Renesas
/
SecureDweet
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
test.h
00001 /* test.h */ 00002 00003 #ifndef wolfSSL_TEST_H 00004 #define wolfSSL_TEST_H 00005 00006 #include <stdio.h> 00007 #include <stdlib.h> 00008 #include <assert.h> 00009 #include <ctype.h> 00010 #include <wolfssl/wolfcrypt/types.h> 00011 #include <wolfssl/wolfcrypt/error-crypt.h> 00012 #include <wolfssl/wolfcrypt/random.h> 00013 #include <wolfssl/mem_track.h> 00014 00015 #ifdef ATOMIC_USER 00016 #include <wolfssl/wolfcrypt/aes.h> 00017 #include <wolfssl/wolfcrypt/arc4.h> 00018 #include <wolfssl/wolfcrypt/hmac.h> 00019 #endif 00020 #ifdef HAVE_PK_CALLBACKS 00021 #include <wolfssl/wolfcrypt/asn.h> 00022 #ifdef HAVE_ECC 00023 #include <wolfssl/wolfcrypt/ecc.h> 00024 #endif /* HAVE_ECC */ 00025 #endif /*HAVE_PK_CALLBACKS */ 00026 00027 #ifdef USE_WINDOWS_API 00028 #include <winsock2.h> 00029 #include <process.h> 00030 #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */ 00031 #include <ws2tcpip.h> 00032 #include <wspiapi.h> 00033 #endif 00034 #define SOCKET_T SOCKET 00035 #define SNPRINTF _snprintf 00036 #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) 00037 #include <string.h> 00038 #include "rl_net.h" 00039 #define SOCKET_T int 00040 typedef int socklen_t ; 00041 static unsigned long inet_addr(const char *cp) 00042 { 00043 unsigned int a[4] ; unsigned long ret ; 00044 sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ; 00045 ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ; 00046 return(ret) ; 00047 } 00048 #if defined(HAVE_KEIL_RTX) 00049 #define sleep(t) os_dly_wait(t/1000+1) ; 00050 #elif defined (WOLFSSL_CMSIS_RTOS) 00051 #define sleep(t) osDelay(t/1000+1) ; 00052 #endif 00053 00054 static int wolfssl_tcp_select(int sd, int timeout) 00055 { return 0 ; } 00056 #define tcp_select(sd,t) wolfssl_tcp_select(sd, t) /* avoid conflicting Keil TCP tcp_select */ 00057 #elif defined(WOLFSSL_TIRTOS) 00058 #include <string.h> 00059 #include <netdb.h> 00060 #include <sys/types.h> 00061 #include <arpa/inet.h> 00062 #include <sys/socket.h> 00063 #include <ti/sysbios/knl/Task.h> 00064 struct hostent { 00065 char *h_name; /* official name of host */ 00066 char **h_aliases; /* alias list */ 00067 int h_addrtype; /* host address type */ 00068 int h_length; /* length of address */ 00069 char **h_addr_list; /* list of addresses from name server */ 00070 }; 00071 #define SOCKET_T int 00072 #elif defined(WOLFSSL_VXWORKS) 00073 #include <hostLib.h> 00074 #include <sockLib.h> 00075 #include <arpa/inet.h> 00076 #include <string.h> 00077 #include <selectLib.h> 00078 #include <sys/types.h> 00079 #include <netinet/in.h> 00080 #include <fcntl.h> 00081 #include <sys/time.h> 00082 #include <netdb.h> 00083 #include <pthread.h> 00084 #define SOCKET_T int 00085 #else 00086 #include <string.h> 00087 #include <sys/types.h> 00088 #ifndef WOLFSSL_LEANPSK 00089 #include <unistd.h> 00090 #include <netdb.h> 00091 #include <netinet/in.h> 00092 #include <netinet/tcp.h> 00093 #include <arpa/inet.h> 00094 #include <sys/ioctl.h> 00095 #include <sys/time.h> 00096 #include <sys/socket.h> 00097 #include <pthread.h> 00098 #include <fcntl.h> 00099 #ifdef TEST_IPV6 00100 #include <netdb.h> 00101 #endif 00102 #endif 00103 #define SOCKET_T int 00104 #ifndef SO_NOSIGPIPE 00105 #include <signal.h> /* ignore SIGPIPE */ 00106 #endif 00107 #define SNPRINTF snprintf 00108 #endif /* USE_WINDOWS_API */ 00109 00110 #ifdef HAVE_CAVIUM 00111 #include "cavium_sysdep.h" 00112 #include "cavium_common.h" 00113 #include "cavium_ioctl.h" 00114 #endif 00115 00116 #ifdef _MSC_VER 00117 /* disable conversion warning */ 00118 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ 00119 #pragma warning(disable:4244 4996) 00120 #endif 00121 00122 /* Buffer for benchmark tests */ 00123 #ifndef TEST_BUFFER_SIZE 00124 #define TEST_BUFFER_SIZE 16384 00125 #endif 00126 00127 #ifndef WOLFSSL_HAVE_MIN 00128 #define WOLFSSL_HAVE_MIN 00129 static INLINE word32 min(word32 a, word32 b) 00130 { 00131 return a > b ? b : a; 00132 } 00133 #endif /* WOLFSSL_HAVE_MIN */ 00134 00135 /* Socket Handling */ 00136 #ifndef WOLFSSL_SOCKET_INVALID 00137 #ifdef USE_WINDOWS_API 00138 #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)INVALID_SOCKET) 00139 #elif defined(WOLFSSL_TIRTOS) 00140 #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)-1) 00141 #else 00142 #define WOLFSSL_SOCKET_INVALID (SOCKET_T)(0) 00143 #endif 00144 #endif /* WOLFSSL_SOCKET_INVALID */ 00145 00146 #ifndef WOLFSSL_SOCKET_IS_INVALID 00147 #if defined(USE_WINDOWS_API) || defined(WOLFSSL_TIRTOS) 00148 #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) == WOLFSSL_SOCKET_INVALID) 00149 #else 00150 #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) < WOLFSSL_SOCKET_INVALID) 00151 #endif 00152 #endif /* WOLFSSL_SOCKET_IS_INVALID */ 00153 00154 #if defined(__MACH__) || defined(USE_WINDOWS_API) 00155 #ifndef _SOCKLEN_T 00156 typedef int socklen_t; 00157 #endif 00158 #endif 00159 00160 00161 /* HPUX doesn't use socklent_t for third parameter to accept, unless 00162 _XOPEN_SOURCE_EXTENDED is defined */ 00163 #if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)\ 00164 && !defined(WOLFSSL_ROWLEY_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) 00165 typedef socklen_t* ACCEPT_THIRD_T; 00166 #else 00167 #if defined _XOPEN_SOURCE_EXTENDED 00168 typedef socklen_t* ACCEPT_THIRD_T; 00169 #else 00170 typedef int* ACCEPT_THIRD_T; 00171 #endif 00172 #endif 00173 00174 00175 #ifdef USE_WINDOWS_API 00176 #define CloseSocket(s) closesocket(s) 00177 #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); } 00178 #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) 00179 #define CloseSocket(s) closesocket(s) 00180 #define StartTCP() 00181 #else 00182 #define CloseSocket(s) close(s) 00183 #define StartTCP() 00184 #endif 00185 00186 00187 #ifdef SINGLE_THREADED 00188 typedef unsigned int THREAD_RETURN; 00189 typedef void* THREAD_TYPE; 00190 #define WOLFSSL_THREAD 00191 #else 00192 #if defined(_POSIX_THREADS) && !defined(__MINGW32__) 00193 typedef void* THREAD_RETURN; 00194 typedef pthread_t THREAD_TYPE; 00195 #define WOLFSSL_THREAD 00196 #define INFINITE -1 00197 #define WAIT_OBJECT_0 0L 00198 #elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET) 00199 typedef unsigned int THREAD_RETURN; 00200 typedef int THREAD_TYPE; 00201 #define WOLFSSL_THREAD 00202 #elif defined(WOLFSSL_TIRTOS) 00203 typedef void THREAD_RETURN; 00204 typedef Task_Handle THREAD_TYPE; 00205 #define WOLFSSL_THREAD 00206 #else 00207 typedef unsigned int THREAD_RETURN; 00208 typedef intptr_t THREAD_TYPE; 00209 #define WOLFSSL_THREAD __stdcall 00210 #endif 00211 #endif 00212 00213 00214 #ifdef TEST_IPV6 00215 typedef struct sockaddr_in6 SOCKADDR_IN_T; 00216 #define AF_INET_V AF_INET6 00217 #else 00218 typedef struct sockaddr_in SOCKADDR_IN_T; 00219 #define AF_INET_V AF_INET 00220 #endif 00221 00222 00223 #define SERVER_DEFAULT_VERSION 3 00224 #define SERVER_DTLS_DEFAULT_VERSION (-2) 00225 #define SERVER_INVALID_VERSION (-99) 00226 #define CLIENT_DEFAULT_VERSION 3 00227 #define CLIENT_DTLS_DEFAULT_VERSION (-2) 00228 #define CLIENT_INVALID_VERSION (-99) 00229 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) 00230 #define DEFAULT_MIN_DHKEY_BITS 2048 00231 #else 00232 #define DEFAULT_MIN_DHKEY_BITS 1024 00233 #endif 00234 00235 /* all certs relative to wolfSSL home directory now */ 00236 #if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL) 00237 #define caCert "certs/ca-cert.pem" 00238 #define eccCert "certs/server-ecc.pem" 00239 #define eccKey "certs/ecc-key.pem" 00240 #define svrCert "certs/server-cert.pem" 00241 #define svrKey "certs/server-key.pem" 00242 #define cliCert "certs/client-cert.pem" 00243 #define cliKey "certs/client-key.pem" 00244 #define ntruCert "certs/ntru-cert.pem" 00245 #define ntruKey "certs/ntru-key.raw" 00246 #define dhParam "certs/dh2048.pem" 00247 #define cliEccKey "certs/ecc-client-key.pem" 00248 #define cliEccCert "certs/client-ecc-cert.pem" 00249 #define crlPemDir "certs/crl" 00250 #else 00251 #define caCert "./certs/ca-cert.pem" 00252 #define eccCert "./certs/server-ecc.pem" 00253 #define eccKey "./certs/ecc-key.pem" 00254 #define svrCert "./certs/server-cert.pem" 00255 #define svrKey "./certs/server-key.pem" 00256 #define cliCert "./certs/client-cert.pem" 00257 #define cliKey "./certs/client-key.pem" 00258 #define ntruCert "./certs/ntru-cert.pem" 00259 #define ntruKey "./certs/ntru-key.raw" 00260 #define dhParam "./certs/dh2048.pem" 00261 #define cliEccKey "./certs/ecc-client-key.pem" 00262 #define cliEccCert "./certs/client-ecc-cert.pem" 00263 #define crlPemDir "./certs/crl" 00264 #endif 00265 00266 typedef struct tcp_ready { 00267 word16 ready; /* predicate */ 00268 word16 port; 00269 char* srfName; /* server ready file name */ 00270 #if defined(_POSIX_THREADS) && !defined(__MINGW32__) 00271 pthread_mutex_t mutex; 00272 pthread_cond_t cond; 00273 #endif 00274 } tcp_ready; 00275 00276 00277 static INLINE void InitTcpReady(tcp_ready* ready) 00278 { 00279 ready->ready = 0; 00280 ready->port = 0; 00281 ready->srfName = NULL; 00282 #ifdef SINGLE_THREADED 00283 #elif defined(_POSIX_THREADS) && !defined(__MINGW32__) 00284 pthread_mutex_init(&ready->mutex, 0); 00285 pthread_cond_init(&ready->cond, 0); 00286 #endif 00287 } 00288 00289 00290 static INLINE void FreeTcpReady(tcp_ready* ready) 00291 { 00292 #ifdef SINGLE_THREADED 00293 (void)ready; 00294 #elif defined(_POSIX_THREADS) && !defined(__MINGW32__) 00295 pthread_mutex_destroy(&ready->mutex); 00296 pthread_cond_destroy(&ready->cond); 00297 #else 00298 (void)ready; 00299 #endif 00300 } 00301 00302 typedef WOLFSSL_METHOD* (*method_provider)(void); 00303 typedef void (*ctx_callback)(WOLFSSL_CTX* ctx); 00304 typedef void (*ssl_callback)(WOLFSSL* ssl); 00305 00306 typedef struct callback_functions { 00307 method_provider method; 00308 ctx_callback ctx_ready; 00309 ssl_callback ssl_ready; 00310 ssl_callback on_result; 00311 } callback_functions; 00312 00313 typedef struct func_args { 00314 int argc; 00315 char** argv; 00316 int return_code; 00317 tcp_ready* signal; 00318 callback_functions *callbacks; 00319 } func_args; 00320 00321 00322 00323 00324 void wait_tcp_ready(func_args*); 00325 00326 typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*); 00327 00328 void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*); 00329 void join_thread(THREAD_TYPE); 00330 00331 /* wolfSSL */ 00332 #ifndef TEST_IPV6 00333 static const char* const wolfSSLIP = "127.0.0.1"; 00334 #else 00335 static const char* const wolfSSLIP = "::1"; 00336 #endif 00337 static const word16 wolfSSLPort = 11111; 00338 00339 static INLINE void err_sys(const char* msg) 00340 { 00341 printf("wolfSSL error: %s\n", msg); 00342 if (msg) 00343 exit(EXIT_FAILURE); 00344 } 00345 00346 00347 #define MY_EX_USAGE 2 00348 00349 extern int myoptind; 00350 extern char* myoptarg; 00351 00352 static INLINE int mygetopt(int argc, char** argv, const char* optstring) 00353 { 00354 static char* next = NULL; 00355 00356 char c; 00357 char* cp; 00358 00359 if (myoptind == 0) 00360 next = NULL; /* we're starting new/over */ 00361 00362 if (next == NULL || *next == '\0') { 00363 if (myoptind == 0) 00364 myoptind++; 00365 00366 if (myoptind >= argc || argv[myoptind][0] != '-' || 00367 argv[myoptind][1] == '\0') { 00368 myoptarg = NULL; 00369 if (myoptind < argc) 00370 myoptarg = argv[myoptind]; 00371 00372 return -1; 00373 } 00374 00375 if (strcmp(argv[myoptind], "--") == 0) { 00376 myoptind++; 00377 myoptarg = NULL; 00378 00379 if (myoptind < argc) 00380 myoptarg = argv[myoptind]; 00381 00382 return -1; 00383 } 00384 00385 next = argv[myoptind]; 00386 next++; /* skip - */ 00387 myoptind++; 00388 } 00389 00390 c = *next++; 00391 /* The C++ strchr can return a different value */ 00392 cp = (char*)strchr(optstring, c); 00393 00394 if (cp == NULL || c == ':') 00395 return '?'; 00396 00397 cp++; 00398 00399 if (*cp == ':') { 00400 if (*next != '\0') { 00401 myoptarg = next; 00402 next = NULL; 00403 } 00404 else if (myoptind < argc) { 00405 myoptarg = argv[myoptind]; 00406 myoptind++; 00407 } 00408 else 00409 return '?'; 00410 } 00411 00412 return c; 00413 } 00414 00415 00416 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 00417 00418 static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata) 00419 { 00420 (void)rw; 00421 (void)userdata; 00422 strncpy(passwd, "yassl123", sz); 00423 return 8; 00424 } 00425 00426 #endif 00427 00428 00429 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) 00430 00431 static INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr) 00432 { 00433 char* altName; 00434 char* issuer = wolfSSL_X509_NAME_oneline( 00435 wolfSSL_X509_get_issuer_name(x509), 0, 0); 00436 char* subject = wolfSSL_X509_NAME_oneline( 00437 wolfSSL_X509_get_subject_name(x509), 0, 0); 00438 byte serial[32]; 00439 int ret; 00440 int sz = sizeof(serial); 00441 00442 printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject); 00443 00444 while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL) 00445 printf(" altname = %s\n", altName); 00446 00447 ret = wolfSSL_X509_get_serial_number(x509, serial, &sz); 00448 if (ret == SSL_SUCCESS) { 00449 int i; 00450 int strLen; 00451 char serialMsg[80]; 00452 00453 /* testsuite has multiple threads writing to stdout, get output 00454 message ready to write once */ 00455 strLen = sprintf(serialMsg, " serial number"); 00456 for (i = 0; i < sz; i++) 00457 sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]); 00458 printf("%s\n", serialMsg); 00459 } 00460 00461 XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); 00462 XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); 00463 } 00464 00465 #endif /* KEEP_PEER_CERT || SESSION_CERTS */ 00466 00467 00468 static INLINE void showPeer(WOLFSSL* ssl) 00469 { 00470 00471 WOLFSSL_CIPHER* cipher; 00472 #ifdef KEEP_PEER_CERT 00473 WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); 00474 if (peer) 00475 ShowX509(peer, "peer's cert info:"); 00476 else 00477 printf("peer has no cert!\n"); 00478 wolfSSL_FreeX509(peer); 00479 #endif 00480 printf("SSL version is %s\n", wolfSSL_get_version(ssl)); 00481 00482 cipher = wolfSSL_get_current_cipher(ssl); 00483 #ifdef HAVE_QSH 00484 printf("SSL cipher suite is %s%s\n", (wolfSSL_isQSH(ssl))? "QSH:": "", 00485 wolfSSL_CIPHER_get_name(cipher)); 00486 #else 00487 printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher)); 00488 #endif 00489 00490 #if defined(SESSION_CERTS) && defined(SHOW_CERTS) 00491 { 00492 WOLFSSL_X509_CHAIN* chain = wolfSSL_get_peer_chain(ssl); 00493 int count = wolfSSL_get_chain_count(chain); 00494 int i; 00495 00496 for (i = 0; i < count; i++) { 00497 int length; 00498 unsigned char buffer[3072]; 00499 WOLFSSL_X509* chainX509; 00500 00501 wolfSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length); 00502 buffer[length] = 0; 00503 printf("cert %d has length %d data = \n%s\n", i, length, buffer); 00504 00505 chainX509 = wolfSSL_get_chain_X509(chain, i); 00506 if (chainX509) 00507 ShowX509(chainX509, "session cert info:"); 00508 else 00509 printf("get_chain_X509 failed\n"); 00510 wolfSSL_FreeX509(chainX509); 00511 } 00512 } 00513 #endif 00514 (void)ssl; 00515 } 00516 00517 00518 static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, 00519 word16 port, int udp) 00520 { 00521 int useLookup = 0; 00522 (void)useLookup; 00523 (void)udp; 00524 00525 if (addr == NULL) 00526 err_sys("invalid argument to build_addr, addr is NULL"); 00527 00528 memset(addr, 0, sizeof(SOCKADDR_IN_T)); 00529 00530 #ifndef TEST_IPV6 00531 /* peer could be in human readable form */ 00532 if ( (peer != INADDR_ANY) && isalpha((int)peer[0])) { 00533 #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) 00534 int err; 00535 struct hostent* entry = gethostbyname(peer, &err); 00536 #elif defined(WOLFSSL_TIRTOS) 00537 struct hostent* entry = DNSGetHostByName(peer); 00538 #elif defined(WOLFSSL_VXWORKS) 00539 struct hostent* entry = (struct hostent*)hostGetByName((char*)peer); 00540 #else 00541 struct hostent* entry = gethostbyname(peer); 00542 #endif 00543 00544 if (entry) { 00545 memcpy(&addr->sin_addr.s_addr, entry->h_addr_list[0], 00546 entry->h_length); 00547 useLookup = 1; 00548 } 00549 else 00550 err_sys("no entry for host"); 00551 } 00552 #endif 00553 00554 00555 #ifndef TEST_IPV6 00556 #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) 00557 addr->sin_family = PF_INET; 00558 #else 00559 addr->sin_family = AF_INET_V; 00560 #endif 00561 addr->sin_port = htons(port); 00562 if (peer == INADDR_ANY) 00563 addr->sin_addr.s_addr = INADDR_ANY; 00564 else { 00565 if (!useLookup) 00566 addr->sin_addr.s_addr = inet_addr(peer); 00567 } 00568 #else 00569 addr->sin6_family = AF_INET_V; 00570 addr->sin6_port = htons(port); 00571 if (peer == INADDR_ANY) 00572 addr->sin6_addr = in6addr_any; 00573 else { 00574 #ifdef HAVE_GETADDRINFO 00575 struct addrinfo hints; 00576 struct addrinfo* answer = NULL; 00577 int ret; 00578 char strPort[80]; 00579 00580 memset(&hints, 0, sizeof(hints)); 00581 00582 hints.ai_family = AF_INET_V; 00583 hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM; 00584 hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP; 00585 00586 SNPRINTF(strPort, sizeof(strPort), "%d", port); 00587 strPort[79] = '\0'; 00588 00589 ret = getaddrinfo(peer, strPort, &hints, &answer); 00590 if (ret < 0 || answer == NULL) 00591 err_sys("getaddrinfo failed"); 00592 00593 memcpy(addr, answer->ai_addr, answer->ai_addrlen); 00594 freeaddrinfo(answer); 00595 #else 00596 printf("no ipv6 getaddrinfo, loopback only tests/examples\n"); 00597 addr->sin6_addr = in6addr_loopback; 00598 #endif 00599 } 00600 #endif 00601 } 00602 00603 00604 static INLINE void tcp_socket(SOCKET_T* sockfd, int udp) 00605 { 00606 if (udp) 00607 *sockfd = socket(AF_INET_V, SOCK_DGRAM, 0); 00608 else 00609 *sockfd = socket(AF_INET_V, SOCK_STREAM, 0); 00610 00611 if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) { 00612 err_sys("socket failed\n"); 00613 } 00614 00615 #ifndef USE_WINDOWS_API 00616 #ifdef SO_NOSIGPIPE 00617 { 00618 int on = 1; 00619 socklen_t len = sizeof(on); 00620 int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len); 00621 if (res < 0) 00622 err_sys("setsockopt SO_NOSIGPIPE failed\n"); 00623 } 00624 #elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\ 00625 defined(WOLFSSL_KEIL_TCP_NET) 00626 /* nothing to define */ 00627 #else /* no S_NOSIGPIPE */ 00628 signal(SIGPIPE, SIG_IGN); 00629 #endif /* S_NOSIGPIPE */ 00630 00631 #if defined(TCP_NODELAY) 00632 if (!udp) 00633 { 00634 int on = 1; 00635 socklen_t len = sizeof(on); 00636 int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len); 00637 if (res < 0) 00638 err_sys("setsockopt TCP_NODELAY failed\n"); 00639 } 00640 #endif 00641 #endif /* USE_WINDOWS_API */ 00642 } 00643 00644 static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port, 00645 int udp, WOLFSSL* ssl) 00646 { 00647 SOCKADDR_IN_T addr; 00648 build_addr(&addr, ip, port, udp); 00649 if(udp) { 00650 wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); 00651 } 00652 tcp_socket(sockfd, udp); 00653 00654 if (!udp) { 00655 if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) 00656 err_sys("tcp connect failed"); 00657 } 00658 } 00659 00660 00661 static INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz) 00662 { 00663 if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0) 00664 err_sys("tcp connect failed"); 00665 } 00666 00667 00668 enum { 00669 TEST_SELECT_FAIL, 00670 TEST_TIMEOUT, 00671 TEST_RECV_READY, 00672 TEST_ERROR_READY 00673 }; 00674 00675 00676 #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && \ 00677 !defined(WOLFSSL_TIRTOS) 00678 static INLINE int tcp_select(SOCKET_T socketfd, int to_sec) 00679 { 00680 fd_set recvfds, errfds; 00681 SOCKET_T nfds = socketfd + 1; 00682 struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0}; 00683 int result; 00684 00685 FD_ZERO(&recvfds); 00686 FD_SET(socketfd, &recvfds); 00687 FD_ZERO(&errfds); 00688 FD_SET(socketfd, &errfds); 00689 00690 result = select(nfds, &recvfds, NULL, &errfds, &timeout); 00691 00692 if (result == 0) 00693 return TEST_TIMEOUT; 00694 else if (result > 0) { 00695 if (FD_ISSET(socketfd, &recvfds)) 00696 return TEST_RECV_READY; 00697 else if(FD_ISSET(socketfd, &errfds)) 00698 return TEST_ERROR_READY; 00699 } 00700 00701 return TEST_SELECT_FAIL; 00702 } 00703 #elif defined(WOLFSSL_TIRTOS) 00704 static INLINE int tcp_select(SOCKET_T socketfd, int to_sec) 00705 { 00706 return TEST_RECV_READY; 00707 } 00708 #endif /* !WOLFSSL_MDK_ARM */ 00709 00710 00711 static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr, 00712 int udp) 00713 { 00714 SOCKADDR_IN_T addr; 00715 00716 /* don't use INADDR_ANY by default, firewall may block, make user switch 00717 on */ 00718 build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp); 00719 tcp_socket(sockfd, udp); 00720 00721 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\ 00722 && !defined(WOLFSSL_KEIL_TCP_NET) 00723 { 00724 int res, on = 1; 00725 socklen_t len = sizeof(on); 00726 res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); 00727 if (res < 0) 00728 err_sys("setsockopt SO_REUSEADDR failed\n"); 00729 } 00730 #endif 00731 00732 if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) 00733 err_sys("tcp bind failed"); 00734 if (!udp) { 00735 if (listen(*sockfd, 5) != 0) 00736 err_sys("tcp listen failed"); 00737 } 00738 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) 00739 if (*port == 0) { 00740 socklen_t len = sizeof(addr); 00741 if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) { 00742 #ifndef TEST_IPV6 00743 *port = ntohs(addr.sin_port); 00744 #else 00745 *port = ntohs(addr.sin6_port); 00746 #endif 00747 } 00748 } 00749 #endif 00750 } 00751 00752 00753 #if 0 00754 static INLINE int udp_read_connect(SOCKET_T sockfd) 00755 { 00756 SOCKADDR_IN_T cliaddr; 00757 byte b[1500]; 00758 int n; 00759 socklen_t len = sizeof(cliaddr); 00760 00761 n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK, 00762 (struct sockaddr*)&cliaddr, &len); 00763 if (n > 0) { 00764 if (connect(sockfd, (const struct sockaddr*)&cliaddr, 00765 sizeof(cliaddr)) != 0) 00766 err_sys("udp connect failed"); 00767 } 00768 else 00769 err_sys("recvfrom failed"); 00770 00771 return sockfd; 00772 } 00773 #endif 00774 00775 static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, 00776 int useAnyAddr, word16 port, func_args* args) 00777 { 00778 SOCKADDR_IN_T addr; 00779 00780 (void)args; 00781 build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1); 00782 tcp_socket(sockfd, 1); 00783 00784 00785 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \ 00786 && !defined(WOLFSSL_KEIL_TCP_NET) 00787 { 00788 int res, on = 1; 00789 socklen_t len = sizeof(on); 00790 res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); 00791 if (res < 0) 00792 err_sys("setsockopt SO_REUSEADDR failed\n"); 00793 } 00794 #endif 00795 00796 if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) 00797 err_sys("tcp bind failed"); 00798 00799 #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS) 00800 if (port == 0) { 00801 socklen_t len = sizeof(addr); 00802 if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) { 00803 #ifndef TEST_IPV6 00804 port = ntohs(addr.sin_port); 00805 #else 00806 port = ntohs(addr.sin6_port); 00807 #endif 00808 } 00809 } 00810 #endif 00811 00812 #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__) 00813 /* signal ready to accept data */ 00814 { 00815 tcp_ready* ready = args->signal; 00816 pthread_mutex_lock(&ready->mutex); 00817 ready->ready = 1; 00818 ready->port = port; 00819 pthread_cond_signal(&ready->cond); 00820 pthread_mutex_unlock(&ready->mutex); 00821 } 00822 #elif defined (WOLFSSL_TIRTOS) 00823 /* Need mutex? */ 00824 tcp_ready* ready = args->signal; 00825 ready->ready = 1; 00826 ready->port = port; 00827 #endif 00828 00829 *clientfd = *sockfd; 00830 } 00831 00832 static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, 00833 func_args* args, word16 port, int useAnyAddr, 00834 int udp, int ready_file, int do_listen) 00835 { 00836 SOCKADDR_IN_T client; 00837 socklen_t client_len = sizeof(client); 00838 tcp_ready* ready = NULL; 00839 00840 (void) ready; /* Account for case when "ready" is not used */ 00841 00842 if (udp) { 00843 udp_accept(sockfd, clientfd, useAnyAddr, port, args); 00844 return; 00845 } 00846 00847 if(do_listen) { 00848 tcp_listen(sockfd, &port, useAnyAddr, udp); 00849 00850 #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__) 00851 /* signal ready to tcp_accept */ 00852 if (args) 00853 ready = args->signal; 00854 if (ready) { 00855 pthread_mutex_lock(&ready->mutex); 00856 ready->ready = 1; 00857 ready->port = port; 00858 pthread_cond_signal(&ready->cond); 00859 pthread_mutex_unlock(&ready->mutex); 00860 } 00861 #elif defined (WOLFSSL_TIRTOS) 00862 /* Need mutex? */ 00863 if (args) 00864 ready = args->signal; 00865 if (ready) { 00866 ready->ready = 1; 00867 ready->port = port; 00868 } 00869 #endif 00870 00871 if (ready_file) { 00872 #ifndef NO_FILESYSTEM 00873 FILE* srf = NULL; 00874 if (args) 00875 ready = args->signal; 00876 00877 if (ready) { 00878 srf = fopen(ready->srfName, "w"); 00879 00880 if (srf) { 00881 /* let's write port sever is listening on to ready file 00882 external monitor can then do ephemeral ports by passing 00883 -p 0 to server on supported platforms with -R ready_file 00884 client can then wait for existence of ready_file and see 00885 which port the server is listening on. */ 00886 fprintf(srf, "%d\n", (int)port); 00887 fclose(srf); 00888 } 00889 } 00890 #endif 00891 } 00892 } 00893 00894 *clientfd = accept(*sockfd, (struct sockaddr*)&client, 00895 (ACCEPT_THIRD_T)&client_len); 00896 if(WOLFSSL_SOCKET_IS_INVALID(*clientfd)) { 00897 err_sys("tcp accept failed"); 00898 } 00899 } 00900 00901 00902 static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) 00903 { 00904 #ifdef USE_WINDOWS_API 00905 unsigned long blocking = 1; 00906 int ret = ioctlsocket(*sockfd, FIONBIO, &blocking); 00907 if (ret == SOCKET_ERROR) 00908 err_sys("ioctlsocket failed"); 00909 #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) \ 00910 || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) 00911 /* non blocking not supported, for now */ 00912 #else 00913 int flags = fcntl(*sockfd, F_GETFL, 0); 00914 if (flags < 0) 00915 err_sys("fcntl get failed"); 00916 flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK); 00917 if (flags < 0) 00918 err_sys("fcntl set failed"); 00919 #endif 00920 } 00921 00922 00923 #ifndef NO_PSK 00924 00925 static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, 00926 char* identity, unsigned int id_max_len, unsigned char* key, 00927 unsigned int key_max_len) 00928 { 00929 (void)ssl; 00930 (void)hint; 00931 (void)key_max_len; 00932 00933 /* identity is OpenSSL testing default for openssl s_client, keep same */ 00934 strncpy(identity, "Client_identity", id_max_len); 00935 00936 00937 /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using 00938 unsigned binary */ 00939 key[0] = 26; 00940 key[1] = 43; 00941 key[2] = 60; 00942 key[3] = 77; 00943 00944 return 4; /* length of key in octets or 0 for error */ 00945 } 00946 00947 00948 static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, 00949 unsigned char* key, unsigned int key_max_len) 00950 { 00951 (void)ssl; 00952 (void)key_max_len; 00953 00954 /* identity is OpenSSL testing default for openssl s_client, keep same */ 00955 if (strncmp(identity, "Client_identity", 15) != 0) 00956 return 0; 00957 00958 /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using 00959 unsigned binary */ 00960 key[0] = 26; 00961 key[1] = 43; 00962 key[2] = 60; 00963 key[3] = 77; 00964 00965 return 4; /* length of key in octets or 0 for error */ 00966 } 00967 00968 #endif /* NO_PSK */ 00969 00970 00971 #ifdef USE_WINDOWS_API 00972 00973 #define WIN32_LEAN_AND_MEAN 00974 #include <windows.h> 00975 00976 static INLINE double current_time() 00977 { 00978 static int init = 0; 00979 static LARGE_INTEGER freq; 00980 00981 LARGE_INTEGER count; 00982 00983 if (!init) { 00984 QueryPerformanceFrequency(&freq); 00985 init = 1; 00986 } 00987 00988 QueryPerformanceCounter(&count); 00989 00990 return (double)count.QuadPart / freq.QuadPart; 00991 } 00992 00993 #elif defined(WOLFSSL_TIRTOS) 00994 extern double current_time(); 00995 #else 00996 00997 #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) 00998 #include <sys/time.h> 00999 01000 static INLINE double current_time(void) 01001 { 01002 struct timeval tv; 01003 gettimeofday(&tv, 0); 01004 01005 return (double)tv.tv_sec + (double)tv.tv_usec / 1000000; 01006 } 01007 01008 #endif 01009 #endif /* USE_WINDOWS_API */ 01010 01011 01012 #if defined(NO_FILESYSTEM) && !defined(NO_CERTS) 01013 01014 enum { 01015 WOLFSSL_CA = 1, 01016 WOLFSSL_CERT = 2, 01017 WOLFSSL_KEY = 3 01018 }; 01019 01020 static INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type) 01021 { 01022 /* test buffer load */ 01023 long sz = 0; 01024 byte buff[10000]; 01025 FILE* file = fopen(fname, "rb"); 01026 01027 if (!file) 01028 err_sys("can't open file for buffer load " 01029 "Please run from wolfSSL home directory if not"); 01030 fseek(file, 0, SEEK_END); 01031 sz = ftell(file); 01032 rewind(file); 01033 fread(buff, sizeof(buff), 1, file); 01034 01035 if (type == WOLFSSL_CA) { 01036 if (wolfSSL_CTX_load_verify_buffer(ctx, buff, sz, SSL_FILETYPE_PEM) 01037 != SSL_SUCCESS) 01038 err_sys("can't load buffer ca file"); 01039 } 01040 else if (type == WOLFSSL_CERT) { 01041 if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, sz, 01042 SSL_FILETYPE_PEM) != SSL_SUCCESS) 01043 err_sys("can't load buffer cert file"); 01044 } 01045 else if (type == WOLFSSL_KEY) { 01046 if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, sz, 01047 SSL_FILETYPE_PEM) != SSL_SUCCESS) 01048 err_sys("can't load buffer key file"); 01049 } 01050 fclose(file); 01051 } 01052 01053 #endif /* NO_FILESYSTEM */ 01054 01055 #ifdef VERIFY_CALLBACK 01056 01057 static INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) 01058 { 01059 (void)preverify; 01060 char buffer[WOLFSSL_MAX_ERROR_SZ]; 01061 01062 #ifdef OPENSSL_EXTRA 01063 WOLFSSL_X509* peer; 01064 #endif 01065 01066 printf("In verification callback, error = %d, %s\n", store->error, 01067 wolfSSL_ERR_error_string(store->error, buffer)); 01068 #ifdef OPENSSL_EXTRA 01069 peer = store->current_cert; 01070 if (peer) { 01071 char* issuer = wolfSSL_X509_NAME_oneline( 01072 wolfSSL_X509_get_issuer_name(peer), 0, 0); 01073 char* subject = wolfSSL_X509_NAME_oneline( 01074 wolfSSL_X509_get_subject_name(peer), 0, 0); 01075 printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer, 01076 subject); 01077 XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); 01078 XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); 01079 } 01080 else 01081 printf("peer has no cert!\n"); 01082 #endif 01083 printf("Subject's domain name is %s\n", store->domain); 01084 01085 printf("Allowing to continue anyway (shouldn't do this, EVER!!!)\n"); 01086 return 1; 01087 } 01088 01089 #endif /* VERIFY_CALLBACK */ 01090 01091 01092 static INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store) 01093 { 01094 char buffer[WOLFSSL_MAX_ERROR_SZ]; 01095 (void)preverify; 01096 01097 printf("In verification callback, error = %d, %s\n", store->error, 01098 wolfSSL_ERR_error_string(store->error, buffer)); 01099 printf("Subject's domain name is %s\n", store->domain); 01100 01101 if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) { 01102 printf("Overriding cert date error as example for bad clock testing\n"); 01103 return 1; 01104 } 01105 printf("Cert error is not date error, not overriding\n"); 01106 01107 return 0; 01108 } 01109 01110 01111 #ifdef HAVE_CRL 01112 01113 static INLINE void CRL_CallBack(const char* url) 01114 { 01115 printf("CRL callback url = %s\n", url); 01116 } 01117 01118 #endif 01119 01120 #ifndef NO_DH 01121 static INLINE void SetDH(WOLFSSL* ssl) 01122 { 01123 /* dh1024 p */ 01124 static unsigned char p[] = 01125 { 01126 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3, 01127 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E, 01128 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59, 01129 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2, 01130 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD, 01131 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF, 01132 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02, 01133 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C, 01134 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7, 01135 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50, 01136 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B, 01137 }; 01138 01139 /* dh1024 g */ 01140 static unsigned char g[] = 01141 { 01142 0x02, 01143 }; 01144 01145 wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g)); 01146 } 01147 01148 static INLINE void SetDHCtx(WOLFSSL_CTX* ctx) 01149 { 01150 /* dh1024 p */ 01151 static unsigned char p[] = 01152 { 01153 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3, 01154 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E, 01155 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59, 01156 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2, 01157 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD, 01158 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF, 01159 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02, 01160 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C, 01161 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7, 01162 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50, 01163 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B, 01164 }; 01165 01166 /* dh1024 g */ 01167 static unsigned char g[] = 01168 { 01169 0x02, 01170 }; 01171 01172 wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g)); 01173 } 01174 #endif /* NO_DH */ 01175 01176 #ifndef NO_CERTS 01177 01178 static INLINE void CaCb(unsigned char* der, int sz, int type) 01179 { 01180 (void)der; 01181 printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type); 01182 } 01183 01184 #endif /* !NO_CERTS */ 01185 01186 #ifdef HAVE_CAVIUM 01187 01188 static INLINE int OpenNitroxDevice(int dma_mode,int dev_id) 01189 { 01190 Csp1CoreAssignment core_assign; 01191 Uint32 device; 01192 01193 if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID)) 01194 return -1; 01195 if (Csp1GetDevType(&device)) 01196 return -1; 01197 if (device != NPX_DEVICE) { 01198 if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT, 01199 (Uint32 *)&core_assign)!= 0) 01200 return -1; 01201 } 01202 CspShutdown(CAVIUM_DEV_ID); 01203 01204 return CspInitialize(dma_mode, dev_id); 01205 } 01206 01207 #endif /* HAVE_CAVIUM */ 01208 01209 01210 /* Wolf Root Directory Helper */ 01211 /* KEIL-RL File System does not support relative directory */ 01212 #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) 01213 #ifndef MAX_PATH 01214 #define MAX_PATH 256 01215 #endif 01216 01217 /* Maximum depth to search for WolfSSL root */ 01218 #define MAX_WOLF_ROOT_DEPTH 5 01219 01220 static INLINE int ChangeToWolfRoot(void) 01221 { 01222 #if !defined(NO_FILESYSTEM) 01223 int depth, res; 01224 XFILE file; 01225 for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) { 01226 file = XFOPEN(ntruKey, "rb"); 01227 if (file != XBADFILE) { 01228 XFCLOSE(file); 01229 return depth; 01230 } 01231 #ifdef USE_WINDOWS_API 01232 res = SetCurrentDirectoryA("..\\"); 01233 #else 01234 res = chdir("../"); 01235 #endif 01236 if (res < 0) { 01237 printf("chdir to ../ failed!\n"); 01238 break; 01239 } 01240 } 01241 01242 err_sys("wolf root not found"); 01243 return -1; 01244 #else 01245 return 0; 01246 #endif 01247 } 01248 #endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */ 01249 01250 #ifdef HAVE_STACK_SIZE 01251 01252 typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args); 01253 01254 01255 static INLINE void StackSizeCheck(func_args* args, thread_func tf) 01256 { 01257 int ret, i, used; 01258 unsigned char* myStack = NULL; 01259 int stackSize = 1024*128; 01260 pthread_attr_t myAttr; 01261 pthread_t threadId; 01262 01263 #ifdef PTHREAD_STACK_MIN 01264 if (stackSize < PTHREAD_STACK_MIN) 01265 stackSize = PTHREAD_STACK_MIN; 01266 #endif 01267 01268 ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); 01269 if (ret != 0 || myStack == NULL) 01270 err_sys("posix_memalign failed\n"); 01271 01272 XMEMSET(myStack, 0x01, stackSize); 01273 01274 ret = pthread_attr_init(&myAttr); 01275 if (ret != 0) 01276 err_sys("attr_init failed"); 01277 01278 ret = pthread_attr_setstack(&myAttr, myStack, stackSize); 01279 if (ret != 0) 01280 err_sys("attr_setstackaddr failed"); 01281 01282 ret = pthread_create(&threadId, &myAttr, tf, args); 01283 if (ret != 0) { 01284 perror("pthread_create failed"); 01285 exit(EXIT_FAILURE); 01286 } 01287 01288 ret = pthread_join(threadId, NULL); 01289 if (ret != 0) 01290 err_sys("pthread_join failed"); 01291 01292 for (i = 0; i < stackSize; i++) { 01293 if (myStack[i] != 0x01) { 01294 break; 01295 } 01296 } 01297 01298 used = stackSize - i; 01299 printf("stack used = %d\n", used); 01300 } 01301 01302 01303 #endif /* HAVE_STACK_SIZE */ 01304 01305 01306 #ifdef STACK_TRAP 01307 01308 /* good settings 01309 --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP" 01310 01311 */ 01312 01313 #ifdef HAVE_STACK_SIZE 01314 /* client only for now, setrlimit will fail if pthread_create() called */ 01315 /* STACK_SIZE does pthread_create() on client */ 01316 #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail" 01317 #endif /* HAVE_STACK_SIZE */ 01318 01319 static INLINE void StackTrap(void) 01320 { 01321 struct rlimit rl; 01322 if (getrlimit(RLIMIT_STACK, &rl) != 0) 01323 err_sys("getrlimit failed"); 01324 printf("rlim_cur = %llu\n", rl.rlim_cur); 01325 rl.rlim_cur = 1024*21; /* adjust trap size here */ 01326 if (setrlimit(RLIMIT_STACK, &rl) != 0) { 01327 perror("setrlimit"); 01328 err_sys("setrlimit failed"); 01329 } 01330 } 01331 01332 #else /* STACK_TRAP */ 01333 01334 static INLINE void StackTrap(void) 01335 { 01336 } 01337 01338 #endif /* STACK_TRAP */ 01339 01340 01341 #ifdef ATOMIC_USER 01342 01343 /* Atomic Encrypt Context example */ 01344 typedef struct AtomicEncCtx { 01345 int keySetup; /* have we done key setup yet */ 01346 Aes aes; /* for aes example */ 01347 } AtomicEncCtx; 01348 01349 01350 /* Atomic Decrypt Context example */ 01351 typedef struct AtomicDecCtx { 01352 int keySetup; /* have we done key setup yet */ 01353 Aes aes; /* for aes example */ 01354 } AtomicDecCtx; 01355 01356 01357 static INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut, 01358 const unsigned char* macIn, unsigned int macInSz, int macContent, 01359 int macVerify, unsigned char* encOut, const unsigned char* encIn, 01360 unsigned int encSz, void* ctx) 01361 { 01362 int ret; 01363 Hmac hmac; 01364 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; 01365 AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx; 01366 const char* tlsStr = "TLS"; 01367 01368 /* example supports (d)tls aes */ 01369 if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { 01370 printf("myMacEncryptCb not using AES\n"); 01371 return -1; 01372 } 01373 01374 if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { 01375 printf("myMacEncryptCb not using (D)TLS\n"); 01376 return -1; 01377 } 01378 01379 /* hmac, not needed if aead mode */ 01380 wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); 01381 01382 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), 01383 wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl)); 01384 if (ret != 0) 01385 return ret; 01386 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); 01387 if (ret != 0) 01388 return ret; 01389 ret = wc_HmacUpdate(&hmac, macIn, macInSz); 01390 if (ret != 0) 01391 return ret; 01392 ret = wc_HmacFinal(&hmac, macOut); 01393 if (ret != 0) 01394 return ret; 01395 01396 01397 /* encrypt setup on first time */ 01398 if (encCtx->keySetup == 0) { 01399 int keyLen = wolfSSL_GetKeySize(ssl); 01400 const byte* key; 01401 const byte* iv; 01402 01403 if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) { 01404 key = wolfSSL_GetClientWriteKey(ssl); 01405 iv = wolfSSL_GetClientWriteIV(ssl); 01406 } 01407 else { 01408 key = wolfSSL_GetServerWriteKey(ssl); 01409 iv = wolfSSL_GetServerWriteIV(ssl); 01410 } 01411 01412 ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION); 01413 if (ret != 0) { 01414 printf("AesSetKey failed in myMacEncryptCb\n"); 01415 return ret; 01416 } 01417 encCtx->keySetup = 1; 01418 } 01419 01420 /* encrypt */ 01421 return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz); 01422 } 01423 01424 01425 static INLINE int myDecryptVerifyCb(WOLFSSL* ssl, 01426 unsigned char* decOut, const unsigned char* decIn, 01427 unsigned int decSz, int macContent, int macVerify, 01428 unsigned int* padSz, void* ctx) 01429 { 01430 AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx; 01431 int ret = 0; 01432 int macInSz = 0; 01433 int ivExtra = 0; 01434 int digestSz = wolfSSL_GetHmacSize(ssl); 01435 unsigned int pad = 0; 01436 unsigned int padByte = 0; 01437 Hmac hmac; 01438 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; 01439 byte verify[MAX_DIGEST_SIZE]; 01440 const char* tlsStr = "TLS"; 01441 01442 /* example supports (d)tls aes */ 01443 if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { 01444 printf("myMacEncryptCb not using AES\n"); 01445 return -1; 01446 } 01447 01448 if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { 01449 printf("myMacEncryptCb not using (D)TLS\n"); 01450 return -1; 01451 } 01452 01453 /*decrypt */ 01454 if (decCtx->keySetup == 0) { 01455 int keyLen = wolfSSL_GetKeySize(ssl); 01456 const byte* key; 01457 const byte* iv; 01458 01459 /* decrypt is from other side (peer) */ 01460 if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { 01461 key = wolfSSL_GetClientWriteKey(ssl); 01462 iv = wolfSSL_GetClientWriteIV(ssl); 01463 } 01464 else { 01465 key = wolfSSL_GetServerWriteKey(ssl); 01466 iv = wolfSSL_GetServerWriteIV(ssl); 01467 } 01468 01469 ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION); 01470 if (ret != 0) { 01471 printf("AesSetKey failed in myDecryptVerifyCb\n"); 01472 return ret; 01473 } 01474 decCtx->keySetup = 1; 01475 } 01476 01477 /* decrypt */ 01478 ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz); 01479 if (ret != 0) 01480 return ret; 01481 01482 if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) { 01483 *padSz = wolfSSL_GetAeadMacSize(ssl); 01484 return 0; /* hmac, not needed if aead mode */ 01485 } 01486 01487 if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) { 01488 pad = *(decOut + decSz - 1); 01489 padByte = 1; 01490 if (wolfSSL_IsTLSv1_1(ssl)) 01491 ivExtra = wolfSSL_GetCipherBlockSize(ssl); 01492 } 01493 01494 *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte; 01495 macInSz = decSz - ivExtra - digestSz - pad - padByte; 01496 01497 wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); 01498 01499 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), 01500 wolfSSL_GetMacSecret(ssl, macVerify), digestSz); 01501 if (ret != 0) 01502 return ret; 01503 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); 01504 if (ret != 0) 01505 return ret; 01506 ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz); 01507 if (ret != 0) 01508 return ret; 01509 ret = wc_HmacFinal(&hmac, verify); 01510 if (ret != 0) 01511 return ret; 01512 01513 if (memcmp(verify, decOut + decSz - digestSz - pad - padByte, 01514 digestSz) != 0) { 01515 printf("myDecryptVerify verify failed\n"); 01516 return -1; 01517 } 01518 01519 return ret; 01520 } 01521 01522 01523 static INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) 01524 { 01525 AtomicEncCtx* encCtx; 01526 AtomicDecCtx* decCtx; 01527 01528 encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx)); 01529 if (encCtx == NULL) 01530 err_sys("AtomicEncCtx malloc failed"); 01531 memset(encCtx, 0, sizeof(AtomicEncCtx)); 01532 01533 decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx)); 01534 if (decCtx == NULL) { 01535 free(encCtx); 01536 err_sys("AtomicDecCtx malloc failed"); 01537 } 01538 memset(decCtx, 0, sizeof(AtomicDecCtx)); 01539 01540 wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb); 01541 wolfSSL_SetMacEncryptCtx(ssl, encCtx); 01542 01543 wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb); 01544 wolfSSL_SetDecryptVerifyCtx(ssl, decCtx); 01545 } 01546 01547 01548 static INLINE void FreeAtomicUser(WOLFSSL* ssl) 01549 { 01550 AtomicEncCtx* encCtx = (AtomicEncCtx*)wolfSSL_GetMacEncryptCtx(ssl); 01551 AtomicDecCtx* decCtx = (AtomicDecCtx*)wolfSSL_GetDecryptVerifyCtx(ssl); 01552 01553 free(decCtx); 01554 free(encCtx); 01555 } 01556 01557 #endif /* ATOMIC_USER */ 01558 01559 01560 #ifdef HAVE_PK_CALLBACKS 01561 01562 #ifdef HAVE_ECC 01563 01564 static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz, 01565 byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) 01566 { 01567 WC_RNG rng; 01568 int ret; 01569 word32 idx = 0; 01570 ecc_key myKey; 01571 01572 (void)ssl; 01573 (void)ctx; 01574 01575 ret = wc_InitRng(&rng); 01576 if (ret != 0) 01577 return ret; 01578 01579 wc_ecc_init(&myKey); 01580 01581 ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz); 01582 if (ret == 0) 01583 ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey); 01584 wc_ecc_free(&myKey); 01585 wc_FreeRng(&rng); 01586 01587 return ret; 01588 } 01589 01590 01591 static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz, 01592 const byte* hash, word32 hashSz, const byte* key, word32 keySz, 01593 int* result, void* ctx) 01594 { 01595 int ret; 01596 ecc_key myKey; 01597 01598 (void)ssl; 01599 (void)ctx; 01600 01601 wc_ecc_init(&myKey); 01602 01603 ret = wc_ecc_import_x963(key, keySz, &myKey); 01604 if (ret == 0) 01605 ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey); 01606 wc_ecc_free(&myKey); 01607 01608 return ret; 01609 } 01610 01611 #endif /* HAVE_ECC */ 01612 01613 #ifndef NO_RSA 01614 01615 static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, 01616 byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) 01617 { 01618 WC_RNG rng; 01619 int ret; 01620 word32 idx = 0; 01621 RsaKey myKey; 01622 01623 (void)ssl; 01624 (void)ctx; 01625 01626 ret = wc_InitRng(&rng); 01627 if (ret != 0) 01628 return ret; 01629 01630 wc_InitRsaKey(&myKey, NULL); 01631 01632 ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz); 01633 if (ret == 0) 01634 ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng); 01635 if (ret > 0) { /* save and convert to 0 success */ 01636 *outSz = ret; 01637 ret = 0; 01638 } 01639 wc_FreeRsaKey(&myKey); 01640 wc_FreeRng(&rng); 01641 01642 return ret; 01643 } 01644 01645 01646 static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, 01647 byte** out, 01648 const byte* key, word32 keySz, 01649 void* ctx) 01650 { 01651 int ret; 01652 word32 idx = 0; 01653 RsaKey myKey; 01654 01655 (void)ssl; 01656 (void)ctx; 01657 01658 wc_InitRsaKey(&myKey, NULL); 01659 01660 ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); 01661 if (ret == 0) 01662 ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey); 01663 wc_FreeRsaKey(&myKey); 01664 01665 return ret; 01666 } 01667 01668 01669 static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, 01670 byte* out, word32* outSz, const byte* key, 01671 word32 keySz, void* ctx) 01672 { 01673 int ret; 01674 word32 idx = 0; 01675 RsaKey myKey; 01676 WC_RNG rng; 01677 01678 (void)ssl; 01679 (void)ctx; 01680 01681 ret = wc_InitRng(&rng); 01682 if (ret != 0) 01683 return ret; 01684 01685 wc_InitRsaKey(&myKey, NULL); 01686 01687 ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); 01688 if (ret == 0) { 01689 ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng); 01690 if (ret > 0) { 01691 *outSz = ret; 01692 ret = 0; /* reset to success */ 01693 } 01694 } 01695 wc_FreeRsaKey(&myKey); 01696 wc_FreeRng(&rng); 01697 01698 return ret; 01699 } 01700 01701 static INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz, 01702 byte** out, 01703 const byte* key, word32 keySz, void* ctx) 01704 { 01705 int ret; 01706 word32 idx = 0; 01707 RsaKey myKey; 01708 01709 (void)ssl; 01710 (void)ctx; 01711 01712 wc_InitRsaKey(&myKey, NULL); 01713 01714 ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz); 01715 if (ret == 0) { 01716 ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey); 01717 } 01718 wc_FreeRsaKey(&myKey); 01719 01720 return ret; 01721 } 01722 01723 #endif /* NO_RSA */ 01724 01725 static INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx, WOLFSSL* ssl) 01726 { 01727 (void)ctx; 01728 (void)ssl; 01729 01730 #ifdef HAVE_ECC 01731 wolfSSL_CTX_SetEccSignCb(ctx, myEccSign); 01732 wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify); 01733 #endif /* HAVE_ECC */ 01734 #ifndef NO_RSA 01735 wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign); 01736 wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify); 01737 wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc); 01738 wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec); 01739 #endif /* NO_RSA */ 01740 } 01741 01742 #endif /* HAVE_PK_CALLBACKS */ 01743 01744 01745 01746 01747 01748 #if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \ 01749 || defined(_MSC_VER) 01750 01751 /* HP/UX doesn't have strsep, needed by test/suites.c */ 01752 static INLINE char* strsep(char **stringp, const char *delim) 01753 { 01754 char* start; 01755 char* end; 01756 01757 start = *stringp; 01758 if (start == NULL) 01759 return NULL; 01760 01761 if ((end = strpbrk(start, delim))) { 01762 *end++ = '\0'; 01763 *stringp = end; 01764 } else { 01765 *stringp = NULL; 01766 } 01767 01768 return start; 01769 } 01770 01771 #endif /* __hpux__ and others */ 01772 01773 /* Create unique filename, len is length of tempfn name, assuming 01774 len does not include null terminating character, 01775 num is number of characters in tempfn name to randomize */ 01776 static INLINE const char* mymktemp(char *tempfn, int len, int num) 01777 { 01778 int x, size; 01779 static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" 01780 "abcdefghijklmnopqrstuvwxyz"; 01781 WC_RNG rng; 01782 byte out; 01783 01784 if (tempfn == NULL || len < 1 || num < 1 || len <= num) { 01785 printf("Bad input\n"); 01786 return NULL; 01787 } 01788 01789 size = len - 1; 01790 01791 if (wc_InitRng(&rng) != 0) { 01792 printf("InitRng failed\n"); 01793 return NULL; 01794 } 01795 01796 for (x = size; x > size - num; x--) { 01797 if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) { 01798 printf("RNG_GenerateBlock failed\n"); 01799 return NULL; 01800 } 01801 tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)]; 01802 } 01803 tempfn[len] = '\0'; 01804 01805 wc_FreeRng(&rng); 01806 01807 return tempfn; 01808 } 01809 01810 01811 01812 #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ 01813 defined(HAVE_POLY1305) 01814 01815 #include <wolfssl/wolfcrypt/chacha20_poly1305.h> 01816 01817 typedef struct key_ctx { 01818 byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */ 01819 byte key[16]; /* cipher key */ 01820 } key_ctx; 01821 01822 static key_ctx myKey_ctx; 01823 static WC_RNG myKey_rng; 01824 01825 static INLINE int TicketInit(void) 01826 { 01827 int ret = wc_InitRng(&myKey_rng); 01828 if (ret != 0) return ret; 01829 01830 ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key)); 01831 if (ret != 0) return ret; 01832 01833 ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name,sizeof(myKey_ctx.name)); 01834 if (ret != 0) return ret; 01835 01836 return 0; 01837 } 01838 01839 static INLINE void TicketCleanup(void) 01840 { 01841 wc_FreeRng(&myKey_rng); 01842 } 01843 01844 static INLINE int myTicketEncCb(WOLFSSL* ssl, 01845 byte key_name[WOLFSSL_TICKET_NAME_SZ], 01846 byte iv[WOLFSSL_TICKET_IV_SZ], 01847 byte mac[WOLFSSL_TICKET_MAC_SZ], 01848 int enc, byte* ticket, int inLen, int* outLen, 01849 void* userCtx) 01850 { 01851 (void)ssl; 01852 (void)userCtx; 01853 01854 int ret; 01855 word16 sLen = htons(inLen); 01856 byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2]; 01857 int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2; 01858 byte* tmp = aad; 01859 01860 if (enc) { 01861 XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ); 01862 01863 ret = wc_RNG_GenerateBlock(&myKey_rng, iv, WOLFSSL_TICKET_IV_SZ); 01864 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; 01865 01866 /* build aad from key name, iv, and length */ 01867 XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ); 01868 tmp += WOLFSSL_TICKET_NAME_SZ; 01869 XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); 01870 tmp += WOLFSSL_TICKET_IV_SZ; 01871 XMEMCPY(tmp, &sLen, 2); 01872 01873 ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv, 01874 aad, aadSz, 01875 ticket, inLen, 01876 ticket, 01877 mac); 01878 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; 01879 *outLen = inLen; /* no padding in this mode */ 01880 } else { 01881 /* decrypt */ 01882 01883 /* see if we know this key */ 01884 if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){ 01885 printf("client presented unknown ticket key name "); 01886 return WOLFSSL_TICKET_RET_FATAL; 01887 } 01888 01889 /* build aad from key name, iv, and length */ 01890 XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ); 01891 tmp += WOLFSSL_TICKET_NAME_SZ; 01892 XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); 01893 tmp += WOLFSSL_TICKET_IV_SZ; 01894 XMEMCPY(tmp, &sLen, 2); 01895 01896 ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv, 01897 aad, aadSz, 01898 ticket, inLen, 01899 mac, 01900 ticket); 01901 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; 01902 *outLen = inLen; /* no padding in this mode */ 01903 } 01904 01905 return WOLFSSL_TICKET_RET_OK; 01906 } 01907 01908 #endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */ 01909 01910 #endif /* wolfSSL_TEST_H */ 01911
Generated on Tue Jul 12 2022 15:55:22 by
1.7.2