fix : modify master

README.md

@@ -0,0 +1,484 @@
+##  Tencent IOT SDK for rt-thread Package 
+## 1 介绍
+Tencent IOT SDK for rt-thread Package 是基于腾讯云物联网开发平台[设备端 C-SDK](https://github.com/tencentyun/qcloud-iot-explorer-sdk-embedded-c.git)在RThread环境开发的软件包，配合平台对设备数据模板化的定义，实现和云端基于数据模板协议的数据交互框架，开发者基于IoT_Explorer C-SDK数据模板框架，通过脚本自动生成模板代码，快速实现设备和平台、设备和应用之间的数据交互。
+
+### 1.1 SDK架构图
+![sdk-architecture](https://main.qcloudimg.com/raw/583a783ca9189bd3beb9df0991dc0bec.jpg)
+
+### 1.2 目录结构
+
+| 名称            | 说明 |
+| ----            | ---- |
+| docs            | 文档目录 |
+| qcloud-iot-explorer-sdk-embedded-c         | 腾讯物联网设备端C-SDK |
+| ports           | 移植文件目录 |
+| samples         | 示例目录 |
+| LICENSE         | 许可证文件 |
+| README.md       | 软件包使用说明 |
+| SConscript      | RT-Thread 默认的构建脚本 |
+
+### 1.3 许可证
+
+沿用`qcloud-iot-sdk-embedded-c`许可协议MIT。
+
+## 2 软件包使用
+### 2.1 menuconfig配置
+- RT-Thread env开发工具中使用 `menuconfig` 使能 `Tencent-IoT` 软件包，配置产品及设备信息，并根据产品需求选择合适的应用示例修改新增业务逻辑，也可新增例程编写新的业务逻辑。
+
+```
+     --- Tencent-IoT:  Tencent Cloud IoT Explorer Platform SDK for RT-Thread    
+        (0WUKPUCOTC) Config Product Id                                          
+        (dev001) Config Device Name                                             
+        (N6B8M91PB4YDTRCpqvOp4w==) Config Device Secret                         
+        [*]   Enable dynamic register                                           
+        (chBjKw1ER84AAVWZ4s19YKBT) Config Product Key                           
+        [*]   Enable err log upload                                             
+        [*]   Enable multi thread function                                      
+        [*]   Enable TLS/DTLS                                                   
+              Select Product Type (Data template protocol)  --->                
+        [*]   Enable Event                                                      
+        [*]   Enable Action                                                     
+        [*]   Enable Smart_light Sample                                         
+        [*]   Enable OTA                                                        
+                Config OTA download by https or http (Download by http)  --->   
+        [*]   Enable GateWay                                                    
+              Version (latest)  --->
+```
+
+- 选项说明
+
+`Config Product Id`：配置产品ID，平台创建生成。
+
+`Config Device Name`：配置设备名，平台创建生成。
+
+`Config Device Secret`：配置设备密钥，平台创建生成，考虑到嵌入式设备大多没有文件系统，暂时没有支持证书设备配置。
+
+`Enable dynamic register`： 是否使能动态注册功能及示例，若使能，需配置动态注册的产品密钥。
+
+`Enable err log upload`： 是否使能错误日志上传云端。
+
+`Enable TLS/DTLS`： 是否使能TLS，若使能，则会关联选中mbedTLS软件包。
+
+` Select Product Type`：产品类型为自定义产品还是[数据模板协议](https://cloud.tencent.com/document/product/1081/34916)产品。
+
+`Enable event`：选用数据模板的前提下是否使能事件功能。
+
+`Enable Action`：选用数据模板的前提下是否使能行为功能。
+ 
+`Enable Smart_light Sample`：是否使能智能灯场景示例。
+
+`Enable OTA`：是否使能OTA示例。若使能OTA可进一步选择下载使用HTTPS还是HTTP。
+
+`Enable GateWay`：是否使能网关示例。
+
+`Version`：软件包版本选择, v3.1.2及以后的版本只支持物联网开发平台(IoT Explorer)，若需使用物联网通信平台(IoT Hub),请选择3.0.2版本及之前的版本。
+
+- 相关链接
+ [物联网通信平台SDK说明文档](https://github.com/tencentyun/qcloud-iot-sdk-embedded-c/blob/master/docs/物联网通信平台.md)
+
+- 使用 `pkgs --update` 命令下载软件包
+
+### 2.2 编译及运行
+1. 使用命令 scons --target=xxx 输出对应的工程，编译 
+
+2. 执行示例程序：
+
+### 2.3 运行demo程序
+系统启动后，在 MSH 中使用命令执行：
+
+#### 2.3.1 数据模板智能灯 + TLS示例：
+- 示例说明：该示例展示了设备和[物联网开发平台](https://cloud.tencent.com/product/iotexplorer)基于[数据模板协议](https://cloud.tencent.com/document/product/1081/34916)的通信示例，关于数据模板协议参见链接说明，使能TLS，示例在物联网开发平台下发控制灯为红色的命令，设备端收取了消息，打印颜色，并上报对应消息。
+
+- 配置选项
+```
+--- Tencent-IoT:  Tencent Cloud IoT Explorer Platform SDK for RT-Thread     
+--- Tencent-IoT:  Tencent Cloud IoT Explorer Platform SDK for RT-Thread               
+   (0WUKPUCOTC) Config Product Id                                                     
+   (dev001) Config Device Name                                                        
+   (N6B8M91PB4YDTRCpqvOp4w==) Config Device Secret                                    
+   [ ]   Enable dynamic register                                                      
+   [ ]   Enable err log upload                                                        
+   [ ]   Enable multi thread function                                                 
+   [*]   Enable TLS/DTLS                                                              
+         Select Product Type (Data template protocol)  --->                           
+   [*]   Enable Event                                                                 
+   [*]   Enable Action                                                                
+   [*]   Enable Smart_light Sample                                                    
+   [ ]   Enable OTA                                                                   
+   [ ]   Enable GateWay                                                               
+         Version (latest)  --->                                                       
+```
+
+- 运行示例
+
+```
+ \ | /
+- RT -     Thread Operating System
+ / | \     4.0.3 build Jun 15 2020
+ 2006 - 2020 Copyright by rt-thread team
+lwIP-2.0.2 initialized!
+[I/sal.skt] Socket Abstraction Layer initialize success.
+[I/SDIO] SD card capacity 65536 KB.
+hello rt-thread
+msh />tc_data_template_light_example start
+INF|20|qcloud_iot_device.c|iot_device_info_set(65): SDK_Ver: 3.1.1, Product_ID: 0WUKPUCOTC, Device_Name: dev001
+msh />DBG|20|HAL_TLS_mbedtls.c|HAL_TLS_Connect(228):  Connecting to /0WUKPUCOTC.iotcloud.tencentdevices.com/8883...
+DBG|21|HAL_TLS_mbedtls.c|HAL_TLS_Connect(233):  Setting up the SSL/TLS structure...
+DBG|21|HAL_TLS_mbedtls.c|HAL_TLS_Connect(285): Performing the SSL/TLS handshake...
+INF|21|mqtt_client.c|IOT_MQTT_Construct(127): mqtt connect with id: qPU1e success
+DBG|21|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/0WUKPUCOTC/dev001|packet_id=64736
+DBG|21|data_template_client.c|_template_mqtt_event_handler(242): template subscribe success, packet-id=64736
+INF|21|light_data_template_sample.c|event_handler(321): subscribe success, packet-id=64736
+INF|21|data_template_client.c|IOT_Template_Construct(785): Sync device data successfully
+DBG|21|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/event/0WUKPUCOTC/dev001|packet_id=64737
+DBG|21|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/action/0WUKPUCOTC/dev001|packet_id=64738
+INF|21|light_data_template_sample.c|data_template_light_thread(650): Cloud Device Construct Success
+DBG|21|light_data_template_sample.c|_usr_init(354): add your init code here
+INF|21|light_data_template_sample.c|_register_data_template_property(432): data template property=power_switch registered.
+INF|21|light_data_template_sample.c|_register_data_template_property(432): data template property=color registered.
+INF|21|light_data_template_sample.c|_register_data_template_property(432): data template property=brightness registered.
+INF|21|light_data_template_sample.c|_register_data_template_property(432): data template property=name registered.
+INF|21|light_data_template_sample.c|data_template_light_thread(676): Register data template propertys Success
+INF|21|light_data_template_sample.c|_register_data_template_action(294): data template action=blink registered.
+INF|21|light_data_template_sample.c|data_template_light_thread(686): Register data template actions Success
+DBG|21|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/0WUKPUCOTC/dev001|payload={"method":"report_info", "clientToken":"0WUKPUCOTC-0", "params":{"module_hardinfo":"ESP8266","module_softinfo":"V1.0","fw_ver":"3.1.1","imei":"11-22-33-44","lat":"22.546015","lon":"113.941125", "device_label":{"append_info":"your self define info"}}}
+DBG|21|data_template_client.c|_template_mqtt_event_handler(242): template subscribe success, packet-id=64737
+INF|21|light_data_template_sample.c|event_handler(321): subscribe success, packet-id=64737
+DBG|21|data_template_client.c|_template_mqtt_event_handler(242): template subscribe success, packet-id=64738
+INF|21|light_data_template_sample.c|event_handler(321): subscribe success, packet-id=64738
+DBG|21|data_template_client.c|_reply_ack_cb(169): replyAck=0
+DBG|21|data_template_client.c|_reply_ack_cb(172): Received Json Document={"method":"report_info_reply","clientToken":"0WUKPUCOTC-0","code":0,"status":"success"}
+DBG|21|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/0WUKPUCOTC/dev001|payload={"method":"get_status", "clientToken":"0WUKPUCOTC-1"}
+DBG|21|data_template_client.c|_get_status_reply_ack_cb(185): replyAck=0
+DBG|21|data_template_client.c|_get_status_reply_ack_cb(189): Received Json Document={"method":"get_status_reply","clientToken":"0WUKPUCOTC-1","code":0,"status":"success","data":{"reported":{"power_switch":0,"color":0,"brightness":0,"name":"dev001"}}}
+DBG|21|light_data_template_sample.c|data_template_light_thread(709): Get data status success
+DBG|22|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/0WUKPUCOTC/dev001|payload={"method":"report", "clientToken":"0WUKPUCOTC-2", "params":{"power_switch":0,"color":0,"brightness":0,"name":"dev001"}}
+INF|22|light_data_template_sample.c|data_template_light_thread(761): data template reporte success
+INF|23|light_data_template_sample.c|OnReportReplyCallback(416): recv report_reply(ack=0): {"method":"report_reply","clientToken":"0WUKPUCOTC-2","code":0,"status":"success"}
+DBG|27|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/0WUKPUCOTC/dev001|payload={"method":"report", "clientToken":"0WUKPUCOTC-3", "params":{"power_switch":0,"color":0,"brightness":0,"name":"dev001"}}
+INF|27|light_data_template_sample.c|data_template_light_thread(761): data template reporte success
+INF|28|light_data_template_sample.c|OnReportReplyCallback(416): recv report_reply(ack=0): {"method":"report_reply","clientToken":"0WUKPUCOTC-3","code":0,"status":"success"}
+DBG|32|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/0WUKPUCOTC/dev001|payload={"method":"report", "clientToken":"0WUKPUCOTC-4", "params":{"power_switch":0,"color":0,"brightness":0,"name":"dev001"}}
+INF|32|light_data_template_sample.c|data_template_light_thread(761): data template reporte success
+INF|33|light_data_template_sample.c|OnReportReplyCallback(416): recv report_reply(ack=0): {"method":"report_reply","clientToken":"0WUKPUCOTC-4","code":0,"status":"success"}
+DBG|37|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/0WUKPUCOTC/dev001|payload={"method":"report", "clientToken":"0WUKPUCOTC-5", "params":{"power_switch":0,"color":0,"brightness":0,"name":"dev001"}}
+INF|37|light_data_template_sample.c|data_template_light_thread(761): data template reporte success
+INF|38|light_data_template_sample.c|OnReportReplyCallback(416): recv report_reply(ack=0): {"method":"report_reply","clientToken":"0WUKPUCOTC-5","code":0,"status":"success"}
+DBG|43|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/0WUKPUCOTC/dev001|payload={"method":"report", "clientToken":"0WUKPUCOTC-6", "params":{"power_switch":0,"color":0,"brightness":0,"name":"dev001"}}
+INF|43|light_data_template_sample.c|data_template_light_thread(761): data template reporte success
+INF|44|light_data_template_sample.c|OnReportReplyCallback(416): recv report_reply(ack=0): {"method":"report_reply","clientToken":"0WUKPUCOTC-6","code":0,"status":"success"}
+DBG|46|data_template_client_manager.c|_on_template_downstream_topic_handler(527): control_str:{"color":1,"brightness":1,"name":"","power_switch":1}
+INF|46|light_data_template_sample.c|OnControlMsgCallback(405): Property=brightness changed
+INF|46|light_data_template_sample.c|OnControlMsgCallback(405): Property=color changed
+INF|46|light_data_template_sample.c|OnControlMsgCallback(405): Property=power_switch changed
+[  lighting  ]|[color:GREEN]|[brightness:--------------------]|[dev001]
+DBG|46|data_template_client.c|IOT_Template_ControlReply(698): Report Document: {"code":0, "clientToken":"clientToken-21f40729-cd65-425c-aaa8-4e6de6aecbbf"}
+DBG|46|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/0WUKPUCOTC/dev001|payload={"method":"control_reply", "code":0, "clientToken":"clientToken-21f40729-cd65-425c-aaa8-4e6de6aecbbf"}
+DBG|46|light_data_template_sample.c|data_template_light_thread(744): Contol msg reply success
+DBG|46|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/0WUKPUCOTC/dev001|payload={"method":"report", "clientToken":"0WUKPUCOTC-7", "params":{"power_switch":1,"color":1,"brightness":1}}
+INF|46|light_data_template_sample.c|data_template_light_thread(761): data template reporte success
+DBG|46|mqtt_client_publish.c|qcloud_iot_mqtt_publish(334): publish topic seq=64739|topicName=$thing/up/event/0WUKPUCOTC/dev001|payload={"method":"event_post", "clientToken":"0WUKPUCOTC-8", "eventId":"status_report", "type":"info", "timestamp":0, "params":{"status":1,"message":"light on"}}
+INF|47|light_data_template_sample.c|event_handler(335): publish success, packet-id=64739
+INF|47|light_data_template_sample.c|OnReportReplyCallback(416): recv report_reply(ack=0): {"method":"report_reply","clientToken":"0WUKPUCOTC-7","code":0,"status":"success"}
+DBG|47|data_template_event.c|_on_event_reply_callback(105): recv:{"method":"event_reply","clientToken":"0WUKPUCOTC-8","code":0,"status":"","data":{}}
+DBG|47|data_template_event.c|_on_event_reply_callback(123): eventToken:0WUKPUCOTC-8 code:0 status:(null)
+DBG|47|light_data_template_sample.c|event_post_cb(185): recv event reply, clear event
+DBG|47|data_template_event.c|_traverse_event_list(79): eventToken[0WUKPUCOTC-8] released
+DBG|48|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/0WUKPUCOTC/dev001|payload={"method":"report", "clientToken":"0WUKPUCOTC-9", "params":{"power_switch":1,"color":1,"brightness":1,"name":"dev001"}}
+INF|48|light_data_template_sample.c|data_template_light_thread(761): data template reporte success
+INF|49|light_data_template_sample.c|OnReportReplyCallback(416): recv report_reply(ack=0): {"method":"report_reply","clientToken":"0WUKPUCOTC-9","code":0,"status":"success"}
+```
+
+#### 2.3.2 OTA示例：
+- 示例说明：该示例展示了设备基于[物联网开发平台](https://cloud.tencent.com/product/iotexplorer)实现[设备固件升级](https://cloud.tencent.com/document/product/1081/39359)，固件升级的消息通道及状态上报走MQTT，固件下载通道支持HTTPS和HTTP。
+>! 若固件下载使能HTTPS，会关联选中mbedTLS软件包，需要将 `MBEDTLS_SSL_MAX_CONTENT_LEN`配置为16K
+
+- 配置选项
+```
+  --- Tencent-IoT:  Tencent Cloud IoT Explorer Platform SDK for RT-Thread         
+  (0WUKPUCOTC) Config Product Id                                                  
+  (dev001) Config Device Name                                                     
+  (N6B8M91PB4YDTRCpqvOp4w==) Config Device Secret                                 
+  [ ]   Enable dynamic register                                                   
+  [ ]   Enable err log upload                                                     
+  [ ]   Enable multi thread function                                              
+  -*-   Enable TLS/DTLS                                                           
+        Select Product Type (Data template protocol)  --->                        
+  [ ]   Enable Event                                                              
+  [ ]   Enable Action                                                             
+  [ ]   Enable Smart_light Sample                                                 
+  [*]   Enable OTA                                                                
+          Config OTA download by https or http (Download by https)  --->          
+  [ ]   Enable GateWay                                                            
+        Version (latest)  --->                                                    
+```
+
+- 运行示例
+
+```
+ \ | /
+- RT -     Thread Operating System
+ / | \     4.0.3 build Jun 16 2020
+ 2006 - 2020 Copyright by rt-thread team
+lwIP-2.0.2 initialized!
+[I/sal.skt] Socket Abstraction Layer initialize success.
+[I/SDIO] SD card capacity 65536 KB.
+msh />rt-thread
+msh />tc_ota_example start
+msh />DBG|13|HAL_TLS_mbedtls.c|HAL_TLS_Connect(228):  Connecting to /0WUKPUCOTC.iotcloud.tencentdevices.com/8883...
+DBG|13|HAL_TLS_mbedtls.c|HAL_TLS_Connect(233):  Setting up the SSL/TLS structure...
+DBG|13|HAL_TLS_mbedtls.c|HAL_TLS_Connect(285): Performing the SSL/TLS handshake...
+INF|13|mqtt_client.c|IOT_MQTT_Construct(117): mqtt connect with id: 7849s success
+INF|13|ota_mqtt_sample.c|ota_thread(314): Cloud Device Construct Success
+DBG|13|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(147): topicName=$ota/update/0WUKPUCOTC/dev001|packet_id=39516
+INF|13|ota_mqtt_sample.c|event_handler(69): subscribe success, packet-id=39516
+DBG|13|ota_mqtt.c|_otamqtt_event_callback(124): OTA topic subscribe success
+ERR|14|ota_mqtt_sample.c|get_local_fw_version(118): open file ./local_fw_info.json failed
+DBG|14|ota_mqtt_sample.c|ota_thread(331): local_ver:(null) local_md5:(null), local_size:(null)
+DBG|14|mqtt_client_publish.c|qcloud_iot_mqtt_publish(339): publish topic seq=39517|topicName=$ota/report/0WUKPUCOTC/dev001|payload={"type": "report_version", "report":{"version":"1.0.0"}}
+INF|14|ota_mqtt_sample.c|ota_thread(342): wait for ota upgrade command...
+INF|14|ota_mqtt_sample.c|event_handler(81): publish success, packet-id=39517
+DBG|14|ota_mqtt.c|_otamqtt_upgrage_cb(110): topic=$ota/update/0WUKPUCOTC/dev001
+INF|14|ota_mqtt.c|_otamqtt_upgrage_cb(111): len=86, topic_msg={"result_code":0,"result_msg":"success","type":"report_version_rsp","version":"1.0.0"}
+INF|14|ota_client.c|_ota_callback(103): Report version success!
+INF|17|ota_mqtt_sample.c|ota_thread(342): wait for ota upgrade command...
+INF|19|ota_mqtt_sample.c|ota_thread(342): wait for ota upgrade command...
+INF|21|ota_mqtt_sample.c|ota_thread(342): wait for ota upgrade command...
+INF|24|ota_mqtt_sample.c|ota_thread(342): wait for ota upgrade command...
+INF|26|ota_mqtt_sample.c|ota_thread(342): wait for ota upgrade command...
+DBG|26|ota_mqtt.c|_otamqtt_upgrage_cb(110): topic=$ota/update/0WUKPUCOTC/dev001
+INF|26|ota_mqtt.c|_otamqtt_upgrage_cb(111): len=454, topic_msg={"file_size":420139,"md5sum":"de113bec77a2931b4cb3cfc42430b346","type":"update_firmware","url":"https://ota.cos.ap-guangzhou.myqcloud.com","version":"2.0.0"}
+
+DBG|26|ota_client.c|IOT_OTA_StartDownload(347): to download FW from offset: 0, size: 420139
+DBG|26|ota_fetch.c|ofc_Init(86): head_content:Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Encoding: gzip, deflate
+Range: bytes=0-420139
+
+DBG|26|HAL_TLS_mbedtls.c|_mbedtls_client_init(148): psk/pskid is empty!|psk=(null)|psd_id=
+DBG|26|HAL_TLS_mbedtls.c|HAL_TLS_Connect(228):  Connecting to /ota-1255858890.cos.ap-guangzhou.myqcloud.com/443...
+DBG|26|HAL_TLS_mbedtls.c|HAL_TLS_Connect(233):  Setting up the SSL/TLS structure...
+DBG|26|HAL_TLS_mbedtls.c|HAL_TLS_Connect(285): Performing the SSL/TLS handshake...
+DBG|27|utils_httpc.c|qcloud_http_client_connect(744): http client connect success
+DBG|27|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$ota/report/0WUKPUCOTC/dev001|payload={"type": "report_progress", "report": {"progress": {"state":"downloading", "percent":"0", "result_code":"0", "result_msg":""}, "version": "2.0.0"}}
+DBG|27|ota_mqtt_sample.c|ota_thread(419): 4999 bytes receved
+DBG|27|ota_mqtt_sample.c|ota_thread(419): 4999 bytes receved
+DBG|27|ota_mqtt_sample.c|ota_thread(419): 4999 bytes receved
+DBG|28|ota_mqtt_sample.c|ota_thread(419): 4999 bytes receved
+DBG|28|ota_mqtt_sample.c|ota_thread(419): 4999 bytes receved
+                      .
+                      .
+DBG|44|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$ota/report/0WUKPUCOTC/dev001|payload={"type": "report_progress", "report": {"progress": {"state":"downloading", "percent":"98", "result_code":"0", "result_msg":""}, "version": "2.0.0"}}
+DBG|44|ota_mqtt_sample.c|ota_thread(419): 4999 bytes receved
+DBG|44|ota_mqtt_sample.c|ota_thread(419): 4999 bytes receved
+DBG|44|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$ota/report/0WUKPUCOTC/dev001|payload={"type": "report_progress", "report": {"progress": {"state":"downloading", "percent":"100", "result_code":"0", "result_msg":""}, "version": "2.0.0"}}
+DBG|44|ota_mqtt_sample.c|ota_thread(419): 223 bytes receved
+DBG|44|ota_client.c|IOT_OTA_Ioctl(631): origin=de113bec77a2931b4cb3cfc42430b346, now=de113bec77a2931b4cb3cfc42430b346
+INF|44|ota_mqtt_sample.c|ota_thread(459): The firmware is valid
+DBG|46|mqtt_client_publish.c|qcloud_iot_mqtt_publish(339): publish topic seq=39518|topicName=$ota/report/0WUKPUCOTC/dev001|payload={"type": "report_progress", "report":{"progress":{"state":"burning", "result_code":"0", "result_msg":""}, "version":"2.0.0"}}
+INF|47|ota_mqtt_sample.c|event_handler(81): publish success, packet-id=39518
+DBG|47|mqtt_client_publish.c|qcloud_iot_mqtt_publish(339): publish topic seq=39519|topicName=$ota/report/0WUKPUCOTC/dev001|payload={"type": "report_progress", "report":{"progress":{"state":"done", "result_code":"0", "result_msg":""}, "version":"2.0.0"}}
+INF|48|ota_mqtt_sample.c|event_handler(81): publish success, packet-id=39519
+INF|49|ota_mqtt.c|_otamqtt_event_callback(138): OTA topic has been unsubscribed
+INF|49|mqtt_client_connect.c|qcloud_iot_mqtt_disconnect(474): mqtt disconnect!
+INF|49|mqtt_client.c|IOT_MQTT_Destroy(181): mqtt release!
+```
+
+#### 2.3.2 网关示例：
+- 示例说明：该示例展示了设备基于[物联网开发平台](https://cloud.tencent.com/product/iotexplorer)通过网关代理子设备上下线及消息收发，网关示例在控制台的相关操作参阅[网关设备快速入门](https://github.com/tencentyun/qcloud-iot-explorer-sdk-embedded-c/blob/master/docs/%E7%BD%91%E5%85%B3%E8%AE%BE%E5%A4%87%E5%BF%AB%E9%80%9F%E5%85%A5%E9%97%A8.md)。
+>! 网关示例默认提供了一组测试用的网关和子设备信息，但有可能多个开发者在同时使用，这样会导致互踢。建议最好替换为自己的网关和子设备信息。
+
+- 配置选项
+```
+  --- Tencent-IoT:  Tencent Cloud IoT Explorer Platform SDK for RT-Thread         
+  (0WUKPUCOTC) Config Product Id                                                  
+  (dev001) Config Device Name                                                     
+  (N6B8M91PB4YDTRCpqvOp4w==) Config Device Secret                                 
+  [ ]   Enable dynamic register                                                   
+  [ ]   Enable err log upload                                                     
+  [ ]   Enable multi thread function                                              
+  -*-   Enable TLS/DTLS                                                           
+        Select Product Type (Data template protocol)  --->                        
+  [ ]   Enable Event                                                              
+  [ ]   Enable Action                                                             
+  [ ]   Enable Smart_light Sample                                                 
+  [ ]   Enable OTA                                                                
+          Config OTA download by https or http (Download by https)  --->          
+  [*]   Enable GateWay                                                            
+        Version (latest)  --->                                                    
+```
+
+- 运行示例
+```
+ \ | /
+- RT -     Thread Operating System
+ / | \     4.0.3 build Jun 16 2020
+ 2006 - 2020 Copyright by rt-thread team
+lwIP-2.0.2 initialized!
+[I/sal.skt] Socket Abstraction Layer initialize success.
+[I/SDIO] SD card capacity 65536 KB.
+hello rt-thread
+msh />tc_gateway_example start
+msh />DBG|7|HAL_Device_rtthread.c|HAL_GetGwDevInfo(173): sub device num:6
+DBG|7|HAL_Device_rtthread.c|HAL_GetGwDevInfo(175): 0th subDevPid:BK7EEF4UIB subDevName:dev01
+DBG|7|HAL_Device_rtthread.c|HAL_GetGwDevInfo(175): 1th subDevPid:BK7EEF4UIB subDevName:dev02
+DBG|7|HAL_Device_rtthread.c|HAL_GetGwDevInfo(175): 2th subDevPid:BK7EEF4UIB subDevName:dev03
+DBG|7|HAL_Device_rtthread.c|HAL_GetGwDevInfo(175): 3th subDevPid:7P3KIFQ1JD subDevName:test01
+DBG|7|HAL_Device_rtthread.c|HAL_GetGwDevInfo(175): 4th subDevPid:7P3KIFQ1JD subDevName:test02
+DBG|7|HAL_Device_rtthread.c|HAL_GetGwDevInfo(175): 5th subDevPid:7P3KIFQ1JD subDevName:test03
+DBG|7|HAL_TLS_mbedtls.c|HAL_TLS_Connect(228):  Connecting to /0WUKPUCOTC.iotcloud.tencentdevices.com/8883...
+DBG|7|HAL_TLS_mbedtls.c|HAL_TLS_Connect(233):  Setting up the SSL/TLS structure...
+DBG|7|HAL_TLS_mbedtls.c|HAL_TLS_Connect(285): Performing the SSL/TLS handshake...
+INF|7|mqtt_client.c|IOT_MQTT_Construct(117): mqtt connect with id: u7YuF success
+DBG|7|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(147): topicName=$gateway/operation/result/0WUKPUCOTC/dev001|packet_id=55998
+DBG|7|gateway_api.c|_gateway_event_handler(116): gateway sub|unsub(3) success, packet-id=55998
+DBG|7|gateway_api.c|gateway_yield_thread(38): gateway yield thread start ...
+DBG|8|gateway_api.c|IOT_Gateway_Subdev_Online(219): there is no session, create a new session
+DBG|8|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"online","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev01"}]}}
+INF|8|gateway_common.c|_gateway_message_handler(159): client_id(BK7EEF4UIB/dev01), online result 0
+DBG|8|gateway_sample.c|gateway_thread(238): subDev Pid:BK7EEF4UIB devName:dev01 online success.
+DBG|8|gateway_api.c|IOT_Gateway_Subdev_Online(219): there is no session, create a new session
+DBG|8|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"online","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev02"}]}}
+INF|8|gateway_common.c|_gateway_message_handler(159): client_id(BK7EEF4UIB/dev02), online result 0
+DBG|8|gateway_sample.c|gateway_thread(238): subDev Pid:BK7EEF4UIB devName:dev02 online success.
+DBG|8|gateway_api.c|IOT_Gateway_Subdev_Online(219): there is no session, create a new session
+DBG|8|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"online","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev03"}]}}
+INF|8|gateway_common.c|_gateway_message_handler(159): client_id(BK7EEF4UIB/dev03), online result 0
+DBG|9|gateway_sample.c|gateway_thread(238): subDev Pid:BK7EEF4UIB devName:dev03 online success.
+DBG|9|gateway_api.c|IOT_Gateway_Subdev_Online(219): there is no session, create a new session
+DBG|9|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"online","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test01"}]}}
+INF|9|gateway_common.c|_gateway_message_handler(159): client_id(7P3KIFQ1JD/test01), online result 0
+DBG|9|gateway_sample.c|gateway_thread(238): subDev Pid:7P3KIFQ1JD devName:test01 online success.
+DBG|9|gateway_api.c|IOT_Gateway_Subdev_Online(219): there is no session, create a new session
+DBG|9|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"online","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test02"}]}}
+INF|9|gateway_common.c|_gateway_message_handler(159): client_id(7P3KIFQ1JD/test02), online result 0
+DBG|9|gateway_sample.c|gateway_thread(238): subDev Pid:7P3KIFQ1JD devName:test02 online success.
+DBG|9|gateway_api.c|IOT_Gateway_Subdev_Online(219): there is no session, create a new session
+DBG|9|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"online","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test03"}]}}
+INF|9|gateway_common.c|_gateway_message_handler(159): client_id(7P3KIFQ1JD/test03), online result 0
+DBG|9|gateway_sample.c|gateway_thread(238): subDev Pid:7P3KIFQ1JD devName:test03 online success.
+ERR|9|gateway_sample.c|gateway_thread(265): create sub_dev light thread success
+DBG|9|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(147): topicName=$thing/down/property/BK7EEF4UIB/dev02|packet_id=55999
+DBG|9|sub_dev001.c|sub_dev1_thread(556): sub_dev1_thread ...
+INF|9|qcloud_iot_devDBG|9|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(147): topicName=$thing/down/property/BK7EEF4UIB/dev03|packet_id=56000
+DBG|9|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(147): topicName=$thing/down/property/7P3KIFQ1JD/test01|packet_id=56001
+DBG|9|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(147): topicName=$thiice.c|iot_device_info_set(55): SDK_Ver: 3.1.3, Product_ID: BK7EEF4UIB, Device_Name: dev01
+ng/down/property/7P3KIFQ1JD/test02|packet_id=56002
+DBG|9|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(147): topicName=$thing/down/property/BK7EEF4UIB/dev01|packet_id=56003
+INF|9|sub_dev001.c|DBG|9|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(147): topicName=$thing/down/property/7P3KIFQ1JD/test03|packet_id=56004
+suDBG|9|gateway_api.c|_gateway_event_handler(116): gateway sub|unsub(3) success, packet-id=55999
+INF|9|gateway_sample.c|_event_handler(81): subscribe success, packet-id=55999
+b_dev1_thread(566): Cloud Device Construct Success
+DBG|9|sub_dev001.c|_usr_init(335): add your init code here
+INF|9|sub_dev001.c|_register_data_template_property(376): data template property=power_switch registered.
+INF|9|sub_dev001.c|_register_data_template_property(376): data template property=color registered.
+INF|9|sub_dev001.c|_register_data_template_property(376): data template property=brightness registered.
+INF|9|sub_dev001.c|_register_data_template_property(376): data template property=name registered.
+INF|9|sub_dev001.c|sub_dev1_thread(588): Register data template propertys Success
+DBG|9|gateway_api.c|_gateway_event_handler(116): gateway sub|unsub(3) success, packet-id=56001
+INF|9|gateway_sample.c|_event_handler(81): subscribe success, packet-id=56001
+DBG|9|gateway_api.c|_gateway_event_handler(116): gateway sub|unsub(3) success, packet-id=56003
+INF|9|gateway_sample.c|_event_handler(81): subscribe success, packet-id=56003
+DBG|9|gateway_api.c|_gateway_event_handler(116): gateway sub|unsub(3) success, packet-id=56000
+INF|9|gateway_sample.c|_event_handler(81): subscribe success, packet-id=56000
+DBG|9|gateway_api.c|_gateway_event_handler(116): gateway sub|unsub(3) success, packet-id=56002
+INF|9|gateway_sample.c|_event_handler(81): subscribe success, packet-id=56002
+DBG|9|gateway_api.c|_gateway_event_handler(116): gateway sub|unsub(3) success, packet-id=56004
+INF|9|gateway_sample.c|_event_handler(81): subscribe success, packet-id=56004
+DBG|10|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev01|payload={"method":"report_info", "clientToken":"BK7EEF4UIB-0", "params":{"module_hardinfo":"ESP8266","module_softinfo":"V1.0","fw_ver":"3.1.3","imei":"11-22-33-44","lat":"22.546015","lon":"113.941125", "device_label":{"append_info":"your self define info"}}}
+DBG|10|data_template_client.c|_reply_ack_cb(194): replyAck=0
+DBG|10|data_template_client.c|_reply_ack_cb(197): Received Json Document={"method":"report_info_reply","clientToken":"BK7EEF4UIB-0","code":0,"status":"success"}
+DBG|10|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev01|payload={"method":"get_status", "clientToken":"BK7EEF4UIB-1"}
+DBG|10|data_template_client.c|_get_status_reply_ack_cb(211): replyAck=0
+DBG|10|data_template_client.c|_get_status_reply_ack_cb(215): Received Json Document={"method":"get_status_reply","clientToken":"BK7EEF4UIB-1","code":0,"status":"success","data":{"reported":{"brightness":0,"name":"","power_switch":0,"color":0}}}
+DBG|11|sub_dev001.c|sub_dev1_thread(626): Get data status success
+DBG|11|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev01|payload={"method":"report", "clientToken":"BK7EEF4UIB-2", "params":{"power_switch":0,"color":0,"brightness":0,"name":""}}
+INF|11|sub_dev001.c|sub_dev1_thread(665): data template reporte success
+INF|11|sub_dev001.c|OnReportReplyCallback(361): recv report_reply(ack=0): {"method":"report_reply","clientToken":"BK7EEF4UIB-2","code":0,"status":"success"}
+DBG|11|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev02|payload={"method":"report","clientToken":"123","params":{}}
+DBG|11|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev03|payload={"method":"report","clientToken":"123","params":{}}
+DBG|11|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$thing/up/property/7P3KIFQ1JD/test01|payload={"method":"report","clientToken":"123","params":{}}
+DBG|11|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$thing/up/property/7P3KIFQ1JD/test02|payload={"method":"report","clientToken":"123","params":{}}
+DBG|11|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$thing/up/property/7P3KIFQ1JD/test03|payload={"method":"report","clientToken":"123","params":{}}
+INF|11|gateway_sample.c|_message_handler(131): Receive Message With topicName:$thing/down/property/BK7EEF4UIB/dev02, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|11|gateway_sample.c|_message_handler(131): Receive Message With topicName:$thing/down/property/7P3KIFQ1JD/test01, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|11|gateway_sample.c|_message_handler(131): Receive Message With topicName:$thing/down/property/7P3KIFQ1JD/test02, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|11|gateway_sample.c|_message_handler(131): Receive Message With topicName:$thing/down/property/7P3KIFQ1JD/test03, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|11|gateway_sample.c|_message_handler(131): Receive Message With topicName:$thing/down/property/BK7EEF4UIB/dev03, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+DBG|17|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev01|payload={"method":"report", "clientToken":"BK7EEF4UIB-3", "params":{"power_switch":0,"color":0,"brightness":0,"name":""}}
+INF|17|sub_dev001.c|sub_dev1_thread(665): data template reporte success
+INF|17|sub_dev001.c|OnReportReplyCallback(361): recv report_reply(ack=0): {"method":"report_reply","clientToken":"BK7EEF4UIB-3","code":0,"status":"success"}
+msh />tc_gateway_example stop 
+msh />DBG|22|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"offline","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev01"}]}}
+INF|22|gateway_common.c|_gateway_message_handler(164): client_id(BK7EEF4UIB/dev01), offline result 0
+DBG|22|gateway_sample.c|gateway_thread(342): subDev Pid:BK7EEF4UIB devName:dev01 offline success.
+DBG|22|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"offline","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev02"}]}}
+INF|22|gateway_common.c|_gateway_message_handler(164): client_id(BK7EEF4UIB/dev02), offline result 0
+DBG|22|gateway_sample.c|gateway_thread(342): subDev Pid:BK7EEF4UIB devName:dev02 offline success.
+DBG|22|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"offline","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev03"}]}}
+INF|22|gateway_common.c|_gateway_message_handler(164): client_id(BK7EEF4UIB/dev03), offline result 0
+DBG|22|gateway_sample.c|gateway_thread(342): subDev Pid:BK7EEF4UIB devName:dev03 offline success.
+DBG|22|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"offline","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test01"}]}}
+INF|22|gateway_common.c|_gateway_message_handler(164): client_id(7P3KIFQ1JD/test01), offline result 0
+DBG|23|gateway_sample.c|gateway_thread(342): subDev Pid:7P3KIFQ1JD devName:test01 offline success.
+DBG|23|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"offline","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test02"}]}}
+INF|23|gateway_common.c|_gateway_message_handler(164): client_id(7P3KIFQ1JD/test02), offline result 0
+DBG|23|gateway_sample.c|gateway_thread(342): subDev Pid:7P3KIFQ1JD devName:test02 offline success.
+DBG|23|mqtt_client_publish.c|qcloud_iot_mqtt_publish(345): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/dev001|payload={"type":"offline","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test03"}]}}
+INF|23|gateway_common.c|_gateway_message_handler(164): client_id(7P3KIFQ1JD/test03), offline result 0
+DBG|23|gateway_sample.c|gateway_thread(342): subDev Pid:7P3KIFQ1JD devName:test03 offline success.
+INF|24|mqtt_client_connect.c|qcloud_iot_mqtt_disconnect(474): mqtt disconnect!
+INF|24|mqtt_client.c|IOT_MQTT_Destroy(181): mqtt release!
+```
+
+
+### 2.4 控制台相关操作
+#### 2.4.1 在线调试
+- [物联网开发平台](https://cloud.tencent.com/product/iotexplorer)可以通过控制台直接调试，如下截图
+![control](https://main.qcloudimg.com/raw/6027fc232f761b4726a13eb964721b09.jpg)
+
+#### 2.4.2 设备日志查询
+![log](https://main.qcloudimg.com/raw/5d298db54110e0c389d10e93b1efcf2b.jpg)
+
+#### 2.4.3 设备事件查询
+![event](https://main.qcloudimg.com/raw/66cfd99526d55e91778fe58e11f7d159.jpg)
+
+### 2.5 其他示例说明
+ 关于 SDK 的更多使用方式及接口了解, 参见 `qcloud_iot_api_export.h`，其他示例不再一一列举。
+
+### 2.6 可变参数配置
+开发者可以根据具体场景需求，配置相应的参数，满足实际业务的运行。可变接入参数包括：
+1. MQTT 心跳消息发送周期, 单位: ms 
+2. MQTT 阻塞调用(包括连接, 订阅, 发布等)的超时时间, 单位:ms。 建议 5000 ms
+3. TLS 连接握手超时时间, 单位: ms
+4. MQTT 协议发送消息和接受消息的 buffer 大小默认是 512 字节，最大支持 256 KB
+5. CoAP 协议发送消息和接受消息的 buffer 大小默认是 512 字节，最大支持 64 KB
+6. 重连最大等待时间
+
+修改 qcloud_iot_export.h 文件如下宏定义可以改变对应接入参数的配置。
+
+```
+/* MQTT心跳消息发送周期, 单位:ms */
+#define QCLOUD_IOT_MQTT_KEEP_ALIVE_INTERNAL                         (240 * 1000)
+
+/* MQTT 阻塞调用(包括连接, 订阅, 发布等)的超时时间, 单位:ms 建议5000ms */
+#define QCLOUD_IOT_MQTT_COMMAND_TIMEOUT                             (5000)
+
+/* TLS连接握手超时时间, 单位:ms */
+#define QCLOUD_IOT_TLS_HANDSHAKE_TIMEOUT                            (5000)
+
+/* MQTT消息发送buffer大小, 支持最大256*1024 */
+#define QCLOUD_IOT_MQTT_TX_BUF_LEN                                  (512)
+
+/* MQTT消息接收buffer大小, 支持最大256*1024 */
+#define QCLOUD_IOT_MQTT_RX_BUF_LEN                                  (512)
+
+/* COAP 发送消息buffer大小，最大支持64*1024字节 */
+#define COAP_SENDMSG_MAX_BUFLEN                                     (512)
+
+/* COAP 接收消息buffer大小，最大支持64*1024字节 */
+#define COAP_RECVMSG_MAX_BUFLEN                                     (512)
+
+/* 重连最大等待时间 */
+#define MAX_RECONNECT_WAIT_INTERVAL                                 (60000)
+
+```

SConscript

@@ -0,0 +1,126 @@
+from building import *
+import os
+from building import *
+import rtconfig
+
+cwd  = GetCurrentDir()
+
+src_base  = []
+
+
+sample_data_template_src = []
+sample_light_data_template_src = []
+sample_mqtt_basic_src  = []
+sample_raw_data_src  = []
+sample_ota_src  = []
+sample_gateway_src  = []
+sample_dyn_src = []
+
+CPPPATH = []
+CPPDEFINES = []
+LOCAL_CCFLAGS = ''
+
+#include headfile
+CPPPATH += [cwd + '/ports/ssl']
+CPPPATH += [cwd + '/qcloud-iot-explorer-sdk-embedded-c/include']
+CPPPATH += [cwd + '/qcloud-iot-explorer-sdk-embedded-c/include/exports']
+CPPPATH += [cwd + '/qcloud-iot-explorer-sdk-embedded-c/sdk_src/internal_inc']
+
+#common src file
+src_base += Glob('qcloud-iot-explorer-sdk-embedded-c/sdk_src/protocol/mqtt/*.c')
+src_base += Glob('qcloud-iot-explorer-sdk-embedded-c/sdk_src/services/data_template/*.c')
+src_base += Glob('qcloud-iot-explorer-sdk-embedded-c/sdk_src/utils/*.c')
+src_base += Glob('qcloud-iot-explorer-sdk-embedded-c/sdk_src/network/*.c')
+src_base += Glob('qcloud-iot-explorer-sdk-embedded-c/sdk_src/network/socket/*.c')
+src_base += Glob('qcloud-iot-explorer-sdk-embedded-c/sdk_src/network/tls/*.c')
+src_base += Glob('ports/rtthread/*.c')
+SrcRemove(src_base, 'ports/rtthread/HAL_UDP_rtthread.c')
+
+CPPDEFINES += ['MQTT_COMM_ENABLED', 'AUTH_MODE_KEY']
+
+#ota src file
+if GetDepend(['PKG_USING_TENCENT_IOT_EXPLORER_OTA']):
+	CPPDEFINES += ['OTA_MQTT_CHANNEL']
+	src_base += Glob('qcloud-iot-explorer-sdk-embedded-c/sdk_src/services/ota/*.c')
+	src_base += Glob('qcloud-iot-explorer-sdk-embedded-c/sdk_src/protocol/http/utils_httpc.c')
+	if GetDepend(['PKG_USING_OTA_HTTPS']):
+		CPPDEFINES += ['OTA_USE_HTTPS']
+		
+#gateway src file
+if GetDepend(['PKG_USING_TENCENT_IOT_EXPLORER_GATEWAY']):
+	src_base += Glob('qcloud-iot-explorer-sdk-embedded-c/sdk_src/services/gateway/*.c')
+	CPPDEFINES += ['GATEWAY_ENABLED','MULTITHREAD_ENABLED']
+	
+#TLS used
+if GetDepend(['PKG_USING_TENCENT_IOT_EXPLORER_TLS']):
+	src_base += Glob('ports/ssl/HAL_TLS_mbedtls.c')	
+	if rtconfig.CROSS_TOOL == 'keil' or rtconfig.CROSS_TOOL == 'iar':
+		CPPDEFINES += ['MBEDTLS_CONFIG_FILE=<tc_tls_config.h>']			
+#	else: #gcc
+#		import shutil
+#		cp_src = cwd + '/ports/ssl/tc_tls_config.h''
+#		cp_dst = cwd + '/../mbedtls-v2.7.10/ports/inc/tls_config.h'
+#		shutil.copyfile(cp_src, cp_dst)		
+		
+else:
+	CPPDEFINES += ['AUTH_WITH_NOTLS']
+
+#dyn src file	
+if GetDepend(['PKG_USING_DYN_REG']):
+    sample_dyn_src += Glob('samples/dynreg_dev/dynreg_dev_sample.c')
+    src_base += Glob('qcloud-iot-explorer-sdk-embedded-c/sdk_src/services/dynreg/*.c')
+    CPPDEFINES += ['DEV_DYN_REG_ENABLED']
+
+group = DefineGroup('sample_dyn_reg', sample_dyn_src, depend = ['PKG_USING_DYN_REG'], CPPPATH = CPPPATH, LOCAL_CCFLAGS = LOCAL_CCFLAGS, CPPDEFINES = CPPDEFINES)
+
+#Err log upload used	
+if GetDepend(['PKG_USING_LOG_UPLOAD']):
+	src_base += Glob('qcloud-iot-explorer-sdk-embedded-c/sdk_src/services/log/*.c')
+	CPPDEFINES += ['LOG_UPLOAD']
+
+if GetDepend(['PKG_USING_MULTITHREAD_ENABLED']):	
+	CPPDEFINES += ['MULTITHREAD_ENABLED']
+	
+#IoT Explorer C-SDK core
+group = DefineGroup('tencent-iot-explorer', src_base, depend = ['PKG_USING_TENCENT_IOT_EXPLORER'], CPPPATH = CPPPATH, LOCAL_CCFLAGS = LOCAL_CCFLAGS, CPPDEFINES = CPPDEFINES)
+	
+#Data Template Example
+if GetDepend(['PKG_USING_DATA_TEMPLATE_PROTOCOL']):
+	sample_data_template_src += Glob('samples/data_template/data_template_sample.c')
+	if GetDepend(['PKG_USING_EVENT_POST']):
+		CPPDEFINES += ['EVENT_POST_ENABLED']
+	if GetDepend(['PKG_USING_ACTION']):
+		CPPDEFINES += ['ACTION_ENABLED']		
+	
+group = DefineGroup('sample_data_template', sample_data_template_src, depend = ['PKG_USING_DATA_TEMPLATE_PROTOCOL'], CPPPATH = CPPPATH, LOCAL_CCFLAGS = LOCAL_CCFLAGS, CPPDEFINES = CPPDEFINES)
+
+#Data Template light Example
+if GetDepend(['PKG_USING_SMART_LIGHT_SAMPLE']): 
+	sample_light_data_template_src += Glob('samples/scenarized/light_data_template_sample.c')
+	
+group = DefineGroup('sample_data_template_light', sample_light_data_template_src, depend = ['PKG_USING_SMART_LIGHT_SAMPLE'], CPPPATH = CPPPATH, LOCAL_CCFLAGS = LOCAL_CCFLAGS, CPPDEFINES = CPPDEFINES)
+		
+
+#MQTT Example and Raw-data Example
+if GetDepend(['PKG_USING_SELF_DEFINE_PROTOCOL']):
+	if GetDepend(['PKG_USING_TENCENT_IOT_EXPLORER_MQTT']):
+		sample_mqtt_basic_src += Glob('samples/mqtt/mqtt_sample.c')
+	if GetDepend(['PKG_USING_TENCENT_IOT_EXPLORER_RAW_DATA']):
+		sample_raw_data_src	+= Glob('samples/raw_data/raw_data_sample.c')
+	
+group = DefineGroup('tc_sample_mqtt_basic', sample_mqtt_basic_src, depend = ['PKG_USING_TENCENT_IOT_EXPLORER_MQTT'], CPPPATH = CPPPATH, LOCAL_CCFLAGS = LOCAL_CCFLAGS, CPPDEFINES = CPPDEFINES)	
+group = DefineGroup('sample_raw_data', sample_raw_data_src, depend = ['PKG_USING_TENCENT_IOT_EXPLORER_RAW_DATA'], CPPPATH = CPPPATH, LOCAL_CCFLAGS = LOCAL_CCFLAGS, CPPDEFINES = CPPDEFINES)	
+
+#OTA Example 
+if GetDepend(['PKG_USING_TENCENT_IOT_EXPLORER_OTA']):
+	sample_ota_src += Glob('samples/ota/ota_mqtt_sample.c')
+
+group = DefineGroup('sample_ota', sample_ota_src, depend = ['PKG_USING_TENCENT_IOT_EXPLORER_OTA'], CPPPATH = CPPPATH, LOCAL_CCFLAGS = LOCAL_CCFLAGS, CPPDEFINES = CPPDEFINES)	
+ 
+#Gateway Example 
+if GetDepend(['PKG_USING_TENCENT_IOT_EXPLORER_GATEWAY']):
+	sample_gateway_src += Glob('samples/gateway/*.c')
+
+group = DefineGroup('sample_gateway', sample_gateway_src, depend = ['PKG_USING_TENCENT_IOT_EXPLORER_GATEWAY'], CPPPATH = CPPPATH, LOCAL_CCFLAGS = LOCAL_CCFLAGS, CPPDEFINES = CPPDEFINES)	
+  
+Return('group')

docs/C-SDK_API及可变参数说明.md

@@ -0,0 +1,151 @@
+# C-SDK API函数及可变参数说明
+
+设备端 C-SDK 供用户调用的API函数声明，常量以及可变参数定义等头文件位于include目录下面，本文档主要对该目录下面的可变参数以及API函数进行说明。
+
+## 可变参数配置
+
+C-SDK 的使用可以根据具体场景需求，配置相应的参数，满足实际业务的运行。可变接入参数包括：
+1. MQTT 阻塞调用(包括连接, 订阅, 发布等)的超时时间, 单位: 毫秒。 建议 5000 毫秒
+2. MQTT 协议发送消息和接受消息的 buffer 大小默认是 2048 字节，目前云端一条MQTT消息最大长度为 16 KB
+3. COAP 协议发送消息和接受消息的 buffer 大小默认是 512 字节，目前云端一条COAP消息最大长度为 1 KB
+4. MQTT 心跳消息发送周期, 最大值为690秒，单位: 毫秒
+5. 重连最大等待时间，单位：毫秒。设备断线重连时，若失败则等待时间会翻倍，当超过该最大等待时间则退出重连
+
+修改 include/qcloud_iot_export_variables.h 文件如下宏定义可以改变对应接入参数的配置。
+修改完需要重新编译 SDK 
+```
+/* default MQTT/CoAP timeout value when connect/pub/sub (unit: ms) */
+#define QCLOUD_IOT_MQTT_COMMAND_TIMEOUT                             (5 * 1000)
+
+/* default MQTT keep alive interval (unit: ms) */
+#define QCLOUD_IOT_MQTT_KEEP_ALIVE_INTERNAL                         (240 * 1000)
+
+/* default MQTT Tx buffer size, MAX: 16*1024 */
+#define QCLOUD_IOT_MQTT_TX_BUF_LEN                                  (2048)
+
+/* default MQTT Rx buffer size, MAX: 16*1024 */
+#define QCLOUD_IOT_MQTT_RX_BUF_LEN                                  (2048)
+
+/* default COAP Tx buffer size, MAX: 1*1024 */
+#define COAP_SENDMSG_MAX_BUFLEN                                     (512)
+
+/* default COAP Rx buffer size, MAX: 1*1024 */
+#define COAP_RECVMSG_MAX_BUFLEN                                     (512)
+
+/* MAX MQTT reconnect interval (unit: ms) */
+#define MAX_RECONNECT_WAIT_INTERVAL                                 (60 * 1000)
+```
+
+## API 函数说明
+以下是 C-SDK v3.1.0版本提供的主要功能和对应 API 接口说明，用于客户编写业务逻辑，更加详细的说明如接口参数及返回值可查看SDK代码 include/exports/qcloud_iot_export_*.h 等头文件中的注释
+
+### 1. MQTT 接口
+
+| 序号 | 函数名               | 说明                                            |
+| ---- | -------------------- | ----------------------------------------------- |
+| 1    | IOT_MQTT_Construct   | 构造 MQTTClient 并连接 MQTT 云端服务                |
+| 2    | IOT_MQTT_Destroy     | 关闭 MQTT 连接并销毁 MQTTClient                 |
+| 3    | IOT_MQTT_Yield       | 在当前线程上下文中，进行 MQTT 报文读取，消息处理，超时请求，心跳包及重连状态管理等任务 |
+| 4    | IOT_MQTT_Publish     | 发布 MQTT 消息                                  |
+| 5    | IOT_MQTT_Subscribe   | 订阅 MQTT 主题                                  |
+| 6    | IOT_MQTT_Unsubscribe | 取消订阅已订阅的 MQTT 主题                      |
+| 7    | IOT_MQTT_IsConnected | 查看当前 MQTT 是否已连接                        |
+| 8    | IOT_MQTT_GetErrCode  | 获取IOT_MQTT_Construct失败的错误码              |
+
+- 多线程环境使用说明
+SDK对于MQTT接口在多线程环境下的使用有如下注意事项：
+```
+1. 不允许多线程调用IOT_MQTT_Yield，IOT_MQTT_Construct以及IOT_MQTT_Destroy
+2. 可以多线程调用IOT_MQTT_Publish，IOT_MQTT_Subscribe及IOT_MQTT_Unsubscribe
+3. IOT_MQTT_Yield 作为从socket读取并处理MQTT报文的函数，应保证一定的执行时间，避免被长时间挂起或抢占
+```
+
+### 2. 设备影子接口
+关于设备影子功能介绍，可以参考[设备影子详情](https://cloud.tencent.com/document/product/634/11918)
+
+| 序号  | 函数名                                             | 说明                                            |
+| ---- | -------------------------------------------------- | ---------------------------------------------- |
+| 1    | IOT_Shadow_Construct                               | 构造设备影子客户端 ShadowClient，并连接 MQTT 云端服务         |
+| 2    | IOT_Shadow_Publish                                 | 影子客户端发布 MQTT 消息                                  |
+| 3    | IOT_Shadow_Subscribe                               | 影子客户端订阅 MQTT 主题                                  |
+| 4    | IOT_Shadow_Unsubscribe                             | 影子客户端取消订阅已订阅的 MQTT 主题                         |
+| 5    | IOT_Shadow_IsConnected                             | 查看当前影子客户端的 MQTT 是否已连接                       |
+| 6    | IOT_Shadow_Destroy                                 | 关闭 Shadow MQTT 连接并销毁 ShadowClient              |
+| 7    | IOT_Shadow_Yield                                   | 在当前线程上下文中，进行 MQTT 报文读取，消息处理，超时请求，心跳包及重连状态管理等任务  |
+| 8    | IOT_Shadow_Update                                  | 异步更新设备影子文档                              |
+| 9    | IOT_Shadow_Update_Sync                             | 同步方式更新设备影子文档                           |
+| 10   | IOT_Shadow_Get                                     | 异步方式获取设备影子文档                           |
+| 11   | IOT_Shadow_Get_Sync                                | 同步方式获取设备影子文档                           |
+| 12   | IOT_Shadow_Register_Property                       | 注册当前设备的设备属性                             |
+| 13   | IOT_Shadow_UnRegister_Property                     | 删除已经注册过的设备属性                           |
+| 14   | IOT_Shadow_JSON_ConstructReport                    | 在JSON文档中添加reported字段，不覆盖更新            |
+| 15   | IOT_Shadow_JSON_Construct_OverwriteReport          | 在JSON文档中添加reported字段，覆盖更新              |
+| 16   | IOT_Shadow_JSON_ConstructReportAndDesireAllNull    | 在JSON文档中添加reported字段，同时清空desired字段   |
+| 17   | IOT_Shadow_JSON_ConstructDesireAllNull             | 在JSON文档中添加 "desired": null 字段             |
+
+### 3. CoAP 接口
+
+| 序号 | 函数名                       | 说明                                                |
+| ---- | ---------------------------- | ------------------------------------------------- |
+| 1    | IOT_COAP_Construct           | 构造 CoAPClient 并完成 CoAP 连接                   |
+| 2    | IOT_COAP_Destroy             | 关闭 CoAP 连接并销毁 CoAPClient                    |
+| 3    | IOT_COAP_Yield               | 在当前线程上下文中，进行 CoAP 报文读取和消息处理等任务      |
+| 4    | IOT_COAP_SendMessage         | 发布 CoAP 消息                                    |
+| 5    | IOT_COAP_GetMessageId        | 获取 COAP Response 消息 msgId                     |
+| 6    | IOT_COAP_GetMessagePayload   | 获取 COAP Response 消息内容                        |
+| 7    | IOT_COAP_GetMessageCode      | 获取 COAP Response 消息错误码                      |
+
+### 4. OTA 接口
+关于 OTA 固件下载功能介绍，可以参考[设备固件升级](https://cloud.tencent.com/document/product/634/14674)
+
+| 序号  | 函数名                        | 说明                                              |
+| ---- | ---------------------------- | ------------------------------------------------- |
+| 1    | IOT_OTA_Init                 | 初始化 OTA 模块，客户端在调用此接口之前需要先进行 MQTT/COAP 的初始化     |
+| 2    | IOT_OTA_Destroy              | 释放 OTA 模块相关的资源                              |
+| 3    | IOT_OTA_ReportVersion        | 向 OTA 服务器报告本地固件版本信息                         |
+| 4    | IOT_OTA_IsFetching           | 检查是否处于下载固件的状态                            |
+| 5    | IOT_OTA_IsFetchFinish        | 检查固件是否已经下载完成                              |
+| 6    | IOT_OTA_FetchYield           | 从具有特定超时值的远程服务器获取固件                    |
+| 7    | IOT_OTA_Ioctl                | 获取指定的 OTA 信息                                 |
+| 8    | IOT_OTA_GetLastError         | 获取最后一个错误代码                                 |
+| 9    | IOT_OTA_StartDownload        | 根据获取到的固件更新地址以及本地固件信息偏移（是否断点续传），与固件服务器建立http连接     |
+| 10   | IOT_OTA_UpdateClientMd5      | 断点续传前，计算本地固件的MD5                              |
+| 11   | IOT_OTA_ReportUpgradeBegin   | 当进行固件升级前，向服务器上报即将升级的状态   |
+| 12   | IOT_OTA_ReportUpgradeSuccess | 当固件升级成功之后，向服务器上报升级成功的状态                         |
+| 13   | IOT_OTA_ReportUpgradeFail    | 当固件升级失败之后，向服务器上报升级失败的状态        |
+
+### 5. 日志接口
+设备日志上报云端功能的详细说明可以参考SDK docs目录下物联网通信平台文档设备日志上报功能部分
+
+| 序号 | 函数名                     | 说明                                          |
+| ---- | -------------------------- | --------------------------------------------- |
+| 1    | IOT_Log_Set_Level          | 设置 SDK 日志的打印等级                            |
+| 2    | IOT_Log_Get_Level          | 返回 SDK 日志打印的等级                            |
+| 3    | IOT_Log_Set_MessageHandler | 设置日志回调函数，重定向 SDK 日志于其它输出方式  |
+| 4    | IOT_Log_Init_Uploader      | 开启 SDK 日志上报云端的功能并初始化资源                |
+| 5    | IOT_Log_Fini_Uploader      | 停止 SDK 日志上报云端功能并释放资源                      |
+| 6    | IOT_Log_Upload             | 将 SDK 运行日志上报到云端                         |
+| 7    | IOT_Log_Set_Upload_Level   | 设置 SDK 日志的上报等级                            |
+| 8    | IOT_Log_Get_Upload_Level   | 返回 SDK 日志上报的等级                            |
+| 9    | Log_d/i/w/e                | 按级别打印添加 SDK 日志的接口                         |
+
+### 6. 系统时间接口
+
+| 序号  | 函数名                      | 说明                                              |
+| ---- | ---------------------------- | ------------------------------------------------- |
+| 1    | IOT_Get_SysTime              | 获取 IoT hub 后台系统时间，目前仅支持 MQTT 通道对时功能 |
+
+### 7. 网关功能接口
+关于网关功能介绍，可以参考SDK docs目录下物联网通信平台文档网关产品部分
+
+| 序号 | 函数名                       | 说明                                                |
+| ---- | ---------------------------- | ------------------------------------------------- |
+| 1    | IOT_Gateway_Construct        | 构造 Gateway client 并完成 MQTT 连接                   |
+| 2    | IOT_Gateway_Destroy          | 关闭 MQTT 连接并销毁 Gateway client                    |
+| 3    | IOT_Gateway_Subdev_Online    | 子设备上线              |
+| 4    | IOT_Gateway_Subdev_Offline   | 子设备下线                                    |
+| 3    | IOT_Gateway_Yield            | 在当前线程上下文中，进行 MQTT 报文读取，消息处理，超时请求，心跳包及重连状态管理等任务 |
+| 4    | IOT_Gateway_Publish          | 发布 MQTT 消息                                  |
+| 5    | IOT_Gateway_Subscribe        | 订阅 MQTT 主题                                  |
+| 6    | IOT_Gateway_Unsubscribe      | 取消订阅已订阅的 MQTT 主题                      |
+

docs/C-SDK_Build编译环境及配置选项说明.md

@@ -0,0 +1,189 @@
+# C-SDK 编译方式及配置选项说明
+
+本文档对C-SDK 的编译方式和编译配置选项进行说明，并介绍了 Linux和Windows 开发环境下面的编译环境搭建以及编译示例。
+
+## C-SDK 编译方式说明
+
+C-SDK 支持三种编译方式
+
+#### 1. cmake 方式
+
+推荐使用cmake作为跨平台的编译工具，支持在Linux和Windows开发环境下进行编译。
+cmake方式采用CMakeLists.txt作为编译配置选项输入文件
+
+#### 2. Makefile 方式
+
+对不支持cmake的环境，使用Makefile直接编译的方式，该方式与SDK v3.0.3及之前的版本保持一致，采用make.settings作为编译配置选项输入文件，修改完成后执行make即可
+
+#### 3. 代码抽取方式
+
+该方式可根据需求选择功能，将相关代码抽取到一个单独的文件夹，文件夹里面的代码层次目录简洁，方便用户拷贝集成到自己的开发环境。
+该方式需要依赖cmake工具，在CMakeLists.txt中配置相关功能模块的开关，并将EXTRACT_SRC置为ON，Linux环境运行以下命令
+```
+mkdir build
+cd build
+cmake ..
+```
+即可在output/qcloud_iot_c_sdk中找到相关代码文件，目录层次如下：
+```
+ qcloud_iot_c_sdk
+ ├── include
+ │   ├── config.h
+ │   ├── exports
+ ├── platform
+ └── sdk_src
+     └── internal_inc
+```
+include目录为SDK供用户使用的API及可变参数，其中config.h为根据编译选项生成的编译宏。API具体介绍请参考**C-SDK_API及可变参数说明**。
+platform目录为平台相关的代码，可根据设备的具体情况进行修改适配。具体的函数说明请参考文档**C-SDK_Porting跨平台移植概述**
+sdk_src为SDK的核心逻辑及协议相关代码，一般不需要修改，其中internal_inc为SDK内部使用的头文件。
+
+用户可将qcloud_iot_c_sdk拷贝到其目标平台的编译开发环境，并根据具体情况修改编译选项。
+
+## C-SDK 编译选项说明
+
+#### 1. 编译配置选项
+以下配置选项大部分都适用于cmake和make.setting。cmake中的ON值对应于make.setting的y，OFF对应于n。
+
+| 名称                             | cmake值            | 说明                                                         |
+| :------------------------------- | ------------- | ------------------------------------------------------------ |
+| BUILD_TYPE                       | release/debug | release：不启用IOT_DEBUG信息，编译输出到release目录下<br />debug：启用IOT_DEBUG信息，编译输出到debug目录下 |
+| EXTRACT_SRC                      | ON/OFF        | 代码抽取功能开关，仅对使用cmake有效                                             |
+| COMPILE_TOOLS                    | gcc           | 支持gcc和msvc，也可以是交叉编译器比如arm-none-linux-gnueabi-gcc |
+| PLATFORM                         | linux         | 包括linux/windows/freertos/nonos                             |
+| FEATURE_MQTT_COMM_ENABLED        | ON/OFF        | MQTT通道总开关                                               |
+| FEATURE_MQTT_DEVICE_SHADOW       | ON/OFF        | 设备影子总开关                                               |
+| FEATURE_COAP_COMM_ENABLED        | ON/OFF        | CoAP通道总开关                                               |
+| FEATURE_GATEWAY_ENABLED          | ON/OFF        | 网关功能总开关                                               |
+| FEATURE_OTA_COMM_ENABLED         | ON/OFF        | OTA固件升级总开关                                            |
+| FEATURE_OTA_SIGNAL_CHANNEL       | MQTT/COAP     | OTA信令通道类型                                              |
+| FEATURE_AUTH_MODE                | KEY/CERT      | 接入认证方式                                                 |
+| FEATURE_AUTH_WITH_NOTLS          | ON/OFF        | OFF: TLS使能, ON: TLS关闭                                    |
+| FEATURE_DEV_DYN_REG_ENABLED      | ON/OFF        | 设备动态注册开关                                             |
+| FEATURE_LOG_UPLOAD_ENABLED       | ON/OFF        | 日志上报开关                                                 |
+| FEATURE_EVENT_POST_ENABLED       | ON/OFF        | 事件上报开关                                                 |
+| FEATURE_DEBUG_DEV_INFO_USED      | ON/OFF        | 设备信息获取来源开关                                         |
+| FEATURE_SYSTEM_COMM_ENABLED      | ON/OFF        | 获取后台时间开关                                             |
+| FEATURE_AT_TCP_ENABLED           | ON/OFF        | AT模组TCP功能开关                                            |
+| FEATURE_AT_UART_RECV_IRQ         | ON/OFF        | AT模组中断接受功能开关                                       |
+| FEATURE_AT_OS_USED               | ON/OFF        | AT模组多线程功能开关                                         |
+| FEATURE_AT_DEBUG                 | ON/OFF        | AT模组调试功能开关                                           |
+| FEATURE_MULTITHREAD_TEST_ENABLED | ON/OFF        | 是否编译Linux多线程测试例程                                  |
+
+配置选项之间存在依赖关系，当依赖选项的值为有效值时，部分配置选项才有效，主要如下：
+
+| 名称                             | 依赖选项                                                | 有效值       |
+| :------------------------------- | ------------------------------------------------------- | ------------ |
+| FEATURE_MQTT_DEVICE_SHADOW       | FEATURE_MQTT_COMM_ENABLED                               | ON           |
+| FEATURE_GATEWAY_ENABLED          | FEATURE_MQTT_COMM_ENABLED                               | ON             |
+| FEATURE_OTA_SIGNAL_CHANNEL(MQTT) | FEATURE_OTA_COMM_ENABLED<br />FEATURE_MQTT_COMM_ENABLED | ON<br />ON   |
+| FEATURE_OTA_SIGNAL_CHANNEL(COAP) | FEATURE_OTA_COMM_ENABLED<br />FEATURE_COAP_COMM_ENABLED | ON<br />ON   |
+| FEATURE_AUTH_WITH_NOTLS          | FEATURE_AUTH_MODE                                       | KEY          |
+| FEATURE_AT_UART_RECV_IRQ         | FEATURE_AT_TCP_ENABLED                                  | ON           |
+| FEATURE_AT_OS_USED               | FEATURE_AT_TCP_ENABLED                                  | ON           |
+| FEATURE_AT_DEBUG                 | FEATURE_AT_TCP_ENABLED                                  | ON           |
+
+#### 2. 设备信息选项
+
+在腾讯云物联控制台创建设备之后，需要将设备信息（ProductID/DeviceName/DeviceSecret/Cert/Key文件）配置在SDK中才能正确运行。在开发阶段，SDK 提供两种方式存储设备信息：
+1. 存放在代码中（编译选项DEBUG_DEV_INFO_USED = ON），则在`platform/os/xxx/HAL_Device_xxx.c`中修改设备信息，在无文件系统的平台下可以使用这种方式。
+2. 存放在配置文件中（编译选项DEBUG_DEV_INFO_USED = OFF），则在`device_info.json`文件修改设备信息，此方式下更改设备信息不需重新编译SDK，在Linux/Windows平台下开发推荐使用这种方式。
+
+
+## C-SDK 编译环境
+
+### Linux(Ubuntu)环境
+
+本文使用Ubuntu的版本为14.04或16.04
+
+1. 必要软件安装
+```
+$ sudo apt-get install -y build-essential make git gcc cmake
+```
+  SDK需要cmake版本在3.5以上，默认安装的cmake版本较低，可以参考如下链接进行cmake特定版本的下载与安装
+  下载链接：https://cmake.org/download/
+  安装参考：https://gitlab.kitware.com/cmake/cmake
+
+
+2. 配置修改
+修改CMakeLists.txt确保以下选项存在(以密钥认证设备为例)
+```
+set(BUILD_TYPE                   "release")
+set(COMPILE_TOOLS                "gcc") 
+set(PLATFORM 	                "linux")
+set(FEATURE_MQTT_COMM_ENABLED ON)
+set(FEATURE_AUTH_MODE "KEY")
+set(FEATURE_AUTH_WITH_NOTLS OFF)
+set(FEATURE_DEBUG_DEV_INFO_USED  OFF)  
+```
+
+3.  执行脚本编译
+完整编译库和示例
+```
+./cmake_build.sh 
+```
+输出的库文件，头文件及示例在`output/release`文件夹中。
+在一次完整编译之后，若只需要编译示例，则执行
+```
+./cmake_build.sh samples
+```
+
+4. 填写设备信息
+将在腾讯云物联网平台创建的设备的设备信息(以**密钥认证设备**为例)填写到device_info.json中，如：
+```
+"auth_mode":"KEY",	
+"productId":"S3EUVBRJLB",
+"deviceName":"test_device",	
+"key_deviceinfo":{    
+    "deviceSecret":"vX6PQqazsGsMyf5SMfs6OA6y"
+}
+```
+
+5. 运行示例
+示例输出位于`output/release/bin`文件夹中，比如运行data_template_sample示例，输入`./output/release/bin/data_template_sample`即可。
+
+
+### Windows环境
+
+#### 获取和安装Visio Studio 2019开发环境
+
+请访问[Visual Studio下载网站](https://visualstudio.microsoft.com/zh-hans/downloads/)，下载并安装Visio Studio 2019，本文档下载安装的是16.2版本 Community。
+
+![](https://main.qcloudimg.com/raw/730f793e3166db859682cdbfd0c7181f.jpg)
+
+然后选择**使用C++的桌面开发**，并确保勾选**用于Windows的C++ CMAKE工具**：
+
+![](https://main.qcloudimg.com/raw/89a63cb6ae5231a66b17e80acac37267.jpg)
+
+#### 编译并运行
+
+1. 运行visual studio，选择**打开本地文件夹**，并选择下载的C SDK目录。
+
+   ![](https://main.qcloudimg.com/raw/f0c65e7c5ce13ca13b967c178c0449c6.jpg)
+
+2. [修改用户信息]()
+
+3. 双击打开根目录的CMakeLists.txt，并确认编译工具链中设置的平台为**windows**和编译工具为**MSVC**（其他配置选项请参考[cmake编译配置与代码抽取]()）。
+
+   ![](https://main.qcloudimg.com/raw/8a16723698646a2dca5ab08a57927304.jpg)
+
+   ```cmake
+   # 编译工具链
+   #set(COMPILE_TOOLS "gcc") 
+   #set(PLATFORM 	  "linux")
+    
+   set(COMPILE_TOOLS "MSVC") 
+   set(PLATFORM 	  "windows") 
+   ```
+
+4. visual studio会自动生成cmake缓存，请等待cmake缓存生成完毕。
+
+   ![](https://main.qcloudimg.com/raw/633bf217afc2d52e92618a90bd7d9da0.jpg)
+
+5. 缓存生成完毕后，点击**生成->全部生成**。
+
+![](https://main.qcloudimg.com/raw/f85d2435c49a802eedd87b751408ecce.jpg)
+
+6. 选择相应的示例运行，示例应与用户信息相对应。
+
+   ![](https://main.qcloudimg.com/raw/a0f2bacc0d31d2da9d327d5c855655a3.jpg)

docs/C-SDK_Porting跨平台移植概述.md

@@ -0,0 +1,106 @@
+## C-SDK跨平台移植
+
+本文档介绍如何将设备端 C-SDK 移植到目标硬件平台。C-SDK 采用模块化设计，分离核心协议服务与硬件抽象层，在进行跨平台移植时，一般只需要对硬件抽象层进行修改适配就可以。
+
+## C-SDK 架构
+
+#### 架构图
+
+![framework](https://main.qcloudimg.com/raw/76fc3f15c4c91ea6cf7e496f25d5d572.jpg)
+
+#### 架构说明
+
+SDK分四层设计，从上至下分别为平台服务层、核心协议层、网络层、硬件抽象层。
+
+- 服务层
+在网络协议层之上，实现了包括设备接入鉴权，设备影子，数据模板，网关，动态注册，日志上报和OTA等功能，并提供相关API接口给用户使用，关于服务层API说明，请参考文档[C-SDK_API及可变参数说明]()
+
+- 协议层
+设备端和IoT平台交互的网络协议包括MQTT/COAP/HTTP
+
+- 网络层
+实现基于TLS/SSL(TLS/DTLS)方式，POSIX_socket(TCP/UDP)方式和AT_socket方式的网络协议栈，不同服务可根据需要使用不同的协议栈接口函数。
+
+- 硬件抽象层
+实现对不同硬件平台的底层操作的抽象封装，需要针对具体的软硬件平台开展移植，分为必须实现和可选实现两部分HAL层接口。
+
+## 硬件抽象层移植
+
+HAL层主要有几大块的移植，分别是OS相关的、网络及TLS相关的、时间及打印相关的、设备信息相关的。
+SDK在 **platform/os** 目录示例了Linux、Windows、FreeRTOS及nonOS四个场景的硬件抽象层实现，可以参考最相近的目录展开目标平台的移植。
+
+#### OS相关接口
+
+| 序号 | 函数名                 | 说明                                       |
+| ---- | ---------------------- | ------------------------------------------ |
+| 1    | HAL_Malloc             | 动态申请内存块     |
+| 2    | HAL_Free               | 释放内存块                              |
+| 3   | HAL_ThreadCreate        | 线程创建                                |
+| 4   | HAL_ThreadDestroy        | 线程销毁                               |
+| 5   | HAL_MutexCreate        | 创建互斥锁                               |
+| 6   | HAL_MutexDestroy       | 销毁互斥锁                               |
+| 7   | HAL_MutexLock          | mutex 加锁                               |
+| 8   | HAL_MutexUnlock        | mutex 解锁                               |
+| 9   | HAL_SemaphoreCreate        | 创建信号量                               |
+| 10   | HAL_SemaphoreDestroy        | 销毁信号量                               |
+| 11   | HAL_SemaphoreWait        | 等待信号量                               |
+| 12   | HAL_SemaphorePost        | 释放信号量                               |
+| 13    | HAL_SleepMs            | 休眠                                     |
+
+#### 网络及TLS相关的HAL接口
+
+网络相关接口提供二选一的适配移植。对于具备网络通讯能力并且本身集成TCP/IP网络协议栈的设备，需要实现BSD_socket的网络HAL接口，使用TLS/SSL加密通讯的还需要实现TLS相关的HAL接口。而对于[MCU+通用TCP_AT模组]()的设备，则可以选择SDK提供的AT_Socket框架，并实现相关的AT模组接口。
+
+##### 基于BSD_socket的HAL接口
+
+其中TCP/UDP相关接口基于POSIX socket函数实现。TLS相关接口依赖于 **mbedtls** 库，移植之前必须确保系统上有可用的**mbedtls**库。如果采用其他TLS/SSL库，可参考**platform/tls/mbedtls**相关实现进行移植适配。
+UDP/DTLS 相关的函数仅在使能 **COAP** 通讯的时候才需要移植。
+
+| 序号 | 函数名                 | 说明                                       |
+| ---- | ---------------------- | ------------------------------------------ |
+| 1    | HAL_TCP_Connect               | 建立 TCP 连接                              |
+| 2    | HAL_TCP_Disconnect             | 断开 TCP 连接 |
+| 3   | HAL_TCP_Write        | TCP 写                                |
+| 4   | HAL_TCP_Read        | TCP 读                               |
+| 5   | HAL_TLS_Connect        | 建立 TLS 连接              |
+| 6   | HAL_TLS_Disconnect     | 断开 TLS 连接                            |
+| 7   | HAL_TLS_Write          | TLS 写                   |
+| 8   | HAL_TLS_Read           | TLS 读                  |
+| 9    | HAL_UDP_Connect               | 建立 TCP 连接                              |
+| 10    | HAL_UDP_Disconnect             | 断开 TCP 连接 |
+| 11  | HAL_UDP_Write        | UDP 写                                |
+| 12   | HAL_UDP_Read        | UPD 读                               |
+| 13   | HAL_DTLS_Connect        | 建立 DTLS 连接              |
+| 14   | HAL_DTLS_Disconnect     | 断开 DTLS 连接                            |
+| 15   | HAL_DTLS_Write          | DTLS 写                   |
+| 16   | HAL_DTLS_Read           | DTLS 读                  |
+
+##### 基于AT_socket的HAL接口
+通过使能编译宏**AT_TCP_ENABLED**选择AT_socket, 则SDK会调用 network_at_tcp.c 的at_socket接口，at_socket层不需要移植，需要实现AT串口驱动及AT模组驱动，AT模组驱动只需要实现AT框架中at_device的驱动结构体 *at_device_op_t* 的驱动接口即可，可以参照at_device目录下的已支持的模组。AT串口驱动需要实现串口的中断接收，然后在中断服务程序中调用回调函数 *at_client_uart_rx_isr_cb* 即可，可以参考 HAL_AT_UART_freertos.c 实现目标平台的移植。
+
+| 序号 | 函数名                 | 说明                                       |
+| ---- | ---------------------- | ------------------------------------------ |
+| 1    | HAL_AT_Uart_Init               |初始化 AT串口                           |
+| 2    | HAL_AT_Uart_Deinit             | 去初始化 AT串口 |
+| 3   | HAL_AT_Uart_Send        | AT串口发送数据                                |
+| 4   | HAL_AT_UART_IRQHandler        | AT串口接收中断服务程序                               |
+
+
+#### 时间及打印相关的HAL接口
+
+| 序号 | 函数名                 | 说明                                       |
+| ---- | ---------------------- | ------------------------------------------ |
+| 1    | HAL_Printf             | 将格式化的数据写入标准输出流中          |
+| 2    | HAL_Snprintf           | 将格式化的数据写入字符串                 |
+| 3    | HAL_UptimeMs           | 检索自系统启动以来已运行的毫秒数         |
+| 4    | HAL_DelayMs           | 阻塞延时，单位毫秒         |
+
+#### 设备信息相关的HAL接口
+
+接入IoT平台需要在平台创建产品和设备信息，同时需要将产品及设备信息保存在设备侧的非易失存储介质。可以参考 platform/os/linux/HAL_Device_linux.c示例实现。
+
+| 序号 | 函数名                 | 说明                                       |
+| ---- | ---------------------- | ------------------------------------------ |
+| 1    | HAL_GetDevInfo             | 设备信息读取          |
+| 2    | HAL_SetDevInfo           | 设备信息保存                     |
+

docs/IoT_Explorer开发平台快速入门.md

@@ -0,0 +1,213 @@
+# 物联网开发平台快速入门
+
+物联网开发平台**IoT Explorer**是基于 MQTT 基础能力上，对数据协议的进一步抽象封装，形成[数据模板协议](https://cloud.tencent.com/document/product/1081/34916?!preview&!editLang=zh)。平台基于数据模板的协议，提供丰富的数据展示、调试及应用开发等技术资源，将应用端和设备的开发模板化，加速产品开发进程。
+
+本文档将讲述如何在物联网开发平台控制台申请设备，创建模板，并结合 C-SDK 快速体验设备基于数据模板的数据收发、事件上报及设备调试。
+
+## 一. 控制台创建设备
+
+#### 1. 注册/登录腾讯云账号
+访问[腾讯云登录页面](https://cloud.tencent.com/login?s_url=https%3A%2F%2Fcloud.tencent.com%2F), 点击[立即注册](https://cloud.tencent.com/register?s_url=https%3A%2F%2Fcloud.tencent.com%2F), 免费获取腾讯云账号，若您已有账号，可直接登录。
+
+#### 2. 访问物联网开发控制台
+登录后点击右上角控制台，进入控制台后，鼠标悬停在云产品上，弹出层叠菜单，点击物联网开发平台。
+
+或者直接访问[物联网开发平台控制台](https://console.cloud.tencent.com/iotexplorer)
+
+#### 3. 创建产品和设备
+3.1 创建项目
+![](https://main.qcloudimg.com/raw/50dd24cfa44fbb063d4337eb94ae5d0f.jpg)
+
+3.2.创建并选择和产品比较相近的模板产品，参阅[产品定义](https://cloud.tencent.com/document/product/1081/34739?!preview&!editLang=zh)。
+![](https://main.qcloudimg.com/raw/c8bd19dee90765762bd6c1f98bd0dd2c.jpg)
+![](https://main.qcloudimg.com/raw/4b9fe8f5df7a20ebbab1f0e3693ded8a.jpg)
+
+3.3 定义产品的数据和事件模板，参阅[数据模板创建](https://cloud.tencent.com/document/product/1081/34739?!preview&!editLang=zh#.E6.95.B0.E6.8D.AE.E6.A8.A1.E6.9D.BF)，数据模板的说明参见[数据模板协议](https://cloud.tencent.com/document/product/1081/34916?!preview&!editLang=zh)。
+![](https://main.qcloudimg.com/raw/17ef8daac4da6f9775ea02bddf988ca2.jpg)
+
+3.4 完成产品创建和数据模板定义后，创建设备，则每一个创建的设备都具备这个产品下的数据模板属性，如下图示。
+![](https://main.qcloudimg.com/raw/937698b945dfd2c4f34bffd40ff5165d.jpg)
+
+3.5 查询产品和设备信息
+![](https://main.qcloudimg.com/raw/13972a011bb5382d00d73545534af91a.jpg)
+![](https://main.qcloudimg.com/raw/17ef8daac4da6f9775ea02bddf988ca2.jpg)
+
+3.6 导出数据模板json文件，并通过脚本工具生成数据模板的配置文件
+![](https://main.qcloudimg.com/raw/0951d7c3f540ca716442e08651a0efa5.jpg)
+
+将下载的json文件拷贝到tools目录，执行./codegen.py -c xx/config.json -d  ../targetdir/ 命令,则会根据json文件在target目录生成所定义产品的数据模板及事件的配置文件：
+```
+./codegen.py -c light.json -d ../samples/data_template/
+加载 light.json 文件成功
+文件 ../samples/data_template/data_config.c 生成成功
+文件 ../samples/data_template/events_config.c 生成成功
+```
+
+## 二. 编译示例程序
+
+详细的编译方式请参考**编译及配置选项说明文档**，本文基于 Linux 环境介绍示例编译运行(以**密钥认证设备**为例)。
+
+#### 1. 填入设备信息
+将上面步骤在腾讯云物联网平台创建的设备的设备信息填写到device_info.json中，如：
+```
+"auth_mode":"KEY",	
+"productId":"5S6AQZ6IDE",
+"deviceName":"dev01",	
+"key_deviceinfo":{    
+    "deviceSecret":"vX6PQqazsGsMyf5SMfs6OA6y"
+}
+```
+#### 2. 基于数据模板的业务逻辑开发
+数据模板示例data_template_sample.c，已实现数据、事件收发及响应的通用处理逻辑。但是具体的数据处理的业务逻辑需要用户自己根据业务逻辑添加，上下行业务逻辑添加的入口函数分别为deal_up_stream_user_logic 、deal_down_stream_user_logic，如果有字符串或json类型的数据模板，用户需要在函数update_self_define_value中完成数据的解析（其他数据类型会根据模板定义自动更新），可以参考基于场景的示例light_data_template_sample.c添加业务处理逻辑。
+
+下行业务逻辑实现：
+```
+/* user's own down-stream code */
+void deal_down_stream_user_logic(ProductDataDefine   * pData)
+{
+	Log_d("someting about your own product logic wait to be done");
+}
+```
+
+上行业务逻辑实现：
+```
+/* demo for up-stream code */
+int deal_up_stream_user_logic(DeviceProperty *pReportDataList[], int *pCount)
+{
+	int i, j;
+	
+     for (i = 0, j = 0; i < TOTAL_PROPERTY_COUNT; i++) {       
+        if(eCHANGED == sg_DataTemplate[i].state) {
+            pReportDataList[j++] = &(sg_DataTemplate[i].data_property);
+			sg_DataTemplate[i].state = eNOCHANGE;
+        }
+    }
+	*pCount = j;
+
+	return (*pCount > 0)?QCLOUD_RET_SUCCESS:QCLOUD_ERR_FAILURE;
+}
+```
+
+#### 3. 编译 SDK
+
+首先修改CMakeLists.txt确保以下选项存在
+```
+set(BUILD_TYPE                   "release")
+set(COMPILE_TOOLS                "gcc") 
+set(PLATFORM 	                "linux")
+set(FEATURE_MQTT_COMM_ENABLED ON)
+set(FEATURE_AUTH_MODE "KEY")
+set(FEATURE_AUTH_WITH_NOTLS OFF)
+set(FEATURE_DEBUG_DEV_INFO_USED  OFF)  
+```
+完整编译库和示例
+```
+./cmake_build.sh 
+```
+输出的库文件，头文件及示例在`output/release`文件夹中。
+在一次完整编译之后，若只需要编译示例，则执行
+```
+./cmake_build.sh samples
+```
+
+## 三. 执行示例程序
+
+#### 执行 data_template_sample 示例程序
+
+数据模板示例实现通用的数据模板和事件处理的框架，数据上下行和事件上报的日志如下：
+```
+ ./output/release/bin/data_template_sample 
+INF|2019-09-18 15:11:54|device.c|iot_device_info_set(67): SDK_Ver: 3.1.0, Product_ID: 5S6AQZ6IDE, Device_Name: dev01
+DBG|2019-09-18 15:11:54|HAL_TLS_mbedtls.c|HAL_TLS_Connect(204): Setting up the SSL/TLS structure...
+DBG|2019-09-18 15:11:54|HAL_TLS_mbedtls.c|HAL_TLS_Connect(246): Performing the SSL/TLS handshake...
+DBG|2019-09-18 15:11:54|HAL_TLS_mbedtls.c|HAL_TLS_Connect(247): Connecting to /5S6AQZ6IDE.wx-mqtt.tencentdevices.com/8883...
+INF|2019-09-18 15:11:55|HAL_TLS_mbedtls.c|HAL_TLS_Connect(269): connected with /5S6AQZ6IDE.wx-mqtt.tencentdevices.com/8883...
+INF|2019-09-18 15:11:55|mqtt_client.c|IOT_MQTT_Construct(125): mqtt connect with id: r7891 success
+DBG|2019-09-18 15:11:55|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(138): topicName=$template/operation/result/5S6AQZ6IDE/dev01|packet_id=4412
+DBG|2019-09-18 15:11:55|shadow_client.c|_shadow_event_handler(63): shadow subscribe success, packet-id=4412
+INF|2019-09-18 15:11:55|data_template_sample.c|event_handler(124): subscribe success, packet-id=4412
+INF|2019-09-18 15:11:55|shadow_client.c|IOT_Shadow_Construct(172): Sync device data successfully
+INF|2019-09-18 15:11:55|data_template_sample.c|main(319): Cloud Device Construct Success
+DBG|2019-09-18 15:11:55|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(138): topicName=$thing/down/event/5S6AQZ6IDE/dev01|packet_id=4413
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=time registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=float registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=light_switch registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=color registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=brightness registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=name registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|main(340): Register data template propertys Success
+DBG|2019-09-18 15:11:55|shadow_client.c|IOT_Shadow_Get(383): GET Request Document: {"clientToken":"explorer-5S6AQZ6IDE-0"}
+DBG|2019-09-18 15:11:55|mqtt_client_publish.c|qcloud_iot_mqtt_publish(329): publish topic seq=4414|topicName=$template/operation/5S6AQZ6IDE/dev01|payload={"type":"get", "clientToken":"explorer-5S6AQZ6IDE-0"}
+INF|2019-09-18 15:11:55|data_template_sample.c|event_handler(138): publish success, packet-id=4414
+DBG|2019-09-18 15:11:55|shadow_client.c|_shadow_event_handler(63): shadow subscribe success, packet-id=4413
+INF|2019-09-18 15:11:55|data_template_sample.c|event_handler(124): subscribe success, packet-id=4413
+DBG|2019-09-18 15:11:55|shadow_client_manager.c|_on_operation_result_handler(278): type:get
+DBG|2019-09-18 15:11:55|shadow_client.c|_update_ack_cb(114): requestAck=0
+DBG|2019-09-18 15:11:55|shadow_client.c|_update_ack_cb(117): Received Json Document={"clientToken":"explorer-5S6AQZ6IDE-0","payload":{"state":{"reported":{"battery":35,"brightness":55,"color":0,"id":"19","name":"dev01","power_switch":0}},"timestamp":1568776522035,"version":401},"result":0,"timestamp":1568790715,"type":"get"}
+DBG|2019-09-18 15:11:56|data_template_sample.c|main(389): No delta msg received...
+DBG|2019-09-18 15:11:56|data_template_sample.c|main(409): no data need to be reported
+DBG|2019-09-18 15:11:56|mqtt_client_publish.c|qcloud_iot_mqtt_publish(337): publish packetID=0|topicName=$thing/up/event/5S6AQZ6IDE/dev01|payload={"method":"events_post", "clientToken":"5S6AQZ6IDE-1", "events":[{"eventId":"all_function", "type":"alert", "timestamp":1568790716000, "params":{"bool":0,"int":0,"str":"","float":0.000000,"enum1":0,"time":0}},{"eventId":"status_report", "type":"info", "timestamp":1568790716000, "params":{"status":0,"message":""}},{"eventId":"hardware_fault", "type":"fault", "timestamp":1568790716000, "params":{"name":"","error_code":0}}]}
+INF|2019-09-18 15:11:59|qcloud_iot_event.c|_on_event_reply_callback(96): Receive Message With topicName:$thing/down/event/5S6AQZ6IDE/dev01, payload:{"method":"events_reply","clientToken":"5S6AQZ6IDE-1","code":404,"status":"hardware_fault not defined","data":{}}
+DBG|2019-09-18 15:11:59|qcloud_iot_event.c|_on_event_reply_callback(115): eventToken:5S6AQZ6IDE-1 code:404 status:hardware_fault not defined
+DBG|2019-09-18 15:11:59|data_template_sample.c|event_post_cb(68): Reply:{"method":"events_reply","clientToken":"5S6AQZ6IDE-1","code":404,"status":"hardware_fault not defined","data":{}}
+DBG|2019-09-18 15:11:59|qcloud_iot_event.c|_release_reply_request(78): eventToken[5S6AQZ6IDE-1] released
+```
+
+#### 执行 light_data_template_sample 示例程序
+智能灯示例是基于数据数据模板的场景示例，基于此示例说明控制台和设备端控制交互及日志查询
+```
+./output/release/bin/light_data_template_sample
+INF|2019-09-18 15:14:08|device.c|iot_device_info_set(67): SDK_Ver: 3.1.0, Product_ID: 5S6AQZ6IDE, Device_Name: dev01
+DBG|2019-09-18 15:14:08|HAL_TLS_mbedtls.c|HAL_TLS_Connect(204): Setting up the SSL/TLS structure...
+DBG|2019-09-18 15:14:08|HAL_TLS_mbedtls.c|HAL_TLS_Connect(246): Performing the SSL/TLS handshake...
+DBG|2019-09-18 15:14:08|HAL_TLS_mbedtls.c|HAL_TLS_Connect(247): Connecting to /5S6AQZ6IDE.wx-mqtt.tencentdevices.com/8883...
+INF|2019-09-18 15:14:08|HAL_TLS_mbedtls.c|HAL_TLS_Connect(269): connected with /5S6AQZ6IDE.wx-mqtt.tencentdevices.com/8883...
+INF|2019-09-18 15:14:09|mqtt_client.c|IOT_MQTT_Construct(125): mqtt connect with id: JYqyP success
+DBG|2019-09-18 15:14:09|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(138): topicName=$template/operation/result/5S6AQZ6IDE/dev01|packet_id=22146
+DBG|2019-09-18 15:14:09|shadow_client.c|_shadow_event_handler(63): shadow subscribe success, packet-id=22146
+INF|2019-09-18 15:14:09|light_data_template_sample.c|event_handler(235): subscribe success, packet-id=22146
+INF|2019-09-18 15:14:09|shadow_client.c|IOT_Shadow_Construct(172): Sync device data successfully
+INF|2019-09-18 15:14:09|light_data_template_sample.c|main(510): Cloud Device Construct Success
+DBG|2019-09-18 15:14:09|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(138): topicName=$thing/down/event/5S6AQZ6IDE/dev01|packet_id=22147
+INF|2019-09-18 15:14:09|light_data_template_sample.c|_register_data_template_property(385): data template property=power_switch registered.
+INF|2019-09-18 15:14:09|light_data_template_sample.c|_register_data_template_property(385): data template property=color registered.
+INF|2019-09-18 15:14:09|light_data_template_sample.c|_register_data_template_property(385): data template property=brightness registered.
+INF|2019-09-18 15:14:09|light_data_template_sample.c|_register_data_template_property(385): data template property=name registered.
+INF|2019-09-18 15:14:09|light_data_template_sample.c|main(531): Register data template propertys Success
+DBG|2019-09-18 15:14:09|shadow_client.c|IOT_Shadow_Get(383): GET Request Document: {"clientToken":"explorer-5S6AQZ6IDE-0"}
+DBG|2019-09-18 15:14:09|mqtt_client_publish.c|qcloud_iot_mqtt_publish(329): publish topic seq=22148|topicName=$template/operation/5S6AQZ6IDE/dev01|payload={"type":"get", "clientToken":"explorer-5S6AQZ6IDE-0"}
+INF|2019-09-18 15:14:09|light_data_template_sample.c|event_handler(249): publish success, packet-id=22148
+DBG|2019-09-18 15:14:09|shadow_client.c|_shadow_event_handler(63): shadow subscribe success, packet-id=22147
+INF|2019-09-18 15:14:09|light_data_template_sample.c|event_handler(235): subscribe success, packet-id=22147
+DBG|2019-09-18 15:14:09|shadow_client_manager.c|_on_operation_result_handler(278): type:get
+DBG|2019-09-18 15:14:09|shadow_client.c|_update_ack_cb(114): requestAck=0
+DBG|2019-09-18 15:14:09|shadow_client.c|_update_ack_cb(117): Received Json Document={"clientToken":"explorer-5S6AQZ6IDE-0","payload":{"state":{"reported":{"battery":35,"brightness":55,"color":0,"id":"19","name":"dev01","power_switch":0}},"timestamp":1568776522035,"version":401},"result":0,"timestamp":1568790849,"type":"get"}
+DBG|2019-09-18 15:14:09|light_data_template_sample.c|main(602): no data need to be reported
+DBG|2019-09-18 15:14:09|light_data_template_sample.c|main(609): cycle report:{"state":{"reported":{"power_switch":0,"color":0,"brightness":0,"name":"dev01"}}, "clientToken":"explorer-5S6AQZ6IDE-1"}
+DBG|2019-09-18 15:14:09|shadow_client.c|IOT_Shadow_Update(317): UPDATE Request Document: {"state":{"reported":{"power_switch":0,"color":0,"brightness":0,"name":"dev01"}}, "clientToken":"explorer-5S6AQZ6IDE-1"}
+DBG|2019-09-18 15:14:09|mqtt_client_publish.c|qcloud_iot_mqtt_publish(329): publish topic seq=22149|topicName=$template/operation/5S6AQZ6IDE/dev01|payload={"type":"update", "state":{"reported":{"power_switch":0,"color":0,"brightness":0,"name":"dev01"}}, "clientToken":"explorer-5S6AQZ6IDE-1"}
+INF|2019-09-18 15:14:09|light_data_template_sample.c|main(613): cycle reporte success
+INF|2019-09-18 15:14:10|light_data_template_sample.c|event_handler(249): publish success, packet-id=22149
+DBG|2019-09-18 15:14:10|shadow_client_manager.c|_on_operation_result_handler(278): type:update
+INF|2019-09-18 15:14:10|light_data_template_sample.c|OnShadowUpdateCallback(370): recv shadow update response, response ack: 0
+```
+
+## 四. 设备调试
+
+1. 进入设备调试：
+![](https://main.qcloudimg.com/raw/1f2ac1d6cac186394ac1a1da6c22749c.jpg)
+
+2. 修改目标数据下发设备
+![](https://main.qcloudimg.com/raw/911a09872f03a91d1d530537e51147f1.jpg)
+
+3.设备响应及日志输出
+![](https://main.qcloudimg.com/raw/c45d35d9abe116408efc2656b55127b7.jpg)
+
+4. 控制台查看设备当前状态
+![](https://main.qcloudimg.com/raw/236b8bf3c88b1c532714b730d0993a79.jpg)
+
+5. 控制台查看设备通信日志
+![](https://main.qcloudimg.com/raw/10e911975030f2840b9af03a079aec1d.jpg)
+
+6. 控制台查看设备事件上报
+![](https://main.qcloudimg.com/raw/d3878541b502619158ec206fc2ae2391.jpg)

docs/二进制数据上报.md

@@ -0,0 +1,154 @@
+用户参考自定义透传的智能灯示例，定义目标产品的二进制数据协议，编写对应的上下行数据的解析脚本，设备侧即可基于二进制实现和平台交互。
+
+### 1.创建自定义透传产品，同时选择智能灯产品类型
+![](https://main.qcloudimg.com/raw/e385b9e53e2b510df5da93c2977919cb.png)
+
+### 2. 使能二进制数据解析功能
+![](https://main.qcloudimg.com/raw/22f6e4797466f41e17111b61f9c51072.png)
+
+### 3. 智能灯二进制协议格式
+
+- 上报格式
+![](https://main.qcloudimg.com/raw/d4736c9fe19da201d65e80cb72ab17d2.png)
+
+- 下发格式
+![](https://main.qcloudimg.com/raw/67ed266e814783adef513dcbf764fbbc.png)
+
+### 4. 编辑上下行二进制数据与Json数据转换的解析脚本并提交
+- 目前解析脚本暂时只支持JavaScript语法
+![](https://main.qcloudimg.com/raw/2e6d2b20723d7567f64fab7889d8e87a.png)
+
+对应的脚本代码如下：
+- 上行二进制数据到Json数据的解析脚本
+
+```
+
+function RawToProtocol(fPort, bytes) {
+    var data = {
+    "method": "report",
+    "clientToken": new Date(),
+    "params":{}
+    };
+    if (bytes[2] != 1) {
+        return data ;
+    } 
+    var sw =  bytes[8];
+    if (sw == 0 || sw == 1) {
+        data.params.power_switch =  sw;
+    }
+    var color =  bytes[9];
+    if (color >=0  &&  color < 4 ) {
+        data.params.color =  color;
+    }   
+    var brightness =  bytes[10];
+    if (brightness >=0  &&   brightness <=100 ) {
+        data.params.brightness =  brightness;
+    }        
+    return data;
+}
+
+```
+
+- 下行Json数据到二进制数据的解析脚本
+
+```
+
+function ProtocolToRaw(json) {
+  
+  var data = new Array();
+
+  var method = json['method'];
+  if (method !="control") { 
+      return data;
+  }
+  data[0] = 0xaa;// header 0x55aa
+  data[1] = 0x55;
+
+  data[2] = 0x20; // control commandb
+  data[3] = 0; // padding
+
+  //requestid  这里随便填了
+  data[4] = 0xcc; 
+  data[5] = 0xcc; 
+  data[6] = 0xcc; 
+  data[7] = 0xcc; 
+
+  var params = json['params'];  
+
+  if (params.power_switch != undefined) {
+      data[8] = params.power_switch ; //switch 
+  } else {
+      data[8] = 255;
+  }
+  
+  if (params.color != undefined) {
+      data[9] = params.color ; //color
+  } else {
+      data[9] = 255;
+  }  
+
+  if (params.brightness != undefined) {
+      data[10] = params.brightness ; //brightness
+  } else {
+      data[10] = 255;  }
+  
+  data[11] = 255 ; //name is invalid
+  return data;
+}
+
+
+```
+
+- 可以在线调试脚本的解析功能
+![](https://main.qcloudimg.com/raw/6ce7da31c2442f7967cb89edd20ed09b.png)
+
+
+###  5. 编译SDK并运行二进制示例
+
+- 带参数 -l 二进制示例会循环执行，示例会定时上报二进制数据，收到二进制数据会dump出来。
+
+```
+./raw_data_mqtt_sample -l
+INF|2020-02-13 01:41:55|qcloud_iot_device.c|iot_device_info_set(65): SDK_Ver: 3.1.1, Product_ID: NQ7GQN6KSR, Device_Name: dev001
+DBG|2020-02-13 01:41:55|HAL_TLS_mbedtls.c|HAL_TLS_Connect(206): Setting up the SSL/TLS structure...
+DBG|2020-02-13 01:41:55|HAL_TLS_mbedtls.c|HAL_TLS_Connect(248): Performing the SSL/TLS handshake...
+DBG|2020-02-13 01:41:55|HAL_TLS_mbedtls.c|HAL_TLS_Connect(249): Connecting to /nq7gqn6ksr.iotcloud.tencentdevices.com/8883...
+INF|2020-02-13 01:41:56|HAL_TLS_mbedtls.c|HAL_TLS_Connect(271): connected with /nq7gqn6ksr.iotcloud.tencentdevices.com/8883...
+INF|2020-02-13 01:41:56|mqtt_client.c|IOT_MQTT_Construct(127): mqtt connect with id: 9Z39s success
+INF|2020-02-13 01:41:56|raw_data_sample.c|main(306): Cloud Device Construct Success
+DBG|2020-02-13 01:41:56|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/raw/NQ7GQN6KSR/dev001|packet_id=15330
+INF|2020-02-13 01:41:56|raw_data_sample.c|_mqtt_event_handler(95): subscribe success, packet-id=15330
+DBG|2020-02-13 01:41:57|raw_data_sample.c|_publish_raw_data_msg(223): raw_data published dump:
+
+ AA 55 01 00 00 00 00 00 01 01 38 00
+DBG|2020-02-13 01:41:57|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/raw/NQ7GQN6KSR/dev001|payload=
+
+ DBG|2020-02-13 01:42:02|raw_data_sample.c|_publish_raw_data_msg(223): raw_data published dump:
+
+ AA 55 01 00 01 00 00 00 01 00 54 00
+DBG|2020-02-13 01:42:02|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/raw/NQ7GQN6KSR/dev001|payload=
+
+```
+
+- 收到下行数据并dump
+
+```
+
+INF|2020-02-13 01:47:23|raw_data_sample.c|on_raw_data_message_callback(235): Receive Message With topicName:$thing/down/raw/NQ7GQN6KSR/dev001, payloadlen:12
+DBG|2020-02-13 01:47:23|raw_data_sample.c|on_raw_data_message_callback(237): raw_data reveived dump:
+
+ AA 55 20 00 CC CC CC CC FF 01 FF FF
+INF|2020-02-13 01:47:23|raw_data_sample.c|on_raw_data_message_callback(235): Receive Message With topicName:$thing/down/raw/NQ7GQN6KSR/dev001, payloadlen:12
+DBG|2020-02-13 01:47:23|raw_data_sample.c|on_raw_data_message_callback(237): raw_data reveived dump:
+
+ AA 55 20 00 CC CC CC CC FF 01 FF FF
+ 
+```
+
+###  6. 控制台日志
+
+- 在线调试
+![](https://main.qcloudimg.com/raw/5e8dd1b8efdc079a72ffb8d9e3b52830.png)
+
+- 设备日志
+![](https://main.qcloudimg.com/raw/9ee577ed46f1170531d444703c5968f9.png)

docs/数据模板开发/数据模板代码生成.md

@@ -0,0 +1,19 @@
+## 简介
+本文介绍基于物联开发平台 IoT Explorer 创建的数据模板如何生成模板代码。
+
+## 数据模板创建
+参阅[产品定义](https://cloud.tencent.com/document/product/1081/34739?!preview&!editLang=zh#.E6.95.B0.E6.8D.AE.E6.A8.A1.E6.9D.BF)创建数据模板
+
+## 数据模板描述文件导出
+数据模板描述文件是一个 JSON 格式的文件，描述了产品定义的属性、事件及其他信息，在平台导出此json文件，如下图示:
+![](https://main.qcloudimg.com/raw/0951d7c3f540ca716442e08651a0efa5.jpg)
+
+## 数据模板模板代码生成
+将下载的json文件拷贝到tools目录，执行./codegen.py -c xx/config.json -d  ../targetdir/ 命令,则会根据json文件在target目录生成所定义产品的数据模板及事件的配置文件,将这个生成的配置文件拷贝到data_template_sample.c的同级目录，data_template_sample.c示例了通用的数据模板处理框架，可以基于此框架添加业务逻辑。智能灯示例light_data_template_sample.c即是基于此框架的场景示例。
+
+```
+./codegen.py -c light.json -d ../samples/data_template/
+加载 light.json 文件成功
+文件 ../samples/data_template/data_config.c 生成成功
+文件 ../samples/data_template/events_config.c 生成成功
+```

docs/数据模板开发/数据模板协议.md

@@ -0,0 +1,491 @@
+## 简介
+
+用户创建完产品后即可定义数据模板，基于导出数据模板json配置文件通过SDK提供的脚本工具可以自动生成数据模板配置代码，设备调试阶段的在线调试会接收设备的上报数据并可在控制台下发控制指令到设备进行调试。本文档介绍数据模板协议。
+
+## 数据模板协议
+
+### 概述
+物联网开发平台定义了一套通用的方法，实现设备的统一描述、统一控制，进而提供数据的流转和计算服务，实现不同设备的互联互通、数据的流转和融合，助力应用落地。
+
+产品定义了数据模板以后，设备可以按照数据模板中的定义上报属性、事件，并可对设备下发远程控制指令，即对可写的设备属性进行修改。数据模板的管理详见 [产品定义](https://cloud.tencent.com/document/product/1081/34739)。数据模板协议包括了以下几部分。
+
+- 设备属性上报：设备端将定义的属性根据设备端的业务逻辑向云端上报。
+- 设备远程控制：从云端向设备端下发控制指令，即设置设备可写属性。
+- 获取设备最新上报信息：获取设备最新的上报数据。
+- 设备事件上报：设备可根据定义的数据模板中的事件，当事件被触发，则根据设备事件上报的协议上报告警、故障等事件信息。
+- 设备行为：云端可以通过 RPC 的方式来要求设备执行某个动作行为，适用于应用需要实时获取设备的执行结果的场景。
+
+### 设备属性上报
+
+1. 当设备需要向云端上报数据时，开发平台为设备设定了默认的 Topic：
+   - 上行请求 Topic： `$thing/up/property/{ProductID}/{DeviceName}`   
+   - 上行响应 Topic： `$thing/down/property/{ProductID}/{DeviceName}`
+2. 请求
+ - 设备端请求报文示例：
+```
+{
+		"method":"report",
+		"clientToken":"123",
+		"timestamp":1212121221,
+		"params":{
+			"power_switch":1,
+			"color":1,
+			"brightness":32
+		}
+}
+```
+ - 参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>report 表示设备属性上报。</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>用于上下行消息配对标识</td>
+   </tr>
+   <tr>
+      <td>timestamp</td>
+      <td>Integer</td>
+      <td>属性上报的时间</td>
+   </tr>
+   <tr>
+      <td>params</td>
+      <td>JSON</td>
+      <td>JSON 结构内为设备上报的属性值</td>
+   </tr>
+</table>
+3. 响应
+ - 云端返回设备端报文示例：
+```
+{
+		"method":"report_reply",
+		"clientToken":"123",
+		"code":0,
+		"status":"some message wher error"
+}
+```
+ - 响应参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>report_reply 表示云端接收设备上报后的响应报文</td>
+   </tr>
+  <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>用于上下行消息配对标识</td>
+   </tr>
+   <tr>
+      <td>code</td>
+      <td>Integer</td>
+      <td>0表示云端成功收到设备上报的属性</td>
+   </tr>
+   <tr>
+      <td>status</td>
+      <td>String</td>
+      <td>当code非0的时候, 提示错误信息</td>
+   </tr>   
+</table>
+
+
+### 设备远程控制
+
+1. 云端下发控制指令使用的 Topic：
+   - 下发 Topic： `$thing/down/property/{ProductID}/{DeviceName}`
+   - 响应 Topic： `$thing/up/property/{ProductID}/{DeviceName}`
+2. 请求
+ - 远程控制请求消息格式：
+```
+{
+	    "method": "control",
+	    "clientToken": "123",	
+	    "params": {
+	    "power_switch": 1,
+        "color": 1,
+        "brightness": 66	
+        }
+}
+```
+ - 请求参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>control 表示云端向设备发起控制请求</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>用于上下行消息配对标识</td>
+   </tr>
+   <tr>
+      <td>params</td>
+      <td>JSON</td>
+      <td>JSON 结构内为设备上报的属性值</td>
+   </tr>
+</table>
+3. 响应
+ - 设备响应远程控制请求消息格式：
+```
+{
+		"method":"control_reply",
+		"clientToken":"123",
+		"code":0,
+		"status":"some message wher error"
+}
+```
+ - 请求参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>control_reply</td>
+      <td>String</td>
+      <td>表示设备向云端下发的控制指令的请求响应</td>
+   </tr>
+   <tr>
+      <td>code</td>
+      <td>Integer</td>
+      <td>0表示设备成功接收到云端下发的控制指令</td>
+   </tr>
+   <tr>
+      <td>status</td>
+      <td>String</td>
+      <td>当 code 非0的时候, 提示错误信息</td>
+   </tr>   
+</table>
+
+
+
+### 获取设备最新上报信息
+
+1. 设备从云端接收最新消息使用的 Topic：
+   - 请求 Topic： `$thing/up/property/{ProductID}/{DeviceName}`
+   - 响应 Topic： `$thing/down/property/{ProductID}/{DeviceName}`
+2. 请求
+ - 请求消息格式：
+```
+{
+		"method": "get_status",
+		"clientToken": "123",
+		"type" : "report", 
+		"showmeta": 0
+}
+```
+ - 请求参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>get_status</td>
+      <td>String</td>
+      <td>get_status 表示获取设备最新上报的信息</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据，用于请求响应消息的对比。</td>
+   </tr>
+	 <tr>
+      <td>type</td>
+      <td>String</td>
+      <td>表示获取什么类型的信息。report 表示设备上报的信息</td>
+   </tr>
+	   <tr>
+      <td>showmeta</td>
+      <td>Integer</td>
+      <td>标识回复消息是否带 metadata，缺省为0表示不返回 metadata</td>
+   </tr>
+</table>
+3. 响应
+ - 响应消息格式： 
+
+```
+{
+   	"method": "get_status_reply",
+       "code": 0,
+	   "clientToken": "123",
+	   "type": "report",
+   	"data": {
+		   "report": {
+		         "power_switch": 1,
+                 "color": 1,
+                 "brightness": 66	
+		   }
+    	}
+}
+```
+
+ - 响应参数
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>get_status_reply</td>
+      <td>String</td>
+      <td>表示获取设备最新上报信息的 reply 消息</td>
+   </tr>
+	 <tr>
+      <td>code</td>
+      <td>Integer</td>
+      <td>0标识云端成功收到设备上报的属性</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据，用于请求响应消息的对比。</td>
+   </tr>
+	 <tr>
+      <td>type</td>
+      <td>String</td>
+      <td>表示获取什么类型的信息。report 表示设备上报的信息</td>
+   </tr>
+	   <tr>
+      <td>data</td>
+      <td>JSON</td>
+      <td>返回具体设备上报的最新数据内容</td>
+   </tr>
+</table>
+
+
+
+### 设备事件上报
+
+1. 当设备需要向云端上报事件时，开发平台为设备设定了默认的 Topic：
+   - 上行请求 Topic： `$thing/up/event/<产品>/<设备>`
+   - 上行响应 Topic： `$thing/down/event/<产品>/<设备>`
+2. 请求
+ - 设备端请求报文示例：    
+```
+{
+		"method":"event_post",
+		"clientToken":"123",
+		"version":"1.0",
+		"eventId":"PowerAlarm",
+		"type":"fatal",
+		"timestamp":1212121221,
+		"params":{
+		"Voltage":2.8,
+		"Percent":20
+        }
+}
+```
+ - 请求参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>event_post 表示事件上报。</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据, 用于请求响应消息的对比。</td>
+   </tr>
+   <tr>
+      <td>version</td>
+      <td>String</td>
+      <td>协议版本，默认为1.0。</td>
+   </tr>
+   <tr>
+      <td>eventId</td>
+      <td>String</td>
+      <td>事件的 ID，在数据模板事件中定义。</td>
+   </tr>
+   <tr>
+      <td>params</td>
+      <td>String</td>
+      <td>事件的参数，在数据模板事件中定义。</td>
+   </tr>
+   <tr>
+      <td>timestamp</td>
+      <td>Integer</td>
+      <td>事件上报的时间，不填写该字段表示就使用事件上报本身的时间。</td>
+   </tr>
+</table>
+3. 响应
+ - 响应消息格式： 
+
+```
+{
+		"method": "event_reply",
+		"clientToken": "123",
+		"version": "1.0",
+		"code": 0,
+		"status": "some message wher error",
+		"data": {}
+}
+```
+
+ - 响应参数：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>event_reply 表示是云端返回设备端的响应。</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据, 用于请求响应消息的对比。</td>
+   </tr>
+   <tr>
+      <td>version</td>
+      <td>String</td>
+      <td>协议版本，默认为1.0。</td>
+   </tr>
+   <tr>
+      <td>code</td>
+      <td>Integer</td>
+      <td>事件上报结果，0表示成功。</td>
+   </tr>
+   <tr>
+      <td>status</td>
+      <td>String</td>
+      <td>事件上报结果描述。</td>
+   </tr>
+   <tr>
+      <td>data</td>
+      <td>JSON</td>
+      <td>事件上报返回的内容。</td>
+   </tr>
+</table>
+
+
+### 设备行为调用
+
+1. 当应用通过云端向设备发起某个行为调用时，开发平台为设备行为的处理设定了默认的 Topic：
+   - 应用调用设备行为 Topic： `$thing/down/action/<产品>/<设备>`
+   - 设备响应行为执行结果 Topic： `$thing/up/action/<产品>/<设备>`
+2. 请求
+ - 应用端发起设备行为调用报文示例：    
+```
+{
+		"method": "action",
+		"clientToken": "20a4ccfd-d308-11e9-86c6-5254008a4f10",
+		"actionId": "openDoor",
+		"timestamp": 1212121221,
+		"params": {
+		"userid": "323343"	
+	    }
+}
+```
+ - 请求参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>action 表示是调用设备的某个行为</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据, 用于请求响应消息的对比。</td>
+   </tr>
+   <tr>
+      <td>actionId</td>
+      <td>String</td>
+      <td>actionId 是数据模板中的行为标识符，由开发者自行根据设备的应用场景定义</td>
+   </tr>  
+     <tr>
+      <td>timestamp</td>
+      <td>Integer</td>
+      <td>行为调用的当前时间</td>
+   </tr>
+   <tr>
+      <td>params</td>
+      <td>String</td>
+      <td>行为的调用参数，在数据模板的行为中定义。</td>
+   </tr> 
+</table>
+3. 响应
+ - 响应消息格式：  
+```
+{
+		"method": "action_reply",
+		"clientToken": "20a4ccfd-d308-11e9-86c6-5254008a4f10",
+		"code": 0,
+		"status": "some message wher error",
+		"response": {
+		"Code":  0
+        }
+}
+```
+
+ - 响应参数：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>action_reply 表示是设备端执行完指定的行为向云端回复的响应</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据, 用于请求响应消息的对比。</td>
+   </tr>
+ 
+   <tr>
+      <td>code</td>
+      <td>Integer</td>
+      <td>行为执行结果，0表示成功。</td>
+   </tr>
+   <tr>
+      <td>status</td>
+      <td>String</td>
+      <td>行为执行失败后的错误信息描述。</td>
+   </tr>
+   <tr>
+      <td>response</td>
+      <td>JSON</td>
+      <td>设备行为中定义的返回参数，设备行为执行成功后，向云端返回执行结果</td>
+   </tr>
+</table>

docs/数据模板开发/数据模板应用开发.md

@@ -0,0 +1,141 @@
+##  数据模板业务逻辑开发
+数据模板示例data_template_sample.c已实现数据、事件收发及响应的通用处理框架。可以基于此示例开发业务逻辑，上下行业务逻辑添加的入口函数分别为 deal_up_stream_user_logic 、deal_down_stream_user_logic。可以参考智能灯的场景示例 light_data_template_sample.c 添加业务处理逻辑。
+
+- 属性
+  属性即对设备能力的描述，譬如智能灯，通过 `开关`、`颜色`、`亮度`三个属性实现对智能灯的能力描述，通过对属性的修改即可实现对设备的控制。
+
+- 事件
+ 设备发生特定情况，譬如灯的开关状态发生了变化，上报事件。应用侧收到事件后按预设逻辑推送事件。
+ 
+- 行为
+  控制设备执行特定的行为，并将执行的结果返回。行为与属性的区别，概念上行为是数据和方法的组合，行为有执行结果的返回。属性只有数据，修改属性后设备侧是否执行成功很难在属性本身体现。
+
+数据模板示例data_template_sample.c已实现属性、事件、动作的通用处理框架。可以基于此示例开发业务逻辑，上下行业务逻辑添加的入口函数分别为 deal_up_stream_user_logic 、deal_down_stream_user_logic。可以参考智能灯的场景示例 light_data_template_sample.c 添加业务处理逻辑。
+
+
+### 下行业务逻辑实现
+- 服务端下行的数据，SDK已按数据模板协议完成了json数据的解析。ProductDataDefine是第三步中根据在平台定义的产品数据模板生成的模板结构体，由定义的各属性构成成员变量。入参pData所指向的属性数据，从服务端下行数据中，SDK已经按数据模板协议完成了属性数据的解析，用户在下行逻辑处理的函数里边可以直接使用解析好的数据添加业务逻辑即可。
+- 用户根据数据模板数据pData进行相应的业务逻辑处理。
+```
+/*用户需要实现的下行数据的业务逻辑,pData除字符串变量已实现用户定义的所有其他变量值解析赋值，待用户实现业务逻辑*/
+static void deal_down_stream_user_logic(void *client, ProductDataDefine   * pData)
+{
+	Log_d("someting about your own product logic wait to be done");
+}
+```
+
+- 示例用法:
+
+```
+/*智能灯属性数据模板*/
+typedef struct _ProductDataDefine {
+    TYPE_DEF_TEMPLATE_BOOL m_light_switch; 
+    TYPE_DEF_TEMPLATE_ENUM m_color;
+    TYPE_DEF_TEMPLATE_INT  m_brightness;
+    TYPE_DEF_TEMPLATE_STRING m_name[MAX_STR_NAME_LEN+1];
+} ProductDataDefine; 
+
+/*示例灯光控制处理逻辑*/
+static void deal_down_stream_user_logic(void *client,ProductDataDefine *light)
+{
+	int i;
+    const char * ansi_color = NULL;
+    const char * ansi_color_name = NULL;
+    char brightness_bar[]      = "||||||||||||||||||||";
+    int brightness_bar_len = strlen(brightness_bar);
+
+	/*灯光颜色*/
+	switch(light->m_color) {
+	    case eCOLOR_RED:
+	        ansi_color = ANSI_COLOR_RED;
+	        ansi_color_name = " RED ";
+	        break;
+	    case eCOLOR_GREEN:
+	        ansi_color = ANSI_COLOR_GREEN;
+	        ansi_color_name = "GREEN";
+	        break;
+	    case eCOLOR_BLUE:
+	        ansi_color = ANSI_COLOR_BLUE;
+	        ansi_color_name = " BLUE";
+	        break;
+	    default:
+	        ansi_color = ANSI_COLOR_YELLOW;
+	        ansi_color_name = "UNKNOWN";
+	        break;
+	}
+
+
+	/* 灯光亮度显示条 */		    
+    brightness_bar_len = (light->m_brightness >= 100)?brightness_bar_len:(int)((light->m_brightness * brightness_bar_len)/100);
+    for (i = brightness_bar_len; i < strlen(brightness_bar); i++) {
+        brightness_bar[i] = '-';
+    }
+
+	if(light->m_light_switch){
+        /* 灯光开启式，按照控制参数展示 */
+		HAL_Printf( "%s[  lighting  ]|[color:%s]|[brightness:%s]|[%s]\n" ANSI_COLOR_RESET,\
+					ansi_color,ansi_color_name,brightness_bar,light->m_name);
+	}else{
+		/* 灯光关闭展示 */
+		HAL_Printf( ANSI_COLOR_YELLOW"[  light is off ]|[color:%s]|[brightness:%s]|[%s]\n" ANSI_COLOR_RESET,\
+					ansi_color_name,brightness_bar,light->m_name);	
+	}
+	
+#ifdef EVENT_POST_ENABLED 
+	if(eCHANGED == sg_DataTemplate[0].state){
+		if(light->m_light_switch){	
+			memset(sg_message, 0, MAX_EVENT_STR_MESSAGE_LEN);
+			strcpy(sg_message,"light on");
+			sg_status = 1;
+		}else{
+			memset(sg_message, 0, MAX_EVENT_STR_MESSAGE_LEN);
+			strcpy(sg_message,"light off");
+			sg_status = 0;			
+		}
+		IOT_Event_setFlag(client, FLAG_EVENT0);/*灯的开关状态发生变化时置位事件，在eventPostCheck中会将置位的事件上报*/
+	}
+#endif	
+}
+```
+
+###  上行业务逻辑实现
+
+- SDK提供了属性、事件、行为的上行接口，用户可以按数据模板协议自行构造数据，然后调用接口上报相应数据。
+ 1. 属性上报接口`IOT_Template_Report`
+ 2. 事件上报接口`IOT_Post_Event`
+ 3. 行为回复接口`IOT_ACTION_REPLY`
+ 4. 
+- 数据模板示例data_template_sample.c已提供了属性、事件、行为数据构造和上报的框架。
+ 1. 对于属性上报，修改对应的属性参数，调用数据模板的属性状态设置的方法`set_propery_state`将属性置为已变化`eCHANGED`，用户在`deal_up_stream_user_logic`上行处理逻辑中，调用`find_wait_report_property`汇总需要上报的属性列表，框架会调用`IOT_Template_JSON_ConstructReportArray`根据属性列表构建上报数据并调用`IOT_Template_Report`实现属性上报。
+ 2. 对于事件，在事件产生的地方，调用`IOT_Event_setFlag`置位相应事件，框架会调用`eventPostCheck`将置位的事件自动上报。
+3. 对于行为，在注册的行为回调`OnActionCallback`中，添加业务逻辑执行对应的行为，根据行为执行结果，修改给行为的输出参数，调用`IOT_ACTION_REPLY`回复行为执行结果。
+
+```
+/*用户根据业务修改属性值，然后设置属性状态为eCHANGED*/
+static void _refresh_local_property(void)
+{
+	//add your local property refresh logic
+}
+
+
+/*用户需要实现的上行数据的业务逻辑,此处仅供示例*/
+static int deal_up_stream_user_logic(DeviceProperty *pReportDataList[], int *pCount)
+{
+	int i, j;
+	
+		/*监测是否需要更新本地数据*/
+		_refresh_local_property(); 
+
+		/*将变化的属性更新到上报列表*/
+     for (i = 0, j = 0; i < TOTAL_PROPERTY_COUNT; i++) {       
+        if(eCHANGED == sg_DataTemplate[i].state) {
+            pReportDataList[j++] = &(sg_DataTemplate[i].data_property);
+			sg_DataTemplate[i].state = eNOCHANGE;
+        }
+    }
+	*pCount = j;
+
+	return (*pCount > 0)?QCLOUD_RET_SUCCESS:QCLOUD_ERR_FAILURE;
+}
+
+```

docs/网关设备快速入门.md

@@ -0,0 +1,298 @@
+# 网关设备快速入门
+本文档将讲述如何在腾讯物联网开发平台(IoT Explorer)控制台申请网关设备并绑定子设备, 并结合C-SDK 的**gateway_sample**快速体验网关设备代理子设备上下线，子设备基于数据模板协议或者自定义数据，发送和接收消息。
+
+
+## 一. 控制台创建网关设备
+
+#### 1. 创建网关产品和设备
+点击页面**创建新产品**按钮, 创建一个网关产品。
+
+![](https://main.qcloudimg.com/raw/5a535db5040ac350f4033fd40071a1d7.jpg)
+
+在弹出的产品窗口中，选择节点类型和产品类型，输入产品名称，选择认证方式和数据格式，输入产品描述，然后点击确定创建
+
+在生成的产品页面下，点击**子设备管理**进行子产品和子设备绑定。
+
+![](https://main.qcloudimg.com/raw/5228791ee57d182f7adb71617c6be96a.jpg)
+
+子设备是通过网关产品代理实现子设备的鉴权和通信，网关能够代理子设备鉴权和通信的前提是在平台实现了网关和子设备的绑定操作。需要注意的是子设备是无法直连物联网平台的产品，由网关设备代理连接，所以子设备的认证方式不影响连接，由网关设备来负责认证接入。
+
+在子产品管理页面绑定子产品
+![](https://main.qcloudimg.com/raw/244dcf505fc026cb465ff26fce682d0d.jpg)
+
+在网关产品下创建网关设备，进入子设备管理，选择绑定的子产品产品，然后选择对应子产品下需要绑定的子设备
+
+![](https://main.qcloudimg.com/raw/8bad6a65baaab95d0de6eab402aeb269.jpg)
+![](https://main.qcloudimg.com/raw/1d65fe910deb0521595302ba5d54efda.jpg)
+
+#### 2. 定义子产品数据模板或者创建自定义产品
+
+网关示例代理子设备上线后，默认会订阅topic $productID/$devName/data, 并向这个topic发送数据，这个topic只有自定义透传的产品才会有data topic。
+![](https://main.qcloudimg.com/raw/26b60d86e694d23b32d7a460dd8c5794.jpg)
+![](https://main.qcloudimg.com/raw/cdb697cae207a87dda99fb89f51bd617.jpg)
+
+网关示例中，开启宏定义 `SUB_DEV_USE_DATA_TEMPLATE_LIGHT`,会代理子产品数据模板为智能灯的子设进行通信，如果开启该宏定义，请绑定一个智能灯的产品并将子产品和子设备信息分别配置到`LIGHT_SUB_DEV_PRODUCT_ID`和`LIGHT_SUB_DEV_NAME`。
+
+```
+# define SUB_DEV_USE_DATA_TEMPLATE_LIGHT
+
+# ifdef SUB_DEV_USE_DATA_TEMPLATE_LIGHT
+# define LIGHT_SUB_DEV_PRODUCT_ID    "WPDA0S6S08"
+# define LIGHT_SUB_DEV_NAME          "dev001"
+extern void* sub_dev1_thread(void *ptr, char *product_id, char *device_name);
+# endif
+```
+
+## 二. 编译运行示例程序
+
+#### 1. 配置网关和子设备信息
+修改设备信息配置device_info.json，配置网关产品、设备、密钥或者证书，配置绑定的子设备数量，对应的产品和设备名
+```
+{
+    "auth_mode":"KEY",
+
+    "productId":"PRODUCT_ID",                       //网关产品ID
+    "productSecret":"YOUR_PRODUCT_SECRET",             
+    "deviceName":"YOUR_DEV_NAME",                   //网关设备名
+
+    "key_deviceinfo":{    
+        "deviceSecret":"xxxxx"                       //密钥认证，网关设备的密钥
+    },
+
+    "cert_deviceinfo":{
+        "devCertFile":"YOUR_DEVICE_CERT_FILE_NAME",              //证书认证，网关设备的公钥证书文件名
+        "devPrivateKeyFile":"YOUR_DEVICE_PRIVATE_KEY_FILE_NAME"  //证书认证，网关设备的私钥证书文件名
+    },
+
+    "subDev":{
+        "subdev_num":6,  //子设备数量
+        "subdev_list":   //对应的子产品和子设备
+        [
+                {"sub_productId": "WPDA0S6S08", "sub_devName": "dev001"},
+                {"sub_productId": "WPDA0S6S08", "sub_devName": "dev002"},
+                {"sub_productId": "WPDA0S6S08", "sub_devName": "dev003"},
+                {"sub_productId": "Y8T6NB8DM0", "sub_devName": "test001"},
+                {"sub_productId": "Y8T6NB8DM0", "sub_devName": "test002"},
+                {"sub_productId": "Y8T6NB8DM0", "sub_devName": "test003"}               
+        ]     
+    }
+}
+```
+
+#### 2. 修改编译选项
+- 使用cmake编译，修改CMakeLists.txt(以**密钥认证设备**为例)，使能网关功能，网关会关联打开多线程功能
+
+```
+set(BUILD_TYPE                   "release")
+set(COMPILE_TOOLS                "gcc") 
+set(PLATFORM 	                "linux")
+set(FEATURE_MQTT_COMM_ENABLED ON)
+set(FEATURE_GATEWAY_ENABLED ON)
+set(FEATURE_MULTITHREAD_ENABLED ON)
+set(FEATURE_AUTH_MODE "KEY")
+
+```
+执行脚本编译
+```
+./cmake_build.sh 
+```
+示例输出位于`output/release/bin`文件夹中
+
+- 使用makefile编译，修改CMakeLists.txt(以**密钥认证设备**为例)，使能网关功能，网关会关联打开多线程功能
+
+```
+PLATFORM_CC                 	= gcc
+PLATFORM_AR                 	= ar
+PLATFORM_OS                 	= linux
+
+FEATURE_GATEWAY_ENABLED       = y
+FEATURE_MULTITHREAD_ENABLED   = y
+```
+
+执行make编译
+```
+make
+```
+示例输出位于`output/release/bin`文件夹中
+
+
+#### 3. 执行网关示例程序
+如下日志信息显示示例程序通过MQTT网关代理子设备上下线状态变化，发布和订阅消息。
+
+```
+./gateway_sample 
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(632): sub device num:6
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 0th subDevPid:BK7EEF4UIB subDevName:dev001
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 1th subDevPid:BK7EEF4UIB subDevName:dev002
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 2th subDevPid:BK7EEF4UIB subDevName:dev003
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 3th subDevPid:7P3KIFQ1JD subDevName:test001
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 4th subDevPid:7P3KIFQ1JD subDevName:test002
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 5th subDevPid:7P3KIFQ1JD subDevName:test003
+INF|2020-02-27 05:53:59|qcloud_iot_device.c|iot_device_info_set(65): SDK_Ver: 3.1.1, Product_ID: 0WUKPUCOTC, Device_Name: GW001
+DBG|2020-02-27 05:53:59|HAL_TLS_mbedtls.c|HAL_TLS_Connect(228): Setting up the SSL/TLS structure...
+DBG|2020-02-27 05:53:59|HAL_TLS_mbedtls.c|HAL_TLS_Connect(270): Performing the SSL/TLS handshake...
+DBG|2020-02-27 05:53:59|HAL_TLS_mbedtls.c|HAL_TLS_Connect(271): Connecting to /0wukpucotc.iotcloud.tencentdevices.com/8883...
+INF|2020-02-27 05:53:59|HAL_TLS_mbedtls.c|HAL_TLS_Connect(293): connected with /0wukpucotc.iotcloud.tencentdevices.com/8883...
+INF|2020-02-27 05:53:59|mqtt_client.c|IOT_MQTT_Construct(127): mqtt connect with id: piVMy success
+DBG|2020-02-27 05:53:59|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$gateway/operation/result/0WUKPUCOTC/GW001|packet_id=7213
+DBG|2020-02-27 05:53:59|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7213
+DBG|2020-02-27 05:54:00|gateway_sample.c|gateway_yield_thread(202): gateway yield thread start ...
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev001"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(BK7EEF4UIB/dev001), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:BK7EEF4UIB devName:dev001 online success.
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev002"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(BK7EEF4UIB/dev002), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:BK7EEF4UIB devName:dev002 online success.
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev003"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(BK7EEF4UIB/dev003), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:BK7EEF4UIB devName:dev003 online success.
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test001"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(7P3KIFQ1JD/test001), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:7P3KIFQ1JD devName:test001 online success.
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test002"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(7P3KIFQ1JD/test002), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:7P3KIFQ1JD devName:test002 online success.
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test003"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(7P3KIFQ1JD/test003), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:7P3KIFQ1JD devName:test003 online success.
+ERR|2020-02-27 05:54:01|gateway_sample.c|main(311): create sub_dev light thread success
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/BK7EEF4UIB/dev002|packet_id=7214
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/BK7EEF4UIB/dev003|packet_id=7215
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/7P3KIFQ1JD/test001|packet_id=7216
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/7P3KIFQ1JD/test002|packet_id=7217
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/7P3KIFQ1JD/test003|packet_id=7218
+DBG|2020-02-27 05:54:01|sub_dev001.c|sub_dev1_thread(563): sub_dev1_thread ...
+INF|2020-02-27 05:54:01|qcloud_iot_device.c|iot_device_info_set(65): SDK_Ver: 3.1.1, Product_ID: BK7EEF4UIB, Device_Name: dev001
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/BK7EEF4UIB/dev001|packet_id=7219
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/event/BK7EEF4UIB/dev001|packet_id=7220
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/action/BK7EEF4UIB/dev001|packet_id=7221
+INF|2020-02-27 05:54:01|sub_dev001.c|sub_dev1_thread(574): Cloud Device Construct Success
+DBG|2020-02-27 05:54:01|sub_dev001.c|_usr_init(337): add your init code here
+INF|2020-02-27 05:54:01|sub_dev001.c|_register_data_template_property(376): data template property=power_switch registered.
+INF|2020-02-27 05:54:01|sub_dev001.c|_register_data_template_property(376): data template property=color registered.
+INF|2020-02-27 05:54:01|sub_dev001.c|_register_data_template_property(376): data template property=brightness registered.
+INF|2020-02-27 05:54:01|sub_dev001.c|_register_data_template_property(376): data template property=name registered.
+INF|2020-02-27 05:54:01|sub_dev001.c|sub_dev1_thread(589): Register data template propertys Success
+INF|2020-02-27 05:54:01|sub_dev001.c|_register_data_template_action(277): data template action=blink registered.
+INF|2020-02-27 05:54:01|sub_dev001.c|sub_dev1_thread(599): Register data template actions Success
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7214
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7214
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7216
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7216
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7218
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7218
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7217
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7217
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7215
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7215
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7219
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7219
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7220
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7220
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7221
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7221
+DBG|2020-02-27 05:54:02|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"report_info", "clientToken":"BK7EEF4UIB-0", "params":{"module_hardinfo":"ESP8266","module_softinfo":"V1.0","fw_ver":"3.1.1","imei":"11-22-33-44","lat":"22.546015","lon":"113.941125", "device_label":{"append_info":"your self define info"}}}
+DBG|2020-02-27 05:54:02|data_template_client.c|_reply_ack_cb(169): replyAck=0
+DBG|2020-02-27 05:54:02|data_template_client.c|_reply_ack_cb(172): Received Json Document={"method":"report_info_reply","clientToken":"BK7EEF4UIB-0","code":0,"status":"success"}
+DBG|2020-02-27 05:54:02|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"get_status", "clientToken":"BK7EEF4UIB-1"}
+DBG|2020-02-27 05:54:02|data_template_client.c|_get_status_reply_ack_cb(185): replyAck=0
+DBG|2020-02-27 05:54:02|data_template_client.c|_get_status_reply_ack_cb(189): Received Json Document={"method":"get_status_reply","clientToken":"BK7EEF4UIB-1","code":0,"status":"success","data":{"reported":{"brightness":0,"name":"dev001","power_switch":1,"color":1}}}
+DBG|2020-02-27 05:54:02|sub_dev001.c|sub_dev1_thread(625): Get data status success
+DBG|2020-02-27 05:54:02|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"report", "clientToken":"BK7EEF4UIB-2", "params":{"power_switch":0,"color":0,"brightness":0,"name":""}}
+INF|2020-02-27 05:54:02|sub_dev001.c|sub_dev1_thread(666): data template reporte success
+INF|2020-02-27 05:54:02|sub_dev001.c|OnReportReplyCallback(360): recv report_reply(ack=0): {"method":"report_reply","clientToken":"BK7EEF4UIB-2","code":0,"status":"success"}
+DBG|2020-02-27 05:54:03|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev002|payload={"method":"report","clientToken":"123","params":{}}
+DBG|2020-02-27 05:54:03|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev003|payload={"method":"report","clientToken":"123","params":{}}
+DBG|2020-02-27 05:54:03|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/7P3KIFQ1JD/test001|payload={"method":"report","clientToken":"123","params":{}}
+DBG|2020-02-27 05:54:03|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/7P3KIFQ1JD/test002|payload={"method":"report","clientToken":"123","params":{}}
+DBG|2020-02-27 05:54:03|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/7P3KIFQ1JD/test003|payload={"method":"report","clientToken":"123","params":{}}
+INF|2020-02-27 05:54:03|gateway_sample.c|_message_handler(124): Receive Message With topicName:$thing/down/property/BK7EEF4UIB/dev002, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|2020-02-27 05:54:03|gateway_sample.c|_message_handler(124): Receive Message With topicName:$thing/down/property/7P3KIFQ1JD/test001, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|2020-02-27 05:54:03|gateway_sample.c|_message_handler(124): Receive Message With topicName:$thing/down/property/7P3KIFQ1JD/test002, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|2020-02-27 05:54:03|gateway_sample.c|_message_handler(124): Receive Message With topicName:$thing/down/property/7P3KIFQ1JD/test003, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|2020-02-27 05:54:03|gateway_sample.c|_message_handler(124): Receive Message With topicName:$thing/down/property/BK7EEF4UIB/dev003, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+DBG|2020-02-27 05:54:07|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"report", "clientToken":"BK7EEF4UIB-3", "params":{"power_switch":0,"color":0,"brightness":0,"name":""}}
+INF|2020-02-27 05:54:07|sub_dev001.c|sub_dev1_thread(666): data template reporte success
+INF|2020-02-27 05:54:07|sub_dev001.c|OnReportReplyCallback(360): recv report_reply(ack=0): {"method":"report_reply","clientToken":"BK7EEF4UIB-3","code":0,"status":"success"}
+```
+
+#### 4. 观察子设备上线
+如下日志信息显示示例程序的网关设备Gateway-demo通过MQTT代理6个子设备上线成功：
+
+```
+DBG|2020-01-13 16:11:24|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:24|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"WPDA0S6S08","device_name":"dev001"}]}}
+INF|2020-01-13 16:11:24|gateway_common.c|_gateway_message_handler(138): client_id(WPDA0S6S08/dev001), online result 0
+DBG|2020-01-13 16:11:25|gateway_sample.c|main(282): subDev Pid:WPDA0S6S08 devName:dev001 online success.
+DBG|2020-01-13 16:11:25|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:25|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"WPDA0S6S08","device_name":"dev002"}]}}
+INF|2020-01-13 16:11:25|gateway_common.c|_gateway_message_handler(138): client_id(WPDA0S6S08/dev002), online result 0
+DBG|2020-01-13 16:11:25|gateway_sample.c|main(282): subDev Pid:WPDA0S6S08 devName:dev002 online success.
+DBG|2020-01-13 16:11:25|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:25|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"WPDA0S6S08","device_name":"dev003"}]}}
+INF|2020-01-13 16:11:25|gateway_common.c|_gateway_message_handler(138): client_id(WPDA0S6S08/dev003), online result 0
+DBG|2020-01-13 16:11:25|gateway_sample.c|main(282): subDev Pid:WPDA0S6S08 devName:dev003 online success.
+DBG|2020-01-13 16:11:25|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:25|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"Y8T6NB8DM0","device_name":"test001"}]}}
+INF|2020-01-13 16:11:25|gateway_common.c|_gateway_message_handler(138): client_id(Y8T6NB8DM0/test001), online result 0
+DBG|2020-01-13 16:11:25|gateway_sample.c|main(282): subDev Pid:Y8T6NB8DM0 devName:test001 online success.
+DBG|2020-01-13 16:11:25|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:25|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"Y8T6NB8DM0","device_name":"test002"}]}}
+INF|2020-01-13 16:11:25|gateway_common.c|_gateway_message_handler(138): client_id(Y8T6NB8DM0/test002), online result 0
+DBG|2020-01-13 16:11:25|gateway_sample.c|main(282): subDev Pid:Y8T6NB8DM0 devName:test002 online success.
+DBG|2020-01-13 16:11:25|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:25|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"Y8T6NB8DM0","device_name":"test003"}]}}
+INF|2020-01-13 16:11:25|gateway_common.c|_gateway_message_handler(138): client_id(Y8T6NB8DM0/test003), online result 0
+DBG|2020-01-13 16:11:26|gateway_sample.c|main(282): subDev Pid:Y8T6NB8DM0 devName:test003 online success.
+
+```
+
+#### 5. 观察子设备下线
+如下日志信息显示示例程序的网关设备Gateway-demo通过MQTT代理子设备下线成功：
+````
+DBG|2020-02-27 05:58:49|gateway_sample.c|main(388): subDev Pid:BK7EEF4UIB devName:dev002 offline success.
+DBG|2020-02-27 05:58:49|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"offline","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev003"}]}}
+INF|2020-02-27 05:58:49|gateway_common.c|_gateway_message_handler(143): client_id(BK7EEF4UIB/dev003), offline result 0
+DBG|2020-02-27 05:58:49|gateway_sample.c|main(388): subDev Pid:BK7EEF4UIB devName:dev003 offline success.
+DBG|2020-02-27 05:58:49|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"offline","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test001"}]}}
+INF|2020-02-27 05:58:49|gateway_common.c|_gateway_message_handler(143): client_id(7P3KIFQ1JD/test001), offline result 0
+DBG|2020-02-27 05:58:49|gateway_sample.c|main(388): subDev Pid:7P3KIFQ1JD devName:test001 offline success.
+DBG|2020-02-27 05:58:49|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"offline","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test002"}]}}
+INF|2020-02-27 05:58:49|gateway_common.c|_gateway_message_handler(143): client_id(7P3KIFQ1JD/test002), offline result 0
+DBG|2020-02-27 05:58:49|gateway_sample.c|main(388): subDev Pid:7P3KIFQ1JD devName:test002 offline success.
+DBG|2020-02-27 05:58:49|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"offline","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test003"}]}}
+INF|2020-02-27 05:58:49|gateway_common.c|_gateway_message_handler(143): client_id(7P3KIFQ1JD/test003), offline result 0
+DBG|2020-02-27 05:58:49|gateway_sample.c|main(388): subDev Pid:7P3KIFQ1JD devName:test003 offline success.
+
+```
+#### 6. 观察网关发送接收子设备的消息
+通过控制台控制智能灯子设备开关状态、灯光颜色和亮度，如下日志信息
+```
+DBG|2020-02-27 06:02:19|data_template_client_manager.c|_on_template_downstream_topic_handler(527): control_str:{"power_switch":1,"brightness":50}
+INF|2020-02-27 06:02:19|sub_dev001.c|OnControlMsgCallback(349): Property=brightness changed
+INF|2020-02-27 06:02:19|sub_dev001.c|OnControlMsgCallback(349): Property=power_switch changed
+[  lighting  ]|[color: RED ]|[brightness:||||||||||----------]|[]
+DBG|2020-02-27 06:02:19|data_template_client.c|IOT_Template_ControlReply(698): Report Document: {"code":0, "clientToken":"clientToken-db6220ff-ab9f-4655-945d-dd14b6e3498d"}
+DBG|2020-02-27 06:02:19|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"control_reply", "code":0, "clientToken":"clientToken-db6220ff-ab9f-4655-945d-dd14b6e3498d"}
+DBG|2020-02-27 06:02:19|sub_dev001.c|sub_dev1_thread(649): Contol msg reply success
+```
+#### 6. 观察网关代理子设备发送消息
+智能灯子设备会周期上报，开关状态发生变化会上报事件
+```
+DBG|2020-02-27 06:02:19|mqtt_client_publish.c|qcloud_iot_mqtt_publish(334): publish topic seq=58053|topicName=$thing/up/event/BK7EEF4UIB/dev001|payload={"method":"event_post", "clientToken":"BK7EEF4UIB-8", "eventId":"status_report", "type":"info", "timestamp":0, "params":{"status":1,"message":"light on"}}
+INF|2020-02-27 06:02:19|gateway_sample.c|_event_handler(101): publish success, packet-id=58053
+INF|2020-02-27 06:02:19|sub_dev001.c|OnReportReplyCallback(360): recv report_reply(ack=0): {"method":"report_reply","clientToken":"BK7EEF4UIB-7","code":0,"status":"success"}
+DBG|2020-02-27 06:02:19|data_template_event.c|_on_event_reply_callback(105): recv:{"method":"event_reply","clientToken":"BK7EEF4UIB-8","code":0,"status":"","data":{}}
+DBG|2020-02-27 06:02:19|data_template_event.c|_on_event_reply_callback(123): eventToken:BK7EEF4UIB-8 code:0 status:(null)
+DBG|2020-02-27 06:02:19|sub_dev001.c|event_post_cb(169): recv event reply, clear event
+DBG|2020-02-27 06:02:19|data_template_event.c|_traverse_event_list(79): eventToken[BK7EEF4UIB-8] released
+DBG|2020-02-27 06:02:21|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"report", "clientToken":"BK7EEF4UIB-9", "params":{"power_switch":1,"color":0,"brightness":50,"name":""}}
+INF|2020-02-27 06:02:21|sub_dev001.c|sub_dev1_thread(666): data template reporte success
+INF|2020-02-27 06:02:21|sub_dev001.c|OnReportReplyCallback(360): recv report_reply(ack=0): {"method":"report_reply","clientToken":"BK7EEF4UIB-9","code":0,"status":"success"}
+```

docs/设备固件升级.md

@@ -0,0 +1,129 @@
+## 操作场景
+设备固件升级又称 OTA，是物联网通信服务的重要组成部分。当物联设备有新功能或者需要修复漏洞时，设备可以通过 OTA 服务快速的进行固件升级。
+
+
+## 实现原理
+固件升级的过程中，需要设备订阅下面两个 Topic 来实现与云端的通信，如下图所示：
+![OTA topic](https://main.qcloudimg.com/raw/0046e2a294c541e109fc0b6829d180cc.jpg)
+示例：
+```php
+$ota/report/${productID}/${deviceName}
+用于发布（上行）消息，设备上报版本号及下载、升级进度到云端
+$ota/update/${productID}/${deviceName}
+用于订阅（下行）消息，设备接收云端的升级消息
+```
+
+
+## 操作流程
+设备的升级流程如下所示：
+![OTA 时序图](https://main.qcloudimg.com/raw/a2f10ab90959a23b1675201b1e2311e0.jpg)
+1. 设备上报当前版本号。设备端通过 MQTT 协议发布一条消息到 Topic `$ota/report/${productID/${deviceName}`，进行版本号的上报，消息为 json 格式，内容如下：
+```json
+{
+	"type": "report_version",
+	"report":{
+    	"version": "0.1"
+	}
+}
+// type：消息类型
+// version：上报的版本号
+```
+2. 然后您可以在控制台上传固件。
+3. 在控制台将指定的设备升级到指定的版本。
+4. 触发固件升级操作后，设备端会通过订阅的 Topic  `$ota/update/${productID}/${deviceName}` 收到固件升级的消息，内容如下：
+``` json
+{
+    "file_size": 708482,
+    "md5sum": "36eb5951179db14a631463a37a9322a2",
+    "type": "update_firmware",
+    "url": "https://ota-1255858890.cos.ap-guangzhou.myqcloud.com",
+    "version": "0.2"
+}
+// type：消息类型为update_firmware
+// version：升级版本
+// url：下载固件的url
+// md5asum：固件的MD5值
+// file_size：固件大小，单位为字节
+```
+5. 设备在收到固件升级的消息后，根据 URL 下载固件，下载的过程中设备 SDK 会通过 Topic `$ota/report/${productID}/${deviceName}`不断的上报下载进度，上报的内容如下： 
+```json
+{
+    "type": "report_progress",
+    "report":{
+        "progress":{
+               "state":"downloading",
+          	   "percent":"10",
+               "result_code":"0",
+               "result_msg":""
+        },
+        "version": "0.2"
+    }
+}
+// type：消息类型
+// state：状态为正在下载中
+// percent：当前下载进度，百分比
+```
+6. 当设备下载完固件，设备需要通过 Topic  `$ota/report/${productID}/${deviceName}`上报一条开始升级的消息，内容如下：
+```json
+{
+    "type": "report_progress",
+    "report":{
+        "progress":{
+               "state":"burning",
+               "result_code":"0",
+               "result_msg":""
+        },
+        "version": "0.2"
+    }
+}
+// type：消息类型
+// state：状态为烧制中
+```
+7. 设备固件升级完成后，再向 Topic  `$ota/report/${productID}/${deviceName}`上报升级成功消息，内容如下：
+```json
+{
+	"type": "report_progress",
+	"report":{
+		"progress":{
+       		"state":"done",
+       		"result_code":"0",
+       		"result_msg":""
+		},
+		"version": "0.2"
+	}
+}
+// type：消息类型
+// state：状态为已完成
+```
+
+>!在下载固件或升级固件的过程中，如果失败，则通过 Topic  `$ota/report/${productID}/${deviceName}`上报升级失败消息，内容如下：
+
+```json
+{
+	"type": "report_progress",
+	"report":{
+		"progress":{
+       		"state":"fail",
+       		"result_code":"-1",
+       		"result_msg":"time_out"
+		},
+		"version": "0.2"
+	}
+}
+// state：状态为失败
+// result_code：错误码，-1：下载超时；-2：文件不存在；-3：签名过期；-4:MD5不匹配；-5：更新固件失败
+// result_msg：错误消息
+```
+
+## OTA断点续传
+物联网设备有部分场景处于弱网环境，在这个场景下连接会不稳定，固件下载会中断的情况出现。如果每次都从0偏移开始下载固件，则弱网环境有可能一直无法完成全部固件下载，因此固件的断点续传功能特别必要。
+
+断点续传就是从文件上次中断的地方开始重新下载或上传，要实现断点续传的功能，需要设备端记录固件下载的中断位置，同时记录下载固件的md5、文件大小、版本信息。
+
+平台针对OTA中断的场景，设备侧report设备的版本，如果上报的版本号与要升级的目标版本号不一致，则平台会再次下发固件升级消息，设备获取到升级的目标固件的信息与本地记录的中断的固件信息比较，确定为同一固件后，基于断点继续下载。
+
+SDK提供的OTA sample示例了断点续传的断点记录及续传实现，示例是基于json文件实现记录描述，对于没有文件系统的修改这部分实现即可。
+
+带断点续传的OTA升级流程如下，弱网环境下第3步到第6步有可能会多次执行，没有执行第7步，执行第3步，设备端都会收到第4步的消息。
+
+![OTA 断点续传时序图](https://main.qcloudimg.com/raw/5d17e84352b59ea448fb95824ea53e6d.jpg)

ports/rtthread/HAL_Device_rtthread.c

@@ -0,0 +1,181 @@
+/*
+ * Tencent is pleased to support the open source community by making IoT Hub available.
+ * Copyright (C) 2016 THL A29 Limited, a Tencent company. All rights reserved.
+
+ * Licensed under the MIT License (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://opensource.org/licenses/MIT
+
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is
+ * distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <rtthread.h>
+#include "rtconfig.h"
+
+#include "qcloud_iot_import.h"
+#include "qcloud_iot_export.h"
+#include "utils_param_check.h"
+
+
+
+/* Enable this macro (also control by cmake) to use static string buffer to store device info */
+/* To use specific storing methods like files/flash, disable this macro and implement dedicated methods */
+#define DEBUG_DEV_INFO_USED
+
+#ifdef DEBUG_DEV_INFO_USED
+/* product Id  */
+static char sg_product_id[MAX_SIZE_OF_PRODUCT_ID + 1]    = PKG_USING_TENCENT_IOT_EXPLORER_PRODUCT_ID;
+
+/* device name */
+static char sg_device_name[MAX_SIZE_OF_DEVICE_NAME + 1]  = PKG_USING_TENCENT_IOT_EXPLORER_DEVICE_NAME;
+
+#ifdef DEV_DYN_REG_ENABLED
+/* product secret for device dynamic Registration  */
+static char sg_product_secret[MAX_SIZE_OF_PRODUCT_SECRET + 1]  = PKG_USING_TENCENT_IOT_EXPLORER_PRODUCT_SECRET;
+#endif
+
+#ifdef AUTH_MODE_CERT
+/* public cert file name of certificate device */
+static char sg_device_cert_file_name[MAX_SIZE_OF_DEVICE_CERT_FILE_NAME + 1]      = "YOUR_DEVICE_NAME_cert.crt";
+/* private key file name of certificate device */
+static char sg_device_privatekey_file_name[MAX_SIZE_OF_DEVICE_SECRET_FILE_NAME + 1] = "YOUR_DEVICE_NAME_private.key";
+#else
+/* device secret of PSK device */
+static char sg_device_secret[MAX_SIZE_OF_DEVICE_SECRET + 1] = PKG_USING_TENCENT_IOT_EXPLORER_DEVICE_SECRET;
+#endif
+
+#ifdef GATEWAY_ENABLED
+
+static DeviceInfo sg_subdevList[] = {
+    {.product_id = "BK7EEF4UIB", .device_name = "dev01"},
+    {.product_id = "BK7EEF4UIB", .device_name = "dev02"},
+    {.product_id = "BK7EEF4UIB", .device_name = "dev03"},
+
+    {.product_id = "7P3KIFQ1JD", .device_name = "test01"},
+    {.product_id = "7P3KIFQ1JD", .device_name = "test02"},
+    {.product_id = "7P3KIFQ1JD", .device_name = "test03"}
+};
+	
+#endif
+
+static int device_info_copy(void *pdst, void *psrc, uint8_t max_len)
+{
+    if (strlen(psrc) > max_len) {
+        return QCLOUD_ERR_FAILURE;
+    }
+    memset(pdst, '\0', max_len);
+    strncpy(pdst, psrc, max_len);
+    return QCLOUD_RET_SUCCESS;
+}
+
+#endif
+
+int HAL_SetDevInfo(void *pdevInfo)
+{
+    POINTER_SANITY_CHECK(pdevInfo, QCLOUD_ERR_DEV_INFO);
+    int ret;
+    DeviceInfo *devInfo = (DeviceInfo *)pdevInfo;
+
+#ifdef DEBUG_DEV_INFO_USED
+    ret  = device_info_copy(sg_product_id, devInfo->product_id, MAX_SIZE_OF_PRODUCT_ID);//set product ID
+    ret |= device_info_copy(sg_device_name, devInfo->device_name, MAX_SIZE_OF_DEVICE_NAME);//set dev name
+
+#ifdef  AUTH_MODE_CERT
+    ret |= device_info_copy(sg_device_cert_file_name, devInfo->dev_cert_file_name, MAX_SIZE_OF_DEVICE_CERT_FILE_NAME);//set dev cert file name
+    ret |= device_info_copy(sg_device_privatekey_file_name, devInfo->dev_key_file_name, MAX_SIZE_OF_DEVICE_SECRET_FILE_NAME);//set dev key file name
+#else
+    ret |= device_info_copy(sg_device_secret, devInfo->device_secret, MAX_SIZE_OF_DEVICE_SECRET);//set dev secret
+#endif
+
+#else
+    Log_e("HAL_SetDevInfo not implement yet");
+    ret = QCLOUD_ERR_DEV_INFO;
+#endif
+
+    if (QCLOUD_RET_SUCCESS != ret) {
+        Log_e("Set device info err");
+        ret = QCLOUD_ERR_DEV_INFO;
+    }
+    return ret;
+}
+
+int HAL_GetDevInfo(void *pdevInfo)
+{
+    POINTER_SANITY_CHECK(pdevInfo, QCLOUD_ERR_DEV_INFO);
+    int ret;
+    DeviceInfo *devInfo = (DeviceInfo *)pdevInfo;
+    memset((char *)devInfo, '\0', sizeof(DeviceInfo));
+
+#ifdef DEBUG_DEV_INFO_USED
+    ret  = device_info_copy(devInfo->product_id, sg_product_id, MAX_SIZE_OF_PRODUCT_ID);//get product ID
+    ret |= device_info_copy(devInfo->device_name, sg_device_name, MAX_SIZE_OF_DEVICE_NAME);//get dev name
+
+#ifdef DEV_DYN_REG_ENABLED
+    ret |= device_info_copy(devInfo->product_secret, sg_product_secret, MAX_SIZE_OF_PRODUCT_SECRET );//get product ID
+#endif
+
+#ifdef  AUTH_MODE_CERT
+    ret |= device_info_copy(devInfo->dev_cert_file_name, sg_device_cert_file_name, MAX_SIZE_OF_DEVICE_CERT_FILE_NAME);//get dev cert file name
+    ret |= device_info_copy(devInfo->dev_key_file_name, sg_device_privatekey_file_name, MAX_SIZE_OF_DEVICE_SECRET_FILE_NAME);//get dev key file name
+#else
+    ret |= device_info_copy(devInfo->device_secret, sg_device_secret, MAX_SIZE_OF_DEVICE_SECRET);//get dev secret
+#endif
+
+#else
+    Log_e("HAL_GetDevInfo not implement yet");
+    ret = QCLOUD_ERR_DEV_INFO;
+#endif
+
+    if (QCLOUD_RET_SUCCESS != ret) {
+        Log_e("Get device info err");
+        ret = QCLOUD_ERR_DEV_INFO;
+    }
+    return ret;
+}
+
+#ifdef GATEWAY_ENABLED
+int HAL_GetGwDevInfo(void *pgwDeviceInfo)
+{
+    POINTER_SANITY_CHECK(pgwDeviceInfo, QCLOUD_ERR_DEV_INFO);
+    int ret;
+    int i;
+
+    GatewayDeviceInfo *gwDevInfo = (GatewayDeviceInfo *)pgwDeviceInfo;
+    memset((char *)gwDevInfo, 0, sizeof(GatewayDeviceInfo));
+
+#ifdef DEBUG_DEV_INFO_USED
+    ret  = HAL_GetDevInfo(&(gwDevInfo->gw_info));//get gw dev info
+    if (sizeof(sg_subdevList) / sizeof(sg_subdevList[0]) > MAX_NUM_SUB_DEV) {
+        gwDevInfo->sub_dev_num = MAX_NUM_SUB_DEV;
+    } else {
+        gwDevInfo->sub_dev_num = sizeof(sg_subdevList) / sizeof(sg_subdevList[0]);
+    }
+
+    for (i = 0; i < gwDevInfo->sub_dev_num; i++) {
+        //copy sub dev info
+        ret = device_info_copy(gwDevInfo->sub_dev_info[i].product_id, sg_subdevList[i].product_id, MAX_SIZE_OF_PRODUCT_ID);
+        ret |= device_info_copy(gwDevInfo->sub_dev_info[i].device_name, sg_subdevList[i].device_name, MAX_SIZE_OF_DEVICE_NAME);
+    }
+#endif
+
+    if (QCLOUD_RET_SUCCESS != ret) {
+        Log_e("Get gateway device info err");
+        ret = QCLOUD_ERR_DEV_INFO;
+    } else {
+        Log_d("sub device num:%d", gwDevInfo->sub_dev_num);
+        for (i = 0; i < gwDevInfo->sub_dev_num; i++) {
+            Log_d("%dth subDevPid:%s subDevName:%s", i, gwDevInfo->sub_dev_info[i].product_id, gwDevInfo->sub_dev_info[i].device_name);
+        }
+    }
+    return ret;
+}
+
+#endif

ports/rtthread/HAL_OS_rtthread.c

@@ -0,0 +1,185 @@
+/*
+ * Tencent is pleased to support the open source community by making IoT Hub available.
+ * Copyright (C) 2016 THL A29 Limited, a Tencent company. All rights reserved.
+
+ * Licensed under the MIT License (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://opensource.org/licenses/MIT
+
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is
+ * distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+#include <stdarg.h>
+#include <string.h>
+#include <rtthread.h>
+#include "rtconfig.h"
+#include "qcloud_iot_import.h"
+#include "qcloud_iot_export.h"
+
+
+#define HAL_OS_LOG_MAXLEN   1024
+static uint16_t g_mutex_count = 0;
+
+
+
+void HAL_Printf(_IN_ const char *fmt, ...)
+{
+    va_list args;
+    char log_buf[HAL_OS_LOG_MAXLEN];
+
+    va_start(args, fmt);
+    rt_vsnprintf(log_buf, HAL_OS_LOG_MAXLEN, fmt, args);
+    va_end(args);
+    printf("%s", log_buf);
+}
+
+
+int HAL_Snprintf(_IN_ char *str, const int len, const char *fmt, ...)
+{
+    va_list args;
+    int rc;
+
+    va_start(args, fmt);
+    rc = vsnprintf(str, len, fmt, args);
+    va_end(args);
+
+    return rc;
+}
+
+
+int HAL_Vsnprintf(_IN_ char *str, _IN_ const int len, _IN_ const char *format, va_list ap)
+{
+    return vsnprintf(str, len, format, ap);
+}
+
+
+void *HAL_MutexCreate(void)
+{
+    rt_mutex_t mutex;
+    char mutexName[RT_NAME_MAX];
+
+    memset(mutexName, 0, RT_NAME_MAX);
+    HAL_Snprintf(mutexName, RT_NAME_MAX, "tmutex_%d", g_mutex_count++);
+    mutex = rt_mutex_create(mutexName, RT_IPC_FLAG_FIFO);
+    if (NULL == mutex) {
+        HAL_Printf("create mutex failed");
+
+    }
+
+    return mutex;
+}
+
+void HAL_MutexDestroy(_IN_ void *mutex)
+{
+    int err_num;
+
+    err_num = rt_mutex_delete((rt_mutex_t)mutex);
+
+    if (0 != err_num) {
+        HAL_Printf("destroy mutex failed");
+    }
+}
+
+void HAL_MutexLock(_IN_ void *mutex)
+{
+    int err_num;
+
+    err_num = rt_mutex_take((rt_mutex_t)mutex, RT_WAITING_FOREVER);
+
+    if (0 != err_num) {
+        HAL_Printf("lock mutex failed");
+    }
+}
+
+void HAL_MutexUnlock(_IN_ void *mutex)
+{
+    int err_num;
+
+    err_num = rt_mutex_release((rt_mutex_t)mutex);
+
+    if (0 != err_num) {
+        HAL_Printf("unlock mutex failed");
+    }
+
+}
+
+int HAL_MutexTryLock(_IN_ void *mutex)
+{
+    int err_num;
+
+    err_num = rt_mutex_take((rt_mutex_t)mutex, RT_WAITING_NO);
+
+    if (0 != err_num) {
+        HAL_Printf("trylock mutex failed");
+    }
+    return err_num;
+}
+
+
+void *HAL_Malloc(_IN_ uint32_t size)
+{
+    return rt_malloc(size);
+}
+
+void HAL_Free(_IN_ void *ptr)
+{
+    rt_free(ptr);
+}
+
+void HAL_SleepMs(_IN_ uint32_t ms)
+{
+    (void)rt_thread_delay(rt_tick_from_millisecond(ms));
+}
+
+#ifdef MULTITHREAD_ENABLED
+
+// platform-dependant thread routine/entry function
+static void _HAL_thread_func_wrapper_(void *ptr)
+{
+    ThreadParams *params = (ThreadParams *)ptr;
+
+    params->thread_func(params->user_arg);
+
+//    rt_thread_delete(params->thread_id);
+}
+
+// platform-dependant thread create function
+int HAL_ThreadCreate(ThreadParams *params)
+{
+    int ret;
+
+    if (params == NULL)
+        return QCLOUD_ERR_INVAL;
+
+    if (params->thread_name == NULL) {
+        HAL_Printf("thread name is required for FreeRTOS platform!\n");
+        return QCLOUD_ERR_INVAL;
+    }
+    params->thread_id = rt_thread_create(params->thread_name, _HAL_thread_func_wrapper_, \
+                                         (void *)params, params->stack_size, params->priority, params->stack_size);
+
+    if (params->thread_id != RT_NULL) {
+        rt_thread_startup((rt_thread_t)params->thread_id);
+        ret = QCLOUD_RET_SUCCESS;
+    } else {
+        ret =  QCLOUD_ERR_FAILURE;
+    }
+
+    return ret;
+}
+
+
+int HAL_ThreadDestroy(void* threadId)
+{
+    int ret;
+    ret = rt_thread_delete((rt_thread_t)threadId);
+
+    return ret;
+}
+
+#endif
+
+

ports/rtthread/HAL_TCP_rtthread.c

@@ -0,0 +1,256 @@
+/*
+ * Tencent is pleased to support the open source community by making IoT Hub available.
+ * Copyright (C) 2016 THL A29 Limited, a Tencent company. All rights reserved.
+
+ * Licensed under the MIT License (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://opensource.org/licenses/MIT
+
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is
+ * distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+//#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+//#include <sys/select.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <netinet/tcp.h>
+#include <netdb.h>
+
+#include <rtthread.h>
+
+
+#include "qcloud_iot_import.h"
+#include "qcloud_iot_export_log.h"
+#include "qcloud_iot_export_error.h"
+
+
+static uint64_t rtthread_get_time_ms(void)
+{
+    return HAL_GetTimeMs();
+}
+
+static uint64_t rtthread_time_left(uint64_t t_end, uint64_t t_now)
+{
+    uint64_t t_left;
+
+    if (t_end > t_now) {
+        t_left = t_end - t_now;
+    } else {
+        t_left = 0;
+    }
+
+    return t_left;
+}
+
+uintptr_t HAL_TCP_Connect(const char *host, uint16_t port)
+{
+	int ret;
+	struct addrinfo hints, *addr_list, *cur;
+    int fd = 0;
+
+    char port_str[6];
+    HAL_Snprintf(port_str, 6, "%d", port);
+
+    memset(&hints, 0x00, sizeof(hints));
+    hints.ai_family = AF_INET;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_protocol = IPPROTO_TCP;
+
+    Log_d("establish tcp connection with server(host=%s port=%s)", host, port_str);
+
+    if (getaddrinfo(host, port_str, &hints, &addr_list) != 0) {
+        perror("getaddrinfo error");
+        return 0;
+    }
+
+    for (cur = addr_list; cur != NULL; cur = cur->ai_next) {
+        if (cur->ai_family != AF_INET) {
+            perror("socket type error");
+            ret = -1;
+            continue;
+        }
+    	fd = (int) socket( cur->ai_family, cur->ai_socktype, cur->ai_protocol );
+		if( fd < 0 )
+		{
+			ret = 0;
+			continue;
+		}
+
+		if (connect(fd, cur->ai_addr, cur->ai_addrlen) == 0)
+		{
+			ret = fd;
+			break;
+		}
+
+		close( fd );
+		ret = 0;
+    }
+
+    if (0 == ret) {
+        Log_e("fail to establish tcp");
+    } else {
+        Log_d("success to establish tcp, fd=%d", ret);
+    }
+
+    freeaddrinfo(addr_list);
+
+    return (uintptr_t)ret;
+}	
+
+
+int HAL_TCP_Disconnect(uintptr_t fd)
+{
+    int rc;
+
+    rc = close((int) fd);
+    if (0 != rc) {
+        perror("closesocket error");
+        return -1;
+    }
+
+    return 0;
+}
+
+
+int HAL_TCP_Write(uintptr_t fd, const unsigned char *buf, uint32_t len, uint32_t timeout_ms, size_t *written_len)
+{
+    int ret;
+    uint32_t len_sent;
+    uint64_t t_end, t_left;
+    fd_set sets;
+
+    t_end = rtthread_get_time_ms() + timeout_ms;
+    len_sent = 0;
+    ret = 1; /* send one time if timeout_ms is value 0 */
+
+    do {
+		t_left = rtthread_time_left(t_end, rtthread_get_time_ms());
+	    if (0 != t_left) {
+	        struct timeval timeout;
+
+	        FD_ZERO(&sets);
+	        FD_SET(fd, &sets);
+
+	        timeout.tv_sec = t_left / 1000;
+	        timeout.tv_usec = (t_left % 1000) * 1000;
+
+	        ret = select(fd + 1, NULL, &sets, NULL, &timeout);
+	        if (ret > 0) {
+	            if (0 == FD_ISSET(fd, &sets)) {
+	                Log_e("Should NOT arrive");
+	                /* If timeout in next loop, it will not sent any data */
+	                ret = 0;
+	                continue;
+	            }
+	        } else if (0 == ret) {
+	            Log_e("select-write timeout %d", (int)fd);
+	            break;
+	        } else {
+	            if (EINTR == errno) {
+	                Log_e("EINTR be caught");
+	                continue;
+	            }
+
+                perror("select-write fail");
+                break;
+            }
+        }
+        else {
+        	ret = QCLOUD_ERR_SSL_WRITE_TIMEOUT;
+        }
+
+	    if (ret > 0) {
+	        ret = send(fd, buf + len_sent, len - len_sent, 0);
+	        if (ret > 0) {
+	            len_sent += ret;
+	        } else if (0 == ret) {
+	            Log_e("No data be sent");
+	        } else {
+	            if (EINTR == errno) {
+	                Log_e("EINTR be caught");
+	                continue;
+	            }
+
+				ret = QCLOUD_ERR_TCP_WRITE_FAIL;
+	            perror("send fail");
+	            break;
+	        }
+	    }
+	} while ((len_sent < len) && (rtthread_time_left(t_end, rtthread_get_time_ms()) > 0));
+
+    *written_len = (size_t)len_sent;
+
+    return len_sent > 0 ? QCLOUD_RET_SUCCESS : ret;
+}
+
+
+int HAL_TCP_Read(uintptr_t fd, unsigned char *buf, uint32_t len, uint32_t timeout_ms, size_t *read_len)
+{
+    int ret, err_code;
+    uint32_t len_recv;
+    uint64_t t_end, t_left;
+    fd_set sets;
+    struct timeval timeout;
+
+
+	//Log_d("readTimeout %dms,readlen %d", timeout_ms, *read_len);
+	HAL_SleepMs(1);  //wihout delay,read seems to be blocked
+
+    t_end = rtthread_get_time_ms() + timeout_ms;
+    len_recv = 0;
+    err_code = 0;
+
+
+    do {
+	    t_left = rtthread_time_left(t_end, rtthread_get_time_ms());
+	    if (0 == t_left) {
+			err_code = QCLOUD_ERR_MQTT_NOTHING_TO_READ;
+	        break;
+	    }
+	    FD_ZERO(&sets);
+	    FD_SET(fd, &sets);
+
+	    timeout.tv_sec = t_left / 1000;
+	    timeout.tv_usec = (t_left % 1000) * 1000;
+
+	    ret = select(fd + 1, &sets, NULL, NULL, &timeout);
+	    if (ret > 0) {
+	        ret = recv(fd, buf + len_recv, len - len_recv, 0);
+	        if (ret > 0) {
+	            len_recv += ret;
+	        } else if (0 == ret) {
+	            perror("connection is closed");
+	            err_code = -1;
+	            break;
+	        } else {
+	            if (EINTR == errno) {
+	                Log_e("EINTR be caught");
+	                continue;
+	            }
+	            perror("recv fail");
+	            err_code = -2;
+	            break;
+	        }
+	    } else if (0 == ret) {
+	    	err_code = QCLOUD_ERR_MQTT_NOTHING_TO_READ;
+	        break;
+	    } else {
+	        perror("select-recv fail");
+	        err_code = -2;
+	        break;
+	    }
+	}while ((len_recv < len));
+
+    *read_len = (size_t)len_recv;
+
+    return (0 != len_recv) ? 0 : err_code;
+}

ports/rtthread/HAL_Timer_rtthread.c

@@ -0,0 +1,93 @@
+/*
+ * Tencent is pleased to support the open source community by making IoT Hub available.
+ * Copyright (C) 2016 THL A29 Limited, a Tencent company. All rights reserved.
+
+ * Licensed under the MIT License (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://opensource.org/licenses/MIT
+
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is
+ * distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+    
+
+#include <rtthread.h>  
+#include <string.h>
+#include "qcloud_iot_import.h"
+
+uint32_t HAL_GetTimeMs(void)
+{
+#if (RT_TICK_PER_SECOND == 1000)
+			/* #define RT_TICK_PER_SECOND 1000 */
+			return (unsigned long)rt_tick_get();
+#else
+			unsigned long tick = 0;
+					
+			tick = rt_tick_get();
+			tick = tick * 1000;
+			return (unsigned long)((tick + RT_TICK_PER_SECOND - 1)/RT_TICK_PER_SECOND);
+#endif
+
+}
+
+/*Get timestamp*/
+long HAL_Timer_current_sec(void) 
+{
+    return HAL_GetTimeMs() / 1000;
+}
+
+char *HAL_Timer_current(char *time_str)
+{
+    long time_sec;
+
+    time_sec = HAL_Timer_current_sec();
+    memset(time_str, 0, 20);
+    snprintf(time_str, 20, "%ld", time_sec);
+
+    return time_str;
+}
+
+
+    
+bool HAL_Timer_expired(Timer *timer) 
+{
+    uint32_t now_ts;
+
+    now_ts  = HAL_GetTimeMs();
+
+
+    return (now_ts > timer->end_time)?true:false;
+}
+
+void HAL_Timer_countdown_ms(Timer *timer, unsigned int timeout_ms) 
+{
+    timer->end_time = HAL_GetTimeMs();
+    timer->end_time += timeout_ms;
+}
+
+void HAL_Timer_countdown(Timer *timer, unsigned int timeout) 
+{
+    timer->end_time = HAL_GetTimeMs();
+    timer->end_time += timeout * 1000;
+}
+
+int HAL_Timer_remain(Timer *timer) 
+{
+    return (int)(timer->end_time - HAL_GetTimeMs());
+}
+
+void HAL_Timer_init(Timer *timer) 
+{
+      timer->end_time = 0;
+}
+
+#ifdef __cplusplus
+}
+#endif

ports/rtthread/HAL_UDP_rtthread.c

@@ -0,0 +1,153 @@
+/*
+ * Tencent is pleased to support the open source community by making IoT Hub available.
+ * Copyright (C) 2016 THL A29 Limited, a Tencent company. All rights reserved.
+
+ * Licensed under the MIT License (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://opensource.org/licenses/MIT
+
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is
+ * distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <unistd.h>
+#include <pthread.h>
+
+#include "qcloud_iot_import.h"
+#include "qcloud_iot_export_log.h"
+#include "qcloud_iot_export_error.h"
+
+uintptr_t HAL_UDP_Connect(const char *host, unsigned short port)
+{
+#define NETWORK_ADDR_LEN    (16)
+
+    int ret;
+    struct addrinfo         hints, *addr_list, *cur;
+    int fd = 0;
+
+    char                    port_str[6] = {0};
+    HAL_Snprintf(port_str, 6, "%d", port);
+
+    memset((char *)&hints, 0x00, sizeof(hints));
+    hints.ai_socktype = SOCK_DGRAM;
+    hints.ai_family = AF_INET;
+    hints.ai_protocol = IPPROTO_UDP;
+
+    Log_d("establish tcp connection with server(host=%s port=%s)", host, port_str);
+
+    if (getaddrinfo(host, port_str, &hints, &addr_list) != 0) {
+        perror("getaddrinfo error");
+        return 0;
+    }
+
+    for (cur = addr_list; cur != NULL; cur = cur->ai_next) {
+		fd = socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol);
+		if (fd < 0) {
+			ret = 0;
+			continue;
+		}
+
+		if (0 == connect(fd, cur->ai_addr, cur->ai_addrlen)) {
+			ret = fd;
+			break;
+		}
+
+		close(fd);
+		ret = 0;
+    }
+
+    if (0 == ret) {
+        Log_e("fail to establish udp");
+    } else {
+        Log_d("success to establish udp, fd=%d", ret);
+    }
+
+    freeaddrinfo(addr_list);
+
+    return ret;
+
+#undef NETWORK_ADDR_LEN
+}
+
+void HAL_UDP_Disconnect(uintptr_t fd)
+{
+    long            socket_id = -1;
+
+    socket_id = (int)fd;
+    close(socket_id);
+}
+
+int HAL_UDP_Write(uintptr_t fd, const unsigned char *p_data, unsigned int datalen)
+{
+    int             rc = -1;
+    long            socket_id = -1;
+
+    socket_id = (int)fd;
+    rc = send(socket_id, (char *)p_data, (int)datalen, 0);
+    if (-1 == rc) {
+        return -1;
+    }
+
+    return rc;
+}
+
+int HAL_UDP_Read(uintptr_t fd, unsigned char *p_data, unsigned int datalen)
+{
+    long            socket_id = -1;
+    int             count = -1;
+
+    socket_id = (int)fd;
+    count = (int)read(socket_id, p_data, datalen);
+
+    return count;
+}
+
+int HAL_UDP_ReadTimeout(uintptr_t fd, unsigned char *p_data, unsigned int datalen, unsigned int timeout_ms)
+{
+    int                 ret;
+    struct timeval      tv;
+    fd_set              read_fds;
+    int                socket_id = -1;
+
+    socket_id = (int)fd;
+
+    if (socket_id < 0) {
+        return -1;
+    }
+
+    FD_ZERO(&read_fds);
+    FD_SET(socket_id, &read_fds);
+
+    tv.tv_sec  = timeout_ms / 1000;
+    tv.tv_usec = (timeout_ms % 1000) * 1000;
+
+    ret = select(socket_id + 1, &read_fds, NULL, NULL, timeout_ms == 0 ? NULL : &tv);
+
+    /* Zero fds ready means we timed out */
+    if (ret == 0) {
+        return QCLOUD_ERR_SSL_READ_TIMEOUT;    /* receive timeout */
+    }
+
+    if (ret < 0) {
+        if (errno == EINTR) {
+            return -3;    /* want read */
+        }
+
+        return QCLOUD_ERR_SSL_READ; /* receive failed */
+    }
+
+    /* This call will not block */
+    return HAL_UDP_Read(fd, p_data, datalen);
+}

ports/ssl/HAL_DTLS_mbedtls.c

@@ -0,0 +1,400 @@
+/*
+ * Tencent is pleased to support the open source community by making IoT Hub available.
+ * Copyright (C) 2016 THL A29 Limited, a Tencent company. All rights reserved.
+
+ * Licensed under the MIT License (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://opensource.org/licenses/MIT
+
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is
+ * distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef COAP_COMM_ENABLED
+#include <stdint.h>
+#include <string.h>
+#include <errno.h>
+    
+#include "qcloud_iot_export.h"
+#include "qcloud_iot_import.h"
+#include "qcloud_iot_sdk_impl_internal.h"
+    
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/ssl_cookie.h"
+
+#include "utils_timer.h"
+    
+#define DEBUG_LEVEL 0
+    
+#ifndef AUTH_MODE_CERT
+static const int ciphersuites[] = { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, 0 };
+#endif
+
+    
+typedef struct
+{
+    mbedtls_net_context          socket_fd;        // socket文件描述符
+    mbedtls_entropy_context      entropy;          // 保存熵配置
+    mbedtls_ctr_drbg_context     ctr_drbg;         // 随机数生成器
+    mbedtls_ssl_context          ssl;              // 保存SSL基本数据
+    mbedtls_ssl_config           ssl_conf;         // TSL/TLS配置信息
+    
+#if defined(MBEDTLS_X509_CRT_PARSE_C)     
+    mbedtls_x509_crt             ca_cert;          // ca证书信息
+    mbedtls_x509_crt             client_cert;      // 客户端证书信息
+#endif    
+    mbedtls_pk_context           private_key;      // 客户端私钥信息
+
+    mbedtls_timing_delay_context    timer;
+    mbedtls_ssl_cookie_ctx          cookie_ctx;
+} DTLSDataParams;
+
+/**
+ * @brief 释放mbedtls开辟的内存
+ */
+static void _free_mebeddtls(DTLSDataParams *pParams)
+{
+    mbedtls_net_free(&(pParams->socket_fd));
+#if defined(MBEDTLS_X509_CRT_PARSE_C) 	
+    mbedtls_x509_crt_free(&(pParams->client_cert));
+    mbedtls_x509_crt_free(&(pParams->ca_cert));
+    mbedtls_pk_free(&(pParams->private_key));
+#endif	
+    mbedtls_ssl_free(&(pParams->ssl));
+    mbedtls_ssl_config_free(&(pParams->ssl_conf));
+    mbedtls_ctr_drbg_free(&(pParams->ctr_drbg));
+    mbedtls_entropy_free(&(pParams->entropy));
+    mbedtls_ssl_cookie_free(&(pParams->cookie_ctx));
+
+    HAL_Free(pParams);
+}
+    
+static void _dtls_debug( void *ctx, int level,
+                     const char *file, int line,
+                     const char *str )
+{
+    Log_i("[mbedTLS]:[%s]:[%d]: %s\r\n", file, line, str);
+}
+    
+static int _mbedtls_client_init(DTLSDataParams *pDataParams, DTLSConnectParams *pConnectParams)
+{
+	int ret = QCLOUD_RET_SUCCESS;
+
+#if defined(MBEDTLS_DEBUG_C)
+    mbedtls_debug_set_threshold( DEBUG_LEVEL );
+#endif
+    
+    mbedtls_net_init( &(pDataParams->socket_fd) );
+    mbedtls_ssl_init( &(pDataParams->ssl) );
+    mbedtls_ssl_config_init( &(pDataParams->ssl_conf) );
+#if defined(MBEDTLS_X509_CRT_PARSE_C) 	
+    mbedtls_x509_crt_init( &(pDataParams->ca_cert) );
+    mbedtls_x509_crt_init(&(pDataParams->client_cert));	
+    mbedtls_pk_init(&(pDataParams->private_key));
+#endif	
+    mbedtls_ctr_drbg_init( &(pDataParams->ctr_drbg) );
+    mbedtls_entropy_init( &(pDataParams->entropy) );
+
+    if((ret = mbedtls_ctr_drbg_seed(&pDataParams->ctr_drbg, mbedtls_entropy_func,
+    		&pDataParams->entropy, NULL,0)) != 0)
+    {
+        Log_e("mbedtls_ctr_drbg_seed failed returned -0x%x", -ret);
+        return QCLOUD_ERR_SSL_INIT;
+    }
+
+	mbedtls_ssl_conf_authmode(&pDataParams->ssl_conf, MBEDTLS_SSL_VERIFY_NONE );
+
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) 
+    if (pConnectParams->ca_crt != NULL)
+    {
+        if ((ret = mbedtls_x509_crt_parse(&(pDataParams->ca_cert), (const unsigned char *)pConnectParams->ca_crt,
+            (pConnectParams->ca_crt_len + 1)))) {
+            Log_e("parse ca crt failed returned -0x%04x", -ret);
+            return QCLOUD_ERR_SSL_CERT;
+        }
+    }
+#endif	
+
+#ifdef AUTH_MODE_CERT
+    if (pConnectParams->cert_file != NULL && pConnectParams->key_file != NULL) {
+            if ((ret = mbedtls_x509_crt_parse_file(&(pDataParams->client_cert), pConnectParams->cert_file)) != 0) {
+            Log_e("load client cert file failed returned -0x%x", ret);
+            return QCLOUD_ERR_SSL_CERT;
+        }
+
+        if ((ret = mbedtls_pk_parse_keyfile(&(pDataParams->private_key), pConnectParams->key_file, "")) != 0) {
+            Log_e("load client key file failed returned -0x%x", ret);
+            return QCLOUD_ERR_SSL_CERT;
+        }
+
+        if (0 == ret) {
+            mbedtls_ssl_conf_ca_chain(&(pDataParams->ssl_conf), &(pDataParams->ca_cert), NULL);
+            if ((ret = mbedtls_ssl_conf_own_cert(&(pDataParams->ssl_conf), &(pDataParams->client_cert), &(pDataParams->private_key))) != 0) {
+                Log_e("mbedtls_ssl_conf_own_cert failed returned -0x%x", -ret);
+                return QCLOUD_ERR_SSL_CERT;
+            }
+        }
+    } else {
+        Log_d("cert_file/key_file is empty!|cert_file=%s|key_file=%s", pConnectParams->cert_file, pConnectParams->key_file);
+    }
+    
+#else
+    if (pConnectParams->psk != NULL && pConnectParams->psk_id !=NULL) {
+        const char *psk_id = pConnectParams->psk_id;
+        ret = mbedtls_ssl_conf_psk(&(pDataParams->ssl_conf), (unsigned char *)pConnectParams->psk, pConnectParams->psk_length,
+                                    (const unsigned char *) psk_id, strlen( psk_id ));
+    } else {
+        Log_d("psk/pskid is empty!|psk=%s|psd_id=%s", pConnectParams->psk, pConnectParams->psk_id);
+    }
+	
+	if (0 != ret) {
+		Log_e("mbedtls_ssl_conf_psk fail: -0x%x", -ret);
+		return ret;
+	}
+#endif
+
+    return ret;
+}
+
+/**
+ * @brief 建立UDP连接
+ *
+ * @param socket_fd  Socket描述符
+ * @param host       服务器主机名
+ * @param port       服务器端口地址
+ * @return 返回QCLOUD_RET_SUCCESS, 表示成功
+ */
+int _mbedtls_udp_connect(mbedtls_net_context *socket_fd, const char *host, int port) {
+    int ret = 0;
+    char port_str[6];
+    HAL_Snprintf(port_str, 6, "%d", port);
+    if ((ret = mbedtls_net_connect(socket_fd, host, port_str, MBEDTLS_NET_PROTO_UDP)) != 0) {
+        Log_e("mbedtls_net_connect host:%s port:%s returned -0x%04x errno: %d", host, port_str, -ret, errno);
+        switch (ret) {
+            case MBEDTLS_ERR_NET_SOCKET_FAILED:
+                return QCLOUD_ERR_TCP_SOCKET_FAILED;
+            case MBEDTLS_ERR_NET_UNKNOWN_HOST:
+                return QCLOUD_ERR_TCP_UNKNOWN_HOST;
+            default:
+                return QCLOUD_ERR_TCP_CONNECT;
+        }
+    }
+
+#if 0
+    if ((ret = mbedtls_net_set_block(socket_fd)) != 0) {
+        Log_e("set block faliled returned -0x%04x", -ret);
+        return QCLOUD_ERR_TCP_CONNECT;
+    }
+#endif
+    return QCLOUD_RET_SUCCESS;
+}
+
+uintptr_t HAL_DTLS_Connect(DTLSConnectParams *pConnectParams, const char *host, int port)
+{
+	IOT_FUNC_ENTRY;
+
+    int ret = QCLOUD_RET_SUCCESS;
+    
+    DTLSDataParams * pDataParams = (DTLSDataParams *)HAL_Malloc(sizeof(DTLSDataParams));
+
+    if ((ret = _mbedtls_client_init(pDataParams, pConnectParams)) != QCLOUD_RET_SUCCESS) {
+		goto error;
+	}
+
+	 Log_d(" Connecting to /%s/%d...", host, port);
+	
+    if ((ret = _mbedtls_udp_connect(&(pDataParams->socket_fd), host, port)) != QCLOUD_RET_SUCCESS) {
+		goto error;
+	}
+
+	Log_d(" Setting up the SSL/DTLS structure...");
+
+    if ((ret = mbedtls_ssl_config_defaults(&pDataParams->ssl_conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+                                         MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+        Log_e("mbedtls_ssl_config_defaults result 0x%04x", ret);
+        goto error;
+    }
+
+    mbedtls_ssl_conf_authmode(&(pDataParams->ssl_conf), MBEDTLS_SSL_VERIFY_REQUIRED);
+
+    mbedtls_ssl_conf_rng(&pDataParams->ssl_conf, mbedtls_ctr_drbg_random, &pDataParams->ctr_drbg);
+    mbedtls_ssl_conf_dbg(&pDataParams->ssl_conf, _dtls_debug, NULL);
+
+    if ((ret = mbedtls_ssl_cookie_setup(&pDataParams->cookie_ctx, mbedtls_ctr_drbg_random, &pDataParams->ctr_drbg)) != 0) {
+        Log_e("mbedtls_ssl_cookie_setup result 0x%04x", ret);
+        goto error;
+    }
+	
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+    mbedtls_ssl_conf_dtls_cookies(&pDataParams->ssl_conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &pDataParams->cookie_ctx);
+#endif
+
+#ifndef AUTH_MODE_CERT
+	mbedtls_ssl_conf_ciphersuites(&(pDataParams->ssl_conf), ciphersuites);
+#endif        
+    
+#ifdef MBEDTLS_SSL_PROTO_DTLS
+    if (pDataParams->ssl_conf.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM)
+    {
+        mbedtls_ssl_conf_min_version(&pDataParams->ssl_conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
+        
+        mbedtls_ssl_conf_max_version(&pDataParams->ssl_conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
+        
+        mbedtls_ssl_conf_handshake_timeout(&pDataParams->ssl_conf, (MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN * 2),
+        		(MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN * 2 * 4));
+    }
+#endif
+
+    if ((ret = mbedtls_ssl_setup(&(pDataParams->ssl), &(pDataParams->ssl_conf))) != 0) {
+		Log_e("mbedtls_ssl_setup failed returned -0x%x", -ret);
+		goto error;
+	}
+
+    if (pDataParams->ssl_conf.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+		mbedtls_ssl_set_timer_cb(&(pDataParams->ssl), (void *)&pDataParams->timer, mbedtls_timing_set_delay,
+								 mbedtls_timing_get_delay);
+	}
+	
+#if defined(MBEDTLS_X509_CRT_PARSE_C) 	
+    if ((ret = mbedtls_ssl_set_hostname(&(pDataParams->ssl), host)) != 0) {
+		Log_e("mbedtls_ssl_set_hostname failed returned -0x%x", -ret);
+		goto error;
+	}
+#endif	
+
+	mbedtls_ssl_set_bio(&(pDataParams->ssl), (void *)&pDataParams->socket_fd, mbedtls_net_send, mbedtls_net_recv,
+						mbedtls_net_recv_timeout);
+
+	Log_d("Performing the SSL/DTLS handshake...");
+	while ((ret = mbedtls_ssl_handshake(&(pDataParams->ssl))) != 0) {
+		if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+			Log_e("mbedtls_ssl_handshake failed returned -0x%x", -ret);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) 			
+			if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
+				Log_e("Unable to verify the server's certificate");
+			}
+#endif			
+			goto error;
+		}
+	}
+    
+    if ((ret = mbedtls_ssl_get_verify_result(&(pDataParams->ssl))) != 0) {
+        Log_e("mbedtls_ssl_get_verify_result failed returned -0x%x", -ret);
+        goto error;
+    }
+
+    return (uintptr_t)pDataParams;
+    
+error:
+	_free_mebeddtls(pDataParams);
+    return 0;
+}
+
+void HAL_DTLS_Disconnect(uintptr_t handle)
+{
+    if ((uintptr_t)NULL == handle) {
+        Log_d("handle is NULL");
+        return;
+    }
+
+    DTLSDataParams *pParams = (DTLSDataParams *)handle;
+    int ret = 0;
+    do {
+        ret = mbedtls_ssl_close_notify(&(pParams->ssl));
+    } while (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+
+    mbedtls_net_free(&(pParams->socket_fd));
+#if defined(MBEDTLS_X509_CRT_PARSE_C) 	
+    mbedtls_x509_crt_free(&(pParams->client_cert));
+    mbedtls_x509_crt_free(&(pParams->ca_cert));
+    mbedtls_pk_free(&(pParams->private_key));
+#endif	
+    mbedtls_ssl_free(&(pParams->ssl));
+    mbedtls_ssl_config_free(&(pParams->ssl_conf));
+    mbedtls_ctr_drbg_free(&(pParams->ctr_drbg));
+    mbedtls_entropy_free(&(pParams->entropy));
+    mbedtls_ssl_cookie_free(&(pParams->cookie_ctx));
+
+    HAL_Free((void *)handle);
+}
+    
+int HAL_DTLS_Write(uintptr_t handle, const unsigned char *data, size_t datalen, size_t *written_len)
+{
+	DTLSDataParams *data_params = (DTLSDataParams *)handle;
+	POINTER_SANITY_CHECK(data_params, QCLOUD_ERR_INVAL);
+	POINTER_SANITY_CHECK(data, QCLOUD_ERR_INVAL);
+	POINTER_SANITY_CHECK(written_len, QCLOUD_ERR_INVAL);
+
+    int rc = mbedtls_ssl_write(&data_params->ssl, data, datalen);
+
+	if( rc < 0 ) {
+		Log_e("failed! mbedtls_ssl_write returned %d", rc);
+		rc = QCLOUD_ERR_SSL_WRITE;
+	}
+
+	*written_len = rc;
+    rc = QCLOUD_RET_SUCCESS;
+    
+    IOT_FUNC_EXIT_RC(rc);
+}
+
+int HAL_DTLS_Read(uintptr_t handle, unsigned char *data, size_t datalen, unsigned int timeout_ms,
+        size_t *read_len)
+{
+    DTLSDataParams *data_params = (DTLSDataParams *)handle;
+    POINTER_SANITY_CHECK(data_params, QCLOUD_ERR_INVAL);
+	POINTER_SANITY_CHECK(data, QCLOUD_ERR_INVAL);
+	POINTER_SANITY_CHECK(read_len, QCLOUD_ERR_INVAL);
+
+    int rc = QCLOUD_ERR_SSL_READ;
+    
+	mbedtls_ssl_conf_read_timeout(&(data_params->ssl_conf), timeout_ms);
+
+	do {
+		rc = mbedtls_ssl_read(&(data_params->ssl), data, datalen);
+	} while (rc == MBEDTLS_ERR_SSL_WANT_READ || rc == MBEDTLS_ERR_SSL_WANT_WRITE);
+
+	if( rc <= 0 ) {
+		*read_len = 0;
+		switch( rc )
+		{
+			case MBEDTLS_ERR_SSL_TIMEOUT:
+				rc = QCLOUD_ERR_SSL_READ_TIMEOUT;
+				break;
+
+			case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+				Log_e("connection was closed gracefully");
+				rc = QCLOUD_ERR_DTLS_PEER_CLOSE_NOTIFY;
+				break;
+
+			default:
+				Log_e( " mbedtls_ssl_read returned -0x%x", -rc );
+				break;
+		}
+	} else {
+		*read_len = rc;
+		rc = QCLOUD_RET_SUCCESS;
+	}
+    
+    return rc;
+}
+#endif
+    
+#ifdef __cplusplus
+}
+#endif

ports/ssl/HAL_TLS_mbedtls.c

@@ -0,0 +1,407 @@
+/*
+ * Tencent is pleased to support the open source community by making IoT Hub available.
+ * Copyright (C) 2016 THL A29 Limited, a Tencent company. All rights reserved.
+
+ * Licensed under the MIT License (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://opensource.org/licenses/MIT
+
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is
+ * distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include <errno.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "qcloud_iot_import.h"
+#include "qcloud_iot_export_error.h"
+#include "qcloud_iot_export_log.h"
+#include "utils_param_check.h"
+
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+
+#include "utils_timer.h"
+
+#include "rtthread.h"
+
+#ifndef AUTH_MODE_CERT
+static const int ciphersuites[] = { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, 0 };
+#endif
+    
+/**
+ * @brief 用于保存SSL连接相关数据结构
+ */
+typedef struct {
+    mbedtls_net_context          socket_fd;        // socket文件描述符
+    mbedtls_entropy_context      entropy;          // 保存熵配置
+    mbedtls_ctr_drbg_context     ctr_drbg;         // 随机数生成器
+    mbedtls_ssl_context          ssl;              // 保存SSL基本数据
+    mbedtls_ssl_config           ssl_conf;         // TSL/TLS配置信息
+#if defined(MBEDTLS_X509_CRT_PARSE_C)    
+    mbedtls_x509_crt             ca_cert;          // ca证书信息
+    mbedtls_x509_crt             client_cert;      // 客户端证书信息
+#endif    
+    mbedtls_pk_context           private_key;      // 客户端私钥信息
+} TLSDataParams;
+ 
+/**
+ * @brief 释放mbedtls开辟的内存
+ */
+static void _free_mebedtls(TLSDataParams *pParams)
+{
+    mbedtls_net_free(&(pParams->socket_fd));
+#if defined(MBEDTLS_X509_CRT_PARSE_C)	
+    mbedtls_x509_crt_free(&(pParams->client_cert));
+    mbedtls_x509_crt_free(&(pParams->ca_cert));	
+    mbedtls_pk_free(&(pParams->private_key));
+#endif	
+    mbedtls_ssl_free(&(pParams->ssl));
+    mbedtls_ssl_config_free(&(pParams->ssl_conf));
+    mbedtls_ctr_drbg_free(&(pParams->ctr_drbg));
+    mbedtls_entropy_free(&(pParams->entropy));
+    
+    HAL_Free(pParams);
+}
+
+/**
+ * @brief mbedtls库初始化
+ *
+ * 1. 执行mbedtls库相关初始化函数
+ * 2. 随机数生成器
+ * 3. 加载CA证书, 客户端证书及私钥文件/设置psk
+ *
+ * @param pDataParams       TLS连接相关数据结构
+ * @param pConnectParams    TLS证书密钥相关
+ * @return                  返回QCLOUD_RET_SUCCESS, 表示成功
+ */
+//#define MBEDTLS_DEBUG_C
+#define DEBUG_LEVEL 0
+static void _ssl_debug( void *ctx, int level,
+                     const char *file, int line,
+                     const char *str )
+{
+    Log_i("[mbedTLS]:[%s]:[%d]: %s\r\n", file, line, str);
+}
+
+
+static int _mbedtls_client_init(TLSDataParams *pDataParams, TLSConnectParams *pConnectParams) {
+
+    int ret = QCLOUD_RET_SUCCESS;
+
+#if defined(MBEDTLS_DEBUG_C)
+	mbedtls_debug_set_threshold( DEBUG_LEVEL );
+#endif
+
+	
+    mbedtls_net_init(&(pDataParams->socket_fd));
+    mbedtls_ssl_init(&(pDataParams->ssl));
+    mbedtls_ssl_config_init(&(pDataParams->ssl_conf));
+    mbedtls_ctr_drbg_init(&(pDataParams->ctr_drbg));
+#if defined(MBEDTLS_X509_CRT_PARSE_C)	
+    mbedtls_x509_crt_init(&(pDataParams->ca_cert));
+    mbedtls_x509_crt_init(&(pDataParams->client_cert));
+    mbedtls_pk_init(&(pDataParams->private_key));
+#endif		
+
+    mbedtls_entropy_init(&(pDataParams->entropy));
+
+	mbedtls_ssl_conf_dbg(&pDataParams->ssl_conf, _ssl_debug, NULL);
+
+	
+    // 随机数, 增加custom参数, 目前为NULL
+    if ((ret = mbedtls_ctr_drbg_seed(&(pDataParams->ctr_drbg), mbedtls_entropy_func,
+                                     &(pDataParams->entropy), NULL, 0)) != 0) {
+        Log_e("mbedtls_ctr_drbg_seed failed returned -0x%04x", -ret);
+        return QCLOUD_ERR_SSL_INIT;
+    }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)    
+    if (pConnectParams->ca_crt != NULL)
+    {
+        if ((ret = mbedtls_x509_crt_parse(&(pDataParams->ca_cert), (const unsigned char *)pConnectParams->ca_crt,
+            (pConnectParams->ca_crt_len + 1)))) {
+            Log_e("parse ca crt failed returned -0x%04x", -ret);
+            return QCLOUD_ERR_SSL_CERT;
+        }
+    }
+#endif	
+
+
+	if (pConnectParams->psk != NULL && pConnectParams->psk_id !=NULL) {
+        const char *psk_id = pConnectParams->psk_id;
+        ret = mbedtls_ssl_conf_psk(&(pDataParams->ssl_conf), (unsigned char *)pConnectParams->psk, pConnectParams->psk_length,
+                                    (const unsigned char *) psk_id, strlen( psk_id ));
+    } else {
+        Log_d("psk/pskid is empty!|psk=%s|psd_id=%s", pConnectParams->psk, pConnectParams->psk_id);
+    }
+	
+	if (0 != ret) {
+		Log_e("mbedtls_ssl_conf_psk fail: -0x%x", -ret);
+		return ret;
+	}
+
+
+    return QCLOUD_RET_SUCCESS;
+}
+
+
+/**
+ * @brief 建立TCP连接
+ *
+ * @param socket_fd  Socket描述符
+ * @param host       服务器主机名
+ * @param port       服务器端口地址
+ * @return 返回QCLOUD_RET_SUCCESS, 表示成功
+ */
+int _mbedtls_tcp_connect(mbedtls_net_context *socket_fd, const char *host, int port) {
+    int ret = 0;
+    char port_str[6];
+    HAL_Snprintf(port_str, 6, "%d", port);
+    if ((ret = mbedtls_net_connect(socket_fd, host, port_str, MBEDTLS_NET_PROTO_TCP)) != 0) {
+
+        Log_e("tcp connect failed returned -0x%04x errno: %d", -ret, errno);
+
+        switch (ret) {
+            case MBEDTLS_ERR_NET_SOCKET_FAILED:
+                return QCLOUD_ERR_TCP_SOCKET_FAILED;
+            case MBEDTLS_ERR_NET_UNKNOWN_HOST:
+                return QCLOUD_ERR_TCP_UNKNOWN_HOST;
+            default:
+                return QCLOUD_ERR_TCP_CONNECT;
+        }
+
+    }
+
+#if 0	
+    if ((ret = mbedtls_net_set_block(socket_fd)) != 0) {
+        Log_e("set block faliled returned -0x%04x", -ret);
+        return QCLOUD_ERR_TCP_CONNECT;
+    }
+#endif
+
+    return QCLOUD_RET_SUCCESS;
+}
+
+/**
+ * @brief 在该函数中可对服务端证书进行自定义的校验
+ *
+ * 这种行为发生在握手过程中, 一般是校验连接服务器的主机名与服务器证书中的CN或SAN的域名信息是否一致
+ * 不过, mbedtls库已经实现该功能, 可以参考函数 `mbedtls_x509_crt_verify_with_profile`
+ *
+ * @param hostname 连接服务器的主机名
+ * @param crt x509格式的证书
+ * @param depth
+ * @param flags
+ * @return
+ */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+
+int _qcloud_server_certificate_verify(void *hostname, mbedtls_x509_crt *crt, int depth, uint32_t *flags) {
+    return *flags;
+}
+#endif
+
+uintptr_t HAL_TLS_Connect(TLSConnectParams *pConnectParams, const char *host, int port)
+{
+    int ret = 0;
+
+    TLSDataParams * pDataParams = (TLSDataParams *)HAL_Malloc(sizeof(TLSDataParams));
+    
+    if ((ret = _mbedtls_client_init(pDataParams, pConnectParams)) != QCLOUD_RET_SUCCESS) {
+        goto error;
+    }
+
+    Log_d(" Connecting to /%s/%d...", host, port);
+    if ((ret = _mbedtls_tcp_connect(&(pDataParams->socket_fd), host, port)) != QCLOUD_RET_SUCCESS) {
+        goto error;
+    }
+
+    Log_d(" Setting up the SSL/TLS structure...");
+    if ((ret = mbedtls_ssl_config_defaults(&(pDataParams->ssl_conf), MBEDTLS_SSL_IS_CLIENT,
+                                           MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+        Log_e("mbedtls_ssl_config_defaults failed returned -0x%04x", -ret);
+        goto error;
+    }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+
+    mbedtls_ssl_conf_verify(&(pDataParams->ssl_conf), _qcloud_server_certificate_verify, (void *)host);
+
+    mbedtls_ssl_conf_authmode(&(pDataParams->ssl_conf), MBEDTLS_SSL_VERIFY_REQUIRED);
+#endif
+    mbedtls_ssl_conf_rng(&(pDataParams->ssl_conf), mbedtls_ctr_drbg_random, &(pDataParams->ctr_drbg));
+
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_ssl_conf_ca_chain(&(pDataParams->ssl_conf), &(pDataParams->ca_cert), NULL);
+    if ((ret = mbedtls_ssl_conf_own_cert(&(pDataParams->ssl_conf),
+                                         &(pDataParams->client_cert), &(pDataParams->private_key))) != 0) {
+        Log_e("mbedtls_ssl_conf_own_cert failed returned 0x%04x", -ret);
+        goto error;
+    }
+#endif
+
+    mbedtls_ssl_conf_read_timeout(&(pDataParams->ssl_conf), pConnectParams->timeout_ms);
+    if ((ret = mbedtls_ssl_setup(&(pDataParams->ssl), &(pDataParams->ssl_conf))) != 0) {
+        Log_e("mbedtls_ssl_setup failed returned 0x%04x", -ret);
+        goto error;
+    }
+
+#ifndef AUTH_MODE_CERT
+    // 选择加密套件代码，以后不通加密方式合并端口的时候可以用到
+    if(pConnectParams->psk != NULL) {
+        mbedtls_ssl_conf_ciphersuites(&(pDataParams->ssl_conf), ciphersuites);
+    }
+#endif
+
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+
+    // Set the hostname to check against the received server certificate and sni
+    if ((ret = mbedtls_ssl_set_hostname(&(pDataParams->ssl), host)) != 0) {
+        Log_e("mbedtls_ssl_set_hostname failed returned 0x%04x", -ret);
+        goto error;
+    }
+	
+#endif
+
+    mbedtls_ssl_set_bio(&(pDataParams->ssl), &(pDataParams->socket_fd), mbedtls_net_send, mbedtls_net_recv,
+                        mbedtls_net_recv_timeout);
+
+    Log_d("Performing the SSL/TLS handshake...");
+    while ((ret = mbedtls_ssl_handshake(&(pDataParams->ssl))) != 0) {
+        if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+            Log_e("mbedtls_ssl_handshake failed returned 0x%04x", -ret);
+			
+#if defined(MBEDTLS_X509_CRT_PARSE_C)			
+            if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
+                Log_e("Unable to verify the server's certificate");
+            }
+#endif			
+            goto error;
+        }
+    }
+
+    if ((ret = mbedtls_ssl_get_verify_result(&(pDataParams->ssl))) != 0) {
+        Log_e("mbedtls_ssl_get_verify_result failed returned 0x%04x", -ret);
+        goto error;
+    }
+
+    mbedtls_ssl_conf_read_timeout(&(pDataParams->ssl_conf), 100);
+
+    return (uintptr_t)pDataParams;
+
+error:
+   // _free_mebedtls(pDataParams);
+    return 0;
+}
+
+void HAL_TLS_Disconnect(uintptr_t handle) {
+    if ((uintptr_t)NULL == handle) {
+        Log_d("handle is NULL");
+        return;
+    }
+    TLSDataParams *pParams = (TLSDataParams *)handle;
+
+    mbedtls_ssl_close_notify(&(pParams->ssl));
+	_free_mebedtls(pParams);	
+}
+
+int HAL_TLS_Write(uintptr_t handle, unsigned char *msg, size_t totalLen, uint32_t timeout_ms,
+                                 size_t *written_len)
+{
+
+    Timer timer;
+    InitTimer(&timer);
+    countdown_ms(&timer, (unsigned int) timeout_ms);
+    size_t written_so_far;
+    bool errorFlag = false;
+    int write_rc = 0;
+    
+    TLSDataParams *pParams = (TLSDataParams *)handle;
+
+    for (written_so_far = 0; written_so_far < totalLen && !expired(&timer); written_so_far += write_rc) {
+
+        while (!expired(&timer) && (write_rc = mbedtls_ssl_write(&(pParams->ssl), msg + written_so_far, totalLen - written_so_far)) <= 0)
+        {
+            if (write_rc != MBEDTLS_ERR_SSL_WANT_READ && write_rc != MBEDTLS_ERR_SSL_WANT_WRITE) {
+                Log_e("HAL_TLS_write failed 0x%04x", -write_rc);
+                errorFlag = true;
+                break;
+            }
+        }
+
+        if (errorFlag) {
+            break;
+        }
+    }
+
+    *written_len = written_so_far;
+
+    if (errorFlag) {
+        return QCLOUD_ERR_SSL_WRITE;
+    } else if (expired(&timer) && written_so_far != totalLen) {
+        return QCLOUD_ERR_SSL_WRITE_TIMEOUT;
+    }
+
+    return QCLOUD_RET_SUCCESS;
+}
+
+int HAL_TLS_Read(uintptr_t handle, unsigned char *msg, size_t totalLen, uint32_t timeout_ms, size_t *read_len) 
+{
+
+    //mbedtls_ssl_conf_read_timeout(&(pParams->ssl_conf), timeout_ms); TODO:每次调用这个方法会导致read阻塞, 超时也不返回
+    // 这里使用非阻塞的方式, 具体的超时操作由上层做
+    Timer timer;
+    InitTimer(&timer);
+    countdown_ms(&timer, (unsigned int) timeout_ms);
+    *read_len = 0;
+    
+    TLSDataParams *pParams = (TLSDataParams *)handle;
+
+    do {
+        int read_rc = 0;
+        read_rc = mbedtls_ssl_read(&(pParams->ssl), msg + *read_len, totalLen - *read_len);
+
+        if (read_rc > 0) {
+            *read_len += read_rc;
+        } else if (read_rc == 0 || (read_rc != MBEDTLS_ERR_SSL_WANT_WRITE
+                                    && read_rc != MBEDTLS_ERR_SSL_WANT_READ && read_rc != MBEDTLS_ERR_SSL_TIMEOUT)) {
+            Log_e("cloud_iot_network_tls_read failed: 0x%04x", -read_rc);
+            return QCLOUD_ERR_SSL_READ;
+        }
+
+        if (expired(&timer)) {
+            break;
+        }
+
+    } while (*read_len < totalLen);
+
+    if (totalLen == *read_len) {
+        return QCLOUD_RET_SUCCESS;
+    }
+
+    if (*read_len == 0) {
+        return QCLOUD_ERR_SSL_NOTHING_TO_READ;
+    } else {
+        return QCLOUD_ERR_SSL_READ_TIMEOUT;
+    }
+}
+
+#ifdef __cplusplus
+}
+#endif

ports/ssl/tc_tls_config.h

@@ -0,0 +1,2748 @@
+/**
+ * \file tls_config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ *  This set of compile-time options may be used to enable
+ *  or disable features selectively, and reduce the global
+ *  memory footprint.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+/* the memory allocation method configurations */
+#include <rtthread.h>
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ *      library/timing.c
+ *      library/padlock.c
+ *      include/mbedtls/bn_mul.h
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define MBEDTLS_HAVE_ASM
+
+/**
+ * \def MBEDTLS_NO_UDBL_DIVISION
+ *
+ * The platform lacks support for double-width integer division (64-bit
+ * division on a 32-bit platform, 128-bit division on a 64-bit platform).
+ *
+ * Used in:
+ *      include/mbedtls/bignum.h
+ *      library/bignum.c
+ *
+ * The bignum code uses double-width division to speed up some operations.
+ * Double-width division is often implemented in software that needs to
+ * be linked with the program. The presence of a double-width integer
+ * type is usually detected automatically through preprocessor macros,
+ * but the automatic detection cannot know whether the code needs to
+ * and can be linked with an implementation of division for that type.
+ * By default division is assumed to be usable if the type is present.
+ * Uncomment this option to prevent the use of double-width division.
+ *
+ * Note that division for the native integer type is always required.
+ * Furthermore, a 64-bit type is always required even on a 32-bit
+ * platform, but it need not support multiplication or division. In some
+ * cases it is also desirable to disable some double-width operations. For
+ * example, if double-width division is implemented in software, disabling
+ * it can reduce code size in some embedded targets.
+ */
+//#define MBEDTLS_NO_UDBL_DIVISION
+
+/**
+ * \def MBEDTLS_HAVE_SSE2
+ *
+ * CPU supports SSE2 instruction set.
+ *
+ * Uncomment if the CPU supports SSE2 (IA-32 specific).
+ */
+//#define MBEDTLS_HAVE_SSE2
+
+/**
+ * \def MBEDTLS_HAVE_TIME
+ *
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
+ *
+ * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
+ * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
+ * MBEDTLS_PLATFORM_STD_TIME.
+ *
+ * Comment if your system does not support time functions
+ */
+#define MBEDTLS_HAVE_TIME
+
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h and time(), gmtime() and the clock is correct.
+ * The time needs to be correct (not necesarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ */
+// #define MBEDTLS_HAVE_TIME_DATE
+
+/**
+ * \def MBEDTLS_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default mbed TLS uses the system-provided calloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+//#define MBEDTLS_PLATFORM_MEMORY
+
+/**
+ * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ *
+ * Do not assign standard functions in the platform layer (e.g. calloc() to
+ * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
+ *
+ * This makes sure there are no linking errors on platforms that do not support
+ * these functions. You will HAVE to provide alternatives, either at runtime
+ * via the platform_set_xxx() functions or at compile time by setting
+ * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
+ * MBEDTLS_PLATFORM_XXX_MACRO.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Uncomment to prevent default assignment of standard functions in the
+ * platform layer.
+ */
+//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+
+/**
+ * \def MBEDTLS_PLATFORM_EXIT_ALT
+ *
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * function in the platform abstraction layer.
+ *
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * provide a function "mbedtls_platform_set_printf()" that allows you to set an
+ * alternative printf function pointer.
+ *
+ * All these define require MBEDTLS_PLATFORM_C to be defined!
+ *
+ * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
+ * it will be enabled automatically by check_config.h
+ *
+ * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * MBEDTLS_PLATFORM_XXX_MACRO!
+ *
+ * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
+ *
+ * Uncomment a macro to enable alternate implementation of specific base
+ * platform function
+ */
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_TIME_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_NV_SEED_ALT
+//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
+
+/**
+ * \def MBEDTLS_DEPRECATED_WARNING
+ *
+ * Mark deprecated functions so that they generate a warning if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * This only works with GCC and Clang. With other compilers, you may want to
+ * use MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Uncomment to get warnings on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_WARNING
+
+/**
+ * \def MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions so that they generate an error if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * Uncomment to get errors on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_REMOVED
+
+/* \} name SECTION: System support */
+
+/**
+ * \name SECTION: mbed TLS feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_TIMING_ALT
+ *
+ * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
+ * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
+ *
+ * Only works if you have MBEDTLS_TIMING_C enabled.
+ *
+ * You will need to provide a header "timing_alt.h" and an implementation at
+ * compile time.
+ */
+#define MBEDTLS_TIMING_ALT
+
+/**
+ * \def MBEDTLS_AES_ALT
+ *
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternate core implementation of a symmetric crypto, an arithmetic or hash
+ * module (e.g. platform specific assembly optimized implementations). Keep
+ * in mind that the function prototypes should remain the same.
+ *
+ * This replaces the whole module. If you only want to replace one of the
+ * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * provide the "struct mbedtls_aes_context" definition and omit the base
+ * function declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * module.
+ */
+//#define MBEDTLS_AES_ALT
+//#define MBEDTLS_ARC4_ALT
+//#define MBEDTLS_BLOWFISH_ALT
+//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_XTEA_ALT
+//#define MBEDTLS_MD2_ALT
+//#define MBEDTLS_MD4_ALT
+//#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_RIPEMD160_ALT
+//#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA512_ALT
+/*
+ * When replacing the elliptic curve module, pleace consider, that it is
+ * implemented with two .c files:
+ *      - ecp.c
+ *      - ecp_curves.c
+ * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
+ * macros as described above. The only difference is that you have to make sure
+ * that you provide functionality for both .c files.
+ */
+//#define MBEDTLS_ECP_ALT
+
+/**
+ * \def MBEDTLS_MD2_PROCESS_ALT
+ *
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * alternate core implementation of symmetric crypto or hash function. Keep in
+ * mind that function prototypes should remain the same.
+ *
+ * This replaces only one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * no longer provide the mbedtls_sha1_process() function, but it will still provide
+ * the other function (using your mbedtls_sha1_process() function) and the definition
+ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
+ * with this definition.
+ *
+ * \note Because of a signature change, the core AES encryption and decryption routines are
+ *       currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
+ *       respectively. When setting up alternative implementations, these functions should
+ *       be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
+ *       must stay untouched.
+ *
+ * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
+ *       MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
+ *       tables.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+//#define MBEDTLS_MD2_PROCESS_ALT
+//#define MBEDTLS_MD4_PROCESS_ALT
+//#define MBEDTLS_MD5_PROCESS_ALT
+//#define MBEDTLS_RIPEMD160_PROCESS_ALT
+//#define MBEDTLS_SHA1_PROCESS_ALT
+//#define MBEDTLS_SHA256_PROCESS_ALT
+//#define MBEDTLS_SHA512_PROCESS_ALT
+//#define MBEDTLS_DES_SETKEY_ALT
+//#define MBEDTLS_DES_CRYPT_ECB_ALT
+//#define MBEDTLS_DES3_CRYPT_ECB_ALT
+//#define MBEDTLS_AES_SETKEY_ENC_ALT
+//#define MBEDTLS_AES_SETKEY_DEC_ALT
+//#define MBEDTLS_AES_ENCRYPT_ALT
+//#define MBEDTLS_AES_DECRYPT_ALT
+
+/**
+ * \def MBEDTLS_ECP_INTERNAL_ALT
+ *
+ * Expose a part of the internal interface of the Elliptic Curve Point module.
+ *
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternative core implementation of elliptic curve arithmetic. Keep in mind
+ * that function prototypes should remain the same.
+ *
+ * This partially replaces one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
+ * is still present and it is used for group structures not supported by the
+ * alternative.
+ *
+ * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
+ * and implementing the following functions:
+ *      unsigned char mbedtls_internal_ecp_grp_capable(
+ *          const mbedtls_ecp_group *grp )
+ *      int  mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
+ *      void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp )
+ * The mbedtls_internal_ecp_grp_capable function should return 1 if the
+ * replacement functions implement arithmetic for the given group and 0
+ * otherwise.
+ * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are
+ * called before and after each point operation and provide an opportunity to
+ * implement optimized set up and tear down instructions.
+ *
+ * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
+ * function, but will use your mbedtls_internal_ecp_double_jac if the group is
+ * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
+ * receives it as an argument). If the group is not supported then the original
+ * implementation is used. The other functions and the definition of
+ * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
+ * implementation of mbedtls_internal_ecp_double_jac and
+ * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+/* Required for all the functions in this section */
+//#define MBEDTLS_ECP_INTERNAL_ALT
+/* Support for Weierstrass curves with Jacobi representation */
+//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
+//#define MBEDTLS_ECP_ADD_MIXED_ALT
+//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
+/* Support for curves with Montgomery arithmetic */
+//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
+//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
+//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
+
+/**
+ * \def MBEDTLS_TEST_NULL_ENTROPY
+ *
+ * Enables testing and use of mbed TLS without any configured entropy sources.
+ * This permits use of the library on platforms before an entropy source has
+ * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
+ * MBEDTLS_ENTROPY_NV_SEED switches).
+ *
+ * WARNING! This switch MUST be disabled in production builds, and is suitable
+ * only for development.
+ * Enabling the switch negates any security provided by the library.
+ *
+ * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ */
+//#define MBEDTLS_TEST_NULL_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_HARDWARE_ALT
+ *
+ * Uncomment this macro to let mbed TLS use your own implementation of a
+ * hardware entropy collector.
+ *
+ * Your function must be called \c mbedtls_hardware_poll(), have the same
+ * prototype as declared in entropy_poll.h, and accept NULL as first argument.
+ *
+ * Uncomment to use your own hardware entropy collector.
+ */
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+/**
+ * \def MBEDTLS_AES_ROM_TABLES
+ *
+ * Store the AES tables in ROM.
+ *
+ * Uncomment this macro to store the AES tables in ROM.
+ */
+//#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
+ *
+ * Use less ROM for the Camellia implementation (saves about 768 bytes).
+ *
+ * Uncomment this macro to use less memory for Camellia.
+ */
+//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CBC
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CTR
+
+/**
+ * \def MBEDTLS_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+ */
+//#define MBEDTLS_CIPHER_NULL_CIPHER
+
+/**
+ * \def MBEDTLS_CIPHER_PADDING_PKCS7
+ *
+ * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
+ * specific padding modes in the cipher layer with cipher modes that support
+ * padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CIPHER_PADDING_ZEROS
+
+/**
+ * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels with virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+ */
+//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+ *
+ * Remove RC4 ciphersuites by default in SSL / TLS.
+ * This flag removes the ciphersuites based on RC4 from the default list as
+ * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
+ * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
+ * explicitly.
+ *
+ * Uncomment this macro to remove RC4 ciphersuites by default.
+ */
+#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ *
+ * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
+ * module.  By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+#if 0 
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#endif
+
+/**
+ * \def MBEDTLS_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/**
+ * \def MBEDTLS_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Requires: MBEDTLS_HMAC_DRBG_C
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define MBEDTLS_ECDSA_DETERMINISTIC
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ */
+//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ */
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+#ifdef AUTH_MODE_CERT
+
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ *
+ * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ *
+ * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+
+/**
+ * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+
+
+#endif
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ *
+ * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Requires: MBEDTLS_ECJPAKE_C
+ *           MBEDTLS_SHA256_C
+ *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+ */
+//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+
+/**
+ * \def MBEDTLS_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of mbedtls_strerror() in
+ * third party libraries easier when MBEDTLS_ERROR_C is disabled
+ * (no effect when MBEDTLS_ERROR_C is enabled).
+ *
+ * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
+ * not using mbedtls_strerror() or error_strerror() in your application.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * mbedtls_strerror()
+ */
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+
+/**
+ * \def MBEDTLS_GENPRIME
+ *
+ * Enable the prime-number generation code.
+ *
+ * Requires: MBEDTLS_BIGNUM_C
+ */
+#define MBEDTLS_GENPRIME
+
+/**
+ * \def MBEDTLS_FS_IO
+ *
+ * Enable functions that use the filesystem.
+ */
+#define MBEDTLS_FS_IO
+
+/**
+ * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * mbedtls_timing_hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+ */
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: MBEDTLS_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both MBEDTLS_SHA256_C and
+ * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+//#define MBEDTLS_ENTROPY_FORCE_SHA256
+
+/**
+ * \def MBEDTLS_ENTROPY_NV_SEED
+ *
+ * Enable the non-volatile (NV) seed file-based entropy source.
+ * (Also enables the NV seed read/write functions in the platform layer)
+ *
+ * This is crucial (if not required) on systems that do not have a
+ * cryptographic entropy source (in hardware or kernel) available.
+ *
+ * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
+ *
+ * \note The read/write functions that are used by the entropy source are
+ *       determined in the platform layer, and can be modified at runtime and/or
+ *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
+ *
+ * \note If you use the default implementation functions that read a seedfile
+ *       with regular fopen(), please make sure you make a seedfile with the
+ *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
+ *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
+ *       and written to or you will get an entropy source error! The default
+ *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
+ *       bytes from the file.
+ *
+ * \note The entropy collector will write to the seed file before entropy is
+ *       given to an external source, to update it.
+ */
+//#define MBEDTLS_ENTROPY_NV_SEED
+
+/**
+ * \def MBEDTLS_MEMORY_DEBUG
+ *
+ * Enable debugging of buffer allocator memory issues. Automatically prints
+ * (to stderr) all (fatal) messages on memory allocation issues. Enables
+ * function for 'debug output' of allocated memory.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Uncomment this macro to let the buffer allocator print out error messages.
+ */
+//#define MBEDTLS_MEMORY_DEBUG
+
+/**
+ * \def MBEDTLS_MEMORY_BACKTRACE
+ *
+ * Include backtrace information with each allocated block.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *           GLIBC-compatible backtrace() an backtrace_symbols() support
+ *
+ * Uncomment this macro to include backtrace information
+ */
+//#define MBEDTLS_MEMORY_BACKTRACE
+
+/**
+ * \def MBEDTLS_PK_RSA_ALT_SUPPORT
+ *
+ * Support external private RSA keys (eg from a HSM) in the PK layer.
+ *
+ * Comment this macro to disable support for external private RSA keys.
+ */
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+
+/**
+ * \def MBEDTLS_PKCS1_V15
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ *
+ * Requires: MBEDTLS_RSA_C
+ *
+ * This enables support for PKCS#1 v1.5 operations.
+ */
+#define MBEDTLS_PKCS1_V15
+
+/**
+ * \def MBEDTLS_PKCS1_V21
+ *
+ * Enable support for PKCS#1 v2.1 encoding.
+ *
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
+ *
+ * This enables support for RSAES-OAEP and RSASSA-PSS operations.
+ */
+#define MBEDTLS_PKCS1_V21
+
+/**
+ * \def MBEDTLS_RSA_NO_CRT
+ *
+ * Do not use the Chinese Remainder Theorem for the RSA private operation.
+ *
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+//#define MBEDTLS_RSA_NO_CRT
+
+/**
+ * \def MBEDTLS_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#define MBEDTLS_SELF_TEST
+
+/**
+ * \def MBEDTLS_SHA256_SMALLER
+ *
+ * Enable an implementation of SHA-256 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * The default implementation is meant to be a reasonnable compromise between
+ * performance and size. This version optimizes more aggressively for size at
+ * the expense of performance. Eg on Cortex-M4 it reduces the size of
+ * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
+ * 30%.
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+//#define MBEDTLS_SHA256_SMALLER
+
+/**
+ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, mbed TLS can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+
+/**
+ * \def MBEDTLS_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define MBEDTLS_SSL_DEBUG_ALL
+
+/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+
+/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+ *
+ * Enable support for Extended Master Secret, aka Session Hash
+ * (draft-ietf-tls-session-hash-02).
+ *
+ * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * attacks, but it is recommended to always use it (even if you disable
+ * renegotiation), since it actually fixes a more fundamental issue in the
+ * original SSL/TLS design, and has implications beyond Triple Handshake.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+
+/**
+ * \def MBEDTLS_SSL_FALLBACK_SCSV
+ *
+ * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ *
+ * For servers, it is recommended to always enable this, unless you support
+ * only one version of TLS, or know for sure that none of your clients
+ * implements a fallback strategy.
+ *
+ * For clients, you only need this if you're using a fallback strategy, which
+ * is not recommended in the first place, unless you absolutely need it to
+ * interoperate with buggy (version-intolerant) servers.
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+#define MBEDTLS_SSL_FALLBACK_SCSV
+
+/**
+ * \def MBEDTLS_SSL_HW_RECORD_ACCEL
+ *
+ * Enable hooking functions in SSL module for hardware acceleration of
+ * individual records.
+ *
+ * Uncomment this macro to enable hooking functions.
+ */
+//#define MBEDTLS_SSL_HW_RECORD_ACCEL
+
+/**
+ * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+//#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+
+/**
+ * \def MBEDTLS_SSL_RENEGOTIATION
+ *
+ * Disable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Comment this to disable support for renegotiation.
+ */
+#define MBEDTLS_SSL_RENEGOTIATION
+
+/**
+ * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ *
+ * Enable support for receiving and parsing SSLv2 Client Hello messages for the
+ * SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to enable support for SSLv2 Client Hello messages.
+ */
+//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+
+/**
+ * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+ *
+ * Pick the ciphersuite according to the client's preferences rather than ours
+ * in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to respect client's ciphersuite order
+ */
+//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+
+/**
+ * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def MBEDTLS_SSL_PROTO_SSL3
+ *
+ * Enable support for SSL 3.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for SSL 3.0
+ */
+//#define MBEDTLS_SSL_PROTO_SSL3
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1
+ *
+ * Enable support for TLS 1.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
+ */
+//#define MBEDTLS_SSL_PROTO_TLS1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_1
+ *
+ * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
+ */
+//#define MBEDTLS_SSL_PROTO_TLS1_1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
+ *           (Depends on ciphersuites)
+ *
+ * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/**
+ * \def MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Enable support for DTLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
+ * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_1
+ *        or MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for DTLS
+ */
+#define MBEDTLS_SSL_PROTO_DTLS
+
+/**
+ * \def MBEDTLS_SSL_ALPN
+ *
+ * Enable support for RFC 7301 Application Layer Protocol Negotiation.
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define MBEDTLS_SSL_ALPN
+
+/**
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ *
+ * Enable support for the anti-replay mechanism in DTLS.
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *           MBEDTLS_SSL_PROTO_DTLS
+ *
+ * \warning Disabling this is often a security risk!
+ * See mbedtls_ssl_conf_dtls_anti_replay() for details.
+ *
+ * Comment this to disable anti-replay in DTLS.
+ */
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Enable support for HelloVerifyRequest on DTLS servers.
+ *
+ * This feature is highly recommended to prevent DTLS servers being used as
+ * amplifiers in DoS attacks against other hosts. It should always be enabled
+ * unless you know for sure amplification cannot be a problem in the
+ * environment in which your server operates.
+ *
+ * \warning Disabling this can ba a security risk! (see above)
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Comment this to disable support for HelloVerifyRequest.
+ */
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/**
+ * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+ *
+ * Enable support for a limit of records with bad MAC.
+ *
+ * See mbedtls_ssl_conf_dtls_badmac_limit().
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ */
+#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+
+/**
+ * \def MBEDTLS_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ * Client-side, provides full support for session tickets (maintainance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define MBEDTLS_SSL_SESSION_TICKETS
+
+/**
+ * \def MBEDTLS_SSL_EXPORT_KEYS
+ *
+ * Enable support for exporting key block and master secret.
+ * This is required for certain users of TLS, e.g. EAP-TLS.
+ *
+ * Comment this macro to disable support for key export
+ */
+#define MBEDTLS_SSL_EXPORT_KEYS
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#define MBEDTLS_SSL_TRUNCATED_HMAC
+
+/**
+ * \def MBEDTLS_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+ */
+//#define MBEDTLS_THREADING_ALT
+
+/**
+ * \def MBEDTLS_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+ */
+//#define MBEDTLS_THREADING_PTHREAD
+
+/**
+ * \def MBEDTLS_VERSION_FEATURES
+ *
+ * Allow run-time checking of compile-time enabled features. Thus allowing users
+ * to check at run-time if the library is for instance compiled with threading
+ * support via mbedtls_version_check_feature().
+ *
+ * Requires: MBEDTLS_VERSION_C
+ *
+ * Comment this to disable run-time checking and save ROM space
+ */
+#define MBEDTLS_VERSION_FEATURES
+
+/**
+ * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an extension in a v1 or v2 certificate.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+
+/**
+ * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * \warning Depending on your PKI use, enabling this can be a security risk!
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+
+/**
+ * \def MBEDTLS_X509_CHECK_KEY_USAGE
+ *
+ * Enable verification of the keyUsage extension (CA and leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused
+ * (intermediate) CA and leaf certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip keyUsage checking for both CA and leaf certificates.
+ */
+#define MBEDTLS_X509_CHECK_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+ *
+ * Enable verification of the extendedKeyUsage extension (leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip extendedKeyUsage checking for certificates.
+ */
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+
+/**
+ * \def MBEDTLS_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
+ * CRIME attack. Before enabling this option, you should examine with care if
+ * CRIME or similar exploits may be a applicable to your use case.
+ *
+ * \note Currently compression can't be used with DTLS.
+ *
+ * Used in: library/ssl_tls.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+ */
+//#define MBEDTLS_ZLIB_SUPPORT
+/* \} name SECTION: mbed TLS feature support */
+
+/**
+ * \name SECTION: mbed TLS modules
+ *
+ * This section enables or disables entire modules in mbed TLS
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AESNI_C
+ *
+ * Enable AES-NI support on x86-64.
+ *
+ * Module:  library/aesni.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the AES-NI instructions on x86-64
+ */
+#define MBEDTLS_AESNI_C
+
+/**
+ * \def MBEDTLS_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module:  library/aes.c
+ * Caller:  library/ssl_tls.c
+ *          library/pem.c
+ *          library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define MBEDTLS_AES_C
+
+/**
+ * \def MBEDTLS_ARC4_C
+ *
+ * Enable the ARCFOUR stream cipher.
+ *
+ * Module:  library/arc4.c
+ * Caller:  library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_ARC4_C
+
+/**
+ * \def MBEDTLS_ASN1_PARSE_C
+ *
+ * Enable the generic ASN1 parser.
+ *
+ * Module:  library/asn1.c
+ * Caller:  library/x509.c
+ *          library/dhm.c
+ *          library/pkcs12.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ */
+#define MBEDTLS_ASN1_PARSE_C
+
+/**
+ * \def MBEDTLS_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module:  library/asn1write.c
+ * Caller:  library/ecdsa.c
+ *          library/pkwrite.c
+ *          library/x509_create.c
+ *          library/x509write_crt.c
+ *          library/x509write_csr.c
+ */
+//#define MBEDTLS_ASN1_WRITE_C
+
+/**
+ * \def MBEDTLS_BASE64_C
+ *
+ * Enable the Base64 module.
+ *
+ * Module:  library/base64.c
+ * Caller:  library/pem.c
+ *
+ * This module is required for PEM support (required by X.509).
+ */
+#define MBEDTLS_BASE64_C
+
+/**
+ * \def MBEDTLS_BIGNUM_C
+ *
+ * Enable the multi-precision integer library.
+ *
+ * Module:  library/bignum.c
+ * Caller:  library/dhm.c
+ *          library/ecp.c
+ *          library/ecdsa.c
+ *          library/rsa.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
+ */
+//#define MBEDTLS_BIGNUM_C
+
+/**
+ * \def MBEDTLS_BLOWFISH_C
+ *
+ * Enable the Blowfish block cipher.
+ *
+ * Module:  library/blowfish.c
+ */
+#define MBEDTLS_BLOWFISH_C
+
+/**
+ * \def MBEDTLS_CAMELLIA_C
+ *
+ * Enable the Camellia block cipher.
+ *
+ * Module:  library/camellia.c
+ * Caller:  library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_CAMELLIA_C
+
+/**
+ * \def MBEDTLS_CCM_C
+ *
+ * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
+ *
+ * Module:  library/ccm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-CCM ciphersuites, if other requisites are
+ * enabled as well.
+ */
+#define MBEDTLS_CCM_C
+
+/**
+ * \def MBEDTLS_CERTS_C
+ *
+ * Enable the test certificates.
+ *
+ * Module:  library/certs.c
+ * Caller:
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+//#define MBEDTLS_CERTS_C
+
+/**
+ * \def MBEDTLS_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module:  library/cipher.c
+ * Caller:  library/ssl_tls.c
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define MBEDTLS_CIPHER_C
+
+/**
+ * \def MBEDTLS_CMAC_C
+ *
+ * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
+ * ciphers.
+ *
+ * Module:  library/cmac.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
+ *
+ */
+//#define MBEDTLS_CMAC_C
+
+/**
+ * \def MBEDTLS_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-256-based random generator.
+ *
+ * Module:  library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ * This module provides the CTR_DRBG AES-256 random number generator.
+ */
+#define MBEDTLS_CTR_DRBG_C
+
+/**
+ * \def MBEDTLS_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module:  library/debug.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * This module provides debugging functions.
+ */
+ 
+#ifdef PKG_USING_MBEDTLS_DEBUG
+#define MBEDTLS_DEBUG_C
+#endif
+
+
+/**
+ * \def MBEDTLS_DES_C
+ *
+ * Enable the DES block cipher.
+ *
+ * Module:  library/des.c
+ * Caller:  library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *
+ * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+ */
+#define MBEDTLS_DES_C
+
+/**
+ * \def MBEDTLS_DHM_C
+ *
+ * Enable the Diffie-Hellman-Merkle module.
+ *
+ * Module:  library/dhm.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ *      DHE-RSA, DHE-PSK
+ */
+//#define MBEDTLS_DHM_C
+
+/**
+ * \def MBEDTLS_ECDH_C
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Module:  library/ecdh.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
+ *
+ * Requires: MBEDTLS_ECP_C
+ */
+//#define MBEDTLS_ECDH_C
+
+/**
+ * \def MBEDTLS_ECDSA_C
+ *
+ * Enable the elliptic curve DSA library.
+ *
+ * Module:  library/ecdsa.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
+ */
+//#define MBEDTLS_ECDSA_C
+
+/**
+ * \def MBEDTLS_ECJPAKE_C
+ *
+ * Enable the elliptic curve J-PAKE library.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Module:  library/ecjpake.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECJPAKE
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
+ */
+//#define MBEDTLS_ECJPAKE_C
+
+/**
+ * \def MBEDTLS_ECP_C
+ *
+ * Enable the elliptic curve over GF(p) library.
+ *
+ * Module:  library/ecp.c
+ * Caller:  library/ecdh.c
+ *          library/ecdsa.c
+ *          library/ecjpake.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
+ */
+//#define MBEDTLS_ECP_C
+
+/**
+ * \def MBEDTLS_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module:  library/entropy.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define MBEDTLS_ENTROPY_C
+
+/**
+ * \def MBEDTLS_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module:  library/error.c
+ * Caller:
+ *
+ * This module enables mbedtls_strerror().
+ */
+#define MBEDTLS_ERROR_C
+
+/**
+ * \def MBEDTLS_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM) for AES.
+ *
+ * Module:  library/gcm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define MBEDTLS_GCM_C
+
+/**
+ * \def MBEDTLS_HAVEGE_C
+ *
+ * Enable the HAVEGE random generator.
+ *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ *          environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ *          processor traits. It is therefore not advised to use HAVEGE as
+ *          your applications primary random generator or primary entropy pool
+ *          input. As a secondary input to your entropy pool, it IS able add
+ *          the (limited) extra entropy it provides.
+ *
+ * Module:  library/havege.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_TIMING_C
+ *
+ * Uncomment to enable the HAVEGE random generator.
+ */
+//#define MBEDTLS_HAVEGE_C
+
+/**
+ * \def MBEDTLS_HMAC_DRBG_C
+ *
+ * Enable the HMAC_DRBG random generator.
+ *
+ * Module:  library/hmac_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * Uncomment to enable the HMAC_DRBG random number geerator.
+ */
+#define MBEDTLS_HMAC_DRBG_C
+
+/**
+ * \def MBEDTLS_MD_C
+ *
+ * Enable the generic message digest layer.
+ *
+ * Module:  library/md.c
+ * Caller:
+ *
+ * Uncomment to enable generic message digest wrappers.
+ */
+#define MBEDTLS_MD_C
+
+/**
+ * \def MBEDTLS_MD2_C
+ *
+ * Enable the MD2 hash algorithm.
+ *
+ * Module:  library/md2.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD2-signed X.509 certs.
+ */
+//#define MBEDTLS_MD2_C
+
+/**
+ * \def MBEDTLS_MD4_C
+ *
+ * Enable the MD4 hash algorithm.
+ *
+ * Module:  library/md4.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD4-signed X.509 certs.
+ */
+//#define MBEDTLS_MD4_C
+
+/**
+ * \def MBEDTLS_MD5_C
+ *
+ * Enable the MD5 hash algorithm.
+ *
+ * Module:  library/md5.c
+ * Caller:  library/md.c
+ *          library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for SSL/TLS and X.509.
+ * PEM_PARSE uses MD5 for decrypting encrypted keys.
+ */
+#define MBEDTLS_MD5_C
+
+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module:  library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def MBEDTLS_NET_C
+ *
+ * Enable the TCP and UDP over IPv6/IPv4 networking routines.
+ *
+ * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
+ * and Windows. For other platforms, you'll want to disable it, and write your
+ * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module:  library/net_sockets.c
+ *
+ * This module provides networking routines.
+ */
+//#define MBEDTLS_NET_C
+
+/**
+ * \def MBEDTLS_OID_C
+ *
+ * Enable the OID database.
+ *
+ * Module:  library/oid.c
+ * Caller:  library/asn1write.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ *          library/pkwrite.c
+ *          library/rsa.c
+ *          library/x509.c
+ *          library/x509_create.c
+ *          library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
+ *          library/x509write_crt.c
+ *          library/x509write_csr.c
+ *
+ * This modules translates between OIDs and internal values.
+ */
+//#define MBEDTLS_OID_C
+
+/**
+ * \def MBEDTLS_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module:  library/padlock.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+#define MBEDTLS_PADLOCK_C
+
+/**
+ * \def MBEDTLS_PEM_PARSE_C
+ *
+ * Enable PEM decoding / parsing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/dhm.c
+ *          library/pkparse.c
+ *          library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for decoding / parsing PEM files.
+ */
+#define MBEDTLS_PEM_PARSE_C
+
+/**
+ * \def MBEDTLS_PEM_WRITE_C
+ *
+ * Enable PEM encoding / writing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/pkwrite.c
+ *          library/x509write_crt.c
+ *          library/x509write_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for encoding / writing PEM files.
+ */
+#define MBEDTLS_PEM_WRITE_C
+
+/**
+ * \def MBEDTLS_PK_C
+ *
+ * Enable the generic public (asymetric) key layer.
+ *
+ * Module:  library/pk.c
+ * Caller:  library/ssl_tls.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+//#define MBEDTLS_PK_C
+
+/**
+ * \def MBEDTLS_PK_PARSE_C
+ *
+ * Enable the generic public (asymetric) key parser.
+ *
+ * Module:  library/pkparse.c
+ * Caller:  library/x509_crt.c
+ *          library/x509_csr.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+//#define MBEDTLS_PK_PARSE_C
+
+/**
+ * \def MBEDTLS_PK_WRITE_C
+ *
+ * Enable the generic public (asymetric) key writer.
+ *
+ * Module:  library/pkwrite.c
+ * Caller:  library/x509write.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+//#define MBEDTLS_PK_WRITE_C
+
+/**
+ * \def MBEDTLS_PKCS5_C
+ *
+ * Enable PKCS#5 functions.
+ *
+ * Module:  library/pkcs5.c
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the PKCS#5 functions.
+ */
+//#define MBEDTLS_PKCS5_C
+
+/**
+ * \def MBEDTLS_PKCS11_C
+ *
+ * Enable wrapper for PKCS#11 smartcard support.
+ *
+ * Module:  library/pkcs11.c
+ * Caller:  library/pk.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * This module enables SSL/TLS PKCS #11 smartcard support.
+ * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
+ */
+//#define MBEDTLS_PKCS11_C
+
+/**
+ * \def MBEDTLS_PKCS12_C
+ *
+ * Enable PKCS#12 PBE functions.
+ * Adds algorithms for parsing PKCS#8 encrypted private keys
+ *
+ * Module:  library/pkcs12.c
+ * Caller:  library/pkparse.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Can use:  MBEDTLS_ARC4_C
+ *
+ * This module enables PKCS#12 functions.
+ */
+#define MBEDTLS_PKCS12_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other module rely on it for a fixed snprintf implementation.
+ *
+ * Module:  library/platform.c
+ * Caller:  Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+/**
+ * \def MBEDTLS_RIPEMD160_C
+ *
+ * Enable the RIPEMD-160 hash algorithm.
+ *
+ * Module:  library/ripemd160.c
+ * Caller:  library/md.c
+ *
+ */
+#define MBEDTLS_RIPEMD160_C
+
+/**
+ * \def MBEDTLS_RSA_C
+ *
+ * Enable the RSA public-key cryptosystem.
+ *
+ * Module:  library/rsa.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *          library/x509.c
+ *
+ * This module is used by the following key exchanges:
+ *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
+ */
+//#define MBEDTLS_RSA_C
+
+/**
+ * \def MBEDTLS_SHA1_C
+ *
+ * Enable the SHA1 cryptographic hash algorithm.
+ *
+ * Module:  library/sha1.c
+ * Caller:  library/md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *          library/x509write_crt.c
+ *
+ * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
+ * depending on the handshake parameters, and for SHA1-signed certificates.
+ */
+#define MBEDTLS_SHA1_C
+
+/**
+ * \def MBEDTLS_SHA256_C
+ *
+ * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
+ *
+ * Module:  library/sha256.c
+ * Caller:  library/entropy.c
+ *          library/md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * This module adds support for SHA-224 and SHA-256.
+ * This module is required for the SSL/TLS 1.2 PRF function.
+ */
+#define MBEDTLS_SHA256_C
+
+/**
+ * \def MBEDTLS_SHA512_C
+ *
+ * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
+ *
+ * Module:  library/sha512.c
+ * Caller:  library/entropy.c
+ *          library/md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module adds support for SHA-384 and SHA-512.
+ */
+#define MBEDTLS_SHA512_C
+
+/**
+ * \def MBEDTLS_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module:  library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_CACHE_C
+ */
+#define MBEDTLS_SSL_CACHE_C
+
+/**
+ * \def MBEDTLS_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module:  library/ssl_cookie.c
+ * Caller:
+ */
+#define MBEDTLS_SSL_COOKIE_C
+
+/**
+ * \def MBEDTLS_SSL_TICKET_C
+ *
+ * Enable an implementation of TLS server-side callbacks for session tickets.
+ *
+ * Module:  library/ssl_ticket.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_CIPHER_C
+ */
+#define MBEDTLS_SSL_TICKET_C
+
+/**
+ * \def MBEDTLS_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module:  library/ssl_cli.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define MBEDTLS_SSL_CLI_C
+
+/**
+ * \def MBEDTLS_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module:  library/ssl_srv.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+//#define MBEDTLS_SSL_SRV_C
+
+/**
+ * \def MBEDTLS_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module:  library/ssl_tls.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define MBEDTLS_SSL_TLS_C
+
+/**
+ * \def MBEDTLS_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions. See also our Knowledge Base article about threading:
+ * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
+ *
+ * Module:  library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either MBEDTLS_THREADING_ALT or
+ * MBEDTLS_THREADING_PTHREAD.
+ *
+ * Enable this layer to allow use of mutexes within mbed TLS
+ */
+//#define MBEDTLS_THREADING_C
+
+/**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the semi-portable timing interface.
+ *
+ * \note The provided implementation only works on POSIX/Unix (including Linux,
+ * BSD and OS X) and Windows. On other platforms, you can either disable that
+ * module and provide your own implementations of the callbacks needed by
+ * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
+ * your own implementation of the whole module by setting
+ * \c MBEDTLS_TIMING_ALT in the current file.
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module:  library/timing.c
+ * Caller:  library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+#define MBEDTLS_TIMING_C
+
+/**
+ * \def MBEDTLS_VERSION_C
+ *
+ * Enable run-time version information.
+ *
+ * Module:  library/version.c
+ *
+ * This module provides run-time version information.
+ */
+#define MBEDTLS_VERSION_C
+
+
+#ifdef AUTH_MODE_CERT
+
+/**
+ * \def MBEDTLS_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module:  library/x509.c
+ * Caller:  library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
+ *           MBEDTLS_PK_PARSE_C
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define MBEDTLS_X509_USE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module:  library/x509_crt.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define MBEDTLS_X509_CRT_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module:  library/x509_crl.c
+ * Caller:  library/x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define MBEDTLS_X509_CRL_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module:  library/x509_csr.c
+ * Caller:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#define MBEDTLS_X509_CSR_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module:  library/x509_create.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#define MBEDTLS_X509_CREATE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#define MBEDTLS_X509_CRT_WRITE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module:  library/x509_csr_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#define MBEDTLS_X509_CSR_WRITE_C
+
+#endif
+
+/**
+ * \def MBEDTLS_XTEA_C
+ *
+ * Enable the XTEA block cipher.
+ *
+ * Module:  library/xtea.c
+ * Caller:
+ */
+#define MBEDTLS_XTEA_C
+
+/* \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ *
+ * Our advice is to enable options and change their values here
+ * only if you have a good reason and know the consequences.
+ *
+ * Please check the respective header file for documentation on these
+ * parameters (to prevent duplicate documentation).
+ * \{
+ */
+
+/* MPI / BIGNUM options */
+//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
+//#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
+
+/* CTR_DRBG options */
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
+
+/* HMAC_DRBG options */
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
+
+/* ECP options */
+//#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
+//#define MBEDTLS_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
+//#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
+
+/* Entropy options */
+//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+//#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
+//#define MBEDTLS_ENTROPY_MIN_HARDWARE               32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
+
+/* Memory buffer allocator options */
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
+
+/* Platform options */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
+/* Note: your snprintf must correclty zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE  "seedfile" /**< Seed file to read/write with default implementation */
+
+/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_TIME_MACRO            time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
+/* Note: your snprintf must correclty zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+
+/* SSL Cache options */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
+
+/* SSL options */
+//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
+//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
+//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+
+/**
+ * Complete list of ciphersuites to use, in order of preference.
+ *
+ * \warning No dependency checking is done on that field! This option can only
+ * be used to restrict the set of available ciphersuites. It is your
+ * responsibility to make sure the needed modules are active.
+ *
+ * Use this to save a few hundred bytes of ROM (default ordering of all
+ * available ciphersuites) and a few to a few hundred bytes of RAM.
+ *
+ * The value below is only an example, not the default.
+ */
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+
+/* X509 options */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
+
+/**
+ * Allow SHA-1 in the default TLS configuration for certificate signing.
+ * Without this build-time option, SHA-1 support must be activated explicitly
+ * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
+ * recommended because of it is possible to generte SHA-1 collisions, however
+ * this may be safe for legacy infrastructure where additional controls apply.
+ */
+// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+
+/**
+ * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
+ * signature and ciphersuite selection. Without this build-time option, SHA-1
+ * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
+ * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
+ * default. At the time of writing, there is no practical attack on the use
+ * of SHA-1 in handshake signatures, hence this option is turned on by default
+ * for compatibility with existing peers.
+ */
+#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
+
+/* \} name SECTION: Customisation configuration options */
+
+/* Target and application specific configurations */
+//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h"
+
+#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
+#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
+#endif
+
+/*
+ * Allow user to override any previous default.
+ *
+ * Use two macro names for that, as:
+ * - with yotta the prefix YOTTA_CFG_ is forced
+ * - without yotta is looks weird to have a YOTTA prefix.
+ */
+#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
+#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
+#elif defined(MBEDTLS_USER_CONFIG_FILE)
+#include MBEDTLS_USER_CONFIG_FILE
+#endif
+
+#include "mbedtls/check_config.h"
+
+#define tls_malloc  rt_malloc
+#define tls_free    rt_free
+#define tls_realloc rt_realloc
+#define tls_calloc  rt_calloc
+#define tls_strdup  rt_strdup
+
+#endif /* MBEDTLS_CONFIG_H */

qcloud-iot-explorer-sdk-embedded-c/.clang-format

@@ -0,0 +1,10 @@
+BasedOnStyle: Google
+BreakBeforeBraces: Linux
+AlignConsecutiveDeclarations: true
+AlignConsecutiveMacros: true
+AlignConsecutiveAssignments: true
+AllowShortFunctionsOnASingleLine: Inline
+AllowShortIfStatementsOnASingleLine: false
+SortIncludes: false
+IndentWidth: 4
+ColumnLimit: 120

qcloud-iot-explorer-sdk-embedded-c/CMakeLists.txt

@@ -0,0 +1,212 @@
+# 项目信息
+project (QCloud_IoT_SDK C)
+
+# CMake 最低版本号要求
+cmake_minimum_required (VERSION 3.5)
+
+######################CONFIG BEGIN####################################
+# 编译类型: release/debug
+set(BUILD_TYPE "release")
+
+# 代码抽取，ON表示根据配置抽取源码到ouput/qcloud_iot_c_sdk目录
+set(EXTRACT_SRC ON)
+
+# 编译工具链
+set(COMPILE_TOOLS "gcc") 
+set(PLATFORM 	  "linux")
+ 
+#set(COMPILE_TOOLS "MSVC") 
+#set(PLATFORM 	  "windows") 
+
+
+# 是否使能设备动态注册
+set(FEATURE_DEV_DYN_REG_ENABLED ON)
+
+# 是否使能网关功能
+set(FEATURE_GATEWAY_ENABLED OFF)
+
+# 是否使能网关子设备动态绑定解绑功能
+set(FEATURE_GATEWAY_DYN_BIND_SUBDEV_ENABLED OFF)
+
+# 是否使能多线程
+set(FEATURE_MULTITHREAD_ENABLED OFF)
+
+# 是否打开数据模板事件上报功能
+set(FEATURE_EVENT_POST_ENABLED OFF)
+
+# 是否打开数据模板行为功能
+set(FEATURE_ACTION_ENABLED OFF)
+
+# 是否打开OTA固件升级总开关
+set(FEATURE_OTA_COMM_ENABLED ON)
+
+# 接入认证方式，使用证书认证：CERT；使用密钥认证：KEY
+set(FEATURE_AUTH_MODE "KEY")
+
+# 接入认证是否不使用TLS，证书方式必须选择使用TLS，密钥认证可选择不使用TLS
+set(FEATURE_AUTH_WITH_NOTLS OFF)
+
+# 是否打开代码中获取设备信息功能，OFF时将从device_info.json中读取设备信息
+set(FEATURE_DEBUG_DEV_INFO_USED OFF)
+
+# 是否使用HTTPS下载固件
+set(FEATURE_OTA_USE_HTTPS ON)
+
+# 是否打开获取iot后台时间功能
+set(FEATURE_SYSTEM_COMM_ENABLED OFF)
+
+# 是否打开日志上报云端功能
+set(FEATURE_LOG_UPLOAD_ENABLED OFF)
+
+
+# 使用SDK AT组件实现通用TCP模组网络读写需要配置 --->begin
+# 是否打开AT模组TCP功能
+set(FEATURE_AT_TCP_ENABLED OFF)
+
+# 设置AT模组设备（目前只支持esp8266，如果是其他模组请参照at_device_esp8266.c开发at_device驱动）
+set(AT_DEVICE_NAME "esp8266")
+
+# 是否打开AT模组中断接收功能
+set(FEATURE_AT_UART_RECV_IRQ ON)
+
+# 是否打开AT模组多线程功能
+set(FEATURE_AT_OS_USED OFF)
+
+# 是否打开AT模组调试功能
+set(FEATURE_AT_DEBUG OFF)
+
+# 使用SDK AT组件实现通用TCP模组网络读写需要配置 <---end
+
+######################CONFIG END######################################
+
+# 设置CMAKE使用编译工具及编译选项
+
+
+if ((NOT COMPILE_TOOLS STREQUAL "gcc") AND (NOT COMPILE_TOOLS STREQUAL "MSVC"))
+	#用户自定义
+	set(CMAKE_C_COMPILER ${COMPILE_TOOLS}) # 编译工具
+	message(WARNING "User defined platform or compile tools!")
+endif()
+
+if(CMAKE_COMPILER_IS_GNUCC)
+	if(${BUILD_TYPE} STREQUAL  "release")
+		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror -Wall -Wno-error=sign-compare -Wno-error=format -std=gnu99 -Os -pthread") # 编译选项
+	elseif(${BUILD_TYPE} STREQUAL  "debug")
+		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -Werror -Wall -Wno-error=sign-compare -Wno-error=format -std=gnu99 -Os -pthread") # 编译选项
+	endif()
+endif()
+
+if(CMAKE_COMPILER_IS_CLANG)
+	add_definitions(-D_CRT_SECURE_NO_WARNINGS -D_WINSOCK_DEPRECATED_NO_WARNINGS -D_USE_32BIT_TIME_T)
+	if(CMAKE_C_FLAGS MATCHES "/W[0-4]")
+		string(REGEX REPLACE "/W[0-4]" "/W2" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
+	else()
+		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W2")
+	endif()
+endif()
+
+# 解析配置
+if(${BUILD_TYPE} STREQUAL  "release")
+	option(IOT_DEBUG "Enable IOT_DEBUG" OFF)
+elseif(${BUILD_TYPE} STREQUAL  "debug")
+	option(IOT_DEBUG "Enable IOT_DEBUG" OFF)
+else()
+	message(FATAL_ERROR "INVAILD BUILD_TYPE:${BUILD_TYPE}!")
+endif()
+
+if(${FEATURE_AUTH_MODE} STREQUAL  "KEY")
+	option(AUTH_MODE_KEY "Enable AUTH_MODE_KEY" ON)
+	option(AUTH_MODE_CERT "Enable AUTH_MODE_CERT" OFF)
+elseif(${FEATURE_AUTH_MODE} STREQUAL  "CERT" AND ${FEATURE_AUTH_WITH_NOTLS} STREQUAL "OFF")
+	option(AUTH_MODE_KEY "Enable AUTH_MODE_KEY" OFF)
+	option(AUTH_MODE_CERT "Enable AUTH_MODE_CERT" ON)
+	option(AUTH_WITH_NOTLS "Enable AUTH_WITH_NOTLS" OFF)
+else()
+	message(FATAL_ERROR "INVAILD AUTH_MODE:${FEATURE_AUTH_MODE} WITH AUTH_WITH_NOTLS:${FEATURE_AUTH_WITH_NOTLS}!")
+endif()
+
+if(${FEATURE_OTA_COMM_ENABLED} STREQUAL "ON")
+	option(OTA_MQTT_CHANNEL "Enable OTA_MQTT_CHANNEL" ON)
+endif()
+
+option(DEV_DYN_REG_ENABLED "Enable DEV_DYN_REG" ${FEATURE_DEV_DYN_REG_ENABLED})
+option(GATEWAY_ENABLED "Enable GATEWAY" ${FEATURE_GATEWAY_ENABLED})
+option(GATEWAY_DYN_BIND_SUBDEV_ENABLED "Enable GATEWAY_DYN_BIND_SUBDEV" ${FEATURE_GATEWAY_DYN_BIND_SUBDEV_ENABLED})
+option(AUTH_WITH_NOTLS "Enable AUTH_WITH_NOTLS" ${FEATURE_AUTH_WITH_NOTLS})
+option(EVENT_POST_ENABLED "Enable EVENT_POST" ${FEATURE_EVENT_POST_ENABLED})
+option(ACTION_ENABLED "Enable ACTION" ${FEATURE_ACTION_ENABLED})
+option(AT_TCP_ENABLED "Enable AT_TCP" ${FEATURE_AT_TCP_ENABLED})
+option(DEBUG_DEV_INFO_USED "Enable DEBUG_DEV_INFO_USED" ${FEATURE_DEBUG_DEV_INFO_USED})
+option(SYSTEM_COMM "Enable SYSTEM_COMM" ${FEATURE_SYSTEM_COMM_ENABLED})
+option(LOG_UPLOAD "Enable LOG_UPLOAD" ${FEATURE_LOG_UPLOAD_ENABLED})
+
+
+if(${FEATURE_AUTH_WITH_NOTLS} STREQUAL "ON" )
+	option(OTA_USE_HTTPS "Enable OTA_USE_HTTPS" OFF)
+else()
+	option(OTA_USE_HTTPS "Enable OTA_USE_HTTPS" ${FEATURE_OTA_USE_HTTPS})
+endif()
+
+if(${FEATURE_GATEWAY_ENABLED} STREQUAL "ON")
+	option(MULTITHREAD_ENABLED "Enable MULTITHREAD" ON)
+else()
+	option(MULTITHREAD_ENABLED "Enable MULTITHREAD" ${FEATURE_MULTITHREAD_ENABLED})	
+endif()
+
+if(AT_TCP_ENABLED STREQUAL "ON")
+	option(AT_UART_RECV_IRQ "Enable AT_UART_RECV_IRQ" ${FEATURE_AT_UART_RECV_IRQ})
+	option(AT_OS_USED "Enable AT_UART_RECV_IRQ" ${FEATURE_AT_OS_USED})
+	option(AT_DEBUG "Enable AT_DEBUG" ${FEATURE_AT_DEBUG})
+else()
+	option(AT_UART_RECV_IRQ "Enable AT_UART_RECV_IRQ" OFF)
+	option(AT_OS_USED "Enable AT_UART_RECV_IRQ" OFF)
+	option(AT_DEBUG "Enable AT_DEBUG" OFF)
+endif()
+
+configure_file (
+  "${PROJECT_SOURCE_DIR}/tools/cmake_scripts/config.h.in"
+  "${PROJECT_SOURCE_DIR}/include/config.h" 
+  @ONLY
+)
+
+# 头文件目录
+include_directories(${PROJECT_SOURCE_DIR}/include 
+					${PROJECT_SOURCE_DIR}/include/exports 
+					${PROJECT_SOURCE_DIR}/platform/at_device/esp8266 
+					${PROJECT_SOURCE_DIR}/sdk_src/internal_inc
+					${PROJECT_SOURCE_DIR}/external_libs/mbedtls/include)
+					
+file(GLOB src_include ${PROJECT_SOURCE_DIR}/include/*.h)
+file(GLOB src_inc_export ${PROJECT_SOURCE_DIR}/include/exports/*.h)
+file(COPY ${src_include} DESTINATION ${PROJECT_SOURCE_DIR}/output/${BUILD_TYPE}/include)
+file(COPY ${src_inc_export} DESTINATION ${PROJECT_SOURCE_DIR}/output/${BUILD_TYPE}/include/exports)
+
+if(${EXTRACT_SRC} STREQUAL  "ON" AND  NOT DEFINED SAMPLE_ONLY)
+	file(GLOB src_internal_inc ${PROJECT_SOURCE_DIR}/sdk_src/internal_inc/*.h)
+	file(COPY ${src_include} DESTINATION ${PROJECT_SOURCE_DIR}/output/qcloud_iot_c_sdk/include)
+	file(COPY ${src_inc_export} DESTINATION ${PROJECT_SOURCE_DIR}/output/qcloud_iot_c_sdk/include/exports)
+	file(COPY ${src_internal_inc} DESTINATION ${PROJECT_SOURCE_DIR}/output/qcloud_iot_c_sdk/sdk_src/internal_inc)
+
+	if(AT_TCP_ENABLED STREQUAL "ON")
+		file(GLOB src_at_inc ${PROJECT_SOURCE_DIR}/platform/at_device/${AT_DEVICE_NAME}/*.h)
+		file(COPY ${src_at_inc} DESTINATION ${PROJECT_SOURCE_DIR}/output/qcloud_iot_c_sdk/platform)
+	endif()
+endif()
+
+# 添加源代码目录
+if(NOT DEFINED SAMPLE_ONLY)
+	add_subdirectory(${PROJECT_SOURCE_DIR}/sdk_src)
+	add_subdirectory(${PROJECT_SOURCE_DIR}/platform)
+	add_subdirectory(${PROJECT_SOURCE_DIR}/external_libs/mbedtls)
+endif()
+
+add_subdirectory(${PROJECT_SOURCE_DIR}/samples)
+if(SAMPLE_ONLY STREQUAL "ON")
+	message(STATUS  "Only compile samples!")
+endif()
+
+# 证书及设备信息
+if(NOT DEFINED SAMPLE_ONLY)
+	file(COPY ${PROJECT_SOURCE_DIR}/certs DESTINATION ${PROJECT_SOURCE_DIR}/output/${BUILD_TYPE}/bin)
+	file(COPY ${PROJECT_SOURCE_DIR}/device_info.json DESTINATION ${PROJECT_SOURCE_DIR}/output/${BUILD_TYPE}/bin)
+endif()

qcloud-iot-explorer-sdk-embedded-c/CMakeSettings.json

@@ -0,0 +1,17 @@
+{
+  "configurations": [
+    {
+      "name": "x86-Debug",
+      "generator": "Ninja",
+      "configurationType": "Debug",
+      "inheritEnvironments": [
+        "msvc_x86"
+      ],
+      "buildRoot": "${projectDir}\\build\\${name}",
+      "installRoot": "${projectDir}\\build\\install\\${name}",
+      "cmakeCommandArgs": "",
+      "buildCommandArgs": "-v",
+      "ctestCommandArgs": ""
+    }
+  ]
+}

qcloud-iot-explorer-sdk-embedded-c/LICENSE

@@ -0,0 +1,31 @@
+Tencent is pleased to support the open source community by making IoT Hub available.  
+
+Copyright (C) 2016 THL A29 Limited, a Tencent company.  All rights reserved.
+
+If you have downloaded a copy of the IoT Hub binary from Tencent, please note that the IoT Hub binary is licensed under the MIT License.
+
+If you have downloaded a copy of the IoT Hub source code from Tencent, please note that IoT Hub source code is licensed under the MIT License, 
+
+except for the third-party components listed below which are subject to different license terms.  Your integration of IoT Hub into your own projects may require compliance with the MIT License, 
+
+as well as the other licenses applicable to the third-party components included within IoT Hub.
+
+A copy of the MIT License is included in this file.
+
+Open Source Software Licensed under the MIT License: The below software in this distribution may have been modified by Tencent (“Tencent Modifications”). All Tencent Modifications are Copyright (C) 2016 THL A29 Limited.
+--------------------------------------------------------------------
+1. cpp-feather-ini-parser  1.42
+Copyright (c) 2014 Turbine1991 
+
+2. Dirent  1.22 
+Copyright (c) 2015 Toni Rönkkö 
+
+
+Terms of the MIT License:
+--------------------------------------------------------------------
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

qcloud-iot-explorer-sdk-embedded-c/Makefile

@@ -0,0 +1,168 @@
+# Basic Settings
+SHELL           := /bin/bash
+TOP_DIR         ?= $(CURDIR)
+SUBDIRS         := directory-not-exist-actually
+
+# Settings of input directory
+SCRIPT_DIR      := $(TOP_DIR)/tools/build_scripts
+SRC_DIR         := sdk_src
+PLATFORM_DIR    := platform
+EXP_INC_DIR     := include include/exports
+INT_INC_DIR     := sdk_src/internal_inc
+
+# Thirdparty libs directory
+THIRD_PARTY_PATH 	:= $(TOP_DIR)/external_libs
+TEST_LIB_DIR        := $(THIRD_PARTY_PATH)/googletest
+
+# Sample directory
+SAMPLE_DIR		:= $(TOP_DIR)/samples
+
+# Test directory
+TESTS_DIR		:= $(TOP_DIR)/sdk-tests
+
+include make.settings
+include $(SCRIPT_DIR)/parse_make_settings.mk
+
+# Settings of output directory
+TEMP_DIR   		:= $(TOP_DIR)/tmp
+DIST_DIR        := $(TOP_DIR)/output
+FINAL_DIR       := $(DIST_DIR)/$(BUILD_TYPE)
+
+# Makefile echo
+ifeq ($(DEBUG_MAKEFILE),n)
+    Q               := @
+    TOP_Q           := @
+else
+    Q               :=
+    TOP_Q           :=
+endif
+
+# IoT SDK sources files defination
+COMP_LIB            := libiot_sdk.a
+COMP_LIB_COMPONENTS := \
+    $(SRC_DIR)/utils \
+    $(SRC_DIR)/network \
+	$(SRC_DIR)/network/socket \
+    $(SRC_DIR)/protocol/http \
+
+ifeq (,$(filter -DAUTH_WITH_NOTLS,$(CFLAGS)))
+	COMP_LIB_COMPONENTS += \
+    $(SRC_DIR)/network/tls
+endif
+
+$(call CompLib_Map, MQTT_COMM_ENABLED, \
+    $(SRC_DIR)/protocol/mqtt \
+)
+
+$(call CompLib_Map, DATA_TEMPLATE_ENABLED, \
+    $(SRC_DIR)/services/data_template \
+)
+
+$(call CompLib_Map, SYSTEM_COMM_ENABLED, \
+    $(SRC_DIR)/services/system \
+)
+
+$(call CompLib_Map, LOG_UPLOAD_ENABLED, \
+    $(SRC_DIR)/services/log \
+)
+
+$(call CompLib_Map, DEV_DYN_REG_ENABLED, \
+	$(SRC_DIR)/services/dynreg \
+)
+
+$(call CompLib_Map, OTA_COMM_ENABLED, \
+	$(SRC_DIR)/services/ota \
+)
+
+$(call CompLib_Map, AT_TCP_ENABLED, \
+	$(SRC_DIR)/network/at_socket \
+)
+
+$(call CompLib_Map, GATEWAY_ENABLED, \
+	$(SRC_DIR)/services/gateway \
+)
+
+IOTSDK_SRC_FILES := \
+
+$(foreach v, \
+    $(COMP_LIB_COMPONENTS), \
+    $(eval \
+    	export IOTSDK_SRC_FILES += \
+    	$(wildcard $(TOP_DIR)/$(v)/*.c) \
+    ) \
+)
+
+EXCLUDE_SRC_FILES := \
+
+ifeq (,$(filter -DOTA_COMM_ENABLED, $(CFLAGS)))
+EXCLUDE_SRC_FILES += $(TOP_DIR)/$(SRC_DIR)/services/ota/ota_mqtt.c
+IOTSDK_SRC_FILES := $(filter-out $(EXCLUDE_SRC_FILES),$(IOTSDK_SRC_FILES))
+endif
+
+ifeq (,$(filter -DACTION_ENABLED, $(CFLAGS)))
+EXCLUDE_SRC_FILES += $(TOP_DIR)/$(SRC_DIR)/services/data_template/data_template_aciton.c
+IOTSDK_SRC_FILES := $(filter-out $(EXCLUDE_SRC_FILES),$(IOTSDK_SRC_FILES))
+endif
+
+ifeq (,$(filter -DEVENT_POST_ENABLED, $(CFLAGS)))
+EXCLUDE_SRC_FILES += $(TOP_DIR)/$(SRC_DIR)/services/data_template/data_template_event.c
+IOTSDK_SRC_FILES := $(filter-out $(EXCLUDE_SRC_FILES),$(IOTSDK_SRC_FILES))
+endif
+
+
+# IoT Platform sources files defination
+PLATFORM_LIB		:= libiot_platform.a
+PLATFORM_LIB_COMPONENTS := \
+    $(PLATFORM_DIR)/os/$(PLATFORM_OS) \
+
+ifeq (,$(filter -DAUTH_WITH_NOTLS,$(CFLAGS)))
+	PLATFORM_LIB_COMPONENTS += \
+    $(PLATFORM_DIR)/tls/$(PLATFORM_SSL)
+endif
+
+ifneq (,$(filter -DAT_TCP_ENABLED,$(CFLAGS)))
+	PLATFORM_LIB_COMPONENTS += \
+    $(PLATFORM_DIR)/at_device/$(PLATFORM_AT_DEV)
+endif
+   
+IOTPLATFORM_SRC_FILES := \
+
+$(foreach v, \
+    $(PLATFORM_LIB_COMPONENTS), \
+    $(eval \
+    	export IOTPLATFORM_SRC_FILES += \
+    	$(wildcard $(TOP_DIR)/$(v)/*.c) \
+    ) \
+)
+
+
+# IoT Include files defination
+COMP_LIB_COMPONENTS_INCLUDES := \
+    $(EXP_INC_DIR) \
+    $(INT_INC_DIR) \
+    external_libs/mbedtls/include \
+    
+IOTSDK_INCLUDE_FILES := \
+
+$(foreach v, \
+    $(COMP_LIB_COMPONENTS_INCLUDES), \
+    $(eval \
+    	export IOTSDK_INCLUDE_FILES += \
+    	-I$(TOP_DIR)/$(v) \
+    ) \
+)
+
+$(call CompInc_Map, AT_TCP_ENABLED, \
+	 $(PLATFORM_DIR)/at_device/$(PLATFORM_AT_DEV) \
+)
+
+CFLAGS += -Werror -Wall -Wno-error=sign-compare -Wno-error=format -Os ${IOTSDK_INCLUDE_FILES}  -std=gnu99 -pthread -DFORCE_SSL_VERIFY
+
+#CFLAGS += -DMQTT_RMDUP_MSG_ENABLED
+
+include $(SCRIPT_DIR)/rules.mk
+
+ifneq (,$(filter -DSDKTESTS_ENABLED, $(CFLAGS)))
+include sdk-tests/unit_test/unit_test.mk
+include sdk-tests/multi_thread_test/multi_thread_test.mk
+endif

qcloud-iot-explorer-sdk-embedded-c/README.md

@@ -0,0 +1,59 @@
+#  腾讯云物联网开发平台设备端 C-SDK 
+腾讯云物联网开发平台（IoT Explorer）设备端 C-SDK ，配合平台对设备数据模板化的定义，实现和云端基于数据模板协议的数据交互框架，开发者基于IoT_Explorer C-SDK数据模板框架，通过脚本自动生成模板代码，快速实现设备和平台、设备和应用之间的数据交互。
+
+## IoT_Explorer C-SDK 架构
+
+#### 架构图
+
+![framework](https://main.qcloudimg.com/raw/76fc3f15c4c91ea6cf7e496f25d5d572.jpg)
+
+#### 架构说明
+
+SDK分四层设计，从上至下分别为平台服务层、核心协议层、网络层、硬件抽象层。
+
+- 服务层
+在网络协议层之上，实现了包括设备接入鉴权，设备影子，数据模板，网关，动态注册，日志上报和OTA等功能，并提供相关API接口给用户使用，关于服务层API说明，请参考doc目录文档[C-SDK_API及可变参数说明](https://github.com/tencentyun/qcloud-iot-explorer-sdk-embedded-c/blob/master/docs/C-SDK_API%E5%8F%8A%E5%8F%AF%E5%8F%98%E5%8F%82%E6%95%B0%E8%AF%B4%E6%98%8E.md)
+
+- 协议层
+设备端和IoT平台交互的网络协议包括MQTT/COAP/HTTP
+
+- 网络层
+实现基于TLS/SSL(TLS/DTLS)方式，Bsd_socket(TCP/UDP)方式和AT_socket方式的网络协议栈，不同服务可根据需要使用不同的协议栈接口函数。
+
+- 硬件抽象层
+实现对不同硬件平台的底层操作的抽象封装，需要针对具体的软硬件平台开展移植，分为必须实现和可选实现两部分HAL层接口。
+
+## SDK 目录结构简介
+
+#### 目录结构及顶层文件简介
+
+| 名称               | 说明                                                         |
+| ------------------ | ------------------------------------------------------------ |
+| CMakeLists.txt     | cmake编译描述文件                                            |
+| CMakeSettings.json | visual studio下的cmake配置文件                               |
+| cmake_build.sh     | Linux下使用cmake的编译脚本                                   |
+| make.settings      | Linux下使用Makefile直接编译的配置文件                        |
+| Makefile           | Linux下使用Makefile直接编译                                  |
+| device_info.json   | 设备信息文件，当DEBUG_DEV_INFO_USED=OFF时，将从该文件解析出设备信息 |
+| docs               | 文档目录，SDK使用说明文档。                      |
+| external_libs      | 第三方软件包组件，如mbedtls                                  |
+| samples            | 应用示例                                                     |
+| include            | 提供给用户使用的外部头文件                                   |
+| platform           | 平台相关的源码文件，目前提供了针对不同OS(Linux/Windows/FreeRTOS/nonOS)，TLS(mbedtls)以及AT模组下的实现。 |
+| sdk_src            | SDK核心通信协议及服务代码                                    |
+| tools              | SDK配套的编译及代码生成脚本工具                              |
+
+## SDK 编译方式说明
+
+C-SDK 支持三种编译方式：
+
+- cmake 方式
+- Makefile 方式
+- 代码抽取方式
+
+编译方式以及编译配置选项的详细说明请参考docs目录文档[C-SDK_Build编译环境及配置选项说明](https://github.com/tencentyun/qcloud-iot-explorer-sdk-embedded-c/blob/master/docs/C-SDK_Build%E7%BC%96%E8%AF%91%E7%8E%AF%E5%A2%83%E5%8F%8A%E9%85%8D%E7%BD%AE%E9%80%89%E9%A1%B9%E8%AF%B4%E6%98%8E.md) 
+
+## SDK 快速体验
+
+请参考docs目录文档 [IoT_Explorer开发平台快速入门](https://github.com/tencentyun/qcloud-iot-explorer-sdk-embedded-c/blob/master/docs/IoT_Explorer%E5%BC%80%E5%8F%91%E5%B9%B3%E5%8F%B0%E5%BF%AB%E9%80%9F%E5%85%A5%E9%97%A8.md)
+

qcloud-iot-explorer-sdk-embedded-c/certs/README.md

@@ -0,0 +1,3 @@
+该目录用于存放两个文件:
+    1. 客户端证书文件;
+    2. 客户端私钥文件, 该文件需与客户端证书文件一一对应。

qcloud-iot-explorer-sdk-embedded-c/cmake_build.sh

@@ -0,0 +1,58 @@
+#! /bin/bash
+
+if [ "$#" -eq "0" ]; then
+    rm -rf output
+    rm -rf build
+    echo "Build all (SDK libs and samples)"
+    mkdir -p build
+    cd build
+    cmake .. 
+    make
+    exit
+elif [ "$#" -eq "1"  -a $1 == "samples" ]; then
+    if [ ! -d "output/release/bin" ]; then
+        rm -rf output/release/bin
+    elif [ ! -d "output/debug/bin" ]; then
+        rm -rf output/debug/bin
+    else
+        echo "Output folder not found! Please build SDK first"
+        exit
+    fi
+    rm -rf build
+    echo "Build samples only"
+    mkdir -p build
+    cd build
+    cmake -DSAMPLE_ONLY=ON ..
+    make 
+    exit
+elif [ "$#" -eq "1"  -a $1 == "clean" ]; then
+    echo "Clean all (SDK lib and samples)" 
+    rm -rf output
+    rm -rf build    
+    exit
+elif [ "$#" -eq "1"  -a $1 == "code-check" ]; then
+# code-check requires clang-tidy and cpplint
+# sudo apt install clang-tidy
+# pip install cpplint
+    echo "run code check" 
+    rm -rf build
+    mkdir -p build
+    cd build
+    cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON ..
+    echo "clang-tidy check begin"
+    clang_extra_arg="-extra-arg=-I/usr/lib/gcc/x86_64-linux-gnu/5/include -extra-arg=-I/usr/lib/gcc/x86_64-linux-gnu/5/include-fixed"
+    clang_check_rules="-checks=-clang-analyzer-osx*,-clang-analyzer-security.insecureAPI.strcpy,-clang-diagnostic-missing-braces,-clang-diagnostic-varargs"
+#    ../tools/run-clang-tidy.py ${clang_extra_arg} ${clang_check_rules} >../code-check-clang-tidy.txt
+    echo "clang-tidy check end"
+    echo "cpplint check begin"
+    cd ..
+    find ./samples/ ./include/ ./sdk_src/ ./platform/ -name *.c -o -name *.h | xargs clang-format -i
+    cpplint_rules="--filter=-whitespace/line_length,-readability/casting,-build/include_subdir,-whitespace/braces,-whitespace/comments,-whitespace/blank_line,-whitespace/parens,-whitespace/semicolon,-whitespace/end_of_line,-whitespace/ending_newline,-whitespace/comma,-build/header_guard,-runtime/int,-runtime/printf,-readability/todo,-build/include_order,-build/include_what_you_use"
+    cpplint_coverage="include/ samples/ platform/ sdk_src/"
+    cpplint ${cpplint_rules} --recursive ${cpplint_coverage} &>./code-check-cpplint.txt
+    echo "cpplint check end"
+    exit
+else
+	echo "Usage: "$0"  <null for all/samples/clean/code-check>"
+	exit
+fi

qcloud-iot-explorer-sdk-embedded-c/device_info.json

@@ -0,0 +1,31 @@
+{
+    "auth_mode":"KEY",
+
+    "productId":"PRODUCT_ID",
+    "productSecret":"YOUR_PRODUCT_SECRET",
+    "deviceName":"YOUR_DEV_NAME",
+
+    "key_deviceinfo":{    
+        "deviceSecret":"YOUR_IOT_PSK"
+    },
+
+    "cert_deviceinfo":{
+        "devCertFile":"YOUR_DEVICE_CERT_FILE_NAME",
+        "devPrivateKeyFile":"YOUR_DEVICE_PRIVATE_KEY_FILE_NAME"
+    },
+
+    "subDev":{
+        "subdev_num":6,
+        "subdev_list":
+        [
+                {"sub_productId": "WPDA0S6S08", "sub_devName": "dev001"},
+                {"sub_productId": "WPDA0S6S08", "sub_devName": "dev002"},
+                {"sub_productId": "WPDA0S6S08", "sub_devName": "dev003"},
+                {"sub_productId": "Y8T6NB8DM0", "sub_devName": "test001"},
+                {"sub_productId": "Y8T6NB8DM0", "sub_devName": "test002"},
+                {"sub_productId": "Y8T6NB8DM0", "sub_devName": "test003"}               
+        ]     
+    },
+	
+    "region":"china"
+}

qcloud-iot-explorer-sdk-embedded-c/docs/C-SDK_API及可变参数说明.md

@@ -0,0 +1,151 @@
+# C-SDK API函数及可变参数说明
+
+设备端 C-SDK 供用户调用的API函数声明，常量以及可变参数定义等头文件位于include目录下面，本文档主要对该目录下面的可变参数以及API函数进行说明。
+
+## 可变参数配置
+
+C-SDK 的使用可以根据具体场景需求，配置相应的参数，满足实际业务的运行。可变接入参数包括：
+1. MQTT 阻塞调用(包括连接, 订阅, 发布等)的超时时间, 单位: 毫秒。 建议 5000 毫秒
+2. MQTT 协议发送消息和接受消息的 buffer 大小默认是 2048 字节，目前云端一条MQTT消息最大长度为 16 KB
+3. COAP 协议发送消息和接受消息的 buffer 大小默认是 512 字节，目前云端一条COAP消息最大长度为 1 KB
+4. MQTT 心跳消息发送周期, 最大值为690秒，单位: 毫秒
+5. 重连最大等待时间，单位：毫秒。设备断线重连时，若失败则等待时间会翻倍，当超过该最大等待时间则退出重连
+
+修改 include/qcloud_iot_export_variables.h 文件如下宏定义可以改变对应接入参数的配置。
+修改完需要重新编译 SDK 
+```
+/* default MQTT/CoAP timeout value when connect/pub/sub (unit: ms) */
+#define QCLOUD_IOT_MQTT_COMMAND_TIMEOUT                             (5 * 1000)
+
+/* default MQTT keep alive interval (unit: ms) */
+#define QCLOUD_IOT_MQTT_KEEP_ALIVE_INTERNAL                         (240 * 1000)
+
+/* default MQTT Tx buffer size, MAX: 16*1024 */
+#define QCLOUD_IOT_MQTT_TX_BUF_LEN                                  (2048)
+
+/* default MQTT Rx buffer size, MAX: 16*1024 */
+#define QCLOUD_IOT_MQTT_RX_BUF_LEN                                  (2048)
+
+/* default COAP Tx buffer size, MAX: 1*1024 */
+#define COAP_SENDMSG_MAX_BUFLEN                                     (512)
+
+/* default COAP Rx buffer size, MAX: 1*1024 */
+#define COAP_RECVMSG_MAX_BUFLEN                                     (512)
+
+/* MAX MQTT reconnect interval (unit: ms) */
+#define MAX_RECONNECT_WAIT_INTERVAL                                 (60 * 1000)
+```
+
+## API 函数说明
+以下是 C-SDK v3.1.0版本提供的主要功能和对应 API 接口说明，用于客户编写业务逻辑，更加详细的说明如接口参数及返回值可查看SDK代码 include/exports/qcloud_iot_export_*.h 等头文件中的注释
+
+### 1. MQTT 接口
+
+| 序号 | 函数名               | 说明                                            |
+| ---- | -------------------- | ----------------------------------------------- |
+| 1    | IOT_MQTT_Construct   | 构造 MQTTClient 并连接 MQTT 云端服务                |
+| 2    | IOT_MQTT_Destroy     | 关闭 MQTT 连接并销毁 MQTTClient                 |
+| 3    | IOT_MQTT_Yield       | 在当前线程上下文中，进行 MQTT 报文读取，消息处理，超时请求，心跳包及重连状态管理等任务 |
+| 4    | IOT_MQTT_Publish     | 发布 MQTT 消息                                  |
+| 5    | IOT_MQTT_Subscribe   | 订阅 MQTT 主题                                  |
+| 6    | IOT_MQTT_Unsubscribe | 取消订阅已订阅的 MQTT 主题                      |
+| 7    | IOT_MQTT_IsConnected | 查看当前 MQTT 是否已连接                        |
+| 8    | IOT_MQTT_GetErrCode  | 获取IOT_MQTT_Construct失败的错误码              |
+
+- 多线程环境使用说明
+SDK对于MQTT接口在多线程环境下的使用有如下注意事项：
+```
+1. 不允许多线程调用IOT_MQTT_Yield，IOT_MQTT_Construct以及IOT_MQTT_Destroy
+2. 可以多线程调用IOT_MQTT_Publish，IOT_MQTT_Subscribe及IOT_MQTT_Unsubscribe
+3. IOT_MQTT_Yield 作为从socket读取并处理MQTT报文的函数，应保证一定的执行时间，避免被长时间挂起或抢占
+```
+
+### 2. 设备影子接口
+关于设备影子功能介绍，可以参考[设备影子详情](https://cloud.tencent.com/document/product/634/11918)
+
+| 序号  | 函数名                                             | 说明                                            |
+| ---- | -------------------------------------------------- | ---------------------------------------------- |
+| 1    | IOT_Shadow_Construct                               | 构造设备影子客户端 ShadowClient，并连接 MQTT 云端服务         |
+| 2    | IOT_Shadow_Publish                                 | 影子客户端发布 MQTT 消息                                  |
+| 3    | IOT_Shadow_Subscribe                               | 影子客户端订阅 MQTT 主题                                  |
+| 4    | IOT_Shadow_Unsubscribe                             | 影子客户端取消订阅已订阅的 MQTT 主题                         |
+| 5    | IOT_Shadow_IsConnected                             | 查看当前影子客户端的 MQTT 是否已连接                       |
+| 6    | IOT_Shadow_Destroy                                 | 关闭 Shadow MQTT 连接并销毁 ShadowClient              |
+| 7    | IOT_Shadow_Yield                                   | 在当前线程上下文中，进行 MQTT 报文读取，消息处理，超时请求，心跳包及重连状态管理等任务  |
+| 8    | IOT_Shadow_Update                                  | 异步更新设备影子文档                              |
+| 9    | IOT_Shadow_Update_Sync                             | 同步方式更新设备影子文档                           |
+| 10   | IOT_Shadow_Get                                     | 异步方式获取设备影子文档                           |
+| 11   | IOT_Shadow_Get_Sync                                | 同步方式获取设备影子文档                           |
+| 12   | IOT_Shadow_Register_Property                       | 注册当前设备的设备属性                             |
+| 13   | IOT_Shadow_UnRegister_Property                     | 删除已经注册过的设备属性                           |
+| 14   | IOT_Shadow_JSON_ConstructReport                    | 在JSON文档中添加reported字段，不覆盖更新            |
+| 15   | IOT_Shadow_JSON_Construct_OverwriteReport          | 在JSON文档中添加reported字段，覆盖更新              |
+| 16   | IOT_Shadow_JSON_ConstructReportAndDesireAllNull    | 在JSON文档中添加reported字段，同时清空desired字段   |
+| 17   | IOT_Shadow_JSON_ConstructDesireAllNull             | 在JSON文档中添加 "desired": null 字段             |
+
+### 3. CoAP 接口
+
+| 序号 | 函数名                       | 说明                                                |
+| ---- | ---------------------------- | ------------------------------------------------- |
+| 1    | IOT_COAP_Construct           | 构造 CoAPClient 并完成 CoAP 连接                   |
+| 2    | IOT_COAP_Destroy             | 关闭 CoAP 连接并销毁 CoAPClient                    |
+| 3    | IOT_COAP_Yield               | 在当前线程上下文中，进行 CoAP 报文读取和消息处理等任务      |
+| 4    | IOT_COAP_SendMessage         | 发布 CoAP 消息                                    |
+| 5    | IOT_COAP_GetMessageId        | 获取 COAP Response 消息 msgId                     |
+| 6    | IOT_COAP_GetMessagePayload   | 获取 COAP Response 消息内容                        |
+| 7    | IOT_COAP_GetMessageCode      | 获取 COAP Response 消息错误码                      |
+
+### 4. OTA 接口
+关于 OTA 固件下载功能介绍，可以参考[设备固件升级](https://cloud.tencent.com/document/product/634/14674)
+
+| 序号  | 函数名                        | 说明                                              |
+| ---- | ---------------------------- | ------------------------------------------------- |
+| 1    | IOT_OTA_Init                 | 初始化 OTA 模块，客户端在调用此接口之前需要先进行 MQTT/COAP 的初始化     |
+| 2    | IOT_OTA_Destroy              | 释放 OTA 模块相关的资源                              |
+| 3    | IOT_OTA_ReportVersion        | 向 OTA 服务器报告本地固件版本信息                         |
+| 4    | IOT_OTA_IsFetching           | 检查是否处于下载固件的状态                            |
+| 5    | IOT_OTA_IsFetchFinish        | 检查固件是否已经下载完成                              |
+| 6    | IOT_OTA_FetchYield           | 从具有特定超时值的远程服务器获取固件                    |
+| 7    | IOT_OTA_Ioctl                | 获取指定的 OTA 信息                                 |
+| 8    | IOT_OTA_GetLastError         | 获取最后一个错误代码                                 |
+| 9    | IOT_OTA_StartDownload        | 根据获取到的固件更新地址以及本地固件信息偏移（是否断点续传），与固件服务器建立http连接     |
+| 10   | IOT_OTA_UpdateClientMd5      | 断点续传前，计算本地固件的MD5                              |
+| 11   | IOT_OTA_ReportUpgradeBegin   | 当进行固件升级前，向服务器上报即将升级的状态   |
+| 12   | IOT_OTA_ReportUpgradeSuccess | 当固件升级成功之后，向服务器上报升级成功的状态                         |
+| 13   | IOT_OTA_ReportUpgradeFail    | 当固件升级失败之后，向服务器上报升级失败的状态        |
+
+### 5. 日志接口
+设备日志上报云端功能的详细说明可以参考SDK docs目录下物联网通信平台文档设备日志上报功能部分
+
+| 序号 | 函数名                     | 说明                                          |
+| ---- | -------------------------- | --------------------------------------------- |
+| 1    | IOT_Log_Set_Level          | 设置 SDK 日志的打印等级                            |
+| 2    | IOT_Log_Get_Level          | 返回 SDK 日志打印的等级                            |
+| 3    | IOT_Log_Set_MessageHandler | 设置日志回调函数，重定向 SDK 日志于其它输出方式  |
+| 4    | IOT_Log_Init_Uploader      | 开启 SDK 日志上报云端的功能并初始化资源                |
+| 5    | IOT_Log_Fini_Uploader      | 停止 SDK 日志上报云端功能并释放资源                      |
+| 6    | IOT_Log_Upload             | 将 SDK 运行日志上报到云端                         |
+| 7    | IOT_Log_Set_Upload_Level   | 设置 SDK 日志的上报等级                            |
+| 8    | IOT_Log_Get_Upload_Level   | 返回 SDK 日志上报的等级                            |
+| 9    | Log_d/i/w/e                | 按级别打印添加 SDK 日志的接口                         |
+
+### 6. 系统时间接口
+
+| 序号  | 函数名                      | 说明                                              |
+| ---- | ---------------------------- | ------------------------------------------------- |
+| 1    | IOT_Get_SysTime              | 获取 IoT hub 后台系统时间，目前仅支持 MQTT 通道对时功能 |
+
+### 7. 网关功能接口
+关于网关功能介绍，可以参考SDK docs目录下物联网通信平台文档网关产品部分
+
+| 序号 | 函数名                       | 说明                                                |
+| ---- | ---------------------------- | ------------------------------------------------- |
+| 1    | IOT_Gateway_Construct        | 构造 Gateway client 并完成 MQTT 连接                   |
+| 2    | IOT_Gateway_Destroy          | 关闭 MQTT 连接并销毁 Gateway client                    |
+| 3    | IOT_Gateway_Subdev_Online    | 子设备上线              |
+| 4    | IOT_Gateway_Subdev_Offline   | 子设备下线                                    |
+| 3    | IOT_Gateway_Yield            | 在当前线程上下文中，进行 MQTT 报文读取，消息处理，超时请求，心跳包及重连状态管理等任务 |
+| 4    | IOT_Gateway_Publish          | 发布 MQTT 消息                                  |
+| 5    | IOT_Gateway_Subscribe        | 订阅 MQTT 主题                                  |
+| 6    | IOT_Gateway_Unsubscribe      | 取消订阅已订阅的 MQTT 主题                      |
+

qcloud-iot-explorer-sdk-embedded-c/docs/C-SDK_Build编译环境及配置选项说明.md

@@ -0,0 +1,189 @@
+# C-SDK 编译方式及配置选项说明
+
+本文档对C-SDK 的编译方式和编译配置选项进行说明，并介绍了 Linux和Windows 开发环境下面的编译环境搭建以及编译示例。
+
+## C-SDK 编译方式说明
+
+C-SDK 支持三种编译方式
+
+#### 1. cmake 方式
+
+推荐使用cmake作为跨平台的编译工具，支持在Linux和Windows开发环境下进行编译。
+cmake方式采用CMakeLists.txt作为编译配置选项输入文件
+
+#### 2. Makefile 方式
+
+对不支持cmake的环境，使用Makefile直接编译的方式，该方式与SDK v3.0.3及之前的版本保持一致，采用make.settings作为编译配置选项输入文件，修改完成后执行make即可
+
+#### 3. 代码抽取方式
+
+该方式可根据需求选择功能，将相关代码抽取到一个单独的文件夹，文件夹里面的代码层次目录简洁，方便用户拷贝集成到自己的开发环境。
+该方式需要依赖cmake工具，在CMakeLists.txt中配置相关功能模块的开关，并将EXTRACT_SRC置为ON，Linux环境运行以下命令
+```
+mkdir build
+cd build
+cmake ..
+```
+即可在output/qcloud_iot_c_sdk中找到相关代码文件，目录层次如下：
+```
+ qcloud_iot_c_sdk
+ ├── include
+ │   ├── config.h
+ │   ├── exports
+ ├── platform
+ └── sdk_src
+     └── internal_inc
+```
+include目录为SDK供用户使用的API及可变参数，其中config.h为根据编译选项生成的编译宏。API具体介绍请参考**C-SDK_API及可变参数说明**。
+platform目录为平台相关的代码，可根据设备的具体情况进行修改适配。具体的函数说明请参考文档**C-SDK_Porting跨平台移植概述**
+sdk_src为SDK的核心逻辑及协议相关代码，一般不需要修改，其中internal_inc为SDK内部使用的头文件。
+
+用户可将qcloud_iot_c_sdk拷贝到其目标平台的编译开发环境，并根据具体情况修改编译选项。
+
+## C-SDK 编译选项说明
+
+#### 1. 编译配置选项
+以下配置选项大部分都适用于cmake和make.setting。cmake中的ON值对应于make.setting的y，OFF对应于n。
+
+| 名称                             | cmake值            | 说明                                                         |
+| :------------------------------- | ------------- | ------------------------------------------------------------ |
+| BUILD_TYPE                       | release/debug | release：不启用IOT_DEBUG信息，编译输出到release目录下<br />debug：启用IOT_DEBUG信息，编译输出到debug目录下 |
+| EXTRACT_SRC                      | ON/OFF        | 代码抽取功能开关，仅对使用cmake有效                                             |
+| COMPILE_TOOLS                    | gcc           | 支持gcc和msvc，也可以是交叉编译器比如arm-none-linux-gnueabi-gcc |
+| PLATFORM                         | linux         | 包括linux/windows/freertos/nonos                             |
+| FEATURE_MQTT_COMM_ENABLED        | ON/OFF        | MQTT通道总开关                                               |
+| FEATURE_MQTT_DEVICE_SHADOW       | ON/OFF        | 设备影子总开关                                               |
+| FEATURE_COAP_COMM_ENABLED        | ON/OFF        | CoAP通道总开关                                               |
+| FEATURE_GATEWAY_ENABLED          | ON/OFF        | 网关功能总开关                                               |
+| FEATURE_OTA_COMM_ENABLED         | ON/OFF        | OTA固件升级总开关                                            |
+| FEATURE_OTA_SIGNAL_CHANNEL       | MQTT/COAP     | OTA信令通道类型                                              |
+| FEATURE_AUTH_MODE                | KEY/CERT      | 接入认证方式                                                 |
+| FEATURE_AUTH_WITH_NOTLS          | ON/OFF        | OFF: TLS使能, ON: TLS关闭                                    |
+| FEATURE_DEV_DYN_REG_ENABLED      | ON/OFF        | 设备动态注册开关                                             |
+| FEATURE_LOG_UPLOAD_ENABLED       | ON/OFF        | 日志上报开关                                                 |
+| FEATURE_EVENT_POST_ENABLED       | ON/OFF        | 事件上报开关                                                 |
+| FEATURE_DEBUG_DEV_INFO_USED      | ON/OFF        | 设备信息获取来源开关                                         |
+| FEATURE_SYSTEM_COMM_ENABLED      | ON/OFF        | 获取后台时间开关                                             |
+| FEATURE_AT_TCP_ENABLED           | ON/OFF        | AT模组TCP功能开关                                            |
+| FEATURE_AT_UART_RECV_IRQ         | ON/OFF        | AT模组中断接受功能开关                                       |
+| FEATURE_AT_OS_USED               | ON/OFF        | AT模组多线程功能开关                                         |
+| FEATURE_AT_DEBUG                 | ON/OFF        | AT模组调试功能开关                                           |
+| FEATURE_MULTITHREAD_TEST_ENABLED | ON/OFF        | 是否编译Linux多线程测试例程                                  |
+
+配置选项之间存在依赖关系，当依赖选项的值为有效值时，部分配置选项才有效，主要如下：
+
+| 名称                             | 依赖选项                                                | 有效值       |
+| :------------------------------- | ------------------------------------------------------- | ------------ |
+| FEATURE_MQTT_DEVICE_SHADOW       | FEATURE_MQTT_COMM_ENABLED                               | ON           |
+| FEATURE_GATEWAY_ENABLED          | FEATURE_MQTT_COMM_ENABLED                               | ON             |
+| FEATURE_OTA_SIGNAL_CHANNEL(MQTT) | FEATURE_OTA_COMM_ENABLED<br />FEATURE_MQTT_COMM_ENABLED | ON<br />ON   |
+| FEATURE_OTA_SIGNAL_CHANNEL(COAP) | FEATURE_OTA_COMM_ENABLED<br />FEATURE_COAP_COMM_ENABLED | ON<br />ON   |
+| FEATURE_AUTH_WITH_NOTLS          | FEATURE_AUTH_MODE                                       | KEY          |
+| FEATURE_AT_UART_RECV_IRQ         | FEATURE_AT_TCP_ENABLED                                  | ON           |
+| FEATURE_AT_OS_USED               | FEATURE_AT_TCP_ENABLED                                  | ON           |
+| FEATURE_AT_DEBUG                 | FEATURE_AT_TCP_ENABLED                                  | ON           |
+
+#### 2. 设备信息选项
+
+在腾讯云物联控制台创建设备之后，需要将设备信息（ProductID/DeviceName/DeviceSecret/Cert/Key文件）配置在SDK中才能正确运行。在开发阶段，SDK 提供两种方式存储设备信息：
+1. 存放在代码中（编译选项DEBUG_DEV_INFO_USED = ON），则在`platform/os/xxx/HAL_Device_xxx.c`中修改设备信息，在无文件系统的平台下可以使用这种方式。
+2. 存放在配置文件中（编译选项DEBUG_DEV_INFO_USED = OFF），则在`device_info.json`文件修改设备信息，此方式下更改设备信息不需重新编译SDK，在Linux/Windows平台下开发推荐使用这种方式。
+
+
+## C-SDK 编译环境
+
+### Linux(Ubuntu)环境
+
+本文使用Ubuntu的版本为14.04或16.04
+
+1. 必要软件安装
+```
+$ sudo apt-get install -y build-essential make git gcc cmake
+```
+  SDK需要cmake版本在3.5以上，默认安装的cmake版本较低，可以参考如下链接进行cmake特定版本的下载与安装
+  下载链接：https://cmake.org/download/
+  安装参考：https://gitlab.kitware.com/cmake/cmake
+
+
+2. 配置修改
+修改CMakeLists.txt确保以下选项存在(以密钥认证设备为例)
+```
+set(BUILD_TYPE                   "release")
+set(COMPILE_TOOLS                "gcc") 
+set(PLATFORM 	                "linux")
+set(FEATURE_MQTT_COMM_ENABLED ON)
+set(FEATURE_AUTH_MODE "KEY")
+set(FEATURE_AUTH_WITH_NOTLS OFF)
+set(FEATURE_DEBUG_DEV_INFO_USED  OFF)  
+```
+
+3.  执行脚本编译
+完整编译库和示例
+```
+./cmake_build.sh 
+```
+输出的库文件，头文件及示例在`output/release`文件夹中。
+在一次完整编译之后，若只需要编译示例，则执行
+```
+./cmake_build.sh samples
+```
+
+4. 填写设备信息
+将在腾讯云物联网平台创建的设备的设备信息(以**密钥认证设备**为例)填写到device_info.json中，如：
+```
+"auth_mode":"KEY",	
+"productId":"S3EUVBRJLB",
+"deviceName":"test_device",	
+"key_deviceinfo":{    
+    "deviceSecret":"vX6PQqazsGsMyf5SMfs6OA6y"
+}
+```
+
+5. 运行示例
+示例输出位于`output/release/bin`文件夹中，比如运行data_template_sample示例，输入`./output/release/bin/data_template_sample`即可。
+
+
+### Windows环境
+
+#### 获取和安装Visio Studio 2019开发环境
+
+请访问[Visual Studio下载网站](https://visualstudio.microsoft.com/zh-hans/downloads/)，下载并安装Visio Studio 2019，本文档下载安装的是16.2版本 Community。
+
+![](https://main.qcloudimg.com/raw/730f793e3166db859682cdbfd0c7181f.jpg)
+
+然后选择**使用C++的桌面开发**，并确保勾选**用于Windows的C++ CMAKE工具**：
+
+![](https://main.qcloudimg.com/raw/89a63cb6ae5231a66b17e80acac37267.jpg)
+
+#### 编译并运行
+
+1. 运行visual studio，选择**打开本地文件夹**，并选择下载的C SDK目录。
+
+   ![](https://main.qcloudimg.com/raw/f0c65e7c5ce13ca13b967c178c0449c6.jpg)
+
+2. [修改用户信息]()
+
+3. 双击打开根目录的CMakeLists.txt，并确认编译工具链中设置的平台为**windows**和编译工具为**MSVC**（其他配置选项请参考[cmake编译配置与代码抽取]()）。
+
+   ![](https://main.qcloudimg.com/raw/8a16723698646a2dca5ab08a57927304.jpg)
+
+   ```cmake
+   # 编译工具链
+   #set(COMPILE_TOOLS "gcc") 
+   #set(PLATFORM 	  "linux")
+    
+   set(COMPILE_TOOLS "MSVC") 
+   set(PLATFORM 	  "windows") 
+   ```
+
+4. visual studio会自动生成cmake缓存，请等待cmake缓存生成完毕。
+
+   ![](https://main.qcloudimg.com/raw/633bf217afc2d52e92618a90bd7d9da0.jpg)
+
+5. 缓存生成完毕后，点击**生成->全部生成**。
+
+![](https://main.qcloudimg.com/raw/f85d2435c49a802eedd87b751408ecce.jpg)
+
+6. 选择相应的示例运行，示例应与用户信息相对应。
+
+   ![](https://main.qcloudimg.com/raw/a0f2bacc0d31d2da9d327d5c855655a3.jpg)

qcloud-iot-explorer-sdk-embedded-c/docs/C-SDK_Porting跨平台移植概述.md

@@ -0,0 +1,106 @@
+## C-SDK跨平台移植
+
+本文档介绍如何将设备端 C-SDK 移植到目标硬件平台。C-SDK 采用模块化设计，分离核心协议服务与硬件抽象层，在进行跨平台移植时，一般只需要对硬件抽象层进行修改适配就可以。
+
+## C-SDK 架构
+
+#### 架构图
+
+![framework](https://main.qcloudimg.com/raw/76fc3f15c4c91ea6cf7e496f25d5d572.jpg)
+
+#### 架构说明
+
+SDK分四层设计，从上至下分别为平台服务层、核心协议层、网络层、硬件抽象层。
+
+- 服务层
+在网络协议层之上，实现了包括设备接入鉴权，设备影子，数据模板，网关，动态注册，日志上报和OTA等功能，并提供相关API接口给用户使用，关于服务层API说明，请参考文档[C-SDK_API及可变参数说明]()
+
+- 协议层
+设备端和IoT平台交互的网络协议包括MQTT/COAP/HTTP
+
+- 网络层
+实现基于TLS/SSL(TLS/DTLS)方式，POSIX_socket(TCP/UDP)方式和AT_socket方式的网络协议栈，不同服务可根据需要使用不同的协议栈接口函数。
+
+- 硬件抽象层
+实现对不同硬件平台的底层操作的抽象封装，需要针对具体的软硬件平台开展移植，分为必须实现和可选实现两部分HAL层接口。
+
+## 硬件抽象层移植
+
+HAL层主要有几大块的移植，分别是OS相关的、网络及TLS相关的、时间及打印相关的、设备信息相关的。
+SDK在 **platform/os** 目录示例了Linux、Windows、FreeRTOS及nonOS四个场景的硬件抽象层实现，可以参考最相近的目录展开目标平台的移植。
+
+#### OS相关接口
+
+| 序号 | 函数名                 | 说明                                       |
+| ---- | ---------------------- | ------------------------------------------ |
+| 1    | HAL_Malloc             | 动态申请内存块     |
+| 2    | HAL_Free               | 释放内存块                              |
+| 3   | HAL_ThreadCreate        | 线程创建                                |
+| 4   | HAL_ThreadDestroy        | 线程销毁                               |
+| 5   | HAL_MutexCreate        | 创建互斥锁                               |
+| 6   | HAL_MutexDestroy       | 销毁互斥锁                               |
+| 7   | HAL_MutexLock          | mutex 加锁                               |
+| 8   | HAL_MutexUnlock        | mutex 解锁                               |
+| 9   | HAL_SemaphoreCreate        | 创建信号量                               |
+| 10   | HAL_SemaphoreDestroy        | 销毁信号量                               |
+| 11   | HAL_SemaphoreWait        | 等待信号量                               |
+| 12   | HAL_SemaphorePost        | 释放信号量                               |
+| 13    | HAL_SleepMs            | 休眠                                     |
+
+#### 网络及TLS相关的HAL接口
+
+网络相关接口提供二选一的适配移植。对于具备网络通讯能力并且本身集成TCP/IP网络协议栈的设备，需要实现BSD_socket的网络HAL接口，使用TLS/SSL加密通讯的还需要实现TLS相关的HAL接口。而对于[MCU+通用TCP_AT模组]()的设备，则可以选择SDK提供的AT_Socket框架，并实现相关的AT模组接口。
+
+##### 基于BSD_socket的HAL接口
+
+其中TCP/UDP相关接口基于POSIX socket函数实现。TLS相关接口依赖于 **mbedtls** 库，移植之前必须确保系统上有可用的**mbedtls**库。如果采用其他TLS/SSL库，可参考**platform/tls/mbedtls**相关实现进行移植适配。
+UDP/DTLS 相关的函数仅在使能 **COAP** 通讯的时候才需要移植。
+
+| 序号 | 函数名                 | 说明                                       |
+| ---- | ---------------------- | ------------------------------------------ |
+| 1    | HAL_TCP_Connect               | 建立 TCP 连接                              |
+| 2    | HAL_TCP_Disconnect             | 断开 TCP 连接 |
+| 3   | HAL_TCP_Write        | TCP 写                                |
+| 4   | HAL_TCP_Read        | TCP 读                               |
+| 5   | HAL_TLS_Connect        | 建立 TLS 连接              |
+| 6   | HAL_TLS_Disconnect     | 断开 TLS 连接                            |
+| 7   | HAL_TLS_Write          | TLS 写                   |
+| 8   | HAL_TLS_Read           | TLS 读                  |
+| 9    | HAL_UDP_Connect               | 建立 TCP 连接                              |
+| 10    | HAL_UDP_Disconnect             | 断开 TCP 连接 |
+| 11  | HAL_UDP_Write        | UDP 写                                |
+| 12   | HAL_UDP_Read        | UPD 读                               |
+| 13   | HAL_DTLS_Connect        | 建立 DTLS 连接              |
+| 14   | HAL_DTLS_Disconnect     | 断开 DTLS 连接                            |
+| 15   | HAL_DTLS_Write          | DTLS 写                   |
+| 16   | HAL_DTLS_Read           | DTLS 读                  |
+
+##### 基于AT_socket的HAL接口
+通过使能编译宏**AT_TCP_ENABLED**选择AT_socket, 则SDK会调用 network_at_tcp.c 的at_socket接口，at_socket层不需要移植，需要实现AT串口驱动及AT模组驱动，AT模组驱动只需要实现AT框架中at_device的驱动结构体 *at_device_op_t* 的驱动接口即可，可以参照at_device目录下的已支持的模组。AT串口驱动需要实现串口的中断接收，然后在中断服务程序中调用回调函数 *at_client_uart_rx_isr_cb* 即可，可以参考 HAL_AT_UART_freertos.c 实现目标平台的移植。
+
+| 序号 | 函数名                 | 说明                                       |
+| ---- | ---------------------- | ------------------------------------------ |
+| 1    | HAL_AT_Uart_Init               |初始化 AT串口                           |
+| 2    | HAL_AT_Uart_Deinit             | 去初始化 AT串口 |
+| 3   | HAL_AT_Uart_Send        | AT串口发送数据                                |
+| 4   | HAL_AT_UART_IRQHandler        | AT串口接收中断服务程序                               |
+
+
+#### 时间及打印相关的HAL接口
+
+| 序号 | 函数名                 | 说明                                       |
+| ---- | ---------------------- | ------------------------------------------ |
+| 1    | HAL_Printf             | 将格式化的数据写入标准输出流中          |
+| 2    | HAL_Snprintf           | 将格式化的数据写入字符串                 |
+| 3    | HAL_UptimeMs           | 检索自系统启动以来已运行的毫秒数         |
+| 4    | HAL_DelayMs           | 阻塞延时，单位毫秒         |
+
+#### 设备信息相关的HAL接口
+
+接入IoT平台需要在平台创建产品和设备信息，同时需要将产品及设备信息保存在设备侧的非易失存储介质。可以参考 platform/os/linux/HAL_Device_linux.c示例实现。
+
+| 序号 | 函数名                 | 说明                                       |
+| ---- | ---------------------- | ------------------------------------------ |
+| 1    | HAL_GetDevInfo             | 设备信息读取          |
+| 2    | HAL_SetDevInfo           | 设备信息保存                     |
+

qcloud-iot-explorer-sdk-embedded-c/docs/Device_Auth设备接入认证.md

@@ -0,0 +1,133 @@
+## 概述
+
+腾讯云物联网平台为每个创建的产品分配唯一标识 ProductID，用户可以自定义 DeviceName 标识设备，用产品标识 + 设备标识 + 设备证书/密钥来验证设备的合法性。用户在创建产品时需要选择设备认证方式，在设备接入时需要根据指定的方式上报产品、设备信息与对应的密钥信息，认证通过后才能连接物联网通信平台。由于不同用户的设备端资源、安全等级要求都不同，平台提供了多种认证方案，以满足不同的使用场景。
+
+物联网平台提供以下三种认证方案：
+- 证书认证（设备级）：为每台设备分配证书 + 私钥，使用非对称加密认证接入，用户需要为每台设备烧录不同的配置信息。
+- 密钥认证（设备级）：为每台设备分配设备密钥，使用对称加密认证接入，用户需要为每台设备烧录不同的配置信息。
+- 动态注册认证（产品级）：为同一产品下的所有设备分配统一密钥，设备通过注册请求获取设备证书/密钥后认证接入，用户可以为同一批设备烧录相同的配置信息。IoT Explorer平台暂不支持动态注册认证。
+
+三种方案在易用性、安全性和对设备资源要求上各有优劣，您可以根据自己的业务场景综合评估选择。方案对比如下：
+
+| 特性 | 证书认证 |密钥认证| 动态注册认证|
+|--------|--------|--------|--------|
+|  设备烧录信息    | ProductId、DeviceName、<br>设备证书、设备私钥| ProductId、DeviceName、设备密钥      |ProductId、DeviceName、ProductSecret|
+|  是否需要提前创建设备     |   必须|  必须     |支持根据注册请求中携带的 DeviceName 自动创建|
+|  安全性     |     高 |  一般     | 一般 |
+|  使用限制      |    单产品下最多创建20万设备|   单产品下最多创建20万设备     | 单产品下最多创建20万设备，用户可自定义通过注册请求自动创建的设备数上限|
+|  设备资源要求     |    较高，需要支持 TLS|  较低     |较低，支持 AES 即可|
+
+## 设备身份信息
+ - 证书设备要通过平台的安全认证，必须具备四元组信息：产品 ID（ProductId）、设备名（DeviceName）、设备证书文件（DeviceCert）、设备私钥文件（DevicePrivateKey），其中证书文件和私钥文件由平台生成，且一一对应。
+ - 密钥设备要通过平台的安全认证，必须具备三元组信息：产品 ID（ProductId）、设备名（DeviceName）、设备密钥（DeviceSecret），其中设备密钥由平台生成。
+
+## 设备身份信息烧录
+- 创建产品后，在物联网开发平台 [控制台](https://console.cloud.tencent.com/iotexplorer) 或者通过 [云 API](https://cloud.tencent.com/document/product/1081/37178) 创建设备，并获取对应的设备信息，将上述的四元组或者三元组信息，在设备生产的特定环节，烧录到非易失介质中，设备 SDK 运行时读取存放的设备信息，进行设备认证。
+
+- SDK提供了设备信息读写的HAL接口，必须实现。可以参考linux平台HAL_Device_linux.c中设备信息读写的实现。
+
+- 设备信息HAL接口 ：
+
+| HAL_API                            | 说明                                 |
+| -----------------------------------| ----------------------------------  |
+| HAL_SetDevInfo                  	| 设备信息写入    |
+| HAL_GetDevInfo                   	| 设备信息读取    |
+
+## 开发阶段设备信息配置
+
+创建设备之后，需要将设备信息（ProductID/DeviceName/DeviceSecret/Cert/Key文件）配置在SDK中才能正确运行示例。在开发阶段，SDK 提供两种方式存储设备信息：
+1. 存放在代码中（编译选项DEBUG_DEV_INFO_USED = ON），则在`platform/os/xxx/HAL_Device_xxx.c`中修改设备信息，在无文件系统的平台下可以使用这种方式。
+```
+/* product Id  */
+static char sg_product_id[MAX_SIZE_OF_PRODUCT_ID + 1]	 = "PRODUCT_ID";
+
+/* device name */
+static char sg_device_name[MAX_SIZE_OF_DEVICE_NAME + 1]  = "YOUR_DEV_NAME";
+
+#ifdef DEV_DYN_REG_ENABLED
+/* product secret for device dynamic Registration  */
+static char sg_product_secret[MAX_SIZE_OF_PRODUCT_SECRET + 1]  = "YOUR_PRODUCT_SECRET";
+#endif
+
+#ifdef AUTH_MODE_CERT
+/* public cert file name of certificate device */
+static char sg_device_cert_file_name[MAX_SIZE_OF_DEVICE_CERT_FILE_NAME + 1]      = "YOUR_DEVICE_NAME_cert.crt";
+/* private key file name of certificate device */
+static char sg_device_privatekey_file_name[MAX_SIZE_OF_DEVICE_SECRET_FILE_NAME + 1] = "YOUR_DEVICE_NAME_private.key";
+#else
+/* device secret of PSK device */
+static char sg_device_secret[MAX_SIZE_OF_DEVICE_SECRET + 1] = "YOUR_IOT_PSK";
+#endif
+```
+
+2. 存放在配置文件中（编译选项DEBUG_DEV_INFO_USED = OFF），则在`device_info.json`文件修改设备信息，此方式下更改设备信息不需重新编译SDK，在Linux/Windows平台下开发推荐使用这种方式。
+```
+{
+    "auth_mode":"KEY/CERT",
+
+    "productId":"PRODUCT_ID",
+    "productSecret":"YOUR_PRODUCT_SECRET",
+    "deviceName":"YOUR_DEV_NAME",
+
+    "key_deviceinfo":{    
+        "deviceSecret":"YOUR_IOT_PSK"
+    },
+
+    "cert_deviceinfo":{
+        "devCertFile":"YOUR_DEVICE_CERT_FILE_NAME",
+        "devPrivateKeyFile":"YOUR_DEVICE_PRIVATE_KEY_FILE_NAME"
+    },
+
+    "subDev":{
+        "sub_productId":"YOUR_SUBDEV_PRODUCT_ID",
+        "sub_devName":"YOUR_SUBDEV_DEVICE_NAME"
+    }
+}
+```
+
+##  应用示例
+-  初始化连接参数
+
+```
+static DeviceInfo sg_devInfo;
+
+static int _setup_connect_init_params(MQTTInitParams* initParams)
+{
+	int ret;
+	
+	ret = HAL_GetDevInfo((void *)&sg_devInfo);	
+	if(QCLOUD_RET_SUCCESS != ret){
+		return ret;
+	}
+		
+	initParams->device_name = sg_devInfo.device_name;
+	initParams->product_id = sg_devInfo.product_id;
+	 ......
+}	
+```
+
+
+-  密钥设备鉴权参数生成
+
+```
+static int _serialize_connect_packet(unsigned char *buf, size_t buf_len, MQTTConnectParams *options, uint32_t *serialized_len) {
+			......
+			......
+    int username_len = strlen(options->client_id) + strlen(QCLOUD_IOT_DEVICE_SDK_APPID) + MAX_CONN_ID_LEN + cur_timesec_len + 4;
+    options->username = (char*)HAL_Malloc(username_len);
+    get_next_conn_id(options->conn_id);
+	HAL_Snprintf(options->username, username_len, "%s;%s;%s;%ld", options->client_id, QCLOUD_IOT_DEVICE_SDK_APPID, options->conn_id, cur_timesec);
+
+#if defined(AUTH_WITH_NOTLS) && defined(AUTH_MODE_KEY)
+     if (options->device_secret != NULL && options->username != NULL) {
+    	 char                sign[41]   = {0};
+    	 utils_hmac_sha1(options->username, strlen(options->username), sign, options->device_secret, options->device_secret_len);
+    	 options->password = (char*) HAL_Malloc (51);
+    	 if (options->password == NULL) IOT_FUNC_EXIT_RC(QCLOUD_ERR_INVAL);
+		 HAL_Snprintf(options->password, 51, "%s;hmacsha1", sign);
+     }
+#endif
+			......
+}
+```
+

qcloud-iot-explorer-sdk-embedded-c/docs/Device_Type设备类型说明.md

@@ -0,0 +1,29 @@
+# 设备联网类型说明
+本文对连接腾讯云物联网平台(下文以 IoT Explorer 为例)的设备类型进行说明，并阐明各设备类型如何移植C-SDK。
+
+## IoT设备联网类型
+IoT设备首先得具备接入网络的能力，接入网络必须要有TCP/IP协议栈，从TCP/IP协议栈承载的载体区分，IoT设备分为如下三类:
+
+**类型一**: TCP/IP协议栈跑在主芯片上，主芯片的处理能力和资源较丰富，譬如路由器，本文称作 资源丰富类 IoT设备。
+
+![soc](https://main.qcloudimg.com/raw/b8b8c257ff2a0862fccee025ac361883.jpg)
+
+**类型二**: TCP/IP协议栈跑在通信模组上，主芯片处理能力和资源特别有限，譬如STM32F103系列，本文称作 资源受限类 IoT设备。
+![mcu+module](https://main.qcloudimg.com/raw/aa148085175ebc615c4bc6fa3e483188.jpg)
+
+**类型三**: TCP/IP协议栈跑在网关上，设备本身并不能直接接入网络，通过有线(485/CAN等)或无线(Ble/ZigBee等)的方式和网关交互，网关(设备类型一或设备类型二)再将数据转发到服务端，这类设备本文称作区域通信类设备。
+![lan](https://main.qcloudimg.com/raw/31fa38d9eb941fc48041ae18ca1860f6.jpg)
+
+
+## 不同联网类型的设备接入方式
+
+### 资源丰富类设备接入
+C-SDK可以在 Linux 和 Windows 环境直接编译并运行示例，请参照[C-SDK_Build编译环境及配置选项说明]()说明。针对常见的FreeRTOS+lwIP的场景，我们也提供了HAL层的示例实现。具体参见[FreeRTOS+lwIP平台移植说明]()。
+
+### 资源受限类设备接入
+资源受限类设备，借助于通信模组实现网络访问，即MCU+模组方式。模组一般是蜂窝模组(2/3/4/5G)或者WIFI模组，市面可选的模组非常之多，各家的AT指令也各不一样，为此我们提供两种方式实现平台接入。
+- 一种是基于SDK提供的AT_Socket框架，基于模组的通用TCP指令，参照at_device目录下的已支持的模组，实现AT_Device驱动的结构体**at_device_op_t**实现对应的驱动接口即可，具体参见[MCU+通用TCP_AT模组移植]()。
+-  另一种方式是，我们和主流的模组厂商做了深度合作，将SDK的核心协议已移植到模组中，模组对外封装统一的腾讯云AT指令，同时我们对MCU提供实现和定制模组交互的SDK，，具体参见[MCU+腾讯云定制AT模组]()。
+
+### 区域通信类设备接入
+对于区域通信类设备，网关需要实现SDK的移植，SDK针对网关提供对应的协议逻辑代理子设备上线、下线及协议数据交互，网关实现和子设备通信方式和数据格式可根据场景定义，网关将子设备数据及平台下行数据做响应转换后实现上传下达。网关设备归属于类型一或类型二设备，可以对应参照实现SDK移植。

qcloud-iot-explorer-sdk-embedded-c/docs/FreeRTOS+lwIP平台移植说明.md

@@ -0,0 +1,69 @@
+# 文档说明
+本文档介绍如何将腾讯云物联 C-SDK 移植到**FreeRTOS+lwIP** 平台。
+
+## FreeRTOS移植简介
+FreeRTOS作为一个微内核系统，主要提供任务创建及调度和任务间通信等OS核心机制，在不同设备平台还需要搭配多个软件组件包括C运行库（如newlib或者ARM CMSIS库）和TCP/IP网络协议栈（如lwIP）才能形成完整的嵌入式运行平台。同时各个设备平台的编译开发环境也各不相同，因此在移植C-SDK的时候，需要根据不同设备的具体情况进行适配。
+SDK 在**platform/os/freertos**里面提供了一个基于 **FreeRTOS+lwIP+newlib** 的参考实现，该实现已经在乐鑫ESP8266平台上验证测试过。
+
+## 从腾讯云物联 C-SDK 中抽取相关代码
+
+因为基于RTOS系统的平台编译方式各不相同，一般无法直接使用SDK 的cmake或者make编译，因此SDK提供了代码抽取功能，可根据需要将相关代码抽取到一个单独的文件夹，文件夹里面的代码层次目录简洁，方便用户拷贝集成到自己的开发环境。
+
+首先修改 CMakeLists.txt 中配置为freertos平台，并开启代码抽取功能：
+```
+set(BUILD_TYPE                  "release")
+set(PLATFORM 	                "freertos")
+set(EXTRACT_SRC ON)
+set(FEATURE_AT_TCP_ENABLED OFF)
+```
+在Linux环境运行以下命令
+```
+mkdir build
+cd build
+cmake ..
+```
+即可在output/qcloud_iot_c_sdk中找到相关代码文件，目录层次如下：
+```
+ qcloud_iot_c_sdk
+ ├── include
+ │   ├── config.h
+ │   ├── exports
+ ├── platform
+ └── sdk_src
+     └── internal_inc
+```
+include目录为SDK供用户使用的API及可变参数，其中config.h为根据编译选项生成的编译宏。API具体介绍请参考**C-SDK_API及可变参数说明**。
+platform目录为平台相关的代码，可根据设备的具体情况进行修改适配。具体的函数说明请参考文档**C-SDK_Porting跨平台移植概述**
+sdk_src为SDK的核心逻辑及协议相关代码，一般不需要修改，其中internal_inc为SDK内部使用的头文件。
+
+用户可将qcloud_iot_c_sdk拷贝到其目标平台的编译开发环境，并根据具体情况修改编译选项。
+
+## 乐鑫ESP8266 RTOS平台移植示例
+在Linux开发环境基于乐鑫ESP8266 RTOS平台搭建一个工程示例
+
+### 1. 获取 ESP8266_RTOS_SDK 并创建工程
+
+请参考[ESP8266_RTOS_SDK](https://github.com/espressif/ESP8266_RTOS_SDK) 获取RTOS_SDK 和交叉编译器，并创建一个项目工程
+
+### 2. 拷贝SDK代码
+
+将上面抽取的qcloud_iot_c_sdk目录拷贝到components/qcloud_iot下面
+
+在components/qcloud_iot下面新建一个编译配置文件component.mk，内容如下
+```
+#
+# Component Makefile
+#
+
+COMPONENT_ADD_INCLUDEDIRS := \
+	qcloud_iot_c_sdk/include \
+    qcloud_iot_c_sdk/include/exports \
+	qcloud_iot_c_sdk/sdk_src/internal_inc
+
+COMPONENT_SRCDIRS := \
+	qcloud_iot_c_sdk/sdk_src \
+	qcloud_iot_c_sdk/platform
+    
+```
+
+这样就可以将qcloud_iot_c_sdk作为一个组件进行编译了，之后在用户代码里面就可以调用物联 C-SDK的接口进行连接和收发消息。

qcloud-iot-explorer-sdk-embedded-c/docs/IoT_Explorer开发平台快速入门.md

@@ -0,0 +1,213 @@
+# 物联网开发平台快速入门
+
+物联网开发平台**IoT Explorer**是基于 MQTT 基础能力上，对数据协议的进一步抽象封装，形成[数据模板协议](https://cloud.tencent.com/document/product/1081/34916?!preview&!editLang=zh)。平台基于数据模板的协议，提供丰富的数据展示、调试及应用开发等技术资源，将应用端和设备的开发模板化，加速产品开发进程。
+
+本文档将讲述如何在物联网开发平台控制台申请设备，创建模板，并结合 C-SDK 快速体验设备基于数据模板的数据收发、事件上报及设备调试。
+
+## 一. 控制台创建设备
+
+#### 1. 注册/登录腾讯云账号
+访问[腾讯云登录页面](https://cloud.tencent.com/login?s_url=https%3A%2F%2Fcloud.tencent.com%2F), 点击[立即注册](https://cloud.tencent.com/register?s_url=https%3A%2F%2Fcloud.tencent.com%2F), 免费获取腾讯云账号，若您已有账号，可直接登录。
+
+#### 2. 访问物联网开发控制台
+登录后点击右上角控制台，进入控制台后，鼠标悬停在云产品上，弹出层叠菜单，点击物联网开发平台。
+
+或者直接访问[物联网开发平台控制台](https://console.cloud.tencent.com/iotexplorer)
+
+#### 3. 创建产品和设备
+3.1 创建项目
+![](https://main.qcloudimg.com/raw/50dd24cfa44fbb063d4337eb94ae5d0f.jpg)
+
+3.2.创建并选择和产品比较相近的模板产品，参阅[产品定义](https://cloud.tencent.com/document/product/1081/34739?!preview&!editLang=zh)。
+![](https://main.qcloudimg.com/raw/c8bd19dee90765762bd6c1f98bd0dd2c.jpg)
+![](https://main.qcloudimg.com/raw/4b9fe8f5df7a20ebbab1f0e3693ded8a.jpg)
+
+3.3 定义产品的数据和事件模板，参阅[数据模板创建](https://cloud.tencent.com/document/product/1081/34739?!preview&!editLang=zh#.E6.95.B0.E6.8D.AE.E6.A8.A1.E6.9D.BF)，数据模板的说明参见[数据模板协议](https://cloud.tencent.com/document/product/1081/34916?!preview&!editLang=zh)。
+![](https://main.qcloudimg.com/raw/17ef8daac4da6f9775ea02bddf988ca2.jpg)
+
+3.4 完成产品创建和数据模板定义后，创建设备，则每一个创建的设备都具备这个产品下的数据模板属性，如下图示。
+![](https://main.qcloudimg.com/raw/937698b945dfd2c4f34bffd40ff5165d.jpg)
+
+3.5 查询产品和设备信息
+![](https://main.qcloudimg.com/raw/13972a011bb5382d00d73545534af91a.jpg)
+![](https://main.qcloudimg.com/raw/17ef8daac4da6f9775ea02bddf988ca2.jpg)
+
+3.6 导出数据模板json文件，并通过脚本工具生成数据模板的配置文件
+![](https://main.qcloudimg.com/raw/0951d7c3f540ca716442e08651a0efa5.jpg)
+
+将下载的json文件拷贝到tools目录，执行./codegen.py -c xx/config.json -d  ../targetdir/ 命令,则会根据json文件在target目录生成所定义产品的数据模板及事件的配置文件：
+```
+./codegen.py -c light.json -d ../samples/data_template/
+加载 light.json 文件成功
+文件 ../samples/data_template/data_config.c 生成成功
+文件 ../samples/data_template/events_config.c 生成成功
+```
+
+## 二. 编译示例程序
+
+详细的编译方式请参考**编译及配置选项说明文档**，本文基于 Linux 环境介绍示例编译运行(以**密钥认证设备**为例)。
+
+#### 1. 填入设备信息
+将上面步骤在腾讯云物联网平台创建的设备的设备信息填写到device_info.json中，如：
+```
+"auth_mode":"KEY",	
+"productId":"5S6AQZ6IDE",
+"deviceName":"dev01",	
+"key_deviceinfo":{    
+    "deviceSecret":"vX6PQqazsGsMyf5SMfs6OA6y"
+}
+```
+#### 2. 基于数据模板的业务逻辑开发
+数据模板示例data_template_sample.c，已实现数据、事件收发及响应的通用处理逻辑。但是具体的数据处理的业务逻辑需要用户自己根据业务逻辑添加，上下行业务逻辑添加的入口函数分别为deal_up_stream_user_logic 、deal_down_stream_user_logic，如果有字符串或json类型的数据模板，用户需要在函数update_self_define_value中完成数据的解析（其他数据类型会根据模板定义自动更新），可以参考基于场景的示例light_data_template_sample.c添加业务处理逻辑。
+
+下行业务逻辑实现：
+```
+/* user's own down-stream code */
+void deal_down_stream_user_logic(ProductDataDefine   * pData)
+{
+	Log_d("someting about your own product logic wait to be done");
+}
+```
+
+上行业务逻辑实现：
+```
+/* demo for up-stream code */
+int deal_up_stream_user_logic(DeviceProperty *pReportDataList[], int *pCount)
+{
+	int i, j;
+	
+     for (i = 0, j = 0; i < TOTAL_PROPERTY_COUNT; i++) {       
+        if(eCHANGED == sg_DataTemplate[i].state) {
+            pReportDataList[j++] = &(sg_DataTemplate[i].data_property);
+			sg_DataTemplate[i].state = eNOCHANGE;
+        }
+    }
+	*pCount = j;
+
+	return (*pCount > 0)?QCLOUD_RET_SUCCESS:QCLOUD_ERR_FAILURE;
+}
+```
+
+#### 3. 编译 SDK
+
+首先修改CMakeLists.txt确保以下选项存在
+```
+set(BUILD_TYPE                   "release")
+set(COMPILE_TOOLS                "gcc") 
+set(PLATFORM 	                "linux")
+set(FEATURE_MQTT_COMM_ENABLED ON)
+set(FEATURE_AUTH_MODE "KEY")
+set(FEATURE_AUTH_WITH_NOTLS OFF)
+set(FEATURE_DEBUG_DEV_INFO_USED  OFF)  
+```
+完整编译库和示例
+```
+./cmake_build.sh 
+```
+输出的库文件，头文件及示例在`output/release`文件夹中。
+在一次完整编译之后，若只需要编译示例，则执行
+```
+./cmake_build.sh samples
+```
+
+## 三. 执行示例程序
+
+#### 执行 data_template_sample 示例程序
+
+数据模板示例实现通用的数据模板和事件处理的框架，数据上下行和事件上报的日志如下：
+```
+ ./output/release/bin/data_template_sample 
+INF|2019-09-18 15:11:54|device.c|iot_device_info_set(67): SDK_Ver: 3.1.0, Product_ID: 5S6AQZ6IDE, Device_Name: dev01
+DBG|2019-09-18 15:11:54|HAL_TLS_mbedtls.c|HAL_TLS_Connect(204): Setting up the SSL/TLS structure...
+DBG|2019-09-18 15:11:54|HAL_TLS_mbedtls.c|HAL_TLS_Connect(246): Performing the SSL/TLS handshake...
+DBG|2019-09-18 15:11:54|HAL_TLS_mbedtls.c|HAL_TLS_Connect(247): Connecting to /5S6AQZ6IDE.wx-mqtt.tencentdevices.com/8883...
+INF|2019-09-18 15:11:55|HAL_TLS_mbedtls.c|HAL_TLS_Connect(269): connected with /5S6AQZ6IDE.wx-mqtt.tencentdevices.com/8883...
+INF|2019-09-18 15:11:55|mqtt_client.c|IOT_MQTT_Construct(125): mqtt connect with id: r7891 success
+DBG|2019-09-18 15:11:55|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(138): topicName=$template/operation/result/5S6AQZ6IDE/dev01|packet_id=4412
+DBG|2019-09-18 15:11:55|shadow_client.c|_shadow_event_handler(63): shadow subscribe success, packet-id=4412
+INF|2019-09-18 15:11:55|data_template_sample.c|event_handler(124): subscribe success, packet-id=4412
+INF|2019-09-18 15:11:55|shadow_client.c|IOT_Shadow_Construct(172): Sync device data successfully
+INF|2019-09-18 15:11:55|data_template_sample.c|main(319): Cloud Device Construct Success
+DBG|2019-09-18 15:11:55|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(138): topicName=$thing/down/event/5S6AQZ6IDE/dev01|packet_id=4413
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=time registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=float registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=light_switch registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=color registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=brightness registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|_register_data_template_property(270): data template property=name registered.
+INF|2019-09-18 15:11:55|data_template_sample.c|main(340): Register data template propertys Success
+DBG|2019-09-18 15:11:55|shadow_client.c|IOT_Shadow_Get(383): GET Request Document: {"clientToken":"explorer-5S6AQZ6IDE-0"}
+DBG|2019-09-18 15:11:55|mqtt_client_publish.c|qcloud_iot_mqtt_publish(329): publish topic seq=4414|topicName=$template/operation/5S6AQZ6IDE/dev01|payload={"type":"get", "clientToken":"explorer-5S6AQZ6IDE-0"}
+INF|2019-09-18 15:11:55|data_template_sample.c|event_handler(138): publish success, packet-id=4414
+DBG|2019-09-18 15:11:55|shadow_client.c|_shadow_event_handler(63): shadow subscribe success, packet-id=4413
+INF|2019-09-18 15:11:55|data_template_sample.c|event_handler(124): subscribe success, packet-id=4413
+DBG|2019-09-18 15:11:55|shadow_client_manager.c|_on_operation_result_handler(278): type:get
+DBG|2019-09-18 15:11:55|shadow_client.c|_update_ack_cb(114): requestAck=0
+DBG|2019-09-18 15:11:55|shadow_client.c|_update_ack_cb(117): Received Json Document={"clientToken":"explorer-5S6AQZ6IDE-0","payload":{"state":{"reported":{"battery":35,"brightness":55,"color":0,"id":"19","name":"dev01","power_switch":0}},"timestamp":1568776522035,"version":401},"result":0,"timestamp":1568790715,"type":"get"}
+DBG|2019-09-18 15:11:56|data_template_sample.c|main(389): No delta msg received...
+DBG|2019-09-18 15:11:56|data_template_sample.c|main(409): no data need to be reported
+DBG|2019-09-18 15:11:56|mqtt_client_publish.c|qcloud_iot_mqtt_publish(337): publish packetID=0|topicName=$thing/up/event/5S6AQZ6IDE/dev01|payload={"method":"events_post", "clientToken":"5S6AQZ6IDE-1", "events":[{"eventId":"all_function", "type":"alert", "timestamp":1568790716000, "params":{"bool":0,"int":0,"str":"","float":0.000000,"enum1":0,"time":0}},{"eventId":"status_report", "type":"info", "timestamp":1568790716000, "params":{"status":0,"message":""}},{"eventId":"hardware_fault", "type":"fault", "timestamp":1568790716000, "params":{"name":"","error_code":0}}]}
+INF|2019-09-18 15:11:59|qcloud_iot_event.c|_on_event_reply_callback(96): Receive Message With topicName:$thing/down/event/5S6AQZ6IDE/dev01, payload:{"method":"events_reply","clientToken":"5S6AQZ6IDE-1","code":404,"status":"hardware_fault not defined","data":{}}
+DBG|2019-09-18 15:11:59|qcloud_iot_event.c|_on_event_reply_callback(115): eventToken:5S6AQZ6IDE-1 code:404 status:hardware_fault not defined
+DBG|2019-09-18 15:11:59|data_template_sample.c|event_post_cb(68): Reply:{"method":"events_reply","clientToken":"5S6AQZ6IDE-1","code":404,"status":"hardware_fault not defined","data":{}}
+DBG|2019-09-18 15:11:59|qcloud_iot_event.c|_release_reply_request(78): eventToken[5S6AQZ6IDE-1] released
+```
+
+#### 执行 light_data_template_sample 示例程序
+智能灯示例是基于数据数据模板的场景示例，基于此示例说明控制台和设备端控制交互及日志查询
+```
+./output/release/bin/light_data_template_sample
+INF|2019-09-18 15:14:08|device.c|iot_device_info_set(67): SDK_Ver: 3.1.0, Product_ID: 5S6AQZ6IDE, Device_Name: dev01
+DBG|2019-09-18 15:14:08|HAL_TLS_mbedtls.c|HAL_TLS_Connect(204): Setting up the SSL/TLS structure...
+DBG|2019-09-18 15:14:08|HAL_TLS_mbedtls.c|HAL_TLS_Connect(246): Performing the SSL/TLS handshake...
+DBG|2019-09-18 15:14:08|HAL_TLS_mbedtls.c|HAL_TLS_Connect(247): Connecting to /5S6AQZ6IDE.wx-mqtt.tencentdevices.com/8883...
+INF|2019-09-18 15:14:08|HAL_TLS_mbedtls.c|HAL_TLS_Connect(269): connected with /5S6AQZ6IDE.wx-mqtt.tencentdevices.com/8883...
+INF|2019-09-18 15:14:09|mqtt_client.c|IOT_MQTT_Construct(125): mqtt connect with id: JYqyP success
+DBG|2019-09-18 15:14:09|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(138): topicName=$template/operation/result/5S6AQZ6IDE/dev01|packet_id=22146
+DBG|2019-09-18 15:14:09|shadow_client.c|_shadow_event_handler(63): shadow subscribe success, packet-id=22146
+INF|2019-09-18 15:14:09|light_data_template_sample.c|event_handler(235): subscribe success, packet-id=22146
+INF|2019-09-18 15:14:09|shadow_client.c|IOT_Shadow_Construct(172): Sync device data successfully
+INF|2019-09-18 15:14:09|light_data_template_sample.c|main(510): Cloud Device Construct Success
+DBG|2019-09-18 15:14:09|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(138): topicName=$thing/down/event/5S6AQZ6IDE/dev01|packet_id=22147
+INF|2019-09-18 15:14:09|light_data_template_sample.c|_register_data_template_property(385): data template property=power_switch registered.
+INF|2019-09-18 15:14:09|light_data_template_sample.c|_register_data_template_property(385): data template property=color registered.
+INF|2019-09-18 15:14:09|light_data_template_sample.c|_register_data_template_property(385): data template property=brightness registered.
+INF|2019-09-18 15:14:09|light_data_template_sample.c|_register_data_template_property(385): data template property=name registered.
+INF|2019-09-18 15:14:09|light_data_template_sample.c|main(531): Register data template propertys Success
+DBG|2019-09-18 15:14:09|shadow_client.c|IOT_Shadow_Get(383): GET Request Document: {"clientToken":"explorer-5S6AQZ6IDE-0"}
+DBG|2019-09-18 15:14:09|mqtt_client_publish.c|qcloud_iot_mqtt_publish(329): publish topic seq=22148|topicName=$template/operation/5S6AQZ6IDE/dev01|payload={"type":"get", "clientToken":"explorer-5S6AQZ6IDE-0"}
+INF|2019-09-18 15:14:09|light_data_template_sample.c|event_handler(249): publish success, packet-id=22148
+DBG|2019-09-18 15:14:09|shadow_client.c|_shadow_event_handler(63): shadow subscribe success, packet-id=22147
+INF|2019-09-18 15:14:09|light_data_template_sample.c|event_handler(235): subscribe success, packet-id=22147
+DBG|2019-09-18 15:14:09|shadow_client_manager.c|_on_operation_result_handler(278): type:get
+DBG|2019-09-18 15:14:09|shadow_client.c|_update_ack_cb(114): requestAck=0
+DBG|2019-09-18 15:14:09|shadow_client.c|_update_ack_cb(117): Received Json Document={"clientToken":"explorer-5S6AQZ6IDE-0","payload":{"state":{"reported":{"battery":35,"brightness":55,"color":0,"id":"19","name":"dev01","power_switch":0}},"timestamp":1568776522035,"version":401},"result":0,"timestamp":1568790849,"type":"get"}
+DBG|2019-09-18 15:14:09|light_data_template_sample.c|main(602): no data need to be reported
+DBG|2019-09-18 15:14:09|light_data_template_sample.c|main(609): cycle report:{"state":{"reported":{"power_switch":0,"color":0,"brightness":0,"name":"dev01"}}, "clientToken":"explorer-5S6AQZ6IDE-1"}
+DBG|2019-09-18 15:14:09|shadow_client.c|IOT_Shadow_Update(317): UPDATE Request Document: {"state":{"reported":{"power_switch":0,"color":0,"brightness":0,"name":"dev01"}}, "clientToken":"explorer-5S6AQZ6IDE-1"}
+DBG|2019-09-18 15:14:09|mqtt_client_publish.c|qcloud_iot_mqtt_publish(329): publish topic seq=22149|topicName=$template/operation/5S6AQZ6IDE/dev01|payload={"type":"update", "state":{"reported":{"power_switch":0,"color":0,"brightness":0,"name":"dev01"}}, "clientToken":"explorer-5S6AQZ6IDE-1"}
+INF|2019-09-18 15:14:09|light_data_template_sample.c|main(613): cycle reporte success
+INF|2019-09-18 15:14:10|light_data_template_sample.c|event_handler(249): publish success, packet-id=22149
+DBG|2019-09-18 15:14:10|shadow_client_manager.c|_on_operation_result_handler(278): type:update
+INF|2019-09-18 15:14:10|light_data_template_sample.c|OnShadowUpdateCallback(370): recv shadow update response, response ack: 0
+```
+
+## 四. 设备调试
+
+1. 进入设备调试：
+![](https://main.qcloudimg.com/raw/1f2ac1d6cac186394ac1a1da6c22749c.jpg)
+
+2. 修改目标数据下发设备
+![](https://main.qcloudimg.com/raw/911a09872f03a91d1d530537e51147f1.jpg)
+
+3.设备响应及日志输出
+![](https://main.qcloudimg.com/raw/c45d35d9abe116408efc2656b55127b7.jpg)
+
+4. 控制台查看设备当前状态
+![](https://main.qcloudimg.com/raw/236b8bf3c88b1c532714b730d0993a79.jpg)
+
+5. 控制台查看设备通信日志
+![](https://main.qcloudimg.com/raw/10e911975030f2840b9af03a079aec1d.jpg)
+
+6. 控制台查看设备事件上报
+![](https://main.qcloudimg.com/raw/d3878541b502619158ec206fc2ae2391.jpg)

qcloud-iot-explorer-sdk-embedded-c/docs/MCU+腾讯云定制AT模组.md

@@ -0,0 +1,16 @@
+## 简介
+腾讯云物联网提供了专用的 [腾讯云IoT AT指令集](https://github.com/tencentyun/qcloud-iot-sdk-tencent-at-based/blob/master/docs/%E8%85%BE%E8%AE%AF%E4%BA%91IoT%20AT%E6%8C%87%E4%BB%A4%E9%9B%86-V3.1.3.pdf)，如果通讯模组实现了该指令集，则设备接入和通讯更为简单，所需代码量更少，针对这种场景，请参考面向腾讯云定制AT模组专用的 [MCU AT SDK](https://github.com/tencentyun/qcloud-iot-sdk-tencent-at-based.git)
+
+目前腾讯云和主流的模组厂商进行了深度合作，将SDK的核心协议已移植到模组中，模组对外封装统一的腾讯云AT指令。已支持腾讯云定制AT指令的模组列表如下：
+
+| 序号  | 模组商     |   模组型号       |  通信制式      |   固件版本      |
+| -------| ------------| -------------------|------------------|----------------|
+| 1      | 中移        |   M5311          |      NB-IoT    |  M5311_LV_MOD_BOM_R002_1901232019_0906   |
+| 2      | 中移        |   M6315         |          2G    |   CMIOT_M6315_20180901_V10_EXT_20190827_152209     |
+| 3     | 中移         |   M8321          |         4G     |   QCloud_AT_v3.0.1_4G_Cellular 20190909_171245     |
+| 4      | 有方               | N10              |     2G         |     N10_I_1187_PQS63010_TC_V002C   |
+| 5      | 有方               | N21                |    NB-IoT      |     N21_RDD0CM_TC_V006A   |
+| 6      | 有方               | N720            |    4G         |    N720_EAB0CMF_BZ_V003A_T1    |
+| 7      | 移柯               | L206            |    2G         | L206Dv01.04b04.04 |
+| 8      | 乐鑫               | ESP8266            |    WIFI         |   QCloud_AT_ESP_WiFi_v1.1.0     |
+

qcloud-iot-explorer-sdk-embedded-c/docs/MCU+通用TCP_AT模组移植(FreeRTOS).md

@@ -0,0 +1,49 @@
+## 简介
+
+对于不具备网络通讯能力的MCU，一般采用MCU+通讯模组的方式，通讯模组（包括WiFi/2G/4G/NB-IoT）一般提供了基于串口的AT指令协议供MCU进行网络通讯。针对这种场景，C-SDK 封装了AT-socket网络层，网络层之上的核心协议和服务层无须移植。本文阐述针对 MCU(FreeRTOS)+通用TCP AT模组的目标环境，如何移植C-SDK 并接入腾讯云物联网平台（以IoT Explorer为例）。
+
+## 系统框图
+![mcu+module](https://main.qcloudimg.com/raw/aa148085175ebc615c4bc6fa3e483188.jpg)
+
+## 移植步骤
+![port_flow](https://main.qcloudimg.com/raw/3717052f47405e66a754f2f8594c6c84.jpg)
+
+### 1. 下载最新版本设备端 [C-SDK](https://github.com/tencentyun/qcloud-iot-sdk-embedded-c)。
+
+###  2. SDK功能配置及代码抽取
+-  使用通用TCP模组编译配置选项配置如下:
+
+| 名称                             | 配置        | 说明                                                         |
+| :------------------------------- | ------------- | ------------------------------------------------------------ |
+| BUILD_TYPE                       | debug/release,根据需要设置 |
+| EXTRACT_SRC                      | ON       | 使能代码抽取                                               |
+| COMPILE_TOOLS                    | gcc/MSVC      | 根据需要设置，IDE情况不关注            |
+| PLATFORM                         | linux/windows | 根据需要设置，IDE情况不关注                |
+| FEATURE_OTA_COMM_ENABLED         | ON/OFF       | 根据需要设置                     |
+| FEATURE_AUTH_MODE                | KEY      | 资源受限设备认证方式建议选秘钥认证    |
+| FEATURE_AUTH_WITH_NOTLS          | ON/OFF        | 根据需要是否使能TLS             |
+| FEATURE_EVENT_POST_ENABLED       | ON/OFF        | 根据需要是否使能事件上报    |
+| FEATURE_AT_TCP_ENABLED           | ON        | AT模组TCP功能开关                        |
+| FEATURE_AT_UART_RECV_IRQ         | ON        | AT模组中断接受功能开关                |
+| FEATURE_AT_OS_USED               | ON        | AT模组多线程功能开关                         |
+| FEATURE_AT_DEBUG              | OFF      | 默认关闭AT模组调试功能，有调试需要再打开|
+
+- 参考文档[C-SDK_Build编译环境及配置选项说明]()抽取代码
+
+- 将抽取的代码目录作为通信组件放在类似 RTOS、FATFS 的第三方组件的同级目录，系统代码框架大体如下：
+![](https://main.qcloudimg.com/raw/5e3da49ac27e57d72fd6f6a70bb98547.jpg)
+
+### 3. 数据模板模板代码生成
+对于IoT_Explorer产品可以参考[IoT_Explorer/Data_template数据模板代码生成]()
+对于IoT_Hub产品，可跳过这一步
+
+### 4. HAL 层移植
+
+参见[C-SDK_Porting跨平台移植概述]()
+对于网络相关的HAL接口，通过上面的编译选项已选择SDK提供的AT_Socket框架，SDK会调用 network_at_tcp.c 的at_socket接口，at_socket层不需要移植，需要实现AT串口驱动及AT模组驱动，AT模组驱动只需要实现AT框架中at_device的驱动结构体 *at_device_op_t* 的驱动接口即可，可以参照at_device目录下的已支持的模组。目前SDK针对物联网使用较广的WiFi模组ESP8266提供了底层接口实现，供移植到其他通讯模组时作为参考。
+
+### 5. 业务逻辑开发
+
+对于IoT_Explorer产品，可以参考[IoT_Explorer/Data_template数据模板应用开发]()实现具体业务场景下的业务逻辑开发。
+对于IoT_Hub产品，可以参考IoT_Hub目录下的例程。
+

qcloud-iot-explorer-sdk-embedded-c/docs/MCU+通用TCP_AT模组移植(nonOS).md

@@ -0,0 +1,51 @@
+## 简介
+
+对于不具备网络通讯能力的MCU，一般采用MCU+通讯模组的方式，通讯模组（包括WiFi/2G/4G/NB-IoT）一般提供了基于串口的AT指令协议供MCU进行网络通讯。针对这种场景，C-SDK 封装了AT-socket网络层，网络层之上的核心协议和服务层无须移植。本文阐述针对 MCU(无OS)+通用TCP AT模组的目标环境，如何移植C-SDK 并接入腾讯云物联网平台（以IoT Explorer为例）。
+相较于有RTOS场景，at_socket网络接收数据的处理会有差异，应用层需要周期性的调用**IOT_MQTT_Yield**来接收服务端下行数据，错过接收窗口则会存在数据丢失的情况，所以在业务逻辑较为复杂的场景建议使用RTOS，通过配置 FEATURE_AT_OS_USED = OFF选择无OS方式。
+
+## 系统框图
+![mcu+module](https://main.qcloudimg.com/raw/aa148085175ebc615c4bc6fa3e483188.jpg)
+
+## 移植步骤
+![port_flow](https://main.qcloudimg.com/raw/3717052f47405e66a754f2f8594c6c84.jpg)
+
+### 1. 下载最新版本设备端 [C-SDK](https://github.com/tencentyun/qcloud-iot-sdk-embedded-c)。
+
+###  2. SDK功能配置及代码抽取
+-  无RTOS使用通用TCP模组编译配置选项配置如下:
+
+| 名称                             | 配置        | 说明                                                         |
+| :------------------------------- | ------------- | ------------------------------------------------------------ |
+| BUILD_TYPE                       | debug/release,根据需要设置 |
+| EXTRACT_SRC                      | ON       | 使能代码抽取                                               |
+| COMPILE_TOOLS                    | gcc/MSVC      | 根据需要设置，IDE情况不关注            |
+| PLATFORM                         | linux/windows | 根据需要设置，IDE情况不关注                |
+| FEATURE_OTA_COMM_ENABLED         | ON/OFF       | 根据需要设置                     |
+| FEATURE_AUTH_MODE                | KEY      | 资源受限设备认证方式建议选秘钥认证    |
+| FEATURE_AUTH_WITH_NOTLS          | ON/OFF        | 根据需要是否使能TLS             |
+| FEATURE_EVENT_POST_ENABLED       | ON/OFF        | 根据需要是否使能事件上报    |
+| FEATURE_AT_TCP_ENABLED           | ON        | 使能at_socket组件                          |
+| FEATURE_AT_UART_RECV_IRQ         | ON        | 使能AT串口中断接收                  |
+| FEATURE_AT_OS_USED               | OFF        | at_socket组件无RTOS环境使用                         |
+| FEATURE_AT_DEBUG                 | OFF      | 默认关闭AT模组调试功能，有调试需要再打开|
+
+- 参考文档[C-SDK_Build编译环境及配置选项说明]()抽取代码
+
+- 将抽取的代码目录作为通信组件放在类似 RTOS、FATFS 的第三方组件的同级目录，系统代码框架大体如下：
+![](https://main.qcloudimg.com/raw/5e3da49ac27e57d72fd6f6a70bb98547.jpg)
+
+### 3. 数据模板模板代码生成
+对于IoT_Explorer产品可以参考[IoT_Explorer/Data_template数据模板代码生成]()
+对于IoT_Hub产品，可跳过这一步
+
+### 4. HAL 层移植
+
+参见[C-SDK_Porting跨平台移植概述]()
+
+对于网络相关的HAL接口，通过上面的编译选项已选择SDK提供的AT_Socket框架，SDK会调用 network_at_tcp.c 的at_socket接口，at_socket层不需要移植，需要实现AT串口驱动及AT模组驱动，AT模组驱动只需要实现AT框架中at_device的驱动结构体 *at_device_op_t* 的驱动接口即可，可以参照at_device目录下的已支持的模组。AT串口驱动需要实现串口的中断接收，然后在中断服务程序中调用回调函数 *at_client_uart_rx_isr_cb* 即可，可以参考 HAL_OS_nonos.c 实现目标平台的移植。
+
+### 5. 业务逻辑开发
+
+对于IoT_Explorer产品，可以参考[IoT_Explorer/Data_template数据模板应用开发]()实现具体业务场景下的业务逻辑开发。
+对于IoT_Hub产品，可以参考IoT_Hub目录下的例程。
+

qcloud-iot-explorer-sdk-embedded-c/docs/二进制数据上报.md

@@ -0,0 +1,154 @@
+用户参考自定义透传的智能灯示例，定义目标产品的二进制数据协议，编写对应的上下行数据的解析脚本，设备侧即可基于二进制实现和平台交互。
+
+### 1.创建自定义透传产品，同时选择智能灯产品类型
+![](https://main.qcloudimg.com/raw/e385b9e53e2b510df5da93c2977919cb.png)
+
+### 2. 使能二进制数据解析功能
+![](https://main.qcloudimg.com/raw/22f6e4797466f41e17111b61f9c51072.png)
+
+### 3. 智能灯二进制协议格式
+
+- 上报格式
+![](https://main.qcloudimg.com/raw/d4736c9fe19da201d65e80cb72ab17d2.png)
+
+- 下发格式
+![](https://main.qcloudimg.com/raw/67ed266e814783adef513dcbf764fbbc.png)
+
+### 4. 编辑上下行二进制数据与Json数据转换的解析脚本并提交
+- 目前解析脚本暂时只支持JavaScript语法
+![](https://main.qcloudimg.com/raw/2e6d2b20723d7567f64fab7889d8e87a.png)
+
+对应的脚本代码如下：
+- 上行二进制数据到Json数据的解析脚本
+
+```
+
+function RawToProtocol(fPort, bytes) {
+    var data = {
+    "method": "report",
+    "clientToken": new Date(),
+    "params":{}
+    };
+    if (bytes[2] != 1) {
+        return data ;
+    } 
+    var sw =  bytes[8];
+    if (sw == 0 || sw == 1) {
+        data.params.power_switch =  sw;
+    }
+    var color =  bytes[9];
+    if (color >=0  &&  color < 4 ) {
+        data.params.color =  color;
+    }   
+    var brightness =  bytes[10];
+    if (brightness >=0  &&   brightness <=100 ) {
+        data.params.brightness =  brightness;
+    }        
+    return data;
+}
+
+```
+
+- 下行Json数据到二进制数据的解析脚本
+
+```
+
+function ProtocolToRaw(json) {
+  
+  var data = new Array();
+
+  var method = json['method'];
+  if (method !="control") { 
+      return data;
+  }
+  data[0] = 0xaa;// header 0x55aa
+  data[1] = 0x55;
+
+  data[2] = 0x20; // control commandb
+  data[3] = 0; // padding
+
+  //requestid  这里随便填了
+  data[4] = 0xcc; 
+  data[5] = 0xcc; 
+  data[6] = 0xcc; 
+  data[7] = 0xcc; 
+
+  var params = json['params'];  
+
+  if (params.power_switch != undefined) {
+      data[8] = params.power_switch ; //switch 
+  } else {
+      data[8] = 255;
+  }
+  
+  if (params.color != undefined) {
+      data[9] = params.color ; //color
+  } else {
+      data[9] = 255;
+  }  
+
+  if (params.brightness != undefined) {
+      data[10] = params.brightness ; //brightness
+  } else {
+      data[10] = 255;  }
+  
+  data[11] = 255 ; //name is invalid
+  return data;
+}
+
+
+```
+
+- 可以在线调试脚本的解析功能
+![](https://main.qcloudimg.com/raw/6ce7da31c2442f7967cb89edd20ed09b.png)
+
+
+###  5. 编译SDK并运行二进制示例
+
+- 带参数 -l 二进制示例会循环执行，示例会定时上报二进制数据，收到二进制数据会dump出来。
+
+```
+./raw_data_mqtt_sample -l
+INF|2020-02-13 01:41:55|qcloud_iot_device.c|iot_device_info_set(65): SDK_Ver: 3.1.1, Product_ID: NQ7GQN6KSR, Device_Name: dev001
+DBG|2020-02-13 01:41:55|HAL_TLS_mbedtls.c|HAL_TLS_Connect(206): Setting up the SSL/TLS structure...
+DBG|2020-02-13 01:41:55|HAL_TLS_mbedtls.c|HAL_TLS_Connect(248): Performing the SSL/TLS handshake...
+DBG|2020-02-13 01:41:55|HAL_TLS_mbedtls.c|HAL_TLS_Connect(249): Connecting to /nq7gqn6ksr.iotcloud.tencentdevices.com/8883...
+INF|2020-02-13 01:41:56|HAL_TLS_mbedtls.c|HAL_TLS_Connect(271): connected with /nq7gqn6ksr.iotcloud.tencentdevices.com/8883...
+INF|2020-02-13 01:41:56|mqtt_client.c|IOT_MQTT_Construct(127): mqtt connect with id: 9Z39s success
+INF|2020-02-13 01:41:56|raw_data_sample.c|main(306): Cloud Device Construct Success
+DBG|2020-02-13 01:41:56|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/raw/NQ7GQN6KSR/dev001|packet_id=15330
+INF|2020-02-13 01:41:56|raw_data_sample.c|_mqtt_event_handler(95): subscribe success, packet-id=15330
+DBG|2020-02-13 01:41:57|raw_data_sample.c|_publish_raw_data_msg(223): raw_data published dump:
+
+ AA 55 01 00 00 00 00 00 01 01 38 00
+DBG|2020-02-13 01:41:57|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/raw/NQ7GQN6KSR/dev001|payload=
+
+ DBG|2020-02-13 01:42:02|raw_data_sample.c|_publish_raw_data_msg(223): raw_data published dump:
+
+ AA 55 01 00 01 00 00 00 01 00 54 00
+DBG|2020-02-13 01:42:02|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/raw/NQ7GQN6KSR/dev001|payload=
+
+```
+
+- 收到下行数据并dump
+
+```
+
+INF|2020-02-13 01:47:23|raw_data_sample.c|on_raw_data_message_callback(235): Receive Message With topicName:$thing/down/raw/NQ7GQN6KSR/dev001, payloadlen:12
+DBG|2020-02-13 01:47:23|raw_data_sample.c|on_raw_data_message_callback(237): raw_data reveived dump:
+
+ AA 55 20 00 CC CC CC CC FF 01 FF FF
+INF|2020-02-13 01:47:23|raw_data_sample.c|on_raw_data_message_callback(235): Receive Message With topicName:$thing/down/raw/NQ7GQN6KSR/dev001, payloadlen:12
+DBG|2020-02-13 01:47:23|raw_data_sample.c|on_raw_data_message_callback(237): raw_data reveived dump:
+
+ AA 55 20 00 CC CC CC CC FF 01 FF FF
+ 
+```
+
+###  6. 控制台日志
+
+- 在线调试
+![](https://main.qcloudimg.com/raw/5e8dd1b8efdc079a72ffb8d9e3b52830.png)
+
+- 设备日志
+![](https://main.qcloudimg.com/raw/9ee577ed46f1170531d444703c5968f9.png)

qcloud-iot-explorer-sdk-embedded-c/docs/数据模板开发/数据模板代码生成.md

@@ -0,0 +1,19 @@
+## 简介
+本文介绍基于物联开发平台 IoT Explorer 创建的数据模板如何生成模板代码。
+
+## 数据模板创建
+参阅[产品定义](https://cloud.tencent.com/document/product/1081/34739?!preview&!editLang=zh#.E6.95.B0.E6.8D.AE.E6.A8.A1.E6.9D.BF)创建数据模板
+
+## 数据模板描述文件导出
+数据模板描述文件是一个 JSON 格式的文件，描述了产品定义的属性、事件及其他信息，在平台导出此json文件，如下图示:
+![](https://main.qcloudimg.com/raw/0951d7c3f540ca716442e08651a0efa5.jpg)
+
+## 数据模板模板代码生成
+将下载的json文件拷贝到tools目录，执行./codegen.py -c xx/config.json -d  ../targetdir/ 命令,则会根据json文件在target目录生成所定义产品的数据模板及事件的配置文件,将这个生成的配置文件拷贝到data_template_sample.c的同级目录，data_template_sample.c示例了通用的数据模板处理框架，可以基于此框架添加业务逻辑。智能灯示例light_data_template_sample.c即是基于此框架的场景示例。
+
+```
+./codegen.py -c light.json -d ../samples/data_template/
+加载 light.json 文件成功
+文件 ../samples/data_template/data_config.c 生成成功
+文件 ../samples/data_template/events_config.c 生成成功
+```

qcloud-iot-explorer-sdk-embedded-c/docs/数据模板开发/数据模板协议.md

@@ -0,0 +1,491 @@
+## 简介
+
+用户创建完产品后即可定义数据模板，基于导出数据模板json配置文件通过SDK提供的脚本工具可以自动生成数据模板配置代码，设备调试阶段的在线调试会接收设备的上报数据并可在控制台下发控制指令到设备进行调试。本文档介绍数据模板协议。
+
+## 数据模板协议
+
+### 概述
+物联网开发平台定义了一套通用的方法，实现设备的统一描述、统一控制，进而提供数据的流转和计算服务，实现不同设备的互联互通、数据的流转和融合，助力应用落地。
+
+产品定义了数据模板以后，设备可以按照数据模板中的定义上报属性、事件，并可对设备下发远程控制指令，即对可写的设备属性进行修改。数据模板的管理详见 [产品定义](https://cloud.tencent.com/document/product/1081/34739)。数据模板协议包括了以下几部分。
+
+- 设备属性上报：设备端将定义的属性根据设备端的业务逻辑向云端上报。
+- 设备远程控制：从云端向设备端下发控制指令，即设置设备可写属性。
+- 获取设备最新上报信息：获取设备最新的上报数据。
+- 设备事件上报：设备可根据定义的数据模板中的事件，当事件被触发，则根据设备事件上报的协议上报告警、故障等事件信息。
+- 设备行为：云端可以通过 RPC 的方式来要求设备执行某个动作行为，适用于应用需要实时获取设备的执行结果的场景。
+
+### 设备属性上报
+
+1. 当设备需要向云端上报数据时，开发平台为设备设定了默认的 Topic：
+   - 上行请求 Topic： `$thing/up/property/{ProductID}/{DeviceName}`   
+   - 上行响应 Topic： `$thing/down/property/{ProductID}/{DeviceName}`
+2. 请求
+ - 设备端请求报文示例：
+```
+{
+		"method":"report",
+		"clientToken":"123",
+		"timestamp":1212121221,
+		"params":{
+			"power_switch":1,
+			"color":1,
+			"brightness":32
+		}
+}
+```
+ - 参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>report 表示设备属性上报。</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>用于上下行消息配对标识</td>
+   </tr>
+   <tr>
+      <td>timestamp</td>
+      <td>Integer</td>
+      <td>属性上报的时间</td>
+   </tr>
+   <tr>
+      <td>params</td>
+      <td>JSON</td>
+      <td>JSON 结构内为设备上报的属性值</td>
+   </tr>
+</table>
+3. 响应
+ - 云端返回设备端报文示例：
+```
+{
+		"method":"report_reply",
+		"clientToken":"123",
+		"code":0,
+		"status":"some message wher error"
+}
+```
+ - 响应参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>report_reply 表示云端接收设备上报后的响应报文</td>
+   </tr>
+  <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>用于上下行消息配对标识</td>
+   </tr>
+   <tr>
+      <td>code</td>
+      <td>Integer</td>
+      <td>0表示云端成功收到设备上报的属性</td>
+   </tr>
+   <tr>
+      <td>status</td>
+      <td>String</td>
+      <td>当code非0的时候, 提示错误信息</td>
+   </tr>   
+</table>
+
+
+### 设备远程控制
+
+1. 云端下发控制指令使用的 Topic：
+   - 下发 Topic： `$thing/down/property/{ProductID}/{DeviceName}`
+   - 响应 Topic： `$thing/up/property/{ProductID}/{DeviceName}`
+2. 请求
+ - 远程控制请求消息格式：
+```
+{
+	    "method": "control",
+	    "clientToken": "123",	
+	    "params": {
+	    "power_switch": 1,
+        "color": 1,
+        "brightness": 66	
+        }
+}
+```
+ - 请求参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>control 表示云端向设备发起控制请求</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>用于上下行消息配对标识</td>
+   </tr>
+   <tr>
+      <td>params</td>
+      <td>JSON</td>
+      <td>JSON 结构内为设备上报的属性值</td>
+   </tr>
+</table>
+3. 响应
+ - 设备响应远程控制请求消息格式：
+```
+{
+		"method":"control_reply",
+		"clientToken":"123",
+		"code":0,
+		"status":"some message wher error"
+}
+```
+ - 请求参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>control_reply</td>
+      <td>String</td>
+      <td>表示设备向云端下发的控制指令的请求响应</td>
+   </tr>
+   <tr>
+      <td>code</td>
+      <td>Integer</td>
+      <td>0表示设备成功接收到云端下发的控制指令</td>
+   </tr>
+   <tr>
+      <td>status</td>
+      <td>String</td>
+      <td>当 code 非0的时候, 提示错误信息</td>
+   </tr>   
+</table>
+
+
+
+### 获取设备最新上报信息
+
+1. 设备从云端接收最新消息使用的 Topic：
+   - 请求 Topic： `$thing/up/property/{ProductID}/{DeviceName}`
+   - 响应 Topic： `$thing/down/property/{ProductID}/{DeviceName}`
+2. 请求
+ - 请求消息格式：
+```
+{
+		"method": "get_status",
+		"clientToken": "123",
+		"type" : "report", 
+		"showmeta": 0
+}
+```
+ - 请求参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>get_status</td>
+      <td>String</td>
+      <td>get_status 表示获取设备最新上报的信息</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据，用于请求响应消息的对比。</td>
+   </tr>
+	 <tr>
+      <td>type</td>
+      <td>String</td>
+      <td>表示获取什么类型的信息。report 表示设备上报的信息</td>
+   </tr>
+	   <tr>
+      <td>showmeta</td>
+      <td>Integer</td>
+      <td>标识回复消息是否带 metadata，缺省为0表示不返回 metadata</td>
+   </tr>
+</table>
+3. 响应
+ - 响应消息格式： 
+
+```
+{
+   	"method": "get_status_reply",
+       "code": 0,
+	   "clientToken": "123",
+	   "type": "report",
+   	"data": {
+		   "report": {
+		         "power_switch": 1,
+                 "color": 1,
+                 "brightness": 66	
+		   }
+    	}
+}
+```
+
+ - 响应参数
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>get_status_reply</td>
+      <td>String</td>
+      <td>表示获取设备最新上报信息的 reply 消息</td>
+   </tr>
+	 <tr>
+      <td>code</td>
+      <td>Integer</td>
+      <td>0标识云端成功收到设备上报的属性</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据，用于请求响应消息的对比。</td>
+   </tr>
+	 <tr>
+      <td>type</td>
+      <td>String</td>
+      <td>表示获取什么类型的信息。report 表示设备上报的信息</td>
+   </tr>
+	   <tr>
+      <td>data</td>
+      <td>JSON</td>
+      <td>返回具体设备上报的最新数据内容</td>
+   </tr>
+</table>
+
+
+
+### 设备事件上报
+
+1. 当设备需要向云端上报事件时，开发平台为设备设定了默认的 Topic：
+   - 上行请求 Topic： `$thing/up/event/<产品>/<设备>`
+   - 上行响应 Topic： `$thing/down/event/<产品>/<设备>`
+2. 请求
+ - 设备端请求报文示例：    
+```
+{
+		"method":"event_post",
+		"clientToken":"123",
+		"version":"1.0",
+		"eventId":"PowerAlarm",
+		"type":"fatal",
+		"timestamp":1212121221,
+		"params":{
+		"Voltage":2.8,
+		"Percent":20
+        }
+}
+```
+ - 请求参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>event_post 表示事件上报。</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据, 用于请求响应消息的对比。</td>
+   </tr>
+   <tr>
+      <td>version</td>
+      <td>String</td>
+      <td>协议版本，默认为1.0。</td>
+   </tr>
+   <tr>
+      <td>eventId</td>
+      <td>String</td>
+      <td>事件的 ID，在数据模板事件中定义。</td>
+   </tr>
+   <tr>
+      <td>params</td>
+      <td>String</td>
+      <td>事件的参数，在数据模板事件中定义。</td>
+   </tr>
+   <tr>
+      <td>timestamp</td>
+      <td>Integer</td>
+      <td>事件上报的时间，不填写该字段表示就使用事件上报本身的时间。</td>
+   </tr>
+</table>
+3. 响应
+ - 响应消息格式： 
+
+```
+{
+		"method": "event_reply",
+		"clientToken": "123",
+		"version": "1.0",
+		"code": 0,
+		"status": "some message wher error",
+		"data": {}
+}
+```
+
+ - 响应参数：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>event_reply 表示是云端返回设备端的响应。</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据, 用于请求响应消息的对比。</td>
+   </tr>
+   <tr>
+      <td>version</td>
+      <td>String</td>
+      <td>协议版本，默认为1.0。</td>
+   </tr>
+   <tr>
+      <td>code</td>
+      <td>Integer</td>
+      <td>事件上报结果，0表示成功。</td>
+   </tr>
+   <tr>
+      <td>status</td>
+      <td>String</td>
+      <td>事件上报结果描述。</td>
+   </tr>
+   <tr>
+      <td>data</td>
+      <td>JSON</td>
+      <td>事件上报返回的内容。</td>
+   </tr>
+</table>
+
+
+### 设备行为调用
+
+1. 当应用通过云端向设备发起某个行为调用时，开发平台为设备行为的处理设定了默认的 Topic：
+   - 应用调用设备行为 Topic： `$thing/down/action/<产品>/<设备>`
+   - 设备响应行为执行结果 Topic： `$thing/up/action/<产品>/<设备>`
+2. 请求
+ - 应用端发起设备行为调用报文示例：    
+```
+{
+		"method": "action",
+		"clientToken": "20a4ccfd-d308-11e9-86c6-5254008a4f10",
+		"actionId": "openDoor",
+		"timestamp": 1212121221,
+		"params": {
+		"userid": "323343"	
+	    }
+}
+```
+ - 请求参数说明：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>action 表示是调用设备的某个行为</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据, 用于请求响应消息的对比。</td>
+   </tr>
+   <tr>
+      <td>actionId</td>
+      <td>String</td>
+      <td>actionId 是数据模板中的行为标识符，由开发者自行根据设备的应用场景定义</td>
+   </tr>  
+     <tr>
+      <td>timestamp</td>
+      <td>Integer</td>
+      <td>行为调用的当前时间</td>
+   </tr>
+   <tr>
+      <td>params</td>
+      <td>String</td>
+      <td>行为的调用参数，在数据模板的行为中定义。</td>
+   </tr> 
+</table>
+3. 响应
+ - 响应消息格式：  
+```
+{
+		"method": "action_reply",
+		"clientToken": "20a4ccfd-d308-11e9-86c6-5254008a4f10",
+		"code": 0,
+		"status": "some message wher error",
+		"response": {
+		"Code":  0
+        }
+}
+```
+
+ - 响应参数：
+<table>
+   <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+   </tr>
+   <tr>
+      <td>method</td>
+      <td>String</td>
+      <td>action_reply 表示是设备端执行完指定的行为向云端回复的响应</td>
+   </tr>
+   <tr>
+      <td>clientToken</td>
+      <td>String</td>
+      <td>消息 ID，回复的消息将会返回该数据, 用于请求响应消息的对比。</td>
+   </tr>
+ 
+   <tr>
+      <td>code</td>
+      <td>Integer</td>
+      <td>行为执行结果，0表示成功。</td>
+   </tr>
+   <tr>
+      <td>status</td>
+      <td>String</td>
+      <td>行为执行失败后的错误信息描述。</td>
+   </tr>
+   <tr>
+      <td>response</td>
+      <td>JSON</td>
+      <td>设备行为中定义的返回参数，设备行为执行成功后，向云端返回执行结果</td>
+   </tr>
+</table>

qcloud-iot-explorer-sdk-embedded-c/docs/数据模板开发/数据模板应用开发.md

@@ -0,0 +1,141 @@
+##  数据模板业务逻辑开发
+数据模板示例data_template_sample.c已实现数据、事件收发及响应的通用处理框架。可以基于此示例开发业务逻辑，上下行业务逻辑添加的入口函数分别为 deal_up_stream_user_logic 、deal_down_stream_user_logic。可以参考智能灯的场景示例 light_data_template_sample.c 添加业务处理逻辑。
+
+- 属性
+  属性即对设备能力的描述，譬如智能灯，通过 `开关`、`颜色`、`亮度`三个属性实现对智能灯的能力描述，通过对属性的修改即可实现对设备的控制。
+
+- 事件
+ 设备发生特定情况，譬如灯的开关状态发生了变化，上报事件。应用侧收到事件后按预设逻辑推送事件。
+ 
+- 行为
+  控制设备执行特定的行为，并将执行的结果返回。行为与属性的区别，概念上行为是数据和方法的组合，行为有执行结果的返回。属性只有数据，修改属性后设备侧是否执行成功很难在属性本身体现。
+
+数据模板示例data_template_sample.c已实现属性、事件、动作的通用处理框架。可以基于此示例开发业务逻辑，上下行业务逻辑添加的入口函数分别为 deal_up_stream_user_logic 、deal_down_stream_user_logic。可以参考智能灯的场景示例 light_data_template_sample.c 添加业务处理逻辑。
+
+
+### 下行业务逻辑实现
+- 服务端下行的数据，SDK已按数据模板协议完成了json数据的解析。ProductDataDefine是第三步中根据在平台定义的产品数据模板生成的模板结构体，由定义的各属性构成成员变量。入参pData所指向的属性数据，从服务端下行数据中，SDK已经按数据模板协议完成了属性数据的解析，用户在下行逻辑处理的函数里边可以直接使用解析好的数据添加业务逻辑即可。
+- 用户根据数据模板数据pData进行相应的业务逻辑处理。
+```
+/*用户需要实现的下行数据的业务逻辑,pData除字符串变量已实现用户定义的所有其他变量值解析赋值，待用户实现业务逻辑*/
+static void deal_down_stream_user_logic(void *client, ProductDataDefine   * pData)
+{
+	Log_d("someting about your own product logic wait to be done");
+}
+```
+
+- 示例用法:
+
+```
+/*智能灯属性数据模板*/
+typedef struct _ProductDataDefine {
+    TYPE_DEF_TEMPLATE_BOOL m_light_switch; 
+    TYPE_DEF_TEMPLATE_ENUM m_color;
+    TYPE_DEF_TEMPLATE_INT  m_brightness;
+    TYPE_DEF_TEMPLATE_STRING m_name[MAX_STR_NAME_LEN+1];
+} ProductDataDefine; 
+
+/*示例灯光控制处理逻辑*/
+static void deal_down_stream_user_logic(void *client,ProductDataDefine *light)
+{
+	int i;
+    const char * ansi_color = NULL;
+    const char * ansi_color_name = NULL;
+    char brightness_bar[]      = "||||||||||||||||||||";
+    int brightness_bar_len = strlen(brightness_bar);
+
+	/*灯光颜色*/
+	switch(light->m_color) {
+	    case eCOLOR_RED:
+	        ansi_color = ANSI_COLOR_RED;
+	        ansi_color_name = " RED ";
+	        break;
+	    case eCOLOR_GREEN:
+	        ansi_color = ANSI_COLOR_GREEN;
+	        ansi_color_name = "GREEN";
+	        break;
+	    case eCOLOR_BLUE:
+	        ansi_color = ANSI_COLOR_BLUE;
+	        ansi_color_name = " BLUE";
+	        break;
+	    default:
+	        ansi_color = ANSI_COLOR_YELLOW;
+	        ansi_color_name = "UNKNOWN";
+	        break;
+	}
+
+
+	/* 灯光亮度显示条 */		    
+    brightness_bar_len = (light->m_brightness >= 100)?brightness_bar_len:(int)((light->m_brightness * brightness_bar_len)/100);
+    for (i = brightness_bar_len; i < strlen(brightness_bar); i++) {
+        brightness_bar[i] = '-';
+    }
+
+	if(light->m_light_switch){
+        /* 灯光开启式，按照控制参数展示 */
+		HAL_Printf( "%s[  lighting  ]|[color:%s]|[brightness:%s]|[%s]\n" ANSI_COLOR_RESET,\
+					ansi_color,ansi_color_name,brightness_bar,light->m_name);
+	}else{
+		/* 灯光关闭展示 */
+		HAL_Printf( ANSI_COLOR_YELLOW"[  light is off ]|[color:%s]|[brightness:%s]|[%s]\n" ANSI_COLOR_RESET,\
+					ansi_color_name,brightness_bar,light->m_name);	
+	}
+	
+#ifdef EVENT_POST_ENABLED 
+	if(eCHANGED == sg_DataTemplate[0].state){
+		if(light->m_light_switch){	
+			memset(sg_message, 0, MAX_EVENT_STR_MESSAGE_LEN);
+			strcpy(sg_message,"light on");
+			sg_status = 1;
+		}else{
+			memset(sg_message, 0, MAX_EVENT_STR_MESSAGE_LEN);
+			strcpy(sg_message,"light off");
+			sg_status = 0;			
+		}
+		IOT_Event_setFlag(client, FLAG_EVENT0);/*灯的开关状态发生变化时置位事件，在eventPostCheck中会将置位的事件上报*/
+	}
+#endif	
+}
+```
+
+###  上行业务逻辑实现
+
+- SDK提供了属性、事件、行为的上行接口，用户可以按数据模板协议自行构造数据，然后调用接口上报相应数据。
+ 1. 属性上报接口`IOT_Template_Report`
+ 2. 事件上报接口`IOT_Post_Event`
+ 3. 行为回复接口`IOT_ACTION_REPLY`
+ 4. 
+- 数据模板示例data_template_sample.c已提供了属性、事件、行为数据构造和上报的框架。
+ 1. 对于属性上报，修改对应的属性参数，调用数据模板的属性状态设置的方法`set_propery_state`将属性置为已变化`eCHANGED`，用户在`deal_up_stream_user_logic`上行处理逻辑中，调用`find_wait_report_property`汇总需要上报的属性列表，框架会调用`IOT_Template_JSON_ConstructReportArray`根据属性列表构建上报数据并调用`IOT_Template_Report`实现属性上报。
+ 2. 对于事件，在事件产生的地方，调用`IOT_Event_setFlag`置位相应事件，框架会调用`eventPostCheck`将置位的事件自动上报。
+3. 对于行为，在注册的行为回调`OnActionCallback`中，添加业务逻辑执行对应的行为，根据行为执行结果，修改给行为的输出参数，调用`IOT_ACTION_REPLY`回复行为执行结果。
+
+```
+/*用户根据业务修改属性值，然后设置属性状态为eCHANGED*/
+static void _refresh_local_property(void)
+{
+	//add your local property refresh logic
+}
+
+
+/*用户需要实现的上行数据的业务逻辑,此处仅供示例*/
+static int deal_up_stream_user_logic(DeviceProperty *pReportDataList[], int *pCount)
+{
+	int i, j;
+	
+		/*监测是否需要更新本地数据*/
+		_refresh_local_property(); 
+
+		/*将变化的属性更新到上报列表*/
+     for (i = 0, j = 0; i < TOTAL_PROPERTY_COUNT; i++) {       
+        if(eCHANGED == sg_DataTemplate[i].state) {
+            pReportDataList[j++] = &(sg_DataTemplate[i].data_property);
+			sg_DataTemplate[i].state = eNOCHANGE;
+        }
+    }
+	*pCount = j;
+
+	return (*pCount > 0)?QCLOUD_RET_SUCCESS:QCLOUD_ERR_FAILURE;
+}
+
+```

qcloud-iot-explorer-sdk-embedded-c/docs/网关设备快速入门.md

@@ -0,0 +1,298 @@
+# 网关设备快速入门
+本文档将讲述如何在腾讯物联网开发平台(IoT Explorer)控制台申请网关设备并绑定子设备, 并结合C-SDK 的**gateway_sample**快速体验网关设备代理子设备上下线，子设备基于数据模板协议或者自定义数据，发送和接收消息。
+
+
+## 一. 控制台创建网关设备
+
+#### 1. 创建网关产品和设备
+点击页面**创建新产品**按钮, 创建一个网关产品。
+
+![](https://main.qcloudimg.com/raw/5a535db5040ac350f4033fd40071a1d7.jpg)
+
+在弹出的产品窗口中，选择节点类型和产品类型，输入产品名称，选择认证方式和数据格式，输入产品描述，然后点击确定创建
+
+在生成的产品页面下，点击**子设备管理**进行子产品和子设备绑定。
+
+![](https://main.qcloudimg.com/raw/5228791ee57d182f7adb71617c6be96a.jpg)
+
+子设备是通过网关产品代理实现子设备的鉴权和通信，网关能够代理子设备鉴权和通信的前提是在平台实现了网关和子设备的绑定操作。需要注意的是子设备是无法直连物联网平台的产品，由网关设备代理连接，所以子设备的认证方式不影响连接，由网关设备来负责认证接入。
+
+在子产品管理页面绑定子产品
+![](https://main.qcloudimg.com/raw/244dcf505fc026cb465ff26fce682d0d.jpg)
+
+在网关产品下创建网关设备，进入子设备管理，选择绑定的子产品产品，然后选择对应子产品下需要绑定的子设备
+
+![](https://main.qcloudimg.com/raw/8bad6a65baaab95d0de6eab402aeb269.jpg)
+![](https://main.qcloudimg.com/raw/1d65fe910deb0521595302ba5d54efda.jpg)
+
+#### 2. 定义子产品数据模板或者创建自定义产品
+
+网关示例代理子设备上线后，默认会订阅topic $productID/$devName/data, 并向这个topic发送数据，这个topic只有自定义透传的产品才会有data topic。
+![](https://main.qcloudimg.com/raw/26b60d86e694d23b32d7a460dd8c5794.jpg)
+![](https://main.qcloudimg.com/raw/cdb697cae207a87dda99fb89f51bd617.jpg)
+
+网关示例中，开启宏定义 `SUB_DEV_USE_DATA_TEMPLATE_LIGHT`,会代理子产品数据模板为智能灯的子设进行通信，如果开启该宏定义，请绑定一个智能灯的产品并将子产品和子设备信息分别配置到`LIGHT_SUB_DEV_PRODUCT_ID`和`LIGHT_SUB_DEV_NAME`。
+
+```
+# define SUB_DEV_USE_DATA_TEMPLATE_LIGHT
+
+# ifdef SUB_DEV_USE_DATA_TEMPLATE_LIGHT
+# define LIGHT_SUB_DEV_PRODUCT_ID    "WPDA0S6S08"
+# define LIGHT_SUB_DEV_NAME          "dev001"
+extern void* sub_dev1_thread(void *ptr, char *product_id, char *device_name);
+# endif
+```
+
+## 二. 编译运行示例程序
+
+#### 1. 配置网关和子设备信息
+修改设备信息配置device_info.json，配置网关产品、设备、密钥或者证书，配置绑定的子设备数量，对应的产品和设备名
+```
+{
+    "auth_mode":"KEY",
+
+    "productId":"PRODUCT_ID",                       //网关产品ID
+    "productSecret":"YOUR_PRODUCT_SECRET",             
+    "deviceName":"YOUR_DEV_NAME",                   //网关设备名
+
+    "key_deviceinfo":{    
+        "deviceSecret":"xxxxx"                       //密钥认证，网关设备的密钥
+    },
+
+    "cert_deviceinfo":{
+        "devCertFile":"YOUR_DEVICE_CERT_FILE_NAME",              //证书认证，网关设备的公钥证书文件名
+        "devPrivateKeyFile":"YOUR_DEVICE_PRIVATE_KEY_FILE_NAME"  //证书认证，网关设备的私钥证书文件名
+    },
+
+    "subDev":{
+        "subdev_num":6,  //子设备数量
+        "subdev_list":   //对应的子产品和子设备
+        [
+                {"sub_productId": "WPDA0S6S08", "sub_devName": "dev001"},
+                {"sub_productId": "WPDA0S6S08", "sub_devName": "dev002"},
+                {"sub_productId": "WPDA0S6S08", "sub_devName": "dev003"},
+                {"sub_productId": "Y8T6NB8DM0", "sub_devName": "test001"},
+                {"sub_productId": "Y8T6NB8DM0", "sub_devName": "test002"},
+                {"sub_productId": "Y8T6NB8DM0", "sub_devName": "test003"}               
+        ]     
+    }
+}
+```
+
+#### 2. 修改编译选项
+- 使用cmake编译，修改CMakeLists.txt(以**密钥认证设备**为例)，使能网关功能，网关会关联打开多线程功能
+
+```
+set(BUILD_TYPE                   "release")
+set(COMPILE_TOOLS                "gcc") 
+set(PLATFORM 	                "linux")
+set(FEATURE_MQTT_COMM_ENABLED ON)
+set(FEATURE_GATEWAY_ENABLED ON)
+set(FEATURE_MULTITHREAD_ENABLED ON)
+set(FEATURE_AUTH_MODE "KEY")
+
+```
+执行脚本编译
+```
+./cmake_build.sh 
+```
+示例输出位于`output/release/bin`文件夹中
+
+- 使用makefile编译，修改CMakeLists.txt(以**密钥认证设备**为例)，使能网关功能，网关会关联打开多线程功能
+
+```
+PLATFORM_CC                 	= gcc
+PLATFORM_AR                 	= ar
+PLATFORM_OS                 	= linux
+
+FEATURE_GATEWAY_ENABLED       = y
+FEATURE_MULTITHREAD_ENABLED   = y
+```
+
+执行make编译
+```
+make
+```
+示例输出位于`output/release/bin`文件夹中
+
+
+#### 3. 执行网关示例程序
+如下日志信息显示示例程序通过MQTT网关代理子设备上下线状态变化，发布和订阅消息。
+
+```
+./gateway_sample 
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(632): sub device num:6
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 0th subDevPid:BK7EEF4UIB subDevName:dev001
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 1th subDevPid:BK7EEF4UIB subDevName:dev002
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 2th subDevPid:BK7EEF4UIB subDevName:dev003
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 3th subDevPid:7P3KIFQ1JD subDevName:test001
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 4th subDevPid:7P3KIFQ1JD subDevName:test002
+DBG|2020-02-27 05:53:59|HAL_Device_linux.c|HAL_GetGwDevInfo(634): 5th subDevPid:7P3KIFQ1JD subDevName:test003
+INF|2020-02-27 05:53:59|qcloud_iot_device.c|iot_device_info_set(65): SDK_Ver: 3.1.1, Product_ID: 0WUKPUCOTC, Device_Name: GW001
+DBG|2020-02-27 05:53:59|HAL_TLS_mbedtls.c|HAL_TLS_Connect(228): Setting up the SSL/TLS structure...
+DBG|2020-02-27 05:53:59|HAL_TLS_mbedtls.c|HAL_TLS_Connect(270): Performing the SSL/TLS handshake...
+DBG|2020-02-27 05:53:59|HAL_TLS_mbedtls.c|HAL_TLS_Connect(271): Connecting to /0wukpucotc.iotcloud.tencentdevices.com/8883...
+INF|2020-02-27 05:53:59|HAL_TLS_mbedtls.c|HAL_TLS_Connect(293): connected with /0wukpucotc.iotcloud.tencentdevices.com/8883...
+INF|2020-02-27 05:53:59|mqtt_client.c|IOT_MQTT_Construct(127): mqtt connect with id: piVMy success
+DBG|2020-02-27 05:53:59|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$gateway/operation/result/0WUKPUCOTC/GW001|packet_id=7213
+DBG|2020-02-27 05:53:59|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7213
+DBG|2020-02-27 05:54:00|gateway_sample.c|gateway_yield_thread(202): gateway yield thread start ...
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev001"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(BK7EEF4UIB/dev001), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:BK7EEF4UIB devName:dev001 online success.
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev002"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(BK7EEF4UIB/dev002), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:BK7EEF4UIB devName:dev002 online success.
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev003"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(BK7EEF4UIB/dev003), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:BK7EEF4UIB devName:dev003 online success.
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test001"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(7P3KIFQ1JD/test001), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:7P3KIFQ1JD devName:test001 online success.
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test002"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(7P3KIFQ1JD/test002), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:7P3KIFQ1JD devName:test002 online success.
+DBG|2020-02-27 05:54:01|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-02-27 05:54:01|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test003"}]}}
+INF|2020-02-27 05:54:01|gateway_common.c|_gateway_message_handler(138): client_id(7P3KIFQ1JD/test003), online result 0
+DBG|2020-02-27 05:54:01|gateway_sample.c|main(289): subDev Pid:7P3KIFQ1JD devName:test003 online success.
+ERR|2020-02-27 05:54:01|gateway_sample.c|main(311): create sub_dev light thread success
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/BK7EEF4UIB/dev002|packet_id=7214
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/BK7EEF4UIB/dev003|packet_id=7215
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/7P3KIFQ1JD/test001|packet_id=7216
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/7P3KIFQ1JD/test002|packet_id=7217
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/7P3KIFQ1JD/test003|packet_id=7218
+DBG|2020-02-27 05:54:01|sub_dev001.c|sub_dev1_thread(563): sub_dev1_thread ...
+INF|2020-02-27 05:54:01|qcloud_iot_device.c|iot_device_info_set(65): SDK_Ver: 3.1.1, Product_ID: BK7EEF4UIB, Device_Name: dev001
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/property/BK7EEF4UIB/dev001|packet_id=7219
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/event/BK7EEF4UIB/dev001|packet_id=7220
+DBG|2020-02-27 05:54:01|mqtt_client_subscribe.c|qcloud_iot_mqtt_subscribe(141): topicName=$thing/down/action/BK7EEF4UIB/dev001|packet_id=7221
+INF|2020-02-27 05:54:01|sub_dev001.c|sub_dev1_thread(574): Cloud Device Construct Success
+DBG|2020-02-27 05:54:01|sub_dev001.c|_usr_init(337): add your init code here
+INF|2020-02-27 05:54:01|sub_dev001.c|_register_data_template_property(376): data template property=power_switch registered.
+INF|2020-02-27 05:54:01|sub_dev001.c|_register_data_template_property(376): data template property=color registered.
+INF|2020-02-27 05:54:01|sub_dev001.c|_register_data_template_property(376): data template property=brightness registered.
+INF|2020-02-27 05:54:01|sub_dev001.c|_register_data_template_property(376): data template property=name registered.
+INF|2020-02-27 05:54:01|sub_dev001.c|sub_dev1_thread(589): Register data template propertys Success
+INF|2020-02-27 05:54:01|sub_dev001.c|_register_data_template_action(277): data template action=blink registered.
+INF|2020-02-27 05:54:01|sub_dev001.c|sub_dev1_thread(599): Register data template actions Success
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7214
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7214
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7216
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7216
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7218
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7218
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7217
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7217
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7215
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7215
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7219
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7219
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7220
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7220
+DBG|2020-02-27 05:54:01|gateway_api.c|_gateway_event_handler(23): gateway sub|unsub(3) success, packet-id=7221
+INF|2020-02-27 05:54:01|gateway_sample.c|_event_handler(74): subscribe success, packet-id=7221
+DBG|2020-02-27 05:54:02|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"report_info", "clientToken":"BK7EEF4UIB-0", "params":{"module_hardinfo":"ESP8266","module_softinfo":"V1.0","fw_ver":"3.1.1","imei":"11-22-33-44","lat":"22.546015","lon":"113.941125", "device_label":{"append_info":"your self define info"}}}
+DBG|2020-02-27 05:54:02|data_template_client.c|_reply_ack_cb(169): replyAck=0
+DBG|2020-02-27 05:54:02|data_template_client.c|_reply_ack_cb(172): Received Json Document={"method":"report_info_reply","clientToken":"BK7EEF4UIB-0","code":0,"status":"success"}
+DBG|2020-02-27 05:54:02|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"get_status", "clientToken":"BK7EEF4UIB-1"}
+DBG|2020-02-27 05:54:02|data_template_client.c|_get_status_reply_ack_cb(185): replyAck=0
+DBG|2020-02-27 05:54:02|data_template_client.c|_get_status_reply_ack_cb(189): Received Json Document={"method":"get_status_reply","clientToken":"BK7EEF4UIB-1","code":0,"status":"success","data":{"reported":{"brightness":0,"name":"dev001","power_switch":1,"color":1}}}
+DBG|2020-02-27 05:54:02|sub_dev001.c|sub_dev1_thread(625): Get data status success
+DBG|2020-02-27 05:54:02|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"report", "clientToken":"BK7EEF4UIB-2", "params":{"power_switch":0,"color":0,"brightness":0,"name":""}}
+INF|2020-02-27 05:54:02|sub_dev001.c|sub_dev1_thread(666): data template reporte success
+INF|2020-02-27 05:54:02|sub_dev001.c|OnReportReplyCallback(360): recv report_reply(ack=0): {"method":"report_reply","clientToken":"BK7EEF4UIB-2","code":0,"status":"success"}
+DBG|2020-02-27 05:54:03|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev002|payload={"method":"report","clientToken":"123","params":{}}
+DBG|2020-02-27 05:54:03|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev003|payload={"method":"report","clientToken":"123","params":{}}
+DBG|2020-02-27 05:54:03|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/7P3KIFQ1JD/test001|payload={"method":"report","clientToken":"123","params":{}}
+DBG|2020-02-27 05:54:03|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/7P3KIFQ1JD/test002|payload={"method":"report","clientToken":"123","params":{}}
+DBG|2020-02-27 05:54:03|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/7P3KIFQ1JD/test003|payload={"method":"report","clientToken":"123","params":{}}
+INF|2020-02-27 05:54:03|gateway_sample.c|_message_handler(124): Receive Message With topicName:$thing/down/property/BK7EEF4UIB/dev002, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|2020-02-27 05:54:03|gateway_sample.c|_message_handler(124): Receive Message With topicName:$thing/down/property/7P3KIFQ1JD/test001, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|2020-02-27 05:54:03|gateway_sample.c|_message_handler(124): Receive Message With topicName:$thing/down/property/7P3KIFQ1JD/test002, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|2020-02-27 05:54:03|gateway_sample.c|_message_handler(124): Receive Message With topicName:$thing/down/property/7P3KIFQ1JD/test003, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+INF|2020-02-27 05:54:03|gateway_sample.c|_message_handler(124): Receive Message With topicName:$thing/down/property/BK7EEF4UIB/dev003, payload:{"method":"report_reply","clientToken":"123","code":0,"status":"success"}
+DBG|2020-02-27 05:54:07|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"report", "clientToken":"BK7EEF4UIB-3", "params":{"power_switch":0,"color":0,"brightness":0,"name":""}}
+INF|2020-02-27 05:54:07|sub_dev001.c|sub_dev1_thread(666): data template reporte success
+INF|2020-02-27 05:54:07|sub_dev001.c|OnReportReplyCallback(360): recv report_reply(ack=0): {"method":"report_reply","clientToken":"BK7EEF4UIB-3","code":0,"status":"success"}
+```
+
+#### 4. 观察子设备上线
+如下日志信息显示示例程序的网关设备Gateway-demo通过MQTT代理6个子设备上线成功：
+
+```
+DBG|2020-01-13 16:11:24|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:24|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"WPDA0S6S08","device_name":"dev001"}]}}
+INF|2020-01-13 16:11:24|gateway_common.c|_gateway_message_handler(138): client_id(WPDA0S6S08/dev001), online result 0
+DBG|2020-01-13 16:11:25|gateway_sample.c|main(282): subDev Pid:WPDA0S6S08 devName:dev001 online success.
+DBG|2020-01-13 16:11:25|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:25|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"WPDA0S6S08","device_name":"dev002"}]}}
+INF|2020-01-13 16:11:25|gateway_common.c|_gateway_message_handler(138): client_id(WPDA0S6S08/dev002), online result 0
+DBG|2020-01-13 16:11:25|gateway_sample.c|main(282): subDev Pid:WPDA0S6S08 devName:dev002 online success.
+DBG|2020-01-13 16:11:25|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:25|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"WPDA0S6S08","device_name":"dev003"}]}}
+INF|2020-01-13 16:11:25|gateway_common.c|_gateway_message_handler(138): client_id(WPDA0S6S08/dev003), online result 0
+DBG|2020-01-13 16:11:25|gateway_sample.c|main(282): subDev Pid:WPDA0S6S08 devName:dev003 online success.
+DBG|2020-01-13 16:11:25|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:25|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"Y8T6NB8DM0","device_name":"test001"}]}}
+INF|2020-01-13 16:11:25|gateway_common.c|_gateway_message_handler(138): client_id(Y8T6NB8DM0/test001), online result 0
+DBG|2020-01-13 16:11:25|gateway_sample.c|main(282): subDev Pid:Y8T6NB8DM0 devName:test001 online success.
+DBG|2020-01-13 16:11:25|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:25|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"Y8T6NB8DM0","device_name":"test002"}]}}
+INF|2020-01-13 16:11:25|gateway_common.c|_gateway_message_handler(138): client_id(Y8T6NB8DM0/test002), online result 0
+DBG|2020-01-13 16:11:25|gateway_sample.c|main(282): subDev Pid:Y8T6NB8DM0 devName:test002 online success.
+DBG|2020-01-13 16:11:25|gateway_api.c|IOT_Gateway_Subdev_Online(125): there is no session, create a new session
+DBG|2020-01-13 16:11:25|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/MMC8QP0VAQ/GW001|payload={"type":"online","payload":{"devices":[{"product_id":"Y8T6NB8DM0","device_name":"test003"}]}}
+INF|2020-01-13 16:11:25|gateway_common.c|_gateway_message_handler(138): client_id(Y8T6NB8DM0/test003), online result 0
+DBG|2020-01-13 16:11:26|gateway_sample.c|main(282): subDev Pid:Y8T6NB8DM0 devName:test003 online success.
+
+```
+
+#### 5. 观察子设备下线
+如下日志信息显示示例程序的网关设备Gateway-demo通过MQTT代理子设备下线成功：
+````
+DBG|2020-02-27 05:58:49|gateway_sample.c|main(388): subDev Pid:BK7EEF4UIB devName:dev002 offline success.
+DBG|2020-02-27 05:58:49|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"offline","payload":{"devices":[{"product_id":"BK7EEF4UIB","device_name":"dev003"}]}}
+INF|2020-02-27 05:58:49|gateway_common.c|_gateway_message_handler(143): client_id(BK7EEF4UIB/dev003), offline result 0
+DBG|2020-02-27 05:58:49|gateway_sample.c|main(388): subDev Pid:BK7EEF4UIB devName:dev003 offline success.
+DBG|2020-02-27 05:58:49|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"offline","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test001"}]}}
+INF|2020-02-27 05:58:49|gateway_common.c|_gateway_message_handler(143): client_id(7P3KIFQ1JD/test001), offline result 0
+DBG|2020-02-27 05:58:49|gateway_sample.c|main(388): subDev Pid:7P3KIFQ1JD devName:test001 offline success.
+DBG|2020-02-27 05:58:49|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"offline","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test002"}]}}
+INF|2020-02-27 05:58:49|gateway_common.c|_gateway_message_handler(143): client_id(7P3KIFQ1JD/test002), offline result 0
+DBG|2020-02-27 05:58:49|gateway_sample.c|main(388): subDev Pid:7P3KIFQ1JD devName:test002 offline success.
+DBG|2020-02-27 05:58:49|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$gateway/operation/0WUKPUCOTC/GW001|payload={"type":"offline","payload":{"devices":[{"product_id":"7P3KIFQ1JD","device_name":"test003"}]}}
+INF|2020-02-27 05:58:49|gateway_common.c|_gateway_message_handler(143): client_id(7P3KIFQ1JD/test003), offline result 0
+DBG|2020-02-27 05:58:49|gateway_sample.c|main(388): subDev Pid:7P3KIFQ1JD devName:test003 offline success.
+
+```
+#### 6. 观察网关发送接收子设备的消息
+通过控制台控制智能灯子设备开关状态、灯光颜色和亮度，如下日志信息
+```
+DBG|2020-02-27 06:02:19|data_template_client_manager.c|_on_template_downstream_topic_handler(527): control_str:{"power_switch":1,"brightness":50}
+INF|2020-02-27 06:02:19|sub_dev001.c|OnControlMsgCallback(349): Property=brightness changed
+INF|2020-02-27 06:02:19|sub_dev001.c|OnControlMsgCallback(349): Property=power_switch changed
+[  lighting  ]|[color: RED ]|[brightness:||||||||||----------]|[]
+DBG|2020-02-27 06:02:19|data_template_client.c|IOT_Template_ControlReply(698): Report Document: {"code":0, "clientToken":"clientToken-db6220ff-ab9f-4655-945d-dd14b6e3498d"}
+DBG|2020-02-27 06:02:19|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"control_reply", "code":0, "clientToken":"clientToken-db6220ff-ab9f-4655-945d-dd14b6e3498d"}
+DBG|2020-02-27 06:02:19|sub_dev001.c|sub_dev1_thread(649): Contol msg reply success
+```
+#### 6. 观察网关代理子设备发送消息
+智能灯子设备会周期上报，开关状态发生变化会上报事件
+```
+DBG|2020-02-27 06:02:19|mqtt_client_publish.c|qcloud_iot_mqtt_publish(334): publish topic seq=58053|topicName=$thing/up/event/BK7EEF4UIB/dev001|payload={"method":"event_post", "clientToken":"BK7EEF4UIB-8", "eventId":"status_report", "type":"info", "timestamp":0, "params":{"status":1,"message":"light on"}}
+INF|2020-02-27 06:02:19|gateway_sample.c|_event_handler(101): publish success, packet-id=58053
+INF|2020-02-27 06:02:19|sub_dev001.c|OnReportReplyCallback(360): recv report_reply(ack=0): {"method":"report_reply","clientToken":"BK7EEF4UIB-7","code":0,"status":"success"}
+DBG|2020-02-27 06:02:19|data_template_event.c|_on_event_reply_callback(105): recv:{"method":"event_reply","clientToken":"BK7EEF4UIB-8","code":0,"status":"","data":{}}
+DBG|2020-02-27 06:02:19|data_template_event.c|_on_event_reply_callback(123): eventToken:BK7EEF4UIB-8 code:0 status:(null)
+DBG|2020-02-27 06:02:19|sub_dev001.c|event_post_cb(169): recv event reply, clear event
+DBG|2020-02-27 06:02:19|data_template_event.c|_traverse_event_list(79): eventToken[BK7EEF4UIB-8] released
+DBG|2020-02-27 06:02:21|mqtt_client_publish.c|qcloud_iot_mqtt_publish(340): publish packetID=0|topicName=$thing/up/property/BK7EEF4UIB/dev001|payload={"method":"report", "clientToken":"BK7EEF4UIB-9", "params":{"power_switch":1,"color":0,"brightness":50,"name":""}}
+INF|2020-02-27 06:02:21|sub_dev001.c|sub_dev1_thread(666): data template reporte success
+INF|2020-02-27 06:02:21|sub_dev001.c|OnReportReplyCallback(360): recv report_reply(ack=0): {"method":"report_reply","clientToken":"BK7EEF4UIB-9","code":0,"status":"success"}
+```

qcloud-iot-explorer-sdk-embedded-c/docs/设备固件升级.md

@@ -0,0 +1,129 @@
+## 操作场景
+设备固件升级又称 OTA，是物联网通信服务的重要组成部分。当物联设备有新功能或者需要修复漏洞时，设备可以通过 OTA 服务快速的进行固件升级。
+
+
+## 实现原理
+固件升级的过程中，需要设备订阅下面两个 Topic 来实现与云端的通信，如下图所示：
+![OTA topic](https://main.qcloudimg.com/raw/0046e2a294c541e109fc0b6829d180cc.jpg)
+示例：
+```php
+$ota/report/${productID}/${deviceName}
+用于发布（上行）消息，设备上报版本号及下载、升级进度到云端
+$ota/update/${productID}/${deviceName}
+用于订阅（下行）消息，设备接收云端的升级消息
+```
+
+
+## 操作流程
+设备的升级流程如下所示：
+![OTA 时序图](https://main.qcloudimg.com/raw/a2f10ab90959a23b1675201b1e2311e0.jpg)
+1. 设备上报当前版本号。设备端通过 MQTT 协议发布一条消息到 Topic `$ota/report/${productID/${deviceName}`，进行版本号的上报，消息为 json 格式，内容如下：
+```json
+{
+	"type": "report_version",
+	"report":{
+    	"version": "0.1"
+	}
+}
+// type：消息类型
+// version：上报的版本号
+```
+2. 然后您可以在控制台上传固件。
+3. 在控制台将指定的设备升级到指定的版本。
+4. 触发固件升级操作后，设备端会通过订阅的 Topic  `$ota/update/${productID}/${deviceName}` 收到固件升级的消息，内容如下：
+``` json
+{
+    "file_size": 708482,
+    "md5sum": "36eb5951179db14a631463a37a9322a2",
+    "type": "update_firmware",
+    "url": "https://ota-1255858890.cos.ap-guangzhou.myqcloud.com",
+    "version": "0.2"
+}
+// type：消息类型为update_firmware
+// version：升级版本
+// url：下载固件的url
+// md5asum：固件的MD5值
+// file_size：固件大小，单位为字节
+```
+5. 设备在收到固件升级的消息后，根据 URL 下载固件，下载的过程中设备 SDK 会通过 Topic `$ota/report/${productID}/${deviceName}`不断的上报下载进度，上报的内容如下： 
+```json
+{
+    "type": "report_progress",
+    "report":{
+        "progress":{
+               "state":"downloading",
+          	   "percent":"10",
+               "result_code":"0",
+               "result_msg":""
+        },
+        "version": "0.2"
+    }
+}
+// type：消息类型
+// state：状态为正在下载中
+// percent：当前下载进度，百分比
+```
+6. 当设备下载完固件，设备需要通过 Topic  `$ota/report/${productID}/${deviceName}`上报一条开始升级的消息，内容如下：
+```json
+{
+    "type": "report_progress",
+    "report":{
+        "progress":{
+               "state":"burning",
+               "result_code":"0",
+               "result_msg":""
+        },
+        "version": "0.2"
+    }
+}
+// type：消息类型
+// state：状态为烧制中
+```
+7. 设备固件升级完成后，再向 Topic  `$ota/report/${productID}/${deviceName}`上报升级成功消息，内容如下：
+```json
+{
+	"type": "report_progress",
+	"report":{
+		"progress":{
+       		"state":"done",
+       		"result_code":"0",
+       		"result_msg":""
+		},
+		"version": "0.2"
+	}
+}
+// type：消息类型
+// state：状态为已完成
+```
+
+>!在下载固件或升级固件的过程中，如果失败，则通过 Topic  `$ota/report/${productID}/${deviceName}`上报升级失败消息，内容如下：
+
+```json
+{
+	"type": "report_progress",
+	"report":{
+		"progress":{
+       		"state":"fail",
+       		"result_code":"-1",
+       		"result_msg":"time_out"
+		},
+		"version": "0.2"
+	}
+}
+// state：状态为失败
+// result_code：错误码，-1：下载超时；-2：文件不存在；-3：签名过期；-4:MD5不匹配；-5：更新固件失败
+// result_msg：错误消息
+```
+
+## OTA断点续传
+物联网设备有部分场景处于弱网环境，在这个场景下连接会不稳定，固件下载会中断的情况出现。如果每次都从0偏移开始下载固件，则弱网环境有可能一直无法完成全部固件下载，因此固件的断点续传功能特别必要。
+
+断点续传就是从文件上次中断的地方开始重新下载或上传，要实现断点续传的功能，需要设备端记录固件下载的中断位置，同时记录下载固件的md5、文件大小、版本信息。
+
+平台针对OTA中断的场景，设备侧report设备的版本，如果上报的版本号与要升级的目标版本号不一致，则平台会再次下发固件升级消息，设备获取到升级的目标固件的信息与本地记录的中断的固件信息比较，确定为同一固件后，基于断点继续下载。
+
+SDK提供的OTA sample示例了断点续传的断点记录及续传实现，示例是基于json文件实现记录描述，对于没有文件系统的修改这部分实现即可。
+
+带断点续传的OTA升级流程如下，弱网环境下第3步到第6步有可能会多次执行，没有执行第7步，执行第3步，设备端都会收到第4步的消息。
+
+![OTA 断点续传时序图](https://main.qcloudimg.com/raw/5d17e84352b59ea448fb95824ea53e6d.jpg)

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/CMakeLists.txt

@@ -0,0 +1,139 @@
+option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
+option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
+option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
+
+set(src_crypto
+        ./library/aes.c
+        ./library/aesni.c
+        ./library/arc4.c
+        ./library/asn1parse.c
+        ./library/asn1write.c
+        ./library/base64.c
+        ./library/bignum.c
+        ./library/blowfish.c
+        ./library/camellia.c
+        ./library/ccm.c
+        ./library/cipher.c
+        ./library/cipher_wrap.c
+        ./library/cmac.c
+        ./library/ctr_drbg.c
+        ./library/des.c
+        ./library/dhm.c
+        ./library/ecdh.c
+        ./library/ecdsa.c
+        ./library/ecjpake.c
+        ./library/ecp.c
+        ./library/ecp_curves.c
+        ./library/entropy.c
+        ./library/entropy_poll.c
+        ./library/error.c
+        ./library/gcm.c
+        ./library/havege.c
+        ./library/hmac_drbg.c
+        ./library/md.c
+        ./library/md2.c
+        ./library/md4.c
+        ./library/md5.c
+        ./library/md_wrap.c
+        ./library/memory_buffer_alloc.c
+        ./library/oid.c
+        ./library/padlock.c
+        ./library/pem.c
+        ./library/pk.c
+        ./library/pk_wrap.c
+        ./library/pkcs12.c
+        ./library/pkcs5.c
+        ./library/pkparse.c
+        ./library/pkwrite.c
+        ./library/platform.c
+        ./library/ripemd160.c
+        ./library/rsa.c
+        ./library/sha1.c
+        ./library/sha256.c
+        ./library/sha512.c
+        ./library/threading.c
+        ./library/timing.c
+        ./library/version.c
+        ./library/version_features.c
+        ./library/xtea.c
+)
+
+set(src_x509
+        ./library/certs.c
+        ./library/pkcs11.c
+        ./library/x509.c
+        ./library/x509_create.c
+        ./library/x509_crl.c
+        ./library/x509_crt.c
+        ./library/x509_csr.c
+        ./library/x509write_crt.c
+        ./library/x509write_csr.c
+)
+
+set(src_tls
+        ./library/debug.c
+        ./library/net_sockets.c
+        ./library/ssl_cache.c
+        ./library/ssl_ciphersuites.c
+        ./library/ssl_cli.c
+        ./library/ssl_cookie.c
+        ./library/ssl_srv.c
+        ./library/ssl_ticket.c
+        ./library/ssl_tls.c
+)
+
+if(CMAKE_COMPILER_IS_GNUCC)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
+endif(CMAKE_COMPILER_IS_GNUCC)
+
+if(CMAKE_COMPILER_IS_CLANG)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
+endif(CMAKE_COMPILER_IS_CLANG)
+
+if(WIN32)
+    set(libs ${libs} ws2_32)
+endif(WIN32)
+
+if(USE_PKCS11_HELPER_LIBRARY)
+    set(libs ${libs} pkcs11-helper)
+endif(USE_PKCS11_HELPER_LIBRARY)
+
+if(ENABLE_ZLIB_SUPPORT)
+    set(libs ${libs} ${ZLIB_LIBRARIES})
+endif(ENABLE_ZLIB_SUPPORT)
+
+if(LINK_WITH_PTHREAD)
+    set(libs ${libs} pthread)
+endif()
+
+if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
+    message(FATAL_ERROR "Need to choose static or shared mbedtls build!")
+endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
+
+if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
+    set(mbedtls_static_target "mbedtls_static")
+    set(mbedx509_static_target "mbedx509_static")
+    set(mbedcrypto_static_target "mbedcrypto_static")
+elseif(USE_STATIC_MBEDTLS_LIBRARY)
+    set(mbedtls_static_target "mbedtls")
+    set(mbedx509_static_target "mbedx509")
+    set(mbedcrypto_static_target "mbedcrypto")
+endif()
+
+
+
+if(USE_STATIC_MBEDTLS_LIBRARY AND ${FEATURE_AUTH_WITH_NOTLS} STREQUAL "OFF")
+    SET(LIBRARY_OUTPUT_PATH ${PROJECT_SOURCE_DIR}/output/${BUILD_TYPE}/lib/)  
+
+    add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
+    set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
+    target_link_libraries(${mbedcrypto_static_target} ${libs})
+
+    add_library(${mbedx509_static_target} STATIC ${src_x509})
+    set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
+    target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target})
+
+    add_library(${mbedtls_static_target} STATIC ${src_tls})
+    set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
+    target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target})
+endif()

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/Makefile

@@ -0,0 +1,108 @@
+
+DESTDIR=/usr/local
+PREFIX=mbedtls_
+
+.SILENT:
+
+.PHONY: all lib tests install uninstall clean test check covtest lcov apidoc apidoc_clean
+
+all: lib
+	$(MAKE) post_build
+
+no_test: programs
+
+programs: lib
+	$(MAKE) -s -C programs
+
+lib:
+	$(MAKE) -C library
+
+tests: lib
+	$(MAKE) -C tests
+
+ifndef WINDOWS
+install: no_test
+	mkdir -p $(DESTDIR)/include/mbedtls
+	cp -r include/mbedtls $(DESTDIR)/include
+	
+	mkdir -p $(DESTDIR)/lib
+	cp -RP library/libmbedtls.*    $(DESTDIR)/lib
+	cp -RP library/libmbedx509.*   $(DESTDIR)/lib
+	cp -RP library/libmbedcrypto.* $(DESTDIR)/lib
+	
+	mkdir -p $(DESTDIR)/bin
+	for p in programs/*/* ; do              \
+	    if [ -x $$p ] && [ ! -d $$p ] ;     \
+	    then                                \
+	        f=$(PREFIX)`basename $$p` ;     \
+	        cp $$p $(DESTDIR)/bin/$$f ;     \
+	    fi                                  \
+	done
+
+uninstall:
+	rm -rf $(DESTDIR)/include/mbedtls
+	rm -f $(DESTDIR)/lib/libmbedtls.*
+	rm -f $(DESTDIR)/lib/libmbedx509.*
+	rm -f $(DESTDIR)/lib/libmbedcrypto.*
+	
+	for p in programs/*/* ; do              \
+	    if [ -x $$p ] && [ ! -d $$p ] ;     \
+	    then                                \
+	        f=$(PREFIX)`basename $$p` ;     \
+	        rm -f $(DESTDIR)/bin/$$f ;      \
+	    fi                                  \
+	done
+endif
+
+WARNING_BORDER      =*******************************************************\n
+NULL_ENTROPY_WARN_L1=****  WARNING!  MBEDTLS_TEST_NULL_ENTROPY defined! ****\n
+NULL_ENTROPY_WARN_L2=****  THIS BUILD HAS NO DEFINED ENTROPY SOURCES    ****\n
+NULL_ENTROPY_WARN_L3=****  AND IS *NOT* SUITABLE FOR PRODUCTION USE     ****\n
+
+NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER)
+
+# Post build steps
+post_build:
+ifndef WINDOWS
+	# If NULL Entropy is configured, display an appropriate warning
+	-scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
+	    echo '$(NULL_ENTROPY_WARNING)'
+endif
+
+clean:
+	$(MAKE) -C library clean
+ifndef WINDOWS
+	find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} +
+endif
+
+check: lib tests
+	$(MAKE) -C tests check
+
+test: check
+
+ifndef WINDOWS
+# note: for coverage testing, build with:
+# make CFLAGS='--coverage -g3 -O0'
+covtest:
+	$(MAKE) check
+	programs/test/selftest
+	tests/compat.sh
+	tests/ssl-opt.sh
+
+lcov:
+	rm -rf Coverage
+	lcov --capture --initial --directory library -o files.info
+	lcov --capture --directory library -o tests.info
+	lcov --add-tracefile files.info --add-tracefile tests.info -o all.info
+	lcov --remove all.info -o final.info '*.h'
+	gendesc tests/Descriptions.txt -o descriptions
+	genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info
+	rm -f files.info tests.info all.info final.info descriptions
+
+apidoc:
+	mkdir -p apidoc
+	doxygen doxygen/mbedtls.doxyfile
+
+apidoc_clean:
+	rm -rf apidoc
+endif

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/configs/README.txt

@@ -0,0 +1,26 @@
+This directory contains example configuration files.
+
+The examples are generally focused on a particular usage case (eg, support for
+a restricted number of ciphersuites) and aim at minimizing resource usage for
+this target. They can be used as a basis for custom configurations.
+
+These files are complete replacements for the default config.h. To use one of
+them, you can pick one of the following methods:
+
+1. Replace the default file include/mbedtls/config.h with the chosen one.
+   (Depending on your compiler, you may need to ajust the line with
+   #include "mbedtls/check_config.h" then.)
+
+2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
+   For example, using make:
+
+    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" make
+
+   Or, using cmake:
+
+    find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
+    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" cmake .
+    make
+
+Note that the second method also works if you want to keep your custom
+configuration file outside the mbed TLS tree.

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/configs/config-ccm-psk-tls1_2.h

@@ -0,0 +1,85 @@
+/*
+ *  Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
+ * Distinguishing features:
+ * - no bignum, no PK, no X509
+ * - fully modern and secure (provided the pre-shared keys have high entropy)
+ * - very low record overhead with CCM-8
+ * - optimized for low RAM usage
+ *
+ * See README.txt for usage instructions.
+ */
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+/* System support */
+//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
+/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
+
+/* mbed TLS feature support */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/* mbed TLS modules */
+#define MBEDTLS_AES_C
+#define MBEDTLS_CCM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_NET_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_TLS_C
+
+/* Save RAM at the expense of ROM */
+#define MBEDTLS_AES_ROM_TABLES
+
+/* Save some RAM by adjusting to your exact needs */
+#define MBEDTLS_PSK_MAX_LEN    16 /* 128-bits keys are generally enough */
+
+/*
+ * You should adjust this to the exact number of sources you're using: default
+ * is the "platform_entropy_poll" source, but you may want to add other ones
+ * Minimum is 2 for the entropy test suite.
+ */
+#define MBEDTLS_ENTROPY_MAX_SOURCES 2
+
+/*
+ * Use only CCM_8 ciphersuites, and
+ * save ROM and a few bytes of RAM by specifying our own ciphersuite list
+ */
+#define MBEDTLS_SSL_CIPHERSUITES                        \
+        MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,             \
+        MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
+
+/*
+ * Save RAM at the expense of interoperability: do this only if you control
+ * both ends of the connection!  (See comments in "mbedtls/ssl.h".)
+ * The optimal size here depends on the typical size of records.
+ */
+#define MBEDTLS_SSL_MAX_CONTENT_LEN             512
+
+#include "mbedtls/check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/configs/config-mini-tls1_1.h

@@ -0,0 +1,75 @@
+/*
+ *  Minimal configuration for TLS 1.1 (RFC 4346)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * Minimal configuration for TLS 1.1 (RFC 4346), implementing only the
+ * required ciphersuite: MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *
+ * See README.txt for usage instructions.
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+/* System support */
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_HAVE_TIME
+
+/* mbed TLS feature support */
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_PKCS1_V15
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#define MBEDTLS_SSL_PROTO_TLS1_1
+
+/* mbed TLS modules */
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_DES_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_MD5_C
+#define MBEDTLS_NET_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_RSA_C
+#define MBEDTLS_SHA1_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_TLS_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_USE_C
+
+/* For test certificates */
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_CERTS_C
+#define MBEDTLS_PEM_PARSE_C
+
+/* For testing with compat.sh */
+#define MBEDTLS_FS_IO
+
+#include "mbedtls/check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/configs/config-no-entropy.h

@@ -0,0 +1,85 @@
+/**
+ *  Minimal configuration of features that do not require an entropy source
+ *
+ *  Copyright (C) 2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * Minimal configuration of features that do not require an entropy source
+ * Distinguishing reatures:
+ * - no entropy module
+ * - no TLS protocol implementation available due to absence of an entropy
+ *   source
+ *
+ * See README.txt for usage instructions.
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+/* System support */
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_HAVE_TIME
+
+/* mbed TLS feature support */
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_ECP_NIST_OPTIM
+#define MBEDTLS_ECDSA_DETERMINISTIC
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+#define MBEDTLS_PKCS1_V15
+#define MBEDTLS_PKCS1_V21
+#define MBEDTLS_SELF_TEST
+#define MBEDTLS_VERSION_FEATURES
+#define MBEDTLS_X509_CHECK_KEY_USAGE
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+
+/* mbed TLS modules */
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_CCM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ERROR_C
+#define MBEDTLS_GCM_C
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PLATFORM_C
+#define MBEDTLS_RSA_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA512_C
+#define MBEDTLS_VERSION_C
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_CRL_PARSE_C
+
+#include "check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/configs/config-picocoin.h

@@ -0,0 +1,71 @@
+/*
+ *  Reduced configuration used by Picocoin.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * Reduced configuration used by Picocoin.
+ *
+ * See README.txt for usage instructions.
+ *
+ * Distinguishing features:
+ * - no SSL/TLS;
+ * - no X.509;
+ * - ECDSA/PK and some other chosen crypto bits.
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+/* System support */
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_HAVE_TIME
+
+/* mbed TLS feature support */
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECDSA_DETERMINISTIC
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+#define MBEDTLS_FS_IO
+
+/* mbed TLS modules */
+#define MBEDTLS_AESNI_C
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PADLOCK_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_RIPEMD160_C
+#define MBEDTLS_SHA1_C
+#define MBEDTLS_SHA256_C
+
+#include "mbedtls/check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/configs/config-suite-b.h

@@ -0,0 +1,114 @@
+/*
+ *  Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
+ *
+ * Distinguishing features:
+ * - no RSA or classic DH, fully based on ECC
+ * - optimized for low RAM usage
+ *
+ * Possible improvements:
+ * - if 128-bit security is enough, disable secp384r1 and SHA-512
+ * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C
+ *
+ * See README.txt for usage instructions.
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+/* System support */
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_HAVE_TIME
+
+/* mbed TLS feature support */
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/* mbed TLS modules */
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_ECDH_C
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_GCM_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_NET_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA512_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_TLS_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_USE_C
+
+/* For test certificates */
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_CERTS_C
+#define MBEDTLS_PEM_PARSE_C
+
+/* Save RAM at the expense of ROM */
+#define MBEDTLS_AES_ROM_TABLES
+
+/* Save RAM by adjusting to our exact needs */
+#define MBEDTLS_ECP_MAX_BITS   384
+#define MBEDTLS_MPI_MAX_SIZE    48 // 384 bits is 48 bytes
+
+/* Save RAM at the expense of speed, see ecp.h */
+#define MBEDTLS_ECP_WINDOW_SIZE        2
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM  0
+
+/* Significant speed benefit at the expense of some ROM */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/*
+ * You should adjust this to the exact number of sources you're using: default
+ * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones.
+ * Minimum is 2 for the entropy test suite.
+ */
+#define MBEDTLS_ENTROPY_MAX_SOURCES 2
+
+/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
+#define MBEDTLS_SSL_CIPHERSUITES                        \
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,    \
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+/*
+ * Save RAM at the expense of interoperability: do this only if you control
+ * both ends of the connection!  (See coments in "mbedtls/ssl.h".)
+ * The minimum size here depends on the certificate chain used as well as the
+ * typical size of records.
+ */
+#define MBEDTLS_SSL_MAX_CONTENT_LEN             1024
+
+#include "mbedtls/check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/configs/config-thread.h

@@ -0,0 +1,91 @@
+/*
+ *  Minimal configuration for using TLS as part of Thread
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * Minimal configuration for using TLS a part of Thread
+ * http://threadgroup.org/
+ *
+ * Distinguishing features:
+ * - no RSA or classic DH, fully based on ECC
+ * - no X.509
+ * - support for experimental EC J-PAKE key exchange
+ *
+ * See README.txt for usage instructions.
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+/* System support */
+#define MBEDTLS_HAVE_ASM
+
+/* mbed TLS feature support */
+#define MBEDTLS_AES_ROM_TABLES
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_NIST_OPTIM
+#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#define MBEDTLS_SSL_PROTO_TLS1_2
+#define MBEDTLS_SSL_PROTO_DTLS
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#define MBEDTLS_SSL_EXPORT_KEYS
+
+/* mbed TLS modules */
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_CCM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_CMAC_C
+#define MBEDTLS_ECJPAKE_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SSL_COOKIE_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_TLS_C
+
+/* For tests using ssl-opt.sh */
+#define MBEDTLS_NET_C
+#define MBEDTLS_TIMING_C
+
+/* Save RAM at the expense of ROM */
+#define MBEDTLS_AES_ROM_TABLES
+
+/* Save RAM by adjusting to our exact needs */
+#define MBEDTLS_ECP_MAX_BITS             256
+#define MBEDTLS_MPI_MAX_SIZE              32 // 256 bits is 32 bytes
+
+/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
+#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+
+#include "mbedtls/check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/aes.h

@@ -0,0 +1,297 @@
+/**
+ * \file aes.h
+ *
+ * \brief AES block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_AES_H
+#define MBEDTLS_AES_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+/* padlock.c and aesni.c rely on these values! */
+#define MBEDTLS_AES_ENCRYPT     1
+#define MBEDTLS_AES_DECRYPT     0
+
+#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
+#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_AES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          AES context structure
+ *
+ * \note           buf is able to hold 32 extra bytes, which can be used:
+ *                 - for alignment purposes if VIA padlock is used, and/or
+ *                 - to simplify key expansion in the 256-bit case by
+ *                 generating an extra round key
+ */
+typedef struct
+{
+    int nr;                     /*!<  number of rounds  */
+    uint32_t *rk;               /*!<  AES round keys    */
+    uint32_t buf[68];           /*!<  unaligned data    */
+}
+mbedtls_aes_context;
+
+/**
+ * \brief          Initialize AES context
+ *
+ * \param ctx      AES context to be initialized
+ */
+void mbedtls_aes_init( mbedtls_aes_context *ctx );
+
+/**
+ * \brief          Clear AES context
+ *
+ * \param ctx      AES context to be cleared
+ */
+void mbedtls_aes_free( mbedtls_aes_context *ctx );
+
+/**
+ * \brief          AES key schedule (encryption)
+ *
+ * \param ctx      AES context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits );
+
+/**
+ * \brief          AES key schedule (decryption)
+ *
+ * \param ctx      AES context to be initialized
+ * \param key      decryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits );
+
+/**
+ * \brief          AES-ECB block encryption/decryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
+                    int mode,
+                    const unsigned char input[16],
+                    unsigned char output[16] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          AES-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (16 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+ */
+int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          AES-CFB128 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
+/**
+ * \brief          AES-CFB8 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               AES-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \param ctx           AES context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 128-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+/**
+ * \brief           Internal AES block encryption function
+ *                  (Only exposed to allow overriding it,
+ *                  see MBEDTLS_AES_ENCRYPT_ALT)
+ *
+ * \param ctx       AES context
+ * \param input     Plaintext block
+ * \param output    Output (ciphertext) block
+ */
+void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
+                          const unsigned char input[16],
+                          unsigned char output[16] );
+
+/**
+ * \brief           Internal AES block decryption function
+ *                  (Only exposed to allow overriding it,
+ *                  see MBEDTLS_AES_DECRYPT_ALT)
+ *
+ * \param ctx       AES context
+ * \param input     Ciphertext block
+ * \param output    Output (plaintext) block
+ */
+void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
+                          const unsigned char input[16],
+                          unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_AES_ALT */
+#include "aes_alt.h"
+#endif /* MBEDTLS_AES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_aes_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* aes.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/aesni.h

@@ -0,0 +1,111 @@
+/**
+ * \file aesni.h
+ *
+ * \brief AES-NI for hardware AES acceleration on some Intel processors
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_AESNI_H
+#define MBEDTLS_AESNI_H
+
+#include "aes.h"
+
+#define MBEDTLS_AESNI_AES      0x02000000u
+#define MBEDTLS_AESNI_CLMUL    0x00000002u
+
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) &&  \
+    ( defined(__amd64__) || defined(__x86_64__) )   &&  \
+    ! defined(MBEDTLS_HAVE_X86_64)
+#define MBEDTLS_HAVE_X86_64
+#endif
+
+#if defined(MBEDTLS_HAVE_X86_64)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          AES-NI features detection routine
+ *
+ * \param what     The feature to detect
+ *                 (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
+ *
+ * \return         1 if CPU has support for the feature, 0 otherwise
+ */
+int mbedtls_aesni_has_support( unsigned int what );
+
+/**
+ * \brief          AES-NI AES-ECB block en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 on success (cannot fail)
+ */
+int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
+                     int mode,
+                     const unsigned char input[16],
+                     unsigned char output[16] );
+
+/**
+ * \brief          GCM multiplication: c = a * b in GF(2^128)
+ *
+ * \param c        Result
+ * \param a        First operand
+ * \param b        Second operand
+ *
+ * \note           Both operands and result are bit strings interpreted as
+ *                 elements of GF(2^128) as per the GCM spec.
+ */
+void mbedtls_aesni_gcm_mult( unsigned char c[16],
+                     const unsigned char a[16],
+                     const unsigned char b[16] );
+
+/**
+ * \brief           Compute decryption round keys from encryption round keys
+ *
+ * \param invkey    Round keys for the equivalent inverse cipher
+ * \param fwdkey    Original round keys (for encryption)
+ * \param nr        Number of rounds (that is, number of round keys minus one)
+ */
+void mbedtls_aesni_inverse_key( unsigned char *invkey,
+                        const unsigned char *fwdkey, int nr );
+
+/**
+ * \brief           Perform key expansion (for encryption)
+ *
+ * \param rk        Destination buffer where the round keys are written
+ * \param key       Encryption key
+ * \param bits      Key size in bits (must be 128, 192 or 256)
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aesni_setkey_enc( unsigned char *rk,
+                      const unsigned char *key,
+                      size_t bits );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_HAVE_X86_64 */
+
+#endif /* MBEDTLS_AESNI_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/arc4.h

@@ -0,0 +1,113 @@
+/**
+ * \file arc4.h
+ *
+ * \brief The ARCFOUR stream cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ARC4_H
+#define MBEDTLS_ARC4_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if !defined(MBEDTLS_ARC4_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          ARC4 context structure
+ */
+typedef struct
+{
+    int x;                      /*!< permutation index */
+    int y;                      /*!< permutation index */
+    unsigned char m[256];       /*!< permutation table */
+}
+mbedtls_arc4_context;
+
+/**
+ * \brief          Initialize ARC4 context
+ *
+ * \param ctx      ARC4 context to be initialized
+ */
+void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
+
+/**
+ * \brief          Clear ARC4 context
+ *
+ * \param ctx      ARC4 context to be cleared
+ */
+void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
+
+/**
+ * \brief          ARC4 key schedule
+ *
+ * \param ctx      ARC4 context to be setup
+ * \param key      the secret key
+ * \param keylen   length of the key, in bytes
+ */
+void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
+                 unsigned int keylen );
+
+/**
+ * \brief          ARC4 cipher function
+ *
+ * \param ctx      ARC4 context
+ * \param length   length of the input data
+ * \param input    buffer holding the input data
+ * \param output   buffer for the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
+                unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_ARC4_ALT */
+#include "arc4_alt.h"
+#endif /* MBEDTLS_ARC4_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_arc4_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* arc4.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/asn1.h

@@ -0,0 +1,342 @@
+/**
+ * \file asn1.h
+ *
+ * \brief Generic ASN.1 parsing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ASN1_H
+#define MBEDTLS_ASN1_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_BIGNUM_C)
+#include "bignum.h"
+#endif
+
+/**
+ * \addtogroup asn1_module
+ * \{
+ */
+
+/**
+ * \name ASN1 Error codes
+ * These error codes are OR'ed to X509 error codes for
+ * higher error granularity.
+ * ASN1 is a standard to specify data structures.
+ * \{
+ */
+#define MBEDTLS_ERR_ASN1_OUT_OF_DATA                      -0x0060  /**< Out of data when parsing an ASN1 data structure. */
+#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG                   -0x0062  /**< ASN1 tag was of an unexpected value. */
+#define MBEDTLS_ERR_ASN1_INVALID_LENGTH                   -0x0064  /**< Error when trying to determine the length or invalid length. */
+#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH                  -0x0066  /**< Actual length differs from expected length. */
+#define MBEDTLS_ERR_ASN1_INVALID_DATA                     -0x0068  /**< Data is invalid. (not used) */
+#define MBEDTLS_ERR_ASN1_ALLOC_FAILED                     -0x006A  /**< Memory allocation failed */
+#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C  /**< Buffer too small when writing ASN.1 data structure. */
+
+/* \} name */
+
+/**
+ * \name DER constants
+ * These constants comply with DER encoded the ANS1 type tags.
+ * DER encoding uses hexadecimal representation.
+ * An example DER sequence is:\n
+ * - 0x02 -- tag indicating INTEGER
+ * - 0x01 -- length in octets
+ * - 0x05 -- value
+ * Such sequences are typically read into \c ::mbedtls_x509_buf.
+ * \{
+ */
+#define MBEDTLS_ASN1_BOOLEAN                 0x01
+#define MBEDTLS_ASN1_INTEGER                 0x02
+#define MBEDTLS_ASN1_BIT_STRING              0x03
+#define MBEDTLS_ASN1_OCTET_STRING            0x04
+#define MBEDTLS_ASN1_NULL                    0x05
+#define MBEDTLS_ASN1_OID                     0x06
+#define MBEDTLS_ASN1_UTF8_STRING             0x0C
+#define MBEDTLS_ASN1_SEQUENCE                0x10
+#define MBEDTLS_ASN1_SET                     0x11
+#define MBEDTLS_ASN1_PRINTABLE_STRING        0x13
+#define MBEDTLS_ASN1_T61_STRING              0x14
+#define MBEDTLS_ASN1_IA5_STRING              0x16
+#define MBEDTLS_ASN1_UTC_TIME                0x17
+#define MBEDTLS_ASN1_GENERALIZED_TIME        0x18
+#define MBEDTLS_ASN1_UNIVERSAL_STRING        0x1C
+#define MBEDTLS_ASN1_BMP_STRING              0x1E
+#define MBEDTLS_ASN1_PRIMITIVE               0x00
+#define MBEDTLS_ASN1_CONSTRUCTED             0x20
+#define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
+/* \} name */
+/* \} addtogroup asn1_module */
+
+/** Returns the size of the binary string, without the trailing \\0 */
+#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
+
+/**
+ * Compares an mbedtls_asn1_buf structure to a reference OID.
+ *
+ * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
+ * 'unsigned char *oid' here!
+ */
+#define MBEDTLS_OID_CMP(oid_str, oid_buf)                                   \
+        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
+          memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name Functions to parse ASN.1 data structures
+ * \{
+ */
+
+/**
+ * Type-length-value structure that allows for ASN1 using DER.
+ */
+typedef struct mbedtls_asn1_buf
+{
+    int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
+    size_t len;             /**< ASN1 length, in octets. */
+    unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
+}
+mbedtls_asn1_buf;
+
+/**
+ * Container for ASN1 bit strings.
+ */
+typedef struct mbedtls_asn1_bitstring
+{
+    size_t len;                 /**< ASN1 length, in octets. */
+    unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
+    unsigned char *p;           /**< Raw ASN1 data for the bit string */
+}
+mbedtls_asn1_bitstring;
+
+/**
+ * Container for a sequence of ASN.1 items
+ */
+typedef struct mbedtls_asn1_sequence
+{
+    mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
+    struct mbedtls_asn1_sequence *next;    /**< The next entry in the sequence. */
+}
+mbedtls_asn1_sequence;
+
+/**
+ * Container for a sequence or list of 'named' ASN.1 data items
+ */
+typedef struct mbedtls_asn1_named_data
+{
+    mbedtls_asn1_buf oid;                   /**< The object identifier. */
+    mbedtls_asn1_buf val;                   /**< The named value. */
+    struct mbedtls_asn1_named_data *next;  /**< The next entry in the sequence. */
+    unsigned char next_merged;      /**< Merge next item into the current one? */
+}
+mbedtls_asn1_named_data;
+
+/**
+ * \brief       Get the length of an ASN.1 element.
+ *              Updates the pointer to immediately behind the length.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   The variable that will receive the value
+ *
+ * \return      0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching
+ *              end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is
+ *              unparseable.
+ */
+int mbedtls_asn1_get_len( unsigned char **p,
+                  const unsigned char *end,
+                  size_t *len );
+
+/**
+ * \brief       Get the tag and length of the tag. Check for the requested tag.
+ *              Updates the pointer to immediately behind the tag and length.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   The variable that will receive the length
+ * \param tag   The expected tag
+ *
+ * \return      0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did
+ *              not match requested tag, or another specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_tag( unsigned char **p,
+                  const unsigned char *end,
+                  size_t *len, int tag );
+
+/**
+ * \brief       Retrieve a boolean ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param val   The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bool( unsigned char **p,
+                   const unsigned char *end,
+                   int *val );
+
+/**
+ * \brief       Retrieve an integer ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param val   The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_int( unsigned char **p,
+                  const unsigned char *end,
+                  int *val );
+
+/**
+ * \brief       Retrieve a bitstring ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param bs    The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
+                        mbedtls_asn1_bitstring *bs);
+
+/**
+ * \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
+ *              value.
+ *              Updates the pointer to the beginning of the bit/octet string.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   Length of the actual bit/octect string in bytes
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
+                             size_t *len );
+
+/**
+ * \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>"
+ *              Updated the pointer to immediately behind the full sequence tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param cur   First variable in the chain to fill
+ * \param tag   Type of sequence
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_sequence_of( unsigned char **p,
+                          const unsigned char *end,
+                          mbedtls_asn1_sequence *cur,
+                          int tag);
+
+#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief       Retrieve a MPI value from an integer ASN.1 tag.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param X     The MPI that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_mpi( unsigned char **p,
+                  const unsigned char *end,
+                  mbedtls_mpi *X );
+#endif /* MBEDTLS_BIGNUM_C */
+
+/**
+ * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
+ *              Updates the pointer to immediately behind the full
+ *              AlgorithmIdentifier.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param alg   The buffer to receive the OID
+ * \param params The buffer to receive the params (if any)
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_alg( unsigned char **p,
+                  const unsigned char *end,
+                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
+
+/**
+ * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
+ *              params.
+ *              Updates the pointer to immediately behind the full
+ *              AlgorithmIdentifier.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param alg   The buffer to receive the OID
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_alg_null( unsigned char **p,
+                       const unsigned char *end,
+                       mbedtls_asn1_buf *alg );
+
+/**
+ * \brief       Find a specific named_data entry in a sequence or list based on
+ *              the OID.
+ *
+ * \param list  The list to seek through
+ * \param oid   The OID to look for
+ * \param len   Size of the OID
+ *
+ * \return      NULL if not found, or a pointer to the existing entry.
+ */
+mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
+                                       const char *oid, size_t len );
+
+/**
+ * \brief       Free a mbedtls_asn1_named_data entry
+ *
+ * \param entry The named data entry to free
+ */
+void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
+
+/**
+ * \brief       Free all entries in a mbedtls_asn1_named_data list
+ *              Head will be set to NULL
+ *
+ * \param head  Pointer to the head of the list of named data entries to free
+ */
+void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* asn1.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/asn1write.h

@@ -0,0 +1,239 @@
+/**
+ * \file asn1write.h
+ *
+ * \brief ASN.1 buffer writing functionality
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ASN1_WRITE_H
+#define MBEDTLS_ASN1_WRITE_H
+
+#include "asn1.h"
+
+#define MBEDTLS_ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else   \
+                                g += ret; } while( 0 )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Write a length field in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param len       the length to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
+
+/**
+ * \brief           Write a ASN.1 tag in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param tag       the tag to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
+                    unsigned char tag );
+
+/**
+ * \brief           Write raw buffer data
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       data buffer to write
+ * \param size      length of the data buffer
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
+                           const unsigned char *buf, size_t size );
+
+#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief           Write a big number (MBEDTLS_ASN1_INTEGER) in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param X         the MPI to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X );
+#endif /* MBEDTLS_BIGNUM_C */
+
+/**
+ * \brief           Write a NULL tag (MBEDTLS_ASN1_NULL) with zero data in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
+
+/**
+ * \brief           Write an OID tag (MBEDTLS_ASN1_OID) and data in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param oid       the OID to write
+ * \param oid_len   length of the OID
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
+                    const char *oid, size_t oid_len );
+
+/**
+ * \brief           Write an AlgorithmIdentifier sequence in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param oid       the OID of the algorithm
+ * \param oid_len   length of the OID
+ * \param par_len   length of parameters, which must be already written.
+ *                  If 0, NULL parameters are added
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
+                                     const char *oid, size_t oid_len,
+                                     size_t par_len );
+
+/**
+ * \brief           Write a boolean tag (MBEDTLS_ASN1_BOOLEAN) and value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param boolean   0 or 1
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean );
+
+/**
+ * \brief           Write an int tag (MBEDTLS_ASN1_INTEGER) and value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param val       the integer value
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
+
+/**
+ * \brief           Write a printable string tag (MBEDTLS_ASN1_PRINTABLE_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param text      the text to write
+ * \param text_len  length of the text
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
+                                 const char *text, size_t text_len );
+
+/**
+ * \brief           Write an IA5 string tag (MBEDTLS_ASN1_IA5_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param text      the text to write
+ * \param text_len  length of the text
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
+                           const char *text, size_t text_len );
+
+/**
+ * \brief           Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       the bitstring
+ * \param bits      the total number of bits in the bitstring
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
+                          const unsigned char *buf, size_t bits );
+
+/**
+ * \brief           Write an octet string tag (MBEDTLS_ASN1_OCTET_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       data buffer to write
+ * \param size      length of the data buffer
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
+                             const unsigned char *buf, size_t size );
+
+/**
+ * \brief           Create or find a specific named_data entry for writing in a
+ *                  sequence or list based on the OID. If not already in there,
+ *                  a new entry is added to the head of the list.
+ *                  Warning: Destructive behaviour for the val data!
+ *
+ * \param list      Pointer to the location of the head of the list to seek
+ *                  through (will be updated in case of a new entry)
+ * \param oid       The OID to look for
+ * \param oid_len   Size of the OID
+ * \param val       Data to store (can be NULL if you want to fill it by hand)
+ * \param val_len   Minimum length of the data buffer needed
+ *
+ * \return      NULL if if there was a memory allocation error, or a pointer
+ *              to the new / existing entry.
+ */
+mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
+                                        const char *oid, size_t oid_len,
+                                        const unsigned char *val,
+                                        size_t val_len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_ASN1_WRITE_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/base64.h

@@ -0,0 +1,88 @@
+/**
+ * \file base64.h
+ *
+ * \brief RFC 1521 base64 encoding/decoding
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BASE64_H
+#define MBEDTLS_BASE64_H
+
+#include <stddef.h>
+
+#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A  /**< Output buffer too small. */
+#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER              -0x002C  /**< Invalid character in input. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Encode a buffer into base64 format
+ *
+ * \param dst      destination buffer
+ * \param dlen     size of the destination buffer
+ * \param olen     number of bytes written
+ * \param src      source buffer
+ * \param slen     amount of data to be encoded
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
+ *                 *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *                 If that length cannot be represented, then no data is
+ *                 written to the buffer and *olen is set to the maximum
+ *                 length representable as a size_t.
+ *
+ * \note           Call this function with dlen = 0 to obtain the
+ *                 required buffer size in *olen
+ */
+int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
+                   const unsigned char *src, size_t slen );
+
+/**
+ * \brief          Decode a base64-formatted buffer
+ *
+ * \param dst      destination buffer (can be NULL for checking size)
+ * \param dlen     size of the destination buffer
+ * \param olen     number of bytes written
+ * \param src      source buffer
+ * \param slen     amount of data to be decoded
+ *
+ * \return         0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or
+ *                 MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is
+ *                 not correct. *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *
+ * \note           Call this function with *dst = NULL or dlen = 0 to obtain
+ *                 the required buffer size in *olen
+ */
+int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
+                   const unsigned char *src, size_t slen );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_base64_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* base64.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/bignum.h

@@ -0,0 +1,717 @@
+/**
+ * \file bignum.h
+ *
+ * \brief  Multi-precision integer library
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BIGNUM_H
+#define MBEDTLS_BIGNUM_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if defined(MBEDTLS_FS_IO)
+#include <stdio.h>
+#endif
+
+#define MBEDTLS_ERR_MPI_FILE_IO_ERROR                     -0x0002  /**< An error occurred while reading from or writing to a file. */
+#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA                    -0x0004  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_MPI_INVALID_CHARACTER                 -0x0006  /**< There is an invalid character in the digit string. */
+#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL                  -0x0008  /**< The buffer is too small to write to. */
+#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE                    -0x000A  /**< The input arguments are negative or result in illegal output. */
+#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO                  -0x000C  /**< The input argument for division is zero, which is not allowed. */
+#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE                    -0x000E  /**< The input arguments are not acceptable. */
+#define MBEDTLS_ERR_MPI_ALLOC_FAILED                      -0x0010  /**< Memory allocation failed. */
+
+#define MBEDTLS_MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 )
+
+/*
+ * Maximum size MPIs are allowed to grow to in number of limbs.
+ */
+#define MBEDTLS_MPI_MAX_LIMBS                             10000
+
+#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
+/*
+ * Maximum window size used for modular exponentiation. Default: 6
+ * Minimum value: 1. Maximum value: 6.
+ *
+ * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
+ * for the sliding window calculation. (So 64 by default)
+ *
+ * Reduction in size, reduces speed.
+ */
+#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum windows size used. */
+#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
+
+#if !defined(MBEDTLS_MPI_MAX_SIZE)
+/*
+ * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
+ * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
+ *
+ * Note: Calculations can results temporarily in larger MPIs. So the number
+ * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
+ */
+#define MBEDTLS_MPI_MAX_SIZE                              1024     /**< Maximum number of bytes for usable MPIs. */
+#endif /* !MBEDTLS_MPI_MAX_SIZE */
+
+#define MBEDTLS_MPI_MAX_BITS                              ( 8 * MBEDTLS_MPI_MAX_SIZE )    /**< Maximum number of bits for usable MPIs. */
+
+/*
+ * When reading from files with mbedtls_mpi_read_file() and writing to files with
+ * mbedtls_mpi_write_file() the buffer should have space
+ * for a (short) label, the MPI (in the provided radix), the newline
+ * characters and the '\0'.
+ *
+ * By default we assume at least a 10 char label, a minimum radix of 10
+ * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
+ * Autosized at compile time for at least a 10 char label, a minimum radix
+ * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.
+ *
+ * This used to be statically sized to 1250 for a maximum of 4096 bit
+ * numbers (1234 decimal chars).
+ *
+ * Calculate using the formula:
+ *  MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
+ *                                LabelSize + 6
+ */
+#define MBEDTLS_MPI_MAX_BITS_SCALE100          ( 100 * MBEDTLS_MPI_MAX_BITS )
+#define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332
+#define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
+
+/*
+ * Define the base integer type, architecture-wise.
+ *
+ * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes)
+ * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM
+ */
+#if ( ! defined(MBEDTLS_HAVE_INT32) && \
+        defined(_MSC_VER) && defined(_M_AMD64) )
+  #define MBEDTLS_HAVE_INT64
+  typedef  int64_t mbedtls_mpi_sint;
+  typedef uint64_t mbedtls_mpi_uint;
+#else
+  #if ( ! defined(MBEDTLS_HAVE_INT32) &&               \
+        defined(__GNUC__) && (                          \
+        defined(__amd64__) || defined(__x86_64__)    || \
+        defined(__ppc64__) || defined(__powerpc64__) || \
+        defined(__ia64__)  || defined(__alpha__)     || \
+        (defined(__sparc__) && defined(__arch64__))  || \
+        defined(__s390x__) || defined(__mips64) ) )
+     #define MBEDTLS_HAVE_INT64
+     typedef  int64_t mbedtls_mpi_sint;
+     typedef uint64_t mbedtls_mpi_uint;
+     /* mbedtls_t_udbl defined as 128-bit unsigned int */
+     typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
+     #define MBEDTLS_HAVE_UDBL
+  #else
+     #define MBEDTLS_HAVE_INT32
+     typedef  int32_t mbedtls_mpi_sint;
+     typedef uint32_t mbedtls_mpi_uint;
+     typedef uint64_t mbedtls_t_udbl;
+     #define MBEDTLS_HAVE_UDBL
+  #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */
+#endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MPI structure
+ */
+typedef struct
+{
+    int s;              /*!<  integer sign      */
+    size_t n;           /*!<  total # of limbs  */
+    mbedtls_mpi_uint *p;          /*!<  pointer to limbs  */
+}
+mbedtls_mpi;
+
+/**
+ * \brief           Initialize one MPI (make internal references valid)
+ *                  This just makes it ready to be set or freed,
+ *                  but does not define a value for the MPI.
+ *
+ * \param X         One MPI to initialize.
+ */
+void mbedtls_mpi_init( mbedtls_mpi *X );
+
+/**
+ * \brief          Unallocate one MPI
+ *
+ * \param X        One MPI to unallocate.
+ */
+void mbedtls_mpi_free( mbedtls_mpi *X );
+
+/**
+ * \brief          Enlarge to the specified number of limbs
+ *
+ * \param X        MPI to grow
+ * \param nblimbs  The target number of limbs
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
+
+/**
+ * \brief          Resize down, keeping at least the specified number of limbs
+ *
+ * \param X        MPI to shrink
+ * \param nblimbs  The minimum number of limbs to keep
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
+
+/**
+ * \brief          Copy the contents of Y into X
+ *
+ * \param X        Destination MPI
+ * \param Y        Source MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Swap the contents of X and Y
+ *
+ * \param X        First MPI value
+ * \param Y        Second MPI value
+ */
+void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
+
+/**
+ * \brief          Safe conditional assignement X = Y if assign is 1
+ *
+ * \param X        MPI to conditionally assign to
+ * \param Y        Value to be assigned
+ * \param assign   1: perform the assignment, 0: keep X's original value
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *
+ * \note           This function is equivalent to
+ *                      if( assign ) mbedtls_mpi_copy( X, Y );
+ *                 except that it avoids leaking any information about whether
+ *                 the assignment was done or not (the above code may leak
+ *                 information through branch prediction and/or memory access
+ *                 patterns analysis).
+ */
+int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
+
+/**
+ * \brief          Safe conditional swap X <-> Y if swap is 1
+ *
+ * \param X        First mbedtls_mpi value
+ * \param Y        Second mbedtls_mpi value
+ * \param assign   1: perform the swap, 0: keep X and Y's original values
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *
+ * \note           This function is equivalent to
+ *                      if( assign ) mbedtls_mpi_swap( X, Y );
+ *                 except that it avoids leaking any information about whether
+ *                 the assignment was done or not (the above code may leak
+ *                 information through branch prediction and/or memory access
+ *                 patterns analysis).
+ */
+int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
+
+/**
+ * \brief          Set value from integer
+ *
+ * \param X        MPI to set
+ * \param z        Value to use
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
+
+/**
+ * \brief          Get a specific bit from X
+ *
+ * \param X        MPI to use
+ * \param pos      Zero-based index of the bit in X
+ *
+ * \return         Either a 0 or a 1
+ */
+int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
+
+/**
+ * \brief          Set a bit of X to a specific value of 0 or 1
+ *
+ * \note           Will grow X if necessary to set a bit to 1 in a not yet
+ *                 existing limb. Will not grow if bit should be set to 0
+ *
+ * \param X        MPI to use
+ * \param pos      Zero-based index of the bit in X
+ * \param val      The value to set the bit to (0 or 1)
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
+ */
+int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
+
+/**
+ * \brief          Return the number of zero-bits before the least significant
+ *                 '1' bit
+ *
+ * Note: Thus also the zero-based index of the least significant '1' bit
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
+
+/**
+ * \brief          Return the number of bits up to and including the most
+ *                 significant '1' bit'
+ *
+ * Note: Thus also the one-based index of the most significant '1' bit
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
+
+/**
+ * \brief          Return the total size in bytes
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_size( const mbedtls_mpi *X );
+
+/**
+ * \brief          Import from an ASCII string
+ *
+ * \param X        Destination MPI
+ * \param radix    Input numeric base
+ * \param s        Null-terminated string buffer
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
+
+/**
+ * \brief          Export into an ASCII string
+ *
+ * \param X        Source MPI
+ * \param radix    Output numeric base
+ * \param buf      Buffer to write the string to
+ * \param buflen   Length of buf
+ * \param olen     Length of the string written, including final NUL byte
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code.
+ *                 *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *
+ * \note           Call this function with buflen = 0 to obtain the
+ *                 minimum required buffer size in *olen.
+ */
+int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
+                              char *buf, size_t buflen, size_t *olen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Read X from an opened file
+ *
+ * \param X        Destination MPI
+ * \param radix    Input numeric base
+ * \param fin      Input file handle
+ *
+ * \return         0 if successful, MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if
+ *                 the file read buffer is too small or a
+ *                 MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
+
+/**
+ * \brief          Write X into an opened file, or stdout if fout is NULL
+ *
+ * \param p        Prefix, can be NULL
+ * \param X        Source MPI
+ * \param radix    Output numeric base
+ * \param fout     Output file handle (can be NULL)
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ *
+ * \note           Set fout == NULL to print X on the console.
+ */
+int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Import X from unsigned binary data, big endian
+ *
+ * \param X        Destination MPI
+ * \param buf      Input buffer
+ * \param buflen   Input buffer size
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Export X into unsigned binary data, big endian.
+ *                 Always fills the whole buffer, which will start with zeros
+ *                 if the number is smaller.
+ *
+ * \param X        Source MPI
+ * \param buf      Output buffer
+ * \param buflen   Output buffer size
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
+ */
+int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Left-shift: X <<= count
+ *
+ * \param X        MPI to shift
+ * \param count    Amount to shift
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
+
+/**
+ * \brief          Right-shift: X >>= count
+ *
+ * \param X        MPI to shift
+ * \param count    Amount to shift
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
+
+/**
+ * \brief          Compare unsigned values
+ *
+ * \param X        Left-hand MPI
+ * \param Y        Right-hand MPI
+ *
+ * \return         1 if |X| is greater than |Y|,
+ *                -1 if |X| is lesser  than |Y| or
+ *                 0 if |X| is equal to |Y|
+ */
+int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Compare signed values
+ *
+ * \param X        Left-hand MPI
+ * \param Y        Right-hand MPI
+ *
+ * \return         1 if X is greater than Y,
+ *                -1 if X is lesser  than Y or
+ *                 0 if X is equal to Y
+ */
+int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Compare signed values
+ *
+ * \param X        Left-hand MPI
+ * \param z        The integer value to compare to
+ *
+ * \return         1 if X is greater than z,
+ *                -1 if X is lesser  than z or
+ *                 0 if X is equal to z
+ */
+int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
+
+/**
+ * \brief          Unsigned addition: X = |A| + |B|
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Unsigned subtraction: X = |A| - |B|
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A
+ */
+int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed addition: X = A + B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed subtraction: X = A - B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed addition: X = A + b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The integer value to add
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Signed subtraction: X = A - b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The integer value to subtract
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Baseline multiplication: X = A * B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Baseline multiplication: X = A * b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The unsigned integer value to multiply with
+ *
+ * \note           b is unsigned
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b );
+
+/**
+ * \brief          Division by mbedtls_mpi: A = Q * B + R
+ *
+ * \param Q        Destination MPI for the quotient
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0
+ *
+ * \note           Either Q or R can be NULL.
+ */
+int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Division by int: A = Q * b + R
+ *
+ * \param Q        Destination MPI for the quotient
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param b        Integer to divide by
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0
+ *
+ * \note           Either Q or R can be NULL.
+ */
+int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Modulo: R = A mod B
+ *
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B < 0
+ */
+int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Modulo: r = A mod b
+ *
+ * \param r        Destination mbedtls_mpi_uint
+ * \param A        Left-hand MPI
+ * \param b        Integer to divide by
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b < 0
+ */
+int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Sliding-window exponentiation: X = A^E mod N
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param E        Exponent MPI
+ * \param N        Modular MPI
+ * \param _RR      Speed-up MPI used for recalculations
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
+ *                 if E is negative
+ *
+ * \note           _RR is used to avoid re-computing R*R mod N across
+ *                 multiple calls, which speeds up things a bit. It can
+ *                 be set to NULL if the extra performance is unneeded.
+ */
+int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR );
+
+/**
+ * \brief          Fill an MPI X with size bytes of random
+ *
+ * \param X        Destination MPI
+ * \param size     Size in bytes
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Greatest common divisor: G = gcd(A, B)
+ *
+ * \param G        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Modular inverse: X = A^-1 mod N
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param N        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
+                   MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
+ */
+int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N );
+
+/**
+ * \brief          Miller-Rabin primality test
+ *
+ * \param X        MPI to check
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful (probably prime),
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime
+ */
+int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
+                  int (*f_rng)(void *, unsigned char *, size_t),
+                  void *p_rng );
+
+/**
+ * \brief          Prime number generation
+ *
+ * \param X        Destination MPI
+ * \param nbits    Required size of X in bits
+ *                 ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS )
+ * \param dh_flag  If 1, then (X-1)/2 will be prime too
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful (probably prime),
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
+ */
+int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
+                   int (*f_rng)(void *, unsigned char *, size_t),
+                   void *p_rng );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_mpi_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* bignum.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/blowfish.h

@@ -0,0 +1,203 @@
+/**
+ * \file blowfish.h
+ *
+ * \brief Blowfish block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BLOWFISH_H
+#define MBEDTLS_BLOWFISH_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_BLOWFISH_ENCRYPT     1
+#define MBEDTLS_BLOWFISH_DECRYPT     0
+#define MBEDTLS_BLOWFISH_MAX_KEY_BITS     448
+#define MBEDTLS_BLOWFISH_MIN_KEY_BITS     32
+#define MBEDTLS_BLOWFISH_ROUNDS      16         /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
+#define MBEDTLS_BLOWFISH_BLOCKSIZE   8          /* Blowfish uses 64 bit blocks */
+
+#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH                -0x0016  /**< Invalid key length. */
+#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH              -0x0018  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_BLOWFISH_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Blowfish context structure
+ */
+typedef struct
+{
+    uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2];    /*!<  Blowfish round keys    */
+    uint32_t S[4][256];                 /*!<  key dependent S-boxes  */
+}
+mbedtls_blowfish_context;
+
+/**
+ * \brief          Initialize Blowfish context
+ *
+ * \param ctx      Blowfish context to be initialized
+ */
+void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
+
+/**
+ * \brief          Clear Blowfish context
+ *
+ * \param ctx      Blowfish context to be cleared
+ */
+void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
+
+/**
+ * \brief          Blowfish key schedule
+ *
+ * \param ctx      Blowfish context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be between 32 and 448 bits
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+ */
+int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
+                     unsigned int keybits );
+
+/**
+ * \brief          Blowfish-ECB block encryption/decryption
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param input    8-byte input block
+ * \param output   8-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
+                        int mode,
+                        const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          Blowfish-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (8 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+ */
+int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
+                        int mode,
+                        size_t length,
+                        unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        const unsigned char *input,
+                        unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          Blowfish CFB buffer encryption/decryption.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
+                          int mode,
+                          size_t length,
+                          size_t *iv_off,
+                          unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                          const unsigned char *input,
+                          unsigned char *output );
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               Blowfish-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * \param ctx           Blowfish context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 64-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
+                        size_t length,
+                        size_t *nc_off,
+                        unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        const unsigned char *input,
+                        unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_BLOWFISH_ALT */
+#include "blowfish_alt.h"
+#endif /* MBEDTLS_BLOWFISH_ALT */
+
+#endif /* blowfish.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/bn_mul.h

@@ -0,0 +1,885 @@
+/**
+ * \file bn_mul.h
+ *
+ * \brief  Multi-precision integer library
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *      Multiply source vector [s] with b, add result
+ *       to destination vector [d] and set carry c.
+ *
+ *      Currently supports:
+ *
+ *         . IA-32 (386+)         . AMD64 / EM64T
+ *         . IA-32 (SSE2)         . Motorola 68000
+ *         . PowerPC, 32-bit      . MicroBlaze
+ *         . PowerPC, 64-bit      . TriCore
+ *         . SPARC v8             . ARM v3+
+ *         . Alpha                . MIPS32
+ *         . C, longlong          . C, generic
+ */
+#ifndef MBEDTLS_BN_MUL_H
+#define MBEDTLS_BN_MUL_H
+
+#include "bignum.h"
+
+#if defined(MBEDTLS_HAVE_ASM)
+
+#ifndef asm
+#define asm __asm
+#endif
+
+/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
+#if defined(__GNUC__) && \
+    ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
+#if defined(__i386__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "movl   %%ebx, %0           \n\t"   \
+        "movl   %5, %%esi           \n\t"   \
+        "movl   %6, %%edi           \n\t"   \
+        "movl   %7, %%ecx           \n\t"   \
+        "movl   %8, %%ebx           \n\t"
+
+#define MULADDC_CORE                        \
+        "lodsl                      \n\t"   \
+        "mull   %%ebx               \n\t"   \
+        "addl   %%ecx,   %%eax      \n\t"   \
+        "adcl   $0,      %%edx      \n\t"   \
+        "addl   (%%edi), %%eax      \n\t"   \
+        "adcl   $0,      %%edx      \n\t"   \
+        "movl   %%edx,   %%ecx      \n\t"   \
+        "stosl                      \n\t"
+
+#if defined(MBEDTLS_HAVE_SSE2)
+
+#define MULADDC_HUIT                            \
+        "movd     %%ecx,     %%mm1      \n\t"   \
+        "movd     %%ebx,     %%mm0      \n\t"   \
+        "movd     (%%edi),   %%mm3      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     (%%esi),   %%mm2      \n\t"   \
+        "pmuludq  %%mm0,     %%mm2      \n\t"   \
+        "movd     4(%%esi),  %%mm4      \n\t"   \
+        "pmuludq  %%mm0,     %%mm4      \n\t"   \
+        "movd     8(%%esi),  %%mm6      \n\t"   \
+        "pmuludq  %%mm0,     %%mm6      \n\t"   \
+        "movd     12(%%esi), %%mm7      \n\t"   \
+        "pmuludq  %%mm0,     %%mm7      \n\t"   \
+        "paddq    %%mm2,     %%mm1      \n\t"   \
+        "movd     4(%%edi),  %%mm3      \n\t"   \
+        "paddq    %%mm4,     %%mm3      \n\t"   \
+        "movd     8(%%edi),  %%mm5      \n\t"   \
+        "paddq    %%mm6,     %%mm5      \n\t"   \
+        "movd     12(%%edi), %%mm4      \n\t"   \
+        "paddq    %%mm4,     %%mm7      \n\t"   \
+        "movd     %%mm1,     (%%edi)    \n\t"   \
+        "movd     16(%%esi), %%mm2      \n\t"   \
+        "pmuludq  %%mm0,     %%mm2      \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     20(%%esi), %%mm4      \n\t"   \
+        "pmuludq  %%mm0,     %%mm4      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     24(%%esi), %%mm6      \n\t"   \
+        "pmuludq  %%mm0,     %%mm6      \n\t"   \
+        "movd     %%mm1,     4(%%edi)   \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     28(%%esi), %%mm3      \n\t"   \
+        "pmuludq  %%mm0,     %%mm3      \n\t"   \
+        "paddq    %%mm5,     %%mm1      \n\t"   \
+        "movd     16(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm2      \n\t"   \
+        "movd     %%mm1,     8(%%edi)   \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm7,     %%mm1      \n\t"   \
+        "movd     20(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm4      \n\t"   \
+        "movd     %%mm1,     12(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm2,     %%mm1      \n\t"   \
+        "movd     24(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm6      \n\t"   \
+        "movd     %%mm1,     16(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm4,     %%mm1      \n\t"   \
+        "movd     28(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm3      \n\t"   \
+        "movd     %%mm1,     20(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm6,     %%mm1      \n\t"   \
+        "movd     %%mm1,     24(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     %%mm1,     28(%%edi)  \n\t"   \
+        "addl     $32,       %%edi      \n\t"   \
+        "addl     $32,       %%esi      \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     %%mm1,     %%ecx      \n\t"
+
+#define MULADDC_STOP                    \
+        "emms                   \n\t"   \
+        "movl   %4, %%ebx       \n\t"   \
+        "movl   %%ecx, %1       \n\t"   \
+        "movl   %%edi, %2       \n\t"   \
+        "movl   %%esi, %3       \n\t"   \
+        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
+        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
+        : "eax", "ecx", "edx", "esi", "edi"             \
+    );
+
+#else
+
+#define MULADDC_STOP                    \
+        "movl   %4, %%ebx       \n\t"   \
+        "movl   %%ecx, %1       \n\t"   \
+        "movl   %%edi, %2       \n\t"   \
+        "movl   %%esi, %3       \n\t"   \
+        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
+        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
+        : "eax", "ecx", "edx", "esi", "edi"             \
+    );
+#endif /* SSE2 */
+#endif /* i386 */
+
+#if defined(__amd64__) || defined (__x86_64__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "xorq   %%r8, %%r8          \n\t"
+
+#define MULADDC_CORE                        \
+        "movq   (%%rsi), %%rax      \n\t"   \
+        "mulq   %%rbx               \n\t"   \
+        "addq   $8,      %%rsi      \n\t"   \
+        "addq   %%rcx,   %%rax      \n\t"   \
+        "movq   %%r8,    %%rcx      \n\t"   \
+        "adcq   $0,      %%rdx      \n\t"   \
+        "nop                        \n\t"   \
+        "addq   %%rax,   (%%rdi)    \n\t"   \
+        "adcq   %%rdx,   %%rcx      \n\t"   \
+        "addq   $8,      %%rdi      \n\t"
+
+#define MULADDC_STOP                        \
+        : "+c" (c), "+D" (d), "+S" (s)      \
+        : "b" (b)                           \
+        : "rax", "rdx", "r8"                \
+    );
+
+#endif /* AMD64 */
+
+#if defined(__mc68020__) || defined(__mcpu32__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "movl   %3, %%a2        \n\t"   \
+        "movl   %4, %%a3        \n\t"   \
+        "movl   %5, %%d3        \n\t"   \
+        "movl   %6, %%d2        \n\t"   \
+        "moveq  #0, %%d0        \n\t"
+
+#define MULADDC_CORE                    \
+        "movel  %%a2@+, %%d1    \n\t"   \
+        "mulul  %%d2, %%d4:%%d1 \n\t"   \
+        "addl   %%d3, %%d1      \n\t"   \
+        "addxl  %%d0, %%d4      \n\t"   \
+        "moveq  #0,   %%d3      \n\t"   \
+        "addl   %%d1, %%a3@+    \n\t"   \
+        "addxl  %%d4, %%d3      \n\t"
+
+#define MULADDC_STOP                    \
+        "movl   %%d3, %0        \n\t"   \
+        "movl   %%a3, %1        \n\t"   \
+        "movl   %%a2, %2        \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "d0", "d1", "d2", "d3", "d4", "a2", "a3"  \
+    );
+
+#define MULADDC_HUIT                        \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"
+
+#endif /* MC68000 */
+
+#if defined(__powerpc64__) || defined(__ppc64__)
+
+#if defined(__MACH__) && defined(__APPLE__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "ld     r3, %3              \n\t"   \
+        "ld     r4, %4              \n\t"   \
+        "ld     r5, %5              \n\t"   \
+        "ld     r6, %6              \n\t"   \
+        "addi   r3, r3, -8          \n\t"   \
+        "addi   r4, r4, -8          \n\t"   \
+        "addic  r5, r5,  0          \n\t"
+
+#define MULADDC_CORE                        \
+        "ldu    r7, 8(r3)           \n\t"   \
+        "mulld  r8, r7, r6          \n\t"   \
+        "mulhdu r9, r7, r6          \n\t"   \
+        "adde   r8, r8, r5          \n\t"   \
+        "ld     r7, 8(r4)           \n\t"   \
+        "addze  r5, r9              \n\t"   \
+        "addc   r8, r8, r7          \n\t"   \
+        "stdu   r8, 8(r4)           \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  r5, r5              \n\t"   \
+        "addi   r4, r4, 8           \n\t"   \
+        "addi   r3, r3, 8           \n\t"   \
+        "std    r5, %0              \n\t"   \
+        "std    r4, %1              \n\t"   \
+        "std    r3, %2              \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+
+#else /* __MACH__ && __APPLE__ */
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "ld     %%r3, %3            \n\t"   \
+        "ld     %%r4, %4            \n\t"   \
+        "ld     %%r5, %5            \n\t"   \
+        "ld     %%r6, %6            \n\t"   \
+        "addi   %%r3, %%r3, -8      \n\t"   \
+        "addi   %%r4, %%r4, -8      \n\t"   \
+        "addic  %%r5, %%r5,  0      \n\t"
+
+#define MULADDC_CORE                        \
+        "ldu    %%r7, 8(%%r3)       \n\t"   \
+        "mulld  %%r8, %%r7, %%r6    \n\t"   \
+        "mulhdu %%r9, %%r7, %%r6    \n\t"   \
+        "adde   %%r8, %%r8, %%r5    \n\t"   \
+        "ld     %%r7, 8(%%r4)       \n\t"   \
+        "addze  %%r5, %%r9          \n\t"   \
+        "addc   %%r8, %%r8, %%r7    \n\t"   \
+        "stdu   %%r8, 8(%%r4)       \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  %%r5, %%r5          \n\t"   \
+        "addi   %%r4, %%r4, 8       \n\t"   \
+        "addi   %%r3, %%r3, 8       \n\t"   \
+        "std    %%r5, %0            \n\t"   \
+        "std    %%r4, %1            \n\t"   \
+        "std    %%r3, %2            \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#endif /* __MACH__ && __APPLE__ */
+
+#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32  */
+
+#if defined(__MACH__) && defined(__APPLE__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lwz    r3, %3          \n\t"   \
+        "lwz    r4, %4          \n\t"   \
+        "lwz    r5, %5          \n\t"   \
+        "lwz    r6, %6          \n\t"   \
+        "addi   r3, r3, -4      \n\t"   \
+        "addi   r4, r4, -4      \n\t"   \
+        "addic  r5, r5,  0      \n\t"
+
+#define MULADDC_CORE                    \
+        "lwzu   r7, 4(r3)       \n\t"   \
+        "mullw  r8, r7, r6      \n\t"   \
+        "mulhwu r9, r7, r6      \n\t"   \
+        "adde   r8, r8, r5      \n\t"   \
+        "lwz    r7, 4(r4)       \n\t"   \
+        "addze  r5, r9          \n\t"   \
+        "addc   r8, r8, r7      \n\t"   \
+        "stwu   r8, 4(r4)       \n\t"
+
+#define MULADDC_STOP                    \
+        "addze  r5, r5          \n\t"   \
+        "addi   r4, r4, 4       \n\t"   \
+        "addi   r3, r3, 4       \n\t"   \
+        "stw    r5, %0          \n\t"   \
+        "stw    r4, %1          \n\t"   \
+        "stw    r3, %2          \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#else /* __MACH__ && __APPLE__ */
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "lwz    %%r3, %3            \n\t"   \
+        "lwz    %%r4, %4            \n\t"   \
+        "lwz    %%r5, %5            \n\t"   \
+        "lwz    %%r6, %6            \n\t"   \
+        "addi   %%r3, %%r3, -4      \n\t"   \
+        "addi   %%r4, %%r4, -4      \n\t"   \
+        "addic  %%r5, %%r5,  0      \n\t"
+
+#define MULADDC_CORE                        \
+        "lwzu   %%r7, 4(%%r3)       \n\t"   \
+        "mullw  %%r8, %%r7, %%r6    \n\t"   \
+        "mulhwu %%r9, %%r7, %%r6    \n\t"   \
+        "adde   %%r8, %%r8, %%r5    \n\t"   \
+        "lwz    %%r7, 4(%%r4)       \n\t"   \
+        "addze  %%r5, %%r9          \n\t"   \
+        "addc   %%r8, %%r8, %%r7    \n\t"   \
+        "stwu   %%r8, 4(%%r4)       \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  %%r5, %%r5          \n\t"   \
+        "addi   %%r4, %%r4, 4       \n\t"   \
+        "addi   %%r3, %%r3, 4       \n\t"   \
+        "stw    %%r5, %0            \n\t"   \
+        "stw    %%r4, %1            \n\t"   \
+        "stw    %%r3, %2            \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#endif /* __MACH__ && __APPLE__ */
+
+#endif /* PPC32 */
+
+/*
+ * The Sparc(64) assembly is reported to be broken.
+ * Disable it for now, until we're able to fix it.
+ */
+#if 0 && defined(__sparc__)
+#if defined(__sparc64__)
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+                "ldx     %3, %%o0               \n\t"   \
+                "ldx     %4, %%o1               \n\t"   \
+                "ld      %5, %%o2               \n\t"   \
+                "ld      %6, %%o3               \n\t"
+
+#define MULADDC_CORE                                    \
+                "ld      [%%o0], %%o4           \n\t"   \
+                "inc     4, %%o0                \n\t"   \
+                "ld      [%%o1], %%o5           \n\t"   \
+                "umul    %%o3, %%o4, %%o4       \n\t"   \
+                "addcc   %%o4, %%o2, %%o4       \n\t"   \
+                "rd      %%y, %%g1              \n\t"   \
+                "addx    %%g1, 0, %%g1          \n\t"   \
+                "addcc   %%o4, %%o5, %%o4       \n\t"   \
+                "st      %%o4, [%%o1]           \n\t"   \
+                "addx    %%g1, 0, %%o2          \n\t"   \
+                "inc     4, %%o1                \n\t"
+
+        #define MULADDC_STOP                            \
+                "st      %%o2, %0               \n\t"   \
+                "stx     %%o1, %1               \n\t"   \
+                "stx     %%o0, %2               \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "g1", "o0", "o1", "o2", "o3", "o4",   \
+          "o5"                                  \
+        );
+
+#else /* __sparc64__ */
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+                "ld      %3, %%o0               \n\t"   \
+                "ld      %4, %%o1               \n\t"   \
+                "ld      %5, %%o2               \n\t"   \
+                "ld      %6, %%o3               \n\t"
+
+#define MULADDC_CORE                                    \
+                "ld      [%%o0], %%o4           \n\t"   \
+                "inc     4, %%o0                \n\t"   \
+                "ld      [%%o1], %%o5           \n\t"   \
+                "umul    %%o3, %%o4, %%o4       \n\t"   \
+                "addcc   %%o4, %%o2, %%o4       \n\t"   \
+                "rd      %%y, %%g1              \n\t"   \
+                "addx    %%g1, 0, %%g1          \n\t"   \
+                "addcc   %%o4, %%o5, %%o4       \n\t"   \
+                "st      %%o4, [%%o1]           \n\t"   \
+                "addx    %%g1, 0, %%o2          \n\t"   \
+                "inc     4, %%o1                \n\t"
+
+#define MULADDC_STOP                                    \
+                "st      %%o2, %0               \n\t"   \
+                "st      %%o1, %1               \n\t"   \
+                "st      %%o0, %2               \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "g1", "o0", "o1", "o2", "o3", "o4",   \
+          "o5"                                  \
+        );
+
+#endif /* __sparc64__ */
+#endif /* __sparc__ */
+
+#if defined(__microblaze__) || defined(microblaze)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lwi   r3,   %3         \n\t"   \
+        "lwi   r4,   %4         \n\t"   \
+        "lwi   r5,   %5         \n\t"   \
+        "lwi   r6,   %6         \n\t"   \
+        "andi  r7,   r6, 0xffff \n\t"   \
+        "bsrli r6,   r6, 16     \n\t"
+
+#define MULADDC_CORE                    \
+        "lhui  r8,   r3,   0    \n\t"   \
+        "addi  r3,   r3,   2    \n\t"   \
+        "lhui  r9,   r3,   0    \n\t"   \
+        "addi  r3,   r3,   2    \n\t"   \
+        "mul   r10,  r9,  r6    \n\t"   \
+        "mul   r11,  r8,  r7    \n\t"   \
+        "mul   r12,  r9,  r7    \n\t"   \
+        "mul   r13,  r8,  r6    \n\t"   \
+        "bsrli  r8, r10,  16    \n\t"   \
+        "bsrli  r9, r11,  16    \n\t"   \
+        "add   r13, r13,  r8    \n\t"   \
+        "add   r13, r13,  r9    \n\t"   \
+        "bslli r10, r10,  16    \n\t"   \
+        "bslli r11, r11,  16    \n\t"   \
+        "add   r12, r12, r10    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "add   r12, r12, r11    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "lwi   r10,  r4,   0    \n\t"   \
+        "add   r12, r12, r10    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "add   r12, r12,  r5    \n\t"   \
+        "addc   r5, r13,  r0    \n\t"   \
+        "swi   r12,  r4,   0    \n\t"   \
+        "addi   r4,  r4,   4    \n\t"
+
+#define MULADDC_STOP                    \
+        "swi   r5,   %0         \n\t"   \
+        "swi   r4,   %1         \n\t"   \
+        "swi   r3,   %2         \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4"  "r5", "r6", "r7", "r8",       \
+          "r9", "r10", "r11", "r12", "r13"          \
+    );
+
+#endif /* MicroBlaze */
+
+#if defined(__tricore__)
+
+#define MULADDC_INIT                            \
+    asm(                                        \
+        "ld.a   %%a2, %3                \n\t"   \
+        "ld.a   %%a3, %4                \n\t"   \
+        "ld.w   %%d4, %5                \n\t"   \
+        "ld.w   %%d1, %6                \n\t"   \
+        "xor    %%d5, %%d5              \n\t"
+
+#define MULADDC_CORE                            \
+        "ld.w   %%d0,   [%%a2+]         \n\t"   \
+        "madd.u %%e2, %%e4, %%d0, %%d1  \n\t"   \
+        "ld.w   %%d0,   [%%a3]          \n\t"   \
+        "addx   %%d2,    %%d2,  %%d0    \n\t"   \
+        "addc   %%d3,    %%d3,    0     \n\t"   \
+        "mov    %%d4,    %%d3           \n\t"   \
+        "st.w  [%%a3+],  %%d2           \n\t"
+
+#define MULADDC_STOP                            \
+        "st.w   %0, %%d4                \n\t"   \
+        "st.a   %1, %%a3                \n\t"   \
+        "st.a   %2, %%a2                \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "d0", "d1", "e2", "d4", "a2", "a3"    \
+    );
+
+#endif /* TriCore */
+
+/*
+ * gcc -O0 by default uses r7 for the frame pointer, so it complains about our
+ * use of r7 below, unless -fomit-frame-pointer is passed. Unfortunately,
+ * passing that option is not easy when building with yotta.
+ *
+ * On the other hand, -fomit-frame-pointer is implied by any -Ox options with
+ * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by
+ * clang and armcc5 under the same conditions).
+ *
+ * So, only use the optimized assembly below for optimized build, which avoids
+ * the build error and is pretty reasonable anyway.
+ */
+#if defined(__GNUC__) && !defined(__OPTIMIZE__)
+#define MULADDC_CANNOT_USE_R7
+#endif
+
+#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7)
+
+#if defined(__thumb__) && !defined(__thumb2__)
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+            "ldr    r0, %3                      \n\t"   \
+            "ldr    r1, %4                      \n\t"   \
+            "ldr    r2, %5                      \n\t"   \
+            "ldr    r3, %6                      \n\t"   \
+            "lsr    r7, r3, #16                 \n\t"   \
+            "mov    r9, r7                      \n\t"   \
+            "lsl    r7, r3, #16                 \n\t"   \
+            "lsr    r7, r7, #16                 \n\t"   \
+            "mov    r8, r7                      \n\t"
+
+#define MULADDC_CORE                                    \
+            "ldmia  r0!, {r6}                   \n\t"   \
+            "lsr    r7, r6, #16                 \n\t"   \
+            "lsl    r6, r6, #16                 \n\t"   \
+            "lsr    r6, r6, #16                 \n\t"   \
+            "mov    r4, r8                      \n\t"   \
+            "mul    r4, r6                      \n\t"   \
+            "mov    r3, r9                      \n\t"   \
+            "mul    r6, r3                      \n\t"   \
+            "mov    r5, r9                      \n\t"   \
+            "mul    r5, r7                      \n\t"   \
+            "mov    r3, r8                      \n\t"   \
+            "mul    r7, r3                      \n\t"   \
+            "lsr    r3, r6, #16                 \n\t"   \
+            "add    r5, r5, r3                  \n\t"   \
+            "lsr    r3, r7, #16                 \n\t"   \
+            "add    r5, r5, r3                  \n\t"   \
+            "add    r4, r4, r2                  \n\t"   \
+            "mov    r2, #0                      \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "lsl    r3, r6, #16                 \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "lsl    r3, r7, #16                 \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "ldr    r3, [r1]                    \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r2, r5                      \n\t"   \
+            "stmia  r1!, {r4}                   \n\t"
+
+#define MULADDC_STOP                                    \
+            "str    r2, %0                      \n\t"   \
+            "str    r1, %1                      \n\t"   \
+            "str    r0, %2                      \n\t"   \
+         : "=m" (c),  "=m" (d), "=m" (s)        \
+         : "m" (s), "m" (d), "m" (c), "m" (b)   \
+         : "r0", "r1", "r2", "r3", "r4", "r5",  \
+           "r6", "r7", "r8", "r9", "cc"         \
+         );
+
+#else
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+            "ldr    r0, %3                      \n\t"   \
+            "ldr    r1, %4                      \n\t"   \
+            "ldr    r2, %5                      \n\t"   \
+            "ldr    r3, %6                      \n\t"
+
+#define MULADDC_CORE                                    \
+            "ldr    r4, [r0], #4                \n\t"   \
+            "mov    r5, #0                      \n\t"   \
+            "ldr    r6, [r1]                    \n\t"   \
+            "umlal  r2, r5, r3, r4              \n\t"   \
+            "adds   r7, r6, r2                  \n\t"   \
+            "adc    r2, r5, #0                  \n\t"   \
+            "str    r7, [r1], #4                \n\t"
+
+#define MULADDC_STOP                                    \
+            "str    r2, %0                      \n\t"   \
+            "str    r1, %1                      \n\t"   \
+            "str    r0, %2                      \n\t"   \
+         : "=m" (c),  "=m" (d), "=m" (s)        \
+         : "m" (s), "m" (d), "m" (c), "m" (b)   \
+         : "r0", "r1", "r2", "r3", "r4", "r5",  \
+           "r6", "r7", "cc"                     \
+         );
+
+#endif /* Thumb */
+
+#endif /* ARMv3 */
+
+#if defined(__alpha__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "ldq    $1, %3          \n\t"   \
+        "ldq    $2, %4          \n\t"   \
+        "ldq    $3, %5          \n\t"   \
+        "ldq    $4, %6          \n\t"
+
+#define MULADDC_CORE                    \
+        "ldq    $6,  0($1)      \n\t"   \
+        "addq   $1,  8, $1      \n\t"   \
+        "mulq   $6, $4, $7      \n\t"   \
+        "umulh  $6, $4, $6      \n\t"   \
+        "addq   $7, $3, $7      \n\t"   \
+        "cmpult $7, $3, $3      \n\t"   \
+        "ldq    $5,  0($2)      \n\t"   \
+        "addq   $7, $5, $7      \n\t"   \
+        "cmpult $7, $5, $5      \n\t"   \
+        "stq    $7,  0($2)      \n\t"   \
+        "addq   $2,  8, $2      \n\t"   \
+        "addq   $6, $3, $3      \n\t"   \
+        "addq   $5, $3, $3      \n\t"
+
+#define MULADDC_STOP                                    \
+        "stq    $3, %0          \n\t"   \
+        "stq    $2, %1          \n\t"   \
+        "stq    $1, %2          \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "$1", "$2", "$3", "$4", "$5", "$6", "$7"  \
+    );
+#endif /* Alpha */
+
+#if defined(__mips__) && !defined(__mips64)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lw     $10, %3         \n\t"   \
+        "lw     $11, %4         \n\t"   \
+        "lw     $12, %5         \n\t"   \
+        "lw     $13, %6         \n\t"
+
+#define MULADDC_CORE                    \
+        "lw     $14, 0($10)     \n\t"   \
+        "multu  $13, $14        \n\t"   \
+        "addi   $10, $10, 4     \n\t"   \
+        "mflo   $14             \n\t"   \
+        "mfhi   $9              \n\t"   \
+        "addu   $14, $12, $14   \n\t"   \
+        "lw     $15, 0($11)     \n\t"   \
+        "sltu   $12, $14, $12   \n\t"   \
+        "addu   $15, $14, $15   \n\t"   \
+        "sltu   $14, $15, $14   \n\t"   \
+        "addu   $12, $12, $9    \n\t"   \
+        "sw     $15, 0($11)     \n\t"   \
+        "addu   $12, $12, $14   \n\t"   \
+        "addi   $11, $11, 4     \n\t"
+
+#define MULADDC_STOP                    \
+        "sw     $12, %0         \n\t"   \
+        "sw     $11, %1         \n\t"   \
+        "sw     $10, %2         \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)                      \
+        : "m" (s), "m" (d), "m" (c), "m" (b)                \
+        : "$9", "$10", "$11", "$12", "$13", "$14", "$15"    \
+    );
+
+#endif /* MIPS */
+#endif /* GNUC */
+
+#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
+
+#define MULADDC_INIT                            \
+    __asm   mov     esi, s                      \
+    __asm   mov     edi, d                      \
+    __asm   mov     ecx, c                      \
+    __asm   mov     ebx, b
+
+#define MULADDC_CORE                            \
+    __asm   lodsd                               \
+    __asm   mul     ebx                         \
+    __asm   add     eax, ecx                    \
+    __asm   adc     edx, 0                      \
+    __asm   add     eax, [edi]                  \
+    __asm   adc     edx, 0                      \
+    __asm   mov     ecx, edx                    \
+    __asm   stosd
+
+#if defined(MBEDTLS_HAVE_SSE2)
+
+#define EMIT __asm _emit
+
+#define MULADDC_HUIT                            \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0xC9             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0xC3             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x1F             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x16             \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x7E  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF8             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x5F  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xDC             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xEE             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x67  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xFC             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x0F             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x56  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x5E  EMIT 0x1C  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD8             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCD             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xD5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCF             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xE5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xF5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCC             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x1C  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xDD             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCE             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x1C  \
+    EMIT 0x83  EMIT 0xC7  EMIT 0x20             \
+    EMIT 0x83  EMIT 0xC6  EMIT 0x20             \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0xC9
+
+#define MULADDC_STOP                            \
+    EMIT 0x0F  EMIT 0x77                        \
+    __asm   mov     c, ecx                      \
+    __asm   mov     d, edi                      \
+    __asm   mov     s, esi                      \
+
+#else
+
+#define MULADDC_STOP                            \
+    __asm   mov     c, ecx                      \
+    __asm   mov     d, edi                      \
+    __asm   mov     s, esi                      \
+
+#endif /* SSE2 */
+#endif /* MSVC */
+
+#endif /* MBEDTLS_HAVE_ASM */
+
+#if !defined(MULADDC_CORE)
+#if defined(MBEDTLS_HAVE_UDBL)
+
+#define MULADDC_INIT                    \
+{                                       \
+    mbedtls_t_udbl r;                           \
+    mbedtls_mpi_uint r0, r1;
+
+#define MULADDC_CORE                    \
+    r   = *(s++) * (mbedtls_t_udbl) b;          \
+    r0  = (mbedtls_mpi_uint) r;                   \
+    r1  = (mbedtls_mpi_uint)( r >> biL );         \
+    r0 += c;  r1 += (r0 <  c);          \
+    r0 += *d; r1 += (r0 < *d);          \
+    c = r1; *(d++) = r0;
+
+#define MULADDC_STOP                    \
+}
+
+#else
+#define MULADDC_INIT                    \
+{                                       \
+    mbedtls_mpi_uint s0, s1, b0, b1;              \
+    mbedtls_mpi_uint r0, r1, rx, ry;              \
+    b0 = ( b << biH ) >> biH;           \
+    b1 = ( b >> biH );
+
+#define MULADDC_CORE                    \
+    s0 = ( *s << biH ) >> biH;          \
+    s1 = ( *s >> biH ); s++;            \
+    rx = s0 * b1; r0 = s0 * b0;         \
+    ry = s1 * b0; r1 = s1 * b1;         \
+    r1 += ( rx >> biH );                \
+    r1 += ( ry >> biH );                \
+    rx <<= biH; ry <<= biH;             \
+    r0 += rx; r1 += (r0 < rx);          \
+    r0 += ry; r1 += (r0 < ry);          \
+    r0 +=  c; r1 += (r0 <  c);          \
+    r0 += *d; r1 += (r0 < *d);          \
+    c = r1; *(d++) = r0;
+
+#define MULADDC_STOP                    \
+}
+
+#endif /* C (generic)  */
+#endif /* C (longlong) */
+
+#endif /* bn_mul.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/camellia.h

@@ -0,0 +1,235 @@
+/**
+ * \file camellia.h
+ *
+ * \brief Camellia block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CAMELLIA_H
+#define MBEDTLS_CAMELLIA_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_CAMELLIA_ENCRYPT     1
+#define MBEDTLS_CAMELLIA_DECRYPT     0
+
+#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH           -0x0024  /**< Invalid key length. */
+#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH         -0x0026  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_CAMELLIA_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CAMELLIA context structure
+ */
+typedef struct
+{
+    int nr;                     /*!<  number of rounds  */
+    uint32_t rk[68];            /*!<  CAMELLIA round keys    */
+}
+mbedtls_camellia_context;
+
+/**
+ * \brief          Initialize CAMELLIA context
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ */
+void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
+
+/**
+ * \brief          Clear CAMELLIA context
+ *
+ * \param ctx      CAMELLIA context to be cleared
+ */
+void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
+
+/**
+ * \brief          CAMELLIA key schedule (encryption)
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ */
+int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
+                         unsigned int keybits );
+
+/**
+ * \brief          CAMELLIA key schedule (decryption)
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ * \param key      decryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ */
+int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
+                         unsigned int keybits );
+
+/**
+ * \brief          CAMELLIA-ECB block encryption/decryption
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
+                    int mode,
+                    const unsigned char input[16],
+                    unsigned char output[16] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          CAMELLIA-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (16 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ */
+int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          CAMELLIA-CFB128 buffer encryption/decryption
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ */
+int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               CAMELLIA-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
+ *
+ * \param ctx           CAMELLIA context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 128-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_CAMELLIA_ALT */
+#include "camellia_alt.h"
+#endif /* MBEDTLS_CAMELLIA_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_camellia_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* camellia.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/ccm.h

@@ -0,0 +1,141 @@
+/**
+ * \file ccm.h
+ *
+ * \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CCM_H
+#define MBEDTLS_CCM_H
+
+#include "cipher.h"
+
+#define MBEDTLS_ERR_CCM_BAD_INPUT      -0x000D /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_CCM_AUTH_FAILED    -0x000F /**< Authenticated decryption failed. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CCM context structure
+ */
+typedef struct {
+    mbedtls_cipher_context_t cipher_ctx;    /*!< cipher context used */
+}
+mbedtls_ccm_context;
+
+/**
+ * \brief           Initialize CCM context (just makes references valid)
+ *                  Makes the context ready for mbedtls_ccm_setkey() or
+ *                  mbedtls_ccm_free().
+ *
+ * \param ctx       CCM context to initialize
+ */
+void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
+
+/**
+ * \brief           CCM initialization (encryption and decryption)
+ *
+ * \param ctx       CCM context to be initialized
+ * \param cipher    cipher to use (a 128-bit block cipher)
+ * \param key       encryption key
+ * \param keybits   key size in bits (must be acceptable by the cipher)
+ *
+ * \return          0 if successful, or a cipher specific error code
+ */
+int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
+                        mbedtls_cipher_id_t cipher,
+                        const unsigned char *key,
+                        unsigned int keybits );
+
+/**
+ * \brief           Free a CCM context and underlying cipher sub-context
+ *
+ * \param ctx       CCM context to free
+ */
+void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
+
+/**
+ * \brief           CCM buffer encryption
+ *
+ * \param ctx       CCM context
+ * \param length    length of the input data in bytes
+ * \param iv        nonce (initialization vector)
+ * \param iv_len    length of IV in bytes
+ *                  must be 2, 3, 4, 5, 6, 7 or 8
+ * \param add       additional data
+ * \param add_len   length of additional data in bytes
+ *                  must be less than 2^16 - 2^8
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *                  must be at least 'length' bytes wide
+ * \param tag       buffer for holding the tag
+ * \param tag_len   length of the tag to generate in bytes
+ *                  must be 4, 6, 8, 10, 14 or 16
+ *
+ * \note            The tag is written to a separate buffer. To get the tag
+ *                  concatenated with the output as in the CCM spec, use
+ *                  tag = output + length and make sure the output buffer is
+ *                  at least length + tag_len wide.
+ *
+ * \return          0 if successful
+ */
+int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *add, size_t add_len,
+                         const unsigned char *input, unsigned char *output,
+                         unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief           CCM buffer authenticated decryption
+ *
+ * \param ctx       CCM context
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ * \param tag       buffer holding the tag
+ * \param tag_len   length of the tag
+ *
+ * \return         0 if successful and authenticated,
+ *                 MBEDTLS_ERR_CCM_AUTH_FAILED if tag does not match
+ */
+int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
+                      const unsigned char *iv, size_t iv_len,
+                      const unsigned char *add, size_t add_len,
+                      const unsigned char *input, unsigned char *output,
+                      const unsigned char *tag, size_t tag_len );
+
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_ccm_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CCM_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/certs.h

@@ -0,0 +1,99 @@
+/**
+ * \file certs.h
+ *
+ * \brief Sample certificates and DHM parameters for testing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CERTS_H
+#define MBEDTLS_CERTS_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+/* Concatenation of all CA certificates in PEM format if available */
+extern const char   mbedtls_test_cas_pem[];
+extern const size_t mbedtls_test_cas_pem_len;
+#endif
+
+/* List of all CA certificates, terminated by NULL */
+extern const char * mbedtls_test_cas[];
+extern const size_t mbedtls_test_cas_len[];
+
+/*
+ * Convenience for users who just want a certificate:
+ * RSA by default, or ECDSA if RSA is not available
+ */
+extern const char * mbedtls_test_ca_crt;
+extern const size_t mbedtls_test_ca_crt_len;
+extern const char * mbedtls_test_ca_key;
+extern const size_t mbedtls_test_ca_key_len;
+extern const char * mbedtls_test_ca_pwd;
+extern const size_t mbedtls_test_ca_pwd_len;
+extern const char * mbedtls_test_srv_crt;
+extern const size_t mbedtls_test_srv_crt_len;
+extern const char * mbedtls_test_srv_key;
+extern const size_t mbedtls_test_srv_key_len;
+extern const char * mbedtls_test_cli_crt;
+extern const size_t mbedtls_test_cli_crt_len;
+extern const char * mbedtls_test_cli_key;
+extern const size_t mbedtls_test_cli_key_len;
+
+#if defined(MBEDTLS_ECDSA_C)
+extern const char   mbedtls_test_ca_crt_ec[];
+extern const size_t mbedtls_test_ca_crt_ec_len;
+extern const char   mbedtls_test_ca_key_ec[];
+extern const size_t mbedtls_test_ca_key_ec_len;
+extern const char   mbedtls_test_ca_pwd_ec[];
+extern const size_t mbedtls_test_ca_pwd_ec_len;
+extern const char   mbedtls_test_srv_crt_ec[];
+extern const size_t mbedtls_test_srv_crt_ec_len;
+extern const char   mbedtls_test_srv_key_ec[];
+extern const size_t mbedtls_test_srv_key_ec_len;
+extern const char   mbedtls_test_cli_crt_ec[];
+extern const size_t mbedtls_test_cli_crt_ec_len;
+extern const char   mbedtls_test_cli_key_ec[];
+extern const size_t mbedtls_test_cli_key_ec_len;
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+extern const char   mbedtls_test_ca_crt_rsa[];
+extern const size_t mbedtls_test_ca_crt_rsa_len;
+extern const char   mbedtls_test_ca_key_rsa[];
+extern const size_t mbedtls_test_ca_key_rsa_len;
+extern const char   mbedtls_test_ca_pwd_rsa[];
+extern const size_t mbedtls_test_ca_pwd_rsa_len;
+extern const char   mbedtls_test_srv_crt_rsa[];
+extern const size_t mbedtls_test_srv_crt_rsa_len;
+extern const char   mbedtls_test_srv_key_rsa[];
+extern const size_t mbedtls_test_srv_key_rsa_len;
+extern const char   mbedtls_test_cli_crt_rsa[];
+extern const size_t mbedtls_test_cli_crt_rsa_len;
+extern const char   mbedtls_test_cli_key_rsa[];
+extern const size_t mbedtls_test_cli_key_rsa_len;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* certs.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/check_config.h

@@ -0,0 +1,628 @@
+/**
+ * \file check_config.h
+ *
+ * \brief Consistency checks for configuration options
+ *
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * It is recommended to include this file from your config.h
+ * in order to catch dependency issues early.
+ */
+
+#ifndef MBEDTLS_CHECK_CONFIG_H
+#define MBEDTLS_CHECK_CONFIG_H
+
+/*
+ * We assume CHAR_BIT is 8 in many places. In practice, this is true on our
+ * target platforms, so not an issue, but let's just be extra sure.
+ */
+#include <limits.h>
+#if CHAR_BIT != 8
+#error "mbed TLS requires a platform with 8-bit chars"
+#endif
+
+#if defined(_WIN32)
+#if !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_C is required on Windows"
+#endif
+
+/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as
+ * it would confuse config.pl. */
+#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
+    !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+#endif
+#endif /* _WIN32 */
+
+#if defined(TARGET_LIKE_MBED) && \
+    ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
+#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
+#endif
+
+#if defined(MBEDTLS_DEPRECATED_WARNING) && \
+    !defined(__GNUC__) && !defined(__clang__)
+#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
+#endif
+
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
+#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
+#endif
+
+#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
+#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
+#error "MBEDTLS_DHM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CMAC_C) && \
+    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
+#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
+#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDSA_C) &&            \
+    ( !defined(MBEDTLS_ECP_C) ||           \
+      !defined(MBEDTLS_ASN1_PARSE_C) ||    \
+      !defined(MBEDTLS_ASN1_WRITE_C) )
+#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECJPAKE_C) &&           \
+    ( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
+#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
+#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || (   \
+    !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
+#error "MBEDTLS_ECP_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
+                                    !defined(MBEDTLS_SHA256_C))
+#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) &&         \
+    defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) &&                                            \
+    ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
+    && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) && \
+    defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
+#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
+    ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
+#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
+#endif
+#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
+     ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
+    defined(MBEDTLS_HAVEGE_C) )
+#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
+#endif
+
+#if defined(MBEDTLS_GCM_C) && (                                        \
+        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) )
+#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
+#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
+#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
+    !defined(MBEDTLS_ECDH_C)
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
+    ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) ||           \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) ||          \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) ||          \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+      !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) &&                       \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+      !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&                    \
+    ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) ||      \
+      !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
+#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_C) && \
+    ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
+#error "MBEDTLS_PK_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
+        defined(MBEDTLS_PLATFORM_EXIT_ALT) )
+#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) ||\
+        !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) ||\
+        !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) ||\
+        !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
+        defined(MBEDTLS_PLATFORM_TIME_ALT) )
+#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
+        defined(MBEDTLS_PLATFORM_TIME_ALT) )
+#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
+        defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+    defined(MBEDTLS_PLATFORM_STD_FREE)
+#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+    defined(MBEDTLS_PLATFORM_STD_CALLOC)
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
+#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
+        defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
+        defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
+    !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
+    !defined(MBEDTLS_PLATFORM_EXIT_ALT)
+#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
+    ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
+        !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
+#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
+    !defined(MBEDTLS_ENTROPY_NV_SEED)
+#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
+    !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
+    !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
+      defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
+#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
+      defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
+#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
+    !defined(MBEDTLS_OID_C) )
+#error "MBEDTLS_RSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) &&         \
+    !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
+#endif
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) &&                        \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
+#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) &&     \
+    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)     && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1)  && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
+#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) ||     \
+    !defined(MBEDTLS_MD_C) )
+#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
+#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2))
+#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1)))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
+#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
+    !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
+    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) &&                              \
+    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) &&   \
+    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#endif
+
+#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
+    !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
+#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
+        !defined(MBEDTLS_X509_CRT_PARSE_C)
+#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
+#endif
+#define MBEDTLS_THREADING_IMPL
+#endif
+
+#if defined(MBEDTLS_THREADING_ALT)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
+#endif
+#define MBEDTLS_THREADING_IMPL
+#endif
+
+#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_C defined, single threading implementation required"
+#endif
+#undef MBEDTLS_THREADING_IMPL
+
+#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
+#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
+    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) ||      \
+    !defined(MBEDTLS_PK_PARSE_C) )
+#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
+    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) ||       \
+    !defined(MBEDTLS_PK_WRITE_C) )
+#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
+#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
+#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
+#endif
+
+/*
+ * Avoid warning from -pedantic. This is a convenient place for this
+ * workaround since this is included by every single file before the
+ * #if defined(MBEDTLS_xxx_C) that results in emtpy translation units.
+ */
+typedef int mbedtls_iso_c_forbids_empty_translation_units;
+
+#endif /* MBEDTLS_CHECK_CONFIG_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/cipher.h

@@ -0,0 +1,709 @@
+/**
+ * \file cipher.h
+ *
+ * \brief Generic cipher wrapper.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_CIPHER_H
+#define MBEDTLS_CIPHER_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+#define MBEDTLS_CIPHER_MODE_AEAD
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_CIPHER_MODE_WITH_PADDING
+#endif
+
+#if defined(MBEDTLS_ARC4_C)
+#define MBEDTLS_CIPHER_MODE_STREAM
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE            -0x6080  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA                 -0x6100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED                   -0x6180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_CIPHER_INVALID_PADDING                -0x6200  /**< Input data contains invalid padding and is rejected. */
+#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED            -0x6280  /**< Decryption of block requires a full block. */
+#define MBEDTLS_ERR_CIPHER_AUTH_FAILED                    -0x6300  /**< Authentication failed (for AEAD modes). */
+#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT              -0x6380  /**< The context is invalid, eg because it was free()ed. */
+
+#define MBEDTLS_CIPHER_VARIABLE_IV_LEN     0x01    /**< Cipher accepts IVs of variable length */
+#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN    0x02    /**< Cipher accepts keys of variable length */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+    MBEDTLS_CIPHER_ID_NONE = 0,
+    MBEDTLS_CIPHER_ID_NULL,
+    MBEDTLS_CIPHER_ID_AES,
+    MBEDTLS_CIPHER_ID_DES,
+    MBEDTLS_CIPHER_ID_3DES,
+    MBEDTLS_CIPHER_ID_CAMELLIA,
+    MBEDTLS_CIPHER_ID_BLOWFISH,
+    MBEDTLS_CIPHER_ID_ARC4,
+} mbedtls_cipher_id_t;
+
+typedef enum {
+    MBEDTLS_CIPHER_NONE = 0,
+    MBEDTLS_CIPHER_NULL,
+    MBEDTLS_CIPHER_AES_128_ECB,
+    MBEDTLS_CIPHER_AES_192_ECB,
+    MBEDTLS_CIPHER_AES_256_ECB,
+    MBEDTLS_CIPHER_AES_128_CBC,
+    MBEDTLS_CIPHER_AES_192_CBC,
+    MBEDTLS_CIPHER_AES_256_CBC,
+    MBEDTLS_CIPHER_AES_128_CFB128,
+    MBEDTLS_CIPHER_AES_192_CFB128,
+    MBEDTLS_CIPHER_AES_256_CFB128,
+    MBEDTLS_CIPHER_AES_128_CTR,
+    MBEDTLS_CIPHER_AES_192_CTR,
+    MBEDTLS_CIPHER_AES_256_CTR,
+    MBEDTLS_CIPHER_AES_128_GCM,
+    MBEDTLS_CIPHER_AES_192_GCM,
+    MBEDTLS_CIPHER_AES_256_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_128_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_192_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_256_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_128_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_192_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_256_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_128_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_192_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_256_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_128_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_192_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_256_GCM,
+    MBEDTLS_CIPHER_DES_ECB,
+    MBEDTLS_CIPHER_DES_CBC,
+    MBEDTLS_CIPHER_DES_EDE_ECB,
+    MBEDTLS_CIPHER_DES_EDE_CBC,
+    MBEDTLS_CIPHER_DES_EDE3_ECB,
+    MBEDTLS_CIPHER_DES_EDE3_CBC,
+    MBEDTLS_CIPHER_BLOWFISH_ECB,
+    MBEDTLS_CIPHER_BLOWFISH_CBC,
+    MBEDTLS_CIPHER_BLOWFISH_CFB64,
+    MBEDTLS_CIPHER_BLOWFISH_CTR,
+    MBEDTLS_CIPHER_ARC4_128,
+    MBEDTLS_CIPHER_AES_128_CCM,
+    MBEDTLS_CIPHER_AES_192_CCM,
+    MBEDTLS_CIPHER_AES_256_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_128_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_192_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_256_CCM,
+} mbedtls_cipher_type_t;
+
+typedef enum {
+    MBEDTLS_MODE_NONE = 0,
+    MBEDTLS_MODE_ECB,
+    MBEDTLS_MODE_CBC,
+    MBEDTLS_MODE_CFB,
+    MBEDTLS_MODE_OFB, /* Unused! */
+    MBEDTLS_MODE_CTR,
+    MBEDTLS_MODE_GCM,
+    MBEDTLS_MODE_STREAM,
+    MBEDTLS_MODE_CCM,
+} mbedtls_cipher_mode_t;
+
+typedef enum {
+    MBEDTLS_PADDING_PKCS7 = 0,     /**< PKCS7 padding (default)        */
+    MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding         */
+    MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding             */
+    MBEDTLS_PADDING_ZEROS,         /**< zero padding (not reversible!) */
+    MBEDTLS_PADDING_NONE,          /**< never pad (full blocks only)   */
+} mbedtls_cipher_padding_t;
+
+typedef enum {
+    MBEDTLS_OPERATION_NONE = -1,
+    MBEDTLS_DECRYPT = 0,
+    MBEDTLS_ENCRYPT,
+} mbedtls_operation_t;
+
+enum {
+    /** Undefined key length */
+    MBEDTLS_KEY_LENGTH_NONE = 0,
+    /** Key length, in bits (including parity), for DES keys */
+    MBEDTLS_KEY_LENGTH_DES  = 64,
+    /** Key length, in bits (including parity), for DES in two key EDE */
+    MBEDTLS_KEY_LENGTH_DES_EDE = 128,
+    /** Key length, in bits (including parity), for DES in three-key EDE */
+    MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
+};
+
+/** Maximum length of any IV, in bytes */
+#define MBEDTLS_MAX_IV_LENGTH      16
+/** Maximum block size of any cipher, in bytes */
+#define MBEDTLS_MAX_BLOCK_LENGTH   16
+
+/**
+ * Base cipher information (opaque struct).
+ */
+typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
+
+/**
+ * CMAC context (opaque struct).
+ */
+typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
+
+/**
+ * Cipher information. Allows cipher functions to be called in a generic way.
+ */
+typedef struct {
+    /** Full cipher identifier (e.g. MBEDTLS_CIPHER_AES_256_CBC) */
+    mbedtls_cipher_type_t type;
+
+    /** Cipher mode (e.g. MBEDTLS_MODE_CBC) */
+    mbedtls_cipher_mode_t mode;
+
+    /** Cipher key length, in bits (default length for variable sized ciphers)
+     *  (Includes parity bits for ciphers like DES) */
+    unsigned int key_bitlen;
+
+    /** Name of the cipher */
+    const char * name;
+
+    /** IV/NONCE size, in bytes.
+     *  For cipher that accept many sizes: recommended size */
+    unsigned int iv_size;
+
+    /** Flags for variable IV size, variable key size, etc. */
+    int flags;
+
+    /** block size, in bytes */
+    unsigned int block_size;
+
+    /** Base cipher information and functions */
+    const mbedtls_cipher_base_t *base;
+
+} mbedtls_cipher_info_t;
+
+/**
+ * Generic cipher context.
+ */
+typedef struct {
+    /** Information about the associated cipher */
+    const mbedtls_cipher_info_t *cipher_info;
+
+    /** Key length to use */
+    int key_bitlen;
+
+    /** Operation that the context's key has been initialised for */
+    mbedtls_operation_t operation;
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+    /** Padding functions to use, if relevant for cipher mode */
+    void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
+    int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
+#endif
+
+    /** Buffer for data that hasn't been encrypted yet */
+    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
+
+    /** Number of bytes that still need processing */
+    size_t unprocessed_len;
+
+    /** Current IV or NONCE_COUNTER for CTR-mode */
+    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
+
+    /** IV size in bytes (for ciphers with variable-length IVs) */
+    size_t iv_size;
+
+    /** Cipher-specific context */
+    void *cipher_ctx;
+
+#if defined(MBEDTLS_CMAC_C)
+    /** CMAC Specific context */
+    mbedtls_cmac_context_t *cmac_ctx;
+#endif
+} mbedtls_cipher_context_t;
+
+/**
+ * \brief Returns the list of ciphers supported by the generic cipher module.
+ *
+ * \return              a statically allocated array of ciphers, the last entry
+ *                      is 0.
+ */
+const int *mbedtls_cipher_list( void );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher name.
+ *
+ * \param cipher_name   Name of the cipher to search for.
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_name, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher type.
+ *
+ * \param cipher_type   Type of the cipher to search for.
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_type, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher id, key size and mode.
+ *
+ * \param cipher_id     Id of the cipher to search for
+ *                      (e.g. MBEDTLS_CIPHER_ID_AES)
+ * \param key_bitlen    Length of the key in bits
+ * \param mode          Cipher mode (e.g. MBEDTLS_MODE_CBC)
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_type, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
+                                              int key_bitlen,
+                                              const mbedtls_cipher_mode_t mode );
+
+/**
+ * \brief               Initialize a cipher_context (as NONE)
+ */
+void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
+
+/**
+ * \brief               Free and clear the cipher-specific context of ctx.
+ *                      Freeing ctx itself remains the responsibility of the
+ *                      caller.
+ */
+void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
+
+/**
+ * \brief               Initialises and fills the cipher context structure with
+ *                      the appropriate values.
+ *
+ * \note                Currently also clears structure. In future versions you
+ *                      will be required to call mbedtls_cipher_init() on the structure
+ *                      first.
+ *
+ * \param ctx           context to initialise. May not be NULL.
+ * \param cipher_info   cipher to use.
+ *
+ * \return              0 on success,
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
+ *                      MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
+ *                      cipher-specific context failed.
+ */
+int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
+
+/**
+ * \brief               Returns the block size of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              size of the cipher's blocks, or 0 if ctx has not been
+ *                      initialised.
+ */
+static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    return ctx->cipher_info->block_size;
+}
+
+/**
+ * \brief               Returns the mode of operation for the cipher.
+ *                      (e.g. MBEDTLS_MODE_CBC)
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              mode of operation, or MBEDTLS_MODE_NONE if ctx
+ *                      has not been initialised.
+ */
+static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_MODE_NONE;
+
+    return ctx->cipher_info->mode;
+}
+
+/**
+ * \brief               Returns the size of the cipher's IV/NONCE in bytes.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              If IV has not been set yet: (recommended) IV size
+ *                      (0 for ciphers not using IV/NONCE).
+ *                      If IV has already been set: actual size.
+ */
+static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    if( ctx->iv_size != 0 )
+        return (int) ctx->iv_size;
+
+    return (int) ctx->cipher_info->iv_size;
+}
+
+/**
+ * \brief               Returns the type of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              type of the cipher, or MBEDTLS_CIPHER_NONE if ctx has
+ *                      not been initialised.
+ */
+static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_CIPHER_NONE;
+
+    return ctx->cipher_info->type;
+}
+
+/**
+ * \brief               Returns the name of the given cipher, as a string.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              name of the cipher, or NULL if ctx was not initialised.
+ */
+static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    return ctx->cipher_info->name;
+}
+
+/**
+ * \brief               Returns the key length of the cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              cipher's key length, in bits, or
+ *                      MBEDTLS_KEY_LENGTH_NONE if ctx has not been
+ *                      initialised.
+ */
+static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_KEY_LENGTH_NONE;
+
+    return (int) ctx->cipher_info->key_bitlen;
+}
+
+/**
+ * \brief               Returns the operation of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              operation (MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT),
+ *                      or MBEDTLS_OPERATION_NONE if ctx has not been
+ *                      initialised.
+ */
+static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_OPERATION_NONE;
+
+    return ctx->operation;
+}
+
+/**
+ * \brief               Set the key to use with the given context.
+ *
+ * \param ctx           generic cipher context. May not be NULL. Must have been
+ *                      initialised using cipher_context_from_type or
+ *                      cipher_context_from_string.
+ * \param key           The key to use.
+ * \param key_bitlen    key length to use, in bits.
+ * \param operation     Operation that the key will be used for, either
+ *                      MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails or a cipher specific
+ *                      error code.
+ */
+int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
+                   int key_bitlen, const mbedtls_operation_t operation );
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+/**
+ * \brief               Set padding mode, for cipher modes that use padding.
+ *                      (Default: PKCS7 padding.)
+ *
+ * \param ctx           generic cipher context
+ * \param mode          padding mode
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+ *                      if selected padding mode is not supported, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
+ *                      does not support padding.
+ */
+int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
+
+/**
+ * \brief               Set the initialization vector (IV) or nonce
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ *
+ * \returns             0 on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+ *
+ * \note                Some ciphers don't use IVs nor NONCE. For these
+ *                      ciphers, this function has no effect.
+ */
+int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
+                   const unsigned char *iv, size_t iv_len );
+
+/**
+ * \brief               Finish preparation of the given context
+ *
+ * \param ctx           generic cipher context
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+ *                      if parameter verification fails.
+ */
+int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
+
+#if defined(MBEDTLS_GCM_C)
+/**
+ * \brief               Add additional data (for AEAD ciphers).
+ *                      Currently only supported with GCM.
+ *                      Must be called exactly once, after mbedtls_cipher_reset().
+ *
+ * \param ctx           generic cipher context
+ * \param ad            Additional data to use.
+ * \param ad_len        Length of ad.
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
+                      const unsigned char *ad, size_t ad_len );
+#endif /* MBEDTLS_GCM_C */
+
+/**
+ * \brief               Generic cipher update function. Encrypts/decrypts
+ *                      using the given cipher context. Writes as many block
+ *                      size'd blocks of data as possible to output. Any data
+ *                      that cannot be written immediately will either be added
+ *                      to the next block, or flushed when cipher_final is
+ *                      called.
+ *                      Exception: for MBEDTLS_MODE_ECB, expects single block
+ *                                 in size (e.g. 16 bytes for AES)
+ *
+ * \param ctx           generic cipher context
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data. Should be able to hold at
+ *                      least ilen + block_size. Cannot be the same buffer as
+ *                      input!
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails,
+ *                      MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
+ *                      unsupported mode for a cipher or a cipher specific
+ *                      error code.
+ *
+ * \note                If the underlying cipher is GCM, all calls to this
+ *                      function, except the last one before mbedtls_cipher_finish(),
+ *                      must have ilen a multiple of the block size.
+ */
+int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
+                   size_t ilen, unsigned char *output, size_t *olen );
+
+/**
+ * \brief               Generic cipher finalisation function. If data still
+ *                      needs to be flushed from an incomplete block, data
+ *                      contained within it will be padded with the size of
+ *                      the last block, and written to the output buffer.
+ *
+ * \param ctx           Generic cipher context
+ * \param output        buffer to write data to. Needs block_size available.
+ * \param olen          length of the data written to the output buffer.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails,
+ *                      MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
+ *                      expected a full block but was not provided one,
+ *                      MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+ *                      while decrypting or a cipher specific error code.
+ */
+int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
+                   unsigned char *output, size_t *olen );
+
+#if defined(MBEDTLS_GCM_C)
+/**
+ * \brief               Write tag for AEAD ciphers.
+ *                      Currently only supported with GCM.
+ *                      Must be called after mbedtls_cipher_finish().
+ *
+ * \param ctx           Generic cipher context
+ * \param tag           buffer to write the tag
+ * \param tag_len       Length of the tag to write
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
+                      unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief               Check tag for AEAD ciphers.
+ *                      Currently only supported with GCM.
+ *                      Must be called after mbedtls_cipher_finish().
+ *
+ * \param ctx           Generic cipher context
+ * \param tag           Buffer holding the tag
+ * \param tag_len       Length of the tag to check
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
+                      const unsigned char *tag, size_t tag_len );
+#endif /* MBEDTLS_GCM_C */
+
+/**
+ * \brief               Generic all-in-one encryption/decryption
+ *                      (for all ciphers except AEAD constructs).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data. Should be able to hold at
+ *                      least ilen + block_size. Cannot be the same buffer as
+ *                      input!
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ *
+ * \note                Some ciphers don't use IVs nor NONCE. For these
+ *                      ciphers, use iv = NULL and iv_len = 0.
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
+ *                      expected a full block but was not provided one, or
+ *                      MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+ *                      while decrypting, or
+ *                      a cipher specific error code.
+ */
+int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
+                  const unsigned char *iv, size_t iv_len,
+                  const unsigned char *input, size_t ilen,
+                  unsigned char *output, size_t *olen );
+
+#if defined(MBEDTLS_CIPHER_MODE_AEAD)
+/**
+ * \brief               Generic autenticated encryption (AEAD ciphers).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param ad            Additional data to authenticate.
+ * \param ad_len        Length of ad.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data.
+ *                      Should be able to hold at least ilen.
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ * \param tag           buffer for the authentication tag
+ * \param tag_len       desired tag length
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      a cipher specific error code.
+ */
+int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *ad, size_t ad_len,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen,
+                         unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief               Generic autenticated decryption (AEAD ciphers).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param ad            Additional data to be authenticated.
+ * \param ad_len        Length of ad.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data.
+ *                      Should be able to hold at least ilen.
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ * \param tag           buffer holding the authentication tag
+ * \param tag_len       length of the authentication tag
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_CIPHER_AUTH_FAILED if data isn't authentic,
+ *                      or a cipher specific error code.
+ *
+ * \note                If the data is not authentic, then the output buffer
+ *                      is zeroed out to prevent the unauthentic plaintext to
+ *                      be used by mistake, making this interface safer.
+ */
+int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *ad, size_t ad_len,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen,
+                         const unsigned char *tag, size_t tag_len );
+#endif /* MBEDTLS_CIPHER_MODE_AEAD */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CIPHER_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/cipher_internal.h

@@ -0,0 +1,109 @@
+/**
+ * \file cipher_internal.h
+ *
+ * \brief Cipher wrappers.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CIPHER_WRAP_H
+#define MBEDTLS_CIPHER_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "cipher.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Base cipher information. The non-mode specific functions and values.
+ */
+struct mbedtls_cipher_base_t
+{
+    /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
+    mbedtls_cipher_id_t cipher;
+
+    /** Encrypt using ECB */
+    int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
+                     const unsigned char *input, unsigned char *output );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    /** Encrypt using CBC */
+    int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
+                     unsigned char *iv, const unsigned char *input,
+                     unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    /** Encrypt using CFB (Full length) */
+    int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
+                     unsigned char *iv, const unsigned char *input,
+                     unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    /** Encrypt using CTR */
+    int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
+                     unsigned char *nonce_counter, unsigned char *stream_block,
+                     const unsigned char *input, unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    /** Encrypt using STREAM */
+    int (*stream_func)( void *ctx, size_t length,
+                        const unsigned char *input, unsigned char *output );
+#endif
+
+    /** Set key for encryption purposes */
+    int (*setkey_enc_func)( void *ctx, const unsigned char *key,
+                            unsigned int key_bitlen );
+
+    /** Set key for decryption purposes */
+    int (*setkey_dec_func)( void *ctx, const unsigned char *key,
+                            unsigned int key_bitlen);
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+};
+
+typedef struct
+{
+    mbedtls_cipher_type_t type;
+    const mbedtls_cipher_info_t *info;
+} mbedtls_cipher_definition_t;
+
+extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
+
+extern int mbedtls_cipher_supported[];
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CIPHER_WRAP_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/cmac.h

@@ -0,0 +1,166 @@
+/**
+ * \file cmac.h
+ *
+ * \brief Cipher-based Message Authentication Code (CMAC) Mode for
+ *        Authentication
+ *
+ *  Copyright (C) 2015-2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CMAC_H
+#define MBEDTLS_CMAC_H
+
+#include "mbedtls/cipher.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define MBEDTLS_AES_BLOCK_SIZE          16
+#define MBEDTLS_DES3_BLOCK_SIZE         8
+
+#if defined(MBEDTLS_AES_C)
+#define MBEDTLS_CIPHER_BLKSIZE_MAX      16  /* longest used by CMAC is AES */
+#else
+#define MBEDTLS_CIPHER_BLKSIZE_MAX      8   /* longest used by CMAC is 3DES */
+#endif
+
+/**
+ * CMAC context structure - Contains internal state information only
+ */
+struct mbedtls_cmac_context_t
+{
+    /** Internal state of the CMAC algorithm  */
+    unsigned char       state[MBEDTLS_CIPHER_BLKSIZE_MAX];
+
+    /** Unprocessed data - either data that was not block aligned and is still
+     *  pending to be processed, or the final block */
+    unsigned char       unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
+
+    /** Length of data pending to be processed */
+    size_t              unprocessed_len;
+};
+
+/**
+ * \brief               Set the CMAC key and prepare to authenticate the input
+ *                      data.
+ *                      Should be called with an initialised cipher context.
+ *
+ * \param ctx           Cipher context
+ * \param key           CMAC key
+ * \param keybits       length of the CMAC key in bits
+ *                      (must be acceptable by the cipher)
+ *
+ * \return              0 if successful, or a cipher specific error code
+ */
+int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
+                                const unsigned char *key, size_t keybits );
+
+/**
+ * \brief               Generic CMAC process buffer.
+ *                      Called between mbedtls_cipher_cmac_starts() or
+ *                      mbedtls_cipher_cmac_reset() and
+ *                      mbedtls_cipher_cmac_finish().
+ *                      May be called repeatedly.
+ *
+ * \param ctx           CMAC context
+ * \param input         buffer holding the  data
+ * \param ilen          length of the input data
+ *
+ * \returns             0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                      verification fails.
+ */
+int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
+                                const unsigned char *input, size_t ilen );
+
+/**
+ * \brief               Output CMAC.
+ *                      Called after mbedtls_cipher_cmac_update().
+ *                      Usually followed by mbedtls_cipher_cmac_reset(), then
+ *                      mbedtls_cipher_cmac_starts(), or mbedtls_cipher_free().
+ *
+ * \param ctx           CMAC context
+ * \param output        Generic CMAC checksum result
+ *
+ * \returns             0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                      verification fails.
+ */
+int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
+                                unsigned char *output );
+
+/**
+ * \brief               Prepare to authenticate a new message with the same key.
+ *                      Called after mbedtls_cipher_cmac_finish() and before
+ *                      mbedtls_cipher_cmac_update().
+ *
+ * \param ctx           CMAC context to be reset
+ *
+ * \returns             0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                      verification fails.
+ */
+int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
+
+/**
+ * \brief               Output = Generic_CMAC( hmac key, input buffer )
+ *
+ * \param cipher_info   message digest info
+ * \param key           CMAC key
+ * \param keylen        length of the CMAC key in bits
+ * \param input         buffer holding the  data
+ * \param ilen          length of the input data
+ * \param output        Generic CMAC-result
+ *
+ * \returns             0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                      verification fails.
+ */
+int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
+                         const unsigned char *key, size_t keylen,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output );
+
+#if defined(MBEDTLS_AES_C)
+/**
+ * \brief           AES-CMAC-128-PRF
+ *                  Implementation of (AES-CMAC-PRF-128), as defined in RFC 4615
+ *
+ * \param key       PRF key
+ * \param key_len   PRF key length in bytes
+ * \param input     buffer holding the input data
+ * \param in_len    length of the input data in bytes
+ * \param output    buffer holding the generated pseudorandom output (16 bytes)
+ *
+ * \return          0 if successful
+ */
+int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
+                              const unsigned char *input, size_t in_len,
+                              unsigned char output[16] );
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_cmac_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CMAC_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/compat-1.3.h

@@ -0,0 +1,2634 @@
+/**
+ * \file compat-1.3.h
+ *
+ * \brief Compatibility definitions for using mbed TLS with client code written
+ *  for the PolarSSL naming conventions.
+ *
+ * \deprecated Use the new names directly instead
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "Including compat-1.3.h is deprecated"
+#endif
+
+#ifndef MBEDTLS_COMPAT13_H
+#define MBEDTLS_COMPAT13_H
+
+/*
+ * config.h options
+ */
+#if defined MBEDTLS_AESNI_C
+#define POLARSSL_AESNI_C MBEDTLS_AESNI_C
+#endif
+#if defined MBEDTLS_AES_ALT
+#define POLARSSL_AES_ALT MBEDTLS_AES_ALT
+#endif
+#if defined MBEDTLS_AES_C
+#define POLARSSL_AES_C MBEDTLS_AES_C
+#endif
+#if defined MBEDTLS_AES_ROM_TABLES
+#define POLARSSL_AES_ROM_TABLES MBEDTLS_AES_ROM_TABLES
+#endif
+#if defined MBEDTLS_ARC4_ALT
+#define POLARSSL_ARC4_ALT MBEDTLS_ARC4_ALT
+#endif
+#if defined MBEDTLS_ARC4_C
+#define POLARSSL_ARC4_C MBEDTLS_ARC4_C
+#endif
+#if defined MBEDTLS_ASN1_PARSE_C
+#define POLARSSL_ASN1_PARSE_C MBEDTLS_ASN1_PARSE_C
+#endif
+#if defined MBEDTLS_ASN1_WRITE_C
+#define POLARSSL_ASN1_WRITE_C MBEDTLS_ASN1_WRITE_C
+#endif
+#if defined MBEDTLS_BASE64_C
+#define POLARSSL_BASE64_C MBEDTLS_BASE64_C
+#endif
+#if defined MBEDTLS_BIGNUM_C
+#define POLARSSL_BIGNUM_C MBEDTLS_BIGNUM_C
+#endif
+#if defined MBEDTLS_BLOWFISH_ALT
+#define POLARSSL_BLOWFISH_ALT MBEDTLS_BLOWFISH_ALT
+#endif
+#if defined MBEDTLS_BLOWFISH_C
+#define POLARSSL_BLOWFISH_C MBEDTLS_BLOWFISH_C
+#endif
+#if defined MBEDTLS_CAMELLIA_ALT
+#define POLARSSL_CAMELLIA_ALT MBEDTLS_CAMELLIA_ALT
+#endif
+#if defined MBEDTLS_CAMELLIA_C
+#define POLARSSL_CAMELLIA_C MBEDTLS_CAMELLIA_C
+#endif
+#if defined MBEDTLS_CAMELLIA_SMALL_MEMORY
+#define POLARSSL_CAMELLIA_SMALL_MEMORY MBEDTLS_CAMELLIA_SMALL_MEMORY
+#endif
+#if defined MBEDTLS_CCM_C
+#define POLARSSL_CCM_C MBEDTLS_CCM_C
+#endif
+#if defined MBEDTLS_CERTS_C
+#define POLARSSL_CERTS_C MBEDTLS_CERTS_C
+#endif
+#if defined MBEDTLS_CIPHER_C
+#define POLARSSL_CIPHER_C MBEDTLS_CIPHER_C
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CBC
+#define POLARSSL_CIPHER_MODE_CBC MBEDTLS_CIPHER_MODE_CBC
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CFB
+#define POLARSSL_CIPHER_MODE_CFB MBEDTLS_CIPHER_MODE_CFB
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CTR
+#define POLARSSL_CIPHER_MODE_CTR MBEDTLS_CIPHER_MODE_CTR
+#endif
+#if defined MBEDTLS_CIPHER_NULL_CIPHER
+#define POLARSSL_CIPHER_NULL_CIPHER MBEDTLS_CIPHER_NULL_CIPHER
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_PKCS7
+#define POLARSSL_CIPHER_PADDING_PKCS7 MBEDTLS_CIPHER_PADDING_PKCS7
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ZEROS
+#define POLARSSL_CIPHER_PADDING_ZEROS MBEDTLS_CIPHER_PADDING_ZEROS
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#endif
+#if defined MBEDTLS_CTR_DRBG_C
+#define POLARSSL_CTR_DRBG_C MBEDTLS_CTR_DRBG_C
+#endif
+#if defined MBEDTLS_DEBUG_C
+#define POLARSSL_DEBUG_C MBEDTLS_DEBUG_C
+#endif
+#if defined MBEDTLS_DEPRECATED_REMOVED
+#define POLARSSL_DEPRECATED_REMOVED MBEDTLS_DEPRECATED_REMOVED
+#endif
+#if defined MBEDTLS_DEPRECATED_WARNING
+#define POLARSSL_DEPRECATED_WARNING MBEDTLS_DEPRECATED_WARNING
+#endif
+#if defined MBEDTLS_DES_ALT
+#define POLARSSL_DES_ALT MBEDTLS_DES_ALT
+#endif
+#if defined MBEDTLS_DES_C
+#define POLARSSL_DES_C MBEDTLS_DES_C
+#endif
+#if defined MBEDTLS_DHM_C
+#define POLARSSL_DHM_C MBEDTLS_DHM_C
+#endif
+#if defined MBEDTLS_ECDH_C
+#define POLARSSL_ECDH_C MBEDTLS_ECDH_C
+#endif
+#if defined MBEDTLS_ECDSA_C
+#define POLARSSL_ECDSA_C MBEDTLS_ECDSA_C
+#endif
+#if defined MBEDTLS_ECDSA_DETERMINISTIC
+#define POLARSSL_ECDSA_DETERMINISTIC MBEDTLS_ECDSA_DETERMINISTIC
+#endif
+#if defined MBEDTLS_ECP_C
+#define POLARSSL_ECP_C MBEDTLS_ECP_C
+#endif
+#if defined MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define POLARSSL_ECP_DP_BP256R1_ENABLED MBEDTLS_ECP_DP_BP256R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define POLARSSL_ECP_DP_BP384R1_ENABLED MBEDTLS_ECP_DP_BP384R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define POLARSSL_ECP_DP_BP512R1_ENABLED MBEDTLS_ECP_DP_BP512R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define POLARSSL_ECP_DP_M255_ENABLED MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define POLARSSL_ECP_DP_SECP192K1_ENABLED MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define POLARSSL_ECP_DP_SECP192R1_ENABLED MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define POLARSSL_ECP_DP_SECP224K1_ENABLED MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define POLARSSL_ECP_DP_SECP224R1_ENABLED MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define POLARSSL_ECP_DP_SECP256K1_ENABLED MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define POLARSSL_ECP_DP_SECP256R1_ENABLED MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define POLARSSL_ECP_DP_SECP384R1_ENABLED MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define POLARSSL_ECP_DP_SECP521R1_ENABLED MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_FIXED_POINT_OPTIM
+#define POLARSSL_ECP_FIXED_POINT_OPTIM MBEDTLS_ECP_FIXED_POINT_OPTIM
+#endif
+#if defined MBEDTLS_ECP_MAX_BITS
+#define POLARSSL_ECP_MAX_BITS MBEDTLS_ECP_MAX_BITS
+#endif
+#if defined MBEDTLS_ECP_NIST_OPTIM
+#define POLARSSL_ECP_NIST_OPTIM MBEDTLS_ECP_NIST_OPTIM
+#endif
+#if defined MBEDTLS_ECP_WINDOW_SIZE
+#define POLARSSL_ECP_WINDOW_SIZE MBEDTLS_ECP_WINDOW_SIZE
+#endif
+#if defined MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+#define POLARSSL_ENABLE_WEAK_CIPHERSUITES MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+#endif
+#if defined MBEDTLS_ENTROPY_C
+#define POLARSSL_ENTROPY_C MBEDTLS_ENTROPY_C
+#endif
+#if defined MBEDTLS_ENTROPY_FORCE_SHA256
+#define POLARSSL_ENTROPY_FORCE_SHA256 MBEDTLS_ENTROPY_FORCE_SHA256
+#endif
+#if defined MBEDTLS_ERROR_C
+#define POLARSSL_ERROR_C MBEDTLS_ERROR_C
+#endif
+#if defined MBEDTLS_ERROR_STRERROR_BC
+#define POLARSSL_ERROR_STRERROR_BC MBEDTLS_ERROR_STRERROR_BC
+#endif
+#if defined MBEDTLS_ERROR_STRERROR_DUMMY
+#define POLARSSL_ERROR_STRERROR_DUMMY MBEDTLS_ERROR_STRERROR_DUMMY
+#endif
+#if defined MBEDTLS_FS_IO
+#define POLARSSL_FS_IO MBEDTLS_FS_IO
+#endif
+#if defined MBEDTLS_GCM_C
+#define POLARSSL_GCM_C MBEDTLS_GCM_C
+#endif
+#if defined MBEDTLS_GENPRIME
+#define POLARSSL_GENPRIME MBEDTLS_GENPRIME
+#endif
+#if defined MBEDTLS_HAVEGE_C
+#define POLARSSL_HAVEGE_C MBEDTLS_HAVEGE_C
+#endif
+#if defined MBEDTLS_HAVE_ASM
+#define POLARSSL_HAVE_ASM MBEDTLS_HAVE_ASM
+#endif
+#if defined MBEDTLS_HAVE_SSE2
+#define POLARSSL_HAVE_SSE2 MBEDTLS_HAVE_SSE2
+#endif
+#if defined MBEDTLS_HAVE_TIME
+#define POLARSSL_HAVE_TIME MBEDTLS_HAVE_TIME
+#endif
+#if defined MBEDTLS_HMAC_DRBG_C
+#define POLARSSL_HMAC_DRBG_C MBEDTLS_HMAC_DRBG_C
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_INPUT
+#define POLARSSL_HMAC_DRBG_MAX_INPUT MBEDTLS_HMAC_DRBG_MAX_INPUT
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_REQUEST
+#define POLARSSL_HMAC_DRBG_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
+#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
+#endif
+#if defined MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
+#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#endif
+#if defined MBEDTLS_MD2_ALT
+#define POLARSSL_MD2_ALT MBEDTLS_MD2_ALT
+#endif
+#if defined MBEDTLS_MD2_C
+#define POLARSSL_MD2_C MBEDTLS_MD2_C
+#endif
+#if defined MBEDTLS_MD2_PROCESS_ALT
+#define POLARSSL_MD2_PROCESS_ALT MBEDTLS_MD2_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD4_ALT
+#define POLARSSL_MD4_ALT MBEDTLS_MD4_ALT
+#endif
+#if defined MBEDTLS_MD4_C
+#define POLARSSL_MD4_C MBEDTLS_MD4_C
+#endif
+#if defined MBEDTLS_MD4_PROCESS_ALT
+#define POLARSSL_MD4_PROCESS_ALT MBEDTLS_MD4_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD5_ALT
+#define POLARSSL_MD5_ALT MBEDTLS_MD5_ALT
+#endif
+#if defined MBEDTLS_MD5_C
+#define POLARSSL_MD5_C MBEDTLS_MD5_C
+#endif
+#if defined MBEDTLS_MD5_PROCESS_ALT
+#define POLARSSL_MD5_PROCESS_ALT MBEDTLS_MD5_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD_C
+#define POLARSSL_MD_C MBEDTLS_MD_C
+#endif
+#if defined MBEDTLS_MEMORY_ALIGN_MULTIPLE
+#define POLARSSL_MEMORY_ALIGN_MULTIPLE MBEDTLS_MEMORY_ALIGN_MULTIPLE
+#endif
+#if defined MBEDTLS_MEMORY_BACKTRACE
+#define POLARSSL_MEMORY_BACKTRACE MBEDTLS_MEMORY_BACKTRACE
+#endif
+#if defined MBEDTLS_MEMORY_BUFFER_ALLOC_C
+#define POLARSSL_MEMORY_BUFFER_ALLOC_C MBEDTLS_MEMORY_BUFFER_ALLOC_C
+#endif
+#if defined MBEDTLS_MEMORY_C
+#define POLARSSL_MEMORY_C MBEDTLS_MEMORY_C
+#endif
+#if defined MBEDTLS_MEMORY_DEBUG
+#define POLARSSL_MEMORY_DEBUG MBEDTLS_MEMORY_DEBUG
+#endif
+#if defined MBEDTLS_MPI_MAX_SIZE
+#define POLARSSL_MPI_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+#if defined MBEDTLS_MPI_WINDOW_SIZE
+#define POLARSSL_MPI_WINDOW_SIZE MBEDTLS_MPI_WINDOW_SIZE
+#endif
+#if defined MBEDTLS_NET_C
+#define POLARSSL_NET_C MBEDTLS_NET_C
+#endif
+#if defined MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#endif
+#if defined MBEDTLS_NO_PLATFORM_ENTROPY
+#define POLARSSL_NO_PLATFORM_ENTROPY MBEDTLS_NO_PLATFORM_ENTROPY
+#endif
+#if defined MBEDTLS_OID_C
+#define POLARSSL_OID_C MBEDTLS_OID_C
+#endif
+#if defined MBEDTLS_PADLOCK_C
+#define POLARSSL_PADLOCK_C MBEDTLS_PADLOCK_C
+#endif
+#if defined MBEDTLS_PBKDF2_C
+#define POLARSSL_PBKDF2_C MBEDTLS_PBKDF2_C
+#endif
+#if defined MBEDTLS_PEM_PARSE_C
+#define POLARSSL_PEM_PARSE_C MBEDTLS_PEM_PARSE_C
+#endif
+#if defined MBEDTLS_PEM_WRITE_C
+#define POLARSSL_PEM_WRITE_C MBEDTLS_PEM_WRITE_C
+#endif
+#if defined MBEDTLS_PKCS11_C
+#define POLARSSL_PKCS11_C MBEDTLS_PKCS11_C
+#endif
+#if defined MBEDTLS_PKCS12_C
+#define POLARSSL_PKCS12_C MBEDTLS_PKCS12_C
+#endif
+#if defined MBEDTLS_PKCS1_V15
+#define POLARSSL_PKCS1_V15 MBEDTLS_PKCS1_V15
+#endif
+#if defined MBEDTLS_PKCS1_V21
+#define POLARSSL_PKCS1_V21 MBEDTLS_PKCS1_V21
+#endif
+#if defined MBEDTLS_PKCS5_C
+#define POLARSSL_PKCS5_C MBEDTLS_PKCS5_C
+#endif
+#if defined MBEDTLS_PK_C
+#define POLARSSL_PK_C MBEDTLS_PK_C
+#endif
+#if defined MBEDTLS_PK_PARSE_C
+#define POLARSSL_PK_PARSE_C MBEDTLS_PK_PARSE_C
+#endif
+#if defined MBEDTLS_PK_PARSE_EC_EXTENDED
+#define POLARSSL_PK_PARSE_EC_EXTENDED MBEDTLS_PK_PARSE_EC_EXTENDED
+#endif
+#if defined MBEDTLS_PK_RSA_ALT_SUPPORT
+#define POLARSSL_PK_RSA_ALT_SUPPORT MBEDTLS_PK_RSA_ALT_SUPPORT
+#endif
+#if defined MBEDTLS_PK_WRITE_C
+#define POLARSSL_PK_WRITE_C MBEDTLS_PK_WRITE_C
+#endif
+#if defined MBEDTLS_PLATFORM_C
+#define POLARSSL_PLATFORM_C MBEDTLS_PLATFORM_C
+#endif
+#if defined MBEDTLS_PLATFORM_EXIT_ALT
+#define POLARSSL_PLATFORM_EXIT_ALT MBEDTLS_PLATFORM_EXIT_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_EXIT_MACRO
+#define POLARSSL_PLATFORM_EXIT_MACRO MBEDTLS_PLATFORM_EXIT_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_FPRINTF_ALT
+#define POLARSSL_PLATFORM_FPRINTF_ALT MBEDTLS_PLATFORM_FPRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_FPRINTF_MACRO
+#define POLARSSL_PLATFORM_FPRINTF_MACRO MBEDTLS_PLATFORM_FPRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_FREE_MACRO
+#define POLARSSL_PLATFORM_FREE_MACRO MBEDTLS_PLATFORM_FREE_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_MEMORY
+#define POLARSSL_PLATFORM_MEMORY MBEDTLS_PLATFORM_MEMORY
+#endif
+#if defined MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#endif
+#if defined MBEDTLS_PLATFORM_PRINTF_ALT
+#define POLARSSL_PLATFORM_PRINTF_ALT MBEDTLS_PLATFORM_PRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_PRINTF_MACRO
+#define POLARSSL_PLATFORM_PRINTF_MACRO MBEDTLS_PLATFORM_PRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_SNPRINTF_ALT
+#define POLARSSL_PLATFORM_SNPRINTF_ALT MBEDTLS_PLATFORM_SNPRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#define POLARSSL_PLATFORM_SNPRINTF_MACRO MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_STD_EXIT
+#define POLARSSL_PLATFORM_STD_EXIT MBEDTLS_PLATFORM_STD_EXIT
+#endif
+#if defined MBEDTLS_PLATFORM_STD_FPRINTF
+#define POLARSSL_PLATFORM_STD_FPRINTF MBEDTLS_PLATFORM_STD_FPRINTF
+#endif
+#if defined MBEDTLS_PLATFORM_STD_FREE
+#define POLARSSL_PLATFORM_STD_FREE MBEDTLS_PLATFORM_STD_FREE
+#endif
+#if defined MBEDTLS_PLATFORM_STD_MALLOC
+#define POLARSSL_PLATFORM_STD_MALLOC MBEDTLS_PLATFORM_STD_MALLOC
+#endif
+#if defined MBEDTLS_PLATFORM_STD_MEM_HDR
+#define POLARSSL_PLATFORM_STD_MEM_HDR MBEDTLS_PLATFORM_STD_MEM_HDR
+#endif
+#if defined MBEDTLS_PLATFORM_STD_PRINTF
+#define POLARSSL_PLATFORM_STD_PRINTF MBEDTLS_PLATFORM_STD_PRINTF
+#endif
+#if defined MBEDTLS_PLATFORM_STD_SNPRINTF
+#define POLARSSL_PLATFORM_STD_SNPRINTF MBEDTLS_PLATFORM_STD_SNPRINTF
+#endif
+#if defined MBEDTLS_PSK_MAX_LEN
+#define POLARSSL_PSK_MAX_LEN MBEDTLS_PSK_MAX_LEN
+#endif
+#if defined MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#define POLARSSL_REMOVE_ARC4_CIPHERSUITES MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#endif
+#if defined MBEDTLS_RIPEMD160_ALT
+#define POLARSSL_RIPEMD160_ALT MBEDTLS_RIPEMD160_ALT
+#endif
+#if defined MBEDTLS_RIPEMD160_C
+#define POLARSSL_RIPEMD160_C MBEDTLS_RIPEMD160_C
+#endif
+#if defined MBEDTLS_RIPEMD160_PROCESS_ALT
+#define POLARSSL_RIPEMD160_PROCESS_ALT MBEDTLS_RIPEMD160_PROCESS_ALT
+#endif
+#if defined MBEDTLS_RSA_C
+#define POLARSSL_RSA_C MBEDTLS_RSA_C
+#endif
+#if defined MBEDTLS_RSA_NO_CRT
+#define POLARSSL_RSA_NO_CRT MBEDTLS_RSA_NO_CRT
+#endif
+#if defined MBEDTLS_SELF_TEST
+#define POLARSSL_SELF_TEST MBEDTLS_SELF_TEST
+#endif
+#if defined MBEDTLS_SHA1_ALT
+#define POLARSSL_SHA1_ALT MBEDTLS_SHA1_ALT
+#endif
+#if defined MBEDTLS_SHA1_C
+#define POLARSSL_SHA1_C MBEDTLS_SHA1_C
+#endif
+#if defined MBEDTLS_SHA1_PROCESS_ALT
+#define POLARSSL_SHA1_PROCESS_ALT MBEDTLS_SHA1_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SHA256_ALT
+#define POLARSSL_SHA256_ALT MBEDTLS_SHA256_ALT
+#endif
+#if defined MBEDTLS_SHA256_C
+#define POLARSSL_SHA256_C MBEDTLS_SHA256_C
+#endif
+#if defined MBEDTLS_SHA256_PROCESS_ALT
+#define POLARSSL_SHA256_PROCESS_ALT MBEDTLS_SHA256_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SHA512_ALT
+#define POLARSSL_SHA512_ALT MBEDTLS_SHA512_ALT
+#endif
+#if defined MBEDTLS_SHA512_C
+#define POLARSSL_SHA512_C MBEDTLS_SHA512_C
+#endif
+#if defined MBEDTLS_SHA512_PROCESS_ALT
+#define POLARSSL_SHA512_PROCESS_ALT MBEDTLS_SHA512_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SSL_AEAD_RANDOM_IV
+#define POLARSSL_SSL_AEAD_RANDOM_IV MBEDTLS_SSL_AEAD_RANDOM_IV
+#endif
+#if defined MBEDTLS_SSL_ALERT_MESSAGES
+#define POLARSSL_SSL_ALERT_MESSAGES MBEDTLS_SSL_ALERT_MESSAGES
+#endif
+#if defined MBEDTLS_SSL_ALL_ALERT_MESSAGES
+#define POLARSSL_SSL_ALL_ALERT_MESSAGES MBEDTLS_SSL_ALL_ALERT_MESSAGES
+#endif
+#if defined MBEDTLS_SSL_ALPN
+#define POLARSSL_SSL_ALPN MBEDTLS_SSL_ALPN
+#endif
+#if defined MBEDTLS_SSL_CACHE_C
+#define POLARSSL_SSL_CACHE_C MBEDTLS_SSL_CACHE_C
+#endif
+#if defined MBEDTLS_SSL_CBC_RECORD_SPLITTING
+#define POLARSSL_SSL_CBC_RECORD_SPLITTING MBEDTLS_SSL_CBC_RECORD_SPLITTING
+#endif
+#if defined MBEDTLS_SSL_CLI_C
+#define POLARSSL_SSL_CLI_C MBEDTLS_SSL_CLI_C
+#endif
+#if defined MBEDTLS_SSL_COOKIE_C
+#define POLARSSL_SSL_COOKIE_C MBEDTLS_SSL_COOKIE_C
+#endif
+#if defined MBEDTLS_SSL_COOKIE_TIMEOUT
+#define POLARSSL_SSL_COOKIE_TIMEOUT MBEDTLS_SSL_COOKIE_TIMEOUT
+#endif
+#if defined MBEDTLS_SSL_DEBUG_ALL
+#define POLARSSL_SSL_DEBUG_ALL MBEDTLS_SSL_DEBUG_ALL
+#endif
+#if defined MBEDTLS_SSL_DISABLE_RENEGOTIATION
+#define POLARSSL_SSL_DISABLE_RENEGOTIATION MBEDTLS_SSL_DISABLE_RENEGOTIATION
+#endif
+#if defined MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#define POLARSSL_SSL_DTLS_ANTI_REPLAY MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#endif
+#if defined MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#define POLARSSL_SSL_DTLS_BADMAC_LIMIT MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#endif
+#if defined MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#define POLARSSL_SSL_DTLS_HELLO_VERIFY MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#endif
+#if defined MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#define POLARSSL_SSL_ENCRYPT_THEN_MAC MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#endif
+#if defined MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#define POLARSSL_SSL_EXTENDED_MASTER_SECRET MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#endif
+#if defined MBEDTLS_SSL_FALLBACK_SCSV
+#define POLARSSL_SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
+#endif
+#if defined MBEDTLS_SSL_HW_RECORD_ACCEL
+#define POLARSSL_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_HW_RECORD_ACCEL
+#endif
+#if defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#endif
+#if defined MBEDTLS_SSL_PROTO_DTLS
+#define POLARSSL_SSL_PROTO_DTLS MBEDTLS_SSL_PROTO_DTLS
+#endif
+#if defined MBEDTLS_SSL_PROTO_SSL3
+#define POLARSSL_SSL_PROTO_SSL3 MBEDTLS_SSL_PROTO_SSL3
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1
+#define POLARSSL_SSL_PROTO_TLS1 MBEDTLS_SSL_PROTO_TLS1
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1_1
+#define POLARSSL_SSL_PROTO_TLS1_1 MBEDTLS_SSL_PROTO_TLS1_1
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1_2
+#define POLARSSL_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_2
+#endif
+#if defined MBEDTLS_SSL_RENEGOTIATION
+#define POLARSSL_SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
+#endif
+#if defined MBEDTLS_SSL_SERVER_NAME_INDICATION
+#define POLARSSL_SSL_SERVER_NAME_INDICATION MBEDTLS_SSL_SERVER_NAME_INDICATION
+#endif
+#if defined MBEDTLS_SSL_SESSION_TICKETS
+#define POLARSSL_SSL_SESSION_TICKETS MBEDTLS_SSL_SESSION_TICKETS
+#endif
+#if defined MBEDTLS_SSL_SRV_C
+#define POLARSSL_SSL_SRV_C MBEDTLS_SSL_SRV_C
+#endif
+#if defined MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+#endif
+#if defined MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+#endif
+#if defined MBEDTLS_SSL_TLS_C
+#define POLARSSL_SSL_TLS_C MBEDTLS_SSL_TLS_C
+#endif
+#if defined MBEDTLS_SSL_TRUNCATED_HMAC
+#define POLARSSL_SSL_TRUNCATED_HMAC MBEDTLS_SSL_TRUNCATED_HMAC
+#endif
+#if defined MBEDTLS_THREADING_ALT
+#define POLARSSL_THREADING_ALT MBEDTLS_THREADING_ALT
+#endif
+#if defined MBEDTLS_THREADING_C
+#define POLARSSL_THREADING_C MBEDTLS_THREADING_C
+#endif
+#if defined MBEDTLS_THREADING_PTHREAD
+#define POLARSSL_THREADING_PTHREAD MBEDTLS_THREADING_PTHREAD
+#endif
+#if defined MBEDTLS_TIMING_ALT
+#define POLARSSL_TIMING_ALT MBEDTLS_TIMING_ALT
+#endif
+#if defined MBEDTLS_TIMING_C
+#define POLARSSL_TIMING_C MBEDTLS_TIMING_C
+#endif
+#if defined MBEDTLS_VERSION_C
+#define POLARSSL_VERSION_C MBEDTLS_VERSION_C
+#endif
+#if defined MBEDTLS_VERSION_FEATURES
+#define POLARSSL_VERSION_FEATURES MBEDTLS_VERSION_FEATURES
+#endif
+#if defined MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+#endif
+#if defined MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+#endif
+#if defined MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+#endif
+#if defined MBEDTLS_X509_CHECK_KEY_USAGE
+#define POLARSSL_X509_CHECK_KEY_USAGE MBEDTLS_X509_CHECK_KEY_USAGE
+#endif
+#if defined MBEDTLS_X509_CREATE_C
+#define POLARSSL_X509_CREATE_C MBEDTLS_X509_CREATE_C
+#endif
+#if defined MBEDTLS_X509_CRL_PARSE_C
+#define POLARSSL_X509_CRL_PARSE_C MBEDTLS_X509_CRL_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CRT_PARSE_C
+#define POLARSSL_X509_CRT_PARSE_C MBEDTLS_X509_CRT_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CRT_WRITE_C
+#define POLARSSL_X509_CRT_WRITE_C MBEDTLS_X509_CRT_WRITE_C
+#endif
+#if defined MBEDTLS_X509_CSR_PARSE_C
+#define POLARSSL_X509_CSR_PARSE_C MBEDTLS_X509_CSR_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CSR_WRITE_C
+#define POLARSSL_X509_CSR_WRITE_C MBEDTLS_X509_CSR_WRITE_C
+#endif
+#if defined MBEDTLS_X509_MAX_INTERMEDIATE_CA
+#define POLARSSL_X509_MAX_INTERMEDIATE_CA MBEDTLS_X509_MAX_INTERMEDIATE_CA
+#endif
+#if defined MBEDTLS_X509_RSASSA_PSS_SUPPORT
+#define POLARSSL_X509_RSASSA_PSS_SUPPORT MBEDTLS_X509_RSASSA_PSS_SUPPORT
+#endif
+#if defined MBEDTLS_X509_USE_C
+#define POLARSSL_X509_USE_C MBEDTLS_X509_USE_C
+#endif
+#if defined MBEDTLS_XTEA_ALT
+#define POLARSSL_XTEA_ALT MBEDTLS_XTEA_ALT
+#endif
+#if defined MBEDTLS_XTEA_C
+#define POLARSSL_XTEA_C MBEDTLS_XTEA_C
+#endif
+#if defined MBEDTLS_ZLIB_SUPPORT
+#define POLARSSL_ZLIB_SUPPORT MBEDTLS_ZLIB_SUPPORT
+#endif
+
+/*
+ * Misc names (macros, types, functions, enum constants...)
+ */
+#define AES_DECRYPT MBEDTLS_AES_DECRYPT
+#define AES_ENCRYPT MBEDTLS_AES_ENCRYPT
+#define ASN1_BIT_STRING MBEDTLS_ASN1_BIT_STRING
+#define ASN1_BMP_STRING MBEDTLS_ASN1_BMP_STRING
+#define ASN1_BOOLEAN MBEDTLS_ASN1_BOOLEAN
+#define ASN1_CHK_ADD MBEDTLS_ASN1_CHK_ADD
+#define ASN1_CONSTRUCTED MBEDTLS_ASN1_CONSTRUCTED
+#define ASN1_CONTEXT_SPECIFIC MBEDTLS_ASN1_CONTEXT_SPECIFIC
+#define ASN1_GENERALIZED_TIME MBEDTLS_ASN1_GENERALIZED_TIME
+#define ASN1_IA5_STRING MBEDTLS_ASN1_IA5_STRING
+#define ASN1_INTEGER MBEDTLS_ASN1_INTEGER
+#define ASN1_NULL MBEDTLS_ASN1_NULL
+#define ASN1_OCTET_STRING MBEDTLS_ASN1_OCTET_STRING
+#define ASN1_OID MBEDTLS_ASN1_OID
+#define ASN1_PRIMITIVE MBEDTLS_ASN1_PRIMITIVE
+#define ASN1_PRINTABLE_STRING MBEDTLS_ASN1_PRINTABLE_STRING
+#define ASN1_SEQUENCE MBEDTLS_ASN1_SEQUENCE
+#define ASN1_SET MBEDTLS_ASN1_SET
+#define ASN1_T61_STRING MBEDTLS_ASN1_T61_STRING
+#define ASN1_UNIVERSAL_STRING MBEDTLS_ASN1_UNIVERSAL_STRING
+#define ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
+#define ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
+#define BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
+#define BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
+#define BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
+#define BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
+#define BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
+#define BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
+#define BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
+#define BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
+#define BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
+#define BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
+#define BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
+#define BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
+#define BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
+#define BLOWFISH_ENCRYPT MBEDTLS_BLOWFISH_ENCRYPT
+#define BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
+#define BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
+#define BLOWFISH_ROUNDS MBEDTLS_BLOWFISH_ROUNDS
+#define CAMELLIA_DECRYPT MBEDTLS_CAMELLIA_DECRYPT
+#define CAMELLIA_ENCRYPT MBEDTLS_CAMELLIA_ENCRYPT
+#define COLLECT_SIZE MBEDTLS_HAVEGE_COLLECT_SIZE
+#define CTR_DRBG_BLOCKSIZE MBEDTLS_CTR_DRBG_BLOCKSIZE
+#define CTR_DRBG_ENTROPY_LEN MBEDTLS_CTR_DRBG_ENTROPY_LEN
+#define CTR_DRBG_KEYBITS MBEDTLS_CTR_DRBG_KEYBITS
+#define CTR_DRBG_KEYSIZE MBEDTLS_CTR_DRBG_KEYSIZE
+#define CTR_DRBG_MAX_INPUT MBEDTLS_CTR_DRBG_MAX_INPUT
+#define CTR_DRBG_MAX_REQUEST MBEDTLS_CTR_DRBG_MAX_REQUEST
+#define CTR_DRBG_MAX_SEED_INPUT MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+#define CTR_DRBG_PR_OFF MBEDTLS_CTR_DRBG_PR_OFF
+#define CTR_DRBG_PR_ON MBEDTLS_CTR_DRBG_PR_ON
+#define CTR_DRBG_RESEED_INTERVAL MBEDTLS_CTR_DRBG_RESEED_INTERVAL
+#define CTR_DRBG_SEEDLEN MBEDTLS_CTR_DRBG_SEEDLEN
+#define DEPRECATED MBEDTLS_DEPRECATED
+#define DES_DECRYPT MBEDTLS_DES_DECRYPT
+#define DES_ENCRYPT MBEDTLS_DES_ENCRYPT
+#define DES_KEY_SIZE MBEDTLS_DES_KEY_SIZE
+#define ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_BLOCK_SIZE
+#define ENTROPY_MAX_GATHER MBEDTLS_ENTROPY_MAX_GATHER
+#define ENTROPY_MAX_SEED_SIZE MBEDTLS_ENTROPY_MAX_SEED_SIZE
+#define ENTROPY_MAX_SOURCES MBEDTLS_ENTROPY_MAX_SOURCES
+#define ENTROPY_MIN_HARDCLOCK MBEDTLS_ENTROPY_MIN_HARDCLOCK
+#define ENTROPY_MIN_HAVEGE MBEDTLS_ENTROPY_MIN_HAVEGE
+#define ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
+#define ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
+#define EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
+#define EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
+#define EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
+#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
+#define EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
+#define EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
+#define EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
+#define EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
+#define EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
+#define EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
+#define EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
+#define EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
+#define EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
+#define EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
+#define EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
+#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
+#define GCM_DECRYPT MBEDTLS_GCM_DECRYPT
+#define GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
+#define KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
+#define KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
+#define KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
+#define KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
+#define KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
+#define KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+#define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
+#define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
+#define MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT
+#define MEMORY_VERIFY_ALLOC MBEDTLS_MEMORY_VERIFY_ALLOC
+#define MEMORY_VERIFY_ALWAYS MBEDTLS_MEMORY_VERIFY_ALWAYS
+#define MEMORY_VERIFY_FREE MBEDTLS_MEMORY_VERIFY_FREE
+#define MEMORY_VERIFY_NONE MBEDTLS_MEMORY_VERIFY_NONE
+#define MPI_CHK MBEDTLS_MPI_CHK
+#define NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
+#define NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
+#define NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
+#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
+#define NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
+#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
+#define NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
+#define NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
+#define NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
+#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
+#define OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
+#define OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
+#define OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD
+#define OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62_SIG
+#define OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2
+#define OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
+#define OID_AT MBEDTLS_OID_AT
+#define OID_AT_CN MBEDTLS_OID_AT_CN
+#define OID_AT_COUNTRY MBEDTLS_OID_AT_COUNTRY
+#define OID_AT_DN_QUALIFIER MBEDTLS_OID_AT_DN_QUALIFIER
+#define OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT_GENERATION_QUALIFIER
+#define OID_AT_GIVEN_NAME MBEDTLS_OID_AT_GIVEN_NAME
+#define OID_AT_INITIALS MBEDTLS_OID_AT_INITIALS
+#define OID_AT_LOCALITY MBEDTLS_OID_AT_LOCALITY
+#define OID_AT_ORGANIZATION MBEDTLS_OID_AT_ORGANIZATION
+#define OID_AT_ORG_UNIT MBEDTLS_OID_AT_ORG_UNIT
+#define OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT_POSTAL_ADDRESS
+#define OID_AT_POSTAL_CODE MBEDTLS_OID_AT_POSTAL_CODE
+#define OID_AT_PSEUDONYM MBEDTLS_OID_AT_PSEUDONYM
+#define OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT_SERIAL_NUMBER
+#define OID_AT_STATE MBEDTLS_OID_AT_STATE
+#define OID_AT_SUR_NAME MBEDTLS_OID_AT_SUR_NAME
+#define OID_AT_TITLE MBEDTLS_OID_AT_TITLE
+#define OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT_UNIQUE_IDENTIFIER
+#define OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER
+#define OID_BASIC_CONSTRAINTS MBEDTLS_OID_BASIC_CONSTRAINTS
+#define OID_CERTICOM MBEDTLS_OID_CERTICOM
+#define OID_CERTIFICATE_POLICIES MBEDTLS_OID_CERTIFICATE_POLICIES
+#define OID_CLIENT_AUTH MBEDTLS_OID_CLIENT_AUTH
+#define OID_CMP MBEDTLS_OID_CMP
+#define OID_CODE_SIGNING MBEDTLS_OID_CODE_SIGNING
+#define OID_COUNTRY_US MBEDTLS_OID_COUNTRY_US
+#define OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_CRL_DISTRIBUTION_POINTS
+#define OID_CRL_NUMBER MBEDTLS_OID_CRL_NUMBER
+#define OID_DES_CBC MBEDTLS_OID_DES_CBC
+#define OID_DES_EDE3_CBC MBEDTLS_OID_DES_EDE3_CBC
+#define OID_DIGEST_ALG_MD2 MBEDTLS_OID_DIGEST_ALG_MD2
+#define OID_DIGEST_ALG_MD4 MBEDTLS_OID_DIGEST_ALG_MD4
+#define OID_DIGEST_ALG_MD5 MBEDTLS_OID_DIGEST_ALG_MD5
+#define OID_DIGEST_ALG_SHA1 MBEDTLS_OID_DIGEST_ALG_SHA1
+#define OID_DIGEST_ALG_SHA224 MBEDTLS_OID_DIGEST_ALG_SHA224
+#define OID_DIGEST_ALG_SHA256 MBEDTLS_OID_DIGEST_ALG_SHA256
+#define OID_DIGEST_ALG_SHA384 MBEDTLS_OID_DIGEST_ALG_SHA384
+#define OID_DIGEST_ALG_SHA512 MBEDTLS_OID_DIGEST_ALG_SHA512
+#define OID_DOMAIN_COMPONENT MBEDTLS_OID_DOMAIN_COMPONENT
+#define OID_ECDSA_SHA1 MBEDTLS_OID_ECDSA_SHA1
+#define OID_ECDSA_SHA224 MBEDTLS_OID_ECDSA_SHA224
+#define OID_ECDSA_SHA256 MBEDTLS_OID_ECDSA_SHA256
+#define OID_ECDSA_SHA384 MBEDTLS_OID_ECDSA_SHA384
+#define OID_ECDSA_SHA512 MBEDTLS_OID_ECDSA_SHA512
+#define OID_EC_ALG_ECDH MBEDTLS_OID_EC_ALG_ECDH
+#define OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_EC_ALG_UNRESTRICTED
+#define OID_EC_BRAINPOOL_V1 MBEDTLS_OID_EC_BRAINPOOL_V1
+#define OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_GRP_BP256R1
+#define OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_GRP_BP384R1
+#define OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_GRP_BP512R1
+#define OID_EC_GRP_SECP192K1 MBEDTLS_OID_EC_GRP_SECP192K1
+#define OID_EC_GRP_SECP192R1 MBEDTLS_OID_EC_GRP_SECP192R1
+#define OID_EC_GRP_SECP224K1 MBEDTLS_OID_EC_GRP_SECP224K1
+#define OID_EC_GRP_SECP224R1 MBEDTLS_OID_EC_GRP_SECP224R1
+#define OID_EC_GRP_SECP256K1 MBEDTLS_OID_EC_GRP_SECP256K1
+#define OID_EC_GRP_SECP256R1 MBEDTLS_OID_EC_GRP_SECP256R1
+#define OID_EC_GRP_SECP384R1 MBEDTLS_OID_EC_GRP_SECP384R1
+#define OID_EC_GRP_SECP521R1 MBEDTLS_OID_EC_GRP_SECP521R1
+#define OID_EMAIL_PROTECTION MBEDTLS_OID_EMAIL_PROTECTION
+#define OID_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE
+#define OID_FRESHEST_CRL MBEDTLS_OID_FRESHEST_CRL
+#define OID_GOV MBEDTLS_OID_GOV
+#define OID_HMAC_SHA1 MBEDTLS_OID_HMAC_SHA1
+#define OID_ID_CE MBEDTLS_OID_ID_CE
+#define OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_INIHIBIT_ANYPOLICY
+#define OID_ISO_CCITT_DS MBEDTLS_OID_ISO_CCITT_DS
+#define OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ISO_IDENTIFIED_ORG
+#define OID_ISO_ITU_COUNTRY MBEDTLS_OID_ISO_ITU_COUNTRY
+#define OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_US_ORG
+#define OID_ISO_MEMBER_BODIES MBEDTLS_OID_ISO_MEMBER_BODIES
+#define OID_ISSUER_ALT_NAME MBEDTLS_OID_ISSUER_ALT_NAME
+#define OID_KEY_USAGE MBEDTLS_OID_KEY_USAGE
+#define OID_KP MBEDTLS_OID_KP
+#define OID_MGF1 MBEDTLS_OID_MGF1
+#define OID_NAME_CONSTRAINTS MBEDTLS_OID_NAME_CONSTRAINTS
+#define OID_NETSCAPE MBEDTLS_OID_NETSCAPE
+#define OID_NS_BASE_URL MBEDTLS_OID_NS_BASE_URL
+#define OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CA_POLICY_URL
+#define OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CA_REVOCATION_URL
+#define OID_NS_CERT MBEDTLS_OID_NS_CERT
+#define OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_CERT_SEQUENCE
+#define OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT_TYPE
+#define OID_NS_COMMENT MBEDTLS_OID_NS_COMMENT
+#define OID_NS_DATA_TYPE MBEDTLS_OID_NS_DATA_TYPE
+#define OID_NS_RENEWAL_URL MBEDTLS_OID_NS_RENEWAL_URL
+#define OID_NS_REVOCATION_URL MBEDTLS_OID_NS_REVOCATION_URL
+#define OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_SSL_SERVER_NAME
+#define OID_OCSP_SIGNING MBEDTLS_OID_OCSP_SIGNING
+#define OID_OIW_SECSIG MBEDTLS_OID_OIW_SECSIG
+#define OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG_ALG
+#define OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_SHA1
+#define OID_ORGANIZATION MBEDTLS_OID_ORGANIZATION
+#define OID_ORG_ANSI_X9_62 MBEDTLS_OID_ORG_ANSI_X9_62
+#define OID_ORG_CERTICOM MBEDTLS_OID_ORG_CERTICOM
+#define OID_ORG_DOD MBEDTLS_OID_ORG_DOD
+#define OID_ORG_GOV MBEDTLS_OID_ORG_GOV
+#define OID_ORG_NETSCAPE MBEDTLS_OID_ORG_NETSCAPE
+#define OID_ORG_OIW MBEDTLS_OID_ORG_OIW
+#define OID_ORG_RSA_DATA_SECURITY MBEDTLS_OID_ORG_RSA_DATA_SECURITY
+#define OID_ORG_TELETRUST MBEDTLS_OID_ORG_TELETRUST
+#define OID_PKCS MBEDTLS_OID_PKCS
+#define OID_PKCS1 MBEDTLS_OID_PKCS1
+#define OID_PKCS12 MBEDTLS_OID_PKCS12
+#define OID_PKCS12_PBE MBEDTLS_OID_PKCS12_PBE
+#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC
+#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC
+#define OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC
+#define OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC
+#define OID_PKCS12_PBE_SHA1_RC4_128 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128
+#define OID_PKCS12_PBE_SHA1_RC4_40 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40
+#define OID_PKCS1_MD2 MBEDTLS_OID_PKCS1_MD2
+#define OID_PKCS1_MD4 MBEDTLS_OID_PKCS1_MD4
+#define OID_PKCS1_MD5 MBEDTLS_OID_PKCS1_MD5
+#define OID_PKCS1_RSA MBEDTLS_OID_PKCS1_RSA
+#define OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1_SHA1
+#define OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1_SHA224
+#define OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1_SHA256
+#define OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1_SHA384
+#define OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1_SHA512
+#define OID_PKCS5 MBEDTLS_OID_PKCS5
+#define OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5_PBES2
+#define OID_PKCS5_PBE_MD2_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC
+#define OID_PKCS5_PBE_MD2_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC
+#define OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC
+#define OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC
+#define OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC
+#define OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC
+#define OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5_PBKDF2
+#define OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5_PBMAC1
+#define OID_PKCS9 MBEDTLS_OID_PKCS9
+#define OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9_CSR_EXT_REQ
+#define OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9_EMAIL
+#define OID_PKIX MBEDTLS_OID_PKIX
+#define OID_POLICY_CONSTRAINTS MBEDTLS_OID_POLICY_CONSTRAINTS
+#define OID_POLICY_MAPPINGS MBEDTLS_OID_POLICY_MAPPINGS
+#define OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD
+#define OID_RSASSA_PSS MBEDTLS_OID_RSASSA_PSS
+#define OID_RSA_COMPANY MBEDTLS_OID_RSA_COMPANY
+#define OID_RSA_SHA_OBS MBEDTLS_OID_RSA_SHA_OBS
+#define OID_SERVER_AUTH MBEDTLS_OID_SERVER_AUTH
+#define OID_SIZE MBEDTLS_OID_SIZE
+#define OID_SUBJECT_ALT_NAME MBEDTLS_OID_SUBJECT_ALT_NAME
+#define OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS
+#define OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER
+#define OID_TELETRUST MBEDTLS_OID_TELETRUST
+#define OID_TIME_STAMPING MBEDTLS_OID_TIME_STAMPING
+#define PADLOCK_ACE MBEDTLS_PADLOCK_ACE
+#define PADLOCK_ALIGN16 MBEDTLS_PADLOCK_ALIGN16
+#define PADLOCK_PHE MBEDTLS_PADLOCK_PHE
+#define PADLOCK_PMM MBEDTLS_PADLOCK_PMM
+#define PADLOCK_RNG MBEDTLS_PADLOCK_RNG
+#define PKCS12_DERIVE_IV MBEDTLS_PKCS12_DERIVE_IV
+#define PKCS12_DERIVE_KEY MBEDTLS_PKCS12_DERIVE_KEY
+#define PKCS12_DERIVE_MAC_KEY MBEDTLS_PKCS12_DERIVE_MAC_KEY
+#define PKCS12_PBE_DECRYPT MBEDTLS_PKCS12_PBE_DECRYPT
+#define PKCS12_PBE_ENCRYPT MBEDTLS_PKCS12_PBE_ENCRYPT
+#define PKCS5_DECRYPT MBEDTLS_PKCS5_DECRYPT
+#define PKCS5_ENCRYPT MBEDTLS_PKCS5_ENCRYPT
+#define POLARSSL_AESNI_AES MBEDTLS_AESNI_AES
+#define POLARSSL_AESNI_CLMUL MBEDTLS_AESNI_CLMUL
+#define POLARSSL_AESNI_H MBEDTLS_AESNI_H
+#define POLARSSL_AES_H MBEDTLS_AES_H
+#define POLARSSL_ARC4_H MBEDTLS_ARC4_H
+#define POLARSSL_ASN1_H MBEDTLS_ASN1_H
+#define POLARSSL_ASN1_WRITE_H MBEDTLS_ASN1_WRITE_H
+#define POLARSSL_BASE64_H MBEDTLS_BASE64_H
+#define POLARSSL_BIGNUM_H MBEDTLS_BIGNUM_H
+#define POLARSSL_BLOWFISH_H MBEDTLS_BLOWFISH_H
+#define POLARSSL_BN_MUL_H MBEDTLS_BN_MUL_H
+#define POLARSSL_CAMELLIA_H MBEDTLS_CAMELLIA_H
+#define POLARSSL_CCM_H MBEDTLS_CCM_H
+#define POLARSSL_CERTS_H MBEDTLS_CERTS_H
+#define POLARSSL_CHECK_CONFIG_H MBEDTLS_CHECK_CONFIG_H
+#define POLARSSL_CIPHERSUITE_NODTLS MBEDTLS_CIPHERSUITE_NODTLS
+#define POLARSSL_CIPHERSUITE_SHORT_TAG MBEDTLS_CIPHERSUITE_SHORT_TAG
+#define POLARSSL_CIPHERSUITE_WEAK MBEDTLS_CIPHERSUITE_WEAK
+#define POLARSSL_CIPHER_AES_128_CBC MBEDTLS_CIPHER_AES_128_CBC
+#define POLARSSL_CIPHER_AES_128_CCM MBEDTLS_CIPHER_AES_128_CCM
+#define POLARSSL_CIPHER_AES_128_CFB128 MBEDTLS_CIPHER_AES_128_CFB128
+#define POLARSSL_CIPHER_AES_128_CTR MBEDTLS_CIPHER_AES_128_CTR
+#define POLARSSL_CIPHER_AES_128_ECB MBEDTLS_CIPHER_AES_128_ECB
+#define POLARSSL_CIPHER_AES_128_GCM MBEDTLS_CIPHER_AES_128_GCM
+#define POLARSSL_CIPHER_AES_192_CBC MBEDTLS_CIPHER_AES_192_CBC
+#define POLARSSL_CIPHER_AES_192_CCM MBEDTLS_CIPHER_AES_192_CCM
+#define POLARSSL_CIPHER_AES_192_CFB128 MBEDTLS_CIPHER_AES_192_CFB128
+#define POLARSSL_CIPHER_AES_192_CTR MBEDTLS_CIPHER_AES_192_CTR
+#define POLARSSL_CIPHER_AES_192_ECB MBEDTLS_CIPHER_AES_192_ECB
+#define POLARSSL_CIPHER_AES_192_GCM MBEDTLS_CIPHER_AES_192_GCM
+#define POLARSSL_CIPHER_AES_256_CBC MBEDTLS_CIPHER_AES_256_CBC
+#define POLARSSL_CIPHER_AES_256_CCM MBEDTLS_CIPHER_AES_256_CCM
+#define POLARSSL_CIPHER_AES_256_CFB128 MBEDTLS_CIPHER_AES_256_CFB128
+#define POLARSSL_CIPHER_AES_256_CTR MBEDTLS_CIPHER_AES_256_CTR
+#define POLARSSL_CIPHER_AES_256_ECB MBEDTLS_CIPHER_AES_256_ECB
+#define POLARSSL_CIPHER_AES_256_GCM MBEDTLS_CIPHER_AES_256_GCM
+#define POLARSSL_CIPHER_ARC4_128 MBEDTLS_CIPHER_ARC4_128
+#define POLARSSL_CIPHER_BLOWFISH_CBC MBEDTLS_CIPHER_BLOWFISH_CBC
+#define POLARSSL_CIPHER_BLOWFISH_CFB64 MBEDTLS_CIPHER_BLOWFISH_CFB64
+#define POLARSSL_CIPHER_BLOWFISH_CTR MBEDTLS_CIPHER_BLOWFISH_CTR
+#define POLARSSL_CIPHER_BLOWFISH_ECB MBEDTLS_CIPHER_BLOWFISH_ECB
+#define POLARSSL_CIPHER_CAMELLIA_128_CBC MBEDTLS_CIPHER_CAMELLIA_128_CBC
+#define POLARSSL_CIPHER_CAMELLIA_128_CCM MBEDTLS_CIPHER_CAMELLIA_128_CCM
+#define POLARSSL_CIPHER_CAMELLIA_128_CFB128 MBEDTLS_CIPHER_CAMELLIA_128_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_128_CTR MBEDTLS_CIPHER_CAMELLIA_128_CTR
+#define POLARSSL_CIPHER_CAMELLIA_128_ECB MBEDTLS_CIPHER_CAMELLIA_128_ECB
+#define POLARSSL_CIPHER_CAMELLIA_128_GCM MBEDTLS_CIPHER_CAMELLIA_128_GCM
+#define POLARSSL_CIPHER_CAMELLIA_192_CBC MBEDTLS_CIPHER_CAMELLIA_192_CBC
+#define POLARSSL_CIPHER_CAMELLIA_192_CCM MBEDTLS_CIPHER_CAMELLIA_192_CCM
+#define POLARSSL_CIPHER_CAMELLIA_192_CFB128 MBEDTLS_CIPHER_CAMELLIA_192_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_192_CTR MBEDTLS_CIPHER_CAMELLIA_192_CTR
+#define POLARSSL_CIPHER_CAMELLIA_192_ECB MBEDTLS_CIPHER_CAMELLIA_192_ECB
+#define POLARSSL_CIPHER_CAMELLIA_192_GCM MBEDTLS_CIPHER_CAMELLIA_192_GCM
+#define POLARSSL_CIPHER_CAMELLIA_256_CBC MBEDTLS_CIPHER_CAMELLIA_256_CBC
+#define POLARSSL_CIPHER_CAMELLIA_256_CCM MBEDTLS_CIPHER_CAMELLIA_256_CCM
+#define POLARSSL_CIPHER_CAMELLIA_256_CFB128 MBEDTLS_CIPHER_CAMELLIA_256_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_256_CTR MBEDTLS_CIPHER_CAMELLIA_256_CTR
+#define POLARSSL_CIPHER_CAMELLIA_256_ECB MBEDTLS_CIPHER_CAMELLIA_256_ECB
+#define POLARSSL_CIPHER_CAMELLIA_256_GCM MBEDTLS_CIPHER_CAMELLIA_256_GCM
+#define POLARSSL_CIPHER_DES_CBC MBEDTLS_CIPHER_DES_CBC
+#define POLARSSL_CIPHER_DES_ECB MBEDTLS_CIPHER_DES_ECB
+#define POLARSSL_CIPHER_DES_EDE3_CBC MBEDTLS_CIPHER_DES_EDE3_CBC
+#define POLARSSL_CIPHER_DES_EDE3_ECB MBEDTLS_CIPHER_DES_EDE3_ECB
+#define POLARSSL_CIPHER_DES_EDE_CBC MBEDTLS_CIPHER_DES_EDE_CBC
+#define POLARSSL_CIPHER_DES_EDE_ECB MBEDTLS_CIPHER_DES_EDE_ECB
+#define POLARSSL_CIPHER_H MBEDTLS_CIPHER_H
+#define POLARSSL_CIPHER_ID_3DES MBEDTLS_CIPHER_ID_3DES
+#define POLARSSL_CIPHER_ID_AES MBEDTLS_CIPHER_ID_AES
+#define POLARSSL_CIPHER_ID_ARC4 MBEDTLS_CIPHER_ID_ARC4
+#define POLARSSL_CIPHER_ID_BLOWFISH MBEDTLS_CIPHER_ID_BLOWFISH
+#define POLARSSL_CIPHER_ID_CAMELLIA MBEDTLS_CIPHER_ID_CAMELLIA
+#define POLARSSL_CIPHER_ID_DES MBEDTLS_CIPHER_ID_DES
+#define POLARSSL_CIPHER_ID_NONE MBEDTLS_CIPHER_ID_NONE
+#define POLARSSL_CIPHER_ID_NULL MBEDTLS_CIPHER_ID_NULL
+#define POLARSSL_CIPHER_MODE_AEAD MBEDTLS_CIPHER_MODE_AEAD
+#define POLARSSL_CIPHER_MODE_STREAM MBEDTLS_CIPHER_MODE_STREAM
+#define POLARSSL_CIPHER_MODE_WITH_PADDING MBEDTLS_CIPHER_MODE_WITH_PADDING
+#define POLARSSL_CIPHER_NONE MBEDTLS_CIPHER_NONE
+#define POLARSSL_CIPHER_NULL MBEDTLS_CIPHER_NULL
+#define POLARSSL_CIPHER_VARIABLE_IV_LEN MBEDTLS_CIPHER_VARIABLE_IV_LEN
+#define POLARSSL_CIPHER_VARIABLE_KEY_LEN MBEDTLS_CIPHER_VARIABLE_KEY_LEN
+#define POLARSSL_CIPHER_WRAP_H MBEDTLS_CIPHER_WRAP_H
+#define POLARSSL_CONFIG_H MBEDTLS_CONFIG_H
+#define POLARSSL_CTR_DRBG_H MBEDTLS_CTR_DRBG_H
+#define POLARSSL_DEBUG_H MBEDTLS_DEBUG_H
+#define POLARSSL_DEBUG_LOG_FULL MBEDTLS_DEBUG_LOG_FULL
+#define POLARSSL_DEBUG_LOG_RAW MBEDTLS_DEBUG_LOG_RAW
+#define POLARSSL_DECRYPT MBEDTLS_DECRYPT
+#define POLARSSL_DES_H MBEDTLS_DES_H
+#define POLARSSL_DHM_H MBEDTLS_DHM_H
+#define POLARSSL_DHM_RFC2409_MODP_1024_G MBEDTLS_DHM_RFC2409_MODP_1024_G
+#define POLARSSL_DHM_RFC2409_MODP_1024_P MBEDTLS_DHM_RFC2409_MODP_1024_P
+#define POLARSSL_DHM_RFC3526_MODP_2048_G MBEDTLS_DHM_RFC3526_MODP_2048_G
+#define POLARSSL_DHM_RFC3526_MODP_2048_P MBEDTLS_DHM_RFC3526_MODP_2048_P
+#define POLARSSL_DHM_RFC3526_MODP_3072_G MBEDTLS_DHM_RFC3526_MODP_3072_G
+#define POLARSSL_DHM_RFC3526_MODP_3072_P MBEDTLS_DHM_RFC3526_MODP_3072_P
+#define POLARSSL_DHM_RFC5114_MODP_1024_G MBEDTLS_DHM_RFC5114_MODP_1024_G
+#define POLARSSL_DHM_RFC5114_MODP_1024_P MBEDTLS_DHM_RFC5114_MODP_1024_P
+#define POLARSSL_DHM_RFC5114_MODP_2048_G MBEDTLS_DHM_RFC5114_MODP_2048_G
+#define POLARSSL_DHM_RFC5114_MODP_2048_P MBEDTLS_DHM_RFC5114_MODP_2048_P
+#define POLARSSL_ECDH_H MBEDTLS_ECDH_H
+#define POLARSSL_ECDH_OURS MBEDTLS_ECDH_OURS
+#define POLARSSL_ECDH_THEIRS MBEDTLS_ECDH_THEIRS
+#define POLARSSL_ECDSA_H MBEDTLS_ECDSA_H
+#define POLARSSL_ECP_DP_BP256R1 MBEDTLS_ECP_DP_BP256R1
+#define POLARSSL_ECP_DP_BP384R1 MBEDTLS_ECP_DP_BP384R1
+#define POLARSSL_ECP_DP_BP512R1 MBEDTLS_ECP_DP_BP512R1
+#define POLARSSL_ECP_DP_M255 MBEDTLS_ECP_DP_CURVE25519
+#define POLARSSL_ECP_DP_MAX MBEDTLS_ECP_DP_MAX
+#define POLARSSL_ECP_DP_NONE MBEDTLS_ECP_DP_NONE
+#define POLARSSL_ECP_DP_SECP192K1 MBEDTLS_ECP_DP_SECP192K1
+#define POLARSSL_ECP_DP_SECP192R1 MBEDTLS_ECP_DP_SECP192R1
+#define POLARSSL_ECP_DP_SECP224K1 MBEDTLS_ECP_DP_SECP224K1
+#define POLARSSL_ECP_DP_SECP224R1 MBEDTLS_ECP_DP_SECP224R1
+#define POLARSSL_ECP_DP_SECP256K1 MBEDTLS_ECP_DP_SECP256K1
+#define POLARSSL_ECP_DP_SECP256R1 MBEDTLS_ECP_DP_SECP256R1
+#define POLARSSL_ECP_DP_SECP384R1 MBEDTLS_ECP_DP_SECP384R1
+#define POLARSSL_ECP_DP_SECP521R1 MBEDTLS_ECP_DP_SECP521R1
+#define POLARSSL_ECP_H MBEDTLS_ECP_H
+#define POLARSSL_ECP_MAX_BYTES MBEDTLS_ECP_MAX_BYTES
+#define POLARSSL_ECP_MAX_PT_LEN MBEDTLS_ECP_MAX_PT_LEN
+#define POLARSSL_ECP_PF_COMPRESSED MBEDTLS_ECP_PF_COMPRESSED
+#define POLARSSL_ECP_PF_UNCOMPRESSED MBEDTLS_ECP_PF_UNCOMPRESSED
+#define POLARSSL_ECP_TLS_NAMED_CURVE MBEDTLS_ECP_TLS_NAMED_CURVE
+#define POLARSSL_ENCRYPT MBEDTLS_ENCRYPT
+#define POLARSSL_ENTROPY_H MBEDTLS_ENTROPY_H
+#define POLARSSL_ENTROPY_POLL_H MBEDTLS_ENTROPY_POLL_H
+#define POLARSSL_ENTROPY_SHA256_ACCUMULATOR MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
+#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
+#define POLARSSL_ERROR_H MBEDTLS_ERROR_H
+#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_ASN1_BUF_TOO_SMALL MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+#define POLARSSL_ERR_ASN1_INVALID_DATA MBEDTLS_ERR_ASN1_INVALID_DATA
+#define POLARSSL_ERR_ASN1_INVALID_LENGTH MBEDTLS_ERR_ASN1_INVALID_LENGTH
+#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+#define POLARSSL_ERR_ASN1_MALLOC_FAILED MBEDTLS_ERR_ASN1_ALLOC_FAILED
+#define POLARSSL_ERR_ASN1_OUT_OF_DATA MBEDTLS_ERR_ASN1_OUT_OF_DATA
+#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_BASE64_INVALID_CHARACTER MBEDTLS_ERR_BASE64_INVALID_CHARACTER
+#define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_CCM_AUTH_FAILED MBEDTLS_ERR_CCM_AUTH_FAILED
+#define POLARSSL_ERR_CCM_BAD_INPUT MBEDTLS_ERR_CCM_BAD_INPUT
+#define POLARSSL_ERR_CIPHER_ALLOC_FAILED MBEDTLS_ERR_CIPHER_ALLOC_FAILED
+#define POLARSSL_ERR_CIPHER_AUTH_FAILED MBEDTLS_ERR_CIPHER_AUTH_FAILED
+#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
+#define POLARSSL_ERR_CIPHER_INVALID_PADDING MBEDTLS_ERR_CIPHER_INVALID_PADDING
+#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR
+#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
+#define POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_DHM_BAD_INPUT_DATA MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED MBEDTLS_ERR_DHM_CALC_SECRET_FAILED
+#define POLARSSL_ERR_DHM_FILE_IO_ERROR MBEDTLS_ERR_DHM_FILE_IO_ERROR
+#define POLARSSL_ERR_DHM_INVALID_FORMAT MBEDTLS_ERR_DHM_INVALID_FORMAT
+#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
+#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED
+#define POLARSSL_ERR_DHM_MALLOC_FAILED MBEDTLS_ERR_DHM_ALLOC_FAILED
+#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED MBEDTLS_ERR_DHM_READ_PARAMS_FAILED
+#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED
+#define POLARSSL_ERR_ECP_BAD_INPUT_DATA MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+#define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_ECP_INVALID_KEY MBEDTLS_ERR_ECP_INVALID_KEY
+#define POLARSSL_ERR_ECP_MALLOC_FAILED MBEDTLS_ERR_ECP_ALLOC_FAILED
+#define POLARSSL_ERR_ECP_RANDOM_FAILED MBEDTLS_ERR_ECP_RANDOM_FAILED
+#define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH
+#define POLARSSL_ERR_ECP_VERIFY_FAILED MBEDTLS_ERR_ECP_VERIFY_FAILED
+#define POLARSSL_ERR_ENTROPY_FILE_IO_ERROR MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR
+#define POLARSSL_ERR_ENTROPY_MAX_SOURCES MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED
+#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_GCM_AUTH_FAILED MBEDTLS_ERR_GCM_AUTH_FAILED
+#define POLARSSL_ERR_GCM_BAD_INPUT MBEDTLS_ERR_GCM_BAD_INPUT
+#define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
+#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
+#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+#define POLARSSL_ERR_MD2_FILE_IO_ERROR MBEDTLS_ERR_MD2_FILE_IO_ERROR
+#define POLARSSL_ERR_MD4_FILE_IO_ERROR MBEDTLS_ERR_MD4_FILE_IO_ERROR
+#define POLARSSL_ERR_MD5_FILE_IO_ERROR MBEDTLS_ERR_MD5_FILE_IO_ERROR
+#define POLARSSL_ERR_MD_ALLOC_FAILED MBEDTLS_ERR_MD_ALLOC_FAILED
+#define POLARSSL_ERR_MD_BAD_INPUT_DATA MBEDTLS_ERR_MD_BAD_INPUT_DATA
+#define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_MD_FILE_IO_ERROR MBEDTLS_ERR_MD_FILE_IO_ERROR
+#define POLARSSL_ERR_MPI_BAD_INPUT_DATA MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+#define POLARSSL_ERR_MPI_FILE_IO_ERROR MBEDTLS_ERR_MPI_FILE_IO_ERROR
+#define POLARSSL_ERR_MPI_INVALID_CHARACTER MBEDTLS_ERR_MPI_INVALID_CHARACTER
+#define POLARSSL_ERR_MPI_MALLOC_FAILED MBEDTLS_ERR_MPI_ALLOC_FAILED
+#define POLARSSL_ERR_MPI_NEGATIVE_VALUE MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+#define POLARSSL_ERR_NET_ACCEPT_FAILED MBEDTLS_ERR_NET_ACCEPT_FAILED
+#define POLARSSL_ERR_NET_BIND_FAILED MBEDTLS_ERR_NET_BIND_FAILED
+#define POLARSSL_ERR_NET_CONNECT_FAILED MBEDTLS_ERR_NET_CONNECT_FAILED
+#define POLARSSL_ERR_NET_CONN_RESET MBEDTLS_ERR_NET_CONN_RESET
+#define POLARSSL_ERR_NET_LISTEN_FAILED MBEDTLS_ERR_NET_LISTEN_FAILED
+#define POLARSSL_ERR_NET_RECV_FAILED MBEDTLS_ERR_NET_RECV_FAILED
+#define POLARSSL_ERR_NET_SEND_FAILED MBEDTLS_ERR_NET_SEND_FAILED
+#define POLARSSL_ERR_NET_SOCKET_FAILED MBEDTLS_ERR_NET_SOCKET_FAILED
+#define POLARSSL_ERR_NET_TIMEOUT MBEDTLS_ERR_SSL_TIMEOUT
+#define POLARSSL_ERR_NET_UNKNOWN_HOST MBEDTLS_ERR_NET_UNKNOWN_HOST
+#define POLARSSL_ERR_NET_WANT_READ MBEDTLS_ERR_SSL_WANT_READ
+#define POLARSSL_ERR_NET_WANT_WRITE MBEDTLS_ERR_SSL_WANT_WRITE
+#define POLARSSL_ERR_OID_BUF_TOO_SMALL MBEDTLS_ERR_OID_BUF_TOO_SMALL
+#define POLARSSL_ERR_OID_NOT_FOUND MBEDTLS_ERR_OID_NOT_FOUND
+#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED
+#define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA MBEDTLS_ERR_PBKDF2_BAD_INPUT_DATA
+#define POLARSSL_ERR_PEM_BAD_INPUT_DATA MBEDTLS_ERR_PEM_BAD_INPUT_DATA
+#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PEM_INVALID_DATA MBEDTLS_ERR_PEM_INVALID_DATA
+#define POLARSSL_ERR_PEM_INVALID_ENC_IV MBEDTLS_ERR_PEM_INVALID_ENC_IV
+#define POLARSSL_ERR_PEM_MALLOC_FAILED MBEDTLS_ERR_PEM_ALLOC_FAILED
+#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
+#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH MBEDTLS_ERR_PEM_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED MBEDTLS_ERR_PEM_PASSWORD_REQUIRED
+#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
+#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
+#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT
+#define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA
+#define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PKCS5_INVALID_FORMAT MBEDTLS_ERR_PKCS5_INVALID_FORMAT
+#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PK_BAD_INPUT_DATA MBEDTLS_ERR_PK_BAD_INPUT_DATA
+#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PK_FILE_IO_ERROR MBEDTLS_ERR_PK_FILE_IO_ERROR
+#define POLARSSL_ERR_PK_INVALID_ALG MBEDTLS_ERR_PK_INVALID_ALG
+#define POLARSSL_ERR_PK_INVALID_PUBKEY MBEDTLS_ERR_PK_INVALID_PUBKEY
+#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+#define POLARSSL_ERR_PK_KEY_INVALID_VERSION MBEDTLS_ERR_PK_KEY_INVALID_VERSION
+#define POLARSSL_ERR_PK_MALLOC_FAILED MBEDTLS_ERR_PK_ALLOC_FAILED
+#define POLARSSL_ERR_PK_PASSWORD_MISMATCH MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PK_PASSWORD_REQUIRED MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+#define POLARSSL_ERR_PK_SIG_LEN_MISMATCH MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
+#define POLARSSL_ERR_PK_TYPE_MISMATCH MBEDTLS_ERR_PK_TYPE_MISMATCH
+#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE
+#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
+#define POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR MBEDTLS_ERR_RIPEMD160_FILE_IO_ERROR
+#define POLARSSL_ERR_RSA_BAD_INPUT_DATA MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+#define POLARSSL_ERR_RSA_INVALID_PADDING MBEDTLS_ERR_RSA_INVALID_PADDING
+#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
+#define POLARSSL_ERR_RSA_KEY_GEN_FAILED MBEDTLS_ERR_RSA_KEY_GEN_FAILED
+#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
+#define POLARSSL_ERR_RSA_PRIVATE_FAILED MBEDTLS_ERR_RSA_PRIVATE_FAILED
+#define POLARSSL_ERR_RSA_PUBLIC_FAILED MBEDTLS_ERR_RSA_PUBLIC_FAILED
+#define POLARSSL_ERR_RSA_RNG_FAILED MBEDTLS_ERR_RSA_RNG_FAILED
+#define POLARSSL_ERR_RSA_VERIFY_FAILED MBEDTLS_ERR_RSA_VERIFY_FAILED
+#define POLARSSL_ERR_SHA1_FILE_IO_ERROR MBEDTLS_ERR_SHA1_FILE_IO_ERROR
+#define POLARSSL_ERR_SHA256_FILE_IO_ERROR MBEDTLS_ERR_SHA256_FILE_IO_ERROR
+#define POLARSSL_ERR_SHA512_FILE_IO_ERROR MBEDTLS_ERR_SHA512_FILE_IO_ERROR
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY
+#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP
+#define POLARSSL_ERR_SSL_BAD_HS_FINISHED MBEDTLS_ERR_SSL_BAD_HS_FINISHED
+#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET
+#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE
+#define POLARSSL_ERR_SSL_BAD_INPUT_DATA MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+#define POLARSSL_ERR_SSL_BUFFER_TOO_SMALL MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED
+#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
+#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE
+#define POLARSSL_ERR_SSL_COMPRESSION_FAILED MBEDTLS_ERR_SSL_COMPRESSION_FAILED
+#define POLARSSL_ERR_SSL_CONN_EOF MBEDTLS_ERR_SSL_CONN_EOF
+#define POLARSSL_ERR_SSL_COUNTER_WRAPPING MBEDTLS_ERR_SSL_COUNTER_WRAPPING
+#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE
+#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
+#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
+#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH
+#define POLARSSL_ERR_SSL_INTERNAL_ERROR MBEDTLS_ERR_SSL_INTERNAL_ERROR
+#define POLARSSL_ERR_SSL_INVALID_MAC MBEDTLS_ERR_SSL_INVALID_MAC
+#define POLARSSL_ERR_SSL_INVALID_RECORD MBEDTLS_ERR_SSL_INVALID_RECORD
+#define POLARSSL_ERR_SSL_MALLOC_FAILED MBEDTLS_ERR_SSL_ALLOC_FAILED
+#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN
+#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE
+#define POLARSSL_ERR_SSL_NO_RNG MBEDTLS_ERR_SSL_NO_RNG
+#define POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE
+#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY
+#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED
+#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH
+#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED
+#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED
+#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
+#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER MBEDTLS_ERR_SSL_UNKNOWN_CIPHER
+#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY
+#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO
+#define POLARSSL_ERR_THREADING_BAD_INPUT_DATA MBEDTLS_ERR_THREADING_BAD_INPUT_DATA
+#define POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_THREADING_MUTEX_ERROR MBEDTLS_ERR_THREADING_MUTEX_ERROR
+#define POLARSSL_ERR_X509_BAD_INPUT_DATA MBEDTLS_ERR_X509_BAD_INPUT_DATA
+#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
+#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
+#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_X509_FILE_IO_ERROR MBEDTLS_ERR_X509_FILE_IO_ERROR
+#define POLARSSL_ERR_X509_INVALID_ALG MBEDTLS_ERR_X509_INVALID_ALG
+#define POLARSSL_ERR_X509_INVALID_DATE MBEDTLS_ERR_X509_INVALID_DATE
+#define POLARSSL_ERR_X509_INVALID_EXTENSIONS MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+#define POLARSSL_ERR_X509_INVALID_FORMAT MBEDTLS_ERR_X509_INVALID_FORMAT
+#define POLARSSL_ERR_X509_INVALID_NAME MBEDTLS_ERR_X509_INVALID_NAME
+#define POLARSSL_ERR_X509_INVALID_SERIAL MBEDTLS_ERR_X509_INVALID_SERIAL
+#define POLARSSL_ERR_X509_INVALID_SIGNATURE MBEDTLS_ERR_X509_INVALID_SIGNATURE
+#define POLARSSL_ERR_X509_INVALID_VERSION MBEDTLS_ERR_X509_INVALID_VERSION
+#define POLARSSL_ERR_X509_MALLOC_FAILED MBEDTLS_ERR_X509_ALLOC_FAILED
+#define POLARSSL_ERR_X509_SIG_MISMATCH MBEDTLS_ERR_X509_SIG_MISMATCH
+#define POLARSSL_ERR_X509_UNKNOWN_OID MBEDTLS_ERR_X509_UNKNOWN_OID
+#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
+#define POLARSSL_ERR_X509_UNKNOWN_VERSION MBEDTLS_ERR_X509_UNKNOWN_VERSION
+#define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH
+#define POLARSSL_GCM_H MBEDTLS_GCM_H
+#define POLARSSL_HAVEGE_H MBEDTLS_HAVEGE_H
+#define POLARSSL_HAVE_INT32 MBEDTLS_HAVE_INT32
+#define POLARSSL_HAVE_INT64 MBEDTLS_HAVE_INT64
+#define POLARSSL_HAVE_UDBL MBEDTLS_HAVE_UDBL
+#define POLARSSL_HAVE_X86 MBEDTLS_HAVE_X86
+#define POLARSSL_HAVE_X86_64 MBEDTLS_HAVE_X86_64
+#define POLARSSL_HMAC_DRBG_H MBEDTLS_HMAC_DRBG_H
+#define POLARSSL_HMAC_DRBG_PR_OFF MBEDTLS_HMAC_DRBG_PR_OFF
+#define POLARSSL_HMAC_DRBG_PR_ON MBEDTLS_HMAC_DRBG_PR_ON
+#define POLARSSL_KEY_EXCHANGE_DHE_PSK MBEDTLS_KEY_EXCHANGE_DHE_PSK
+#define POLARSSL_KEY_EXCHANGE_DHE_RSA MBEDTLS_KEY_EXCHANGE_DHE_RSA
+#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
+#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
+#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
+#define POLARSSL_KEY_EXCHANGE_ECDH_RSA MBEDTLS_KEY_EXCHANGE_ECDH_RSA
+#define POLARSSL_KEY_EXCHANGE_NONE MBEDTLS_KEY_EXCHANGE_NONE
+#define POLARSSL_KEY_EXCHANGE_PSK MBEDTLS_KEY_EXCHANGE_PSK
+#define POLARSSL_KEY_EXCHANGE_RSA MBEDTLS_KEY_EXCHANGE_RSA
+#define POLARSSL_KEY_EXCHANGE_RSA_PSK MBEDTLS_KEY_EXCHANGE_RSA_PSK
+#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
+#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
+#define POLARSSL_KEY_LENGTH_DES MBEDTLS_KEY_LENGTH_DES
+#define POLARSSL_KEY_LENGTH_DES_EDE MBEDTLS_KEY_LENGTH_DES_EDE
+#define POLARSSL_KEY_LENGTH_DES_EDE3 MBEDTLS_KEY_LENGTH_DES_EDE3
+#define POLARSSL_KEY_LENGTH_NONE MBEDTLS_KEY_LENGTH_NONE
+#define POLARSSL_MAX_BLOCK_LENGTH MBEDTLS_MAX_BLOCK_LENGTH
+#define POLARSSL_MAX_IV_LENGTH MBEDTLS_MAX_IV_LENGTH
+#define POLARSSL_MD2_H MBEDTLS_MD2_H
+#define POLARSSL_MD4_H MBEDTLS_MD4_H
+#define POLARSSL_MD5_H MBEDTLS_MD5_H
+#define POLARSSL_MD_H MBEDTLS_MD_H
+#define POLARSSL_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
+#define POLARSSL_MD_MD2 MBEDTLS_MD_MD2
+#define POLARSSL_MD_MD4 MBEDTLS_MD_MD4
+#define POLARSSL_MD_MD5 MBEDTLS_MD_MD5
+#define POLARSSL_MD_NONE MBEDTLS_MD_NONE
+#define POLARSSL_MD_RIPEMD160 MBEDTLS_MD_RIPEMD160
+#define POLARSSL_MD_SHA1 MBEDTLS_MD_SHA1
+#define POLARSSL_MD_SHA224 MBEDTLS_MD_SHA224
+#define POLARSSL_MD_SHA256 MBEDTLS_MD_SHA256
+#define POLARSSL_MD_SHA384 MBEDTLS_MD_SHA384
+#define POLARSSL_MD_SHA512 MBEDTLS_MD_SHA512
+#define POLARSSL_MD_WRAP_H MBEDTLS_MD_WRAP_H
+#define POLARSSL_MEMORY_BUFFER_ALLOC_H MBEDTLS_MEMORY_BUFFER_ALLOC_H
+#define POLARSSL_MEMORY_H MBEDTLS_MEMORY_H
+#define POLARSSL_MODE_CBC MBEDTLS_MODE_CBC
+#define POLARSSL_MODE_CCM MBEDTLS_MODE_CCM
+#define POLARSSL_MODE_CFB MBEDTLS_MODE_CFB
+#define POLARSSL_MODE_CTR MBEDTLS_MODE_CTR
+#define POLARSSL_MODE_ECB MBEDTLS_MODE_ECB
+#define POLARSSL_MODE_GCM MBEDTLS_MODE_GCM
+#define POLARSSL_MODE_NONE MBEDTLS_MODE_NONE
+#define POLARSSL_MODE_OFB MBEDTLS_MODE_OFB
+#define POLARSSL_MODE_STREAM MBEDTLS_MODE_STREAM
+#define POLARSSL_MPI_MAX_BITS MBEDTLS_MPI_MAX_BITS
+#define POLARSSL_MPI_MAX_BITS_SCALE100 MBEDTLS_MPI_MAX_BITS_SCALE100
+#define POLARSSL_MPI_MAX_LIMBS MBEDTLS_MPI_MAX_LIMBS
+#define POLARSSL_MPI_RW_BUFFER_SIZE MBEDTLS_MPI_RW_BUFFER_SIZE
+#define POLARSSL_NET_H MBEDTLS_NET_H
+#define POLARSSL_NET_LISTEN_BACKLOG MBEDTLS_NET_LISTEN_BACKLOG
+#define POLARSSL_OID_H MBEDTLS_OID_H
+#define POLARSSL_OPERATION_NONE MBEDTLS_OPERATION_NONE
+#define POLARSSL_PADDING_NONE MBEDTLS_PADDING_NONE
+#define POLARSSL_PADDING_ONE_AND_ZEROS MBEDTLS_PADDING_ONE_AND_ZEROS
+#define POLARSSL_PADDING_PKCS7 MBEDTLS_PADDING_PKCS7
+#define POLARSSL_PADDING_ZEROS MBEDTLS_PADDING_ZEROS
+#define POLARSSL_PADDING_ZEROS_AND_LEN MBEDTLS_PADDING_ZEROS_AND_LEN
+#define POLARSSL_PADLOCK_H MBEDTLS_PADLOCK_H
+#define POLARSSL_PBKDF2_H MBEDTLS_PBKDF2_H
+#define POLARSSL_PEM_H MBEDTLS_PEM_H
+#define POLARSSL_PKCS11_H MBEDTLS_PKCS11_H
+#define POLARSSL_PKCS12_H MBEDTLS_PKCS12_H
+#define POLARSSL_PKCS5_H MBEDTLS_PKCS5_H
+#define POLARSSL_PK_DEBUG_ECP MBEDTLS_PK_DEBUG_ECP
+#define POLARSSL_PK_DEBUG_MAX_ITEMS MBEDTLS_PK_DEBUG_MAX_ITEMS
+#define POLARSSL_PK_DEBUG_MPI MBEDTLS_PK_DEBUG_MPI
+#define POLARSSL_PK_DEBUG_NONE MBEDTLS_PK_DEBUG_NONE
+#define POLARSSL_PK_ECDSA MBEDTLS_PK_ECDSA
+#define POLARSSL_PK_ECKEY MBEDTLS_PK_ECKEY
+#define POLARSSL_PK_ECKEY_DH MBEDTLS_PK_ECKEY_DH
+#define POLARSSL_PK_H MBEDTLS_PK_H
+#define POLARSSL_PK_NONE MBEDTLS_PK_NONE
+#define POLARSSL_PK_RSA MBEDTLS_PK_RSA
+#define POLARSSL_PK_RSASSA_PSS MBEDTLS_PK_RSASSA_PSS
+#define POLARSSL_PK_RSA_ALT MBEDTLS_PK_RSA_ALT
+#define POLARSSL_PK_WRAP_H MBEDTLS_PK_WRAP_H
+#define POLARSSL_PLATFORM_H MBEDTLS_PLATFORM_H
+#define POLARSSL_PREMASTER_SIZE MBEDTLS_PREMASTER_SIZE
+#define POLARSSL_RIPEMD160_H MBEDTLS_RIPEMD160_H
+#define POLARSSL_RSA_H MBEDTLS_RSA_H
+#define POLARSSL_SHA1_H MBEDTLS_SHA1_H
+#define POLARSSL_SHA256_H MBEDTLS_SHA256_H
+#define POLARSSL_SHA512_H MBEDTLS_SHA512_H
+#define POLARSSL_SSL_CACHE_H MBEDTLS_SSL_CACHE_H
+#define POLARSSL_SSL_CIPHERSUITES_H MBEDTLS_SSL_CIPHERSUITES_H
+#define POLARSSL_SSL_COOKIE_H MBEDTLS_SSL_COOKIE_H
+#define POLARSSL_SSL_H MBEDTLS_SSL_H
+#define POLARSSL_THREADING_H MBEDTLS_THREADING_H
+#define POLARSSL_THREADING_IMPL MBEDTLS_THREADING_IMPL
+#define POLARSSL_TIMING_H MBEDTLS_TIMING_H
+#define POLARSSL_VERSION_H MBEDTLS_VERSION_H
+#define POLARSSL_VERSION_MAJOR MBEDTLS_VERSION_MAJOR
+#define POLARSSL_VERSION_MINOR MBEDTLS_VERSION_MINOR
+#define POLARSSL_VERSION_NUMBER MBEDTLS_VERSION_NUMBER
+#define POLARSSL_VERSION_PATCH MBEDTLS_VERSION_PATCH
+#define POLARSSL_VERSION_STRING MBEDTLS_VERSION_STRING
+#define POLARSSL_VERSION_STRING_FULL MBEDTLS_VERSION_STRING_FULL
+#define POLARSSL_X509_CRL_H MBEDTLS_X509_CRL_H
+#define POLARSSL_X509_CRT_H MBEDTLS_X509_CRT_H
+#define POLARSSL_X509_CSR_H MBEDTLS_X509_CSR_H
+#define POLARSSL_X509_H MBEDTLS_X509_H
+#define POLARSSL_XTEA_H MBEDTLS_XTEA_H
+#define RSA_CRYPT MBEDTLS_RSA_CRYPT
+#define RSA_PKCS_V15 MBEDTLS_RSA_PKCS_V15
+#define RSA_PKCS_V21 MBEDTLS_RSA_PKCS_V21
+#define RSA_PRIVATE MBEDTLS_RSA_PRIVATE
+#define RSA_PUBLIC MBEDTLS_RSA_PUBLIC
+#define RSA_SALT_LEN_ANY MBEDTLS_RSA_SALT_LEN_ANY
+#define RSA_SIGN MBEDTLS_RSA_SIGN
+#define SSL_ALERT_LEVEL_FATAL MBEDTLS_SSL_ALERT_LEVEL_FATAL
+#define SSL_ALERT_LEVEL_WARNING MBEDTLS_SSL_ALERT_LEVEL_WARNING
+#define SSL_ALERT_MSG_ACCESS_DENIED MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED
+#define SSL_ALERT_MSG_BAD_CERT MBEDTLS_SSL_ALERT_MSG_BAD_CERT
+#define SSL_ALERT_MSG_BAD_RECORD_MAC MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC
+#define SSL_ALERT_MSG_CERT_EXPIRED MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED
+#define SSL_ALERT_MSG_CERT_REVOKED MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED
+#define SSL_ALERT_MSG_CERT_UNKNOWN MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN
+#define SSL_ALERT_MSG_CLOSE_NOTIFY MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY
+#define SSL_ALERT_MSG_DECODE_ERROR MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR
+#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE
+#define SSL_ALERT_MSG_DECRYPTION_FAILED MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED
+#define SSL_ALERT_MSG_DECRYPT_ERROR MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR
+#define SSL_ALERT_MSG_EXPORT_RESTRICTION MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION
+#define SSL_ALERT_MSG_HANDSHAKE_FAILURE MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE
+#define SSL_ALERT_MSG_ILLEGAL_PARAMETER MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER
+#define SSL_ALERT_MSG_INAPROPRIATE_FALLBACK MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK
+#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY
+#define SSL_ALERT_MSG_INTERNAL_ERROR MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR
+#define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL
+#define SSL_ALERT_MSG_NO_CERT MBEDTLS_SSL_ALERT_MSG_NO_CERT
+#define SSL_ALERT_MSG_NO_RENEGOTIATION MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION
+#define SSL_ALERT_MSG_PROTOCOL_VERSION MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION
+#define SSL_ALERT_MSG_RECORD_OVERFLOW MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW
+#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE
+#define SSL_ALERT_MSG_UNKNOWN_CA MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
+#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY
+#define SSL_ALERT_MSG_UNRECOGNIZED_NAME MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME
+#define SSL_ALERT_MSG_UNSUPPORTED_CERT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
+#define SSL_ALERT_MSG_UNSUPPORTED_EXT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT
+#define SSL_ALERT_MSG_USER_CANCELED MBEDTLS_SSL_ALERT_MSG_USER_CANCELED
+#define SSL_ANTI_REPLAY_DISABLED MBEDTLS_SSL_ANTI_REPLAY_DISABLED
+#define SSL_ANTI_REPLAY_ENABLED MBEDTLS_SSL_ANTI_REPLAY_ENABLED
+#define SSL_ARC4_DISABLED MBEDTLS_SSL_ARC4_DISABLED
+#define SSL_ARC4_ENABLED MBEDTLS_SSL_ARC4_ENABLED
+#define SSL_BUFFER_LEN MBEDTLS_SSL_BUFFER_LEN
+#define SSL_CACHE_DEFAULT_MAX_ENTRIES MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
+#define SSL_CACHE_DEFAULT_TIMEOUT MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
+#define SSL_CBC_RECORD_SPLITTING_DISABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
+#define SSL_CBC_RECORD_SPLITTING_ENABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
+#define SSL_CERTIFICATE_REQUEST MBEDTLS_SSL_CERTIFICATE_REQUEST
+#define SSL_CERTIFICATE_VERIFY MBEDTLS_SSL_CERTIFICATE_VERIFY
+#define SSL_CERT_TYPE_ECDSA_SIGN MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN
+#define SSL_CERT_TYPE_RSA_SIGN MBEDTLS_SSL_CERT_TYPE_RSA_SIGN
+#define SSL_CHANNEL_INBOUND MBEDTLS_SSL_CHANNEL_INBOUND
+#define SSL_CHANNEL_OUTBOUND MBEDTLS_SSL_CHANNEL_OUTBOUND
+#define SSL_CIPHERSUITES MBEDTLS_SSL_CIPHERSUITES
+#define SSL_CLIENT_CERTIFICATE MBEDTLS_SSL_CLIENT_CERTIFICATE
+#define SSL_CLIENT_CHANGE_CIPHER_SPEC MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC
+#define SSL_CLIENT_FINISHED MBEDTLS_SSL_CLIENT_FINISHED
+#define SSL_CLIENT_HELLO MBEDTLS_SSL_CLIENT_HELLO
+#define SSL_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_CLIENT_KEY_EXCHANGE
+#define SSL_COMPRESSION_ADD MBEDTLS_SSL_COMPRESSION_ADD
+#define SSL_COMPRESS_DEFLATE MBEDTLS_SSL_COMPRESS_DEFLATE
+#define SSL_COMPRESS_NULL MBEDTLS_SSL_COMPRESS_NULL
+#define SSL_DEBUG_BUF MBEDTLS_SSL_DEBUG_BUF
+#define SSL_DEBUG_CRT MBEDTLS_SSL_DEBUG_CRT
+#define SSL_DEBUG_ECP MBEDTLS_SSL_DEBUG_ECP
+#define SSL_DEBUG_MPI MBEDTLS_SSL_DEBUG_MPI
+#define SSL_DEBUG_MSG MBEDTLS_SSL_DEBUG_MSG
+#define SSL_DEBUG_RET MBEDTLS_SSL_DEBUG_RET
+#define SSL_DEFAULT_TICKET_LIFETIME MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
+#define SSL_DTLS_TIMEOUT_DFL_MAX MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX
+#define SSL_DTLS_TIMEOUT_DFL_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN
+#define SSL_EMPTY_RENEGOTIATION_INFO MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO
+#define SSL_ETM_DISABLED MBEDTLS_SSL_ETM_DISABLED
+#define SSL_ETM_ENABLED MBEDTLS_SSL_ETM_ENABLED
+#define SSL_EXTENDED_MS_DISABLED MBEDTLS_SSL_EXTENDED_MS_DISABLED
+#define SSL_EXTENDED_MS_ENABLED MBEDTLS_SSL_EXTENDED_MS_ENABLED
+#define SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
+#define SSL_FLUSH_BUFFERS MBEDTLS_SSL_FLUSH_BUFFERS
+#define SSL_HANDSHAKE_OVER MBEDTLS_SSL_HANDSHAKE_OVER
+#define SSL_HANDSHAKE_WRAPUP MBEDTLS_SSL_HANDSHAKE_WRAPUP
+#define SSL_HASH_MD5 MBEDTLS_SSL_HASH_MD5
+#define SSL_HASH_NONE MBEDTLS_SSL_HASH_NONE
+#define SSL_HASH_SHA1 MBEDTLS_SSL_HASH_SHA1
+#define SSL_HASH_SHA224 MBEDTLS_SSL_HASH_SHA224
+#define SSL_HASH_SHA256 MBEDTLS_SSL_HASH_SHA256
+#define SSL_HASH_SHA384 MBEDTLS_SSL_HASH_SHA384
+#define SSL_HASH_SHA512 MBEDTLS_SSL_HASH_SHA512
+#define SSL_HELLO_REQUEST MBEDTLS_SSL_HELLO_REQUEST
+#define SSL_HS_CERTIFICATE MBEDTLS_SSL_HS_CERTIFICATE
+#define SSL_HS_CERTIFICATE_REQUEST MBEDTLS_SSL_HS_CERTIFICATE_REQUEST
+#define SSL_HS_CERTIFICATE_VERIFY MBEDTLS_SSL_HS_CERTIFICATE_VERIFY
+#define SSL_HS_CLIENT_HELLO MBEDTLS_SSL_HS_CLIENT_HELLO
+#define SSL_HS_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE
+#define SSL_HS_FINISHED MBEDTLS_SSL_HS_FINISHED
+#define SSL_HS_HELLO_REQUEST MBEDTLS_SSL_HS_HELLO_REQUEST
+#define SSL_HS_HELLO_VERIFY_REQUEST MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST
+#define SSL_HS_NEW_SESSION_TICKET MBEDTLS_SSL_HS_NEW_SESSION_TICKET
+#define SSL_HS_SERVER_HELLO MBEDTLS_SSL_HS_SERVER_HELLO
+#define SSL_HS_SERVER_HELLO_DONE MBEDTLS_SSL_HS_SERVER_HELLO_DONE
+#define SSL_HS_SERVER_KEY_EXCHANGE MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE
+#define SSL_INITIAL_HANDSHAKE MBEDTLS_SSL_INITIAL_HANDSHAKE
+#define SSL_IS_CLIENT MBEDTLS_SSL_IS_CLIENT
+#define SSL_IS_FALLBACK MBEDTLS_SSL_IS_FALLBACK
+#define SSL_IS_NOT_FALLBACK MBEDTLS_SSL_IS_NOT_FALLBACK
+#define SSL_IS_SERVER MBEDTLS_SSL_IS_SERVER
+#define SSL_LEGACY_ALLOW_RENEGOTIATION MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
+#define SSL_LEGACY_BREAK_HANDSHAKE MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
+#define SSL_LEGACY_NO_RENEGOTIATION MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
+#define SSL_LEGACY_RENEGOTIATION MBEDTLS_SSL_LEGACY_RENEGOTIATION
+#define SSL_MAC_ADD MBEDTLS_SSL_MAC_ADD
+#define SSL_MAJOR_VERSION_3 MBEDTLS_SSL_MAJOR_VERSION_3
+#define SSL_MAX_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
+#define SSL_MAX_FRAG_LEN_1024 MBEDTLS_SSL_MAX_FRAG_LEN_1024
+#define SSL_MAX_FRAG_LEN_2048 MBEDTLS_SSL_MAX_FRAG_LEN_2048
+#define SSL_MAX_FRAG_LEN_4096 MBEDTLS_SSL_MAX_FRAG_LEN_4096
+#define SSL_MAX_FRAG_LEN_512 MBEDTLS_SSL_MAX_FRAG_LEN_512
+#define SSL_MAX_FRAG_LEN_INVALID MBEDTLS_SSL_MAX_FRAG_LEN_INVALID
+#define SSL_MAX_FRAG_LEN_NONE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
+#define SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAX_MAJOR_VERSION
+#define SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MAX_MINOR_VERSION
+#define SSL_MINOR_VERSION_0 MBEDTLS_SSL_MINOR_VERSION_0
+#define SSL_MINOR_VERSION_1 MBEDTLS_SSL_MINOR_VERSION_1
+#define SSL_MINOR_VERSION_2 MBEDTLS_SSL_MINOR_VERSION_2
+#define SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_3
+#define SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MIN_MAJOR_VERSION
+#define SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MIN_MINOR_VERSION
+#define SSL_MSG_ALERT MBEDTLS_SSL_MSG_ALERT
+#define SSL_MSG_APPLICATION_DATA MBEDTLS_SSL_MSG_APPLICATION_DATA
+#define SSL_MSG_CHANGE_CIPHER_SPEC MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC
+#define SSL_MSG_HANDSHAKE MBEDTLS_SSL_MSG_HANDSHAKE
+#define SSL_PADDING_ADD MBEDTLS_SSL_PADDING_ADD
+#define SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
+#define SSL_RENEGOTIATION_DISABLED MBEDTLS_SSL_RENEGOTIATION_DISABLED
+#define SSL_RENEGOTIATION_DONE MBEDTLS_SSL_RENEGOTIATION_DONE
+#define SSL_RENEGOTIATION_ENABLED MBEDTLS_SSL_RENEGOTIATION_ENABLED
+#define SSL_RENEGOTIATION_NOT_ENFORCED MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED
+#define SSL_RENEGOTIATION_PENDING MBEDTLS_SSL_RENEGOTIATION_PENDING
+#define SSL_RENEGO_MAX_RECORDS_DEFAULT MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT
+#define SSL_RETRANS_FINISHED MBEDTLS_SSL_RETRANS_FINISHED
+#define SSL_RETRANS_PREPARING MBEDTLS_SSL_RETRANS_PREPARING
+#define SSL_RETRANS_SENDING MBEDTLS_SSL_RETRANS_SENDING
+#define SSL_RETRANS_WAITING MBEDTLS_SSL_RETRANS_WAITING
+#define SSL_SECURE_RENEGOTIATION MBEDTLS_SSL_SECURE_RENEGOTIATION
+#define SSL_SERVER_CERTIFICATE MBEDTLS_SSL_SERVER_CERTIFICATE
+#define SSL_SERVER_CHANGE_CIPHER_SPEC MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC
+#define SSL_SERVER_FINISHED MBEDTLS_SSL_SERVER_FINISHED
+#define SSL_SERVER_HELLO MBEDTLS_SSL_SERVER_HELLO
+#define SSL_SERVER_HELLO_DONE MBEDTLS_SSL_SERVER_HELLO_DONE
+#define SSL_SERVER_HELLO_VERIFY_REQUEST_SENT MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT
+#define SSL_SERVER_KEY_EXCHANGE MBEDTLS_SSL_SERVER_KEY_EXCHANGE
+#define SSL_SERVER_NEW_SESSION_TICKET MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET
+#define SSL_SESSION_TICKETS_DISABLED MBEDTLS_SSL_SESSION_TICKETS_DISABLED
+#define SSL_SESSION_TICKETS_ENABLED MBEDTLS_SSL_SESSION_TICKETS_ENABLED
+#define SSL_SIG_ANON MBEDTLS_SSL_SIG_ANON
+#define SSL_SIG_ECDSA MBEDTLS_SSL_SIG_ECDSA
+#define SSL_SIG_RSA MBEDTLS_SSL_SIG_RSA
+#define SSL_TRANSPORT_DATAGRAM MBEDTLS_SSL_TRANSPORT_DATAGRAM
+#define SSL_TRANSPORT_STREAM MBEDTLS_SSL_TRANSPORT_STREAM
+#define SSL_TRUNCATED_HMAC_LEN MBEDTLS_SSL_TRUNCATED_HMAC_LEN
+#define SSL_TRUNC_HMAC_DISABLED MBEDTLS_SSL_TRUNC_HMAC_DISABLED
+#define SSL_TRUNC_HMAC_ENABLED MBEDTLS_SSL_TRUNC_HMAC_ENABLED
+#define SSL_VERIFY_DATA_MAX_LEN MBEDTLS_SSL_VERIFY_DATA_MAX_LEN
+#define SSL_VERIFY_NONE MBEDTLS_SSL_VERIFY_NONE
+#define SSL_VERIFY_OPTIONAL MBEDTLS_SSL_VERIFY_OPTIONAL
+#define SSL_VERIFY_REQUIRED MBEDTLS_SSL_VERIFY_REQUIRED
+#define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_DHE_PSK_WITH_AES_128_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM
+#define TLS_DHE_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8
+#define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_DHE_PSK_WITH_AES_256_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM
+#define TLS_DHE_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8
+#define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_DHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+#define TLS_DHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+#define TLS_DHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+#define TLS_DHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_DHE_RSA_WITH_AES_128_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM
+#define TLS_DHE_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8
+#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+#define TLS_DHE_RSA_WITH_AES_256_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM
+#define TLS_DHE_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8
+#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
+#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+#define TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+#define TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+#define TLS_ECDHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+#define TLS_ECDHE_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDH_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+#define TLS_ECDH_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+#define TLS_EXT_ALPN MBEDTLS_TLS_EXT_ALPN
+#define TLS_EXT_ENCRYPT_THEN_MAC MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC
+#define TLS_EXT_EXTENDED_MASTER_SECRET MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET
+#define TLS_EXT_MAX_FRAGMENT_LENGTH MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH
+#define TLS_EXT_RENEGOTIATION_INFO MBEDTLS_TLS_EXT_RENEGOTIATION_INFO
+#define TLS_EXT_SERVERNAME MBEDTLS_TLS_EXT_SERVERNAME
+#define TLS_EXT_SERVERNAME_HOSTNAME MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME
+#define TLS_EXT_SESSION_TICKET MBEDTLS_TLS_EXT_SESSION_TICKET
+#define TLS_EXT_SIG_ALG MBEDTLS_TLS_EXT_SIG_ALG
+#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES
+#define TLS_EXT_SUPPORTED_POINT_FORMATS MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS
+#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT
+#define TLS_EXT_TRUNCATED_HMAC MBEDTLS_TLS_EXT_TRUNCATED_HMAC
+#define TLS_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+#define TLS_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_PSK_WITH_AES_128_CCM MBEDTLS_TLS_PSK_WITH_AES_128_CCM
+#define TLS_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
+#define TLS_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+#define TLS_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_PSK_WITH_AES_256_CCM MBEDTLS_TLS_PSK_WITH_AES_256_CCM
+#define TLS_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8
+#define TLS_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_PSK_WITH_NULL_SHA MBEDTLS_TLS_PSK_WITH_NULL_SHA
+#define TLS_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+#define TLS_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+#define TLS_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+#define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_RSA_PSK_WITH_NULL_SHA MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+#define TLS_RSA_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+#define TLS_RSA_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+#define TLS_RSA_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+#define TLS_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_RSA_WITH_AES_128_CCM MBEDTLS_TLS_RSA_WITH_AES_128_CCM
+#define TLS_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8
+#define TLS_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+#define TLS_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+#define TLS_RSA_WITH_AES_256_CCM MBEDTLS_TLS_RSA_WITH_AES_256_CCM
+#define TLS_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8
+#define TLS_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+#define TLS_RSA_WITH_NULL_MD5 MBEDTLS_TLS_RSA_WITH_NULL_MD5
+#define TLS_RSA_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_SHA
+#define TLS_RSA_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+#define TLS_RSA_WITH_RC4_128_MD5 MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+#define TLS_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+#define UL64 MBEDTLS_UL64
+#define X509_CRT_VERSION_1 MBEDTLS_X509_CRT_VERSION_1
+#define X509_CRT_VERSION_2 MBEDTLS_X509_CRT_VERSION_2
+#define X509_CRT_VERSION_3 MBEDTLS_X509_CRT_VERSION_3
+#define X509_FORMAT_DER MBEDTLS_X509_FORMAT_DER
+#define X509_FORMAT_PEM MBEDTLS_X509_FORMAT_PEM
+#define X509_MAX_DN_NAME_SIZE MBEDTLS_X509_MAX_DN_NAME_SIZE
+#define X509_RFC5280_MAX_SERIAL_LEN MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN
+#define X509_RFC5280_UTC_TIME_LEN MBEDTLS_X509_RFC5280_UTC_TIME_LEN
+#define XTEA_DECRYPT MBEDTLS_XTEA_DECRYPT
+#define XTEA_ENCRYPT MBEDTLS_XTEA_ENCRYPT
+#define _asn1_bitstring mbedtls_asn1_bitstring
+#define _asn1_buf mbedtls_asn1_buf
+#define _asn1_named_data mbedtls_asn1_named_data
+#define _asn1_sequence mbedtls_asn1_sequence
+#define _ssl_cache_context mbedtls_ssl_cache_context
+#define _ssl_cache_entry mbedtls_ssl_cache_entry
+#define _ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
+#define _ssl_context mbedtls_ssl_context
+#define _ssl_flight_item mbedtls_ssl_flight_item
+#define _ssl_handshake_params mbedtls_ssl_handshake_params
+#define _ssl_key_cert mbedtls_ssl_key_cert
+#define _ssl_premaster_secret mbedtls_ssl_premaster_secret
+#define _ssl_session mbedtls_ssl_session
+#define _ssl_ticket_keys mbedtls_ssl_ticket_keys
+#define _ssl_transform mbedtls_ssl_transform
+#define _x509_crl mbedtls_x509_crl
+#define _x509_crl_entry mbedtls_x509_crl_entry
+#define _x509_crt mbedtls_x509_crt
+#define _x509_csr mbedtls_x509_csr
+#define _x509_time mbedtls_x509_time
+#define _x509write_cert mbedtls_x509write_cert
+#define _x509write_csr mbedtls_x509write_csr
+#define aes_context mbedtls_aes_context
+#define aes_crypt_cbc mbedtls_aes_crypt_cbc
+#define aes_crypt_cfb128 mbedtls_aes_crypt_cfb128
+#define aes_crypt_cfb8 mbedtls_aes_crypt_cfb8
+#define aes_crypt_ctr mbedtls_aes_crypt_ctr
+#define aes_crypt_ecb mbedtls_aes_crypt_ecb
+#define aes_free mbedtls_aes_free
+#define aes_init mbedtls_aes_init
+#define aes_self_test mbedtls_aes_self_test
+#define aes_setkey_dec mbedtls_aes_setkey_dec
+#define aes_setkey_enc mbedtls_aes_setkey_enc
+#define aesni_crypt_ecb mbedtls_aesni_crypt_ecb
+#define aesni_gcm_mult mbedtls_aesni_gcm_mult
+#define aesni_inverse_key mbedtls_aesni_inverse_key
+#define aesni_setkey_enc mbedtls_aesni_setkey_enc
+#define aesni_supports mbedtls_aesni_has_support
+#define alarmed mbedtls_timing_alarmed
+#define arc4_context mbedtls_arc4_context
+#define arc4_crypt mbedtls_arc4_crypt
+#define arc4_free mbedtls_arc4_free
+#define arc4_init mbedtls_arc4_init
+#define arc4_self_test mbedtls_arc4_self_test
+#define arc4_setup mbedtls_arc4_setup
+#define asn1_bitstring mbedtls_asn1_bitstring
+#define asn1_buf mbedtls_asn1_buf
+#define asn1_find_named_data mbedtls_asn1_find_named_data
+#define asn1_free_named_data mbedtls_asn1_free_named_data
+#define asn1_free_named_data_list mbedtls_asn1_free_named_data_list
+#define asn1_get_alg mbedtls_asn1_get_alg
+#define asn1_get_alg_null mbedtls_asn1_get_alg_null
+#define asn1_get_bitstring mbedtls_asn1_get_bitstring
+#define asn1_get_bitstring_null mbedtls_asn1_get_bitstring_null
+#define asn1_get_bool mbedtls_asn1_get_bool
+#define asn1_get_int mbedtls_asn1_get_int
+#define asn1_get_len mbedtls_asn1_get_len
+#define asn1_get_mpi mbedtls_asn1_get_mpi
+#define asn1_get_sequence_of mbedtls_asn1_get_sequence_of
+#define asn1_get_tag mbedtls_asn1_get_tag
+#define asn1_named_data mbedtls_asn1_named_data
+#define asn1_sequence mbedtls_asn1_sequence
+#define asn1_store_named_data mbedtls_asn1_store_named_data
+#define asn1_write_algorithm_identifier mbedtls_asn1_write_algorithm_identifier
+#define asn1_write_bitstring mbedtls_asn1_write_bitstring
+#define asn1_write_bool mbedtls_asn1_write_bool
+#define asn1_write_ia5_string mbedtls_asn1_write_ia5_string
+#define asn1_write_int mbedtls_asn1_write_int
+#define asn1_write_len mbedtls_asn1_write_len
+#define asn1_write_mpi mbedtls_asn1_write_mpi
+#define asn1_write_null mbedtls_asn1_write_null
+#define asn1_write_octet_string mbedtls_asn1_write_octet_string
+#define asn1_write_oid mbedtls_asn1_write_oid
+#define asn1_write_printable_string mbedtls_asn1_write_printable_string
+#define asn1_write_raw_buffer mbedtls_asn1_write_raw_buffer
+#define asn1_write_tag mbedtls_asn1_write_tag
+#define base64_decode mbedtls_base64_decode
+#define base64_encode mbedtls_base64_encode
+#define base64_self_test mbedtls_base64_self_test
+#define blowfish_context mbedtls_blowfish_context
+#define blowfish_crypt_cbc mbedtls_blowfish_crypt_cbc
+#define blowfish_crypt_cfb64 mbedtls_blowfish_crypt_cfb64
+#define blowfish_crypt_ctr mbedtls_blowfish_crypt_ctr
+#define blowfish_crypt_ecb mbedtls_blowfish_crypt_ecb
+#define blowfish_free mbedtls_blowfish_free
+#define blowfish_init mbedtls_blowfish_init
+#define blowfish_setkey mbedtls_blowfish_setkey
+#define camellia_context mbedtls_camellia_context
+#define camellia_crypt_cbc mbedtls_camellia_crypt_cbc
+#define camellia_crypt_cfb128 mbedtls_camellia_crypt_cfb128
+#define camellia_crypt_ctr mbedtls_camellia_crypt_ctr
+#define camellia_crypt_ecb mbedtls_camellia_crypt_ecb
+#define camellia_free mbedtls_camellia_free
+#define camellia_init mbedtls_camellia_init
+#define camellia_self_test mbedtls_camellia_self_test
+#define camellia_setkey_dec mbedtls_camellia_setkey_dec
+#define camellia_setkey_enc mbedtls_camellia_setkey_enc
+#define ccm_auth_decrypt mbedtls_ccm_auth_decrypt
+#define ccm_context mbedtls_ccm_context
+#define ccm_encrypt_and_tag mbedtls_ccm_encrypt_and_tag
+#define ccm_free mbedtls_ccm_free
+#define ccm_init mbedtls_ccm_init
+#define ccm_self_test mbedtls_ccm_self_test
+#define cipher_auth_decrypt mbedtls_cipher_auth_decrypt
+#define cipher_auth_encrypt mbedtls_cipher_auth_encrypt
+#define cipher_base_t mbedtls_cipher_base_t
+#define cipher_check_tag mbedtls_cipher_check_tag
+#define cipher_context_t mbedtls_cipher_context_t
+#define cipher_crypt mbedtls_cipher_crypt
+#define cipher_definition_t mbedtls_cipher_definition_t
+#define cipher_definitions mbedtls_cipher_definitions
+#define cipher_finish mbedtls_cipher_finish
+#define cipher_free mbedtls_cipher_free
+#define cipher_free_ctx mbedtls_cipher_free_ctx
+#define cipher_get_block_size mbedtls_cipher_get_block_size
+#define cipher_get_cipher_mode mbedtls_cipher_get_cipher_mode
+#define cipher_get_iv_size mbedtls_cipher_get_iv_size
+#define cipher_get_key_size mbedtls_cipher_get_key_bitlen
+#define cipher_get_name mbedtls_cipher_get_name
+#define cipher_get_operation mbedtls_cipher_get_operation
+#define cipher_get_type mbedtls_cipher_get_type
+#define cipher_id_t mbedtls_cipher_id_t
+#define cipher_info_from_string mbedtls_cipher_info_from_string
+#define cipher_info_from_type mbedtls_cipher_info_from_type
+#define cipher_info_from_values mbedtls_cipher_info_from_values
+#define cipher_info_t mbedtls_cipher_info_t
+#define cipher_init mbedtls_cipher_init
+#define cipher_init_ctx mbedtls_cipher_setup
+#define cipher_list mbedtls_cipher_list
+#define cipher_mode_t mbedtls_cipher_mode_t
+#define cipher_padding_t mbedtls_cipher_padding_t
+#define cipher_reset mbedtls_cipher_reset
+#define cipher_self_test mbedtls_cipher_self_test
+#define cipher_set_iv mbedtls_cipher_set_iv
+#define cipher_set_padding_mode mbedtls_cipher_set_padding_mode
+#define cipher_setkey mbedtls_cipher_setkey
+#define cipher_type_t mbedtls_cipher_type_t
+#define cipher_update mbedtls_cipher_update
+#define cipher_update_ad mbedtls_cipher_update_ad
+#define cipher_write_tag mbedtls_cipher_write_tag
+#define ctr_drbg_context mbedtls_ctr_drbg_context
+#define ctr_drbg_free mbedtls_ctr_drbg_free
+#define ctr_drbg_init mbedtls_ctr_drbg_init
+#define ctr_drbg_init_entropy_len mbedtls_ctr_drbg_init_entropy_len
+#define ctr_drbg_random mbedtls_ctr_drbg_random
+#define ctr_drbg_random_with_add mbedtls_ctr_drbg_random_with_add
+#define ctr_drbg_reseed mbedtls_ctr_drbg_reseed
+#define ctr_drbg_self_test mbedtls_ctr_drbg_self_test
+#define ctr_drbg_set_entropy_len mbedtls_ctr_drbg_set_entropy_len
+#define ctr_drbg_set_prediction_resistance mbedtls_ctr_drbg_set_prediction_resistance
+#define ctr_drbg_set_reseed_interval mbedtls_ctr_drbg_set_reseed_interval
+#define ctr_drbg_update mbedtls_ctr_drbg_update
+#define ctr_drbg_update_seed_file mbedtls_ctr_drbg_update_seed_file
+#define ctr_drbg_write_seed_file mbedtls_ctr_drbg_write_seed_file
+#define debug_fmt mbedtls_debug_fmt
+#define debug_print_buf mbedtls_debug_print_buf
+#define debug_print_crt mbedtls_debug_print_crt
+#define debug_print_ecp mbedtls_debug_print_ecp
+#define debug_print_mpi mbedtls_debug_print_mpi
+#define debug_print_msg mbedtls_debug_print_msg
+#define debug_print_ret mbedtls_debug_print_ret
+#define debug_set_log_mode mbedtls_debug_set_log_mode
+#define debug_set_threshold mbedtls_debug_set_threshold
+#define des3_context mbedtls_des3_context
+#define des3_crypt_cbc mbedtls_des3_crypt_cbc
+#define des3_crypt_ecb mbedtls_des3_crypt_ecb
+#define des3_free mbedtls_des3_free
+#define des3_init mbedtls_des3_init
+#define des3_set2key_dec mbedtls_des3_set2key_dec
+#define des3_set2key_enc mbedtls_des3_set2key_enc
+#define des3_set3key_dec mbedtls_des3_set3key_dec
+#define des3_set3key_enc mbedtls_des3_set3key_enc
+#define des_context mbedtls_des_context
+#define des_crypt_cbc mbedtls_des_crypt_cbc
+#define des_crypt_ecb mbedtls_des_crypt_ecb
+#define des_free mbedtls_des_free
+#define des_init mbedtls_des_init
+#define des_key_check_key_parity mbedtls_des_key_check_key_parity
+#define des_key_check_weak mbedtls_des_key_check_weak
+#define des_key_set_parity mbedtls_des_key_set_parity
+#define des_self_test mbedtls_des_self_test
+#define des_setkey_dec mbedtls_des_setkey_dec
+#define des_setkey_enc mbedtls_des_setkey_enc
+#define dhm_calc_secret mbedtls_dhm_calc_secret
+#define dhm_context mbedtls_dhm_context
+#define dhm_free mbedtls_dhm_free
+#define dhm_init mbedtls_dhm_init
+#define dhm_make_params mbedtls_dhm_make_params
+#define dhm_make_public mbedtls_dhm_make_public
+#define dhm_parse_dhm mbedtls_dhm_parse_dhm
+#define dhm_parse_dhmfile mbedtls_dhm_parse_dhmfile
+#define dhm_read_params mbedtls_dhm_read_params
+#define dhm_read_public mbedtls_dhm_read_public
+#define dhm_self_test mbedtls_dhm_self_test
+#define ecdh_calc_secret mbedtls_ecdh_calc_secret
+#define ecdh_compute_shared mbedtls_ecdh_compute_shared
+#define ecdh_context mbedtls_ecdh_context
+#define ecdh_free mbedtls_ecdh_free
+#define ecdh_gen_public mbedtls_ecdh_gen_public
+#define ecdh_get_params mbedtls_ecdh_get_params
+#define ecdh_init mbedtls_ecdh_init
+#define ecdh_make_params mbedtls_ecdh_make_params
+#define ecdh_make_public mbedtls_ecdh_make_public
+#define ecdh_read_params mbedtls_ecdh_read_params
+#define ecdh_read_public mbedtls_ecdh_read_public
+#define ecdh_self_test mbedtls_ecdh_self_test
+#define ecdh_side mbedtls_ecdh_side
+#define ecdsa_context mbedtls_ecdsa_context
+#define ecdsa_free mbedtls_ecdsa_free
+#define ecdsa_from_keypair mbedtls_ecdsa_from_keypair
+#define ecdsa_genkey mbedtls_ecdsa_genkey
+#define ecdsa_info mbedtls_ecdsa_info
+#define ecdsa_init mbedtls_ecdsa_init
+#define ecdsa_read_signature mbedtls_ecdsa_read_signature
+#define ecdsa_self_test mbedtls_ecdsa_self_test
+#define ecdsa_sign mbedtls_ecdsa_sign
+#define ecdsa_sign_det mbedtls_ecdsa_sign_det
+#define ecdsa_verify mbedtls_ecdsa_verify
+#define ecdsa_write_signature mbedtls_ecdsa_write_signature
+#define ecdsa_write_signature_det mbedtls_ecdsa_write_signature_det
+#define eckey_info mbedtls_eckey_info
+#define eckeydh_info mbedtls_eckeydh_info
+#define ecp_add mbedtls_ecp_add
+#define ecp_check_privkey mbedtls_ecp_check_privkey
+#define ecp_check_pub_priv mbedtls_ecp_check_pub_priv
+#define ecp_check_pubkey mbedtls_ecp_check_pubkey
+#define ecp_copy mbedtls_ecp_copy
+#define ecp_curve_info mbedtls_ecp_curve_info
+#define ecp_curve_info_from_grp_id mbedtls_ecp_curve_info_from_grp_id
+#define ecp_curve_info_from_name mbedtls_ecp_curve_info_from_name
+#define ecp_curve_info_from_tls_id mbedtls_ecp_curve_info_from_tls_id
+#define ecp_curve_list mbedtls_ecp_curve_list
+#define ecp_gen_key mbedtls_ecp_gen_key
+#define ecp_gen_keypair mbedtls_ecp_gen_keypair
+#define ecp_group mbedtls_ecp_group
+#define ecp_group_copy mbedtls_ecp_group_copy
+#define ecp_group_free mbedtls_ecp_group_free
+#define ecp_group_id mbedtls_ecp_group_id
+#define ecp_group_init mbedtls_ecp_group_init
+#define ecp_group_read_string mbedtls_ecp_group_read_string
+#define ecp_grp_id_list mbedtls_ecp_grp_id_list
+#define ecp_is_zero mbedtls_ecp_is_zero
+#define ecp_keypair mbedtls_ecp_keypair
+#define ecp_keypair_free mbedtls_ecp_keypair_free
+#define ecp_keypair_init mbedtls_ecp_keypair_init
+#define ecp_mul mbedtls_ecp_mul
+#define ecp_point mbedtls_ecp_point
+#define ecp_point_free mbedtls_ecp_point_free
+#define ecp_point_init mbedtls_ecp_point_init
+#define ecp_point_read_binary mbedtls_ecp_point_read_binary
+#define ecp_point_read_string mbedtls_ecp_point_read_string
+#define ecp_point_write_binary mbedtls_ecp_point_write_binary
+#define ecp_self_test mbedtls_ecp_self_test
+#define ecp_set_zero mbedtls_ecp_set_zero
+#define ecp_sub mbedtls_ecp_sub
+#define ecp_tls_read_group mbedtls_ecp_tls_read_group
+#define ecp_tls_read_point mbedtls_ecp_tls_read_point
+#define ecp_tls_write_group mbedtls_ecp_tls_write_group
+#define ecp_tls_write_point mbedtls_ecp_tls_write_point
+#define ecp_use_known_dp mbedtls_ecp_group_load
+#define entropy_add_source mbedtls_entropy_add_source
+#define entropy_context mbedtls_entropy_context
+#define entropy_free mbedtls_entropy_free
+#define entropy_func mbedtls_entropy_func
+#define entropy_gather mbedtls_entropy_gather
+#define entropy_init mbedtls_entropy_init
+#define entropy_self_test mbedtls_entropy_self_test
+#define entropy_update_manual mbedtls_entropy_update_manual
+#define entropy_update_seed_file mbedtls_entropy_update_seed_file
+#define entropy_write_seed_file mbedtls_entropy_write_seed_file
+#define error_strerror mbedtls_strerror
+#define f_source_ptr mbedtls_entropy_f_source_ptr
+#define gcm_auth_decrypt mbedtls_gcm_auth_decrypt
+#define gcm_context mbedtls_gcm_context
+#define gcm_crypt_and_tag mbedtls_gcm_crypt_and_tag
+#define gcm_finish mbedtls_gcm_finish
+#define gcm_free mbedtls_gcm_free
+#define gcm_init mbedtls_gcm_init
+#define gcm_self_test mbedtls_gcm_self_test
+#define gcm_starts mbedtls_gcm_starts
+#define gcm_update mbedtls_gcm_update
+#define get_timer mbedtls_timing_get_timer
+#define hardclock mbedtls_timing_hardclock
+#define hardclock_poll mbedtls_hardclock_poll
+#define havege_free mbedtls_havege_free
+#define havege_init mbedtls_havege_init
+#define havege_poll mbedtls_havege_poll
+#define havege_random mbedtls_havege_random
+#define havege_state mbedtls_havege_state
+#define hmac_drbg_context mbedtls_hmac_drbg_context
+#define hmac_drbg_free mbedtls_hmac_drbg_free
+#define hmac_drbg_init mbedtls_hmac_drbg_init
+#define hmac_drbg_init_buf mbedtls_hmac_drbg_init_buf
+#define hmac_drbg_random mbedtls_hmac_drbg_random
+#define hmac_drbg_random_with_add mbedtls_hmac_drbg_random_with_add
+#define hmac_drbg_reseed mbedtls_hmac_drbg_reseed
+#define hmac_drbg_self_test mbedtls_hmac_drbg_self_test
+#define hmac_drbg_set_entropy_len mbedtls_hmac_drbg_set_entropy_len
+#define hmac_drbg_set_prediction_resistance mbedtls_hmac_drbg_set_prediction_resistance
+#define hmac_drbg_set_reseed_interval mbedtls_hmac_drbg_set_reseed_interval
+#define hmac_drbg_update mbedtls_hmac_drbg_update
+#define hmac_drbg_update_seed_file mbedtls_hmac_drbg_update_seed_file
+#define hmac_drbg_write_seed_file mbedtls_hmac_drbg_write_seed_file
+#define hr_time mbedtls_timing_hr_time
+#define key_exchange_type_t mbedtls_key_exchange_type_t
+#define md mbedtls_md
+#define md2 mbedtls_md2
+#define md2_context mbedtls_md2_context
+#define md2_file mbedtls_md2_file
+#define md2_finish mbedtls_md2_finish
+#define md2_free mbedtls_md2_free
+#define md2_hmac mbedtls_md2_hmac
+#define md2_hmac_finish mbedtls_md2_hmac_finish
+#define md2_hmac_reset mbedtls_md2_hmac_reset
+#define md2_hmac_starts mbedtls_md2_hmac_starts
+#define md2_hmac_update mbedtls_md2_hmac_update
+#define md2_info mbedtls_md2_info
+#define md2_init mbedtls_md2_init
+#define md2_process mbedtls_md2_process
+#define md2_self_test mbedtls_md2_self_test
+#define md2_starts mbedtls_md2_starts
+#define md2_update mbedtls_md2_update
+#define md4 mbedtls_md4
+#define md4_context mbedtls_md4_context
+#define md4_file mbedtls_md4_file
+#define md4_finish mbedtls_md4_finish
+#define md4_free mbedtls_md4_free
+#define md4_hmac mbedtls_md4_hmac
+#define md4_hmac_finish mbedtls_md4_hmac_finish
+#define md4_hmac_reset mbedtls_md4_hmac_reset
+#define md4_hmac_starts mbedtls_md4_hmac_starts
+#define md4_hmac_update mbedtls_md4_hmac_update
+#define md4_info mbedtls_md4_info
+#define md4_init mbedtls_md4_init
+#define md4_process mbedtls_md4_process
+#define md4_self_test mbedtls_md4_self_test
+#define md4_starts mbedtls_md4_starts
+#define md4_update mbedtls_md4_update
+#define md5 mbedtls_md5
+#define md5_context mbedtls_md5_context
+#define md5_file mbedtls_md5_file
+#define md5_finish mbedtls_md5_finish
+#define md5_free mbedtls_md5_free
+#define md5_hmac mbedtls_md5_hmac
+#define md5_hmac_finish mbedtls_md5_hmac_finish
+#define md5_hmac_reset mbedtls_md5_hmac_reset
+#define md5_hmac_starts mbedtls_md5_hmac_starts
+#define md5_hmac_update mbedtls_md5_hmac_update
+#define md5_info mbedtls_md5_info
+#define md5_init mbedtls_md5_init
+#define md5_process mbedtls_md5_process
+#define md5_self_test mbedtls_md5_self_test
+#define md5_starts mbedtls_md5_starts
+#define md5_update mbedtls_md5_update
+#define md_context_t mbedtls_md_context_t
+#define md_file mbedtls_md_file
+#define md_finish mbedtls_md_finish
+#define md_free mbedtls_md_free
+#define md_free_ctx mbedtls_md_free_ctx
+#define md_get_name mbedtls_md_get_name
+#define md_get_size mbedtls_md_get_size
+#define md_get_type mbedtls_md_get_type
+#define md_hmac mbedtls_md_hmac
+#define md_hmac_finish mbedtls_md_hmac_finish
+#define md_hmac_reset mbedtls_md_hmac_reset
+#define md_hmac_starts mbedtls_md_hmac_starts
+#define md_hmac_update mbedtls_md_hmac_update
+#define md_info_from_string mbedtls_md_info_from_string
+#define md_info_from_type mbedtls_md_info_from_type
+#define md_info_t mbedtls_md_info_t
+#define md_init mbedtls_md_init
+#define md_init_ctx mbedtls_md_init_ctx
+#define md_list mbedtls_md_list
+#define md_process mbedtls_md_process
+#define md_starts mbedtls_md_starts
+#define md_type_t mbedtls_md_type_t
+#define md_update mbedtls_md_update
+#define memory_buffer_alloc_cur_get mbedtls_memory_buffer_alloc_cur_get
+#define memory_buffer_alloc_free mbedtls_memory_buffer_alloc_free
+#define memory_buffer_alloc_init mbedtls_memory_buffer_alloc_init
+#define memory_buffer_alloc_max_get mbedtls_memory_buffer_alloc_max_get
+#define memory_buffer_alloc_max_reset mbedtls_memory_buffer_alloc_max_reset
+#define memory_buffer_alloc_self_test mbedtls_memory_buffer_alloc_self_test
+#define memory_buffer_alloc_status mbedtls_memory_buffer_alloc_status
+#define memory_buffer_alloc_verify mbedtls_memory_buffer_alloc_verify
+#define memory_buffer_set_verify mbedtls_memory_buffer_set_verify
+#define memory_set_own mbedtls_memory_set_own
+#define mpi mbedtls_mpi
+#define mpi_add_abs mbedtls_mpi_add_abs
+#define mpi_add_int mbedtls_mpi_add_int
+#define mpi_add_mpi mbedtls_mpi_add_mpi
+#define mpi_cmp_abs mbedtls_mpi_cmp_abs
+#define mpi_cmp_int mbedtls_mpi_cmp_int
+#define mpi_cmp_mpi mbedtls_mpi_cmp_mpi
+#define mpi_copy mbedtls_mpi_copy
+#define mpi_div_int mbedtls_mpi_div_int
+#define mpi_div_mpi mbedtls_mpi_div_mpi
+#define mpi_exp_mod mbedtls_mpi_exp_mod
+#define mpi_fill_random mbedtls_mpi_fill_random
+#define mpi_free mbedtls_mpi_free
+#define mpi_gcd mbedtls_mpi_gcd
+#define mpi_gen_prime mbedtls_mpi_gen_prime
+#define mpi_get_bit mbedtls_mpi_get_bit
+#define mpi_grow mbedtls_mpi_grow
+#define mpi_init mbedtls_mpi_init
+#define mpi_inv_mod mbedtls_mpi_inv_mod
+#define mpi_is_prime mbedtls_mpi_is_prime
+#define mpi_lsb mbedtls_mpi_lsb
+#define mpi_lset mbedtls_mpi_lset
+#define mpi_mod_int mbedtls_mpi_mod_int
+#define mpi_mod_mpi mbedtls_mpi_mod_mpi
+#define mpi_msb mbedtls_mpi_bitlen
+#define mpi_mul_int mbedtls_mpi_mul_int
+#define mpi_mul_mpi mbedtls_mpi_mul_mpi
+#define mpi_read_binary mbedtls_mpi_read_binary
+#define mpi_read_file mbedtls_mpi_read_file
+#define mpi_read_string mbedtls_mpi_read_string
+#define mpi_safe_cond_assign mbedtls_mpi_safe_cond_assign
+#define mpi_safe_cond_swap mbedtls_mpi_safe_cond_swap
+#define mpi_self_test mbedtls_mpi_self_test
+#define mpi_set_bit mbedtls_mpi_set_bit
+#define mpi_shift_l mbedtls_mpi_shift_l
+#define mpi_shift_r mbedtls_mpi_shift_r
+#define mpi_shrink mbedtls_mpi_shrink
+#define mpi_size mbedtls_mpi_size
+#define mpi_sub_abs mbedtls_mpi_sub_abs
+#define mpi_sub_int mbedtls_mpi_sub_int
+#define mpi_sub_mpi mbedtls_mpi_sub_mpi
+#define mpi_swap mbedtls_mpi_swap
+#define mpi_write_binary mbedtls_mpi_write_binary
+#define mpi_write_file mbedtls_mpi_write_file
+#define mpi_write_string mbedtls_mpi_write_string
+#define net_accept mbedtls_net_accept
+#define net_bind mbedtls_net_bind
+#define net_close mbedtls_net_free
+#define net_connect mbedtls_net_connect
+#define net_recv mbedtls_net_recv
+#define net_recv_timeout mbedtls_net_recv_timeout
+#define net_send mbedtls_net_send
+#define net_set_block mbedtls_net_set_block
+#define net_set_nonblock mbedtls_net_set_nonblock
+#define net_usleep mbedtls_net_usleep
+#define oid_descriptor_t mbedtls_oid_descriptor_t
+#define oid_get_attr_short_name mbedtls_oid_get_attr_short_name
+#define oid_get_cipher_alg mbedtls_oid_get_cipher_alg
+#define oid_get_ec_grp mbedtls_oid_get_ec_grp
+#define oid_get_extended_key_usage mbedtls_oid_get_extended_key_usage
+#define oid_get_md_alg mbedtls_oid_get_md_alg
+#define oid_get_numeric_string mbedtls_oid_get_numeric_string
+#define oid_get_oid_by_ec_grp mbedtls_oid_get_oid_by_ec_grp
+#define oid_get_oid_by_md mbedtls_oid_get_oid_by_md
+#define oid_get_oid_by_pk_alg mbedtls_oid_get_oid_by_pk_alg
+#define oid_get_oid_by_sig_alg mbedtls_oid_get_oid_by_sig_alg
+#define oid_get_pk_alg mbedtls_oid_get_pk_alg
+#define oid_get_pkcs12_pbe_alg mbedtls_oid_get_pkcs12_pbe_alg
+#define oid_get_sig_alg mbedtls_oid_get_sig_alg
+#define oid_get_sig_alg_desc mbedtls_oid_get_sig_alg_desc
+#define oid_get_x509_ext_type mbedtls_oid_get_x509_ext_type
+#define operation_t mbedtls_operation_t
+#define padlock_supports mbedtls_padlock_has_support
+#define padlock_xcryptcbc mbedtls_padlock_xcryptcbc
+#define padlock_xcryptecb mbedtls_padlock_xcryptecb
+#define pbkdf2_hmac mbedtls_pbkdf2_hmac
+#define pbkdf2_self_test mbedtls_pbkdf2_self_test
+#define pem_context mbedtls_pem_context
+#define pem_free mbedtls_pem_free
+#define pem_init mbedtls_pem_init
+#define pem_read_buffer mbedtls_pem_read_buffer
+#define pem_write_buffer mbedtls_pem_write_buffer
+#define pk_can_do mbedtls_pk_can_do
+#define pk_check_pair mbedtls_pk_check_pair
+#define pk_context mbedtls_pk_context
+#define pk_debug mbedtls_pk_debug
+#define pk_debug_item mbedtls_pk_debug_item
+#define pk_debug_type mbedtls_pk_debug_type
+#define pk_decrypt mbedtls_pk_decrypt
+#define pk_ec mbedtls_pk_ec
+#define pk_encrypt mbedtls_pk_encrypt
+#define pk_free mbedtls_pk_free
+#define pk_get_len mbedtls_pk_get_len
+#define pk_get_name mbedtls_pk_get_name
+#define pk_get_size mbedtls_pk_get_bitlen
+#define pk_get_type mbedtls_pk_get_type
+#define pk_info_from_type mbedtls_pk_info_from_type
+#define pk_info_t mbedtls_pk_info_t
+#define pk_init mbedtls_pk_init
+#define pk_init_ctx mbedtls_pk_setup
+#define pk_init_ctx_rsa_alt mbedtls_pk_setup_rsa_alt
+#define pk_load_file mbedtls_pk_load_file
+#define pk_parse_key mbedtls_pk_parse_key
+#define pk_parse_keyfile mbedtls_pk_parse_keyfile
+#define pk_parse_public_key mbedtls_pk_parse_public_key
+#define pk_parse_public_keyfile mbedtls_pk_parse_public_keyfile
+#define pk_parse_subpubkey mbedtls_pk_parse_subpubkey
+#define pk_rsa mbedtls_pk_rsa
+#define pk_rsa_alt_decrypt_func mbedtls_pk_rsa_alt_decrypt_func
+#define pk_rsa_alt_key_len_func mbedtls_pk_rsa_alt_key_len_func
+#define pk_rsa_alt_sign_func mbedtls_pk_rsa_alt_sign_func
+#define pk_rsassa_pss_options mbedtls_pk_rsassa_pss_options
+#define pk_sign mbedtls_pk_sign
+#define pk_type_t mbedtls_pk_type_t
+#define pk_verify mbedtls_pk_verify
+#define pk_verify_ext mbedtls_pk_verify_ext
+#define pk_write_key_der mbedtls_pk_write_key_der
+#define pk_write_key_pem mbedtls_pk_write_key_pem
+#define pk_write_pubkey mbedtls_pk_write_pubkey
+#define pk_write_pubkey_der mbedtls_pk_write_pubkey_der
+#define pk_write_pubkey_pem mbedtls_pk_write_pubkey_pem
+#define pkcs11_context mbedtls_pkcs11_context
+#define pkcs11_decrypt mbedtls_pkcs11_decrypt
+#define pkcs11_priv_key_free mbedtls_pkcs11_priv_key_free
+#define pkcs11_priv_key_init mbedtls_pkcs11_priv_key_bind
+#define pkcs11_sign mbedtls_pkcs11_sign
+#define pkcs11_x509_cert_init mbedtls_pkcs11_x509_cert_bind
+#define pkcs12_derivation mbedtls_pkcs12_derivation
+#define pkcs12_pbe mbedtls_pkcs12_pbe
+#define pkcs12_pbe_sha1_rc4_128 mbedtls_pkcs12_pbe_sha1_rc4_128
+#define pkcs5_pbes2 mbedtls_pkcs5_pbes2
+#define pkcs5_pbkdf2_hmac mbedtls_pkcs5_pbkdf2_hmac
+#define pkcs5_self_test mbedtls_pkcs5_self_test
+#define platform_entropy_poll mbedtls_platform_entropy_poll
+#define platform_set_exit mbedtls_platform_set_exit
+#define platform_set_fprintf mbedtls_platform_set_fprintf
+#define platform_set_malloc_free mbedtls_platform_set_malloc_free
+#define platform_set_printf mbedtls_platform_set_printf
+#define platform_set_snprintf mbedtls_platform_set_snprintf
+#define polarssl_exit mbedtls_exit
+#define polarssl_fprintf mbedtls_fprintf
+#define polarssl_free mbedtls_free
+#define polarssl_malloc mbedtls_malloc
+#define polarssl_mutex_free mbedtls_mutex_free
+#define polarssl_mutex_init mbedtls_mutex_init
+#define polarssl_mutex_lock mbedtls_mutex_lock
+#define polarssl_mutex_unlock mbedtls_mutex_unlock
+#define polarssl_printf mbedtls_printf
+#define polarssl_snprintf mbedtls_snprintf
+#define polarssl_strerror mbedtls_strerror
+#define ripemd160 mbedtls_ripemd160
+#define ripemd160_context mbedtls_ripemd160_context
+#define ripemd160_file mbedtls_ripemd160_file
+#define ripemd160_finish mbedtls_ripemd160_finish
+#define ripemd160_free mbedtls_ripemd160_free
+#define ripemd160_hmac mbedtls_ripemd160_hmac
+#define ripemd160_hmac_finish mbedtls_ripemd160_hmac_finish
+#define ripemd160_hmac_reset mbedtls_ripemd160_hmac_reset
+#define ripemd160_hmac_starts mbedtls_ripemd160_hmac_starts
+#define ripemd160_hmac_update mbedtls_ripemd160_hmac_update
+#define ripemd160_info mbedtls_ripemd160_info
+#define ripemd160_init mbedtls_ripemd160_init
+#define ripemd160_process mbedtls_ripemd160_process
+#define ripemd160_self_test mbedtls_ripemd160_self_test
+#define ripemd160_starts mbedtls_ripemd160_starts
+#define ripemd160_update mbedtls_ripemd160_update
+#define rsa_alt_context mbedtls_rsa_alt_context
+#define rsa_alt_info mbedtls_rsa_alt_info
+#define rsa_check_privkey mbedtls_rsa_check_privkey
+#define rsa_check_pub_priv mbedtls_rsa_check_pub_priv
+#define rsa_check_pubkey mbedtls_rsa_check_pubkey
+#define rsa_context mbedtls_rsa_context
+#define rsa_copy mbedtls_rsa_copy
+#define rsa_decrypt_func mbedtls_rsa_decrypt_func
+#define rsa_free mbedtls_rsa_free
+#define rsa_gen_key mbedtls_rsa_gen_key
+#define rsa_info mbedtls_rsa_info
+#define rsa_init mbedtls_rsa_init
+#define rsa_key_len_func mbedtls_rsa_key_len_func
+#define rsa_pkcs1_decrypt mbedtls_rsa_pkcs1_decrypt
+#define rsa_pkcs1_encrypt mbedtls_rsa_pkcs1_encrypt
+#define rsa_pkcs1_sign mbedtls_rsa_pkcs1_sign
+#define rsa_pkcs1_verify mbedtls_rsa_pkcs1_verify
+#define rsa_private mbedtls_rsa_private
+#define rsa_public mbedtls_rsa_public
+#define rsa_rsaes_oaep_decrypt mbedtls_rsa_rsaes_oaep_decrypt
+#define rsa_rsaes_oaep_encrypt mbedtls_rsa_rsaes_oaep_encrypt
+#define rsa_rsaes_pkcs1_v15_decrypt mbedtls_rsa_rsaes_pkcs1_v15_decrypt
+#define rsa_rsaes_pkcs1_v15_encrypt mbedtls_rsa_rsaes_pkcs1_v15_encrypt
+#define rsa_rsassa_pkcs1_v15_sign mbedtls_rsa_rsassa_pkcs1_v15_sign
+#define rsa_rsassa_pkcs1_v15_verify mbedtls_rsa_rsassa_pkcs1_v15_verify
+#define rsa_rsassa_pss_sign mbedtls_rsa_rsassa_pss_sign
+#define rsa_rsassa_pss_verify mbedtls_rsa_rsassa_pss_verify
+#define rsa_rsassa_pss_verify_ext mbedtls_rsa_rsassa_pss_verify_ext
+#define rsa_self_test mbedtls_rsa_self_test
+#define rsa_set_padding mbedtls_rsa_set_padding
+#define rsa_sign_func mbedtls_rsa_sign_func
+#define safer_memcmp mbedtls_ssl_safer_memcmp
+#define set_alarm mbedtls_set_alarm
+#define sha1 mbedtls_sha1
+#define sha1_context mbedtls_sha1_context
+#define sha1_file mbedtls_sha1_file
+#define sha1_finish mbedtls_sha1_finish
+#define sha1_free mbedtls_sha1_free
+#define sha1_hmac mbedtls_sha1_hmac
+#define sha1_hmac_finish mbedtls_sha1_hmac_finish
+#define sha1_hmac_reset mbedtls_sha1_hmac_reset
+#define sha1_hmac_starts mbedtls_sha1_hmac_starts
+#define sha1_hmac_update mbedtls_sha1_hmac_update
+#define sha1_info mbedtls_sha1_info
+#define sha1_init mbedtls_sha1_init
+#define sha1_process mbedtls_sha1_process
+#define sha1_self_test mbedtls_sha1_self_test
+#define sha1_starts mbedtls_sha1_starts
+#define sha1_update mbedtls_sha1_update
+#define sha224_info mbedtls_sha224_info
+#define sha256 mbedtls_sha256
+#define sha256_context mbedtls_sha256_context
+#define sha256_file mbedtls_sha256_file
+#define sha256_finish mbedtls_sha256_finish
+#define sha256_free mbedtls_sha256_free
+#define sha256_hmac mbedtls_sha256_hmac
+#define sha256_hmac_finish mbedtls_sha256_hmac_finish
+#define sha256_hmac_reset mbedtls_sha256_hmac_reset
+#define sha256_hmac_starts mbedtls_sha256_hmac_starts
+#define sha256_hmac_update mbedtls_sha256_hmac_update
+#define sha256_info mbedtls_sha256_info
+#define sha256_init mbedtls_sha256_init
+#define sha256_process mbedtls_sha256_process
+#define sha256_self_test mbedtls_sha256_self_test
+#define sha256_starts mbedtls_sha256_starts
+#define sha256_update mbedtls_sha256_update
+#define sha384_info mbedtls_sha384_info
+#define sha512 mbedtls_sha512
+#define sha512_context mbedtls_sha512_context
+#define sha512_file mbedtls_sha512_file
+#define sha512_finish mbedtls_sha512_finish
+#define sha512_free mbedtls_sha512_free
+#define sha512_hmac mbedtls_sha512_hmac
+#define sha512_hmac_finish mbedtls_sha512_hmac_finish
+#define sha512_hmac_reset mbedtls_sha512_hmac_reset
+#define sha512_hmac_starts mbedtls_sha512_hmac_starts
+#define sha512_hmac_update mbedtls_sha512_hmac_update
+#define sha512_info mbedtls_sha512_info
+#define sha512_init mbedtls_sha512_init
+#define sha512_process mbedtls_sha512_process
+#define sha512_self_test mbedtls_sha512_self_test
+#define sha512_starts mbedtls_sha512_starts
+#define sha512_update mbedtls_sha512_update
+#define source_state mbedtls_entropy_source_state
+#define ssl_cache_context mbedtls_ssl_cache_context
+#define ssl_cache_entry mbedtls_ssl_cache_entry
+#define ssl_cache_free mbedtls_ssl_cache_free
+#define ssl_cache_get mbedtls_ssl_cache_get
+#define ssl_cache_init mbedtls_ssl_cache_init
+#define ssl_cache_set mbedtls_ssl_cache_set
+#define ssl_cache_set_max_entries mbedtls_ssl_cache_set_max_entries
+#define ssl_cache_set_timeout mbedtls_ssl_cache_set_timeout
+#define ssl_check_cert_usage mbedtls_ssl_check_cert_usage
+#define ssl_ciphersuite_from_id mbedtls_ssl_ciphersuite_from_id
+#define ssl_ciphersuite_from_string mbedtls_ssl_ciphersuite_from_string
+#define ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
+#define ssl_ciphersuite_uses_ec mbedtls_ssl_ciphersuite_uses_ec
+#define ssl_ciphersuite_uses_psk mbedtls_ssl_ciphersuite_uses_psk
+#define ssl_close_notify mbedtls_ssl_close_notify
+#define ssl_context mbedtls_ssl_context
+#define ssl_cookie_check mbedtls_ssl_cookie_check
+#define ssl_cookie_check_t mbedtls_ssl_cookie_check_t
+#define ssl_cookie_ctx mbedtls_ssl_cookie_ctx
+#define ssl_cookie_free mbedtls_ssl_cookie_free
+#define ssl_cookie_init mbedtls_ssl_cookie_init
+#define ssl_cookie_set_timeout mbedtls_ssl_cookie_set_timeout
+#define ssl_cookie_setup mbedtls_ssl_cookie_setup
+#define ssl_cookie_write mbedtls_ssl_cookie_write
+#define ssl_cookie_write_t mbedtls_ssl_cookie_write_t
+#define ssl_curve_is_acceptable mbedtls_ssl_curve_is_acceptable
+#define ssl_derive_keys mbedtls_ssl_derive_keys
+#define ssl_dtls_replay_check mbedtls_ssl_dtls_replay_check
+#define ssl_dtls_replay_update mbedtls_ssl_dtls_replay_update
+#define ssl_fetch_input mbedtls_ssl_fetch_input
+#define ssl_flight_item mbedtls_ssl_flight_item
+#define ssl_flush_output mbedtls_ssl_flush_output
+#define ssl_free mbedtls_ssl_free
+#define ssl_get_alpn_protocol mbedtls_ssl_get_alpn_protocol
+#define ssl_get_bytes_avail mbedtls_ssl_get_bytes_avail
+#define ssl_get_ciphersuite mbedtls_ssl_get_ciphersuite
+#define ssl_get_ciphersuite_id mbedtls_ssl_get_ciphersuite_id
+#define ssl_get_ciphersuite_name mbedtls_ssl_get_ciphersuite_name
+#define ssl_get_ciphersuite_sig_pk_alg mbedtls_ssl_get_ciphersuite_sig_pk_alg
+#define ssl_get_peer_cert mbedtls_ssl_get_peer_cert
+#define ssl_get_record_expansion mbedtls_ssl_get_record_expansion
+#define ssl_get_session mbedtls_ssl_get_session
+#define ssl_get_verify_result mbedtls_ssl_get_verify_result
+#define ssl_get_version mbedtls_ssl_get_version
+#define ssl_handshake mbedtls_ssl_handshake
+#define ssl_handshake_client_step mbedtls_ssl_handshake_client_step
+#define ssl_handshake_free mbedtls_ssl_handshake_free
+#define ssl_handshake_params mbedtls_ssl_handshake_params
+#define ssl_handshake_server_step mbedtls_ssl_handshake_server_step
+#define ssl_handshake_step mbedtls_ssl_handshake_step
+#define ssl_handshake_wrapup mbedtls_ssl_handshake_wrapup
+#define ssl_hdr_len mbedtls_ssl_hdr_len
+#define ssl_hs_hdr_len mbedtls_ssl_hs_hdr_len
+#define ssl_hw_record_activate mbedtls_ssl_hw_record_activate
+#define ssl_hw_record_finish mbedtls_ssl_hw_record_finish
+#define ssl_hw_record_init mbedtls_ssl_hw_record_init
+#define ssl_hw_record_read mbedtls_ssl_hw_record_read
+#define ssl_hw_record_reset mbedtls_ssl_hw_record_reset
+#define ssl_hw_record_write mbedtls_ssl_hw_record_write
+#define ssl_init mbedtls_ssl_init
+#define ssl_key_cert mbedtls_ssl_key_cert
+#define ssl_legacy_renegotiation mbedtls_ssl_conf_legacy_renegotiation
+#define ssl_list_ciphersuites mbedtls_ssl_list_ciphersuites
+#define ssl_md_alg_from_hash mbedtls_ssl_md_alg_from_hash
+#define ssl_optimize_checksum mbedtls_ssl_optimize_checksum
+#define ssl_own_cert mbedtls_ssl_own_cert
+#define ssl_own_key mbedtls_ssl_own_key
+#define ssl_parse_certificate mbedtls_ssl_parse_certificate
+#define ssl_parse_change_cipher_spec mbedtls_ssl_parse_change_cipher_spec
+#define ssl_parse_finished mbedtls_ssl_parse_finished
+#define ssl_pk_alg_from_sig mbedtls_ssl_pk_alg_from_sig
+#define ssl_pkcs11_decrypt mbedtls_ssl_pkcs11_decrypt
+#define ssl_pkcs11_key_len mbedtls_ssl_pkcs11_key_len
+#define ssl_pkcs11_sign mbedtls_ssl_pkcs11_sign
+#define ssl_psk_derive_premaster mbedtls_ssl_psk_derive_premaster
+#define ssl_read mbedtls_ssl_read
+#define ssl_read_record mbedtls_ssl_read_record
+#define ssl_read_version mbedtls_ssl_read_version
+#define ssl_recv_flight_completed mbedtls_ssl_recv_flight_completed
+#define ssl_renegotiate mbedtls_ssl_renegotiate
+#define ssl_resend mbedtls_ssl_resend
+#define ssl_reset_checksum mbedtls_ssl_reset_checksum
+#define ssl_send_alert_message mbedtls_ssl_send_alert_message
+#define ssl_send_fatal_handshake_failure mbedtls_ssl_send_fatal_handshake_failure
+#define ssl_send_flight_completed mbedtls_ssl_send_flight_completed
+#define ssl_session mbedtls_ssl_session
+#define ssl_session_free mbedtls_ssl_session_free
+#define ssl_session_init mbedtls_ssl_session_init
+#define ssl_session_reset mbedtls_ssl_session_reset
+#define ssl_set_alpn_protocols mbedtls_ssl_conf_alpn_protocols
+#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
+#define ssl_set_authmode mbedtls_ssl_conf_authmode
+#define ssl_set_bio mbedtls_ssl_set_bio
+#define ssl_set_bio mbedtls_ssl_set_bio_timeout
+#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
+#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
+#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
+#define ssl_set_ciphersuites_for_version mbedtls_ssl_conf_ciphersuites_for_version
+#define ssl_set_client_transport_id mbedtls_ssl_set_client_transport_id
+#define ssl_set_curves mbedtls_ssl_conf_curves
+#define ssl_set_dbg mbedtls_ssl_conf_dbg
+#define ssl_set_dh_param mbedtls_ssl_conf_dh_param
+#define ssl_set_dh_param_ctx mbedtls_ssl_conf_dh_param_ctx
+#define ssl_set_dtls_anti_replay mbedtls_ssl_conf_dtls_anti_replay
+#define ssl_set_dtls_badmac_limit mbedtls_ssl_conf_dtls_badmac_limit
+#define ssl_set_dtls_cookies mbedtls_ssl_conf_dtls_cookies
+#define ssl_set_encrypt_then_mac mbedtls_ssl_conf_encrypt_then_mac
+#define ssl_set_endpoint mbedtls_ssl_conf_endpoint
+#define ssl_set_extended_master_secret mbedtls_ssl_conf_extended_master_secret
+#define ssl_set_fallback mbedtls_ssl_conf_fallback
+#define ssl_set_handshake_timeout mbedtls_ssl_conf_handshake_timeout
+#define ssl_set_hostname mbedtls_ssl_set_hostname
+#define ssl_set_max_frag_len mbedtls_ssl_conf_max_frag_len
+#define ssl_set_max_version mbedtls_ssl_conf_max_version
+#define ssl_set_min_version mbedtls_ssl_conf_min_version
+#define ssl_set_own_cert mbedtls_ssl_conf_own_cert
+#define ssl_set_own_cert_alt mbedtls_ssl_set_own_cert_alt
+#define ssl_set_own_cert_rsa mbedtls_ssl_set_own_cert_rsa
+#define ssl_set_psk mbedtls_ssl_conf_psk
+#define ssl_set_psk_cb mbedtls_ssl_conf_psk_cb
+#define ssl_set_renegotiation mbedtls_ssl_conf_renegotiation
+#define ssl_set_renegotiation_enforced mbedtls_ssl_conf_renegotiation_enforced
+#define ssl_set_renegotiation_period mbedtls_ssl_conf_renegotiation_period
+#define ssl_set_rng mbedtls_ssl_conf_rng
+#define ssl_set_session mbedtls_ssl_set_session
+#define ssl_set_session_cache mbedtls_ssl_conf_session_cache
+#define ssl_set_session_ticket_lifetime mbedtls_ssl_conf_session_ticket_lifetime
+#define ssl_set_session_tickets mbedtls_ssl_conf_session_tickets
+#define ssl_set_sni mbedtls_ssl_conf_sni
+#define ssl_set_transport mbedtls_ssl_conf_transport
+#define ssl_set_truncated_hmac mbedtls_ssl_conf_truncated_hmac
+#define ssl_set_verify mbedtls_ssl_conf_verify
+#define ssl_sig_from_pk mbedtls_ssl_sig_from_pk
+#define ssl_states mbedtls_ssl_states
+#define ssl_ticket_keys mbedtls_ssl_ticket_keys
+#define ssl_transform mbedtls_ssl_transform
+#define ssl_transform_free mbedtls_ssl_transform_free
+#define ssl_write mbedtls_ssl_write
+#define ssl_write_certificate mbedtls_ssl_write_certificate
+#define ssl_write_change_cipher_spec mbedtls_ssl_write_change_cipher_spec
+#define ssl_write_finished mbedtls_ssl_write_finished
+#define ssl_write_record mbedtls_ssl_write_record
+#define ssl_write_version mbedtls_ssl_write_version
+#define supported_ciphers mbedtls_cipher_supported
+#define t_sint mbedtls_mpi_sint
+#define t_udbl mbedtls_t_udbl
+#define t_uint mbedtls_mpi_uint
+#define test_ca_crt mbedtls_test_ca_crt
+#define test_ca_crt_ec mbedtls_test_ca_crt_ec
+#define test_ca_crt_rsa mbedtls_test_ca_crt_rsa
+#define test_ca_key mbedtls_test_ca_key
+#define test_ca_key_ec mbedtls_test_ca_key_ec
+#define test_ca_key_rsa mbedtls_test_ca_key_rsa
+#define test_ca_list mbedtls_test_cas_pem
+#define test_ca_pwd mbedtls_test_ca_pwd
+#define test_ca_pwd_ec mbedtls_test_ca_pwd_ec
+#define test_ca_pwd_rsa mbedtls_test_ca_pwd_rsa
+#define test_cli_crt mbedtls_test_cli_crt
+#define test_cli_crt_ec mbedtls_test_cli_crt_ec
+#define test_cli_crt_rsa mbedtls_test_cli_crt_rsa
+#define test_cli_key mbedtls_test_cli_key
+#define test_cli_key_ec mbedtls_test_cli_key_ec
+#define test_cli_key_rsa mbedtls_test_cli_key_rsa
+#define test_dhm_params mbedtls_test_dhm_params
+#define test_srv_crt mbedtls_test_srv_crt
+#define test_srv_crt_ec mbedtls_test_srv_crt_ec
+#define test_srv_crt_rsa mbedtls_test_srv_crt_rsa
+#define test_srv_key mbedtls_test_srv_key
+#define test_srv_key_ec mbedtls_test_srv_key_ec
+#define test_srv_key_rsa mbedtls_test_srv_key_rsa
+#define threading_mutex_t mbedtls_threading_mutex_t
+#define threading_set_alt mbedtls_threading_set_alt
+#define timing_self_test mbedtls_timing_self_test
+#define version_check_feature mbedtls_version_check_feature
+#define version_get_number mbedtls_version_get_number
+#define version_get_string mbedtls_version_get_string
+#define version_get_string_full mbedtls_version_get_string_full
+#define x509_bitstring mbedtls_x509_bitstring
+#define x509_buf mbedtls_x509_buf
+#define x509_crl mbedtls_x509_crl
+#define x509_crl_entry mbedtls_x509_crl_entry
+#define x509_crl_free mbedtls_x509_crl_free
+#define x509_crl_info mbedtls_x509_crl_info
+#define x509_crl_init mbedtls_x509_crl_init
+#define x509_crl_parse mbedtls_x509_crl_parse
+#define x509_crl_parse_der mbedtls_x509_crl_parse_der
+#define x509_crl_parse_file mbedtls_x509_crl_parse_file
+#define x509_crt mbedtls_x509_crt
+#define x509_crt_check_extended_key_usage mbedtls_x509_crt_check_extended_key_usage
+#define x509_crt_check_key_usage mbedtls_x509_crt_check_key_usage
+#define x509_crt_free mbedtls_x509_crt_free
+#define x509_crt_info mbedtls_x509_crt_info
+#define x509_crt_init mbedtls_x509_crt_init
+#define x509_crt_parse mbedtls_x509_crt_parse
+#define x509_crt_parse_der mbedtls_x509_crt_parse_der
+#define x509_crt_parse_file mbedtls_x509_crt_parse_file
+#define x509_crt_parse_path mbedtls_x509_crt_parse_path
+#define x509_crt_revoked mbedtls_x509_crt_is_revoked
+#define x509_crt_verify mbedtls_x509_crt_verify
+#define x509_csr mbedtls_x509_csr
+#define x509_csr_free mbedtls_x509_csr_free
+#define x509_csr_info mbedtls_x509_csr_info
+#define x509_csr_init mbedtls_x509_csr_init
+#define x509_csr_parse mbedtls_x509_csr_parse
+#define x509_csr_parse_der mbedtls_x509_csr_parse_der
+#define x509_csr_parse_file mbedtls_x509_csr_parse_file
+#define x509_dn_gets mbedtls_x509_dn_gets
+#define x509_get_alg mbedtls_x509_get_alg
+#define x509_get_alg_null mbedtls_x509_get_alg_null
+#define x509_get_ext mbedtls_x509_get_ext
+#define x509_get_name mbedtls_x509_get_name
+#define x509_get_rsassa_pss_params mbedtls_x509_get_rsassa_pss_params
+#define x509_get_serial mbedtls_x509_get_serial
+#define x509_get_sig mbedtls_x509_get_sig
+#define x509_get_sig_alg mbedtls_x509_get_sig_alg
+#define x509_get_time mbedtls_x509_get_time
+#define x509_key_size_helper mbedtls_x509_key_size_helper
+#define x509_name mbedtls_x509_name
+#define x509_oid_get_description mbedtls_x509_oid_get_description
+#define x509_oid_get_numeric_string mbedtls_x509_oid_get_numeric_string
+#define x509_self_test mbedtls_x509_self_test
+#define x509_sequence mbedtls_x509_sequence
+#define x509_serial_gets mbedtls_x509_serial_gets
+#define x509_set_extension mbedtls_x509_set_extension
+#define x509_sig_alg_gets mbedtls_x509_sig_alg_gets
+#define x509_string_to_names mbedtls_x509_string_to_names
+#define x509_time mbedtls_x509_time
+#define x509_time_expired mbedtls_x509_time_is_past
+#define x509_time_future mbedtls_x509_time_is_future
+#define x509_write_extensions mbedtls_x509_write_extensions
+#define x509_write_names mbedtls_x509_write_names
+#define x509_write_sig mbedtls_x509_write_sig
+#define x509write_cert mbedtls_x509write_cert
+#define x509write_crt_der mbedtls_x509write_crt_der
+#define x509write_crt_free mbedtls_x509write_crt_free
+#define x509write_crt_init mbedtls_x509write_crt_init
+#define x509write_crt_pem mbedtls_x509write_crt_pem
+#define x509write_crt_set_authority_key_identifier mbedtls_x509write_crt_set_authority_key_identifier
+#define x509write_crt_set_basic_constraints mbedtls_x509write_crt_set_basic_constraints
+#define x509write_crt_set_extension mbedtls_x509write_crt_set_extension
+#define x509write_crt_set_issuer_key mbedtls_x509write_crt_set_issuer_key
+#define x509write_crt_set_issuer_name mbedtls_x509write_crt_set_issuer_name
+#define x509write_crt_set_key_usage mbedtls_x509write_crt_set_key_usage
+#define x509write_crt_set_md_alg mbedtls_x509write_crt_set_md_alg
+#define x509write_crt_set_ns_cert_type mbedtls_x509write_crt_set_ns_cert_type
+#define x509write_crt_set_serial mbedtls_x509write_crt_set_serial
+#define x509write_crt_set_subject_key mbedtls_x509write_crt_set_subject_key
+#define x509write_crt_set_subject_key_identifier mbedtls_x509write_crt_set_subject_key_identifier
+#define x509write_crt_set_subject_name mbedtls_x509write_crt_set_subject_name
+#define x509write_crt_set_validity mbedtls_x509write_crt_set_validity
+#define x509write_crt_set_version mbedtls_x509write_crt_set_version
+#define x509write_csr mbedtls_x509write_csr
+#define x509write_csr_der mbedtls_x509write_csr_der
+#define x509write_csr_free mbedtls_x509write_csr_free
+#define x509write_csr_init mbedtls_x509write_csr_init
+#define x509write_csr_pem mbedtls_x509write_csr_pem
+#define x509write_csr_set_extension mbedtls_x509write_csr_set_extension
+#define x509write_csr_set_key mbedtls_x509write_csr_set_key
+#define x509write_csr_set_key_usage mbedtls_x509write_csr_set_key_usage
+#define x509write_csr_set_md_alg mbedtls_x509write_csr_set_md_alg
+#define x509write_csr_set_ns_cert_type mbedtls_x509write_csr_set_ns_cert_type
+#define x509write_csr_set_subject_name mbedtls_x509write_csr_set_subject_name
+#define xtea_context mbedtls_xtea_context
+#define xtea_crypt_cbc mbedtls_xtea_crypt_cbc
+#define xtea_crypt_ecb mbedtls_xtea_crypt_ecb
+#define xtea_free mbedtls_xtea_free
+#define xtea_init mbedtls_xtea_init
+#define xtea_self_test mbedtls_xtea_self_test
+#define xtea_setup mbedtls_xtea_setup
+
+#endif /* compat-1.3.h */
+#endif /* MBEDTLS_DEPRECATED_REMOVED */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/config.h

@@ -0,0 +1,2600 @@
+/**
+ * \file config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ *  This set of compile-time options may be used to enable
+ *  or disable features selectively, and reduce the global
+ *  memory footprint.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ *      library/timing.c
+ *      library/padlock.c
+ *      include/mbedtls/bn_mul.h
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define MBEDTLS_HAVE_ASM
+
+/**
+ * \def MBEDTLS_HAVE_SSE2
+ *
+ * CPU supports SSE2 instruction set.
+ *
+ * Uncomment if the CPU supports SSE2 (IA-32 specific).
+ */
+//#define MBEDTLS_HAVE_SSE2
+
+/**
+ * \def MBEDTLS_HAVE_TIME
+ *
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
+ *
+ * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
+ * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
+ * MBEDTLS_PLATFORM_STD_TIME.
+ *
+ * Comment if your system does not support time functions
+ */
+#define MBEDTLS_HAVE_TIME
+
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h and time(), gmtime() and the clock is correct.
+ * The time needs to be correct (not necesarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ */
+#define MBEDTLS_HAVE_TIME_DATE
+
+/**
+ * \def MBEDTLS_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default mbed TLS uses the system-provided calloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+//#define MBEDTLS_PLATFORM_MEMORY
+
+/**
+ * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ *
+ * Do not assign standard functions in the platform layer (e.g. calloc() to
+ * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
+ *
+ * This makes sure there are no linking errors on platforms that do not support
+ * these functions. You will HAVE to provide alternatives, either at runtime
+ * via the platform_set_xxx() functions or at compile time by setting
+ * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
+ * MBEDTLS_PLATFORM_XXX_MACRO.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Uncomment to prevent default assignment of standard functions in the
+ * platform layer.
+ */
+//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+
+/**
+ * \def MBEDTLS_PLATFORM_EXIT_ALT
+ *
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * function in the platform abstraction layer.
+ *
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * provide a function "mbedtls_platform_set_printf()" that allows you to set an
+ * alternative printf function pointer.
+ *
+ * All these define require MBEDTLS_PLATFORM_C to be defined!
+ *
+ * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
+ * it will be enabled automatically by check_config.h
+ *
+ * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * MBEDTLS_PLATFORM_XXX_MACRO!
+ *
+ * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
+ *
+ * Uncomment a macro to enable alternate implementation of specific base
+ * platform function
+ */
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_TIME_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_NV_SEED_ALT
+
+/**
+ * \def MBEDTLS_DEPRECATED_WARNING
+ *
+ * Mark deprecated functions so that they generate a warning if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * This only works with GCC and Clang. With other compilers, you may want to
+ * use MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Uncomment to get warnings on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_WARNING
+
+/**
+ * \def MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions so that they generate an error if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * Uncomment to get errors on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_REMOVED
+
+/* \} name SECTION: System support */
+
+/**
+ * \name SECTION: mbed TLS feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_TIMING_ALT
+ *
+ * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
+ * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
+ *
+ * Only works if you have MBEDTLS_TIMING_C enabled.
+ *
+ * You will need to provide a header "timing_alt.h" and an implementation at
+ * compile time.
+ */
+//#define MBEDTLS_TIMING_ALT
+
+/**
+ * \def MBEDTLS_AES_ALT
+ *
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternate core implementation of a symmetric crypto or hash module (e.g.
+ * platform specific assembly optimized implementations). Keep in mind that
+ * the function prototypes should remain the same.
+ *
+ * This replaces the whole module. If you only want to replace one of the
+ * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * provide the "struct mbedtls_aes_context" definition and omit the base function
+ * declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * module.
+ */
+//#define MBEDTLS_AES_ALT
+//#define MBEDTLS_ARC4_ALT
+//#define MBEDTLS_BLOWFISH_ALT
+//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_XTEA_ALT
+//#define MBEDTLS_MD2_ALT
+//#define MBEDTLS_MD4_ALT
+//#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_RIPEMD160_ALT
+//#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA512_ALT
+
+/**
+ * \def MBEDTLS_MD2_PROCESS_ALT
+ *
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * alternate core implementation of symmetric crypto or hash function. Keep in
+ * mind that function prototypes should remain the same.
+ *
+ * This replaces only one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * no longer provide the mbedtls_sha1_process() function, but it will still provide
+ * the other function (using your mbedtls_sha1_process() function) and the definition
+ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
+ * with this definition.
+ *
+ * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set
+ * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
+ * tables.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+//#define MBEDTLS_MD2_PROCESS_ALT
+//#define MBEDTLS_MD4_PROCESS_ALT
+//#define MBEDTLS_MD5_PROCESS_ALT
+//#define MBEDTLS_RIPEMD160_PROCESS_ALT
+//#define MBEDTLS_SHA1_PROCESS_ALT
+//#define MBEDTLS_SHA256_PROCESS_ALT
+//#define MBEDTLS_SHA512_PROCESS_ALT
+//#define MBEDTLS_DES_SETKEY_ALT
+//#define MBEDTLS_DES_CRYPT_ECB_ALT
+//#define MBEDTLS_DES3_CRYPT_ECB_ALT
+//#define MBEDTLS_AES_SETKEY_ENC_ALT
+//#define MBEDTLS_AES_SETKEY_DEC_ALT
+//#define MBEDTLS_AES_ENCRYPT_ALT
+//#define MBEDTLS_AES_DECRYPT_ALT
+
+/**
+ * \def MBEDTLS_TEST_NULL_ENTROPY
+ *
+ * Enables testing and use of mbed TLS without any configured entropy sources.
+ * This permits use of the library on platforms before an entropy source has
+ * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
+ * MBEDTLS_ENTROPY_NV_SEED switches).
+ *
+ * WARNING! This switch MUST be disabled in production builds, and is suitable
+ * only for development.
+ * Enabling the switch negates any security provided by the library.
+ *
+ * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ */
+//#define MBEDTLS_TEST_NULL_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_HARDWARE_ALT
+ *
+ * Uncomment this macro to let mbed TLS use your own implementation of a
+ * hardware entropy collector.
+ *
+ * Your function must be called \c mbedtls_hardware_poll(), have the same
+ * prototype as declared in entropy_poll.h, and accept NULL as first argument.
+ *
+ * Uncomment to use your own hardware entropy collector.
+ */
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+/**
+ * \def MBEDTLS_AES_ROM_TABLES
+ *
+ * Store the AES tables in ROM.
+ *
+ * Uncomment this macro to store the AES tables in ROM.
+ */
+//#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
+ *
+ * Use less ROM for the Camellia implementation (saves about 768 bytes).
+ *
+ * Uncomment this macro to use less memory for Camellia.
+ */
+//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CBC
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CTR
+
+/**
+ * \def MBEDTLS_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+ */
+//#define MBEDTLS_CIPHER_NULL_CIPHER
+
+/**
+ * \def MBEDTLS_CIPHER_PADDING_PKCS7
+ *
+ * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
+ * specific padding modes in the cipher layer with cipher modes that support
+ * padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CIPHER_PADDING_ZEROS
+
+/**
+ * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels with virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+ */
+//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+ *
+ * Remove RC4 ciphersuites by default in SSL / TLS.
+ * This flag removes the ciphersuites based on RC4 from the default list as
+ * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
+ * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
+ * explicitly.
+ *
+ * Uncomment this macro to remove RC4 ciphersuites by default.
+ */
+#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ *
+ * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
+ * module.  By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+
+/**
+ * \def MBEDTLS_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/**
+ * \def MBEDTLS_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Requires: MBEDTLS_HMAC_DRBG_C
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define MBEDTLS_ECDSA_DETERMINISTIC
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ *
+ * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ *
+ * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ *
+ * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Requires: MBEDTLS_ECJPAKE_C
+ *           MBEDTLS_SHA256_C
+ *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+ */
+//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+
+/**
+ * \def MBEDTLS_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of mbedtls_strerror() in
+ * third party libraries easier when MBEDTLS_ERROR_C is disabled
+ * (no effect when MBEDTLS_ERROR_C is enabled).
+ *
+ * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
+ * not using mbedtls_strerror() or error_strerror() in your application.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * mbedtls_strerror()
+ */
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+
+/**
+ * \def MBEDTLS_GENPRIME
+ *
+ * Enable the prime-number generation code.
+ *
+ * Requires: MBEDTLS_BIGNUM_C
+ */
+#define MBEDTLS_GENPRIME
+
+/**
+ * \def MBEDTLS_FS_IO
+ *
+ * Enable functions that use the filesystem.
+ */
+#define MBEDTLS_FS_IO
+
+/**
+ * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * mbedtls_timing_hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+ */
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+//#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: MBEDTLS_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both MBEDTLS_SHA256_C and
+ * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+//#define MBEDTLS_ENTROPY_FORCE_SHA256
+
+/**
+ * \def MBEDTLS_ENTROPY_NV_SEED
+ *
+ * Enable the non-volatile (NV) seed file-based entropy source.
+ * (Also enables the NV seed read/write functions in the platform layer)
+ *
+ * This is crucial (if not required) on systems that do not have a
+ * cryptographic entropy source (in hardware or kernel) available.
+ *
+ * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
+ *
+ * \note The read/write functions that are used by the entropy source are
+ *       determined in the platform layer, and can be modified at runtime and/or
+ *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
+ *
+ * \note If you use the default implementation functions that read a seedfile
+ *       with regular fopen(), please make sure you make a seedfile with the
+ *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
+ *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
+ *       and written to or you will get an entropy source error! The default
+ *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
+ *       bytes from the file.
+ *
+ * \note The entropy collector will write to the seed file before entropy is
+ *       given to an external source, to update it.
+ */
+//#define MBEDTLS_ENTROPY_NV_SEED
+
+/**
+ * \def MBEDTLS_MEMORY_DEBUG
+ *
+ * Enable debugging of buffer allocator memory issues. Automatically prints
+ * (to stderr) all (fatal) messages on memory allocation issues. Enables
+ * function for 'debug output' of allocated memory.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Uncomment this macro to let the buffer allocator print out error messages.
+ */
+//#define MBEDTLS_MEMORY_DEBUG
+
+/**
+ * \def MBEDTLS_MEMORY_BACKTRACE
+ *
+ * Include backtrace information with each allocated block.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *           GLIBC-compatible backtrace() an backtrace_symbols() support
+ *
+ * Uncomment this macro to include backtrace information
+ */
+//#define MBEDTLS_MEMORY_BACKTRACE
+
+/**
+ * \def MBEDTLS_PK_RSA_ALT_SUPPORT
+ *
+ * Support external private RSA keys (eg from a HSM) in the PK layer.
+ *
+ * Comment this macro to disable support for external private RSA keys.
+ */
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+
+/**
+ * \def MBEDTLS_PKCS1_V15
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ *
+ * Requires: MBEDTLS_RSA_C
+ *
+ * This enables support for PKCS#1 v1.5 operations.
+ */
+#define MBEDTLS_PKCS1_V15
+
+/**
+ * \def MBEDTLS_PKCS1_V21
+ *
+ * Enable support for PKCS#1 v2.1 encoding.
+ *
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
+ *
+ * This enables support for RSAES-OAEP and RSASSA-PSS operations.
+ */
+#define MBEDTLS_PKCS1_V21
+
+/**
+ * \def MBEDTLS_RSA_NO_CRT
+ *
+ * Do not use the Chinese Remainder Theorem for the RSA private operation.
+ *
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+//#define MBEDTLS_RSA_NO_CRT
+
+/**
+ * \def MBEDTLS_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#define MBEDTLS_SELF_TEST
+
+/**
+ * \def MBEDTLS_SHA256_SMALLER
+ *
+ * Enable an implementation of SHA-256 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * The default implementation is meant to be a reasonnable compromise between
+ * performance and size. This version optimizes more aggressively for size at
+ * the expense of performance. Eg on Cortex-M4 it reduces the size of
+ * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
+ * 30%.
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+//#define MBEDTLS_SHA256_SMALLER
+
+/**
+ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, mbed TLS can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+
+/**
+ * \def MBEDTLS_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define MBEDTLS_SSL_DEBUG_ALL
+
+/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+
+/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+ *
+ * Enable support for Extended Master Secret, aka Session Hash
+ * (draft-ietf-tls-session-hash-02).
+ *
+ * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * attacks, but it is recommended to always use it (even if you disable
+ * renegotiation), since it actually fixes a more fundamental issue in the
+ * original SSL/TLS design, and has implications beyond Triple Handshake.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+
+/**
+ * \def MBEDTLS_SSL_FALLBACK_SCSV
+ *
+ * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ *
+ * For servers, it is recommended to always enable this, unless you support
+ * only one version of TLS, or know for sure that none of your clients
+ * implements a fallback strategy.
+ *
+ * For clients, you only need this if you're using a fallback strategy, which
+ * is not recommended in the first place, unless you absolutely need it to
+ * interoperate with buggy (version-intolerant) servers.
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+#define MBEDTLS_SSL_FALLBACK_SCSV
+
+/**
+ * \def MBEDTLS_SSL_HW_RECORD_ACCEL
+ *
+ * Enable hooking functions in SSL module for hardware acceleration of
+ * individual records.
+ *
+ * Uncomment this macro to enable hooking functions.
+ */
+//#define MBEDTLS_SSL_HW_RECORD_ACCEL
+
+/**
+ * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+
+/**
+ * \def MBEDTLS_SSL_RENEGOTIATION
+ *
+ * Disable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Comment this to disable support for renegotiation.
+ */
+#define MBEDTLS_SSL_RENEGOTIATION
+
+/**
+ * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ *
+ * Enable support for receiving and parsing SSLv2 Client Hello messages for the
+ * SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to enable support for SSLv2 Client Hello messages.
+ */
+//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+
+/**
+ * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+ *
+ * Pick the ciphersuite according to the client's preferences rather than ours
+ * in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to respect client's ciphersuite order
+ */
+//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+
+/**
+ * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def MBEDTLS_SSL_PROTO_SSL3
+ *
+ * Enable support for SSL 3.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for SSL 3.0
+ */
+//#define MBEDTLS_SSL_PROTO_SSL3
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1
+ *
+ * Enable support for TLS 1.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_1
+ *
+ * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
+ *           (Depends on ciphersuites)
+ *
+ * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/**
+ * \def MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Enable support for DTLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
+ * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_1
+ *        or MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for DTLS
+ */
+#define MBEDTLS_SSL_PROTO_DTLS
+
+/**
+ * \def MBEDTLS_SSL_ALPN
+ *
+ * Enable support for RFC 7301 Application Layer Protocol Negotiation.
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define MBEDTLS_SSL_ALPN
+
+/**
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ *
+ * Enable support for the anti-replay mechanism in DTLS.
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *           MBEDTLS_SSL_PROTO_DTLS
+ *
+ * \warning Disabling this is often a security risk!
+ * See mbedtls_ssl_conf_dtls_anti_replay() for details.
+ *
+ * Comment this to disable anti-replay in DTLS.
+ */
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Enable support for HelloVerifyRequest on DTLS servers.
+ *
+ * This feature is highly recommended to prevent DTLS servers being used as
+ * amplifiers in DoS attacks against other hosts. It should always be enabled
+ * unless you know for sure amplification cannot be a problem in the
+ * environment in which your server operates.
+ *
+ * \warning Disabling this can ba a security risk! (see above)
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Comment this to disable support for HelloVerifyRequest.
+ */
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/**
+ * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+ *
+ * Enable support for a limit of records with bad MAC.
+ *
+ * See mbedtls_ssl_conf_dtls_badmac_limit().
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ */
+#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+
+/**
+ * \def MBEDTLS_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ * Client-side, provides full support for session tickets (maintainance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define MBEDTLS_SSL_SESSION_TICKETS
+
+/**
+ * \def MBEDTLS_SSL_EXPORT_KEYS
+ *
+ * Enable support for exporting key block and master secret.
+ * This is required for certain users of TLS, e.g. EAP-TLS.
+ *
+ * Comment this macro to disable support for key export
+ */
+#define MBEDTLS_SSL_EXPORT_KEYS
+
+/**
+ * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+#define MBEDTLS_SSL_TRUNCATED_HMAC
+
+/**
+ * \def MBEDTLS_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+ */
+//#define MBEDTLS_THREADING_ALT
+
+/**
+ * \def MBEDTLS_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+ */
+//#define MBEDTLS_THREADING_PTHREAD
+
+/**
+ * \def MBEDTLS_VERSION_FEATURES
+ *
+ * Allow run-time checking of compile-time enabled features. Thus allowing users
+ * to check at run-time if the library is for instance compiled with threading
+ * support via mbedtls_version_check_feature().
+ *
+ * Requires: MBEDTLS_VERSION_C
+ *
+ * Comment this to disable run-time checking and save ROM space
+ */
+#define MBEDTLS_VERSION_FEATURES
+
+/**
+ * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an extension in a v1 or v2 certificate.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+
+/**
+ * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * \warning Depending on your PKI use, enabling this can be a security risk!
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+
+/**
+ * \def MBEDTLS_X509_CHECK_KEY_USAGE
+ *
+ * Enable verification of the keyUsage extension (CA and leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused
+ * (intermediate) CA and leaf certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip keyUsage checking for both CA and leaf certificates.
+ */
+#define MBEDTLS_X509_CHECK_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+ *
+ * Enable verification of the extendedKeyUsage extension (leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip extendedKeyUsage checking for certificates.
+ */
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+
+/**
+ * \def MBEDTLS_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
+ * CRIME attack. Before enabling this option, you should examine with care if
+ * CRIME or similar exploits may be a applicable to your use case.
+ *
+ * \note Currently compression can't be used with DTLS.
+ *
+ * Used in: library/ssl_tls.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+ */
+//#define MBEDTLS_ZLIB_SUPPORT
+/* \} name SECTION: mbed TLS feature support */
+
+/**
+ * \name SECTION: mbed TLS modules
+ *
+ * This section enables or disables entire modules in mbed TLS
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AESNI_C
+ *
+ * Enable AES-NI support on x86-64.
+ *
+ * Module:  library/aesni.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the AES-NI instructions on x86-64
+ */
+#define MBEDTLS_AESNI_C
+
+/**
+ * \def MBEDTLS_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module:  library/aes.c
+ * Caller:  library/ssl_tls.c
+ *          library/pem.c
+ *          library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define MBEDTLS_AES_C
+
+/**
+ * \def MBEDTLS_ARC4_C
+ *
+ * Enable the ARCFOUR stream cipher.
+ *
+ * Module:  library/arc4.c
+ * Caller:  library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_ARC4_C
+
+/**
+ * \def MBEDTLS_ASN1_PARSE_C
+ *
+ * Enable the generic ASN1 parser.
+ *
+ * Module:  library/asn1.c
+ * Caller:  library/x509.c
+ *          library/dhm.c
+ *          library/pkcs12.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ */
+#define MBEDTLS_ASN1_PARSE_C
+
+/**
+ * \def MBEDTLS_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module:  library/asn1write.c
+ * Caller:  library/ecdsa.c
+ *          library/pkwrite.c
+ *          library/x509_create.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ */
+#define MBEDTLS_ASN1_WRITE_C
+
+/**
+ * \def MBEDTLS_BASE64_C
+ *
+ * Enable the Base64 module.
+ *
+ * Module:  library/base64.c
+ * Caller:  library/pem.c
+ *
+ * This module is required for PEM support (required by X.509).
+ */
+#define MBEDTLS_BASE64_C
+
+/**
+ * \def MBEDTLS_BIGNUM_C
+ *
+ * Enable the multi-precision integer library.
+ *
+ * Module:  library/bignum.c
+ * Caller:  library/dhm.c
+ *          library/ecp.c
+ *          library/ecdsa.c
+ *          library/rsa.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
+ */
+#define MBEDTLS_BIGNUM_C
+
+/**
+ * \def MBEDTLS_BLOWFISH_C
+ *
+ * Enable the Blowfish block cipher.
+ *
+ * Module:  library/blowfish.c
+ */
+#define MBEDTLS_BLOWFISH_C
+
+/**
+ * \def MBEDTLS_CAMELLIA_C
+ *
+ * Enable the Camellia block cipher.
+ *
+ * Module:  library/camellia.c
+ * Caller:  library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_CAMELLIA_C
+
+/**
+ * \def MBEDTLS_CCM_C
+ *
+ * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
+ *
+ * Module:  library/ccm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-CCM ciphersuites, if other requisites are
+ * enabled as well.
+ */
+#define MBEDTLS_CCM_C
+
+/**
+ * \def MBEDTLS_CERTS_C
+ *
+ * Enable the test certificates.
+ *
+ * Module:  library/certs.c
+ * Caller:
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+#define MBEDTLS_CERTS_C
+
+/**
+ * \def MBEDTLS_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module:  library/cipher.c
+ * Caller:  library/ssl_tls.c
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define MBEDTLS_CIPHER_C
+
+/**
+ * \def MBEDTLS_CMAC_C
+ *
+ * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
+ * ciphers.
+ *
+ * Module:  library/cmac.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
+ *
+ */
+//#define MBEDTLS_CMAC_C
+
+/**
+ * \def MBEDTLS_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-256-based random generator.
+ *
+ * Module:  library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ * This module provides the CTR_DRBG AES-256 random number generator.
+ */
+#define MBEDTLS_CTR_DRBG_C
+
+/**
+ * \def MBEDTLS_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module:  library/debug.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * This module provides debugging functions.
+ */
+#define MBEDTLS_DEBUG_C
+
+/**
+ * \def MBEDTLS_DES_C
+ *
+ * Enable the DES block cipher.
+ *
+ * Module:  library/des.c
+ * Caller:  library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *
+ * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+ */
+#define MBEDTLS_DES_C
+
+/**
+ * \def MBEDTLS_DHM_C
+ *
+ * Enable the Diffie-Hellman-Merkle module.
+ *
+ * Module:  library/dhm.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ *      DHE-RSA, DHE-PSK
+ */
+#define MBEDTLS_DHM_C
+
+/**
+ * \def MBEDTLS_ECDH_C
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Module:  library/ecdh.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
+ *
+ * Requires: MBEDTLS_ECP_C
+ */
+#define MBEDTLS_ECDH_C
+
+/**
+ * \def MBEDTLS_ECDSA_C
+ *
+ * Enable the elliptic curve DSA library.
+ *
+ * Module:  library/ecdsa.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
+ */
+#define MBEDTLS_ECDSA_C
+
+/**
+ * \def MBEDTLS_ECJPAKE_C
+ *
+ * Enable the elliptic curve J-PAKE library.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Module:  library/ecjpake.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECJPAKE
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
+ */
+//#define MBEDTLS_ECJPAKE_C
+
+/**
+ * \def MBEDTLS_ECP_C
+ *
+ * Enable the elliptic curve over GF(p) library.
+ *
+ * Module:  library/ecp.c
+ * Caller:  library/ecdh.c
+ *          library/ecdsa.c
+ *          library/ecjpake.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
+ */
+#define MBEDTLS_ECP_C
+
+/**
+ * \def MBEDTLS_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module:  library/entropy.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define MBEDTLS_ENTROPY_C
+
+/**
+ * \def MBEDTLS_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module:  library/error.c
+ * Caller:
+ *
+ * This module enables mbedtls_strerror().
+ */
+#define MBEDTLS_ERROR_C
+
+/**
+ * \def MBEDTLS_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM) for AES.
+ *
+ * Module:  library/gcm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define MBEDTLS_GCM_C
+
+/**
+ * \def MBEDTLS_HAVEGE_C
+ *
+ * Enable the HAVEGE random generator.
+ *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ *          environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ *          processor traits. It is therefore not advised to use HAVEGE as
+ *          your applications primary random generator or primary entropy pool
+ *          input. As a secondary input to your entropy pool, it IS able add
+ *          the (limited) extra entropy it provides.
+ *
+ * Module:  library/havege.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_TIMING_C
+ *
+ * Uncomment to enable the HAVEGE random generator.
+ */
+//#define MBEDTLS_HAVEGE_C
+
+/**
+ * \def MBEDTLS_HMAC_DRBG_C
+ *
+ * Enable the HMAC_DRBG random generator.
+ *
+ * Module:  library/hmac_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * Uncomment to enable the HMAC_DRBG random number geerator.
+ */
+#define MBEDTLS_HMAC_DRBG_C
+
+/**
+ * \def MBEDTLS_MD_C
+ *
+ * Enable the generic message digest layer.
+ *
+ * Module:  library/mbedtls_md.c
+ * Caller:
+ *
+ * Uncomment to enable generic message digest wrappers.
+ */
+#define MBEDTLS_MD_C
+
+/**
+ * \def MBEDTLS_MD2_C
+ *
+ * Enable the MD2 hash algorithm.
+ *
+ * Module:  library/mbedtls_md2.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD2-signed X.509 certs.
+ */
+//#define MBEDTLS_MD2_C
+
+/**
+ * \def MBEDTLS_MD4_C
+ *
+ * Enable the MD4 hash algorithm.
+ *
+ * Module:  library/mbedtls_md4.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD4-signed X.509 certs.
+ */
+//#define MBEDTLS_MD4_C
+
+/**
+ * \def MBEDTLS_MD5_C
+ *
+ * Enable the MD5 hash algorithm.
+ *
+ * Module:  library/mbedtls_md5.c
+ * Caller:  library/mbedtls_md.c
+ *          library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for SSL/TLS and X.509.
+ * PEM_PARSE uses MD5 for decrypting encrypted keys.
+ */
+#define MBEDTLS_MD5_C
+
+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module:  library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def MBEDTLS_NET_C
+ *
+ * Enable the TCP and UDP over IPv6/IPv4 networking routines.
+ *
+ * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
+ * and Windows. For other platforms, you'll want to disable it, and write your
+ * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module:  library/net_sockets.c
+ *
+ * This module provides networking routines.
+ */
+#define MBEDTLS_NET_C
+
+/**
+ * \def MBEDTLS_OID_C
+ *
+ * Enable the OID database.
+ *
+ * Module:  library/oid.c
+ * Caller:  library/asn1write.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ *          library/pkwrite.c
+ *          library/rsa.c
+ *          library/x509.c
+ *          library/x509_create.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ *
+ * This modules translates between OIDs and internal values.
+ */
+#define MBEDTLS_OID_C
+
+/**
+ * \def MBEDTLS_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module:  library/padlock.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+#define MBEDTLS_PADLOCK_C
+
+/**
+ * \def MBEDTLS_PEM_PARSE_C
+ *
+ * Enable PEM decoding / parsing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/dhm.c
+ *          library/pkparse.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for decoding / parsing PEM files.
+ */
+#define MBEDTLS_PEM_PARSE_C
+
+/**
+ * \def MBEDTLS_PEM_WRITE_C
+ *
+ * Enable PEM encoding / writing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/pkwrite.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for encoding / writing PEM files.
+ */
+#define MBEDTLS_PEM_WRITE_C
+
+/**
+ * \def MBEDTLS_PK_C
+ *
+ * Enable the generic public (asymetric) key layer.
+ *
+ * Module:  library/pk.c
+ * Caller:  library/ssl_tls.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+#define MBEDTLS_PK_C
+
+/**
+ * \def MBEDTLS_PK_PARSE_C
+ *
+ * Enable the generic public (asymetric) key parser.
+ *
+ * Module:  library/pkparse.c
+ * Caller:  library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+#define MBEDTLS_PK_PARSE_C
+
+/**
+ * \def MBEDTLS_PK_WRITE_C
+ *
+ * Enable the generic public (asymetric) key writer.
+ *
+ * Module:  library/pkwrite.c
+ * Caller:  library/x509write.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+#define MBEDTLS_PK_WRITE_C
+
+/**
+ * \def MBEDTLS_PKCS5_C
+ *
+ * Enable PKCS#5 functions.
+ *
+ * Module:  library/pkcs5.c
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the PKCS#5 functions.
+ */
+#define MBEDTLS_PKCS5_C
+
+/**
+ * \def MBEDTLS_PKCS11_C
+ *
+ * Enable wrapper for PKCS#11 smartcard support.
+ *
+ * Module:  library/pkcs11.c
+ * Caller:  library/pk.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * This module enables SSL/TLS PKCS #11 smartcard support.
+ * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
+ */
+//#define MBEDTLS_PKCS11_C
+
+/**
+ * \def MBEDTLS_PKCS12_C
+ *
+ * Enable PKCS#12 PBE functions.
+ * Adds algorithms for parsing PKCS#8 encrypted private keys
+ *
+ * Module:  library/pkcs12.c
+ * Caller:  library/pkparse.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Can use:  MBEDTLS_ARC4_C
+ *
+ * This module enables PKCS#12 functions.
+ */
+#define MBEDTLS_PKCS12_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other module rely on it for a fixed snprintf implementation.
+ *
+ * Module:  library/platform.c
+ * Caller:  Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+/**
+ * \def MBEDTLS_RIPEMD160_C
+ *
+ * Enable the RIPEMD-160 hash algorithm.
+ *
+ * Module:  library/mbedtls_ripemd160.c
+ * Caller:  library/mbedtls_md.c
+ *
+ */
+#define MBEDTLS_RIPEMD160_C
+
+/**
+ * \def MBEDTLS_RSA_C
+ *
+ * Enable the RSA public-key cryptosystem.
+ *
+ * Module:  library/rsa.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *          library/x509.c
+ *
+ * This module is used by the following key exchanges:
+ *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
+ */
+#define MBEDTLS_RSA_C
+
+/**
+ * \def MBEDTLS_SHA1_C
+ *
+ * Enable the SHA1 cryptographic hash algorithm.
+ *
+ * Module:  library/mbedtls_sha1.c
+ * Caller:  library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *          library/x509write_crt.c
+ *
+ * This module is required for SSL/TLS and SHA1-signed certificates.
+ */
+#define MBEDTLS_SHA1_C
+
+/**
+ * \def MBEDTLS_SHA256_C
+ *
+ * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
+ *
+ * Module:  library/mbedtls_sha256.c
+ * Caller:  library/entropy.c
+ *          library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * This module adds support for SHA-224 and SHA-256.
+ * This module is required for the SSL/TLS 1.2 PRF function.
+ */
+#define MBEDTLS_SHA256_C
+
+/**
+ * \def MBEDTLS_SHA512_C
+ *
+ * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
+ *
+ * Module:  library/mbedtls_sha512.c
+ * Caller:  library/entropy.c
+ *          library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module adds support for SHA-384 and SHA-512.
+ */
+#define MBEDTLS_SHA512_C
+
+/**
+ * \def MBEDTLS_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module:  library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_CACHE_C
+ */
+#define MBEDTLS_SSL_CACHE_C
+
+/**
+ * \def MBEDTLS_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module:  library/ssl_cookie.c
+ * Caller:
+ */
+#define MBEDTLS_SSL_COOKIE_C
+
+/**
+ * \def MBEDTLS_SSL_TICKET_C
+ *
+ * Enable an implementation of TLS server-side callbacks for session tickets.
+ *
+ * Module:  library/ssl_ticket.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_CIPHER_C
+ */
+#define MBEDTLS_SSL_TICKET_C
+
+/**
+ * \def MBEDTLS_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module:  library/ssl_cli.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define MBEDTLS_SSL_CLI_C
+
+/**
+ * \def MBEDTLS_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module:  library/ssl_srv.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+#define MBEDTLS_SSL_SRV_C
+
+/**
+ * \def MBEDTLS_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module:  library/ssl_tls.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define MBEDTLS_SSL_TLS_C
+
+/**
+ * \def MBEDTLS_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions. See also our Knowledge Base article about threading:
+ * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
+ *
+ * Module:  library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either MBEDTLS_THREADING_ALT or
+ * MBEDTLS_THREADING_PTHREAD.
+ *
+ * Enable this layer to allow use of mutexes within mbed TLS
+ */
+//#define MBEDTLS_THREADING_C
+
+/**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the semi-portable timing interface.
+ *
+ * \note The provided implementation only works on POSIX/Unix (including Linux,
+ * BSD and OS X) and Windows. On other platforms, you can either disable that
+ * module and provide your own implementations of the callbacks needed by
+ * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
+ * your own implementation of the whole module by setting
+ * \c MBEDTLS_TIMING_ALT in the current file.
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module:  library/timing.c
+ * Caller:  library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+#define MBEDTLS_TIMING_C
+
+/**
+ * \def MBEDTLS_VERSION_C
+ *
+ * Enable run-time version information.
+ *
+ * Module:  library/version.c
+ *
+ * This module provides run-time version information.
+ */
+#define MBEDTLS_VERSION_C
+
+/**
+ * \def MBEDTLS_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module:  library/x509.c
+ * Caller:  library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
+ *           MBEDTLS_PK_PARSE_C
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define MBEDTLS_X509_USE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module:  library/mbedtls_x509_crt.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define MBEDTLS_X509_CRT_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module:  library/mbedtls_x509_crl.c
+ * Caller:  library/mbedtls_x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define MBEDTLS_X509_CRL_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module:  library/mbedtls_x509_csr.c
+ * Caller:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#define MBEDTLS_X509_CSR_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module:  library/x509_create.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#define MBEDTLS_X509_CREATE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#define MBEDTLS_X509_CRT_WRITE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module:  library/x509_csr_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#define MBEDTLS_X509_CSR_WRITE_C
+
+/**
+ * \def MBEDTLS_XTEA_C
+ *
+ * Enable the XTEA block cipher.
+ *
+ * Module:  library/xtea.c
+ * Caller:
+ */
+#define MBEDTLS_XTEA_C
+
+/* \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ *
+ * Our advice is to enable options and change their values here
+ * only if you have a good reason and know the consequences.
+ *
+ * Please check the respective header file for documentation on these
+ * parameters (to prevent duplicate documentation).
+ * \{
+ */
+
+/* MPI / BIGNUM options */
+//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
+//#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
+
+/* CTR_DRBG options */
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
+
+/* HMAC_DRBG options */
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
+
+/* ECP options */
+//#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
+//#define MBEDTLS_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
+//#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
+
+/* Entropy options */
+//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+//#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
+//#define MBEDTLS_ENTROPY_MIN_HARDWARE               32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
+
+/* Memory buffer allocator options */
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
+
+/* Platform options */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
+/* Note: your snprintf must correclty zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE  "seedfile" /**< Seed file to read/write with default implementation */
+
+/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_TIME_MACRO            time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
+/* Note: your snprintf must correclty zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+
+/* SSL Cache options */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
+
+/* SSL options */
+//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
+//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
+//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+
+/**
+ * Complete list of ciphersuites to use, in order of preference.
+ *
+ * \warning No dependency checking is done on that field! This option can only
+ * be used to restrict the set of available ciphersuites. It is your
+ * responsibility to make sure the needed modules are active.
+ *
+ * Use this to save a few hundred bytes of ROM (default ordering of all
+ * available ciphersuites) and a few to a few hundred bytes of RAM.
+ *
+ * The value below is only an example, not the default.
+ */
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+/* X509 options */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
+
+/* \} name SECTION: Customisation configuration options */
+
+/* Target and application specific configurations */
+//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h"
+
+#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
+#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
+#endif
+
+/*
+ * Allow user to override any previous default.
+ *
+ * Use two macro names for that, as:
+ * - with yotta the prefix YOTTA_CFG_ is forced
+ * - without yotta is looks weird to have a YOTTA prefix.
+ */
+#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
+#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
+#elif defined(MBEDTLS_USER_CONFIG_FILE)
+#include MBEDTLS_USER_CONFIG_FILE
+#endif
+
+#include "check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/ctr_drbg.h

@@ -0,0 +1,290 @@
+/**
+ * \file ctr_drbg.h
+ *
+ * \brief CTR_DRBG based on AES-256 (NIST SP 800-90)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CTR_DRBG_H
+#define MBEDTLS_CTR_DRBG_H
+
+#include "aes.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
+#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED        -0x0034  /**< The entropy source failed. */
+#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG              -0x0036  /**< Too many random requested in single call. */
+#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG                -0x0038  /**< Input too large (Entropy + additional). */
+#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR                -0x003A  /**< Read/write error in file. */
+
+#define MBEDTLS_CTR_DRBG_BLOCKSIZE          16      /**< Block size used by the cipher                  */
+#define MBEDTLS_CTR_DRBG_KEYSIZE            32      /**< Key size used by the cipher                    */
+#define MBEDTLS_CTR_DRBG_KEYBITS            ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 )
+#define MBEDTLS_CTR_DRBG_SEEDLEN            ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE )
+                                            /**< The seed length (counter + AES key)            */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        48      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#else
+#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        32      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#endif
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL    10000   /**< Interval before reseed is performed by default */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
+#define MBEDTLS_CTR_DRBG_MAX_INPUT          256     /**< Maximum number of additional input bytes */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
+#define MBEDTLS_CTR_DRBG_MAX_REQUEST        1024    /**< Maximum number of requested bytes per call */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
+#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT     384     /**< Maximum size of (re)seed buffer */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_CTR_DRBG_PR_OFF             0       /**< No prediction resistance       */
+#define MBEDTLS_CTR_DRBG_PR_ON              1       /**< Prediction resistance enabled  */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CTR_DRBG context structure
+ */
+typedef struct
+{
+    unsigned char counter[16];  /*!<  counter (V)       */
+    int reseed_counter;         /*!<  reseed counter    */
+    int prediction_resistance;  /*!<  enable prediction resistance (Automatic
+                                      reseed before every random generation)  */
+    size_t entropy_len;         /*!<  amount of entropy grabbed on each
+                                      (re)seed          */
+    int reseed_interval;        /*!<  reseed interval   */
+
+    mbedtls_aes_context aes_ctx;        /*!<  AES context       */
+
+    /*
+     * Callbacks (Entropy)
+     */
+    int (*f_entropy)(void *, unsigned char *, size_t);
+
+    void *p_entropy;            /*!<  context for the entropy function */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+}
+mbedtls_ctr_drbg_context;
+
+/**
+ * \brief               CTR_DRBG context initialization
+ *                      Makes the context ready for mbedtls_ctr_drbg_seed() or
+ *                      mbedtls_ctr_drbg_free().
+ *
+ * \param ctx           CTR_DRBG context to be initialized
+ */
+void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
+
+/**
+ * \brief               CTR_DRBG initial seeding
+ *                      Seed and setup entropy source for future reseeds.
+ *
+ * Note: Personalization data can be provided in addition to the more generic
+ *       entropy source to make this instantiation as unique as possible.
+ *
+ * \param ctx           CTR_DRBG context to be seeded
+ * \param f_entropy     Entropy callback (p_entropy, buffer to fill, buffer
+ *                      length)
+ * \param p_entropy     Entropy context
+ * \param custom        Personalization data (Device specific identifiers)
+ *                      (Can be NULL)
+ * \param len           Length of personalization data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
+                   int (*f_entropy)(void *, unsigned char *, size_t),
+                   void *p_entropy,
+                   const unsigned char *custom,
+                   size_t len );
+
+/**
+ * \brief               Clear CTR_CRBG context data
+ *
+ * \param ctx           CTR_DRBG context to clear
+ */
+void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
+
+/**
+ * \brief               Enable / disable prediction resistance (Default: Off)
+ *
+ * Note: If enabled, entropy is used for ctx->entropy_len before each call!
+ *       Only use this if you have ample supply of good entropy!
+ *
+ * \param ctx           CTR_DRBG context
+ * \param resistance    MBEDTLS_CTR_DRBG_PR_ON or MBEDTLS_CTR_DRBG_PR_OFF
+ */
+void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
+                                         int resistance );
+
+/**
+ * \brief               Set the amount of entropy grabbed on each (re)seed
+ *                      (Default: MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param len           Amount of entropy to grab
+ */
+void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
+                               size_t len );
+
+/**
+ * \brief               Set the reseed interval
+ *                      (Default: MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param interval      Reseed interval
+ */
+void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
+                                   int interval );
+
+/**
+ * \brief               CTR_DRBG reseeding (extracts data from entropy source)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param additional    Additional data to add to state (Can be NULL)
+ * \param len           Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
+                     const unsigned char *additional, size_t len );
+
+/**
+ * \brief               CTR_DRBG update state
+ *
+ * \param ctx           CTR_DRBG context
+ * \param additional    Additional data to update state with
+ * \param add_len       Length of additional data
+ *
+ * \note                If add_len is greater than MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
+ *                      only the first MBEDTLS_CTR_DRBG_MAX_SEED_INPUT bytes are used,
+ *                      the remaining ones are silently discarded.
+ */
+void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
+                      const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               CTR_DRBG generate random with additional update input
+ *
+ * Note: Automatically reseeds if reseed_counter is reached.
+ *
+ * \param p_rng         CTR_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ * \param additional    Additional data to update with (Can be NULL)
+ * \param add_len       Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_ctr_drbg_random_with_add( void *p_rng,
+                              unsigned char *output, size_t output_len,
+                              const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               CTR_DRBG generate random
+ *
+ * Note: Automatically reseeds if reseed_counter is reached.
+ *
+ * \param p_rng         CTR_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_ctr_drbg_random( void *p_rng,
+                     unsigned char *output, size_t output_len );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           CTR_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance
+ *
+ * \param ctx           CTR_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ *                      MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
+ */
+int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief               Checkup routine
+ *
+ * \return              0 if successful, or 1 if the test failed
+ */
+int mbedtls_ctr_drbg_self_test( int verbose );
+
+/* Internal functions (do not call directly) */
+int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *,
+                               int (*)(void *, unsigned char *, size_t), void *,
+                               const unsigned char *, size_t, size_t );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ctr_drbg.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/debug.h

@@ -0,0 +1,228 @@
+/**
+ * \file debug.h
+ *
+ * \brief Functions for controlling and providing debug output from the library.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DEBUG_H
+#define MBEDTLS_DEBUG_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_ECP_C)
+#include "ecp.h"
+#endif
+
+#if defined(MBEDTLS_DEBUG_C)
+
+#define MBEDTLS_DEBUG_STRIP_PARENS( ... )   __VA_ARGS__
+
+#define MBEDTLS_SSL_DEBUG_MSG( level, args )                    \
+    mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__,    \
+                             MBEDTLS_DEBUG_STRIP_PARENS args )
+
+#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )                \
+    mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
+
+#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )           \
+    mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
+
+#if defined(MBEDTLS_BIGNUM_C)
+#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )                  \
+    mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )                  \
+    mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )                \
+    mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
+#endif
+
+#else /* MBEDTLS_DEBUG_C */
+
+#define MBEDTLS_SSL_DEBUG_MSG( level, args )            do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )       do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )  do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )         do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )         do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )       do { } while( 0 )
+
+#endif /* MBEDTLS_DEBUG_C */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief   Set the threshold error level to handle globally all debug output.
+ *          Debug messages that have a level over the threshold value are
+ *          discarded.
+ *          (Default value: 0 = No debug )
+ *
+ * \param threshold     theshold level of messages to filter on. Messages at a
+ *                      higher level will be discarded.
+ *                          - Debug levels
+ *                              - 0 No debug
+ *                              - 1 Error
+ *                              - 2 State change
+ *                              - 3 Informational
+ *                              - 4 Verbose
+ */
+void mbedtls_debug_set_threshold( int threshold );
+
+/**
+ * \brief    Print a message to the debug output. This function is always used
+ *          through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
+ *          context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the message has occurred in
+ * \param line      line number the message has occurred at
+ * \param format    format specifier, in printf format
+ * \param ...       variables used by the format specifier
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
+                              const char *file, int line,
+                              const char *format, ... );
+
+/**
+ * \brief   Print the return value of a function to the debug output. This
+ *          function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
+ *          which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param text      the name of the function that returned the error
+ * \param ret       the return code value
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, int ret );
+
+/**
+ * \brief   Output a buffer of size len bytes to the debug output. This function
+ *          is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
+ *          which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param text      a name or label for the buffer being dumped. Normally the
+ *                  variable or buffer name
+ * \param buf       the buffer to be outputted
+ * \param len       length of the buffer
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line, const char *text,
+                      const unsigned char *buf, size_t len );
+
+#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief   Print a MPI variable to the debug output. This function is always
+ *          used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
+ *          ssl context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param text      a name or label for the MPI being output. Normally the
+ *                  variable name
+ * \param X         the MPI variable
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_mpi *X );
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * \brief   Print an ECP point to the debug output. This function is always
+ *          used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
+ *          ssl context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param text      a name or label for the ECP point being output. Normally the
+ *                  variable name
+ * \param X         the ECP point
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_ecp_point *X );
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief   Print a X.509 certificate structure to the debug output. This
+ *          function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
+ *          which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param text      a name or label for the certificate being output
+ * \param crt       X.509 certificate structure
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_x509_crt *crt );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* debug.h */
+

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/des.h

@@ -0,0 +1,306 @@
+/**
+ * \file des.h
+ *
+ * \brief DES block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DES_H
+#define MBEDTLS_DES_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_DES_ENCRYPT     1
+#define MBEDTLS_DES_DECRYPT     0
+
+#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH              -0x0032  /**< The data input has an invalid length. */
+
+#define MBEDTLS_DES_KEY_SIZE    8
+
+#if !defined(MBEDTLS_DES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          DES context structure
+ */
+typedef struct
+{
+    uint32_t sk[32];            /*!<  DES subkeys       */
+}
+mbedtls_des_context;
+
+/**
+ * \brief          Triple-DES context structure
+ */
+typedef struct
+{
+    uint32_t sk[96];            /*!<  3DES subkeys      */
+}
+mbedtls_des3_context;
+
+/**
+ * \brief          Initialize DES context
+ *
+ * \param ctx      DES context to be initialized
+ */
+void mbedtls_des_init( mbedtls_des_context *ctx );
+
+/**
+ * \brief          Clear DES context
+ *
+ * \param ctx      DES context to be cleared
+ */
+void mbedtls_des_free( mbedtls_des_context *ctx );
+
+/**
+ * \brief          Initialize Triple-DES context
+ *
+ * \param ctx      DES3 context to be initialized
+ */
+void mbedtls_des3_init( mbedtls_des3_context *ctx );
+
+/**
+ * \brief          Clear Triple-DES context
+ *
+ * \param ctx      DES3 context to be cleared
+ */
+void mbedtls_des3_free( mbedtls_des3_context *ctx );
+
+/**
+ * \brief          Set key parity on the given key to odd.
+ *
+ *                 DES keys are 56 bits long, but each byte is padded with
+ *                 a parity bit to allow verification.
+ *
+ * \param key      8-byte secret key
+ */
+void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Check that key parity on the given key is odd.
+ *
+ *                 DES keys are 56 bits long, but each byte is padded with
+ *                 a parity bit to allow verification.
+ *
+ * \param key      8-byte secret key
+ *
+ * \return         0 is parity was ok, 1 if parity was not correct.
+ */
+int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Check that key is not a weak or semi-weak DES key
+ *
+ * \param key      8-byte secret key
+ *
+ * \return         0 if no weak key was found, 1 if a weak key was identified.
+ */
+int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          DES key schedule (56-bit, encryption)
+ *
+ * \param ctx      DES context to be initialized
+ * \param key      8-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          DES key schedule (56-bit, decryption)
+ *
+ * \param ctx      DES context to be initialized
+ * \param key      8-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Triple-DES key schedule (112-bit, encryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      16-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+
+/**
+ * \brief          Triple-DES key schedule (112-bit, decryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      16-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+
+/**
+ * \brief          Triple-DES key schedule (168-bit, encryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      24-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+
+/**
+ * \brief          Triple-DES key schedule (168-bit, decryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      24-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+
+/**
+ * \brief          DES-ECB block encryption/decryption
+ *
+ * \param ctx      DES context
+ * \param input    64-bit input block
+ * \param output   64-bit output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
+                    const unsigned char input[8],
+                    unsigned char output[8] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          DES-CBC buffer encryption/decryption
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      DES context
+ * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ */
+int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[8],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+/**
+ * \brief          3DES-ECB block encryption/decryption
+ *
+ * \param ctx      3DES context
+ * \param input    64-bit input block
+ * \param output   64-bit output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
+                     const unsigned char input[8],
+                     unsigned char output[8] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          3DES-CBC buffer encryption/decryption
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      3DES context
+ * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+ */
+int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
+                     int mode,
+                     size_t length,
+                     unsigned char iv[8],
+                     const unsigned char *input,
+                     unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+/**
+ * \brief          Internal function for key expansion.
+ *                 (Only exposed to allow overriding it,
+ *                 see MBEDTLS_DES_SETKEY_ALT)
+ *
+ * \param SK       Round keys
+ * \param key      Base key
+ */
+void mbedtls_des_setkey( uint32_t SK[32],
+                         const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_DES_ALT */
+#include "des_alt.h"
+#endif /* MBEDTLS_DES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_des_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* des.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/dhm.h

@@ -0,0 +1,305 @@
+/**
+ * \file dhm.h
+ *
+ * \brief Diffie-Hellman-Merkle key exchange
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DHM_H
+#define MBEDTLS_DHM_H
+
+#include "bignum.h"
+
+/*
+ * DHM Error codes
+ */
+#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA                    -0x3080  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED                -0x3100  /**< Reading of the DHM parameters failed. */
+#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED                -0x3180  /**< Making of the DHM parameters failed. */
+#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED                -0x3200  /**< Reading of the public values failed. */
+#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280  /**< Making of the public value failed. */
+#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED                -0x3300  /**< Calculation of the DHM secret failed. */
+#define MBEDTLS_ERR_DHM_INVALID_FORMAT                    -0x3380  /**< The ASN.1 data is not formatted correctly. */
+#define MBEDTLS_ERR_DHM_ALLOC_FAILED                      -0x3400  /**< Allocation of memory failed. */
+#define MBEDTLS_ERR_DHM_FILE_IO_ERROR                     -0x3480  /**< Read/write of file failed. */
+
+/**
+ * RFC 3526 defines a number of standardized Diffie-Hellman groups
+ * for IKE.
+ * RFC 5114 defines a number of standardized Diffie-Hellman groups
+ * that can be used.
+ *
+ * Some are included here for convenience.
+ *
+ * Included are:
+ *  RFC 3526 3.    2048-bit MODP Group
+ *  RFC 3526 4.    3072-bit MODP Group
+ *  RFC 3526 5.    4096-bit MODP Group
+ *  RFC 5114 2.2.  2048-bit MODP Group with 224-bit Prime Order Subgroup
+ */
+#define MBEDTLS_DHM_RFC3526_MODP_2048_P               \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AACAA68FFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_2048_G          "02"
+
+#define MBEDTLS_DHM_RFC3526_MODP_3072_P               \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
+    "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
+    "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
+    "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
+    "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
+    "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_3072_G          "02"
+
+#define MBEDTLS_DHM_RFC3526_MODP_4096_P                \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
+    "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
+    "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
+    "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
+    "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
+    "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
+    "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
+    "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
+    "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
+    "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
+    "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
+    "FFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_4096_G          "02"
+
+#define MBEDTLS_DHM_RFC5114_MODP_2048_P               \
+    "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
+    "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
+    "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
+    "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
+    "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
+    "B3BF8A317091883681286130BC8985DB1602E714415D9330" \
+    "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
+    "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
+    "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
+    "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
+    "CF9DE5384E71B81C0AC4DFFE0C10E64F"
+
+#define MBEDTLS_DHM_RFC5114_MODP_2048_G              \
+    "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\
+    "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\
+    "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\
+    "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\
+    "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\
+    "F180EB34118E98D119529A45D6F834566E3025E316A330EF"\
+    "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\
+    "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\
+    "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\
+    "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\
+    "81BC087F2A7065B384B890D3191F2BFA"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          DHM context structure
+ */
+typedef struct
+{
+    size_t len; /*!<  size(P) in chars  */
+    mbedtls_mpi P;      /*!<  prime modulus     */
+    mbedtls_mpi G;      /*!<  generator         */
+    mbedtls_mpi X;      /*!<  secret value      */
+    mbedtls_mpi GX;     /*!<  self = G^X mod P  */
+    mbedtls_mpi GY;     /*!<  peer = G^Y mod P  */
+    mbedtls_mpi K;      /*!<  key = GY^X mod P  */
+    mbedtls_mpi RP;     /*!<  cached R^2 mod P  */
+    mbedtls_mpi Vi;     /*!<  blinding value    */
+    mbedtls_mpi Vf;     /*!<  un-blinding value */
+    mbedtls_mpi pX;     /*!<  previous X        */
+}
+mbedtls_dhm_context;
+
+/**
+ * \brief          Initialize DHM context
+ *
+ * \param ctx      DHM context to be initialized
+ */
+void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
+
+/**
+ * \brief          Parse the ServerKeyExchange parameters
+ *
+ * \param ctx      DHM context
+ * \param p        &(start of input buffer)
+ * \param end      end of buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
+                     unsigned char **p,
+                     const unsigned char *end );
+
+/**
+ * \brief          Setup and write the ServerKeyExchange parameters
+ *
+ * \param ctx      DHM context
+ * \param x_size   private value size in bytes
+ * \param output   destination buffer
+ * \param olen     number of chars written
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \note           This function assumes that ctx->P and ctx->G
+ *                 have already been properly set (for example
+ *                 using mbedtls_mpi_read_string or mbedtls_mpi_read_binary).
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
+                     unsigned char *output, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Import the peer's public value G^Y
+ *
+ * \param ctx      DHM context
+ * \param input    input buffer
+ * \param ilen     size of buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
+                     const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          Create own private value X and export G^X
+ *
+ * \param ctx      DHM context
+ * \param x_size   private value size in bytes
+ * \param output   destination buffer
+ * \param olen     must be at least equal to the size of P, ctx->len
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
+                     unsigned char *output, size_t olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Derive and export the shared secret (G^Y)^X mod P
+ *
+ * \param ctx      DHM context
+ * \param output   destination buffer
+ * \param output_size   size of the destination buffer
+ * \param olen     on exit, holds the actual number of bytes written
+ * \param f_rng    RNG function, for blinding purposes
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ *
+ * \note           If non-NULL, f_rng is used to blind the input as
+ *                 countermeasure against timing attacks. Blinding is
+ *                 automatically used if and only if our secret value X is
+ *                 re-used and costs nothing otherwise, so it is recommended
+ *                 to always pass a non-NULL f_rng argument.
+ */
+int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
+                     unsigned char *output, size_t output_size, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Free and clear the components of a DHM key
+ *
+ * \param ctx      DHM context to free and clear
+ */
+void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+/** \ingroup x509_module */
+/**
+ * \brief          Parse DHM parameters in PEM or DER format
+ *
+ * \param dhm      DHM context to be initialized
+ * \param dhmin    input buffer
+ * \param dhminlen size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific DHM or PEM error code
+ */
+int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
+                   size_t dhminlen );
+
+#if defined(MBEDTLS_FS_IO)
+/** \ingroup x509_module */
+/**
+ * \brief          Load and parse DHM parameters
+ *
+ * \param dhm      DHM context to be initialized
+ * \param path     filename to read the DHM Parameters from
+ *
+ * \return         0 if successful, or a specific DHM or PEM error code
+ */
+int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_dhm_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* dhm.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/ecdh.h

@@ -0,0 +1,214 @@
+/**
+ * \file ecdh.h
+ *
+ * \brief Elliptic curve Diffie-Hellman
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECDH_H
+#define MBEDTLS_ECDH_H
+
+#include "ecp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * When importing from an EC key, select if it is our key or the peer's key
+ */
+typedef enum
+{
+    MBEDTLS_ECDH_OURS,
+    MBEDTLS_ECDH_THEIRS,
+} mbedtls_ecdh_side;
+
+/**
+ * \brief           ECDH context structure
+ */
+typedef struct
+{
+    mbedtls_ecp_group grp;      /*!<  elliptic curve used                           */
+    mbedtls_mpi d;              /*!<  our secret value (private key)                */
+    mbedtls_ecp_point Q;        /*!<  our public value (public key)                 */
+    mbedtls_ecp_point Qp;       /*!<  peer's public value (public key)              */
+    mbedtls_mpi z;              /*!<  shared secret                                 */
+    int point_format;   /*!<  format for point export in TLS messages       */
+    mbedtls_ecp_point Vi;       /*!<  blinding value (for later)                    */
+    mbedtls_ecp_point Vf;       /*!<  un-blinding value (for later)                 */
+    mbedtls_mpi _d;             /*!<  previous d (for later)                        */
+}
+mbedtls_ecdh_context;
+
+/**
+ * \brief           Generate a public key.
+ *                  Raw function that only does the core computation.
+ *
+ * \param grp       ECP group
+ * \param d         Destination MPI (secret exponent, aka private key)
+ * \param Q         Destination point (public key)
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief           Compute shared secret
+ *                  Raw function that only does the core computation.
+ *
+ * \param grp       ECP group
+ * \param z         Destination MPI (shared secret)
+ * \param Q         Public key from other party
+ * \param d         Our secret exponent (private key)
+ * \param f_rng     RNG function (see notes)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ *
+ * \note            If f_rng is not NULL, it is used to implement
+ *                  countermeasures against potential elaborate timing
+ *                  attacks, see \c mbedtls_ecp_mul() for details.
+ */
+int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
+                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+/**
+ * \brief           Initialize context
+ *
+ * \param ctx       Context to initialize
+ */
+void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
+
+/**
+ * \brief           Free context
+ *
+ * \param ctx       Context to free
+ */
+void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
+
+/**
+ * \brief           Generate a public key and a TLS ServerKeyExchange payload.
+ *                  (First function used by a TLS server for ECDHE.)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of chars written
+ * \param buf       destination buffer
+ * \param blen      length of buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            This function assumes that ctx->grp has already been
+ *                  properly set (for example using mbedtls_ecp_group_load).
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+/**
+ * \brief           Parse and procress a TLS ServerKeyExhange payload.
+ *                  (First function used by a TLS client for ECDHE.)
+ *
+ * \param ctx       ECDH context
+ * \param buf       pointer to start of input buffer
+ * \param end       one past end of buffer
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
+                      const unsigned char **buf, const unsigned char *end );
+
+/**
+ * \brief           Setup an ECDH context from an EC key.
+ *                  (Used by clients and servers in place of the
+ *                  ServerKeyEchange for static ECDH: import ECDH parameters
+ *                  from a certificate's EC key information.)
+ *
+ * \param ctx       ECDH constext to set
+ * \param key       EC key to use
+ * \param side      Is it our key (1) or the peer's key (0) ?
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
+                     mbedtls_ecdh_side side );
+
+/**
+ * \brief           Generate a public key and a TLS ClientKeyExchange payload.
+ *                  (Second function used by a TLS client for ECDH(E).)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of bytes actually written
+ * \param buf       destination buffer
+ * \param blen      size of destination buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+/**
+ * \brief           Parse and process a TLS ClientKeyExchange payload.
+ *                  (Second function used by a TLS server for ECDH(E).)
+ *
+ * \param ctx       ECDH context
+ * \param buf       start of input buffer
+ * \param blen      length of input buffer
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
+                      const unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Derive and export the shared secret.
+ *                  (Last function used by both TLS client en servers.)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of bytes written
+ * \param buf       destination buffer
+ * \param blen      buffer length
+ * \param f_rng     RNG function, see notes for \c mbedtls_ecdh_compute_shared()
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecdh.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/ecdsa.h

@@ -0,0 +1,248 @@
+/**
+ * \file ecdsa.h
+ *
+ * \brief Elliptic curve DSA
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECDSA_H
+#define MBEDTLS_ECDSA_H
+
+#include "ecp.h"
+#include "md.h"
+
+/*
+ * RFC 4492 page 20:
+ *
+ *     Ecdsa-Sig-Value ::= SEQUENCE {
+ *         r       INTEGER,
+ *         s       INTEGER
+ *     }
+ *
+ * Size is at most
+ *    1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s,
+ *    twice that + 1 (tag) + 2 (len) for the sequence
+ * (assuming ECP_MAX_BYTES is less than 126 for r and s,
+ * and less than 124 (total len <= 255) for the sequence)
+ */
+#if MBEDTLS_ECP_MAX_BYTES > 124
+#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
+#endif
+/** Maximum size of an ECDSA signature in bytes */
+#define MBEDTLS_ECDSA_MAX_LEN  ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
+
+/**
+ * \brief           ECDSA context structure
+ */
+typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Compute ECDSA signature of a previously hashed message
+ *
+ * \note            The deterministic version is usually prefered.
+ *
+ * \param grp       ECP group
+ * \param r         First output integer
+ * \param s         Second output integer
+ * \param d         Private signing key
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+/**
+ * \brief           Compute ECDSA signature of a previously hashed message,
+ *                  deterministic version (RFC 6979).
+ *
+ * \param grp       ECP group
+ * \param r         First output integer
+ * \param s         Second output integer
+ * \param d         Private signing key
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param md_alg    MD algorithm used to hash the message
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                    mbedtls_md_type_t md_alg );
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+/**
+ * \brief           Verify ECDSA signature of a previously hashed message
+ *
+ * \param grp       ECP group
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param Q         Public key to use for verification
+ * \param r         First integer of the signature
+ * \param s         Second integer of the signature
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
+                  const unsigned char *buf, size_t blen,
+                  const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
+
+/**
+ * \brief           Compute ECDSA signature and write it to buffer,
+ *                  serialized as defined in RFC 4492 page 20.
+ *                  (Not thread-safe to use same context in multiple threads)
+ *
+ * \note            The deterministice version (RFC 6979) is used if
+ *                  MBEDTLS_ECDSA_DETERMINISTIC is defined.
+ *
+ * \param ctx       ECDSA context
+ * \param md_alg    Algorithm that was used to hash the message
+ * \param hash      Message hash
+ * \param hlen      Length of hash
+ * \param sig       Buffer that will hold the signature
+ * \param slen      Length of the signature written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            The "sig" buffer must be at least as large as twice the
+ *                  size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
+ *                  curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
+ *                  MBEDTLS_ERR_ASN1_XXX error code
+ */
+int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
+                           const unsigned char *hash, size_t hlen,
+                           unsigned char *sig, size_t *slen,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng );
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief           Compute ECDSA signature and write it to buffer,
+ *                  serialized as defined in RFC 4492 page 20.
+ *                  Deterministic version, RFC 6979.
+ *                  (Not thread-safe to use same context in multiple threads)
+ *
+ * \deprecated      Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
+ *
+ * \param ctx       ECDSA context
+ * \param hash      Message hash
+ * \param hlen      Length of hash
+ * \param sig       Buffer that will hold the signature
+ * \param slen      Length of the signature written
+ * \param md_alg    MD algorithm used to hash the message
+ *
+ * \note            The "sig" buffer must be at least as large as twice the
+ *                  size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
+ *                  curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
+ *                  MBEDTLS_ERR_ASN1_XXX error code
+ */
+int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
+                               const unsigned char *hash, size_t hlen,
+                               unsigned char *sig, size_t *slen,
+                               mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
+#undef MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+/**
+ * \brief           Read and verify an ECDSA signature
+ *
+ * \param ctx       ECDSA context
+ * \param hash      Message hash
+ * \param hlen      Size of hash
+ * \param sig       Signature to read and verify
+ * \param slen      Size of sig
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
+ *                  MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than siglen,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
+                          const unsigned char *hash, size_t hlen,
+                          const unsigned char *sig, size_t slen );
+
+/**
+ * \brief           Generate an ECDSA keypair on the given curve
+ *
+ * \param ctx       ECDSA context in which the keypair should be stored
+ * \param gid       Group (elliptic curve) to use. One of the various
+ *                  MBEDTLS_ECP_DP_XXX macros depending on configuration.
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 on success, or a MBEDTLS_ERR_ECP_XXX code.
+ */
+int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
+                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Set an ECDSA context from an EC key pair
+ *
+ * \param ctx       ECDSA context to set
+ * \param key       EC key to use
+ *
+ * \return          0 on success, or a MBEDTLS_ERR_ECP_XXX code.
+ */
+int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Initialize context
+ *
+ * \param ctx       Context to initialize
+ */
+void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
+
+/**
+ * \brief           Free context
+ *
+ * \param ctx       Context to free
+ */
+void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecdsa.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/ecjpake.h

@@ -0,0 +1,238 @@
+/**
+ * \file ecjpake.h
+ *
+ * \brief Elliptic curve J-PAKE
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECJPAKE_H
+#define MBEDTLS_ECJPAKE_H
+
+/*
+ * J-PAKE is a password-authenticated key exchange that allows deriving a
+ * strong shared secret from a (potentially low entropy) pre-shared
+ * passphrase, with forward secrecy and mutual authentication.
+ * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
+ *
+ * This file implements the Elliptic Curve variant of J-PAKE,
+ * as defined in Chapter 7.4 of the Thread v1.0 Specification,
+ * available to members of the Thread Group http://threadgroup.org/
+ *
+ * As the J-PAKE algorithm is inherently symmetric, so is our API.
+ * Each party needs to send its first round message, in any order, to the
+ * other party, then each sends its second round message, in any order.
+ * The payloads are serialized in a way suitable for use in TLS, but could
+ * also be use outside TLS.
+ */
+
+#include "ecp.h"
+#include "md.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Roles in the EC J-PAKE exchange
+ */
+typedef enum {
+    MBEDTLS_ECJPAKE_CLIENT = 0,         /**< Client                         */
+    MBEDTLS_ECJPAKE_SERVER,             /**< Server                         */
+} mbedtls_ecjpake_role;
+
+/**
+ * EC J-PAKE context structure.
+ *
+ * J-PAKE is a symmetric protocol, except for the identifiers used in
+ * Zero-Knowledge Proofs, and the serialization of the second message
+ * (KeyExchange) as defined by the Thread spec.
+ *
+ * In order to benefit from this symmetry, we choose a different naming
+ * convetion from the Thread v1.0 spec. Correspondance is indicated in the
+ * description as a pair C: client name, S: server name
+ */
+typedef struct
+{
+    const mbedtls_md_info_t *md_info;   /**< Hash to use                    */
+    mbedtls_ecp_group grp;              /**< Elliptic curve                 */
+    mbedtls_ecjpake_role role;          /**< Are we client or server?       */
+    int point_format;                   /**< Format for point export        */
+
+    mbedtls_ecp_point Xm1;              /**< My public key 1   C: X1, S: X3 */
+    mbedtls_ecp_point Xm2;              /**< My public key 2   C: X2, S: X4 */
+    mbedtls_ecp_point Xp1;              /**< Peer public key 1 C: X3, S: X1 */
+    mbedtls_ecp_point Xp2;              /**< Peer public key 2 C: X4, S: X2 */
+    mbedtls_ecp_point Xp;               /**< Peer public key   C: Xs, S: Xc */
+
+    mbedtls_mpi xm1;                    /**< My private key 1  C: x1, S: x3 */
+    mbedtls_mpi xm2;                    /**< My private key 2  C: x2, S: x4 */
+
+    mbedtls_mpi s;                      /**< Pre-shared secret (passphrase) */
+} mbedtls_ecjpake_context;
+
+/**
+ * \brief           Initialize a context
+ *                  (just makes it ready for setup() or free()).
+ *
+ * \param ctx       context to initialize
+ */
+void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
+
+/**
+ * \brief           Set up a context for use
+ *
+ * \note            Currently the only values for hash/curve allowed by the
+ *                  standard are MBEDTLS_MD_SHA256/MBEDTLS_ECP_DP_SECP256R1.
+ *
+ * \param ctx       context to set up
+ * \param role      Our role: client or server
+ * \param hash      hash function to use (MBEDTLS_MD_XXX)
+ * \param curve     elliptic curve identifier (MBEDTLS_ECP_DP_XXX)
+ * \param secret    pre-shared secret (passphrase)
+ * \param len       length of the shared secret
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
+                           mbedtls_ecjpake_role role,
+                           mbedtls_md_type_t hash,
+                           mbedtls_ecp_group_id curve,
+                           const unsigned char *secret,
+                           size_t len );
+
+/*
+ * \brief           Check if a context is ready for use
+ *
+ * \param ctx       Context to check
+ *
+ * \return          0 if the context is ready for use,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
+ */
+int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
+
+/**
+ * \brief           Generate and write the first round message
+ *                  (TLS: contents of the Client/ServerHello extension,
+ *                  excluding extension type and length bytes)
+ *
+ * \param ctx       Context to use
+ * \param buf       Buffer to write the contents to
+ * \param len       Buffer size
+ * \param olen      Will be updated with the number of bytes written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
+                            unsigned char *buf, size_t len, size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng );
+
+/**
+ * \brief           Read and process the first round message
+ *                  (TLS: contents of the Client/ServerHello extension,
+ *                  excluding extension type and length bytes)
+ *
+ * \param ctx       Context to use
+ * \param buf       Pointer to extension contents
+ * \param len       Extension length
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
+                                    const unsigned char *buf,
+                                    size_t len );
+
+/**
+ * \brief           Generate and write the second round message
+ *                  (TLS: contents of the Client/ServerKeyExchange)
+ *
+ * \param ctx       Context to use
+ * \param buf       Buffer to write the contents to
+ * \param len       Buffer size
+ * \param olen      Will be updated with the number of bytes written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
+                            unsigned char *buf, size_t len, size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng );
+
+/**
+ * \brief           Read and process the second round message
+ *                  (TLS: contents of the Client/ServerKeyExchange)
+ *
+ * \param ctx       Context to use
+ * \param buf       Pointer to the message
+ * \param len       Message length
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
+                                    const unsigned char *buf,
+                                    size_t len );
+
+/**
+ * \brief           Derive the shared secret
+ *                  (TLS: Pre-Master Secret)
+ *
+ * \param ctx       Context to use
+ * \param buf       Buffer to write the contents to
+ * \param len       Buffer size
+ * \param olen      Will be updated with the number of bytes written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
+                            unsigned char *buf, size_t len, size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng );
+
+/**
+ * \brief           Free a context's content
+ *
+ * \param ctx       context to free
+ */
+void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_ecjpake_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecjpake.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/ecp.h

@@ -0,0 +1,669 @@
+/**
+ * \file ecp.h
+ *
+ * \brief Elliptic curves over GF(p)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECP_H
+#define MBEDTLS_ECP_H
+
+#include "bignum.h"
+
+/*
+ * ECP error codes
+ */
+#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA                    -0x4F80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL                  -0x4F00  /**< The buffer is too small to write to. */
+#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE               -0x4E80  /**< Requested curve not available. */
+#define MBEDTLS_ERR_ECP_VERIFY_FAILED                     -0x4E00  /**< The signature is not valid. */
+#define MBEDTLS_ERR_ECP_ALLOC_FAILED                      -0x4D80  /**< Memory allocation failed. */
+#define MBEDTLS_ERR_ECP_RANDOM_FAILED                     -0x4D00  /**< Generation of random value, such as (ephemeral) key, failed. */
+#define MBEDTLS_ERR_ECP_INVALID_KEY                       -0x4C80  /**< Invalid private or public key. */
+#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH                  -0x4C00  /**< Signature is valid but shorter than the user-supplied length. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Domain parameters (curve, subgroup and generator) identifiers.
+ *
+ * Only curves over prime fields are supported.
+ *
+ * \warning This library does not support validation of arbitrary domain
+ * parameters. Therefore, only well-known domain parameters from trusted
+ * sources should be used. See mbedtls_ecp_group_load().
+ */
+typedef enum
+{
+    MBEDTLS_ECP_DP_NONE = 0,
+    MBEDTLS_ECP_DP_SECP192R1,      /*!< 192-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP224R1,      /*!< 224-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP256R1,      /*!< 256-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP384R1,      /*!< 384-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP521R1,      /*!< 521-bits NIST curve  */
+    MBEDTLS_ECP_DP_BP256R1,        /*!< 256-bits Brainpool curve */
+    MBEDTLS_ECP_DP_BP384R1,        /*!< 384-bits Brainpool curve */
+    MBEDTLS_ECP_DP_BP512R1,        /*!< 512-bits Brainpool curve */
+    MBEDTLS_ECP_DP_CURVE25519,           /*!< Curve25519               */
+    MBEDTLS_ECP_DP_SECP192K1,      /*!< 192-bits "Koblitz" curve */
+    MBEDTLS_ECP_DP_SECP224K1,      /*!< 224-bits "Koblitz" curve */
+    MBEDTLS_ECP_DP_SECP256K1,      /*!< 256-bits "Koblitz" curve */
+} mbedtls_ecp_group_id;
+
+/**
+ * Number of supported curves (plus one for NONE).
+ *
+ * (Montgomery curves excluded for now.)
+ */
+#define MBEDTLS_ECP_DP_MAX     12
+
+/**
+ * Curve information for use by other modules
+ */
+typedef struct
+{
+    mbedtls_ecp_group_id grp_id;    /*!< Internal identifier        */
+    uint16_t tls_id;                /*!< TLS NamedCurve identifier  */
+    uint16_t bit_size;              /*!< Curve size in bits         */
+    const char *name;               /*!< Human-friendly name        */
+} mbedtls_ecp_curve_info;
+
+/**
+ * \brief           ECP point structure (jacobian coordinates)
+ *
+ * \note            All functions expect and return points satisfying
+ *                  the following condition: Z == 0 or Z == 1. (Other
+ *                  values of Z are used by internal functions only.)
+ *                  The point is zero, or "at infinity", if Z == 0.
+ *                  Otherwise, X and Y are its standard (affine) coordinates.
+ */
+typedef struct
+{
+    mbedtls_mpi X;          /*!<  the point's X coordinate  */
+    mbedtls_mpi Y;          /*!<  the point's Y coordinate  */
+    mbedtls_mpi Z;          /*!<  the point's Z coordinate  */
+}
+mbedtls_ecp_point;
+
+/**
+ * \brief           ECP group structure
+ *
+ * We consider two types of curves equations:
+ * 1. Short Weierstrass y^2 = x^3 + A x + B     mod P   (SEC1 + RFC 4492)
+ * 2. Montgomery,       y^2 = x^3 + A x^2 + x   mod P   (Curve25519 + draft)
+ * In both cases, a generator G for a prime-order subgroup is fixed. In the
+ * short weierstrass, this subgroup is actually the whole curve, and its
+ * cardinal is denoted by N.
+ *
+ * In the case of Short Weierstrass curves, our code requires that N is an odd
+ * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
+ *
+ * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
+ * the quantity actually used in the formulas. Also, nbits is not the size of N
+ * but the required size for private keys.
+ *
+ * If modp is NULL, reduction modulo P is done using a generic algorithm.
+ * Otherwise, it must point to a function that takes an mbedtls_mpi in the range
+ * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
+ * than pbits, so that the integer may be efficiently brought in the 0..P-1
+ * range by a few additions or substractions. It must return 0 on success and
+ * non-zero on failure.
+ */
+typedef struct
+{
+    mbedtls_ecp_group_id id;    /*!<  internal group identifier                     */
+    mbedtls_mpi P;              /*!<  prime modulus of the base field               */
+    mbedtls_mpi A;              /*!<  1. A in the equation, or 2. (A + 2) / 4       */
+    mbedtls_mpi B;              /*!<  1. B in the equation, or 2. unused            */
+    mbedtls_ecp_point G;        /*!<  generator of the (sub)group used              */
+    mbedtls_mpi N;              /*!<  1. the order of G, or 2. unused               */
+    size_t pbits;       /*!<  number of bits in P                           */
+    size_t nbits;       /*!<  number of bits in 1. P, or 2. private keys    */
+    unsigned int h;     /*!<  internal: 1 if the constants are static       */
+    int (*modp)(mbedtls_mpi *); /*!<  function for fast reduction mod P             */
+    int (*t_pre)(mbedtls_ecp_point *, void *);  /*!< unused                         */
+    int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused                         */
+    void *t_data;                       /*!< unused                         */
+    mbedtls_ecp_point *T;       /*!<  pre-computed points for ecp_mul_comb()        */
+    size_t T_size;      /*!<  number for pre-computed points                */
+}
+mbedtls_ecp_group;
+
+/**
+ * \brief           ECP key pair structure
+ *
+ * A generic key pair that could be used for ECDSA, fixed ECDH, etc.
+ *
+ * \note Members purposefully in the same order as struc mbedtls_ecdsa_context.
+ */
+typedef struct
+{
+    mbedtls_ecp_group grp;      /*!<  Elliptic curve and base point     */
+    mbedtls_mpi d;              /*!<  our secret value                  */
+    mbedtls_ecp_point Q;        /*!<  our public value                  */
+}
+mbedtls_ecp_keypair;
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_ECP_MAX_BITS)
+/**
+ * Maximum size of the groups (that is, of N and P)
+ */
+#define MBEDTLS_ECP_MAX_BITS     521   /**< Maximum bit size of groups */
+#endif
+
+#define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
+#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
+
+#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
+/*
+ * Maximum "window" size used for point multiplication.
+ * Default: 6.
+ * Minimum value: 2. Maximum value: 7.
+ *
+ * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
+ * points used for point multiplication. This value is directly tied to EC
+ * peak memory usage, so decreasing it by one should roughly cut memory usage
+ * by two (if large curves are in use).
+ *
+ * Reduction in size may reduce speed, but larger curves are impacted first.
+ * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
+ *      w-size:     6       5       4       3       2
+ *      521       145     141     135     120      97
+ *      384       214     209     198     177     146
+ *      256       320     320     303     262     226
+
+ *      224       475     475     453     398     342
+ *      192       640     640     633     587     476
+ */
+#define MBEDTLS_ECP_WINDOW_SIZE    6   /**< Maximum window size used */
+#endif /* MBEDTLS_ECP_WINDOW_SIZE */
+
+#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
+/*
+ * Trade memory for speed on fixed-point multiplication.
+ *
+ * This speeds up repeated multiplication of the generator (that is, the
+ * multiplication in ECDSA signatures, and half of the multiplications in
+ * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
+ *
+ * The cost is increasing EC peak memory usage by a factor roughly 2.
+ *
+ * Change this value to 0 to reduce peak memory usage.
+ */
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up */
+#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
+
+/* \} name SECTION: Module settings */
+
+/*
+ * Point formats, from RFC 4492's enum ECPointFormat
+ */
+#define MBEDTLS_ECP_PF_UNCOMPRESSED    0   /**< Uncompressed point format */
+#define MBEDTLS_ECP_PF_COMPRESSED      1   /**< Compressed point format */
+
+/*
+ * Some other constants from RFC 4492
+ */
+#define MBEDTLS_ECP_TLS_NAMED_CURVE    3   /**< ECCurveType's named_curve */
+
+/**
+ * \brief           Get the list of supported curves in order of preferrence
+ *                  (full information)
+ *
+ * \return          A statically allocated array, the last entry is 0.
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
+
+/**
+ * \brief           Get the list of supported curves in order of preferrence
+ *                  (grp_id only)
+ *
+ * \return          A statically allocated array,
+ *                  terminated with MBEDTLS_ECP_DP_NONE.
+ */
+const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
+
+/**
+ * \brief           Get curve information from an internal group identifier
+ *
+ * \param grp_id    A MBEDTLS_ECP_DP_XXX value
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
+
+/**
+ * \brief           Get curve information from a TLS NamedCurve value
+ *
+ * \param tls_id    A MBEDTLS_ECP_DP_XXX value
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
+
+/**
+ * \brief           Get curve information from a human-readable name
+ *
+ * \param name      The name
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
+
+/**
+ * \brief           Initialize a point (as zero)
+ */
+void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Initialize a group (to something meaningless)
+ */
+void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
+
+/**
+ * \brief           Initialize a key pair (as an invalid one)
+ */
+void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Free the components of a point
+ */
+void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Free the components of an ECP group
+ */
+void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
+
+/**
+ * \brief           Free the components of a key pair
+ */
+void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Copy the contents of point Q into P
+ *
+ * \param P         Destination point
+ * \param Q         Source point
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
+
+/**
+ * \brief           Copy the contents of a group object
+ *
+ * \param dst       Destination group
+ * \param src       Source group
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
+
+/**
+ * \brief           Set a point to zero
+ *
+ * \param pt        Destination point
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Tell if a point is zero
+ *
+ * \param pt        Point to test
+ *
+ * \return          1 if point is zero, 0 otherwise
+ */
+int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Compare two points
+ *
+ * \note            This assumes the points are normalized. Otherwise,
+ *                  they may compare as "not equal" even if they are.
+ *
+ * \param P         First point to compare
+ * \param Q         Second point to compare
+ *
+ * \return          0 if the points are equal,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
+ */
+int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
+                           const mbedtls_ecp_point *Q );
+
+/**
+ * \brief           Import a non-zero point from two ASCII strings
+ *
+ * \param P         Destination point
+ * \param radix     Input numeric base
+ * \param x         First affine coordinate as a null-terminated string
+ * \param y         Second affine coordinate as a null-terminated string
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
+                           const char *x, const char *y );
+
+/**
+ * \brief           Export a point into unsigned binary data
+ *
+ * \param grp       Group to which the point should belong
+ * \param P         Point to export
+ * \param format    Point format, should be a MBEDTLS_ECP_PF_XXX macro
+ * \param olen      Length of the actual output
+ * \param buf       Output buffer
+ * \param buflen    Length of the output buffer
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
+                            int format, size_t *olen,
+                            unsigned char *buf, size_t buflen );
+
+/**
+ * \brief           Import a point from unsigned binary data
+ *
+ * \param grp       Group to which the point should belong
+ * \param P         Point to import
+ * \param buf       Input buffer
+ * \param ilen      Actual length of input
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+ *                  is not implemented.
+ *
+ * \note            This function does NOT check that the point actually
+ *                  belongs to the given group, see mbedtls_ecp_check_pubkey() for
+ *                  that.
+ */
+int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
+                           const unsigned char *buf, size_t ilen );
+
+/**
+ * \brief           Import a point from a TLS ECPoint record
+ *
+ * \param grp       ECP group used
+ * \param pt        Destination point
+ * \param buf       $(Start of input buffer)
+ * \param len       Buffer length
+ *
+ * \note            buf is updated to point right after the ECPoint on exit
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ */
+int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
+                        const unsigned char **buf, size_t len );
+
+/**
+ * \brief           Export a point as a TLS ECPoint record
+ *
+ * \param grp       ECP group used
+ * \param pt        Point to export
+ * \param format    Export format
+ * \param olen      length of data written
+ * \param buf       Buffer to write to
+ * \param blen      Buffer length
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
+                         int format, size_t *olen,
+                         unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Set a group using well-known domain parameters
+ *
+ * \param grp       Destination group
+ * \param index     Index in the list of well-known domain parameters
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
+ *
+ * \note            Index should be a value of RFC 4492's enum NamedCurve,
+ *                  usually in the form of a MBEDTLS_ECP_DP_XXX macro.
+ */
+int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index );
+
+/**
+ * \brief           Set a group from a TLS ECParameters record
+ *
+ * \param grp       Destination group
+ * \param buf       &(Start of input buffer)
+ * \param len       Buffer length
+ *
+ * \note            buf is updated to point right after ECParameters on exit
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ */
+int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
+
+/**
+ * \brief           Write the TLS ECParameters record for a group
+ *
+ * \param grp       ECP group used
+ * \param olen      Number of bytes actually written
+ * \param buf       Buffer to write to
+ * \param blen      Buffer length
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
+                         unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Multiplication by an integer: R = m * P
+ *                  (Not thread-safe to use same group in multiple threads)
+ *
+ * \note            In order to prevent timing attacks, this function
+ *                  executes the exact same sequence of (base field)
+ *                  operations for any valid m. It avoids any if-branch or
+ *                  array index depending on the value of m.
+ *
+ * \note            If f_rng is not NULL, it is used to randomize intermediate
+ *                  results in order to prevent potential timing attacks
+ *                  targeting these results. It is recommended to always
+ *                  provide a non-NULL f_rng (the overhead is negligible).
+ *
+ * \param grp       ECP group
+ * \param R         Destination point
+ * \param m         Integer by which to multiply
+ * \param P         Point to multiply
+ * \param f_rng     RNG function (see notes)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey
+ *                  or P is not a valid pubkey,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Multiplication and addition of two points by integers:
+ *                  R = m * P + n * Q
+ *                  (Not thread-safe to use same group in multiple threads)
+ *
+ * \note            In contrast to mbedtls_ecp_mul(), this function does not guarantee
+ *                  a constant execution flow and timing.
+ *
+ * \param grp       ECP group
+ * \param R         Destination point
+ * \param m         Integer by which to multiply P
+ * \param P         Point to multiply by m
+ * \param n         Integer by which to multiply Q
+ * \param Q         Point to be multiplied by n
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey
+ *                  or P or Q is not a valid pubkey,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+             const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
+
+/**
+ * \brief           Check that a point is a valid public key on this curve
+ *
+ * \param grp       Curve/group the point should belong to
+ * \param pt        Point to check
+ *
+ * \return          0 if point is a valid public key,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
+ *
+ * \note            This function only checks the point is non-zero, has valid
+ *                  coordinates and lies on the curve, but not that it is
+ *                  indeed a multiple of G. This is additional check is more
+ *                  expensive, isn't required by standards, and shouldn't be
+ *                  necessary if the group used has a small cofactor. In
+ *                  particular, it is useless for the NIST groups which all
+ *                  have a cofactor of 1.
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Check that an mbedtls_mpi is a valid private key for this curve
+ *
+ * \param grp       Group used
+ * \param d         Integer to check
+ *
+ * \return          0 if point is a valid private key,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
+
+/**
+ * \brief           Generate a keypair with configurable base point
+ *
+ * \param grp       ECP group
+ * \param G         Chosen base point
+ * \param d         Destination MPI (secret part)
+ * \param Q         Destination point (public part)
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
+                     const mbedtls_ecp_point *G,
+                     mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief           Generate a keypair
+ *
+ * \param grp       ECP group
+ * \param d         Destination MPI (secret part)
+ * \param Q         Destination point (public part)
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief           Generate a keypair
+ *
+ * \param grp_id    ECP group identifier
+ * \param key       Destination keypair
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Check a public-private key pair
+ *
+ * \param pub       Keypair structure holding a public key
+ * \param prv       Keypair structure holding a private (plus public) key
+ *
+ * \return          0 if successful (keys are valid and match), or
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or
+ *                  a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code.
+ */
+int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_ecp_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecp.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/entropy.h

@@ -0,0 +1,287 @@
+/**
+ * \file entropy.h
+ *
+ * \brief Entropy accumulator implementation
+ *
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ENTROPY_H
+#define MBEDTLS_ENTROPY_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#include "sha512.h"
+#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
+#else
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
+#include "sha256.h"
+#endif
+#endif
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C)
+#include "havege.h"
+#endif
+
+#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
+#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
+#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /**< No sources have been added to poll. */
+#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE              -0x003D  /**< No strong sources have been added to poll. */
+#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x003F  /**< Read/write error in file. */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
+#define MBEDTLS_ENTROPY_MAX_SOURCES     20      /**< Maximum number of sources supported */
+#endif
+
+#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
+#define MBEDTLS_ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+#define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
+#else
+#define MBEDTLS_ENTROPY_BLOCK_SIZE      32      /**< Block size of entropy accumulator (SHA-256) */
+#endif
+
+#define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
+#define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES
+
+#define MBEDTLS_ENTROPY_SOURCE_STRONG   1       /**< Entropy source is strong   */
+#define MBEDTLS_ENTROPY_SOURCE_WEAK     0       /**< Entropy source is weak     */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Entropy poll callback pointer
+ *
+ * \param data      Callback-specific data pointer
+ * \param output    Data to fill
+ * \param len       Maximum size to provide
+ * \param olen      The actual amount of bytes put into the buffer (Can be 0)
+ *
+ * \return          0 if no critical failures occurred,
+ *                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
+ */
+typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
+                            size_t *olen);
+
+/**
+ * \brief           Entropy source state
+ */
+typedef struct
+{
+    mbedtls_entropy_f_source_ptr    f_source;   /**< The entropy source callback */
+    void *          p_source;   /**< The callback data pointer */
+    size_t          size;       /**< Amount received in bytes */
+    size_t          threshold;  /**< Minimum bytes required before release */
+    int             strong;     /**< Is the source strong? */
+}
+mbedtls_entropy_source_state;
+
+/**
+ * \brief           Entropy context structure
+ */
+typedef struct
+{
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_context  accumulator;
+#else
+    mbedtls_sha256_context  accumulator;
+#endif
+    int             source_count;
+    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
+#if defined(MBEDTLS_HAVEGE_C)
+    mbedtls_havege_state    havege_data;
+#endif
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
+#endif
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+    int initial_entropy_run;
+#endif
+}
+mbedtls_entropy_context;
+
+/**
+ * \brief           Initialize the context
+ *
+ * \param ctx       Entropy context to initialize
+ */
+void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Free the data in the context
+ *
+ * \param ctx       Entropy context to free
+ */
+void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Adds an entropy source to poll
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ * \param f_source  Entropy function
+ * \param p_source  Function data
+ * \param threshold Minimum required from source before entropy is released
+ *                  ( with mbedtls_entropy_func() ) (in bytes)
+ * \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
+ *                  MBEDTSL_ENTROPY_SOURCE_WEAK.
+ *                  At least one strong source needs to be added.
+ *                  Weaker sources (such as the cycle counter) can be used as
+ *                  a complement.
+ *
+ * \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+ */
+int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
+                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
+                        size_t threshold, int strong );
+
+/**
+ * \brief           Trigger an extra gather poll for the accumulator
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Retrieve entropy from the accumulator
+ *                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param data      Entropy context
+ * \param output    Buffer to fill
+ * \param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
+
+/**
+ * \brief           Add data to the accumulator manually
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ * \param data      Data to add
+ * \param len       Length of data
+ *
+ * \return          0 if successful
+ */
+int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
+                           const unsigned char *data, size_t len );
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+/**
+ * \brief           Trigger an update of the seed file in NV by using the
+ *                  current entropy pool.
+ *
+ * \param ctx       Entropy context
+ *
+ * \return          0 if successful
+ */
+int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           Entropy context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
+ *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are
+ *                      read from the seed file. The rest is ignored.
+ *
+ * \param ctx           Entropy context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
+ *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ *                 This module self-test also calls the entropy self-test,
+ *                 mbedtls_entropy_source_self_test();
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_entropy_self_test( int verbose );
+
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+/**
+ * \brief          Checkup routine
+ *
+ *                 Verifies the integrity of the hardware entropy source
+ *                 provided by the function 'mbedtls_hardware_poll()'.
+ *
+ *                 Note this is the only hardware entropy source that is known
+ *                 at link time, and other entropy sources configured
+ *                 dynamically at runtime by the function
+ *                 mbedtls_entropy_add_source() will not be tested.
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_entropy_source_self_test( int verbose );
+#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
+#endif /* MBEDTLS_SELF_TEST */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* entropy.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/entropy_poll.h

@@ -0,0 +1,109 @@
+/**
+ * \file entropy_poll.h
+ *
+ * \brief Platform-specific and custom entropy polling functions
+ *
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ENTROPY_POLL_H
+#define MBEDTLS_ENTROPY_POLL_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Default thresholds for built-in sources, in bytes
+ */
+#define MBEDTLS_ENTROPY_MIN_PLATFORM     32     /**< Minimum for platform source    */
+#define MBEDTLS_ENTROPY_MIN_HAVEGE       32     /**< Minimum for HAVEGE             */
+#define MBEDTLS_ENTROPY_MIN_HARDCLOCK     4     /**< Minimum for mbedtls_timing_hardclock()        */
+#if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE)
+#define MBEDTLS_ENTROPY_MIN_HARDWARE     32     /**< Minimum for the hardware source */
+#endif
+
+/**
+ * \brief           Entropy poll callback that provides 0 entropy.
+ */
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+    int mbedtls_null_entropy_poll( void *data,
+                                unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+/**
+ * \brief           Platform-specific entropy poll callback
+ */
+int mbedtls_platform_entropy_poll( void *data,
+                           unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C)
+/**
+ * \brief           HAVEGE based entropy poll callback
+ *
+ * Requires an HAVEGE state as its data pointer.
+ */
+int mbedtls_havege_poll( void *data,
+                 unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_TIMING_C)
+/**
+ * \brief           mbedtls_timing_hardclock-based entropy poll callback
+ */
+int mbedtls_hardclock_poll( void *data,
+                    unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+/**
+ * \brief           Entropy poll callback for a hardware source
+ *
+ * \warning         This is not provided by mbed TLS!
+ *                  See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
+ *
+ * \note            This must accept NULL as its first argument.
+ */
+int mbedtls_hardware_poll( void *data,
+                           unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+/**
+ * \brief           Entropy poll callback for a non-volatile seed file
+ *
+ * \note            This must accept NULL as its first argument.
+ */
+int mbedtls_nv_seed_poll( void *data,
+                          unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* entropy_poll.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/error.h

@@ -0,0 +1,107 @@
+/**
+ * \file error.h
+ *
+ * \brief Error to string translation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ERROR_H
+#define MBEDTLS_ERROR_H
+
+#include <stddef.h>
+
+/**
+ * Error code layout.
+ *
+ * Currently we try to keep all error codes within the negative space of 16
+ * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In
+ * addition we'd like to give two layers of information on the error if
+ * possible.
+ *
+ * For that purpose the error codes are segmented in the following manner:
+ *
+ * 16 bit error code bit-segmentation
+ *
+ * 1 bit  - Unused (sign bit)
+ * 3 bits - High level module ID
+ * 5 bits - Module-dependent error code
+ * 7 bits - Low level module errors
+ *
+ * For historical reasons, low-level error codes are divided in even and odd,
+ * even codes were assigned first, and -1 is reserved for other errors.
+ *
+ * Low-level module errors (0x0002-0x007E, 0x0003-0x007F)
+ *
+ * Module   Nr  Codes assigned
+ * MPI       7  0x0002-0x0010
+ * GCM       2  0x0012-0x0014
+ * BLOWFISH  2  0x0016-0x0018
+ * THREADING 3  0x001A-0x001E
+ * AES       2  0x0020-0x0022
+ * CAMELLIA  2  0x0024-0x0026
+ * XTEA      1  0x0028-0x0028
+ * BASE64    2  0x002A-0x002C
+ * OID       1  0x002E-0x002E   0x000B-0x000B
+ * PADLOCK   1  0x0030-0x0030
+ * DES       1  0x0032-0x0032
+ * CTR_DBRG  4  0x0034-0x003A
+ * ENTROPY   3  0x003C-0x0040   0x003D-0x003F
+ * NET      11  0x0042-0x0052   0x0043-0x0045
+ * ASN1      7  0x0060-0x006C
+ * PBKDF2    1  0x007C-0x007C
+ * HMAC_DRBG 4  0x0003-0x0009
+ * CCM       2                  0x000D-0x000F
+ *
+ * High-level module nr (3 bits - 0x0...-0x7...)
+ * Name      ID  Nr of Errors
+ * PEM       1   9
+ * PKCS#12   1   4 (Started from top)
+ * X509      2   19
+ * PKCS5     2   4 (Started from top)
+ * DHM       3   9
+ * PK        3   14 (Started from top)
+ * RSA       4   9
+ * ECP       4   8 (Started from top)
+ * MD        5   4
+ * CIPHER    6   6
+ * SSL       6   17 (Started from top)
+ * SSL       7   31
+ *
+ * Module dependent error code (5 bits 0x.00.-0x.F8.)
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Translate a mbed TLS error code into a string representation,
+ *        Result is truncated if necessary and always includes a terminating
+ *        null byte.
+ *
+ * \param errnum    error code
+ * \param buffer    buffer to place representation in
+ * \param buflen    length of the buffer
+ */
+void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* error.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/gcm.h

@@ -0,0 +1,220 @@
+/**
+ * \file gcm.h
+ *
+ * \brief Galois/Counter mode for 128-bit block ciphers
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_GCM_H
+#define MBEDTLS_GCM_H
+
+#include "cipher.h"
+
+#include <stdint.h>
+
+#define MBEDTLS_GCM_ENCRYPT     1
+#define MBEDTLS_GCM_DECRYPT     0
+
+#define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012  /**< Authenticated decryption failed. */
+#define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014  /**< Bad input parameters to function. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          GCM context structure
+ */
+typedef struct {
+    mbedtls_cipher_context_t cipher_ctx;/*!< cipher context used */
+    uint64_t HL[16];            /*!< Precalculated HTable */
+    uint64_t HH[16];            /*!< Precalculated HTable */
+    uint64_t len;               /*!< Total data length */
+    uint64_t add_len;           /*!< Total add length */
+    unsigned char base_ectr[16];/*!< First ECTR for tag */
+    unsigned char y[16];        /*!< Y working value */
+    unsigned char buf[16];      /*!< buf working value */
+    int mode;                   /*!< Encrypt or Decrypt */
+}
+mbedtls_gcm_context;
+
+/**
+ * \brief           Initialize GCM context (just makes references valid)
+ *                  Makes the context ready for mbedtls_gcm_setkey() or
+ *                  mbedtls_gcm_free().
+ *
+ * \param ctx       GCM context to initialize
+ */
+void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
+
+/**
+ * \brief           GCM initialization (encryption)
+ *
+ * \param ctx       GCM context to be initialized
+ * \param cipher    cipher to use (a 128-bit block cipher)
+ * \param key       encryption key
+ * \param keybits   must be 128, 192 or 256
+ *
+ * \return          0 if successful, or a cipher specific error code
+ */
+int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
+                        mbedtls_cipher_id_t cipher,
+                        const unsigned char *key,
+                        unsigned int keybits );
+
+/**
+ * \brief           GCM buffer encryption/decryption using a block cipher
+ *
+ * \note On encryption, the output buffer can be the same as the input buffer.
+ *       On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param mode      MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ * \param tag_len   length of the tag to generate
+ * \param tag       buffer for holding the tag
+ *
+ * \return         0 if successful
+ */
+int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
+                       int mode,
+                       size_t length,
+                       const unsigned char *iv,
+                       size_t iv_len,
+                       const unsigned char *add,
+                       size_t add_len,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t tag_len,
+                       unsigned char *tag );
+
+/**
+ * \brief           GCM buffer authenticated decryption using a block cipher
+ *
+ * \note On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param tag       buffer holding the tag
+ * \param tag_len   length of the tag
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *
+ * \return         0 if successful and authenticated,
+ *                 MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match
+ */
+int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
+                      size_t length,
+                      const unsigned char *iv,
+                      size_t iv_len,
+                      const unsigned char *add,
+                      size_t add_len,
+                      const unsigned char *tag,
+                      size_t tag_len,
+                      const unsigned char *input,
+                      unsigned char *output );
+
+/**
+ * \brief           Generic GCM stream start function
+ *
+ * \param ctx       GCM context
+ * \param mode      MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data (or NULL if length is 0)
+ * \param add_len   length of additional data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
+                int mode,
+                const unsigned char *iv,
+                size_t iv_len,
+                const unsigned char *add,
+                size_t add_len );
+
+/**
+ * \brief           Generic GCM update function. Encrypts/decrypts using the
+ *                  given GCM context. Expects input to be a multiple of 16
+ *                  bytes! Only the last call before mbedtls_gcm_finish() can be less
+ *                  than 16 bytes!
+ *
+ * \note On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param length    length of the input data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *
+ * \return         0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
+ */
+int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
+                size_t length,
+                const unsigned char *input,
+                unsigned char *output );
+
+/**
+ * \brief           Generic GCM finalisation function. Wraps up the GCM stream
+ *                  and generates the tag. The tag can have a maximum length of
+ *                  16 bytes.
+ *
+ * \param ctx       GCM context
+ * \param tag       buffer for holding the tag
+ * \param tag_len   length of the tag to generate (must be at least 4)
+ *
+ * \return          0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
+ */
+int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
+                unsigned char *tag,
+                size_t tag_len );
+
+/**
+ * \brief           Free a GCM context and underlying cipher sub-context
+ *
+ * \param ctx       GCM context to free
+ */
+void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_gcm_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* gcm.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/havege.h

@@ -0,0 +1,74 @@
+/**
+ * \file havege.h
+ *
+ * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_HAVEGE_H
+#define MBEDTLS_HAVEGE_H
+
+#include <stddef.h>
+
+#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          HAVEGE state structure
+ */
+typedef struct
+{
+    int PT1, PT2, offset[2];
+    int pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
+    int WALK[8192];
+}
+mbedtls_havege_state;
+
+/**
+ * \brief          HAVEGE initialization
+ *
+ * \param hs       HAVEGE state to be initialized
+ */
+void mbedtls_havege_init( mbedtls_havege_state *hs );
+
+/**
+ * \brief          Clear HAVEGE state
+ *
+ * \param hs       HAVEGE state to be cleared
+ */
+void mbedtls_havege_free( mbedtls_havege_state *hs );
+
+/**
+ * \brief          HAVEGE rand function
+ *
+ * \param p_rng    A HAVEGE state
+ * \param output   Buffer to fill
+ * \param len      Length of buffer
+ *
+ * \return         0
+ */
+int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* havege.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/hmac_drbg.h

@@ -0,0 +1,299 @@
+/**
+ * \file hmac_drbg.h
+ *
+ * \brief HMAC_DRBG (NIST SP 800-90A)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_HMAC_DRBG_H
+#define MBEDTLS_HMAC_DRBG_H
+
+#include "md.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
+/*
+ * Error codes
+ */
+#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG              -0x0003  /**< Too many random requested in single call. */
+#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG                -0x0005  /**< Input too large (Entropy + additional). */
+#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR                -0x0007  /**< Read/write error in file. */
+#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED        -0x0009  /**< The entropy source failed. */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000   /**< Interval before reseed is performed by default */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
+#define MBEDTLS_HMAC_DRBG_MAX_INPUT         256     /**< Maximum number of additional input bytes */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
+#define MBEDTLS_HMAC_DRBG_MAX_REQUEST       1024    /**< Maximum number of requested bytes per call */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
+#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
+#define MBEDTLS_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * HMAC_DRBG context.
+ */
+typedef struct
+{
+    /* Working state: the key K is not stored explicitely,
+     * but is implied by the HMAC context */
+    mbedtls_md_context_t md_ctx;                    /*!< HMAC context (inc. K)  */
+    unsigned char V[MBEDTLS_MD_MAX_SIZE];  /*!< V in the spec          */
+    int reseed_counter;                     /*!< reseed counter         */
+
+    /* Administrative state */
+    size_t entropy_len;         /*!< entropy bytes grabbed on each (re)seed */
+    int prediction_resistance;  /*!< enable prediction resistance (Automatic
+                                     reseed before every random generation) */
+    int reseed_interval;        /*!< reseed interval   */
+
+    /* Callbacks */
+    int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
+    void *p_entropy;            /*!< context for the entropy function        */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+} mbedtls_hmac_drbg_context;
+
+/**
+ * \brief               HMAC_DRBG context initialization
+ *                      Makes the context ready for mbedtls_hmac_drbg_seed(),
+ *                      mbedtls_hmac_drbg_seed_buf() or
+ *                      mbedtls_hmac_drbg_free().
+ *
+ * \param ctx           HMAC_DRBG context to be initialized
+ */
+void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
+
+/**
+ * \brief               HMAC_DRBG initial seeding
+ *                      Seed and setup entropy source for future reseeds.
+ *
+ * \param ctx           HMAC_DRBG context to be seeded
+ * \param md_info       MD algorithm to use for HMAC_DRBG
+ * \param f_entropy     Entropy callback (p_entropy, buffer to fill, buffer
+ *                      length)
+ * \param p_entropy     Entropy context
+ * \param custom        Personalization data (Device specific identifiers)
+ *                      (Can be NULL)
+ * \param len           Length of personalization data
+ *
+ * \note                The "security strength" as defined by NIST is set to:
+ *                      128 bits if md_alg is SHA-1,
+ *                      192 bits if md_alg is SHA-224,
+ *                      256 bits if md_alg is SHA-256 or higher.
+ *                      Note that SHA-256 is just as efficient as SHA-224.
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_MD_ALLOC_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
+ */
+int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
+                    const mbedtls_md_info_t * md_info,
+                    int (*f_entropy)(void *, unsigned char *, size_t),
+                    void *p_entropy,
+                    const unsigned char *custom,
+                    size_t len );
+
+/**
+ * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
+ *                      (For use with deterministic ECDSA.)
+ *
+ * \param ctx           HMAC_DRBG context to be initialised
+ * \param md_info       MD algorithm to use for HMAC_DRBG
+ * \param data          Concatenation of entropy string and additional data
+ * \param data_len      Length of data in bytes
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_MD_ALLOC_FAILED.
+ */
+int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
+                        const mbedtls_md_info_t * md_info,
+                        const unsigned char *data, size_t data_len );
+
+/**
+ * \brief               Enable / disable prediction resistance (Default: Off)
+ *
+ * Note: If enabled, entropy is used for ctx->entropy_len before each call!
+ *       Only use this if you have ample supply of good entropy!
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param resistance    MBEDTLS_HMAC_DRBG_PR_ON or MBEDTLS_HMAC_DRBG_PR_OFF
+ */
+void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
+                                          int resistance );
+
+/**
+ * \brief               Set the amount of entropy grabbed on each reseed
+ *                      (Default: given by the security strength, which
+ *                      depends on the hash used, see \c mbedtls_hmac_drbg_init() )
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param len           Amount of entropy to grab, in bytes
+ */
+void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
+                                size_t len );
+
+/**
+ * \brief               Set the reseed interval
+ *                      (Default: MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param interval      Reseed interval
+ */
+void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
+                                    int interval );
+
+/**
+ * \brief               HMAC_DRBG update state
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param additional    Additional data to update state with, or NULL
+ * \param add_len       Length of additional data, or 0
+ *
+ * \note                Additional data is optional, pass NULL and 0 as second
+ *                      third argument if no additional data is being used.
+ */
+void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
+                       const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               HMAC_DRBG reseeding (extracts data from entropy source)
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param additional    Additional data to add to state (Can be NULL)
+ * \param len           Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
+                      const unsigned char *additional, size_t len );
+
+/**
+ * \brief               HMAC_DRBG generate random with additional update input
+ *
+ * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ *
+ * \param p_rng         HMAC_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ * \param additional    Additional data to update with (can be NULL)
+ * \param add_len       Length of additional data (can be 0)
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG.
+ */
+int mbedtls_hmac_drbg_random_with_add( void *p_rng,
+                               unsigned char *output, size_t output_len,
+                               const unsigned char *additional,
+                               size_t add_len );
+
+/**
+ * \brief               HMAC_DRBG generate random
+ *
+ * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ *
+ * \param p_rng         HMAC_DRBG context
+ * \param output        Buffer to fill
+ * \param out_len       Length of the buffer
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
+
+/**
+ * \brief               Free an HMAC_DRBG context
+ *
+ * \param ctx           HMAC_DRBG context to free.
+ */
+void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful, 1 on file error, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful, 1 on file error,
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
+ *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
+ */
+int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief               Checkup routine
+ *
+ * \return              0 if successful, or 1 if the test failed
+ */
+int mbedtls_hmac_drbg_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* hmac_drbg.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/md.h

@@ -0,0 +1,354 @@
+/**
+ * \file md.h
+ *
+ * \brief Generic message digest wrapper
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD_H
+#define MBEDTLS_MD_H
+
+#include <stddef.h>
+
+#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE                -0x5080  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_MD_BAD_INPUT_DATA                     -0x5100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_MD_ALLOC_FAILED                       -0x5180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_MD_FILE_IO_ERROR                      -0x5200  /**< Opening or reading of file failed. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+    MBEDTLS_MD_NONE=0,
+    MBEDTLS_MD_MD2,
+    MBEDTLS_MD_MD4,
+    MBEDTLS_MD_MD5,
+    MBEDTLS_MD_SHA1,
+    MBEDTLS_MD_SHA224,
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_RIPEMD160,
+} mbedtls_md_type_t;
+
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_MD_MAX_SIZE         64  /* longest known is SHA512 */
+#else
+#define MBEDTLS_MD_MAX_SIZE         32  /* longest known is SHA256 or less */
+#endif
+
+/**
+ * Opaque struct defined in md_internal.h
+ */
+typedef struct mbedtls_md_info_t mbedtls_md_info_t;
+
+/**
+ * Generic message digest context.
+ */
+typedef struct {
+    /** Information about the associated message digest */
+    const mbedtls_md_info_t *md_info;
+
+    /** Digest-specific context */
+    void *md_ctx;
+
+    /** HMAC part of the context */
+    void *hmac_ctx;
+} mbedtls_md_context_t;
+
+/**
+ * \brief Returns the list of digests supported by the generic digest module.
+ *
+ * \return          a statically allocated array of digests, the last entry
+ *                  is 0.
+ */
+const int *mbedtls_md_list( void );
+
+/**
+ * \brief           Returns the message digest information associated with the
+ *                  given digest name.
+ *
+ * \param md_name   Name of the digest to search for.
+ *
+ * \return          The message digest information associated with md_name or
+ *                  NULL if not found.
+ */
+const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
+
+/**
+ * \brief           Returns the message digest information associated with the
+ *                  given digest type.
+ *
+ * \param md_type   type of digest to search for.
+ *
+ * \return          The message digest information associated with md_type or
+ *                  NULL if not found.
+ */
+const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
+
+/**
+ * \brief           Initialize a md_context (as NONE)
+ *                  This should always be called first.
+ *                  Prepares the context for mbedtls_md_setup() or mbedtls_md_free().
+ */
+void mbedtls_md_init( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief           Free and clear the internal structures of ctx.
+ *                  Can be called at any time after mbedtls_md_init().
+ *                  Mandatory once mbedtls_md_setup() has been called.
+ */
+void mbedtls_md_free( mbedtls_md_context_t *ctx );
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief           Select MD to use and allocate internal structures.
+ *                  Should be called after mbedtls_md_init() or mbedtls_md_free().
+ *                  Makes it necessary to call mbedtls_md_free() later.
+ *
+ * \deprecated      Superseded by mbedtls_md_setup() in 2.0.0
+ *
+ * \param ctx       Context to set up.
+ * \param md_info   Message digest to use.
+ *
+ * \returns         \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
+ *                  \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
+ */
+int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
+#undef MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+/**
+ * \brief           Select MD to use and allocate internal structures.
+ *                  Should be called after mbedtls_md_init() or mbedtls_md_free().
+ *                  Makes it necessary to call mbedtls_md_free() later.
+ *
+ * \param ctx       Context to set up.
+ * \param md_info   Message digest to use.
+ * \param hmac      0 to save some memory if HMAC will not be used,
+ *                  non-zero is HMAC is going to be used with this context.
+ *
+ * \returns         \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
+ *                  \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
+ */
+int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
+
+/**
+ * \brief           Clone the state of an MD context
+ *
+ * \note            The two contexts must have been setup to the same type
+ *                  (cloning from SHA-256 to SHA-512 make no sense).
+ *
+ * \warning         Only clones the MD state, not the HMAC state! (for now)
+ *
+ * \param dst       The destination context
+ * \param src       The context to be cloned
+ *
+ * \return          \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
+ */
+int mbedtls_md_clone( mbedtls_md_context_t *dst,
+                      const mbedtls_md_context_t *src );
+
+/**
+ * \brief           Returns the size of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          size of the message digest output in bytes.
+ */
+unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Returns the type of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          type of the message digest output.
+ */
+mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Returns the name of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          name of the message digest output.
+ */
+const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Prepare the context to digest a new message.
+ *                  Generally called after mbedtls_md_setup() or mbedtls_md_finish().
+ *                  Followed by mbedtls_md_update().
+ *
+ * \param ctx       generic message digest context.
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_starts( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief           Generic message digest process buffer
+ *                  Called between mbedtls_md_starts() and mbedtls_md_finish().
+ *                  May be called repeatedly.
+ *
+ * \param ctx       Generic message digest context
+ * \param input     buffer holding the  datal
+ * \param ilen      length of the input data
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief           Generic message digest final digest
+ *                  Called after mbedtls_md_update().
+ *                  Usually followed by mbedtls_md_free() or mbedtls_md_starts().
+ *
+ * \param ctx       Generic message digest context
+ * \param output    Generic message digest checksum result
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
+
+/**
+ * \brief          Output = message_digest( input buffer )
+ *
+ * \param md_info  message digest info
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   Generic message digest checksum result
+ *
+ * \returns        0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                 verification fails.
+ */
+int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
+        unsigned char *output );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Output = message_digest( file contents )
+ *
+ * \param md_info  message digest info
+ * \param path     input file name
+ * \param output   generic message digest checksum result
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed,
+ *                 MBEDTLS_ERR_MD_BAD_INPUT_DATA if md_info was NULL.
+ */
+int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
+                     unsigned char *output );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief           Set HMAC key and prepare to authenticate a new message.
+ *                  Usually called after mbedtls_md_setup() or mbedtls_md_hmac_finish().
+ *
+ * \param ctx       HMAC context
+ * \param key       HMAC secret key
+ * \param keylen    length of the HMAC key in bytes
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
+                    size_t keylen );
+
+/**
+ * \brief           Generic HMAC process buffer.
+ *                  Called between mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
+ *                  and mbedtls_md_hmac_finish().
+ *                  May be called repeatedly.
+ *
+ * \param ctx       HMAC context
+ * \param input     buffer holding the  data
+ * \param ilen      length of the input data
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
+                    size_t ilen );
+
+/**
+ * \brief           Output HMAC.
+ *                  Called after mbedtls_md_hmac_update().
+ *                  Usually followed by mbedtls_md_hmac_reset(),
+ *                  mbedtls_md_hmac_starts(), or mbedtls_md_free().
+ *
+ * \param ctx       HMAC context
+ * \param output    Generic HMAC checksum result
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
+
+/**
+ * \brief           Prepare to authenticate a new message with the same key.
+ *                  Called after mbedtls_md_hmac_finish() and before
+ *                  mbedtls_md_hmac_update().
+ *
+ * \param ctx       HMAC context to be reset
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief          Output = Generic_HMAC( hmac key, input buffer )
+ *
+ * \param md_info  message digest info
+ * \param key      HMAC secret key
+ * \param keylen   length of the HMAC key in bytes
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   Generic HMAC-result
+ *
+ * \returns        0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                 verification fails.
+ */
+int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output );
+
+/* Internal use */
+int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_MD_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/md2.h

@@ -0,0 +1,136 @@
+/**
+ * \file md2.h
+ *
+ * \brief MD2 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD2_H
+#define MBEDTLS_MD2_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if !defined(MBEDTLS_MD2_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD2 context structure
+ */
+typedef struct
+{
+    unsigned char cksum[16];    /*!< checksum of the data block */
+    unsigned char state[48];    /*!< intermediate digest state  */
+    unsigned char buffer[16];   /*!< data block being processed */
+    size_t left;                /*!< amount of data in buffer   */
+}
+mbedtls_md2_context;
+
+/**
+ * \brief          Initialize MD2 context
+ *
+ * \param ctx      MD2 context to be initialized
+ */
+void mbedtls_md2_init( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          Clear MD2 context
+ *
+ * \param ctx      MD2 context to be cleared
+ */
+void mbedtls_md2_free( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD2 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md2_clone( mbedtls_md2_context *dst,
+                        const mbedtls_md2_context *src );
+
+/**
+ * \brief          MD2 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md2_starts( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          MD2 process buffer
+ *
+ * \param ctx      MD2 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD2 final digest
+ *
+ * \param ctx      MD2 context
+ * \param output   MD2 checksum result
+ */
+void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD2_ALT */
+#include "md2_alt.h"
+#endif /* MBEDTLS_MD2_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD2( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD2 checksum result
+ */
+void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md2_self_test( int verbose );
+
+/* Internal use */
+void mbedtls_md2_process( mbedtls_md2_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md2.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/md4.h

@@ -0,0 +1,136 @@
+/**
+ * \file md4.h
+ *
+ * \brief MD4 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD4_H
+#define MBEDTLS_MD4_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_MD4_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD4 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[4];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_md4_context;
+
+/**
+ * \brief          Initialize MD4 context
+ *
+ * \param ctx      MD4 context to be initialized
+ */
+void mbedtls_md4_init( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          Clear MD4 context
+ *
+ * \param ctx      MD4 context to be cleared
+ */
+void mbedtls_md4_free( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD4 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md4_clone( mbedtls_md4_context *dst,
+                        const mbedtls_md4_context *src );
+
+/**
+ * \brief          MD4 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md4_starts( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          MD4 process buffer
+ *
+ * \param ctx      MD4 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD4 final digest
+ *
+ * \param ctx      MD4 context
+ * \param output   MD4 checksum result
+ */
+void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD4_ALT */
+#include "md4_alt.h"
+#endif /* MBEDTLS_MD4_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD4( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD4 checksum result
+ */
+void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md4_self_test( int verbose );
+
+/* Internal use */
+void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md4.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/md5.h

@@ -0,0 +1,136 @@
+/**
+ * \file md5.h
+ *
+ * \brief MD5 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD5_H
+#define MBEDTLS_MD5_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_MD5_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD5 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[4];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_md5_context;
+
+/**
+ * \brief          Initialize MD5 context
+ *
+ * \param ctx      MD5 context to be initialized
+ */
+void mbedtls_md5_init( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          Clear MD5 context
+ *
+ * \param ctx      MD5 context to be cleared
+ */
+void mbedtls_md5_free( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD5 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md5_clone( mbedtls_md5_context *dst,
+                        const mbedtls_md5_context *src );
+
+/**
+ * \brief          MD5 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md5_starts( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          MD5 process buffer
+ *
+ * \param ctx      MD5 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD5 final digest
+ *
+ * \param ctx      MD5 context
+ * \param output   MD5 checksum result
+ */
+void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
+
+/* Internal use */
+void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD5_ALT */
+#include "md5_alt.h"
+#endif /* MBEDTLS_MD5_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD5( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD5 checksum result
+ */
+void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md5_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md5.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/md_internal.h

@@ -0,0 +1,114 @@
+/**
+ * \file md_internal.h
+ *
+ * \brief Message digest wrappers.
+ *
+ * \warning This in an internal header. Do not include directly.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD_WRAP_H
+#define MBEDTLS_MD_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "md.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Message digest information.
+ * Allows message digest functions to be called in a generic way.
+ */
+struct mbedtls_md_info_t
+{
+    /** Digest identifier */
+    mbedtls_md_type_t type;
+
+    /** Name of the message digest */
+    const char * name;
+
+    /** Output length of the digest function in bytes */
+    int size;
+
+    /** Block length of the digest function in bytes */
+    int block_size;
+
+    /** Digest initialisation function */
+    void (*starts_func)( void *ctx );
+
+    /** Digest update function */
+    void (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
+
+    /** Digest finalisation function */
+    void (*finish_func)( void *ctx, unsigned char *output );
+
+    /** Generic digest function */
+    void (*digest_func)( const unsigned char *input, size_t ilen,
+                         unsigned char *output );
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+    /** Clone state from a context */
+    void (*clone_func)( void *dst, const void *src );
+
+    /** Internal use only */
+    void (*process_func)( void *ctx, const unsigned char *input );
+};
+
+#if defined(MBEDTLS_MD2_C)
+extern const mbedtls_md_info_t mbedtls_md2_info;
+#endif
+#if defined(MBEDTLS_MD4_C)
+extern const mbedtls_md_info_t mbedtls_md4_info;
+#endif
+#if defined(MBEDTLS_MD5_C)
+extern const mbedtls_md_info_t mbedtls_md5_info;
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+extern const mbedtls_md_info_t mbedtls_ripemd160_info;
+#endif
+#if defined(MBEDTLS_SHA1_C)
+extern const mbedtls_md_info_t mbedtls_sha1_info;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+extern const mbedtls_md_info_t mbedtls_sha224_info;
+extern const mbedtls_md_info_t mbedtls_sha256_info;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+extern const mbedtls_md_info_t mbedtls_sha384_info;
+extern const mbedtls_md_info_t mbedtls_sha512_info;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_MD_WRAP_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/memory_buffer_alloc.h

@@ -0,0 +1,150 @@
+/**
+ * \file memory_buffer_alloc.h
+ *
+ * \brief Buffer-based memory allocator
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
+#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
+#define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_MEMORY_VERIFY_NONE         0
+#define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
+#define MBEDTLS_MEMORY_VERIFY_FREE         (1 << 1)
+#define MBEDTLS_MEMORY_VERIFY_ALWAYS       (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief   Initialize use of stack-based memory allocator.
+ *          The stack-based allocator does memory management inside the
+ *          presented buffer and does not call calloc() and free().
+ *          It sets the global mbedtls_calloc() and mbedtls_free() pointers
+ *          to its own functions.
+ *          (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if
+ *           MBEDTLS_THREADING_C is defined)
+ *
+ * \note    This code is not optimized and provides a straight-forward
+ *          implementation of a stack-based memory allocator.
+ *
+ * \param buf   buffer to use as heap
+ * \param len   size of the buffer
+ */
+void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
+
+/**
+ * \brief   Free the mutex for thread-safety and clear remaining memory
+ */
+void mbedtls_memory_buffer_alloc_free( void );
+
+/**
+ * \brief   Determine when the allocator should automatically verify the state
+ *          of the entire chain of headers / meta-data.
+ *          (Default: MBEDTLS_MEMORY_VERIFY_NONE)
+ *
+ * \param verify    One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
+ *                  MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
+ */
+void mbedtls_memory_buffer_set_verify( int verify );
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+/**
+ * \brief   Print out the status of the allocated memory (primarily for use
+ *          after a program should have de-allocated all memory)
+ *          Prints out a list of 'still allocated' blocks and their stack
+ *          trace if MBEDTLS_MEMORY_BACKTRACE is defined.
+ */
+void mbedtls_memory_buffer_alloc_status( void );
+
+/**
+ * \brief   Get the peak heap usage so far
+ *
+ * \param max_used      Peak number of bytes in use or committed. This
+ *                      includes bytes in allocated blocks too small to split
+ *                      into smaller blocks but larger than the requested size.
+ * \param max_blocks    Peak number of blocks in use, including free and used
+ */
+void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
+
+/**
+ * \brief   Reset peak statistics
+ */
+void mbedtls_memory_buffer_alloc_max_reset( void );
+
+/**
+ * \brief   Get the current heap usage
+ *
+ * \param cur_used      Current number of bytes in use or committed. This
+ *                      includes bytes in allocated blocks too small to split
+ *                      into smaller blocks but larger than the requested size.
+ * \param cur_blocks    Current number of blocks in use, including free and used
+ */
+void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
+#endif /* MBEDTLS_MEMORY_DEBUG */
+
+/**
+ * \brief   Verifies that all headers in the memory buffer are correct
+ *          and contain sane values. Helps debug buffer-overflow errors.
+ *
+ *          Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined.
+ *          Prints out full header information if MBEDTLS_MEMORY_DEBUG
+ *          is defined. (Includes stack trace information for each block if
+ *          MBEDTLS_MEMORY_BACKTRACE is defined as well).
+ *
+ * \return             0 if verified, 1 otherwise
+ */
+int mbedtls_memory_buffer_alloc_verify( void );
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_memory_buffer_alloc_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* memory_buffer_alloc.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/net.h

@@ -0,0 +1,31 @@
+/**
+ * \file net.h
+ *
+ * \brief Deprecated header file that includes mbedtls/net_sockets.h
+ *
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ *
+ * \deprecated Superseded by mbedtls/net_sockets.h
+ */
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#include "mbedtls/net_sockets.h"
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h"
+#endif /* MBEDTLS_DEPRECATED_WARNING */
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/net_sockets.h

@@ -0,0 +1,225 @@
+/**
+ * \file net_sockets.h
+ *
+ * \brief Network communication functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_NET_SOCKETS_H
+#define MBEDTLS_NET_SOCKETS_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "ssl.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_ERR_NET_SOCKET_FAILED                     -0x0042  /**< Failed to open a socket. */
+#define MBEDTLS_ERR_NET_CONNECT_FAILED                    -0x0044  /**< The connection to the given server / port failed. */
+#define MBEDTLS_ERR_NET_BIND_FAILED                       -0x0046  /**< Binding of the socket failed. */
+#define MBEDTLS_ERR_NET_LISTEN_FAILED                     -0x0048  /**< Could not listen on the socket. */
+#define MBEDTLS_ERR_NET_ACCEPT_FAILED                     -0x004A  /**< Could not accept the incoming connection. */
+#define MBEDTLS_ERR_NET_RECV_FAILED                       -0x004C  /**< Reading information from the socket failed. */
+#define MBEDTLS_ERR_NET_SEND_FAILED                       -0x004E  /**< Sending information through the socket failed. */
+#define MBEDTLS_ERR_NET_CONN_RESET                        -0x0050  /**< Connection was reset by peer. */
+#define MBEDTLS_ERR_NET_UNKNOWN_HOST                      -0x0052  /**< Failed to get an IP address for the given hostname. */
+#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL                  -0x0043  /**< Buffer is too small to hold the data. */
+#define MBEDTLS_ERR_NET_INVALID_CONTEXT                   -0x0045  /**< The context is invalid, eg because it was free()ed. */
+
+#define MBEDTLS_NET_LISTEN_BACKLOG         10 /**< The backlog that listen() should use. */
+
+#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
+#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Wrapper type for sockets.
+ *
+ * Currently backed by just a file descriptor, but might be more in the future
+ * (eg two file descriptors for combined IPv4 + IPv6 support, or additional
+ * structures for hand-made UDP demultiplexing).
+ */
+typedef struct
+{
+    int fd;             /**< The underlying file descriptor                 */
+}
+mbedtls_net_context;
+
+/**
+ * \brief          Initialize a context
+ *                 Just makes the context ready to be used or freed safely.
+ *
+ * \param ctx      Context to initialize
+ */
+void mbedtls_net_init( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Initiate a connection with host:port in the given protocol
+ *
+ * \param ctx      Socket to use
+ * \param host     Host to connect to
+ * \param port     Port to connect to
+ * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
+ *
+ * \return         0 if successful, or one of:
+ *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
+ *                      MBEDTLS_ERR_NET_UNKNOWN_HOST,
+ *                      MBEDTLS_ERR_NET_CONNECT_FAILED
+ *
+ * \note           Sets the socket in connected mode even with UDP.
+ */
+int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
+
+/**
+ * \brief          Create a receiving socket on bind_ip:port in the chosen
+ *                 protocol. If bind_ip == NULL, all interfaces are bound.
+ *
+ * \param ctx      Socket to use
+ * \param bind_ip  IP to bind to, can be NULL
+ * \param port     Port number to use
+ * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
+ *
+ * \return         0 if successful, or one of:
+ *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
+ *                      MBEDTLS_ERR_NET_BIND_FAILED,
+ *                      MBEDTLS_ERR_NET_LISTEN_FAILED
+ *
+ * \note           Regardless of the protocol, opens the sockets and binds it.
+ *                 In addition, make the socket listening if protocol is TCP.
+ */
+int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
+
+/**
+ * \brief           Accept a connection from a remote client
+ *
+ * \param bind_ctx  Relevant socket
+ * \param client_ctx Will contain the connected client socket
+ * \param client_ip Will contain the client IP address
+ * \param buf_size  Size of the client_ip buffer
+ * \param ip_len    Will receive the size of the client IP written
+ *
+ * \return          0 if successful, or
+ *                  MBEDTLS_ERR_NET_ACCEPT_FAILED, or
+ *                  MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
+ *                  MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
+ *                  non-blocking and accept() would block.
+ */
+int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
+                        mbedtls_net_context *client_ctx,
+                        void *client_ip, size_t buf_size, size_t *ip_len );
+
+/**
+ * \brief          Set the socket blocking
+ *
+ * \param ctx      Socket to set
+ *
+ * \return         0 if successful, or a non-zero error code
+ */
+int mbedtls_net_set_block( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Set the socket non-blocking
+ *
+ * \param ctx      Socket to set
+ *
+ * \return         0 if successful, or a non-zero error code
+ */
+int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Portable usleep helper
+ *
+ * \param usec     Amount of microseconds to sleep
+ *
+ * \note           Real amount of time slept will not be less than
+ *                 select()'s timeout granularity (typically, 10ms).
+ */
+void mbedtls_net_usleep( unsigned long usec );
+
+/**
+ * \brief          Read at most 'len' characters. If no error occurs,
+ *                 the actual amount read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to write to
+ * \param len      Maximum length of the buffer
+ *
+ * \return         the number of bytes received,
+ *                 or a non-zero error code; with a non-blocking socket,
+ *                 MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
+ */
+int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
+
+/**
+ * \brief          Write at most 'len' characters. If no error occurs,
+ *                 the actual amount read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to read from
+ * \param len      The length of the buffer
+ *
+ * \return         the number of bytes sent,
+ *                 or a non-zero error code; with a non-blocking socket,
+ *                 MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
+ */
+int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
+
+/**
+ * \brief          Read at most 'len' characters, blocking for at most
+ *                 'timeout' seconds. If no error occurs, the actual amount
+ *                 read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to write to
+ * \param len      Maximum length of the buffer
+ * \param timeout  Maximum number of milliseconds to wait for data
+ *                 0 means no timeout (wait forever)
+ *
+ * \return         the number of bytes received,
+ *                 or a non-zero error code:
+ *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
+ *                 MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
+ *
+ * \note           This function will block (until data becomes available or
+ *                 timeout is reached) even if the socket is set to
+ *                 non-blocking. Handling timeouts with non-blocking reads
+ *                 requires a different strategy.
+ */
+int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+                      uint32_t timeout );
+
+/**
+ * \brief          Gracefully shutdown the connection and free associated data
+ *
+ * \param ctx      The context to free
+ */
+void mbedtls_net_free( mbedtls_net_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* net_sockets.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/oid.h

@@ -0,0 +1,570 @@
+/**
+ * \file oid.h
+ *
+ * \brief Object Identifier (OID) database
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_OID_H
+#define MBEDTLS_OID_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "asn1.h"
+#include "pk.h"
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_CIPHER_C)
+#include "cipher.h"
+#endif
+
+#if defined(MBEDTLS_MD_C)
+#include "md.h"
+#endif
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+#include "x509.h"
+#endif
+
+#define MBEDTLS_ERR_OID_NOT_FOUND                         -0x002E  /**< OID is not found. */
+#define MBEDTLS_ERR_OID_BUF_TOO_SMALL                     -0x000B  /**< output buffer is too small */
+
+/*
+ * Top level OID tuples
+ */
+#define MBEDTLS_OID_ISO_MEMBER_BODIES           "\x2a"          /* {iso(1) member-body(2)} */
+#define MBEDTLS_OID_ISO_IDENTIFIED_ORG          "\x2b"          /* {iso(1) identified-organization(3)} */
+#define MBEDTLS_OID_ISO_CCITT_DS                "\x55"          /* {joint-iso-ccitt(2) ds(5)} */
+#define MBEDTLS_OID_ISO_ITU_COUNTRY             "\x60"          /* {joint-iso-itu-t(2) country(16)} */
+
+/*
+ * ISO Member bodies OID parts
+ */
+#define MBEDTLS_OID_COUNTRY_US                  "\x86\x48"      /* {us(840)} */
+#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY       "\x86\xf7\x0d"  /* {rsadsi(113549)} */
+#define MBEDTLS_OID_RSA_COMPANY                 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+                                        MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
+#define MBEDTLS_OID_ORG_ANSI_X9_62              "\xce\x3d" /* ansi-X9-62(10045) */
+#define MBEDTLS_OID_ANSI_X9_62                  MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+                                        MBEDTLS_OID_ORG_ANSI_X9_62
+
+/*
+ * ISO Identified organization OID parts
+ */
+#define MBEDTLS_OID_ORG_DOD                     "\x06"          /* {dod(6)} */
+#define MBEDTLS_OID_ORG_OIW                     "\x0e"
+#define MBEDTLS_OID_OIW_SECSIG                  MBEDTLS_OID_ORG_OIW "\x03"
+#define MBEDTLS_OID_OIW_SECSIG_ALG              MBEDTLS_OID_OIW_SECSIG "\x02"
+#define MBEDTLS_OID_OIW_SECSIG_SHA1             MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
+#define MBEDTLS_OID_ORG_CERTICOM                "\x81\x04"  /* certicom(132) */
+#define MBEDTLS_OID_CERTICOM                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
+#define MBEDTLS_OID_ORG_TELETRUST               "\x24" /* teletrust(36) */
+#define MBEDTLS_OID_TELETRUST                   MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
+
+/*
+ * ISO ITU OID parts
+ */
+#define MBEDTLS_OID_ORGANIZATION                "\x01"          /* {organization(1)} */
+#define MBEDTLS_OID_ISO_ITU_US_ORG              MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
+
+#define MBEDTLS_OID_ORG_GOV                     "\x65"          /* {gov(101)} */
+#define MBEDTLS_OID_GOV                         MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
+
+#define MBEDTLS_OID_ORG_NETSCAPE                "\x86\xF8\x42"  /* {netscape(113730)} */
+#define MBEDTLS_OID_NETSCAPE                    MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
+
+/* ISO arc for standard certificate and CRL extensions */
+#define MBEDTLS_OID_ID_CE                       MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29} */
+
+/**
+ * Private Internet Extensions
+ * { iso(1) identified-organization(3) dod(6) internet(1)
+ *                      security(5) mechanisms(5) pkix(7) }
+ */
+#define MBEDTLS_OID_PKIX                        MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01\x05\x05\x07"
+
+/*
+ * Arc for standard naming attributes
+ */
+#define MBEDTLS_OID_AT                          MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
+#define MBEDTLS_OID_AT_CN                       MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
+#define MBEDTLS_OID_AT_SUR_NAME                 MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
+#define MBEDTLS_OID_AT_SERIAL_NUMBER            MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
+#define MBEDTLS_OID_AT_COUNTRY                  MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
+#define MBEDTLS_OID_AT_LOCALITY                 MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
+#define MBEDTLS_OID_AT_STATE                    MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
+#define MBEDTLS_OID_AT_ORGANIZATION             MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
+#define MBEDTLS_OID_AT_ORG_UNIT                 MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
+#define MBEDTLS_OID_AT_TITLE                    MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
+#define MBEDTLS_OID_AT_POSTAL_ADDRESS           MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
+#define MBEDTLS_OID_AT_POSTAL_CODE              MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
+#define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
+#define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
+#define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
+#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
+#define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
+#define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
+
+#define MBEDTLS_OID_DOMAIN_COMPONENT            "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
+
+/*
+ * OIDs for standard certificate extensions
+ */
+#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER    MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } */
+#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER      MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 } */
+#define MBEDTLS_OID_KEY_USAGE                   MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 } */
+#define MBEDTLS_OID_CERTIFICATE_POLICIES        MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 } */
+#define MBEDTLS_OID_POLICY_MAPPINGS             MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 } */
+#define MBEDTLS_OID_SUBJECT_ALT_NAME            MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 } */
+#define MBEDTLS_OID_ISSUER_ALT_NAME             MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 } */
+#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS     MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 } */
+#define MBEDTLS_OID_BASIC_CONSTRAINTS           MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } */
+#define MBEDTLS_OID_NAME_CONSTRAINTS            MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 } */
+#define MBEDTLS_OID_POLICY_CONSTRAINTS          MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 } */
+#define MBEDTLS_OID_EXTENDED_KEY_USAGE          MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
+#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS     MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 } */
+#define MBEDTLS_OID_INIHIBIT_ANYPOLICY          MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } */
+#define MBEDTLS_OID_FRESHEST_CRL                MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
+
+/*
+ * Netscape certificate extensions
+ */
+#define MBEDTLS_OID_NS_CERT                 MBEDTLS_OID_NETSCAPE "\x01"
+#define MBEDTLS_OID_NS_CERT_TYPE            MBEDTLS_OID_NS_CERT  "\x01"
+#define MBEDTLS_OID_NS_BASE_URL             MBEDTLS_OID_NS_CERT  "\x02"
+#define MBEDTLS_OID_NS_REVOCATION_URL       MBEDTLS_OID_NS_CERT  "\x03"
+#define MBEDTLS_OID_NS_CA_REVOCATION_URL    MBEDTLS_OID_NS_CERT  "\x04"
+#define MBEDTLS_OID_NS_RENEWAL_URL          MBEDTLS_OID_NS_CERT  "\x07"
+#define MBEDTLS_OID_NS_CA_POLICY_URL        MBEDTLS_OID_NS_CERT  "\x08"
+#define MBEDTLS_OID_NS_SSL_SERVER_NAME      MBEDTLS_OID_NS_CERT  "\x0C"
+#define MBEDTLS_OID_NS_COMMENT              MBEDTLS_OID_NS_CERT  "\x0D"
+#define MBEDTLS_OID_NS_DATA_TYPE            MBEDTLS_OID_NETSCAPE "\x02"
+#define MBEDTLS_OID_NS_CERT_SEQUENCE        MBEDTLS_OID_NS_DATA_TYPE "\x05"
+
+/*
+ * OIDs for CRL extensions
+ */
+#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD    MBEDTLS_OID_ID_CE "\x10"
+#define MBEDTLS_OID_CRL_NUMBER                  MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
+
+/*
+ * X.509 v3 Extended key usage OIDs
+ */
+#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE      MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
+
+#define MBEDTLS_OID_KP                          MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
+#define MBEDTLS_OID_SERVER_AUTH                 MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
+#define MBEDTLS_OID_CLIENT_AUTH                 MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
+#define MBEDTLS_OID_CODE_SIGNING                MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
+#define MBEDTLS_OID_EMAIL_PROTECTION            MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
+#define MBEDTLS_OID_TIME_STAMPING               MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
+#define MBEDTLS_OID_OCSP_SIGNING                MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
+
+/*
+ * PKCS definition OIDs
+ */
+
+#define MBEDTLS_OID_PKCS                MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
+#define MBEDTLS_OID_PKCS1               MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
+#define MBEDTLS_OID_PKCS5               MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
+#define MBEDTLS_OID_PKCS9               MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
+#define MBEDTLS_OID_PKCS12              MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
+
+/*
+ * PKCS#1 OIDs
+ */
+#define MBEDTLS_OID_PKCS1_RSA           MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
+#define MBEDTLS_OID_PKCS1_MD2           MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
+#define MBEDTLS_OID_PKCS1_MD4           MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
+#define MBEDTLS_OID_PKCS1_MD5           MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
+#define MBEDTLS_OID_PKCS1_SHA1          MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
+#define MBEDTLS_OID_PKCS1_SHA224        MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
+#define MBEDTLS_OID_PKCS1_SHA256        MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
+#define MBEDTLS_OID_PKCS1_SHA384        MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
+#define MBEDTLS_OID_PKCS1_SHA512        MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
+
+#define MBEDTLS_OID_RSA_SHA_OBS         "\x2B\x0E\x03\x02\x1D"
+
+#define MBEDTLS_OID_PKCS9_EMAIL         MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
+
+/* RFC 4055 */
+#define MBEDTLS_OID_RSASSA_PSS          MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
+#define MBEDTLS_OID_MGF1                MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
+
+/*
+ * Digest algorithms
+ */
+#define MBEDTLS_OID_DIGEST_ALG_MD2              MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD4              MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD5              MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA1             MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA224           MBEDTLS_OID_GOV "\x03\x04\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA256           MBEDTLS_OID_GOV "\x03\x04\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA384           MBEDTLS_OID_GOV "\x03\x04\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA512           MBEDTLS_OID_GOV "\x03\x04\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
+
+#define MBEDTLS_OID_HMAC_SHA1                   MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
+
+/*
+ * Encryption algorithms
+ */
+#define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
+#define MBEDTLS_OID_DES_EDE3_CBC                MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
+
+/*
+ * PKCS#5 OIDs
+ */
+#define MBEDTLS_OID_PKCS5_PBKDF2                MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
+#define MBEDTLS_OID_PKCS5_PBES2                 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
+#define MBEDTLS_OID_PKCS5_PBMAC1                MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
+
+/*
+ * PKCS#5 PBES1 algorithms
+ */
+#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC       MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
+#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC       MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC       MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC       MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC      MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC      MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
+
+/*
+ * PKCS#8 OIDs
+ */
+#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ           MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
+
+/*
+ * PKCS#12 PBE OIDs
+ */
+#define MBEDTLS_OID_PKCS12_PBE                      MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
+
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128         MBEDTLS_OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40          MBEDTLS_OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC     MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC      MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
+
+/*
+ * EC key algorithms from RFC 5480
+ */
+
+/* id-ecPublicKey OBJECT IDENTIFIER ::= {
+ *       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
+#define MBEDTLS_OID_EC_ALG_UNRESTRICTED         MBEDTLS_OID_ANSI_X9_62 "\x02\01"
+
+/*   id-ecDH OBJECT IDENTIFIER ::= {
+ *     iso(1) identified-organization(3) certicom(132)
+ *     schemes(1) ecdh(12) } */
+#define MBEDTLS_OID_EC_ALG_ECDH                 MBEDTLS_OID_CERTICOM "\x01\x0c"
+
+/*
+ * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
+ */
+
+/* secp192r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
+#define MBEDTLS_OID_EC_GRP_SECP192R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
+
+/* secp224r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
+#define MBEDTLS_OID_EC_GRP_SECP224R1        MBEDTLS_OID_CERTICOM "\x00\x21"
+
+/* secp256r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
+#define MBEDTLS_OID_EC_GRP_SECP256R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
+
+/* secp384r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
+#define MBEDTLS_OID_EC_GRP_SECP384R1        MBEDTLS_OID_CERTICOM "\x00\x22"
+
+/* secp521r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
+#define MBEDTLS_OID_EC_GRP_SECP521R1        MBEDTLS_OID_CERTICOM "\x00\x23"
+
+/* secp192k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
+#define MBEDTLS_OID_EC_GRP_SECP192K1        MBEDTLS_OID_CERTICOM "\x00\x1f"
+
+/* secp224k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
+#define MBEDTLS_OID_EC_GRP_SECP224K1        MBEDTLS_OID_CERTICOM "\x00\x20"
+
+/* secp256k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
+#define MBEDTLS_OID_EC_GRP_SECP256K1        MBEDTLS_OID_CERTICOM "\x00\x0a"
+
+/* RFC 5639 4.1
+ * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
+ * identified-organization(3) teletrust(36) algorithm(3) signature-
+ * algorithm(3) ecSign(2) 8}
+ * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
+ * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
+#define MBEDTLS_OID_EC_BRAINPOOL_V1         MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
+
+/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
+#define MBEDTLS_OID_EC_GRP_BP256R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
+
+/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
+#define MBEDTLS_OID_EC_GRP_BP384R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
+
+/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
+#define MBEDTLS_OID_EC_GRP_BP512R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
+
+/*
+ * SEC1 C.1
+ *
+ * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
+ * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
+ */
+#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE   MBEDTLS_OID_ANSI_X9_62 "\x01"
+#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD  MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
+
+/*
+ * ECDSA signature identifiers, from RFC 5480
+ */
+#define MBEDTLS_OID_ANSI_X9_62_SIG          MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
+#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2     MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
+
+/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
+#define MBEDTLS_OID_ECDSA_SHA1              MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
+
+/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 1 } */
+#define MBEDTLS_OID_ECDSA_SHA224            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
+
+/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 2 } */
+#define MBEDTLS_OID_ECDSA_SHA256            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
+
+/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 3 } */
+#define MBEDTLS_OID_ECDSA_SHA384            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
+
+/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 4 } */
+#define MBEDTLS_OID_ECDSA_SHA512            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Base OID descriptor structure
+ */
+typedef struct {
+    const char *asn1;               /*!< OID ASN.1 representation       */
+    size_t asn1_len;                /*!< length of asn1                 */
+    const char *name;               /*!< official name (e.g. from RFC)  */
+    const char *description;        /*!< human friendly description     */
+} mbedtls_oid_descriptor_t;
+
+/**
+ * \brief           Translate an ASN.1 OID into its numeric representation
+ *                  (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
+ *
+ * \param buf       buffer to put representation in
+ * \param size      size of the buffer
+ * \param oid       OID to translate
+ *
+ * \return          Length of the string written (excluding final NULL) or
+ *                  MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
+ */
+int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+/**
+ * \brief          Translate an X.509 extension OID into local values
+ *
+ * \param oid      OID to use
+ * \param ext_type place to store the extension type
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
+#endif
+
+/**
+ * \brief          Translate an X.509 attribute type OID into the short name
+ *                 (e.g. the OID for an X520 Common Name into "CN")
+ *
+ * \param oid      OID to use
+ * \param short_name    place to store the string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
+
+/**
+ * \brief          Translate PublicKeyAlgorithm OID into pk_type
+ *
+ * \param oid      OID to use
+ * \param pk_alg   place to store public key algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
+
+/**
+ * \brief          Translate pk_type into PublicKeyAlgorithm OID
+ *
+ * \param pk_alg   Public key type to look for
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
+                           const char **oid, size_t *olen );
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * \brief          Translate NamedCurve OID into an EC group identifier
+ *
+ * \param oid      OID to use
+ * \param grp_id   place to store group id
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
+
+/**
+ * \brief          Translate EC group identifier into NamedCurve OID
+ *
+ * \param grp_id   EC group identifier
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
+                           const char **oid, size_t *olen );
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_MD_C)
+/**
+ * \brief          Translate SignatureAlgorithm OID into md_type and pk_type
+ *
+ * \param oid      OID to use
+ * \param md_alg   place to store message digest algorithm
+ * \param pk_alg   place to store public key algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
+                     mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
+
+/**
+ * \brief          Translate SignatureAlgorithm OID into description
+ *
+ * \param oid      OID to use
+ * \param desc     place to store string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
+
+/**
+ * \brief          Translate md_type and pk_type into SignatureAlgorithm OID
+ *
+ * \param md_alg   message digest algorithm
+ * \param pk_alg   public key algorithm
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+                            const char **oid, size_t *olen );
+
+/**
+ * \brief          Translate hash algorithm OID into md_type
+ *
+ * \param oid      OID to use
+ * \param md_alg   place to store message digest algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
+#endif /* MBEDTLS_MD_C */
+
+/**
+ * \brief          Translate Extended Key Usage OID into description
+ *
+ * \param oid      OID to use
+ * \param desc     place to store string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
+
+/**
+ * \brief          Translate md_type into hash algorithm OID
+ *
+ * \param md_alg   message digest algorithm
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
+
+#if defined(MBEDTLS_CIPHER_C)
+/**
+ * \brief          Translate encryption algorithm OID into cipher_type
+ *
+ * \param oid           OID to use
+ * \param cipher_alg    place to store cipher algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
+#endif /* MBEDTLS_CIPHER_C */
+
+#if defined(MBEDTLS_PKCS12_C)
+/**
+ * \brief          Translate PKCS#12 PBE algorithm OID into md_type and
+ *                 cipher_type
+ *
+ * \param oid           OID to use
+ * \param md_alg        place to store message digest algorithm
+ * \param cipher_alg    place to store cipher algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
+                            mbedtls_cipher_type_t *cipher_alg );
+#endif /* MBEDTLS_PKCS12_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* oid.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/padlock.h

@@ -0,0 +1,107 @@
+/**
+ * \file padlock.h
+ *
+ * \brief VIA PadLock ACE for HW encryption/decryption supported by some
+ *        processors
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PADLOCK_H
+#define MBEDTLS_PADLOCK_H
+
+#include "aes.h"
+
+#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED               -0x0030  /**< Input data should be aligned. */
+
+#if defined(__has_feature)
+#if __has_feature(address_sanitizer)
+#define MBEDTLS_HAVE_ASAN
+#endif
+#endif
+
+/* Some versions of ASan result in errors about not enough registers */
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
+    !defined(MBEDTLS_HAVE_ASAN)
+
+#ifndef MBEDTLS_HAVE_X86
+#define MBEDTLS_HAVE_X86
+#endif
+
+#include <stdint.h>
+
+#define MBEDTLS_PADLOCK_RNG 0x000C
+#define MBEDTLS_PADLOCK_ACE 0x00C0
+#define MBEDTLS_PADLOCK_PHE 0x0C00
+#define MBEDTLS_PADLOCK_PMM 0x3000
+
+#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15))
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          PadLock detection routine
+ *
+ * \param feature  The feature to detect
+ *
+ * \return         1 if CPU has support for the feature, 0 otherwise
+ */
+int mbedtls_padlock_has_support( int feature );
+
+/**
+ * \brief          PadLock AES-ECB block en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if success, 1 if operation failed
+ */
+int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
+                       int mode,
+                       const unsigned char input[16],
+                       unsigned char output[16] );
+
+/**
+ * \brief          PadLock AES-CBC buffer en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if success, 1 if operation failed
+ */
+int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HAVE_X86  */
+
+#endif /* padlock.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/pem.h

@@ -0,0 +1,129 @@
+/**
+ * \file pem.h
+ *
+ * \brief Privacy Enhanced Mail (PEM) decoding
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PEM_H
+#define MBEDTLS_PEM_H
+
+#include <stddef.h>
+
+/**
+ * \name PEM Error codes
+ * These error codes are returned in case of errors reading the
+ * PEM data.
+ * \{
+ */
+#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT          -0x1080  /**< No PEM header or footer found. */
+#define MBEDTLS_ERR_PEM_INVALID_DATA                      -0x1100  /**< PEM string is not as expected. */
+#define MBEDTLS_ERR_PEM_ALLOC_FAILED                      -0x1180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_PEM_INVALID_ENC_IV                    -0x1200  /**< RSA IV is not in hex-format. */
+#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG                   -0x1280  /**< Unsupported key encryption algorithm. */
+#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED                 -0x1300  /**< Private key password can't be empty. */
+#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH                 -0x1380  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400  /**< Unavailable feature, e.g. hashing/encryption combination. */
+#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480  /**< Bad input parameters to function. */
+/* \} name */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+/**
+ * \brief       PEM context structure
+ */
+typedef struct
+{
+    unsigned char *buf;     /*!< buffer for decoded data             */
+    size_t buflen;          /*!< length of the buffer                */
+    unsigned char *info;    /*!< buffer for extra header information */
+}
+mbedtls_pem_context;
+
+/**
+ * \brief       PEM context setup
+ *
+ * \param ctx   context to be initialized
+ */
+void mbedtls_pem_init( mbedtls_pem_context *ctx );
+
+/**
+ * \brief       Read a buffer for PEM information and store the resulting
+ *              data into the specified context buffers.
+ *
+ * \param ctx       context to use
+ * \param header    header string to seek and expect
+ * \param footer    footer string to seek and expect
+ * \param data      source data to look in (must be nul-terminated)
+ * \param pwd       password for decryption (can be NULL)
+ * \param pwdlen    length of password
+ * \param use_len   destination for total length used (set after header is
+ *                  correctly read, so unless you get
+ *                  MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
+ *                  MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
+ *                  the length to skip)
+ *
+ * \note            Attempts to check password correctness by verifying if
+ *                  the decrypted text starts with an ASN.1 sequence of
+ *                  appropriate length
+ *
+ * \return          0 on success, or a specific PEM error code
+ */
+int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
+                     const unsigned char *data,
+                     const unsigned char *pwd,
+                     size_t pwdlen, size_t *use_len );
+
+/**
+ * \brief       PEM context memory freeing
+ *
+ * \param ctx   context to be freed
+ */
+void mbedtls_pem_free( mbedtls_pem_context *ctx );
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a buffer of PEM information from a DER encoded
+ *                  buffer.
+ *
+ * \param header    header string to write
+ * \param footer    footer string to write
+ * \param der_data  DER data to write
+ * \param der_len   length of the DER data
+ * \param buf       buffer to write to
+ * \param buf_len   length of output buffer
+ * \param olen      total length written / required (if buf_len is not enough)
+ *
+ * \return          0 on success, or a specific PEM or BASE64 error code. On
+ *                  MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
+ *                  size.
+ */
+int mbedtls_pem_write_buffer( const char *header, const char *footer,
+                      const unsigned char *der_data, size_t der_len,
+                      unsigned char *buf, size_t buf_len, size_t *olen );
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pem.h */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/pk.h

@@ -0,0 +1,616 @@
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_PK_H
+#define MBEDTLS_PK_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "md.h"
+
+#if defined(MBEDTLS_RSA_C)
+#include "rsa.h"
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+#include "ecp.h"
+#endif
+
+#if defined(MBEDTLS_ECDSA_C)
+#include "ecdsa.h"
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#define MBEDTLS_ERR_PK_ALLOC_FAILED        -0x3F80  /**< Memory allocation failed. */
+#define MBEDTLS_ERR_PK_TYPE_MISMATCH       -0x3F00  /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
+#define MBEDTLS_ERR_PK_BAD_INPUT_DATA      -0x3E80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PK_FILE_IO_ERROR       -0x3E00  /**< Read/write of file failed. */
+#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80  /**< Unsupported key version */
+#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT  -0x3D00  /**< Invalid key tag or value. */
+#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG      -0x3C80  /**< Key algorithm is unsupported (only RSA and EC are supported). */
+#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED   -0x3C00  /**< Private key password can't be empty. */
+#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH   -0x3B80  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PK_INVALID_PUBKEY      -0x3B00  /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
+#define MBEDTLS_ERR_PK_INVALID_ALG         -0x3A80  /**< The algorithm tag or value is invalid. */
+#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00  /**< Elliptic curve is unsupported (only NIST curves are supported). */
+#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980  /**< Unavailable feature, e.g. RSA disabled for RSA key. */
+#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH    -0x3900  /**< The signature is valid but its length is less than expected. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Public key types
+ */
+typedef enum {
+    MBEDTLS_PK_NONE=0,
+    MBEDTLS_PK_RSA,
+    MBEDTLS_PK_ECKEY,
+    MBEDTLS_PK_ECKEY_DH,
+    MBEDTLS_PK_ECDSA,
+    MBEDTLS_PK_RSA_ALT,
+    MBEDTLS_PK_RSASSA_PSS,
+} mbedtls_pk_type_t;
+
+/**
+ * \brief           Options for RSASSA-PSS signature verification.
+ *                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
+ */
+typedef struct
+{
+    mbedtls_md_type_t mgf1_hash_id;
+    int expected_salt_len;
+
+} mbedtls_pk_rsassa_pss_options;
+
+/**
+ * \brief           Types for interfacing with the debug module
+ */
+typedef enum
+{
+    MBEDTLS_PK_DEBUG_NONE = 0,
+    MBEDTLS_PK_DEBUG_MPI,
+    MBEDTLS_PK_DEBUG_ECP,
+} mbedtls_pk_debug_type;
+
+/**
+ * \brief           Item to send to the debug module
+ */
+typedef struct
+{
+    mbedtls_pk_debug_type type;
+    const char *name;
+    void *value;
+} mbedtls_pk_debug_item;
+
+/** Maximum number of item send for debugging, plus 1 */
+#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
+
+/**
+ * \brief           Public key information and operations
+ */
+typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
+
+/**
+ * \brief           Public key container
+ */
+typedef struct
+{
+    const mbedtls_pk_info_t *   pk_info; /**< Public key informations        */
+    void *                      pk_ctx;  /**< Underlying public key context  */
+} mbedtls_pk_context;
+
+#if defined(MBEDTLS_RSA_C)
+/**
+ * Quick access to an RSA context inside a PK context.
+ *
+ * \warning You must make sure the PK context actually holds an RSA context
+ * before using this function!
+ */
+static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
+{
+    return( (mbedtls_rsa_context *) (pk).pk_ctx );
+}
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * Quick access to an EC context inside a PK context.
+ *
+ * \warning You must make sure the PK context actually holds an EC context
+ * before using this function!
+ */
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
+{
+    return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
+}
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/**
+ * \brief           Types for RSA-alt abstraction
+ */
+typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
+                    const unsigned char *input, unsigned char *output,
+                    size_t output_max_len );
+typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
+                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                    int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+                    const unsigned char *hash, unsigned char *sig );
+typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+/**
+ * \brief           Return information associated with the given PK type
+ *
+ * \param pk_type   PK type to search for.
+ *
+ * \return          The PK info associated with the type or NULL if not found.
+ */
+const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
+
+/**
+ * \brief           Initialize a mbedtls_pk_context (as NONE)
+ */
+void mbedtls_pk_init( mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Free a mbedtls_pk_context
+ */
+void mbedtls_pk_free( mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Initialize a PK context with the information given
+ *                  and allocates the type-specific PK subcontext.
+ *
+ * \param ctx       Context to initialize. Must be empty (type NONE).
+ * \param info      Information to use
+ *
+ * \return          0 on success,
+ *                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
+ *                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
+ *
+ * \note            For contexts holding an RSA-alt key, use
+ *                  \c mbedtls_pk_setup_rsa_alt() instead.
+ */
+int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/**
+ * \brief           Initialize an RSA-alt context
+ *
+ * \param ctx       Context to initialize. Must be empty (type NONE).
+ * \param key       RSA key pointer
+ * \param decrypt_func  Decryption function
+ * \param sign_func     Signing function
+ * \param key_len_func  Function returning key length in bytes
+ *
+ * \return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
+ *                  context wasn't already initialized as RSA_ALT.
+ *
+ * \note            This function replaces \c mbedtls_pk_setup() for RSA-alt.
+ */
+int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
+                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
+                         mbedtls_pk_rsa_alt_sign_func sign_func,
+                         mbedtls_pk_rsa_alt_key_len_func key_len_func );
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+/**
+ * \brief           Get the size in bits of the underlying key
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Key size in bits, or 0 on error
+ */
+size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Get the length in bytes of the underlying key
+ * \param ctx       Context to use
+ *
+ * \return          Key length in bytes, or 0 on error
+ */
+static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
+{
+    return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
+}
+
+/**
+ * \brief           Tell if a context can do the operation given by type
+ *
+ * \param ctx       Context to test
+ * \param type      Target type
+ *
+ * \return          0 if context can't do the operations,
+ *                  1 otherwise.
+ */
+int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
+
+/**
+ * \brief           Verify signature (including padding if relevant).
+ *
+ * \param ctx       PK context to use
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Signature to verify
+ * \param sig_len   Signature length
+ *
+ * \return          0 on success (signature is valid),
+ *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than sig_len,
+ *                  or a specific error code.
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
+ *                  to verify RSASSA_PSS signatures.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+ */
+int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+               const unsigned char *hash, size_t hash_len,
+               const unsigned char *sig, size_t sig_len );
+
+/**
+ * \brief           Verify signature, with options.
+ *                  (Includes verification of the padding depending on type.)
+ *
+ * \param type      Signature type (inc. possible padding type) to verify
+ * \param options   Pointer to type-specific options, or NULL
+ * \param ctx       PK context to use
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Signature to verify
+ * \param sig_len   Signature length
+ *
+ * \return          0 on success (signature is valid),
+ *                  MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
+ *                  used for this type of signatures,
+ *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than sig_len,
+ *                  or a specific error code.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+ *
+ * \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
+ *                  to a mbedtls_pk_rsassa_pss_options structure,
+ *                  otherwise it must be NULL.
+ */
+int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
+                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   const unsigned char *sig, size_t sig_len );
+
+/**
+ * \brief           Make signature, including padding if relevant.
+ *
+ * \param ctx       PK context to use - must hold a private key
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Place to write the signature
+ * \param sig_len   Number of bytes written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 on success, or a specific error code.
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *                  There is no interface in the PK module to make RSASSA-PSS
+ *                  signatures yet.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+ *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+ */
+int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+             const unsigned char *hash, size_t hash_len,
+             unsigned char *sig, size_t *sig_len,
+             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Decrypt message (including padding if relevant).
+ *
+ * \param ctx       PK context to use - must hold a private key
+ * \param input     Input to decrypt
+ * \param ilen      Input size
+ * \param output    Decrypted output
+ * \param olen      Decrypted message length
+ * \param osize     Size of the output buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *
+ * \return          0 on success, or a specific error code.
+ */
+int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output, size_t *olen, size_t osize,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Encrypt message (including padding if relevant).
+ *
+ * \param ctx       PK context to use
+ * \param input     Message to encrypt
+ * \param ilen      Message size
+ * \param output    Encrypted output
+ * \param olen      Encrypted output length
+ * \param osize     Size of the output buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *
+ * \return          0 on success, or a specific error code.
+ */
+int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output, size_t *olen, size_t osize,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Check if a public-private pair of keys matches.
+ *
+ * \param pub       Context holding a public key.
+ * \param prv       Context holding a private (and public) key.
+ *
+ * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+ */
+int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
+
+/**
+ * \brief           Export debug information
+ *
+ * \param ctx       Context to use
+ * \param items     Place to write debug items
+ *
+ * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+ */
+int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
+
+/**
+ * \brief           Access the type name
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Type name on success, or "invalid PK"
+ */
+const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Get the key type
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Type on success, or MBEDTLS_PK_NONE
+ */
+mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
+
+#if defined(MBEDTLS_PK_PARSE_C)
+/** \ingroup pk_module */
+/**
+ * \brief           Parse a private key in PEM or DER format
+ *
+ * \param ctx       key to be initialized
+ * \param key       input buffer
+ * \param keylen    size of the buffer
+ *                  (including the terminating null byte for PEM data)
+ * \param pwd       password for decryption (optional)
+ * \param pwdlen    size of the password
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
+                  const unsigned char *key, size_t keylen,
+                  const unsigned char *pwd, size_t pwdlen );
+
+/** \ingroup pk_module */
+/**
+ * \brief           Parse a public key in PEM or DER format
+ *
+ * \param ctx       key to be initialized
+ * \param key       input buffer
+ * \param keylen    size of the buffer
+ *                  (including the terminating null byte for PEM data)
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
+                         const unsigned char *key, size_t keylen );
+
+#if defined(MBEDTLS_FS_IO)
+/** \ingroup pk_module */
+/**
+ * \brief           Load and parse a private key
+ *
+ * \param ctx       key to be initialized
+ * \param path      filename to read the private key from
+ * \param password  password to decrypt the file (can be NULL)
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
+                      const char *path, const char *password );
+
+/** \ingroup pk_module */
+/**
+ * \brief           Load and parse a public key
+ *
+ * \param ctx       key to be initialized
+ * \param path      filename to read the public key from
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
+ *                  you need a specific key type, check the result with
+ *                  mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+/**
+ * \brief           Write a private key to a PKCS#1 or SEC1 DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       private to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ */
+int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+/**
+ * \brief           Write a public key to a SubjectPublicKeyInfo DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       public key to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ */
+int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a public key to a PEM string
+ *
+ * \param ctx       public key to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          0 if successful, or a specific error code
+ */
+int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+/**
+ * \brief           Write a private key to a PKCS#1 or SEC1 PEM string
+ *
+ * \param ctx       private to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          0 if successful, or a specific error code
+ */
+int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_PK_WRITE_C */
+
+/*
+ * WARNING: Low-level functions. You probably do not want to use these unless
+ *          you are certain you do ;)
+ */
+
+#if defined(MBEDTLS_PK_PARSE_C)
+/**
+ * \brief           Parse a SubjectPublicKeyInfo DER structure
+ *
+ * \param p         the position in the ASN.1 data
+ * \param end       end of the buffer
+ * \param pk        the key to fill
+ *
+ * \return          0 if successful, or a specific PK error code
+ */
+int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
+                        mbedtls_pk_context *pk );
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+/**
+ * \brief           Write a subjectPublicKey to ASN.1 data
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param key       public key to write away
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
+                     const mbedtls_pk_context *key );
+#endif /* MBEDTLS_PK_WRITE_C */
+
+/*
+ * Internal module functions. You probably do not want to use these unless you
+ * know you do.
+ */
+#if defined(MBEDTLS_FS_IO)
+int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_PK_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/pk_internal.h

@@ -0,0 +1,114 @@
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer: wrapper functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_PK_WRAP_H
+#define MBEDTLS_PK_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "pk.h"
+
+struct mbedtls_pk_info_t
+{
+    /** Public key type */
+    mbedtls_pk_type_t type;
+
+    /** Type name */
+    const char *name;
+
+    /** Get key size in bits */
+    size_t (*get_bitlen)( const void * );
+
+    /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
+    int (*can_do)( mbedtls_pk_type_t type );
+
+    /** Verify signature */
+    int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
+                        const unsigned char *hash, size_t hash_len,
+                        const unsigned char *sig, size_t sig_len );
+
+    /** Make signature */
+    int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
+                      const unsigned char *hash, size_t hash_len,
+                      unsigned char *sig, size_t *sig_len,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+    /** Decrypt message */
+    int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen, size_t osize,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+    /** Encrypt message */
+    int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen, size_t osize,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+    /** Check public-private key pair */
+    int (*check_pair_func)( const void *pub, const void *prv );
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+    /** Interface with the debug module */
+    void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
+
+};
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/* Container for RSA-alt */
+typedef struct
+{
+    void *key;
+    mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
+    mbedtls_pk_rsa_alt_sign_func sign_func;
+    mbedtls_pk_rsa_alt_key_len_func key_len_func;
+} mbedtls_rsa_alt_context;
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+extern const mbedtls_pk_info_t mbedtls_rsa_info;
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+extern const mbedtls_pk_info_t mbedtls_eckey_info;
+extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
+#endif
+
+#if defined(MBEDTLS_ECDSA_C)
+extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
+#endif
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
+#endif
+
+#endif /* MBEDTLS_PK_WRAP_H */

qcloud-iot-explorer-sdk-embedded-c/external_libs/mbedtls/include/mbedtls/pkcs11.h

@@ -0,0 +1,173 @@
+/**
+ * \file pkcs11.h
+ *
+ * \brief Wrapper for PKCS#11 library libpkcs11-helper
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PKCS11_H
+#define MBEDTLS_PKCS11_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PKCS11_C)
+
+#include "x509_crt.h"
+
+#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Context for PKCS #11 private keys.
+ */
+typedef struct {
+        pkcs11h_certificate_t pkcs11h_cert;
+        int len;
+} mbedtls_pkcs11_context;
+
+/**
+ * Initialize a mbedtls_pkcs11_context.
+ * (Just making memory references valid.)
+ */
+void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
+
+/**
+ * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
+ *
+ * \param cert          X.509 certificate to fill
+ * \param pkcs11h_cert  PKCS #11 helper certificate
+ *
+ * \return              0 on success.
+ */
+int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert );
+
+/**
+ * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
+ * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
+ * done.
+ *
+ * \param priv_key      Private key structure to fill.
+ * \param pkcs11_cert   PKCS #11 helper certificate
+ *
+ * \return              0 on success
+ */
+int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
+        pkcs11h_certificate_t pkcs11_cert );
+
+/**
+ * Free the contents of the given private key context. Note that the structure
+ * itself is not freed.
+ *
+ * \param priv_key      Private key structure to cleanup
+ */
+void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key );
+
+/**
+ * \brief          Do an RSA private key decrypt, then remove the message
+ *                 padding
+ *
+ * \param ctx      PKCS #11 context
+ * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param olen     will contain the plaintext length
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
+                       int mode, size_t *olen,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t output_max_len );
+
+/**
+ * \brief          Do a private RSA to sign a message digest
+ *
+ * \param ctx      PKCS #11 context
+ * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
+                    int mode,
+                    mbedtls_md_type_t md_alg,
+                    unsigned int hashlen,
+                    const unsigned char *hash,
+                    unsigned char *sig );
+
+/**
+ * SSL/TLS wrappers for PKCS#11 functions
+ */
+static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
+                        const unsigned char *input, unsigned char *output,
+                        size_t output_max_len )
+{
+    return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
+                           output_max_len );
+}
+
+static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
+                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                     int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+                     const unsigned char *hash, unsigned char *sig )
+{
+    ((void) f_rng);
+    ((void) p_rng);
+    return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg,
+                        hashlen, hash, sig );
+}
+
+static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
+{
+    return ( (mbedtls_pkcs11_context *) ctx )->len;
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_PKCS11_C */
+
+#endif /* MBEDTLS_PKCS11_H */