib = library(sym) + if (!lib) return + lib.fileName = `lib/${name}/${name}.so` + lib.handle = handle + libCache.set(name, lib) + return lib +} + async function global_main () { // todo: upgrade, install etc. maybe install these as command scripts, but that would not be very secure const command = args[1] diff --git a/main_win.h b/main_win.h index 51d28a2..0d33ebc 100644 --- a/main_win.h +++ b/main_win.h @@ -21,8 +21,8 @@ void register_builtins() { lo::builtins_add("lib/untar.js", _binary_lib_untar_js_start, _binary_lib_untar_js_len); lo::builtins_add("lib/proc.js", _binary_lib_proc_js_start, _binary_lib_proc_js_len); lo::builtins_add("lib/path.js", _binary_lib_path_js_start, _binary_lib_path_js_len); - lo::builtins_add("lib/inflate.js", _binary_lib_inflate_js_start, _binary_lib_inflate_js_len); lo::builtins_add("lib/curl.js", _binary_lib_curl_js_start, _binary_lib_curl_js_len); + lo::builtins_add("lib/inflate.js", _binary_lib_inflate_js_start, _binary_lib_inflate_js_len); lo::builtins_add("lib/build.js", _binary_lib_build_js_start, _binary_lib_build_js_len); lo::builtins_add("lib/asm.js", _binary_lib_asm_js_start, _binary_lib_asm_js_len); lo::builtins_add("lib/ffi.js", _binary_lib_ffi_js_start, _binary_lib_ffi_js_len); @@ -38,8 +38,6 @@ void register_builtins() { lo::builtins_add("lib/libffi/api.js", _binary_lib_libffi_api_js_start, _binary_lib_libffi_api_js_len); lo::builtins_add("lib/libssl/api.js", _binary_lib_libssl_api_js_start, _binary_lib_libssl_api_js_len); lo::builtins_add("lib/lz4/api.js", _binary_lib_lz4_api_js_start, _binary_lib_lz4_api_js_len); - lo::builtins_add("lib/inflate/em_inflate.c", _binary_lib_inflate_em_inflate_c_start, _binary_lib_inflate_em_inflate_c_len); - lo::builtins_add("lib/inflate/em_inflate.h", _binary_lib_inflate_em_inflate_h_start, _binary_lib_inflate_em_inflate_h_len); lo::builtins_add("lib/mbedtls/api.js", _binary_lib_mbedtls_api_js_start, _binary_lib_mbedtls_api_js_len); lo::builtins_add("lib/net/api.js", _binary_lib_net_api_js_start, _binary_lib_net_api_js_len); lo::builtins_add("lib/pico/api.js", _binary_lib_pico_api_js_start, _binary_lib_pico_api_js_len);