aboutsummaryrefslogtreecommitdiff
path: root/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2018-08-23 17:08:59 +0200
committerTrygve Laugstøl <trygvis@inamo.no>2018-08-23 17:12:21 +0200
commit3061ecca3d0fdfb87dabbf5f63c9e06c2a30f53a (patch)
treeab49cc16ed0b853452c5c2ed2d3042416d628986 /thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs
downloadiot-sensors-master.tar.gz
iot-sensors-master.tar.bz2
iot-sensors-master.tar.xz
iot-sensors-master.zip
o Initial import.HEADmaster
Diffstat (limited to 'thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs')
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/CMakeLists.txt8
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/Makefile288
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/CMakeLists.txt9
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/aescrypt2.c452
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/crypt_and_hash.c551
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/CMakeLists.txt9
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/generic_sum.c232
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/hello.c68
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/CMakeLists.txt63
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_client.c304
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_genprime.c197
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_prime.txt2
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_server.c308
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/ecdh_curve25519.c237
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/ecdsa.c231
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/gen_key.c425
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/key_app.c281
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/key_app_writer.c406
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/mpi_demo.c109
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_decrypt.c168
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_encrypt.c168
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_sign.c175
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_verify.c149
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_decrypt.c196
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_encrypt.c186
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_genkey.c172
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_priv.txt8
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_pub.txt2
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_sign.c170
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_sign_pss.c178
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_verify.c163
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_verify_pss.c155
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/CMakeLists.txt12
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_entropy.c96
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_random_ctr_drbg.c130
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_random_havege.c101
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/CMakeLists.txt62
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/dtls_client.c350
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/dtls_server.c425
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/mini_client.c302
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_client1.c313
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_client2.c1673
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_fork_server.c416
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_mail_client.c842
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_pthread_server.c529
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_server.c401
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_server2.c2361
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/CMakeLists.txt13
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/pem2der.c286
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/strerror.c92
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/wince_main.c45
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/CMakeLists.txt30
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_app.c495
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_req.c345
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_write.c668
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/crl_app.c145
-rw-r--r--thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/req_app.c145
57 files changed, 16347 insertions, 0 deletions
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/CMakeLists.txt b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/CMakeLists.txt
new file mode 100644
index 0000000..4cdae78
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/CMakeLists.txt
@@ -0,0 +1,8 @@
+add_subdirectory(aes)
+add_subdirectory(hash)
+add_subdirectory(pkey)
+add_subdirectory(random)
+add_subdirectory(ssl)
+add_subdirectory(test)
+add_subdirectory(x509)
+add_subdirectory(util)
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/Makefile b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/Makefile
new file mode 100644
index 0000000..443689b
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/Makefile
@@ -0,0 +1,288 @@
+
+# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
+# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
+
+CFLAGS ?= -O2
+WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
+LDFLAGS ?=
+
+LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
+LOCAL_LDFLAGS = -L../library \
+ -lmbedtls$(SHARED_SUFFIX) \
+ -lmbedx509$(SHARED_SUFFIX) \
+ -lmbedcrypto$(SHARED_SUFFIX)
+
+ifndef SHARED
+DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
+else
+DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
+endif
+
+ifdef DEBUG
+LOCAL_CFLAGS += -g3
+endif
+
+# if we're running on Windows, build for Windows
+ifdef WINDOWS
+WINDOWS_BUILD=1
+endif
+
+ifdef WINDOWS_BUILD
+DLEXT=dll
+EXEXT=.exe
+LOCAL_LDFLAGS += -lws2_32
+ifdef SHARED
+SHARED_SUFFIX=.$(DLEXT)
+endif
+else
+DLEXT=so
+EXEXT=
+SHARED_SUFFIX=
+endif
+
+# Zlib shared library extensions:
+ifdef ZLIB
+LOCAL_LDFLAGS += -lz
+endif
+
+APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \
+ hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \
+ pkey/dh_client$(EXEXT) \
+ pkey/dh_genprime$(EXEXT) pkey/dh_server$(EXEXT) \
+ pkey/ecdh_curve25519$(EXEXT) \
+ pkey/ecdsa$(EXEXT) pkey/gen_key$(EXEXT) \
+ pkey/key_app$(EXEXT) pkey/key_app_writer$(EXEXT) \
+ pkey/mpi_demo$(EXEXT) pkey/pk_decrypt$(EXEXT) \
+ pkey/pk_encrypt$(EXEXT) pkey/pk_sign$(EXEXT) \
+ pkey/pk_verify$(EXEXT) pkey/rsa_genkey$(EXEXT) \
+ pkey/rsa_decrypt$(EXEXT) pkey/rsa_encrypt$(EXEXT) \
+ pkey/rsa_sign$(EXEXT) pkey/rsa_verify$(EXEXT) \
+ pkey/rsa_sign_pss$(EXEXT) pkey/rsa_verify_pss$(EXEXT) \
+ ssl/dtls_client$(EXEXT) ssl/dtls_server$(EXEXT) \
+ ssl/ssl_client1$(EXEXT) ssl/ssl_client2$(EXEXT) \
+ ssl/ssl_server$(EXEXT) ssl/ssl_server2$(EXEXT) \
+ ssl/ssl_fork_server$(EXEXT) ssl/mini_client$(EXEXT) \
+ ssl/ssl_mail_client$(EXEXT) random/gen_entropy$(EXEXT) \
+ random/gen_random_havege$(EXEXT) \
+ random/gen_random_ctr_drbg$(EXEXT) \
+ test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \
+ test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \
+ util/pem2der$(EXEXT) util/strerror$(EXEXT) \
+ x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \
+ x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \
+ x509/req_app$(EXEXT)
+
+ifdef PTHREAD
+APPS += ssl/ssl_pthread_server$(EXEXT)
+endif
+
+.SILENT:
+
+.PHONY: all clean list
+
+all: $(APPS)
+
+$(DEP):
+ $(MAKE) -C ../library
+
+aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP)
+ echo " CC aes/aescrypt2.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP)
+ echo " CC aes/crypt_and_hash.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+hash/hello$(EXEXT): hash/hello.c $(DEP)
+ echo " CC hash/hello.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/hello.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+hash/generic_sum$(EXEXT): hash/generic_sum.c $(DEP)
+ echo " CC hash/generic_sum.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/dh_client$(EXEXT): pkey/dh_client.c $(DEP)
+ echo " CC pkey/dh_client.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP)
+ echo " CC pkey/dh_genprime.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/dh_server$(EXEXT): pkey/dh_server.c $(DEP)
+ echo " CC pkey/dh_server.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP)
+ echo " CC pkey/ecdh_curve25519.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/ecdsa$(EXEXT): pkey/ecdsa.c $(DEP)
+ echo " CC pkey/ecdsa.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdsa.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP)
+ echo " CC pkey/gen_key.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/key_app$(EXEXT): pkey/key_app.c $(DEP)
+ echo " CC pkey/key_app.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/key_app_writer$(EXEXT): pkey/key_app_writer.c $(DEP)
+ echo " CC pkey/key_app_writer.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app_writer.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/mpi_demo$(EXEXT): pkey/mpi_demo.c $(DEP)
+ echo " CC pkey/mpi_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/mpi_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/pk_decrypt$(EXEXT): pkey/pk_decrypt.c $(DEP)
+ echo " CC pkey/pk_decrypt.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/pk_encrypt$(EXEXT): pkey/pk_encrypt.c $(DEP)
+ echo " CC pkey/pk_encrypt.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP)
+ echo " CC pkey/pk_sign.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP)
+ echo " CC pkey/pk_verify.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_genkey$(EXEXT): pkey/rsa_genkey.c $(DEP)
+ echo " CC pkey/rsa_genkey.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_genkey.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_sign$(EXEXT): pkey/rsa_sign.c $(DEP)
+ echo " CC pkey/rsa_sign.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_verify$(EXEXT): pkey/rsa_verify.c $(DEP)
+ echo " CC pkey/rsa_verify.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP)
+ echo " CC pkey/rsa_sign_pss.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP)
+ echo " CC pkey/rsa_verify_pss.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_decrypt$(EXEXT): pkey/rsa_decrypt.c $(DEP)
+ echo " CC pkey/rsa_decrypt.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP)
+ echo " CC pkey/rsa_encrypt.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP)
+ echo " CC random/gen_entropy.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+random/gen_random_havege$(EXEXT): random/gen_random_havege.c $(DEP)
+ echo " CC random/gen_random_havege.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_havege.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+random/gen_random_ctr_drbg$(EXEXT): random/gen_random_ctr_drbg.c $(DEP)
+ echo " CC random/gen_random_ctr_drbg.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_ctr_drbg.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP)
+ echo " CC ssl/dtls_client.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/dtls_server$(EXEXT): ssl/dtls_server.c $(DEP)
+ echo " CC ssl/dtls_server.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_client1$(EXEXT): ssl/ssl_client1.c $(DEP)
+ echo " CC ssl/ssl_client1.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client1.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c $(DEP)
+ echo " CC ssl/ssl_client2.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_server$(EXEXT): ssl/ssl_server.c $(DEP)
+ echo " CC ssl/ssl_server.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c $(DEP)
+ echo " CC ssl/ssl_server2.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP)
+ echo " CC ssl/ssl_fork_server.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_fork_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_pthread_server$(EXEXT): ssl/ssl_pthread_server.c $(DEP)
+ echo " CC ssl/ssl_pthread_server.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_pthread_server.c $(LOCAL_LDFLAGS) -lpthread $(LDFLAGS) -o $@
+
+ssl/ssl_mail_client$(EXEXT): ssl/ssl_mail_client.c $(DEP)
+ echo " CC ssl/ssl_mail_client.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_mail_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/mini_client$(EXEXT): ssl/mini_client.c $(DEP)
+ echo " CC ssl/mini_client.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/ssl_cert_test$(EXEXT): test/ssl_cert_test.c $(DEP)
+ echo " CC test/ssl_cert_test.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/ssl_cert_test.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/benchmark$(EXEXT): test/benchmark.c $(DEP)
+ echo " CC test/benchmark.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/selftest$(EXEXT): test/selftest.c $(DEP)
+ echo " CC test/selftest.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/selftest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP)
+ echo " CC test/udp_proxy.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+util/pem2der$(EXEXT): util/pem2der.c $(DEP)
+ echo " CC util/pem2der.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+util/strerror$(EXEXT): util/strerror.c $(DEP)
+ echo " CC util/strerror.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/strerror.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+x509/cert_app$(EXEXT): x509/cert_app.c $(DEP)
+ echo " CC x509/cert_app.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+x509/cert_write$(EXEXT): x509/cert_write.c $(DEP)
+ echo " CC x509/cert_write.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_write.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+x509/crl_app$(EXEXT): x509/crl_app.c $(DEP)
+ echo " CC x509/crl_app.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/crl_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+x509/cert_req$(EXEXT): x509/cert_req.c $(DEP)
+ echo " CC x509/cert_req.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_req.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+x509/req_app$(EXEXT): x509/req_app.c $(DEP)
+ echo " CC x509/req_app.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/req_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+clean:
+ifndef WINDOWS
+ rm -f $(APPS)
+else
+ del /S /Q /F *.o *.exe
+endif
+
+list:
+ echo $(APPS)
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/CMakeLists.txt b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/CMakeLists.txt
new file mode 100644
index 0000000..f5a0caa
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/CMakeLists.txt
@@ -0,0 +1,9 @@
+add_executable(aescrypt2 aescrypt2.c)
+target_link_libraries(aescrypt2 mbedtls)
+
+add_executable(crypt_and_hash crypt_and_hash.c)
+target_link_libraries(crypt_and_hash mbedtls)
+
+install(TARGETS aescrypt2 crypt_and_hash
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/aescrypt2.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/aescrypt2.c
new file mode 100644
index 0000000..c77d77f
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/aescrypt2.c
@@ -0,0 +1,452 @@
+/*
+ * AES-256 file encryption program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#include "mbedtls/aes.h"
+#include "mbedtls/md.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_WIN32)
+#include <windows.h>
+#if !defined(_WIN32_WCE)
+#include <io.h>
+#endif
+#else
+#include <sys/types.h>
+#include <unistd.h>
+#endif
+
+#define MODE_ENCRYPT 0
+#define MODE_DECRYPT 1
+
+#define USAGE \
+ "\n aescrypt2 <mode> <input filename> <output filename> <key>\n" \
+ "\n <mode>: 0 = encrypt, 1 = decrypt\n" \
+ "\n example: aescrypt2 0 file file.aes hex:E76B2413958B00E193\n" \
+ "\n"
+
+#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_MD_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C "
+ "and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C "
+ "not defined.\n");
+ return( 0 );
+}
+#else
+int main( int argc, char *argv[] )
+{
+ int ret = 1;
+
+ unsigned int i, n;
+ int mode, lastn;
+ size_t keylen;
+ FILE *fkey, *fin = NULL, *fout = NULL;
+
+ char *p;
+ unsigned char IV[16];
+ unsigned char key[512];
+ unsigned char digest[32];
+ unsigned char buffer[1024];
+ unsigned char diff;
+
+ mbedtls_aes_context aes_ctx;
+ mbedtls_md_context_t sha_ctx;
+
+#if defined(_WIN32_WCE)
+ long filesize, offset;
+#elif defined(_WIN32)
+ LARGE_INTEGER li_size;
+ __int64 filesize, offset;
+#else
+ off_t filesize, offset;
+#endif
+
+ mbedtls_aes_init( &aes_ctx );
+ mbedtls_md_init( &sha_ctx );
+
+ ret = mbedtls_md_setup( &sha_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 1 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " ! mbedtls_md_setup() returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ /*
+ * Parse the command-line arguments.
+ */
+ if( argc != 5 )
+ {
+ mbedtls_printf( USAGE );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ goto exit;
+ }
+
+ mode = atoi( argv[1] );
+ memset(IV, 0, sizeof(IV));
+ memset(key, 0, sizeof(key));
+ memset(digest, 0, sizeof(digest));
+ memset(buffer, 0, sizeof(buffer));
+
+ if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
+ {
+ mbedtls_fprintf( stderr, "invalide operation mode\n" );
+ goto exit;
+ }
+
+ if( strcmp( argv[2], argv[3] ) == 0 )
+ {
+ mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
+ goto exit;
+ }
+
+ if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
+ {
+ mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
+ goto exit;
+ }
+
+ if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
+ {
+ mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
+ goto exit;
+ }
+
+ /*
+ * Read the secret key and clean the command line.
+ */
+ if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
+ {
+ keylen = fread( key, 1, sizeof( key ), fkey );
+ fclose( fkey );
+ }
+ else
+ {
+ if( memcmp( argv[4], "hex:", 4 ) == 0 )
+ {
+ p = &argv[4][4];
+ keylen = 0;
+
+ while( sscanf( p, "%02X", &n ) > 0 &&
+ keylen < (int) sizeof( key ) )
+ {
+ key[keylen++] = (unsigned char) n;
+ p += 2;
+ }
+ }
+ else
+ {
+ keylen = strlen( argv[4] );
+
+ if( keylen > (int) sizeof( key ) )
+ keylen = (int) sizeof( key );
+
+ memcpy( key, argv[4], keylen );
+ }
+ }
+
+ memset( argv[4], 0, strlen( argv[4] ) );
+
+#if defined(_WIN32_WCE)
+ filesize = fseek( fin, 0L, SEEK_END );
+#else
+#if defined(_WIN32)
+ /*
+ * Support large files (> 2Gb) on Win32
+ */
+ li_size.QuadPart = 0;
+ li_size.LowPart =
+ SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
+ li_size.LowPart, &li_size.HighPart, FILE_END );
+
+ if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
+ {
+ mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
+ goto exit;
+ }
+
+ filesize = li_size.QuadPart;
+#else
+ if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
+ {
+ perror( "lseek" );
+ goto exit;
+ }
+#endif
+#endif
+
+ if( fseek( fin, 0, SEEK_SET ) < 0 )
+ {
+ mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
+ goto exit;
+ }
+
+ if( mode == MODE_ENCRYPT )
+ {
+ /*
+ * Generate the initialization vector as:
+ * IV = SHA-256( filesize || filename )[0..15]
+ */
+ for( i = 0; i < 8; i++ )
+ buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
+
+ p = argv[2];
+
+ mbedtls_md_starts( &sha_ctx );
+ mbedtls_md_update( &sha_ctx, buffer, 8 );
+ mbedtls_md_update( &sha_ctx, (unsigned char *) p, strlen( p ) );
+ mbedtls_md_finish( &sha_ctx, digest );
+
+ memcpy( IV, digest, 16 );
+
+ /*
+ * The last four bits in the IV are actually used
+ * to store the file size modulo the AES block size.
+ */
+ lastn = (int)( filesize & 0x0F );
+
+ IV[15] = (unsigned char)
+ ( ( IV[15] & 0xF0 ) | lastn );
+
+ /*
+ * Append the IV at the beginning of the output.
+ */
+ if( fwrite( IV, 1, 16, fout ) != 16 )
+ {
+ mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+ goto exit;
+ }
+
+ /*
+ * Hash the IV and the secret key together 8192 times
+ * using the result to setup the AES context and HMAC.
+ */
+ memset( digest, 0, 32 );
+ memcpy( digest, IV, 16 );
+
+ for( i = 0; i < 8192; i++ )
+ {
+ mbedtls_md_starts( &sha_ctx );
+ mbedtls_md_update( &sha_ctx, digest, 32 );
+ mbedtls_md_update( &sha_ctx, key, keylen );
+ mbedtls_md_finish( &sha_ctx, digest );
+ }
+
+ memset( key, 0, sizeof( key ) );
+ mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 );
+ mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
+
+ /*
+ * Encrypt and write the ciphertext.
+ */
+ for( offset = 0; offset < filesize; offset += 16 )
+ {
+ n = ( filesize - offset > 16 ) ? 16 : (int)
+ ( filesize - offset );
+
+ if( fread( buffer, 1, n, fin ) != (size_t) n )
+ {
+ mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", n );
+ goto exit;
+ }
+
+ for( i = 0; i < 16; i++ )
+ buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
+
+ mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, buffer, buffer );
+ mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
+
+ if( fwrite( buffer, 1, 16, fout ) != 16 )
+ {
+ mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+ goto exit;
+ }
+
+ memcpy( IV, buffer, 16 );
+ }
+
+ /*
+ * Finally write the HMAC.
+ */
+ mbedtls_md_hmac_finish( &sha_ctx, digest );
+
+ if( fwrite( digest, 1, 32, fout ) != 32 )
+ {
+ mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+ goto exit;
+ }
+ }
+
+ if( mode == MODE_DECRYPT )
+ {
+ unsigned char tmp[16];
+
+ /*
+ * The encrypted file must be structured as follows:
+ *
+ * 00 .. 15 Initialization Vector
+ * 16 .. 31 AES Encrypted Block #1
+ * ..
+ * N*16 .. (N+1)*16 - 1 AES Encrypted Block #N
+ * (N+1)*16 .. (N+1)*16 + 32 HMAC-SHA-256(ciphertext)
+ */
+ if( filesize < 48 )
+ {
+ mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
+ goto exit;
+ }
+
+ if( ( filesize & 0x0F ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "File size not a multiple of 16.\n" );
+ goto exit;
+ }
+
+ /*
+ * Subtract the IV + HMAC length.
+ */
+ filesize -= ( 16 + 32 );
+
+ /*
+ * Read the IV and original filesize modulo 16.
+ */
+ if( fread( buffer, 1, 16, fin ) != 16 )
+ {
+ mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
+ goto exit;
+ }
+
+ memcpy( IV, buffer, 16 );
+ lastn = IV[15] & 0x0F;
+
+ /*
+ * Hash the IV and the secret key together 8192 times
+ * using the result to setup the AES context and HMAC.
+ */
+ memset( digest, 0, 32 );
+ memcpy( digest, IV, 16 );
+
+ for( i = 0; i < 8192; i++ )
+ {
+ mbedtls_md_starts( &sha_ctx );
+ mbedtls_md_update( &sha_ctx, digest, 32 );
+ mbedtls_md_update( &sha_ctx, key, keylen );
+ mbedtls_md_finish( &sha_ctx, digest );
+ }
+
+ memset( key, 0, sizeof( key ) );
+ mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 );
+ mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
+
+ /*
+ * Decrypt and write the plaintext.
+ */
+ for( offset = 0; offset < filesize; offset += 16 )
+ {
+ if( fread( buffer, 1, 16, fin ) != 16 )
+ {
+ mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
+ goto exit;
+ }
+
+ memcpy( tmp, buffer, 16 );
+
+ mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
+ mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_DECRYPT, buffer, buffer );
+
+ for( i = 0; i < 16; i++ )
+ buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
+
+ memcpy( IV, tmp, 16 );
+
+ n = ( lastn > 0 && offset == filesize - 16 )
+ ? lastn : 16;
+
+ if( fwrite( buffer, 1, n, fout ) != (size_t) n )
+ {
+ mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", n );
+ goto exit;
+ }
+ }
+
+ /*
+ * Verify the message authentication code.
+ */
+ mbedtls_md_hmac_finish( &sha_ctx, digest );
+
+ if( fread( buffer, 1, 32, fin ) != 32 )
+ {
+ mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 32 );
+ goto exit;
+ }
+
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 32; i++ )
+ diff |= digest[i] ^ buffer[i];
+
+ if( diff != 0 )
+ {
+ mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
+ "or file corrupted.\n" );
+ goto exit;
+ }
+ }
+
+ ret = 0;
+
+exit:
+ if( fin )
+ fclose( fin );
+ if( fout )
+ fclose( fout );
+
+ memset( buffer, 0, sizeof( buffer ) );
+ memset( digest, 0, sizeof( digest ) );
+
+ mbedtls_aes_free( &aes_ctx );
+ mbedtls_md_free( &sha_ctx );
+
+ return( ret );
+}
+#endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/crypt_and_hash.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/crypt_and_hash.c
new file mode 100644
index 0000000..adb95e0
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/aes/crypt_and_hash.c
@@ -0,0 +1,551 @@
+/*
+ * \brief Generic file encryption program using generic wrappers for configured
+ * security.
+ *
+ * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \
+ defined(MBEDTLS_FS_IO)
+#include "mbedtls/cipher.h"
+#include "mbedtls/md.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
+#if defined(_WIN32)
+#include <windows.h>
+#if !defined(_WIN32_WCE)
+#include <io.h>
+#endif
+#else
+#include <sys/types.h>
+#include <unistd.h>
+#endif
+
+#define MODE_ENCRYPT 0
+#define MODE_DECRYPT 1
+
+#define USAGE \
+ "\n crypt_and_hash <mode> <input filename> <output filename> <cipher> <mbedtls_md> <key>\n" \
+ "\n <mode>: 0 = encrypt, 1 = decrypt\n" \
+ "\n example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \
+ "\n"
+
+#if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+int main( int argc, char *argv[] )
+{
+ int ret = 1, i, n;
+ int mode;
+ size_t keylen, ilen, olen;
+ FILE *fkey, *fin = NULL, *fout = NULL;
+
+ char *p;
+ unsigned char IV[16];
+ unsigned char key[512];
+ unsigned char digest[MBEDTLS_MD_MAX_SIZE];
+ unsigned char buffer[1024];
+ unsigned char output[1024];
+ unsigned char diff;
+
+ const mbedtls_cipher_info_t *cipher_info;
+ const mbedtls_md_info_t *md_info;
+ mbedtls_cipher_context_t cipher_ctx;
+ mbedtls_md_context_t md_ctx;
+#if defined(_WIN32_WCE)
+ long filesize, offset;
+#elif defined(_WIN32)
+ LARGE_INTEGER li_size;
+ __int64 filesize, offset;
+#else
+ off_t filesize, offset;
+#endif
+
+ mbedtls_cipher_init( &cipher_ctx );
+ mbedtls_md_init( &md_ctx );
+
+ /*
+ * Parse the command-line arguments.
+ */
+ if( argc != 7 )
+ {
+ const int *list;
+
+ mbedtls_printf( USAGE );
+
+ mbedtls_printf( "Available ciphers:\n" );
+ list = mbedtls_cipher_list();
+ while( *list )
+ {
+ cipher_info = mbedtls_cipher_info_from_type( *list );
+ mbedtls_printf( " %s\n", cipher_info->name );
+ list++;
+ }
+
+ mbedtls_printf( "\nAvailable message digests:\n" );
+ list = mbedtls_md_list();
+ while( *list )
+ {
+ md_info = mbedtls_md_info_from_type( *list );
+ mbedtls_printf( " %s\n", mbedtls_md_get_name( md_info ) );
+ list++;
+ }
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ goto exit;
+ }
+
+ mode = atoi( argv[1] );
+
+ if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
+ {
+ mbedtls_fprintf( stderr, "invalid operation mode\n" );
+ goto exit;
+ }
+
+ if( strcmp( argv[2], argv[3] ) == 0 )
+ {
+ mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
+ goto exit;
+ }
+
+ if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
+ {
+ mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
+ goto exit;
+ }
+
+ if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
+ {
+ mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
+ goto exit;
+ }
+
+ /*
+ * Read the Cipher and MD from the command line
+ */
+ cipher_info = mbedtls_cipher_info_from_string( argv[4] );
+ if( cipher_info == NULL )
+ {
+ mbedtls_fprintf( stderr, "Cipher '%s' not found\n", argv[4] );
+ goto exit;
+ }
+ if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info) ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_cipher_setup failed\n" );
+ goto exit;
+ }
+
+ md_info = mbedtls_md_info_from_string( argv[5] );
+ if( md_info == NULL )
+ {
+ mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
+ goto exit;
+ }
+
+ if( mbedtls_md_setup( &md_ctx, md_info, 1 ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_md_setup failed\n" );
+ goto exit;
+ }
+
+ /*
+ * Read the secret key and clean the command line.
+ */
+ if( ( fkey = fopen( argv[6], "rb" ) ) != NULL )
+ {
+ keylen = fread( key, 1, sizeof( key ), fkey );
+ fclose( fkey );
+ }
+ else
+ {
+ if( memcmp( argv[6], "hex:", 4 ) == 0 )
+ {
+ p = &argv[6][4];
+ keylen = 0;
+
+ while( sscanf( p, "%02X", &n ) > 0 &&
+ keylen < (int) sizeof( key ) )
+ {
+ key[keylen++] = (unsigned char) n;
+ p += 2;
+ }
+ }
+ else
+ {
+ keylen = strlen( argv[6] );
+
+ if( keylen > (int) sizeof( key ) )
+ keylen = (int) sizeof( key );
+
+ memcpy( key, argv[6], keylen );
+ }
+ }
+
+ memset( argv[6], 0, strlen( argv[6] ) );
+
+#if defined(_WIN32_WCE)
+ filesize = fseek( fin, 0L, SEEK_END );
+#else
+#if defined(_WIN32)
+ /*
+ * Support large files (> 2Gb) on Win32
+ */
+ li_size.QuadPart = 0;
+ li_size.LowPart =
+ SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
+ li_size.LowPart, &li_size.HighPart, FILE_END );
+
+ if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
+ {
+ mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
+ goto exit;
+ }
+
+ filesize = li_size.QuadPart;
+#else
+ if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
+ {
+ perror( "lseek" );
+ goto exit;
+ }
+#endif
+#endif
+
+ if( fseek( fin, 0, SEEK_SET ) < 0 )
+ {
+ mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
+ goto exit;
+ }
+
+ if( mode == MODE_ENCRYPT )
+ {
+ /*
+ * Generate the initialization vector as:
+ * IV = MD( filesize || filename )[0..15]
+ */
+ for( i = 0; i < 8; i++ )
+ buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
+
+ p = argv[2];
+
+ mbedtls_md_starts( &md_ctx );
+ mbedtls_md_update( &md_ctx, buffer, 8 );
+ mbedtls_md_update( &md_ctx, (unsigned char *) p, strlen( p ) );
+ mbedtls_md_finish( &md_ctx, digest );
+
+ memcpy( IV, digest, 16 );
+
+ /*
+ * Append the IV at the beginning of the output.
+ */
+ if( fwrite( IV, 1, 16, fout ) != 16 )
+ {
+ mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
+ goto exit;
+ }
+
+ /*
+ * Hash the IV and the secret key together 8192 times
+ * using the result to setup the AES context and HMAC.
+ */
+ memset( digest, 0, 32 );
+ memcpy( digest, IV, 16 );
+
+ for( i = 0; i < 8192; i++ )
+ {
+ mbedtls_md_starts( &md_ctx );
+ mbedtls_md_update( &md_ctx, digest, 32 );
+ mbedtls_md_update( &md_ctx, key, keylen );
+ mbedtls_md_finish( &md_ctx, digest );
+
+ }
+
+ memset( key, 0, sizeof( key ) );
+
+ if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
+ MBEDTLS_ENCRYPT ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
+ goto exit;
+ }
+ if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n");
+ goto exit;
+ }
+ if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n");
+ goto exit;
+ }
+
+ mbedtls_md_hmac_starts( &md_ctx, digest, 32 );
+
+ /*
+ * Encrypt and write the ciphertext.
+ */
+ for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
+ {
+ ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
+ mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
+
+ if( fread( buffer, 1, ilen, fin ) != ilen )
+ {
+ mbedtls_fprintf( stderr, "fread(%ld bytes) failed\n", (long) ilen );
+ goto exit;
+ }
+
+ if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output, &olen ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n");
+ goto exit;
+ }
+
+ mbedtls_md_hmac_update( &md_ctx, output, olen );
+
+ if( fwrite( output, 1, olen, fout ) != olen )
+ {
+ mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ goto exit;
+ }
+ }
+
+ if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
+ goto exit;
+ }
+ mbedtls_md_hmac_update( &md_ctx, output, olen );
+
+ if( fwrite( output, 1, olen, fout ) != olen )
+ {
+ mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ goto exit;
+ }
+
+ /*
+ * Finally write the HMAC.
+ */
+ mbedtls_md_hmac_finish( &md_ctx, digest );
+
+ if( fwrite( digest, 1, mbedtls_md_get_size( md_info ), fout ) != mbedtls_md_get_size( md_info ) )
+ {
+ mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
+ goto exit;
+ }
+ }
+
+ if( mode == MODE_DECRYPT )
+ {
+ /*
+ * The encrypted file must be structured as follows:
+ *
+ * 00 .. 15 Initialization Vector
+ * 16 .. 31 Encrypted Block #1
+ * ..
+ * N*16 .. (N+1)*16 - 1 Encrypted Block #N
+ * (N+1)*16 .. (N+1)*16 + n Hash(ciphertext)
+ */
+ if( filesize < 16 + mbedtls_md_get_size( md_info ) )
+ {
+ mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
+ goto exit;
+ }
+
+ if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 )
+ {
+ mbedtls_fprintf( stderr, "Invalid cipher block size: 0. \n" );
+ goto exit;
+ }
+
+ /*
+ * Check the file size.
+ */
+ if( cipher_info->mode != MBEDTLS_MODE_GCM &&
+ ( ( filesize - mbedtls_md_get_size( md_info ) ) %
+ mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "File content not a multiple of the block size (%d).\n",
+ mbedtls_cipher_get_block_size( &cipher_ctx ));
+ goto exit;
+ }
+
+ /*
+ * Subtract the IV + HMAC length.
+ */
+ filesize -= ( 16 + mbedtls_md_get_size( md_info ) );
+
+ /*
+ * Read the IV and original filesize modulo 16.
+ */
+ if( fread( buffer, 1, 16, fin ) != 16 )
+ {
+ mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
+ goto exit;
+ }
+
+ memcpy( IV, buffer, 16 );
+
+ /*
+ * Hash the IV and the secret key together 8192 times
+ * using the result to setup the AES context and HMAC.
+ */
+ memset( digest, 0, 32 );
+ memcpy( digest, IV, 16 );
+
+ for( i = 0; i < 8192; i++ )
+ {
+ mbedtls_md_starts( &md_ctx );
+ mbedtls_md_update( &md_ctx, digest, 32 );
+ mbedtls_md_update( &md_ctx, key, keylen );
+ mbedtls_md_finish( &md_ctx, digest );
+ }
+
+ memset( key, 0, sizeof( key ) );
+
+ if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
+ MBEDTLS_DECRYPT ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );
+ goto exit;
+ }
+
+ if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n" );
+ goto exit;
+ }
+
+ if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n" );
+ goto exit;
+ }
+
+ mbedtls_md_hmac_starts( &md_ctx, digest, 32 );
+
+ /*
+ * Decrypt and write the plaintext.
+ */
+ for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
+ {
+ ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
+ mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
+
+ if( fread( buffer, 1, ilen, fin ) != ilen )
+ {
+ mbedtls_fprintf( stderr, "fread(%d bytes) failed\n",
+ mbedtls_cipher_get_block_size( &cipher_ctx ) );
+ goto exit;
+ }
+
+ mbedtls_md_hmac_update( &md_ctx, buffer, ilen );
+ if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output,
+ &olen ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n" );
+ goto exit;
+ }
+
+ if( fwrite( output, 1, olen, fout ) != olen )
+ {
+ mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ goto exit;
+ }
+ }
+
+ /*
+ * Verify the message authentication code.
+ */
+ mbedtls_md_hmac_finish( &md_ctx, digest );
+
+ if( fread( buffer, 1, mbedtls_md_get_size( md_info ), fin ) != mbedtls_md_get_size( md_info ) )
+ {
+ mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
+ goto exit;
+ }
+
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
+ diff |= digest[i] ^ buffer[i];
+
+ if( diff != 0 )
+ {
+ mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
+ "or file corrupted.\n" );
+ goto exit;
+ }
+
+ /*
+ * Write the final block of data
+ */
+ mbedtls_cipher_finish( &cipher_ctx, output, &olen );
+
+ if( fwrite( output, 1, olen, fout ) != olen )
+ {
+ mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
+ goto exit;
+ }
+ }
+
+ ret = 0;
+
+exit:
+ if( fin )
+ fclose( fin );
+ if( fout )
+ fclose( fout );
+
+ memset( buffer, 0, sizeof( buffer ) );
+ memset( digest, 0, sizeof( digest ) );
+
+ mbedtls_cipher_free( &cipher_ctx );
+ mbedtls_md_free( &md_ctx );
+
+ return( ret );
+}
+#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/CMakeLists.txt b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/CMakeLists.txt
new file mode 100644
index 0000000..eda975b
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/CMakeLists.txt
@@ -0,0 +1,9 @@
+add_executable(hello hello.c)
+target_link_libraries(hello mbedtls)
+
+add_executable(generic_sum generic_sum.c)
+target_link_libraries(generic_sum mbedtls)
+
+install(TARGETS hello generic_sum
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/generic_sum.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/generic_sum.c
new file mode 100644
index 0000000..d1e81d4
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/generic_sum.c
@@ -0,0 +1,232 @@
+/*
+ * generic message digest layer demonstration program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/md.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum )
+{
+ int ret = mbedtls_md_file( md_info, filename, sum );
+
+ if( ret == 1 )
+ mbedtls_fprintf( stderr, "failed to open: %s\n", filename );
+
+ if( ret == 2 )
+ mbedtls_fprintf( stderr, "failed to read: %s\n", filename );
+
+ return( ret );
+}
+
+static int generic_print( const mbedtls_md_info_t *md_info, char *filename )
+{
+ int i;
+ unsigned char sum[MBEDTLS_MD_MAX_SIZE];
+
+ if( generic_wrapper( md_info, filename, sum ) != 0 )
+ return( 1 );
+
+ for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
+ mbedtls_printf( "%02x", sum[i] );
+
+ mbedtls_printf( " %s\n", filename );
+ return( 0 );
+}
+
+static int generic_check( const mbedtls_md_info_t *md_info, char *filename )
+{
+ int i;
+ size_t n;
+ FILE *f;
+ int nb_err1, nb_err2;
+ int nb_tot1, nb_tot2;
+ unsigned char sum[MBEDTLS_MD_MAX_SIZE];
+ char line[1024];
+ char diff;
+#if defined(__clang_analyzer__)
+ char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { };
+#else
+ char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1];
+#endif
+
+ if( ( f = fopen( filename, "rb" ) ) == NULL )
+ {
+ mbedtls_printf( "failed to open: %s\n", filename );
+ return( 1 );
+ }
+
+ nb_err1 = nb_err2 = 0;
+ nb_tot1 = nb_tot2 = 0;
+
+ memset( line, 0, sizeof( line ) );
+
+ n = sizeof( line );
+
+ while( fgets( line, (int) n - 1, f ) != NULL )
+ {
+ n = strlen( line );
+
+ if( n < (size_t) 2 * mbedtls_md_get_size( md_info ) + 4 )
+ {
+ mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name( md_info ));
+ continue;
+ }
+
+ if( line[2 * mbedtls_md_get_size( md_info )] != ' ' || line[2 * mbedtls_md_get_size( md_info ) + 1] != ' ' )
+ {
+ mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name( md_info ));
+ continue;
+ }
+
+ if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; }
+ if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; }
+
+ nb_tot1++;
+
+ if( generic_wrapper( md_info, line + 2 + 2 * mbedtls_md_get_size( md_info ), sum ) != 0 )
+ {
+ nb_err1++;
+ continue;
+ }
+
+ nb_tot2++;
+
+ for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
+ sprintf( buf + i * 2, "%02x", sum[i] );
+
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for( i = 0; i < 2 * mbedtls_md_get_size( md_info ); i++ )
+ diff |= line[i] ^ buf[i];
+
+ if( diff != 0 )
+ {
+ nb_err2++;
+ mbedtls_fprintf( stderr, "wrong checksum: %s\n", line + 66 );
+ }
+
+ n = sizeof( line );
+ }
+
+ if( nb_err1 != 0 )
+ {
+ mbedtls_printf( "WARNING: %d (out of %d) input files could "
+ "not be read\n", nb_err1, nb_tot1 );
+ }
+
+ if( nb_err2 != 0 )
+ {
+ mbedtls_printf( "WARNING: %d (out of %d) computed checksums did "
+ "not match\n", nb_err2, nb_tot2 );
+ }
+
+ fclose( f );
+
+ return( nb_err1 != 0 || nb_err2 != 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+ int ret, i;
+ const mbedtls_md_info_t *md_info;
+ mbedtls_md_context_t md_ctx;
+
+ mbedtls_md_init( &md_ctx );
+
+ if( argc == 1 )
+ {
+ const int *list;
+
+ mbedtls_printf( "print mode: generic_sum <mbedtls_md> <file> <file> ...\n" );
+ mbedtls_printf( "check mode: generic_sum <mbedtls_md> -c <checksum file>\n" );
+
+ mbedtls_printf( "\nAvailable message digests:\n" );
+ list = mbedtls_md_list();
+ while( *list )
+ {
+ md_info = mbedtls_md_info_from_type( *list );
+ mbedtls_printf( " %s\n", mbedtls_md_get_name( md_info ) );
+ list++;
+ }
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( 1 );
+ }
+
+ /*
+ * Read the MD from the command line
+ */
+ md_info = mbedtls_md_info_from_string( argv[1] );
+ if( md_info == NULL )
+ {
+ mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
+ return( 1 );
+ }
+ if( mbedtls_md_setup( &md_ctx, md_info, 0 ) )
+ {
+ mbedtls_fprintf( stderr, "Failed to initialize context.\n" );
+ return( 1 );
+ }
+
+ ret = 0;
+ if( argc == 4 && strcmp( "-c", argv[2] ) == 0 )
+ {
+ ret |= generic_check( md_info, argv[3] );
+ goto exit;
+ }
+
+ for( i = 2; i < argc; i++ )
+ ret |= generic_print( md_info, argv[i] );
+
+exit:
+ mbedtls_md_free( &md_ctx );
+
+ return( ret );
+}
+#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/hello.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/hello.c
new file mode 100644
index 0000000..df420f2
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/hash/hello.c
@@ -0,0 +1,68 @@
+/*
+ * Classic "Hello, world" demonstration program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_MD5_C)
+#include "mbedtls/md5.h"
+#endif
+
+#if !defined(MBEDTLS_MD5_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_MD5_C not defined.\n");
+ return( 0 );
+}
+#else
+int main( void )
+{
+ int i;
+ unsigned char digest[16];
+ char str[] = "Hello, world!";
+
+ mbedtls_printf( "\n MD5('%s') = ", str );
+
+ mbedtls_md5( (unsigned char *) str, 13, digest );
+
+ for( i = 0; i < 16; i++ )
+ mbedtls_printf( "%02x", digest[i] );
+
+ mbedtls_printf( "\n\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( " Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( 0 );
+}
+#endif /* MBEDTLS_MD5_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/CMakeLists.txt b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/CMakeLists.txt
new file mode 100644
index 0000000..5a37a42
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/CMakeLists.txt
@@ -0,0 +1,63 @@
+add_executable(dh_client dh_client.c)
+target_link_libraries(dh_client mbedtls)
+
+add_executable(dh_genprime dh_genprime.c)
+target_link_libraries(dh_genprime mbedtls)
+
+add_executable(dh_server dh_server.c)
+target_link_libraries(dh_server mbedtls)
+
+add_executable(ecdh_curve25519 ecdh_curve25519.c)
+target_link_libraries(ecdh_curve25519 mbedtls)
+
+add_executable(ecdsa ecdsa.c)
+target_link_libraries(ecdsa mbedtls)
+
+add_executable(gen_key gen_key.c)
+target_link_libraries(gen_key mbedtls)
+
+add_executable(key_app key_app.c)
+target_link_libraries(key_app mbedtls)
+
+add_executable(key_app_writer key_app_writer.c)
+target_link_libraries(key_app_writer mbedtls)
+
+add_executable(mpi_demo mpi_demo.c)
+target_link_libraries(mpi_demo mbedtls)
+
+add_executable(rsa_genkey rsa_genkey.c)
+target_link_libraries(rsa_genkey mbedtls)
+
+add_executable(rsa_sign rsa_sign.c)
+target_link_libraries(rsa_sign mbedtls)
+
+add_executable(rsa_verify rsa_verify.c)
+target_link_libraries(rsa_verify mbedtls)
+
+add_executable(rsa_sign_pss rsa_sign_pss.c)
+target_link_libraries(rsa_sign_pss mbedtls)
+
+add_executable(rsa_verify_pss rsa_verify_pss.c)
+target_link_libraries(rsa_verify_pss mbedtls)
+
+add_executable(rsa_encrypt rsa_encrypt.c)
+target_link_libraries(rsa_encrypt mbedtls)
+
+add_executable(rsa_decrypt rsa_decrypt.c)
+target_link_libraries(rsa_decrypt mbedtls)
+
+add_executable(pk_sign pk_sign.c)
+target_link_libraries(pk_sign mbedtls)
+
+add_executable(pk_verify pk_verify.c)
+target_link_libraries(pk_verify mbedtls)
+
+add_executable(pk_encrypt pk_encrypt.c)
+target_link_libraries(pk_encrypt mbedtls)
+
+add_executable(pk_decrypt pk_decrypt.c)
+target_link_libraries(pk_decrypt mbedtls)
+
+install(TARGETS dh_client dh_genprime dh_server key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt pk_encrypt pk_decrypt pk_sign pk_verify gen_key
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_client.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_client.c
new file mode 100644
index 0000000..875d0b0
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_client.c
@@ -0,0 +1,304 @@
+/*
+ * Diffie-Hellman-Merkle key exchange (client side)
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#endif
+
+#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
+ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
+ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \
+ defined(MBEDTLS_SHA1_C)
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/aes.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#define SERVER_NAME "localhost"
+#define SERVER_PORT "11999"
+
+#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_SHA1_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
+ "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+int main( void )
+{
+ FILE *f;
+
+ int ret;
+ size_t n, buflen;
+ mbedtls_net_context server_fd;
+
+ unsigned char *p, *end;
+ unsigned char buf[2048];
+ unsigned char hash[32];
+ const char *pers = "dh_client";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_rsa_context rsa;
+ mbedtls_dhm_context dhm;
+ mbedtls_aes_context aes;
+
+ mbedtls_net_init( &server_fd );
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
+ mbedtls_dhm_init( &dhm );
+ mbedtls_aes_init( &aes );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ /*
+ * 1. Setup the RNG
+ */
+ mbedtls_printf( "\n . Seeding the random number generator" );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ /*
+ * 2. Read the server's public RSA key
+ */
+ mbedtls_printf( "\n . Reading public key from rsa_pub.txt" );
+ fflush( stdout );
+
+ if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
+ " ! Please run rsa_genkey first\n\n" );
+ goto exit;
+ }
+
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+
+ if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
+ fclose( f );
+ goto exit;
+ }
+
+ rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+
+ fclose( f );
+
+ /*
+ * 3. Initiate the connection
+ */
+ mbedtls_printf( "\n . Connecting to tcp/%s/%s", SERVER_NAME,
+ SERVER_PORT );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
+ SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /*
+ * 4a. First get the buffer length
+ */
+ mbedtls_printf( "\n . Receiving the server's DH parameters" );
+ fflush( stdout );
+
+ memset( buf, 0, sizeof( buf ) );
+
+ if( ( ret = mbedtls_net_recv( &server_fd, buf, 2 ) ) != 2 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
+ goto exit;
+ }
+
+ n = buflen = ( buf[0] << 8 ) | buf[1];
+ if( buflen < 1 || buflen > sizeof( buf ) )
+ {
+ mbedtls_printf( " failed\n ! Got an invalid buffer length\n\n" );
+ goto exit;
+ }
+
+ /*
+ * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
+ */
+ memset( buf, 0, sizeof( buf ) );
+
+ if( ( ret = mbedtls_net_recv( &server_fd, buf, n ) ) != (int) n )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
+ goto exit;
+ }
+
+ p = buf, end = buf + buflen;
+
+ if( ( ret = mbedtls_dhm_read_params( &dhm, &p, end ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( dhm.len < 64 || dhm.len > 512 )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" );
+ goto exit;
+ }
+
+ /*
+ * 5. Check that the server's RSA signature matches
+ * the SHA-256 hash of (P,G,Ys)
+ */
+ mbedtls_printf( "\n . Verifying the server's RSA signature" );
+ fflush( stdout );
+
+ p += 2;
+
+ if( ( n = (size_t) ( end - p ) ) != rsa.len )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" );
+ goto exit;
+ }
+
+ mbedtls_sha1( buf, (int)( p - 2 - buf ), hash );
+
+ if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
+ MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /*
+ * 6. Send our public value: Yc = G ^ Xc mod P
+ */
+ mbedtls_printf( "\n . Sending own public value to server" );
+ fflush( stdout );
+
+ n = dhm.len;
+ if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_net_send( &server_fd, buf, n ) ) != (int) n )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /*
+ * 7. Derive the shared secret: K = Ys ^ Xc mod P
+ */
+ mbedtls_printf( "\n . Shared secret: " );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
+ goto exit;
+ }
+
+ for( n = 0; n < 16; n++ )
+ mbedtls_printf( "%02x", buf[n] );
+
+ /*
+ * 8. Setup the AES-256 decryption key
+ *
+ * This is an overly simplified example; best practice is
+ * to hash the shared secret with a random value to derive
+ * the keying material for the encryption/decryption keys,
+ * IVs and MACs.
+ */
+ mbedtls_printf( "...\n . Receiving and decrypting the ciphertext" );
+ fflush( stdout );
+
+ mbedtls_aes_setkey_dec( &aes, buf, 256 );
+
+ memset( buf, 0, sizeof( buf ) );
+
+ if( ( ret = mbedtls_net_recv( &server_fd, buf, 16 ) ) != 16 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
+ buf[16] = '\0';
+ mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
+
+exit:
+
+ mbedtls_net_free( &server_fd );
+
+ mbedtls_aes_free( &aes );
+ mbedtls_rsa_free( &rsa );
+ mbedtls_dhm_free( &dhm );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
+ MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_genprime.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_genprime.c
new file mode 100644
index 0000000..84a94a1
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_genprime.c
@@ -0,0 +1,197 @@
+/*
+ * Diffie-Hellman-Merkle key exchange (prime generation)
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_GENPRIME)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_GENPRIME not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/bignum.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#define USAGE \
+ "\n usage: dh_genprime param=<>...\n" \
+ "\n acceprable parameters:\n" \
+ " bits=%%d default: 2048\n"
+
+#define DFL_BITS 2048
+
+/*
+ * Note: G = 4 is always a quadratic residue mod P,
+ * so it is a generator of order Q (with P = 2*Q+1).
+ */
+#define GENERATOR "4"
+
+int main( int argc, char **argv )
+{
+ int ret = 1;
+ mbedtls_mpi G, P, Q;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ const char *pers = "dh_genprime";
+ FILE *fout;
+ int nbits = DFL_BITS;
+ int i;
+ char *p, *q;
+
+ mbedtls_mpi_init( &G ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+
+ if( argc == 0 )
+ {
+ usage:
+ mbedtls_printf( USAGE );
+ return( 1 );
+ }
+
+ for( i = 1; i < argc; i++ )
+ {
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "bits" ) == 0 )
+ {
+ nbits = atoi( q );
+ if( nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS )
+ goto usage;
+ }
+ else
+ goto usage;
+ }
+
+ if( ( ret = mbedtls_mpi_read_string( &G, 10, GENERATOR ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_string returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ! Generating large primes may take minutes!\n" );
+
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n . Generating the modulus, please wait..." );
+ fflush( stdout );
+
+ /*
+ * This can take a long time...
+ */
+ if( ( ret = mbedtls_mpi_gen_prime( &P, nbits, 1,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n . Verifying that Q = (P-1)/2 is prime..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_mpi_sub_int( &Q, &P, 1 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_mpi_div_int( &Q, NULL, &Q, 2 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_mpi_is_prime( &Q, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n . Exporting the value in dh_prime.txt..." );
+ fflush( stdout );
+
+ if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Could not create dh_prime.txt\n\n" );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 ) ||
+ ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
+ fclose( fout );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n\n" );
+ fclose( fout );
+
+exit:
+
+ mbedtls_mpi_free( &G ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
+ MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_prime.txt b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_prime.txt
new file mode 100644
index 0000000..de0c281
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_prime.txt
@@ -0,0 +1,2 @@
+P = FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
+G = 02
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_server.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_server.c
new file mode 100644
index 0000000..8bf2b1b
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/dh_server.c
@@ -0,0 +1,308 @@
+/*
+ * Diffie-Hellman-Merkle key exchange (server side)
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#endif
+
+#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
+ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
+ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \
+ defined(MBEDTLS_SHA1_C)
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/aes.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#define SERVER_PORT "11999"
+#define PLAINTEXT "==Hello there!=="
+
+#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_SHA1_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
+ "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+int main( void )
+{
+ FILE *f;
+
+ int ret;
+ size_t n, buflen;
+ mbedtls_net_context listen_fd, client_fd;
+
+ unsigned char buf[2048];
+ unsigned char hash[32];
+ unsigned char buf2[2];
+ const char *pers = "dh_server";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_rsa_context rsa;
+ mbedtls_dhm_context dhm;
+ mbedtls_aes_context aes;
+
+ mbedtls_net_init( &listen_fd );
+ mbedtls_net_init( &client_fd );
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
+ mbedtls_dhm_init( &dhm );
+ mbedtls_aes_init( &aes );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ /*
+ * 1. Setup the RNG
+ */
+ mbedtls_printf( "\n . Seeding the random number generator" );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ /*
+ * 2a. Read the server's private RSA key
+ */
+ mbedtls_printf( "\n . Reading private key from rsa_priv.txt" );
+ fflush( stdout );
+
+ if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
+ " ! Please run rsa_genkey first\n\n" );
+ goto exit;
+ }
+
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+
+ if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
+ fclose( f );
+ goto exit;
+ }
+
+ rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+
+ fclose( f );
+
+ /*
+ * 2b. Get the DHM modulus and generator
+ */
+ mbedtls_printf( "\n . Reading DH parameters from dh_prime.txt" );
+ fflush( stdout );
+
+ if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Could not open dh_prime.txt\n" \
+ " ! Please run dh_genprime first\n\n" );
+ goto exit;
+ }
+
+ if( mbedtls_mpi_read_file( &dhm.P, 16, f ) != 0 ||
+ mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
+ fclose( f );
+ goto exit;
+ }
+
+ fclose( f );
+
+ /*
+ * 3. Wait for a client to connect
+ */
+ mbedtls_printf( "\n . Waiting for a remote connection" );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_bind( &listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
+ NULL, 0, NULL ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /*
+ * 4. Setup the DH parameters (P,G,Ys)
+ */
+ mbedtls_printf( "\n . Sending the server's DH parameters" );
+ fflush( stdout );
+
+ memset( buf, 0, sizeof( buf ) );
+
+ if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.P ), buf, &n,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /*
+ * 5. Sign the parameters and send them
+ */
+ mbedtls_sha1( buf, n, hash );
+
+ buf[n ] = (unsigned char)( rsa.len >> 8 );
+ buf[n + 1] = (unsigned char)( rsa.len );
+
+ if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
+ 0, hash, buf + n + 2 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );
+ goto exit;
+ }
+
+ buflen = n + 2 + rsa.len;
+ buf2[0] = (unsigned char)( buflen >> 8 );
+ buf2[1] = (unsigned char)( buflen );
+
+ if( ( ret = mbedtls_net_send( &client_fd, buf2, 2 ) ) != 2 ||
+ ( ret = mbedtls_net_send( &client_fd, buf, buflen ) ) != (int) buflen )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /*
+ * 6. Get the client's public value: Yc = G ^ Xc mod P
+ */
+ mbedtls_printf( "\n . Receiving the client's public value" );
+ fflush( stdout );
+
+ memset( buf, 0, sizeof( buf ) );
+
+ if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /*
+ * 7. Derive the shared secret: K = Ys ^ Xc mod P
+ */
+ mbedtls_printf( "\n . Shared secret: " );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
+ goto exit;
+ }
+
+ for( n = 0; n < 16; n++ )
+ mbedtls_printf( "%02x", buf[n] );
+
+ /*
+ * 8. Setup the AES-256 encryption key
+ *
+ * This is an overly simplified example; best practice is
+ * to hash the shared secret with a random value to derive
+ * the keying material for the encryption/decryption keys
+ * and MACs.
+ */
+ mbedtls_printf( "...\n . Encrypting and sending the ciphertext" );
+ fflush( stdout );
+
+ mbedtls_aes_setkey_enc( &aes, buf, 256 );
+ memcpy( buf, PLAINTEXT, 16 );
+ mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
+
+ if( ( ret = mbedtls_net_send( &client_fd, buf, 16 ) ) != 16 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n\n" );
+
+exit:
+
+ mbedtls_net_free( &client_fd );
+ mbedtls_net_free( &listen_fd );
+
+ mbedtls_aes_free( &aes );
+ mbedtls_rsa_free( &rsa );
+ mbedtls_dhm_free( &dhm );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
+ MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/ecdh_curve25519.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/ecdh_curve25519.c
new file mode 100644
index 0000000..aa15c46
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/ecdh_curve25519.c
@@ -0,0 +1,237 @@
+/*
+ * Example ECDHE with Curve25519 program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_ECDH_C) || \
+ !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf( "MBEDTLS_ECDH_C and/or "
+ "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
+ "not defined\n" );
+ return( 0 );
+}
+#else
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ecdh.h"
+
+int main( int argc, char *argv[] )
+{
+ int ret;
+ mbedtls_ecdh_context ctx_cli, ctx_srv;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char cli_to_srv[32], srv_to_cli[32];
+ const char pers[] = "ecdh";
+ ((void) argc);
+ ((void) argv);
+
+ mbedtls_ecdh_init( &ctx_cli );
+ mbedtls_ecdh_init( &ctx_srv );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ /*
+ * Initialize random number generation
+ */
+ mbedtls_printf( " . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ sizeof pers ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * Client: inialize context and generate keypair
+ */
+ mbedtls_printf( " . Setting up client context..." );
+ fflush( stdout );
+
+ ret = mbedtls_ecp_group_load( &ctx_cli.grp, MBEDTLS_ECP_DP_CURVE25519 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_ecdh_gen_public( &ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q,
+ mbedtls_ctr_drbg_random, &ctr_drbg );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecdh_gen_public returned %d\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_mpi_write_binary( &ctx_cli.Q.X, cli_to_srv, 32 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * Server: initialize context and generate keypair
+ */
+ mbedtls_printf( " . Setting up server context..." );
+ fflush( stdout );
+
+ ret = mbedtls_ecp_group_load( &ctx_srv.grp, MBEDTLS_ECP_DP_CURVE25519 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_ecdh_gen_public( &ctx_srv.grp, &ctx_srv.d, &ctx_srv.Q,
+ mbedtls_ctr_drbg_random, &ctr_drbg );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecdh_gen_public returned %d\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_mpi_write_binary( &ctx_srv.Q.X, srv_to_cli, 32 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * Server: read peer's key and generate shared secret
+ */
+ mbedtls_printf( " . Server reading client key and computing secret..." );
+ fflush( stdout );
+
+ ret = mbedtls_mpi_lset( &ctx_srv.Qp.Z, 1 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_mpi_read_binary( &ctx_srv.Qp.X, cli_to_srv, 32 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_ecdh_compute_shared( &ctx_srv.grp, &ctx_srv.z,
+ &ctx_srv.Qp, &ctx_srv.d,
+ mbedtls_ctr_drbg_random, &ctr_drbg );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * Client: read peer's key and generate shared secret
+ */
+ mbedtls_printf( " . Client reading server key and computing secret..." );
+ fflush( stdout );
+
+ ret = mbedtls_mpi_lset( &ctx_cli.Qp.Z, 1 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_mpi_read_binary( &ctx_cli.Qp.X, srv_to_cli, 32 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_ecdh_compute_shared( &ctx_cli.grp, &ctx_cli.z,
+ &ctx_cli.Qp, &ctx_cli.d,
+ mbedtls_ctr_drbg_random, &ctr_drbg );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * Verification: are the computed secret equal?
+ */
+ mbedtls_printf( " . Checking if both computed secrets are equal..." );
+ fflush( stdout );
+
+ ret = mbedtls_mpi_cmp_mpi( &ctx_cli.z, &ctx_srv.z );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+
+exit:
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ mbedtls_ecdh_free( &ctx_srv );
+ mbedtls_ecdh_free( &ctx_cli );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+ return( ret != 0 );
+}
+#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/ecdsa.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/ecdsa.c
new file mode 100644
index 0000000..069d312
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/ecdsa.c
@@ -0,0 +1,231 @@
+/*
+ * Example ECDSA program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_ECDSA_C) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ecdsa.h"
+
+#include <string.h>
+#endif
+
+/*
+ * Uncomment to show key and signature details
+ */
+#define VERBOSE
+
+/*
+ * Uncomment to force use of a specific curve
+ */
+#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1
+
+#if !defined(ECPARAMS)
+#define ECPARAMS mbedtls_ecp_curve_list()->grp_id
+#endif
+
+#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
+ return( 0 );
+}
+#else
+#if defined(VERBOSE)
+static void dump_buf( const char *title, unsigned char *buf, size_t len )
+{
+ size_t i;
+
+ mbedtls_printf( "%s", title );
+ for( i = 0; i < len; i++ )
+ mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16],
+ "0123456789ABCDEF" [buf[i] % 16] );
+ mbedtls_printf( "\n" );
+}
+
+static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key )
+{
+ unsigned char buf[300];
+ size_t len;
+
+ if( mbedtls_ecp_point_write_binary( &key->grp, &key->Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 )
+ {
+ mbedtls_printf("internal error\n");
+ return;
+ }
+
+ dump_buf( title, buf, len );
+}
+#else
+#define dump_buf( a, b, c )
+#define dump_pubkey( a, b )
+#endif
+
+int main( int argc, char *argv[] )
+{
+ int ret;
+ mbedtls_ecdsa_context ctx_sign, ctx_verify;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char hash[] = "This should be the hash of a message.";
+ unsigned char sig[512];
+ size_t sig_len;
+ const char *pers = "ecdsa";
+ ((void) argv);
+
+ mbedtls_ecdsa_init( &ctx_sign );
+ mbedtls_ecdsa_init( &ctx_verify );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ memset(sig, 0, sizeof( sig ) );
+ ret = 1;
+
+ if( argc != 1 )
+ {
+ mbedtls_printf( "usage: ecdsa\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n" );
+#endif
+
+ goto exit;
+ }
+
+ /*
+ * Generate a key pair for signing
+ */
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n . Generating key pair..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ecdsa_genkey( &ctx_sign, ECPARAMS,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.grp.pbits );
+
+ dump_pubkey( " + Public key: ", &ctx_sign );
+
+ /*
+ * Sign some message hash
+ */
+ mbedtls_printf( " . Signing message..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ecdsa_write_signature( &ctx_sign, MBEDTLS_MD_SHA256,
+ hash, sizeof( hash ),
+ sig, &sig_len,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret );
+ goto exit;
+ }
+ mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
+
+ dump_buf( " + Hash: ", hash, sizeof hash );
+ dump_buf( " + Signature: ", sig, sig_len );
+
+ /*
+ * Transfer public information to verifying context
+ *
+ * We could use the same context for verification and signatures, but we
+ * chose to use a new one in order to make it clear that the verifying
+ * context only needs the public key (Q), and not the private key (d).
+ */
+ mbedtls_printf( " . Preparing verification context..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.grp, &ctx_sign.grp ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecp_group_copy returned %d\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_ecp_copy( &ctx_verify.Q, &ctx_sign.Q ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecp_copy returned %d\n", ret );
+ goto exit;
+ }
+
+ ret = 0;
+
+ /*
+ * Verify signature
+ */
+ mbedtls_printf( " ok\n . Verifying signature..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ecdsa_read_signature( &ctx_verify,
+ hash, sizeof( hash ),
+ sig, sig_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+exit:
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ mbedtls_ecdsa_free( &ctx_verify );
+ mbedtls_ecdsa_free( &ctx_sign );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+ return( ret );
+}
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+ ECPARAMS */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/gen_key.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/gen_key.c
new file mode 100644
index 0000000..4812694
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/gen_key.c
@@ -0,0 +1,425 @@
+/*
+ * Key generation application
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/error.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(_WIN32)
+#include <unistd.h>
+
+#define DEV_RANDOM_THRESHOLD 32
+
+int dev_random_entropy_poll( void *data, unsigned char *output,
+ size_t len, size_t *olen )
+{
+ FILE *file;
+ size_t ret, left = len;
+ unsigned char *p = output;
+ ((void) data);
+
+ *olen = 0;
+
+ file = fopen( "/dev/random", "rb" );
+ if( file == NULL )
+ return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+
+ while( left > 0 )
+ {
+ /* /dev/random can return much less than requested. If so, try again */
+ ret = fread( p, 1, left, file );
+ if( ret == 0 && ferror( file ) )
+ {
+ fclose( file );
+ return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ }
+
+ p += ret;
+ left -= ret;
+ sleep( 1 );
+ }
+ fclose( file );
+ *olen = len;
+
+ return( 0 );
+}
+#endif /* !_WIN32 */
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id
+#else
+#define DFL_EC_CURVE 0
+#endif
+
+#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
+#define USAGE_DEV_RANDOM \
+ " use_dev_random=0|1 default: 0\n"
+#else
+#define USAGE_DEV_RANDOM ""
+#endif /* !_WIN32 && MBEDTLS_FS_IO */
+
+#define FORMAT_PEM 0
+#define FORMAT_DER 1
+
+#define DFL_TYPE MBEDTLS_PK_RSA
+#define DFL_RSA_KEYSIZE 4096
+#define DFL_FILENAME "keyfile.key"
+#define DFL_FORMAT FORMAT_PEM
+#define DFL_USE_DEV_RANDOM 0
+
+#define USAGE \
+ "\n usage: gen_key param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " type=rsa|ec default: rsa\n" \
+ " rsa_keysize=%%d default: 4096\n" \
+ " ec_curve=%%s see below\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " format=pem|der default: pem\n" \
+ USAGE_DEV_RANDOM \
+ "\n"
+
+#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_PEM_WRITE_C"
+ "not defined.\n" );
+ return( 0 );
+}
+#else
+/*
+ * global options
+ */
+struct options
+{
+ int type; /* the type of key to generate */
+ int rsa_keysize; /* length of key in bits */
+ int ec_curve; /* curve identifier for EC keys */
+ const char *filename; /* filename of the key file */
+ int format; /* the output format to use */
+ int use_dev_random; /* use /dev/random as entropy source */
+} opt;
+
+static int write_private_key( mbedtls_pk_context *key, const char *output_file )
+{
+ int ret;
+ FILE *f;
+ unsigned char output_buf[16000];
+ unsigned char *c = output_buf;
+ size_t len = 0;
+
+ memset(output_buf, 0, 16000);
+ if( opt.format == FORMAT_PEM )
+ {
+ if( ( ret = mbedtls_pk_write_key_pem( key, output_buf, 16000 ) ) != 0 )
+ return( ret );
+
+ len = strlen( (char *) output_buf );
+ }
+ else
+ {
+ if( ( ret = mbedtls_pk_write_key_der( key, output_buf, 16000 ) ) < 0 )
+ return( ret );
+
+ len = ret;
+ c = output_buf + sizeof(output_buf) - len;
+ }
+
+ if( ( f = fopen( output_file, "wb" ) ) == NULL )
+ return( -1 );
+
+ if( fwrite( c, 1, len, f ) != len )
+ {
+ fclose( f );
+ return( -1 );
+ }
+
+ fclose( f );
+
+ return( 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0;
+ mbedtls_pk_context key;
+ char buf[1024];
+ int i;
+ char *p, *q;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ const char *pers = "gen_key";
+#if defined(MBEDTLS_ECP_C)
+ const mbedtls_ecp_curve_info *curve_info;
+#endif
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_pk_init( &key );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ memset( buf, 0, sizeof( buf ) );
+
+ if( argc == 0 )
+ {
+ usage:
+ ret = 1;
+ mbedtls_printf( USAGE );
+#if defined(MBEDTLS_ECP_C)
+ mbedtls_printf( " available ec_curve values:\n" );
+ curve_info = mbedtls_ecp_curve_list();
+ mbedtls_printf( " %s (default)\n", curve_info->name );
+ while( ( ++curve_info )->name != NULL )
+ mbedtls_printf( " %s\n", curve_info->name );
+#endif
+ goto exit;
+ }
+
+ opt.type = DFL_TYPE;
+ opt.rsa_keysize = DFL_RSA_KEYSIZE;
+ opt.ec_curve = DFL_EC_CURVE;
+ opt.filename = DFL_FILENAME;
+ opt.format = DFL_FORMAT;
+ opt.use_dev_random = DFL_USE_DEV_RANDOM;
+
+ for( i = 1; i < argc; i++ )
+ {
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "type" ) == 0 )
+ {
+ if( strcmp( q, "rsa" ) == 0 )
+ opt.type = MBEDTLS_PK_RSA;
+ else if( strcmp( q, "ec" ) == 0 )
+ opt.type = MBEDTLS_PK_ECKEY;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "format" ) == 0 )
+ {
+ if( strcmp( q, "pem" ) == 0 )
+ opt.format = FORMAT_PEM;
+ else if( strcmp( q, "der" ) == 0 )
+ opt.format = FORMAT_DER;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "rsa_keysize" ) == 0 )
+ {
+ opt.rsa_keysize = atoi( q );
+ if( opt.rsa_keysize < 1024 ||
+ opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS )
+ goto usage;
+ }
+#if defined(MBEDTLS_ECP_C)
+ else if( strcmp( p, "ec_curve" ) == 0 )
+ {
+ if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL )
+ goto usage;
+ opt.ec_curve = curve_info->grp_id;
+ }
+#endif
+ else if( strcmp( p, "filename" ) == 0 )
+ opt.filename = q;
+ else if( strcmp( p, "use_dev_random" ) == 0 )
+ {
+ opt.use_dev_random = atoi( q );
+ if( opt.use_dev_random < 0 || opt.use_dev_random > 1 )
+ goto usage;
+ }
+ else
+ goto usage;
+ }
+
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
+ if( opt.use_dev_random )
+ {
+ if( ( ret = mbedtls_entropy_add_source( &entropy, dev_random_entropy_poll,
+ NULL, DEV_RANDOM_THRESHOLD,
+ MBEDTLS_ENTROPY_SOURCE_STRONG ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf("\n Using /dev/random, so can take a long time! " );
+ fflush( stdout );
+ }
+#endif /* !_WIN32 && MBEDTLS_FS_IO */
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ /*
+ * 1.1. Generate the key
+ */
+ mbedtls_printf( "\n . Generating the private key ..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_pk_setup( &key, mbedtls_pk_info_from_type( opt.type ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", -ret );
+ goto exit;
+ }
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
+ if( opt.type == MBEDTLS_PK_RSA )
+ {
+ ret = mbedtls_rsa_gen_key( mbedtls_pk_rsa( key ), mbedtls_ctr_drbg_random, &ctr_drbg,
+ opt.rsa_keysize, 65537 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret );
+ goto exit;
+ }
+ }
+ else
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_C)
+ if( opt.type == MBEDTLS_PK_ECKEY )
+ {
+ ret = mbedtls_ecp_gen_key( opt.ec_curve, mbedtls_pk_ec( key ),
+ mbedtls_ctr_drbg_random, &ctr_drbg );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret );
+ goto exit;
+ }
+ }
+ else
+#endif /* MBEDTLS_ECP_C */
+ {
+ mbedtls_printf( " failed\n ! key type not supported\n" );
+ goto exit;
+ }
+
+ /*
+ * 1.2 Print the key
+ */
+ mbedtls_printf( " ok\n . Key information:\n" );
+
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA )
+ {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key );
+ mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL );
+ mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL );
+ mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL );
+ mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL );
+ mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL );
+ mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL );
+ mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL );
+ mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL );
+ }
+ else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
+ {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
+ mbedtls_printf( "curve: %s\n",
+ mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name );
+ mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL );
+ mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL );
+ mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL );
+ }
+ else
+#endif
+ mbedtls_printf(" ! key type not supported\n");
+
+ /*
+ * 1.3 Export key
+ */
+ mbedtls_printf( " . Writing key to file..." );
+
+ if( ( ret = write_private_key( &key, opt.filename ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n" );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+exit:
+
+ if( ret != 0 && ret != 1)
+ {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror( ret, buf, sizeof( buf ) );
+ mbedtls_printf( " - %s\n", buf );
+#else
+ mbedtls_printf("\n");
+#endif
+ }
+
+ mbedtls_pk_free( &key );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
+ * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/key_app.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/key_app.c
new file mode 100644
index 0000000..b6b8446
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/key_app.c
@@ -0,0 +1,281 @@
+/*
+ * Key reading application
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_BIGNUM_C) && \
+ defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/error.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/x509.h"
+
+#include <string.h>
+#endif
+
+#define MODE_NONE 0
+#define MODE_PRIVATE 1
+#define MODE_PUBLIC 2
+
+#define DFL_MODE MODE_NONE
+#define DFL_FILENAME "keyfile.key"
+#define DFL_PASSWORD ""
+#define DFL_PASSWORD_FILE ""
+#define DFL_DEBUG_LEVEL 0
+
+#define USAGE \
+ "\n usage: key_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " mode=private|public default: none\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " password=%%s default: \"\"\n" \
+ " password_file=%%s default: \"\"\n" \
+ "\n"
+
+
+#if !defined(MBEDTLS_BIGNUM_C) || \
+ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+/*
+ * global options
+ */
+struct options
+{
+ int mode; /* the mode to run the application in */
+ const char *filename; /* filename of the key file */
+ const char *password; /* password for the private key */
+ const char *password_file; /* password_file for the private key */
+} opt;
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0;
+ mbedtls_pk_context pk;
+ char buf[1024];
+ int i;
+ char *p, *q;
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_pk_init( &pk );
+ memset( buf, 0, sizeof(buf) );
+
+ if( argc == 0 )
+ {
+ usage:
+ mbedtls_printf( USAGE );
+ goto exit;
+ }
+
+ opt.mode = DFL_MODE;
+ opt.filename = DFL_FILENAME;
+ opt.password = DFL_PASSWORD;
+ opt.password_file = DFL_PASSWORD_FILE;
+
+ for( i = 1; i < argc; i++ )
+ {
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "mode" ) == 0 )
+ {
+ if( strcmp( q, "private" ) == 0 )
+ opt.mode = MODE_PRIVATE;
+ else if( strcmp( q, "public" ) == 0 )
+ opt.mode = MODE_PUBLIC;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "filename" ) == 0 )
+ opt.filename = q;
+ else if( strcmp( p, "password" ) == 0 )
+ opt.password = q;
+ else if( strcmp( p, "password_file" ) == 0 )
+ opt.password_file = q;
+ else
+ goto usage;
+ }
+
+ if( opt.mode == MODE_PRIVATE )
+ {
+ if( strlen( opt.password ) && strlen( opt.password_file ) )
+ {
+ mbedtls_printf( "Error: cannot have both password and password_file\n" );
+ goto usage;
+ }
+
+ if( strlen( opt.password_file ) )
+ {
+ FILE *f;
+
+ mbedtls_printf( "\n . Loading the password file ..." );
+ if( ( f = fopen( opt.password_file, "rb" ) ) == NULL )
+ {
+ mbedtls_printf( " failed\n ! fopen returned NULL\n" );
+ goto exit;
+ }
+ if( fgets( buf, sizeof(buf), f ) == NULL )
+ {
+ fclose( f );
+ mbedtls_printf( "Error: fgets() failed to retrieve password\n" );
+ goto exit;
+ }
+ fclose( f );
+
+ i = (int) strlen( buf );
+ if( buf[i - 1] == '\n' ) buf[i - 1] = '\0';
+ if( buf[i - 2] == '\r' ) buf[i - 2] = '\0';
+ opt.password = buf;
+ }
+
+ /*
+ * 1.1. Load the key
+ */
+ mbedtls_printf( "\n . Loading the private key ..." );
+ fflush( stdout );
+
+ ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password );
+
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.2 Print the key
+ */
+ mbedtls_printf( " . Key information ...\n" );
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
+ {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
+ mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL );
+ mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL );
+ mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL );
+ mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL );
+ mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL );
+ mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL );
+ mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL );
+ mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL );
+ }
+ else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
+ {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
+ mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
+ mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
+ mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
+ mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL );
+ }
+ else
+#endif
+ {
+ mbedtls_printf("Do not know how to print key information for this type\n" );
+ goto exit;
+ }
+ }
+ else if( opt.mode == MODE_PUBLIC )
+ {
+ /*
+ * 1.1. Load the key
+ */
+ mbedtls_printf( "\n . Loading the public key ..." );
+ fflush( stdout );
+
+ ret = mbedtls_pk_parse_public_keyfile( &pk, opt.filename );
+
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ mbedtls_printf( " . Key information ...\n" );
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
+ {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
+ mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL );
+ mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL );
+ }
+ else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
+ {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
+ mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
+ mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
+ mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
+ }
+ else
+#endif
+ {
+ mbedtls_printf("Do not know how to print key information for this type\n" );
+ goto exit;
+ }
+ }
+ else
+ goto usage;
+
+exit:
+
+#if defined(MBEDTLS_ERROR_C)
+ mbedtls_strerror( ret, buf, sizeof(buf) );
+ mbedtls_printf( " ! Last error was: %s\n", buf );
+#endif
+
+ mbedtls_pk_free( &pk );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/key_app_writer.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/key_app_writer.c
new file mode 100644
index 0000000..9d12077
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/key_app_writer.c
@@ -0,0 +1,406 @@
+/*
+ * Key writing application
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/error.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+#define USAGE_OUT \
+ " output_file=%%s default: keyfile.pem\n" \
+ " output_format=pem|der default: pem\n"
+#else
+#define USAGE_OUT \
+ " output_file=%%s default: keyfile.der\n" \
+ " output_format=der default: der\n"
+#endif
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+#define DFL_OUTPUT_FILENAME "keyfile.pem"
+#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM
+#else
+#define DFL_OUTPUT_FILENAME "keyfile.der"
+#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER
+#endif
+
+#define DFL_MODE MODE_NONE
+#define DFL_FILENAME "keyfile.key"
+#define DFL_DEBUG_LEVEL 0
+#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE
+
+#define MODE_NONE 0
+#define MODE_PRIVATE 1
+#define MODE_PUBLIC 2
+
+#define OUTPUT_MODE_NONE 0
+#define OUTPUT_MODE_PRIVATE 1
+#define OUTPUT_MODE_PUBLIC 2
+
+#define OUTPUT_FORMAT_PEM 0
+#define OUTPUT_FORMAT_DER 1
+
+#define USAGE \
+ "\n usage: key_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " mode=private|public default: none\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " output_mode=private|public default: none\n" \
+ USAGE_OUT \
+ "\n"
+
+#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
+ return( 0 );
+}
+#else
+/*
+ * global options
+ */
+struct options
+{
+ int mode; /* the mode to run the application in */
+ const char *filename; /* filename of the key file */
+ int output_mode; /* the output mode to use */
+ const char *output_file; /* where to store the constructed key file */
+ int output_format; /* the output format to use */
+} opt;
+
+static int write_public_key( mbedtls_pk_context *key, const char *output_file )
+{
+ int ret;
+ FILE *f;
+ unsigned char output_buf[16000];
+ unsigned char *c = output_buf;
+ size_t len = 0;
+
+ memset(output_buf, 0, 16000);
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+ if( opt.output_format == OUTPUT_FORMAT_PEM )
+ {
+ if( ( ret = mbedtls_pk_write_pubkey_pem( key, output_buf, 16000 ) ) != 0 )
+ return( ret );
+
+ len = strlen( (char *) output_buf );
+ }
+ else
+#endif
+ {
+ if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf, 16000 ) ) < 0 )
+ return( ret );
+
+ len = ret;
+ c = output_buf + sizeof(output_buf) - len - 1;
+ }
+
+ if( ( f = fopen( output_file, "w" ) ) == NULL )
+ return( -1 );
+
+ if( fwrite( c, 1, len, f ) != len )
+ {
+ fclose( f );
+ return( -1 );
+ }
+
+ fclose( f );
+
+ return( 0 );
+}
+
+static int write_private_key( mbedtls_pk_context *key, const char *output_file )
+{
+ int ret;
+ FILE *f;
+ unsigned char output_buf[16000];
+ unsigned char *c = output_buf;
+ size_t len = 0;
+
+ memset(output_buf, 0, 16000);
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+ if( opt.output_format == OUTPUT_FORMAT_PEM )
+ {
+ if( ( ret = mbedtls_pk_write_key_pem( key, output_buf, 16000 ) ) != 0 )
+ return( ret );
+
+ len = strlen( (char *) output_buf );
+ }
+ else
+#endif
+ {
+ if( ( ret = mbedtls_pk_write_key_der( key, output_buf, 16000 ) ) < 0 )
+ return( ret );
+
+ len = ret;
+ c = output_buf + sizeof(output_buf) - len - 1;
+ }
+
+ if( ( f = fopen( output_file, "w" ) ) == NULL )
+ return( -1 );
+
+ if( fwrite( c, 1, len, f ) != len )
+ {
+ fclose( f );
+ return( -1 );
+ }
+
+ fclose( f );
+
+ return( 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0;
+ mbedtls_pk_context key;
+ char buf[1024];
+ int i;
+ char *p, *q;
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_pk_init( &key );
+ memset( buf, 0, sizeof( buf ) );
+
+ if( argc == 0 )
+ {
+ usage:
+ ret = 1;
+ mbedtls_printf( USAGE );
+ goto exit;
+ }
+
+ opt.mode = DFL_MODE;
+ opt.filename = DFL_FILENAME;
+ opt.output_mode = DFL_OUTPUT_MODE;
+ opt.output_file = DFL_OUTPUT_FILENAME;
+ opt.output_format = DFL_OUTPUT_FORMAT;
+
+ for( i = 1; i < argc; i++ )
+ {
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "mode" ) == 0 )
+ {
+ if( strcmp( q, "private" ) == 0 )
+ opt.mode = MODE_PRIVATE;
+ else if( strcmp( q, "public" ) == 0 )
+ opt.mode = MODE_PUBLIC;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "output_mode" ) == 0 )
+ {
+ if( strcmp( q, "private" ) == 0 )
+ opt.output_mode = OUTPUT_MODE_PRIVATE;
+ else if( strcmp( q, "public" ) == 0 )
+ opt.output_mode = OUTPUT_MODE_PUBLIC;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "output_format" ) == 0 )
+ {
+#if defined(MBEDTLS_PEM_WRITE_C)
+ if( strcmp( q, "pem" ) == 0 )
+ opt.output_format = OUTPUT_FORMAT_PEM;
+ else
+#endif
+ if( strcmp( q, "der" ) == 0 )
+ opt.output_format = OUTPUT_FORMAT_DER;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "filename" ) == 0 )
+ opt.filename = q;
+ else if( strcmp( p, "output_file" ) == 0 )
+ opt.output_file = q;
+ else
+ goto usage;
+ }
+
+ if( opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE )
+ {
+ mbedtls_printf( "\nCannot output a key without reading one.\n");
+ goto exit;
+ }
+
+ if( opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE )
+ {
+ mbedtls_printf( "\nCannot output a private key from a public key.\n");
+ goto exit;
+ }
+
+ if( opt.mode == MODE_PRIVATE )
+ {
+ /*
+ * 1.1. Load the key
+ */
+ mbedtls_printf( "\n . Loading the private key ..." );
+ fflush( stdout );
+
+ ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL );
+
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.2 Print the key
+ */
+ mbedtls_printf( " . Key information ...\n" );
+
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA )
+ {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key );
+ mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL );
+ mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL );
+ mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL );
+ mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL );
+ mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL );
+ mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL );
+ mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL );
+ mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL );
+ }
+ else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
+ {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
+ mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
+ mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
+ mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
+ mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL );
+ }
+ else
+#endif
+ mbedtls_printf("key type not supported yet\n");
+
+ }
+ else if( opt.mode == MODE_PUBLIC )
+ {
+ /*
+ * 1.1. Load the key
+ */
+ mbedtls_printf( "\n . Loading the public key ..." );
+ fflush( stdout );
+
+ ret = mbedtls_pk_parse_public_keyfile( &key, opt.filename );
+
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.2 Print the key
+ */
+ mbedtls_printf( " . Key information ...\n" );
+
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA )
+ {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key );
+ mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL );
+ mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL );
+ }
+ else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
+ {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
+ mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
+ mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
+ mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
+ }
+ else
+#endif
+ mbedtls_printf("key type not supported yet\n");
+ }
+ else
+ goto usage;
+
+ if( opt.output_mode == OUTPUT_MODE_PUBLIC )
+ {
+ write_public_key( &key, opt.output_file );
+ }
+ if( opt.output_mode == OUTPUT_MODE_PRIVATE )
+ {
+ write_private_key( &key, opt.output_file );
+ }
+
+exit:
+
+ if( ret != 0 && ret != 1)
+ {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror( ret, buf, sizeof( buf ) );
+ mbedtls_printf( " - %s\n", buf );
+#else
+ mbedtls_printf("\n");
+#endif
+ }
+
+ mbedtls_pk_free( &key );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/mpi_demo.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/mpi_demo.c
new file mode 100644
index 0000000..afe8957
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/mpi_demo.c
@@ -0,0 +1,109 @@
+/*
+ * Simple MPI demonstration program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/bignum.h"
+
+#include <stdio.h>
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+int main( void )
+{
+ int ret;
+ mbedtls_mpi E, P, Q, N, H, D, X, Y, Z;
+
+ mbedtls_mpi_init( &E ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &N );
+ mbedtls_mpi_init( &H ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
+ mbedtls_mpi_init( &Z );
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P, 10, "2789" ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Q, 10, "3203" ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 10, "257" ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &N, &P, &Q ) );
+
+ mbedtls_printf( "\n Public key:\n\n" );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " N = ", &N, 10, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " E = ", &E, 10, NULL ) );
+
+ mbedtls_printf( "\n Private key:\n\n" );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " P = ", &P, 10, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Q = ", &Q, 10, NULL ) );
+
+#if defined(MBEDTLS_GENPRIME)
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P, &P, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q, &Q, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P, &Q ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &D, &E, &H ) );
+
+ mbedtls_mpi_write_file( " D = E^-1 mod (P-1)*(Q-1) = ",
+ &D, 10, NULL );
+#else
+ mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n");
+#endif
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &X, 10, "55555" ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &Y, &X, &E, &N, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &Z, &Y, &D, &N, NULL ) );
+
+ mbedtls_printf( "\n RSA operation:\n\n" );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " X (plaintext) = ", &X, 10, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Y (ciphertext) = X^E mod N = ", &Y, 10, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Z (decrypted) = Y^D mod N = ", &Z, 10, NULL ) );
+ mbedtls_printf( "\n" );
+
+cleanup:
+ mbedtls_mpi_free( &E ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &N );
+ mbedtls_mpi_free( &H ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
+ mbedtls_mpi_free( &Z );
+
+ if( ret != 0 )
+ {
+ mbedtls_printf( "\nAn error occurred.\n" );
+ ret = 1;
+ }
+
+#if defined(_WIN32)
+ mbedtls_printf( " Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_decrypt.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_decrypt.c
new file mode 100644
index 0000000..32fbc75
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_decrypt.c
@@ -0,0 +1,168 @@
+/*
+ * Public key-based simple decryption program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
+ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int ret, c;
+ size_t i, olen = 0;
+ mbedtls_pk_context pk;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char result[1024];
+ unsigned char buf[512];
+ const char *pers = "mbedtls_pk_decrypt";
+ ((void) argv);
+
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ memset(result, 0, sizeof( result ) );
+ ret = 1;
+
+ if( argc != 2 )
+ {
+ mbedtls_printf( "usage: mbedtls_pk_decrypt <key_file>\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n" );
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
+ fflush( stdout );
+
+ mbedtls_pk_init( &pk );
+
+ if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ /*
+ * Extract the RSA encrypted value from the text file
+ */
+ ret = 1;
+
+ if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
+ {
+ mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
+ goto exit;
+ }
+
+ i = 0;
+
+ while( fscanf( f, "%02X", &c ) > 0 &&
+ i < (int) sizeof( buf ) )
+ buf[i++] = (unsigned char) c;
+
+ fclose( f );
+
+ /*
+ * Decrypt the encrypted RSA data and print the result.
+ */
+ mbedtls_printf( "\n . Decrypting the encrypted data" );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_pk_decrypt( &pk, buf, i, result, &olen, sizeof(result),
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . OK\n\n" );
+
+ mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
+
+ ret = 0;
+
+exit:
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(MBEDTLS_ERROR_C)
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+ mbedtls_printf( " ! Last error was: %s\n", buf );
+ }
+#endif
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_encrypt.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_encrypt.c
new file mode 100644
index 0000000..7ca9d5a
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_encrypt.c
@@ -0,0 +1,168 @@
+/*
+ * RSA simple data encryption program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int ret;
+ size_t i, olen = 0;
+ mbedtls_pk_context pk;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char input[1024];
+ unsigned char buf[512];
+ const char *pers = "mbedtls_pk_encrypt";
+
+ ret = 1;
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ if( argc != 3 )
+ {
+ mbedtls_printf( "usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n" );
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Reading public key from '%s'", argv[1] );
+ fflush( stdout );
+
+ mbedtls_pk_init( &pk );
+
+ if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ if( strlen( argv[2] ) > 100 )
+ {
+ mbedtls_printf( " Input data larger than 100 characters.\n\n" );
+ goto exit;
+ }
+
+ memcpy( input, argv[2], strlen( argv[2] ) );
+
+ /*
+ * Calculate the RSA encryption of the hash.
+ */
+ mbedtls_printf( "\n . Generating the encrypted value" );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_pk_encrypt( &pk, input, strlen( argv[2] ),
+ buf, &olen, sizeof(buf),
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ /*
+ * Write the signature into result-enc.txt
+ */
+ if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
+ goto exit;
+ }
+
+ for( i = 0; i < olen; i++ )
+ mbedtls_fprintf( f, "%02X%s", buf[i],
+ ( i + 1 ) % 16 == 0 ? "\r\n" : " " );
+
+ fclose( f );
+
+ mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
+
+exit:
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(MBEDTLS_ERROR_C)
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+ mbedtls_printf( " ! Last error was: %s\n", buf );
+ }
+#endif
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_sign.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_sign.c
new file mode 100644
index 0000000..daf08a9
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_sign.c
@@ -0,0 +1,175 @@
+/*
+ * Public key-based signature creation program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/md.h"
+#include "mbedtls/pk.h"
+
+#include <stdio.h>
+#include <string.h>
+
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int ret = 1;
+ mbedtls_pk_context pk;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
+ const char *pers = "mbedtls_pk_sign";
+ size_t olen = 0;
+
+ mbedtls_entropy_init( &entropy );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_pk_init( &pk );
+
+ if( argc != 3 )
+ {
+ mbedtls_printf( "usage: mbedtls_pk_sign <key_file> <filename>\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n" );
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Could not open '%s'\n", argv[1] );
+ goto exit;
+ }
+
+ /*
+ * Compute the SHA-256 hash of the input file,
+ * then calculate the signature of the hash.
+ */
+ mbedtls_printf( "\n . Generating the SHA-256 signature" );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_md_file(
+ mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
+ argv[2], hash ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ /*
+ * Write the signature into <filename>.sig
+ */
+ mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
+
+ if( ( f = fopen( filename, "wb+" ) ) == NULL )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
+ goto exit;
+ }
+
+ if( fwrite( buf, 1, olen, f ) != olen )
+ {
+ mbedtls_printf( "failed\n ! fwrite failed\n\n" );
+ fclose( f );
+ goto exit;
+ }
+
+ fclose( f );
+
+ mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+
+exit:
+ mbedtls_pk_free( &pk );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(MBEDTLS_ERROR_C)
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+ mbedtls_printf( " ! Last error was: %s\n", buf );
+ }
+#endif
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+ MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_verify.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_verify.c
new file mode 100644
index 0000000..d35d17f
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/pk_verify.c
@@ -0,0 +1,149 @@
+/*
+ * Public key-based signature verification program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_PK_PARSE_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
+ "MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or "
+ "MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/md.h"
+#include "mbedtls/pk.h"
+
+#include <stdio.h>
+#include <string.h>
+
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int ret = 1;
+ size_t i;
+ mbedtls_pk_context pk;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
+
+ mbedtls_pk_init( &pk );
+
+ if( argc != 3 )
+ {
+ mbedtls_printf( "usage: mbedtls_pk_verify <key_file> <filename>\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n" );
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Reading public key from '%s'", argv[1] );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ /*
+ * Extract the signature from the file
+ */
+ ret = 1;
+ mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
+
+ if( ( f = fopen( filename, "rb" ) ) == NULL )
+ {
+ mbedtls_printf( "\n ! Could not open %s\n\n", filename );
+ goto exit;
+ }
+
+
+ i = fread( buf, 1, sizeof(buf), f );
+
+ fclose( f );
+
+ /*
+ * Compute the SHA-256 hash of the input file and
+ * verify the signature
+ */
+ mbedtls_printf( "\n . Verifying the SHA-256 signature" );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_md_file(
+ mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
+ argv[2], hash ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0,
+ buf, i ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_verify returned -0x%04x\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
+
+ ret = 0;
+
+exit:
+ mbedtls_pk_free( &pk );
+
+#if defined(MBEDTLS_ERROR_C)
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+ mbedtls_printf( " ! Last error was: %s\n", buf );
+ }
+#endif
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C &&
+ MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_decrypt.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_decrypt.c
new file mode 100644
index 0000000..b64e156
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_decrypt.c
@@ -0,0 +1,196 @@
+/*
+ * RSA simple decryption program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
+ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/rsa.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <string.h>
+
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int return_val, exit_val, c;
+ size_t i;
+ mbedtls_rsa_context rsa;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char result[1024];
+ unsigned char buf[512];
+ const char *pers = "rsa_decrypt";
+ ((void) argv);
+
+ memset(result, 0, sizeof( result ) );
+ exit_val = MBEDTLS_EXIT_SUCCESS;
+
+ if( argc != 1 )
+ {
+ mbedtls_printf( "usage: rsa_decrypt\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n" );
+#endif
+
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ }
+
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+
+ return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) );
+ if( return_val != 0 )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
+ return_val );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Reading private key from rsa_priv.txt" );
+ fflush( stdout );
+
+ if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
+ " ! Please run rsa_genkey first\n\n" );
+ goto exit;
+ }
+
+ if( ( return_val = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
+ return_val );
+ fclose( f );
+ goto exit;
+ }
+
+ rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+
+ fclose( f );
+
+ /*
+ * Extract the RSA encrypted value from the text file
+ */
+ if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
+ goto exit;
+ }
+
+ i = 0;
+
+ while( fscanf( f, "%02X", &c ) > 0 &&
+ i < (int) sizeof( buf ) )
+ buf[i++] = (unsigned char) c;
+
+ fclose( f );
+
+ if( i != rsa.len )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
+ goto exit;
+ }
+
+ /*
+ * Decrypt the encrypted RSA data and print the result.
+ */
+ mbedtls_printf( "\n . Decrypting the encrypted data" );
+ fflush( stdout );
+
+ return_val = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random,
+ &ctr_drbg, MBEDTLS_RSA_PRIVATE, &i,
+ buf, result, 1024 );
+ if( return_val != 0 )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
+ return_val );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . OK\n\n" );
+
+ mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
+
+exit:
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+ mbedtls_rsa_free( &rsa );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( exit_val );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
+
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_encrypt.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_encrypt.c
new file mode 100644
index 0000000..b9cb187
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_encrypt.c
@@ -0,0 +1,186 @@
+/*
+ * RSA simple data encryption program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/rsa.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <string.h>
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int return_val, exit_val;
+ size_t i;
+ mbedtls_rsa_context rsa;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char input[1024];
+ unsigned char buf[512];
+ const char *pers = "rsa_encrypt";
+
+ exit_val = MBEDTLS_EXIT_SUCCESS;
+
+ if( argc != 2 )
+ {
+ mbedtls_printf( "usage: rsa_encrypt <string of max 100 characters>\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n" );
+#endif
+
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ }
+
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+
+ return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) );
+ if( return_val != 0 )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
+ return_val );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Reading public key from rsa_pub.txt" );
+ fflush( stdout );
+
+ if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
+ " ! Please run rsa_genkey first\n\n" );
+ goto exit;
+ }
+
+ if( ( return_val = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
+ ( return_val = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
+ return_val );
+ fclose( f );
+ goto exit;
+ }
+
+ rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+
+ fclose( f );
+
+ if( strlen( argv[1] ) > 100 )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " Input data larger than 100 characters.\n\n" );
+ goto exit;
+ }
+
+ memcpy( input, argv[1], strlen( argv[1] ) );
+
+ /*
+ * Calculate the RSA encryption of the hash.
+ */
+ mbedtls_printf( "\n . Generating the RSA encrypted value" );
+ fflush( stdout );
+
+ return_val = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
+ &ctr_drbg, MBEDTLS_RSA_PUBLIC,
+ strlen( argv[1] ), input, buf );
+ if( return_val != 0 )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
+ return_val );
+ goto exit;
+ }
+
+ /*
+ * Write the signature into result-enc.txt
+ */
+ if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
+ {
+ exit_val = MBEDTLS_EXIT_FAILURE;
+ mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
+ goto exit;
+ }
+
+ for( i = 0; i < rsa.len; i++ )
+ mbedtls_fprintf( f, "%02X%s", buf[i],
+ ( i + 1 ) % 16 == 0 ? "\r\n" : " " );
+
+ fclose( f );
+
+ mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
+
+exit:
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+ mbedtls_rsa_free( &rsa );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( exit_val );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_genkey.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_genkey.c
new file mode 100644
index 0000000..e199ad2
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_genkey.c
@@ -0,0 +1,172 @@
+/*
+ * Example RSA key generation program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \
+ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/rsa.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#define KEY_SIZE 2048
+#define EXPONENT 65537
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+int main( void )
+{
+ int ret;
+ mbedtls_rsa_context rsa;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ FILE *fpub = NULL;
+ FILE *fpriv = NULL;
+ const char *pers = "rsa_genkey";
+
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
+ fflush( stdout );
+
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+
+ if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
+ EXPONENT ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n . Exporting the public key in rsa_pub.txt...." );
+ fflush( stdout );
+
+ if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
+ {
+ mbedtls_printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" );
+ ret = 1;
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_mpi_write_file( "N = ", &rsa.N, 16, fpub ) ) != 0 ||
+ ( ret = mbedtls_mpi_write_file( "E = ", &rsa.E, 16, fpub ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n . Exporting the private key in rsa_priv.txt..." );
+ fflush( stdout );
+
+ if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
+ {
+ mbedtls_printf( " failed\n ! could not open rsa_priv.txt for writing\n" );
+ ret = 1;
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_mpi_write_file( "N = " , &rsa.N , 16, fpriv ) ) != 0 ||
+ ( ret = mbedtls_mpi_write_file( "E = " , &rsa.E , 16, fpriv ) ) != 0 ||
+ ( ret = mbedtls_mpi_write_file( "D = " , &rsa.D , 16, fpriv ) ) != 0 ||
+ ( ret = mbedtls_mpi_write_file( "P = " , &rsa.P , 16, fpriv ) ) != 0 ||
+ ( ret = mbedtls_mpi_write_file( "Q = " , &rsa.Q , 16, fpriv ) ) != 0 ||
+ ( ret = mbedtls_mpi_write_file( "DP = ", &rsa.DP, 16, fpriv ) ) != 0 ||
+ ( ret = mbedtls_mpi_write_file( "DQ = ", &rsa.DQ, 16, fpriv ) ) != 0 ||
+ ( ret = mbedtls_mpi_write_file( "QP = ", &rsa.QP, 16, fpriv ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
+ goto exit;
+ }
+/*
+ mbedtls_printf( " ok\n . Generating the certificate..." );
+
+ x509write_init_raw( &cert );
+ x509write_add_pubkey( &cert, &rsa );
+ x509write_add_subject( &cert, "CN='localhost'" );
+ x509write_add_validity( &cert, "2007-09-06 17:00:32",
+ "2010-09-06 17:00:32" );
+ x509write_create_selfsign( &cert, &rsa );
+ x509write_crtfile( &cert, "cert.der", X509_OUTPUT_DER );
+ x509write_crtfile( &cert, "cert.pem", X509_OUTPUT_PEM );
+ x509write_free_raw( &cert );
+*/
+ mbedtls_printf( " ok\n\n" );
+
+exit:
+
+ if( fpub != NULL )
+ fclose( fpub );
+
+ if( fpriv != NULL )
+ fclose( fpriv );
+
+ mbedtls_rsa_free( &rsa );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
+ MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_priv.txt b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_priv.txt
new file mode 100644
index 0000000..254fcf8
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_priv.txt
@@ -0,0 +1,8 @@
+N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
+E = 010001
+D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401
+P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1
+Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261
+DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1
+DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081
+QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_pub.txt b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_pub.txt
new file mode 100644
index 0000000..1e7ae0c
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_pub.txt
@@ -0,0 +1,2 @@
+N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
+E = 010001
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_sign.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_sign.c
new file mode 100644
index 0000000..affbf7a
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_sign.c
@@ -0,0 +1,170 @@
+/*
+ * RSA/SHA-256 signature creation program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_snprintf snprintf
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_MD_C and/or "
+ "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/rsa.h"
+#include "mbedtls/md.h"
+
+#include <stdio.h>
+#include <string.h>
+
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int ret;
+ size_t i;
+ mbedtls_rsa_context rsa;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
+
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ ret = 1;
+
+ if( argc != 2 )
+ {
+ mbedtls_printf( "usage: rsa_sign <filename>\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n" );
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Reading private key from rsa_priv.txt" );
+ fflush( stdout );
+
+ if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
+ " ! Please run rsa_genkey first\n\n" );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
+ fclose( f );
+ goto exit;
+ }
+
+ rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+
+ fclose( f );
+
+ mbedtls_printf( "\n . Checking the private key" );
+ fflush( stdout );
+ if( ( ret = mbedtls_rsa_check_privkey( &rsa ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", -ret );
+ goto exit;
+ }
+
+ /*
+ * Compute the SHA-256 hash of the input file,
+ * then calculate the RSA signature of the hash.
+ */
+ mbedtls_printf( "\n . Generating the RSA/SHA-256 signature" );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_md_file(
+ mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
+ argv[1], hash ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
+ 20, hash, buf ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", -ret );
+ goto exit;
+ }
+
+ /*
+ * Write the signature into <filename>.sig
+ */
+ mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
+
+ if( ( f = fopen( filename, "wb+" ) ) == NULL )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
+ goto exit;
+ }
+
+ for( i = 0; i < rsa.len; i++ )
+ mbedtls_fprintf( f, "%02X%s", buf[i],
+ ( i + 1 ) % 16 == 0 ? "\r\n" : " " );
+
+ fclose( f );
+
+ mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+
+exit:
+
+ mbedtls_rsa_free( &rsa );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
+ MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_sign_pss.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_sign_pss.c
new file mode 100644
index 0000000..7b6f14d
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_sign_pss.c
@@ -0,0 +1,178 @@
+/*
+ * RSASSA-PSS/SHA-256 signature creation program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/md.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/md.h"
+#include "mbedtls/x509.h"
+
+#include <stdio.h>
+#include <string.h>
+
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int ret = 1;
+ mbedtls_pk_context pk;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
+ const char *pers = "rsa_sign_pss";
+ size_t olen = 0;
+
+ mbedtls_entropy_init( &entropy );
+ mbedtls_pk_init( &pk );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ if( argc != 3 )
+ {
+ mbedtls_printf( "usage: rsa_sign_pss <key_file> <filename>\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n" );
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
+ mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Key is not an RSA key\n" );
+ goto exit;
+ }
+
+ mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
+
+ /*
+ * Compute the SHA-256 hash of the input file,
+ * then calculate the RSA signature of the hash.
+ */
+ mbedtls_printf( "\n . Generating the RSA/SHA-256 signature" );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_md_file(
+ mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
+ argv[2], hash ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_sign returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /*
+ * Write the signature into <filename>.sig
+ */
+ mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
+
+ if( ( f = fopen( filename, "wb+" ) ) == NULL )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
+ goto exit;
+ }
+
+ if( fwrite( buf, 1, olen, f ) != olen )
+ {
+ mbedtls_printf( "failed\n ! fwrite failed\n\n" );
+ fclose( f );
+ goto exit;
+ }
+
+ fclose( f );
+
+ mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
+
+exit:
+ mbedtls_pk_free( &pk );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
+ MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+ MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_verify.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_verify.c
new file mode 100644
index 0000000..1f827aa
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_verify.c
@@ -0,0 +1,163 @@
+/*
+ * RSA/SHA-256 signature verification program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#define mbedtls_snprintf snprintf
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_MD_C and/or "
+ "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/rsa.h"
+#include "mbedtls/md.h"
+
+#include <stdio.h>
+#include <string.h>
+
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int ret, c;
+ size_t i;
+ mbedtls_rsa_context rsa;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
+
+ mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ ret = 1;
+
+ if( argc != 2 )
+ {
+ mbedtls_printf( "usage: rsa_verify <filename>\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n" );
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Reading public key from rsa_pub.txt" );
+ fflush( stdout );
+
+ if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
+ {
+ mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
+ " ! Please run rsa_genkey first\n\n" );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
+ fclose( f );
+ goto exit;
+ }
+
+ rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+
+ fclose( f );
+
+ /*
+ * Extract the RSA signature from the text file
+ */
+ ret = 1;
+ mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
+
+ if( ( f = fopen( filename, "rb" ) ) == NULL )
+ {
+ mbedtls_printf( "\n ! Could not open %s\n\n", filename );
+ goto exit;
+ }
+
+ i = 0;
+ while( fscanf( f, "%02X", &c ) > 0 &&
+ i < (int) sizeof( buf ) )
+ buf[i++] = (unsigned char) c;
+
+ fclose( f );
+
+ if( i != rsa.len )
+ {
+ mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
+ goto exit;
+ }
+
+ /*
+ * Compute the SHA-256 hash of the input file and
+ * verify the signature
+ */
+ mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_md_file(
+ mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
+ argv[1], hash ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
+ MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
+
+ ret = 0;
+
+exit:
+
+ mbedtls_rsa_free( &rsa );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
+ MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_verify_pss.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_verify_pss.c
new file mode 100644
index 0000000..31b720f
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/pkey/rsa_verify_pss.c
@@ -0,0 +1,155 @@
+/*
+ * RSASSA-PSS/SHA-256 signature verification program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_snprintf snprintf
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/md.h"
+#include "mbedtls/pem.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/md.h"
+#include "mbedtls/x509.h"
+
+#include <stdio.h>
+#include <string.h>
+
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int ret = 1;
+ size_t i;
+ mbedtls_pk_context pk;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
+
+ mbedtls_pk_init( &pk );
+
+ if( argc != 3 )
+ {
+ mbedtls_printf( "usage: rsa_verify_pss <key_file> <filename>\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( "\n" );
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . Reading public key from '%s'", argv[1] );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
+ mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
+ {
+ ret = 1;
+ mbedtls_printf( " failed\n ! Key is not an RSA key\n" );
+ goto exit;
+ }
+
+ mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
+
+ /*
+ * Extract the RSA signature from the file
+ */
+ ret = 1;
+ mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
+
+ if( ( f = fopen( filename, "rb" ) ) == NULL )
+ {
+ mbedtls_printf( "\n ! Could not open %s\n\n", filename );
+ goto exit;
+ }
+
+
+ i = fread( buf, 1, MBEDTLS_MPI_MAX_SIZE, f );
+
+ fclose( f );
+
+ /*
+ * Compute the SHA-256 hash of the input file and
+ * verify the signature
+ */
+ mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_md_file(
+ mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
+ argv[2], hash ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0,
+ buf, i ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_verify returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
+
+ ret = 0;
+
+exit:
+ mbedtls_pk_free( &pk );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
+ MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/CMakeLists.txt b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/CMakeLists.txt
new file mode 100644
index 0000000..30933d8
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/CMakeLists.txt
@@ -0,0 +1,12 @@
+add_executable(gen_random_havege gen_random_havege.c)
+target_link_libraries(gen_random_havege mbedtls)
+
+add_executable(gen_random_ctr_drbg gen_random_ctr_drbg.c)
+target_link_libraries(gen_random_ctr_drbg mbedtls)
+
+add_executable(gen_entropy gen_entropy.c)
+target_link_libraries(gen_entropy mbedtls)
+
+install(TARGETS gen_random_havege gen_random_ctr_drbg gen_entropy
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_entropy.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_entropy.c
new file mode 100644
index 0000000..792d381
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_entropy.c
@@ -0,0 +1,96 @@
+/**
+ * \brief Use and generate multiple entropies calls into a file
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/entropy.h"
+
+#include <stdio.h>
+#endif
+
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int i, k, ret;
+ mbedtls_entropy_context entropy;
+ unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
+
+ if( argc < 2 )
+ {
+ mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
+ return( 1 );
+ }
+
+ if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
+ {
+ mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
+ return( 1 );
+ }
+
+ mbedtls_entropy_init( &entropy );
+
+ for( i = 0, k = 768; i < k; i++ )
+ {
+ ret = mbedtls_entropy_func( &entropy, buf, sizeof( buf ) );
+ if( ret != 0 )
+ {
+ mbedtls_printf("failed!\n");
+ goto cleanup;
+ }
+
+ fwrite( buf, 1, sizeof( buf ), f );
+
+ mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
+ "%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
+ fflush( stdout );
+ }
+
+ ret = 0;
+
+cleanup:
+ mbedtls_printf( "\n" );
+
+ fclose( f );
+ mbedtls_entropy_free( &entropy );
+
+ return( ret );
+}
+#endif /* MBEDTLS_ENTROPY_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_random_ctr_drbg.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_random_ctr_drbg.c
new file mode 100644
index 0000000..c76f99d
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_random_ctr_drbg.c
@@ -0,0 +1,130 @@
+/**
+ * \brief Use and generate random data into a file via the CTR_DBRG based on AES
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_FS_IO)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ int i, k, ret;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ unsigned char buf[1024];
+
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ if( argc < 2 )
+ {
+ mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
+ return( 1 );
+ }
+
+ if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
+ {
+ mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
+ return( 1 );
+ }
+
+ mbedtls_entropy_init( &entropy );
+ ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) "RANDOM_GEN", 10 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( "failed in mbedtls_ctr_drbg_seed: %d\n", ret );
+ goto cleanup;
+ }
+ mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF );
+
+#if defined(MBEDTLS_FS_IO)
+ ret = mbedtls_ctr_drbg_update_seed_file( &ctr_drbg, "seedfile" );
+
+ if( ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR )
+ {
+ mbedtls_printf( "Failed to open seedfile. Generating one.\n" );
+ ret = mbedtls_ctr_drbg_write_seed_file( &ctr_drbg, "seedfile" );
+ if( ret != 0 )
+ {
+ mbedtls_printf( "failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret );
+ goto cleanup;
+ }
+ }
+ else if( ret != 0 )
+ {
+ mbedtls_printf( "failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret );
+ goto cleanup;
+ }
+#endif
+
+ for( i = 0, k = 768; i < k; i++ )
+ {
+ ret = mbedtls_ctr_drbg_random( &ctr_drbg, buf, sizeof( buf ) );
+ if( ret != 0 )
+ {
+ mbedtls_printf("failed!\n");
+ goto cleanup;
+ }
+
+ fwrite( buf, 1, sizeof( buf ), f );
+
+ mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
+ "%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
+ fflush( stdout );
+ }
+
+ ret = 0;
+
+cleanup:
+ mbedtls_printf("\n");
+
+ fclose( f );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+ return( ret );
+}
+#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_random_havege.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_random_havege.c
new file mode 100644
index 0000000..6c31462
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/random/gen_random_havege.c
@@ -0,0 +1,101 @@
+/**
+ * \brief Generate random data into a file
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/havege.h"
+
+#include <stdio.h>
+#include <time.h>
+#endif
+
+#if !defined(MBEDTLS_HAVEGE_C) || !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_HAVEGE_C not defined.\n");
+ return( 0 );
+}
+#else
+int main( int argc, char *argv[] )
+{
+ FILE *f;
+ time_t t;
+ int i, k, ret = 0;
+ mbedtls_havege_state hs;
+ unsigned char buf[1024];
+
+ if( argc < 2 )
+ {
+ mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
+ return( 1 );
+ }
+
+ if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
+ {
+ mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
+ return( 1 );
+ }
+
+ mbedtls_havege_init( &hs );
+
+ t = time( NULL );
+
+ for( i = 0, k = 768; i < k; i++ )
+ {
+ if( mbedtls_havege_random( &hs, buf, sizeof( buf ) ) != 0 )
+ {
+ mbedtls_printf( "Failed to get random from source.\n" );
+
+ ret = 1;
+ goto exit;
+ }
+
+ fwrite( buf, sizeof( buf ), 1, f );
+
+ mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
+ "%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
+ fflush( stdout );
+ }
+
+ if( t == time( NULL ) )
+ t--;
+
+ mbedtls_printf(" \n ");
+
+exit:
+ mbedtls_havege_free( &hs );
+ fclose( f );
+ return( ret );
+}
+#endif /* MBEDTLS_HAVEGE_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/CMakeLists.txt b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/CMakeLists.txt
new file mode 100644
index 0000000..1e65633
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/CMakeLists.txt
@@ -0,0 +1,62 @@
+set(THREADS_USE_PTHREADS_WIN32 true)
+find_package(Threads)
+
+set(libs
+ mbedtls
+)
+
+set(targets
+ dtls_client
+ dtls_server
+ ssl_client1
+ ssl_client2
+ ssl_server
+ ssl_fork_server
+ ssl_mail_client
+ mini_client
+)
+
+if(USE_PKCS11_HELPER_LIBRARY)
+ set(libs ${libs} pkcs11-helper)
+endif(USE_PKCS11_HELPER_LIBRARY)
+
+if(ENABLE_ZLIB_SUPPORT)
+ set(libs ${libs} ${ZLIB_LIBRARIES})
+endif(ENABLE_ZLIB_SUPPORT)
+
+add_executable(dtls_client dtls_client.c)
+target_link_libraries(dtls_client ${libs})
+
+add_executable(dtls_server dtls_server.c)
+target_link_libraries(dtls_server ${libs})
+
+add_executable(ssl_client1 ssl_client1.c)
+target_link_libraries(ssl_client1 ${libs})
+
+add_executable(ssl_client2 ssl_client2.c)
+target_link_libraries(ssl_client2 ${libs})
+
+add_executable(ssl_server ssl_server.c)
+target_link_libraries(ssl_server ${libs})
+
+add_executable(ssl_server2 ssl_server2.c)
+target_link_libraries(ssl_server2 ${libs})
+
+add_executable(ssl_fork_server ssl_fork_server.c)
+target_link_libraries(ssl_fork_server ${libs})
+
+add_executable(ssl_mail_client ssl_mail_client.c)
+target_link_libraries(ssl_mail_client ${libs})
+
+add_executable(mini_client mini_client.c)
+target_link_libraries(mini_client ${libs})
+
+if(THREADS_FOUND)
+ add_executable(ssl_pthread_server ssl_pthread_server.c)
+ target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT})
+ set(targets ${targets} ssl_pthread_server)
+endif(THREADS_FOUND)
+
+install(TARGETS ${targets}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/dtls_client.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/dtls_client.c
new file mode 100644
index 0000000..e18ee42
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/dtls_client.c
@@ -0,0 +1,350 @@
+/*
+ * Simple DTLS client demonstration program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#define mbedtls_fprintf fprintf
+#endif
+
+#if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C)
+int main( void )
+{
+ mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
+ return( 0 );
+}
+#else
+
+#include <string.h>
+
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/timing.h"
+
+#define SERVER_PORT "4433"
+#define SERVER_NAME "localhost"
+#define SERVER_ADDR "127.0.0.1" /* forces IPv4 */
+#define MESSAGE "Echo this"
+
+#define READ_TIMEOUT_MS 1000
+#define MAX_RETRY 5
+
+#define DEBUG_LEVEL 0
+
+static void my_debug( void *ctx, int level,
+ const char *file, int line,
+ const char *str )
+{
+ ((void) level);
+
+ mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
+ fflush( (FILE *) ctx );
+}
+
+int main( int argc, char *argv[] )
+{
+ int ret, len;
+ mbedtls_net_context server_fd;
+ uint32_t flags;
+ unsigned char buf[1024];
+ const char *pers = "dtls_client";
+ int retry_left = MAX_RETRY;
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt cacert;
+ mbedtls_timing_delay_context timer;
+
+ ((void) argc);
+ ((void) argv);
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold( DEBUG_LEVEL );
+#endif
+
+ /*
+ * 0. Initialize the RNG and the session data
+ */
+ mbedtls_net_init( &server_fd );
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_x509_crt_init( &cacert );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 0. Load certificates
+ */
+ mbedtls_printf( " . Loading the CA root certificate ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len );
+ if( ret < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok (%d skipped)\n", ret );
+
+ /*
+ * 1. Start the connection
+ */
+ mbedtls_printf( " . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_connect( &server_fd, SERVER_ADDR,
+ SERVER_PORT, MBEDTLS_NET_PROTO_UDP ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 2. Setup stuff
+ */
+ mbedtls_printf( " . Setting up the DTLS structure..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /* OPTIONAL is usually a bad choice for security, but makes interop easier
+ * in this simplified example, in which the ca chain is hardcoded.
+ * Production code should set a proper ca chain and use REQUIRED. */
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+
+ if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio( &ssl, &server_fd,
+ mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
+
+ mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay );
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 4. Handshake
+ */
+ mbedtls_printf( " . Performing the SSL/TLS handshake..." );
+ fflush( stdout );
+
+ do ret = mbedtls_ssl_handshake( &ssl );
+ while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 5. Verify the server certificate
+ */
+ mbedtls_printf( " . Verifying peer X.509 certificate..." );
+
+ /* In real life, we would have used MBEDTLS_SSL_VERIFY_REQUIRED so that the
+ * handshake would not succeed if the peer's cert is bad. Even if we used
+ * MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
+ if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
+ {
+ char vrfy_buf[512];
+
+ mbedtls_printf( " failed\n" );
+
+ mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+
+ mbedtls_printf( "%s\n", vrfy_buf );
+ }
+ else
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 6. Write the echo request
+ */
+send_request:
+ mbedtls_printf( " > Write to server:" );
+ fflush( stdout );
+
+ len = sizeof( MESSAGE ) - 1;
+
+ do ret = mbedtls_ssl_write( &ssl, (unsigned char *) MESSAGE, len );
+ while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+ if( ret < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ goto exit;
+ }
+
+ len = ret;
+ mbedtls_printf( " %d bytes written\n\n%s\n\n", len, MESSAGE );
+
+ /*
+ * 7. Read the echo response
+ */
+ mbedtls_printf( " < Read from server:" );
+ fflush( stdout );
+
+ len = sizeof( buf ) - 1;
+ memset( buf, 0, sizeof( buf ) );
+
+ do ret = mbedtls_ssl_read( &ssl, buf, len );
+ while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+ if( ret <= 0 )
+ {
+ switch( ret )
+ {
+ case MBEDTLS_ERR_SSL_TIMEOUT:
+ mbedtls_printf( " timeout\n\n" );
+ if( retry_left-- > 0 )
+ goto send_request;
+ goto exit;
+
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf( " connection was closed gracefully\n" );
+ ret = 0;
+ goto close_notify;
+
+ default:
+ mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ }
+
+ len = ret;
+ mbedtls_printf( " %d bytes read\n\n%s\n\n", len, buf );
+
+ /*
+ * 8. Done, cleanly close the connection
+ */
+close_notify:
+ mbedtls_printf( " . Closing the connection..." );
+
+ /* No error checking, the connection might be closed already */
+ do ret = mbedtls_ssl_close_notify( &ssl );
+ while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ ret = 0;
+
+ mbedtls_printf( " done\n" );
+
+ /*
+ * 9. Final clean-ups and exit
+ */
+exit:
+
+#ifdef MBEDTLS_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ mbedtls_strerror( ret, error_buf, 100 );
+ mbedtls_printf( "Last error was: %d - %s\n\n", ret, error_buf );
+ }
+#endif
+
+ mbedtls_net_free( &server_fd );
+
+ mbedtls_x509_crt_free( &cacert );
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ /* Shell can not handle large exit numbers -> 1 for errors */
+ if( ret < 0 )
+ ret = 1;
+
+ return( ret );
+}
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
+ MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+ MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_CERTS_C &&
+ MBEDTLS_PEM_PARSE_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/dtls_server.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/dtls_server.c
new file mode 100644
index 0000000..9d0dda4
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/dtls_server.c
@@ -0,0 +1,425 @@
+/*
+ * Simple DTLS server demonstration program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#define mbedtls_fprintf fprintf
+#define mbedtls_time_t time_t
+#endif
+
+#if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
+ !defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
+ !defined(MBEDTLS_TIMING_C)
+
+int main( void )
+{
+ printf( "MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
+ "MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
+ "MBEDTLS_TIMING_C not defined.\n" );
+ return( 0 );
+}
+#else
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_cookie.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/timing.h"
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+#include "mbedtls/ssl_cache.h"
+#endif
+
+#define READ_TIMEOUT_MS 10000 /* 5 seconds */
+#define DEBUG_LEVEL 0
+
+static void my_debug( void *ctx, int level,
+ const char *file, int line,
+ const char *str )
+{
+ ((void) level);
+
+ mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
+ fflush( (FILE *) ctx );
+}
+
+int main( void )
+{
+ int ret, len;
+ mbedtls_net_context listen_fd, client_fd;
+ unsigned char buf[1024];
+ const char *pers = "dtls_server";
+ unsigned char client_ip[16] = { 0 };
+ size_t cliip_len;
+ mbedtls_ssl_cookie_ctx cookie_ctx;
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt srvcert;
+ mbedtls_pk_context pkey;
+ mbedtls_timing_delay_context timer;
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_context cache;
+#endif
+
+ mbedtls_net_init( &listen_fd );
+ mbedtls_net_init( &client_fd );
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ssl_cookie_init( &cookie_ctx );
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_init( &cache );
+#endif
+ mbedtls_x509_crt_init( &srvcert );
+ mbedtls_pk_init( &pkey );
+ mbedtls_entropy_init( &entropy );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold( DEBUG_LEVEL );
+#endif
+
+ /*
+ * 1. Load the certificates and private RSA key
+ */
+ printf( "\n . Loading the server cert. and key..." );
+ fflush( stdout );
+
+ /*
+ * This demonstration program uses embedded test certificates.
+ * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
+ * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
+ */
+ ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len );
+ if( ret != 0 )
+ {
+ printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len );
+ if( ret != 0 )
+ {
+ printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0 );
+ if( ret != 0 )
+ {
+ printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
+ goto exit;
+ }
+
+ printf( " ok\n" );
+
+ /*
+ * 2. Setup the "listening" UDP socket
+ */
+ printf( " . Bind on udp/*/4433 ..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
+ {
+ printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
+ goto exit;
+ }
+
+ printf( " ok\n" );
+
+ /*
+ * 3. Seed the RNG
+ */
+ printf( " . Seeding the random number generator..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ printf( " ok\n" );
+
+ /*
+ * 4. Setup stuff
+ */
+ printf( " . Setting up the DTLS data..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_conf_session_cache( &conf, &cache,
+ mbedtls_ssl_cache_get,
+ mbedtls_ssl_cache_set );
+#endif
+
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
+ {
+ printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+ &cookie_ctx );
+
+ if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ {
+ printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay );
+
+ printf( " ok\n" );
+
+reset:
+#ifdef MBEDTLS_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ mbedtls_strerror( ret, error_buf, 100 );
+ printf("Last error was: %d - %s\n\n", ret, error_buf );
+ }
+#endif
+
+ mbedtls_net_free( &client_fd );
+
+ mbedtls_ssl_session_reset( &ssl );
+
+ /*
+ * 3. Wait until a client connects
+ */
+ printf( " . Waiting for a remote connection ..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
+ client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
+ {
+ printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /* For HelloVerifyRequest cookies */
+ if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
+ client_ip, cliip_len ) ) != 0 )
+ {
+ printf( " failed\n ! "
+ "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio( &ssl, &client_fd,
+ mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
+
+ printf( " ok\n" );
+
+ /*
+ * 5. Handshake
+ */
+ printf( " . Performing the DTLS handshake..." );
+ fflush( stdout );
+
+ do ret = mbedtls_ssl_handshake( &ssl );
+ while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+ if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
+ {
+ printf( " hello verification requested\n" );
+ ret = 0;
+ goto reset;
+ }
+ else if( ret != 0 )
+ {
+ printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
+ goto reset;
+ }
+
+ printf( " ok\n" );
+
+ /*
+ * 6. Read the echo Request
+ */
+ printf( " < Read from client:" );
+ fflush( stdout );
+
+ len = sizeof( buf ) - 1;
+ memset( buf, 0, sizeof( buf ) );
+
+ do ret = mbedtls_ssl_read( &ssl, buf, len );
+ while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+ if( ret <= 0 )
+ {
+ switch( ret )
+ {
+ case MBEDTLS_ERR_SSL_TIMEOUT:
+ printf( " timeout\n\n" );
+ goto reset;
+
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ printf( " connection was closed gracefully\n" );
+ ret = 0;
+ goto close_notify;
+
+ default:
+ printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret );
+ goto reset;
+ }
+ }
+
+ len = ret;
+ printf( " %d bytes read\n\n%s\n\n", len, buf );
+
+ /*
+ * 7. Write the 200 Response
+ */
+ printf( " > Write to client:" );
+ fflush( stdout );
+
+ do ret = mbedtls_ssl_write( &ssl, buf, len );
+ while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+ if( ret < 0 )
+ {
+ printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ goto exit;
+ }
+
+ len = ret;
+ printf( " %d bytes written\n\n%s\n\n", len, buf );
+
+ /*
+ * 8. Done, cleanly close the connection
+ */
+close_notify:
+ printf( " . Closing the connection..." );
+
+ /* No error checking, the connection might be closed already */
+ do ret = mbedtls_ssl_close_notify( &ssl );
+ while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ ret = 0;
+
+ printf( " done\n" );
+
+ goto reset;
+
+ /*
+ * Final clean-ups and exit
+ */
+exit:
+
+#ifdef MBEDTLS_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ mbedtls_strerror( ret, error_buf, 100 );
+ printf( "Last error was: %d - %s\n\n", ret, error_buf );
+ }
+#endif
+
+ mbedtls_net_free( &client_fd );
+ mbedtls_net_free( &listen_fd );
+
+ mbedtls_x509_crt_free( &srvcert );
+ mbedtls_pk_free( &pkey );
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_cookie_free( &cookie_ctx );
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_free( &cache );
+#endif
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ printf( " Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ /* Shell can not handle large exit numbers -> 1 for errors */
+ if( ret < 0 )
+ ret = 1;
+
+ return( ret );
+}
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
+ MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
+ && MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/mini_client.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/mini_client.c
new file mode 100644
index 0000000..290455e
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/mini_client.c
@@ -0,0 +1,302 @@
+/*
+ * Minimal SSL client, used for memory measurements.
+ * (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h)
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+/*
+ * We're creating and connecting the socket "manually" rather than using the
+ * NET module, in order to avoid the overhead of getaddrinfo() which tends to
+ * dominate memory usage in small configurations. For the sake of simplicity,
+ * only a Unix version is implemented.
+ *
+ * Warning: we are breaking some of the abtractions from the NET layer here.
+ * This is not a good example for general use. This programs has the specific
+ * goal of minimizing use of the libc functions on full-blown OSes.
+ */
+#if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__)
+#define UNIX
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(UNIX)
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+int main( void )
+{
+ mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
+ "not defined.\n");
+ return( 0 );
+}
+#else
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#endif
+
+#include <string.h>
+
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+/*
+ * Hardcoded values for server host and port
+ */
+#define PORT_BE 0x1151 /* 4433 */
+#define PORT_LE 0x5111
+#define ADDR_BE 0x7f000001 /* 127.0.0.1 */
+#define ADDR_LE 0x0100007f
+#define HOSTNAME "localhost" /* for cert verification if enabled */
+
+#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
+
+const char *pers = "mini_client";
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+const unsigned char psk[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/* This is tests/data_files/test-ca2.crt, a CA using EC secp384r1 */
+const unsigned char ca_cert[] = {
+ 0x30, 0x82, 0x02, 0x52, 0x30, 0x82, 0x01, 0xd7, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8,
+ 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
+ 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c,
+ 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c,
+ 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45,
+ 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x30, 0x39,
+ 0x32, 0x34, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a, 0x17, 0x0d, 0x32,
+ 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a,
+ 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c,
+ 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c,
+ 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45,
+ 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22,
+ 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f,
+ 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e,
+ 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95,
+ 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95,
+ 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a,
+ 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2,
+ 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47,
+ 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66,
+ 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x81, 0xa0, 0x30, 0x81, 0x9d, 0x30, 0x1d,
+ 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, 0x6d, 0x20,
+ 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24,
+ 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23,
+ 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01,
+ 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb,
+ 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30,
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61,
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04,
+ 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20,
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09,
+ 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0c, 0x06,
+ 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
+ 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03,
+ 0x69, 0x00, 0x30, 0x66, 0x02, 0x31, 0x00, 0xc3, 0xb4, 0x62, 0x73, 0x56,
+ 0x28, 0x95, 0x00, 0x7d, 0x78, 0x12, 0x26, 0xd2, 0x71, 0x7b, 0x19, 0xf8,
+ 0x8a, 0x98, 0x3e, 0x92, 0xfe, 0x33, 0x9e, 0xe4, 0x79, 0xd2, 0xfe, 0x7a,
+ 0xb7, 0x87, 0x74, 0x3c, 0x2b, 0xb8, 0xd7, 0x69, 0x94, 0x0b, 0xa3, 0x67,
+ 0x77, 0xb8, 0xb3, 0xbe, 0xd1, 0x36, 0x32, 0x02, 0x31, 0x00, 0xfd, 0x67,
+ 0x9c, 0x94, 0x23, 0x67, 0xc0, 0x56, 0xba, 0x4b, 0x33, 0x15, 0x00, 0xc6,
+ 0xe3, 0xcc, 0x31, 0x08, 0x2c, 0x9c, 0x8b, 0xda, 0xa9, 0x75, 0x23, 0x2f,
+ 0xb8, 0x28, 0xe7, 0xf2, 0x9c, 0x14, 0x3a, 0x40, 0x01, 0x5c, 0xaf, 0x0c,
+ 0xb2, 0xcf, 0x74, 0x7f, 0x30, 0x9f, 0x08, 0x43, 0xad, 0x20,
+};
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+enum exit_codes
+{
+ exit_ok = 0,
+ ctr_drbg_seed_failed,
+ ssl_config_defaults_failed,
+ ssl_setup_failed,
+ hostname_failed,
+ socket_failed,
+ connect_failed,
+ x509_crt_parse_failed,
+ ssl_handshake_failed,
+ ssl_write_failed,
+};
+
+int main( void )
+{
+ int ret = exit_ok;
+ mbedtls_net_context server_fd;
+ struct sockaddr_in addr;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt ca;
+#endif
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ /*
+ * 0. Initialize and setup stuff
+ */
+ mbedtls_net_init( &server_fd );
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_init( &ca );
+#endif
+
+ mbedtls_entropy_init( &entropy );
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ {
+ ret = ctr_drbg_seed_failed;
+ goto exit;
+ }
+
+ if( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ {
+ ret = ssl_config_defaults_failed;
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
+ (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( mbedtls_x509_crt_parse_der( &ca, ca_cert, sizeof( ca_cert ) ) != 0 )
+ {
+ ret = x509_crt_parse_failed;
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_ca_chain( &conf, &ca, NULL );
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
+#endif
+
+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ {
+ ret = ssl_setup_failed;
+ goto exit;
+ }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( mbedtls_ssl_set_hostname( &ssl, HOSTNAME ) != 0 )
+ {
+ ret = hostname_failed;
+ goto exit;
+ }
+#endif
+
+ /*
+ * 1. Start the connection
+ */
+ memset( &addr, 0, sizeof( addr ) );
+ addr.sin_family = AF_INET;
+
+ ret = 1; /* for endianness detection */
+ addr.sin_port = *((char *) &ret) == ret ? PORT_LE : PORT_BE;
+ addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
+ ret = 0;
+
+ if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
+ {
+ ret = socket_failed;
+ goto exit;
+ }
+
+ if( connect( server_fd.fd,
+ (const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
+ {
+ ret = connect_failed;
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+
+ if( mbedtls_ssl_handshake( &ssl ) != 0 )
+ {
+ ret = ssl_handshake_failed;
+ goto exit;
+ }
+
+ /*
+ * 2. Write the GET request and close the connection
+ */
+ if( mbedtls_ssl_write( &ssl, (const unsigned char *) GET_REQUEST,
+ sizeof( GET_REQUEST ) - 1 ) <= 0 )
+ {
+ ret = ssl_write_failed;
+ goto exit;
+ }
+
+ mbedtls_ssl_close_notify( &ssl );
+
+exit:
+ mbedtls_net_free( &server_fd );
+
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_free( &ca );
+#endif
+
+ return( ret );
+}
+#endif
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_client1.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_client1.c
new file mode 100644
index 0000000..fa70431
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_client1.c
@@ -0,0 +1,313 @@
+/*
+ * SSL client demonstration program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "mbedtls/certs.h"
+
+#include <string.h>
+
+#define SERVER_PORT "4433"
+#define SERVER_NAME "localhost"
+#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
+
+#define DEBUG_LEVEL 1
+
+static void my_debug( void *ctx, int level,
+ const char *file, int line,
+ const char *str )
+{
+ ((void) level);
+
+ mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
+ fflush( (FILE *) ctx );
+}
+
+int main( void )
+{
+ int ret, len;
+ mbedtls_net_context server_fd;
+ uint32_t flags;
+ unsigned char buf[1024];
+ const char *pers = "ssl_client1";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt cacert;
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold( DEBUG_LEVEL );
+#endif
+
+ /*
+ * 0. Initialize the RNG and the session data
+ */
+ mbedtls_net_init( &server_fd );
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_x509_crt_init( &cacert );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 0. Initialize certificates
+ */
+ mbedtls_printf( " . Loading the CA root certificate ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len );
+ if( ret < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok (%d skipped)\n", ret );
+
+ /*
+ * 1. Start the connection
+ */
+ mbedtls_printf( " . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
+ SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 2. Setup stuff
+ */
+ mbedtls_printf( " . Setting up the SSL/TLS structure..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /* OPTIONAL is not optimal for security,
+ * but makes interop easier in this simplified example */
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+
+ if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+
+ /*
+ * 4. Handshake
+ */
+ mbedtls_printf( " . Performing the SSL/TLS handshake..." );
+ fflush( stdout );
+
+ while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 5. Verify the server certificate
+ */
+ mbedtls_printf( " . Verifying peer X.509 certificate..." );
+
+ /* In real life, we probably want to bail out when ret != 0 */
+ if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
+ {
+ char vrfy_buf[512];
+
+ mbedtls_printf( " failed\n" );
+
+ mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+
+ mbedtls_printf( "%s\n", vrfy_buf );
+ }
+ else
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 3. Write the GET request
+ */
+ mbedtls_printf( " > Write to server:" );
+ fflush( stdout );
+
+ len = sprintf( (char *) buf, GET_REQUEST );
+
+ while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ goto exit;
+ }
+ }
+
+ len = ret;
+ mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf );
+
+ /*
+ * 7. Read the HTTP response
+ */
+ mbedtls_printf( " < Read from server:" );
+ fflush( stdout );
+
+ do
+ {
+ len = sizeof( buf ) - 1;
+ memset( buf, 0, sizeof( buf ) );
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ continue;
+
+ if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
+ break;
+
+ if( ret < 0 )
+ {
+ mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret );
+ break;
+ }
+
+ if( ret == 0 )
+ {
+ mbedtls_printf( "\n\nEOF\n\n" );
+ break;
+ }
+
+ len = ret;
+ mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
+ }
+ while( 1 );
+
+ mbedtls_ssl_close_notify( &ssl );
+
+exit:
+
+#ifdef MBEDTLS_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ mbedtls_strerror( ret, error_buf, 100 );
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
+ }
+#endif
+
+ mbedtls_net_free( &server_fd );
+
+ mbedtls_x509_crt_free( &cacert );
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
+ MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
+ MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C &&
+ MBEDTLS_X509_CRT_PARSE_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_client2.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_client2.c
new file mode 100644
index 0000000..a1d71e1
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_client2.c
@@ -0,0 +1,1673 @@
+/*
+ * SSL client with certificate authentication
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_printf printf
+#define mbedtls_fprintf fprintf
+#define mbedtls_snprintf snprintf
+#endif
+
+#if !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/timing.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define DFL_SERVER_NAME "localhost"
+#define DFL_SERVER_ADDR NULL
+#define DFL_SERVER_PORT "4433"
+#define DFL_REQUEST_PAGE "/"
+#define DFL_REQUEST_SIZE -1
+#define DFL_DEBUG_LEVEL 0
+#define DFL_NBIO 0
+#define DFL_READ_TIMEOUT 0
+#define DFL_MAX_RESEND 0
+#define DFL_CA_FILE ""
+#define DFL_CA_PATH ""
+#define DFL_CRT_FILE ""
+#define DFL_KEY_FILE ""
+#define DFL_PSK ""
+#define DFL_PSK_IDENTITY "Client_identity"
+#define DFL_ECJPAKE_PW NULL
+#define DFL_FORCE_CIPHER 0
+#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
+#define DFL_ALLOW_LEGACY -2
+#define DFL_RENEGOTIATE 0
+#define DFL_EXCHANGES 1
+#define DFL_MIN_VERSION -1
+#define DFL_MAX_VERSION -1
+#define DFL_ARC4 -1
+#define DFL_AUTH_MODE -1
+#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
+#define DFL_TRUNC_HMAC -1
+#define DFL_RECSPLIT -1
+#define DFL_DHMLEN -1
+#define DFL_RECONNECT 0
+#define DFL_RECO_DELAY 0
+#define DFL_RECONNECT_HARD 0
+#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
+#define DFL_ALPN_STRING NULL
+#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
+#define DFL_HS_TO_MIN 0
+#define DFL_HS_TO_MAX 0
+#define DFL_FALLBACK -1
+#define DFL_EXTENDED_MS -1
+#define DFL_ETM -1
+
+#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
+#define GET_REQUEST_END "\r\n\r\n"
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_FS_IO)
+#define USAGE_IO \
+ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (pre-loaded)\n" \
+ " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (pre-loaded) (overrides ca_file)\n" \
+ " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
+ " default: \"\" (pre-loaded)\n" \
+ " key_file=%%s default: \"\" (pre-loaded)\n"
+#else
+#define USAGE_IO \
+ " No file operations available (MBEDTLS_FS_IO not defined)\n"
+#endif /* MBEDTLS_FS_IO */
+#else
+#define USAGE_IO ""
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+#define USAGE_PSK \
+ " psk=%%s default: \"\" (in hex, without 0x)\n" \
+ " psk_identity=%%s default: \"Client_identity\"\n"
+#else
+#define USAGE_PSK ""
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#define USAGE_TICKETS \
+ " tickets=%%d default: 1 (enabled)\n"
+#else
+#define USAGE_TICKETS ""
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+#define USAGE_TRUNC_HMAC \
+ " trunc_hmac=%%d default: library default\n"
+#else
+#define USAGE_TRUNC_HMAC ""
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+#define USAGE_MAX_FRAG_LEN \
+ " max_frag_len=%%d default: 16384 (tls default)\n" \
+ " options: 512, 1024, 2048, 4096\n"
+#else
+#define USAGE_MAX_FRAG_LEN ""
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+#define USAGE_RECSPLIT \
+ " recsplit=0/1 default: (library default: on)\n"
+#else
+#define USAGE_RECSPLIT
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+#define USAGE_DHMLEN \
+ " dhmlen=%%d default: (library default: 1024 bits)\n"
+#else
+#define USAGE_DHMLEN
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+#define USAGE_ALPN \
+ " alpn=%%s default: \"\" (disabled)\n" \
+ " example: spdy/1,http/1.1\n"
+#else
+#define USAGE_ALPN ""
+#endif /* MBEDTLS_SSL_ALPN */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#define USAGE_DTLS \
+ " dtls=%%d default: 0 (TLS)\n" \
+ " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
+ " range of DTLS handshake timeouts in millisecs\n"
+#else
+#define USAGE_DTLS ""
+#endif
+
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
+#define USAGE_FALLBACK \
+ " fallback=0/1 default: (library default: off)\n"
+#else
+#define USAGE_FALLBACK ""
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#define USAGE_EMS \
+ " extended_ms=0/1 default: (library default: on)\n"
+#else
+#define USAGE_EMS ""
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#define USAGE_ETM \
+ " etm=0/1 default: (library default: on)\n"
+#else
+#define USAGE_ETM ""
+#endif
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+#define USAGE_RENEGO \
+ " renegotiation=%%d default: 0 (disabled)\n" \
+ " renegotiate=%%d default: 0 (disabled)\n"
+#else
+#define USAGE_RENEGO ""
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#define USAGE_ECJPAKE \
+ " ecjpake_pw=%%s default: none (disabled)\n"
+#else
+#define USAGE_ECJPAKE ""
+#endif
+
+#define USAGE \
+ "\n usage: ssl_client2 param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " server_name=%%s default: localhost\n" \
+ " server_addr=%%s default: given by name\n" \
+ " server_port=%%d default: 4433\n" \
+ " request_page=%%s default: \".\"\n" \
+ " request_size=%%d default: about 34 (basic request)\n" \
+ " (minimum: 0, max: 16384)\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " nbio=%%d default: 0 (blocking I/O)\n" \
+ " options: 1 (non-blocking), 2 (added delays)\n" \
+ " read_timeout=%%d default: 0 ms (no timeout)\n" \
+ " max_resend=%%d default: 0 (no resend on timeout)\n" \
+ "\n" \
+ USAGE_DTLS \
+ "\n" \
+ " auth_mode=%%s default: (library default: none)\n" \
+ " options: none, optional, required\n" \
+ USAGE_IO \
+ "\n" \
+ USAGE_PSK \
+ USAGE_ECJPAKE \
+ "\n" \
+ " allow_legacy=%%d default: (library default: no)\n" \
+ USAGE_RENEGO \
+ " exchanges=%%d default: 1\n" \
+ " reconnect=%%d default: 0 (disabled)\n" \
+ " reco_delay=%%d default: 0 seconds\n" \
+ " reconnect_hard=%%d default: 0 (disabled)\n" \
+ USAGE_TICKETS \
+ USAGE_MAX_FRAG_LEN \
+ USAGE_TRUNC_HMAC \
+ USAGE_ALPN \
+ USAGE_FALLBACK \
+ USAGE_EMS \
+ USAGE_ETM \
+ USAGE_RECSPLIT \
+ USAGE_DHMLEN \
+ "\n" \
+ " arc4=%%d default: (library default: 0)\n" \
+ " min_version=%%s default: (library default: tls1)\n" \
+ " max_version=%%s default: (library default: tls1_2)\n" \
+ " force_version=%%s default: \"\" (none)\n" \
+ " options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
+ "\n" \
+ " force_ciphersuite=<name> default: all enabled\n"\
+ " acceptable ciphersuite names:\n"
+
+/*
+ * global options
+ */
+struct options
+{
+ const char *server_name; /* hostname of the server (client only) */
+ const char *server_addr; /* address of the server (client only) */
+ const char *server_port; /* port on which the ssl service runs */
+ int debug_level; /* level of debugging */
+ int nbio; /* should I/O be blocking? */
+ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
+ int max_resend; /* DTLS times to resend on read timeout */
+ const char *request_page; /* page on server to request */
+ int request_size; /* pad request with header to requested size */
+ const char *ca_file; /* the file with the CA certificate(s) */
+ const char *ca_path; /* the path with the CA certificate(s) reside */
+ const char *crt_file; /* the file with the client certificate */
+ const char *key_file; /* the file with the client key */
+ const char *psk; /* the pre-shared key */
+ const char *psk_identity; /* the pre-shared key identity */
+ const char *ecjpake_pw; /* the EC J-PAKE password */
+ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
+ int renegotiation; /* enable / disable renegotiation */
+ int allow_legacy; /* allow legacy renegotiation */
+ int renegotiate; /* attempt renegotiation? */
+ int renego_delay; /* delay before enforcing renegotiation */
+ int exchanges; /* number of data exchanges */
+ int min_version; /* minimum protocol version accepted */
+ int max_version; /* maximum protocol version accepted */
+ int arc4; /* flag for arc4 suites support */
+ int auth_mode; /* verify mode for connection */
+ unsigned char mfl_code; /* code for maximum fragment length */
+ int trunc_hmac; /* negotiate truncated hmac or not */
+ int recsplit; /* enable record splitting? */
+ int dhmlen; /* minimum DHM params len in bits */
+ int reconnect; /* attempt to resume session */
+ int reco_delay; /* delay in seconds before resuming session */
+ int reconnect_hard; /* unexpectedly reconnect from the same port */
+ int tickets; /* enable / disable session tickets */
+ const char *alpn_string; /* ALPN supported protocols */
+ int transport; /* TLS or DTLS? */
+ uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
+ uint32_t hs_to_max; /* Max value of DTLS handshake timer */
+ int fallback; /* is this a fallback connection? */
+ int extended_ms; /* negotiate extended master secret? */
+ int etm; /* negotiate encrypt then mac? */
+} opt;
+
+static void my_debug( void *ctx, int level,
+ const char *file, int line,
+ const char *str )
+{
+ const char *p, *basename;
+
+ /* Extract basename from file */
+ for( p = basename = file; *p != '\0'; p++ )
+ if( *p == '/' || *p == '\\' )
+ basename = p + 1;
+
+ mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", basename, line, level, str );
+ fflush( (FILE *) ctx );
+}
+
+/*
+ * Test recv/send functions that make sure each try returns
+ * WANT_READ/WANT_WRITE at least once before sucesseding
+ */
+static int my_recv( void *ctx, unsigned char *buf, size_t len )
+{
+ static int first_try = 1;
+ int ret;
+
+ if( first_try )
+ {
+ first_try = 0;
+ return( MBEDTLS_ERR_SSL_WANT_READ );
+ }
+
+ ret = mbedtls_net_recv( ctx, buf, len );
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ )
+ first_try = 1; /* Next call will be a new operation */
+ return( ret );
+}
+
+static int my_send( void *ctx, const unsigned char *buf, size_t len )
+{
+ static int first_try = 1;
+ int ret;
+
+ if( first_try )
+ {
+ first_try = 0;
+ return( MBEDTLS_ERR_SSL_WANT_WRITE );
+ }
+
+ ret = mbedtls_net_send( ctx, buf, len );
+ if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ first_try = 1; /* Next call will be a new operation */
+ return( ret );
+}
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/*
+ * Enabled if debug_level > 1 in code below
+ */
+static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags )
+{
+ char buf[1024];
+ ((void) data);
+
+ mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
+ mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
+ mbedtls_printf( "%s", buf );
+
+ if ( ( *flags ) == 0 )
+ mbedtls_printf( " This certificate has no flags\n" );
+ else
+ {
+ mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
+ mbedtls_printf( "%s\n", buf );
+ }
+
+ return( 0 );
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0, len, tail_len, i, written, frags, retry_left;
+ mbedtls_net_context server_fd;
+ unsigned char buf[MBEDTLS_SSL_MAX_CONTENT_LEN + 1];
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ unsigned char psk[MBEDTLS_PSK_MAX_LEN];
+ size_t psk_len = 0;
+#endif
+#if defined(MBEDTLS_SSL_ALPN)
+ const char *alpn_list[10];
+#endif
+ const char *pers = "ssl_client2";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ssl_session saved_session;
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_timing_delay_context timer;
+#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ uint32_t flags;
+ mbedtls_x509_crt cacert;
+ mbedtls_x509_crt clicert;
+ mbedtls_pk_context pkey;
+#endif
+ char *p, *q;
+ const int *list;
+
+ /*
+ * Make sure memory references are valid.
+ */
+ mbedtls_net_init( &server_fd );
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_init( &cacert );
+ mbedtls_x509_crt_init( &clicert );
+ mbedtls_pk_init( &pkey );
+#endif
+#if defined(MBEDTLS_SSL_ALPN)
+ memset( (void * ) alpn_list, 0, sizeof( alpn_list ) );
+#endif
+
+ if( argc == 0 )
+ {
+ usage:
+ if( ret == 0 )
+ ret = 1;
+
+ mbedtls_printf( USAGE );
+
+ list = mbedtls_ssl_list_ciphersuites();
+ while( *list )
+ {
+ mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name( *list ) );
+ list++;
+ if( !*list )
+ break;
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
+ list++;
+ }
+ mbedtls_printf("\n");
+ goto exit;
+ }
+
+ opt.server_name = DFL_SERVER_NAME;
+ opt.server_addr = DFL_SERVER_ADDR;
+ opt.server_port = DFL_SERVER_PORT;
+ opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.nbio = DFL_NBIO;
+ opt.read_timeout = DFL_READ_TIMEOUT;
+ opt.max_resend = DFL_MAX_RESEND;
+ opt.request_page = DFL_REQUEST_PAGE;
+ opt.request_size = DFL_REQUEST_SIZE;
+ opt.ca_file = DFL_CA_FILE;
+ opt.ca_path = DFL_CA_PATH;
+ opt.crt_file = DFL_CRT_FILE;
+ opt.key_file = DFL_KEY_FILE;
+ opt.psk = DFL_PSK;
+ opt.psk_identity = DFL_PSK_IDENTITY;
+ opt.ecjpake_pw = DFL_ECJPAKE_PW;
+ opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
+ opt.renegotiation = DFL_RENEGOTIATION;
+ opt.allow_legacy = DFL_ALLOW_LEGACY;
+ opt.renegotiate = DFL_RENEGOTIATE;
+ opt.exchanges = DFL_EXCHANGES;
+ opt.min_version = DFL_MIN_VERSION;
+ opt.max_version = DFL_MAX_VERSION;
+ opt.arc4 = DFL_ARC4;
+ opt.auth_mode = DFL_AUTH_MODE;
+ opt.mfl_code = DFL_MFL_CODE;
+ opt.trunc_hmac = DFL_TRUNC_HMAC;
+ opt.recsplit = DFL_RECSPLIT;
+ opt.dhmlen = DFL_DHMLEN;
+ opt.reconnect = DFL_RECONNECT;
+ opt.reco_delay = DFL_RECO_DELAY;
+ opt.reconnect_hard = DFL_RECONNECT_HARD;
+ opt.tickets = DFL_TICKETS;
+ opt.alpn_string = DFL_ALPN_STRING;
+ opt.transport = DFL_TRANSPORT;
+ opt.hs_to_min = DFL_HS_TO_MIN;
+ opt.hs_to_max = DFL_HS_TO_MAX;
+ opt.fallback = DFL_FALLBACK;
+ opt.extended_ms = DFL_EXTENDED_MS;
+ opt.etm = DFL_ETM;
+
+ for( i = 1; i < argc; i++ )
+ {
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "server_name" ) == 0 )
+ opt.server_name = q;
+ else if( strcmp( p, "server_addr" ) == 0 )
+ opt.server_addr = q;
+ else if( strcmp( p, "server_port" ) == 0 )
+ opt.server_port = q;
+ else if( strcmp( p, "dtls" ) == 0 )
+ {
+ int t = atoi( q );
+ if( t == 0 )
+ opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
+ else if( t == 1 )
+ opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "debug_level" ) == 0 )
+ {
+ opt.debug_level = atoi( q );
+ if( opt.debug_level < 0 || opt.debug_level > 65535 )
+ goto usage;
+ }
+ else if( strcmp( p, "nbio" ) == 0 )
+ {
+ opt.nbio = atoi( q );
+ if( opt.nbio < 0 || opt.nbio > 2 )
+ goto usage;
+ }
+ else if( strcmp( p, "read_timeout" ) == 0 )
+ opt.read_timeout = atoi( q );
+ else if( strcmp( p, "max_resend" ) == 0 )
+ {
+ opt.max_resend = atoi( q );
+ if( opt.max_resend < 0 )
+ goto usage;
+ }
+ else if( strcmp( p, "request_page" ) == 0 )
+ opt.request_page = q;
+ else if( strcmp( p, "request_size" ) == 0 )
+ {
+ opt.request_size = atoi( q );
+ if( opt.request_size < 0 || opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN )
+ goto usage;
+ }
+ else if( strcmp( p, "ca_file" ) == 0 )
+ opt.ca_file = q;
+ else if( strcmp( p, "ca_path" ) == 0 )
+ opt.ca_path = q;
+ else if( strcmp( p, "crt_file" ) == 0 )
+ opt.crt_file = q;
+ else if( strcmp( p, "key_file" ) == 0 )
+ opt.key_file = q;
+ else if( strcmp( p, "psk" ) == 0 )
+ opt.psk = q;
+ else if( strcmp( p, "psk_identity" ) == 0 )
+ opt.psk_identity = q;
+ else if( strcmp( p, "ecjpake_pw" ) == 0 )
+ opt.ecjpake_pw = q;
+ else if( strcmp( p, "force_ciphersuite" ) == 0 )
+ {
+ opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
+
+ if( opt.force_ciphersuite[0] == 0 )
+ {
+ ret = 2;
+ goto usage;
+ }
+ opt.force_ciphersuite[1] = 0;
+ }
+ else if( strcmp( p, "renegotiation" ) == 0 )
+ {
+ opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED :
+ MBEDTLS_SSL_RENEGOTIATION_DISABLED;
+ }
+ else if( strcmp( p, "allow_legacy" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case -1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; break;
+ case 0: opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; break;
+ case 1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "renegotiate" ) == 0 )
+ {
+ opt.renegotiate = atoi( q );
+ if( opt.renegotiate < 0 || opt.renegotiate > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "exchanges" ) == 0 )
+ {
+ opt.exchanges = atoi( q );
+ if( opt.exchanges < 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "reconnect" ) == 0 )
+ {
+ opt.reconnect = atoi( q );
+ if( opt.reconnect < 0 || opt.reconnect > 2 )
+ goto usage;
+ }
+ else if( strcmp( p, "reco_delay" ) == 0 )
+ {
+ opt.reco_delay = atoi( q );
+ if( opt.reco_delay < 0 )
+ goto usage;
+ }
+ else if( strcmp( p, "reconnect_hard" ) == 0 )
+ {
+ opt.reconnect_hard = atoi( q );
+ if( opt.reconnect_hard < 0 || opt.reconnect_hard > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "tickets" ) == 0 )
+ {
+ opt.tickets = atoi( q );
+ if( opt.tickets < 0 || opt.tickets > 2 )
+ goto usage;
+ }
+ else if( strcmp( p, "alpn" ) == 0 )
+ {
+ opt.alpn_string = q;
+ }
+ else if( strcmp( p, "fallback" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.fallback = MBEDTLS_SSL_IS_NOT_FALLBACK; break;
+ case 1: opt.fallback = MBEDTLS_SSL_IS_FALLBACK; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "extended_ms" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; break;
+ case 1: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "etm" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
+ case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "min_version" ) == 0 )
+ {
+ if( strcmp( q, "ssl3" ) == 0 )
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
+ else if( strcmp( q, "tls1" ) == 0 )
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
+ else if( strcmp( q, "tls1_1" ) == 0 ||
+ strcmp( q, "dtls1" ) == 0 )
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ else if( strcmp( q, "tls1_2" ) == 0 ||
+ strcmp( q, "dtls1_2" ) == 0 )
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "max_version" ) == 0 )
+ {
+ if( strcmp( q, "ssl3" ) == 0 )
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
+ else if( strcmp( q, "tls1" ) == 0 )
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
+ else if( strcmp( q, "tls1_1" ) == 0 ||
+ strcmp( q, "dtls1" ) == 0 )
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ else if( strcmp( q, "tls1_2" ) == 0 ||
+ strcmp( q, "dtls1_2" ) == 0 )
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "arc4" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break;
+ case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "force_version" ) == 0 )
+ {
+ if( strcmp( q, "ssl3" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
+ }
+ else if( strcmp( q, "tls1" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
+ }
+ else if( strcmp( q, "tls1_1" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ }
+ else if( strcmp( q, "tls1_2" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ }
+ else if( strcmp( q, "dtls1" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+ }
+ else if( strcmp( q, "dtls1_2" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+ }
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "auth_mode" ) == 0 )
+ {
+ if( strcmp( q, "none" ) == 0 )
+ opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE;
+ else if( strcmp( q, "optional" ) == 0 )
+ opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
+ else if( strcmp( q, "required" ) == 0 )
+ opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "max_frag_len" ) == 0 )
+ {
+ if( strcmp( q, "512" ) == 0 )
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
+ else if( strcmp( q, "1024" ) == 0 )
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
+ else if( strcmp( q, "2048" ) == 0 )
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
+ else if( strcmp( q, "4096" ) == 0 )
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "trunc_hmac" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
+ case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "hs_timeout" ) == 0 )
+ {
+ if( ( p = strchr( q, '-' ) ) == NULL )
+ goto usage;
+ *p++ = '\0';
+ opt.hs_to_min = atoi( q );
+ opt.hs_to_max = atoi( p );
+ if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
+ goto usage;
+ }
+ else if( strcmp( p, "recsplit" ) == 0 )
+ {
+ opt.recsplit = atoi( q );
+ if( opt.recsplit < 0 || opt.recsplit > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "dhmlen" ) == 0 )
+ {
+ opt.dhmlen = atoi( q );
+ if( opt.dhmlen < 0 )
+ goto usage;
+ }
+ else
+ goto usage;
+ }
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold( opt.debug_level );
+#endif
+
+ if( opt.force_ciphersuite[0] > 0 )
+ {
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
+
+ if( opt.max_version != -1 &&
+ ciphersuite_info->min_minor_ver > opt.max_version )
+ {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ ret = 2;
+ goto usage;
+ }
+ if( opt.min_version != -1 &&
+ ciphersuite_info->max_minor_ver < opt.min_version )
+ {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ ret = 2;
+ goto usage;
+ }
+
+ /* If the server selects a version that's not supported by
+ * this suite, then there will be no common ciphersuite... */
+ if( opt.max_version == -1 ||
+ opt.max_version > ciphersuite_info->max_minor_ver )
+ {
+ opt.max_version = ciphersuite_info->max_minor_ver;
+ }
+ if( opt.min_version < ciphersuite_info->min_minor_ver )
+ {
+ opt.min_version = ciphersuite_info->min_minor_ver;
+ /* DTLS starts with TLS 1.1 */
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ }
+
+ /* Enable RC4 if needed and not explicitly disabled */
+ if( ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
+ {
+ if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
+ {
+ mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
+ ret = 2;
+ goto usage;
+ }
+
+ opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
+ }
+ }
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ /*
+ * Unhexify the pre-shared key if any is given
+ */
+ if( strlen( opt.psk ) )
+ {
+ unsigned char c;
+ size_t j;
+
+ if( strlen( opt.psk ) % 2 != 0 )
+ {
+ mbedtls_printf("pre-shared key not valid hex\n");
+ goto exit;
+ }
+
+ psk_len = strlen( opt.psk ) / 2;
+
+ for( j = 0; j < strlen( opt.psk ); j += 2 )
+ {
+ c = opt.psk[j];
+ if( c >= '0' && c <= '9' )
+ c -= '0';
+ else if( c >= 'a' && c <= 'f' )
+ c -= 'a' - 10;
+ else if( c >= 'A' && c <= 'F' )
+ c -= 'A' - 10;
+ else
+ {
+ mbedtls_printf("pre-shared key not valid hex\n");
+ goto exit;
+ }
+ psk[ j / 2 ] = c << 4;
+
+ c = opt.psk[j + 1];
+ if( c >= '0' && c <= '9' )
+ c -= '0';
+ else if( c >= 'a' && c <= 'f' )
+ c -= 'a' - 10;
+ else if( c >= 'A' && c <= 'F' )
+ c -= 'A' - 10;
+ else
+ {
+ mbedtls_printf("pre-shared key not valid hex\n");
+ goto exit;
+ }
+ psk[ j / 2 ] |= c;
+ }
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ {
+ p = (char *) opt.alpn_string;
+ i = 0;
+
+ /* Leave room for a final NULL in alpn_list */
+ while( i < (int) sizeof alpn_list - 1 && *p != '\0' )
+ {
+ alpn_list[i++] = p;
+
+ /* Terminate the current string and move on to next one */
+ while( *p != ',' && *p != '\0' )
+ p++;
+ if( *p == ',' )
+ *p++ = '\0';
+ }
+ }
+#endif /* MBEDTLS_SSL_ALPN */
+
+ /*
+ * 0. Initialize the RNG and the session data
+ */
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ /*
+ * 1.1. Load the trusted CA
+ */
+ mbedtls_printf( " . Loading the CA root certificate ..." );
+ fflush( stdout );
+
+#if defined(MBEDTLS_FS_IO)
+ if( strlen( opt.ca_path ) )
+ if( strcmp( opt.ca_path, "none" ) == 0 )
+ ret = 0;
+ else
+ ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
+ else if( strlen( opt.ca_file ) )
+ if( strcmp( opt.ca_file, "none" ) == 0 )
+ ret = 0;
+ else
+ ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
+ else
+#endif
+#if defined(MBEDTLS_CERTS_C)
+ for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
+ {
+ ret = mbedtls_x509_crt_parse( &cacert,
+ (const unsigned char *) mbedtls_test_cas[i],
+ mbedtls_test_cas_len[i] );
+ if( ret != 0 )
+ break;
+ }
+#else
+ {
+ ret = 1;
+ mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ }
+#endif
+ if( ret < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok (%d skipped)\n", ret );
+
+ /*
+ * 1.2. Load own certificate and private key
+ *
+ * (can be skipped if client authentication is not required)
+ */
+ mbedtls_printf( " . Loading the client cert. and key..." );
+ fflush( stdout );
+
+#if defined(MBEDTLS_FS_IO)
+ if( strlen( opt.crt_file ) )
+ if( strcmp( opt.crt_file, "none" ) == 0 )
+ ret = 0;
+ else
+ ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
+ else
+#endif
+#if defined(MBEDTLS_CERTS_C)
+ ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
+ mbedtls_test_cli_crt_len );
+#else
+ {
+ ret = 1;
+ mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ }
+#endif
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+#if defined(MBEDTLS_FS_IO)
+ if( strlen( opt.key_file ) )
+ if( strcmp( opt.key_file, "none" ) == 0 )
+ ret = 0;
+ else
+ ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
+ else
+#endif
+#if defined(MBEDTLS_CERTS_C)
+ ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
+ mbedtls_test_cli_key_len, NULL, 0 );
+#else
+ {
+ ret = 1;
+ mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ }
+#endif
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+ /*
+ * 2. Start the connection
+ */
+ if( opt.server_addr == NULL)
+ opt.server_addr = opt.server_name;
+
+ mbedtls_printf( " . Connecting to %s/%s/%s...",
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
+ opt.server_addr, opt.server_port );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port,
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
+ MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ if( opt.nbio > 0 )
+ ret = mbedtls_net_set_nonblock( &server_fd );
+ else
+ ret = mbedtls_net_set_block( &server_fd );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 3. Setup stuff
+ */
+ mbedtls_printf( " . Setting up the SSL/TLS structure..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ opt.transport,
+ MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( opt.debug_level > 0 )
+ mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
+#endif
+
+ if( opt.auth_mode != DFL_AUTH_MODE )
+ mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
+ mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
+ goto exit;
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ if( opt.trunc_hmac != DFL_TRUNC_HMAC )
+ mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ if( opt.extended_ms != DFL_EXTENDED_MS )
+ mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ if( opt.etm != DFL_ETM )
+ mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
+#endif
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+ if( opt.recsplit != DFL_RECSPLIT )
+ mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit
+ ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
+ : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+ if( opt.dhmlen != DFL_DHMLEN )
+ mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret );
+ goto exit;
+ }
+#endif
+
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+
+ mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_conf_session_tickets( &conf, opt.tickets );
+#endif
+
+ if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
+ mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
+
+#if defined(MBEDTLS_ARC4_C)
+ if( opt.arc4 != DFL_ARC4 )
+ mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
+#endif
+
+ if( opt.allow_legacy != DFL_ALLOW_LEGACY )
+ mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( strcmp( opt.ca_path, "none" ) != 0 &&
+ strcmp( opt.ca_file, "none" ) != 0 )
+ {
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ }
+ if( strcmp( opt.crt_file, "none" ) != 0 &&
+ strcmp( opt.key_file, "none" ) != 0 )
+ {
+ if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
+ }
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
+ (const unsigned char *) opt.psk_identity,
+ strlen( opt.psk_identity ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret );
+ goto exit;
+ }
+#endif
+
+ if( opt.min_version != DFL_MIN_VERSION )
+ mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+
+ if( opt.max_version != DFL_MAX_VERSION )
+ mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
+ if( opt.fallback != DFL_FALLBACK )
+ mbedtls_ssl_conf_fallback( &conf, opt.fallback );
+#endif
+
+ if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
+ goto exit;
+ }
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
+ {
+ if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
+ (const unsigned char *) opt.ecjpake_pw,
+ strlen( opt.ecjpake_pw ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret );
+ goto exit;
+ }
+ }
+#endif
+
+ if( opt.nbio == 2 )
+ mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL );
+ else
+ mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv,
+ opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
+
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay );
+#endif
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 4. Handshake
+ */
+ mbedtls_printf( " . Performing the SSL/TLS handshake..." );
+ fflush( stdout );
+
+ while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", -ret );
+ if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
+ mbedtls_printf(
+ " Unable to verify the server's certificate. "
+ "Either it is invalid,\n"
+ " or you didn't set ca_file or ca_path "
+ "to an appropriate value.\n"
+ " Alternatively, you may want to use "
+ "auth_mode=optional for testing purposes.\n" );
+ mbedtls_printf( "\n" );
+ goto exit;
+ }
+ }
+
+ mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
+ mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) );
+
+ if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
+ mbedtls_printf( " [ Record expansion is %d ]\n", ret );
+ else
+ mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ mbedtls_printf( " [ Maximum fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ {
+ const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
+ mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
+ alp ? alp : "(none)" );
+ }
+#endif
+
+ if( opt.reconnect != 0 )
+ {
+ mbedtls_printf(" . Saving session for reuse..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+ }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ /*
+ * 5. Verify the server certificate
+ */
+ mbedtls_printf( " . Verifying peer X.509 certificate..." );
+
+ if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
+ {
+ char vrfy_buf[512];
+
+ mbedtls_printf( " failed\n" );
+
+ mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+
+ mbedtls_printf( "%s\n", vrfy_buf );
+ }
+ else
+ mbedtls_printf( " ok\n" );
+
+ if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
+ {
+ mbedtls_printf( " . Peer certificate information ...\n" );
+ mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
+ mbedtls_ssl_get_peer_cert( &ssl ) );
+ mbedtls_printf( "%s\n", buf );
+ }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( opt.renegotiate )
+ {
+ /*
+ * Perform renegotiation (this must be done when the server is waiting
+ * for input from our side).
+ */
+ mbedtls_printf( " . Performing renegotiation..." );
+ fflush( stdout );
+ while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
+ goto exit;
+ }
+ }
+ mbedtls_printf( " ok\n" );
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+ /*
+ * 6. Write the GET request
+ */
+ retry_left = opt.max_resend;
+send_request:
+ mbedtls_printf( " > Write to server:" );
+ fflush( stdout );
+
+ len = mbedtls_snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
+ opt.request_page );
+ tail_len = (int) strlen( GET_REQUEST_END );
+
+ /* Add padding to GET request to reach opt.request_size in length */
+ if( opt.request_size != DFL_REQUEST_SIZE &&
+ len + tail_len < opt.request_size )
+ {
+ memset( buf + len, 'A', opt.request_size - len - tail_len );
+ len += opt.request_size - len - tail_len;
+ }
+
+ strncpy( (char *) buf + len, GET_REQUEST_END, sizeof(buf) - len - 1 );
+ len += tail_len;
+
+ /* Truncate if request size is smaller than the "natural" size */
+ if( opt.request_size != DFL_REQUEST_SIZE &&
+ len > opt.request_size )
+ {
+ len = opt.request_size;
+
+ /* Still end with \r\n unless that's really not possible */
+ if( len >= 2 ) buf[len - 2] = '\r';
+ if( len >= 1 ) buf[len - 1] = '\n';
+ }
+
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
+ {
+ for( written = 0, frags = 0; written < len; written += ret, frags++ )
+ {
+ while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
+ <= 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ }
+ }
+ }
+ else /* Not stream, so datagram */
+ {
+ do ret = mbedtls_ssl_write( &ssl, buf, len );
+ while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+ if( ret < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ goto exit;
+ }
+
+ frags = 1;
+ written = ret;
+ }
+
+ buf[written] = '\0';
+ mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
+
+ /*
+ * 7. Read the HTTP response
+ */
+ mbedtls_printf( " < Read from server:" );
+ fflush( stdout );
+
+ /*
+ * TLS and DTLS need different reading styles (stream vs datagram)
+ */
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
+ {
+ do
+ {
+ len = sizeof( buf ) - 1;
+ memset( buf, 0, sizeof( buf ) );
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ continue;
+
+ if( ret <= 0 )
+ {
+ switch( ret )
+ {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf( " connection was closed gracefully\n" );
+ ret = 0;
+ goto close_notify;
+
+ case 0:
+ case MBEDTLS_ERR_NET_CONN_RESET:
+ mbedtls_printf( " connection was reset by peer\n" );
+ ret = 0;
+ goto reconnect;
+
+ default:
+ mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
+ goto exit;
+ }
+ }
+
+ len = ret;
+ buf[len] = '\0';
+ mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
+
+ /* End of message should be detected according to the syntax of the
+ * application protocol (eg HTTP), just use a dummy test here. */
+ if( ret > 0 && buf[len-1] == '\n' )
+ {
+ ret = 0;
+ break;
+ }
+ }
+ while( 1 );
+ }
+ else /* Not stream, so datagram */
+ {
+ len = sizeof( buf ) - 1;
+ memset( buf, 0, sizeof( buf ) );
+
+ do ret = mbedtls_ssl_read( &ssl, buf, len );
+ while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+ if( ret <= 0 )
+ {
+ switch( ret )
+ {
+ case MBEDTLS_ERR_SSL_TIMEOUT:
+ mbedtls_printf( " timeout\n" );
+ if( retry_left-- > 0 )
+ goto send_request;
+ goto exit;
+
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf( " connection was closed gracefully\n" );
+ ret = 0;
+ goto close_notify;
+
+ default:
+ mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
+ goto exit;
+ }
+ }
+
+ len = ret;
+ buf[len] = '\0';
+ mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
+ ret = 0;
+ }
+
+ /*
+ * 7b. Simulate hard reset and reconnect from same port?
+ */
+ if( opt.reconnect_hard != 0 )
+ {
+ opt.reconnect_hard = 0;
+
+ mbedtls_printf( " . Restarting connection from same port..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ goto send_request;
+ }
+
+ /*
+ * 7c. Continue doing data exchanges?
+ */
+ if( --opt.exchanges > 0 )
+ goto send_request;
+
+ /*
+ * 8. Done, cleanly close the connection
+ */
+close_notify:
+ mbedtls_printf( " . Closing the connection..." );
+ fflush( stdout );
+
+ /* No error checking, the connection might be closed already */
+ do ret = mbedtls_ssl_close_notify( &ssl );
+ while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ ret = 0;
+
+ mbedtls_printf( " done\n" );
+
+ /*
+ * 9. Reconnect?
+ */
+reconnect:
+ if( opt.reconnect != 0 )
+ {
+ --opt.reconnect;
+
+ mbedtls_net_free( &server_fd );
+
+#if defined(MBEDTLS_TIMING_C)
+ if( opt.reco_delay > 0 )
+ mbedtls_net_usleep( 1000000 * opt.reco_delay );
+#endif
+
+ mbedtls_printf( " . Reconnecting with saved session..." );
+
+ if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port,
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
+ MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ if( opt.nbio > 0 )
+ ret = mbedtls_net_set_nonblock( &server_fd );
+ else
+ ret = mbedtls_net_set_block( &server_fd );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
+ -ret );
+ goto exit;
+ }
+
+ while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ goto send_request;
+ }
+
+ /*
+ * Cleanup and exit
+ */
+exit:
+#ifdef MBEDTLS_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ mbedtls_strerror( ret, error_buf, 100 );
+ mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
+ }
+#endif
+
+ mbedtls_net_free( &server_fd );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_free( &clicert );
+ mbedtls_x509_crt_free( &cacert );
+ mbedtls_pk_free( &pkey );
+#endif
+ mbedtls_ssl_session_free( &saved_session );
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ // Shell can not handle large exit numbers -> 1 for errors
+ if( ret < 0 )
+ ret = 1;
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
+ MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
+ MBEDTLS_CTR_DRBG_C MBEDTLS_TIMING_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_fork_server.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_fork_server.c
new file mode 100644
index 0000000..7624896
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_fork_server.c
@@ -0,0 +1,416 @@
+/*
+ * SSL server demonstration program using fork() for handling multiple clients
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_time_t time_t
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
+ !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_TIMING_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_PEM_PARSE_C)
+int main( int argc, char *argv[] )
+{
+ ((void) argc);
+ ((void) argv);
+
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
+ "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
+ "MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ return( 0 );
+}
+#elif defined(_WIN32)
+int main( void )
+{
+ mbedtls_printf("_WIN32 defined. This application requires fork() and signals "
+ "to work correctly.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/timing.h"
+
+#include <string.h>
+#include <signal.h>
+
+#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
+#include <unistd.h>
+#endif
+
+#define HTTP_RESPONSE \
+ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+ "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<p>Successful connection using: %s</p>\r\n"
+
+#define DEBUG_LEVEL 0
+
+static void my_debug( void *ctx, int level,
+ const char *file, int line,
+ const char *str )
+{
+ ((void) level);
+
+ mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
+ fflush( (FILE *) ctx );
+}
+
+int main( void )
+{
+ int ret, len, cnt = 0, pid;
+ mbedtls_net_context listen_fd, client_fd;
+ unsigned char buf[1024];
+ const char *pers = "ssl_fork_server";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt srvcert;
+ mbedtls_pk_context pkey;
+
+ mbedtls_net_init( &listen_fd );
+ mbedtls_net_init( &client_fd );
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_entropy_init( &entropy );
+ mbedtls_pk_init( &pkey );
+ mbedtls_x509_crt_init( &srvcert );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ signal( SIGCHLD, SIG_IGN );
+
+ /*
+ * 0. Initial seeding of the RNG
+ */
+ mbedtls_printf( "\n . Initial seeding of the random generator..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1. Load the certificates and private RSA key
+ */
+ mbedtls_printf( " . Loading the server cert. and key..." );
+ fflush( stdout );
+
+ /*
+ * This demonstration program uses embedded test certificates.
+ * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
+ * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
+ */
+ ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1b. Prepare SSL configuration
+ */
+ mbedtls_printf( " . Configuring SSL..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
+ {
+ mbedtls_printf( " failed! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
+ {
+ mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 2. Setup the listening TCP socket
+ */
+ mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
+ {
+ mbedtls_printf( " failed! mbedtls_net_bind returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ while( 1 )
+ {
+ /*
+ * 3. Wait until a client connects
+ */
+ mbedtls_net_init( &client_fd );
+ mbedtls_ssl_init( &ssl );
+
+ mbedtls_printf( " . Waiting for a remote connection ...\n" );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
+ NULL, 0, NULL ) ) != 0 )
+ {
+ mbedtls_printf( " failed! mbedtls_net_accept returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /*
+ * 3.5. Forking server thread
+ */
+
+ mbedtls_printf( " . Forking to handle connection ..." );
+ fflush( stdout );
+
+ pid = fork();
+
+ if( pid < 0 )
+ {
+ mbedtls_printf(" failed! fork returned %d\n\n", pid );
+ goto exit;
+ }
+
+ if( pid != 0 )
+ {
+ mbedtls_printf( " ok\n" );
+
+ if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
+ (const unsigned char *) "parent",
+ 6 ) ) != 0 )
+ {
+ mbedtls_printf( " failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret );
+ goto exit;
+ }
+
+ continue;
+ }
+
+ mbedtls_net_init( &listen_fd );
+
+ pid = getpid();
+
+ /*
+ * 4. Setup stuff
+ */
+ mbedtls_printf( "pid %d: Setting up the SSL data.\n", pid );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
+ (const unsigned char *) "child",
+ 5 ) ) != 0 )
+ {
+ mbedtls_printf(
+ "pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n",
+ pid, ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ {
+ mbedtls_printf(
+ "pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n",
+ pid, ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+
+ mbedtls_printf( "pid %d: SSL setup ok\n", pid );
+
+ /*
+ * 5. Handshake
+ */
+ mbedtls_printf( "pid %d: Performing the SSL/TLS handshake.\n", pid );
+ fflush( stdout );
+
+ while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf(
+ "pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n",
+ pid, ret );
+ goto exit;
+ }
+ }
+
+ mbedtls_printf( "pid %d: SSL handshake ok\n", pid );
+
+ /*
+ * 6. Read the HTTP Request
+ */
+ mbedtls_printf( "pid %d: Start reading from client.\n", pid );
+ fflush( stdout );
+
+ do
+ {
+ len = sizeof( buf ) - 1;
+ memset( buf, 0, sizeof( buf ) );
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ continue;
+
+ if( ret <= 0 )
+ {
+ switch( ret )
+ {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf( "pid %d: connection was closed gracefully\n", pid );
+ break;
+
+ case MBEDTLS_ERR_NET_CONN_RESET:
+ mbedtls_printf( "pid %d: connection was reset by peer\n", pid );
+ break;
+
+ default:
+ mbedtls_printf( "pid %d: mbedtls_ssl_read returned %d\n", pid, ret );
+ break;
+ }
+
+ break;
+ }
+
+ len = ret;
+ mbedtls_printf( "pid %d: %d bytes read\n\n%s", pid, len, (char *) buf );
+
+ if( ret > 0 )
+ break;
+ }
+ while( 1 );
+
+ /*
+ * 7. Write the 200 Response
+ */
+ mbedtls_printf( "pid %d: Start writing to client.\n", pid );
+ fflush( stdout );
+
+ len = sprintf( (char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite( &ssl ) );
+
+ while( cnt++ < 100 )
+ {
+ while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
+ {
+ if( ret == MBEDTLS_ERR_NET_CONN_RESET )
+ {
+ mbedtls_printf(
+ "pid %d: Write failed! peer closed the connection\n\n", pid );
+ goto exit;
+ }
+
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf(
+ "pid %d: Write failed! mbedtls_ssl_write returned %d\n\n",
+ pid, ret );
+ goto exit;
+ }
+ }
+ len = ret;
+ mbedtls_printf( "pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf );
+
+ mbedtls_net_usleep( 1000000 );
+ }
+
+ mbedtls_ssl_close_notify( &ssl );
+ goto exit;
+ }
+
+exit:
+ mbedtls_net_free( &client_fd );
+ mbedtls_net_free( &listen_fd );
+
+ mbedtls_x509_crt_free( &srvcert );
+ mbedtls_pk_free( &pkey );
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
+ MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_PARSE_C &&
+ ! _WIN32 */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_mail_client.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_mail_client.c
new file mode 100644
index 0000000..b49ffb4
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_mail_client.c
@@ -0,0 +1,842 @@
+/*
+ * SSL client for SMTP servers
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/base64.h"
+#include "mbedtls/error.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/x509.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
+#include <unistd.h>
+#else
+#include <io.h>
+#endif
+
+#if defined(_WIN32) || defined(_WIN32_WCE)
+#include <winsock2.h>
+#include <windows.h>
+
+#if defined(_MSC_VER)
+#if defined(_WIN32_WCE)
+#pragma comment( lib, "ws2.lib" )
+#else
+#pragma comment( lib, "ws2_32.lib" )
+#endif
+#endif /* _MSC_VER */
+#endif
+
+#define DFL_SERVER_NAME "localhost"
+#define DFL_SERVER_PORT "465"
+#define DFL_USER_NAME "user"
+#define DFL_USER_PWD "password"
+#define DFL_MAIL_FROM ""
+#define DFL_MAIL_TO ""
+#define DFL_DEBUG_LEVEL 0
+#define DFL_CA_FILE ""
+#define DFL_CRT_FILE ""
+#define DFL_KEY_FILE ""
+#define DFL_FORCE_CIPHER 0
+#define DFL_MODE 0
+#define DFL_AUTHENTICATION 0
+
+#define MODE_SSL_TLS 0
+#define MODE_STARTTLS 0
+
+#if defined(MBEDTLS_BASE64_C)
+#define USAGE_AUTH \
+ " authentication=%%d default: 0 (disabled)\n" \
+ " user_name=%%s default: \"user\"\n" \
+ " user_pwd=%%s default: \"password\"\n"
+#else
+#define USAGE_AUTH \
+ " authentication options disabled. (Require MBEDTLS_BASE64_C)\n"
+#endif /* MBEDTLS_BASE64_C */
+
+#if defined(MBEDTLS_FS_IO)
+#define USAGE_IO \
+ " ca_file=%%s default: \"\" (pre-loaded)\n" \
+ " crt_file=%%s default: \"\" (pre-loaded)\n" \
+ " key_file=%%s default: \"\" (pre-loaded)\n"
+#else
+#define USAGE_IO \
+ " No file operations available (MBEDTLS_FS_IO not defined)\n"
+#endif /* MBEDTLS_FS_IO */
+
+#define USAGE \
+ "\n usage: ssl_mail_client param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " server_name=%%s default: localhost\n" \
+ " server_port=%%d default: 4433\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
+ USAGE_AUTH \
+ " mail_from=%%s default: \"\"\n" \
+ " mail_to=%%s default: \"\"\n" \
+ USAGE_IO \
+ " force_ciphersuite=<name> default: all enabled\n"\
+ " acceptable ciphersuite names:\n"
+
+/*
+ * global options
+ */
+struct options
+{
+ const char *server_name; /* hostname of the server (client only) */
+ const char *server_port; /* port on which the ssl service runs */
+ int debug_level; /* level of debugging */
+ int authentication; /* if authentication is required */
+ int mode; /* SSL/TLS (0) or STARTTLS (1) */
+ const char *user_name; /* username to use for authentication */
+ const char *user_pwd; /* password to use for authentication */
+ const char *mail_from; /* E-Mail address to use as sender */
+ const char *mail_to; /* E-Mail address to use as recipient */
+ const char *ca_file; /* the file with the CA certificate(s) */
+ const char *crt_file; /* the file with the client certificate */
+ const char *key_file; /* the file with the client key */
+ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
+} opt;
+
+static void my_debug( void *ctx, int level,
+ const char *file, int line,
+ const char *str )
+{
+ ((void) level);
+
+ mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
+ fflush( (FILE *) ctx );
+}
+
+static int do_handshake( mbedtls_ssl_context *ssl )
+{
+ int ret;
+ uint32_t flags;
+ unsigned char buf[1024];
+ memset(buf, 0, 1024);
+
+ /*
+ * 4. Handshake
+ */
+ mbedtls_printf( " . Performing the SSL/TLS handshake..." );
+ fflush( stdout );
+
+ while( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+#if defined(MBEDTLS_ERROR_C)
+ mbedtls_strerror( ret, (char *) buf, 1024 );
+#endif
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d: %s\n\n", ret, buf );
+ return( -1 );
+ }
+ }
+
+ mbedtls_printf( " ok\n [ Ciphersuite is %s ]\n",
+ mbedtls_ssl_get_ciphersuite( ssl ) );
+
+ /*
+ * 5. Verify the server certificate
+ */
+ mbedtls_printf( " . Verifying peer X.509 certificate..." );
+
+ /* In real life, we probably want to bail out when ret != 0 */
+ if( ( flags = mbedtls_ssl_get_verify_result( ssl ) ) != 0 )
+ {
+ char vrfy_buf[512];
+
+ mbedtls_printf( " failed\n" );
+
+ mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+
+ mbedtls_printf( "%s\n", vrfy_buf );
+ }
+ else
+ mbedtls_printf( " ok\n" );
+
+ mbedtls_printf( " . Peer certificate information ...\n" );
+ mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
+ mbedtls_ssl_get_peer_cert( ssl ) );
+ mbedtls_printf( "%s\n", buf );
+
+ return( 0 );
+}
+
+static int write_ssl_data( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
+{
+ int ret;
+
+ mbedtls_printf("\n%s", buf);
+ while( len && ( ret = mbedtls_ssl_write( ssl, buf, len ) ) <= 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ return -1;
+ }
+ }
+
+ return( 0 );
+}
+
+static int write_ssl_and_get_response( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
+{
+ int ret;
+ unsigned char data[128];
+ char code[4];
+ size_t i, idx = 0;
+
+ mbedtls_printf("\n%s", buf);
+ while( len && ( ret = mbedtls_ssl_write( ssl, buf, len ) ) <= 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ return -1;
+ }
+ }
+
+ do
+ {
+ len = sizeof( data ) - 1;
+ memset( data, 0, sizeof( data ) );
+ ret = mbedtls_ssl_read( ssl, data, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ continue;
+
+ if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
+ return -1;
+
+ if( ret <= 0 )
+ {
+ mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret );
+ return -1;
+ }
+
+ mbedtls_printf("\n%s", data);
+ len = ret;
+ for( i = 0; i < len; i++ )
+ {
+ if( data[i] != '\n' )
+ {
+ if( idx < 4 )
+ code[ idx++ ] = data[i];
+ continue;
+ }
+
+ if( idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ' )
+ {
+ code[3] = '\0';
+ return atoi( code );
+ }
+
+ idx = 0;
+ }
+ }
+ while( 1 );
+}
+
+static int write_and_get_response( mbedtls_net_context *sock_fd, unsigned char *buf, size_t len )
+{
+ int ret;
+ unsigned char data[128];
+ char code[4];
+ size_t i, idx = 0;
+
+ mbedtls_printf("\n%s", buf);
+ if( len && ( ret = mbedtls_net_send( sock_fd, buf, len ) ) <= 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ return -1;
+ }
+
+ do
+ {
+ len = sizeof( data ) - 1;
+ memset( data, 0, sizeof( data ) );
+ ret = mbedtls_net_recv( sock_fd, data, len );
+
+ if( ret <= 0 )
+ {
+ mbedtls_printf( "failed\n ! read returned %d\n\n", ret );
+ return -1;
+ }
+
+ data[len] = '\0';
+ mbedtls_printf("\n%s", data);
+ len = ret;
+ for( i = 0; i < len; i++ )
+ {
+ if( data[i] != '\n' )
+ {
+ if( idx < 4 )
+ code[ idx++ ] = data[i];
+ continue;
+ }
+
+ if( idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ' )
+ {
+ code[3] = '\0';
+ return atoi( code );
+ }
+
+ idx = 0;
+ }
+ }
+ while( 1 );
+}
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0, len;
+ mbedtls_net_context server_fd;
+ unsigned char buf[1024];
+#if defined(MBEDTLS_BASE64_C)
+ unsigned char base[1024];
+#endif
+ char hostname[32];
+ const char *pers = "ssl_mail_client";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt cacert;
+ mbedtls_x509_crt clicert;
+ mbedtls_pk_context pkey;
+ int i;
+ size_t n;
+ char *p, *q;
+ const int *list;
+
+ /*
+ * Make sure memory references are valid in case we exit early.
+ */
+ mbedtls_net_init( &server_fd );
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ memset( &buf, 0, sizeof( buf ) );
+ mbedtls_x509_crt_init( &cacert );
+ mbedtls_x509_crt_init( &clicert );
+ mbedtls_pk_init( &pkey );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+ if( argc == 0 )
+ {
+ usage:
+ mbedtls_printf( USAGE );
+
+ list = mbedtls_ssl_list_ciphersuites();
+ while( *list )
+ {
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
+ list++;
+ }
+ mbedtls_printf("\n");
+ goto exit;
+ }
+
+ opt.server_name = DFL_SERVER_NAME;
+ opt.server_port = DFL_SERVER_PORT;
+ opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.authentication = DFL_AUTHENTICATION;
+ opt.mode = DFL_MODE;
+ opt.user_name = DFL_USER_NAME;
+ opt.user_pwd = DFL_USER_PWD;
+ opt.mail_from = DFL_MAIL_FROM;
+ opt.mail_to = DFL_MAIL_TO;
+ opt.ca_file = DFL_CA_FILE;
+ opt.crt_file = DFL_CRT_FILE;
+ opt.key_file = DFL_KEY_FILE;
+ opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
+
+ for( i = 1; i < argc; i++ )
+ {
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "server_name" ) == 0 )
+ opt.server_name = q;
+ else if( strcmp( p, "server_port" ) == 0 )
+ opt.server_port = q;
+ else if( strcmp( p, "debug_level" ) == 0 )
+ {
+ opt.debug_level = atoi( q );
+ if( opt.debug_level < 0 || opt.debug_level > 65535 )
+ goto usage;
+ }
+ else if( strcmp( p, "authentication" ) == 0 )
+ {
+ opt.authentication = atoi( q );
+ if( opt.authentication < 0 || opt.authentication > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "mode" ) == 0 )
+ {
+ opt.mode = atoi( q );
+ if( opt.mode < 0 || opt.mode > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "user_name" ) == 0 )
+ opt.user_name = q;
+ else if( strcmp( p, "user_pwd" ) == 0 )
+ opt.user_pwd = q;
+ else if( strcmp( p, "mail_from" ) == 0 )
+ opt.mail_from = q;
+ else if( strcmp( p, "mail_to" ) == 0 )
+ opt.mail_to = q;
+ else if( strcmp( p, "ca_file" ) == 0 )
+ opt.ca_file = q;
+ else if( strcmp( p, "crt_file" ) == 0 )
+ opt.crt_file = q;
+ else if( strcmp( p, "key_file" ) == 0 )
+ opt.key_file = q;
+ else if( strcmp( p, "force_ciphersuite" ) == 0 )
+ {
+ opt.force_ciphersuite[0] = -1;
+
+ opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
+
+ if( opt.force_ciphersuite[0] <= 0 )
+ goto usage;
+
+ opt.force_ciphersuite[1] = 0;
+ }
+ else
+ goto usage;
+ }
+
+ /*
+ * 0. Initialize the RNG and the session data
+ */
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.1. Load the trusted CA
+ */
+ mbedtls_printf( " . Loading the CA root certificate ..." );
+ fflush( stdout );
+
+#if defined(MBEDTLS_FS_IO)
+ if( strlen( opt.ca_file ) )
+ ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
+ else
+#endif
+#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
+ ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len );
+#else
+ {
+ ret = 1;
+ mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.");
+ }
+#endif
+ if( ret < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok (%d skipped)\n", ret );
+
+ /*
+ * 1.2. Load own certificate and private key
+ *
+ * (can be skipped if client authentication is not required)
+ */
+ mbedtls_printf( " . Loading the client cert. and key..." );
+ fflush( stdout );
+
+#if defined(MBEDTLS_FS_IO)
+ if( strlen( opt.crt_file ) )
+ ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
+ else
+#endif
+#if defined(MBEDTLS_CERTS_C)
+ ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
+ mbedtls_test_cli_crt_len );
+#else
+ {
+ ret = -1;
+ mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ }
+#endif
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ goto exit;
+ }
+
+#if defined(MBEDTLS_FS_IO)
+ if( strlen( opt.key_file ) )
+ ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
+ else
+#endif
+#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
+ ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
+ mbedtls_test_cli_key_len, NULL, 0 );
+#else
+ {
+ ret = -1;
+ mbedtls_printf("MBEDTLS_CERTS_C or MBEDTLS_PEM_PARSE_C not defined.");
+ }
+#endif
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 2. Start the connection
+ */
+ mbedtls_printf( " . Connecting to tcp/%s/%s...", opt.server_name,
+ opt.server_port );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_connect( &server_fd, opt.server_name,
+ opt.server_port, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 3. Setup stuff
+ */
+ mbedtls_printf( " . Setting up the SSL/TLS structure..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ goto exit;
+ }
+
+ /* OPTIONAL is not optimal for security,
+ * but makes interop easier in this simplified example */
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
+
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+
+ if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
+ mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
+
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+
+ mbedtls_printf( " ok\n" );
+
+ if( opt.mode == MODE_SSL_TLS )
+ {
+ if( do_handshake( &ssl ) != 0 )
+ goto exit;
+
+ mbedtls_printf( " > Get header from server:" );
+ fflush( stdout );
+
+ ret = write_ssl_and_get_response( &ssl, buf, 0 );
+ if( ret < 200 || ret > 299 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n" );
+
+ mbedtls_printf( " > Write EHLO to server:" );
+ fflush( stdout );
+
+ gethostname( hostname, 32 );
+ len = sprintf( (char *) buf, "EHLO %s\r\n", hostname );
+ ret = write_ssl_and_get_response( &ssl, buf, len );
+ if( ret < 200 || ret > 299 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+ }
+ else
+ {
+ mbedtls_printf( " > Get header from server:" );
+ fflush( stdout );
+
+ ret = write_and_get_response( &server_fd, buf, 0 );
+ if( ret < 200 || ret > 299 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n" );
+
+ mbedtls_printf( " > Write EHLO to server:" );
+ fflush( stdout );
+
+ gethostname( hostname, 32 );
+ len = sprintf( (char *) buf, "EHLO %s\r\n", hostname );
+ ret = write_and_get_response( &server_fd, buf, len );
+ if( ret < 200 || ret > 299 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n" );
+
+ mbedtls_printf( " > Write STARTTLS to server:" );
+ fflush( stdout );
+
+ gethostname( hostname, 32 );
+ len = sprintf( (char *) buf, "STARTTLS\r\n" );
+ ret = write_and_get_response( &server_fd, buf, len );
+ if( ret < 200 || ret > 299 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n" );
+
+ if( do_handshake( &ssl ) != 0 )
+ goto exit;
+ }
+
+#if defined(MBEDTLS_BASE64_C)
+ if( opt.authentication )
+ {
+ mbedtls_printf( " > Write AUTH LOGIN to server:" );
+ fflush( stdout );
+
+ len = sprintf( (char *) buf, "AUTH LOGIN\r\n" );
+ ret = write_ssl_and_get_response( &ssl, buf, len );
+ if( ret < 200 || ret > 399 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n" );
+
+ mbedtls_printf( " > Write username to server: %s", opt.user_name );
+ fflush( stdout );
+
+ ret = mbedtls_base64_encode( base, sizeof( base ), &n, (const unsigned char *) opt.user_name,
+ strlen( opt.user_name ) );
+
+ if( ret != 0 ) {
+ mbedtls_printf( " failed\n ! mbedtls_base64_encode returned %d\n\n", ret );
+ goto exit;
+ }
+ len = sprintf( (char *) buf, "%s\r\n", base );
+ ret = write_ssl_and_get_response( &ssl, buf, len );
+ if( ret < 300 || ret > 399 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n" );
+
+ mbedtls_printf( " > Write password to server: %s", opt.user_pwd );
+ fflush( stdout );
+
+ ret = mbedtls_base64_encode( base, sizeof( base ), &n, (const unsigned char *) opt.user_pwd,
+ strlen( opt.user_pwd ) );
+
+ if( ret != 0 ) {
+ mbedtls_printf( " failed\n ! mbedtls_base64_encode returned %d\n\n", ret );
+ goto exit;
+ }
+ len = sprintf( (char *) buf, "%s\r\n", base );
+ ret = write_ssl_and_get_response( &ssl, buf, len );
+ if( ret < 200 || ret > 399 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n" );
+ }
+#endif
+
+ mbedtls_printf( " > Write MAIL FROM to server:" );
+ fflush( stdout );
+
+ len = sprintf( (char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from );
+ ret = write_ssl_and_get_response( &ssl, buf, len );
+ if( ret < 200 || ret > 299 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n" );
+
+ mbedtls_printf( " > Write RCPT TO to server:" );
+ fflush( stdout );
+
+ len = sprintf( (char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to );
+ ret = write_ssl_and_get_response( &ssl, buf, len );
+ if( ret < 200 || ret > 299 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n" );
+
+ mbedtls_printf( " > Write DATA to server:" );
+ fflush( stdout );
+
+ len = sprintf( (char *) buf, "DATA\r\n" );
+ ret = write_ssl_and_get_response( &ssl, buf, len );
+ if( ret < 300 || ret > 399 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n" );
+
+ mbedtls_printf( " > Write content to server:" );
+ fflush( stdout );
+
+ len = sprintf( (char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
+ "This is a simple test mail from the "
+ "mbed TLS mail client example.\r\n"
+ "\r\n"
+ "Enjoy!", opt.mail_from );
+ ret = write_ssl_data( &ssl, buf, len );
+
+ len = sprintf( (char *) buf, "\r\n.\r\n");
+ ret = write_ssl_and_get_response( &ssl, buf, len );
+ if( ret < 200 || ret > 299 )
+ {
+ mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n" );
+
+ mbedtls_ssl_close_notify( &ssl );
+
+exit:
+
+ mbedtls_net_free( &server_fd );
+ mbedtls_x509_crt_free( &clicert );
+ mbedtls_x509_crt_free( &cacert );
+ mbedtls_pk_free( &pkey );
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
+ MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
+ MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_pthread_server.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_pthread_server.c
new file mode 100644
index 0000000..9a05ad8
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_pthread_server.c
@@ -0,0 +1,529 @@
+/*
+ * SSL server demonstration program using pthread for handling multiple
+ * clients.
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_snprintf snprintf
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
+ !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD) || \
+ !defined(MBEDTLS_PEM_PARSE_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
+ "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
+ "MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
+ "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ return( 0 );
+}
+#else
+
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/error.h"
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+#include "mbedtls/ssl_cache.h"
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+#endif
+
+#define HTTP_RESPONSE \
+ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+ "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<p>Successful connection using: %s</p>\r\n"
+
+#define DEBUG_LEVEL 0
+
+#define MAX_NUM_THREADS 5
+
+mbedtls_threading_mutex_t debug_mutex;
+
+static void my_mutexed_debug( void *ctx, int level,
+ const char *file, int line,
+ const char *str )
+{
+ long int thread_id = (long int) pthread_self();
+
+ mbedtls_mutex_lock( &debug_mutex );
+
+ ((void) level);
+ mbedtls_fprintf( (FILE *) ctx, "%s:%04d: [ #%ld ] %s",
+ file, line, thread_id, str );
+ fflush( (FILE *) ctx );
+
+ mbedtls_mutex_unlock( &debug_mutex );
+}
+
+typedef struct {
+ mbedtls_net_context client_fd;
+ int thread_complete;
+ const mbedtls_ssl_config *config;
+} thread_info_t;
+
+typedef struct {
+ int active;
+ thread_info_t data;
+ pthread_t thread;
+} pthread_info_t;
+
+static thread_info_t base_info;
+static pthread_info_t threads[MAX_NUM_THREADS];
+
+static void *handle_ssl_connection( void *data )
+{
+ int ret, len;
+ thread_info_t *thread_info = (thread_info_t *) data;
+ mbedtls_net_context *client_fd = &thread_info->client_fd;
+ long int thread_id = (long int) pthread_self();
+ unsigned char buf[1024];
+ mbedtls_ssl_context ssl;
+
+ /* Make sure memory references are valid */
+ mbedtls_ssl_init( &ssl );
+
+ mbedtls_printf( " [ #%ld ] Setting up SSL/TLS data\n", thread_id );
+
+ /*
+ * 4. Get the SSL context ready
+ */
+ if( ( ret = mbedtls_ssl_setup( &ssl, thread_info->config ) ) != 0 )
+ {
+ mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n",
+ thread_id, -ret );
+ goto thread_exit;
+ }
+
+ mbedtls_ssl_set_bio( &ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+
+ /*
+ * 5. Handshake
+ */
+ mbedtls_printf( " [ #%ld ] Performing the SSL/TLS handshake\n", thread_id );
+
+ while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
+ thread_id, -ret );
+ goto thread_exit;
+ }
+ }
+
+ mbedtls_printf( " [ #%ld ] ok\n", thread_id );
+
+ /*
+ * 6. Read the HTTP Request
+ */
+ mbedtls_printf( " [ #%ld ] < Read from client\n", thread_id );
+
+ do
+ {
+ len = sizeof( buf ) - 1;
+ memset( buf, 0, sizeof( buf ) );
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ continue;
+
+ if( ret <= 0 )
+ {
+ switch( ret )
+ {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf( " [ #%ld ] connection was closed gracefully\n",
+ thread_id );
+ goto thread_exit;
+
+ case MBEDTLS_ERR_NET_CONN_RESET:
+ mbedtls_printf( " [ #%ld ] connection was reset by peer\n",
+ thread_id );
+ goto thread_exit;
+
+ default:
+ mbedtls_printf( " [ #%ld ] mbedtls_ssl_read returned -0x%04x\n",
+ thread_id, -ret );
+ goto thread_exit;
+ }
+ }
+
+ len = ret;
+ mbedtls_printf( " [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
+ thread_id, len, (char *) buf );
+
+ if( ret > 0 )
+ break;
+ }
+ while( 1 );
+
+ /*
+ * 7. Write the 200 Response
+ */
+ mbedtls_printf( " [ #%ld ] > Write to client:\n", thread_id );
+
+ len = sprintf( (char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite( &ssl ) );
+
+ while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
+ {
+ if( ret == MBEDTLS_ERR_NET_CONN_RESET )
+ {
+ mbedtls_printf( " [ #%ld ] failed: peer closed the connection\n",
+ thread_id );
+ goto thread_exit;
+ }
+
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n",
+ thread_id, ret );
+ goto thread_exit;
+ }
+ }
+
+ len = ret;
+ mbedtls_printf( " [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
+ thread_id, len, (char *) buf );
+
+ mbedtls_printf( " [ #%ld ] . Closing the connection...", thread_id );
+
+ while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
+ thread_id, ret );
+ goto thread_exit;
+ }
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ ret = 0;
+
+thread_exit:
+
+#ifdef MBEDTLS_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ mbedtls_strerror( ret, error_buf, 100 );
+ mbedtls_printf(" [ #%ld ] Last error was: -0x%04x - %s\n\n",
+ thread_id, -ret, error_buf );
+ }
+#endif
+
+ mbedtls_net_free( client_fd );
+ mbedtls_ssl_free( &ssl );
+
+ thread_info->thread_complete = 1;
+
+ return( NULL );
+}
+
+static int thread_create( mbedtls_net_context *client_fd )
+{
+ int ret, i;
+
+ /*
+ * Find in-active or finished thread slot
+ */
+ for( i = 0; i < MAX_NUM_THREADS; i++ )
+ {
+ if( threads[i].active == 0 )
+ break;
+
+ if( threads[i].data.thread_complete == 1 )
+ {
+ mbedtls_printf( " [ main ] Cleaning up thread %d\n", i );
+ pthread_join(threads[i].thread, NULL );
+ memset( &threads[i], 0, sizeof(pthread_info_t) );
+ break;
+ }
+ }
+
+ if( i == MAX_NUM_THREADS )
+ return( -1 );
+
+ /*
+ * Fill thread-info for thread
+ */
+ memcpy( &threads[i].data, &base_info, sizeof(base_info) );
+ threads[i].active = 1;
+ memcpy( &threads[i].data.client_fd, client_fd, sizeof( mbedtls_net_context ) );
+
+ if( ( ret = pthread_create( &threads[i].thread, NULL, handle_ssl_connection,
+ &threads[i].data ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ return( 0 );
+}
+
+int main( void )
+{
+ int ret;
+ mbedtls_net_context listen_fd, client_fd;
+ const char pers[] = "ssl_pthread_server";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt srvcert;
+ mbedtls_x509_crt cachain;
+ mbedtls_pk_context pkey;
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ unsigned char alloc_buf[100000];
+#endif
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_context cache;
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
+#endif
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_init( &cache );
+#endif
+
+ mbedtls_x509_crt_init( &srvcert );
+ mbedtls_x509_crt_init( &cachain );
+
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ memset( threads, 0, sizeof(threads) );
+ mbedtls_net_init( &listen_fd );
+ mbedtls_net_init( &client_fd );
+
+ mbedtls_mutex_init( &debug_mutex );
+
+ base_info.config = &conf;
+
+ /*
+ * We use only a single entropy source that is used in all the threads.
+ */
+ mbedtls_entropy_init( &entropy );
+
+ /*
+ * 1. Load the certificates and private RSA key
+ */
+ mbedtls_printf( "\n . Loading the server cert. and key..." );
+ fflush( stdout );
+
+ /*
+ * This demonstration program uses embedded test certificates.
+ * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
+ * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
+ */
+ ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_x509_crt_parse( &cachain, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_pk_init( &pkey );
+ ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1b. Seed the random number generator
+ */
+ mbedtls_printf( " . Seeding the random number generator..." );
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1c. Prepare SSL configuration
+ */
+ mbedtls_printf( " . Setting up the SSL data...." );
+
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
+ {
+ mbedtls_printf( " failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
+ -ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &conf, my_mutexed_debug, stdout );
+
+ /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
+ * MBEDTLS_THREADING_C is set.
+ */
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_conf_session_cache( &conf, &cache,
+ mbedtls_ssl_cache_get,
+ mbedtls_ssl_cache_set );
+#endif
+
+ mbedtls_ssl_conf_ca_chain( &conf, &cachain, NULL );
+ if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+
+ /*
+ * 2. Setup the listening TCP socket
+ */
+ mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+reset:
+#ifdef MBEDTLS_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ mbedtls_strerror( ret, error_buf, 100 );
+ mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", -ret, error_buf );
+ }
+#endif
+
+ /*
+ * 3. Wait until a client connects
+ */
+ mbedtls_printf( " [ main ] Waiting for a remote connection\n" );
+
+ if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
+ NULL, 0, NULL ) ) != 0 )
+ {
+ mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " [ main ] ok\n" );
+ mbedtls_printf( " [ main ] Creating a new thread\n" );
+
+ if( ( ret = thread_create( &client_fd ) ) != 0 )
+ {
+ mbedtls_printf( " [ main ] failed: thread_create returned %d\n", ret );
+ mbedtls_net_free( &client_fd );
+ goto reset;
+ }
+
+ ret = 0;
+ goto reset;
+
+exit:
+ mbedtls_x509_crt_free( &srvcert );
+ mbedtls_pk_free( &pkey );
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_free( &cache );
+#endif
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+ mbedtls_ssl_config_free( &conf );
+
+ mbedtls_net_free( &listen_fd );
+
+ mbedtls_mutex_free( &debug_mutex );
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ mbedtls_memory_buffer_alloc_free();
+#endif
+
+#if defined(_WIN32)
+ mbedtls_printf( " Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
+ MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_THREADING_C &&
+ MBEDTLS_THREADING_PTHREAD && MBEDTLS_PEM_PARSE_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_server.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_server.c
new file mode 100644
index 0000000..fd54f17
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_server.c
@@ -0,0 +1,401 @@
+/*
+ * SSL server demonstration program
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
+ !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_PEM_PARSE_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
+ "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ return( 0 );
+}
+#else
+
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+#include "mbedtls/ssl_cache.h"
+#endif
+
+#define HTTP_RESPONSE \
+ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+ "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<p>Successful connection using: %s</p>\r\n"
+
+#define DEBUG_LEVEL 0
+
+static void my_debug( void *ctx, int level,
+ const char *file, int line,
+ const char *str )
+{
+ ((void) level);
+
+ mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
+ fflush( (FILE *) ctx );
+}
+
+int main( void )
+{
+ int ret, len;
+ mbedtls_net_context listen_fd, client_fd;
+ unsigned char buf[1024];
+ const char *pers = "ssl_server";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt srvcert;
+ mbedtls_pk_context pkey;
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_context cache;
+#endif
+
+ mbedtls_net_init( &listen_fd );
+ mbedtls_net_init( &client_fd );
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_init( &cache );
+#endif
+ mbedtls_x509_crt_init( &srvcert );
+ mbedtls_pk_init( &pkey );
+ mbedtls_entropy_init( &entropy );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold( DEBUG_LEVEL );
+#endif
+
+ /*
+ * 1. Load the certificates and private RSA key
+ */
+ mbedtls_printf( "\n . Loading the server cert. and key..." );
+ fflush( stdout );
+
+ /*
+ * This demonstration program uses embedded test certificates.
+ * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
+ * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
+ */
+ ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
+ goto exit;
+ }
+
+ ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 2. Setup the listening TCP socket
+ */
+ mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 3. Seed the RNG
+ */
+ mbedtls_printf( " . Seeding the random number generator..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 4. Setup stuff
+ */
+ mbedtls_printf( " . Setting up the SSL data...." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_conf_session_cache( &conf, &cache,
+ mbedtls_ssl_cache_get,
+ mbedtls_ssl_cache_set );
+#endif
+
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+reset:
+#ifdef MBEDTLS_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ mbedtls_strerror( ret, error_buf, 100 );
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
+ }
+#endif
+
+ mbedtls_net_free( &client_fd );
+
+ mbedtls_ssl_session_reset( &ssl );
+
+ /*
+ * 3. Wait until a client connects
+ */
+ mbedtls_printf( " . Waiting for a remote connection ..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
+ NULL, 0, NULL ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 5. Handshake
+ */
+ mbedtls_printf( " . Performing the SSL/TLS handshake..." );
+ fflush( stdout );
+
+ while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
+ goto reset;
+ }
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 6. Read the HTTP Request
+ */
+ mbedtls_printf( " < Read from client:" );
+ fflush( stdout );
+
+ do
+ {
+ len = sizeof( buf ) - 1;
+ memset( buf, 0, sizeof( buf ) );
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ continue;
+
+ if( ret <= 0 )
+ {
+ switch( ret )
+ {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf( " connection was closed gracefully\n" );
+ break;
+
+ case MBEDTLS_ERR_NET_CONN_RESET:
+ mbedtls_printf( " connection was reset by peer\n" );
+ break;
+
+ default:
+ mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
+ break;
+ }
+
+ break;
+ }
+
+ len = ret;
+ mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
+
+ if( ret > 0 )
+ break;
+ }
+ while( 1 );
+
+ /*
+ * 7. Write the 200 Response
+ */
+ mbedtls_printf( " > Write to client:" );
+ fflush( stdout );
+
+ len = sprintf( (char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite( &ssl ) );
+
+ while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
+ {
+ if( ret == MBEDTLS_ERR_NET_CONN_RESET )
+ {
+ mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
+ goto reset;
+ }
+
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ goto exit;
+ }
+ }
+
+ len = ret;
+ mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
+
+ mbedtls_printf( " . Closing the connection..." );
+
+ while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret );
+ goto reset;
+ }
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ ret = 0;
+ goto reset;
+
+exit:
+
+#ifdef MBEDTLS_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ mbedtls_strerror( ret, error_buf, 100 );
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
+ }
+#endif
+
+ mbedtls_net_free( &client_fd );
+ mbedtls_net_free( &listen_fd );
+
+ mbedtls_x509_crt_free( &srvcert );
+ mbedtls_pk_free( &pkey );
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_free( &cache );
+#endif
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
+ MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C
+ && MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_server2.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_server2.c
new file mode 100644
index 0000000..96bd35f
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/ssl/ssl_server2.c
@@ -0,0 +1,2361 @@
+/*
+ * SSL client with options
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_free free
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_calloc calloc
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/timing.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#if !defined(_MSC_VER)
+#include <inttypes.h>
+#endif
+
+#if !defined(_WIN32)
+#include <signal.h>
+#endif
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+#include "mbedtls/ssl_cache.h"
+#endif
+
+#if defined(MBEDTLS_SSL_TICKET_C)
+#include "mbedtls/ssl_ticket.h"
+#endif
+
+#if defined(MBEDTLS_SSL_COOKIE_C)
+#include "mbedtls/ssl_cookie.h"
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+#endif
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_FS_IO)
+#define SNI_OPTION
+#endif
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#define DFL_SERVER_ADDR NULL
+#define DFL_SERVER_PORT "4433"
+#define DFL_DEBUG_LEVEL 0
+#define DFL_NBIO 0
+#define DFL_READ_TIMEOUT 0
+#define DFL_CA_FILE ""
+#define DFL_CA_PATH ""
+#define DFL_CRT_FILE ""
+#define DFL_KEY_FILE ""
+#define DFL_CRT_FILE2 ""
+#define DFL_KEY_FILE2 ""
+#define DFL_PSK ""
+#define DFL_PSK_IDENTITY "Client_identity"
+#define DFL_ECJPAKE_PW NULL
+#define DFL_PSK_LIST NULL
+#define DFL_FORCE_CIPHER 0
+#define DFL_VERSION_SUITES NULL
+#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
+#define DFL_ALLOW_LEGACY -2
+#define DFL_RENEGOTIATE 0
+#define DFL_RENEGO_DELAY -2
+#define DFL_RENEGO_PERIOD ( (uint64_t)-1 )
+#define DFL_EXCHANGES 1
+#define DFL_MIN_VERSION -1
+#define DFL_MAX_VERSION -1
+#define DFL_ARC4 -1
+#define DFL_AUTH_MODE -1
+#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
+#define DFL_TRUNC_HMAC -1
+#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
+#define DFL_TICKET_TIMEOUT 86400
+#define DFL_CACHE_MAX -1
+#define DFL_CACHE_TIMEOUT -1
+#define DFL_SNI NULL
+#define DFL_ALPN_STRING NULL
+#define DFL_DHM_FILE NULL
+#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
+#define DFL_COOKIES 1
+#define DFL_ANTI_REPLAY -1
+#define DFL_HS_TO_MIN 0
+#define DFL_HS_TO_MAX 0
+#define DFL_BADMAC_LIMIT -1
+#define DFL_EXTENDED_MS -1
+#define DFL_ETM -1
+
+#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
+
+/* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer
+ * packets (for fragmentation purposes) */
+#define HTTP_RESPONSE \
+ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+ "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
+
+/*
+ * Size of the basic I/O buffer. Able to hold our default response.
+ *
+ * You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh
+ * if you change this value to something outside the range <= 100 or > 500
+ */
+#define IO_BUF_LEN 200
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_FS_IO)
+#define USAGE_IO \
+ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (pre-loaded)\n" \
+ " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (pre-loaded) (overrides ca_file)\n" \
+ " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
+ " default: see note after key_file2\n" \
+ " key_file=%%s default: see note after key_file2\n" \
+ " crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \
+ " default: see note after key_file2\n" \
+ " key_file2=%%s default: see note below\n" \
+ " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \
+ " preloaded certificate(s) and key(s) are used if available\n" \
+ " dhm_file=%%s File containing Diffie-Hellman parameters\n" \
+ " default: preloaded parameters\n"
+#else
+#define USAGE_IO \
+ "\n" \
+ " No file operations available (MBEDTLS_FS_IO not defined)\n" \
+ "\n"
+#endif /* MBEDTLS_FS_IO */
+#else
+#define USAGE_IO ""
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+#define USAGE_PSK \
+ " psk=%%s default: \"\" (in hex, without 0x)\n" \
+ " psk_identity=%%s default: \"Client_identity\"\n"
+#else
+#define USAGE_PSK ""
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#define USAGE_TICKETS \
+ " tickets=%%d default: 1 (enabled)\n" \
+ " ticket_timeout=%%d default: 86400 (one day)\n"
+#else
+#define USAGE_TICKETS ""
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+#define USAGE_CACHE \
+ " cache_max=%%d default: cache default (50)\n" \
+ " cache_timeout=%%d default: cache default (1d)\n"
+#else
+#define USAGE_CACHE ""
+#endif /* MBEDTLS_SSL_CACHE_C */
+
+#if defined(SNI_OPTION)
+#define USAGE_SNI \
+ " sni=%%s name1,cert1,key1,ca1,crl1,auth1[,...]\n" \
+ " default: disabled\n"
+#else
+#define USAGE_SNI ""
+#endif /* SNI_OPTION */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+#define USAGE_MAX_FRAG_LEN \
+ " max_frag_len=%%d default: 16384 (tls default)\n" \
+ " options: 512, 1024, 2048, 4096\n"
+#else
+#define USAGE_MAX_FRAG_LEN ""
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+#define USAGE_TRUNC_HMAC \
+ " trunc_hmac=%%d default: library default\n"
+#else
+#define USAGE_TRUNC_HMAC ""
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+#define USAGE_ALPN \
+ " alpn=%%s default: \"\" (disabled)\n" \
+ " example: spdy/1,http/1.1\n"
+#else
+#define USAGE_ALPN ""
+#endif /* MBEDTLS_SSL_ALPN */
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#define USAGE_COOKIES \
+ " cookies=0/1/-1 default: 1 (enabled)\n" \
+ " 0: disabled, -1: library default (broken)\n"
+#else
+#define USAGE_COOKIES ""
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+#define USAGE_ANTI_REPLAY \
+ " anti_replay=0/1 default: (library default: enabled)\n"
+#else
+#define USAGE_ANTI_REPLAY ""
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+#define USAGE_BADMAC_LIMIT \
+ " badmac_limit=%%d default: (library default: disabled)\n"
+#else
+#define USAGE_BADMAC_LIMIT ""
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#define USAGE_DTLS \
+ " dtls=%%d default: 0 (TLS)\n" \
+ " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
+ " range of DTLS handshake timeouts in millisecs\n"
+#else
+#define USAGE_DTLS ""
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#define USAGE_EMS \
+ " extended_ms=0/1 default: (library default: on)\n"
+#else
+#define USAGE_EMS ""
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#define USAGE_ETM \
+ " etm=0/1 default: (library default: on)\n"
+#else
+#define USAGE_ETM ""
+#endif
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+#define USAGE_RENEGO \
+ " renegotiation=%%d default: 0 (disabled)\n" \
+ " renegotiate=%%d default: 0 (disabled)\n" \
+ " renego_delay=%%d default: -2 (library default)\n" \
+ " renego_period=%%d default: (2^64 - 1 for TLS, 2^48 - 1 for DTLS)\n"
+#else
+#define USAGE_RENEGO ""
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#define USAGE_ECJPAKE \
+ " ecjpake_pw=%%s default: none (disabled)\n"
+#else
+#define USAGE_ECJPAKE ""
+#endif
+
+#define USAGE \
+ "\n usage: ssl_server2 param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " server_addr=%%d default: (all interfaces)\n" \
+ " server_port=%%d default: 4433\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " nbio=%%d default: 0 (blocking I/O)\n" \
+ " options: 1 (non-blocking), 2 (added delays)\n" \
+ " read_timeout=%%d default: 0 ms (no timeout)\n" \
+ "\n" \
+ USAGE_DTLS \
+ USAGE_COOKIES \
+ USAGE_ANTI_REPLAY \
+ USAGE_BADMAC_LIMIT \
+ "\n" \
+ " auth_mode=%%s default: (library default: none)\n" \
+ " options: none, optional, required\n" \
+ USAGE_IO \
+ USAGE_SNI \
+ "\n" \
+ USAGE_PSK \
+ USAGE_ECJPAKE \
+ "\n" \
+ " allow_legacy=%%d default: (library default: no)\n" \
+ USAGE_RENEGO \
+ " exchanges=%%d default: 1\n" \
+ "\n" \
+ USAGE_TICKETS \
+ USAGE_CACHE \
+ USAGE_MAX_FRAG_LEN \
+ USAGE_TRUNC_HMAC \
+ USAGE_ALPN \
+ USAGE_EMS \
+ USAGE_ETM \
+ "\n" \
+ " arc4=%%d default: (library default: 0)\n" \
+ " min_version=%%s default: (library default: tls1)\n" \
+ " max_version=%%s default: (library default: tls1_2)\n" \
+ " force_version=%%s default: \"\" (none)\n" \
+ " options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
+ "\n" \
+ " version_suites=a,b,c,d per-version ciphersuites\n" \
+ " in order from ssl3 to tls1_2\n" \
+ " default: all enabled\n" \
+ " force_ciphersuite=<name> default: all enabled\n" \
+ " acceptable ciphersuite names:\n"
+
+
+#define PUT_UINT64_BE(out_be,in_le,i) \
+{ \
+ (out_be)[(i) + 0] = (unsigned char)( ( (in_le) >> 56 ) & 0xFF ); \
+ (out_be)[(i) + 1] = (unsigned char)( ( (in_le) >> 48 ) & 0xFF ); \
+ (out_be)[(i) + 2] = (unsigned char)( ( (in_le) >> 40 ) & 0xFF ); \
+ (out_be)[(i) + 3] = (unsigned char)( ( (in_le) >> 32 ) & 0xFF ); \
+ (out_be)[(i) + 4] = (unsigned char)( ( (in_le) >> 24 ) & 0xFF ); \
+ (out_be)[(i) + 5] = (unsigned char)( ( (in_le) >> 16 ) & 0xFF ); \
+ (out_be)[(i) + 6] = (unsigned char)( ( (in_le) >> 8 ) & 0xFF ); \
+ (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \
+}
+
+/*
+ * global options
+ */
+struct options
+{
+ const char *server_addr; /* address on which the ssl service runs */
+ const char *server_port; /* port on which the ssl service runs */
+ int debug_level; /* level of debugging */
+ int nbio; /* should I/O be blocking? */
+ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
+ const char *ca_file; /* the file with the CA certificate(s) */
+ const char *ca_path; /* the path with the CA certificate(s) reside */
+ const char *crt_file; /* the file with the server certificate */
+ const char *key_file; /* the file with the server key */
+ const char *crt_file2; /* the file with the 2nd server certificate */
+ const char *key_file2; /* the file with the 2nd server key */
+ const char *psk; /* the pre-shared key */
+ const char *psk_identity; /* the pre-shared key identity */
+ char *psk_list; /* list of PSK id/key pairs for callback */
+ const char *ecjpake_pw; /* the EC J-PAKE password */
+ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
+ const char *version_suites; /* per-version ciphersuites */
+ int renegotiation; /* enable / disable renegotiation */
+ int allow_legacy; /* allow legacy renegotiation */
+ int renegotiate; /* attempt renegotiation? */
+ int renego_delay; /* delay before enforcing renegotiation */
+ uint64_t renego_period; /* period for automatic renegotiation */
+ int exchanges; /* number of data exchanges */
+ int min_version; /* minimum protocol version accepted */
+ int max_version; /* maximum protocol version accepted */
+ int arc4; /* flag for arc4 suites support */
+ int auth_mode; /* verify mode for connection */
+ unsigned char mfl_code; /* code for maximum fragment length */
+ int trunc_hmac; /* accept truncated hmac? */
+ int tickets; /* enable / disable session tickets */
+ int ticket_timeout; /* session ticket lifetime */
+ int cache_max; /* max number of session cache entries */
+ int cache_timeout; /* expiration delay of session cache entries */
+ char *sni; /* string describing sni information */
+ const char *alpn_string; /* ALPN supported protocols */
+ const char *dhm_file; /* the file with the DH parameters */
+ int extended_ms; /* allow negotiation of extended MS? */
+ int etm; /* allow negotiation of encrypt-then-MAC? */
+ int transport; /* TLS or DTLS? */
+ int cookies; /* Use cookies for DTLS? -1 to break them */
+ int anti_replay; /* Use anti-replay for DTLS? -1 for default */
+ uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
+ uint32_t hs_to_max; /* Max value of DTLS handshake timer */
+ int badmac_limit; /* Limit of records with bad MAC */
+} opt;
+
+static void my_debug( void *ctx, int level,
+ const char *file, int line,
+ const char *str )
+{
+ const char *p, *basename;
+
+ /* Extract basename from file */
+ for( p = basename = file; *p != '\0'; p++ )
+ if( *p == '/' || *p == '\\' )
+ basename = p + 1;
+
+ mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", basename, line, level, str );
+ fflush( (FILE *) ctx );
+}
+
+/*
+ * Test recv/send functions that make sure each try returns
+ * WANT_READ/WANT_WRITE at least once before sucesseding
+ */
+static int my_recv( void *ctx, unsigned char *buf, size_t len )
+{
+ static int first_try = 1;
+ int ret;
+
+ if( first_try )
+ {
+ first_try = 0;
+ return( MBEDTLS_ERR_SSL_WANT_READ );
+ }
+
+ ret = mbedtls_net_recv( ctx, buf, len );
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ )
+ first_try = 1; /* Next call will be a new operation */
+ return( ret );
+}
+
+static int my_send( void *ctx, const unsigned char *buf, size_t len )
+{
+ static int first_try = 1;
+ int ret;
+
+ if( first_try )
+ {
+ first_try = 0;
+ return( MBEDTLS_ERR_SSL_WANT_WRITE );
+ }
+
+ ret = mbedtls_net_send( ctx, buf, len );
+ if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ first_try = 1; /* Next call will be a new operation */
+ return( ret );
+}
+
+/*
+ * Return authmode from string, or -1 on error
+ */
+static int get_auth_mode( const char *s )
+{
+ if( strcmp( s, "none" ) == 0 )
+ return( MBEDTLS_SSL_VERIFY_NONE );
+ if( strcmp( s, "optional" ) == 0 )
+ return( MBEDTLS_SSL_VERIFY_OPTIONAL );
+ if( strcmp( s, "required" ) == 0 )
+ return( MBEDTLS_SSL_VERIFY_REQUIRED );
+
+ return( -1 );
+}
+
+/*
+ * Used by sni_parse and psk_parse to handle coma-separated lists
+ */
+#define GET_ITEM( dst ) \
+ dst = p; \
+ while( *p != ',' ) \
+ if( ++p > end ) \
+ goto error; \
+ *p++ = '\0';
+
+#if defined(SNI_OPTION)
+typedef struct _sni_entry sni_entry;
+
+struct _sni_entry {
+ const char *name;
+ mbedtls_x509_crt *cert;
+ mbedtls_pk_context *key;
+ mbedtls_x509_crt* ca;
+ mbedtls_x509_crl* crl;
+ int authmode;
+ sni_entry *next;
+};
+
+void sni_free( sni_entry *head )
+{
+ sni_entry *cur = head, *next;
+
+ while( cur != NULL )
+ {
+ mbedtls_x509_crt_free( cur->cert );
+ mbedtls_free( cur->cert );
+
+ mbedtls_pk_free( cur->key );
+ mbedtls_free( cur->key );
+
+ mbedtls_x509_crt_free( cur->ca );
+ mbedtls_free( cur->ca );
+
+ mbedtls_x509_crl_free( cur->crl );
+ mbedtls_free( cur->crl );
+
+ next = cur->next;
+ mbedtls_free( cur );
+ cur = next;
+ }
+}
+
+/*
+ * Parse a string of sextuples name1,crt1,key1,ca1,crl1,auth1[,...]
+ * into a usable sni_entry list. For ca1, crl1, auth1, the special value
+ * '-' means unset. If ca1 is unset, then crl1 is ignored too.
+ *
+ * Modifies the input string! This is not production quality!
+ */
+sni_entry *sni_parse( char *sni_string )
+{
+ sni_entry *cur = NULL, *new = NULL;
+ char *p = sni_string;
+ char *end = p;
+ char *crt_file, *key_file, *ca_file, *crl_file, *auth_str;
+
+ while( *end != '\0' )
+ ++end;
+ *end = ',';
+
+ while( p <= end )
+ {
+ if( ( new = mbedtls_calloc( 1, sizeof( sni_entry ) ) ) == NULL )
+ {
+ sni_free( cur );
+ return( NULL );
+ }
+
+ GET_ITEM( new->name );
+ GET_ITEM( crt_file );
+ GET_ITEM( key_file );
+ GET_ITEM( ca_file );
+ GET_ITEM( crl_file );
+ GET_ITEM( auth_str );
+
+ if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL ||
+ ( new->key = mbedtls_calloc( 1, sizeof( mbedtls_pk_context ) ) ) == NULL )
+ goto error;
+
+ mbedtls_x509_crt_init( new->cert );
+ mbedtls_pk_init( new->key );
+
+ if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 ||
+ mbedtls_pk_parse_keyfile( new->key, key_file, "" ) != 0 )
+ goto error;
+
+ if( strcmp( ca_file, "-" ) != 0 )
+ {
+ if( ( new->ca = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL )
+ goto error;
+
+ mbedtls_x509_crt_init( new->ca );
+
+ if( mbedtls_x509_crt_parse_file( new->ca, ca_file ) != 0 )
+ goto error;
+ }
+
+ if( strcmp( crl_file, "-" ) != 0 )
+ {
+ if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL )
+ goto error;
+
+ mbedtls_x509_crl_init( new->crl );
+
+ if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 )
+ goto error;
+ }
+
+ if( strcmp( auth_str, "-" ) != 0 )
+ {
+ if( ( new->authmode = get_auth_mode( auth_str ) ) < 0 )
+ goto error;
+ }
+ else
+ new->authmode = DFL_AUTH_MODE;
+
+ new->next = cur;
+ cur = new;
+ }
+
+ return( cur );
+
+error:
+ sni_free( new );
+ sni_free( cur );
+ return( NULL );
+}
+
+/*
+ * SNI callback.
+ */
+int sni_callback( void *p_info, mbedtls_ssl_context *ssl,
+ const unsigned char *name, size_t name_len )
+{
+ const sni_entry *cur = (const sni_entry *) p_info;
+
+ while( cur != NULL )
+ {
+ if( name_len == strlen( cur->name ) &&
+ memcmp( name, cur->name, name_len ) == 0 )
+ {
+ if( cur->ca != NULL )
+ mbedtls_ssl_set_hs_ca_chain( ssl, cur->ca, cur->crl );
+
+ if( cur->authmode != DFL_AUTH_MODE )
+ mbedtls_ssl_set_hs_authmode( ssl, cur->authmode );
+
+ return( mbedtls_ssl_set_hs_own_cert( ssl, cur->cert, cur->key ) );
+ }
+
+ cur = cur->next;
+ }
+
+ return( -1 );
+}
+
+#endif /* SNI_OPTION */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+
+#define HEX2NUM( c ) \
+ if( c >= '0' && c <= '9' ) \
+ c -= '0'; \
+ else if( c >= 'a' && c <= 'f' ) \
+ c -= 'a' - 10; \
+ else if( c >= 'A' && c <= 'F' ) \
+ c -= 'A' - 10; \
+ else \
+ return( -1 );
+
+/*
+ * Convert a hex string to bytes.
+ * Return 0 on success, -1 on error.
+ */
+int unhexify( unsigned char *output, const char *input, size_t *olen )
+{
+ unsigned char c;
+ size_t j;
+
+ *olen = strlen( input );
+ if( *olen % 2 != 0 || *olen / 2 > MBEDTLS_PSK_MAX_LEN )
+ return( -1 );
+ *olen /= 2;
+
+ for( j = 0; j < *olen * 2; j += 2 )
+ {
+ c = input[j];
+ HEX2NUM( c );
+ output[ j / 2 ] = c << 4;
+
+ c = input[j + 1];
+ HEX2NUM( c );
+ output[ j / 2 ] |= c;
+ }
+
+ return( 0 );
+}
+
+typedef struct _psk_entry psk_entry;
+
+struct _psk_entry
+{
+ const char *name;
+ size_t key_len;
+ unsigned char key[MBEDTLS_PSK_MAX_LEN];
+ psk_entry *next;
+};
+
+/*
+ * Free a list of psk_entry's
+ */
+void psk_free( psk_entry *head )
+{
+ psk_entry *next;
+
+ while( head != NULL )
+ {
+ next = head->next;
+ mbedtls_free( head );
+ head = next;
+ }
+}
+
+/*
+ * Parse a string of pairs name1,key1[,name2,key2[,...]]
+ * into a usable psk_entry list.
+ *
+ * Modifies the input string! This is not production quality!
+ */
+psk_entry *psk_parse( char *psk_string )
+{
+ psk_entry *cur = NULL, *new = NULL;
+ char *p = psk_string;
+ char *end = p;
+ char *key_hex;
+
+ while( *end != '\0' )
+ ++end;
+ *end = ',';
+
+ while( p <= end )
+ {
+ if( ( new = mbedtls_calloc( 1, sizeof( psk_entry ) ) ) == NULL )
+ goto error;
+
+ memset( new, 0, sizeof( psk_entry ) );
+
+ GET_ITEM( new->name );
+ GET_ITEM( key_hex );
+
+ if( unhexify( new->key, key_hex, &new->key_len ) != 0 )
+ goto error;
+
+ new->next = cur;
+ cur = new;
+ }
+
+ return( cur );
+
+error:
+ psk_free( new );
+ psk_free( cur );
+ return( 0 );
+}
+
+/*
+ * PSK callback
+ */
+int psk_callback( void *p_info, mbedtls_ssl_context *ssl,
+ const unsigned char *name, size_t name_len )
+{
+ psk_entry *cur = (psk_entry *) p_info;
+
+ while( cur != NULL )
+ {
+ if( name_len == strlen( cur->name ) &&
+ memcmp( name, cur->name, name_len ) == 0 )
+ {
+ return( mbedtls_ssl_set_hs_psk( ssl, cur->key, cur->key_len ) );
+ }
+
+ cur = cur->next;
+ }
+
+ return( -1 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+static mbedtls_net_context listen_fd, client_fd;
+
+/* Interruption handler to ensure clean exit (for valgrind testing) */
+#if !defined(_WIN32)
+static int received_sigterm = 0;
+void term_handler( int sig )
+{
+ ((void) sig);
+ received_sigterm = 1;
+ mbedtls_net_free( &listen_fd ); /* causes mbedtls_net_accept() to abort */
+ mbedtls_net_free( &client_fd ); /* causes net_read() to abort */
+}
+#endif
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0, len, written, frags, exchanges_left;
+ int version_suites[4][2];
+ unsigned char buf[IO_BUF_LEN];
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ unsigned char psk[MBEDTLS_PSK_MAX_LEN];
+ size_t psk_len = 0;
+ psk_entry *psk_info = NULL;
+#endif
+ const char *pers = "ssl_server2";
+ unsigned char client_ip[16] = { 0 };
+ size_t cliip_len;
+#if defined(MBEDTLS_SSL_COOKIE_C)
+ mbedtls_ssl_cookie_ctx cookie_ctx;
+#endif
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_timing_delay_context timer;
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ unsigned char renego_period[8] = { 0 };
+#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ uint32_t flags;
+ mbedtls_x509_crt cacert;
+ mbedtls_x509_crt srvcert;
+ mbedtls_pk_context pkey;
+ mbedtls_x509_crt srvcert2;
+ mbedtls_pk_context pkey2;
+ int key_cert_init = 0, key_cert_init2 = 0;
+#endif
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
+ mbedtls_dhm_context dhm;
+#endif
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_context cache;
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_context ticket_ctx;
+#endif
+#if defined(SNI_OPTION)
+ sni_entry *sni_info = NULL;
+#endif
+#if defined(MBEDTLS_SSL_ALPN)
+ const char *alpn_list[10];
+#endif
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ unsigned char alloc_buf[100000];
+#endif
+
+ int i;
+ char *p, *q;
+ const int *list;
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
+#endif
+
+ /*
+ * Make sure memory references are valid in case we exit early.
+ */
+ mbedtls_net_init( &client_fd );
+ mbedtls_net_init( &listen_fd );
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_init( &cacert );
+ mbedtls_x509_crt_init( &srvcert );
+ mbedtls_pk_init( &pkey );
+ mbedtls_x509_crt_init( &srvcert2 );
+ mbedtls_pk_init( &pkey2 );
+#endif
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
+ mbedtls_dhm_init( &dhm );
+#endif
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_init( &cache );
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_init( &ticket_ctx );
+#endif
+#if defined(MBEDTLS_SSL_ALPN)
+ memset( (void *) alpn_list, 0, sizeof( alpn_list ) );
+#endif
+#if defined(MBEDTLS_SSL_COOKIE_C)
+ mbedtls_ssl_cookie_init( &cookie_ctx );
+#endif
+
+#if !defined(_WIN32)
+ /* Abort cleanly on SIGTERM and SIGINT */
+ signal( SIGTERM, term_handler );
+ signal( SIGINT, term_handler );
+#endif
+
+ if( argc == 0 )
+ {
+ usage:
+ if( ret == 0 )
+ ret = 1;
+
+ mbedtls_printf( USAGE );
+
+ list = mbedtls_ssl_list_ciphersuites();
+ while( *list )
+ {
+ mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name( *list ) );
+ list++;
+ if( !*list )
+ break;
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
+ list++;
+ }
+ mbedtls_printf("\n");
+ goto exit;
+ }
+
+ opt.server_addr = DFL_SERVER_ADDR;
+ opt.server_port = DFL_SERVER_PORT;
+ opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.nbio = DFL_NBIO;
+ opt.read_timeout = DFL_READ_TIMEOUT;
+ opt.ca_file = DFL_CA_FILE;
+ opt.ca_path = DFL_CA_PATH;
+ opt.crt_file = DFL_CRT_FILE;
+ opt.key_file = DFL_KEY_FILE;
+ opt.crt_file2 = DFL_CRT_FILE2;
+ opt.key_file2 = DFL_KEY_FILE2;
+ opt.psk = DFL_PSK;
+ opt.psk_identity = DFL_PSK_IDENTITY;
+ opt.psk_list = DFL_PSK_LIST;
+ opt.ecjpake_pw = DFL_ECJPAKE_PW;
+ opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
+ opt.version_suites = DFL_VERSION_SUITES;
+ opt.renegotiation = DFL_RENEGOTIATION;
+ opt.allow_legacy = DFL_ALLOW_LEGACY;
+ opt.renegotiate = DFL_RENEGOTIATE;
+ opt.renego_delay = DFL_RENEGO_DELAY;
+ opt.renego_period = DFL_RENEGO_PERIOD;
+ opt.exchanges = DFL_EXCHANGES;
+ opt.min_version = DFL_MIN_VERSION;
+ opt.max_version = DFL_MAX_VERSION;
+ opt.arc4 = DFL_ARC4;
+ opt.auth_mode = DFL_AUTH_MODE;
+ opt.mfl_code = DFL_MFL_CODE;
+ opt.trunc_hmac = DFL_TRUNC_HMAC;
+ opt.tickets = DFL_TICKETS;
+ opt.ticket_timeout = DFL_TICKET_TIMEOUT;
+ opt.cache_max = DFL_CACHE_MAX;
+ opt.cache_timeout = DFL_CACHE_TIMEOUT;
+ opt.sni = DFL_SNI;
+ opt.alpn_string = DFL_ALPN_STRING;
+ opt.dhm_file = DFL_DHM_FILE;
+ opt.transport = DFL_TRANSPORT;
+ opt.cookies = DFL_COOKIES;
+ opt.anti_replay = DFL_ANTI_REPLAY;
+ opt.hs_to_min = DFL_HS_TO_MIN;
+ opt.hs_to_max = DFL_HS_TO_MAX;
+ opt.badmac_limit = DFL_BADMAC_LIMIT;
+ opt.extended_ms = DFL_EXTENDED_MS;
+ opt.etm = DFL_ETM;
+
+ for( i = 1; i < argc; i++ )
+ {
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "server_port" ) == 0 )
+ opt.server_port = q;
+ else if( strcmp( p, "server_addr" ) == 0 )
+ opt.server_addr = q;
+ else if( strcmp( p, "dtls" ) == 0 )
+ {
+ int t = atoi( q );
+ if( t == 0 )
+ opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
+ else if( t == 1 )
+ opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "debug_level" ) == 0 )
+ {
+ opt.debug_level = atoi( q );
+ if( opt.debug_level < 0 || opt.debug_level > 65535 )
+ goto usage;
+ }
+ else if( strcmp( p, "nbio" ) == 0 )
+ {
+ opt.nbio = atoi( q );
+ if( opt.nbio < 0 || opt.nbio > 2 )
+ goto usage;
+ }
+ else if( strcmp( p, "read_timeout" ) == 0 )
+ opt.read_timeout = atoi( q );
+ else if( strcmp( p, "ca_file" ) == 0 )
+ opt.ca_file = q;
+ else if( strcmp( p, "ca_path" ) == 0 )
+ opt.ca_path = q;
+ else if( strcmp( p, "crt_file" ) == 0 )
+ opt.crt_file = q;
+ else if( strcmp( p, "key_file" ) == 0 )
+ opt.key_file = q;
+ else if( strcmp( p, "crt_file2" ) == 0 )
+ opt.crt_file2 = q;
+ else if( strcmp( p, "key_file2" ) == 0 )
+ opt.key_file2 = q;
+ else if( strcmp( p, "dhm_file" ) == 0 )
+ opt.dhm_file = q;
+ else if( strcmp( p, "psk" ) == 0 )
+ opt.psk = q;
+ else if( strcmp( p, "psk_identity" ) == 0 )
+ opt.psk_identity = q;
+ else if( strcmp( p, "psk_list" ) == 0 )
+ opt.psk_list = q;
+ else if( strcmp( p, "ecjpake_pw" ) == 0 )
+ opt.ecjpake_pw = q;
+ else if( strcmp( p, "force_ciphersuite" ) == 0 )
+ {
+ opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
+
+ if( opt.force_ciphersuite[0] == 0 )
+ {
+ ret = 2;
+ goto usage;
+ }
+ opt.force_ciphersuite[1] = 0;
+ }
+ else if( strcmp( p, "version_suites" ) == 0 )
+ opt.version_suites = q;
+ else if( strcmp( p, "renegotiation" ) == 0 )
+ {
+ opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED :
+ MBEDTLS_SSL_RENEGOTIATION_DISABLED;
+ }
+ else if( strcmp( p, "allow_legacy" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case -1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; break;
+ case 0: opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; break;
+ case 1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "renegotiate" ) == 0 )
+ {
+ opt.renegotiate = atoi( q );
+ if( opt.renegotiate < 0 || opt.renegotiate > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "renego_delay" ) == 0 )
+ {
+ opt.renego_delay = atoi( q );
+ }
+ else if( strcmp( p, "renego_period" ) == 0 )
+ {
+#if defined(_MSC_VER)
+ opt.renego_period = _strtoui64( q, NULL, 10 );
+#else
+ if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 )
+ goto usage;
+#endif /* _MSC_VER */
+ if( opt.renego_period < 2 )
+ goto usage;
+ }
+ else if( strcmp( p, "exchanges" ) == 0 )
+ {
+ opt.exchanges = atoi( q );
+ if( opt.exchanges < 0 )
+ goto usage;
+ }
+ else if( strcmp( p, "min_version" ) == 0 )
+ {
+ if( strcmp( q, "ssl3" ) == 0 )
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
+ else if( strcmp( q, "tls1" ) == 0 )
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
+ else if( strcmp( q, "tls1_1" ) == 0 ||
+ strcmp( q, "dtls1" ) == 0 )
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ else if( strcmp( q, "tls1_2" ) == 0 ||
+ strcmp( q, "dtls1_2" ) == 0 )
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "max_version" ) == 0 )
+ {
+ if( strcmp( q, "ssl3" ) == 0 )
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
+ else if( strcmp( q, "tls1" ) == 0 )
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
+ else if( strcmp( q, "tls1_1" ) == 0 ||
+ strcmp( q, "dtls1" ) == 0 )
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ else if( strcmp( q, "tls1_2" ) == 0 ||
+ strcmp( q, "dtls1_2" ) == 0 )
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "arc4" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break;
+ case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "force_version" ) == 0 )
+ {
+ if( strcmp( q, "ssl3" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
+ }
+ else if( strcmp( q, "tls1" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
+ }
+ else if( strcmp( q, "tls1_1" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ }
+ else if( strcmp( q, "tls1_2" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ }
+ else if( strcmp( q, "dtls1" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+ }
+ else if( strcmp( q, "dtls1_2" ) == 0 )
+ {
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+ }
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "auth_mode" ) == 0 )
+ {
+ if( ( opt.auth_mode = get_auth_mode( q ) ) < 0 )
+ goto usage;
+ }
+ else if( strcmp( p, "max_frag_len" ) == 0 )
+ {
+ if( strcmp( q, "512" ) == 0 )
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
+ else if( strcmp( q, "1024" ) == 0 )
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
+ else if( strcmp( q, "2048" ) == 0 )
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
+ else if( strcmp( q, "4096" ) == 0 )
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "alpn" ) == 0 )
+ {
+ opt.alpn_string = q;
+ }
+ else if( strcmp( p, "trunc_hmac" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
+ case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "extended_ms" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; break;
+ case 1: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "etm" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
+ case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
+ default: goto usage;
+ }
+ }
+ else if( strcmp( p, "tickets" ) == 0 )
+ {
+ opt.tickets = atoi( q );
+ if( opt.tickets < 0 || opt.tickets > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "ticket_timeout" ) == 0 )
+ {
+ opt.ticket_timeout = atoi( q );
+ if( opt.ticket_timeout < 0 )
+ goto usage;
+ }
+ else if( strcmp( p, "cache_max" ) == 0 )
+ {
+ opt.cache_max = atoi( q );
+ if( opt.cache_max < 0 )
+ goto usage;
+ }
+ else if( strcmp( p, "cache_timeout" ) == 0 )
+ {
+ opt.cache_timeout = atoi( q );
+ if( opt.cache_timeout < 0 )
+ goto usage;
+ }
+ else if( strcmp( p, "cookies" ) == 0 )
+ {
+ opt.cookies = atoi( q );
+ if( opt.cookies < -1 || opt.cookies > 1)
+ goto usage;
+ }
+ else if( strcmp( p, "anti_replay" ) == 0 )
+ {
+ opt.anti_replay = atoi( q );
+ if( opt.anti_replay < 0 || opt.anti_replay > 1)
+ goto usage;
+ }
+ else if( strcmp( p, "badmac_limit" ) == 0 )
+ {
+ opt.badmac_limit = atoi( q );
+ if( opt.badmac_limit < 0 )
+ goto usage;
+ }
+ else if( strcmp( p, "hs_timeout" ) == 0 )
+ {
+ if( ( p = strchr( q, '-' ) ) == NULL )
+ goto usage;
+ *p++ = '\0';
+ opt.hs_to_min = atoi( q );
+ opt.hs_to_max = atoi( p );
+ if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
+ goto usage;
+ }
+ else if( strcmp( p, "sni" ) == 0 )
+ {
+ opt.sni = q;
+ }
+ else
+ goto usage;
+ }
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold( opt.debug_level );
+#endif
+
+ if( opt.force_ciphersuite[0] > 0 )
+ {
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
+
+ if( opt.max_version != -1 &&
+ ciphersuite_info->min_minor_ver > opt.max_version )
+ {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ ret = 2;
+ goto usage;
+ }
+ if( opt.min_version != -1 &&
+ ciphersuite_info->max_minor_ver < opt.min_version )
+ {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ ret = 2;
+ goto usage;
+ }
+
+ /* If we select a version that's not supported by
+ * this suite, then there will be no common ciphersuite... */
+ if( opt.max_version == -1 ||
+ opt.max_version > ciphersuite_info->max_minor_ver )
+ {
+ opt.max_version = ciphersuite_info->max_minor_ver;
+ }
+ if( opt.min_version < ciphersuite_info->min_minor_ver )
+ {
+ opt.min_version = ciphersuite_info->min_minor_ver;
+ /* DTLS starts with TLS 1.1 */
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
+ opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
+ }
+
+ /* Enable RC4 if needed and not explicitly disabled */
+ if( ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
+ {
+ if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
+ {
+ mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
+ ret = 2;
+ goto usage;
+ }
+
+ opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
+ }
+ }
+
+ if( opt.version_suites != NULL )
+ {
+ const char *name[4] = { 0 };
+
+ /* Parse 4-element coma-separated list */
+ for( i = 0, p = (char *) opt.version_suites;
+ i < 4 && *p != '\0';
+ i++ )
+ {
+ name[i] = p;
+
+ /* Terminate the current string and move on to next one */
+ while( *p != ',' && *p != '\0' )
+ p++;
+ if( *p == ',' )
+ *p++ = '\0';
+ }
+
+ if( i != 4 )
+ {
+ mbedtls_printf( "too few values for version_suites\n" );
+ ret = 1;
+ goto exit;
+ }
+
+ memset( version_suites, 0, sizeof( version_suites ) );
+
+ /* Get the suites identifiers from their name */
+ for( i = 0; i < 4; i++ )
+ {
+ version_suites[i][0] = mbedtls_ssl_get_ciphersuite_id( name[i] );
+
+ if( version_suites[i][0] == 0 )
+ {
+ mbedtls_printf( "unknown ciphersuite: '%s'\n", name[i] );
+ ret = 2;
+ goto usage;
+ }
+ }
+ }
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ /*
+ * Unhexify the pre-shared key and parse the list if any given
+ */
+ if( unhexify( psk, opt.psk, &psk_len ) != 0 )
+ {
+ mbedtls_printf( "pre-shared key not valid hex\n" );
+ goto exit;
+ }
+
+ if( opt.psk_list != NULL )
+ {
+ if( ( psk_info = psk_parse( opt.psk_list ) ) == NULL )
+ {
+ mbedtls_printf( "psk_list invalid" );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ {
+ p = (char *) opt.alpn_string;
+ i = 0;
+
+ /* Leave room for a final NULL in alpn_list */
+ while( i < (int) sizeof alpn_list - 1 && *p != '\0' )
+ {
+ alpn_list[i++] = p;
+
+ /* Terminate the current string and move on to next one */
+ while( *p != ',' && *p != '\0' )
+ p++;
+ if( *p == ',' )
+ *p++ = '\0';
+ }
+ }
+#endif /* MBEDTLS_SSL_ALPN */
+
+ /*
+ * 0. Initialize the RNG and the session data
+ */
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ /*
+ * 1.1. Load the trusted CA
+ */
+ mbedtls_printf( " . Loading the CA root certificate ..." );
+ fflush( stdout );
+
+#if defined(MBEDTLS_FS_IO)
+ if( strlen( opt.ca_path ) )
+ if( strcmp( opt.ca_path, "none" ) == 0 )
+ ret = 0;
+ else
+ ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
+ else if( strlen( opt.ca_file ) )
+ if( strcmp( opt.ca_file, "none" ) == 0 )
+ ret = 0;
+ else
+ ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
+ else
+#endif
+#if defined(MBEDTLS_CERTS_C)
+ for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
+ {
+ ret = mbedtls_x509_crt_parse( &cacert,
+ (const unsigned char *) mbedtls_test_cas[i],
+ mbedtls_test_cas_len[i] );
+ if( ret != 0 )
+ break;
+ }
+#else
+ {
+ ret = 1;
+ mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ }
+#endif
+ if( ret < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok (%d skipped)\n", ret );
+
+ /*
+ * 1.2. Load own certificate and private key
+ */
+ mbedtls_printf( " . Loading the server cert. and key..." );
+ fflush( stdout );
+
+#if defined(MBEDTLS_FS_IO)
+ if( strlen( opt.crt_file ) && strcmp( opt.crt_file, "none" ) != 0 )
+ {
+ key_cert_init++;
+ if( ( ret = mbedtls_x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
+ -ret );
+ goto exit;
+ }
+ }
+ if( strlen( opt.key_file ) && strcmp( opt.key_file, "none" ) != 0 )
+ {
+ key_cert_init++;
+ if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ }
+ if( key_cert_init == 1 )
+ {
+ mbedtls_printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
+ goto exit;
+ }
+
+ if( strlen( opt.crt_file2 ) && strcmp( opt.crt_file2, "none" ) != 0 )
+ {
+ key_cert_init2++;
+ if( ( ret = mbedtls_x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n",
+ -ret );
+ goto exit;
+ }
+ }
+ if( strlen( opt.key_file2 ) && strcmp( opt.key_file2, "none" ) != 0 )
+ {
+ key_cert_init2++;
+ if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
+ -ret );
+ goto exit;
+ }
+ }
+ if( key_cert_init2 == 1 )
+ {
+ mbedtls_printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
+ goto exit;
+ }
+#endif
+ if( key_cert_init == 0 &&
+ strcmp( opt.crt_file, "none" ) != 0 &&
+ strcmp( opt.key_file, "none" ) != 0 &&
+ key_cert_init2 == 0 &&
+ strcmp( opt.crt_file2, "none" ) != 0 &&
+ strcmp( opt.key_file2, "none" ) != 0 )
+ {
+#if !defined(MBEDTLS_CERTS_C)
+ mbedtls_printf( "Not certificated or key provided, and \n"
+ "MBEDTLS_CERTS_C not defined!\n" );
+ goto exit;
+#else
+#if defined(MBEDTLS_RSA_C)
+ if( ( ret = mbedtls_x509_crt_parse( &srvcert,
+ (const unsigned char *) mbedtls_test_srv_crt_rsa,
+ mbedtls_test_srv_crt_rsa_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ if( ( ret = mbedtls_pk_parse_key( &pkey,
+ (const unsigned char *) mbedtls_test_srv_key_rsa,
+ mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ key_cert_init = 2;
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECDSA_C)
+ if( ( ret = mbedtls_x509_crt_parse( &srvcert2,
+ (const unsigned char *) mbedtls_test_srv_crt_ec,
+ mbedtls_test_srv_crt_ec_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ if( ( ret = mbedtls_pk_parse_key( &pkey2,
+ (const unsigned char *) mbedtls_test_srv_key_ec,
+ mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ key_cert_init2 = 2;
+#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_CERTS_C */
+ }
+
+ mbedtls_printf( " ok\n" );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
+ if( opt.dhm_file != NULL )
+ {
+ mbedtls_printf( " . Loading DHM parameters..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_dhm_parse_dhmfile( &dhm, opt.dhm_file ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n",
+ -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+ }
+#endif
+
+#if defined(SNI_OPTION)
+ if( opt.sni != NULL )
+ {
+ mbedtls_printf( " . Setting up SNI information..." );
+ fflush( stdout );
+
+ if( ( sni_info = sni_parse( opt.sni ) ) == NULL )
+ {
+ mbedtls_printf( " failed\n" );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+ }
+#endif /* SNI_OPTION */
+
+ /*
+ * 2. Setup the listening TCP socket
+ */
+ mbedtls_printf( " . Bind on %s://%s:%s/ ...",
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
+ opt.server_addr ? opt.server_addr : "*",
+ opt.server_port );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_bind( &listen_fd, opt.server_addr, opt.server_port,
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
+ MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 3. Setup stuff
+ */
+ mbedtls_printf( " . Setting up the SSL/TLS structure..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ opt.transport,
+ MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ if( opt.auth_mode != DFL_AUTH_MODE )
+ mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
+ mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
+ goto exit;
+ };
+#endif
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ if( opt.trunc_hmac != DFL_TRUNC_HMAC )
+ mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ if( opt.extended_ms != DFL_EXTENDED_MS )
+ mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ if( opt.etm != DFL_ETM )
+ mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret );
+ goto exit;
+ }
+#endif
+
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ if( opt.cache_max != -1 )
+ mbedtls_ssl_cache_set_max_entries( &cache, opt.cache_max );
+
+ if( opt.cache_timeout != -1 )
+ mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
+
+ mbedtls_ssl_conf_session_cache( &conf, &cache,
+ mbedtls_ssl_cache_get,
+ mbedtls_ssl_cache_set );
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
+ {
+ if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
+ mbedtls_ctr_drbg_random, &ctr_drbg,
+ MBEDTLS_CIPHER_AES_256_GCM,
+ opt.ticket_timeout ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_session_tickets_cb( &conf,
+ mbedtls_ssl_ticket_write,
+ mbedtls_ssl_ticket_parse,
+ &ticket_ctx );
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+#if defined(MBEDTLS_SSL_COOKIE_C)
+ if( opt.cookies > 0 )
+ {
+ if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+ &cookie_ctx );
+ }
+ else
+#endif /* MBEDTLS_SSL_COOKIE_C */
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+ if( opt.cookies == 0 )
+ {
+ mbedtls_ssl_conf_dtls_cookies( &conf, NULL, NULL, NULL );
+ }
+ else
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+ {
+ ; /* Nothing to do */
+ }
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+ if( opt.anti_replay != DFL_ANTI_REPLAY )
+ mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay );
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+ if( opt.badmac_limit != DFL_BADMAC_LIMIT )
+ mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit );
+#endif
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+ if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
+ mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
+
+#if defined(MBEDTLS_ARC4_C)
+ if( opt.arc4 != DFL_ARC4 )
+ mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
+#endif
+
+ if( opt.version_suites != NULL )
+ {
+ mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
+ MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_0 );
+ mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1],
+ MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_1 );
+ mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
+ MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_2 );
+ mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[3],
+ MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_3 );
+ }
+
+ if( opt.allow_legacy != DFL_ALLOW_LEGACY )
+ mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
+
+ if( opt.renego_delay != DFL_RENEGO_DELAY )
+ mbedtls_ssl_conf_renegotiation_enforced( &conf, opt.renego_delay );
+
+ if( opt.renego_period != DFL_RENEGO_PERIOD )
+ {
+ PUT_UINT64_BE( renego_period, opt.renego_period, 0 );
+ mbedtls_ssl_conf_renegotiation_period( &conf, renego_period );
+ }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( strcmp( opt.ca_path, "none" ) != 0 &&
+ strcmp( opt.ca_file, "none" ) != 0 )
+ {
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ }
+ if( key_cert_init )
+ if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
+ if( key_cert_init2 )
+ if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert2, &pkey2 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
+#endif
+
+#if defined(SNI_OPTION)
+ if( opt.sni != NULL )
+ mbedtls_ssl_conf_sni( &conf, sni_callback, sni_info );
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
+ {
+ ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
+ (const unsigned char *) opt.psk_identity,
+ strlen( opt.psk_identity ) );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret );
+ goto exit;
+ }
+ }
+
+ if( opt.psk_list != NULL )
+ mbedtls_ssl_conf_psk_cb( &conf, psk_callback, psk_info );
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+ /*
+ * Use different group than default DHM group
+ */
+#if defined(MBEDTLS_FS_IO)
+ if( opt.dhm_file != NULL )
+ ret = mbedtls_ssl_conf_dh_param_ctx( &conf, &dhm );
+#endif
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", - ret );
+ goto exit;
+ }
+#endif
+
+ if( opt.min_version != DFL_MIN_VERSION )
+ mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+
+ if( opt.max_version != DFL_MIN_VERSION )
+ mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+
+ if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ if( opt.nbio == 2 )
+ mbedtls_ssl_set_bio( &ssl, &client_fd, my_send, my_recv, NULL );
+ else
+ mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
+ opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
+
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay );
+#endif
+
+ mbedtls_printf( " ok\n" );
+
+reset:
+#if !defined(_WIN32)
+ if( received_sigterm )
+ {
+ mbedtls_printf( " interrupted by SIGTERM\n" );
+ ret = 0;
+ goto exit;
+ }
+#endif
+
+ if( ret == MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
+ {
+ mbedtls_printf( " ! Client initiated reconnection from same port\n" );
+ goto handshake;
+ }
+
+#ifdef MBEDTLS_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ mbedtls_strerror( ret, error_buf, 100 );
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
+ }
+#endif
+
+ mbedtls_net_free( &client_fd );
+
+ mbedtls_ssl_session_reset( &ssl );
+
+ /*
+ * 3. Wait until a client connects
+ */
+ mbedtls_printf( " . Waiting for a remote connection ..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
+ client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
+ {
+#if !defined(_WIN32)
+ if( received_sigterm )
+ {
+ mbedtls_printf( " interrupted by signal\n" );
+ ret = 0;
+ goto exit;
+ }
+#endif
+
+ mbedtls_printf( " failed\n ! mbedtls_net_accept returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ if( opt.nbio > 0 )
+ ret = mbedtls_net_set_nonblock( &client_fd );
+ else
+ ret = mbedtls_net_set_block( &client_fd );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
+ client_ip, cliip_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! "
+ "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
+ {
+ if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
+ (const unsigned char *) opt.ecjpake_pw,
+ strlen( opt.ecjpake_pw ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret );
+ goto exit;
+ }
+ }
+#endif
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 4. Handshake
+ */
+handshake:
+ mbedtls_printf( " . Performing the SSL/TLS handshake..." );
+ fflush( stdout );
+
+ do ret = mbedtls_ssl_handshake( &ssl );
+ while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+ if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
+ {
+ mbedtls_printf( " hello verification requested\n" );
+ ret = 0;
+ goto reset;
+ }
+ else if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
+ {
+ char vrfy_buf[512];
+ flags = mbedtls_ssl_get_verify_result( &ssl );
+
+ mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+
+ mbedtls_printf( "%s\n", vrfy_buf );
+ }
+#endif
+
+ goto reset;
+ }
+ else /* ret == 0 */
+ {
+ mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
+ mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) );
+ }
+
+ if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
+ mbedtls_printf( " [ Record expansion is %d ]\n", ret );
+ else
+ mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ mbedtls_printf( " [ Maximum fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if( opt.alpn_string != NULL )
+ {
+ const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
+ mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
+ alp ? alp : "(none)" );
+ }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ /*
+ * 5. Verify the server certificate
+ */
+ mbedtls_printf( " . Verifying peer X.509 certificate..." );
+
+ if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
+ {
+ char vrfy_buf[512];
+
+ mbedtls_printf( " failed\n" );
+
+ mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+
+ mbedtls_printf( "%s\n", vrfy_buf );
+ }
+ else
+ mbedtls_printf( " ok\n" );
+
+ if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
+ {
+ char crt_buf[512];
+
+ mbedtls_printf( " . Peer certificate information ...\n" );
+ mbedtls_x509_crt_info( crt_buf, sizeof( crt_buf ), " ",
+ mbedtls_ssl_get_peer_cert( &ssl ) );
+ mbedtls_printf( "%s\n", crt_buf );
+ }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+ if( opt.exchanges == 0 )
+ goto close_notify;
+
+ exchanges_left = opt.exchanges;
+data_exchange:
+ /*
+ * 6. Read the HTTP Request
+ */
+ mbedtls_printf( " < Read from client:" );
+ fflush( stdout );
+
+ /*
+ * TLS and DTLS need different reading styles (stream vs datagram)
+ */
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
+ {
+ do
+ {
+ int terminated = 0;
+ len = sizeof( buf ) - 1;
+ memset( buf, 0, sizeof( buf ) );
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ continue;
+
+ if( ret <= 0 )
+ {
+ switch( ret )
+ {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf( " connection was closed gracefully\n" );
+ goto close_notify;
+
+ case 0:
+ case MBEDTLS_ERR_NET_CONN_RESET:
+ mbedtls_printf( " connection was reset by peer\n" );
+ ret = MBEDTLS_ERR_NET_CONN_RESET;
+ goto reset;
+
+ default:
+ mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
+ goto reset;
+ }
+ }
+
+ if( mbedtls_ssl_get_bytes_avail( &ssl ) == 0 )
+ {
+ len = ret;
+ buf[len] = '\0';
+ mbedtls_printf( " %d bytes read\n\n%s\n", len, (char *) buf );
+
+ /* End of message should be detected according to the syntax of the
+ * application protocol (eg HTTP), just use a dummy test here. */
+ if( buf[len - 1] == '\n' )
+ terminated = 1;
+ }
+ else
+ {
+ int extra_len, ori_len;
+ unsigned char *larger_buf;
+
+ ori_len = ret;
+ extra_len = (int) mbedtls_ssl_get_bytes_avail( &ssl );
+
+ larger_buf = mbedtls_calloc( 1, ori_len + extra_len + 1 );
+ if( larger_buf == NULL )
+ {
+ mbedtls_printf( " ! memory allocation failed\n" );
+ ret = 1;
+ goto reset;
+ }
+
+ memset( larger_buf, 0, ori_len + extra_len );
+ memcpy( larger_buf, buf, ori_len );
+
+ /* This read should never fail and get the whole cached data */
+ ret = mbedtls_ssl_read( &ssl, larger_buf + ori_len, extra_len );
+ if( ret != extra_len ||
+ mbedtls_ssl_get_bytes_avail( &ssl ) != 0 )
+ {
+ mbedtls_printf( " ! mbedtls_ssl_read failed on cached data\n" );
+ ret = 1;
+ goto reset;
+ }
+
+ larger_buf[ori_len + extra_len] = '\0';
+ mbedtls_printf( " %u bytes read (%u + %u)\n\n%s\n",
+ ori_len + extra_len, ori_len, extra_len,
+ (char *) larger_buf );
+
+ /* End of message should be detected according to the syntax of the
+ * application protocol (eg HTTP), just use a dummy test here. */
+ if( larger_buf[ori_len + extra_len - 1] == '\n' )
+ terminated = 1;
+
+ mbedtls_free( larger_buf );
+ }
+
+ if( terminated )
+ {
+ ret = 0;
+ break;
+ }
+ }
+ while( 1 );
+ }
+ else /* Not stream, so datagram */
+ {
+ len = sizeof( buf ) - 1;
+ memset( buf, 0, sizeof( buf ) );
+
+ do ret = mbedtls_ssl_read( &ssl, buf, len );
+ while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+ if( ret <= 0 )
+ {
+ switch( ret )
+ {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf( " connection was closed gracefully\n" );
+ ret = 0;
+ goto close_notify;
+
+ default:
+ mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
+ goto reset;
+ }
+ }
+
+ len = ret;
+ buf[len] = '\0';
+ mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
+ ret = 0;
+ }
+
+ /*
+ * 7a. Request renegotiation while client is waiting for input from us.
+ * (only on the first exchange, to be able to test retransmission)
+ */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( opt.renegotiate && exchanges_left == opt.exchanges )
+ {
+ mbedtls_printf( " . Requestion renegotiation..." );
+ fflush( stdout );
+
+ while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
+ goto reset;
+ }
+ }
+
+ mbedtls_printf( " ok\n" );
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+ /*
+ * 7. Write the 200 Response
+ */
+ mbedtls_printf( " > Write to client:" );
+ fflush( stdout );
+
+ len = sprintf( (char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite( &ssl ) );
+
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
+ {
+ for( written = 0, frags = 0; written < len; written += ret, frags++ )
+ {
+ while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
+ <= 0 )
+ {
+ if( ret == MBEDTLS_ERR_NET_CONN_RESET )
+ {
+ mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
+ goto reset;
+ }
+
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ goto reset;
+ }
+ }
+ }
+ }
+ else /* Not stream, so datagram */
+ {
+ do ret = mbedtls_ssl_write( &ssl, buf, len );
+ while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+ if( ret < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ goto reset;
+ }
+
+ frags = 1;
+ written = ret;
+ }
+
+ buf[written] = '\0';
+ mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
+ ret = 0;
+
+ /*
+ * 7b. Continue doing data exchanges?
+ */
+ if( --exchanges_left > 0 )
+ goto data_exchange;
+
+ /*
+ * 8. Done, cleanly close the connection
+ */
+close_notify:
+ mbedtls_printf( " . Closing the connection..." );
+
+ /* No error checking, the connection might be closed already */
+ do ret = mbedtls_ssl_close_notify( &ssl );
+ while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ ret = 0;
+
+ mbedtls_printf( " done\n" );
+
+ goto reset;
+
+ /*
+ * Cleanup and exit
+ */
+exit:
+#ifdef MBEDTLS_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ mbedtls_strerror( ret, error_buf, 100 );
+ mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
+ }
+#endif
+
+ mbedtls_printf( " . Cleaning up..." );
+ fflush( stdout );
+
+ mbedtls_net_free( &client_fd );
+ mbedtls_net_free( &listen_fd );
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
+ mbedtls_dhm_free( &dhm );
+#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_free( &cacert );
+ mbedtls_x509_crt_free( &srvcert );
+ mbedtls_pk_free( &pkey );
+ mbedtls_x509_crt_free( &srvcert2 );
+ mbedtls_pk_free( &pkey2 );
+#endif
+#if defined(SNI_OPTION)
+ sni_free( sni_info );
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ psk_free( psk_info );
+#endif
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
+ mbedtls_dhm_free( &dhm );
+#endif
+
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_free( &cache );
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_free( &ticket_ctx );
+#endif
+#if defined(MBEDTLS_SSL_COOKIE_C)
+ mbedtls_ssl_cookie_free( &cookie_ctx );
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#if defined(MBEDTLS_MEMORY_DEBUG)
+ mbedtls_memory_buffer_alloc_status();
+#endif
+ mbedtls_memory_buffer_alloc_free();
+#endif
+
+ mbedtls_printf( " done.\n" );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ // Shell can not handle large exit numbers -> 1 for errors
+ if( ret < 0 )
+ ret = 1;
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
+ MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
+ MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/CMakeLists.txt b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/CMakeLists.txt
new file mode 100644
index 0000000..f9b6604
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/CMakeLists.txt
@@ -0,0 +1,13 @@
+set(libs
+ mbedtls
+)
+
+add_executable(strerror strerror.c)
+target_link_libraries(strerror ${libs})
+
+add_executable(pem2der pem2der.c)
+target_link_libraries(pem2der ${libs})
+
+install(TARGETS strerror pem2der
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/pem2der.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/pem2der.c
new file mode 100644
index 0000000..ad2c6ac
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/pem2der.c
@@ -0,0 +1,286 @@
+/*
+ * Convert PEM to DER
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_free free
+#define mbedtls_calloc calloc
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/error.h"
+#include "mbedtls/base64.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
+#define DFL_FILENAME "file.pem"
+#define DFL_OUTPUT_FILENAME "file.der"
+
+#define USAGE \
+ "\n usage: pem2der param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: file.pem\n" \
+ " output_file=%%s default: file.der\n" \
+ "\n"
+
+#if !defined(MBEDTLS_BASE64_C) || !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+/*
+ * global options
+ */
+struct options
+{
+ const char *filename; /* filename of the input file */
+ const char *output_file; /* where to store the output */
+} opt;
+
+int convert_pem_to_der( const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen )
+{
+ int ret;
+ const unsigned char *s1, *s2, *end = input + ilen;
+ size_t len = 0;
+
+ s1 = (unsigned char *) strstr( (const char *) input, "-----BEGIN" );
+ if( s1 == NULL )
+ return( -1 );
+
+ s2 = (unsigned char *) strstr( (const char *) input, "-----END" );
+ if( s2 == NULL )
+ return( -1 );
+
+ s1 += 10;
+ while( s1 < end && *s1 != '-' )
+ s1++;
+ while( s1 < end && *s1 == '-' )
+ s1++;
+ if( *s1 == '\r' ) s1++;
+ if( *s1 == '\n' ) s1++;
+
+ if( s2 <= s1 || s2 > end )
+ return( -1 );
+
+ ret = mbedtls_base64_decode( NULL, 0, &len, (const unsigned char *) s1, s2 - s1 );
+ if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
+ return( ret );
+
+ if( len > *olen )
+ return( -1 );
+
+ if( ( ret = mbedtls_base64_decode( output, len, &len, (const unsigned char *) s1,
+ s2 - s1 ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ *olen = len;
+
+ return( 0 );
+}
+
+/*
+ * Load all data from a file into a given buffer.
+ */
+static int load_file( const char *path, unsigned char **buf, size_t *n )
+{
+ FILE *f;
+ long size;
+
+ if( ( f = fopen( path, "rb" ) ) == NULL )
+ return( -1 );
+
+ fseek( f, 0, SEEK_END );
+ if( ( size = ftell( f ) ) == -1 )
+ {
+ fclose( f );
+ return( -1 );
+ }
+ fseek( f, 0, SEEK_SET );
+
+ *n = (size_t) size;
+
+ if( *n + 1 == 0 ||
+ ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
+ {
+ fclose( f );
+ return( -1 );
+ }
+
+ if( fread( *buf, 1, *n, f ) != *n )
+ {
+ fclose( f );
+ free( *buf );
+ *buf = NULL;
+ return( -1 );
+ }
+
+ fclose( f );
+
+ (*buf)[*n] = '\0';
+
+ return( 0 );
+}
+
+/*
+ * Write buffer to a file
+ */
+static int write_file( const char *path, unsigned char *buf, size_t n )
+{
+ FILE *f;
+
+ if( ( f = fopen( path, "wb" ) ) == NULL )
+ return( -1 );
+
+ if( fwrite( buf, 1, n, f ) != n )
+ {
+ fclose( f );
+ return( -1 );
+ }
+
+ fclose( f );
+ return( 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0;
+ unsigned char *pem_buffer = NULL;
+ unsigned char der_buffer[4096];
+ char buf[1024];
+ size_t pem_size, der_size = sizeof(der_buffer);
+ int i;
+ char *p, *q;
+
+ /*
+ * Set to sane values
+ */
+ memset( buf, 0, sizeof(buf) );
+ memset( der_buffer, 0, sizeof(der_buffer) );
+
+ if( argc == 0 )
+ {
+ usage:
+ mbedtls_printf( USAGE );
+ goto exit;
+ }
+
+ opt.filename = DFL_FILENAME;
+ opt.output_file = DFL_OUTPUT_FILENAME;
+
+ for( i = 1; i < argc; i++ )
+ {
+
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "filename" ) == 0 )
+ opt.filename = q;
+ else if( strcmp( p, "output_file" ) == 0 )
+ opt.output_file = q;
+ else
+ goto usage;
+ }
+
+ /*
+ * 1.1. Load the PEM file
+ */
+ mbedtls_printf( "\n . Loading the PEM file ..." );
+ fflush( stdout );
+
+ ret = load_file( opt.filename, &pem_buffer, &pem_size );
+
+ if( ret != 0 )
+ {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror( ret, buf, 1024 );
+#endif
+ mbedtls_printf( " failed\n ! load_file returned %d - %s\n\n", ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.2. Convert from PEM to DER
+ */
+ mbedtls_printf( " . Converting from PEM to DER ..." );
+ fflush( stdout );
+
+ if( ( ret = convert_pem_to_der( pem_buffer, pem_size, der_buffer, &der_size ) ) != 0 )
+ {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror( ret, buf, 1024 );
+#endif
+ mbedtls_printf( " failed\n ! convert_pem_to_der %d - %s\n\n", ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.3. Write the DER file
+ */
+ mbedtls_printf( " . Writing the DER file ..." );
+ fflush( stdout );
+
+ ret = write_file( opt.output_file, der_buffer, der_size );
+
+ if( ret != 0 )
+ {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror( ret, buf, 1024 );
+#endif
+ mbedtls_printf( " failed\n ! write_file returned %d - %s\n\n", ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+exit:
+ free( pem_buffer );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/strerror.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/strerror.c
new file mode 100644
index 0000000..458280c
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/util/strerror.c
@@ -0,0 +1,92 @@
+/*
+ * Translate error code to error string
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+#include "mbedtls/error.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
+#define USAGE \
+ "\n usage: strerror <errorcode>\n" \
+ "\n where <errorcode> can be a decimal or hexadecimal (starts with 0x or -0x)\n"
+
+#if !defined(MBEDTLS_ERROR_C) && !defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n");
+ return( 0 );
+}
+#else
+int main( int argc, char *argv[] )
+{
+ long int val;
+ char *end = argv[1];
+
+ if( argc != 2 )
+ {
+ mbedtls_printf( USAGE );
+ return( 0 );
+ }
+
+ val = strtol( argv[1], &end, 10 );
+ if( *end != '\0' )
+ {
+ val = strtol( argv[1], &end, 16 );
+ if( *end != '\0' )
+ {
+ mbedtls_printf( USAGE );
+ return( 0 );
+ }
+ }
+ if( val > 0 )
+ val = -val;
+
+ if( val != 0 )
+ {
+ char error_buf[200];
+ mbedtls_strerror( val, error_buf, 200 );
+ mbedtls_printf("Last error was: -0x%04x - %s\n\n", (int) -val, error_buf );
+ }
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( val );
+}
+#endif /* MBEDTLS_ERROR_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/wince_main.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/wince_main.c
new file mode 100644
index 0000000..203a2ba
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/wince_main.c
@@ -0,0 +1,45 @@
+/*
+ * Windows CE console application entry point
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if defined(_WIN32_WCE)
+
+#include <windows.h>
+
+extern int main( int, const char ** );
+
+int _tmain( int argc, _TCHAR* targv[] )
+{
+ char **argv;
+ int i;
+
+ argv = ( char ** ) calloc( argc, sizeof( char * ) );
+
+ for ( i = 0; i < argc; i++ ) {
+ size_t len;
+ len = _tcslen( targv[i] ) + 1;
+ argv[i] = ( char * ) calloc( len, sizeof( char ) );
+ wcstombs( argv[i], targv[i], len );
+ }
+
+ return main( argc, argv );
+}
+
+#endif /* defined(_WIN32_WCE) */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/CMakeLists.txt b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/CMakeLists.txt
new file mode 100644
index 0000000..39b8b5b
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/CMakeLists.txt
@@ -0,0 +1,30 @@
+set(libs
+ mbedtls
+)
+
+if(USE_PKCS11_HELPER_LIBRARY)
+ set(libs ${libs} pkcs11-helper)
+endif(USE_PKCS11_HELPER_LIBRARY)
+
+if(ENABLE_ZLIB_SUPPORT)
+ set(libs ${libs} ${ZLIB_LIBRARIES})
+endif(ENABLE_ZLIB_SUPPORT)
+
+add_executable(cert_app cert_app.c)
+target_link_libraries(cert_app ${libs})
+
+add_executable(crl_app crl_app.c)
+target_link_libraries(crl_app ${libs})
+
+add_executable(req_app req_app.c)
+target_link_libraries(req_app ${libs})
+
+add_executable(cert_req cert_req.c)
+target_link_libraries(cert_req ${libs})
+
+add_executable(cert_write cert_write.c)
+target_link_libraries(cert_write ${libs})
+
+install(TARGETS cert_app crl_app req_app cert_req cert_write
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_app.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_app.c
new file mode 100644
index 0000000..c893ca8
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_app.c
@@ -0,0 +1,495 @@
+/*
+ * Certificate reading application
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/debug.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define MODE_NONE 0
+#define MODE_FILE 1
+#define MODE_SSL 2
+
+#define DFL_MODE MODE_NONE
+#define DFL_FILENAME "cert.crt"
+#define DFL_CA_FILE ""
+#define DFL_CRL_FILE ""
+#define DFL_CA_PATH ""
+#define DFL_SERVER_NAME "localhost"
+#define DFL_SERVER_PORT "4433"
+#define DFL_DEBUG_LEVEL 0
+#define DFL_PERMISSIVE 0
+
+#define USAGE_IO \
+ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (none)\n" \
+ " crl_file=%%s The single CRL file you want to use\n" \
+ " default: \"\" (none)\n" \
+ " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (none) (overrides ca_file)\n"
+
+#define USAGE \
+ "\n usage: cert_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " mode=file|ssl default: none\n" \
+ " filename=%%s default: cert.crt\n" \
+ USAGE_IO \
+ " server_name=%%s default: localhost\n" \
+ " server_port=%%d default: 4433\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " permissive=%%d default: 0 (disabled)\n" \
+ "\n"
+
+/*
+ * global options
+ */
+struct options
+{
+ int mode; /* the mode to run the application in */
+ const char *filename; /* filename of the certificate file */
+ const char *ca_file; /* the file with the CA certificate(s) */
+ const char *crl_file; /* the file with the CRL to use */
+ const char *ca_path; /* the path with the CA certificate(s) reside */
+ const char *server_name; /* hostname of the server (client only) */
+ const char *server_port; /* port on which the ssl service runs */
+ int debug_level; /* level of debugging */
+ int permissive; /* permissive parsing */
+} opt;
+
+static void my_debug( void *ctx, int level,
+ const char *file, int line,
+ const char *str )
+{
+ ((void) level);
+
+ mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
+ fflush( (FILE *) ctx );
+}
+
+static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags )
+{
+ char buf[1024];
+ ((void) data);
+
+ mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
+ mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
+ mbedtls_printf( "%s", buf );
+
+ if ( ( *flags ) == 0 )
+ mbedtls_printf( " This certificate has no flags\n" );
+ else
+ {
+ mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
+ mbedtls_printf( "%s\n", buf );
+ }
+
+ return( 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0;
+ mbedtls_net_context server_fd;
+ unsigned char buf[1024];
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt cacert;
+ mbedtls_x509_crl cacrl;
+ int i, j;
+ uint32_t flags;
+ int verify = 0;
+ char *p, *q;
+ const char *pers = "cert_app";
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_net_init( &server_fd );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_x509_crt_init( &cacert );
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ mbedtls_x509_crl_init( &cacrl );
+#else
+ /* Zeroize structure as CRL parsing is not supported and we have to pass
+ it to the verify function */
+ memset( &cacrl, 0, sizeof(mbedtls_x509_crl) );
+#endif
+
+ if( argc == 0 )
+ {
+ usage:
+ mbedtls_printf( USAGE );
+ ret = 2;
+ goto exit;
+ }
+
+ opt.mode = DFL_MODE;
+ opt.filename = DFL_FILENAME;
+ opt.ca_file = DFL_CA_FILE;
+ opt.crl_file = DFL_CRL_FILE;
+ opt.ca_path = DFL_CA_PATH;
+ opt.server_name = DFL_SERVER_NAME;
+ opt.server_port = DFL_SERVER_PORT;
+ opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.permissive = DFL_PERMISSIVE;
+
+ for( i = 1; i < argc; i++ )
+ {
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ for( j = 0; p + j < q; j++ )
+ {
+ if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
+ argv[i][j] |= 0x20;
+ }
+
+ if( strcmp( p, "mode" ) == 0 )
+ {
+ if( strcmp( q, "file" ) == 0 )
+ opt.mode = MODE_FILE;
+ else if( strcmp( q, "ssl" ) == 0 )
+ opt.mode = MODE_SSL;
+ else
+ goto usage;
+ }
+ else if( strcmp( p, "filename" ) == 0 )
+ opt.filename = q;
+ else if( strcmp( p, "ca_file" ) == 0 )
+ opt.ca_file = q;
+ else if( strcmp( p, "crl_file" ) == 0 )
+ opt.crl_file = q;
+ else if( strcmp( p, "ca_path" ) == 0 )
+ opt.ca_path = q;
+ else if( strcmp( p, "server_name" ) == 0 )
+ opt.server_name = q;
+ else if( strcmp( p, "server_port" ) == 0 )
+ opt.server_port = q;
+ else if( strcmp( p, "debug_level" ) == 0 )
+ {
+ opt.debug_level = atoi( q );
+ if( opt.debug_level < 0 || opt.debug_level > 65535 )
+ goto usage;
+ }
+ else if( strcmp( p, "permissive" ) == 0 )
+ {
+ opt.permissive = atoi( q );
+ if( opt.permissive < 0 || opt.permissive > 1 )
+ goto usage;
+ }
+ else
+ goto usage;
+ }
+
+ /*
+ * 1.1. Load the trusted CA
+ */
+ mbedtls_printf( " . Loading the CA root certificate ..." );
+ fflush( stdout );
+
+ if( strlen( opt.ca_path ) )
+ {
+ ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
+ verify = 1;
+ }
+ else if( strlen( opt.ca_file ) )
+ {
+ ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
+ verify = 1;
+ }
+
+ if( ret < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok (%d skipped)\n", ret );
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ if( strlen( opt.crl_file ) )
+ {
+ if( ( ret = mbedtls_x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+
+ verify = 1;
+ }
+#endif
+
+ if( opt.mode == MODE_FILE )
+ {
+ mbedtls_x509_crt crt;
+ mbedtls_x509_crt *cur = &crt;
+ mbedtls_x509_crt_init( &crt );
+
+ /*
+ * 1.1. Load the certificate(s)
+ */
+ mbedtls_printf( "\n . Loading the certificate(s) ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509_crt_parse_file( &crt, opt.filename );
+
+ if( ret < 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret );
+ mbedtls_x509_crt_free( &crt );
+ goto exit;
+ }
+
+ if( opt.permissive == 0 && ret > 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse failed to parse %d certificates\n\n", ret );
+ mbedtls_x509_crt_free( &crt );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.2 Print the certificate(s)
+ */
+ while( cur != NULL )
+ {
+ mbedtls_printf( " . Peer certificate information ...\n" );
+ ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
+ cur );
+ if( ret == -1 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret );
+ mbedtls_x509_crt_free( &crt );
+ goto exit;
+ }
+
+ mbedtls_printf( "%s\n", buf );
+
+ cur = cur->next;
+ }
+
+ ret = 0;
+
+ /*
+ * 1.3 Verify the certificate
+ */
+ if( verify )
+ {
+ mbedtls_printf( " . Verifying X.509 certificate..." );
+
+ if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, NULL, &flags,
+ my_verify, NULL ) ) != 0 )
+ {
+ char vrfy_buf[512];
+
+ mbedtls_printf( " failed\n" );
+
+ mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+
+ mbedtls_printf( "%s\n", vrfy_buf );
+ }
+ else
+ mbedtls_printf( " ok\n" );
+ }
+
+ mbedtls_x509_crt_free( &crt );
+ }
+ else if( opt.mode == MODE_SSL )
+ {
+ /*
+ * 1. Initialize the RNG and the session data
+ */
+ mbedtls_printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ goto ssl_exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold( opt.debug_level );
+#endif
+
+ /*
+ * 2. Start the connection
+ */
+ mbedtls_printf( " . SSL connection to tcp/%s/%s...", opt.server_name,
+ opt.server_port );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_net_connect( &server_fd, opt.server_name,
+ opt.server_port, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
+ goto ssl_exit;
+ }
+
+ /*
+ * 3. Setup stuff
+ */
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
+ goto exit;
+ }
+
+ if( verify )
+ {
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
+ }
+ else
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
+
+ mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+
+ if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
+ goto ssl_exit;
+ }
+
+ if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
+ goto ssl_exit;
+ }
+
+ mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
+
+ /*
+ * 4. Handshake
+ */
+ while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
+ goto ssl_exit;
+ }
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 5. Print the certificate
+ */
+ mbedtls_printf( " . Peer certificate information ...\n" );
+ ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
+ ssl.session->peer_cert );
+ if( ret == -1 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret );
+ goto ssl_exit;
+ }
+
+ mbedtls_printf( "%s\n", buf );
+
+ mbedtls_ssl_close_notify( &ssl );
+
+ssl_exit:
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_config_free( &conf );
+ }
+ else
+ goto usage;
+
+exit:
+
+ mbedtls_net_free( &server_fd );
+ mbedtls_x509_crt_free( &cacert );
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ mbedtls_x509_crl_free( &cacrl );
+#endif
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ if( ret < 0 )
+ ret = 1;
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
+ MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
+ MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_req.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_req.c
new file mode 100644
index 0000000..30df216
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_req.c
@@ -0,0 +1,345 @@
+/*
+ * Certificate request generation
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_PEM_WRITE_C)
+int main( void )
+{
+ mbedtls_printf( "MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
+ "not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define DFL_FILENAME "keyfile.key"
+#define DFL_DEBUG_LEVEL 0
+#define DFL_OUTPUT_FILENAME "cert.req"
+#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK"
+#define DFL_KEY_USAGE 0
+#define DFL_NS_CERT_TYPE 0
+
+#define USAGE \
+ "\n usage: cert_req param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " output_file=%%s default: cert.req\n" \
+ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
+ " key_usage=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " digital_signature\n" \
+ " non_repudiation\n" \
+ " key_encipherment\n" \
+ " data_encipherment\n" \
+ " key_agreement\n" \
+ " key_cert_sign\n" \
+ " crl_sign\n" \
+ " ns_cert_type=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " ssl_client\n" \
+ " ssl_server\n" \
+ " email\n" \
+ " object_signing\n" \
+ " ssl_ca\n" \
+ " email_ca\n" \
+ " object_signing_ca\n" \
+ "\n"
+
+/*
+ * global options
+ */
+struct options
+{
+ const char *filename; /* filename of the key file */
+ int debug_level; /* level of debugging */
+ const char *output_file; /* where to store the constructed key file */
+ const char *subject_name; /* subject name for certificate request */
+ unsigned char key_usage; /* key usage flags */
+ unsigned char ns_cert_type; /* NS cert type */
+} opt;
+
+int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ FILE *f;
+ unsigned char output_buf[4096];
+ size_t len = 0;
+
+ memset( output_buf, 0, 4096 );
+ if( ( ret = mbedtls_x509write_csr_pem( req, output_buf, 4096, f_rng, p_rng ) ) < 0 )
+ return( ret );
+
+ len = strlen( (char *) output_buf );
+
+ if( ( f = fopen( output_file, "w" ) ) == NULL )
+ return( -1 );
+
+ if( fwrite( output_buf, 1, len, f ) != len )
+ {
+ fclose( f );
+ return( -1 );
+ }
+
+ fclose( f );
+
+ return( 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0;
+ mbedtls_pk_context key;
+ char buf[1024];
+ int i;
+ char *p, *q, *r;
+ mbedtls_x509write_csr req;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ const char *pers = "csr example app";
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_x509write_csr_init( &req );
+ mbedtls_x509write_csr_set_md_alg( &req, MBEDTLS_MD_SHA256 );
+ mbedtls_pk_init( &key );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ memset( buf, 0, sizeof( buf ) );
+
+ if( argc == 0 )
+ {
+ usage:
+ mbedtls_printf( USAGE );
+ ret = 1;
+ goto exit;
+ }
+
+ opt.filename = DFL_FILENAME;
+ opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.output_file = DFL_OUTPUT_FILENAME;
+ opt.subject_name = DFL_SUBJECT_NAME;
+ opt.key_usage = DFL_KEY_USAGE;
+ opt.ns_cert_type = DFL_NS_CERT_TYPE;
+
+ for( i = 1; i < argc; i++ )
+ {
+
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "filename" ) == 0 )
+ opt.filename = q;
+ else if( strcmp( p, "output_file" ) == 0 )
+ opt.output_file = q;
+ else if( strcmp( p, "debug_level" ) == 0 )
+ {
+ opt.debug_level = atoi( q );
+ if( opt.debug_level < 0 || opt.debug_level > 65535 )
+ goto usage;
+ }
+ else if( strcmp( p, "subject_name" ) == 0 )
+ {
+ opt.subject_name = q;
+ }
+ else if( strcmp( p, "key_usage" ) == 0 )
+ {
+ while( q != NULL )
+ {
+ if( ( r = strchr( q, ',' ) ) != NULL )
+ *r++ = '\0';
+
+ if( strcmp( q, "digital_signature" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
+ else if( strcmp( q, "non_repudiation" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
+ else if( strcmp( q, "key_encipherment" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
+ else if( strcmp( q, "data_encipherment" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
+ else if( strcmp( q, "key_agreement" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
+ else if( strcmp( q, "key_cert_sign" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
+ else if( strcmp( q, "crl_sign" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN;
+ else
+ goto usage;
+
+ q = r;
+ }
+ }
+ else if( strcmp( p, "ns_cert_type" ) == 0 )
+ {
+ while( q != NULL )
+ {
+ if( ( r = strchr( q, ',' ) ) != NULL )
+ *r++ = '\0';
+
+ if( strcmp( q, "ssl_client" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
+ else if( strcmp( q, "ssl_server" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
+ else if( strcmp( q, "email" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
+ else if( strcmp( q, "object_signing" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
+ else if( strcmp( q, "ssl_ca" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
+ else if( strcmp( q, "email_ca" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
+ else if( strcmp( q, "object_signing_ca" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
+ else
+ goto usage;
+
+ q = r;
+ }
+ }
+ else
+ goto usage;
+ }
+
+ if( opt.key_usage )
+ mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );
+
+ if( opt.ns_cert_type )
+ mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
+
+ /*
+ * 0. Seed the PRNG
+ */
+ mbedtls_printf( " . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.0. Check the subject name for validity
+ */
+ mbedtls_printf( " . Checking subject name..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_x509write_csr_set_subject_name( &req, opt.subject_name ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.1. Load the key
+ */
+ mbedtls_printf( " . Loading the private key ..." );
+ fflush( stdout );
+
+ ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL );
+
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned %d", ret );
+ goto exit;
+ }
+
+ mbedtls_x509write_csr_set_key( &req, &key );
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.2. Writing the request
+ */
+ mbedtls_printf( " . Writing the certificate request ..." );
+ fflush( stdout );
+
+ if( ( ret = write_certificate_request( &req, opt.output_file,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! write_certifcate_request %d", ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+exit:
+
+ if( ret != 0 && ret != 1)
+ {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror( ret, buf, sizeof( buf ) );
+ mbedtls_printf( " - %s\n", buf );
+#else
+ mbedtls_printf("\n");
+#endif
+ }
+
+ mbedtls_x509write_csr_free( &req );
+ mbedtls_pk_free( &key );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_write.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_write.c
new file mode 100644
index 0000000..66e5f1d
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/cert_write.c
@@ -0,0 +1,668 @@
+/*
+ * Certificate generation and signing
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_PEM_WRITE_C)
+int main( void )
+{
+ mbedtls_printf( "MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_SHA256_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_ERROR_C not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+#define USAGE_CSR \
+ " request_file=%%s default: (empty)\n" \
+ " If request_file is specified, subject_key,\n" \
+ " subject_pwd and subject_name are ignored!\n"
+#else
+#define USAGE_CSR ""
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+
+#define DFL_ISSUER_CRT ""
+#define DFL_REQUEST_FILE ""
+#define DFL_SUBJECT_KEY "subject.key"
+#define DFL_ISSUER_KEY "ca.key"
+#define DFL_SUBJECT_PWD ""
+#define DFL_ISSUER_PWD ""
+#define DFL_OUTPUT_FILENAME "cert.crt"
+#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK"
+#define DFL_ISSUER_NAME "CN=CA,O=mbed TLS,C=UK"
+#define DFL_NOT_BEFORE "20010101000000"
+#define DFL_NOT_AFTER "20301231235959"
+#define DFL_SERIAL "1"
+#define DFL_SELFSIGN 0
+#define DFL_IS_CA 0
+#define DFL_MAX_PATHLEN -1
+#define DFL_KEY_USAGE 0
+#define DFL_NS_CERT_TYPE 0
+
+#define USAGE \
+ "\n usage: cert_write param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ USAGE_CSR \
+ " subject_key=%%s default: subject.key\n" \
+ " subject_pwd=%%s default: (empty)\n" \
+ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
+ "\n" \
+ " issuer_crt=%%s default: (empty)\n" \
+ " If issuer_crt is specified, issuer_name is\n" \
+ " ignored!\n" \
+ " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \
+ "\n" \
+ " selfsign=%%d default: 0 (false)\n" \
+ " If selfsign is enabled, issuer_name and\n" \
+ " issuer_key are required (issuer_crt and\n" \
+ " subject_* are ignored\n" \
+ " issuer_key=%%s default: ca.key\n" \
+ " issuer_pwd=%%s default: (empty)\n" \
+ " output_file=%%s default: cert.crt\n" \
+ " serial=%%s default: 1\n" \
+ " not_before=%%s default: 20010101000000\n"\
+ " not_after=%%s default: 20301231235959\n"\
+ " is_ca=%%d default: 0 (disabled)\n" \
+ " max_pathlen=%%d default: -1 (none)\n" \
+ " key_usage=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " digital_signature\n" \
+ " non_repudiation\n" \
+ " key_encipherment\n" \
+ " data_encipherment\n" \
+ " key_agreement\n" \
+ " key_cert_sign\n" \
+ " crl_sign\n" \
+ " ns_cert_type=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " ssl_client\n" \
+ " ssl_server\n" \
+ " email\n" \
+ " object_signing\n" \
+ " ssl_ca\n" \
+ " email_ca\n" \
+ " object_signing_ca\n" \
+ "\n"
+
+/*
+ * global options
+ */
+struct options
+{
+ const char *issuer_crt; /* filename of the issuer certificate */
+ const char *request_file; /* filename of the certificate request */
+ const char *subject_key; /* filename of the subject key file */
+ const char *issuer_key; /* filename of the issuer key file */
+ const char *subject_pwd; /* password for the subject key file */
+ const char *issuer_pwd; /* password for the issuer key file */
+ const char *output_file; /* where to store the constructed key file */
+ const char *subject_name; /* subject name for certificate */
+ const char *issuer_name; /* issuer name for certificate */
+ const char *not_before; /* validity period not before */
+ const char *not_after; /* validity period not after */
+ const char *serial; /* serial number string */
+ int selfsign; /* selfsign the certificate */
+ int is_ca; /* is a CA certificate */
+ int max_pathlen; /* maximum CA path length */
+ unsigned char key_usage; /* key usage flags */
+ unsigned char ns_cert_type; /* NS cert type */
+} opt;
+
+int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ FILE *f;
+ unsigned char output_buf[4096];
+ size_t len = 0;
+
+ memset( output_buf, 0, 4096 );
+ if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096, f_rng, p_rng ) ) < 0 )
+ return( ret );
+
+ len = strlen( (char *) output_buf );
+
+ if( ( f = fopen( output_file, "w" ) ) == NULL )
+ return( -1 );
+
+ if( fwrite( output_buf, 1, len, f ) != len )
+ {
+ fclose( f );
+ return( -1 );
+ }
+
+ fclose( f );
+
+ return( 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0;
+ mbedtls_x509_crt issuer_crt;
+ mbedtls_pk_context loaded_issuer_key, loaded_subject_key;
+ mbedtls_pk_context *issuer_key = &loaded_issuer_key,
+ *subject_key = &loaded_subject_key;
+ char buf[1024];
+ char issuer_name[256];
+ int i;
+ char *p, *q, *r;
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+ char subject_name[256];
+ mbedtls_x509_csr csr;
+#endif
+ mbedtls_x509write_cert crt;
+ mbedtls_mpi serial;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ const char *pers = "crt example app";
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_x509write_crt_init( &crt );
+ mbedtls_x509write_crt_set_md_alg( &crt, MBEDTLS_MD_SHA256 );
+ mbedtls_pk_init( &loaded_issuer_key );
+ mbedtls_pk_init( &loaded_subject_key );
+ mbedtls_mpi_init( &serial );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+ mbedtls_x509_csr_init( &csr );
+#endif
+ mbedtls_x509_crt_init( &issuer_crt );
+ memset( buf, 0, 1024 );
+
+ if( argc == 0 )
+ {
+ usage:
+ mbedtls_printf( USAGE );
+ ret = 1;
+ goto exit;
+ }
+
+ opt.issuer_crt = DFL_ISSUER_CRT;
+ opt.request_file = DFL_REQUEST_FILE;
+ opt.subject_key = DFL_SUBJECT_KEY;
+ opt.issuer_key = DFL_ISSUER_KEY;
+ opt.subject_pwd = DFL_SUBJECT_PWD;
+ opt.issuer_pwd = DFL_ISSUER_PWD;
+ opt.output_file = DFL_OUTPUT_FILENAME;
+ opt.subject_name = DFL_SUBJECT_NAME;
+ opt.issuer_name = DFL_ISSUER_NAME;
+ opt.not_before = DFL_NOT_BEFORE;
+ opt.not_after = DFL_NOT_AFTER;
+ opt.serial = DFL_SERIAL;
+ opt.selfsign = DFL_SELFSIGN;
+ opt.is_ca = DFL_IS_CA;
+ opt.max_pathlen = DFL_MAX_PATHLEN;
+ opt.key_usage = DFL_KEY_USAGE;
+ opt.ns_cert_type = DFL_NS_CERT_TYPE;
+
+ for( i = 1; i < argc; i++ )
+ {
+
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "request_file" ) == 0 )
+ opt.request_file = q;
+ else if( strcmp( p, "subject_key" ) == 0 )
+ opt.subject_key = q;
+ else if( strcmp( p, "issuer_key" ) == 0 )
+ opt.issuer_key = q;
+ else if( strcmp( p, "subject_pwd" ) == 0 )
+ opt.subject_pwd = q;
+ else if( strcmp( p, "issuer_pwd" ) == 0 )
+ opt.issuer_pwd = q;
+ else if( strcmp( p, "issuer_crt" ) == 0 )
+ opt.issuer_crt = q;
+ else if( strcmp( p, "output_file" ) == 0 )
+ opt.output_file = q;
+ else if( strcmp( p, "subject_name" ) == 0 )
+ {
+ opt.subject_name = q;
+ }
+ else if( strcmp( p, "issuer_name" ) == 0 )
+ {
+ opt.issuer_name = q;
+ }
+ else if( strcmp( p, "not_before" ) == 0 )
+ {
+ opt.not_before = q;
+ }
+ else if( strcmp( p, "not_after" ) == 0 )
+ {
+ opt.not_after = q;
+ }
+ else if( strcmp( p, "serial" ) == 0 )
+ {
+ opt.serial = q;
+ }
+ else if( strcmp( p, "selfsign" ) == 0 )
+ {
+ opt.selfsign = atoi( q );
+ if( opt.selfsign < 0 || opt.selfsign > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "is_ca" ) == 0 )
+ {
+ opt.is_ca = atoi( q );
+ if( opt.is_ca < 0 || opt.is_ca > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "max_pathlen" ) == 0 )
+ {
+ opt.max_pathlen = atoi( q );
+ if( opt.max_pathlen < -1 || opt.max_pathlen > 127 )
+ goto usage;
+ }
+ else if( strcmp( p, "key_usage" ) == 0 )
+ {
+ while( q != NULL )
+ {
+ if( ( r = strchr( q, ',' ) ) != NULL )
+ *r++ = '\0';
+
+ if( strcmp( q, "digital_signature" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
+ else if( strcmp( q, "non_repudiation" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
+ else if( strcmp( q, "key_encipherment" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
+ else if( strcmp( q, "data_encipherment" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
+ else if( strcmp( q, "key_agreement" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
+ else if( strcmp( q, "key_cert_sign" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
+ else if( strcmp( q, "crl_sign" ) == 0 )
+ opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN;
+ else
+ goto usage;
+
+ q = r;
+ }
+ }
+ else if( strcmp( p, "ns_cert_type" ) == 0 )
+ {
+ while( q != NULL )
+ {
+ if( ( r = strchr( q, ',' ) ) != NULL )
+ *r++ = '\0';
+
+ if( strcmp( q, "ssl_client" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
+ else if( strcmp( q, "ssl_server" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
+ else if( strcmp( q, "email" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
+ else if( strcmp( q, "object_signing" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
+ else if( strcmp( q, "ssl_ca" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
+ else if( strcmp( q, "email_ca" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
+ else if( strcmp( q, "object_signing_ca" ) == 0 )
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
+ else
+ goto usage;
+
+ q = r;
+ }
+ }
+ else
+ goto usage;
+ }
+
+ mbedtls_printf("\n");
+
+ /*
+ * 0. Seed the PRNG
+ */
+ mbedtls_printf( " . Seeding the random number generator..." );
+ fflush( stdout );
+
+ mbedtls_entropy_init( &entropy );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ // Parse serial to MPI
+ //
+ mbedtls_printf( " . Reading serial number..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_string returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ // Parse issuer certificate if present
+ //
+ if( !opt.selfsign && strlen( opt.issuer_crt ) )
+ {
+ /*
+ * 1.0.a. Load the certificates
+ */
+ mbedtls_printf( " . Loading the issuer certificate ..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name),
+ &issuer_crt.subject );
+ if( ret < 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ opt.issuer_name = issuer_name;
+
+ mbedtls_printf( " ok\n" );
+ }
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+ // Parse certificate request if present
+ //
+ if( !opt.selfsign && strlen( opt.request_file ) )
+ {
+ /*
+ * 1.0.b. Load the CSR
+ */
+ mbedtls_printf( " . Loading the certificate request ..." );
+ fflush( stdout );
+
+ if( ( ret = mbedtls_x509_csr_parse_file( &csr, opt.request_file ) ) != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name),
+ &csr.subject );
+ if( ret < 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ opt.subject_name = subject_name;
+ subject_key = &csr.pk;
+
+ mbedtls_printf( " ok\n" );
+ }
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+
+ /*
+ * 1.1. Load the keys
+ */
+ if( !opt.selfsign && !strlen( opt.request_file ) )
+ {
+ mbedtls_printf( " . Loading the subject key ..." );
+ fflush( stdout );
+
+ ret = mbedtls_pk_parse_keyfile( &loaded_subject_key, opt.subject_key,
+ opt.subject_pwd );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+ }
+
+ mbedtls_printf( " . Loading the issuer key ..." );
+ fflush( stdout );
+
+ ret = mbedtls_pk_parse_keyfile( &loaded_issuer_key, opt.issuer_key,
+ opt.issuer_pwd );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ // Check if key and issuer certificate match
+ //
+ if( strlen( opt.issuer_crt ) )
+ {
+ if( !mbedtls_pk_can_do( &issuer_crt.pk, MBEDTLS_PK_RSA ) ||
+ mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->N,
+ &mbedtls_pk_rsa( *issuer_key )->N ) != 0 ||
+ mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->E,
+ &mbedtls_pk_rsa( *issuer_key )->E ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" );
+ ret = -1;
+ goto exit;
+ }
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ if( opt.selfsign )
+ {
+ opt.subject_name = opt.issuer_name;
+ subject_key = issuer_key;
+ }
+
+ mbedtls_x509write_crt_set_subject_key( &crt, subject_key );
+ mbedtls_x509write_crt_set_issuer_key( &crt, issuer_key );
+
+ /*
+ * 1.0. Check the names for validity
+ */
+ if( ( ret = mbedtls_x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " . Setting certificate values ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509write_crt_set_serial( &crt, &serial );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ ret = mbedtls_x509write_crt_set_validity( &crt, opt.not_before, opt.not_after );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ mbedtls_printf( " . Adding the Basic Constraints extension ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509write_crt_set_basic_constraints( &crt, opt.is_ca,
+ opt.max_pathlen );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+#if defined(MBEDTLS_SHA1_C)
+ mbedtls_printf( " . Adding the Subject Key Identifier ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509write_crt_set_subject_key_identifier( &crt );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ mbedtls_printf( " . Adding the Authority Key Identifier ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509write_crt_set_authority_key_identifier( &crt );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+#endif /* MBEDTLS_SHA1_C */
+
+ if( opt.key_usage )
+ {
+ mbedtls_printf( " . Adding the Key Usage extension ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509write_crt_set_key_usage( &crt, opt.key_usage );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+ }
+
+ if( opt.ns_cert_type )
+ {
+ mbedtls_printf( " . Adding the NS Cert Type extension ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509write_crt_set_ns_cert_type( &crt, opt.ns_cert_type );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+ }
+
+ /*
+ * 1.2. Writing the request
+ */
+ mbedtls_printf( " . Writing the certificate..." );
+ fflush( stdout );
+
+ if( ( ret = write_certificate( &crt, opt.output_file,
+ mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! write_certifcate -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+exit:
+ mbedtls_x509write_crt_free( &crt );
+ mbedtls_pk_free( &loaded_subject_key );
+ mbedtls_pk_free( &loaded_issuer_key );
+ mbedtls_mpi_free( &serial );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_entropy_free( &entropy );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
+ MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+ MBEDTLS_ERROR_C && MBEDTLS_PEM_WRITE_C */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/crl_app.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/crl_app.c
new file mode 100644
index 0000000..210d19e
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/crl_app.c
@@ -0,0 +1,145 @@
+/*
+ * CRL reading application
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/x509_crl.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define DFL_FILENAME "crl.pem"
+#define DFL_DEBUG_LEVEL 0
+
+#define USAGE \
+ "\n usage: crl_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: crl.pem\n" \
+ "\n"
+
+/*
+ * global options
+ */
+struct options
+{
+ const char *filename; /* filename of the certificate file */
+} opt;
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0;
+ unsigned char buf[100000];
+ mbedtls_x509_crl crl;
+ int i;
+ char *p, *q;
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_x509_crl_init( &crl );
+
+ if( argc == 0 )
+ {
+ usage:
+ mbedtls_printf( USAGE );
+ goto exit;
+ }
+
+ opt.filename = DFL_FILENAME;
+
+ for( i = 1; i < argc; i++ )
+ {
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "filename" ) == 0 )
+ opt.filename = q;
+ else
+ goto usage;
+ }
+
+ /*
+ * 1.1. Load the CRL
+ */
+ mbedtls_printf( "\n . Loading the CRL ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509_crl_parse_file( &crl, opt.filename );
+
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret );
+ mbedtls_x509_crl_free( &crl );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.2 Print the CRL
+ */
+ mbedtls_printf( " . CRL information ...\n" );
+ ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl );
+ if( ret == -1 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_crl_info returned %d\n\n", ret );
+ mbedtls_x509_crl_free( &crl );
+ goto exit;
+ }
+
+ mbedtls_printf( "%s\n", buf );
+
+exit:
+ mbedtls_x509_crl_free( &crl );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
+ MBEDTLS_FS_IO */
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/req_app.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/req_app.c
new file mode 100644
index 0000000..8410a53
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/mbedtls/programs/x509/req_app.c
@@ -0,0 +1,145 @@
+/*
+ * Certificate request reading application
+ *
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
+ return( 0 );
+}
+#else
+
+#include "mbedtls/x509_csr.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define DFL_FILENAME "cert.req"
+#define DFL_DEBUG_LEVEL 0
+
+#define USAGE \
+ "\n usage: req_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: cert.req\n" \
+ "\n"
+
+/*
+ * global options
+ */
+struct options
+{
+ const char *filename; /* filename of the certificate request */
+} opt;
+
+int main( int argc, char *argv[] )
+{
+ int ret = 0;
+ unsigned char buf[100000];
+ mbedtls_x509_csr csr;
+ int i;
+ char *p, *q;
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_x509_csr_init( &csr );
+
+ if( argc == 0 )
+ {
+ usage:
+ mbedtls_printf( USAGE );
+ goto exit;
+ }
+
+ opt.filename = DFL_FILENAME;
+
+ for( i = 1; i < argc; i++ )
+ {
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "filename" ) == 0 )
+ opt.filename = q;
+ else
+ goto usage;
+ }
+
+ /*
+ * 1.1. Load the CSR
+ */
+ mbedtls_printf( "\n . Loading the CSR ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509_csr_parse_file( &csr, opt.filename );
+
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file returned %d\n\n", ret );
+ mbedtls_x509_csr_free( &csr );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+
+ /*
+ * 1.2 Print the CSR
+ */
+ mbedtls_printf( " . CSR information ...\n" );
+ ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr );
+ if( ret == -1 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_x509_csr_info returned %d\n\n", ret );
+ mbedtls_x509_csr_free( &csr );
+ goto exit;
+ }
+
+ mbedtls_printf( "%s\n", buf );
+
+exit:
+ mbedtls_x509_csr_free( &csr );
+
+#if defined(_WIN32)
+ mbedtls_printf( " + Press Enter to exit this program.\n" );
+ fflush( stdout ); getchar();
+#endif
+
+ return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
+ MBEDTLS_FS_IO */