WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove legacy NTRU and OQS (#4418) 

* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
pull/4424/head
Anthony Hu 2021-09-23 18:37:53 -04:00 committed by GitHub
parent 79787eaaa4
commit 33cb823148
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
68 changed files with 106 additions and 7389 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@ -1015,8 +1015,6 @@ endif()
# - CRL
# - CRL monitor
# - User crypto
# - NTRU
# - QSH
# - Whitewood netRandom client library
# - SNI
# - Max fragment length

6
IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
View File

@ -215,12 +215,6 @@
#define BUILD_AESGCM
#endif
// </e>
// <e>NTRU (need License, "crypto_ntru.h")
#define MDK_CONF_NTRU 0
#if MDK_CONF_NTRU == 1
#define HAVE_NTRU
#endif
// </e>
// </h>
// <h>Others

6
IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
View File

@ -252,12 +252,6 @@
#define BUILD_AESGCM
#endif
// </e>
// <e>NTRU (need License, "crypto_ntru.h")
#define MDK_CONF_NTRU 0
#if MDK_CONF_NTRU == 1
#define HAVE_NTRU
#endif
// </e>
// </h>
// <h>Others

6
IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
View File

@ -274,12 +274,6 @@
#define BUILD_AESGCM
#endif
// </e>
// <e>NTRU (need License, "crypto_ntru.h")
#define MDK_CONF_NTRU 0
#if MDK_CONF_NTRU == 1
#define HAVE_NTRU
#endif
// </e>
// </h>
// <h>Others

7
IDE/MDK5-ARM/Conf/user_settings.h
View File

@ -360,13 +360,6 @@
#define HAVE_PKCS7
#endif
// </e>
// <e>NTRU (need License, "crypto_ntru.h")
#define MDK_CONF_NTRU 0
#if MDK_CONF_NTRU == 1
#define HAVE_NTRU
#endif
// </e>
// </h>
// <e>Random Seed, for TEST Only

7
IDE/MDK5-ARM/Projects/CryptBenchmark/RTE/wolfSSL/user_settings.h
View File

@ -360,13 +360,6 @@
#define HAVE_PKCS7
#endif
// </e>
// <e>NTRU (need License, "crypto_ntru.h")
#define MDK_CONF_NTRU 0
#if MDK_CONF_NTRU == 1
#define HAVE_NTRU
#endif
// </e>
// </h>
// <e>Random Seed, for TEST Only

7
IDE/MDK5-ARM/Projects/CryptTest/RTE/wolfSSL/user_settings.h
View File

@ -360,13 +360,6 @@
#define HAVE_PKCS7
#endif
// </e>
// <e>NTRU (need License, "crypto_ntru.h")
#define MDK_CONF_NTRU 0
#if MDK_CONF_NTRU == 1
#define HAVE_NTRU
#endif
// </e>
// </h>
// <e>Random Seed, for TEST Only

7
IDE/MDK5-ARM/Projects/EchoClient/RTE/wolfSSL/user_settings.h
View File

@ -358,13 +358,6 @@
#define HAVE_PKCS7
#endif
// </e>
// <e>NTRU (need License, "crypto_ntru.h")
#define MDK_CONF_NTRU 0
#if MDK_CONF_NTRU == 1
#define HAVE_NTRU
#endif
// </e>
// </h>
// <e>Random Seed, for TEST Only

7
IDE/MDK5-ARM/Projects/EchoServer/RTE/wolfSSL/user_settings.h
View File

@ -360,13 +360,6 @@
#define HAVE_PKCS7
#endif
// </e>
// <e>NTRU (need License, "crypto_ntru.h")
#define MDK_CONF_NTRU 0
#if MDK_CONF_NTRU == 1
#define HAVE_NTRU
#endif
// </e>
// </h>
// <e>Random Seed, for TEST Only

7
IDE/MDK5-ARM/Projects/SimpleClient/RTE/wolfSSL/user_settings.h
View File

@ -360,13 +360,6 @@
#define HAVE_PKCS7
#endif
// </e>
// <e>NTRU (need License, "crypto_ntru.h")
#define MDK_CONF_NTRU 0
#if MDK_CONF_NTRU == 1
#define HAVE_NTRU
#endif
// </e>
// </h>
// <e>Random Seed, for TEST Only

7
IDE/MDK5-ARM/Projects/SimpleServer/RTE/wolfSSL/user_settings.h
View File

@ -360,13 +360,6 @@
#define HAVE_PKCS7
#endif
// </e>
// <e>NTRU (need License, "crypto_ntru.h")
#define MDK_CONF_NTRU 0
#if MDK_CONF_NTRU == 1
#define HAVE_NTRU
#endif
// </e>
// </h>
// <e>Random Seed, for TEST Only

7
IDE/MDK5-ARM/Projects/wolfSSL-Lib/RTE/wolfSSL/user_settings.h
View File

@ -360,13 +360,6 @@
#define HAVE_PKCS7
#endif
// </e>
// <e>NTRU (need License, "crypto_ntru.h")
#define MDK_CONF_NTRU 0
#if MDK_CONF_NTRU == 1
#define HAVE_NTRU
#endif
// </e>
// </h>
// <e>Random Seed, for TEST Only

5
IDE/STM32Cube/wolfssl_example.c
View File

@ -463,12 +463,7 @@ static void ShowPeer(WOLFSSL* ssl)
printf("%s %s\n", words[0], wolfSSL_get_version(ssl));
cipher = wolfSSL_get_current_cipher(ssl);
#ifdef HAVE_QSH
printf("%s %s%s\n", words[1], (wolfSSL_isQSH(ssl))? "QSH:": "",
wolfSSL_CIPHER_get_name(cipher));
#else
printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher));
#endif
#if defined(HAVE_ECC) || !defined(NO_DH)
if ((name = wolfSSL_get_curve_name(ssl)) != NULL)
printf("%s %s\n", words[2], name);

5
Makefile.am
View File

@ -38,10 +38,7 @@ CLEANFILES+= ecc-key.der \
certreq.pem \
key.der \
key.pem \
ntru-cert.der \
ecc-key-pkcs8.der \
ntru-cert.pem \
ntru-key.raw \
othercert.der \
othercert.pem \
pkcs7cert.der \
@ -135,10 +132,8 @@ ACLOCAL_AMFLAGS= -I m4
EXTRA_DIST+= lib/dummy
EXTRA_DIST+= wolfssl-ntru.vcproj
EXTRA_DIST+= wolfssl.vcproj
EXTRA_DIST+= wolfssl.vcxproj
EXTRA_DIST+= wolfssl-ntru.sln
EXTRA_DIST+= wolfssl.sln
EXTRA_DIST+= wolfssl64.sln
EXTRA_DIST+= valgrind-error.sh

6
README
View File

@ -7,7 +7,7 @@ and feature set. It is commonly used in standard operating environments as well
because of its royalty-free pricing and excellent cross platform support.
wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2
levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers
such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback
such as ChaCha20, Curve25519, and Blake2b. User benchmarking and feedback
reports dramatically better performance when using wolfSSL over OpenSSL.
wolfSSL is powered by the wolfCrypt library. Two versions of the wolfCrypt
@ -41,9 +41,7 @@ with
WOLFSSL_STATIC_PSK
though static key cipher suites are deprecated and will be removed from future
versions of TLS. They also lower your security by removing PFS. Since current
NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
used in order to build with NTRU suites.
versions of TLS. They also lower your security by removing PFS.
When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher
suites are available. You can remove this error by defining

8
README.md
View File

@ -12,8 +12,8 @@ standard operating environments as well because of its royalty-free pricing
and excellent cross platform support. wolfSSL supports industry standards up
to the current [TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.2, is up to
20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20,
Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports
dramatically better performance when using wolfSSL over OpenSSL.
Curve25519, Blake2b and OQS TLS 1.3 groups. User benchmarking and feedback
reports dramatically better performance when using wolfSSL over OpenSSL.
wolfSSL is powered by the wolfCrypt cryptography library. Two versions of
wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and
@ -47,9 +47,7 @@ with one or more of the following defines:
WOLFSSL_STATIC_PSK
Though static key cipher suites are deprecated and will be removed from future
versions of TLS. They also lower your security by removing PFS. Since current
NTRU suites available do not use ephemeral keys, ```WOLFSSL_STATIC_RSA``` needs
to be used in order to build with NTRU suites.
versions of TLS. They also lower your security by removing PFS.
When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher
suites are available. You can remove this error by defining

3
certs/include.am
View File

@ -24,7 +24,6 @@ EXTRA_DIST += \
certs/ecc-client-keyPub.pem \
certs/client-ecc-cert.pem \
certs/client-ca.pem \
certs/ntru-cert.pem \
certs/dh2048.pem \
certs/server-cert.pem \
certs/server-ecc.pem \
@ -108,8 +107,6 @@ EXTRA_DIST += \
dist_doc_DATA+= certs/taoCert.txt
EXTRA_DIST+= certs/ntru-key.raw
include certs/1024/include.am
include certs/3072/include.am
include certs/4096/include.am

29
certs/ntru-cert.pem
View File

@ -1,29 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIQMR8ILKCzOEvwC/AXGSWKWDANBgkqhkiG9w0BAQUFADCB
lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
bC5jb20wIhgPMjAyMTAyMDkxOTUwMzBaGA8yMDIzMTEwNzE5NTAzMFowgboxCzAJ
BgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xETAPBgNVBAcMCFBvcnRsYW5kMQ0w
CwYDVQQEDARUZXN0MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9w
bWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMRUwEwYDVQQFEwx3b2xmU1NM
MTIzNDUxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggJNMBoGCysG
AQQBwRYBAQEBBgsrBgEEAcEWAQECLgOCAi0ABIICKJXoRX/LkS71JEpP72eR3NN2
FnLtLhBsM19zkQaNzr+HF88KgALHnkM1ufiPBu5BC3Qplb/Zk2UAK9oSbdSb9nr5
cPCVie0MIUkYX3Dd6fICzVulmwUWeokFs9i82Li69tdtBVwlfzCihieZ+eafE27H
wlnm1UIIWiTrYu3hs0GPepgJqc1Umj8gjm61k0KdeiYKjmFHFa+wuU+kUji6nljE
yLA8iEbW7kefeQj01A4AMCAet74TuBm5r1Mly1/GT8cFyAj5Kn/mufgfaFNVrdvW
q62pTFxJEFeLra/ShUulIx7f58SaaxMGk90bFSo1Q/HlNW1ijXulkO+XZkIsAyqU
wfuh0HdIgQw+pHOn3UNrSWs4klsdm6lR/Vke4xoNedcyW7B6i1zd8QzeG57N4IZF
1ZBdU2OBMcCBEvhL9TYdDRo5FZF7QUMv1d4C5R2nG176RBho65yFJoJT8VreyTDO
MUlD5n0BQMdZzTIdFMaepB6LHKBKqI5uJh5PYaKdajM/WkJnBCIv9eHpBoNP9YBZ
r/C9/5WcQAd37f5yk2AxxFdOve9jgXWI9X/E3QglVbwK84t2yIVRjq0ojEu1ln50
dwWIpzbvmkPS2dD0/YhJQ22J1qfT8LosOKkB7t98m5E4MwgQVHUUWmR69VfPzggP
AXRV3TXZkL0mSA/ml5P4rBuYmBFTogYIRZY80Gmmlx/Cz3nzvm/AHhH5+5zH279V
Pzu/V7m2ADANBgkqhkiG9w0BAQUFAAOCAQEAawKWRypsPE0AvIWPiR6K7qgMWRe0
vq+l9BqkkapQT5H5kIKAEsgFZTXYpZb4WLp5MOhZZVH16Q29p9KP84UuU3F3coHl
UDQYEBwIfb8XJERcHftZluODYLKNm7nRyeEgQKAYyjTRt/2ShKBUqlt/2fTyvKi9
IBR//pCoMY3o+jIg7Kiq6ro/GKZ7JHDayoahqlXJ08ZsbOU5A5GVYon9dGAGHoNE
bkimZ3N4eDIHpxE/qCKp3GdYifQFxpUIemN3BdzToikg1CRRCcC65Qg7rRwJt91T
wbzuhM1flJmm7nZMTyEVTpVrIud96clU5qdQ+qmbKwJzGxrS1eTs4QHcHg==
-----END CERTIFICATE-----

BIN
certs/ntru-key.raw
View File

Binary file not shown.

116
certs/renewcerts.sh
View File

@ -35,9 +35,6 @@
#
# pkcs7:
# test-degenerate.p7b
# if HAVE_NTRU
# ntru-cert.pem
# ntru-key.raw
###############################################################################
######################## FUNCTIONS SECTION ####################################
###############################################################################
@ -53,10 +50,6 @@ restore_config(){
check_result(){
if [ $1 -ne 0 ]; then
echo "Failed at \"$2\", Abort"
if [ "$2" = "configure for ntru" ] || \
[ "$2" = "make check with ntru" ]; then
restore_config
fi
exit 1
else
echo "Step Succeeded!"
@ -730,62 +723,19 @@ run_renewcerts(){
echo "---------------------------------------------------------------------"
}
#function for copy and pasting ntru updates
move_ntru(){
cp ntru-cert.pem certs/ntru-cert.pem || exit 1
cp ntru-key.raw certs/ntru-key.raw || exit 1
cp ntru-cert.der certs/ntru-cert.der || exit 1
}
###############################################################################
##################### THE EXECUTABLE BODY #####################################
###############################################################################
#start in root.
cd ../ || exit 1
#if HAVE_NTRU already defined && there is no argument
if grep HAVE_NTRU "wolfssl/options.h" && [ -z "$1" ]
then
#run the function to renew the certs
run_renewcerts
CURRDIR=${PWD##*/}
if [ "$CURRDIR" = "certs" ]; then
cd ../ || exit 1
else
echo "We are not in the right directory! Abort."
exit 1
fi
echo "changed directory to wolfssl root directory."
echo ""
############################################################
########## update ntru if already installed ################
############################################################
# We cannot assume that user has certgen and keygen enabled
CFLAG_TMP="-DWOLFSSL_STATIC_RSA"
export CFLAGS=${CFLAG_TMP}
./configure --with-ntru --enable-certgen --enable-keygen
check_result $? "configure for ntru"
make check
check_result $? "make check with ntru"
export CFLAGS=""
#copy/paste ntru-certs and key to certs/
move_ntru
#else if there was an argument given, check it for validity or print out error
elif [ ! -z "$1" ]; then
#valid argument then renew certs without ntru
if [ "$1" == "--override-ntru" ]; then
echo "overriding ntru, update all certs except ntru."
run_renewcerts
#if there was an argument given, check it for validity or print out error
if [ ! -z "$1" ]; then
#valid argument print out other valid arguments
elif [ "$1" == "-h" ] || [ "$1" == "-help" ]; then
if [ "$1" == "-h" ] || [ "$1" == "-help" ]; then
echo ""
echo "\"no argument\" will attempt to update all certificates"
echo "--override-ntru updates all certificates except ntru"
echo "-h or -help display this menu"
echo ""
echo ""
@ -797,7 +747,6 @@ elif [ ! -z "$1" ]; then
echo "use -h or -help for a list of available options."
echo ""
fi
#else HAVE_NTRU not already defined
else
echo "Saving the configure state"
echo ""
@ -809,63 +758,10 @@ else
make clean
check_result $? "make clean"
#attempt to define ntru by configuring with ntru
echo "Configuring with ntru, enabling certgen and keygen"
echo ""
CFLAG_TMP="-DWOLFSSL_STATIC_RSA"
export CFLAGS=${CFLAG_TMP}
./configure --with-ntru --enable-certgen --enable-keygen
check_result $? "configure for ntru"
make check
check_result $? "make check with ntru"
export CFLAGS=""
# restore previous configure state
restore_config
check_result $? "restoring old configuration"
# check options.h a second time, if the user had
# ntru installed on their system and in the default
# path location, then it will now be defined, if the
# user does not have ntru on their system this will fail
# again and we will not update any certs until user installs
# ntru in the default location
# if now defined
if grep HAVE_NTRU "wolfssl/options.h"; then
run_renewcerts
CURRDIR=${PWD##*/}
if [ "$CURRDIR" = "certs" ]; then
cd ../ || exit 1
else
echo "We are not in the right directory! Abort."
exit 1
fi
echo "changed directory to wolfssl root directory."
echo ""
move_ntru
echo "ntru-certs, and ntru-key.raw have been updated"
echo ""
# restore previous configure state
restore_config
check_result $? "restoring old configuration"
else
# restore previous configure state
restore_config
check_result $? "restoring old configuration"
echo ""
echo "ntru is not installed at the default location,"
echo "or ntru not installed, none of the certs were updated."
echo ""
echo "clone the ntru repository into your \"cd ~\" directory then,"
echo "\"cd NTRUEncrypt\" and run \"make\" then \"make install\""
echo "once complete run this script again to update all the certs."
echo ""
echo "To update all certs except ntru use \"./renewcerts.sh --override-ntru\""
echo ""
fi #END now defined
fi #END already defined
exit 0

1
cmake/functions.cmake
View File

@ -195,7 +195,6 @@ function(generate_build_flags)
endif()
set(BUILD_USER_RSA ${WOLFSSL_USER_RSA} PARENT_SCOPE)
set(BUILD_USER_CRYPTO ${WOLFSSL_USER_CRYPTO} PARENT_SCOPE)
set(BUILD_NTRU ${WOLFSSL_NTRU} PARENT_SCOPE)
set(BUILD_WNR ${WOLFSSL_WNR} PARENT_SCOPE)
if(WOLFSSL_SRP OR WOLFSSL_USER_SETTINGS)
set(BUILD_SRP "yes" PARENT_SCOPE)

63
configure.ac
View File

@ -3623,66 +3623,6 @@ then
AC_MSG_ERROR([cannot enable user crypto and fips, user crypto posibility of using code in fips boundary.])
fi
# NTRU
ENABLED_NTRU="no"
tryntrudir=""
AC_ARG_WITH([ntru],
[AS_HELP_STRING([--with-ntru=PATH],[Path to NTRU install (default /usr/)])],
[
AC_MSG_CHECKING([for NTRU])
CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_TLS_EXTENSIONS"
LIBS="$LIBS -lntruencrypt"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" = "xno" ; then
if test "x$withval" != "xno" ; then
tryntrudir=$withval
fi
if test "x$withval" = "xyes" ; then
tryntrudir="/usr"
fi
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryntrudir/lib"
CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" = "xno" ; then
AC_MSG_ERROR([NTRU isn't found.
If it's already installed, specify its path using --with-ntru=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -DHAVE_TLS_EXTENSIONS -DWOLFSSL_STATIC_RSA"
ENABLED_NTRU="yes"
]
)
# QSH
AC_ARG_ENABLE([qsh],
[AS_HELP_STRING([--enable-qsh],[Enable QSH (default: disabled)])],
[ ENABLED_QSH=$enableval ],
[ ENABLED_QSH=no ]
)
if test "x$ENABLED_QSH" = "xyes"
then
if test "x$ENABLED_NTRU" = "xno"
then
AC_MSG_ERROR([cannot enable qsh without NTRU])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_QSH -DWOLFSSL_STATIC_DH -DWOLFSSL_STATIC_PSK"
fi
# liboqs
ENABLED_LIBOQS="no"
tryliboqsdir=""
@ -6934,7 +6874,6 @@ AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USE
AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
AM_CONDITIONAL([BUILD_USER_RSA],[test "x$ENABLED_USER_RSA" = "xyes"] )
AM_CONDITIONAL([BUILD_USER_CRYPTO],[test "x$ENABLED_USER_CRYPTO" = "xyes"])
AM_CONDITIONAL([BUILD_NTRU],[test "x$ENABLED_NTRU" = "xyes"])
AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"])
AM_CONDITIONAL([BUILD_WNR],[test "x$ENABLED_WNR" = "xyes"])
AM_CONDITIONAL([BUILD_SRP],[test "x$ENABLED_SRP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
@ -7296,8 +7235,6 @@ echo " * Persistent session cache: $ENABLED_SAVESESSION"
echo " * Persistent cert cache: $ENABLED_SAVECERT"
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
echo " * NTRU: $ENABLED_NTRU"
echo " * QSH: $ENABLED_QSH"
echo " * liboqs: $ENABLED_LIBOQS"
echo " * Whitewood netRandom: $ENABLED_WNR"
echo " * Server Name Indication: $ENABLED_SNI"

4
cyassl/ctaocrypt/asn_public.h
View File

@ -55,10 +55,6 @@
#define SetAltNamesBuffer wc_SetAltNamesBuffer
#define SetDatesBuffer wc_SetDatesBuffer
#ifdef HAVE_NTRU
#define MakeNtruCert wc_MakeNtruCert
#endif
#endif /* WOLFSSL_CERT_GEN */
#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)

3
cyassl/ctaocrypt/settings_comp.h
View File

@ -36,9 +36,6 @@
#endif /* have rsa and HAVE_FIPS */
/* Macro redefinitions for compatibility */
#ifdef HAVE_NTRU
#define MakeNtruCert wc_MakeNtruCert
#endif
#if defined(WOLFSSL_SHA512) && !defined(CYASSL_SHA512)
#define CYASSL_SHA512
#endif

1
cyassl/ssl.h
View File

@ -448,7 +448,6 @@
#define CyaSSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file
#define CyaSSL_CTX_use_PrivateKey_buffer wolfSSL_CTX_use_PrivateKey_buffer
#define CyaSSL_CTX_use_certificate_buffer wolfSSL_CTX_use_certificate_buffer
#define CyaSSL_CTX_use_NTRUPrivateKey_file wolfSSL_CTX_use_NTRUPrivateKey_file
#define CyaSSL_use_certificate_chain_buffer wolfSSL_use_certificate_chain_buffer
#define CyaSSL_CTX_der_load_verify_locations \
wolfSSL_CTX_der_load_verify_locations

104
doc/dox_comments/header_files/asn_public.h
View File

@ -237,8 +237,6 @@ WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
expiration date
\return ASN_BITSTR_E Returned if there is an error parsing a bit string
from the certificate
\return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
from the certificate
\return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
from the certificate
\return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
@ -297,8 +295,6 @@ WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
expiration date
\return ASN_BITSTR_E Returned if there is an error parsing a bit string
from the certificate
\return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
from the certificate
\return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
from the certificate
\return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
@ -358,8 +354,6 @@ WOLFSSL_API int wc_SetSubject(Cert*, const char*);
expiration date
\return ASN_BITSTR_E Returned if there is an error parsing a bit string
from the certificate
\return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
from the certificate
\return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
from the certificate
\return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
@ -453,8 +447,6 @@ WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert);
expiration date
\return ASN_BITSTR_E Returned if there is an error parsing a bit string
from the certificate
\return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
from the certificate
\return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
from the certificate
\return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
@ -513,8 +505,6 @@ WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
expiration date
\return ASN_BITSTR_E Returned if there is an error parsing a bit string
from the certificate
\return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU
key from the certificate
\return ECC_CURVE_OID_E Returned if there is an error parsing the ECC
key from the certificate
\return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
@ -579,8 +569,6 @@ WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
expiration date
\return ASN_BITSTR_E Returned if there is an error parsing a bit string
from the certificate
\return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
from the certificate
\return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
from the certificate
\return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
@ -644,8 +632,6 @@ WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz);
expiration date
\return ASN_BITSTR_E Returned if there is an error parsing a bit string
from the certificate
\return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
from the certificate
\return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
from the certificate
\return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
@ -712,8 +698,6 @@ WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int);
expiration date
\return ASN_BITSTR_E Returned if there is an error parsing a bit string
from the certificate
\return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
from the certificate
\return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
from the certificate
\return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
@ -778,8 +762,6 @@ WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
expiration date
\return ASN_BITSTR_E Returned if there is an error parsing a bit string
from the certificate
\return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
from the certificate
\return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
from the certificate
\return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
@ -943,7 +925,6 @@ WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file);
\endcode
\sa wc_SetSubjectKeyId
\sa wc_SetSubjectKeyIdFromNtruPublicKey
*/
WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
ecc_key *eckey);
@ -974,44 +955,10 @@ WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
}
\endcode
\sa wc_SetSubjectKeyIdFromNtruPublicKey
\sa wc_SetSubjectKeyIdFromPublicKey
*/
WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file);
/*!
\ingroup ASN
\brief Set SKID from NTRU public key.
\return 0 Success
\return BAD_FUNC_ARG Returned if cert or ntruKey is null.
\return MEMORY_E Returned if there is an error allocating memory.
\return PUBLIC_KEY_E Returned if there is an error getting the public key.
\param cert Pointer to a Cert structure to be used.
\param ntruKey Pointer to the NTRU public key in a byte array.
\param ntruKeySz Size of the NTRU byte array.
_Example_
\code
Cert some_cert;
wc_InitCert(&some_cert);
byte some_ntru_key[] = { // Load an NTRU key };
word32 ntru_size = sizeof(some_ntru_key);
if(wc_SetSubjectKeyIdFromNtruPublicKey(&some_cert,
some_ntru_key, ntru_size) != 0)
{
// Handle error
}
\endcode
\sa SetKeyIdFromPublicKey
*/
WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,
word16 ntruKeySz);
/*!
\ingroup RSA
@ -1046,57 +993,6 @@ WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,
*/
WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
/*!
\ingroup ASN
\brief Used to make CA signed certs. Called after the subject information
has been entered. This function makes an NTRU Certificate from a cert
input. It then writes this cert to derBuffer. It takes in an ntruKey and
a rng to generate the certificate. The certificate must be initialized
with wc_InitCert before this method is called.
\return Success On successfully making a NTRU certificate from the
specified input cert, returns the size of the cert generated.
\return MEMORY_E Returned if there is an error allocating memory
with XMALLOC
\return BUFFER_E Returned if the provided derBuffer is too small to
store the generated certificate
\return Other Additional error messages may be returned if the cert
generation is not successful.
\param cert pointer to an initialized cert structure
\param derBuffer pointer to the buffer in which to store
the generated certificate
\param derSz size of the buffer in which to store the generated
certificate
\param ntruKey pointer to the key to be used to generate the NTRU
certificate
\param keySz size of the key used to generate the NTRU certificate
\param rng pointer to the random number generator used to generate
the NTRU certificate
_Example_
\code
Cert myCert;
// initialize myCert
WC_RNG rng;
//initialize rng;
byte ntruPublicKey[NTRU_KEY_SIZE];
//initialize ntruPublicKey;
byte * derCert = malloc(FOURK_BUF);
word32 certSz;
certSz = wc_MakeNtruCert(&myCert, derCert, FOURK_BUF, &ntruPublicKey,
NTRU_KEY_SIZE, &rng);
\endcode
\sa wc_InitCert
\sa wc_MakeCert
*/
WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
const byte* ntruKey, word16 keySz,
WC_RNG*);
/*!
\ingroup ASN

2
doc/dox_comments/header_files/pkcs7.h
View File

@ -19,8 +19,6 @@
expiration date
\return ASN_BITSTR_E Returned if there is an error parsing a bit string
from the certificate
\return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU
key from the certificate
\return ECC_CURVE_OID_E Returned if there is an error parsing the ECC
key from the certificate
\return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown

152
doc/dox_comments/header_files/ssl.h
View File

@ -948,7 +948,6 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_file
\sa wolfSSL_CTX_use_PrivateKey_file
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_file
\sa wolfSSL_use_certificate_file
\sa wolfSSL_use_PrivateKey_file
@ -1014,7 +1013,6 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*,
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_file
\sa wolfSSL_CTX_use_PrivateKey_file
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_file
\sa wolfSSL_use_certificate_file
\sa wolfSSL_use_PrivateKey_file
@ -1064,7 +1062,6 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_file
\sa wolfSSL_CTX_use_PrivateKey_file
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_file
\sa wolfSSL_CTX_trust_peer_buffer
\sa wolfSSL_CTX_Unload_trust_peers
@ -1436,52 +1433,6 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX*,
const char*, int);
/*!
\ingroup CertsKeys
\brief This function loads an NTRU private key file into the WOLFSSL
Context. It behaves like the normal version, only differing in its
ability to accept an NTRU raw key file. This function is needed since
the format of the file is different than the normal key file (buffer)
functions. Please see the examples for proper usage.
\return SSL_SUCCES upon success.
\return SSL_BAD_FILE will be returned if the file doesnt exist, cant
be read, or is corrupted.
\return MEMORY_E will be returned if an out of memory condition occurs.
\return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
\return BUFFER_E will be returned if a chain buffer is bigger than the
receiving buffer.
\return NO_PASSWORD will be returned if the key file is encrypted but
no password is provided.
\param ctx a pointer to a WOLFSSL_CTX structure, created using
wolfSSL_CTX_new()
\param file a pointer to the name of the file containing the NTRU
private key to be loaded into the wolfSSL SSL context.
_Example_
\code
int ret = 0;
WOLFSSL_CTX* ctx;
...
ret = wolfSSL_CTX_use_NTRUPrivateKey_file(ctx, ./ntru-key.raw);
if (ret != SSL_SUCCESS) {
// error loading NTRU private key
}
...
\endcode
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_buffer
\sa wolfSSL_CTX_use_PrivateKey_buffer
\sa wolfSSL_CTX_use_certificate_chain_buffer
\sa wolfSSL_use_certificate_buffer
\sa wolfSSL_use_PrivateKey_buffer
\sa wolfSSL_use_certificate_chain_buffer
*/
WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*);
/*!
\ingroup Setup
@ -7212,7 +7163,6 @@ WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*);
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_file
\sa wolfSSL_CTX_use_PrivateKey_file
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_file
\sa wolfSSL_CTX_trust_peer_cert
\sa wolfSSL_CTX_Unload_trust_peers
@ -7267,7 +7217,6 @@ WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX*,
\sa wolfSSL_CTX_load_verify_locations
\sa wolfSSL_CTX_use_certificate_buffer
\sa wolfSSL_CTX_use_PrivateKey_buffer
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_buffer
\sa wolfSSL_use_certificate_buffer
\sa wolfSSL_use_PrivateKey_buffer
@ -7328,7 +7277,6 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*,
\sa wolfSSL_CTX_load_verify_locations
\sa wolfSSL_CTX_use_certificate_buffer
\sa wolfSSL_CTX_use_PrivateKey_buffer
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_buffer
\sa wolfSSL_use_certificate_buffer
\sa wolfSSL_use_PrivateKey_buffer
@ -7383,7 +7331,6 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX*,
\sa wolfSSL_CTX_load_verify_locations
\sa wolfSSL_CTX_use_certificate_buffer
\sa wolfSSL_CTX_use_PrivateKey_buffer
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_buffer
\sa wolfSSL_use_certificate_buffer
\sa wolfSSL_use_PrivateKey_buffer
@ -7431,7 +7378,6 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX*,
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_PrivateKey_buffer
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_buffer
\sa wolfSSL_use_certificate_buffer
\sa wolfSSL_use_PrivateKey_buffer
@ -7481,7 +7427,6 @@ WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*,
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_buffer
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_buffer
\sa wolfSSL_use_certificate_buffer
\sa wolfSSL_use_PrivateKey_buffer
@ -7531,7 +7476,6 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*,
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_buffer
\sa wolfSSL_CTX_use_PrivateKey_buffer
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_use_certificate_buffer
\sa wolfSSL_use_PrivateKey_buffer
\sa wolfSSL_use_certificate_chain_buffer
@ -7579,7 +7523,6 @@ WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*,
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_buffer
\sa wolfSSL_CTX_use_PrivateKey_buffer
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_buffer
\sa wolfSSL_use_PrivateKey_buffer
\sa wolfSSL_use_certificate_chain_buffer
@ -7629,7 +7572,6 @@ WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*,
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_buffer
\sa wolfSSL_CTX_use_PrivateKey_buffer
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_buffer
\sa wolfSSL_use_certificate_buffer
\sa wolfSSL_use_certificate_chain_buffer
@ -7676,7 +7618,6 @@ WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*,
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_buffer
\sa wolfSSL_CTX_use_PrivateKey_buffer
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_buffer
\sa wolfSSL_use_certificate_buffer
\sa wolfSSL_use_PrivateKey_buffer
@ -11336,99 +11277,6 @@ WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
*/
WOLFSSL_API void* wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX* ctx);
/*!
\ingroup IO
\brief Checks if QSH is used in the supplied SSL session.
\return 0 Not used
\return 1 Is used
\param ssl Pointer to the SSL session to check.
_Example_
\code
wolfSSL_Init();
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
WOLFSSL_METHOD method = // Some wolfSSL method
ctx = wolfSSL_CTX_new(method);
ssl = wolfSSL_new(ctx);
if(wolfSSL_isQSH(ssl) == 1)
{
// SSL is using QSH.
}
\endcode
\sa wolfSSL_UseSupportedQSH
*/
WOLFSSL_API int wolfSSL_isQSH(WOLFSSL* ssl);
/*!
\ingroup Setup
\brief This function sets the ssl session to use supported QSH provided by
name.
\return SSL_SUCCESS Successfully set supported QSH.
\return BAD_FUNC_ARG ssl is null or name is invalid.
\return MEMORY_E Error allocating memory for operation.
\param ssl Pointer to ssl session to use.
\param name Name of a supported QSH. Valid names are WOLFSSL_NTRU_EESS439,
WOLFSSL_NTRU_EESS593, or WOLFSSL_NTRU_EESS743.
_Example_
\code
wolfSSL_Init();
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
WOLFSSL_METHOD method = // Some wolfSSL method ;
ctx = wolfSSL_CTX_new(method);
ssl = wolfSSL_new(ctx);
word16 qsh_name = WOLFSSL_NTRU_EESS439;
if(wolfSSL_UseSupportedQSH(ssl,qsh_name) != SSL_SUCCESS)
{
// Error setting QSH
}
\endcode
\sa TLSX_UseQSHScheme
*/
WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name);
/*!
\ingroup CertsKeys
\brief If the flag is 1 keys will be sent in hello. If flag is 0 then the
keys will not be sent during hello.
\return 0 on success.
\return BAD_FUNC_ARG if the WOLFSSL structure is NULL.
\param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
\param flag an unsigned char input to determine if the keys will be sent
during hello.
_Example_
\code
WOLFSSL* ssl;
unsigned char flag = 1; // send keys
...
if(!wolfSSL_UseClientQSHKeys(ssl, flag)){
// The keys will be sent during hello.
}
\endcode
\sa wolfSSL_UseALPN
\sa wolfSSL_UseSupportedQSH
\sa wolfSSL_isQSH
*/
WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag);
/*!
\brief This function sets the handshake done callback. The hsDoneCb and
hsDoneCtx members of the WOLFSSL structure are set in this function.

199
examples/client/client-ntru.vcproj
View File

@ -1,199 +0,0 @@
<?xml version="1.0" encoding="Windows-1252"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Name="client"
ProjectGUID="{3ADE9549-582D-4D8E-9826-B172197A7959}"
RootNamespace="client"
Keyword="Win32Proj"
TargetFrameworkVersion="196613"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="../../"
PreprocessorDefinitions="NO_PSK"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="4"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="Ws2_32.lib NtruEncrypt_DLL.lib"
LinkIncremental="2"
AdditionalLibraryDirectories="..\..\NTRU\bin"
GenerateDebugInformation="true"
SubSystem="1"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
WholeProgramOptimization="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="2"
EnableIntrinsicFunctions="true"
AdditionalIncludeDirectories="../../"
PreprocessorDefinitions="NO_PSK"
RuntimeLibrary="2"
EnableFunctionLevelLinking="true"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="Ws2_32.lib NtruEncrypt_DLL.lib"
LinkIncremental="1"
AdditionalLibraryDirectories="..\..\NTRU\bin"
GenerateDebugInformation="true"
SubSystem="1"
OptimizeReferences="2"
EnableCOMDATFolding="2"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath=".\client.c"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
</Filter>
<Filter
Name="Resource Files"
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>

5
examples/client/client.c
View File

@ -2589,11 +2589,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
done += 1;
#endif
#if defined(HAVE_QSH)
/*currently google server rejects client hello with QSH extension.*/
done += 1;
#endif
/* For the external test, if we disable AES, GoDaddy will reject the
* connection. They only currently support AES suites, RC4 and 3DES
* suites. With AES disabled we only offer PolyChacha suites. */

1
examples/client/include.am
View File

@ -10,7 +10,6 @@ examples_client_client_DEPENDENCIES = src/libwolfssl.la
examples_client_client_CFLAGS = $(WOLFSENTRY_INCLUDE) $(AM_CFLAGS)
endif
EXTRA_DIST += examples/client/client.sln
EXTRA_DIST += examples/client/client-ntru.vcproj
EXTRA_DIST += examples/client/client.vcproj
EXTRA_DIST += examples/client/client.vcxproj

199
examples/echoclient/echoclient-ntru.vcproj
View File

@ -1,199 +0,0 @@
<?xml version="1.0" encoding="Windows-1252"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Name="echoclient"
ProjectGUID="{8362A816-C5DC-4E22-B5C5-9E6806387073}"
RootNamespace="echoclient"
Keyword="Win32Proj"
TargetFrameworkVersion="196613"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="../../"
PreprocessorDefinitions="WIN32;NO_PSK;_DEBUG;_CONSOLE"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="4"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="Ws2_32.lib NtruEncrypt_DLL.lib"
LinkIncremental="2"
AdditionalLibraryDirectories="..\..\NTRU\bin"
GenerateDebugInformation="true"
SubSystem="1"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
WholeProgramOptimization="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="2"
EnableIntrinsicFunctions="true"
AdditionalIncludeDirectories="../../"
PreprocessorDefinitions="WIN32;NDEBUG;NO_PSK;_CONSOLE"
RuntimeLibrary="2"
EnableFunctionLevelLinking="true"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="Ws2_32.lib NtruEncrypt_DLL.lib"
LinkIncremental="1"
AdditionalLibraryDirectories="..\..\NTRU\bin"
GenerateDebugInformation="true"
SubSystem="1"
OptimizeReferences="2"
EnableCOMDATFolding="2"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath=".\echoclient.c"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
</Filter>
<Filter
Name="Resource Files"
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>

1
examples/echoclient/include.am
View File

@ -11,7 +11,6 @@ examples_echoclient_echoclient_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD
examples_echoclient_echoclient_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += examples/echoclient/echoclient.sln
EXTRA_DIST += examples/echoclient/echoclient-ntru.vcproj
EXTRA_DIST += examples/echoclient/echoclient.vcproj
EXTRA_DIST += examples/echoclient/echoclient.vcxproj

199
examples/echoserver/echoserver-ntru.vcproj
View File

@ -1,199 +0,0 @@
<?xml version="1.0" encoding="Windows-1252"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Name="echoserver"
ProjectGUID="{07D97C48-E08F-4E34-9F67-3064039FF2CB}"
RootNamespace="echoserver"
Keyword="Win32Proj"
TargetFrameworkVersion="196613"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="../../"
PreprocessorDefinitions="USE_ANY_ADDR;NO_PSK"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="4"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="Ws2_32.lib NtruEncrypt_DLL.lib"
LinkIncremental="2"
AdditionalLibraryDirectories="..\..\NTRU\bin"
GenerateDebugInformation="true"
SubSystem="1"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
WholeProgramOptimization="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="2"
EnableIntrinsicFunctions="true"
AdditionalIncludeDirectories="../../"
PreprocessorDefinitions="USE_ANY_ADDR;NO_PSK"
RuntimeLibrary="2"
EnableFunctionLevelLinking="true"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="Ws2_32.lib NtruEncrypt_DLL.lib"
LinkIncremental="1"
AdditionalLibraryDirectories="..\..\NTRU\bin"
GenerateDebugInformation="true"
SubSystem="1"
OptimizeReferences="2"
EnableCOMDATFolding="2"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath=".\echoserver.c"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
</Filter>
<Filter
Name="Resource Files"
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>

16
examples/echoserver/echoserver.c
View File

@ -147,8 +147,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#if defined(CYASSL_DTLS)
method = CyaDTLSv1_2_server_method();
#elif !defined(NO_TLS)
#if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER)) || \
defined(HAVE_NTRU)
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER)
method = CyaTLSv1_2_server_method();
#else
method = CyaSSLv23_server_method();
@ -174,18 +173,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#ifndef NO_FILESYSTEM
if (doPSK == 0) {
#if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
/* ntru */
if (CyaSSL_CTX_use_certificate_file(ctx, ntruCertFile, WOLFSSL_FILETYPE_PEM)
!= WOLFSSL_SUCCESS)
err_sys("can't load ntru cert file, "
"Please run from wolfSSL home dir");
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKeyFile)
!= WOLFSSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from wolfSSL home dir");
#elif defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
#if defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
/* ecc */
if (CyaSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)
!= WOLFSSL_SUCCESS)

1
examples/echoserver/include.am
View File

@ -11,7 +11,6 @@ examples_echoserver_echoserver_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD
examples_echoserver_echoserver_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += examples/echoserver/echoserver.sln
EXTRA_DIST += examples/echoserver/echoserver-ntru.vcproj
EXTRA_DIST += examples/echoserver/echoserver.vcproj
EXTRA_DIST += examples/echoserver/echoserver.vcxproj

1
examples/server/include.am
View File

@ -12,7 +12,6 @@ examples_server_server_DEPENDENCIES = src/libwolfssl.la
examples_server_server_CFLAGS = $(WOLFSENTRY_INCLUDE) $(AM_CFLAGS)
endif
EXTRA_DIST += examples/server/server.sln
EXTRA_DIST += examples/server/server-ntru.vcproj
EXTRA_DIST += examples/server/server.vcproj
EXTRA_DIST += examples/server/server.vcxproj

199
examples/server/server-ntru.vcproj
View File

@ -1,199 +0,0 @@
<?xml version="1.0" encoding="Windows-1252"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Name="server"
ProjectGUID="{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}"
RootNamespace="server"
Keyword="Win32Proj"
TargetFrameworkVersion="196613"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="../../"
PreprocessorDefinitions="NO_PSK"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="4"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="Ws2_32.lib NtruEncrypt_DLL.lib"
LinkIncremental="2"
AdditionalLibraryDirectories="..\..\NTRU\bin"
GenerateDebugInformation="true"
SubSystem="1"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
WholeProgramOptimization="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="2"
EnableIntrinsicFunctions="true"
AdditionalIncludeDirectories="../../"
PreprocessorDefinitions="NO_PSK"
RuntimeLibrary="2"
EnableFunctionLevelLinking="true"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="Ws2_32.lib NtruEncrypt_DLL.lib"
LinkIncremental="1"
AdditionalLibraryDirectories="..\..\NTRU\bin"
GenerateDebugInformation="true"
SubSystem="1"
OptimizeReferences="2"
EnableCOMDATFolding="2"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath=".\server.c"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
</Filter>
<Filter
Name="Resource Files"
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>

30
examples/server/server.c
View File

@ -859,9 +859,6 @@ static const char* server_usage_msg[][60] = {
"-x Print server errors but do not close connection\n",/* 27 */
"-i Loop indefinitely (allow repeated connections)\n", /* 28 */
"-e Echo data mode (return raw bytes received)\n", /* 29 */
#ifdef HAVE_NTRU
"-n Use NTRU key (needed for NTRU suites)\n", /* 30 */
#endif
"-B <num> Benchmark throughput"
" using <num> bytes and print stats\n", /* 31 */
#ifdef HAVE_CRL
@ -1026,9 +1023,6 @@ static const char* server_usage_msg[][60] = {
"-i 無期限にループする(繰り返し接続を許可)\n", /* 28 */
"-e エコー・データモード"
"(受け取ったバイトデータを返す)\n", /* 29 */
#ifdef HAVE_NTRU
"-n NTRU鍵を使用する(NTRUスイートに必要)\n", /* 30 */
#endif
"-B <num> <num> バイトを用いてのベンチマーク・スループット"
"測定と結果を出力する\n", /* 31 */
#ifdef HAVE_CRL
@ -1190,9 +1184,6 @@ static void Usage(void)
printf("%s", msg[++msgId]); /* -x */
printf("%s", msg[++msgId]); /* -i */
printf("%s", msg[++msgId]); /* -e */
#ifdef HAVE_NTRU
printf("%s", msg[++msgId]); /* -n */
#endif
printf("%s", msg[++msgId]); /* -B */
#ifdef HAVE_CRL
printf("%s", msg[++msgId]); /* -V */
@ -1335,7 +1326,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
WOLFSSL_TEST_DTLS_CTX dtlsCtx;
#endif
int needDH = 0;
int useNtruKey = 0;
int nonBlocking = 0;
int simulateWantWrite = 0;
int fewerPackets = 0;
@ -1492,7 +1482,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
(void)ourCert;
(void)ourDhParam;
(void)verifyCert;
(void)useNtruKey;
(void)doCliCertCheck;
(void)minDhKeyBits;
(void)minRsaKeyBits;
@ -1525,7 +1514,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
/* Not Used: h, z, W, X, 7 */
while ((ch = mygetopt_long(argc, argv, "?:"
"abc:defgijk:l:mnop:q:rstu;v:wxy"
"abc:defgijk:l:mop:q:rstu;v:wxy"
"A:B:C:D:E:FGH:IJKL:MNO:PQR:S:T;UVYZ:"
"01:23:4:5689"
"@#", long_options, 0)) != -1) {
@ -1576,10 +1565,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
usePskPlus = 1;
break;
case 'n' :
useNtruKey = 1;
break;
case 'u' :
doDTLS = 1;
dtlsUDP = 1;
@ -2330,19 +2315,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
#endif
#ifdef HAVE_NTRU
if (useNtruKey) {
if (wolfSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
!= WOLFSSL_SUCCESS)
err_sys_ex(catastrophic, "can't load ntru key file, "
"Please run from wolfSSL home dir");
}
#endif
#if !defined(NO_CERTS)
#ifdef HAVE_PK_CALLBACKS
pkCbInfo.ourKey = ourKey;
#endif
if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon
if ((!usePsk || usePskPlus) && !useAnon
&& !(loadCertKeyIntoSSLObj == 1)
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
&& !pkCallbacks
@ -2613,7 +2590,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#endif
}
if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon &&
if ((!usePsk || usePskPlus) && !useAnon &&
loadCertKeyIntoSSLObj
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
&& !pkCallbacks
@ -3298,7 +3275,6 @@ exit:
(void) ourKey;
(void) verifyCert;
(void) doCliCertCheck;
(void) useNtruKey;
(void) ourDhParam;
(void) ourCert;
(void) useX25519;

4
linuxkm/module_exports.c.template
View File

@ -158,10 +158,6 @@
#include <wolfssl/certs_test.h>
#ifdef HAVE_NTRU
#include "libntruencrypt/ntru_crypto.h"
#endif
#include <wolfssl/openssl/x509_vfy.h>
#include <wolfssl/openssl/buffer.h>
#include <wolfssl/openssl/ec25519.h>

992
src/internal.c
View File

File diff suppressed because it is too large Load Diff

111
src/keys.c
View File

@ -1248,23 +1248,6 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
case TLS_NTRU_RSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = RC4_KEY_SIZE;
ssl->specs.iv_size = 0;
ssl->specs.block_size = 0;
break;
#endif
#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
case SSL_RSA_WITH_RC4_128_MD5 :
ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
@ -1303,23 +1286,6 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = DES3_KEY_SIZE;
ssl->specs.block_size = DES_BLOCK_SIZE;
ssl->specs.iv_size = DES_IV_SIZE;
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
case TLS_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
@ -1405,23 +1371,6 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
case TLS_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
@ -1456,23 +1405,6 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
@ -3683,49 +3615,6 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
int MakeMasterSecret(WOLFSSL* ssl)
{
/* append secret to premaster : premaster | SerSi | CliSi */
#ifdef HAVE_QSH
word32 offset = 0;
if (ssl->peerQSHKeyPresent) {
offset += ssl->arrays->preMasterSz;
ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length +
ssl->QSH_secret->SerSi->length;
/* test and set flag if QSH has been used */
if (ssl->QSH_secret->CliSi->length > 0 ||
ssl->QSH_secret->SerSi->length > 0)
ssl->isQSH = 1;
/* append secrets to the premaster */
if (ssl->QSH_secret->SerSi != NULL) {
XMEMCPY(ssl->arrays->preMasterSecret + offset,
ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length);
}
offset += ssl->QSH_secret->SerSi->length;
if (ssl->QSH_secret->CliSi != NULL) {
XMEMCPY(ssl->arrays->preMasterSecret + offset,
ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length);
}
/* show secret SerSi and CliSi */
#ifdef SHOW_SECRETS
{
word32 j;
printf("QSH generated secret material\n");
printf("SerSi : ");
for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) {
printf("%02x", ssl->QSH_secret->SerSi->buffer[j]);
}
printf("\n");
printf("CliSi : ");
for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) {
printf("%02x", ssl->QSH_secret->CliSi->buffer[j]);
}
printf("\n");
}
#endif
}
#endif
#ifndef NO_OLD_TLS
if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
return MakeSslMasterSecret(ssl);

151
src/ssl.c
View File

@ -1910,10 +1910,9 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
keySz = ssl->buffers.keySz;
#endif
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, ssl->options.haveStaticECC,
ssl->options.haveAnon, ssl->options.side);
}
WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
@ -2684,58 +2683,6 @@ int wolfSSL_set1_groups(WOLFSSL* ssl, int* groups, int count)
#endif /* OPENSSL_EXTRA && WOLFSSL_TLS13 */
#endif /* HAVE_SUPPORTED_CURVES */
/* QSH quantum safe handshake */
#ifdef HAVE_QSH
/* returns 1 if QSH has been used 0 otherwise */
int wolfSSL_isQSH(WOLFSSL* ssl)
{
/* if no ssl struct than QSH was not used */
if (ssl == NULL)
return 0;
return ssl->isQSH;
}
int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, word16 name)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
switch (name) {
#ifdef HAVE_NTRU
case WOLFSSL_NTRU_EESS439:
case WOLFSSL_NTRU_EESS593:
case WOLFSSL_NTRU_EESS743:
break;
#endif
default:
return BAD_FUNC_ARG;
}
ssl->user_set_QSHSchemes = 1;
return TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap);
}
#ifndef NO_WOLFSSL_CLIENT
/* user control over sending client public key in hello
when flag = 1 will send keys if flag is 0 or function is not called
then will not send keys in the hello extension
return 0 on success
*/
int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
ssl->sendQSHKeys = flag;
return 0;
}
#endif /* NO_WOLFSSL_CLIENT */
#endif /* HAVE_QSH */
/* Application-Layer Protocol Negotiation */
#ifdef HAVE_ALPN
@ -4405,10 +4352,9 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
#endif
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, ssl->options.haveStaticECC,
ssl->options.haveAnon, ssl->options.side);
return WOLFSSL_SUCCESS;
}
@ -5591,7 +5537,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
long sz, int format, int type, WOLFSSL* ssl,
long* used, int userChain, int verify)
{
DerBuffer* der = NULL; /* holds DER or RAW (for NTRU) */
DerBuffer* der = NULL;
int ret = 0;
int done = 0;
int keyFormat = 0;
@ -5618,8 +5564,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
*used = sz; /* used bytes default to sz, PEM chain may shorten*/
/* check args */
if (format != WOLFSSL_FILETYPE_ASN1 && format != WOLFSSL_FILETYPE_PEM
&& format != WOLFSSL_FILETYPE_RAW)
if (format != WOLFSSL_FILETYPE_ASN1 && format != WOLFSSL_FILETYPE_PEM)
return WOLFSSL_BAD_FILETYPE;
if (ctx == NULL && ssl == NULL)
@ -5648,7 +5593,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#endif
}
else {
/* ASN1 (DER) or RAW (NTRU) */
/* ASN1 (DER) */
int length = (int)sz;
if (format == WOLFSSL_FILETYPE_ASN1) {
/* get length of der (read sequence or octet string) */
@ -5707,7 +5652,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
/* info is only used for private key with DER or PEM, so free now */
if (ret < 0 || type != PRIVATEKEY_TYPE || format == WOLFSSL_FILETYPE_RAW) {
if (ret < 0 || type != PRIVATEKEY_TYPE) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
#endif
@ -5798,7 +5743,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
if (done == 1) {
/* No operation, just skip the next section */
}
else if (type == PRIVATEKEY_TYPE && format != WOLFSSL_FILETYPE_RAW) {
else if (type == PRIVATEKEY_TYPE) {
ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, &resetSuites,
&keyFormat, heap, devId);
@ -6134,10 +6079,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
/* let's reset suites */
InitSuites(ssl->suites, ssl->version, keySz, haveRSA,
havePSK, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, ssl->options.haveStaticECC,
ssl->options.haveAnon, ssl->options.side);
}
return WOLFSSL_SUCCESS;
@ -11447,31 +11391,6 @@ int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses)
#endif /* OPENSSL_EXTRA */
#ifndef NO_FILESYSTEM
#ifdef HAVE_NTRU
int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX* ctx, const char* file)
{
WOLFSSL_ENTER("wolfSSL_CTX_use_NTRUPrivateKey_file");
if (ctx == NULL)
return WOLFSSL_FAILURE;
if (ProcessFile(ctx, file, WOLFSSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0,
NULL, GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
ctx->haveNTRU = 1;
return WOLFSSL_SUCCESS;
}
return WOLFSSL_FAILURE;
}
#endif /* HAVE_NTRU */
#endif /* NO_FILESYSTEM */
WOLFSSL_ABI
void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
{
@ -15684,10 +15603,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
keySz = ssl->buffers.keySz;
#endif
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, ssl->options.haveStaticECC,
ssl->options.haveAnon, ssl->options.side);
}
#ifdef OPENSSL_EXTRA
/**
@ -15737,10 +15655,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
keySz = ssl->buffers.keySz;
#endif
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, ssl->options.haveStaticECC,
ssl->options.haveAnon, ssl->options.side);
}
const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
@ -24571,11 +24488,6 @@ static WC_INLINE const char* wolfssl_kea_to_string(int kea)
break;
#endif
#endif
#ifdef HAVE_NTRU
case ntru_kea:
keaStr = "NTRU";
break;
#endif
#ifdef HAVE_ECC
case ecc_diffie_hellman_kea:
keaStr = "ECDHE";
@ -27547,10 +27459,9 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
if (ssl->suites != NULL && ssl->options.side != WOLFSSL_NEITHER_END)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, ssl->options.haveStaticECC,
ssl->options.haveAnon, ssl->options.side);
return ssl->options.mask;
}
@ -30680,9 +30591,6 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
{ RSAk, RSAk, oidKeyType, "rsaEncryption", "rsaEncryption"},
{ NID_rsaEncryption, RSAk, oidKeyType, "rsaEncryption", "rsaEncryption"},
#endif /* NO_RSA */
#ifdef HAVE_NTRU
{ NTRUk, NTRUk, oidKeyType, "NTRU", "ntruEncryption"},
#endif /* HAVE_NTRU */
#ifdef HAVE_ECC
{ ECDSAk, ECDSAk, oidKeyType, "ECDSA", "ecdsaEncryption"},
{ NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey",
@ -47897,11 +47805,6 @@ static WC_INLINE int SCSV_Check(byte suite0, byte suite)
#ifdef HAVE_RENEGOTIATION_INDICATION
if (suite0 == CIPHER_BYTE && suite == TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
return 1;
#endif
#ifdef BUILD_TLS_QSH
/* This isn't defined as a SCSV, but it acts like one. */
if (suite0 == QSH_BYTE && suite == TLS_QSH)
return 1;
#endif
return 0;
}
@ -49678,10 +49581,6 @@ word32 nid2oid(int nid, int grp)
case RSAk:
return RSAk;
#endif /* NO_RSA */
#ifdef HAVE_NTRU
case NTRUk:
return NTRUk;
#endif /* HAVE_NTRU */
#ifdef HAVE_ECC
case ECDSAk:
return ECDSAk;
@ -50034,10 +49933,6 @@ int oid2nid(word32 oid, int grp)
case RSAk:
return RSAk;
#endif /* NO_RSA */
#ifdef HAVE_NTRU
case NTRUk:
return NTRUk;
#endif /* HAVE_NTRU */
#ifdef HAVE_ECC
case ECDSAk:
return ECDSAk;

932
src/tls.c
View File

File diff suppressed because it is too large Load Diff

25
src/tls13.c
View File

@ -106,10 +106,6 @@
#include <wolfcrypt/src/misc.c>
#endif
#ifdef HAVE_NTRU
#include "libntruencrypt/ntru_crypto.h"
#endif
#ifdef __sun
#include <sys/filio.h>
#endif
@ -9082,10 +9078,9 @@ void wolfSSL_set_psk_client_cs_callback(WOLFSSL* ssl,
keySz = ssl->buffers.keySz;
#endif
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, ssl->options.haveStaticECC,
ssl->options.haveAnon, ssl->options.side);
}
/* Set the PSK callback that returns the cipher suite for a client to use
@ -9133,10 +9128,9 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
keySz = ssl->buffers.keySz;
#endif
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, ssl->options.haveStaticECC,
ssl->options.haveAnon, ssl->options.side);
}
/* Set the PSK callback that returns the cipher suite for a server to use
@ -9181,10 +9175,9 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
keySz = ssl->buffers.keySz;
#endif
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, ssl->options.haveStaticECC,
ssl->options.haveAnon, ssl->options.side);
}
/* Get name of first supported cipher suite that uses the hash indicated.

8
tests/api.c
View File

@ -490,7 +490,7 @@ static int test_wolfCrypt_Init(void)
svrCertFile, svrKeyFile, caCertFile,
eccCertFile, eccKeyFile, eccRsaCertFile,
cliCertFile, cliCertDerFile, cliKeyFile,
ntruCertFile, ntruKeyFile, dhParamFile,
dhParamFile,
cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile,
cliEdCertFile, cliEdKeyFile, caEdCertFile,
NULL
@ -39536,10 +39536,6 @@ static void test_wolfSSL_X509_check_ca(void){
AssertIntEQ(wolfSSL_X509_check_ca(x509), 1);
wolfSSL_X509_free(x509);
x509 = wolfSSL_X509_load_certificate_file(ntruCertFile, WOLFSSL_FILETYPE_PEM);
AssertIntEQ(wolfSSL_X509_check_ca(x509), 0);
wolfSSL_X509_free(x509);
printf(resultFmt, passed);
#endif
}
@ -47225,7 +47221,6 @@ static void test_wolfSSL_CTX_LoadCRL(void)
const char* badPath = "dummypath";
const char* validPath = "./certs/crl";
int derType = WOLFSSL_FILETYPE_ASN1;
int rawType = WOLFSSL_FILETYPE_RAW;
int pemType = WOLFSSL_FILETYPE_PEM;
int monitor = WOLFSSL_CRL_MONITOR;
@ -47247,7 +47242,6 @@ static void test_wolfSSL_CTX_LoadCRL(void)
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor);
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor);
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, rawType, monitor);
wolfSSL_CTX_free(ctx);
ctx = NULL;

2
tests/include.am
View File

@ -24,8 +24,6 @@ EXTRA_DIST += tests/test.conf \
tests/test-tls13-down.conf \
tests/test-tls13-ecc.conf \
tests/test-tls13-psk.conf \
tests/test-qsh.conf \
tests/test-qsh-sha2.conf \
tests/test-psk.conf \
tests/test-psk-no-id.conf \
tests/test-psk-no-id-sha2.conf \

30
tests/suites.c
View File

@ -155,15 +155,6 @@ static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc)
found = 1;
}
/* if QSH not enabled then do not use QSH suite */
#ifdef HAVE_QSH
if (suite[0] && (XSTRNCMP(suite, "QSH", 3) == 0)) {
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite + 4)
!= WOLFSSL_SUCCESS)
return 0;
}
#endif
if (found) {
if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == WOLFSSL_SUCCESS)
valid = 1;
@ -1072,27 +1063,6 @@ int SuiteTest(int argc, char** argv)
}
#endif /* HAVE_RSA and HAVE_ECC */
#endif /* !WC_STRICT_SIG */
#ifdef HAVE_QSH
/* add QSH extra suites */
strcpy(argv0[1], "tests/test-qsh.conf");
printf("starting qsh extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
strcpy(argv0[1], "tests/test-qsh-sha2.conf");
printf("starting qsh extra cipher suite tests - old TLS sha-2 cs\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#endif
#ifndef NO_PSK
#ifndef WOLFSSL_NO_TLS12
#if !defined(NO_RSA) || defined(HAVE_ECC)

303
tests/test-qsh-sha2.conf
View File

@ -1,303 +0,0 @@
# server TLSv1 AES128-SHA256
-v 1
-l QSH:AES128-SHA256
# client TLSv1 AES128-SHA256
-v 1
-l QSH:AES128-SHA256
# server TLSv1 AES256-SHA256
-v 1
-l QSH:AES256-SHA256
# client TLSv1 AES256-SHA256
-v 1
-l QSH:AES256-SHA256
# server TLSv1.1 AES128-SHA256
-v 2
-l QSH:AES128-SHA256
# client TLSv1.1 AES128-SHA256
-v 2
-l QSH:AES128-SHA256
# server TLSv1.1 AES256-SHA256
-v 2
-l QSH:AES256-SHA256
# client TLSv1.1 AES256-SHA256
-v 2
-l QSH:AES256-SHA256
# server TLSv1 DHE AES128-SHA256
-v 1
-l QSH:DHE-RSA-AES128-SHA256
# client TLSv1 DHE AES128-SHA256
-v 1
-l QSH:DHE-RSA-AES128-SHA256
# server TLSv1 DHE AES256-SHA256
-v 1
-l QSH:DHE-RSA-AES256-SHA256
# client TLSv1 DHE AES256-SHA256
-v 1
-l QSH:DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE AES128-SHA256
-v 2
-l QSH:DHE-RSA-AES128-SHA256
# client TLSv1.1 DHE AES128-SHA256
-v 2
-l QSH:DHE-RSA-AES128-SHA256
# server TLSv1.1 DHE AES256-SHA256
-v 2
-l QSH:DHE-RSA-AES256-SHA256
# client TLSv1.1 DHE AES256-SHA256
-v 2
-l QSH:DHE-RSA-AES256-SHA256
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-AES128-SHA256
# server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-NULL-SHA256
# client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-NULL-SHA256
# server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-NULL-SHA256
# client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-NULL-SHA256
# server TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l QSH:PSK-AES128-CBC-SHA256
# client TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l QSH:PSK-AES128-CBC-SHA256
# server TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l QSH:PSK-AES128-CBC-SHA256
# client TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l QSH:PSK-AES128-CBC-SHA256
# server TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l QSH:PSK-AES256-CBC-SHA384
# client TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l QSH:PSK-AES256-CBC-SHA384
# server TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l QSH:PSK-AES256-CBC-SHA384
# client TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l QSH:PSK-AES256-CBC-SHA384
# server TLSv1.0 RSA-NULL-SHA256
-v 1
-l QSH:NULL-SHA256
# client TLSv1.0 RSA-NULL-SHA256
-v 1
-l QSH:NULL-SHA256
# server TLSv1.1 RSA-NULL-SHA256
-v 2
-l QSH:NULL-SHA256
# client TLSv1.1 RSA-NULL-SHA256
-v 2
-l QSH:NULL-SHA256
# server TLSv1 CAMELLIA128-SHA256
-v 1
-l QSH:CAMELLIA128-SHA256
# client TLSv1 CAMELLIA128-SHA256
-v 1
-l QSH:CAMELLIA128-SHA256
# server TLSv1 CAMELLIA256-SHA256
-v 1
-l QSH:CAMELLIA256-SHA256
# client TLSv1 CAMELLIA256-SHA256
-v 1
-l QSH:CAMELLIA256-SHA256
# server TLSv1.1 CAMELLIA128-SHA256
-v 2
-l QSH:CAMELLIA128-SHA256
# client TLSv1.1 CAMELLIA128-SHA256
-v 2
-l QSH:CAMELLIA128-SHA256
# server TLSv1.1 CAMELLIA256-SHA256
-v 2
-l QSH:CAMELLIA256-SHA256
# client TLSv1.1 CAMELLIA256-SHA256
-v 2
-l QSH:CAMELLIA256-SHA256
# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256
-s
-v 1
-l QSH:DHE-PSK-AES128-CBC-SHA256
# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256
-s
-v 1
-l QSH:DHE-PSK-AES128-CBC-SHA256
# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256
-s
-v 2
-l QSH:DHE-PSK-AES128-CBC-SHA256
# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256
-s
-v 2
-l QSH:DHE-PSK-AES128-CBC-SHA256
# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l QSH:DHE-PSK-AES256-CBC-SHA384
# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l QSH:DHE-PSK-AES256-CBC-SHA384
# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l QSH:DHE-PSK-AES256-CBC-SHA384
# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l QSH:DHE-PSK-AES256-CBC-SHA384
# server TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA256
# client TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA256
# server TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA256
# client TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA256
# server TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA384
# client TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA384
# server TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA384
# client TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA384

1836
tests/test-qsh.conf
View File

File diff suppressed because it is too large Load Diff

121
tests/test.conf
View File

@ -1821,127 +1821,6 @@
-v 2
-l DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA
# server TLSv1 NTRU_RC4
-v 1
-l NTRU-RC4-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_RC4
-v 1
-l NTRU-RC4-SHA
# server TLSv1 NTRU_DES3
-v 1
-l NTRU-DES-CBC3-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_DES3
-v 1
-l NTRU-DES-CBC3-SHA
# server TLSv1 NTRU_AES128
-v 1
-l NTRU-AES128-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_AES128
-v 1
-l NTRU-AES128-SHA
# server TLSv1 NTRU_AES256
-v 1
-l NTRU-AES256-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1 NTRU_AES256
-v 1
-l NTRU-AES256-SHA
# server TLSv1.1 NTRU_RC4
-v 2
-l NTRU-RC4-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_RC4
-v 2
-l NTRU-RC4-SHA
# server TLSv1.1 NTRU_DES3
-v 2
-l NTRU-DES-CBC3-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_DES3
-v 2
-l NTRU-DES-CBC3-SHA
# server TLSv1.1 NTRU_AES128
-v 2
-l NTRU-AES128-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_AES128
-v 2
-l NTRU-AES128-SHA
# server TLSv1.1 NTRU_AES256
-v 2
-l NTRU-AES256-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.1 NTRU_AES256
-v 2
-l NTRU-AES256-SHA
# server TLSv1.2 NTRU_RC4
-v 3
-l NTRU-RC4-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_RC4
-v 3
-l NTRU-RC4-SHA
# server TLSv1.2 NTRU_DES3
-v 3
-l NTRU-DES-CBC3-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_DES3
-v 3
-l NTRU-DES-CBC3-SHA
# server TLSv1.2 NTRU_AES128
-v 3
-l NTRU-AES128-SHA
-n
-c ./certs/ntru-cert.pem
-k ./certs/ntru-key.raw
# client TLSv1.2 NTRU_AES128
-v 3
-l NTRU-AES128-SHA
# error going into callback, return ok
# server TLSv1.2 verify callback override
-v 3

1
testsuite/include.am
View File

@ -18,7 +18,6 @@ testsuite_testsuite_test_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD) $(WO
testsuite_testsuite_test_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += testsuite/testsuite.sln
EXTRA_DIST += testsuite/testsuite-ntru.vcproj
EXTRA_DIST += testsuite/testsuite.vcproj
EXTRA_DIST += testsuite/testsuite.vcxproj
EXTRA_DIST += input

219
testsuite/testsuite-ntru.vcproj
View File

@ -1,219 +0,0 @@
<?xml version="1.0" encoding="Windows-1252"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Name="testsuite"
ProjectGUID="{611E8971-46E0-4D0A-B5A1-632C3B00CB80}"
RootNamespace="testsuite"
Keyword="Win32Proj"
TargetFrameworkVersion="196613"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="../;../NTRU/include"
PreprocessorDefinitions="NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;HAVE_NTRU;NO_PSK;WIN32"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="4"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="Ws2_32.lib NtruEncrypt_DLL.lib"
LinkIncremental="2"
AdditionalLibraryDirectories="..\NTRU\bin"
GenerateDebugInformation="true"
SubSystem="1"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="1"
CharacterSet="1"
WholeProgramOptimization="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="2"
EnableIntrinsicFunctions="true"
AdditionalIncludeDirectories="../;../NTRU/include"
PreprocessorDefinitions="NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;HAVE_NTRU;NO_PSK;WIN32"
RuntimeLibrary="2"
EnableFunctionLevelLinking="true"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="Ws2_32.lib NtruEncrypt_DLL.lib"
LinkIncremental="1"
AdditionalLibraryDirectories="..\NTRU\bin"
GenerateDebugInformation="true"
SubSystem="1"
OptimizeReferences="2"
EnableCOMDATFolding="2"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath="..\examples\client\client.c"
>
</File>
<File
RelativePath="..\examples\echoclient\echoclient.c"
>
</File>
<File
RelativePath="..\examples\echoserver\echoserver.c"
>
</File>
<File
RelativePath="..\examples\server\server.c"
>
</File>
<File
RelativePath="..\wolfcrypt\test\test.c"
>
</File>
<File
RelativePath=".\testsuite.c"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
</Filter>
<Filter
Name="Resource Files"
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>

234
wolfcrypt/benchmark/benchmark.c
View File

@ -197,9 +197,6 @@
#endif
#include <wolfssl/wolfcrypt/dh.h>
#ifdef HAVE_NTRU
#include "libntruencrypt/ntru_crypto.h"
#endif
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/types.h>
@ -298,8 +295,6 @@
#define BENCH_RSA 0x00000002
#define BENCH_RSA_SZ 0x00000004
#define BENCH_DH 0x00000010
#define BENCH_NTRU 0x00000100
#define BENCH_NTRU_KEYGEN 0x00000200
#define BENCH_ECC_MAKEKEY 0x00001000
#define BENCH_ECC 0x00002000
#define BENCH_ECC_ENCRYPT 0x00004000
@ -510,10 +505,6 @@ static const bench_alg bench_asym_opt[] = {
#ifndef NO_DH
{ "-dh", BENCH_DH },
#endif
#ifdef HAVE_NTRU
{ "-ntru", BENCH_NTRU },
{ "-ntru-kg", BENCH_NTRU_KEYGEN },
#endif
#ifdef HAVE_ECC
{ "-ecc-kg", BENCH_ECC_MAKEKEY },
{ "-ecc", BENCH_ECC },
@ -639,7 +630,7 @@ static const char* bench_result_words1[][4] = {
#endif
};
#if !defined(NO_RSA) || defined(HAVE_NTRU) || \
#if !defined(NO_RSA) || \
defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \
defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \
defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \
@ -780,7 +771,7 @@ static const char* bench_desc_words[][14] = {
#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
defined(HAVE_ECC) || defined(HAVE_NTRU) || !defined(NO_DH) || \
defined(HAVE_ECC) || !defined(NO_DH) || \
!defined(NO_RSA) || defined(HAVE_SCRYPT)
#define BENCH_ASYM
#endif
@ -1872,13 +1863,6 @@ static void* benchmarks_do(void* args)
}
#endif
#ifdef HAVE_NTRU
if (bench_all || (bench_asym_algs & BENCH_NTRU))
bench_ntru();
if (bench_all || (bench_asym_algs & BENCH_NTRU_KEYGEN))
bench_ntruKeyGen();
#endif
#ifdef HAVE_ECC
if (bench_all || (bench_asym_algs & BENCH_ECC_MAKEKEY) ||
(bench_asym_algs & BENCH_ECC) ||
@ -5241,220 +5225,6 @@ exit:
}
#endif /* !NO_DH */
#ifdef HAVE_NTRU
byte GetEntropy(ENTROPY_CMD cmd, byte* out);
byte GetEntropy(ENTROPY_CMD cmd, byte* out)
{
if (cmd == INIT)
return 1; /* using local rng */
if (out == NULL)
return 0;
if (cmd == GET_BYTE_OF_ENTROPY)
return (wc_RNG_GenerateBlock(&gRng, out, 1) == 0) ? 1 : 0;
if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
*out = 1;
return 1;
}
return 0;
}
void bench_ntru(void)
{
int i;
double start;
byte public_key[1027];
word16 public_key_len = sizeof(public_key);
byte private_key[1120];
word16 private_key_len = sizeof(private_key);
word16 ntruBits = 128;
word16 type = 0;
word32 ret;
byte ciphertext[1022];
word16 ciphertext_len;
byte plaintext[16];
word16 plaintext_len;
const char**desc = bench_desc_words[lng_index];
DRBG_HANDLE drbg;
static byte const aes_key[] = {
0xf3, 0xe9, 0x87, 0xbb, 0x18, 0x08, 0x3c, 0xaa,
0x7b, 0x12, 0x49, 0x88, 0xaf, 0xb3, 0x22, 0xd8
};
static byte const wolfsslStr[] = {
'w', 'o', 'l', 'f', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
};
for (ntruBits = 128; ntruBits < 257; ntruBits += 64) {
switch (ntruBits) {
case 128:
type = NTRU_EES439EP1;
break;
case 192:
type = NTRU_EES593EP1;
break;
case 256:
type = NTRU_EES743EP1;
break;
}
ret = ntru_crypto_drbg_instantiate(ntruBits, wolfsslStr,
sizeof(wolfsslStr), (ENTROPY_FN) GetEntropy, &drbg);
if(ret != DRBG_OK) {
printf("NTRU drbg instantiate failed\n");
return;
}
/* set key sizes */
ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
NULL, &private_key_len, NULL);
if (ret != NTRU_OK) {
ntru_crypto_drbg_uninstantiate(drbg);
printf("NTRU failed to get key lengths\n");
return;
}
ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
public_key, &private_key_len,
private_key);
ntru_crypto_drbg_uninstantiate(drbg);
if (ret != NTRU_OK) {
printf("NTRU keygen failed\n");
return;
}
ret = ntru_crypto_drbg_instantiate(ntruBits, NULL, 0,
(ENTROPY_FN)GetEntropy, &drbg);
if (ret != DRBG_OK) {
printf("NTRU error occurred during DRBG instantiation\n");
return;
}
ret = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
sizeof(aes_key), aes_key, &ciphertext_len, NULL);
if (ret != NTRU_OK) {
printf("NTRU error occurred requesting the buffer size needed\n");
return;
}
bench_stats_start(&i, &start);
for (i = 0; i < ntimes; i++) {
ret = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
sizeof(aes_key), aes_key, &ciphertext_len, ciphertext);
if (ret != NTRU_OK) {
printf("NTRU encrypt error\n");
return;
}
}
bench_stats_asym_finish("NTRU", ntruBits, desc[6], 0, i, start, ret);
ret = ntru_crypto_drbg_uninstantiate(drbg);
if (ret != DRBG_OK) {
printf("NTRU error occurred uninstantiating the DRBG\n");
return;
}
ret = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext, &plaintext_len, NULL);
if (ret != NTRU_OK) {
printf("NTRU decrypt error occurred getting the buffer size needed\n");
return;
}
plaintext_len = sizeof(plaintext);
bench_stats_start(&i, &start);
for (i = 0; i < ntimes; i++) {
ret = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
if (ret != NTRU_OK) {
printf("NTRU error occurred decrypting the key\n");
return;
}
}
bench_stats_asym_finish("NTRU", ntruBits, desc[7], 0, i, start, ret);
}
}
void bench_ntruKeyGen(void)
{
double start;
int i;
byte public_key[1027];
word16 public_key_len = sizeof(public_key);
byte private_key[1120];
word16 private_key_len = sizeof(private_key);
word16 ntruBits = 128;
word16 type = 0;
word32 ret;
const char**desc = bench_desc_words[lng_index];
DRBG_HANDLE drbg;
static uint8_t const pers_str[] = {
'w', 'o', 'l', 'f', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
};
for (ntruBits = 128; ntruBits < 257; ntruBits += 64) {
ret = ntru_crypto_drbg_instantiate(ntruBits, pers_str,
sizeof(pers_str), GetEntropy, &drbg);
if (ret != DRBG_OK) {
printf("NTRU drbg instantiate failed\n");
return;
}
switch (ntruBits) {
case 128:
type = NTRU_EES439EP1;
break;
case 192:
type = NTRU_EES593EP1;
break;
case 256:
type = NTRU_EES743EP1;
break;
}
/* set key sizes */
ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
NULL, &private_key_len, NULL);
bench_stats_start(&i, &start);
for (i = 0; i < genTimes; i++) {
ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
public_key, &private_key_len,
private_key);
}
bench_stats_asym_finish("NTRU", ntruBits, desc[2], 0, i, start, ret);
if (ret != NTRU_OK) {
return;
}
ret = ntru_crypto_drbg_uninstantiate(drbg);
if (ret != NTRU_OK) {
printf("NTRU drbg uninstantiate failed\n");
return;
}
}
}
#endif
#ifdef HAVE_ECC
/* +8 for 'ECDSA [%s]' and null terminator */

2
wolfcrypt/benchmark/benchmark.h
View File

@ -102,8 +102,6 @@ void bench_sakkeKeyGen(void);
void bench_sakkeRskGen(void);
void bench_sakkeValidate(void);
void bench_sakke(void);
void bench_ntru(void);
void bench_ntruKeyGen(void);
void bench_rng(void);
void bench_blake2b(void);
void bench_blake2s(void);

234
wolfcrypt/src/asn.c
View File

@ -103,10 +103,6 @@ ASN Options:
#include <wolfssl/wolfcrypt/arc4.h>
#endif
#ifdef HAVE_NTRU
#include "libntruencrypt/ntru_crypto.h"
#endif
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
#include <wolfssl/wolfcrypt/sha512.h>
#endif
@ -3810,9 +3806,6 @@ static word32 SetBitString16Bit(word16 val, byte* output)
#ifndef NO_RSA
static const byte keyRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 1};
#endif /* NO_RSA */
#ifdef HAVE_NTRU
static const byte keyNtruOid[] = {43, 6, 1, 4, 1, 193, 22, 1, 1, 1, 1};
#endif /* HAVE_NTRU */
#ifdef HAVE_ECC
static const byte keyEcdsaOid[] = {42, 134, 72, 206, 61, 2, 1};
#endif /* HAVE_ECC */
@ -4260,12 +4253,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
*oidSz = sizeof(keyRsaOid);
break;
#endif /* NO_RSA */
#ifdef HAVE_NTRU
case NTRUk:
oid = keyNtruOid;
*oidSz = sizeof(keyNtruOid);
break;
#endif /* HAVE_NTRU */
#ifdef HAVE_ECC
case ECDSAk:
oid = keyEcdsaOid;
@ -9813,85 +9800,6 @@ static int ParseDsaKey(const byte* source, word32* srcIdx, word32 maxIdx,
}
#endif /* !NO_DSA */
#ifdef HAVE_NTRU
/* Store NTRU key data and length in certificate object.
*
* @param [in, out] cert Certificate object.
* @param [in] source Buffer containing encoded key.
* @param [in, out] srcIdx On in, start of RSA key data.
* On out, start of element after RSA key data.
* @param [in] maxIdx Maximum index of key data.
* @param [in] pubIdx Index of into buffer of public key.
* @return 0 on success.
* @return MEMORY_E when dynamic memory allocation fails.
* @return ASN_NTRU_KEY_E when BER encoding is invalid.
*/
static int StoreNtruKey(DecodedCert* cert, const byte* source, word32* srcIdx,
word32 maxIdx, word32 pubIdx)
{
const byte* key = &source[pubIdx];
byte* next = (byte*)key;
word16 keyLen;
word32 rc;
word32 remaining = maxIdx - *srcIdx;
byte* publicKey;
#ifdef WOLFSSL_SMALL_STACK
byte* keyBlob = NULL;
#else
byte keyBlob[MAX_NTRU_KEY_SZ];
#endif
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, &keyLen,
NULL, &next, &remaining);
if (rc != NTRU_OK)
return ASN_NTRU_KEY_E;
if (keyLen > MAX_NTRU_KEY_SZ)
return ASN_NTRU_KEY_E;
#ifdef WOLFSSL_SMALL_STACK
keyBlob = (byte*)XMALLOC(MAX_NTRU_KEY_SZ, cert->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (keyBlob == NULL)
return MEMORY_E;
#endif
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key, &keyLen,
keyBlob, &next, &remaining);
if (rc != NTRU_OK) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(keyBlob, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_NTRU_KEY_E;
}
if ( (next - key) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(keyBlob, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_NTRU_KEY_E;
}
*srcIdx = pubIdx + (int)(next - key);
publicKey = (byte*)XMALLOC(keyLen, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (publicKey == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(keyBlob, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E;
}
XMEMCPY(publicKey, keyBlob, keyLen);
cert->publicKey = publicKey;
cert->pubKeyStored = 1;
cert->pubKeySize = keyLen;
#ifdef WOLFSSL_SMALL_STACK
XFREE(keyBlob, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
}
#endif /* HAVE_NTRU */
/* Decode the SubjectPublicKeyInfo block in a certificate.
*
* Stores the public key in fields of the certificate object.
@ -9914,7 +9822,7 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
#if defined(HAVE_ECC) || !defined(NO_DSA)
int pubLen;
#endif
#if defined(HAVE_ECC) || defined(HAVE_NTRU) || !defined(NO_DSA)
#if defined(HAVE_ECC) || !defined(NO_DSA)
int pubIdx = srcIdx;
#endif
int ret = 0;
@ -9950,11 +9858,6 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
break;
#endif /* NO_RSA */
#ifdef HAVE_NTRU
case NTRUk:
ret = StoreNtruKey(cert, source, &srcIdx, maxIdx, pubIdx);
break;
#endif /* HAVE_NTRU */
#ifdef HAVE_ECC
case ECDSAk:
ret = StoreEccKey(cert, source, &srcIdx, maxIdx, source + pubIdx,
@ -19888,7 +19791,7 @@ typedef struct DerCert {
byte issuer[ASN_NAME_MAX]; /* issuer encoded */
byte subject[ASN_NAME_MAX]; /* subject encoded */
byte validity[MAX_DATE_SIZE*2 + MAX_SEQ_SZ*2]; /* before and after dates */
byte publicKey[MAX_PUBLIC_KEY_SZ]; /* rsa / ntru public key encoded */
byte publicKey[MAX_PUBLIC_KEY_SZ]; /* rsa public key encoded */
byte ca[MAX_CA_SZ]; /* basic constraint CA true size */
byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */
#ifdef WOLFSSL_CERT_EXT
@ -21884,13 +21787,9 @@ int SetName(byte* output, word32 outputSz, CertName* name)
static int EncodePublicKey(int keyType, byte* output, int outLen,
RsaKey* rsaKey, ecc_key* eccKey,
ed25519_key* ed25519Key, ed448_key* ed448Key,
DsaKey* dsaKey, const byte* ntruKey, word16 ntruSz)
DsaKey* dsaKey)
{
int ret = 0;
#ifdef HAVE_NTRU
word32 rc;
word16 encodedSz;
#endif
(void)outLen;
(void)rsaKey;
@ -21898,8 +21797,6 @@ static int EncodePublicKey(int keyType, byte* output, int outLen,
(void)ed25519Key;
(void)ed448Key;
(void)dsaKey;
(void)ntruKey;
(void)ntruSz;
switch (keyType) {
#ifndef NO_RSA
@ -21934,18 +21831,6 @@ static int EncodePublicKey(int keyType, byte* output, int outLen,
}
break;
#endif
#ifdef HAVE_NTRU
case NTRU_KEY:
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(ntruSz,
ntruKey, &encodedSz, output);
if (rc != NTRU_OK) {
ret = PUBLIC_KEY_E;
}
if (ret == 0) {
ret = encodedSz;
}
break;
#endif /* HAVE_NTRU */
default:
ret = PUBLIC_KEY_E;
break;
@ -22308,8 +22193,8 @@ static int SetValidity(byte* before, byte* after, int daysValid)
#ifndef WOLFSSL_ASN_TEMPLATE
/* encode info from cert into DER encoded format */
static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
WC_RNG* rng, const byte* ntruKey, word16 ntruSz, DsaKey* dsaKey,
ed25519_key* ed25519Key, ed448_key* ed448Key)
WC_RNG* rng, DsaKey* dsaKey, ed25519_key* ed25519Key,
ed448_key* ed448Key)
{
int ret;
@ -22318,7 +22203,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* make sure at least one key type is provided */
if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL &&
dsaKey == NULL && ed448Key == NULL && ntruKey == NULL) {
dsaKey == NULL && ed448Key == NULL) {
return PUBLIC_KEY_E;
}
@ -22394,32 +22279,6 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
}
#endif
#ifdef HAVE_NTRU
if (cert->keyType == NTRU_KEY) {
word32 rc;
word16 encodedSz;
if (ntruKey == NULL)
return PUBLIC_KEY_E;
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(ntruSz,
ntruKey, &encodedSz, NULL);
if (rc != NTRU_OK)
return PUBLIC_KEY_E;
if (encodedSz > MAX_PUBLIC_KEY_SZ)
return PUBLIC_KEY_E;
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(ntruSz,
ntruKey, &encodedSz, der->publicKey);
if (rc != NTRU_OK)
return PUBLIC_KEY_E;
der->publicKeySz = encodedSz;
}
#else
(void)ntruSz;
#endif /* HAVE_NTRU */
if (der->publicKeySz <= 0)
return PUBLIC_KEY_E;
@ -22989,8 +22848,8 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
/* Make an x509 Certificate v3 any key type from cert input, write to buffer */
static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
DsaKey* dsaKey, const byte* ntruKey, word16 ntruSz,
ed25519_key* ed25519Key, ed448_key* ed448Key)
DsaKey* dsaKey, ed25519_key* ed25519Key,
ed448_key* ed448Key)
{
#ifndef WOLFSSL_ASN_TEMPLATE
int ret;
@ -23013,8 +22872,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
cert->keyType = ED25519_KEY;
else if (ed448Key)
cert->keyType = ED448_KEY;
else if (ntruKey)
cert->keyType = NTRU_KEY;
else
return BAD_FUNC_ARG;
@ -23024,8 +22881,8 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
return MEMORY_E;
#endif
ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz, dsaKey,
ed25519Key, ed448Key);
ret = EncodeCert(cert, der, rsaKey, eccKey, rng, dsaKey, ed25519Key,
ed448Key);
if (ret == 0) {
if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
ret = BUFFER_E;
@ -23069,9 +22926,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
else if (ed448Key) {
cert->keyType = ED448_KEY;
}
else if (ntruKey) {
cert->keyType = NTRU_KEY;
}
else {
ret = BAD_FUNC_ARG;
}
@ -23116,7 +22970,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
if (ret >= 0) {
/* Calcuate public key encoding size. */
ret = publicKeySz = EncodePublicKey(cert->keyType, NULL, 0, rsaKey,
eccKey, ed25519Key, ed448Key, dsaKey, ntruKey, ntruSz);
eccKey, ed25519Key, ed448Key, dsaKey);
}
if (ret >= 0) {
/* Calcuate extensions encoding size - may be 0. */
@ -23251,7 +23105,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
/* Encode public key into buffer. */
ret = EncodePublicKey(cert->keyType,
(byte*)dataASN[15].data.buffer.data, dataASN[15].data.buffer.length,
rsaKey, eccKey, ed25519Key, ed448Key, dsaKey, ntruKey, ntruSz);
rsaKey, eccKey, ed25519Key, ed448Key, dsaKey);
}
if ((ret >= 0) && (!dataASN[23].noOut)) {
/* Encode extensions into buffer. */
@ -23293,29 +23147,16 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
ed448Key = (ed448_key*)key;
return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, dsaKey,
NULL, 0, ed25519Key, ed448Key);
ed25519Key, ed448Key);
}
/* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */
int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
ecc_key* eccKey, WC_RNG* rng)
{
return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, NULL, 0,
NULL, NULL);
return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, NULL,
NULL);
}
#ifdef HAVE_NTRU
int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz,
const byte* ntruKey, word16 keySz, WC_RNG* rng)
{
return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, NULL,
ntruKey, keySz, NULL, NULL);
}
#endif /* HAVE_NTRU */
#ifdef WOLFSSL_CERT_REQ
#ifndef WOLFSSL_ASN_TEMPLATE
@ -23815,7 +23656,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
if (ret >= 0) {
/* Determine encode public key size. */
ret = publicKeySz = EncodePublicKey(cert->keyType, NULL, 0, rsaKey,
eccKey, ed25519Key, ed448Key, dsaKey, NULL, 0);
eccKey, ed25519Key, ed448Key, dsaKey);
}
if (ret >= 0) {
/* Determine encode extensions size. */
@ -23898,7 +23739,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
/* Encode public key into space in buffer. */
ret = EncodePublicKey(cert->keyType, (byte*)dataASN[3].data.buffer.data,
dataASN[3].data.buffer.length, rsaKey, eccKey, ed25519Key, ed448Key,
dsaKey, NULL, 0);
dsaKey);
}
if ((ret >= 0) && (!dataASN[13].noOut)) {
/* Encode extensions into space in buffer. */
@ -24086,7 +23927,6 @@ int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert)
/* Set KID from public key */
static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
byte *ntruKey, word16 ntruKeySz,
ed25519_key* ed25519Key, ed448_key* ed448Key,
int kid_type)
{
@ -24094,8 +23934,8 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
int bufferSz, ret;
if (cert == NULL ||
(rsakey == NULL && eckey == NULL && ntruKey == NULL &&
ed25519Key == NULL && ed448Key == NULL) ||
(rsakey == NULL && eckey == NULL && ed25519Key == NULL &&
ed448Key == NULL) ||
(kid_type != SKID_TYPE && kid_type != AKID_TYPE))
return BAD_FUNC_ARG;
@ -24116,18 +23956,6 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
if (eckey != NULL)
bufferSz = SetEccPublicKey(buf, eckey, MAX_PUBLIC_KEY_SZ, 0);
#endif
#ifdef HAVE_NTRU
/* NTRU public key */
if (ntruKey != NULL) {
bufferSz = MAX_PUBLIC_KEY_SZ;
ret = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(
ntruKeySz, ntruKey, (word16 *)(&bufferSz), buf);
if (ret != NTRU_OK)
bufferSz = -1;
}
#else
(void)ntruKeySz;
#endif
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
/* ED25519 public key */
if (ed25519Key != NULL) {
@ -24178,27 +24006,16 @@ int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
else if (keyType == ED448_TYPE)
ed448Key = (ed448_key*)key;
return SetKeyIdFromPublicKey(cert, rsaKey, eccKey, NULL, 0, ed25519Key,
ed448Key, SKID_TYPE);
return SetKeyIdFromPublicKey(cert, rsaKey, eccKey, ed25519Key, ed448Key,
SKID_TYPE);
}
/* Set SKID from RSA or ECC public key */
int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey)
{
return SetKeyIdFromPublicKey(cert, rsakey, eckey, NULL, 0, NULL, NULL,
SKID_TYPE);
return SetKeyIdFromPublicKey(cert, rsakey, eckey, NULL, NULL, SKID_TYPE);
}
#ifdef HAVE_NTRU
/* Set SKID from NTRU public key */
int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert,
byte *ntruKey, word16 ntruKeySz)
{
return SetKeyIdFromPublicKey(cert, NULL,NULL,ntruKey, ntruKeySz, NULL, NULL,
SKID_TYPE);
}
#endif
int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
{
RsaKey* rsaKey = NULL;
@ -24215,15 +24032,14 @@ int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
else if (keyType == ED448_TYPE)
ed448Key = (ed448_key*)key;
return SetKeyIdFromPublicKey(cert, rsaKey, eccKey, NULL, 0, ed25519Key,
ed448Key, AKID_TYPE);
return SetKeyIdFromPublicKey(cert, rsaKey, eccKey, ed25519Key, ed448Key,
AKID_TYPE);
}
/* Set SKID from RSA or ECC public key */
int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey)
{
return SetKeyIdFromPublicKey(cert, rsakey, eckey, NULL, 0, NULL, NULL,
AKID_TYPE);
return SetKeyIdFromPublicKey(cert, rsakey, eckey, NULL, NULL, AKID_TYPE);
}

3
wolfcrypt/src/error.c
View File

@ -194,9 +194,6 @@ const char* wc_GetErrorString(int error)
case ASN_DH_KEY_E :
return "ASN key init error, invalid input";
case ASN_NTRU_KEY_E :
return "ASN NTRU key decode error, invalid input";
case ASN_CRIT_EXT_E:
return "X.509 Critical extension ignored or invalid";

260
wolfcrypt/test/test.c
View File

@ -334,10 +334,6 @@ _Pragma("GCC diagnostic ignored \"-Wunused-function\"")
#include <wolfssl/certs_test.h>
#ifdef HAVE_NTRU
#include "libntruencrypt/ntru_crypto.h"
#endif
#ifdef DEVKITPRO
#include <wiiuse/wpad.h>
#endif
@ -1639,9 +1635,8 @@ WOLFSSL_TEST_SUBROUTINE int error_test(void)
int i;
int j = 0;
/* Values that are not or no longer error codes. */
int missing[] = { -122, -123, -124, -127, -128, -129,
-163, -164, -165, -166, -167, -168, -169,
-233,
int missing[] = { -122, -123, -124, -127, -128, -129, -159,
-163, -164, -165, -166, -167, -168, -169, -233,
0 };
/* Check that all errors have a string and it's the same through the two
@ -11945,35 +11940,6 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void)
return ret;
}
#ifdef HAVE_NTRU
byte GetEntropy(ENTROPY_CMD cmd, byte* out);
byte GetEntropy(ENTROPY_CMD cmd, byte* out)
{
static WC_RNG rng;
if (cmd == INIT)
return (wc_InitRng(&rng) == 0) ? 1 : 0;
if (out == NULL)
return 0;
if (cmd == GET_BYTE_OF_ENTROPY)
return (wc_RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
*out = 1;
return 1;
}
return 0;
}
#endif /* HAVE_NTRU */
#ifndef NO_FILESYSTEM
/* Cert Paths */
@ -12219,7 +12185,7 @@ static const CertName certDefaultName = {
WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] =
"digitalSignature,nonRepudiation";
#endif
#if (defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)) && !defined(NO_RSA)
#if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] =
"digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
#endif
@ -14831,196 +14797,6 @@ exit_rsa:
}
#endif
#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_NTRU)
static int rsa_ntru_test(RsaKey* caKey, WC_RNG* rng, byte* tmp)
{
int ret;
Cert myCert;
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
XFILE caFile;
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
XFILE ntruPrivFile;
#endif
int certSz;
word32 idx3 = 0;
#ifdef WOLFSSL_TEST_CERT
DecodedCert decode;
#endif
byte public_key[557]; /* sized for EES401EP2 */
word16 public_key_len; /* no. of octets in public key */
byte private_key[607]; /* sized for EES401EP2 */
word16 private_key_len; /* no. of octets in private key */
DRBG_HANDLE drbg;
static uint8_t const pers_str[] = {
'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
};
word32 rc = ntru_crypto_drbg_instantiate(112, pers_str,
sizeof(pers_str), GetEntropy, &drbg);
if (rc != DRBG_OK) {
ERROR_OUT(-7946, exit_rsa);
}
rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
&public_key_len, NULL,
&private_key_len, NULL);
if (rc != NTRU_OK) {
ERROR_OUT(-7947, exit_rsa);
}
rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
&public_key_len, public_key,
&private_key_len, private_key);
if (rc != NTRU_OK) {
ERROR_OUT(-7948, exit_rsa);
}
rc = ntru_crypto_drbg_uninstantiate(drbg);
if (rc != NTRU_OK) {
ERROR_OUT(-7949, exit_rsa);
}
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
bytes = sizeof_ca_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
bytes = sizeof_ca_key_der_2048;
#else
caFile = XFOPEN(rsaCaKeyFile, "rb");
if (!caFile) {
ERROR_OUT(-7950, exit_rsa);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, caFile);
XFCLOSE(caFile);
#endif /* USE_CERT_BUFFERS */
ret = wc_InitRsaKey(caKey, HEAP_HINT);
if (ret != 0) {
ERROR_OUT(-7951, exit_rsa);
}
ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes);
if (ret != 0) {
ERROR_OUT(-7952, exit_rsa);
}
if (wc_InitCert_ex(&myCert, HEAP_HINT, devId)) {
ERROR_OUT(-7953, exit_rsa);
}
XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName));
myCert.daysValid = 1000;
#ifdef WOLFSSL_CERT_EXT
/* add SKID from the Public Key */
if (wc_SetSubjectKeyIdFromNtruPublicKey(&myCert, public_key,
public_key_len) != 0) {
ERROR_OUT(-7954, exit_rsa);
}
/* add AKID from the CA certificate */
#if defined(USE_CERT_BUFFERS_2048)
ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_2048,
sizeof_ca_cert_der_2048);
#elif defined(USE_CERT_BUFFERS_1024)
ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_1024,
sizeof_ca_cert_der_1024);
#else
ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile);
#endif
if (ret != 0) {
ERROR_OUT(-7955, exit_rsa);
}
/* add Key Usage */
if (wc_SetKeyUsage(&myCert, certKeyUsage2) != 0) {
ERROR_OUT(-7956, exit_rsa);
}
#endif /* WOLFSSL_CERT_EXT */
#if defined(USE_CERT_BUFFERS_2048)
ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_2048,
sizeof_ca_cert_der_2048);
#elif defined(USE_CERT_BUFFERS_1024)
ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_1024,
sizeof_ca_cert_der_1024);
#else
ret = wc_SetIssuer(&myCert, rsaCaCertFile);
#endif
if (ret < 0) {
ERROR_OUT(-7957, exit_rsa);
}
der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ERROR_OUT(-7958, exit_rsa);
}
certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key,
public_key_len, rng);
if (certSz < 0) {
ERROR_OUT(-7959, exit_rsa);
}
ret = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &caKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0) {
ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, FOURK_BUF,
caKey, NULL, rng);
}
} while (ret == WC_PENDING_E);
wc_FreeRsaKey(caKey);
if (ret < 0) {
ERROR_OUT(-7960, exit_rsa);
}
certSz = ret;
#ifdef WOLFSSL_TEST_CERT
InitDecodedCert(&decode, der, certSz, HEAP_HINT);
ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) {
FreeDecodedCert(&decode);
ERROR_OUT(-7961, exit_rsa);
}
FreeDecodedCert(&decode);
#endif
ret = SaveDerAndPem(der, certSz, "./ntru-cert.der", "./ntru-cert.pem",
CERT_TYPE, -5637);
if (ret != 0) {
goto exit_rsa;
}
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
ntruPrivFile = XFOPEN("./ntru-key.raw", "wb");
if (!ntruPrivFile) {
ERROR_OUT(-7962, exit_rsa);
}
ret = (int)XFWRITE(private_key, 1, private_key_len, ntruPrivFile);
XFCLOSE(ntruPrivFile);
if (ret != private_key_len) {
ERROR_OUT(-7963, exit_rsa);
}
#endif
exit_rsa:
if (der != NULL) {
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
der = NULL;
}
if (ret >= 0)
ret = 0;
else
return ret;
}
#endif
#ifndef WOLFSSL_RSA_VERIFY_ONLY
#if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
!defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
@ -15388,13 +15164,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
#else
RsaKey keypub[1];
#endif
#endif
#if defined(HAVE_NTRU)
#ifdef WOLFSSL_SMALL_STACK
RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
RsaKey caKey[1];
#endif
#endif
word32 idx = 0;
const char inStr[] = TEST_STRING;
@ -15445,10 +15214,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
if (keypub == NULL)
ERROR_OUT(MEMORY_E, exit_rsa);
#endif
#if defined(HAVE_NTRU)
if (caKey == NULL)
ERROR_OUT(MEMORY_E, exit_rsa);
#endif
#ifdef WOLFSSL_TEST_CERT
if (cert == NULL)
ERROR_OUT(MEMORY_E, exit_rsa);
@ -15461,9 +15226,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
XMEMSET(keypub, 0, sizeof *keypub);
#endif
#if defined(HAVE_NTRU)
XMEMSET(caKey, 0, sizeof *caKey);
#endif
#if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
ret = rsa_decode_test(key);
@ -15881,13 +15643,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
goto exit_rsa;
#endif
#ifdef HAVE_NTRU
ret = rsa_ntru_test(caKey, &rng, tmp);
if (ret != 0)
goto exit_rsa;
#endif /* HAVE_NTRU */
#ifdef WOLFSSL_CERT_REQ
{
Cert *req;
@ -16024,12 +15779,6 @@ exit_rsa:
XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#if defined(HAVE_NTRU)
if (caKey != NULL) {
wc_FreeRsaKey(caKey);
XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#ifdef WOLFSSL_TEST_CERT
if (cert != NULL)
XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@ -16039,9 +15788,6 @@ exit_rsa:
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
wc_FreeRsaKey(keypub);
#endif
#if defined(HAVE_NTRU)
wc_FreeRsaKey(caKey);
#endif
#endif /* WOLFSSL_SMALL_STACK */
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);

65
wolfssl-ntru.sln
View File

@ -1,65 +0,0 @@

Microsoft Visual Studio Solution File, Format Version 10.00
# Visual C++ Express 2008
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "wolfssl-ntru.vcproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testsuite", "testsuite\testsuite-ntru.vcproj", "{611E8971-46E0-4D0A-B5A1-632C3B00CB80}"
ProjectSection(ProjectDependencies) = postProject
{73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "echoserver", "examples\echoserver\echoserver-ntru.vcproj", "{07D97C48-E08F-4E34-9F67-3064039FF2CB}"
ProjectSection(ProjectDependencies) = postProject
{73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "echoclient", "examples\echoclient\echoclient-ntru.vcproj", "{8362A816-C5DC-4E22-B5C5-9E6806387073}"
ProjectSection(ProjectDependencies) = postProject
{73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "client", "examples\client\client-ntru.vcproj", "{3ADE9549-582D-4D8E-9826-B172197A7959}"
ProjectSection(ProjectDependencies) = postProject
{73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "server", "examples\server\server-ntru.vcproj", "{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}"
ProjectSection(ProjectDependencies) = postProject
{73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B}
EndProjectSection
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
Release|Win32 = Release|Win32
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.ActiveCfg = Debug|Win32
{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32
{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32
{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32
{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.ActiveCfg = Debug|Win32
{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.Build.0 = Debug|Win32
{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.ActiveCfg = Release|Win32
{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.Build.0 = Release|Win32
{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.ActiveCfg = Debug|Win32
{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.Build.0 = Debug|Win32
{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.ActiveCfg = Release|Win32
{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.Build.0 = Release|Win32
{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.ActiveCfg = Debug|Win32
{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.Build.0 = Debug|Win32
{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.ActiveCfg = Release|Win32
{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.Build.0 = Release|Win32
{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.ActiveCfg = Debug|Win32
{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.Build.0 = Debug|Win32
{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.ActiveCfg = Release|Win32
{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

353
wolfssl-ntru.vcproj
View File

@ -1,353 +0,0 @@
<?xml version="1.0" encoding="Windows-1252"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Name="wolfssl"
ProjectGUID="{73973223-5EE8-41CA-8E88-1D60E89A237B}"
RootNamespace="wolfssl"
Keyword="Win32Proj"
TargetFrameworkVersion="196613"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="4"
CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="./;NTRU/include"
PreprocessorDefinitions="OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;HAVE_NTRU;NO_PSK;WIN32"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="4"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLibrarianTool"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
IntermediateDirectory="$(ConfigurationName)"
ConfigurationType="4"
CharacterSet="1"
WholeProgramOptimization="1"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="2"
EnableIntrinsicFunctions="true"
AdditionalIncludeDirectories="./;NTRU/include"
PreprocessorDefinitions="OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;HAVE_NTRU;NO_PSK;WIN32"
RuntimeLibrary="2"
EnableFunctionLevelLinking="true"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLibrarianTool"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath=".\wolfcrypt\src\aes.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\arc4.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\asm.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\asn.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\blake2b.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\camellia.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\coding.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\chacha.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\chacha20_poly1305.c"
>
</File>
<File
RelativePath=".\src\crl.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\des3.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\dh.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\dsa.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\ecc.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\error.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\hash.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\hc128.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\hmac.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\integer.c"
>
</File>
<File
RelativePath=".\src\internal.c"
>
</File>
<File
RelativePath=".\src\wolfio.c"
>
</File>
<File
RelativePath=".\src\keys.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\logging.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\md4.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\md5.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\memory.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\misc.c"
>
</File>
<File
RelativePath=".\src\ocsp.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\pkcs7.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\poly1305.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\wc_port.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\wolfmath.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\pwdbased.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\rabbit.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\random.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\rc2.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\ripemd.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\rsa.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\sha.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\sha256.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\sha512.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\signature.c"
>
</File>
<File
RelativePath=".\src\ssl.c"
>
</File>
<File
RelativePath=".\src\tls.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\wc_encrypt.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\wolfevent.c"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
</Filter>
<Filter
Name="Resource Files"
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>

4
wolfssl/error-ssl.h
View File

@ -75,10 +75,6 @@ enum wolfSSL_ErrorCodes {
ZERO_RETURN = -343, /* peer sent close notify */
SIDE_ERROR = -344, /* wrong client/server type */
NO_PEER_CERT = -345, /* peer didn't send key */
NTRU_KEY_ERROR = -346, /* NTRU key error */
NTRU_DRBG_ERROR = -347, /* NTRU drbg error */
NTRU_ENCRYPT_ERROR = -348, /* NTRU encrypt error */
NTRU_DECRYPT_ERROR = -349, /* NTRU decrypt error */
ECC_CURVETYPE_ERROR = -350, /* Bad ECC Curve Type */
ECC_CURVE_ERROR = -351, /* Bad ECC Curve */
ECC_PEERKEY_ERROR = -352, /* Bad Peer ECC Key */

110
wolfssl/internal.h
View File

@ -288,11 +288,6 @@
#error "You are trying to build max strength with requirements disabled."
#endif
/* Have QSH : Quantum-safe Handshake */
#if defined(HAVE_QSH)
#define BUILD_TLS_QSH
#endif
#ifndef WOLFSSL_NO_TLS12
#ifndef WOLFSSL_MAX_STRENGTH
@ -312,10 +307,6 @@
#define BUILD_SSL_RSA_WITH_RC4_128_MD5
#endif
#endif
#if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
&& defined(WOLFSSL_STATIC_RSA)
#define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
#endif
#endif
#if !defined(NO_RSA) && !defined(NO_DES3)
@ -323,10 +314,6 @@
#if defined(WOLFSSL_STATIC_RSA)
#define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#if !defined(NO_TLS) && defined(HAVE_NTRU) \
&& defined(WOLFSSL_STATIC_RSA)
#define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#endif
#endif
@ -347,14 +334,6 @@
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
#endif
#endif
#if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
#ifdef WOLFSSL_AES_128
#define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
#endif
#ifdef WOLFSSL_AES_256
#define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
#endif
#endif
#endif
#if defined(WOLFSSL_STATIC_RSA)
#if !defined (NO_SHA256) && defined(HAVE_AES_CBC)
@ -1042,16 +1021,6 @@ enum {
TLS_RSA_WITH_RABBIT_SHA = 0xFD,
WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */
/* wolfSSL extension - NTRU */
TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
/* wolfSSL extension - NTRU , Quantum-safe Handshake
first byte is 0xD0 (QSH_BYTE) */
TLS_QSH = 0x01,
/* SHA256 */
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
@ -1236,7 +1205,6 @@ enum {
enum Misc {
CIPHER_BYTE = 0x00, /* Default ciphers */
ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */
@ -1512,9 +1480,6 @@ enum Misc {
#endif
CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
MAX_NTRU_BITS = 256, /* max symmetric bit strength */
NO_SNIFF = 0, /* not sniffing */
SNIFF = 1, /* currently sniffing */
@ -1645,13 +1610,7 @@ enum Misc {
#endif
#endif
/* don't use extra 3/4k stack space unless need to */
#ifdef HAVE_NTRU
#define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
#else
#define MAX_ENCRYPT_SZ ENCRYPT_LEN
#endif
#define MAX_ENCRYPT_SZ ENCRYPT_LEN
/* states */
@ -1913,7 +1872,7 @@ WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
int haveRSAsig, int haveAnon,
int tls1_2, int keySz);
WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16,
word16, word16, word16, word16, word16, word16, int);
word16, word16, word16, word16, word16, int);
WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
WOLFSSL_LOCAL int SetSuitesHashSigAlgo(Suites*, const char* list);
@ -2280,7 +2239,6 @@ typedef enum {
TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */
#endif
TLSX_EXTENDED_MASTER_SECRET = 0x0017, /* HELLO_EXT_EXTMS */
TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
TLSX_SESSION_TICKET = 0x0023,
#ifdef WOLFSSL_TLS13
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@ -2349,7 +2307,6 @@ WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_QSH) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
@ -2591,48 +2548,6 @@ WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
#endif /* HAVE_SESSION_TICKET */
/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
#ifdef HAVE_QSH
typedef struct QSHScheme {
struct QSHScheme* next; /* List Behavior */
byte* PK;
word16 name; /* QSHScheme Names */
word16 PKLen;
} QSHScheme;
typedef struct QSHkey {
struct QSHKey* next;
word16 name;
buffer pub;
buffer pri;
} QSHKey;
typedef struct QSHSecret {
QSHScheme* list;
buffer* SerSi;
buffer* CliSi;
} QSHSecret;
/* used in key exchange during handshake */
WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
word16 length, byte isServer);
WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
/* used by api for setting a specific QSH scheme */
WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
byte* pKey, word16 pKeySz, void* heap);
/* used when parsing in QSHCipher structs */
WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
byte* out, word16* szOut);
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
#endif
#endif /* HAVE_QSH */
#ifdef WOLFSSL_TLS13
/* Cookie extension information - cookie data. */
typedef struct Cookie {
@ -2848,7 +2763,6 @@ struct WOLFSSL_CTX {
byte haveRSA:1; /* RSA available */
byte haveECC:1; /* ECC available */
byte haveDH:1; /* server DH parms set by user */
byte haveNTRU:1; /* server private NTRU key loaded */
byte haveECDSAsig:1; /* server cert signed w/ ECDSA */
byte haveStaticECC:1; /* static server ECC private key */
byte partialWrite:1; /* only one msg per write call */
@ -3172,7 +3086,6 @@ enum KeyExchangeAlgorithm {
psk_kea,
dhe_psk_kea,
ecdhe_psk_kea,
ntru_kea,
ecc_diffie_hellman_kea,
ecc_static_diffie_hellman_kea /* for verify suite only */
};
@ -3636,8 +3549,6 @@ typedef struct Options {
word16 haveRSA:1; /* RSA available */
word16 haveECC:1; /* ECC available */
word16 haveDH:1; /* server DH parms set by user */
word16 haveNTRU:1; /* server NTRU private key loaded */
word16 haveQSH:1; /* have QSH ability */
word16 haveECDSAsig:1; /* server ECDSA signed cert */
word16 haveStaticECC:1; /* static server ECC private key */
word16 havePeerCert:1; /* do we have peer's cert */
@ -4262,18 +4173,6 @@ struct WOLFSSL {
#endif
byte peerRsaKeyPresent;
#endif
#ifdef HAVE_QSH
QSHKey* QSH_Key;
QSHKey* peerQSHKey;
QSHSecret* QSH_secret;
byte isQSH; /* is the handshake a QSH? */
byte sendQSHKeys; /* flag for if the client should sen
public keys */
byte peerQSHKeyPresent;
byte minRequest;
byte maxRequest;
byte user_set_QSHSchemes;
#endif
#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
word16 namedGroup;
#endif
@ -4287,11 +4186,6 @@ struct WOLFSSL {
byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to
* offer */
#endif
#ifdef HAVE_NTRU
word16 peerNtruKeyLen;
byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
byte peerNtruKeyPresent;
#endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
int eccVerifyRes;
#endif

34
wolfssl/ssl.h
View File

@ -366,7 +366,7 @@ struct WOLFSSL_EVP_PKEY {
#endif
union {
char* ptr; /* der format of key / or raw for NTRU */
char* ptr; /* der format of key */
} pkey;
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
#ifndef NO_RSA
@ -968,12 +968,6 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX*,
const char*, int);
#endif
#ifdef HAVE_NTRU
WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*);
/* load NTRU private key blob */
#endif
#endif /* !NO_FILESYSTEM && !NO_CERTS */
WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
@ -2192,7 +2186,6 @@ WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
#define SSL_FILETYPE_ASN1 WOLFSSL_FILETYPE_ASN1
#define SSL_FILETYPE_PEM WOLFSSL_FILETYPE_PEM
#define SSL_FILETYPE_DEFAULT WOLFSSL_FILETYPE_DEFAULT
#define SSL_FILETYPE_RAW WOLFSSL_FILETYPE_RAW
#define SSL_VERIFY_NONE WOLFSSL_VERIFY_NONE
#define SSL_VERIFY_PEER WOLFSSL_VERIFY_PEER
@ -2263,7 +2256,6 @@ enum { /* ssl Constants */
WOLFSSL_FILETYPE_ASN1 = 2,
WOLFSSL_FILETYPE_PEM = 1,
WOLFSSL_FILETYPE_DEFAULT = 2, /* ASN1 */
WOLFSSL_FILETYPE_RAW = 3, /* NTRU raw key blob */
WOLFSSL_VERIFY_NONE = 0,
WOLFSSL_VERIFY_PEER = 1 << 0,
@ -3668,30 +3660,6 @@ WOLFSSL_API int wolfSSL_CTX_set_num_tickets(WOLFSSL_CTX* ctx, size_t mxTickets);
#endif /* HAVE_SESSION_TICKET */
#ifdef HAVE_QSH
/* Quantum-safe Crypto Schemes */
enum {
WOLFSSL_NTRU_EESS439 = 0x0101, /* max plaintext length of 65 */
WOLFSSL_NTRU_EESS593 = 0x0102, /* max plaintext length of 86 */
WOLFSSL_NTRU_EESS743 = 0x0103, /* max plaintext length of 106 */
WOLFSSL_LWE_XXX = 0x0201, /* Learning With Error encryption scheme */
WOLFSSL_HFE_XXX = 0x0301, /* Hidden Field Equation scheme */
WOLFSSL_NULL_QSH = 0xFFFF /* QSHScheme is not used */
};
/* test if the connection is using a QSH secure connection return 1 if so */
WOLFSSL_API int wolfSSL_isQSH(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name);
#ifndef NO_WOLFSSL_CLIENT
/* user control over sending client public key in hello
when flag = 1 will send keys if flag is 0 or function is not called
then will not send keys in the hello extension */
WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag);
#endif
#endif /* QSH */
/* TLS Extended Master Secret Extension */
WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx);

11
wolfssl/test.h
View File

@ -343,8 +343,6 @@
#define cliCertFileExt "certs/client-cert-ext.pem"
#define cliCertDerFileExt "certs/client-cert-ext.der"
#define cliKeyFile "certs/client-key.pem"
#define ntruCertFile "certs/ntru-cert.pem"
#define ntruKeyFile "certs/ntru-key.raw"
#define dhParamFile "certs/dh2048.pem"
#define cliEccKeyFile "certs/ecc-client-key.pem"
#define cliEccCertFile "certs/client-ecc-cert.pem"
@ -377,8 +375,6 @@
#define cliCertFileExt "./certs/client-cert-ext.pem"
#define cliCertDerFileExt "./certs/client-cert-ext.der"
#define cliKeyFile "./certs/client-key.pem"
#define ntruCertFile "./certs/ntru-cert.pem"
#define ntruKeyFile "./certs/ntru-key.raw"
#define dhParamFile "./certs/dh2048.pem"
#define cliEccKeyFile "./certs/ecc-client-key.pem"
#define cliEccCertFile "./certs/client-ecc-cert.pem"
@ -983,12 +979,7 @@ static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index)
printf("%s %s\n", words[0], wolfSSL_get_version(ssl));
cipher = wolfSSL_get_current_cipher(ssl);
#ifdef HAVE_QSH
printf("%s %s%s\n", words[1], (wolfSSL_isQSH(ssl))? "QSH:": "",
wolfSSL_CIPHER_get_name(cipher));
#else
printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher));
#endif
#ifdef OPENSSL_EXTRA
if (wolfSSL_get_signature_nid(ssl, &nid) == WOLFSSL_SUCCESS) {
printf("%s %s\n", words[2], OBJ_nid2sn(nid));
@ -2753,7 +2744,7 @@ static WC_INLINE void CaCb(unsigned char* der, int sz, int type)
int depth, res;
XFILE keyFile;
for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
keyFile = XFOPEN(ntruKeyFile, "rb");
keyFile = XFOPEN(dhParamFile, "rb");
if (keyFile != NULL) {
fclose(keyFile);
return depth;

7
wolfssl/wolfcrypt/asn.h
View File

@ -820,8 +820,6 @@ enum Misc_ASN {
MAX_DSA_PRIVKEY_SZ = (DSA_INTS * MAX_DSA_INT_SZ) + MAX_SEQ_SZ +
MAX_VERSION_SZ, /* Maximum size of a DSA Private
key taken from DsaKeyIntsToDer. */
MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
@ -864,8 +862,7 @@ enum Misc_ASN {
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
EIGHTK_BUF = 8192, /* Tmp buffer size */
MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
/* use bigger NTRU size */
MAX_PUBLIC_KEY_SZ = MAX_DSA_PUBKEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
#ifdef WOLFSSL_ENCRYPTED_KEYS
HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */
#else
@ -971,7 +968,6 @@ enum Block_Sum {
enum Key_Sum {
DSAk = 515,
RSAk = 645,
NTRUk = 274,
ECDSAk = 518,
ED25519k = 256, /* 1.3.101.112 */
X25519k = 254, /* 1.3.101.110 */
@ -1880,7 +1876,6 @@ enum cert_enums {
EMAIL_JOINT_LEN = 9,
PILOT_JOINT_LEN = 10,
RSA_KEY = 10,
NTRU_KEY = 11,
ECC_KEY = 12,
ED25519_KEY = 13,
ED448_KEY = 14,

12
wolfssl/wolfcrypt/asn_public.h
View File

@ -437,11 +437,6 @@ WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert);
WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz);
WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz);
#ifdef HAVE_NTRU
WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,
word16 ntruKeySz);
#endif
/* Set the KeyUsage.
* Value is a string separated tokens with ','. Accepted tokens are :
* digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign,
@ -466,13 +461,6 @@ WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz,
byte idx, void* heap);
#endif /* WOLFSSL_EKU_OID */
#endif /* WOLFSSL_CERT_EXT */
#ifdef HAVE_NTRU
WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
const byte* ntruKey, word16 keySz,
WC_RNG*);
#endif
#endif /* WOLFSSL_CERT_GEN */
WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz,

1
wolfssl/wolfcrypt/error-crypt.h
View File

@ -103,7 +103,6 @@ enum {
ASN_SIG_HASH_E = -156, /* ASN sig error, unsupported hash type */
ASN_SIG_KEY_E = -157, /* ASN sig error, unsupported key type */
ASN_DH_KEY_E = -158, /* ASN key init error, invalid input */
ASN_NTRU_KEY_E = -159, /* ASN ntru key decode error, invalid input */
ASN_CRIT_EXT_E = -160, /* ASN unsupported critical extension */
ASN_ALT_NAME_E = -161, /* ASN alternate name error */
ASN_NO_PEM_HEADER = -162, /* ASN no PEM header found */

1
wolfssl/wolfcrypt/types.h
View File

@ -814,7 +814,6 @@ decouple library dependencies with standard string, memory and so on.
DYNAMIC_TYPE_SEED = 83,
DYNAMIC_TYPE_SYMMETRIC_KEY= 84,
DYNAMIC_TYPE_ECC_BUFFER = 85,
DYNAMIC_TYPE_QSH = 86,
DYNAMIC_TYPE_SALT = 87,
DYNAMIC_TYPE_HASH_TMP = 88,
DYNAMIC_TYPE_BLOB = 89,