wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfssl/test.h@13:f67a6c6013ca, 2017-08-22 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue Aug 22 10:48:22 2017 +0000
- Revision:
- 13:f67a6c6013ca
wolfSSL3.12.0 with TLS1.3
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 13:f67a6c6013ca | 1 | /* test.h */ |
wolfSSL | 13:f67a6c6013ca | 2 | |
wolfSSL | 13:f67a6c6013ca | 3 | #ifndef wolfSSL_TEST_H |
wolfSSL | 13:f67a6c6013ca | 4 | #define wolfSSL_TEST_H |
wolfSSL | 13:f67a6c6013ca | 5 | |
wolfSSL | 13:f67a6c6013ca | 6 | #include <stdio.h> |
wolfSSL | 13:f67a6c6013ca | 7 | #include <stdlib.h> |
wolfSSL | 13:f67a6c6013ca | 8 | #include <assert.h> |
wolfSSL | 13:f67a6c6013ca | 9 | #include <ctype.h> |
wolfSSL | 13:f67a6c6013ca | 10 | #include <wolfssl/wolfcrypt/types.h> |
wolfSSL | 13:f67a6c6013ca | 11 | #include <wolfssl/wolfcrypt/error-crypt.h> |
wolfSSL | 13:f67a6c6013ca | 12 | #include <wolfssl/wolfcrypt/random.h> |
wolfSSL | 13:f67a6c6013ca | 13 | |
wolfSSL | 13:f67a6c6013ca | 14 | #ifdef ATOMIC_USER |
wolfSSL | 13:f67a6c6013ca | 15 | #include <wolfssl/wolfcrypt/aes.h> |
wolfSSL | 13:f67a6c6013ca | 16 | #include <wolfssl/wolfcrypt/arc4.h> |
wolfSSL | 13:f67a6c6013ca | 17 | #include <wolfssl/wolfcrypt/hmac.h> |
wolfSSL | 13:f67a6c6013ca | 18 | #endif |
wolfSSL | 13:f67a6c6013ca | 19 | #ifdef HAVE_PK_CALLBACKS |
wolfSSL | 13:f67a6c6013ca | 20 | #include <wolfssl/wolfcrypt/asn.h> |
wolfSSL | 13:f67a6c6013ca | 21 | #ifndef NO_RSA |
wolfSSL | 13:f67a6c6013ca | 22 | #include <wolfssl/wolfcrypt/rsa.h> |
wolfSSL | 13:f67a6c6013ca | 23 | #endif |
wolfSSL | 13:f67a6c6013ca | 24 | #ifdef HAVE_ECC |
wolfSSL | 13:f67a6c6013ca | 25 | #include <wolfssl/wolfcrypt/ecc.h> |
wolfSSL | 13:f67a6c6013ca | 26 | #endif /* HAVE_ECC */ |
wolfSSL | 13:f67a6c6013ca | 27 | #ifdef HAVE_ED25519 |
wolfSSL | 13:f67a6c6013ca | 28 | #include <wolfssl/wolfcrypt/ed25519.h> |
wolfSSL | 13:f67a6c6013ca | 29 | #endif /* HAVE_ED25519 */ |
wolfSSL | 13:f67a6c6013ca | 30 | #ifdef HAVE_CURVE25519 |
wolfSSL | 13:f67a6c6013ca | 31 | #include <wolfssl/wolfcrypt/curve25519.h> |
wolfSSL | 13:f67a6c6013ca | 32 | #endif /* HAVE_ECC */ |
wolfSSL | 13:f67a6c6013ca | 33 | #endif /*HAVE_PK_CALLBACKS */ |
wolfSSL | 13:f67a6c6013ca | 34 | |
wolfSSL | 13:f67a6c6013ca | 35 | #ifdef USE_WINDOWS_API |
wolfSSL | 13:f67a6c6013ca | 36 | #include <winsock2.h> |
wolfSSL | 13:f67a6c6013ca | 37 | #include <process.h> |
wolfSSL | 13:f67a6c6013ca | 38 | #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */ |
wolfSSL | 13:f67a6c6013ca | 39 | #include <ws2tcpip.h> |
wolfSSL | 13:f67a6c6013ca | 40 | #include <wspiapi.h> |
wolfSSL | 13:f67a6c6013ca | 41 | #endif |
wolfSSL | 13:f67a6c6013ca | 42 | #define SOCKET_T SOCKET |
wolfSSL | 13:f67a6c6013ca | 43 | #define SNPRINTF _snprintf |
wolfSSL | 13:f67a6c6013ca | 44 | #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) |
wolfSSL | 13:f67a6c6013ca | 45 | #include <string.h> |
wolfSSL | 13:f67a6c6013ca | 46 | #include "rl_net.h" |
wolfSSL | 13:f67a6c6013ca | 47 | #define SOCKET_T int |
wolfSSL | 13:f67a6c6013ca | 48 | typedef int socklen_t ; |
wolfSSL | 13:f67a6c6013ca | 49 | static unsigned long inet_addr(const char *cp) |
wolfSSL | 13:f67a6c6013ca | 50 | { |
wolfSSL | 13:f67a6c6013ca | 51 | unsigned int a[4] ; unsigned long ret ; |
wolfSSL | 13:f67a6c6013ca | 52 | sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ; |
wolfSSL | 13:f67a6c6013ca | 53 | ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ; |
wolfSSL | 13:f67a6c6013ca | 54 | return(ret) ; |
wolfSSL | 13:f67a6c6013ca | 55 | } |
wolfSSL | 13:f67a6c6013ca | 56 | #if defined(HAVE_KEIL_RTX) |
wolfSSL | 13:f67a6c6013ca | 57 | #define sleep(t) os_dly_wait(t/1000+1) ; |
wolfSSL | 13:f67a6c6013ca | 58 | #elif defined (WOLFSSL_CMSIS_RTOS) |
wolfSSL | 13:f67a6c6013ca | 59 | #define sleep(t) osDelay(t/1000+1) ; |
wolfSSL | 13:f67a6c6013ca | 60 | #endif |
wolfSSL | 13:f67a6c6013ca | 61 | |
wolfSSL | 13:f67a6c6013ca | 62 | static int wolfssl_tcp_select(int sd, int timeout) |
wolfSSL | 13:f67a6c6013ca | 63 | { return 0 ; } |
wolfSSL | 13:f67a6c6013ca | 64 | #define tcp_select(sd,t) wolfssl_tcp_select(sd, t) /* avoid conflicting Keil TCP tcp_select */ |
wolfSSL | 13:f67a6c6013ca | 65 | #elif defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 66 | #include <string.h> |
wolfSSL | 13:f67a6c6013ca | 67 | #include <netdb.h> |
wolfSSL | 13:f67a6c6013ca | 68 | #include <sys/types.h> |
wolfSSL | 13:f67a6c6013ca | 69 | #include <arpa/inet.h> |
wolfSSL | 13:f67a6c6013ca | 70 | #include <sys/socket.h> |
wolfSSL | 13:f67a6c6013ca | 71 | #include <ti/sysbios/knl/Task.h> |
wolfSSL | 13:f67a6c6013ca | 72 | struct hostent { |
wolfSSL | 13:f67a6c6013ca | 73 | char *h_name; /* official name of host */ |
wolfSSL | 13:f67a6c6013ca | 74 | char **h_aliases; /* alias list */ |
wolfSSL | 13:f67a6c6013ca | 75 | int h_addrtype; /* host address type */ |
wolfSSL | 13:f67a6c6013ca | 76 | int h_length; /* length of address */ |
wolfSSL | 13:f67a6c6013ca | 77 | char **h_addr_list; /* list of addresses from name server */ |
wolfSSL | 13:f67a6c6013ca | 78 | }; |
wolfSSL | 13:f67a6c6013ca | 79 | #define SOCKET_T int |
wolfSSL | 13:f67a6c6013ca | 80 | #elif defined(WOLFSSL_VXWORKS) |
wolfSSL | 13:f67a6c6013ca | 81 | #include <hostLib.h> |
wolfSSL | 13:f67a6c6013ca | 82 | #include <sockLib.h> |
wolfSSL | 13:f67a6c6013ca | 83 | #include <arpa/inet.h> |
wolfSSL | 13:f67a6c6013ca | 84 | #include <string.h> |
wolfSSL | 13:f67a6c6013ca | 85 | #include <selectLib.h> |
wolfSSL | 13:f67a6c6013ca | 86 | #include <sys/types.h> |
wolfSSL | 13:f67a6c6013ca | 87 | #include <netinet/in.h> |
wolfSSL | 13:f67a6c6013ca | 88 | #include <fcntl.h> |
wolfSSL | 13:f67a6c6013ca | 89 | #include <sys/time.h> |
wolfSSL | 13:f67a6c6013ca | 90 | #include <netdb.h> |
wolfSSL | 13:f67a6c6013ca | 91 | #include <pthread.h> |
wolfSSL | 13:f67a6c6013ca | 92 | #define SOCKET_T int |
wolfSSL | 13:f67a6c6013ca | 93 | #else |
wolfSSL | 13:f67a6c6013ca | 94 | #include <string.h> |
wolfSSL | 13:f67a6c6013ca | 95 | #include <sys/types.h> |
wolfSSL | 13:f67a6c6013ca | 96 | #ifndef WOLFSSL_LEANPSK |
wolfSSL | 13:f67a6c6013ca | 97 | #include <unistd.h> |
wolfSSL | 13:f67a6c6013ca | 98 | #include <netdb.h> |
wolfSSL | 13:f67a6c6013ca | 99 | #include <netinet/in.h> |
wolfSSL | 13:f67a6c6013ca | 100 | #include <netinet/tcp.h> |
wolfSSL | 13:f67a6c6013ca | 101 | #include <arpa/inet.h> |
wolfSSL | 13:f67a6c6013ca | 102 | #include <sys/ioctl.h> |
wolfSSL | 13:f67a6c6013ca | 103 | #include <sys/time.h> |
wolfSSL | 13:f67a6c6013ca | 104 | #include <sys/socket.h> |
wolfSSL | 13:f67a6c6013ca | 105 | #include <pthread.h> |
wolfSSL | 13:f67a6c6013ca | 106 | #include <fcntl.h> |
wolfSSL | 13:f67a6c6013ca | 107 | #ifdef TEST_IPV6 |
wolfSSL | 13:f67a6c6013ca | 108 | #include <netdb.h> |
wolfSSL | 13:f67a6c6013ca | 109 | #endif |
wolfSSL | 13:f67a6c6013ca | 110 | #endif |
wolfSSL | 13:f67a6c6013ca | 111 | #define SOCKET_T int |
wolfSSL | 13:f67a6c6013ca | 112 | #ifndef SO_NOSIGPIPE |
wolfSSL | 13:f67a6c6013ca | 113 | #include <signal.h> /* ignore SIGPIPE */ |
wolfSSL | 13:f67a6c6013ca | 114 | #endif |
wolfSSL | 13:f67a6c6013ca | 115 | #define SNPRINTF snprintf |
wolfSSL | 13:f67a6c6013ca | 116 | #endif /* USE_WINDOWS_API */ |
wolfSSL | 13:f67a6c6013ca | 117 | |
wolfSSL | 13:f67a6c6013ca | 118 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 119 | #include <wolfssl/wolfcrypt/async.h> |
wolfSSL | 13:f67a6c6013ca | 120 | #endif |
wolfSSL | 13:f67a6c6013ca | 121 | #ifdef HAVE_CAVIUM |
wolfSSL | 13:f67a6c6013ca | 122 | #include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h> |
wolfSSL | 13:f67a6c6013ca | 123 | #endif |
wolfSSL | 13:f67a6c6013ca | 124 | |
wolfSSL | 13:f67a6c6013ca | 125 | #ifdef _MSC_VER |
wolfSSL | 13:f67a6c6013ca | 126 | /* disable conversion warning */ |
wolfSSL | 13:f67a6c6013ca | 127 | /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ |
wolfSSL | 13:f67a6c6013ca | 128 | #pragma warning(disable:4244 4996) |
wolfSSL | 13:f67a6c6013ca | 129 | #endif |
wolfSSL | 13:f67a6c6013ca | 130 | |
wolfSSL | 13:f67a6c6013ca | 131 | /* Buffer for benchmark tests */ |
wolfSSL | 13:f67a6c6013ca | 132 | #ifndef TEST_BUFFER_SIZE |
wolfSSL | 13:f67a6c6013ca | 133 | #define TEST_BUFFER_SIZE 16384 |
wolfSSL | 13:f67a6c6013ca | 134 | #endif |
wolfSSL | 13:f67a6c6013ca | 135 | |
wolfSSL | 13:f67a6c6013ca | 136 | #ifndef WOLFSSL_HAVE_MIN |
wolfSSL | 13:f67a6c6013ca | 137 | #define WOLFSSL_HAVE_MIN |
wolfSSL | 13:f67a6c6013ca | 138 | static INLINE word32 min(word32 a, word32 b) |
wolfSSL | 13:f67a6c6013ca | 139 | { |
wolfSSL | 13:f67a6c6013ca | 140 | return a > b ? b : a; |
wolfSSL | 13:f67a6c6013ca | 141 | } |
wolfSSL | 13:f67a6c6013ca | 142 | #endif /* WOLFSSL_HAVE_MIN */ |
wolfSSL | 13:f67a6c6013ca | 143 | |
wolfSSL | 13:f67a6c6013ca | 144 | /* Socket Handling */ |
wolfSSL | 13:f67a6c6013ca | 145 | #ifndef WOLFSSL_SOCKET_INVALID |
wolfSSL | 13:f67a6c6013ca | 146 | #ifdef USE_WINDOWS_API |
wolfSSL | 13:f67a6c6013ca | 147 | #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)INVALID_SOCKET) |
wolfSSL | 13:f67a6c6013ca | 148 | #elif defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 149 | #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)-1) |
wolfSSL | 13:f67a6c6013ca | 150 | #else |
wolfSSL | 13:f67a6c6013ca | 151 | #define WOLFSSL_SOCKET_INVALID (SOCKET_T)(0) |
wolfSSL | 13:f67a6c6013ca | 152 | #endif |
wolfSSL | 13:f67a6c6013ca | 153 | #endif /* WOLFSSL_SOCKET_INVALID */ |
wolfSSL | 13:f67a6c6013ca | 154 | |
wolfSSL | 13:f67a6c6013ca | 155 | #ifndef WOLFSSL_SOCKET_IS_INVALID |
wolfSSL | 13:f67a6c6013ca | 156 | #if defined(USE_WINDOWS_API) || defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 157 | #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) == WOLFSSL_SOCKET_INVALID) |
wolfSSL | 13:f67a6c6013ca | 158 | #else |
wolfSSL | 13:f67a6c6013ca | 159 | #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) < WOLFSSL_SOCKET_INVALID) |
wolfSSL | 13:f67a6c6013ca | 160 | #endif |
wolfSSL | 13:f67a6c6013ca | 161 | #endif /* WOLFSSL_SOCKET_IS_INVALID */ |
wolfSSL | 13:f67a6c6013ca | 162 | |
wolfSSL | 13:f67a6c6013ca | 163 | #if defined(__MACH__) || defined(USE_WINDOWS_API) |
wolfSSL | 13:f67a6c6013ca | 164 | #ifndef _SOCKLEN_T |
wolfSSL | 13:f67a6c6013ca | 165 | typedef int socklen_t; |
wolfSSL | 13:f67a6c6013ca | 166 | #endif |
wolfSSL | 13:f67a6c6013ca | 167 | #endif |
wolfSSL | 13:f67a6c6013ca | 168 | |
wolfSSL | 13:f67a6c6013ca | 169 | |
wolfSSL | 13:f67a6c6013ca | 170 | /* HPUX doesn't use socklent_t for third parameter to accept, unless |
wolfSSL | 13:f67a6c6013ca | 171 | _XOPEN_SOURCE_EXTENDED is defined */ |
wolfSSL | 13:f67a6c6013ca | 172 | #if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)\ |
wolfSSL | 13:f67a6c6013ca | 173 | && !defined(WOLFSSL_ROWLEY_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) |
wolfSSL | 13:f67a6c6013ca | 174 | typedef socklen_t* ACCEPT_THIRD_T; |
wolfSSL | 13:f67a6c6013ca | 175 | #else |
wolfSSL | 13:f67a6c6013ca | 176 | #if defined _XOPEN_SOURCE_EXTENDED |
wolfSSL | 13:f67a6c6013ca | 177 | typedef socklen_t* ACCEPT_THIRD_T; |
wolfSSL | 13:f67a6c6013ca | 178 | #else |
wolfSSL | 13:f67a6c6013ca | 179 | typedef int* ACCEPT_THIRD_T; |
wolfSSL | 13:f67a6c6013ca | 180 | #endif |
wolfSSL | 13:f67a6c6013ca | 181 | #endif |
wolfSSL | 13:f67a6c6013ca | 182 | |
wolfSSL | 13:f67a6c6013ca | 183 | |
wolfSSL | 13:f67a6c6013ca | 184 | #ifdef USE_WINDOWS_API |
wolfSSL | 13:f67a6c6013ca | 185 | #define CloseSocket(s) closesocket(s) |
wolfSSL | 13:f67a6c6013ca | 186 | #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); } |
wolfSSL | 13:f67a6c6013ca | 187 | #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) |
wolfSSL | 13:f67a6c6013ca | 188 | #define CloseSocket(s) closesocket(s) |
wolfSSL | 13:f67a6c6013ca | 189 | #define StartTCP() |
wolfSSL | 13:f67a6c6013ca | 190 | #else |
wolfSSL | 13:f67a6c6013ca | 191 | #define CloseSocket(s) close(s) |
wolfSSL | 13:f67a6c6013ca | 192 | #define StartTCP() |
wolfSSL | 13:f67a6c6013ca | 193 | #endif |
wolfSSL | 13:f67a6c6013ca | 194 | |
wolfSSL | 13:f67a6c6013ca | 195 | |
wolfSSL | 13:f67a6c6013ca | 196 | #ifdef SINGLE_THREADED |
wolfSSL | 13:f67a6c6013ca | 197 | typedef unsigned int THREAD_RETURN; |
wolfSSL | 13:f67a6c6013ca | 198 | typedef void* THREAD_TYPE; |
wolfSSL | 13:f67a6c6013ca | 199 | #define WOLFSSL_THREAD |
wolfSSL | 13:f67a6c6013ca | 200 | #else |
wolfSSL | 13:f67a6c6013ca | 201 | #if defined(_POSIX_THREADS) && !defined(__MINGW32__) |
wolfSSL | 13:f67a6c6013ca | 202 | typedef void* THREAD_RETURN; |
wolfSSL | 13:f67a6c6013ca | 203 | typedef pthread_t THREAD_TYPE; |
wolfSSL | 13:f67a6c6013ca | 204 | #define WOLFSSL_THREAD |
wolfSSL | 13:f67a6c6013ca | 205 | #define INFINITE -1 |
wolfSSL | 13:f67a6c6013ca | 206 | #define WAIT_OBJECT_0 0L |
wolfSSL | 13:f67a6c6013ca | 207 | #elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET) |
wolfSSL | 13:f67a6c6013ca | 208 | typedef unsigned int THREAD_RETURN; |
wolfSSL | 13:f67a6c6013ca | 209 | typedef int THREAD_TYPE; |
wolfSSL | 13:f67a6c6013ca | 210 | #define WOLFSSL_THREAD |
wolfSSL | 13:f67a6c6013ca | 211 | #elif defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 212 | typedef void THREAD_RETURN; |
wolfSSL | 13:f67a6c6013ca | 213 | typedef Task_Handle THREAD_TYPE; |
wolfSSL | 13:f67a6c6013ca | 214 | #define WOLFSSL_THREAD |
wolfSSL | 13:f67a6c6013ca | 215 | #else |
wolfSSL | 13:f67a6c6013ca | 216 | typedef unsigned int THREAD_RETURN; |
wolfSSL | 13:f67a6c6013ca | 217 | typedef intptr_t THREAD_TYPE; |
wolfSSL | 13:f67a6c6013ca | 218 | #define WOLFSSL_THREAD __stdcall |
wolfSSL | 13:f67a6c6013ca | 219 | #endif |
wolfSSL | 13:f67a6c6013ca | 220 | #endif |
wolfSSL | 13:f67a6c6013ca | 221 | |
wolfSSL | 13:f67a6c6013ca | 222 | |
wolfSSL | 13:f67a6c6013ca | 223 | #ifdef TEST_IPV6 |
wolfSSL | 13:f67a6c6013ca | 224 | typedef struct sockaddr_in6 SOCKADDR_IN_T; |
wolfSSL | 13:f67a6c6013ca | 225 | #define AF_INET_V AF_INET6 |
wolfSSL | 13:f67a6c6013ca | 226 | #else |
wolfSSL | 13:f67a6c6013ca | 227 | typedef struct sockaddr_in SOCKADDR_IN_T; |
wolfSSL | 13:f67a6c6013ca | 228 | #define AF_INET_V AF_INET |
wolfSSL | 13:f67a6c6013ca | 229 | #endif |
wolfSSL | 13:f67a6c6013ca | 230 | |
wolfSSL | 13:f67a6c6013ca | 231 | |
wolfSSL | 13:f67a6c6013ca | 232 | #define SERVER_DEFAULT_VERSION 3 |
wolfSSL | 13:f67a6c6013ca | 233 | #define SERVER_DTLS_DEFAULT_VERSION (-2) |
wolfSSL | 13:f67a6c6013ca | 234 | #define SERVER_INVALID_VERSION (-99) |
wolfSSL | 13:f67a6c6013ca | 235 | #define CLIENT_DEFAULT_VERSION 3 |
wolfSSL | 13:f67a6c6013ca | 236 | #define CLIENT_DTLS_DEFAULT_VERSION (-2) |
wolfSSL | 13:f67a6c6013ca | 237 | #define CLIENT_INVALID_VERSION (-99) |
wolfSSL | 13:f67a6c6013ca | 238 | #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) |
wolfSSL | 13:f67a6c6013ca | 239 | #define DEFAULT_MIN_DHKEY_BITS 2048 |
wolfSSL | 13:f67a6c6013ca | 240 | #else |
wolfSSL | 13:f67a6c6013ca | 241 | #define DEFAULT_MIN_DHKEY_BITS 1024 |
wolfSSL | 13:f67a6c6013ca | 242 | #endif |
wolfSSL | 13:f67a6c6013ca | 243 | #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) |
wolfSSL | 13:f67a6c6013ca | 244 | #define DEFAULT_MIN_RSAKEY_BITS 2048 |
wolfSSL | 13:f67a6c6013ca | 245 | #else |
wolfSSL | 13:f67a6c6013ca | 246 | #define DEFAULT_MIN_RSAKEY_BITS 1024 |
wolfSSL | 13:f67a6c6013ca | 247 | #endif |
wolfSSL | 13:f67a6c6013ca | 248 | #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) |
wolfSSL | 13:f67a6c6013ca | 249 | #define DEFAULT_MIN_ECCKEY_BITS 256 |
wolfSSL | 13:f67a6c6013ca | 250 | #else |
wolfSSL | 13:f67a6c6013ca | 251 | #define DEFAULT_MIN_ECCKEY_BITS 224 |
wolfSSL | 13:f67a6c6013ca | 252 | #endif |
wolfSSL | 13:f67a6c6013ca | 253 | |
wolfSSL | 13:f67a6c6013ca | 254 | /* all certs relative to wolfSSL home directory now */ |
wolfSSL | 13:f67a6c6013ca | 255 | #if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL) |
wolfSSL | 13:f67a6c6013ca | 256 | #define caCertFile "certs/ca-cert.pem" |
wolfSSL | 13:f67a6c6013ca | 257 | #define eccCertFile "certs/server-ecc.pem" |
wolfSSL | 13:f67a6c6013ca | 258 | #define eccKeyFile "certs/ecc-key.pem" |
wolfSSL | 13:f67a6c6013ca | 259 | #define svrCertFile "certs/server-cert.pem" |
wolfSSL | 13:f67a6c6013ca | 260 | #define svrKeyFile "certs/server-key.pem" |
wolfSSL | 13:f67a6c6013ca | 261 | #define cliCertFile "certs/client-cert.pem" |
wolfSSL | 13:f67a6c6013ca | 262 | #define cliKeyFile "certs/client-key.pem" |
wolfSSL | 13:f67a6c6013ca | 263 | #define ntruCertFile "certs/ntru-cert.pem" |
wolfSSL | 13:f67a6c6013ca | 264 | #define ntruKeyFile "certs/ntru-key.raw" |
wolfSSL | 13:f67a6c6013ca | 265 | #define dhParamFile "certs/dh2048.pem" |
wolfSSL | 13:f67a6c6013ca | 266 | #define cliEccKeyFile "certs/ecc-client-key.pem" |
wolfSSL | 13:f67a6c6013ca | 267 | #define cliEccCertFile "certs/client-ecc-cert.pem" |
wolfSSL | 13:f67a6c6013ca | 268 | #define crlPemDir "certs/crl" |
wolfSSL | 13:f67a6c6013ca | 269 | #ifdef HAVE_WNR |
wolfSSL | 13:f67a6c6013ca | 270 | /* Whitewood netRandom default config file */ |
wolfSSL | 13:f67a6c6013ca | 271 | #define wnrConfig "wnr-example.conf" |
wolfSSL | 13:f67a6c6013ca | 272 | #endif |
wolfSSL | 13:f67a6c6013ca | 273 | #else |
wolfSSL | 13:f67a6c6013ca | 274 | #define caCertFile "./certs/ca-cert.pem" |
wolfSSL | 13:f67a6c6013ca | 275 | #define eccCertFile "./certs/server-ecc.pem" |
wolfSSL | 13:f67a6c6013ca | 276 | #define eccKeyFile "./certs/ecc-key.pem" |
wolfSSL | 13:f67a6c6013ca | 277 | #define svrCertFile "./certs/server-cert.pem" |
wolfSSL | 13:f67a6c6013ca | 278 | #define svrKeyFile "./certs/server-key.pem" |
wolfSSL | 13:f67a6c6013ca | 279 | #define cliCertFile "./certs/client-cert.pem" |
wolfSSL | 13:f67a6c6013ca | 280 | #define cliKeyFile "./certs/client-key.pem" |
wolfSSL | 13:f67a6c6013ca | 281 | #define ntruCertFile "./certs/ntru-cert.pem" |
wolfSSL | 13:f67a6c6013ca | 282 | #define ntruKeyFile "./certs/ntru-key.raw" |
wolfSSL | 13:f67a6c6013ca | 283 | #define dhParamFile "./certs/dh2048.pem" |
wolfSSL | 13:f67a6c6013ca | 284 | #define cliEccKeyFile "./certs/ecc-client-key.pem" |
wolfSSL | 13:f67a6c6013ca | 285 | #define cliEccCertFile "./certs/client-ecc-cert.pem" |
wolfSSL | 13:f67a6c6013ca | 286 | #define crlPemDir "./certs/crl" |
wolfSSL | 13:f67a6c6013ca | 287 | #ifdef HAVE_WNR |
wolfSSL | 13:f67a6c6013ca | 288 | /* Whitewood netRandom default config file */ |
wolfSSL | 13:f67a6c6013ca | 289 | #define wnrConfig "./wnr-example.conf" |
wolfSSL | 13:f67a6c6013ca | 290 | #endif |
wolfSSL | 13:f67a6c6013ca | 291 | #endif |
wolfSSL | 13:f67a6c6013ca | 292 | |
wolfSSL | 13:f67a6c6013ca | 293 | typedef struct tcp_ready { |
wolfSSL | 13:f67a6c6013ca | 294 | word16 ready; /* predicate */ |
wolfSSL | 13:f67a6c6013ca | 295 | word16 port; |
wolfSSL | 13:f67a6c6013ca | 296 | char* srfName; /* server ready file name */ |
wolfSSL | 13:f67a6c6013ca | 297 | #if defined(_POSIX_THREADS) && !defined(__MINGW32__) |
wolfSSL | 13:f67a6c6013ca | 298 | pthread_mutex_t mutex; |
wolfSSL | 13:f67a6c6013ca | 299 | pthread_cond_t cond; |
wolfSSL | 13:f67a6c6013ca | 300 | #endif |
wolfSSL | 13:f67a6c6013ca | 301 | } tcp_ready; |
wolfSSL | 13:f67a6c6013ca | 302 | |
wolfSSL | 13:f67a6c6013ca | 303 | |
wolfSSL | 13:f67a6c6013ca | 304 | static INLINE void InitTcpReady(tcp_ready* ready) |
wolfSSL | 13:f67a6c6013ca | 305 | { |
wolfSSL | 13:f67a6c6013ca | 306 | ready->ready = 0; |
wolfSSL | 13:f67a6c6013ca | 307 | ready->port = 0; |
wolfSSL | 13:f67a6c6013ca | 308 | ready->srfName = NULL; |
wolfSSL | 13:f67a6c6013ca | 309 | #ifdef SINGLE_THREADED |
wolfSSL | 13:f67a6c6013ca | 310 | #elif defined(_POSIX_THREADS) && !defined(__MINGW32__) |
wolfSSL | 13:f67a6c6013ca | 311 | pthread_mutex_init(&ready->mutex, 0); |
wolfSSL | 13:f67a6c6013ca | 312 | pthread_cond_init(&ready->cond, 0); |
wolfSSL | 13:f67a6c6013ca | 313 | #endif |
wolfSSL | 13:f67a6c6013ca | 314 | } |
wolfSSL | 13:f67a6c6013ca | 315 | |
wolfSSL | 13:f67a6c6013ca | 316 | |
wolfSSL | 13:f67a6c6013ca | 317 | static INLINE void FreeTcpReady(tcp_ready* ready) |
wolfSSL | 13:f67a6c6013ca | 318 | { |
wolfSSL | 13:f67a6c6013ca | 319 | #ifdef SINGLE_THREADED |
wolfSSL | 13:f67a6c6013ca | 320 | (void)ready; |
wolfSSL | 13:f67a6c6013ca | 321 | #elif defined(_POSIX_THREADS) && !defined(__MINGW32__) |
wolfSSL | 13:f67a6c6013ca | 322 | pthread_mutex_destroy(&ready->mutex); |
wolfSSL | 13:f67a6c6013ca | 323 | pthread_cond_destroy(&ready->cond); |
wolfSSL | 13:f67a6c6013ca | 324 | #else |
wolfSSL | 13:f67a6c6013ca | 325 | (void)ready; |
wolfSSL | 13:f67a6c6013ca | 326 | #endif |
wolfSSL | 13:f67a6c6013ca | 327 | } |
wolfSSL | 13:f67a6c6013ca | 328 | |
wolfSSL | 13:f67a6c6013ca | 329 | typedef WOLFSSL_METHOD* (*method_provider)(void); |
wolfSSL | 13:f67a6c6013ca | 330 | typedef void (*ctx_callback)(WOLFSSL_CTX* ctx); |
wolfSSL | 13:f67a6c6013ca | 331 | typedef void (*ssl_callback)(WOLFSSL* ssl); |
wolfSSL | 13:f67a6c6013ca | 332 | |
wolfSSL | 13:f67a6c6013ca | 333 | typedef struct callback_functions { |
wolfSSL | 13:f67a6c6013ca | 334 | method_provider method; |
wolfSSL | 13:f67a6c6013ca | 335 | ctx_callback ctx_ready; |
wolfSSL | 13:f67a6c6013ca | 336 | ssl_callback ssl_ready; |
wolfSSL | 13:f67a6c6013ca | 337 | ssl_callback on_result; |
wolfSSL | 13:f67a6c6013ca | 338 | } callback_functions; |
wolfSSL | 13:f67a6c6013ca | 339 | |
wolfSSL | 13:f67a6c6013ca | 340 | typedef struct func_args { |
wolfSSL | 13:f67a6c6013ca | 341 | int argc; |
wolfSSL | 13:f67a6c6013ca | 342 | char** argv; |
wolfSSL | 13:f67a6c6013ca | 343 | int return_code; |
wolfSSL | 13:f67a6c6013ca | 344 | tcp_ready* signal; |
wolfSSL | 13:f67a6c6013ca | 345 | callback_functions *callbacks; |
wolfSSL | 13:f67a6c6013ca | 346 | } func_args; |
wolfSSL | 13:f67a6c6013ca | 347 | |
wolfSSL | 13:f67a6c6013ca | 348 | |
wolfSSL | 13:f67a6c6013ca | 349 | |
wolfSSL | 13:f67a6c6013ca | 350 | |
wolfSSL | 13:f67a6c6013ca | 351 | void wait_tcp_ready(func_args*); |
wolfSSL | 13:f67a6c6013ca | 352 | |
wolfSSL | 13:f67a6c6013ca | 353 | typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*); |
wolfSSL | 13:f67a6c6013ca | 354 | |
wolfSSL | 13:f67a6c6013ca | 355 | void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*); |
wolfSSL | 13:f67a6c6013ca | 356 | void join_thread(THREAD_TYPE); |
wolfSSL | 13:f67a6c6013ca | 357 | |
wolfSSL | 13:f67a6c6013ca | 358 | /* wolfSSL */ |
wolfSSL | 13:f67a6c6013ca | 359 | #ifndef TEST_IPV6 |
wolfSSL | 13:f67a6c6013ca | 360 | static const char* const wolfSSLIP = "127.0.0.1"; |
wolfSSL | 13:f67a6c6013ca | 361 | #else |
wolfSSL | 13:f67a6c6013ca | 362 | static const char* const wolfSSLIP = "::1"; |
wolfSSL | 13:f67a6c6013ca | 363 | #endif |
wolfSSL | 13:f67a6c6013ca | 364 | static const word16 wolfSSLPort = 11111; |
wolfSSL | 13:f67a6c6013ca | 365 | |
wolfSSL | 13:f67a6c6013ca | 366 | |
wolfSSL | 13:f67a6c6013ca | 367 | #if defined(__GNUC__) |
wolfSSL | 13:f67a6c6013ca | 368 | #define WC_NORETURN __attribute__((noreturn)) |
wolfSSL | 13:f67a6c6013ca | 369 | #else |
wolfSSL | 13:f67a6c6013ca | 370 | #define WC_NORETURN |
wolfSSL | 13:f67a6c6013ca | 371 | #endif |
wolfSSL | 13:f67a6c6013ca | 372 | |
wolfSSL | 13:f67a6c6013ca | 373 | static INLINE WC_NORETURN void err_sys(const char* msg) |
wolfSSL | 13:f67a6c6013ca | 374 | { |
wolfSSL | 13:f67a6c6013ca | 375 | printf("wolfSSL error: %s\n", msg); |
wolfSSL | 13:f67a6c6013ca | 376 | |
wolfSSL | 13:f67a6c6013ca | 377 | #if !defined(__GNUC__) |
wolfSSL | 13:f67a6c6013ca | 378 | /* scan-build (which pretends to be gnuc) can get confused and think the |
wolfSSL | 13:f67a6c6013ca | 379 | * msg pointer can be null even when hardcoded and then it won't exit, |
wolfSSL | 13:f67a6c6013ca | 380 | * making null pointer checks above the err_sys() call useless. |
wolfSSL | 13:f67a6c6013ca | 381 | * We could just always exit() but some compilers will complain about no |
wolfSSL | 13:f67a6c6013ca | 382 | * possible return, with gcc we know the attribute to handle that with |
wolfSSL | 13:f67a6c6013ca | 383 | * WC_NORETURN. */ |
wolfSSL | 13:f67a6c6013ca | 384 | if (msg) |
wolfSSL | 13:f67a6c6013ca | 385 | #endif |
wolfSSL | 13:f67a6c6013ca | 386 | { |
wolfSSL | 13:f67a6c6013ca | 387 | exit(EXIT_FAILURE); |
wolfSSL | 13:f67a6c6013ca | 388 | } |
wolfSSL | 13:f67a6c6013ca | 389 | } |
wolfSSL | 13:f67a6c6013ca | 390 | |
wolfSSL | 13:f67a6c6013ca | 391 | |
wolfSSL | 13:f67a6c6013ca | 392 | #define MY_EX_USAGE 2 |
wolfSSL | 13:f67a6c6013ca | 393 | |
wolfSSL | 13:f67a6c6013ca | 394 | extern int myoptind; |
wolfSSL | 13:f67a6c6013ca | 395 | extern char* myoptarg; |
wolfSSL | 13:f67a6c6013ca | 396 | |
wolfSSL | 13:f67a6c6013ca | 397 | static INLINE int mygetopt(int argc, char** argv, const char* optstring) |
wolfSSL | 13:f67a6c6013ca | 398 | { |
wolfSSL | 13:f67a6c6013ca | 399 | static char* next = NULL; |
wolfSSL | 13:f67a6c6013ca | 400 | |
wolfSSL | 13:f67a6c6013ca | 401 | char c; |
wolfSSL | 13:f67a6c6013ca | 402 | char* cp; |
wolfSSL | 13:f67a6c6013ca | 403 | |
wolfSSL | 13:f67a6c6013ca | 404 | if (myoptind == 0) |
wolfSSL | 13:f67a6c6013ca | 405 | next = NULL; /* we're starting new/over */ |
wolfSSL | 13:f67a6c6013ca | 406 | |
wolfSSL | 13:f67a6c6013ca | 407 | if (next == NULL || *next == '\0') { |
wolfSSL | 13:f67a6c6013ca | 408 | if (myoptind == 0) |
wolfSSL | 13:f67a6c6013ca | 409 | myoptind++; |
wolfSSL | 13:f67a6c6013ca | 410 | |
wolfSSL | 13:f67a6c6013ca | 411 | if (myoptind >= argc || argv[myoptind][0] != '-' || |
wolfSSL | 13:f67a6c6013ca | 412 | argv[myoptind][1] == '\0') { |
wolfSSL | 13:f67a6c6013ca | 413 | myoptarg = NULL; |
wolfSSL | 13:f67a6c6013ca | 414 | if (myoptind < argc) |
wolfSSL | 13:f67a6c6013ca | 415 | myoptarg = argv[myoptind]; |
wolfSSL | 13:f67a6c6013ca | 416 | |
wolfSSL | 13:f67a6c6013ca | 417 | return -1; |
wolfSSL | 13:f67a6c6013ca | 418 | } |
wolfSSL | 13:f67a6c6013ca | 419 | |
wolfSSL | 13:f67a6c6013ca | 420 | if (strcmp(argv[myoptind], "--") == 0) { |
wolfSSL | 13:f67a6c6013ca | 421 | myoptind++; |
wolfSSL | 13:f67a6c6013ca | 422 | myoptarg = NULL; |
wolfSSL | 13:f67a6c6013ca | 423 | |
wolfSSL | 13:f67a6c6013ca | 424 | if (myoptind < argc) |
wolfSSL | 13:f67a6c6013ca | 425 | myoptarg = argv[myoptind]; |
wolfSSL | 13:f67a6c6013ca | 426 | |
wolfSSL | 13:f67a6c6013ca | 427 | return -1; |
wolfSSL | 13:f67a6c6013ca | 428 | } |
wolfSSL | 13:f67a6c6013ca | 429 | |
wolfSSL | 13:f67a6c6013ca | 430 | next = argv[myoptind]; |
wolfSSL | 13:f67a6c6013ca | 431 | next++; /* skip - */ |
wolfSSL | 13:f67a6c6013ca | 432 | myoptind++; |
wolfSSL | 13:f67a6c6013ca | 433 | } |
wolfSSL | 13:f67a6c6013ca | 434 | |
wolfSSL | 13:f67a6c6013ca | 435 | c = *next++; |
wolfSSL | 13:f67a6c6013ca | 436 | /* The C++ strchr can return a different value */ |
wolfSSL | 13:f67a6c6013ca | 437 | cp = (char*)strchr(optstring, c); |
wolfSSL | 13:f67a6c6013ca | 438 | |
wolfSSL | 13:f67a6c6013ca | 439 | if (cp == NULL || c == ':') |
wolfSSL | 13:f67a6c6013ca | 440 | return '?'; |
wolfSSL | 13:f67a6c6013ca | 441 | |
wolfSSL | 13:f67a6c6013ca | 442 | cp++; |
wolfSSL | 13:f67a6c6013ca | 443 | |
wolfSSL | 13:f67a6c6013ca | 444 | if (*cp == ':') { |
wolfSSL | 13:f67a6c6013ca | 445 | if (*next != '\0') { |
wolfSSL | 13:f67a6c6013ca | 446 | myoptarg = next; |
wolfSSL | 13:f67a6c6013ca | 447 | next = NULL; |
wolfSSL | 13:f67a6c6013ca | 448 | } |
wolfSSL | 13:f67a6c6013ca | 449 | else if (myoptind < argc) { |
wolfSSL | 13:f67a6c6013ca | 450 | myoptarg = argv[myoptind]; |
wolfSSL | 13:f67a6c6013ca | 451 | myoptind++; |
wolfSSL | 13:f67a6c6013ca | 452 | } |
wolfSSL | 13:f67a6c6013ca | 453 | else |
wolfSSL | 13:f67a6c6013ca | 454 | return '?'; |
wolfSSL | 13:f67a6c6013ca | 455 | } |
wolfSSL | 13:f67a6c6013ca | 456 | |
wolfSSL | 13:f67a6c6013ca | 457 | return c; |
wolfSSL | 13:f67a6c6013ca | 458 | } |
wolfSSL | 13:f67a6c6013ca | 459 | |
wolfSSL | 13:f67a6c6013ca | 460 | |
wolfSSL | 13:f67a6c6013ca | 461 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
wolfSSL | 13:f67a6c6013ca | 462 | |
wolfSSL | 13:f67a6c6013ca | 463 | static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata) |
wolfSSL | 13:f67a6c6013ca | 464 | { |
wolfSSL | 13:f67a6c6013ca | 465 | (void)rw; |
wolfSSL | 13:f67a6c6013ca | 466 | (void)userdata; |
wolfSSL | 13:f67a6c6013ca | 467 | strncpy(passwd, "yassl123", sz); |
wolfSSL | 13:f67a6c6013ca | 468 | return 8; |
wolfSSL | 13:f67a6c6013ca | 469 | } |
wolfSSL | 13:f67a6c6013ca | 470 | |
wolfSSL | 13:f67a6c6013ca | 471 | #endif |
wolfSSL | 13:f67a6c6013ca | 472 | |
wolfSSL | 13:f67a6c6013ca | 473 | |
wolfSSL | 13:f67a6c6013ca | 474 | #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) |
wolfSSL | 13:f67a6c6013ca | 475 | |
wolfSSL | 13:f67a6c6013ca | 476 | static INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr) |
wolfSSL | 13:f67a6c6013ca | 477 | { |
wolfSSL | 13:f67a6c6013ca | 478 | char* altName; |
wolfSSL | 13:f67a6c6013ca | 479 | char* issuer; |
wolfSSL | 13:f67a6c6013ca | 480 | char* subject; |
wolfSSL | 13:f67a6c6013ca | 481 | byte serial[32]; |
wolfSSL | 13:f67a6c6013ca | 482 | int ret; |
wolfSSL | 13:f67a6c6013ca | 483 | int sz = sizeof(serial); |
wolfSSL | 13:f67a6c6013ca | 484 | |
wolfSSL | 13:f67a6c6013ca | 485 | if (x509 == NULL) { |
wolfSSL | 13:f67a6c6013ca | 486 | printf("%s No Cert\n", hdr); |
wolfSSL | 13:f67a6c6013ca | 487 | return; |
wolfSSL | 13:f67a6c6013ca | 488 | } |
wolfSSL | 13:f67a6c6013ca | 489 | |
wolfSSL | 13:f67a6c6013ca | 490 | issuer = wolfSSL_X509_NAME_oneline( |
wolfSSL | 13:f67a6c6013ca | 491 | wolfSSL_X509_get_issuer_name(x509), 0, 0); |
wolfSSL | 13:f67a6c6013ca | 492 | subject = wolfSSL_X509_NAME_oneline( |
wolfSSL | 13:f67a6c6013ca | 493 | wolfSSL_X509_get_subject_name(x509), 0, 0); |
wolfSSL | 13:f67a6c6013ca | 494 | |
wolfSSL | 13:f67a6c6013ca | 495 | printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject); |
wolfSSL | 13:f67a6c6013ca | 496 | |
wolfSSL | 13:f67a6c6013ca | 497 | while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL) |
wolfSSL | 13:f67a6c6013ca | 498 | printf(" altname = %s\n", altName); |
wolfSSL | 13:f67a6c6013ca | 499 | |
wolfSSL | 13:f67a6c6013ca | 500 | ret = wolfSSL_X509_get_serial_number(x509, serial, &sz); |
wolfSSL | 13:f67a6c6013ca | 501 | if (ret == SSL_SUCCESS) { |
wolfSSL | 13:f67a6c6013ca | 502 | int i; |
wolfSSL | 13:f67a6c6013ca | 503 | int strLen; |
wolfSSL | 13:f67a6c6013ca | 504 | char serialMsg[80]; |
wolfSSL | 13:f67a6c6013ca | 505 | |
wolfSSL | 13:f67a6c6013ca | 506 | /* testsuite has multiple threads writing to stdout, get output |
wolfSSL | 13:f67a6c6013ca | 507 | message ready to write once */ |
wolfSSL | 13:f67a6c6013ca | 508 | strLen = sprintf(serialMsg, " serial number"); |
wolfSSL | 13:f67a6c6013ca | 509 | for (i = 0; i < sz; i++) |
wolfSSL | 13:f67a6c6013ca | 510 | sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]); |
wolfSSL | 13:f67a6c6013ca | 511 | printf("%s\n", serialMsg); |
wolfSSL | 13:f67a6c6013ca | 512 | } |
wolfSSL | 13:f67a6c6013ca | 513 | |
wolfSSL | 13:f67a6c6013ca | 514 | XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); |
wolfSSL | 13:f67a6c6013ca | 515 | XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); |
wolfSSL | 13:f67a6c6013ca | 516 | } |
wolfSSL | 13:f67a6c6013ca | 517 | |
wolfSSL | 13:f67a6c6013ca | 518 | #endif /* KEEP_PEER_CERT || SESSION_CERTS */ |
wolfSSL | 13:f67a6c6013ca | 519 | |
wolfSSL | 13:f67a6c6013ca | 520 | |
wolfSSL | 13:f67a6c6013ca | 521 | static INLINE void showPeer(WOLFSSL* ssl) |
wolfSSL | 13:f67a6c6013ca | 522 | { |
wolfSSL | 13:f67a6c6013ca | 523 | |
wolfSSL | 13:f67a6c6013ca | 524 | WOLFSSL_CIPHER* cipher; |
wolfSSL | 13:f67a6c6013ca | 525 | #ifdef HAVE_ECC |
wolfSSL | 13:f67a6c6013ca | 526 | const char *name; |
wolfSSL | 13:f67a6c6013ca | 527 | #endif |
wolfSSL | 13:f67a6c6013ca | 528 | #ifndef NO_DH |
wolfSSL | 13:f67a6c6013ca | 529 | int bits; |
wolfSSL | 13:f67a6c6013ca | 530 | #endif |
wolfSSL | 13:f67a6c6013ca | 531 | #ifdef KEEP_PEER_CERT |
wolfSSL | 13:f67a6c6013ca | 532 | WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); |
wolfSSL | 13:f67a6c6013ca | 533 | if (peer) |
wolfSSL | 13:f67a6c6013ca | 534 | ShowX509(peer, "peer's cert info:"); |
wolfSSL | 13:f67a6c6013ca | 535 | else |
wolfSSL | 13:f67a6c6013ca | 536 | printf("peer has no cert!\n"); |
wolfSSL | 13:f67a6c6013ca | 537 | wolfSSL_FreeX509(peer); |
wolfSSL | 13:f67a6c6013ca | 538 | #endif |
wolfSSL | 13:f67a6c6013ca | 539 | #if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT) |
wolfSSL | 13:f67a6c6013ca | 540 | ShowX509(wolfSSL_get_certificate(ssl), "our cert info:"); |
wolfSSL | 13:f67a6c6013ca | 541 | printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl)); |
wolfSSL | 13:f67a6c6013ca | 542 | #endif /* SHOW_CERTS */ |
wolfSSL | 13:f67a6c6013ca | 543 | printf("SSL version is %s\n", wolfSSL_get_version(ssl)); |
wolfSSL | 13:f67a6c6013ca | 544 | |
wolfSSL | 13:f67a6c6013ca | 545 | cipher = wolfSSL_get_current_cipher(ssl); |
wolfSSL | 13:f67a6c6013ca | 546 | #ifdef HAVE_QSH |
wolfSSL | 13:f67a6c6013ca | 547 | printf("SSL cipher suite is %s%s\n", (wolfSSL_isQSH(ssl))? "QSH:": "", |
wolfSSL | 13:f67a6c6013ca | 548 | wolfSSL_CIPHER_get_name(cipher)); |
wolfSSL | 13:f67a6c6013ca | 549 | #else |
wolfSSL | 13:f67a6c6013ca | 550 | printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher)); |
wolfSSL | 13:f67a6c6013ca | 551 | #endif |
wolfSSL | 13:f67a6c6013ca | 552 | #ifdef HAVE_ECC |
wolfSSL | 13:f67a6c6013ca | 553 | if ((name = wolfSSL_get_curve_name(ssl)) != NULL) |
wolfSSL | 13:f67a6c6013ca | 554 | printf("SSL curve name is %s\n", name); |
wolfSSL | 13:f67a6c6013ca | 555 | #endif |
wolfSSL | 13:f67a6c6013ca | 556 | #ifndef NO_DH |
wolfSSL | 13:f67a6c6013ca | 557 | if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0) |
wolfSSL | 13:f67a6c6013ca | 558 | printf("SSL DH size is %d bits\n", bits); |
wolfSSL | 13:f67a6c6013ca | 559 | #endif |
wolfSSL | 13:f67a6c6013ca | 560 | if (wolfSSL_session_reused(ssl)) |
wolfSSL | 13:f67a6c6013ca | 561 | printf("SSL reused session\n"); |
wolfSSL | 13:f67a6c6013ca | 562 | |
wolfSSL | 13:f67a6c6013ca | 563 | #if defined(SESSION_CERTS) && defined(SHOW_CERTS) |
wolfSSL | 13:f67a6c6013ca | 564 | { |
wolfSSL | 13:f67a6c6013ca | 565 | WOLFSSL_X509_CHAIN* chain = wolfSSL_get_peer_chain(ssl); |
wolfSSL | 13:f67a6c6013ca | 566 | int count = wolfSSL_get_chain_count(chain); |
wolfSSL | 13:f67a6c6013ca | 567 | int i; |
wolfSSL | 13:f67a6c6013ca | 568 | |
wolfSSL | 13:f67a6c6013ca | 569 | for (i = 0; i < count; i++) { |
wolfSSL | 13:f67a6c6013ca | 570 | int length; |
wolfSSL | 13:f67a6c6013ca | 571 | unsigned char buffer[3072]; |
wolfSSL | 13:f67a6c6013ca | 572 | WOLFSSL_X509* chainX509; |
wolfSSL | 13:f67a6c6013ca | 573 | |
wolfSSL | 13:f67a6c6013ca | 574 | wolfSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length); |
wolfSSL | 13:f67a6c6013ca | 575 | buffer[length] = 0; |
wolfSSL | 13:f67a6c6013ca | 576 | printf("cert %d has length %d data = \n%s\n", i, length, buffer); |
wolfSSL | 13:f67a6c6013ca | 577 | |
wolfSSL | 13:f67a6c6013ca | 578 | chainX509 = wolfSSL_get_chain_X509(chain, i); |
wolfSSL | 13:f67a6c6013ca | 579 | if (chainX509) |
wolfSSL | 13:f67a6c6013ca | 580 | ShowX509(chainX509, "session cert info:"); |
wolfSSL | 13:f67a6c6013ca | 581 | else |
wolfSSL | 13:f67a6c6013ca | 582 | printf("get_chain_X509 failed\n"); |
wolfSSL | 13:f67a6c6013ca | 583 | wolfSSL_FreeX509(chainX509); |
wolfSSL | 13:f67a6c6013ca | 584 | } |
wolfSSL | 13:f67a6c6013ca | 585 | } |
wolfSSL | 13:f67a6c6013ca | 586 | #endif |
wolfSSL | 13:f67a6c6013ca | 587 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 588 | } |
wolfSSL | 13:f67a6c6013ca | 589 | |
wolfSSL | 13:f67a6c6013ca | 590 | |
wolfSSL | 13:f67a6c6013ca | 591 | static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, |
wolfSSL | 13:f67a6c6013ca | 592 | word16 port, int udp, int sctp) |
wolfSSL | 13:f67a6c6013ca | 593 | { |
wolfSSL | 13:f67a6c6013ca | 594 | int useLookup = 0; |
wolfSSL | 13:f67a6c6013ca | 595 | (void)useLookup; |
wolfSSL | 13:f67a6c6013ca | 596 | (void)udp; |
wolfSSL | 13:f67a6c6013ca | 597 | (void)sctp; |
wolfSSL | 13:f67a6c6013ca | 598 | |
wolfSSL | 13:f67a6c6013ca | 599 | if (addr == NULL) |
wolfSSL | 13:f67a6c6013ca | 600 | err_sys("invalid argument to build_addr, addr is NULL"); |
wolfSSL | 13:f67a6c6013ca | 601 | |
wolfSSL | 13:f67a6c6013ca | 602 | memset(addr, 0, sizeof(SOCKADDR_IN_T)); |
wolfSSL | 13:f67a6c6013ca | 603 | |
wolfSSL | 13:f67a6c6013ca | 604 | #ifndef TEST_IPV6 |
wolfSSL | 13:f67a6c6013ca | 605 | /* peer could be in human readable form */ |
wolfSSL | 13:f67a6c6013ca | 606 | if ( ((size_t)peer != INADDR_ANY) && isalpha((int)peer[0])) { |
wolfSSL | 13:f67a6c6013ca | 607 | #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) |
wolfSSL | 13:f67a6c6013ca | 608 | int err; |
wolfSSL | 13:f67a6c6013ca | 609 | struct hostent* entry = gethostbyname(peer, &err); |
wolfSSL | 13:f67a6c6013ca | 610 | #elif defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 611 | struct hostent* entry = DNSGetHostByName(peer); |
wolfSSL | 13:f67a6c6013ca | 612 | #elif defined(WOLFSSL_VXWORKS) |
wolfSSL | 13:f67a6c6013ca | 613 | struct hostent* entry = (struct hostent*)hostGetByName((char*)peer); |
wolfSSL | 13:f67a6c6013ca | 614 | #else |
wolfSSL | 13:f67a6c6013ca | 615 | struct hostent* entry = gethostbyname(peer); |
wolfSSL | 13:f67a6c6013ca | 616 | #endif |
wolfSSL | 13:f67a6c6013ca | 617 | |
wolfSSL | 13:f67a6c6013ca | 618 | if (entry) { |
wolfSSL | 13:f67a6c6013ca | 619 | XMEMCPY(&addr->sin_addr.s_addr, entry->h_addr_list[0], |
wolfSSL | 13:f67a6c6013ca | 620 | entry->h_length); |
wolfSSL | 13:f67a6c6013ca | 621 | useLookup = 1; |
wolfSSL | 13:f67a6c6013ca | 622 | } |
wolfSSL | 13:f67a6c6013ca | 623 | else |
wolfSSL | 13:f67a6c6013ca | 624 | err_sys("no entry for host"); |
wolfSSL | 13:f67a6c6013ca | 625 | } |
wolfSSL | 13:f67a6c6013ca | 626 | #endif |
wolfSSL | 13:f67a6c6013ca | 627 | |
wolfSSL | 13:f67a6c6013ca | 628 | |
wolfSSL | 13:f67a6c6013ca | 629 | #ifndef TEST_IPV6 |
wolfSSL | 13:f67a6c6013ca | 630 | #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) |
wolfSSL | 13:f67a6c6013ca | 631 | addr->sin_family = PF_INET; |
wolfSSL | 13:f67a6c6013ca | 632 | #else |
wolfSSL | 13:f67a6c6013ca | 633 | addr->sin_family = AF_INET_V; |
wolfSSL | 13:f67a6c6013ca | 634 | #endif |
wolfSSL | 13:f67a6c6013ca | 635 | addr->sin_port = XHTONS(port); |
wolfSSL | 13:f67a6c6013ca | 636 | if ((size_t)peer == INADDR_ANY) |
wolfSSL | 13:f67a6c6013ca | 637 | addr->sin_addr.s_addr = INADDR_ANY; |
wolfSSL | 13:f67a6c6013ca | 638 | else { |
wolfSSL | 13:f67a6c6013ca | 639 | if (!useLookup) |
wolfSSL | 13:f67a6c6013ca | 640 | addr->sin_addr.s_addr = inet_addr(peer); |
wolfSSL | 13:f67a6c6013ca | 641 | } |
wolfSSL | 13:f67a6c6013ca | 642 | #else |
wolfSSL | 13:f67a6c6013ca | 643 | addr->sin6_family = AF_INET_V; |
wolfSSL | 13:f67a6c6013ca | 644 | addr->sin6_port = XHTONS(port); |
wolfSSL | 13:f67a6c6013ca | 645 | if (peer == INADDR_ANY) |
wolfSSL | 13:f67a6c6013ca | 646 | addr->sin6_addr = in6addr_any; |
wolfSSL | 13:f67a6c6013ca | 647 | else { |
wolfSSL | 13:f67a6c6013ca | 648 | #ifdef HAVE_GETADDRINFO |
wolfSSL | 13:f67a6c6013ca | 649 | struct addrinfo hints; |
wolfSSL | 13:f67a6c6013ca | 650 | struct addrinfo* answer = NULL; |
wolfSSL | 13:f67a6c6013ca | 651 | int ret; |
wolfSSL | 13:f67a6c6013ca | 652 | char strPort[80]; |
wolfSSL | 13:f67a6c6013ca | 653 | |
wolfSSL | 13:f67a6c6013ca | 654 | memset(&hints, 0, sizeof(hints)); |
wolfSSL | 13:f67a6c6013ca | 655 | |
wolfSSL | 13:f67a6c6013ca | 656 | hints.ai_family = AF_INET_V; |
wolfSSL | 13:f67a6c6013ca | 657 | if (udp) { |
wolfSSL | 13:f67a6c6013ca | 658 | hints.ai_socktype = SOCK_DGRAM; |
wolfSSL | 13:f67a6c6013ca | 659 | hints.ai_protocol = IPPROTO_UDP; |
wolfSSL | 13:f67a6c6013ca | 660 | } |
wolfSSL | 13:f67a6c6013ca | 661 | #ifdef WOLFSSL_SCTP |
wolfSSL | 13:f67a6c6013ca | 662 | else if (sctp) { |
wolfSSL | 13:f67a6c6013ca | 663 | hints.ai_socktype = SOCK_STREAM; |
wolfSSL | 13:f67a6c6013ca | 664 | hints.ai_protocol = IPPROTO_SCTP; |
wolfSSL | 13:f67a6c6013ca | 665 | } |
wolfSSL | 13:f67a6c6013ca | 666 | #endif |
wolfSSL | 13:f67a6c6013ca | 667 | else { |
wolfSSL | 13:f67a6c6013ca | 668 | hints.ai_socktype = SOCK_STREAM; |
wolfSSL | 13:f67a6c6013ca | 669 | hints.ai_protocol = IPPROTO_TCP; |
wolfSSL | 13:f67a6c6013ca | 670 | } |
wolfSSL | 13:f67a6c6013ca | 671 | |
wolfSSL | 13:f67a6c6013ca | 672 | SNPRINTF(strPort, sizeof(strPort), "%d", port); |
wolfSSL | 13:f67a6c6013ca | 673 | strPort[79] = '\0'; |
wolfSSL | 13:f67a6c6013ca | 674 | |
wolfSSL | 13:f67a6c6013ca | 675 | ret = getaddrinfo(peer, strPort, &hints, &answer); |
wolfSSL | 13:f67a6c6013ca | 676 | if (ret < 0 || answer == NULL) |
wolfSSL | 13:f67a6c6013ca | 677 | err_sys("getaddrinfo failed"); |
wolfSSL | 13:f67a6c6013ca | 678 | |
wolfSSL | 13:f67a6c6013ca | 679 | XMEMCPY(addr, answer->ai_addr, answer->ai_addrlen); |
wolfSSL | 13:f67a6c6013ca | 680 | freeaddrinfo(answer); |
wolfSSL | 13:f67a6c6013ca | 681 | #else |
wolfSSL | 13:f67a6c6013ca | 682 | printf("no ipv6 getaddrinfo, loopback only tests/examples\n"); |
wolfSSL | 13:f67a6c6013ca | 683 | addr->sin6_addr = in6addr_loopback; |
wolfSSL | 13:f67a6c6013ca | 684 | #endif |
wolfSSL | 13:f67a6c6013ca | 685 | } |
wolfSSL | 13:f67a6c6013ca | 686 | #endif |
wolfSSL | 13:f67a6c6013ca | 687 | } |
wolfSSL | 13:f67a6c6013ca | 688 | |
wolfSSL | 13:f67a6c6013ca | 689 | |
wolfSSL | 13:f67a6c6013ca | 690 | static INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp) |
wolfSSL | 13:f67a6c6013ca | 691 | { |
wolfSSL | 13:f67a6c6013ca | 692 | (void)sctp; |
wolfSSL | 13:f67a6c6013ca | 693 | |
wolfSSL | 13:f67a6c6013ca | 694 | if (udp) |
wolfSSL | 13:f67a6c6013ca | 695 | *sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP); |
wolfSSL | 13:f67a6c6013ca | 696 | #ifdef WOLFSSL_SCTP |
wolfSSL | 13:f67a6c6013ca | 697 | else if (sctp) |
wolfSSL | 13:f67a6c6013ca | 698 | *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_SCTP); |
wolfSSL | 13:f67a6c6013ca | 699 | #endif |
wolfSSL | 13:f67a6c6013ca | 700 | else |
wolfSSL | 13:f67a6c6013ca | 701 | *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_TCP); |
wolfSSL | 13:f67a6c6013ca | 702 | |
wolfSSL | 13:f67a6c6013ca | 703 | if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) { |
wolfSSL | 13:f67a6c6013ca | 704 | err_sys("socket failed\n"); |
wolfSSL | 13:f67a6c6013ca | 705 | } |
wolfSSL | 13:f67a6c6013ca | 706 | |
wolfSSL | 13:f67a6c6013ca | 707 | #ifndef USE_WINDOWS_API |
wolfSSL | 13:f67a6c6013ca | 708 | #ifdef SO_NOSIGPIPE |
wolfSSL | 13:f67a6c6013ca | 709 | { |
wolfSSL | 13:f67a6c6013ca | 710 | int on = 1; |
wolfSSL | 13:f67a6c6013ca | 711 | socklen_t len = sizeof(on); |
wolfSSL | 13:f67a6c6013ca | 712 | int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len); |
wolfSSL | 13:f67a6c6013ca | 713 | if (res < 0) |
wolfSSL | 13:f67a6c6013ca | 714 | err_sys("setsockopt SO_NOSIGPIPE failed\n"); |
wolfSSL | 13:f67a6c6013ca | 715 | } |
wolfSSL | 13:f67a6c6013ca | 716 | #elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\ |
wolfSSL | 13:f67a6c6013ca | 717 | defined(WOLFSSL_KEIL_TCP_NET) |
wolfSSL | 13:f67a6c6013ca | 718 | /* nothing to define */ |
wolfSSL | 13:f67a6c6013ca | 719 | #else /* no S_NOSIGPIPE */ |
wolfSSL | 13:f67a6c6013ca | 720 | signal(SIGPIPE, SIG_IGN); |
wolfSSL | 13:f67a6c6013ca | 721 | #endif /* S_NOSIGPIPE */ |
wolfSSL | 13:f67a6c6013ca | 722 | |
wolfSSL | 13:f67a6c6013ca | 723 | #if defined(TCP_NODELAY) |
wolfSSL | 13:f67a6c6013ca | 724 | if (!udp && !sctp) |
wolfSSL | 13:f67a6c6013ca | 725 | { |
wolfSSL | 13:f67a6c6013ca | 726 | int on = 1; |
wolfSSL | 13:f67a6c6013ca | 727 | socklen_t len = sizeof(on); |
wolfSSL | 13:f67a6c6013ca | 728 | int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len); |
wolfSSL | 13:f67a6c6013ca | 729 | if (res < 0) |
wolfSSL | 13:f67a6c6013ca | 730 | err_sys("setsockopt TCP_NODELAY failed\n"); |
wolfSSL | 13:f67a6c6013ca | 731 | } |
wolfSSL | 13:f67a6c6013ca | 732 | #endif |
wolfSSL | 13:f67a6c6013ca | 733 | #endif /* USE_WINDOWS_API */ |
wolfSSL | 13:f67a6c6013ca | 734 | } |
wolfSSL | 13:f67a6c6013ca | 735 | |
wolfSSL | 13:f67a6c6013ca | 736 | static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port, |
wolfSSL | 13:f67a6c6013ca | 737 | int udp, int sctp, WOLFSSL* ssl) |
wolfSSL | 13:f67a6c6013ca | 738 | { |
wolfSSL | 13:f67a6c6013ca | 739 | SOCKADDR_IN_T addr; |
wolfSSL | 13:f67a6c6013ca | 740 | build_addr(&addr, ip, port, udp, sctp); |
wolfSSL | 13:f67a6c6013ca | 741 | if (udp) { |
wolfSSL | 13:f67a6c6013ca | 742 | wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); |
wolfSSL | 13:f67a6c6013ca | 743 | } |
wolfSSL | 13:f67a6c6013ca | 744 | tcp_socket(sockfd, udp, sctp); |
wolfSSL | 13:f67a6c6013ca | 745 | |
wolfSSL | 13:f67a6c6013ca | 746 | if (!udp) { |
wolfSSL | 13:f67a6c6013ca | 747 | if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) |
wolfSSL | 13:f67a6c6013ca | 748 | err_sys("tcp connect failed"); |
wolfSSL | 13:f67a6c6013ca | 749 | } |
wolfSSL | 13:f67a6c6013ca | 750 | } |
wolfSSL | 13:f67a6c6013ca | 751 | |
wolfSSL | 13:f67a6c6013ca | 752 | |
wolfSSL | 13:f67a6c6013ca | 753 | static INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz) |
wolfSSL | 13:f67a6c6013ca | 754 | { |
wolfSSL | 13:f67a6c6013ca | 755 | if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0) |
wolfSSL | 13:f67a6c6013ca | 756 | err_sys("tcp connect failed"); |
wolfSSL | 13:f67a6c6013ca | 757 | } |
wolfSSL | 13:f67a6c6013ca | 758 | |
wolfSSL | 13:f67a6c6013ca | 759 | |
wolfSSL | 13:f67a6c6013ca | 760 | enum { |
wolfSSL | 13:f67a6c6013ca | 761 | TEST_SELECT_FAIL, |
wolfSSL | 13:f67a6c6013ca | 762 | TEST_TIMEOUT, |
wolfSSL | 13:f67a6c6013ca | 763 | TEST_RECV_READY, |
wolfSSL | 13:f67a6c6013ca | 764 | TEST_ERROR_READY |
wolfSSL | 13:f67a6c6013ca | 765 | }; |
wolfSSL | 13:f67a6c6013ca | 766 | |
wolfSSL | 13:f67a6c6013ca | 767 | |
wolfSSL | 13:f67a6c6013ca | 768 | #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && \ |
wolfSSL | 13:f67a6c6013ca | 769 | !defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 770 | static INLINE int tcp_select(SOCKET_T socketfd, int to_sec) |
wolfSSL | 13:f67a6c6013ca | 771 | { |
wolfSSL | 13:f67a6c6013ca | 772 | fd_set recvfds, errfds; |
wolfSSL | 13:f67a6c6013ca | 773 | SOCKET_T nfds = socketfd + 1; |
wolfSSL | 13:f67a6c6013ca | 774 | struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0}; |
wolfSSL | 13:f67a6c6013ca | 775 | int result; |
wolfSSL | 13:f67a6c6013ca | 776 | |
wolfSSL | 13:f67a6c6013ca | 777 | FD_ZERO(&recvfds); |
wolfSSL | 13:f67a6c6013ca | 778 | FD_SET(socketfd, &recvfds); |
wolfSSL | 13:f67a6c6013ca | 779 | FD_ZERO(&errfds); |
wolfSSL | 13:f67a6c6013ca | 780 | FD_SET(socketfd, &errfds); |
wolfSSL | 13:f67a6c6013ca | 781 | |
wolfSSL | 13:f67a6c6013ca | 782 | result = select(nfds, &recvfds, NULL, &errfds, &timeout); |
wolfSSL | 13:f67a6c6013ca | 783 | |
wolfSSL | 13:f67a6c6013ca | 784 | if (result == 0) |
wolfSSL | 13:f67a6c6013ca | 785 | return TEST_TIMEOUT; |
wolfSSL | 13:f67a6c6013ca | 786 | else if (result > 0) { |
wolfSSL | 13:f67a6c6013ca | 787 | if (FD_ISSET(socketfd, &recvfds)) |
wolfSSL | 13:f67a6c6013ca | 788 | return TEST_RECV_READY; |
wolfSSL | 13:f67a6c6013ca | 789 | else if(FD_ISSET(socketfd, &errfds)) |
wolfSSL | 13:f67a6c6013ca | 790 | return TEST_ERROR_READY; |
wolfSSL | 13:f67a6c6013ca | 791 | } |
wolfSSL | 13:f67a6c6013ca | 792 | |
wolfSSL | 13:f67a6c6013ca | 793 | return TEST_SELECT_FAIL; |
wolfSSL | 13:f67a6c6013ca | 794 | } |
wolfSSL | 13:f67a6c6013ca | 795 | #elif defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 796 | static INLINE int tcp_select(SOCKET_T socketfd, int to_sec) |
wolfSSL | 13:f67a6c6013ca | 797 | { |
wolfSSL | 13:f67a6c6013ca | 798 | return TEST_RECV_READY; |
wolfSSL | 13:f67a6c6013ca | 799 | } |
wolfSSL | 13:f67a6c6013ca | 800 | #endif /* !WOLFSSL_MDK_ARM */ |
wolfSSL | 13:f67a6c6013ca | 801 | |
wolfSSL | 13:f67a6c6013ca | 802 | |
wolfSSL | 13:f67a6c6013ca | 803 | static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr, |
wolfSSL | 13:f67a6c6013ca | 804 | int udp, int sctp) |
wolfSSL | 13:f67a6c6013ca | 805 | { |
wolfSSL | 13:f67a6c6013ca | 806 | SOCKADDR_IN_T addr; |
wolfSSL | 13:f67a6c6013ca | 807 | |
wolfSSL | 13:f67a6c6013ca | 808 | /* don't use INADDR_ANY by default, firewall may block, make user switch |
wolfSSL | 13:f67a6c6013ca | 809 | on */ |
wolfSSL | 13:f67a6c6013ca | 810 | build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp, sctp); |
wolfSSL | 13:f67a6c6013ca | 811 | tcp_socket(sockfd, udp, sctp); |
wolfSSL | 13:f67a6c6013ca | 812 | |
wolfSSL | 13:f67a6c6013ca | 813 | #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\ |
wolfSSL | 13:f67a6c6013ca | 814 | && !defined(WOLFSSL_KEIL_TCP_NET) |
wolfSSL | 13:f67a6c6013ca | 815 | { |
wolfSSL | 13:f67a6c6013ca | 816 | int res, on = 1; |
wolfSSL | 13:f67a6c6013ca | 817 | socklen_t len = sizeof(on); |
wolfSSL | 13:f67a6c6013ca | 818 | res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); |
wolfSSL | 13:f67a6c6013ca | 819 | if (res < 0) |
wolfSSL | 13:f67a6c6013ca | 820 | err_sys("setsockopt SO_REUSEADDR failed\n"); |
wolfSSL | 13:f67a6c6013ca | 821 | } |
wolfSSL | 13:f67a6c6013ca | 822 | #endif |
wolfSSL | 13:f67a6c6013ca | 823 | |
wolfSSL | 13:f67a6c6013ca | 824 | if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) |
wolfSSL | 13:f67a6c6013ca | 825 | err_sys("tcp bind failed"); |
wolfSSL | 13:f67a6c6013ca | 826 | if (!udp) { |
wolfSSL | 13:f67a6c6013ca | 827 | if (listen(*sockfd, 5) != 0) |
wolfSSL | 13:f67a6c6013ca | 828 | err_sys("tcp listen failed"); |
wolfSSL | 13:f67a6c6013ca | 829 | } |
wolfSSL | 13:f67a6c6013ca | 830 | #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 831 | if (*port == 0) { |
wolfSSL | 13:f67a6c6013ca | 832 | socklen_t len = sizeof(addr); |
wolfSSL | 13:f67a6c6013ca | 833 | if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) { |
wolfSSL | 13:f67a6c6013ca | 834 | #ifndef TEST_IPV6 |
wolfSSL | 13:f67a6c6013ca | 835 | *port = XNTOHS(addr.sin_port); |
wolfSSL | 13:f67a6c6013ca | 836 | #else |
wolfSSL | 13:f67a6c6013ca | 837 | *port = XNTOHS(addr.sin6_port); |
wolfSSL | 13:f67a6c6013ca | 838 | #endif |
wolfSSL | 13:f67a6c6013ca | 839 | } |
wolfSSL | 13:f67a6c6013ca | 840 | } |
wolfSSL | 13:f67a6c6013ca | 841 | #endif |
wolfSSL | 13:f67a6c6013ca | 842 | } |
wolfSSL | 13:f67a6c6013ca | 843 | |
wolfSSL | 13:f67a6c6013ca | 844 | |
wolfSSL | 13:f67a6c6013ca | 845 | #if 0 |
wolfSSL | 13:f67a6c6013ca | 846 | static INLINE int udp_read_connect(SOCKET_T sockfd) |
wolfSSL | 13:f67a6c6013ca | 847 | { |
wolfSSL | 13:f67a6c6013ca | 848 | SOCKADDR_IN_T cliaddr; |
wolfSSL | 13:f67a6c6013ca | 849 | byte b[1500]; |
wolfSSL | 13:f67a6c6013ca | 850 | int n; |
wolfSSL | 13:f67a6c6013ca | 851 | socklen_t len = sizeof(cliaddr); |
wolfSSL | 13:f67a6c6013ca | 852 | |
wolfSSL | 13:f67a6c6013ca | 853 | n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK, |
wolfSSL | 13:f67a6c6013ca | 854 | (struct sockaddr*)&cliaddr, &len); |
wolfSSL | 13:f67a6c6013ca | 855 | if (n > 0) { |
wolfSSL | 13:f67a6c6013ca | 856 | if (connect(sockfd, (const struct sockaddr*)&cliaddr, |
wolfSSL | 13:f67a6c6013ca | 857 | sizeof(cliaddr)) != 0) |
wolfSSL | 13:f67a6c6013ca | 858 | err_sys("udp connect failed"); |
wolfSSL | 13:f67a6c6013ca | 859 | } |
wolfSSL | 13:f67a6c6013ca | 860 | else |
wolfSSL | 13:f67a6c6013ca | 861 | err_sys("recvfrom failed"); |
wolfSSL | 13:f67a6c6013ca | 862 | |
wolfSSL | 13:f67a6c6013ca | 863 | return sockfd; |
wolfSSL | 13:f67a6c6013ca | 864 | } |
wolfSSL | 13:f67a6c6013ca | 865 | #endif |
wolfSSL | 13:f67a6c6013ca | 866 | |
wolfSSL | 13:f67a6c6013ca | 867 | static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, |
wolfSSL | 13:f67a6c6013ca | 868 | int useAnyAddr, word16 port, func_args* args) |
wolfSSL | 13:f67a6c6013ca | 869 | { |
wolfSSL | 13:f67a6c6013ca | 870 | SOCKADDR_IN_T addr; |
wolfSSL | 13:f67a6c6013ca | 871 | |
wolfSSL | 13:f67a6c6013ca | 872 | (void)args; |
wolfSSL | 13:f67a6c6013ca | 873 | build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1, 0); |
wolfSSL | 13:f67a6c6013ca | 874 | tcp_socket(sockfd, 1, 0); |
wolfSSL | 13:f67a6c6013ca | 875 | |
wolfSSL | 13:f67a6c6013ca | 876 | |
wolfSSL | 13:f67a6c6013ca | 877 | #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \ |
wolfSSL | 13:f67a6c6013ca | 878 | && !defined(WOLFSSL_KEIL_TCP_NET) |
wolfSSL | 13:f67a6c6013ca | 879 | { |
wolfSSL | 13:f67a6c6013ca | 880 | int res, on = 1; |
wolfSSL | 13:f67a6c6013ca | 881 | socklen_t len = sizeof(on); |
wolfSSL | 13:f67a6c6013ca | 882 | res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); |
wolfSSL | 13:f67a6c6013ca | 883 | if (res < 0) |
wolfSSL | 13:f67a6c6013ca | 884 | err_sys("setsockopt SO_REUSEADDR failed\n"); |
wolfSSL | 13:f67a6c6013ca | 885 | } |
wolfSSL | 13:f67a6c6013ca | 886 | #endif |
wolfSSL | 13:f67a6c6013ca | 887 | |
wolfSSL | 13:f67a6c6013ca | 888 | if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) |
wolfSSL | 13:f67a6c6013ca | 889 | err_sys("tcp bind failed"); |
wolfSSL | 13:f67a6c6013ca | 890 | |
wolfSSL | 13:f67a6c6013ca | 891 | #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 892 | if (port == 0) { |
wolfSSL | 13:f67a6c6013ca | 893 | socklen_t len = sizeof(addr); |
wolfSSL | 13:f67a6c6013ca | 894 | if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) { |
wolfSSL | 13:f67a6c6013ca | 895 | #ifndef TEST_IPV6 |
wolfSSL | 13:f67a6c6013ca | 896 | port = XNTOHS(addr.sin_port); |
wolfSSL | 13:f67a6c6013ca | 897 | #else |
wolfSSL | 13:f67a6c6013ca | 898 | port = XNTOHS(addr.sin6_port); |
wolfSSL | 13:f67a6c6013ca | 899 | #endif |
wolfSSL | 13:f67a6c6013ca | 900 | } |
wolfSSL | 13:f67a6c6013ca | 901 | } |
wolfSSL | 13:f67a6c6013ca | 902 | #endif |
wolfSSL | 13:f67a6c6013ca | 903 | |
wolfSSL | 13:f67a6c6013ca | 904 | #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__) |
wolfSSL | 13:f67a6c6013ca | 905 | /* signal ready to accept data */ |
wolfSSL | 13:f67a6c6013ca | 906 | { |
wolfSSL | 13:f67a6c6013ca | 907 | tcp_ready* ready = args->signal; |
wolfSSL | 13:f67a6c6013ca | 908 | pthread_mutex_lock(&ready->mutex); |
wolfSSL | 13:f67a6c6013ca | 909 | ready->ready = 1; |
wolfSSL | 13:f67a6c6013ca | 910 | ready->port = port; |
wolfSSL | 13:f67a6c6013ca | 911 | pthread_cond_signal(&ready->cond); |
wolfSSL | 13:f67a6c6013ca | 912 | pthread_mutex_unlock(&ready->mutex); |
wolfSSL | 13:f67a6c6013ca | 913 | } |
wolfSSL | 13:f67a6c6013ca | 914 | #elif defined (WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 915 | /* Need mutex? */ |
wolfSSL | 13:f67a6c6013ca | 916 | tcp_ready* ready = args->signal; |
wolfSSL | 13:f67a6c6013ca | 917 | ready->ready = 1; |
wolfSSL | 13:f67a6c6013ca | 918 | ready->port = port; |
wolfSSL | 13:f67a6c6013ca | 919 | #endif |
wolfSSL | 13:f67a6c6013ca | 920 | |
wolfSSL | 13:f67a6c6013ca | 921 | *clientfd = *sockfd; |
wolfSSL | 13:f67a6c6013ca | 922 | } |
wolfSSL | 13:f67a6c6013ca | 923 | |
wolfSSL | 13:f67a6c6013ca | 924 | static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, |
wolfSSL | 13:f67a6c6013ca | 925 | func_args* args, word16 port, int useAnyAddr, |
wolfSSL | 13:f67a6c6013ca | 926 | int udp, int sctp, int ready_file, int do_listen) |
wolfSSL | 13:f67a6c6013ca | 927 | { |
wolfSSL | 13:f67a6c6013ca | 928 | SOCKADDR_IN_T client; |
wolfSSL | 13:f67a6c6013ca | 929 | socklen_t client_len = sizeof(client); |
wolfSSL | 13:f67a6c6013ca | 930 | tcp_ready* ready = NULL; |
wolfSSL | 13:f67a6c6013ca | 931 | |
wolfSSL | 13:f67a6c6013ca | 932 | (void) ready; /* Account for case when "ready" is not used */ |
wolfSSL | 13:f67a6c6013ca | 933 | |
wolfSSL | 13:f67a6c6013ca | 934 | if (udp) { |
wolfSSL | 13:f67a6c6013ca | 935 | udp_accept(sockfd, clientfd, useAnyAddr, port, args); |
wolfSSL | 13:f67a6c6013ca | 936 | return; |
wolfSSL | 13:f67a6c6013ca | 937 | } |
wolfSSL | 13:f67a6c6013ca | 938 | |
wolfSSL | 13:f67a6c6013ca | 939 | if(do_listen) { |
wolfSSL | 13:f67a6c6013ca | 940 | tcp_listen(sockfd, &port, useAnyAddr, udp, sctp); |
wolfSSL | 13:f67a6c6013ca | 941 | |
wolfSSL | 13:f67a6c6013ca | 942 | #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__) |
wolfSSL | 13:f67a6c6013ca | 943 | /* signal ready to tcp_accept */ |
wolfSSL | 13:f67a6c6013ca | 944 | if (args) |
wolfSSL | 13:f67a6c6013ca | 945 | ready = args->signal; |
wolfSSL | 13:f67a6c6013ca | 946 | if (ready) { |
wolfSSL | 13:f67a6c6013ca | 947 | pthread_mutex_lock(&ready->mutex); |
wolfSSL | 13:f67a6c6013ca | 948 | ready->ready = 1; |
wolfSSL | 13:f67a6c6013ca | 949 | ready->port = port; |
wolfSSL | 13:f67a6c6013ca | 950 | pthread_cond_signal(&ready->cond); |
wolfSSL | 13:f67a6c6013ca | 951 | pthread_mutex_unlock(&ready->mutex); |
wolfSSL | 13:f67a6c6013ca | 952 | } |
wolfSSL | 13:f67a6c6013ca | 953 | #elif defined (WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 954 | /* Need mutex? */ |
wolfSSL | 13:f67a6c6013ca | 955 | if (args) |
wolfSSL | 13:f67a6c6013ca | 956 | ready = args->signal; |
wolfSSL | 13:f67a6c6013ca | 957 | if (ready) { |
wolfSSL | 13:f67a6c6013ca | 958 | ready->ready = 1; |
wolfSSL | 13:f67a6c6013ca | 959 | ready->port = port; |
wolfSSL | 13:f67a6c6013ca | 960 | } |
wolfSSL | 13:f67a6c6013ca | 961 | #endif |
wolfSSL | 13:f67a6c6013ca | 962 | |
wolfSSL | 13:f67a6c6013ca | 963 | if (ready_file) { |
wolfSSL | 13:f67a6c6013ca | 964 | #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) |
wolfSSL | 13:f67a6c6013ca | 965 | FILE* srf = NULL; |
wolfSSL | 13:f67a6c6013ca | 966 | if (args) |
wolfSSL | 13:f67a6c6013ca | 967 | ready = args->signal; |
wolfSSL | 13:f67a6c6013ca | 968 | |
wolfSSL | 13:f67a6c6013ca | 969 | if (ready) { |
wolfSSL | 13:f67a6c6013ca | 970 | srf = fopen(ready->srfName, "w"); |
wolfSSL | 13:f67a6c6013ca | 971 | |
wolfSSL | 13:f67a6c6013ca | 972 | if (srf) { |
wolfSSL | 13:f67a6c6013ca | 973 | /* let's write port sever is listening on to ready file |
wolfSSL | 13:f67a6c6013ca | 974 | external monitor can then do ephemeral ports by passing |
wolfSSL | 13:f67a6c6013ca | 975 | -p 0 to server on supported platforms with -R ready_file |
wolfSSL | 13:f67a6c6013ca | 976 | client can then wait for existence of ready_file and see |
wolfSSL | 13:f67a6c6013ca | 977 | which port the server is listening on. */ |
wolfSSL | 13:f67a6c6013ca | 978 | fprintf(srf, "%d\n", (int)port); |
wolfSSL | 13:f67a6c6013ca | 979 | fclose(srf); |
wolfSSL | 13:f67a6c6013ca | 980 | } |
wolfSSL | 13:f67a6c6013ca | 981 | } |
wolfSSL | 13:f67a6c6013ca | 982 | #endif |
wolfSSL | 13:f67a6c6013ca | 983 | } |
wolfSSL | 13:f67a6c6013ca | 984 | } |
wolfSSL | 13:f67a6c6013ca | 985 | |
wolfSSL | 13:f67a6c6013ca | 986 | *clientfd = accept(*sockfd, (struct sockaddr*)&client, |
wolfSSL | 13:f67a6c6013ca | 987 | (ACCEPT_THIRD_T)&client_len); |
wolfSSL | 13:f67a6c6013ca | 988 | if(WOLFSSL_SOCKET_IS_INVALID(*clientfd)) { |
wolfSSL | 13:f67a6c6013ca | 989 | err_sys("tcp accept failed"); |
wolfSSL | 13:f67a6c6013ca | 990 | } |
wolfSSL | 13:f67a6c6013ca | 991 | } |
wolfSSL | 13:f67a6c6013ca | 992 | |
wolfSSL | 13:f67a6c6013ca | 993 | |
wolfSSL | 13:f67a6c6013ca | 994 | static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) |
wolfSSL | 13:f67a6c6013ca | 995 | { |
wolfSSL | 13:f67a6c6013ca | 996 | #ifdef USE_WINDOWS_API |
wolfSSL | 13:f67a6c6013ca | 997 | unsigned long blocking = 1; |
wolfSSL | 13:f67a6c6013ca | 998 | int ret = ioctlsocket(*sockfd, FIONBIO, &blocking); |
wolfSSL | 13:f67a6c6013ca | 999 | if (ret == SOCKET_ERROR) |
wolfSSL | 13:f67a6c6013ca | 1000 | err_sys("ioctlsocket failed"); |
wolfSSL | 13:f67a6c6013ca | 1001 | #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) \ |
wolfSSL | 13:f67a6c6013ca | 1002 | || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) |
wolfSSL | 13:f67a6c6013ca | 1003 | /* non blocking not supported, for now */ |
wolfSSL | 13:f67a6c6013ca | 1004 | #else |
wolfSSL | 13:f67a6c6013ca | 1005 | int flags = fcntl(*sockfd, F_GETFL, 0); |
wolfSSL | 13:f67a6c6013ca | 1006 | if (flags < 0) |
wolfSSL | 13:f67a6c6013ca | 1007 | err_sys("fcntl get failed"); |
wolfSSL | 13:f67a6c6013ca | 1008 | flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK); |
wolfSSL | 13:f67a6c6013ca | 1009 | if (flags < 0) |
wolfSSL | 13:f67a6c6013ca | 1010 | err_sys("fcntl set failed"); |
wolfSSL | 13:f67a6c6013ca | 1011 | #endif |
wolfSSL | 13:f67a6c6013ca | 1012 | } |
wolfSSL | 13:f67a6c6013ca | 1013 | |
wolfSSL | 13:f67a6c6013ca | 1014 | |
wolfSSL | 13:f67a6c6013ca | 1015 | #ifndef NO_PSK |
wolfSSL | 13:f67a6c6013ca | 1016 | |
wolfSSL | 13:f67a6c6013ca | 1017 | /* identity is OpenSSL testing default for openssl s_client, keep same */ |
wolfSSL | 13:f67a6c6013ca | 1018 | static const char* kIdentityStr = "Client_identity"; |
wolfSSL | 13:f67a6c6013ca | 1019 | |
wolfSSL | 13:f67a6c6013ca | 1020 | static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, |
wolfSSL | 13:f67a6c6013ca | 1021 | char* identity, unsigned int id_max_len, unsigned char* key, |
wolfSSL | 13:f67a6c6013ca | 1022 | unsigned int key_max_len) |
wolfSSL | 13:f67a6c6013ca | 1023 | { |
wolfSSL | 13:f67a6c6013ca | 1024 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 1025 | (void)hint; |
wolfSSL | 13:f67a6c6013ca | 1026 | (void)key_max_len; |
wolfSSL | 13:f67a6c6013ca | 1027 | |
wolfSSL | 13:f67a6c6013ca | 1028 | /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ |
wolfSSL | 13:f67a6c6013ca | 1029 | strncpy(identity, kIdentityStr, id_max_len); |
wolfSSL | 13:f67a6c6013ca | 1030 | |
wolfSSL | 13:f67a6c6013ca | 1031 | /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using |
wolfSSL | 13:f67a6c6013ca | 1032 | unsigned binary */ |
wolfSSL | 13:f67a6c6013ca | 1033 | key[0] = 26; |
wolfSSL | 13:f67a6c6013ca | 1034 | key[1] = 43; |
wolfSSL | 13:f67a6c6013ca | 1035 | key[2] = 60; |
wolfSSL | 13:f67a6c6013ca | 1036 | key[3] = 77; |
wolfSSL | 13:f67a6c6013ca | 1037 | |
wolfSSL | 13:f67a6c6013ca | 1038 | return 4; /* length of key in octets or 0 for error */ |
wolfSSL | 13:f67a6c6013ca | 1039 | } |
wolfSSL | 13:f67a6c6013ca | 1040 | |
wolfSSL | 13:f67a6c6013ca | 1041 | |
wolfSSL | 13:f67a6c6013ca | 1042 | static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, |
wolfSSL | 13:f67a6c6013ca | 1043 | unsigned char* key, unsigned int key_max_len) |
wolfSSL | 13:f67a6c6013ca | 1044 | { |
wolfSSL | 13:f67a6c6013ca | 1045 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 1046 | (void)key_max_len; |
wolfSSL | 13:f67a6c6013ca | 1047 | |
wolfSSL | 13:f67a6c6013ca | 1048 | /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ |
wolfSSL | 13:f67a6c6013ca | 1049 | if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0) |
wolfSSL | 13:f67a6c6013ca | 1050 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1051 | |
wolfSSL | 13:f67a6c6013ca | 1052 | /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using |
wolfSSL | 13:f67a6c6013ca | 1053 | unsigned binary */ |
wolfSSL | 13:f67a6c6013ca | 1054 | key[0] = 26; |
wolfSSL | 13:f67a6c6013ca | 1055 | key[1] = 43; |
wolfSSL | 13:f67a6c6013ca | 1056 | key[2] = 60; |
wolfSSL | 13:f67a6c6013ca | 1057 | key[3] = 77; |
wolfSSL | 13:f67a6c6013ca | 1058 | |
wolfSSL | 13:f67a6c6013ca | 1059 | return 4; /* length of key in octets or 0 for error */ |
wolfSSL | 13:f67a6c6013ca | 1060 | } |
wolfSSL | 13:f67a6c6013ca | 1061 | |
wolfSSL | 13:f67a6c6013ca | 1062 | #endif /* NO_PSK */ |
wolfSSL | 13:f67a6c6013ca | 1063 | |
wolfSSL | 13:f67a6c6013ca | 1064 | |
wolfSSL | 13:f67a6c6013ca | 1065 | #if defined(WOLFSSL_USER_CURRTIME) |
wolfSSL | 13:f67a6c6013ca | 1066 | extern double current_time(int reset); |
wolfSSL | 13:f67a6c6013ca | 1067 | |
wolfSSL | 13:f67a6c6013ca | 1068 | #elif defined(USE_WINDOWS_API) |
wolfSSL | 13:f67a6c6013ca | 1069 | |
wolfSSL | 13:f67a6c6013ca | 1070 | #define WIN32_LEAN_AND_MEAN |
wolfSSL | 13:f67a6c6013ca | 1071 | #include <windows.h> |
wolfSSL | 13:f67a6c6013ca | 1072 | |
wolfSSL | 13:f67a6c6013ca | 1073 | static INLINE double current_time(int reset) |
wolfSSL | 13:f67a6c6013ca | 1074 | { |
wolfSSL | 13:f67a6c6013ca | 1075 | static int init = 0; |
wolfSSL | 13:f67a6c6013ca | 1076 | static LARGE_INTEGER freq; |
wolfSSL | 13:f67a6c6013ca | 1077 | |
wolfSSL | 13:f67a6c6013ca | 1078 | LARGE_INTEGER count; |
wolfSSL | 13:f67a6c6013ca | 1079 | |
wolfSSL | 13:f67a6c6013ca | 1080 | if (!init) { |
wolfSSL | 13:f67a6c6013ca | 1081 | QueryPerformanceFrequency(&freq); |
wolfSSL | 13:f67a6c6013ca | 1082 | init = 1; |
wolfSSL | 13:f67a6c6013ca | 1083 | } |
wolfSSL | 13:f67a6c6013ca | 1084 | |
wolfSSL | 13:f67a6c6013ca | 1085 | QueryPerformanceCounter(&count); |
wolfSSL | 13:f67a6c6013ca | 1086 | |
wolfSSL | 13:f67a6c6013ca | 1087 | (void)reset; |
wolfSSL | 13:f67a6c6013ca | 1088 | return (double)count.QuadPart / freq.QuadPart; |
wolfSSL | 13:f67a6c6013ca | 1089 | } |
wolfSSL | 13:f67a6c6013ca | 1090 | |
wolfSSL | 13:f67a6c6013ca | 1091 | #elif defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 1092 | extern double current_time(); |
wolfSSL | 13:f67a6c6013ca | 1093 | #else |
wolfSSL | 13:f67a6c6013ca | 1094 | |
wolfSSL | 13:f67a6c6013ca | 1095 | #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) |
wolfSSL | 13:f67a6c6013ca | 1096 | #include <sys/time.h> |
wolfSSL | 13:f67a6c6013ca | 1097 | |
wolfSSL | 13:f67a6c6013ca | 1098 | static INLINE double current_time(int reset) |
wolfSSL | 13:f67a6c6013ca | 1099 | { |
wolfSSL | 13:f67a6c6013ca | 1100 | struct timeval tv; |
wolfSSL | 13:f67a6c6013ca | 1101 | gettimeofday(&tv, 0); |
wolfSSL | 13:f67a6c6013ca | 1102 | (void)reset; |
wolfSSL | 13:f67a6c6013ca | 1103 | |
wolfSSL | 13:f67a6c6013ca | 1104 | return (double)tv.tv_sec + (double)tv.tv_usec / 1000000; |
wolfSSL | 13:f67a6c6013ca | 1105 | } |
wolfSSL | 13:f67a6c6013ca | 1106 | #else |
wolfSSL | 13:f67a6c6013ca | 1107 | extern double current_time(int reset); |
wolfSSL | 13:f67a6c6013ca | 1108 | #endif |
wolfSSL | 13:f67a6c6013ca | 1109 | #endif /* USE_WINDOWS_API */ |
wolfSSL | 13:f67a6c6013ca | 1110 | |
wolfSSL | 13:f67a6c6013ca | 1111 | |
wolfSSL | 13:f67a6c6013ca | 1112 | #if !defined(NO_CERTS) |
wolfSSL | 13:f67a6c6013ca | 1113 | #if !defined(NO_FILESYSTEM) || \ |
wolfSSL | 13:f67a6c6013ca | 1114 | (defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST)) |
wolfSSL | 13:f67a6c6013ca | 1115 | |
wolfSSL | 13:f67a6c6013ca | 1116 | /* reads file size, allocates buffer, reads into buffer, returns buffer */ |
wolfSSL | 13:f67a6c6013ca | 1117 | static INLINE int load_file(const char* fname, byte** buf, size_t* bufLen) |
wolfSSL | 13:f67a6c6013ca | 1118 | { |
wolfSSL | 13:f67a6c6013ca | 1119 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1120 | long int fileSz; |
wolfSSL | 13:f67a6c6013ca | 1121 | FILE* file; |
wolfSSL | 13:f67a6c6013ca | 1122 | |
wolfSSL | 13:f67a6c6013ca | 1123 | if (fname == NULL || buf == NULL || bufLen == NULL) |
wolfSSL | 13:f67a6c6013ca | 1124 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 1125 | |
wolfSSL | 13:f67a6c6013ca | 1126 | /* set defaults */ |
wolfSSL | 13:f67a6c6013ca | 1127 | *buf = NULL; |
wolfSSL | 13:f67a6c6013ca | 1128 | *bufLen = 0; |
wolfSSL | 13:f67a6c6013ca | 1129 | |
wolfSSL | 13:f67a6c6013ca | 1130 | /* open file (read-only binary) */ |
wolfSSL | 13:f67a6c6013ca | 1131 | file = fopen(fname, "rb"); |
wolfSSL | 13:f67a6c6013ca | 1132 | if (!file) { |
wolfSSL | 13:f67a6c6013ca | 1133 | printf("Error loading %s\n", fname); |
wolfSSL | 13:f67a6c6013ca | 1134 | return BAD_PATH_ERROR; |
wolfSSL | 13:f67a6c6013ca | 1135 | } |
wolfSSL | 13:f67a6c6013ca | 1136 | |
wolfSSL | 13:f67a6c6013ca | 1137 | fseek(file, 0, SEEK_END); |
wolfSSL | 13:f67a6c6013ca | 1138 | fileSz = (int)ftell(file); |
wolfSSL | 13:f67a6c6013ca | 1139 | rewind(file); |
wolfSSL | 13:f67a6c6013ca | 1140 | if (fileSz > 0) { |
wolfSSL | 13:f67a6c6013ca | 1141 | *bufLen = (size_t)fileSz; |
wolfSSL | 13:f67a6c6013ca | 1142 | *buf = (byte*)malloc(*bufLen); |
wolfSSL | 13:f67a6c6013ca | 1143 | if (*buf == NULL) { |
wolfSSL | 13:f67a6c6013ca | 1144 | ret = MEMORY_E; |
wolfSSL | 13:f67a6c6013ca | 1145 | printf("Error allocating %lu bytes\n", (unsigned long)*bufLen); |
wolfSSL | 13:f67a6c6013ca | 1146 | } |
wolfSSL | 13:f67a6c6013ca | 1147 | else { |
wolfSSL | 13:f67a6c6013ca | 1148 | size_t readLen = fread(*buf, *bufLen, 1, file); |
wolfSSL | 13:f67a6c6013ca | 1149 | |
wolfSSL | 13:f67a6c6013ca | 1150 | /* check response code */ |
wolfSSL | 13:f67a6c6013ca | 1151 | ret = (readLen > 0) ? 0 : -1; |
wolfSSL | 13:f67a6c6013ca | 1152 | } |
wolfSSL | 13:f67a6c6013ca | 1153 | } |
wolfSSL | 13:f67a6c6013ca | 1154 | else { |
wolfSSL | 13:f67a6c6013ca | 1155 | ret = BUFFER_E; |
wolfSSL | 13:f67a6c6013ca | 1156 | } |
wolfSSL | 13:f67a6c6013ca | 1157 | fclose(file); |
wolfSSL | 13:f67a6c6013ca | 1158 | |
wolfSSL | 13:f67a6c6013ca | 1159 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1160 | } |
wolfSSL | 13:f67a6c6013ca | 1161 | |
wolfSSL | 13:f67a6c6013ca | 1162 | enum { |
wolfSSL | 13:f67a6c6013ca | 1163 | WOLFSSL_CA = 1, |
wolfSSL | 13:f67a6c6013ca | 1164 | WOLFSSL_CERT = 2, |
wolfSSL | 13:f67a6c6013ca | 1165 | WOLFSSL_KEY = 3, |
wolfSSL | 13:f67a6c6013ca | 1166 | WOLFSSL_CERT_CHAIN = 4, |
wolfSSL | 13:f67a6c6013ca | 1167 | }; |
wolfSSL | 13:f67a6c6013ca | 1168 | |
wolfSSL | 13:f67a6c6013ca | 1169 | static INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type) |
wolfSSL | 13:f67a6c6013ca | 1170 | { |
wolfSSL | 13:f67a6c6013ca | 1171 | int format = SSL_FILETYPE_PEM; |
wolfSSL | 13:f67a6c6013ca | 1172 | byte* buff = NULL; |
wolfSSL | 13:f67a6c6013ca | 1173 | size_t sz = 0; |
wolfSSL | 13:f67a6c6013ca | 1174 | |
wolfSSL | 13:f67a6c6013ca | 1175 | if (load_file(fname, &buff, &sz) != 0) { |
wolfSSL | 13:f67a6c6013ca | 1176 | err_sys("can't open file for buffer load " |
wolfSSL | 13:f67a6c6013ca | 1177 | "Please run from wolfSSL home directory if not"); |
wolfSSL | 13:f67a6c6013ca | 1178 | } |
wolfSSL | 13:f67a6c6013ca | 1179 | |
wolfSSL | 13:f67a6c6013ca | 1180 | /* determine format */ |
wolfSSL | 13:f67a6c6013ca | 1181 | if (strstr(fname, ".der")) |
wolfSSL | 13:f67a6c6013ca | 1182 | format = SSL_FILETYPE_ASN1; |
wolfSSL | 13:f67a6c6013ca | 1183 | |
wolfSSL | 13:f67a6c6013ca | 1184 | if (type == WOLFSSL_CA) { |
wolfSSL | 13:f67a6c6013ca | 1185 | if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format) |
wolfSSL | 13:f67a6c6013ca | 1186 | != SSL_SUCCESS) |
wolfSSL | 13:f67a6c6013ca | 1187 | err_sys("can't load buffer ca file"); |
wolfSSL | 13:f67a6c6013ca | 1188 | } |
wolfSSL | 13:f67a6c6013ca | 1189 | else if (type == WOLFSSL_CERT) { |
wolfSSL | 13:f67a6c6013ca | 1190 | if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, (long)sz, |
wolfSSL | 13:f67a6c6013ca | 1191 | format) != SSL_SUCCESS) |
wolfSSL | 13:f67a6c6013ca | 1192 | err_sys("can't load buffer cert file"); |
wolfSSL | 13:f67a6c6013ca | 1193 | } |
wolfSSL | 13:f67a6c6013ca | 1194 | else if (type == WOLFSSL_KEY) { |
wolfSSL | 13:f67a6c6013ca | 1195 | if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, (long)sz, |
wolfSSL | 13:f67a6c6013ca | 1196 | format) != SSL_SUCCESS) |
wolfSSL | 13:f67a6c6013ca | 1197 | err_sys("can't load buffer key file"); |
wolfSSL | 13:f67a6c6013ca | 1198 | } |
wolfSSL | 13:f67a6c6013ca | 1199 | else if (type == WOLFSSL_CERT_CHAIN) { |
wolfSSL | 13:f67a6c6013ca | 1200 | if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff, |
wolfSSL | 13:f67a6c6013ca | 1201 | (long)sz, format) != SSL_SUCCESS) |
wolfSSL | 13:f67a6c6013ca | 1202 | err_sys("can't load cert chain buffer"); |
wolfSSL | 13:f67a6c6013ca | 1203 | } |
wolfSSL | 13:f67a6c6013ca | 1204 | |
wolfSSL | 13:f67a6c6013ca | 1205 | if (buff) |
wolfSSL | 13:f67a6c6013ca | 1206 | free(buff); |
wolfSSL | 13:f67a6c6013ca | 1207 | } |
wolfSSL | 13:f67a6c6013ca | 1208 | #endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */ |
wolfSSL | 13:f67a6c6013ca | 1209 | #endif /* !NO_CERTS */ |
wolfSSL | 13:f67a6c6013ca | 1210 | |
wolfSSL | 13:f67a6c6013ca | 1211 | static INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) |
wolfSSL | 13:f67a6c6013ca | 1212 | { |
wolfSSL | 13:f67a6c6013ca | 1213 | char buffer[WOLFSSL_MAX_ERROR_SZ]; |
wolfSSL | 13:f67a6c6013ca | 1214 | #ifdef OPENSSL_EXTRA |
wolfSSL | 13:f67a6c6013ca | 1215 | WOLFSSL_X509* peer; |
wolfSSL | 13:f67a6c6013ca | 1216 | #endif |
wolfSSL | 13:f67a6c6013ca | 1217 | (void)preverify; |
wolfSSL | 13:f67a6c6013ca | 1218 | |
wolfSSL | 13:f67a6c6013ca | 1219 | printf("In verification callback, error = %d, %s\n", store->error, |
wolfSSL | 13:f67a6c6013ca | 1220 | wolfSSL_ERR_error_string(store->error, buffer)); |
wolfSSL | 13:f67a6c6013ca | 1221 | #ifdef OPENSSL_EXTRA |
wolfSSL | 13:f67a6c6013ca | 1222 | peer = store->current_cert; |
wolfSSL | 13:f67a6c6013ca | 1223 | if (peer) { |
wolfSSL | 13:f67a6c6013ca | 1224 | char* issuer = wolfSSL_X509_NAME_oneline( |
wolfSSL | 13:f67a6c6013ca | 1225 | wolfSSL_X509_get_issuer_name(peer), 0, 0); |
wolfSSL | 13:f67a6c6013ca | 1226 | char* subject = wolfSSL_X509_NAME_oneline( |
wolfSSL | 13:f67a6c6013ca | 1227 | wolfSSL_X509_get_subject_name(peer), 0, 0); |
wolfSSL | 13:f67a6c6013ca | 1228 | printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer, |
wolfSSL | 13:f67a6c6013ca | 1229 | subject); |
wolfSSL | 13:f67a6c6013ca | 1230 | XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); |
wolfSSL | 13:f67a6c6013ca | 1231 | XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); |
wolfSSL | 13:f67a6c6013ca | 1232 | } |
wolfSSL | 13:f67a6c6013ca | 1233 | else |
wolfSSL | 13:f67a6c6013ca | 1234 | printf("\tPeer has no cert!\n"); |
wolfSSL | 13:f67a6c6013ca | 1235 | #else |
wolfSSL | 13:f67a6c6013ca | 1236 | printf("\tPeer certs: %d\n", store->totalCerts); |
wolfSSL | 13:f67a6c6013ca | 1237 | #ifdef VERIFY_CALLBACK_SHOW_PEER_CERTS |
wolfSSL | 13:f67a6c6013ca | 1238 | { int i; |
wolfSSL | 13:f67a6c6013ca | 1239 | for (i=0; i<store->totalCerts; i++) { |
wolfSSL | 13:f67a6c6013ca | 1240 | WOLFSSL_BUFFER_INFO* cert = &store->certs[i]; |
wolfSSL | 13:f67a6c6013ca | 1241 | printf("\t\tCert %d: Ptr %p, Len %u\n", i, cert->buffer, cert->length); |
wolfSSL | 13:f67a6c6013ca | 1242 | } |
wolfSSL | 13:f67a6c6013ca | 1243 | } |
wolfSSL | 13:f67a6c6013ca | 1244 | #endif |
wolfSSL | 13:f67a6c6013ca | 1245 | #endif |
wolfSSL | 13:f67a6c6013ca | 1246 | |
wolfSSL | 13:f67a6c6013ca | 1247 | printf("\tSubject's domain name is %s\n", store->domain); |
wolfSSL | 13:f67a6c6013ca | 1248 | |
wolfSSL | 13:f67a6c6013ca | 1249 | printf("\tAllowing to continue anyway (shouldn't do this, EVER!!!)\n"); |
wolfSSL | 13:f67a6c6013ca | 1250 | return 1; |
wolfSSL | 13:f67a6c6013ca | 1251 | } |
wolfSSL | 13:f67a6c6013ca | 1252 | |
wolfSSL | 13:f67a6c6013ca | 1253 | |
wolfSSL | 13:f67a6c6013ca | 1254 | static INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store) |
wolfSSL | 13:f67a6c6013ca | 1255 | { |
wolfSSL | 13:f67a6c6013ca | 1256 | char buffer[WOLFSSL_MAX_ERROR_SZ]; |
wolfSSL | 13:f67a6c6013ca | 1257 | (void)preverify; |
wolfSSL | 13:f67a6c6013ca | 1258 | |
wolfSSL | 13:f67a6c6013ca | 1259 | printf("In verification callback, error = %d, %s\n", store->error, |
wolfSSL | 13:f67a6c6013ca | 1260 | wolfSSL_ERR_error_string(store->error, buffer)); |
wolfSSL | 13:f67a6c6013ca | 1261 | printf("Subject's domain name is %s\n", store->domain); |
wolfSSL | 13:f67a6c6013ca | 1262 | |
wolfSSL | 13:f67a6c6013ca | 1263 | if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) { |
wolfSSL | 13:f67a6c6013ca | 1264 | printf("Overriding cert date error as example for bad clock testing\n"); |
wolfSSL | 13:f67a6c6013ca | 1265 | return 1; |
wolfSSL | 13:f67a6c6013ca | 1266 | } |
wolfSSL | 13:f67a6c6013ca | 1267 | printf("Cert error is not date error, not overriding\n"); |
wolfSSL | 13:f67a6c6013ca | 1268 | |
wolfSSL | 13:f67a6c6013ca | 1269 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1270 | } |
wolfSSL | 13:f67a6c6013ca | 1271 | |
wolfSSL | 13:f67a6c6013ca | 1272 | |
wolfSSL | 13:f67a6c6013ca | 1273 | #ifdef HAVE_CRL |
wolfSSL | 13:f67a6c6013ca | 1274 | |
wolfSSL | 13:f67a6c6013ca | 1275 | static INLINE void CRL_CallBack(const char* url) |
wolfSSL | 13:f67a6c6013ca | 1276 | { |
wolfSSL | 13:f67a6c6013ca | 1277 | printf("CRL callback url = %s\n", url); |
wolfSSL | 13:f67a6c6013ca | 1278 | } |
wolfSSL | 13:f67a6c6013ca | 1279 | |
wolfSSL | 13:f67a6c6013ca | 1280 | #endif |
wolfSSL | 13:f67a6c6013ca | 1281 | |
wolfSSL | 13:f67a6c6013ca | 1282 | #ifndef NO_DH |
wolfSSL | 13:f67a6c6013ca | 1283 | static INLINE void SetDH(WOLFSSL* ssl) |
wolfSSL | 13:f67a6c6013ca | 1284 | { |
wolfSSL | 13:f67a6c6013ca | 1285 | /* dh1024 p */ |
wolfSSL | 13:f67a6c6013ca | 1286 | static unsigned char p[] = |
wolfSSL | 13:f67a6c6013ca | 1287 | { |
wolfSSL | 13:f67a6c6013ca | 1288 | 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3, |
wolfSSL | 13:f67a6c6013ca | 1289 | 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E, |
wolfSSL | 13:f67a6c6013ca | 1290 | 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59, |
wolfSSL | 13:f67a6c6013ca | 1291 | 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2, |
wolfSSL | 13:f67a6c6013ca | 1292 | 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD, |
wolfSSL | 13:f67a6c6013ca | 1293 | 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF, |
wolfSSL | 13:f67a6c6013ca | 1294 | 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02, |
wolfSSL | 13:f67a6c6013ca | 1295 | 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C, |
wolfSSL | 13:f67a6c6013ca | 1296 | 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7, |
wolfSSL | 13:f67a6c6013ca | 1297 | 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50, |
wolfSSL | 13:f67a6c6013ca | 1298 | 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B, |
wolfSSL | 13:f67a6c6013ca | 1299 | }; |
wolfSSL | 13:f67a6c6013ca | 1300 | |
wolfSSL | 13:f67a6c6013ca | 1301 | /* dh1024 g */ |
wolfSSL | 13:f67a6c6013ca | 1302 | static unsigned char g[] = |
wolfSSL | 13:f67a6c6013ca | 1303 | { |
wolfSSL | 13:f67a6c6013ca | 1304 | 0x02, |
wolfSSL | 13:f67a6c6013ca | 1305 | }; |
wolfSSL | 13:f67a6c6013ca | 1306 | |
wolfSSL | 13:f67a6c6013ca | 1307 | wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g)); |
wolfSSL | 13:f67a6c6013ca | 1308 | } |
wolfSSL | 13:f67a6c6013ca | 1309 | |
wolfSSL | 13:f67a6c6013ca | 1310 | static INLINE void SetDHCtx(WOLFSSL_CTX* ctx) |
wolfSSL | 13:f67a6c6013ca | 1311 | { |
wolfSSL | 13:f67a6c6013ca | 1312 | /* dh1024 p */ |
wolfSSL | 13:f67a6c6013ca | 1313 | static unsigned char p[] = |
wolfSSL | 13:f67a6c6013ca | 1314 | { |
wolfSSL | 13:f67a6c6013ca | 1315 | 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3, |
wolfSSL | 13:f67a6c6013ca | 1316 | 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E, |
wolfSSL | 13:f67a6c6013ca | 1317 | 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59, |
wolfSSL | 13:f67a6c6013ca | 1318 | 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2, |
wolfSSL | 13:f67a6c6013ca | 1319 | 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD, |
wolfSSL | 13:f67a6c6013ca | 1320 | 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF, |
wolfSSL | 13:f67a6c6013ca | 1321 | 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02, |
wolfSSL | 13:f67a6c6013ca | 1322 | 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C, |
wolfSSL | 13:f67a6c6013ca | 1323 | 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7, |
wolfSSL | 13:f67a6c6013ca | 1324 | 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50, |
wolfSSL | 13:f67a6c6013ca | 1325 | 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B, |
wolfSSL | 13:f67a6c6013ca | 1326 | }; |
wolfSSL | 13:f67a6c6013ca | 1327 | |
wolfSSL | 13:f67a6c6013ca | 1328 | /* dh1024 g */ |
wolfSSL | 13:f67a6c6013ca | 1329 | static unsigned char g[] = |
wolfSSL | 13:f67a6c6013ca | 1330 | { |
wolfSSL | 13:f67a6c6013ca | 1331 | 0x02, |
wolfSSL | 13:f67a6c6013ca | 1332 | }; |
wolfSSL | 13:f67a6c6013ca | 1333 | |
wolfSSL | 13:f67a6c6013ca | 1334 | wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g)); |
wolfSSL | 13:f67a6c6013ca | 1335 | } |
wolfSSL | 13:f67a6c6013ca | 1336 | #endif /* NO_DH */ |
wolfSSL | 13:f67a6c6013ca | 1337 | |
wolfSSL | 13:f67a6c6013ca | 1338 | #ifndef NO_CERTS |
wolfSSL | 13:f67a6c6013ca | 1339 | |
wolfSSL | 13:f67a6c6013ca | 1340 | static INLINE void CaCb(unsigned char* der, int sz, int type) |
wolfSSL | 13:f67a6c6013ca | 1341 | { |
wolfSSL | 13:f67a6c6013ca | 1342 | (void)der; |
wolfSSL | 13:f67a6c6013ca | 1343 | printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type); |
wolfSSL | 13:f67a6c6013ca | 1344 | } |
wolfSSL | 13:f67a6c6013ca | 1345 | |
wolfSSL | 13:f67a6c6013ca | 1346 | #endif /* !NO_CERTS */ |
wolfSSL | 13:f67a6c6013ca | 1347 | |
wolfSSL | 13:f67a6c6013ca | 1348 | |
wolfSSL | 13:f67a6c6013ca | 1349 | /* Wolf Root Directory Helper */ |
wolfSSL | 13:f67a6c6013ca | 1350 | /* KEIL-RL File System does not support relative directory */ |
wolfSSL | 13:f67a6c6013ca | 1351 | #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) |
wolfSSL | 13:f67a6c6013ca | 1352 | /* Maximum depth to search for WolfSSL root */ |
wolfSSL | 13:f67a6c6013ca | 1353 | #define MAX_WOLF_ROOT_DEPTH 5 |
wolfSSL | 13:f67a6c6013ca | 1354 | |
wolfSSL | 13:f67a6c6013ca | 1355 | static INLINE int ChangeToWolfRoot(void) |
wolfSSL | 13:f67a6c6013ca | 1356 | { |
wolfSSL | 13:f67a6c6013ca | 1357 | #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) |
wolfSSL | 13:f67a6c6013ca | 1358 | int depth, res; |
wolfSSL | 13:f67a6c6013ca | 1359 | FILE* file; |
wolfSSL | 13:f67a6c6013ca | 1360 | for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) { |
wolfSSL | 13:f67a6c6013ca | 1361 | file = fopen(ntruKeyFile, "rb"); |
wolfSSL | 13:f67a6c6013ca | 1362 | if (file != NULL) { |
wolfSSL | 13:f67a6c6013ca | 1363 | fclose(file); |
wolfSSL | 13:f67a6c6013ca | 1364 | return depth; |
wolfSSL | 13:f67a6c6013ca | 1365 | } |
wolfSSL | 13:f67a6c6013ca | 1366 | #ifdef USE_WINDOWS_API |
wolfSSL | 13:f67a6c6013ca | 1367 | res = SetCurrentDirectoryA("..\\"); |
wolfSSL | 13:f67a6c6013ca | 1368 | #else |
wolfSSL | 13:f67a6c6013ca | 1369 | res = chdir("../"); |
wolfSSL | 13:f67a6c6013ca | 1370 | #endif |
wolfSSL | 13:f67a6c6013ca | 1371 | if (res < 0) { |
wolfSSL | 13:f67a6c6013ca | 1372 | printf("chdir to ../ failed!\n"); |
wolfSSL | 13:f67a6c6013ca | 1373 | break; |
wolfSSL | 13:f67a6c6013ca | 1374 | } |
wolfSSL | 13:f67a6c6013ca | 1375 | } |
wolfSSL | 13:f67a6c6013ca | 1376 | |
wolfSSL | 13:f67a6c6013ca | 1377 | err_sys("wolf root not found"); |
wolfSSL | 13:f67a6c6013ca | 1378 | return -1; |
wolfSSL | 13:f67a6c6013ca | 1379 | #else |
wolfSSL | 13:f67a6c6013ca | 1380 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1381 | #endif |
wolfSSL | 13:f67a6c6013ca | 1382 | } |
wolfSSL | 13:f67a6c6013ca | 1383 | #endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */ |
wolfSSL | 13:f67a6c6013ca | 1384 | |
wolfSSL | 13:f67a6c6013ca | 1385 | #ifdef HAVE_STACK_SIZE |
wolfSSL | 13:f67a6c6013ca | 1386 | |
wolfSSL | 13:f67a6c6013ca | 1387 | typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args); |
wolfSSL | 13:f67a6c6013ca | 1388 | |
wolfSSL | 13:f67a6c6013ca | 1389 | |
wolfSSL | 13:f67a6c6013ca | 1390 | static INLINE int StackSizeCheck(func_args* args, thread_func tf) |
wolfSSL | 13:f67a6c6013ca | 1391 | { |
wolfSSL | 13:f67a6c6013ca | 1392 | int ret, i, used; |
wolfSSL | 13:f67a6c6013ca | 1393 | void* status; |
wolfSSL | 13:f67a6c6013ca | 1394 | unsigned char* myStack = NULL; |
wolfSSL | 13:f67a6c6013ca | 1395 | int stackSize = 1024*128; |
wolfSSL | 13:f67a6c6013ca | 1396 | pthread_attr_t myAttr; |
wolfSSL | 13:f67a6c6013ca | 1397 | pthread_t threadId; |
wolfSSL | 13:f67a6c6013ca | 1398 | |
wolfSSL | 13:f67a6c6013ca | 1399 | #ifdef PTHREAD_STACK_MIN |
wolfSSL | 13:f67a6c6013ca | 1400 | if (stackSize < PTHREAD_STACK_MIN) |
wolfSSL | 13:f67a6c6013ca | 1401 | stackSize = PTHREAD_STACK_MIN; |
wolfSSL | 13:f67a6c6013ca | 1402 | #endif |
wolfSSL | 13:f67a6c6013ca | 1403 | |
wolfSSL | 13:f67a6c6013ca | 1404 | ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); |
wolfSSL | 13:f67a6c6013ca | 1405 | if (ret != 0 || myStack == NULL) |
wolfSSL | 13:f67a6c6013ca | 1406 | err_sys("posix_memalign failed\n"); |
wolfSSL | 13:f67a6c6013ca | 1407 | |
wolfSSL | 13:f67a6c6013ca | 1408 | XMEMSET(myStack, 0x01, stackSize); |
wolfSSL | 13:f67a6c6013ca | 1409 | |
wolfSSL | 13:f67a6c6013ca | 1410 | ret = pthread_attr_init(&myAttr); |
wolfSSL | 13:f67a6c6013ca | 1411 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1412 | err_sys("attr_init failed"); |
wolfSSL | 13:f67a6c6013ca | 1413 | |
wolfSSL | 13:f67a6c6013ca | 1414 | ret = pthread_attr_setstack(&myAttr, myStack, stackSize); |
wolfSSL | 13:f67a6c6013ca | 1415 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1416 | err_sys("attr_setstackaddr failed"); |
wolfSSL | 13:f67a6c6013ca | 1417 | |
wolfSSL | 13:f67a6c6013ca | 1418 | ret = pthread_create(&threadId, &myAttr, tf, args); |
wolfSSL | 13:f67a6c6013ca | 1419 | if (ret != 0) { |
wolfSSL | 13:f67a6c6013ca | 1420 | perror("pthread_create failed"); |
wolfSSL | 13:f67a6c6013ca | 1421 | exit(EXIT_FAILURE); |
wolfSSL | 13:f67a6c6013ca | 1422 | } |
wolfSSL | 13:f67a6c6013ca | 1423 | |
wolfSSL | 13:f67a6c6013ca | 1424 | ret = pthread_join(threadId, &status); |
wolfSSL | 13:f67a6c6013ca | 1425 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1426 | err_sys("pthread_join failed"); |
wolfSSL | 13:f67a6c6013ca | 1427 | |
wolfSSL | 13:f67a6c6013ca | 1428 | for (i = 0; i < stackSize; i++) { |
wolfSSL | 13:f67a6c6013ca | 1429 | if (myStack[i] != 0x01) { |
wolfSSL | 13:f67a6c6013ca | 1430 | break; |
wolfSSL | 13:f67a6c6013ca | 1431 | } |
wolfSSL | 13:f67a6c6013ca | 1432 | } |
wolfSSL | 13:f67a6c6013ca | 1433 | |
wolfSSL | 13:f67a6c6013ca | 1434 | free(myStack); |
wolfSSL | 13:f67a6c6013ca | 1435 | |
wolfSSL | 13:f67a6c6013ca | 1436 | used = stackSize - i; |
wolfSSL | 13:f67a6c6013ca | 1437 | printf("stack used = %d\n", used); |
wolfSSL | 13:f67a6c6013ca | 1438 | |
wolfSSL | 13:f67a6c6013ca | 1439 | return (int)((size_t)status); |
wolfSSL | 13:f67a6c6013ca | 1440 | } |
wolfSSL | 13:f67a6c6013ca | 1441 | |
wolfSSL | 13:f67a6c6013ca | 1442 | |
wolfSSL | 13:f67a6c6013ca | 1443 | #endif /* HAVE_STACK_SIZE */ |
wolfSSL | 13:f67a6c6013ca | 1444 | |
wolfSSL | 13:f67a6c6013ca | 1445 | |
wolfSSL | 13:f67a6c6013ca | 1446 | #ifdef STACK_TRAP |
wolfSSL | 13:f67a6c6013ca | 1447 | |
wolfSSL | 13:f67a6c6013ca | 1448 | /* good settings |
wolfSSL | 13:f67a6c6013ca | 1449 | --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP" |
wolfSSL | 13:f67a6c6013ca | 1450 | |
wolfSSL | 13:f67a6c6013ca | 1451 | */ |
wolfSSL | 13:f67a6c6013ca | 1452 | |
wolfSSL | 13:f67a6c6013ca | 1453 | #ifdef HAVE_STACK_SIZE |
wolfSSL | 13:f67a6c6013ca | 1454 | /* client only for now, setrlimit will fail if pthread_create() called */ |
wolfSSL | 13:f67a6c6013ca | 1455 | /* STACK_SIZE does pthread_create() on client */ |
wolfSSL | 13:f67a6c6013ca | 1456 | #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail" |
wolfSSL | 13:f67a6c6013ca | 1457 | #endif /* HAVE_STACK_SIZE */ |
wolfSSL | 13:f67a6c6013ca | 1458 | |
wolfSSL | 13:f67a6c6013ca | 1459 | static INLINE void StackTrap(void) |
wolfSSL | 13:f67a6c6013ca | 1460 | { |
wolfSSL | 13:f67a6c6013ca | 1461 | struct rlimit rl; |
wolfSSL | 13:f67a6c6013ca | 1462 | if (getrlimit(RLIMIT_STACK, &rl) != 0) |
wolfSSL | 13:f67a6c6013ca | 1463 | err_sys("getrlimit failed"); |
wolfSSL | 13:f67a6c6013ca | 1464 | printf("rlim_cur = %llu\n", rl.rlim_cur); |
wolfSSL | 13:f67a6c6013ca | 1465 | rl.rlim_cur = 1024*21; /* adjust trap size here */ |
wolfSSL | 13:f67a6c6013ca | 1466 | if (setrlimit(RLIMIT_STACK, &rl) != 0) { |
wolfSSL | 13:f67a6c6013ca | 1467 | perror("setrlimit"); |
wolfSSL | 13:f67a6c6013ca | 1468 | err_sys("setrlimit failed"); |
wolfSSL | 13:f67a6c6013ca | 1469 | } |
wolfSSL | 13:f67a6c6013ca | 1470 | } |
wolfSSL | 13:f67a6c6013ca | 1471 | |
wolfSSL | 13:f67a6c6013ca | 1472 | #else /* STACK_TRAP */ |
wolfSSL | 13:f67a6c6013ca | 1473 | |
wolfSSL | 13:f67a6c6013ca | 1474 | static INLINE void StackTrap(void) |
wolfSSL | 13:f67a6c6013ca | 1475 | { |
wolfSSL | 13:f67a6c6013ca | 1476 | } |
wolfSSL | 13:f67a6c6013ca | 1477 | |
wolfSSL | 13:f67a6c6013ca | 1478 | #endif /* STACK_TRAP */ |
wolfSSL | 13:f67a6c6013ca | 1479 | |
wolfSSL | 13:f67a6c6013ca | 1480 | |
wolfSSL | 13:f67a6c6013ca | 1481 | #ifdef ATOMIC_USER |
wolfSSL | 13:f67a6c6013ca | 1482 | |
wolfSSL | 13:f67a6c6013ca | 1483 | /* Atomic Encrypt Context example */ |
wolfSSL | 13:f67a6c6013ca | 1484 | typedef struct AtomicEncCtx { |
wolfSSL | 13:f67a6c6013ca | 1485 | int keySetup; /* have we done key setup yet */ |
wolfSSL | 13:f67a6c6013ca | 1486 | Aes aes; /* for aes example */ |
wolfSSL | 13:f67a6c6013ca | 1487 | } AtomicEncCtx; |
wolfSSL | 13:f67a6c6013ca | 1488 | |
wolfSSL | 13:f67a6c6013ca | 1489 | |
wolfSSL | 13:f67a6c6013ca | 1490 | /* Atomic Decrypt Context example */ |
wolfSSL | 13:f67a6c6013ca | 1491 | typedef struct AtomicDecCtx { |
wolfSSL | 13:f67a6c6013ca | 1492 | int keySetup; /* have we done key setup yet */ |
wolfSSL | 13:f67a6c6013ca | 1493 | Aes aes; /* for aes example */ |
wolfSSL | 13:f67a6c6013ca | 1494 | } AtomicDecCtx; |
wolfSSL | 13:f67a6c6013ca | 1495 | |
wolfSSL | 13:f67a6c6013ca | 1496 | |
wolfSSL | 13:f67a6c6013ca | 1497 | static INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut, |
wolfSSL | 13:f67a6c6013ca | 1498 | const unsigned char* macIn, unsigned int macInSz, int macContent, |
wolfSSL | 13:f67a6c6013ca | 1499 | int macVerify, unsigned char* encOut, const unsigned char* encIn, |
wolfSSL | 13:f67a6c6013ca | 1500 | unsigned int encSz, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 1501 | { |
wolfSSL | 13:f67a6c6013ca | 1502 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1503 | Hmac hmac; |
wolfSSL | 13:f67a6c6013ca | 1504 | byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; |
wolfSSL | 13:f67a6c6013ca | 1505 | AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx; |
wolfSSL | 13:f67a6c6013ca | 1506 | const char* tlsStr = "TLS"; |
wolfSSL | 13:f67a6c6013ca | 1507 | |
wolfSSL | 13:f67a6c6013ca | 1508 | /* example supports (d)tls aes */ |
wolfSSL | 13:f67a6c6013ca | 1509 | if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { |
wolfSSL | 13:f67a6c6013ca | 1510 | printf("myMacEncryptCb not using AES\n"); |
wolfSSL | 13:f67a6c6013ca | 1511 | return -1; |
wolfSSL | 13:f67a6c6013ca | 1512 | } |
wolfSSL | 13:f67a6c6013ca | 1513 | |
wolfSSL | 13:f67a6c6013ca | 1514 | if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { |
wolfSSL | 13:f67a6c6013ca | 1515 | printf("myMacEncryptCb not using (D)TLS\n"); |
wolfSSL | 13:f67a6c6013ca | 1516 | return -1; |
wolfSSL | 13:f67a6c6013ca | 1517 | } |
wolfSSL | 13:f67a6c6013ca | 1518 | |
wolfSSL | 13:f67a6c6013ca | 1519 | /* hmac, not needed if aead mode */ |
wolfSSL | 13:f67a6c6013ca | 1520 | wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); |
wolfSSL | 13:f67a6c6013ca | 1521 | |
wolfSSL | 13:f67a6c6013ca | 1522 | ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), |
wolfSSL | 13:f67a6c6013ca | 1523 | wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl)); |
wolfSSL | 13:f67a6c6013ca | 1524 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1525 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1526 | ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); |
wolfSSL | 13:f67a6c6013ca | 1527 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1528 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1529 | ret = wc_HmacUpdate(&hmac, macIn, macInSz); |
wolfSSL | 13:f67a6c6013ca | 1530 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1531 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1532 | ret = wc_HmacFinal(&hmac, macOut); |
wolfSSL | 13:f67a6c6013ca | 1533 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1534 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1535 | |
wolfSSL | 13:f67a6c6013ca | 1536 | |
wolfSSL | 13:f67a6c6013ca | 1537 | /* encrypt setup on first time */ |
wolfSSL | 13:f67a6c6013ca | 1538 | if (encCtx->keySetup == 0) { |
wolfSSL | 13:f67a6c6013ca | 1539 | int keyLen = wolfSSL_GetKeySize(ssl); |
wolfSSL | 13:f67a6c6013ca | 1540 | const byte* key; |
wolfSSL | 13:f67a6c6013ca | 1541 | const byte* iv; |
wolfSSL | 13:f67a6c6013ca | 1542 | |
wolfSSL | 13:f67a6c6013ca | 1543 | if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) { |
wolfSSL | 13:f67a6c6013ca | 1544 | key = wolfSSL_GetClientWriteKey(ssl); |
wolfSSL | 13:f67a6c6013ca | 1545 | iv = wolfSSL_GetClientWriteIV(ssl); |
wolfSSL | 13:f67a6c6013ca | 1546 | } |
wolfSSL | 13:f67a6c6013ca | 1547 | else { |
wolfSSL | 13:f67a6c6013ca | 1548 | key = wolfSSL_GetServerWriteKey(ssl); |
wolfSSL | 13:f67a6c6013ca | 1549 | iv = wolfSSL_GetServerWriteIV(ssl); |
wolfSSL | 13:f67a6c6013ca | 1550 | } |
wolfSSL | 13:f67a6c6013ca | 1551 | |
wolfSSL | 13:f67a6c6013ca | 1552 | ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION); |
wolfSSL | 13:f67a6c6013ca | 1553 | if (ret != 0) { |
wolfSSL | 13:f67a6c6013ca | 1554 | printf("AesSetKey failed in myMacEncryptCb\n"); |
wolfSSL | 13:f67a6c6013ca | 1555 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1556 | } |
wolfSSL | 13:f67a6c6013ca | 1557 | encCtx->keySetup = 1; |
wolfSSL | 13:f67a6c6013ca | 1558 | } |
wolfSSL | 13:f67a6c6013ca | 1559 | |
wolfSSL | 13:f67a6c6013ca | 1560 | /* encrypt */ |
wolfSSL | 13:f67a6c6013ca | 1561 | return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz); |
wolfSSL | 13:f67a6c6013ca | 1562 | } |
wolfSSL | 13:f67a6c6013ca | 1563 | |
wolfSSL | 13:f67a6c6013ca | 1564 | |
wolfSSL | 13:f67a6c6013ca | 1565 | static INLINE int myDecryptVerifyCb(WOLFSSL* ssl, |
wolfSSL | 13:f67a6c6013ca | 1566 | unsigned char* decOut, const unsigned char* decIn, |
wolfSSL | 13:f67a6c6013ca | 1567 | unsigned int decSz, int macContent, int macVerify, |
wolfSSL | 13:f67a6c6013ca | 1568 | unsigned int* padSz, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 1569 | { |
wolfSSL | 13:f67a6c6013ca | 1570 | AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx; |
wolfSSL | 13:f67a6c6013ca | 1571 | int ret = 0; |
wolfSSL | 13:f67a6c6013ca | 1572 | int macInSz = 0; |
wolfSSL | 13:f67a6c6013ca | 1573 | int ivExtra = 0; |
wolfSSL | 13:f67a6c6013ca | 1574 | int digestSz = wolfSSL_GetHmacSize(ssl); |
wolfSSL | 13:f67a6c6013ca | 1575 | unsigned int pad = 0; |
wolfSSL | 13:f67a6c6013ca | 1576 | unsigned int padByte = 0; |
wolfSSL | 13:f67a6c6013ca | 1577 | Hmac hmac; |
wolfSSL | 13:f67a6c6013ca | 1578 | byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; |
wolfSSL | 13:f67a6c6013ca | 1579 | byte verify[MAX_DIGEST_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 1580 | const char* tlsStr = "TLS"; |
wolfSSL | 13:f67a6c6013ca | 1581 | |
wolfSSL | 13:f67a6c6013ca | 1582 | /* example supports (d)tls aes */ |
wolfSSL | 13:f67a6c6013ca | 1583 | if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { |
wolfSSL | 13:f67a6c6013ca | 1584 | printf("myMacEncryptCb not using AES\n"); |
wolfSSL | 13:f67a6c6013ca | 1585 | return -1; |
wolfSSL | 13:f67a6c6013ca | 1586 | } |
wolfSSL | 13:f67a6c6013ca | 1587 | |
wolfSSL | 13:f67a6c6013ca | 1588 | if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { |
wolfSSL | 13:f67a6c6013ca | 1589 | printf("myMacEncryptCb not using (D)TLS\n"); |
wolfSSL | 13:f67a6c6013ca | 1590 | return -1; |
wolfSSL | 13:f67a6c6013ca | 1591 | } |
wolfSSL | 13:f67a6c6013ca | 1592 | |
wolfSSL | 13:f67a6c6013ca | 1593 | /*decrypt */ |
wolfSSL | 13:f67a6c6013ca | 1594 | if (decCtx->keySetup == 0) { |
wolfSSL | 13:f67a6c6013ca | 1595 | int keyLen = wolfSSL_GetKeySize(ssl); |
wolfSSL | 13:f67a6c6013ca | 1596 | const byte* key; |
wolfSSL | 13:f67a6c6013ca | 1597 | const byte* iv; |
wolfSSL | 13:f67a6c6013ca | 1598 | |
wolfSSL | 13:f67a6c6013ca | 1599 | /* decrypt is from other side (peer) */ |
wolfSSL | 13:f67a6c6013ca | 1600 | if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { |
wolfSSL | 13:f67a6c6013ca | 1601 | key = wolfSSL_GetClientWriteKey(ssl); |
wolfSSL | 13:f67a6c6013ca | 1602 | iv = wolfSSL_GetClientWriteIV(ssl); |
wolfSSL | 13:f67a6c6013ca | 1603 | } |
wolfSSL | 13:f67a6c6013ca | 1604 | else { |
wolfSSL | 13:f67a6c6013ca | 1605 | key = wolfSSL_GetServerWriteKey(ssl); |
wolfSSL | 13:f67a6c6013ca | 1606 | iv = wolfSSL_GetServerWriteIV(ssl); |
wolfSSL | 13:f67a6c6013ca | 1607 | } |
wolfSSL | 13:f67a6c6013ca | 1608 | |
wolfSSL | 13:f67a6c6013ca | 1609 | ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION); |
wolfSSL | 13:f67a6c6013ca | 1610 | if (ret != 0) { |
wolfSSL | 13:f67a6c6013ca | 1611 | printf("AesSetKey failed in myDecryptVerifyCb\n"); |
wolfSSL | 13:f67a6c6013ca | 1612 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1613 | } |
wolfSSL | 13:f67a6c6013ca | 1614 | decCtx->keySetup = 1; |
wolfSSL | 13:f67a6c6013ca | 1615 | } |
wolfSSL | 13:f67a6c6013ca | 1616 | |
wolfSSL | 13:f67a6c6013ca | 1617 | /* decrypt */ |
wolfSSL | 13:f67a6c6013ca | 1618 | ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz); |
wolfSSL | 13:f67a6c6013ca | 1619 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1620 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1621 | |
wolfSSL | 13:f67a6c6013ca | 1622 | if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) { |
wolfSSL | 13:f67a6c6013ca | 1623 | *padSz = wolfSSL_GetAeadMacSize(ssl); |
wolfSSL | 13:f67a6c6013ca | 1624 | return 0; /* hmac, not needed if aead mode */ |
wolfSSL | 13:f67a6c6013ca | 1625 | } |
wolfSSL | 13:f67a6c6013ca | 1626 | |
wolfSSL | 13:f67a6c6013ca | 1627 | if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) { |
wolfSSL | 13:f67a6c6013ca | 1628 | pad = *(decOut + decSz - 1); |
wolfSSL | 13:f67a6c6013ca | 1629 | padByte = 1; |
wolfSSL | 13:f67a6c6013ca | 1630 | if (wolfSSL_IsTLSv1_1(ssl)) |
wolfSSL | 13:f67a6c6013ca | 1631 | ivExtra = wolfSSL_GetCipherBlockSize(ssl); |
wolfSSL | 13:f67a6c6013ca | 1632 | } |
wolfSSL | 13:f67a6c6013ca | 1633 | |
wolfSSL | 13:f67a6c6013ca | 1634 | *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte; |
wolfSSL | 13:f67a6c6013ca | 1635 | macInSz = decSz - ivExtra - digestSz - pad - padByte; |
wolfSSL | 13:f67a6c6013ca | 1636 | |
wolfSSL | 13:f67a6c6013ca | 1637 | wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); |
wolfSSL | 13:f67a6c6013ca | 1638 | |
wolfSSL | 13:f67a6c6013ca | 1639 | ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), |
wolfSSL | 13:f67a6c6013ca | 1640 | wolfSSL_GetMacSecret(ssl, macVerify), digestSz); |
wolfSSL | 13:f67a6c6013ca | 1641 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1642 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1643 | ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); |
wolfSSL | 13:f67a6c6013ca | 1644 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1645 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1646 | ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz); |
wolfSSL | 13:f67a6c6013ca | 1647 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1648 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1649 | ret = wc_HmacFinal(&hmac, verify); |
wolfSSL | 13:f67a6c6013ca | 1650 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1651 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1652 | |
wolfSSL | 13:f67a6c6013ca | 1653 | if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte, |
wolfSSL | 13:f67a6c6013ca | 1654 | digestSz) != 0) { |
wolfSSL | 13:f67a6c6013ca | 1655 | printf("myDecryptVerify verify failed\n"); |
wolfSSL | 13:f67a6c6013ca | 1656 | return -1; |
wolfSSL | 13:f67a6c6013ca | 1657 | } |
wolfSSL | 13:f67a6c6013ca | 1658 | |
wolfSSL | 13:f67a6c6013ca | 1659 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1660 | } |
wolfSSL | 13:f67a6c6013ca | 1661 | |
wolfSSL | 13:f67a6c6013ca | 1662 | |
wolfSSL | 13:f67a6c6013ca | 1663 | static INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) |
wolfSSL | 13:f67a6c6013ca | 1664 | { |
wolfSSL | 13:f67a6c6013ca | 1665 | AtomicEncCtx* encCtx; |
wolfSSL | 13:f67a6c6013ca | 1666 | AtomicDecCtx* decCtx; |
wolfSSL | 13:f67a6c6013ca | 1667 | |
wolfSSL | 13:f67a6c6013ca | 1668 | encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx)); |
wolfSSL | 13:f67a6c6013ca | 1669 | if (encCtx == NULL) |
wolfSSL | 13:f67a6c6013ca | 1670 | err_sys("AtomicEncCtx malloc failed"); |
wolfSSL | 13:f67a6c6013ca | 1671 | memset(encCtx, 0, sizeof(AtomicEncCtx)); |
wolfSSL | 13:f67a6c6013ca | 1672 | |
wolfSSL | 13:f67a6c6013ca | 1673 | decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx)); |
wolfSSL | 13:f67a6c6013ca | 1674 | if (decCtx == NULL) { |
wolfSSL | 13:f67a6c6013ca | 1675 | free(encCtx); |
wolfSSL | 13:f67a6c6013ca | 1676 | err_sys("AtomicDecCtx malloc failed"); |
wolfSSL | 13:f67a6c6013ca | 1677 | } |
wolfSSL | 13:f67a6c6013ca | 1678 | memset(decCtx, 0, sizeof(AtomicDecCtx)); |
wolfSSL | 13:f67a6c6013ca | 1679 | |
wolfSSL | 13:f67a6c6013ca | 1680 | wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb); |
wolfSSL | 13:f67a6c6013ca | 1681 | wolfSSL_SetMacEncryptCtx(ssl, encCtx); |
wolfSSL | 13:f67a6c6013ca | 1682 | |
wolfSSL | 13:f67a6c6013ca | 1683 | wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb); |
wolfSSL | 13:f67a6c6013ca | 1684 | wolfSSL_SetDecryptVerifyCtx(ssl, decCtx); |
wolfSSL | 13:f67a6c6013ca | 1685 | } |
wolfSSL | 13:f67a6c6013ca | 1686 | |
wolfSSL | 13:f67a6c6013ca | 1687 | |
wolfSSL | 13:f67a6c6013ca | 1688 | static INLINE void FreeAtomicUser(WOLFSSL* ssl) |
wolfSSL | 13:f67a6c6013ca | 1689 | { |
wolfSSL | 13:f67a6c6013ca | 1690 | AtomicEncCtx* encCtx = (AtomicEncCtx*)wolfSSL_GetMacEncryptCtx(ssl); |
wolfSSL | 13:f67a6c6013ca | 1691 | AtomicDecCtx* decCtx = (AtomicDecCtx*)wolfSSL_GetDecryptVerifyCtx(ssl); |
wolfSSL | 13:f67a6c6013ca | 1692 | |
wolfSSL | 13:f67a6c6013ca | 1693 | free(decCtx); |
wolfSSL | 13:f67a6c6013ca | 1694 | free(encCtx); |
wolfSSL | 13:f67a6c6013ca | 1695 | } |
wolfSSL | 13:f67a6c6013ca | 1696 | |
wolfSSL | 13:f67a6c6013ca | 1697 | #endif /* ATOMIC_USER */ |
wolfSSL | 13:f67a6c6013ca | 1698 | |
wolfSSL | 13:f67a6c6013ca | 1699 | #ifdef WOLFSSL_STATIC_MEMORY |
wolfSSL | 13:f67a6c6013ca | 1700 | static INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats) |
wolfSSL | 13:f67a6c6013ca | 1701 | { |
wolfSSL | 13:f67a6c6013ca | 1702 | word16 i; |
wolfSSL | 13:f67a6c6013ca | 1703 | |
wolfSSL | 13:f67a6c6013ca | 1704 | if (stats == NULL) { |
wolfSSL | 13:f67a6c6013ca | 1705 | return 0; |
wolfSSL | 13:f67a6c6013ca | 1706 | } |
wolfSSL | 13:f67a6c6013ca | 1707 | |
wolfSSL | 13:f67a6c6013ca | 1708 | /* print to stderr so is on the same pipe as WOLFSSL_DEBUG */ |
wolfSSL | 13:f67a6c6013ca | 1709 | fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc); |
wolfSSL | 13:f67a6c6013ca | 1710 | fprintf(stderr, "Total frees = %d\n", stats->totalFr); |
wolfSSL | 13:f67a6c6013ca | 1711 | fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc); |
wolfSSL | 13:f67a6c6013ca | 1712 | fprintf(stderr, "Available IO = %d\n", stats->avaIO); |
wolfSSL | 13:f67a6c6013ca | 1713 | fprintf(stderr, "Max con. handshakes = %d\n", stats->maxHa); |
wolfSSL | 13:f67a6c6013ca | 1714 | fprintf(stderr, "Max con. IO = %d\n", stats->maxIO); |
wolfSSL | 13:f67a6c6013ca | 1715 | fprintf(stderr, "State of memory blocks: size : available \n"); |
wolfSSL | 13:f67a6c6013ca | 1716 | for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { |
wolfSSL | 13:f67a6c6013ca | 1717 | fprintf(stderr, " : %d\t : %d\n", stats->blockSz[i], |
wolfSSL | 13:f67a6c6013ca | 1718 | stats->avaBlock[i]); |
wolfSSL | 13:f67a6c6013ca | 1719 | } |
wolfSSL | 13:f67a6c6013ca | 1720 | |
wolfSSL | 13:f67a6c6013ca | 1721 | return 1; |
wolfSSL | 13:f67a6c6013ca | 1722 | } |
wolfSSL | 13:f67a6c6013ca | 1723 | #endif /* WOLFSSL_STATIC_MEMORY */ |
wolfSSL | 13:f67a6c6013ca | 1724 | |
wolfSSL | 13:f67a6c6013ca | 1725 | #ifdef HAVE_PK_CALLBACKS |
wolfSSL | 13:f67a6c6013ca | 1726 | |
wolfSSL | 13:f67a6c6013ca | 1727 | #ifdef HAVE_ECC |
wolfSSL | 13:f67a6c6013ca | 1728 | |
wolfSSL | 13:f67a6c6013ca | 1729 | static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz, |
wolfSSL | 13:f67a6c6013ca | 1730 | byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 1731 | { |
wolfSSL | 13:f67a6c6013ca | 1732 | WC_RNG rng; |
wolfSSL | 13:f67a6c6013ca | 1733 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1734 | word32 idx = 0; |
wolfSSL | 13:f67a6c6013ca | 1735 | ecc_key myKey; |
wolfSSL | 13:f67a6c6013ca | 1736 | |
wolfSSL | 13:f67a6c6013ca | 1737 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 1738 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 1739 | |
wolfSSL | 13:f67a6c6013ca | 1740 | ret = wc_InitRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 1741 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1742 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1743 | |
wolfSSL | 13:f67a6c6013ca | 1744 | ret = wc_ecc_init(&myKey); |
wolfSSL | 13:f67a6c6013ca | 1745 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1746 | ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz); |
wolfSSL | 13:f67a6c6013ca | 1747 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 1748 | ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey); |
wolfSSL | 13:f67a6c6013ca | 1749 | wc_ecc_free(&myKey); |
wolfSSL | 13:f67a6c6013ca | 1750 | } |
wolfSSL | 13:f67a6c6013ca | 1751 | wc_FreeRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 1752 | |
wolfSSL | 13:f67a6c6013ca | 1753 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1754 | } |
wolfSSL | 13:f67a6c6013ca | 1755 | |
wolfSSL | 13:f67a6c6013ca | 1756 | |
wolfSSL | 13:f67a6c6013ca | 1757 | static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz, |
wolfSSL | 13:f67a6c6013ca | 1758 | const byte* hash, word32 hashSz, const byte* key, word32 keySz, |
wolfSSL | 13:f67a6c6013ca | 1759 | int* result, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 1760 | { |
wolfSSL | 13:f67a6c6013ca | 1761 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1762 | ecc_key myKey; |
wolfSSL | 13:f67a6c6013ca | 1763 | |
wolfSSL | 13:f67a6c6013ca | 1764 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 1765 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 1766 | |
wolfSSL | 13:f67a6c6013ca | 1767 | ret = wc_ecc_init(&myKey); |
wolfSSL | 13:f67a6c6013ca | 1768 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1769 | ret = wc_ecc_import_x963(key, keySz, &myKey); |
wolfSSL | 13:f67a6c6013ca | 1770 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 1771 | ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey); |
wolfSSL | 13:f67a6c6013ca | 1772 | wc_ecc_free(&myKey); |
wolfSSL | 13:f67a6c6013ca | 1773 | } |
wolfSSL | 13:f67a6c6013ca | 1774 | |
wolfSSL | 13:f67a6c6013ca | 1775 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1776 | } |
wolfSSL | 13:f67a6c6013ca | 1777 | |
wolfSSL | 13:f67a6c6013ca | 1778 | static INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, |
wolfSSL | 13:f67a6c6013ca | 1779 | unsigned char* pubKeyDer, unsigned int* pubKeySz, |
wolfSSL | 13:f67a6c6013ca | 1780 | unsigned char* out, unsigned int* outlen, |
wolfSSL | 13:f67a6c6013ca | 1781 | int side, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 1782 | { |
wolfSSL | 13:f67a6c6013ca | 1783 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1784 | ecc_key* privKey = NULL; |
wolfSSL | 13:f67a6c6013ca | 1785 | ecc_key* pubKey = NULL; |
wolfSSL | 13:f67a6c6013ca | 1786 | ecc_key tmpKey; |
wolfSSL | 13:f67a6c6013ca | 1787 | |
wolfSSL | 13:f67a6c6013ca | 1788 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 1789 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 1790 | |
wolfSSL | 13:f67a6c6013ca | 1791 | ret = wc_ecc_init(&tmpKey); |
wolfSSL | 13:f67a6c6013ca | 1792 | if (ret != 0) { |
wolfSSL | 13:f67a6c6013ca | 1793 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1794 | } |
wolfSSL | 13:f67a6c6013ca | 1795 | |
wolfSSL | 13:f67a6c6013ca | 1796 | /* for client: create and export public key */ |
wolfSSL | 13:f67a6c6013ca | 1797 | if (side == WOLFSSL_CLIENT_END) { |
wolfSSL | 13:f67a6c6013ca | 1798 | WC_RNG rng; |
wolfSSL | 13:f67a6c6013ca | 1799 | |
wolfSSL | 13:f67a6c6013ca | 1800 | privKey = &tmpKey; |
wolfSSL | 13:f67a6c6013ca | 1801 | pubKey = otherKey; |
wolfSSL | 13:f67a6c6013ca | 1802 | |
wolfSSL | 13:f67a6c6013ca | 1803 | ret = wc_InitRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 1804 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1805 | ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id); |
wolfSSL | 13:f67a6c6013ca | 1806 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 1807 | if (ret == WC_PENDING_E) { |
wolfSSL | 13:f67a6c6013ca | 1808 | ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_NONE); |
wolfSSL | 13:f67a6c6013ca | 1809 | } |
wolfSSL | 13:f67a6c6013ca | 1810 | #endif |
wolfSSL | 13:f67a6c6013ca | 1811 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 1812 | ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz); |
wolfSSL | 13:f67a6c6013ca | 1813 | wc_FreeRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 1814 | } |
wolfSSL | 13:f67a6c6013ca | 1815 | } |
wolfSSL | 13:f67a6c6013ca | 1816 | |
wolfSSL | 13:f67a6c6013ca | 1817 | /* for server: import public key */ |
wolfSSL | 13:f67a6c6013ca | 1818 | else if (side == WOLFSSL_SERVER_END) { |
wolfSSL | 13:f67a6c6013ca | 1819 | privKey = otherKey; |
wolfSSL | 13:f67a6c6013ca | 1820 | pubKey = &tmpKey; |
wolfSSL | 13:f67a6c6013ca | 1821 | |
wolfSSL | 13:f67a6c6013ca | 1822 | ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey, |
wolfSSL | 13:f67a6c6013ca | 1823 | otherKey->dp->id); |
wolfSSL | 13:f67a6c6013ca | 1824 | } |
wolfSSL | 13:f67a6c6013ca | 1825 | else { |
wolfSSL | 13:f67a6c6013ca | 1826 | ret = BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 1827 | } |
wolfSSL | 13:f67a6c6013ca | 1828 | |
wolfSSL | 13:f67a6c6013ca | 1829 | /* generate shared secret and return it */ |
wolfSSL | 13:f67a6c6013ca | 1830 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1831 | ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen); |
wolfSSL | 13:f67a6c6013ca | 1832 | |
wolfSSL | 13:f67a6c6013ca | 1833 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 1834 | if (ret == WC_PENDING_E) { |
wolfSSL | 13:f67a6c6013ca | 1835 | ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); |
wolfSSL | 13:f67a6c6013ca | 1836 | } |
wolfSSL | 13:f67a6c6013ca | 1837 | #endif |
wolfSSL | 13:f67a6c6013ca | 1838 | } |
wolfSSL | 13:f67a6c6013ca | 1839 | |
wolfSSL | 13:f67a6c6013ca | 1840 | wc_ecc_free(&tmpKey); |
wolfSSL | 13:f67a6c6013ca | 1841 | |
wolfSSL | 13:f67a6c6013ca | 1842 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1843 | } |
wolfSSL | 13:f67a6c6013ca | 1844 | |
wolfSSL | 13:f67a6c6013ca | 1845 | #ifdef HAVE_ED25519 |
wolfSSL | 13:f67a6c6013ca | 1846 | static INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, |
wolfSSL | 13:f67a6c6013ca | 1847 | byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 1848 | { |
wolfSSL | 13:f67a6c6013ca | 1849 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1850 | word32 idx = 0; |
wolfSSL | 13:f67a6c6013ca | 1851 | ed25519_key myKey; |
wolfSSL | 13:f67a6c6013ca | 1852 | |
wolfSSL | 13:f67a6c6013ca | 1853 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 1854 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 1855 | |
wolfSSL | 13:f67a6c6013ca | 1856 | ret = wc_ed25519_init(&myKey); |
wolfSSL | 13:f67a6c6013ca | 1857 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1858 | ret = wc_Ed25519PrivateKeyDecode(key, &idx, &myKey, keySz); |
wolfSSL | 13:f67a6c6013ca | 1859 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 1860 | ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey); |
wolfSSL | 13:f67a6c6013ca | 1861 | wc_ed25519_free(&myKey); |
wolfSSL | 13:f67a6c6013ca | 1862 | } |
wolfSSL | 13:f67a6c6013ca | 1863 | |
wolfSSL | 13:f67a6c6013ca | 1864 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1865 | } |
wolfSSL | 13:f67a6c6013ca | 1866 | |
wolfSSL | 13:f67a6c6013ca | 1867 | |
wolfSSL | 13:f67a6c6013ca | 1868 | static INLINE int myEd25519Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz, |
wolfSSL | 13:f67a6c6013ca | 1869 | const byte* msg, word32 msgSz, const byte* key, word32 keySz, |
wolfSSL | 13:f67a6c6013ca | 1870 | int* result, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 1871 | { |
wolfSSL | 13:f67a6c6013ca | 1872 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1873 | ed25519_key myKey; |
wolfSSL | 13:f67a6c6013ca | 1874 | |
wolfSSL | 13:f67a6c6013ca | 1875 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 1876 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 1877 | |
wolfSSL | 13:f67a6c6013ca | 1878 | ret = wc_ed25519_init(&myKey); |
wolfSSL | 13:f67a6c6013ca | 1879 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1880 | ret = wc_ed25519_import_public(key, keySz, &myKey); |
wolfSSL | 13:f67a6c6013ca | 1881 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1882 | ret = wc_ed25519_verify_msg(sig, sigSz, msg, msgSz, result, &myKey); |
wolfSSL | 13:f67a6c6013ca | 1883 | } |
wolfSSL | 13:f67a6c6013ca | 1884 | wc_ed25519_free(&myKey); |
wolfSSL | 13:f67a6c6013ca | 1885 | } |
wolfSSL | 13:f67a6c6013ca | 1886 | |
wolfSSL | 13:f67a6c6013ca | 1887 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1888 | } |
wolfSSL | 13:f67a6c6013ca | 1889 | #endif /* HAVE_ED25519 */ |
wolfSSL | 13:f67a6c6013ca | 1890 | |
wolfSSL | 13:f67a6c6013ca | 1891 | #ifdef HAVE_CURVE25519 |
wolfSSL | 13:f67a6c6013ca | 1892 | static INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey, |
wolfSSL | 13:f67a6c6013ca | 1893 | unsigned char* pubKeyDer, unsigned int* pubKeySz, |
wolfSSL | 13:f67a6c6013ca | 1894 | unsigned char* out, unsigned int* outlen, |
wolfSSL | 13:f67a6c6013ca | 1895 | int side, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 1896 | { |
wolfSSL | 13:f67a6c6013ca | 1897 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1898 | curve25519_key* privKey = NULL; |
wolfSSL | 13:f67a6c6013ca | 1899 | curve25519_key* pubKey = NULL; |
wolfSSL | 13:f67a6c6013ca | 1900 | curve25519_key tmpKey; |
wolfSSL | 13:f67a6c6013ca | 1901 | |
wolfSSL | 13:f67a6c6013ca | 1902 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 1903 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 1904 | |
wolfSSL | 13:f67a6c6013ca | 1905 | ret = wc_curve25519_init(&tmpKey); |
wolfSSL | 13:f67a6c6013ca | 1906 | if (ret != 0) { |
wolfSSL | 13:f67a6c6013ca | 1907 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1908 | } |
wolfSSL | 13:f67a6c6013ca | 1909 | |
wolfSSL | 13:f67a6c6013ca | 1910 | /* for client: create and export public key */ |
wolfSSL | 13:f67a6c6013ca | 1911 | if (side == WOLFSSL_CLIENT_END) { |
wolfSSL | 13:f67a6c6013ca | 1912 | WC_RNG rng; |
wolfSSL | 13:f67a6c6013ca | 1913 | |
wolfSSL | 13:f67a6c6013ca | 1914 | privKey = &tmpKey; |
wolfSSL | 13:f67a6c6013ca | 1915 | pubKey = otherKey; |
wolfSSL | 13:f67a6c6013ca | 1916 | |
wolfSSL | 13:f67a6c6013ca | 1917 | ret = wc_InitRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 1918 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1919 | ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, privKey); |
wolfSSL | 13:f67a6c6013ca | 1920 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1921 | ret = wc_curve25519_export_public_ex(privKey, pubKeyDer, |
wolfSSL | 13:f67a6c6013ca | 1922 | pubKeySz, EC25519_LITTLE_ENDIAN); |
wolfSSL | 13:f67a6c6013ca | 1923 | } |
wolfSSL | 13:f67a6c6013ca | 1924 | wc_FreeRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 1925 | } |
wolfSSL | 13:f67a6c6013ca | 1926 | } |
wolfSSL | 13:f67a6c6013ca | 1927 | |
wolfSSL | 13:f67a6c6013ca | 1928 | /* for server: import public key */ |
wolfSSL | 13:f67a6c6013ca | 1929 | else if (side == WOLFSSL_SERVER_END) { |
wolfSSL | 13:f67a6c6013ca | 1930 | privKey = otherKey; |
wolfSSL | 13:f67a6c6013ca | 1931 | pubKey = &tmpKey; |
wolfSSL | 13:f67a6c6013ca | 1932 | |
wolfSSL | 13:f67a6c6013ca | 1933 | ret = wc_curve25519_import_public_ex(pubKeyDer, *pubKeySz, pubKey, |
wolfSSL | 13:f67a6c6013ca | 1934 | EC25519_LITTLE_ENDIAN); |
wolfSSL | 13:f67a6c6013ca | 1935 | } |
wolfSSL | 13:f67a6c6013ca | 1936 | else { |
wolfSSL | 13:f67a6c6013ca | 1937 | ret = BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 1938 | } |
wolfSSL | 13:f67a6c6013ca | 1939 | |
wolfSSL | 13:f67a6c6013ca | 1940 | /* generate shared secret and return it */ |
wolfSSL | 13:f67a6c6013ca | 1941 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1942 | ret = wc_curve25519_shared_secret_ex(privKey, pubKey, out, outlen, |
wolfSSL | 13:f67a6c6013ca | 1943 | EC25519_LITTLE_ENDIAN); |
wolfSSL | 13:f67a6c6013ca | 1944 | } |
wolfSSL | 13:f67a6c6013ca | 1945 | |
wolfSSL | 13:f67a6c6013ca | 1946 | wc_curve25519_free(&tmpKey); |
wolfSSL | 13:f67a6c6013ca | 1947 | |
wolfSSL | 13:f67a6c6013ca | 1948 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1949 | } |
wolfSSL | 13:f67a6c6013ca | 1950 | #endif /* HAVE_CURVE25519 */ |
wolfSSL | 13:f67a6c6013ca | 1951 | |
wolfSSL | 13:f67a6c6013ca | 1952 | #endif /* HAVE_ECC */ |
wolfSSL | 13:f67a6c6013ca | 1953 | |
wolfSSL | 13:f67a6c6013ca | 1954 | #ifndef NO_RSA |
wolfSSL | 13:f67a6c6013ca | 1955 | |
wolfSSL | 13:f67a6c6013ca | 1956 | static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, |
wolfSSL | 13:f67a6c6013ca | 1957 | byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 1958 | { |
wolfSSL | 13:f67a6c6013ca | 1959 | WC_RNG rng; |
wolfSSL | 13:f67a6c6013ca | 1960 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1961 | word32 idx = 0; |
wolfSSL | 13:f67a6c6013ca | 1962 | RsaKey myKey; |
wolfSSL | 13:f67a6c6013ca | 1963 | |
wolfSSL | 13:f67a6c6013ca | 1964 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 1965 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 1966 | |
wolfSSL | 13:f67a6c6013ca | 1967 | ret = wc_InitRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 1968 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 1969 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1970 | |
wolfSSL | 13:f67a6c6013ca | 1971 | ret = wc_InitRsaKey(&myKey, NULL); |
wolfSSL | 13:f67a6c6013ca | 1972 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 1973 | ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz); |
wolfSSL | 13:f67a6c6013ca | 1974 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 1975 | ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng); |
wolfSSL | 13:f67a6c6013ca | 1976 | if (ret > 0) { /* save and convert to 0 success */ |
wolfSSL | 13:f67a6c6013ca | 1977 | *outSz = ret; |
wolfSSL | 13:f67a6c6013ca | 1978 | ret = 0; |
wolfSSL | 13:f67a6c6013ca | 1979 | } |
wolfSSL | 13:f67a6c6013ca | 1980 | wc_FreeRsaKey(&myKey); |
wolfSSL | 13:f67a6c6013ca | 1981 | } |
wolfSSL | 13:f67a6c6013ca | 1982 | wc_FreeRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 1983 | |
wolfSSL | 13:f67a6c6013ca | 1984 | return ret; |
wolfSSL | 13:f67a6c6013ca | 1985 | } |
wolfSSL | 13:f67a6c6013ca | 1986 | |
wolfSSL | 13:f67a6c6013ca | 1987 | |
wolfSSL | 13:f67a6c6013ca | 1988 | static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, |
wolfSSL | 13:f67a6c6013ca | 1989 | byte** out, |
wolfSSL | 13:f67a6c6013ca | 1990 | const byte* key, word32 keySz, |
wolfSSL | 13:f67a6c6013ca | 1991 | void* ctx) |
wolfSSL | 13:f67a6c6013ca | 1992 | { |
wolfSSL | 13:f67a6c6013ca | 1993 | int ret; |
wolfSSL | 13:f67a6c6013ca | 1994 | word32 idx = 0; |
wolfSSL | 13:f67a6c6013ca | 1995 | RsaKey myKey; |
wolfSSL | 13:f67a6c6013ca | 1996 | |
wolfSSL | 13:f67a6c6013ca | 1997 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 1998 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 1999 | |
wolfSSL | 13:f67a6c6013ca | 2000 | ret = wc_InitRsaKey(&myKey, NULL); |
wolfSSL | 13:f67a6c6013ca | 2001 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 2002 | ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); |
wolfSSL | 13:f67a6c6013ca | 2003 | if (ret == 0) |
wolfSSL | 13:f67a6c6013ca | 2004 | ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey); |
wolfSSL | 13:f67a6c6013ca | 2005 | wc_FreeRsaKey(&myKey); |
wolfSSL | 13:f67a6c6013ca | 2006 | } |
wolfSSL | 13:f67a6c6013ca | 2007 | |
wolfSSL | 13:f67a6c6013ca | 2008 | return ret; |
wolfSSL | 13:f67a6c6013ca | 2009 | } |
wolfSSL | 13:f67a6c6013ca | 2010 | |
wolfSSL | 13:f67a6c6013ca | 2011 | #ifdef WC_RSA_PSS |
wolfSSL | 13:f67a6c6013ca | 2012 | static INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz, |
wolfSSL | 13:f67a6c6013ca | 2013 | byte* out, word32* outSz, int hash, int mgf, const byte* key, |
wolfSSL | 13:f67a6c6013ca | 2014 | word32 keySz, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 2015 | { |
wolfSSL | 13:f67a6c6013ca | 2016 | enum wc_HashType hashType = WC_HASH_TYPE_NONE; |
wolfSSL | 13:f67a6c6013ca | 2017 | WC_RNG rng; |
wolfSSL | 13:f67a6c6013ca | 2018 | int ret; |
wolfSSL | 13:f67a6c6013ca | 2019 | word32 idx = 0; |
wolfSSL | 13:f67a6c6013ca | 2020 | RsaKey myKey; |
wolfSSL | 13:f67a6c6013ca | 2021 | |
wolfSSL | 13:f67a6c6013ca | 2022 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 2023 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 2024 | |
wolfSSL | 13:f67a6c6013ca | 2025 | switch (hash) { |
wolfSSL | 13:f67a6c6013ca | 2026 | #ifndef NO_SHA256 |
wolfSSL | 13:f67a6c6013ca | 2027 | case SHA256h: |
wolfSSL | 13:f67a6c6013ca | 2028 | hashType = WC_HASH_TYPE_SHA256; |
wolfSSL | 13:f67a6c6013ca | 2029 | break; |
wolfSSL | 13:f67a6c6013ca | 2030 | #endif |
wolfSSL | 13:f67a6c6013ca | 2031 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 13:f67a6c6013ca | 2032 | case SHA384h: |
wolfSSL | 13:f67a6c6013ca | 2033 | hashType = WC_HASH_TYPE_SHA384; |
wolfSSL | 13:f67a6c6013ca | 2034 | break; |
wolfSSL | 13:f67a6c6013ca | 2035 | #endif |
wolfSSL | 13:f67a6c6013ca | 2036 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 13:f67a6c6013ca | 2037 | case SHA512h: |
wolfSSL | 13:f67a6c6013ca | 2038 | hashType = WC_HASH_TYPE_SHA512; |
wolfSSL | 13:f67a6c6013ca | 2039 | break; |
wolfSSL | 13:f67a6c6013ca | 2040 | #endif |
wolfSSL | 13:f67a6c6013ca | 2041 | } |
wolfSSL | 13:f67a6c6013ca | 2042 | |
wolfSSL | 13:f67a6c6013ca | 2043 | ret = wc_InitRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 2044 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 2045 | return ret; |
wolfSSL | 13:f67a6c6013ca | 2046 | |
wolfSSL | 13:f67a6c6013ca | 2047 | ret = wc_InitRsaKey(&myKey, NULL); |
wolfSSL | 13:f67a6c6013ca | 2048 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 2049 | ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz); |
wolfSSL | 13:f67a6c6013ca | 2050 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 2051 | ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey, |
wolfSSL | 13:f67a6c6013ca | 2052 | &rng); |
wolfSSL | 13:f67a6c6013ca | 2053 | } |
wolfSSL | 13:f67a6c6013ca | 2054 | if (ret > 0) { /* save and convert to 0 success */ |
wolfSSL | 13:f67a6c6013ca | 2055 | *outSz = ret; |
wolfSSL | 13:f67a6c6013ca | 2056 | ret = 0; |
wolfSSL | 13:f67a6c6013ca | 2057 | } |
wolfSSL | 13:f67a6c6013ca | 2058 | wc_FreeRsaKey(&myKey); |
wolfSSL | 13:f67a6c6013ca | 2059 | } |
wolfSSL | 13:f67a6c6013ca | 2060 | wc_FreeRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 2061 | |
wolfSSL | 13:f67a6c6013ca | 2062 | return ret; |
wolfSSL | 13:f67a6c6013ca | 2063 | } |
wolfSSL | 13:f67a6c6013ca | 2064 | |
wolfSSL | 13:f67a6c6013ca | 2065 | |
wolfSSL | 13:f67a6c6013ca | 2066 | static INLINE int myRsaPssVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, |
wolfSSL | 13:f67a6c6013ca | 2067 | byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 2068 | { |
wolfSSL | 13:f67a6c6013ca | 2069 | enum wc_HashType hashType = WC_HASH_TYPE_NONE; |
wolfSSL | 13:f67a6c6013ca | 2070 | int ret; |
wolfSSL | 13:f67a6c6013ca | 2071 | word32 idx = 0; |
wolfSSL | 13:f67a6c6013ca | 2072 | RsaKey myKey; |
wolfSSL | 13:f67a6c6013ca | 2073 | |
wolfSSL | 13:f67a6c6013ca | 2074 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 2075 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 2076 | |
wolfSSL | 13:f67a6c6013ca | 2077 | switch (hash) { |
wolfSSL | 13:f67a6c6013ca | 2078 | #ifndef NO_SHA256 |
wolfSSL | 13:f67a6c6013ca | 2079 | case SHA256h: |
wolfSSL | 13:f67a6c6013ca | 2080 | hashType = WC_HASH_TYPE_SHA256; |
wolfSSL | 13:f67a6c6013ca | 2081 | break; |
wolfSSL | 13:f67a6c6013ca | 2082 | #endif |
wolfSSL | 13:f67a6c6013ca | 2083 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 13:f67a6c6013ca | 2084 | case SHA384h: |
wolfSSL | 13:f67a6c6013ca | 2085 | hashType = WC_HASH_TYPE_SHA384; |
wolfSSL | 13:f67a6c6013ca | 2086 | break; |
wolfSSL | 13:f67a6c6013ca | 2087 | #endif |
wolfSSL | 13:f67a6c6013ca | 2088 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 13:f67a6c6013ca | 2089 | case SHA512h: |
wolfSSL | 13:f67a6c6013ca | 2090 | hashType = WC_HASH_TYPE_SHA512; |
wolfSSL | 13:f67a6c6013ca | 2091 | break; |
wolfSSL | 13:f67a6c6013ca | 2092 | #endif |
wolfSSL | 13:f67a6c6013ca | 2093 | } |
wolfSSL | 13:f67a6c6013ca | 2094 | |
wolfSSL | 13:f67a6c6013ca | 2095 | ret = wc_InitRsaKey(&myKey, NULL); |
wolfSSL | 13:f67a6c6013ca | 2096 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 2097 | ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); |
wolfSSL | 13:f67a6c6013ca | 2098 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 2099 | ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf, |
wolfSSL | 13:f67a6c6013ca | 2100 | &myKey); |
wolfSSL | 13:f67a6c6013ca | 2101 | } |
wolfSSL | 13:f67a6c6013ca | 2102 | wc_FreeRsaKey(&myKey); |
wolfSSL | 13:f67a6c6013ca | 2103 | } |
wolfSSL | 13:f67a6c6013ca | 2104 | |
wolfSSL | 13:f67a6c6013ca | 2105 | return ret; |
wolfSSL | 13:f67a6c6013ca | 2106 | } |
wolfSSL | 13:f67a6c6013ca | 2107 | #endif |
wolfSSL | 13:f67a6c6013ca | 2108 | |
wolfSSL | 13:f67a6c6013ca | 2109 | |
wolfSSL | 13:f67a6c6013ca | 2110 | static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, |
wolfSSL | 13:f67a6c6013ca | 2111 | byte* out, word32* outSz, const byte* key, |
wolfSSL | 13:f67a6c6013ca | 2112 | word32 keySz, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 2113 | { |
wolfSSL | 13:f67a6c6013ca | 2114 | int ret; |
wolfSSL | 13:f67a6c6013ca | 2115 | word32 idx = 0; |
wolfSSL | 13:f67a6c6013ca | 2116 | RsaKey myKey; |
wolfSSL | 13:f67a6c6013ca | 2117 | WC_RNG rng; |
wolfSSL | 13:f67a6c6013ca | 2118 | |
wolfSSL | 13:f67a6c6013ca | 2119 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 2120 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 2121 | |
wolfSSL | 13:f67a6c6013ca | 2122 | ret = wc_InitRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 2123 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 2124 | return ret; |
wolfSSL | 13:f67a6c6013ca | 2125 | |
wolfSSL | 13:f67a6c6013ca | 2126 | ret = wc_InitRsaKey(&myKey, NULL); |
wolfSSL | 13:f67a6c6013ca | 2127 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 2128 | ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); |
wolfSSL | 13:f67a6c6013ca | 2129 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 2130 | ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng); |
wolfSSL | 13:f67a6c6013ca | 2131 | if (ret > 0) { |
wolfSSL | 13:f67a6c6013ca | 2132 | *outSz = ret; |
wolfSSL | 13:f67a6c6013ca | 2133 | ret = 0; /* reset to success */ |
wolfSSL | 13:f67a6c6013ca | 2134 | } |
wolfSSL | 13:f67a6c6013ca | 2135 | } |
wolfSSL | 13:f67a6c6013ca | 2136 | wc_FreeRsaKey(&myKey); |
wolfSSL | 13:f67a6c6013ca | 2137 | } |
wolfSSL | 13:f67a6c6013ca | 2138 | wc_FreeRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 2139 | |
wolfSSL | 13:f67a6c6013ca | 2140 | return ret; |
wolfSSL | 13:f67a6c6013ca | 2141 | } |
wolfSSL | 13:f67a6c6013ca | 2142 | |
wolfSSL | 13:f67a6c6013ca | 2143 | static INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz, |
wolfSSL | 13:f67a6c6013ca | 2144 | byte** out, |
wolfSSL | 13:f67a6c6013ca | 2145 | const byte* key, word32 keySz, void* ctx) |
wolfSSL | 13:f67a6c6013ca | 2146 | { |
wolfSSL | 13:f67a6c6013ca | 2147 | int ret; |
wolfSSL | 13:f67a6c6013ca | 2148 | word32 idx = 0; |
wolfSSL | 13:f67a6c6013ca | 2149 | RsaKey myKey; |
wolfSSL | 13:f67a6c6013ca | 2150 | |
wolfSSL | 13:f67a6c6013ca | 2151 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 2152 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 2153 | |
wolfSSL | 13:f67a6c6013ca | 2154 | ret = wc_InitRsaKey(&myKey, NULL); |
wolfSSL | 13:f67a6c6013ca | 2155 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 2156 | ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz); |
wolfSSL | 13:f67a6c6013ca | 2157 | if (ret == 0) { |
wolfSSL | 13:f67a6c6013ca | 2158 | #ifdef WC_RSA_BLINDING |
wolfSSL | 13:f67a6c6013ca | 2159 | ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl)); |
wolfSSL | 13:f67a6c6013ca | 2160 | if (ret != 0) { |
wolfSSL | 13:f67a6c6013ca | 2161 | wc_FreeRsaKey(&myKey); |
wolfSSL | 13:f67a6c6013ca | 2162 | return ret; |
wolfSSL | 13:f67a6c6013ca | 2163 | } |
wolfSSL | 13:f67a6c6013ca | 2164 | #endif |
wolfSSL | 13:f67a6c6013ca | 2165 | ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey); |
wolfSSL | 13:f67a6c6013ca | 2166 | } |
wolfSSL | 13:f67a6c6013ca | 2167 | wc_FreeRsaKey(&myKey); |
wolfSSL | 13:f67a6c6013ca | 2168 | } |
wolfSSL | 13:f67a6c6013ca | 2169 | |
wolfSSL | 13:f67a6c6013ca | 2170 | return ret; |
wolfSSL | 13:f67a6c6013ca | 2171 | } |
wolfSSL | 13:f67a6c6013ca | 2172 | |
wolfSSL | 13:f67a6c6013ca | 2173 | #endif /* NO_RSA */ |
wolfSSL | 13:f67a6c6013ca | 2174 | |
wolfSSL | 13:f67a6c6013ca | 2175 | static INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx, WOLFSSL* ssl) |
wolfSSL | 13:f67a6c6013ca | 2176 | { |
wolfSSL | 13:f67a6c6013ca | 2177 | (void)ctx; |
wolfSSL | 13:f67a6c6013ca | 2178 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 2179 | |
wolfSSL | 13:f67a6c6013ca | 2180 | #ifdef HAVE_ECC |
wolfSSL | 13:f67a6c6013ca | 2181 | wolfSSL_CTX_SetEccSignCb(ctx, myEccSign); |
wolfSSL | 13:f67a6c6013ca | 2182 | wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify); |
wolfSSL | 13:f67a6c6013ca | 2183 | wolfSSL_CTX_SetEccSharedSecretCb(ctx, myEccSharedSecret); |
wolfSSL | 13:f67a6c6013ca | 2184 | #endif /* HAVE_ECC */ |
wolfSSL | 13:f67a6c6013ca | 2185 | #ifdef HAVE_ED25519 |
wolfSSL | 13:f67a6c6013ca | 2186 | wolfSSL_CTX_SetEd25519SignCb(ctx, myEd25519Sign); |
wolfSSL | 13:f67a6c6013ca | 2187 | wolfSSL_CTX_SetEd25519VerifyCb(ctx, myEd25519Verify); |
wolfSSL | 13:f67a6c6013ca | 2188 | #endif |
wolfSSL | 13:f67a6c6013ca | 2189 | #ifdef HAVE_CURVE25519 |
wolfSSL | 13:f67a6c6013ca | 2190 | wolfSSL_CTX_SetX25519SharedSecretCb(ctx, myX25519SharedSecret); |
wolfSSL | 13:f67a6c6013ca | 2191 | #endif |
wolfSSL | 13:f67a6c6013ca | 2192 | #ifndef NO_RSA |
wolfSSL | 13:f67a6c6013ca | 2193 | wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign); |
wolfSSL | 13:f67a6c6013ca | 2194 | wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify); |
wolfSSL | 13:f67a6c6013ca | 2195 | #ifdef WC_RSA_PSS |
wolfSSL | 13:f67a6c6013ca | 2196 | wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign); |
wolfSSL | 13:f67a6c6013ca | 2197 | wolfSSL_CTX_SetRsaPssVerifyCb(ctx, myRsaPssVerify); |
wolfSSL | 13:f67a6c6013ca | 2198 | #endif |
wolfSSL | 13:f67a6c6013ca | 2199 | wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc); |
wolfSSL | 13:f67a6c6013ca | 2200 | wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec); |
wolfSSL | 13:f67a6c6013ca | 2201 | #endif /* NO_RSA */ |
wolfSSL | 13:f67a6c6013ca | 2202 | } |
wolfSSL | 13:f67a6c6013ca | 2203 | |
wolfSSL | 13:f67a6c6013ca | 2204 | #endif /* HAVE_PK_CALLBACKS */ |
wolfSSL | 13:f67a6c6013ca | 2205 | |
wolfSSL | 13:f67a6c6013ca | 2206 | |
wolfSSL | 13:f67a6c6013ca | 2207 | |
wolfSSL | 13:f67a6c6013ca | 2208 | |
wolfSSL | 13:f67a6c6013ca | 2209 | |
wolfSSL | 13:f67a6c6013ca | 2210 | #if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \ |
wolfSSL | 13:f67a6c6013ca | 2211 | || defined(_MSC_VER) |
wolfSSL | 13:f67a6c6013ca | 2212 | |
wolfSSL | 13:f67a6c6013ca | 2213 | /* HP/UX doesn't have strsep, needed by test/suites.c */ |
wolfSSL | 13:f67a6c6013ca | 2214 | static INLINE char* strsep(char **stringp, const char *delim) |
wolfSSL | 13:f67a6c6013ca | 2215 | { |
wolfSSL | 13:f67a6c6013ca | 2216 | char* start; |
wolfSSL | 13:f67a6c6013ca | 2217 | char* end; |
wolfSSL | 13:f67a6c6013ca | 2218 | |
wolfSSL | 13:f67a6c6013ca | 2219 | start = *stringp; |
wolfSSL | 13:f67a6c6013ca | 2220 | if (start == NULL) |
wolfSSL | 13:f67a6c6013ca | 2221 | return NULL; |
wolfSSL | 13:f67a6c6013ca | 2222 | |
wolfSSL | 13:f67a6c6013ca | 2223 | if ((end = strpbrk(start, delim))) { |
wolfSSL | 13:f67a6c6013ca | 2224 | *end++ = '\0'; |
wolfSSL | 13:f67a6c6013ca | 2225 | *stringp = end; |
wolfSSL | 13:f67a6c6013ca | 2226 | } else { |
wolfSSL | 13:f67a6c6013ca | 2227 | *stringp = NULL; |
wolfSSL | 13:f67a6c6013ca | 2228 | } |
wolfSSL | 13:f67a6c6013ca | 2229 | |
wolfSSL | 13:f67a6c6013ca | 2230 | return start; |
wolfSSL | 13:f67a6c6013ca | 2231 | } |
wolfSSL | 13:f67a6c6013ca | 2232 | |
wolfSSL | 13:f67a6c6013ca | 2233 | #endif /* __hpux__ and others */ |
wolfSSL | 13:f67a6c6013ca | 2234 | |
wolfSSL | 13:f67a6c6013ca | 2235 | /* Create unique filename, len is length of tempfn name, assuming |
wolfSSL | 13:f67a6c6013ca | 2236 | len does not include null terminating character, |
wolfSSL | 13:f67a6c6013ca | 2237 | num is number of characters in tempfn name to randomize */ |
wolfSSL | 13:f67a6c6013ca | 2238 | static INLINE const char* mymktemp(char *tempfn, int len, int num) |
wolfSSL | 13:f67a6c6013ca | 2239 | { |
wolfSSL | 13:f67a6c6013ca | 2240 | int x, size; |
wolfSSL | 13:f67a6c6013ca | 2241 | static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" |
wolfSSL | 13:f67a6c6013ca | 2242 | "abcdefghijklmnopqrstuvwxyz"; |
wolfSSL | 13:f67a6c6013ca | 2243 | WC_RNG rng; |
wolfSSL | 13:f67a6c6013ca | 2244 | byte out; |
wolfSSL | 13:f67a6c6013ca | 2245 | |
wolfSSL | 13:f67a6c6013ca | 2246 | if (tempfn == NULL || len < 1 || num < 1 || len <= num) { |
wolfSSL | 13:f67a6c6013ca | 2247 | printf("Bad input\n"); |
wolfSSL | 13:f67a6c6013ca | 2248 | return NULL; |
wolfSSL | 13:f67a6c6013ca | 2249 | } |
wolfSSL | 13:f67a6c6013ca | 2250 | |
wolfSSL | 13:f67a6c6013ca | 2251 | size = len - 1; |
wolfSSL | 13:f67a6c6013ca | 2252 | |
wolfSSL | 13:f67a6c6013ca | 2253 | if (wc_InitRng(&rng) != 0) { |
wolfSSL | 13:f67a6c6013ca | 2254 | printf("InitRng failed\n"); |
wolfSSL | 13:f67a6c6013ca | 2255 | return NULL; |
wolfSSL | 13:f67a6c6013ca | 2256 | } |
wolfSSL | 13:f67a6c6013ca | 2257 | |
wolfSSL | 13:f67a6c6013ca | 2258 | for (x = size; x > size - num; x--) { |
wolfSSL | 13:f67a6c6013ca | 2259 | if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) { |
wolfSSL | 13:f67a6c6013ca | 2260 | printf("RNG_GenerateBlock failed\n"); |
wolfSSL | 13:f67a6c6013ca | 2261 | return NULL; |
wolfSSL | 13:f67a6c6013ca | 2262 | } |
wolfSSL | 13:f67a6c6013ca | 2263 | tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)]; |
wolfSSL | 13:f67a6c6013ca | 2264 | } |
wolfSSL | 13:f67a6c6013ca | 2265 | tempfn[len] = '\0'; |
wolfSSL | 13:f67a6c6013ca | 2266 | |
wolfSSL | 13:f67a6c6013ca | 2267 | wc_FreeRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 2268 | |
wolfSSL | 13:f67a6c6013ca | 2269 | return tempfn; |
wolfSSL | 13:f67a6c6013ca | 2270 | } |
wolfSSL | 13:f67a6c6013ca | 2271 | |
wolfSSL | 13:f67a6c6013ca | 2272 | |
wolfSSL | 13:f67a6c6013ca | 2273 | |
wolfSSL | 13:f67a6c6013ca | 2274 | #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ |
wolfSSL | 13:f67a6c6013ca | 2275 | defined(HAVE_POLY1305) |
wolfSSL | 13:f67a6c6013ca | 2276 | |
wolfSSL | 13:f67a6c6013ca | 2277 | #include <wolfssl/wolfcrypt/chacha20_poly1305.h> |
wolfSSL | 13:f67a6c6013ca | 2278 | |
wolfSSL | 13:f67a6c6013ca | 2279 | typedef struct key_ctx { |
wolfSSL | 13:f67a6c6013ca | 2280 | byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */ |
wolfSSL | 13:f67a6c6013ca | 2281 | byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; /* cipher key */ |
wolfSSL | 13:f67a6c6013ca | 2282 | } key_ctx; |
wolfSSL | 13:f67a6c6013ca | 2283 | |
wolfSSL | 13:f67a6c6013ca | 2284 | static key_ctx myKey_ctx; |
wolfSSL | 13:f67a6c6013ca | 2285 | static WC_RNG myKey_rng; |
wolfSSL | 13:f67a6c6013ca | 2286 | |
wolfSSL | 13:f67a6c6013ca | 2287 | static INLINE int TicketInit(void) |
wolfSSL | 13:f67a6c6013ca | 2288 | { |
wolfSSL | 13:f67a6c6013ca | 2289 | int ret = wc_InitRng(&myKey_rng); |
wolfSSL | 13:f67a6c6013ca | 2290 | if (ret != 0) return ret; |
wolfSSL | 13:f67a6c6013ca | 2291 | |
wolfSSL | 13:f67a6c6013ca | 2292 | ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key)); |
wolfSSL | 13:f67a6c6013ca | 2293 | if (ret != 0) return ret; |
wolfSSL | 13:f67a6c6013ca | 2294 | |
wolfSSL | 13:f67a6c6013ca | 2295 | ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name,sizeof(myKey_ctx.name)); |
wolfSSL | 13:f67a6c6013ca | 2296 | if (ret != 0) return ret; |
wolfSSL | 13:f67a6c6013ca | 2297 | |
wolfSSL | 13:f67a6c6013ca | 2298 | return 0; |
wolfSSL | 13:f67a6c6013ca | 2299 | } |
wolfSSL | 13:f67a6c6013ca | 2300 | |
wolfSSL | 13:f67a6c6013ca | 2301 | static INLINE void TicketCleanup(void) |
wolfSSL | 13:f67a6c6013ca | 2302 | { |
wolfSSL | 13:f67a6c6013ca | 2303 | wc_FreeRng(&myKey_rng); |
wolfSSL | 13:f67a6c6013ca | 2304 | } |
wolfSSL | 13:f67a6c6013ca | 2305 | |
wolfSSL | 13:f67a6c6013ca | 2306 | static INLINE int myTicketEncCb(WOLFSSL* ssl, |
wolfSSL | 13:f67a6c6013ca | 2307 | byte key_name[WOLFSSL_TICKET_NAME_SZ], |
wolfSSL | 13:f67a6c6013ca | 2308 | byte iv[WOLFSSL_TICKET_IV_SZ], |
wolfSSL | 13:f67a6c6013ca | 2309 | byte mac[WOLFSSL_TICKET_MAC_SZ], |
wolfSSL | 13:f67a6c6013ca | 2310 | int enc, byte* ticket, int inLen, int* outLen, |
wolfSSL | 13:f67a6c6013ca | 2311 | void* userCtx) |
wolfSSL | 13:f67a6c6013ca | 2312 | { |
wolfSSL | 13:f67a6c6013ca | 2313 | (void)ssl; |
wolfSSL | 13:f67a6c6013ca | 2314 | (void)userCtx; |
wolfSSL | 13:f67a6c6013ca | 2315 | |
wolfSSL | 13:f67a6c6013ca | 2316 | int ret; |
wolfSSL | 13:f67a6c6013ca | 2317 | word16 sLen = XHTONS(inLen); |
wolfSSL | 13:f67a6c6013ca | 2318 | byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2]; |
wolfSSL | 13:f67a6c6013ca | 2319 | int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2; |
wolfSSL | 13:f67a6c6013ca | 2320 | byte* tmp = aad; |
wolfSSL | 13:f67a6c6013ca | 2321 | |
wolfSSL | 13:f67a6c6013ca | 2322 | if (enc) { |
wolfSSL | 13:f67a6c6013ca | 2323 | XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ); |
wolfSSL | 13:f67a6c6013ca | 2324 | |
wolfSSL | 13:f67a6c6013ca | 2325 | ret = wc_RNG_GenerateBlock(&myKey_rng, iv, WOLFSSL_TICKET_IV_SZ); |
wolfSSL | 13:f67a6c6013ca | 2326 | if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; |
wolfSSL | 13:f67a6c6013ca | 2327 | |
wolfSSL | 13:f67a6c6013ca | 2328 | /* build aad from key name, iv, and length */ |
wolfSSL | 13:f67a6c6013ca | 2329 | XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ); |
wolfSSL | 13:f67a6c6013ca | 2330 | tmp += WOLFSSL_TICKET_NAME_SZ; |
wolfSSL | 13:f67a6c6013ca | 2331 | XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); |
wolfSSL | 13:f67a6c6013ca | 2332 | tmp += WOLFSSL_TICKET_IV_SZ; |
wolfSSL | 13:f67a6c6013ca | 2333 | XMEMCPY(tmp, &sLen, 2); |
wolfSSL | 13:f67a6c6013ca | 2334 | |
wolfSSL | 13:f67a6c6013ca | 2335 | ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv, |
wolfSSL | 13:f67a6c6013ca | 2336 | aad, aadSz, |
wolfSSL | 13:f67a6c6013ca | 2337 | ticket, inLen, |
wolfSSL | 13:f67a6c6013ca | 2338 | ticket, |
wolfSSL | 13:f67a6c6013ca | 2339 | mac); |
wolfSSL | 13:f67a6c6013ca | 2340 | if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; |
wolfSSL | 13:f67a6c6013ca | 2341 | *outLen = inLen; /* no padding in this mode */ |
wolfSSL | 13:f67a6c6013ca | 2342 | } else { |
wolfSSL | 13:f67a6c6013ca | 2343 | /* decrypt */ |
wolfSSL | 13:f67a6c6013ca | 2344 | |
wolfSSL | 13:f67a6c6013ca | 2345 | /* see if we know this key */ |
wolfSSL | 13:f67a6c6013ca | 2346 | if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){ |
wolfSSL | 13:f67a6c6013ca | 2347 | printf("client presented unknown ticket key name "); |
wolfSSL | 13:f67a6c6013ca | 2348 | return WOLFSSL_TICKET_RET_FATAL; |
wolfSSL | 13:f67a6c6013ca | 2349 | } |
wolfSSL | 13:f67a6c6013ca | 2350 | |
wolfSSL | 13:f67a6c6013ca | 2351 | /* build aad from key name, iv, and length */ |
wolfSSL | 13:f67a6c6013ca | 2352 | XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ); |
wolfSSL | 13:f67a6c6013ca | 2353 | tmp += WOLFSSL_TICKET_NAME_SZ; |
wolfSSL | 13:f67a6c6013ca | 2354 | XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); |
wolfSSL | 13:f67a6c6013ca | 2355 | tmp += WOLFSSL_TICKET_IV_SZ; |
wolfSSL | 13:f67a6c6013ca | 2356 | XMEMCPY(tmp, &sLen, 2); |
wolfSSL | 13:f67a6c6013ca | 2357 | |
wolfSSL | 13:f67a6c6013ca | 2358 | ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv, |
wolfSSL | 13:f67a6c6013ca | 2359 | aad, aadSz, |
wolfSSL | 13:f67a6c6013ca | 2360 | ticket, inLen, |
wolfSSL | 13:f67a6c6013ca | 2361 | mac, |
wolfSSL | 13:f67a6c6013ca | 2362 | ticket); |
wolfSSL | 13:f67a6c6013ca | 2363 | if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; |
wolfSSL | 13:f67a6c6013ca | 2364 | *outLen = inLen; /* no padding in this mode */ |
wolfSSL | 13:f67a6c6013ca | 2365 | } |
wolfSSL | 13:f67a6c6013ca | 2366 | |
wolfSSL | 13:f67a6c6013ca | 2367 | return WOLFSSL_TICKET_RET_OK; |
wolfSSL | 13:f67a6c6013ca | 2368 | } |
wolfSSL | 13:f67a6c6013ca | 2369 | |
wolfSSL | 13:f67a6c6013ca | 2370 | #endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */ |
wolfSSL | 13:f67a6c6013ca | 2371 | |
wolfSSL | 13:f67a6c6013ca | 2372 | static INLINE word16 GetRandomPort(void) |
wolfSSL | 13:f67a6c6013ca | 2373 | { |
wolfSSL | 13:f67a6c6013ca | 2374 | word16 port = 0; |
wolfSSL | 13:f67a6c6013ca | 2375 | |
wolfSSL | 13:f67a6c6013ca | 2376 | /* Generate random port for testing */ |
wolfSSL | 13:f67a6c6013ca | 2377 | WC_RNG rng; |
wolfSSL | 13:f67a6c6013ca | 2378 | if (wc_InitRng(&rng) == 0) { |
wolfSSL | 13:f67a6c6013ca | 2379 | wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)); |
wolfSSL | 13:f67a6c6013ca | 2380 | port |= 0xC000; /* Make sure its in the 49152 - 65535 range */ |
wolfSSL | 13:f67a6c6013ca | 2381 | wc_FreeRng(&rng); |
wolfSSL | 13:f67a6c6013ca | 2382 | } |
wolfSSL | 13:f67a6c6013ca | 2383 | return port; |
wolfSSL | 13:f67a6c6013ca | 2384 | } |
wolfSSL | 13:f67a6c6013ca | 2385 | |
wolfSSL | 13:f67a6c6013ca | 2386 | #endif /* wolfSSL_TEST_H */ |
wolfSSL | 13:f67a6c6013ca | 2387 |