一、关于PolarSSL
mbed TLS(以前称为PolarSSL)是TLS和SSL协议的实现,并且需要相应的加密算法和支持代码。这是双重许可与Apache许可证 2.0版(与GPLv2许可也可)。网站上指出,mbed TLS的目标是“易于理解,使用,集成和扩展”
核心SSL 库用C编程语言编写,并实现SSL模块,基本加密功能并提供各种实用功能。与OpenSSL和TLS的其他实现不同,mbed TLS设计为适合小型嵌入式设备,最小完整的TLS堆栈需要60KB的程序空间和64KB的RAM。它也是高度模块化的:每个组件,如加密函数,可以独立于框架的其余部分使用。版本也可用于Microsoft Windows和Linux。因为mbed TLS是用C编程语言编写的,没有外部依赖,
PolarSSL的后期版本超过1.3.0,为内核分配和线程添加抽象层,以“支持与现有嵌入式操作系统的更好集成”——机器翻译的凑合着看。想看原版的自行Wikii
现在叫MbedTSL,PolarSSL源码,也许是最小巧的ssl代码库。高效、便于移植和集成。尤其适合嵌入式应用。
也就是说,无论是嵌入式还是桌面软件版的编程,只要你用的到AES,RSA等加密算法,你都可以直接拿过来源码放进你的工程中,进行编译管理,不用带着DLL,或者必须安装一些不必要的库,并且算法是标准库,所以你懂得。并且OpenSource。
验证:
rtos平台:秒级没有找到对应的耗时函数,估计1秒以内
linux平台验证时间:6ms
real 0m0.002s
user 0m0.004s
sys 0m0.000s
安装
克隆源代码
前往github克隆最新版的mbedtls源代码。获取最新版源代码之前需要在Ubuntu/Debian中正确安装git工具
git clone
1
切换分支(可选)
切换到某个release分支,此处选择mbedtls-2.4。
git checkout -b mbedtls-2.4 origin/mbedtls-2.4
1
通过git checkout可检出具体分支
- checkout 切换分支
- -b mbedtls-2.4 创建本地分支
- origin/mbedtls-2.4 切换到远程分支mbedtls-2.4
查看分支
通过git branch查看分支,确认已经切换到mbedtls-2.4分支
git branch
development
* mbedtls-2.4
1
2
3
4
安装
mbedtls支持make、cmake等多种安装方式。下面介绍make方式和cmake方式编译源代码,并在目标主机中安装mbedtls动态链接库和头文件。本文推荐使用cmake工具安装mbedtls。
make方式
make SHARED=1
sudo make install
1
2
使用make时默认情况下并不会生成动态链接库
SHARED=1 生成动态链接库
cmake方式(推荐)
cmake方式比make方式的步骤要多一些,如果目标主机并没有安装cmake工具,可通过apt-get工具安装cmake。
# 更新软件源
sudo apt-get update
# 通过软件源安装cmake
sudo apt-get install cmake
# 生成makefile文件,启用生成动态链接库选项
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
# 以下步骤和make方式相同
make
sudo make install
1
-DUSE_SHARED_MBEDTLS_LIBRARY=On 生成动态链接库
使用cmake时,不要忘记之后cmake指令之后的 . ,该点表示当前目录
修改mbedtls配置
mbedtls也可以通过修改配置文件的方式进行裁剪,mbedtls提供了几个参考模板,具体的config.h文件可参考mbedtls/configs目录,该目录中包括config-ccm-psk-tls1_2.h, config-mini-tls1_1.h等文件。和mbedtls安装方法相似,可通过make方法和cmake方法修改具体配置。
make方法
# 设置MBEDTLS_CONFIG_FILE宏,指向config-ccm-psk-tls1_2.h
CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='
'"
# 重新编译
make
1
2
3
4
cmake方法
# 删除之前cmake相关中间文件,但是不包括CMakeLists.txt文件
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
# 指定配置文件为 config-ccm-psk-tls1_2.h,重新编译
CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE=''" cmake .
1
2
3
4
安装总结
默认情况下 动态链接库安装至 /usr/local/lib 包括libmbedtls.so libmbedcrypto.so libmbedx509.so
默认情况下 头文件安装至 /usr/local/include/mbedtls
默认情况下 mbedtls的相关工具将安装只 /usr/local/bin目录下,例如gen_key等
gcc -I ./include test.c -L./library/ -lmbedcrypto
linux test.c
#include
#include
#include "mbedtls/md.h"
#include "mbedtls/aes.h"
#define mbedtls_printf printf
#if 0
int main(void)
{
int ret;
unsigned char secret[] = "a secret";
unsigned char buffer[] = "some data to hash";
unsigned char digest[32];
mbedtls_md_context_t sha_ctx;
mbedtls_md_init(&sha_ctx);
memset(digest, 0x00, sizeof(digest));
ret = mbedtls_md_setup(&sha_ctx, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
if (ret != 0)
{
mbedtls_printf(" ! mbedtls_md_setup() returned -0x%04x\n", -ret);
goto exit;
}
mbedtls_md_hmac_starts(&sha_ctx, secret, sizeof(secret) - 1);
mbedtls_md_hmac_update(&sha_ctx, buffer, sizeof(buffer) - 1);
mbedtls_md_hmac_finish(&sha_ctx, digest );
mbedtls_printf("HMAC: ");
for (int i = 0; i < sizeof(digest); i++)
mbedtls_printf("%02X", digest[i]);
mbedtls_printf("\n");
exit:
mbedtls_md_free( &sha_ctx );
return ret;
}
#endif
#define AES_ECB 0
#define AES_CBC 1
#define AES_CFB 2
#define AES_CTR 3
#define MODE AES_CBC
unsigned char key[16] = { 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 };
unsigned char plain[32] = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 };
unsigned char plain_decrypt[32] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
unsigned char IV[16];
unsigned char cypher[32];
int i = 0;
mbedtls_aes_context aes;
void SetIV()
{
int i;
for (i = 0; i < 16; i++)
{
IV[i] = 0x55;
}
}
void format_hex(char *szName, char *pszBuf, int len)
{
int i = 0;
printf("%s=", szName);
for (; i < len; i++) {
printf("0x%02x, ", pszBuf[i]);
}
printf("\n");
}
void test128()
{
if (MODE == AES_ECB)
{
mbedtls_aes_setkey_enc(&aes, key, 128);// set encrypt key
mbedtls_aes_crypt_ecb(&aes, 1, plain, cypher);
mbedtls_aes_setkey_dec(&aes, key, 128);// set decrypt key
mbedtls_aes_crypt_ecb(&aes, 0, cypher, plain_decrypt);
i++;
}
if (MODE == AES_CBC)
{
mbedtls_aes_setkey_enc(&aes, key, 128);// set encrypt key
SetIV();
mbedtls_aes_crypt_cbc(&aes, 1, 32, IV, plain, cypher);
format_hex("plain", plain, 32);
printf("inplain = [%s]\n", plain);
format_hex("decrypt", cypher, 32);
printf("decrypt = [%s]\n", cypher);
mbedtls_aes_setkey_dec(&aes, key, 128);// set decrypt key
SetIV();
mbedtls_aes_crypt_cbc(&aes, 0, 32, IV, cypher, plain_decrypt);
format_hex("decrypt", cypher, 32);
printf("decrypt = [%s]\n", cypher);
format_hex("Plan_decrypt", plain_decrypt, 32);
printf("plain_decrypt = [%s]\n", plain_decrypt);
i++;
}
}
unsigned char key1[32 + 1] = { 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 };
unsigned char plain1[64 + 1] = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 ,0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x12 };
unsigned char plain_decrypt1[32] = {0};
unsigned char IV1[32];
unsigned char cypher1[32];
mbedtls_aes_context aes1;
void test256()
{
if (MODE == AES_ECB)
{
mbedtls_aes_setkey_enc(&aes1, key1, 256);// set encrypt key
mbedtls_aes_crypt_ecb(&aes1, 1, plain1, cypher1);
mbedtls_aes_setkey_dec(&aes1, key, 256);// set decrypt key
mbedtls_aes_crypt_ecb(&aes1, 0, cypher1, plain_decrypt1);
i++;
}
if (MODE == AES_CBC)
{
mbedtls_aes_setkey_enc(&aes1, key1, 256);// set encrypt key
SetIV();
mbedtls_aes_crypt_cbc(&aes1, 1, 32, IV1, plain1, cypher1);
format_hex("plain", plain1, 32);
printf("inplain = [%s]\n", plain1);
format_hex("decrypt", cypher1, 32);
printf("decrypt = [%s]\n", cypher1);
mbedtls_aes_setkey_dec(&aes1, key1, 256);// set decrypt key
SetIV();
mbedtls_aes_crypt_cbc(&aes1, 0, 32, IV1, cypher1, plain_decrypt1);
format_hex("decrypt", cypher1, 32);
printf("decrypt = [%s]\n", cypher1);
format_hex("Plan_decrypt", plain_decrypt1, 32);
printf("plain_decrypt = [%s]\n", plain_decrypt1);
i++;
}
}
void main(void)
{
// log_debug0("SDK version:%s %d\n", system_get_sdk_version(),system_get_free_heap_size());
//wifi_set_event_handler_cb(wifi_handle_event_cb);
//mutex=xSemaphoreCreateMutex();
//IOT_INIT(NULL );
test128();
test256();
// for (;;) {
// }
}
rtos user_main.c
#include "esp_common.h"
#include "freertos/semphr.h"
#include "device.h"
#define MODULE_TAG "USRMAIN"
#include "log.h"
#include "mbedtls/aes.h"
#include "mbedtls/compat-1.3.h"
bool hub_flag=false;
xSemaphoreHandle mutex;
static char g_utc[32] = { 0, 0, 0 } ;
void wifi_handle_event_cb(System_Event_t *evt)
{
if(evt==NULL)
{
return ;
}
DMEvent event;
memset(&event,0,sizeof(event));
switch (evt->event_id)
{
case EVENT_STAMODE_GOT_IP:
log_debug0("get ip ok\n");
hub_flag=true;
event.event = IOTDM_EVENT_NETWORK_CONNECT;
event.param.network.connected = 1;
IOTDev_Event(&event);
break;
case EVENT_STAMODE_DHCP_TIMEOUT:
log_debug0("dhcp client get ip timeout\n");
break;
case EVENT_STAMODE_SCAN_DONE:
log_debug0("scan ap finish\n");
break;
case EVENT_STAMODE_CONNECTED:
log_debug0("connect to ap ok\n");
break;
case EVENT_STAMODE_DISCONNECTED:
log_debug0("disconnect\n");
hub_flag=false;
event.event = IOTDM_EVENT_NETWORK_CONNECT;
event.param.network.connected = 0;
IOTDev_Event(&event);
wifi_station_connect();
break;
default:
break;
}
}
void wait_hub_flag(bool flag)
{
if(flag)
{
while (!hub_flag) //等待网络完成
{
vTaskDelay(1000/portTICK_RATE_MS);
}
}
else
{
while (hub_flag) //等待网络断开
{
vTaskDelay(1000/portTICK_RATE_MS);
}
}
}
static ApInfo *g_apInfo = NULL;
void rtos_time_init(const char *utc);
void rtos_set_time(const char *time_s);
bool if_need_sntp=true;
bool if_need_init=true;
void IOT_INIT(void * arg);
void Loop_Exit() //退出hub
{
IOTDM_Exit();
if_need_init=false;
}
//启动hub
void Loop_task(void *arg)
{
xSemaphoreTake(mutex,portMAX_DELAY);
wait_hub_flag(true);
if (if_need_sntp)
{
rtos_time_init(g_utc); // 正常授时,sntp有时比较慢.
//rtos_set_time("1521002931"); //伪授时,测试时使用
IOTDM_LogLevel(2);
if_need_sntp=false;
memset(g_utc,0,sizeof(g_utc));
}
IOTDM_Loop(); // 解绑后Loop会退出,Loop内会清除station_config
// 调用Loop_Exit Loop会退出,Loop内不会清除station_config
log_debug0("delete loop task......\n");
xSemaphoreGive(mutex);
IOT_INIT(NULL); // 重新启动配网
vTaskDelete(NULL);
}
//配网
void softap_task(void *arg)
{
xSemaphoreTake(mutex,portMAX_DELAY);
g_apInfo = malloc(sizeof(ApInfo));
if(g_apInfo == NULL)
{
os_printf("Malloc failed\n");
return;
}
memset(g_apInfo,0,sizeof(ApInfo));
wait_hub_flag(false);
//IOTWifi_Start(0, g_utc);
IOTWifi_Start(0,g_apInfo);
log_debug0("delete softap task......\n");
if(strlen(g_apInfo->utc) != 0)
{
memset(g_utc,0,sizeof(g_utc));
memcpy(g_utc,g_apInfo->utc,strlen(g_apInfo->utc));
}
if(g_apInfo != NULL)
{
free(g_apInfo);
g_apInfo = NULL;
}
xSemaphoreGive(mutex);
vTaskDelete(NULL);
}
void IOT_INIT(void * arg)
{
if(!if_need_init) //判断是否需要启动,调用Loop_Exit时,if_need_init 为false
{
return;
}
memset(g_utc, 0, sizeof(g_utc));
if(!IOTWifi_IsConfiged()) //判断是否配置过网络
{
rtos_set_time("0"); //伪授时,测试时使用
xTaskCreate(softap_task,"softap_task",1024*1+512,NULL,4,NULL);
vTaskDelay(1000/portTICK_RATE_MS);
}
xTaskCreate(Loop_task,"loop_task",1024*1+512,NULL,4,NULL);
}
#define AES_ECB 0
#define AES_CBC 1
#define AES_CFB 2
#define AES_CTR 3
#define MODE AES_CBC
unsigned char key[16] = { 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 };
unsigned char plain[32] = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 };
unsigned char plain_decrypt[32] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
unsigned char IV[16];
unsigned char cypher[32];
int i = 0;
mbedtls_aes_context aes;
void SetIV()
{
int i;
for (i = 0; i < 16; i++)
{
IV[i] = 0x55;
}
}
void format_hex(char *szName, char *pszBuf, int len)
{
int i = 0;
printf("%s=", szName);
for (; i < len; i++) {
printf("0x%x, ", pszBuf[i]);
}
printf("\n");
}
void test128()
{
if (MODE == AES_ECB)
{
mbedtls_aes_setkey_enc(&aes, key, 128);// set encrypt key
mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, plain, cypher);
mbedtls_aes_setkey_dec(&aes, key, 128);// set decrypt key
mbedtls_aes_crypt_ecb(&aes, AES_DECRYPT, cypher, plain_decrypt);
i++;
}
if (MODE == AES_CBC)
{
printf("start time:%s \n", rtos_time_print());
mbedtls_aes_setkey_enc(&aes, key, 128);// set encrypt key
SetIV();
mbedtls_aes_crypt_cbc(&aes, AES_ENCRYPT, 32, IV, plain, cypher);
format_hex("plain", plain, 32);
printf("inplain = [%s]\n", plain);
format_hex("decrypt", cypher, 32);
printf("decrypt = [%s]\n", cypher);
mbedtls_aes_setkey_dec(&aes, key, 128);// set decrypt key
SetIV();
mbedtls_aes_crypt_cbc(&aes, AES_DECRYPT, 32, IV, cypher, plain_decrypt);
format_hex("decrypt", cypher, 32);
printf("decrypt = [%s]\n", cypher);
format_hex("Plan_decrypt", plain_decrypt, 32);
printf("plain_decrypt = [%s]\n", plain_decrypt);
printf("end time:%s \n", rtos_time_print());
i++;
}
}
unsigned char key1[32 + 1] = { 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 };
unsigned char plain1[64 + 1] = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 ,0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x12 };
unsigned char plain_decrypt1[32] = {0};
unsigned char IV1[32];
unsigned char cypher1[32];
mbedtls_aes_context aes1;
void test256()
{
if (MODE == AES_ECB)
{
mbedtls_aes_setkey_enc(&aes1, key1, 256);// set encrypt key
mbedtls_aes_crypt_ecb(&aes1, AES_ENCRYPT, plain1, cypher1);
mbedtls_aes_setkey_dec(&aes1, key, 256);// set decrypt key
mbedtls_aes_crypt_ecb(&aes1, AES_DECRYPT, cypher1, plain_decrypt1);
i++;
}
if (MODE == AES_CBC)
{
printf("start time:%s \n", rtos_time_print());
mbedtls_aes_setkey_enc(&aes1, key1, 256);// set encrypt key
SetIV();
mbedtls_aes_crypt_cbc(&aes1, AES_ENCRYPT, 32, IV1, plain1, cypher1);
format_hex("plain", plain1, 32);
printf("inplain = [%s]\n", plain1);
format_hex("decrypt", cypher1, 32);
printf("decrypt = [%s]\n", cypher1);
mbedtls_aes_setkey_dec(&aes1, key1, 256);// set decrypt key
SetIV();
mbedtls_aes_crypt_cbc(&aes1, AES_DECRYPT, 32, IV1, cypher1, plain_decrypt1);
format_hex("decrypt", cypher1, 32);
printf("decrypt = [%s]\n", cypher1);
format_hex("Plan_decrypt", plain_decrypt1, 32);
printf("plain_decrypt = [%s]\n", plain_decrypt1);
printf("end time:%s \n", rtos_time_print());
i++;
}
}
void user_init(void)
{
log_debug0("SDK version:%s %d\n", system_get_sdk_version(),system_get_free_heap_size());
//wifi_set_event_handler_cb(wifi_handle_event_cb);
//mutex=xSemaphoreCreateMutex();
//IOT_INIT(NULL );
test128();
test256();
for (;;) {
}
}
阅读(2342) | 评论(0) | 转发(0) |