WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

uses most recent version of cyassl

pull/1/head
JacobBarthelmeh 2014-07-10 11:18:49 -06:00
parent 0a2a56db57
commit c322cb05ad
66 changed files with 5270 additions and 2254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/ca-cert.der 100644
View File

Binary file not shown.

6
certs/include.am
View File

@ -26,13 +26,15 @@ EXTRA_DIST += \
EXTRA_DIST += \
certs/ca-key.der \
certs/ca-cert.der \
certs/client-cert.der \
certs/client-key.der \
certs/dh2048.der \
certs/rsa2048.der \
certs/dsa2048.der \
certs/ecc-key.der
certs/ecc-key.der \
certs/server-key.der \
certs/server-cert.der
dist_doc_DATA+= certs/taoCert.txt

BIN
certs/server-cert.der 100644
View File

Binary file not shown.

BIN
certs/server-key.der 100644
View File

Binary file not shown.

10
certs/taoCert.txt
View File

@ -1,11 +1,11 @@
***** Create a self signed cert ************
1) openssl genrsa 512 > client-key.pem
1) openssl genrsa 1024 > client-key.pem
2) openssl req -new -x509 -nodes -md5 -days 1000 -key client-key.pem > client-cert.pem
2) openssl req -new -x509 -nodes -sha1 -days 1000 -key client-key.pem > client-cert.pem
3) note sha1 would be -sha1
3) note md5 would be -md5
-- adding metadata to beginning
@ -21,13 +21,13 @@ same as self signed, use ca prefix instead of client
***** Create a cert signed by CA **************
1) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem
1) openssl req -newkey rsa:1024 -sha1 -days 1000 -nodes -keyout server-key.pem > server-req.pem
* note if using exisitng key do: -new -key keyName
2) copy ca-key.pem ca-cert.srl (why ????)
3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
3) openssl x509 -req -in server-req.pem -days 1000 -sha1 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
***** Adding Subject Key ID and Authentication Key ID extensions to a cert *****

56
certs/test/expired-ca.pem 100644
View File

@ -0,0 +1,56 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8a:37:22:65:73:f5:aa:e8
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jun 30 18:47:10 2010 GMT
Not After : Mar 26 18:47:10 2013 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
aa:56:23:03:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
X509v3 Authority Key Identifier:
keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
serial:8A:37:22:65:73:F5:AA:E8
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
f4:b0:34:6d:d1:d5:a4:64:24:f8
-----BEGIN CERTIFICATE-----
MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
u07s6lX6pOMAYfSwNG3R1aRkJPg=
-----END CERTIFICATE-----

39
certs/test/expired-cert.pem 100644
View File

@ -0,0 +1,39 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jun 30 18:52:17 2010 GMT
Not After : Mar 26 18:52:17 2013 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
7e:16:77:e2:a7
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
9b:0b:e0:74:58:11:c5:01:7b:4d
-----BEGIN CERTIFICATE-----
MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
4HRYEcUBe00=
-----END CERTIFICATE-----

9
certs/test/expired-key.pem 100644
View File

@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
-----END RSA PRIVATE KEY-----

70
configure.ac
View File

@ -6,7 +6,7 @@
#
#
AC_INIT([cyassl],[3.0.0],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com])
AC_INIT([cyassl],[3.0.3],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])
@ -81,6 +81,7 @@ AC_CHECK_HEADERS([errno.h])
AC_CHECK_LIB(network,socket)
AC_CHECK_SIZEOF(long long, 8)
AC_CHECK_SIZEOF(long, 4)
AC_CHECK_TYPES(__uint128_t)
AC_C_BIGENDIAN
# mktime check takes forever on some systems, if time supported it would be
# highly unusual for mktime to be missing
@ -390,7 +391,10 @@ then
then
# GCC needs these flags, icc doesn't
# opt levels greater than 2 may cause problems on systems w/o aesni
AM_CFLAGS="$AM_CFLAGS -maes -msse4"
if test "$CC" != "icc"
then
AM_CFLAGS="$AM_CFLAGS -maes -msse4"
fi
fi
fi
@ -783,9 +787,9 @@ AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"])
# DH
AC_ARG_ENABLE([dh],
[ --enable-dh Enable DH (default: enabled)],
[ --enable-dh Enable DH (default: disabled)],
[ ENABLED_DH=$enableval ],
[ ENABLED_DH=yes ]
[ ENABLED_DH=no ]
)
if test "$ENABLED_DH" = "no"
@ -1235,21 +1239,44 @@ AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
# NTRU
ntruHome=`pwd`/NTRU_algorithm
ntruInclude=$ntruHome/cryptolib
ntruLib=$ntruHome
AC_ARG_ENABLE([ntru],
[ --enable-ntru Enable NTRU (default: disabled)],
[ ENABLED_NTRU=$enableval ],
[ ENABLED_NTRU=no ]
)
ENABLED_NTRU="no"
tryntrudir=""
AC_ARG_WITH([ntru],
[ --with-ntru=PATH Path to NTRU install (default /usr/) ],
[
AC_MSG_CHECKING([for NTRU])
CPPFLAGS="$CPPFLAGS -DHAVE_NTRU"
LIBS="$LIBS -lNTRUEncrypt"
if test "$ENABLED_NTRU" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -I$ntruInclude"
AM_LDFLAGS="$AM_LDFLAGS -L$ntruLib"
LIBS="$LIBS -lntru_encrypt"
fi
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" == "xno" ; then
if test "x$withval" != "xno" ; then
tryntrudir=$withval
fi
if test "x$withval" == "xyes" ; then
tryntrudir="/usr"
fi
LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" == "xno" ; then
AC_MSG_ERROR([NTRU isn't found.
If it's already installed, specify its path using --with-ntru=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU"
ENABLED_NTRU="yes"
]
)
AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
@ -1665,6 +1692,13 @@ then
fi
fi
# ICC command line warning for non supported warning flags
if test "$CC" = "icc"
then
AM_CFLAGS="$AM_CFLAGS -wd10006"
fi
LIB_SOCKET_NSL
AX_HARDEN_CC_COMPILER_FLAGS

137
ctaocrypt/benchmark/benchmark.c
View File

@ -53,6 +53,9 @@
#include "cavium_common.h"
#include "cavium_ioctl.h"
#endif
#ifdef HAVE_NTRU
#include "ntru_crypto.h"
#endif
#if defined(CYASSL_MDK_ARM)
extern FILE * CyaSSL_fopen(const char *fname, const char *mode) ;
@ -105,6 +108,9 @@ void bench_dh(void);
void bench_eccKeyGen(void);
void bench_eccKeyAgree(void);
#endif
#ifdef HAVE_NTRU
void bench_ntruKeyGen(void);
#endif
double current_time(int);
@ -132,6 +138,9 @@ static int OpenNitroxDevice(int dma_mode,int dev_id)
#endif
#if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND)
CYASSL_API int CyaSSL_Debugging_ON();
#endif
/* so embedded projects can pull in tests on their own */
#if !defined(NO_MAIN_DRIVER)
@ -146,6 +155,10 @@ int benchmark_test(void *args)
{
#endif
#if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND)
CyaSSL_Debugging_ON();
#endif
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0) {
@ -225,6 +238,10 @@ int benchmark_test(void *args)
bench_rsaKeyGen();
#endif
#ifdef HAVE_NTRU
bench_ntruKeyGen();
#endif
#ifdef HAVE_ECC
bench_eccKeyGen();
bench_eccKeyAgree();
@ -850,15 +867,14 @@ static RNG rng;
#ifndef NO_RSA
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
defined(CYASSL_MDK_SHELL)
static char *certRSAname = "certs/rsa2048.der" ;
static void set_Bench_RSA_File(char * cert) { certRSAname = cert ; }
/* set by shell command */
#elif defined(CYASSL_MDK_SHELL)
/* nothing */
#else
static const char *certRSAname = "certs/rsa2048.der" ;
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
#if defined(CYASSL_MDK_SHELL)
static char *certRSAname = "certs/rsa2048.der";
/* set by shell command */
static void set_Bench_RSA_File(char * cert) { certRSAname = cert ; }
#else
static const char *certRSAname = "certs/rsa2048.der";
#endif
#endif
void bench_rsa(void)
@ -955,20 +971,22 @@ void bench_rsa(void)
#ifndef NO_DH
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
defined(CYASSL_MDK_SHELL)
static char *certDHname = "certs/dh2048.der" ;
void set_Bench_DH_File(char * cert) { certDHname = cert ; }
/* set by shell command */
#elif defined(CYASSL_MDK_SHELL)
/* nothing */
#else
static const char *certDHname = "certs/dh2048.der" ;
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
#if defined(CYASSL_MDK_SHELL)
static char *certDHname = "certs/dh2048.der";
/* set by shell command */
void set_Bench_DH_File(char * cert) { certDHname = cert ; }
#else
static const char *certDHname = "certs/dh2048.der";
#endif
#endif
void bench_dh(void)
{
int i, ret;
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
int ret;
#endif
int i ;
byte tmp[1024];
size_t bytes;
word32 idx = 0, pubSz, privSz = 0, pubSz2, privSz2, agreeSz;
@ -1089,6 +1107,74 @@ void bench_rsaKeyGen(void)
" iterations\n", milliEach, genTimes);
}
#endif /* CYASSL_KEY_GEN */
#ifdef HAVE_NTRU
byte GetEntropy(ENTROPY_CMD cmd, byte* out);
byte GetEntropy(ENTROPY_CMD cmd, byte* out)
{
if (cmd == INIT)
return (InitRng(&rng) == 0) ? 1 : 0;
if (out == NULL)
return 0;
if (cmd == GET_BYTE_OF_ENTROPY)
return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
*out = 1;
return 1;
}
return 0;
}
void bench_ntruKeyGen(void)
{
double start, total, each, milliEach;
int i;
byte public_key[5951]; /* 2048 key equivalent to rsa */
word16 public_key_len;
byte private_key[5951];
word16 private_key_len = sizeof(private_key);
DRBG_HANDLE drbg;
static uint8_t const pers_str[] = {
'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
};
word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), GetEntropy, &drbg);
if(rc != DRBG_OK) {
printf("NTRU drbg instantiate failed\n");
return;
}
start = current_time(1);
for(i = 0; i < genTimes; i++) {
ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
public_key, &private_key_len, private_key);
}
total = current_time(0) - start;
rc = ntru_crypto_drbg_uninstantiate(drbg);
if (rc != NTRU_OK) {
printf("NTRU drbg uninstantiate failed\n");
return;
}
each = total / genTimes;
milliEach = each * 1000;
printf("\n");
printf("NTRU 112 key generation %6.3f milliseconds, avg over %d"
" iterations\n", milliEach, genTimes);
}
#endif
#ifdef HAVE_ECC
void bench_eccKeyGen(void)
@ -1211,7 +1297,6 @@ void bench_eccKeyAgree(void)
}
#endif /* HAVE_ECC */
#ifdef _WIN32
#define WIN32_LEAN_AND_MEAN
@ -1238,10 +1323,10 @@ void bench_eccKeyAgree(void)
#elif defined MICROCHIP_PIC32
#if defined(CYASSL_MICROCHIP_PIC32MZ)
#define CLOCK 8000000.0
#define CLOCK 80000000.0
#else
#include <peripheral/timer.h>
#define CLOCK 4000000.0
#define CLOCK 40000000.0
#endif
double current_time(int reset)
@ -1259,10 +1344,10 @@ void bench_eccKeyAgree(void)
return ( ns / CLOCK * 2.0);
}
#elif defined CYASSL_MDK_ARM
extern double current_time(int reset) ;
#elif defined(CYASSL_IAR_ARM) || defined (CYASSL_MDK_ARM)
#warning "Write your current_time()"
double current_time(int reset) { return 0.0 ; }
#elif defined FREERTOS
double current_time(int reset)

52
ctaocrypt/src/aes.c
View File

@ -804,6 +804,11 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
iv = (byte*)aes->reg;
enc_key = (byte*)aes->key;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad cau_aes_encrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
@ -836,6 +841,11 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
iv = (byte*)aes->reg;
dec_key = (byte*)aes->key;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad cau_aes_decrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
@ -1541,31 +1551,34 @@ static const word32 Td[5][256] = {
#ifdef CYASSL_AESNI
/* Each platform needs to query info type 1 from cpuid to see if aesni is
* supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
*/
#ifndef _MSC_VER
#define cpuid(func,ax,bx,cx,dx)\
#define cpuid(reg, func)\
__asm__ __volatile__ ("cpuid":\
"=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func));
"=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
"a" (func));
#define XASM_LINK(f) asm(f)
#else
#define cpuid(func,ax,bx,cx,dx)\
__asm mov eax, func \
__asm cpuid \
__asm mov ax, eax \
__asm mov bx, ebx \
__asm mov cx, ecx \
__asm mov dx, edx
#include <intrin.h>
#define cpuid(a,b) __cpuid((int*)a,b)
#define XASM_LINK(f)
#endif /* _MSC_VER */
static int Check_CPU_support_AES(void)
{
unsigned int a,b,c,d;
cpuid(1,a,b,c,d);
unsigned int reg[4]; /* put a,b,c,d into 0,1,2,3 */
cpuid(reg, 1); /* query info 1 */
if (c & 0x2000000)
if (reg[2] & 0x2000000)
return 1;
return 0;
@ -1580,34 +1593,34 @@ static int haveAESNI = 0;
void AES_CBC_encrypt(const unsigned char* in, unsigned char* out,
unsigned char* ivec, unsigned long length,
const unsigned char* KS, int nr)
asm ("AES_CBC_encrypt");
XASM_LINK("AES_CBC_encrypt");
void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
unsigned char* ivec, unsigned long length,
const unsigned char* KS, int nr)
asm ("AES_CBC_decrypt");
XASM_LINK("AES_CBC_decrypt");
void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
unsigned long length, const unsigned char* KS, int nr)
asm ("AES_ECB_encrypt");
XASM_LINK("AES_ECB_encrypt");
void AES_ECB_decrypt(const unsigned char* in, unsigned char* out,
unsigned long length, const unsigned char* KS, int nr)
asm ("AES_ECB_decrypt");
XASM_LINK("AES_ECB_decrypt");
void AES_128_Key_Expansion(const unsigned char* userkey,
unsigned char* key_schedule)
asm ("AES_128_Key_Expansion");
XASM_LINK("AES_128_Key_Expansion");
void AES_192_Key_Expansion(const unsigned char* userkey,
unsigned char* key_schedule)
asm ("AES_192_Key_Expansion");
XASM_LINK("AES_192_Key_Expansion");
void AES_256_Key_Expansion(const unsigned char* userkey,
unsigned char* key_schedule)
asm ("AES_256_Key_Expansion");
XASM_LINK("AES_256_Key_Expansion");
static int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
@ -2228,6 +2241,7 @@ int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
if ((word)in % 16) {
#ifndef NO_CYASSL_ALLOC_ALIGN
byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
CYASSL_MSG("AES-CBC encrypt with bad alignment");
if (tmp == NULL) return MEMORY_E;
XMEMCPY(tmp, in, sz);

2
ctaocrypt/src/aes_asm.s
View File

@ -24,6 +24,8 @@
* by Intel Mobility Group, Israel Development Center, Israel Shay Gueron
*/
/* This file is in at&t asm syntax, see .asm for intel syntax */
/*
AES_CBC_encrypt (const unsigned char *in,

1501
ctaocrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

68
ctaocrypt/src/des3.c
View File

@ -34,6 +34,7 @@
#include <cyassl/ctaocrypt/des3.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#include <cyassl/ctaocrypt/logging.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
@ -169,19 +170,22 @@
CRYP_Cmd(DISABLE);
}
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_CBC);
return 0;
}
void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des, out, in, sz, DES_DECRYPTION, DES_CBC);
return 0;
}
void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_ECB);
return 0;
}
void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz,
@ -389,14 +393,16 @@ static void Des_Cbc(byte* out, const byte* in, word32 sz,
}
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_ENCRYPT) ;
return 0;
}
void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_DECRYPT) ;
return 0;
}
int Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz)
@ -556,7 +562,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
return ret;
}
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
int i;
int offset = 0;
@ -566,6 +572,11 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
iv = (byte*)des->reg;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad cau_des_encrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
@ -583,10 +594,10 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
}
return;
return 0;
}
void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
int i;
int offset = 0;
@ -596,6 +607,11 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
iv = (byte*)des->reg;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad cau_des_decrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
@ -613,7 +629,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
offset += DES_BLOCK_SIZE;
}
return;
return 0;
}
int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
@ -627,6 +643,11 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
iv = (byte*)des->reg;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad 3ede cau_des_encrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
@ -660,6 +681,11 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
iv = (byte*)des->reg;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad 3ede cau_des_decrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
@ -761,9 +787,9 @@ int Des3_SetIV(Des3* des, const byte* iv);
bd_p->BD_CTRL.LAST_BD = 1;
bd_p->BD_CTRL.DESC_EN = 1;
bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; // (unsigned int)sa_p ;
bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; // (unsigned int)in_p ;
bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); // (unsigned int)out_p ;
bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; /* (unsigned int)sa_p; */
bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; /* (unsigned int)in_p; */
bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); /* (unsigned int)out_p; */
bd_p->NXTPTR = (unsigned int)KVA_TO_PA(&bd);
bd_p->MSGLEN = sz ;
@ -772,7 +798,7 @@ int Des3_SetIV(Des3* des, const byte* iv);
while (CECON);
/* Run the engine */
CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; // (unsigned int)bd_p ;
CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; /* (unsigned int)bd_p ; */
CEINTEN = 0x07;
CECON = 0x27;
@ -793,16 +819,18 @@ int Des3_SetIV(Des3* des, const byte* iv);
ByteReverseWords((word32*)out, (word32 *)KVA0_TO_KVA1(out), sz);
}
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des->key, des->reg, out, in, sz,
PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC );
return 0;
}
void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des->key, des->reg, out, in, sz,
PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
return 0;
}
int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
@ -1250,7 +1278,7 @@ static void Des3ProcessBlock(Des3* des, const byte* in, byte* out)
}
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
@ -1262,10 +1290,11 @@ void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
out += DES_BLOCK_SIZE;
in += DES_BLOCK_SIZE;
}
return 0;
}
void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
byte hold[DES_BLOCK_SIZE];
@ -1282,6 +1311,7 @@ void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
out += DES_BLOCK_SIZE;
in += DES_BLOCK_SIZE;
}
return 0;
}
@ -1332,7 +1362,7 @@ int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
#ifdef CYASSL_DES_ECB
/* One block, compatibility only */
void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
@ -1342,6 +1372,7 @@ void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
out += DES_BLOCK_SIZE;
in += DES_BLOCK_SIZE;
}
return 0;
}
#endif /* CYASSL_DES_ECB */
@ -1370,7 +1401,6 @@ int Des3_SetIV(Des3* des, const byte* iv)
#ifdef HAVE_CAVIUM
#include <cyassl/ctaocrypt/logging.h>
#include "cavium_common.h"
/* Initiliaze Des3 for use with Nitrox device */

26
ctaocrypt/src/ecc.c
View File

@ -3629,9 +3629,9 @@ enum ecSrvState {
struct ecEncCtx {
byte* kdfSalt; /* optional salt for kdf */
byte* kdfInfo; /* optional info for kdf */
byte* macSalt; /* optional salt for mac */
const byte* kdfSalt; /* optional salt for kdf */
const byte* kdfInfo; /* optional info for kdf */
const byte* macSalt; /* optional salt for mac */
word32 kdfSaltSz; /* size of kdfSalt */
word32 kdfInfoSz; /* size of kdfInfo */
word32 macSaltSz; /* size of macSalt */
@ -3676,6 +3676,19 @@ const byte* ecc_ctx_get_own_salt(ecEncCtx* ctx)
}
/* optional set info, can be called before or after set_peer_salt */
int ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz)
{
if (ctx == NULL || info == 0 || sz < 0)
return BAD_FUNC_ARG;
ctx->kdfInfo = info;
ctx->kdfInfoSz = sz;
return 0;
}
static const char* exchange_info = "Secure Message Exchange";
int ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
@ -3717,8 +3730,11 @@ int ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
ctx->macSalt = ctx->serverSalt;
ctx->macSaltSz = EXCHANGE_SALT_SZ;
ctx->kdfInfo = (byte*)exchange_info;
ctx->kdfInfoSz = EXCHANGE_INFO_SZ;
if (ctx->kdfInfo == NULL) {
/* default info */
ctx->kdfInfo = (const byte*)exchange_info;
ctx->kdfInfoSz = EXCHANGE_INFO_SZ;
}
return 0;
}

268
ctaocrypt/src/error.c
View File

@ -22,7 +22,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ctaocrypt/error-crypt.h>
@ -32,334 +32,264 @@
#pragma warning(disable: 4996)
#endif
void CTaoCryptErrorString(int error, char* buffer)
const char* CTaoCryptGetErrorString(int error)
{
const int max = CYASSL_MAX_ERROR_SZ; /* shorthand */
#ifdef NO_ERROR_STRINGS
(void)error;
XSTRNCPY(buffer, "no support for error strings built in", max);
return "no support for error strings built in";
#else
switch (error) {
case OPEN_RAN_E :
XSTRNCPY(buffer, "opening random device error", max);
break;
case OPEN_RAN_E :
return "opening random device error";
case READ_RAN_E :
XSTRNCPY(buffer, "reading random device error", max);
break;
return "reading random device error";
case WINCRYPT_E :
XSTRNCPY(buffer, "windows crypt init error", max);
break;
return "windows crypt init error";
case CRYPTGEN_E :
XSTRNCPY(buffer, "windows crypt generation error", max);
break;
case CRYPTGEN_E :
return "windows crypt generation error";
case RAN_BLOCK_E :
XSTRNCPY(buffer, "random device read would block error", max);
break;
case RAN_BLOCK_E :
return "random device read would block error";
case BAD_MUTEX_E :
XSTRNCPY(buffer, "Bad mutex, operation failed", max);
break;
case BAD_MUTEX_E :
return "Bad mutex, operation failed";
case MP_INIT_E :
XSTRNCPY(buffer, "mp_init error state", max);
break;
return "mp_init error state";
case MP_READ_E :
XSTRNCPY(buffer, "mp_read error state", max);
break;
return "mp_read error state";
case MP_EXPTMOD_E :
XSTRNCPY(buffer, "mp_exptmod error state", max);
break;
return "mp_exptmod error state";
case MP_TO_E :
XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max);
break;
return "mp_to_xxx error state, can't convert";
case MP_SUB_E :
XSTRNCPY(buffer, "mp_sub error state, can't subtract", max);
break;
return "mp_sub error state, can't subtract";
case MP_ADD_E :
XSTRNCPY(buffer, "mp_add error state, can't add", max);
break;
return "mp_add error state, can't add";
case MP_MUL_E :
XSTRNCPY(buffer, "mp_mul error state, can't multiply", max);
break;
return "mp_mul error state, can't multiply";
case MP_MULMOD_E :
XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max);
break;
return "mp_mulmod error state, can't multiply mod";
case MP_MOD_E :
XSTRNCPY(buffer, "mp_mod error state, can't mod", max);
break;
return "mp_mod error state, can't mod";
case MP_INVMOD_E :
XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max);
break;
return "mp_invmod error state, can't inv mod";
case MP_CMP_E :
XSTRNCPY(buffer, "mp_cmp error state", max);
break;
return "mp_cmp error state";
case MP_ZERO_E :
XSTRNCPY(buffer, "mp zero result, not expected", max);
break;
return "mp zero result, not expected";
case MEMORY_E :
XSTRNCPY(buffer, "out of memory error", max);
break;
return "out of memory error";
case RSA_WRONG_TYPE_E :
XSTRNCPY(buffer, "RSA wrong block type for RSA function", max);
break;
return "RSA wrong block type for RSA function";
case RSA_BUFFER_E :
XSTRNCPY(buffer, "RSA buffer error, output too small or input too big",
max);
break;
return "RSA buffer error, output too small or input too big";
case BUFFER_E :
XSTRNCPY(buffer, "Buffer error, output too small or input too big",max);
break;
return "Buffer error, output too small or input too big";
case ALGO_ID_E :
XSTRNCPY(buffer, "Setting Cert AlogID error", max);
break;
return "Setting Cert AlogID error";
case PUBLIC_KEY_E :
XSTRNCPY(buffer, "Setting Cert Public Key error", max);
break;
return "Setting Cert Public Key error";
case DATE_E :
XSTRNCPY(buffer, "Setting Cert Date validity error", max);
break;
return "Setting Cert Date validity error";
case SUBJECT_E :
XSTRNCPY(buffer, "Setting Cert Subject name error", max);
break;
return "Setting Cert Subject name error";
case ISSUER_E :
XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
break;
return "Setting Cert Issuer name error";
case CA_TRUE_E :
XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
break;
return "Setting basic constraint CA true error";
case EXTENSIONS_E :
XSTRNCPY(buffer, "Setting extensions error", max);
break;
return "Setting extensions error";
case ASN_PARSE_E :
XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
break;
return "ASN parsing error, invalid input";
case ASN_VERSION_E :
XSTRNCPY(buffer, "ASN version error, invalid number", max);
break;
return "ASN version error, invalid number";
case ASN_GETINT_E :
XSTRNCPY(buffer, "ASN get big int error, invalid data", max);
break;
return "ASN get big int error, invalid data";
case ASN_RSA_KEY_E :
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
break;
return "ASN key init error, invalid input";
case ASN_OBJECT_ID_E :
XSTRNCPY(buffer, "ASN object id error, invalid id", max);
break;
return "ASN object id error, invalid id";
case ASN_TAG_NULL_E :
XSTRNCPY(buffer, "ASN tag error, not null", max);
break;
return "ASN tag error, not null";
case ASN_EXPECT_0_E :
XSTRNCPY(buffer, "ASN expect error, not zero", max);
break;
return "ASN expect error, not zero";
case ASN_BITSTR_E :
XSTRNCPY(buffer, "ASN bit string error, wrong id", max);
break;
return "ASN bit string error, wrong id";
case ASN_UNKNOWN_OID_E :
XSTRNCPY(buffer, "ASN oid error, unknown sum id", max);
break;
return "ASN oid error, unknown sum id";
case ASN_DATE_SZ_E :
XSTRNCPY(buffer, "ASN date error, bad size", max);
break;
return "ASN date error, bad size";
case ASN_BEFORE_DATE_E :
XSTRNCPY(buffer, "ASN date error, current date before", max);
break;
return "ASN date error, current date before";
case ASN_AFTER_DATE_E :
XSTRNCPY(buffer, "ASN date error, current date after", max);
break;
return "ASN date error, current date after";
case ASN_SIG_OID_E :
XSTRNCPY(buffer, "ASN signature error, mismatched oid", max);
break;
return "ASN signature error, mismatched oid";
case ASN_TIME_E :
XSTRNCPY(buffer, "ASN time error, unkown time type", max);
break;
return "ASN time error, unkown time type";
case ASN_INPUT_E :
XSTRNCPY(buffer, "ASN input error, not enough data", max);
break;
return "ASN input error, not enough data";
case ASN_SIG_CONFIRM_E :
XSTRNCPY(buffer, "ASN sig error, confirm failure", max);
break;
return "ASN sig error, confirm failure";
case ASN_SIG_HASH_E :
XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max);
break;
return "ASN sig error, unsupported hash type";
case ASN_SIG_KEY_E :
XSTRNCPY(buffer, "ASN sig error, unsupported key type", max);
break;
return "ASN sig error, unsupported key type";
case ASN_DH_KEY_E :
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
break;
return "ASN key init error, invalid input";
case ASN_NTRU_KEY_E :
XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max);
break;
return "ASN NTRU key decode error, invalid input";
case ASN_CRIT_EXT_E:
XSTRNCPY(buffer, "X.509 Critical extension ignored", max);
break;
return "X.509 Critical extension ignored";
case ECC_BAD_ARG_E :
XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max);
break;
return "ECC input argument wrong type, invalid input";
case ASN_ECC_KEY_E :
XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max);
break;
return "ECC ASN1 bad key data, invalid input";
case ECC_CURVE_OID_E :
XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max);
break;
return "ECC curve sum OID unsupported, invalid input";
case BAD_FUNC_ARG :
XSTRNCPY(buffer, "Bad function argument", max);
break;
return "Bad function argument";
case NOT_COMPILED_IN :
XSTRNCPY(buffer, "Feature not compiled in", max);
break;
return "Feature not compiled in";
case UNICODE_SIZE_E :
XSTRNCPY(buffer, "Unicode password too big", max);
break;
return "Unicode password too big";
case NO_PASSWORD :
XSTRNCPY(buffer, "No password provided by user", max);
break;
return "No password provided by user";
case ALT_NAME_E :
XSTRNCPY(buffer, "Alt Name problem, too big", max);
break;
return "Alt Name problem, too big";
case AES_GCM_AUTH_E:
XSTRNCPY(buffer, "AES-GCM Authentication check fail", max);
break;
return "AES-GCM Authentication check fail";
case AES_CCM_AUTH_E:
XSTRNCPY(buffer, "AES-CCM Authentication check fail", max);
break;
return "AES-CCM Authentication check fail";
case CAVIUM_INIT_E:
XSTRNCPY(buffer, "Cavium Init type error", max);
break;
return "Cavium Init type error";
case COMPRESS_INIT_E:
XSTRNCPY(buffer, "Compress Init error", max);
break;
return "Compress Init error";
case COMPRESS_E:
XSTRNCPY(buffer, "Compress error", max);
break;
return "Compress error";
case DECOMPRESS_INIT_E:
XSTRNCPY(buffer, "DeCompress Init error", max);
break;
return "DeCompress Init error";
case DECOMPRESS_E:
XSTRNCPY(buffer, "DeCompress error", max);
break;
return "DeCompress error";
case BAD_ALIGN_E:
XSTRNCPY(buffer, "Bad alignment error, no alloc help", max);
break;
return "Bad alignment error, no alloc help";
case ASN_NO_SIGNER_E :
XSTRNCPY(buffer, "ASN no signer error to confirm failure", max);
break;
return "ASN no signer error to confirm failure";
case ASN_CRL_CONFIRM_E :
XSTRNCPY(buffer, "ASN CRL sig error, confirm failure", max);
break;
return "ASN CRL sig error, confirm failure";
case ASN_CRL_NO_SIGNER_E :
XSTRNCPY(buffer, "ASN CRL no signer error to confirm failure", max);
break;
return "ASN CRL no signer error to confirm failure";
case ASN_OCSP_CONFIRM_E :
XSTRNCPY(buffer, "ASN OCSP sig error, confirm failure", max);
break;
return "ASN OCSP sig error, confirm failure";
case BAD_ENC_STATE_E:
XSTRNCPY(buffer, "Bad ecc encrypt state operation", max);
break;
return "Bad ecc encrypt state operation";
case BAD_PADDING_E:
XSTRNCPY(buffer, "Bad padding, message wrong length", max);
break;
return "Bad padding, message wrong length";
case REQ_ATTRIBUTE_E:
XSTRNCPY(buffer, "Setting cert request attributes error", max);
break;
return "Setting cert request attributes error";
case PKCS7_OID_E:
XSTRNCPY(buffer, "PKCS#7 error: mismatched OID value", max);
break;
return "PKCS#7 error: mismatched OID value";
case PKCS7_RECIP_E:
XSTRNCPY(buffer, "PKCS#7 error: no matching recipient found", max);
break;
return "PKCS#7 error: no matching recipient found";
case FIPS_NOT_ALLOWED_E:
XSTRNCPY(buffer, "FIPS mode not allowed error", max);
break;
return "FIPS mode not allowed error";
case ASN_NAME_INVALID_E:
XSTRNCPY(buffer, "Name Constraint error", max);
break;
return "Name Constraint error";
case RNG_FAILURE_E:
return "Random Number Generator failed";
case HMAC_MIN_KEYLEN_E:
return "FIPS Mode HMAC Minimum Key Length error";
default:
XSTRNCPY(buffer, "unknown error number", max);
return "unknown error number";
}
#endif /* NO_ERROR_STRINGS */
}
void CTaoCryptErrorString(int error, char* buffer)
{
XSTRNCPY(buffer, CTaoCryptGetErrorString(error), CYASSL_MAX_ERROR_SZ);
}

5
ctaocrypt/src/hmac.c
View File

@ -131,6 +131,11 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
if (ret != 0)
return ret;
#ifdef HAVE_FIPS
if (length < HMAC_FIPS_MIN_KEY)
return HMAC_MIN_KEYLEN_E;
#endif
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:

3
ctaocrypt/src/include.am
View File

@ -2,7 +2,8 @@
# All paths should be given relative to the root
EXTRA_DIST += ctaocrypt/src/misc.c
EXTRA_DIST += ctaocrypt/src/asm.c
EXTRA_DIST += ctaocrypt/src/asm.c
EXTRA_DIST += ctaocrypt/src/aes_asm.asm
EXTRA_DIST += \
ctaocrypt/src/ecc_fp.c \

16
ctaocrypt/src/integer.c
View File

@ -1854,15 +1854,15 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
}
/* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times*/
if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) {
if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
goto LBL_RES;
}
for (x = 0; x < (winsize - 1); x++) {
if ((err = mp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)])) != MP_OKAY) {
if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
goto LBL_RES;
}
if ((err = redux (&M[1 << (winsize - 1)], P, mp)) != MP_OKAY) {
if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, mp)) != MP_OKAY) {
goto LBL_RES;
}
}
@ -3250,19 +3250,19 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
/* compute the value at M[1<<(winsize-1)] by squaring
* M[1] (winsize-1) times
*/
if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) {
if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
goto LBL_MU;
}
for (x = 0; x < (winsize - 1); x++) {
/* square it */
if ((err = mp_sqr (&M[1 << (winsize - 1)],
&M[1 << (winsize - 1)])) != MP_OKAY) {
if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))],
&M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
goto LBL_MU;
}
/* reduce modulo P */
if ((err = redux (&M[1 << (winsize - 1)], P, &mu)) != MP_OKAY) {
if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, &mu)) != MP_OKAY) {
goto LBL_MU;
}
}
@ -3765,7 +3765,7 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c)
#endif
#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(CYASSL_SNIFFER) || defined(CYASSL_HAVE_WOLFSCEP)
#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(CYASSL_SNIFFER) || defined(CYASSL_HAVE_WOLFSCEP) || defined(CYASSL_KEY_GEN)
/* single digit addition */
int mp_add_d (mp_int* a, mp_digit b, mp_int* c)

28
ctaocrypt/src/md2.c
View File

@ -29,6 +29,8 @@
#ifdef CYASSL_MD2
#include <cyassl/ctaocrypt/md2.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
#else
@ -128,4 +130,30 @@ void Md2Final(Md2* md2, byte* hash)
}
int Md2Hash(const byte* data, word32 len, byte* hash)
{
#ifdef CYASSL_SMALL_STACK
Md2* md2;
#else
Md2 md2[1];
#endif
#ifdef CYASSL_SMALL_STACK
md2 = (Md2*)XMALLOC(sizeof(Md2), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (md2 == NULL)
return MEMORY_E;
#endif
InitMd2(md2);
Md2Update(md2, data, len);
Md2Final(md2, hash);
#ifdef CYASSL_SMALL_STACK
XFREE(md2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
}
#endif /* CYASSL_MD2 */

27
ctaocrypt/src/md5.c
View File

@ -35,6 +35,7 @@
#endif
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
@ -361,4 +362,30 @@ void Md5Final(Md5* md5, byte* hash)
#endif /* STM32F2_HASH */
int Md5Hash(const byte* data, word32 len, byte* hash)
{
#ifdef CYASSL_SMALL_STACK
Md5* md5;
#else
Md5 md5[1];
#endif
#ifdef CYASSL_SMALL_STACK
md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (md5 == NULL)
return MEMORY_E;
#endif
InitMd5(md5);
Md5Update(md5, data, len);
Md5Final(md5, hash);
#ifdef CYASSL_SMALL_STACK
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
}
#endif /* NO_MD5 */

2
ctaocrypt/src/misc.c
View File

@ -45,6 +45,8 @@
#include <stdlib.h> /* get intrinsic definitions */
/* for non visual studio probably need no long version, 32 bit only
* i.e., _rotl and _rotr */
#pragma intrinsic(_lrotl, _lrotr)
STATIC INLINE word32 rotlFixed(word32 x, word32 y)

914
ctaocrypt/src/pkcs7.c
View File

File diff suppressed because it is too large Load Diff

280
ctaocrypt/src/random.c
View File

@ -30,10 +30,16 @@
*/
#ifdef HAVE_FIPS
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
#define FIPS_NO_WRAPPERS
#endif
#include <cyassl/ctaocrypt/random.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
#include <cyassl/ctaocrypt/sha256.h>
#ifdef NO_INLINE
@ -74,9 +80,16 @@
#define NONCE_SZ (ENTROPY_SZ/2)
#define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ)
#define DRBG_SUCCESS 0
#define DRBG_ERROR 1
#define DRBG_NEED_RESEED 2
/* Internal return codes */
#define DRBG_SUCCESS 0
#define DRBG_ERROR 1
#define DRBG_FAILURE 2
#define DRBG_NEED_RESEED 3
/* RNG health states */
#define DRBG_NOT_INIT 0
#define DRBG_OK 1
#define DRBG_FAILED 2
enum {
@ -88,10 +101,11 @@ enum {
};
/* Hash Derivation Function */
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type,
byte* inA, word32 inASz,
byte* inB, word32 inBSz,
byte* inC, word32 inCSz)
const byte* inA, word32 inASz,
const byte* inB, word32 inBSz)
{
byte ctr;
int i;
@ -107,33 +121,29 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type,
for (i = 0, ctr = 1; i < len; i++, ctr++)
{
if (InitSha256(&rng->sha) != 0)
return DRBG_ERROR;
return DRBG_FAILURE;
if (Sha256Update(&rng->sha, &ctr, sizeof(ctr)) != 0)
return DRBG_ERROR;
return DRBG_FAILURE;
if (Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits)) != 0)
return DRBG_ERROR;
return DRBG_FAILURE;
/* churning V is the only string that doesn't have
* the type added */
if (type != drbgInitV)
if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0)
return DRBG_ERROR;
return DRBG_FAILURE;
if (Sha256Update(&rng->sha, inA, inASz) != 0)
return DRBG_ERROR;
return DRBG_FAILURE;
if (inB != NULL && inBSz > 0)
if (Sha256Update(&rng->sha, inB, inBSz) != 0)
return DRBG_ERROR;
if (inC != NULL && inCSz > 0)
if (Sha256Update(&rng->sha, inC, inCSz) != 0)
return DRBG_ERROR;
return DRBG_FAILURE;
if (Sha256Final(&rng->sha, rng->digest) != 0)
return DRBG_ERROR;
return DRBG_FAILURE;
if (outSz > OUTPUT_BLOCK_LEN) {
XMEMCPY(out, rng->digest, OUTPUT_BLOCK_LEN);
@ -149,26 +159,26 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type,
}
static int Hash_DRBG_Reseed(RNG* rng, byte* entropy, word32 entropySz)
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_DRBG_Reseed(RNG* rng, const byte* entropy, word32 entropySz)
{
int ret;
byte seed[DRBG_SEED_LEN];
ret = Hash_df(rng, seed, sizeof(seed), drbgReseed, rng->V, sizeof(rng->V),
entropy, entropySz, NULL, 0);
if (ret != 0)
return ret;
if (Hash_df(rng, seed, sizeof(seed), drbgReseed, rng->V, sizeof(rng->V),
entropy, entropySz) != DRBG_SUCCESS) {
return DRBG_FAILURE;
}
XMEMCPY(rng->V, seed, sizeof(rng->V));
XMEMSET(seed, 0, sizeof(seed));
ret = Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V,
sizeof(rng->V), NULL, 0, NULL, 0);
if (ret != 0)
return ret;
if (Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V,
sizeof(rng->V), NULL, 0) != DRBG_SUCCESS) {
return DRBG_FAILURE;
}
rng->reseedCtr = 1;
return 0;
return DRBG_SUCCESS;
}
static INLINE void array_add_one(byte* data, word32 dataSz)
@ -182,26 +192,23 @@ static INLINE void array_add_one(byte* data, word32 dataSz)
}
}
static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V)
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_gen(RNG* rng, byte* out, word32 outSz, const byte* V)
{
byte data[DRBG_SEED_LEN];
int i, ret;
int i;
int len = (outSz / OUTPUT_BLOCK_LEN)
+ ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
XMEMCPY(data, V, sizeof(data));
for (i = 0; i < len; i++) {
ret = InitSha256(&rng->sha);
if (ret != 0)
return ret;
if (InitSha256(&rng->sha) != 0 ||
Sha256Update(&rng->sha, data, sizeof(data)) != 0 ||
Sha256Final(&rng->sha, rng->digest) != 0) {
ret = Sha256Update(&rng->sha, data, sizeof(data));
if (ret != 0)
return ret;
ret = Sha256Final(&rng->sha, rng->digest);
if (ret != 0)
return ret;
return DRBG_FAILURE;
}
if (outSz > OUTPUT_BLOCK_LEN) {
XMEMCPY(out, rng->digest, OUTPUT_BLOCK_LEN);
@ -215,11 +222,11 @@ static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V)
}
XMEMSET(data, 0, sizeof(data));
return 0;
return DRBG_SUCCESS;
}
static INLINE void array_add(byte* d, word32 dLen, byte* s, word32 sLen)
static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
{
word16 carry = 0;
@ -238,74 +245,67 @@ static INLINE void array_add(byte* d, word32 dLen, byte* s, word32 sLen)
}
/* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */
static int Hash_DRBG_Generate(RNG* rng, byte* out, word32 outSz)
{
int ret;
int ret = DRBG_NEED_RESEED;
if (rng->reseedCtr != RESEED_INTERVAL) {
byte type = drbgGenerateH;
word32 reseedCtr = rng->reseedCtr;
rng->reseedCtr++;
if (Hash_gen(rng, out, outSz, rng->V) != 0)
return DRBG_ERROR;
if (InitSha256(&rng->sha) != 0)
return DRBG_ERROR;
if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0)
return DRBG_ERROR;
if (Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0)
return DRBG_ERROR;
if (Sha256Final(&rng->sha, rng->digest) != 0)
return DRBG_ERROR;
if (Hash_gen(rng, out, outSz, rng->V) != 0 ||
InitSha256(&rng->sha) != 0 ||
Sha256Update(&rng->sha, &type, sizeof(type)) != 0 ||
Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0 ||
Sha256Final(&rng->sha, rng->digest) != 0) {
array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest));
array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C));
#ifdef LITTLE_ENDIAN_ORDER
reseedCtr = ByteReverseWord32(reseedCtr);
#endif
array_add(rng->V, sizeof(rng->V), (byte*)&reseedCtr, sizeof(reseedCtr));
ret = DRBG_SUCCESS;
}
else {
ret = DRBG_NEED_RESEED;
ret = DRBG_FAILURE;
}
else {
array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest));
array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C));
#ifdef LITTLE_ENDIAN_ORDER
reseedCtr = ByteReverseWord32(reseedCtr);
#endif
array_add(rng->V, sizeof(rng->V),
(byte*)&reseedCtr, sizeof(reseedCtr));
ret = DRBG_SUCCESS;
}
}
return ret;
}
static int Hash_DRBG_Instantiate(RNG* rng, byte* seed, word32 seedSz,
byte* nonce, word32 nonceSz, byte* personal, word32 personalSz)
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_DRBG_Instantiate(RNG* rng, const byte* seed, word32 seedSz,
const byte* nonce, word32 nonceSz)
{
int ret;
int ret = DRBG_FAILURE;
XMEMSET(rng, 0, sizeof(*rng));
ret = Hash_df(rng, rng->V, sizeof(rng->V), drbgInitV, seed, seedSz,
nonce, nonceSz, personal, personalSz);
if (ret != 0)
return ret;
if (Hash_df(rng, rng->V, sizeof(rng->V), drbgInitV, seed, seedSz,
nonce, nonceSz) == DRBG_SUCCESS &&
Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V,
sizeof(rng->V), NULL, 0) == DRBG_SUCCESS) {
ret = Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V,
sizeof(rng->V), NULL, 0, NULL, 0);
if (ret != 0)
return ret;
rng->reseedCtr = 1;
ret = DRBG_SUCCESS;
}
rng->reseedCtr = 1;
return 0;
return ret;
}
/* Returns: DRBG_SUCCESS */
static int Hash_DRBG_Uninstantiate(RNG* rng)
{
int result = DRBG_ERROR;
XMEMSET(rng, 0, sizeof(*rng));
if (rng != NULL) {
XMEMSET(rng, 0, sizeof(*rng));
result = DRBG_SUCCESS;
}
return result;
return DRBG_SUCCESS;
}
/* End NIST DRBG Code */
@ -314,17 +314,27 @@ static int Hash_DRBG_Uninstantiate(RNG* rng)
/* Get seed and key cipher */
int InitRng(RNG* rng)
{
byte entropy[ENTROPY_NONCE_SZ];
int ret = DRBG_ERROR;
int ret = BAD_FUNC_ARG;
/* This doesn't use a separate nonce. The entropy input will be
* the default size plus the size of the nonce making the seed
* size. */
if (GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0)
ret = Hash_DRBG_Instantiate(rng, entropy, ENTROPY_NONCE_SZ,
NULL, 0, NULL, 0);
if (rng != NULL) {
byte entropy[ENTROPY_NONCE_SZ];
XMEMSET(entropy, 0, ENTROPY_NONCE_SZ);
/* This doesn't use a separate nonce. The entropy input will be
* the default size plus the size of the nonce making the seed
* size. */
if (GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0 &&
Hash_DRBG_Instantiate(rng, entropy, ENTROPY_NONCE_SZ,
NULL, 0) == DRBG_SUCCESS) {
rng->status = DRBG_OK;
ret = 0;
}
else {
rng->status = DRBG_FAILED;
ret = RNG_FAILURE_E;
}
XMEMSET(entropy, 0, ENTROPY_NONCE_SZ);
}
return ret;
}
@ -335,24 +345,36 @@ int RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
{
int ret;
XMEMSET(output, 0, sz);
ret = Hash_DRBG_Generate(rng, output, sz);
if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN)
return BAD_FUNC_ARG;
if (ret == DRBG_NEED_RESEED) {
if (rng->status != DRBG_OK)
return RNG_FAILURE_E;
ret = Hash_DRBG_Generate(rng, output, sz);
if (ret == DRBG_SUCCESS) {
ret = 0;
}
else if (ret == DRBG_NEED_RESEED) {
byte entropy[ENTROPY_SZ];
ret = GenerateSeed(&rng->seed, entropy, ENTROPY_SZ);
if (ret == 0) {
ret = Hash_DRBG_Reseed(rng, entropy, ENTROPY_SZ);
if (GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 &&
Hash_DRBG_Reseed(rng, entropy, ENTROPY_SZ) == DRBG_SUCCESS &&
Hash_DRBG_Generate(rng, output, sz) == DRBG_SUCCESS) {
if (ret == 0)
ret = Hash_DRBG_Generate(rng, output, sz);
ret = 0;
}
else {
ret = RNG_FAILURE_E;
rng->status = DRBG_FAILED;
}
else
ret = DRBG_ERROR;
XMEMSET(entropy, 0, ENTROPY_SZ);
}
else {
ret = RNG_FAILURE_E;
rng->status = DRBG_FAILED;
}
return ret;
}
@ -364,11 +386,59 @@ int RNG_GenerateByte(RNG* rng, byte* b)
}
void FreeRng(RNG* rng)
int FreeRng(RNG* rng)
{
Hash_DRBG_Uninstantiate(rng);
int ret = BAD_FUNC_ARG;
if (rng != NULL) {
if (Hash_DRBG_Uninstantiate(rng) == DRBG_SUCCESS)
ret = 0;
else
ret = RNG_FAILURE_E;
}
return ret;
}
int RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz,
const byte* output, word32 outputSz)
{
RNG rng;
byte check[SHA256_DIGEST_SIZE * 4];
if (Hash_DRBG_Instantiate(&rng, entropyA, entropyASz, NULL, 0) != 0)
return -1;
if (reseed) {
if (Hash_DRBG_Reseed(&rng, entropyB, entropyBSz) != 0) {
Hash_DRBG_Uninstantiate(&rng);
return -1;
}
}
if (Hash_DRBG_Generate(&rng, check, sizeof(check)) != 0) {
Hash_DRBG_Uninstantiate(&rng);
return -1;
}
if (Hash_DRBG_Generate(&rng, check, sizeof(check)) != 0) {
Hash_DRBG_Uninstantiate(&rng);
return -1;
}
if (outputSz != sizeof(check) || XMEMCMP(output, check, sizeof(check))) {
Hash_DRBG_Uninstantiate(&rng);
return -1;
}
Hash_DRBG_Uninstantiate(&rng);
return 0;
}
#else /* HAVE_HASHDRBG || NO_RC4 */
/* Get seed and key cipher */

34
ctaocrypt/src/sha.c
View File

@ -40,6 +40,9 @@
#endif
#include <cyassl/ctaocrypt/sha.h>
#include <cyassl/ctaocrypt/logging.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
#else
@ -392,4 +395,35 @@ int ShaFinal(Sha* sha, byte* hash)
#endif /* STM32F2_HASH */
int ShaHash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef CYASSL_SMALL_STACK
Sha* sha;
#else
Sha sha[1];
#endif
#ifdef CYASSL_SMALL_STACK
sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha == NULL)
return MEMORY_E;
#endif
if ((ret = InitSha(sha)) != 0) {
CYASSL_MSG("InitSha failed");
}
else {
ShaUpdate(sha, data, len);
ShaFinal(sha, hash);
}
#ifdef CYASSL_SMALL_STACK
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* NO_SHA */

35
ctaocrypt/src/sha256.c
View File

@ -42,7 +42,9 @@
#endif
#include <cyassl/ctaocrypt/sha256.h>
#include <cyassl/ctaocrypt/logging.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
#else
@ -283,5 +285,38 @@ int Sha256Final(Sha256* sha256, byte* hash)
}
int Sha256Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef CYASSL_SMALL_STACK
Sha256* sha256;
#else
Sha256 sha256[1];
#endif
#ifdef CYASSL_SMALL_STACK
sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha256 == NULL)
return MEMORY_E;
#endif
if ((ret = InitSha256(sha256)) != 0) {
CYASSL_MSG("InitSha256 failed");
}
else if ((ret = Sha256Update(sha256, data, len)) != 0) {
CYASSL_MSG("Sha256Update failed");
}
else if ((ret = Sha256Final(sha256, hash)) != 0) {
CYASSL_MSG("Sha256Final failed");
}
#ifdef CYASSL_SMALL_STACK
XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* NO_SHA256 */

67
ctaocrypt/src/sha512.c
View File

@ -33,7 +33,9 @@
#endif
#include <cyassl/ctaocrypt/sha512.h>
#include <cyassl/ctaocrypt/logging.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
#else
@ -296,6 +298,38 @@ int Sha512Final(Sha512* sha512, byte* hash)
}
int Sha512Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef CYASSL_SMALL_STACK
Sha512* sha512;
#else
Sha512 sha512[1];
#endif
#ifdef CYASSL_SMALL_STACK
sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha512 == NULL)
return MEMORY_E;
#endif
if ((ret = InitSha512(sha512)) != 0) {
CYASSL_MSG("InitSha512 failed");
}
else if ((ret = Sha512Update(sha512, data, len)) != 0) {
CYASSL_MSG("Sha512Update failed");
}
else if ((ret = Sha512Final(sha512, hash)) != 0) {
CYASSL_MSG("Sha512Final failed");
}
#ifdef CYASSL_SMALL_STACK
XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#ifdef CYASSL_SHA384
@ -470,6 +504,39 @@ int Sha384Final(Sha384* sha384, byte* hash)
return InitSha384(sha384); /* reset state */
}
int Sha384Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef CYASSL_SMALL_STACK
Sha384* sha384;
#else
Sha384 sha384[1];
#endif
#ifdef CYASSL_SMALL_STACK
sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha384 == NULL)
return MEMORY_E;
#endif
if ((ret = InitSha384(sha384)) != 0) {
CYASSL_MSG("InitSha384 failed");
}
else if ((ret = Sha384Update(sha384, data, len)) != 0) {
CYASSL_MSG("Sha384Update failed");
}
else if ((ret = Sha384Final(sha384, hash)) != 0) {
CYASSL_MSG("Sha384Final failed");
}
#ifdef CYASSL_SMALL_STACK
XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* CYASSL_SHA384 */
#endif /* CYASSL_SHA512 */

169
ctaocrypt/test/test.c
View File

@ -103,7 +103,7 @@
#endif
#ifdef HAVE_NTRU
#include "crypto_ntru.h"
#include "ntru_crypto.h"
#endif
#ifdef HAVE_CAVIUM
#include "cavium_sysdep.h"
@ -1167,9 +1167,11 @@ int hmac_md5_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20009;
#endif
@ -1242,9 +1244,11 @@ int hmac_sha_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20010;
#endif
@ -1321,9 +1325,11 @@ int hmac_sha256_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20011;
#endif
@ -1400,9 +1406,11 @@ int hmac_blake2b_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20011;
#endif
@ -1483,6 +1491,10 @@ int hmac_sha384_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4027;
@ -1559,6 +1571,10 @@ int hmac_sha512_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4030;
@ -2790,6 +2806,74 @@ int camellia_test(void)
#endif /* HAVE_CAMELLIA */
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
int random_test(void)
{
const byte test1Entropy[] =
{
0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
};
const byte test1Output[] =
{
0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
};
const byte test2EntropyA[] =
{
0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
};
const byte test2EntropyB[] =
{
0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
};
const byte test2Output[] =
{
0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
};
int ret;
ret = RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
test1Output, sizeof(test1Output));
if (ret != 0) return -39;
ret = RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
test2EntropyB, sizeof(test2EntropyB),
test2Output, sizeof(test2Output));
if (ret != 0) return -40;
return 0;
}
#else /* HAVE_HASHDRBG || NO_RC4 */
int random_test(void)
{
RNG rng;
@ -2809,6 +2893,8 @@ int random_test(void)
return 0;
}
#endif /* HAVE_HASHDRBG || NO_RC4 */
#ifdef HAVE_NTRU
@ -2997,8 +3083,8 @@ int rsa_test(void)
int pemSz = 0;
RsaKey derIn;
RsaKey genKey;
FILE* keyFile;
FILE* pemFile;
FILE* keyFile;
FILE* pemFile;
ret = InitRsaKey(&genKey, 0);
if (ret != 0)
@ -3192,7 +3278,7 @@ int rsa_test(void)
int pemSz;
size_t bytes3;
word32 idx3 = 0;
FILE* file3 ;
FILE* file3 ;
#ifdef CYASSL_TEST_CERT
DecodedCert decode;
#endif
@ -3493,38 +3579,46 @@ int rsa_test(void)
static uint8_t const pers_str[] = {
'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
};
word32 rc = crypto_drbg_instantiate(112, pers_str, sizeof(pers_str),
GetEntropy, &drbg);
word32 rc = ntru_crypto_drbg_instantiate(112, pers_str,
sizeof(pers_str), GetEntropy, &drbg);
if (rc != DRBG_OK) {
free(derCert);
free(pem);
return -448;
}
rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
&public_key_len, NULL,
&private_key_len, NULL);
if (rc != NTRU_OK) {
free(derCert);
free(pem);
return -449;
}
rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
&public_key_len, public_key,
&private_key_len, private_key);
if (rc != NTRU_OK) {
free(derCert);
free(pem);
return -450;
}
rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
NULL, &private_key_len, NULL);
rc = ntru_crypto_drbg_uninstantiate(drbg);
if (rc != NTRU_OK) {
free(derCert);
free(pem);
return -451;
}
rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
public_key, &private_key_len, private_key);
crypto_drbg_uninstantiate(drbg);
if (rc != NTRU_OK) {
free(derCert);
free(pem);
return -452;
}
caFile = fopen(caKeyFile, "rb");
if (!caFile) {
free(derCert);
free(pem);
return -453;
return -452;
}
bytes = fread(tmp, 1, FOURK_BUF, caFile);
@ -3534,7 +3628,7 @@ int rsa_test(void)
if (ret != 0) {
free(derCert);
free(pem);
return -459;
return -453;
}
ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes);
if (ret != 0) {
@ -3911,7 +4005,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_md5());
EVP_DigestUpdate(&md_ctx, a.input, a.inLen);
EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0)
@ -3928,7 +4022,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_sha1());
EVP_DigestUpdate(&md_ctx, b.input, b.inLen);
EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0)
@ -3945,7 +4039,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_sha256());
EVP_DigestUpdate(&md_ctx, d.input, d.inLen);
EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, d.output, SHA256_DIGEST_SIZE) != 0)
@ -3989,7 +4083,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_sha512());
EVP_DigestUpdate(&md_ctx, f.input, f.inLen);
EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0)
@ -4264,6 +4358,8 @@ int hkdf_test(void)
(void)res2;
(void)res3;
(void)res4;
(void)salt1;
(void)info1;
#ifndef NO_SHA
ret = HKDF(SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
@ -4273,12 +4369,15 @@ int hkdf_test(void)
if (memcmp(okm1, res1, L) != 0)
return -2002;
#ifndef HAVE_FIPS
/* fips can't have key size under 14 bytes, salt is key too */
ret = HKDF(SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L);
if (ret != 0)
return -2003;
if (memcmp(okm1, res2, L) != 0)
return -2004;
#endif /* HAVE_FIPS */
#endif /* NO_SHA */
#ifndef NO_SHA256
@ -4289,12 +4388,15 @@ int hkdf_test(void)
if (memcmp(okm1, res3, L) != 0)
return -2006;
#ifndef HAVE_FIPS
/* fips can't have key size under 14 bytes, salt is key too */
ret = HKDF(SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L);
if (ret != 0)
return -2007;
if (memcmp(okm1, res4, L) != 0)
return -2007;
#endif /* HAVE_FIPS */
#endif /* NO_SHA256 */
return 0;
@ -4473,6 +4575,9 @@ int ecc_encrypt_test(void)
ret = ecc_ctx_set_peer_salt(cliCtx, srvSalt);
ret += ecc_ctx_set_peer_salt(srvCtx, cliSalt);
ret += ecc_ctx_set_info(cliCtx, (byte*)"CyaSSL MSGE", 11);
ret += ecc_ctx_set_info(srvCtx, (byte*)"CyaSSL MSGE", 11);
if (ret != 0)
return -3008;

371
cyassl/certs_test.h
View File

@ -70,7 +70,7 @@ const unsigned char client_key_der_1024[] =
0xA2, 0xFE, 0xBF, 0x08, 0x6B, 0x1A, 0x5D, 0x3F, 0x90, 0x12,
0xB1, 0x05, 0x86, 0x31, 0x29, 0xDB, 0xD9, 0xE2
};
const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024) ;
const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024);
/* ./certs/1024/client-cert.der, 1024-bit */
const unsigned char client_cert_der_1024[] =
@ -152,7 +152,7 @@ const unsigned char client_cert_der_1024[] =
0x1B, 0x4E, 0x5D, 0xBC, 0x4E, 0x9A, 0x7C, 0x1F, 0xAB, 0x56,
0x47, 0x4A
};
const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024) ;
const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024);
/* ./certs/1024/dh1024.der, 1024-bit */
const unsigned char dh_key_der_1024[] =
@ -172,7 +172,7 @@ const unsigned char dh_key_der_1024[] =
0x8C, 0x63, 0x0A, 0xAD, 0xC7, 0x10, 0xEA, 0xC7, 0xA1, 0xB9,
0x9D, 0xF2, 0xA8, 0x37, 0x73, 0x02, 0x01, 0x02
};
const int sizeof_dh_key_der_1024 = sizeof(dh_key_der_1024) ;
const int sizeof_dh_key_der_1024 = sizeof(dh_key_der_1024);
/* ./certs/1024/dsa1024.der, 1024-bit */
const unsigned char dsa_key_der_1024[] =
@ -223,7 +223,7 @@ const unsigned char dsa_key_der_1024[] =
0x3B, 0xA1, 0x19, 0x75, 0xDF, 0x9B, 0xF5, 0x72, 0x53, 0x4F,
0x39, 0xE1, 0x1C, 0xEC, 0x13, 0x84, 0x82, 0x18
};
const int sizeof_dsa_key_der_1024 = sizeof(dsa_key_der_1024) ;
const int sizeof_dsa_key_der_1024 = sizeof(dsa_key_der_1024);
/* ./certs/1024/rsa1024.der, 1024-bit */
const unsigned char rsa_key_der_1024[] =
@ -290,7 +290,7 @@ const unsigned char rsa_key_der_1024[] =
0xB9, 0x9E, 0xD5, 0x5B, 0x2E, 0x87, 0x1C, 0x58, 0xD0, 0x37,
0x89, 0x96, 0xEC, 0x48, 0x54, 0xF5, 0x9F, 0x0F, 0xB3
};
const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024) ;
const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024);
#elif defined(USE_CERT_BUFFERS_2048)
@ -418,7 +418,7 @@ const unsigned char client_key_der_2048[] =
0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD,
0xF5, 0xBF
};
const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048) ;
const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048);
/* ./certs/client-cert.der, 2048-bit */
const unsigned char client_cert_der_2048[] =
@ -543,11 +543,11 @@ const unsigned char client_cert_der_2048[] =
0xC9, 0xB1, 0x71, 0x7E, 0x1B, 0x2B, 0xE1, 0xE3, 0xAF, 0xC0
};
const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048) ;
const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048);
/* ./certs/dh2048.der, 2048-bit */
const unsigned char dh_key_der_2048[] =
{
{
0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB0,
0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C,
0xBC, 0x30, 0xD5, 0xF5, 0x00, 0xC1, 0x4F, 0x44, 0xA7, 0xD6,
@ -576,7 +576,7 @@ const unsigned char dh_key_der_2048[] =
0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E,
0x7E, 0xAF, 0x00, 0x3F, 0x93, 0x02, 0x01, 0x02
};
const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048) ;
const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048);
/* ./certs/dsa2048.der, 2048-bit */
const unsigned char dsa_key_der_2048[] =
@ -666,7 +666,7 @@ const unsigned char dsa_key_der_2048[] =
0x3E, 0x75, 0x13, 0x13, 0x06, 0x8F, 0x94, 0xD3, 0xE6, 0xE9,
0x00, 0xCB, 0x62, 0x6D, 0x9A
};
const int sizeof_dsa_key_der_2048 = sizeof(dsa_key_der_2048) ;
const int sizeof_dsa_key_der_2048 = sizeof(dsa_key_der_2048);
/* ./certs/rsa2048.der, 2048-bit */
const unsigned char rsa_key_der_2048[] =
@ -792,7 +792,356 @@ const unsigned char rsa_key_der_2048[] =
0x83, 0x0B, 0xD4, 0x74, 0x80, 0xB6, 0x7D, 0x62, 0x45, 0xBF,
0x56
};
const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048) ;
const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048);
/* ./certs/ca-cert.der, 2048-bit */
const unsigned char ca_cert_der_2048[] =
{
0x30, 0x82, 0x04, 0x9E, 0x30, 0x82, 0x03, 0x86, 0xA0, 0x03,
0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE9, 0xD0, 0xA7, 0x5F,
0x79, 0x25, 0xF4, 0x3C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
0x04, 0x07, 0x13, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A,
0x13, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68,
0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13,
0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E,
0x67, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03,
0x13, 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73,
0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06,
0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
0x16, 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73,
0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D,
0x31, 0x31, 0x31, 0x30, 0x32, 0x34, 0x31, 0x38, 0x31, 0x38,
0x31, 0x35, 0x5A, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x32,
0x30, 0x31, 0x38, 0x31, 0x38, 0x31, 0x35, 0x5A, 0x30, 0x81,
0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
0x55, 0x04, 0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
0x07, 0x13, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13,
0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31,
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A,
0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67,
0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C,
0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73,
0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30,
0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30,
0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C,
0xCA, 0x2D, 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38,
0x1F, 0x4A, 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F,
0xDF, 0xCA, 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66,
0xEE, 0x2A, 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B,
0x10, 0x98, 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC,
0x4F, 0xDE, 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA,
0x90, 0xBB, 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95,
0xC5, 0xF1, 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4,
0x10, 0x41, 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0,
0xD2, 0x70, 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C,
0x7C, 0xED, 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC,
0xC7, 0xED, 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49,
0x5C, 0x38, 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53,
0x94, 0x3C, 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3,
0x1D, 0x13, 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC,
0xB8, 0x7D, 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8,
0x21, 0xDC, 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A,
0xFC, 0x7D, 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C,
0x05, 0x67, 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C,
0xB5, 0x68, 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0,
0x63, 0xF5, 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1,
0x5A, 0x17, 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F,
0xFE, 0xC3, 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67,
0x00, 0x52, 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45,
0x1D, 0xB9, 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B,
0xBD, 0xED, 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3,
0x81, 0xF8, 0x30, 0x81, 0xF5, 0x30, 0x1D, 0x06, 0x03, 0x55,
0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11,
0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4,
0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC5, 0x06,
0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xBD, 0x30, 0x81, 0xBA,
0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D,
0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5,
0xE8, 0xD5, 0xA1, 0x81, 0x96, 0xA4, 0x81, 0x93, 0x30, 0x81,
0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
0x55, 0x04, 0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
0x07, 0x13, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13,
0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31,
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A,
0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67,
0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C,
0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73,
0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xE9, 0xD0,
0xA7, 0x5F, 0x79, 0x25, 0xF4, 0x3C, 0x30, 0x0C, 0x06, 0x03,
0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF,
0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
0x5F, 0x86, 0x14, 0xF4, 0x51, 0x8B, 0xBC, 0xA5, 0x4E, 0x30,
0xDA, 0x5E, 0xAC, 0x9A, 0xF8, 0x6C, 0xD9, 0x26, 0x4B, 0x93,
0xF9, 0xE3, 0x1C, 0x89, 0x6F, 0x9E, 0xEE, 0xB3, 0x9D, 0x77,
0x3E, 0x89, 0x20, 0x76, 0xA3, 0xE6, 0xE8, 0x86, 0x15, 0x21,
0xDB, 0xE2, 0x33, 0xB2, 0x34, 0xD5, 0xD0, 0x9F, 0xF3, 0xC1,
0xA4, 0x87, 0x92, 0x5C, 0xF9, 0xD1, 0xFF, 0x30, 0x2F, 0x8E,
0x03, 0xBC, 0xB3, 0x3C, 0x0C, 0x32, 0xA3, 0x90, 0x5F, 0x1A,
0x90, 0x1E, 0xAF, 0x9D, 0xF3, 0x9E, 0xD7, 0x07, 0x02, 0xA9,
0x7D, 0x27, 0x66, 0x63, 0x2F, 0xAF, 0x18, 0xD7, 0xAC, 0x18,
0x98, 0x8C, 0x83, 0x8F, 0x38, 0xF3, 0x0B, 0xAC, 0x36, 0x10,
0x75, 0xFB, 0xCA, 0x76, 0x13, 0x50, 0x5B, 0x02, 0x8F, 0x73,
0xBF, 0xE3, 0xA0, 0xEE, 0x83, 0x52, 0x25, 0x54, 0xCE, 0x26,
0xCE, 0x9C, 0xBD, 0x2F, 0x79, 0xAB, 0x1B, 0x60, 0xB8, 0x92,
0xF1, 0x03, 0xC0, 0xFC, 0x3B, 0x08, 0xD9, 0xC0, 0xAD, 0xD5,
0x72, 0x08, 0x25, 0x80, 0x61, 0x2D, 0xDC, 0x9F, 0xA7, 0x83,
0x62, 0x07, 0x47, 0xE0, 0x07, 0x4C, 0x4B, 0x07, 0x30, 0x04,
0xA9, 0x87, 0x1C, 0x55, 0x7F, 0x07, 0x12, 0xD0, 0xCB, 0x42,
0x5D, 0xCB, 0xCF, 0x66, 0x01, 0x1A, 0x17, 0xEE, 0xF9, 0x0F,
0x60, 0xB7, 0xDB, 0x6F, 0x68, 0xE5, 0x4E, 0x41, 0x62, 0x6E,
0xD3, 0x6F, 0x60, 0x4F, 0x4B, 0x27, 0xDE, 0xCF, 0x18, 0x07,
0xF1, 0x13, 0x5D, 0xCB, 0x3F, 0xA9, 0x25, 0x44, 0xDA, 0x52,
0x5C, 0xC8, 0x04, 0xE1, 0x56, 0x12, 0xF5, 0x2A, 0x90, 0x4E,
0xD1, 0xE2, 0xAF, 0x01, 0xB5, 0x23, 0xA1, 0xEC, 0x31, 0xDA,
0x7B, 0x63, 0x69, 0xC4, 0xB8, 0xF3, 0xE7, 0xCE, 0xA1, 0x3D,
0xC0, 0xDB, 0x6D, 0xF3, 0xB2, 0xD9, 0x46, 0xC8, 0x9F, 0xC3,
0xB8, 0x70, 0x5A, 0x1F, 0x7F, 0xCA
};
const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
/* ./certs/server-key.der, 2048-bit */
const unsigned char server_key_der_2048[] =
{
0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71,
0x6D, 0xB7, 0xD2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xC6, 0x45,
0xAE, 0xF2, 0xBC, 0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F, 0x4E,
0xD6, 0xF6, 0x1C, 0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67,
0x7F, 0xFE, 0x5C, 0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07,
0xE7, 0x35, 0x2F, 0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 0x2F, 0x7C,
0xAB, 0x64, 0xA8, 0x17, 0xFC, 0xCA, 0x5D, 0x7B, 0xBA, 0xE0,
0x21, 0xE5, 0x72, 0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73,
0xDA, 0xAC, 0x1B, 0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D,
0x25, 0x4F, 0xE1, 0x63, 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F,
0xAD, 0x43, 0xB8, 0xA5, 0x1C, 0x5C, 0x34, 0xB3, 0xAE, 0x00,
0xA0, 0x63, 0xC5, 0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73,
0xA6, 0x8C, 0x18, 0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01,
0x2E, 0xB8, 0x10, 0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3,
0x46, 0x33, 0x69, 0x87, 0x6E, 0xC4, 0xBB, 0x17, 0xA6, 0xF3,
0xE8, 0xDD, 0xAD, 0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5, 0xFD,
0x66, 0x51, 0x0C, 0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C,
0xBC, 0x23, 0x73, 0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10,
0xB9, 0x64, 0xC3, 0x2A, 0xD0, 0xA1, 0x96, 0x4A, 0xBC, 0xE1,
0xD4, 0x1A, 0x5B, 0xC7, 0xA0, 0xC0, 0xC1, 0x63, 0x78, 0x0F,
0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1,
0x77, 0xBA, 0x13, 0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9,
0x6A, 0x0D, 0xC3, 0x39, 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42,
0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58,
0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5,
0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03,
0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD0,
0x34, 0x0F, 0x52, 0x62, 0x05, 0x50, 0x01, 0xEF, 0x9F, 0xED,
0x64, 0x6E, 0xC2, 0xC4, 0xDA, 0x1A, 0xF2, 0x84, 0xD7, 0x92,
0x10, 0x48, 0x92, 0xC4, 0xE9, 0x6A, 0xEB, 0x8B, 0x75, 0x6C,
0xC6, 0x79, 0x38, 0xF2, 0xC9, 0x72, 0x4A, 0x86, 0x64, 0x54,
0x95, 0x77, 0xCB, 0xC3, 0x9A, 0x9D, 0xB7, 0xD4, 0x1D, 0xA4,
0x00, 0xC8, 0x9E, 0x4E, 0xE4, 0xDD, 0xC7, 0xBA, 0x67, 0x16,
0xC1, 0x74, 0xBC, 0xA9, 0xD6, 0x94, 0x8F, 0x2B, 0x30, 0x1A,
0xFB, 0xED, 0xDF, 0x21, 0x05, 0x23, 0xD9, 0x4A, 0x39, 0xBD,
0x98, 0x6B, 0x65, 0x9A, 0xB8, 0xDC, 0xC4, 0x7D, 0xEE, 0xA6,
0x43, 0x15, 0x2E, 0x3D, 0xBE, 0x1D, 0x22, 0x60, 0x2A, 0x73,
0x30, 0xD5, 0x3E, 0xD8, 0xA2, 0xAC, 0x86, 0x43, 0x2E, 0xC4,
0xF5, 0x64, 0x5E, 0x3F, 0x89, 0x75, 0x0F, 0x11, 0xD8, 0x51,
0x25, 0x4E, 0x9F, 0xD8, 0xAA, 0xA3, 0xCE, 0x60, 0xB3, 0xE2,
0x8A, 0xD9, 0x7E, 0x1B, 0xF0, 0x64, 0xCA, 0x9A, 0x5B, 0x05,
0x0B, 0x5B, 0xAA, 0xCB, 0xE5, 0xE3, 0x3F, 0x6E, 0x32, 0x22,
0x05, 0xF3, 0xD0, 0xFA, 0xEF, 0x74, 0x52, 0x81, 0xE2, 0x5F,
0x74, 0xD3, 0xBD, 0xFF, 0x31, 0x83, 0x45, 0x75, 0xFA, 0x63,
0x7A, 0x97, 0x2E, 0xD6, 0xB6, 0x19, 0xC6, 0x92, 0x26, 0xE4,
0x28, 0x06, 0x50, 0x50, 0x0E, 0x78, 0x2E, 0xA9, 0x78, 0x0D,
0x14, 0x97, 0xB4, 0x12, 0xD8, 0x31, 0x40, 0xAB, 0xA1, 0x01,
0x41, 0xC2, 0x30, 0xF8, 0x07, 0x5F, 0x16, 0xE4, 0x61, 0x77,
0xD2, 0x60, 0xF2, 0x9F, 0x8D, 0xE8, 0xF4, 0xBA, 0xEB, 0x63,
0xDE, 0x2A, 0x97, 0x81, 0xEF, 0x4C, 0x6C, 0xE6, 0x55, 0x34,
0x51, 0x2B, 0x28, 0x34, 0xF4, 0x53, 0x1C, 0xC4, 0x58, 0x0A,
0x3F, 0xBB, 0xAF, 0xB5, 0xF7, 0x4A, 0x85, 0x43, 0x2D, 0x3C,
0xF1, 0x58, 0x58, 0x81, 0x02, 0x81, 0x81, 0x00, 0xF2, 0x2C,
0x54, 0x76, 0x39, 0x23, 0x63, 0xC9, 0x10, 0x32, 0xB7, 0x93,
0xAD, 0xAF, 0xBE, 0x19, 0x75, 0x96, 0x81, 0x64, 0xE6, 0xB5,
0xB8, 0x89, 0x42, 0x41, 0xD1, 0x6D, 0xD0, 0x1C, 0x1B, 0xF8,
0x1B, 0xAC, 0x69, 0xCB, 0x36, 0x3C, 0x64, 0x7D, 0xDC, 0xF4,
0x19, 0xB8, 0xC3, 0x60, 0xB1, 0x57, 0x48, 0x5F, 0x52, 0x4F,
0x59, 0x3A, 0x55, 0x7F, 0x32, 0xC0, 0x19, 0x43, 0x50, 0x3F,
0xAE, 0xCE, 0x6F, 0x17, 0xF3, 0x0E, 0x9F, 0x40, 0xCA, 0x4E,
0xAD, 0x15, 0x3B, 0xC9, 0x79, 0xE9, 0xC0, 0x59, 0x38, 0x73,
0x70, 0x9C, 0x0A, 0x7C, 0xC9, 0x3A, 0x48, 0x32, 0xA7, 0xD8,
0x49, 0x75, 0x0A, 0x85, 0xC2, 0xC2, 0xFD, 0x15, 0x73, 0xDA,
0x99, 0x09, 0x2A, 0x69, 0x9A, 0x9F, 0x0A, 0x71, 0xBF, 0xB0,
0x04, 0xA6, 0x8C, 0x7A, 0x5A, 0x6F, 0x48, 0x5A, 0x54, 0x3B,
0xC6, 0xB1, 0x53, 0x17, 0xDF, 0xE7, 0x02, 0x81, 0x81, 0x00,
0xCB, 0x93, 0xDE, 0x77, 0x15, 0x5D, 0xB7, 0x5C, 0x5C, 0x7C,
0xD8, 0x90, 0xA9, 0x98, 0x2D, 0xD6, 0x69, 0x0E, 0x63, 0xB3,
0xA3, 0xDC, 0xA6, 0xCC, 0x8B, 0x6A, 0xA4, 0xA2, 0x12, 0x8C,
0x8E, 0x7B, 0x48, 0x2C, 0xB2, 0x4B, 0x37, 0xDC, 0x06, 0x18,
0x7D, 0xEA, 0xFE, 0x76, 0xA1, 0xD4, 0xA1, 0xE9, 0x3F, 0x0D,
0xCD, 0x1B, 0x5F, 0xAF, 0x5F, 0x9E, 0x96, 0x5B, 0x5B, 0x0F,
0xA1, 0x7C, 0xAF, 0xB3, 0x9B, 0x90, 0xDB, 0x57, 0x73, 0x3A,
0xED, 0xB0, 0x23, 0x44, 0xAE, 0x41, 0x4F, 0x1F, 0x07, 0x42,
0x13, 0x23, 0x4C, 0xCB, 0xFA, 0xF4, 0x14, 0xA4, 0xD5, 0xF7,
0x9E, 0x36, 0x7C, 0x5B, 0x9F, 0xA8, 0x3C, 0xC1, 0x85, 0x5F,
0x74, 0xD2, 0x39, 0x2D, 0xFF, 0xD0, 0x84, 0xDF, 0xFB, 0xB3,
0x20, 0x7A, 0x2E, 0x9B, 0x17, 0xAE, 0xE6, 0xBA, 0x0B, 0xAE,
0x5F, 0x53, 0xA4, 0x52, 0xED, 0x1B, 0xC4, 0x91, 0x02, 0x81,
0x81, 0x00, 0xEC, 0x98, 0xDA, 0xBB, 0xD5, 0xFE, 0xF9, 0x52,
0x4A, 0x7D, 0x02, 0x55, 0x49, 0x6F, 0x55, 0x6E, 0x52, 0x2F,
0x84, 0xA3, 0x2B, 0xB3, 0x86, 0x62, 0xB3, 0x54, 0xD2, 0x63,
0x52, 0xDA, 0xE3, 0x88, 0x76, 0xA0, 0xEF, 0x8B, 0x15, 0xA5,
0xD3, 0x18, 0x14, 0x72, 0x77, 0x5E, 0xC7, 0xA3, 0x04, 0x1F,
0x9E, 0x19, 0x62, 0xB5, 0x1B, 0x1B, 0x9E, 0xC3, 0xF2, 0xB5,
0x32, 0xF9, 0x4C, 0xC1, 0xAA, 0xEB, 0x0C, 0x26, 0x7D, 0xD4,
0x5F, 0x4A, 0x51, 0x5C, 0xA4, 0x45, 0x06, 0x70, 0x44, 0xA7,
0x56, 0xC0, 0xD4, 0x22, 0x14, 0x76, 0x9E, 0xD8, 0x63, 0x50,
0x89, 0x90, 0xD3, 0xE2, 0xBF, 0x81, 0x95, 0x92, 0x31, 0x41,
0x87, 0x39, 0x1A, 0x43, 0x0B, 0x18, 0xA5, 0x53, 0x1F, 0x39,
0x1A, 0x5F, 0x1F, 0x43, 0xBC, 0x87, 0x6A, 0xDF, 0x6E, 0xD3,
0x22, 0x00, 0xFE, 0x22, 0x98, 0x70, 0x4E, 0x1A, 0x19, 0x29,
0x02, 0x81, 0x81, 0x00, 0x8A, 0x41, 0x56, 0x28, 0x51, 0x9E,
0x5F, 0xD4, 0x9E, 0x0B, 0x3B, 0x98, 0xA3, 0x54, 0xF2, 0x6C,
0x56, 0xD4, 0xAA, 0xE9, 0x69, 0x33, 0x85, 0x24, 0x0C, 0xDA,
0xD4, 0x0C, 0x2D, 0xC4, 0xBF, 0x4F, 0x02, 0x69, 0x38, 0x7C,
0xD4, 0xE6, 0xDC, 0x4C, 0xED, 0xD7, 0x16, 0x11, 0xC3, 0x3E,
0x00, 0xE7, 0xC3, 0x26, 0xC0, 0x51, 0x02, 0xDE, 0xBB, 0x75,
0x9C, 0x6F, 0x56, 0x9C, 0x7A, 0xF3, 0x8E, 0xEF, 0xCF, 0x8A,
0xC5, 0x2B, 0xD2, 0xDA, 0x06, 0x6A, 0x44, 0xC9, 0x73, 0xFE,
0x6E, 0x99, 0x87, 0xF8, 0x5B, 0xBE, 0xF1, 0x7C, 0xE6, 0x65,
0xB5, 0x4F, 0x6C, 0xF0, 0xC9, 0xC5, 0xFF, 0x16, 0xCA, 0x8B,
0x1B, 0x17, 0xE2, 0x58, 0x3D, 0xA2, 0x37, 0xAB, 0x01, 0xBC,
0xBF, 0x40, 0xCE, 0x53, 0x8C, 0x8E, 0xED, 0xEF, 0xEE, 0x59,
0x9D, 0xE0, 0x63, 0xE6, 0x7C, 0x5E, 0xF5, 0x8E, 0x4B, 0xF1,
0x3B, 0xC1, 0x02, 0x81, 0x80, 0x4D, 0x45, 0xF9, 0x40, 0x8C,
0xC5, 0x5B, 0xF4, 0x2A, 0x1A, 0x8A, 0xB4, 0xF2, 0x1C, 0xAC,
0x6B, 0xE9, 0x0C, 0x56, 0x36, 0xB7, 0x4E, 0x72, 0x96, 0xD5,
0xE5, 0x8A, 0xD2, 0xE2, 0xFF, 0xF1, 0xF1, 0x18, 0x13, 0x3D,
0x86, 0x09, 0xB8, 0xD8, 0x76, 0xA7, 0xC9, 0x1C, 0x71, 0x52,
0x94, 0x30, 0x43, 0xE0, 0xF1, 0x78, 0x74, 0xFD, 0x61, 0x1B,
0x4C, 0x09, 0xCC, 0xE6, 0x68, 0x2A, 0x71, 0xAD, 0x1C, 0xDF,
0x43, 0xBC, 0x56, 0xDB, 0xA5, 0xA4, 0xBE, 0x35, 0x70, 0xA4,
0x5E, 0xCF, 0x4F, 0xFC, 0x00, 0x55, 0x99, 0x3A, 0x3D, 0x23,
0xCF, 0x67, 0x5A, 0xF5, 0x22, 0xF8, 0xB5, 0x29, 0xD0, 0x44,
0x11, 0xEB, 0x35, 0x2E, 0x46, 0xBE, 0xFD, 0x8E, 0x18, 0xB2,
0x5F, 0xA8, 0xBF, 0x19, 0x32, 0xA1, 0xF5, 0xDC, 0x03, 0xE6,
0x7C, 0x9A, 0x1F, 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37,
0x3B, 0xF1, 0xB0
};
const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048);
/* ./certs/server-cert.der, 2048-bit */
const unsigned char server_cert_der_2048[] =
{
0x30, 0x82, 0x03, 0x90, 0x30, 0x82, 0x02, 0x78, 0x02, 0x01,
0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x90, 0x31,
0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
0x08, 0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13,
0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11,
0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x08, 0x53,
0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30,
0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0A, 0x43, 0x6F,
0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x16,
0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0D, 0x77,
0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63,
0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86,
0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69,
0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E,
0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x31, 0x31,
0x30, 0x32, 0x34, 0x31, 0x38, 0x32, 0x37, 0x31, 0x33, 0x5A,
0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x32, 0x30, 0x31, 0x38,
0x32, 0x37, 0x31, 0x33, 0x5A, 0x30, 0x81, 0x8A, 0x31, 0x0B,
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08,
0x13, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31,
0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07,
0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x0E, 0x30,
0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x05, 0x79, 0x61,
0x53, 0x53, 0x4C, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
0x04, 0x0B, 0x13, 0x07, 0x53, 0x75, 0x70, 0x70, 0x6F, 0x72,
0x74, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03,
0x13, 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73,
0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06,
0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
0x16, 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73,
0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22,
0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00,
0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0,
0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 0x6D, 0xB7, 0xD2,
0x45, 0x41, 0x27, 0x01, 0x65, 0xC6, 0x45, 0xAE, 0xF2, 0xBC,
0x24, 0x30, 0xB8, 0x95, 0xCE, 0x2F, 0x4E, 0xD6, 0xF6, 0x1C,
0x88, 0xBC, 0x7C, 0x9F, 0xFB, 0xA8, 0x67, 0x7F, 0xFE, 0x5C,
0x9C, 0x51, 0x75, 0xF7, 0x8A, 0xCA, 0x07, 0xE7, 0x35, 0x2F,
0x8F, 0xE1, 0xBD, 0x7B, 0xC0, 0x2F, 0x7C, 0xAB, 0x64, 0xA8,
0x17, 0xFC, 0xCA, 0x5D, 0x7B, 0xBA, 0xE0, 0x21, 0xE5, 0x72,
0x2E, 0x6F, 0x2E, 0x86, 0xD8, 0x95, 0x73, 0xDA, 0xAC, 0x1B,
0x53, 0xB9, 0x5F, 0x3F, 0xD7, 0x19, 0x0D, 0x25, 0x4F, 0xE1,
0x63, 0x63, 0x51, 0x8B, 0x0B, 0x64, 0x3F, 0xAD, 0x43, 0xB8,
0xA5, 0x1C, 0x5C, 0x34, 0xB3, 0xAE, 0x00, 0xA0, 0x63, 0xC5,
0xF6, 0x7F, 0x0B, 0x59, 0x68, 0x78, 0x73, 0xA6, 0x8C, 0x18,
0xA9, 0x02, 0x6D, 0xAF, 0xC3, 0x19, 0x01, 0x2E, 0xB8, 0x10,
0xE3, 0xC6, 0xCC, 0x40, 0xB4, 0x69, 0xA3, 0x46, 0x33, 0x69,
0x87, 0x6E, 0xC4, 0xBB, 0x17, 0xA6, 0xF3, 0xE8, 0xDD, 0xAD,
0x73, 0xBC, 0x7B, 0x2F, 0x21, 0xB5, 0xFD, 0x66, 0x51, 0x0C,
0xBD, 0x54, 0xB3, 0xE1, 0x6D, 0x5F, 0x1C, 0xBC, 0x23, 0x73,
0xD1, 0x09, 0x03, 0x89, 0x14, 0xD2, 0x10, 0xB9, 0x64, 0xC3,
0x2A, 0xD0, 0xA1, 0x96, 0x4A, 0xBC, 0xE1, 0xD4, 0x1A, 0x5B,
0xC7, 0xA0, 0xC0, 0xC1, 0x63, 0x78, 0x0F, 0x44, 0x37, 0x30,
0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xA1, 0x77, 0xBA, 0x13,
0xD2, 0x97, 0x73, 0xE2, 0x5D, 0x25, 0xC9, 0x6A, 0x0D, 0xC3,
0x39, 0x60, 0xA4, 0xB4, 0xB0, 0x69, 0x42, 0x42, 0x09, 0xE9,
0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA,
0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, 0xD2, 0x96, 0xDF,
0xD9, 0xD0, 0x4F, 0xAD, 0xD7, 0x02, 0x03, 0x01, 0x00, 0x01,
0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
0x71, 0x4E, 0xD3, 0x62, 0xDF, 0xCC, 0x4C, 0xF7, 0xCD, 0xB7,
0x6E, 0x52, 0x0B, 0x6C, 0x6E, 0xE0, 0xBD, 0xC2, 0x2D, 0x07,
0xD7, 0xC0, 0xB0, 0x6E, 0x43, 0x1E, 0x35, 0xBC, 0x30, 0x01,
0x50, 0xF0, 0xFF, 0x99, 0x23, 0x6C, 0x18, 0x1A, 0x41, 0xB6,
0x11, 0xD6, 0xD4, 0x19, 0x61, 0xFD, 0xE4, 0x77, 0x97, 0x1C,
0x39, 0xE1, 0x57, 0xAB, 0xC5, 0x15, 0x63, 0x77, 0x11, 0x36,
0x5E, 0x74, 0xE2, 0x24, 0x0B, 0x1F, 0x41, 0x78, 0xAD, 0xB7,
0x81, 0xE7, 0xB4, 0x40, 0x66, 0x80, 0xF0, 0x4B, 0x91, 0xA0,
0x6D, 0xA8, 0x6E, 0x3D, 0x53, 0xD9, 0x8B, 0xCE, 0x2A, 0xE1,
0x0B, 0x45, 0x65, 0x87, 0xA1, 0x96, 0xAE, 0xEE, 0x3E, 0x88,
0xD5, 0x12, 0x1F, 0x78, 0x17, 0xAE, 0x2C, 0xC5, 0x73, 0x44,
0xD8, 0xDC, 0xF4, 0xAF, 0xD8, 0xCC, 0xAE, 0x4C, 0xE1, 0x0C,
0xBE, 0x55, 0xA4, 0x99, 0xF7, 0x6E, 0x96, 0xC0, 0xC8, 0x45,
0x87, 0xBF, 0xDC, 0x51, 0x57, 0xFF, 0x9E, 0x73, 0x37, 0x6A,
0x18, 0x9C, 0xC3, 0xF9, 0x22, 0x7A, 0xF4, 0xB0, 0x52, 0xBD,
0xFC, 0x21, 0x30, 0xF8, 0xC5, 0xFF, 0x1E, 0x87, 0x7D, 0xAD,
0xA2, 0x5A, 0x35, 0xF5, 0x22, 0xA8, 0xB4, 0x0A, 0x76, 0x38,
0xE6, 0x76, 0xB0, 0x98, 0xAF, 0x1B, 0xEC, 0x8A, 0x0A, 0x43,
0x74, 0xD2, 0x85, 0x34, 0x37, 0x84, 0x07, 0xE1, 0xF6, 0x23,
0xB2, 0x29, 0xDE, 0xA6, 0xB6, 0xB7, 0x4C, 0x57, 0x7E, 0x96,
0x06, 0xCB, 0xA9, 0x16, 0x25, 0x29, 0x3A, 0x03, 0x2D, 0x55,
0x7D, 0xA6, 0x8C, 0xA4, 0xF7, 0x9E, 0x81, 0xC9, 0x95, 0xB6,
0x7C, 0xC1, 0x4A, 0xCE, 0x94, 0x66, 0x0C, 0xCA, 0x88, 0xEB,
0xD2, 0x09, 0xF5, 0x5B, 0x19, 0x58, 0x82, 0xDF, 0x27, 0xFD,
0x67, 0x95, 0x78, 0xB7, 0x02, 0x06, 0xD5, 0xA7, 0x61, 0xBD,
0xEF, 0x3A, 0xFC, 0xB2, 0x61, 0xCD
};
const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048);
#endif /* USE_CERT_BUFFERS_1024 */

2
cyassl/ctaocrypt/aes.h
View File

@ -41,6 +41,8 @@
#if defined (__GNUC__)
#define ALIGN16 __attribute__ ( (aligned (16)))
#elif defined(_MSC_VER)
/* disable align warning, we want alignment ! */
#pragma warning(disable: 4324)
#define ALIGN16 __declspec (align (16))
#else
#define ALIGN16

11
cyassl/ctaocrypt/asn.h
View File

@ -189,7 +189,7 @@ enum Block_Sum {
enum Key_Sum {
DSAk = 515,
RSAk = 645,
NTRUk = 364,
NTRUk = 274,
ECDSAk = 518
};
@ -340,7 +340,8 @@ struct DecodedCert {
#endif /* HAVE_OCSP */
byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */
int subjectCNLen;
int subjectCNLen; /* CommonName Length */
char subjectCNEnc; /* CommonName Encoding */
int subjectCNStored; /* have we saved a copy we own */
char issuer[ASN_NAME_MAX]; /* full name including common name */
char subject[ASN_NAME_MAX]; /* full name including common name */
@ -411,16 +412,22 @@ struct DecodedCert {
/* easy access to subject info for other sign */
char* subjectSN;
int subjectSNLen;
char subjectSNEnc;
char* subjectC;
int subjectCLen;
char subjectCEnc;
char* subjectL;
int subjectLLen;
char subjectLEnc;
char* subjectST;
int subjectSTLen;
char subjectSTEnc;
char* subjectO;
int subjectOLen;
char subjectOEnc;
char* subjectOU;
int subjectOULen;
char subjectOUEnc;
char* subjectEmail;
int subjectEmailLen;
#endif /* CYASSL_CERT_GEN */

20
cyassl/ctaocrypt/asn_public.h
View File

@ -62,6 +62,11 @@ enum Ctc_SigType {
CTC_SHA512wECDSA = 526
};
enum Ctc_Encoding {
CTC_UTF8 = 0x0c, /* utf8 */
CTC_PRINTABLE = 0x13 /* printable */
};
#ifdef CYASSL_CERT_GEN
@ -70,20 +75,27 @@ enum Ctc_SigType {
#endif
enum Ctc_Misc {
CTC_NAME_SIZE = 64,
CTC_DATE_SIZE = 32,
CTC_MAX_ALT_SIZE = 8192, /* may be huge */
CTC_SERIAL_SIZE = 8
CTC_NAME_SIZE = 64,
CTC_DATE_SIZE = 32,
CTC_MAX_ALT_SIZE = 16384, /* may be huge */
CTC_SERIAL_SIZE = 8
};
typedef struct CertName {
char country[CTC_NAME_SIZE];
char countryEnc;
char state[CTC_NAME_SIZE];
char stateEnc;
char locality[CTC_NAME_SIZE];
char localityEnc;
char sur[CTC_NAME_SIZE];
char surEnc;
char org[CTC_NAME_SIZE];
char orgEnc;
char unit[CTC_NAME_SIZE];
char unitEnc;
char commonName[CTC_NAME_SIZE];
char commonNameEnc;
char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */
} CertName;

6
cyassl/ctaocrypt/des3.h
View File

@ -82,9 +82,9 @@ typedef struct Des3 {
CYASSL_API int Des_SetKey(Des* des, const byte* key, const byte* iv, int dir);
CYASSL_API void Des_SetIV(Des* des, const byte* iv);
CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API int Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir);
CYASSL_API int Des3_SetIV(Des3* des, const byte* iv);

2
cyassl/ctaocrypt/ecc.h
View File

@ -164,6 +164,8 @@ CYASSL_API
const byte* ecc_ctx_get_own_salt(ecEncCtx*);
CYASSL_API
int ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
CYASSL_API
int ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
CYASSL_API
int ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,

9
cyassl/ctaocrypt/error-crypt.h
View File

@ -33,7 +33,7 @@
/* error codes */
enum {
MAX_CODE_E = -100, /* errors -101 - -199 */
MAX_CODE_E = -100, /* errors -101 - -299 */
OPEN_RAN_E = -101, /* opening random device error */
READ_RAN_E = -102, /* reading random device error */
WINCRYPT_E = -103, /* windows crypt init error */
@ -125,11 +125,16 @@ enum {
FIPS_NOT_ALLOWED_E = -197, /* FIPS not allowed error */
ASN_NAME_INVALID_E = -198, /* ASN name constraint error */
MIN_CODE_E = -200 /* errors -101 - -199 */
RNG_FAILURE_E = -199, /* RNG Failed, Reinitialize */
HMAC_MIN_KEYLEN_E = -200, /* FIPS Mode HMAC Minimum Key Length error */
MIN_CODE_E = -300 /* errors -101 - -299 */
};
CYASSL_API void CTaoCryptErrorString(int err, char* buff);
CYASSL_API const char* CTaoCryptGetErrorString(int error);
#ifdef __cplusplus

2
cyassl/ctaocrypt/hmac.h
View File

@ -60,6 +60,8 @@
#define CYASSL_HMAC_CAVIUM_MAGIC 0xBEEF0005
enum {
HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */
IPAD = 0x36,
OPAD = 0x5C,

2
cyassl/ctaocrypt/include.am
View File

@ -24,7 +24,7 @@ nobase_include_HEADERS+= \
cyassl/ctaocrypt/md5.h \
cyassl/ctaocrypt/misc.h \
cyassl/ctaocrypt/pkcs7.h \
cyassl/ctaocrypt/port.h \
cyassl/ctaocrypt/wc_port.h \
cyassl/ctaocrypt/pwdbased.h \
cyassl/ctaocrypt/rabbit.h \
cyassl/ctaocrypt/chacha.h \

4
cyassl/ctaocrypt/integer.h
View File

@ -70,6 +70,10 @@ extern "C" {
#define MP_64BIT
#endif
#endif
/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */
#if defined(MP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T)
#undef MP_64BIT
#endif
/* some default configurations.
*

1
cyassl/ctaocrypt/md2.h
View File

@ -54,6 +54,7 @@ typedef struct Md2 {
CYASSL_API void InitMd2(Md2*);
CYASSL_API void Md2Update(Md2*, const byte*, word32);
CYASSL_API void Md2Final(Md2*, byte*);
CYASSL_API int Md2Hash(const byte*, word32, byte*);
#ifdef __cplusplus

2
cyassl/ctaocrypt/md5.h
View File

@ -63,6 +63,8 @@ typedef struct Md5 {
CYASSL_API void InitMd5(Md5*);
CYASSL_API void Md5Update(Md5*, const byte*, word32);
CYASSL_API void Md5Final(Md5*, byte*);
CYASSL_API int Md5Hash(const byte*, word32, byte*);
#ifdef __cplusplus
} /* extern "C" */

26
cyassl/ctaocrypt/random.h
View File

@ -84,6 +84,7 @@ typedef struct RNG {
byte V[DRBG_SEED_LEN];
byte C[DRBG_SEED_LEN];
word32 reseedCtr;
byte status;
} RNG;
@ -119,10 +120,33 @@ CYASSL_API int RNG_GenerateByte(RNG*, byte*);
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
CYASSL_API void FreeRng(RNG*);
CYASSL_API int FreeRng(RNG*);
CYASSL_API int RNG_HealthTest(int reseed,
const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz,
const byte* output, word32 outputSz);
#endif /* HAVE_HASHDRBG || NO_RC4 */
#ifdef HAVE_FIPS
/* fips wrapper calls, user can call direct */
CYASSL_API int InitRng_fips(RNG* rng);
CYASSL_API int FreeRng_fips(RNG* rng);
CYASSL_API int RNG_GenerateBlock_fips(RNG* rng, byte* buf, word32 bufSz);
CYASSL_API int RNG_HealthTest_fips(int reseed,
const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz,
const byte* output, word32 outputSz);
#ifndef FIPS_NO_WRAPPERS
/* if not impl or fips.c impl wrapper force fips calls if fips build */
#define InitRng InitRng_fips
#define FreeRng FreeRng_fips
#define RNG_GenerateBlock RNG_GenerateBlock_fips
#define RNG_HealthTest RNG_HealthTest_fips
#endif /* FIPS_NO_WRAPPERS */
#endif /* HAVE_FIPS */
#ifdef __cplusplus
} /* extern "C" */
#endif

13
cyassl/ctaocrypt/settings.h
View File

@ -647,6 +647,11 @@
#endif
/* FreeScale MMCAU hardware crypto has 4 byte alignment */
#ifdef FREESCALE_MMCAU
#define CYASSL_MMCAU_ALIGNMENT 4
#endif
/* if using hardware crypto and have alignment requirements, specify the
requirement here. The record header of SSL/TLS will prvent easy alignment.
This hint tries to help as much as possible. */
@ -655,6 +660,8 @@
#define CYASSL_GENERAL_ALIGNMENT 16
#elif defined(XSTREAM_ALIGNMENT)
#define CYASSL_GENERAL_ALIGNMENT 4
#elif defined(FREESCALE_MMCAU)
#define CYASSL_GENERAL_ALIGNMENT CYASSL_MMCAU_ALIGNMENT
#else
#define CYASSL_GENERAL_ALIGNMENT 0
#endif
@ -666,6 +673,12 @@
#define NO_SKID
#endif
#ifdef __INTEL_COMPILER
#pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */
#endif
/* Place any other flags or defines here */

1
cyassl/ctaocrypt/sha.h
View File

@ -65,6 +65,7 @@ typedef struct Sha {
CYASSL_API int InitSha(Sha*);
CYASSL_API int ShaUpdate(Sha*, const byte*, word32);
CYASSL_API int ShaFinal(Sha*, byte*);
CYASSL_API int ShaHash(const byte*, word32, byte*);
#ifdef HAVE_FIPS

7
cyassl/ctaocrypt/sha256.h
View File

@ -61,9 +61,10 @@ typedef struct Sha256 {
} Sha256;
CYASSL_API int InitSha256(Sha256*);
CYASSL_API int Sha256Update(Sha256*, const byte*, word32);
CYASSL_API int Sha256Final(Sha256*, byte*);
CYASSL_API int InitSha256(Sha256*);
CYASSL_API int Sha256Update(Sha256*, const byte*, word32);
CYASSL_API int Sha256Final(Sha256*, byte*);
CYASSL_API int Sha256Hash(const byte*, word32, byte*);
#ifdef HAVE_FIPS

2
cyassl/ctaocrypt/sha512.h
View File

@ -54,6 +54,7 @@ typedef struct Sha512 {
CYASSL_API int InitSha512(Sha512*);
CYASSL_API int Sha512Update(Sha512*, const byte*, word32);
CYASSL_API int Sha512Final(Sha512*, byte*);
CYASSL_API int Sha512Hash(const byte*, word32, byte*);
#if defined(CYASSL_SHA384) || defined(HAVE_AESGCM)
@ -80,6 +81,7 @@ typedef struct Sha384 {
CYASSL_API int InitSha384(Sha384*);
CYASSL_API int Sha384Update(Sha384*, const byte*, word32);
CYASSL_API int Sha384Final(Sha384*, byte*);
CYASSL_API int Sha384Hash(const byte*, word32, byte*);
#ifdef HAVE_FIPS

5
cyassl/ctaocrypt/tfm.h
View File

@ -73,6 +73,11 @@
#if defined(__x86_64__) && !defined(FP_64BIT)
#define FP_64BIT
#endif
/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */
#if defined(FP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T)
#undef FP_64BIT
#undef TFM_X86_64
#endif
#endif /* NO_64BIT */
/* try to detect x86-32 */

2
cyassl/ctaocrypt/types.h
View File

@ -24,7 +24,7 @@
#define CTAO_CRYPT_TYPES_H
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ctaocrypt/port.h>
#include <cyassl/ctaocrypt/wc_port.h>
#ifdef __cplusplus
extern "C" {

173
cyassl/error-ssl.h
View File

@ -30,98 +30,99 @@
#endif
enum CyaSSL_ErrorCodes {
INPUT_CASE_ERROR = -201, /* process input state error */
PREFIX_ERROR = -202, /* bad index to key rounds */
MEMORY_ERROR = -203, /* out of memory */
VERIFY_FINISHED_ERROR = -204, /* verify problem on finished */
VERIFY_MAC_ERROR = -205, /* verify mac problem */
PARSE_ERROR = -206, /* parse error on header */
UNKNOWN_HANDSHAKE_TYPE = -207, /* weird handshake type */
SOCKET_ERROR_E = -208, /* error state on socket */
SOCKET_NODATA = -209, /* expected data, not there */
INCOMPLETE_DATA = -210, /* don't have enough data to
INPUT_CASE_ERROR = -301, /* process input state error */
PREFIX_ERROR = -302, /* bad index to key rounds */
MEMORY_ERROR = -303, /* out of memory */
VERIFY_FINISHED_ERROR = -304, /* verify problem on finished */
VERIFY_MAC_ERROR = -305, /* verify mac problem */
PARSE_ERROR = -306, /* parse error on header */
UNKNOWN_HANDSHAKE_TYPE = -307, /* weird handshake type */
SOCKET_ERROR_E = -308, /* error state on socket */
SOCKET_NODATA = -309, /* expected data, not there */
INCOMPLETE_DATA = -310, /* don't have enough data to
complete task */
UNKNOWN_RECORD_TYPE = -211, /* unknown type in record hdr */
DECRYPT_ERROR = -212, /* error during decryption */
FATAL_ERROR = -213, /* recvd alert fatal error */
ENCRYPT_ERROR = -214, /* error during encryption */
FREAD_ERROR = -215, /* fread problem */
NO_PEER_KEY = -216, /* need peer's key */
NO_PRIVATE_KEY = -217, /* need the private key */
RSA_PRIVATE_ERROR = -218, /* error during rsa priv op */
NO_DH_PARAMS = -219, /* server missing DH params */
BUILD_MSG_ERROR = -220, /* build message failure */
UNKNOWN_RECORD_TYPE = -311, /* unknown type in record hdr */
DECRYPT_ERROR = -312, /* error during decryption */
FATAL_ERROR = -313, /* recvd alert fatal error */
ENCRYPT_ERROR = -314, /* error during encryption */
FREAD_ERROR = -315, /* fread problem */
NO_PEER_KEY = -316, /* need peer's key */
NO_PRIVATE_KEY = -317, /* need the private key */
RSA_PRIVATE_ERROR = -318, /* error during rsa priv op */
NO_DH_PARAMS = -319, /* server missing DH params */
BUILD_MSG_ERROR = -320, /* build message failure */
BAD_HELLO = -221, /* client hello malformed */
DOMAIN_NAME_MISMATCH = -222, /* peer subject name mismatch */
WANT_READ = -223, /* want read, call again */
NOT_READY_ERROR = -224, /* handshake layer not ready */
PMS_VERSION_ERROR = -225, /* pre m secret version error */
VERSION_ERROR = -226, /* record layer version error */
WANT_WRITE = -227, /* want write, call again */
BUFFER_ERROR = -228, /* malformed buffer input */
VERIFY_CERT_ERROR = -229, /* verify cert error */
VERIFY_SIGN_ERROR = -230, /* verify sign error */
CLIENT_ID_ERROR = -231, /* psk client identity error */
SERVER_HINT_ERROR = -232, /* psk server hint error */
PSK_KEY_ERROR = -233, /* psk key error */
ZLIB_INIT_ERROR = -234, /* zlib init error */
ZLIB_COMPRESS_ERROR = -235, /* zlib compression error */
ZLIB_DECOMPRESS_ERROR = -236, /* zlib decompression error */
BAD_HELLO = -321, /* client hello malformed */
DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */
WANT_READ = -323, /* want read, call again */
NOT_READY_ERROR = -324, /* handshake layer not ready */
PMS_VERSION_ERROR = -325, /* pre m secret version error */
VERSION_ERROR = -326, /* record layer version error */
WANT_WRITE = -327, /* want write, call again */
BUFFER_ERROR = -328, /* malformed buffer input */
VERIFY_CERT_ERROR = -329, /* verify cert error */
VERIFY_SIGN_ERROR = -330, /* verify sign error */
CLIENT_ID_ERROR = -331, /* psk client identity error */
SERVER_HINT_ERROR = -332, /* psk server hint error */
PSK_KEY_ERROR = -333, /* psk key error */
ZLIB_INIT_ERROR = -334, /* zlib init error */
ZLIB_COMPRESS_ERROR = -335, /* zlib compression error */
ZLIB_DECOMPRESS_ERROR = -336, /* zlib decompression error */
GETTIME_ERROR = -237, /* gettimeofday failed ??? */
GETITIMER_ERROR = -238, /* getitimer failed ??? */
SIGACT_ERROR = -239, /* sigaction failed ??? */
SETITIMER_ERROR = -240, /* setitimer failed ??? */
LENGTH_ERROR = -241, /* record layer length error */
PEER_KEY_ERROR = -242, /* can't decode peer key */
ZERO_RETURN = -243, /* peer sent close notify */
SIDE_ERROR = -244, /* wrong client/server type */
NO_PEER_CERT = -245, /* peer didn't send key */
NTRU_KEY_ERROR = -246, /* NTRU key error */
NTRU_DRBG_ERROR = -247, /* NTRU drbg error */
NTRU_ENCRYPT_ERROR = -248, /* NTRU encrypt error */
NTRU_DECRYPT_ERROR = -249, /* NTRU decrypt error */
ECC_CURVETYPE_ERROR = -250, /* Bad ECC Curve Type */
ECC_CURVE_ERROR = -251, /* Bad ECC Curve */
ECC_PEERKEY_ERROR = -252, /* Bad Peer ECC Key */
ECC_MAKEKEY_ERROR = -253, /* Bad Make ECC Key */
ECC_EXPORT_ERROR = -254, /* Bad ECC Export Key */
ECC_SHARED_ERROR = -255, /* Bad ECC Shared Secret */
NOT_CA_ERROR = -257, /* Not a CA cert error */
BAD_PATH_ERROR = -258, /* Bad path for opendir */
BAD_CERT_MANAGER_ERROR = -259, /* Bad Cert Manager */
OCSP_CERT_REVOKED = -260, /* OCSP Certificate revoked */
CRL_CERT_REVOKED = -261, /* CRL Certificate revoked */
CRL_MISSING = -262, /* CRL Not loaded */
MONITOR_RUNNING_E = -263, /* CRL Monitor already running */
THREAD_CREATE_E = -264, /* Thread Create Error */
OCSP_NEED_URL = -265, /* OCSP need an URL for lookup */
OCSP_CERT_UNKNOWN = -266, /* OCSP responder doesn't know */
OCSP_LOOKUP_FAIL = -267, /* OCSP lookup not successful */
MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */
COOKIE_ERROR = -269, /* dtls cookie error */
SEQUENCE_ERROR = -270, /* dtls sequence error */
SUITES_ERROR = -271, /* suites pointer error */
SSL_NO_PEM_HEADER = -272, /* no PEM header found */
OUT_OF_ORDER_E = -273, /* out of order message */
BAD_KEA_TYPE_E = -274, /* bad KEA type found */
SANITY_CIPHER_E = -275, /* sanity check on cipher error */
RECV_OVERFLOW_E = -276, /* RXCB returned more than rqed */
GEN_COOKIE_E = -277, /* Generate Cookie Error */
NO_PEER_VERIFY = -278, /* Need peer cert verify Error */
FWRITE_ERROR = -279, /* fwrite problem */
CACHE_MATCH_ERROR = -280, /* chache hdr match error */
UNKNOWN_SNI_HOST_NAME_E = -281, /* Unrecognized host name Error */
UNKNOWN_MAX_FRAG_LEN_E = -282, /* Unrecognized max frag len Error */
GETTIME_ERROR = -337, /* gettimeofday failed ??? */
GETITIMER_ERROR = -338, /* getitimer failed ??? */
SIGACT_ERROR = -339, /* sigaction failed ??? */
SETITIMER_ERROR = -340, /* setitimer failed ??? */
LENGTH_ERROR = -341, /* record layer length error */
PEER_KEY_ERROR = -342, /* can't decode peer key */
ZERO_RETURN = -343, /* peer sent close notify */
SIDE_ERROR = -344, /* wrong client/server type */
NO_PEER_CERT = -345, /* peer didn't send key */
NTRU_KEY_ERROR = -346, /* NTRU key error */
NTRU_DRBG_ERROR = -347, /* NTRU drbg error */
NTRU_ENCRYPT_ERROR = -348, /* NTRU encrypt error */
NTRU_DECRYPT_ERROR = -349, /* NTRU decrypt error */
ECC_CURVETYPE_ERROR = -350, /* Bad ECC Curve Type */
ECC_CURVE_ERROR = -351, /* Bad ECC Curve */
ECC_PEERKEY_ERROR = -352, /* Bad Peer ECC Key */
ECC_MAKEKEY_ERROR = -353, /* Bad Make ECC Key */
ECC_EXPORT_ERROR = -354, /* Bad ECC Export Key */
ECC_SHARED_ERROR = -355, /* Bad ECC Shared Secret */
NOT_CA_ERROR = -357, /* Not a CA cert error */
BAD_PATH_ERROR = -358, /* Bad path for opendir */
BAD_CERT_MANAGER_ERROR = -359, /* Bad Cert Manager */
OCSP_CERT_REVOKED = -360, /* OCSP Certificate revoked */
CRL_CERT_REVOKED = -361, /* CRL Certificate revoked */
CRL_MISSING = -362, /* CRL Not loaded */
MONITOR_RUNNING_E = -363, /* CRL Monitor already running */
THREAD_CREATE_E = -364, /* Thread Create Error */
OCSP_NEED_URL = -365, /* OCSP need an URL for lookup */
OCSP_CERT_UNKNOWN = -366, /* OCSP responder doesn't know */
OCSP_LOOKUP_FAIL = -367, /* OCSP lookup not successful */
MAX_CHAIN_ERROR = -368, /* max chain depth exceeded */
COOKIE_ERROR = -369, /* dtls cookie error */
SEQUENCE_ERROR = -370, /* dtls sequence error */
SUITES_ERROR = -371, /* suites pointer error */
SSL_NO_PEM_HEADER = -372, /* no PEM header found */
OUT_OF_ORDER_E = -373, /* out of order message */
BAD_KEA_TYPE_E = -374, /* bad KEA type found */
SANITY_CIPHER_E = -375, /* sanity check on cipher error */
RECV_OVERFLOW_E = -376, /* RXCB returned more than rqed */
GEN_COOKIE_E = -377, /* Generate Cookie Error */
NO_PEER_VERIFY = -378, /* Need peer cert verify Error */
FWRITE_ERROR = -379, /* fwrite problem */
CACHE_MATCH_ERROR = -380, /* chache hdr match error */
UNKNOWN_SNI_HOST_NAME_E = -381, /* Unrecognized host name Error */
UNKNOWN_MAX_FRAG_LEN_E = -382, /* Unrecognized max frag len Error */
KEYUSE_SIGNATURE_E = -383, /* KeyUse digSignature error */
KEYUSE_ENCIPHER_E = -385, /* KeyUse keyEncipher error */
EXTKEYUSE_AUTH_E = -386, /* ExtKeyUse server|client_auth */
SEND_OOB_READ_E = -387, /* Send Cb out of bounds read */
/* add strings to SetErrorString !!!!! */
KEYUSE_SIGNATURE_E = -283, /* KeyUse digSignature error */
KEYUSE_ENCIPHER_E = -285, /* KeyUse keyEncipher error */
EXTKEYUSE_AUTH_E = -286, /* ExtKeyUse server|client_auth */
/* begin negotiation parameter errors */
UNSUPPORTED_SUITE = -290, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -291 /* can't match cipher suite */
UNSUPPORTED_SUITE = -390, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -391 /* can't match cipher suite */
/* end negotiation parameter errors only 10 for now */
/* add strings to SetErrorString !!!!! */
};

98
cyassl/internal.h
View File

@ -216,7 +216,7 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
#define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
#endif
#if !defined(NO_DH) && defined(OPENSSL_EXTRA)
#if !defined(NO_DH)
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
@ -242,6 +242,14 @@ void c32to24(word32 in, word24 out);
#ifdef HAVE_AESCCM
#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
#define BUILD_TLS_PSK_WITH_AES_128_CCM
#define BUILD_TLS_PSK_WITH_AES_256_CCM
#endif
#endif
#ifdef CYASSL_SHA384
#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
#ifdef HAVE_AESGCM
#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
#endif
#endif
#endif
@ -262,6 +270,9 @@ void c32to24(word32 in, word24 out);
#ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_NULL_SHA256
#endif
#ifdef CYASSL_SHA384
#define BUILD_TLS_PSK_WITH_NULL_SHA384
#endif
#endif
#endif
@ -282,7 +293,7 @@ void c32to24(word32 in, word24 out);
#endif
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
!defined(NO_RSA) && defined(OPENSSL_EXTRA)
!defined(NO_RSA)
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
@ -299,6 +310,32 @@ void c32to24(word32 in, word24 out);
#endif
#endif
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
#ifndef NO_SHA256
#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
#ifdef HAVE_NULL_CIPHER
#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
#endif
#ifdef HAVE_AESGCM
#define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
#endif
#ifdef HAVE_AESCCM
#define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
#define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
#endif
#endif
#ifdef CYASSL_SHA384
#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
#ifdef HAVE_NULL_CIPHER
#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
#endif
#ifdef HAVE_AESGCM
#define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
#endif
#endif
#endif
#if defined(HAVE_ECC) && !defined(NO_TLS)
#if !defined(NO_AES)
#if !defined(NO_SHA)
@ -439,7 +476,6 @@ void c32to24(word32 in, word24 out);
#endif
/* actual cipher values, 2nd byte */
enum {
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
@ -449,8 +485,10 @@ enum {
TLS_RSA_WITH_NULL_SHA = 0x02,
TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
TLS_PSK_WITH_NULL_SHA256 = 0xb0,
TLS_PSK_WITH_NULL_SHA384 = 0xb1,
TLS_PSK_WITH_NULL_SHA = 0x2c,
SSL_RSA_WITH_RC4_128_SHA = 0x05,
SSL_RSA_WITH_RC4_128_MD5 = 0x04,
@ -484,7 +522,6 @@ enum {
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
/* CyaSSL extension - eSTREAM */
TLS_RSA_WITH_HC_128_MD5 = 0xFB,
TLS_RSA_WITH_HC_128_SHA = 0xFC,
@ -498,7 +535,7 @@ enum {
/* CyaSSL extension - NTRU */
TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */
TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
/* SHA256 */
@ -507,12 +544,22 @@ enum {
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
TLS_RSA_WITH_NULL_SHA256 = 0x3b,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
/* SHA384 */
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
/* AES-GCM */
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
@ -536,7 +583,10 @@ enum {
TLS_PSK_WITH_AES_256_CCM = 0xa5,
TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
/* Camellia */
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
@ -644,7 +694,7 @@ enum Misc {
TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
MAX_PRF_HALF = 128, /* Maximum half secret len */
MAX_PRF_HALF = 256, /* Maximum half secret len */
MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
MAX_PRF_DIG = 224, /* Maximum digest len */
MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
@ -953,32 +1003,6 @@ int SetCipherList(Suites*, const char* list);
#endif /* PSK_TYPES_DEFINED */
#ifndef CYASSL_USER_IO
/* default IO callbacks */
CYASSL_LOCAL
int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL
int EmbedSend(CYASSL *ssl, char *buf, int sz, void *ctx);
#ifdef HAVE_OCSP
CYASSL_LOCAL
int EmbedOcspLookup(void*, const char*, int, byte*, int, byte**);
CYASSL_LOCAL
void EmbedOcspRespFree(void*, byte*);
#endif
#ifdef CYASSL_DTLS
CYASSL_LOCAL
int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL
int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL
int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx);
CYASSL_LOCAL
int IsUDP(void*);
#endif /* CYASSL_DTLS */
#endif /* CYASSL_USER_IO */
#ifdef HAVE_NETX
CYASSL_LOCAL int NetX_Receive(CYASSL *ssl, char *buf, int sz, void *ctx);
CYASSL_LOCAL int NetX_Send(CYASSL *ssl, char *buf, int sz, void *ctx);
@ -1146,6 +1170,7 @@ typedef struct TLSX {
CYASSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
CYASSL_LOCAL void TLSX_FreeAll(TLSX* list);
CYASSL_LOCAL int TLSX_SupportExtensions(CYASSL* ssl);
#ifndef NO_CYASSL_CLIENT
CYASSL_LOCAL word16 TLSX_GetRequestSize(CYASSL* ssl);
@ -1360,6 +1385,7 @@ enum KeyExchangeAlgorithm {
diffie_hellman_kea,
fortezza_kea,
psk_kea,
dhe_psk_kea,
ntru_kea,
ecc_diffie_hellman_kea,
ecc_static_diffie_hellman_kea /* for verify suite only */
@ -1401,7 +1427,10 @@ enum ClientCertificateType {
dss_fixed_dh = 4,
rsa_ephemeral_dh = 5,
dss_ephemeral_dh = 6,
fortezza_kea_cert = 20
fortezza_kea_cert = 20,
ecdsa_sign = 64,
rsa_fixed_ecdh = 65,
ecdsa_fixed_ecdh = 66
};
@ -1597,7 +1626,7 @@ typedef struct Buffers {
#ifndef NO_CERTS
buffer certificate; /* CYASSL_CTX owns, unless we own */
buffer key; /* CYASSL_CTX owns, unless we own */
buffer certChain; /* CYASSL_CTX owns */
buffer certChain; /* CYASSL_CTX owns, unless we own */
/* chain after self, in DER, with leading size for each cert */
buffer serverDH_P; /* CYASSL_CTX owns, unless we own */
buffer serverDH_G; /* CYASSL_CTX owns, unless we own */
@ -1613,6 +1642,7 @@ typedef struct Buffers {
int plainSz; /* plain text bytes in buffer to send
when got WANT_WRITE */
byte weOwnCert; /* SSL own cert flag */
byte weOwnCertChain; /* SSL own cert chain flag */
byte weOwnKey; /* SSL own key flag */
byte weOwnDH; /* SSL own dh (p,g) flag */
#ifdef CYASSL_DTLS

1
cyassl/openssl/ssl.h
View File

@ -142,6 +142,7 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
#define ERR_error_string CyaSSL_ERR_error_string
#define ERR_error_string_n CyaSSL_ERR_error_string_n
#define ERR_reason_error_string CyaSSL_ERR_reason_error_string
#define SSL_set_ex_data CyaSSL_set_ex_data
#define SSL_get_shutdown CyaSSL_get_shutdown

22
cyassl/ssl.h
View File

@ -312,6 +312,7 @@ CYASSL_API int CyaSSL_ERR_GET_REASON(int err);
CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*);
CYASSL_API void CyaSSL_ERR_error_string_n(unsigned long e, char* buf,
unsigned long sz);
CYASSL_API const char* CyaSSL_ERR_reason_error_string(unsigned long);
/* extras */
@ -937,6 +938,27 @@ CYASSL_API void* CyaSSL_GetIOWriteCtx(CYASSL* ssl);
CYASSL_API void CyaSSL_SetIOReadFlags( CYASSL* ssl, int flags);
CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags);
#ifndef CYASSL_USER_IO
/* default IO callbacks */
CYASSL_API int EmbedReceive(CYASSL* ssl, char* buf, int sz, void* ctx);
CYASSL_API int EmbedSend(CYASSL* ssl, char* buf, int sz, void* ctx);
#ifdef HAVE_OCSP
CYASSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*,
int, unsigned char**);
CYASSL_API void EmbedOcspRespFree(void*, unsigned char*);
#endif
#ifdef CYASSL_DTLS
CYASSL_API int EmbedReceiveFrom(CYASSL* ssl, char* buf, int sz, void*);
CYASSL_API int EmbedSendTo(CYASSL* ssl, char* buf, int sz, void* ctx);
CYASSL_API int EmbedGenerateCookie(CYASSL* ssl, unsigned char* buf,
int sz, void*);
#endif /* CYASSL_DTLS */
#endif /* CYASSL_USER_IO */
#ifdef HAVE_NETX
CYASSL_API void CyaSSL_SetIO_NetX(CYASSL* ssl, NX_TCP_SOCKET* nxsocket,
ULONG waitoption);

23
cyassl/test.h
View File

@ -9,6 +9,7 @@
#include <ctype.h>
#include <cyassl/ssl.h>
#include <cyassl/ctaocrypt/types.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#ifdef ATOMIC_USER
#include <cyassl/ctaocrypt/aes.h>
@ -894,6 +895,25 @@ static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
#endif /* VERIFY_CALLBACK */
static INLINE int myDateCb(int preverify, CYASSL_X509_STORE_CTX* store)
{
(void)preverify;
char buffer[CYASSL_MAX_ERROR_SZ];
printf("In verification callback, error = %d, %s\n", store->error,
CyaSSL_ERR_error_string(store->error, buffer));
printf("Subject's domain name is %s\n", store->domain);
if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
printf("Overriding cert date error as example for bad clock testing\n");
return 1;
}
printf("Cert error is not date error, not overriding\n");
return 0;
}
#ifdef HAVE_CRL
static INLINE void CRL_CallBack(const char* url)
@ -912,6 +932,7 @@ static INLINE void CaCb(unsigned char* der, int sz, int type)
}
#ifndef NO_DH
static INLINE void SetDH(CYASSL* ssl)
{
/* dh1024 p */
@ -965,7 +986,7 @@ static INLINE void SetDHCtx(CYASSL_CTX* ctx)
CyaSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
}
#endif /* NO_DH */
#endif /* !NO_CERTS */
#ifdef HAVE_CAVIUM

4
cyassl/version.h
View File

@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBCYASSL_VERSION_STRING "3.0.0"
#define LIBCYASSL_VERSION_HEX 0x03000000
#define LIBCYASSL_VERSION_STRING "3.0.3"
#define LIBCYASSL_VERSION_HEX 0x03000003
#ifdef __cplusplus
}

10
examples/client/client.c
View File

@ -128,6 +128,7 @@ static void Usage(void)
printf("-s Use pre Shared keys\n");
printf("-t Track CyaSSL memory use\n");
printf("-d Disable peer checks\n");
printf("-D Override Date Errors example\n");
printf("-g Send server HTTP GET\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
@ -197,6 +198,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
int fewerPackets = 0;
int atomicUser = 0;
int pkCallbacks = 0;
int overrideDateErrors = 0;
char* cipherList = NULL;
const char* verifyCert = caCert;
const char* ourCert = cliCert;
@ -238,7 +240,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
StackTrap();
while ((ch = mygetopt(argc, argv,
"?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
"?gdDusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) {
switch (ch) {
case '?' :
Usage();
@ -252,6 +254,10 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
doPeerCheck = 0;
break;
case 'D' :
overrideDateErrors = 1;
break;
case 'u' :
doDTLS = 1;
break;
@ -545,6 +551,8 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
#if !defined(NO_CERTS)
if (!usePsk && doPeerCheck == 0)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
if (!usePsk && overrideDateErrors == 1)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
#endif
#ifdef HAVE_CAVIUM

4
examples/echoserver/echoserver.c
View File

@ -227,9 +227,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
ssl = CyaSSL_new(ctx);
if (ssl == NULL) err_sys("SSL_new failed");
CyaSSL_set_fd(ssl, clientfd);
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_CERTS)
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher than PSK */
#endif
if (CyaSSL_accept(ssl) != SSL_SUCCESS) {

4
examples/server/server.c
View File

@ -481,9 +481,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SSL_set_fd(ssl, clientfd);
if (usePsk == 0 || cipherList != NULL) {
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#elif !defined(NO_CERTS)
#elif !defined(NO_DH)
SetDH(ssl); /* repick suites with DHE, higher priority than PSK */
#endif
}

42
gencertbuf.pl
View File

@ -1,10 +1,10 @@
#!/usr/bin/perl
# gencertbuf.pl
# version 1.0
# Updated 01/28/2013
# version 1.1
# Updated 07/01/2014
#
# Copyright (C) 2006-2013 wolfSSL
# Copyright (C) 2006-2014 wolfSSL Inc.
#
use strict;
@ -34,7 +34,10 @@ my @fileList_2048 = (
[ "./certs/client-cert.der", "client_cert_der_2048" ],
[ "./certs/dh2048.der", "dh_key_der_2048" ],
[ "./certs/dsa2048.der", "dsa_key_der_2048" ],
[ "./certs/rsa2048.der", "rsa_key_der_2048" ]
[ "./certs/rsa2048.der", "rsa_key_der_2048" ],
[ "./certs/ca-cert.der", "ca_cert_der_2048" ],
[ "./certs/server-key.der", "server_key_der_2048" ],
[ "./certs/server-cert.der", "server_cert_der_2048" ]
);
# ----------------------------------------------------------------------------
@ -51,22 +54,32 @@ print OUT_FILE "#define CYASSL_CERTS_TEST_H\n\n";
# convert and print 1024-bit cert/keys
print OUT_FILE "#ifdef USE_CERT_BUFFERS_1024\n\n";
for(my $i = 0; $i < $num_1024; $i++) {
print OUT_FILE "/* $fileList_1024[$i][0], 1024-bit */\n";
print OUT_FILE "const unsigned char $fileList_1024[$i][1]\[] =\n";
for (my $i = 0; $i < $num_1024; $i++) {
my $fname = $fileList_1024[$i][0];
my $sname = $fileList_1024[$i][1];
print OUT_FILE "/* $fname, 1024-bit */\n";
print OUT_FILE "const unsigned char $sname\[] =\n";
print OUT_FILE "{\n";
file_to_hex($fileList_1024[$i][0]);
print OUT_FILE "};\n\n";
file_to_hex($fname);
print OUT_FILE "};\n";
print OUT_FILE "const int sizeof_$sname = sizeof($sname);\n\n";
}
# convert and print 2048-bit certs/keys
print OUT_FILE "#elif defined(USE_CERT_BUFFERS_2048)\n\n";
for(my $i = 0; $i < $num_2048; $i++) {
print OUT_FILE "/* $fileList_2048[$i][0], 2048-bit */\n";
print OUT_FILE "const unsigned char $fileList_2048[$i][1]\[] =\n";
for (my $i = 0; $i < $num_2048; $i++) {
my $fname = $fileList_2048[$i][0];
my $sname = $fileList_2048[$i][1];
print OUT_FILE "/* $fname, 2048-bit */\n";
print OUT_FILE "const unsigned char $sname\[] =\n";
print OUT_FILE "{\n";
file_to_hex($fileList_2048[$i][0]);
print OUT_FILE "};\n\n";
file_to_hex($fname);
print OUT_FILE "};\n";
print OUT_FILE "const int sizeof_$sname = sizeof($sname);\n\n";
}
print OUT_FILE "#endif /* USE_CERT_BUFFERS_1024 */\n\n";
@ -108,3 +121,4 @@ sub file_to_hex {
close($fp);
}

5
src/crl.c
View File

@ -501,7 +501,7 @@ static int StopMonitor(int mfd)
static void* DoMonitor(void* arg)
{
int notifyFd;
int wd;
int wd = -1;
CYASSL_CRL* crl = (CYASSL_CRL*)arg;
CYASSL_ENTER("DoMonitor");
@ -575,7 +575,8 @@ static void* DoMonitor(void* arg)
}
}
inotify_rm_watch(notifyFd, wd);
if (wd > 0)
inotify_rm_watch(notifyFd, wd);
close(crl->mfd);
close(notifyFd);

2
src/include.am
View File

@ -19,7 +19,7 @@ src_libcyassl_la_SOURCES += \
ctaocrypt/src/random.c \
ctaocrypt/src/sha256.c \
ctaocrypt/src/logging.c \
ctaocrypt/src/port.c \
ctaocrypt/src/wc_port.c \
ctaocrypt/src/error.c
src_libcyassl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${CYASSL_LIBRARY_VERSION}
src_libcyassl_la_LIBADD = $(LIBM)

1993
src/internal.c
View File

File diff suppressed because it is too large Load Diff

274
src/keys.c
View File

@ -39,6 +39,7 @@
int SetCipherSpecs(CYASSL* ssl)
{
#ifndef NO_CYASSL_CLIENT
if (ssl->options.side == CYASSL_CLIENT_END) {
/* server side verified before SetCipherSpecs call */
if (VerifyClientSuite(ssl) != 1) {
@ -46,6 +47,7 @@ int SetCipherSpecs(CYASSL* ssl)
return UNSUPPORTED_SUITE;
}
}
#endif /* NO_CYASSL_CLIENT */
/* Chacha extensions, 0xcc */
if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
@ -81,7 +83,7 @@ int SetCipherSpecs(CYASSL* ssl)
switch (ssl->options.cipherSuite) {
#ifdef HAVE_ECC
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
@ -737,6 +739,82 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
case TLS_PSK_WITH_AES_128_CCM :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
case TLS_PSK_WITH_AES_256_CCM :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
case TLS_DHE_PSK_WITH_AES_128_CCM :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
case TLS_DHE_PSK_WITH_AES_256_CCM :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
default:
CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
return UNSUPPORTED_SUITE;
@ -967,6 +1045,82 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
case TLS_PSK_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
@ -985,6 +1139,60 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
case TLS_PSK_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
@ -1039,6 +1247,24 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
case TLS_PSK_WITH_NULL_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
case TLS_PSK_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
@ -1057,6 +1283,42 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
case TLS_DHE_PSK_WITH_NULL_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
case TLS_DHE_PSK_WITH_NULL_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
@ -1299,10 +1561,6 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
@ -1932,9 +2190,7 @@ int StoreKeys(CYASSL* ssl, const byte* keyData)
/* Initialize the AES-GCM/CCM explicit IV to a zero. */
XMEMSET(ssl->keys.aead_exp_IV, 0, AEAD_EXP_IV_SZ);
}
#endif
return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs,
ssl->options.side, ssl->heap, devId);
@ -2040,8 +2296,8 @@ static int MakeSslMasterSecret(CYASSL* ssl)
XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
for (i = 0; i < MASTER_ROUNDS; ++i) {
byte prefix[PREFIX];
if (!SetPrefix(prefix, i)) {
byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */
if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */
return PREFIX_ERROR;
}

6
src/sniffer.c
View File

@ -1594,12 +1594,6 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
break;
#endif
#ifdef BUILD_CHACHA
case cyassl_chacha:
Chacha_Process(ssl->decrypt.chacha, output, input, sz);
break;
#endif
#ifdef HAVE_CAMELLIA
case cyassl_camellia:
CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz);

336
src/ssl.c
View File

@ -365,8 +365,8 @@ int CyaSSL_GetObjectSize(void)
}
#endif
/* XXX should be NO_DH */
#ifndef NO_CERTS
#ifndef NO_DH
/* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
const unsigned char* g, int gSz)
@ -418,7 +418,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
return SSL_SUCCESS;
}
#endif /* !NO_CERTS */
#endif /* !NO_DH */
int CyaSSL_write(CYASSL* ssl, const void* data, int sz)
@ -1774,7 +1774,7 @@ int CyaSSL_Init(void)
{
/* remove encrypted header if there */
char encHeader[] = "Proc-Type";
char* line = XSTRNSTR((char*)buff, encHeader, PEM_LINE_LEN);
char* line = XSTRNSTR(headerEnd, encHeader, PEM_LINE_LEN);
if (line) {
char* newline;
char* finish;
@ -1908,6 +1908,9 @@ int CyaSSL_Init(void)
&& format != SSL_FILETYPE_RAW)
return SSL_BAD_FILETYPE;
if (ctx == NULL && ssl == NULL)
return BAD_FUNC_ARG;
if (type == CA_TYPE)
dynamicType = DYNAMIC_TYPE_CA;
else if (type == CERT_TYPE)
@ -1927,6 +1930,8 @@ int CyaSSL_Init(void)
if (userChain && type == CERT_TYPE && info.consumed < sz) {
byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
byte* chainBuffer = staticBuffer;
byte* shrinked = NULL; /* shrinked to size chainBuffer
* or staticBuffer */
int dynamicBuffer = 0;
word32 bufferSz = sizeof(staticBuffer);
long consumed = info.consumed;
@ -1989,22 +1994,30 @@ int CyaSSL_Init(void)
}
CYASSL_MSG("Finished Processing Cert Chain");
if (ctx == NULL) {
CYASSL_MSG("certChain needs context");
if (dynamicBuffer)
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
XFREE(der.buffer, heap, dynamicType);
return BAD_FUNC_ARG;
}
ctx->certChain.buffer = (byte*)XMALLOC(idx, heap,
dynamicType);
if (ctx->certChain.buffer) {
ctx->certChain.length = idx;
XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
/* only retain actual size used */
shrinked = (byte*)XMALLOC(idx, heap, dynamicType);
if (shrinked) {
if (ssl) {
if (ssl->buffers.certChain.buffer &&
ssl->buffers.weOwnCertChain) {
XFREE(ssl->buffers.certChain.buffer, heap,
dynamicType);
}
ssl->buffers.certChain.buffer = shrinked;
ssl->buffers.certChain.length = idx;
XMEMCPY(ssl->buffers.certChain.buffer, chainBuffer,idx);
ssl->buffers.weOwnCertChain = 1;
} else if (ctx) {
if (ctx->certChain.buffer)
XFREE(ctx->certChain.buffer, heap, dynamicType);
ctx->certChain.buffer = shrinked;
ctx->certChain.length = idx;
XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
}
}
if (dynamicBuffer)
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
if (ctx->certChain.buffer == NULL) {
if (shrinked == NULL) {
XFREE(der.buffer, heap, dynamicType);
return MEMORY_E;
}
@ -3095,42 +3108,7 @@ int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file)
}
#ifdef OPENSSL_EXTRA
/* put SSL type in extra for now, not very common */
int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format)
{
CYASSL_ENTER("CyaSSL_use_certificate_file");
if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format)
{
CYASSL_ENTER("CyaSSL_use_PrivateKey_file");
if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file)
{
/* procces up to MAX_CHAIN_DEPTH plus subject cert */
CYASSL_ENTER("CyaSSL_use_certificate_chain_file");
if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
#ifndef NO_DH
/* server wrapper for ctx or ssl Diffie-Hellman parameters */
static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
@ -3175,6 +3153,7 @@ static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
return ret;
}
/* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
int CyaSSL_SetTmpDH_buffer(CYASSL* ssl, const unsigned char* buf, long sz,
int format)
@ -3191,34 +3170,6 @@ int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX* ctx, const unsigned char* buf,
}
#ifdef HAVE_ECC
/* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz)
{
if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
return BAD_FUNC_ARG;
ctx->eccTempKeySz = sz;
return SSL_SUCCESS;
}
/* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz)
{
if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
return BAD_FUNC_ARG;
ssl->eccTempKeySz = sz;
return SSL_SUCCESS;
}
#endif /* HAVE_ECC */
/* server Diffie-Hellman parameters */
static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
const char* fname, int format)
@ -3278,6 +3229,108 @@ int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format)
}
/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz,
const unsigned char* g, int gSz)
{
CYASSL_ENTER("CyaSSL_CTX_SetTmpDH");
if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_P.buffer == NULL)
return MEMORY_E;
ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_G.buffer == NULL) {
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
return MEMORY_E;
}
ctx->serverDH_P.length = pSz;
ctx->serverDH_G.length = gSz;
XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
ctx->haveDH = 1;
CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0);
return SSL_SUCCESS;
}
#endif /* NO_DH */
#ifdef OPENSSL_EXTRA
/* put SSL type in extra for now, not very common */
int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format)
{
CYASSL_ENTER("CyaSSL_use_certificate_file");
if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format)
{
CYASSL_ENTER("CyaSSL_use_PrivateKey_file");
if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file)
{
/* procces up to MAX_CHAIN_DEPTH plus subject cert */
CYASSL_ENTER("CyaSSL_use_certificate_chain_file");
if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
}
#ifdef HAVE_ECC
/* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz)
{
if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
return BAD_FUNC_ARG;
ctx->eccTempKeySz = sz;
return SSL_SUCCESS;
}
/* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz)
{
if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
return BAD_FUNC_ARG;
ssl->eccTempKeySz = sz;
return SSL_SUCCESS;
}
#endif /* HAVE_ECC */
int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file,
int format)
{
@ -5869,6 +5922,14 @@ int CyaSSL_set_compression(CYASSL* ssl)
ssl->buffers.certificate.buffer = NULL;
}
if (ssl->buffers.weOwnCertChain) {
CYASSL_MSG("Unloading cert chain");
XFREE(ssl->buffers.certChain.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
ssl->buffers.weOwnCertChain = 0;
ssl->buffers.certChain.length = 0;
ssl->buffers.certChain.buffer = NULL;
}
if (ssl->buffers.weOwnKey) {
CYASSL_MSG("Unloading key");
XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
@ -8304,6 +8365,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
CYASSL_ENTER("SSL_CIPHER_get_name");
#ifndef NO_ERROR_STRINGS
if (cipher) {
#if defined(HAVE_CHACHA)
if (cipher->ssl->options.cipherSuite0 == CHACHA_BYTE) {
/* ChaCha suites */
switch (cipher->ssl->options.cipherSuite) {
@ -8315,10 +8377,16 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
#endif
}
}
#ifdef HAVE_ECC
#endif
#if defined(HAVE_ECC) || defined(HAVE_AESCCM)
/* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
* but the AES-CCM cipher suites also use it, even the ones that
* aren't ECC. */
if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
/* ECC suites */
switch (cipher->ssl->options.cipherSuite) {
#ifdef HAVE_ECC
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
@ -8385,7 +8453,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
#endif
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
@ -8422,6 +8489,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
#endif
#endif /* HAVE_ECC */
#ifdef HAVE_AESCCM
#ifndef NO_RSA
@ -8430,10 +8498,26 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
case TLS_RSA_WITH_AES_256_CCM_8 :
return "TLS_RSA_WITH_AES_256_CCM_8";
#endif
#ifndef NO_PSK
case TLS_PSK_WITH_AES_128_CCM_8 :
return "TLS_PSK_WITH_AES_128_CCM_8";
case TLS_PSK_WITH_AES_256_CCM_8 :
return "TLS_PSK_WITH_AES_256_CCM_8";
case TLS_PSK_WITH_AES_128_CCM :
return "TLS_PSK_WITH_AES_128_CCM";
case TLS_PSK_WITH_AES_256_CCM :
return "TLS_PSK_WITH_AES_256_CCM";
case TLS_DHE_PSK_WITH_AES_128_CCM :
return "TLS_DHE_PSK_WITH_AES_128_CCM";
case TLS_DHE_PSK_WITH_AES_256_CCM :
return "TLS_DHE_PSK_WITH_AES_256_CCM";
#endif
#ifdef HAVE_ECC
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
#endif
#endif
default:
@ -8483,8 +8567,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
return "TLS_RSA_WITH_NULL_SHA256";
#endif /* NO_RSA */
#ifndef NO_PSK
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_PSK_WITH_AES_128_CBC_SHA256";
#ifndef NO_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA :
return "TLS_PSK_WITH_AES_128_CBC_SHA";
@ -8492,14 +8574,36 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
return "TLS_PSK_WITH_AES_256_CBC_SHA";
#endif
#ifndef NO_SHA256
#ifdef HAVE_AESCCM
case TLS_PSK_WITH_AES_128_CCM_8 :
return "TLS_PSK_WITH_AES_128_CCM_8";
case TLS_PSK_WITH_AES_256_CCM_8 :
return "TLS_PSK_WITH_AES_256_CCM_8";
#endif
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_PSK_WITH_AES_128_CBC_SHA256";
case TLS_PSK_WITH_NULL_SHA256 :
return "TLS_PSK_WITH_NULL_SHA256";
case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
case TLS_DHE_PSK_WITH_NULL_SHA256 :
return "TLS_DHE_PSK_WITH_NULL_SHA256";
#ifdef HAVE_AESGCM
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
return "TLS_PSK_WITH_AES_128_GCM_SHA256";
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
#endif
#endif
#ifdef CYASSL_SHA384
case TLS_PSK_WITH_AES_256_CBC_SHA384 :
return "TLS_PSK_WITH_AES_256_CBC_SHA384";
case TLS_PSK_WITH_NULL_SHA384 :
return "TLS_PSK_WITH_NULL_SHA384";
case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
case TLS_DHE_PSK_WITH_NULL_SHA384 :
return "TLS_DHE_PSK_WITH_NULL_SHA384";
#ifdef HAVE_AESGCM
case TLS_PSK_WITH_AES_256_GCM_SHA384 :
return "TLS_PSK_WITH_AES_256_GCM_SHA384";
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
#endif
#endif
#ifndef NO_SHA
case TLS_PSK_WITH_NULL_SHA :
@ -8598,40 +8702,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
#ifdef OPENSSL_EXTRA
/* XXX shuld be NO_DH */
#ifndef NO_CERTS
/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz,
const unsigned char* g, int gSz)
{
CYASSL_ENTER("CyaSSL_CTX_SetTmpDH");
if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_P.buffer == NULL)
return MEMORY_E;
ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
if (ctx->serverDH_G.buffer == NULL) {
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
return MEMORY_E;
}
ctx->serverDH_P.length = pSz;
ctx->serverDH_G.length = gSz;
XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
ctx->haveDH = 1;
CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0);
return SSL_SUCCESS;
}
#endif /* !NO_CERTS */
char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len)
@ -8915,7 +8985,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
NULL, DYNAMIC_TYPE_CERT);
if (derCert.buffer != NULL) {
derCert.length = x509->derCert.length;
// AddCA() frees the buffer.
/* AddCA() frees the buffer. */
XMEMCPY(derCert.buffer,
x509->derCert.buffer, x509->derCert.length);
result = AddCA(store->cm, derCert, CYASSL_USER_CA, 1);
@ -10027,6 +10097,8 @@ static int initGlobalRNG = 0;
}
#ifndef NO_DH
static void InitCyaSSL_DH(CYASSL_DH* dh)
{
if (dh) {
@ -10265,6 +10337,7 @@ static int initGlobalRNG = 0;
CYASSL_MSG("CyaSSL_compute_key success");
return (int)keySz;
}
#endif /* NO_DH */
#ifndef NO_DSA
@ -10362,6 +10435,7 @@ static int initGlobalRNG = 0;
}
#endif /* NO_DSA */
#ifndef NO_RSA
static void InitCyaSSL_Rsa(CYASSL_RSA* rsa)
{
if (rsa) {
@ -10437,8 +10511,10 @@ static int initGlobalRNG = 0;
XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
}
}
#endif /* NO_RSA */
#if !defined(NO_RSA) || !defined(NO_DSA)
static int SetIndividualExternal(CYASSL_BIGNUM** bn, mp_int* mpi)
{
CYASSL_MSG("Entering SetIndividualExternal");
@ -10463,6 +10539,7 @@ static int initGlobalRNG = 0;
return 0;
}
#endif /* !NO_RSA && !NO_DSA */
#ifndef NO_DSA
@ -10510,6 +10587,7 @@ static int initGlobalRNG = 0;
#endif /* NO_DSA */
#ifndef NO_RSA
static int SetRsaExternal(CYASSL_RSA* rsa)
{
RsaKey* key;
@ -10659,6 +10737,7 @@ static int initGlobalRNG = 0;
return CyaSSL_BN_num_bytes(rsa->n);
}
#endif /* NO_RSA */
#ifndef NO_DSA
@ -10700,6 +10779,7 @@ static int initGlobalRNG = 0;
#endif /* NO_DSA */
#ifndef NO_RSA
/* return SSL_SUCCES on ok, 0 otherwise */
int CyaSSL_RSA_sign(int type, const unsigned char* m,
unsigned int mLen, unsigned char* sigRet,
@ -10831,6 +10911,7 @@ static int initGlobalRNG = 0;
else
return SSL_FATAL_ERROR;
}
#endif /* NO_RSA */
void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key, int keylen,
@ -11191,7 +11272,7 @@ static int initGlobalRNG = 0;
#ifndef NO_RSA
/* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
{
@ -11220,6 +11301,7 @@ int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
return SSL_SUCCESS;
}
#endif /* NO_RSA */
#ifndef NO_DSA

44
src/tls.c
View File

@ -23,17 +23,13 @@
#include <config.h>
#endif
#ifdef CHACHA_AEAD_TEST
#include <stdio.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ssl.h>
#include <cyassl/internal.h>
#include <cyassl/error-ssl.h>
#include <cyassl/ctaocrypt/hmac.h>
#include <cyassl/ctaocrypt/poly1305.h>
#ifndef NO_TLS
@ -485,7 +481,6 @@ int CyaSSL_GetHmacType(CYASSL* ssl)
if (ssl == NULL)
return BAD_FUNC_ARG;
printf("getting mac \n");
switch (ssl->specs.mac_algorithm) {
#ifndef NO_MD5
case md5_mac:
@ -493,13 +488,6 @@ int CyaSSL_GetHmacType(CYASSL* ssl)
return MD5;
}
#endif
#ifdef HAVE_POLY1305
case poly1305_mac:
{
printf("poly1305 selected\n");
return POLY1305;
}
#endif
#ifndef NO_SHA256
case sha256_mac:
{
@ -559,15 +547,13 @@ int CyaSSL_SetTlsHmacInner(CYASSL* ssl, byte* inner, word32 sz, int content,
int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify)
{
int ret;
Hmac hmac;
int ret;
byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
if (ssl == NULL)
return BAD_FUNC_ARG;
CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
@ -577,7 +563,7 @@ int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
ret = HmacUpdate(&hmac, myInner, sizeof(myInner));
if (ret != 0)
return ret;
ret = HmacUpdate(&hmac, in, sz); /* content */
ret = HmacUpdate(&hmac, in, sz); /* content */
if (ret != 0)
return ret;
ret = HmacFinal(&hmac, digest);
@ -1011,7 +997,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
if (helloSz < offset + len16)
return BUFFER_ERROR;
while (len16 > OPAQUE16_LEN + OPAQUE16_LEN) {
while (len16 >= OPAQUE16_LEN + OPAQUE16_LEN) {
word16 extType;
word16 extLen;
@ -1061,7 +1047,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
len16 -= min(2 * OPAQUE16_LEN + extLen, len16);
}
return len16 ? BUFFER_ERROR : SSL_SUCCESS;
return len16 ? BUFFER_ERROR : 0;
}
#endif
@ -1228,8 +1214,8 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
#ifdef HAVE_SUPPORTED_CURVES
#ifndef HAVE_ECC
#error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \
Use --enable-ecc in the configure script or define HAVE_ECC."
#error Elliptic Curves Extension requires Elliptic Curve Cryptography. \
Use --enable-ecc in the configure script or define HAVE_ECC.
#endif
static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list)
@ -1550,6 +1536,10 @@ void TLSX_FreeAll(TLSX* list)
}
}
int TLSX_SupportExtensions(CYASSL* ssl) {
return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR);
}
static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
{
TLSX* extension;
@ -1649,7 +1639,7 @@ word16 TLSX_GetRequestSize(CYASSL* ssl)
{
word16 length = 0;
if (ssl && IsTLS(ssl)) {
if (TLSX_SupportExtensions(ssl)) {
byte semaphore[16] = {0};
EC_VALIDATE_REQUEST(ssl, semaphore);
@ -1674,7 +1664,7 @@ word16 TLSX_WriteRequest(CYASSL* ssl, byte* output)
{
word16 offset = 0;
if (ssl && IsTLS(ssl) && output) {
if (TLSX_SupportExtensions(ssl) && output) {
byte semaphore[16] = {0};
offset += OPAQUE16_LEN; /* extensions length */
@ -1725,7 +1715,7 @@ word16 TLSX_GetResponseSize(CYASSL* ssl)
word16 length = 0;
byte semaphore[16] = {0};
if (ssl && IsTLS(ssl))
if (TLSX_SupportExtensions(ssl))
length += TLSX_GetSize(ssl->extensions, semaphore, 0);
/* All the response data is set at the ssl object only, so no ctx here. */
@ -1740,7 +1730,7 @@ word16 TLSX_WriteResponse(CYASSL *ssl, byte* output)
{
word16 offset = 0;
if (ssl && IsTLS(ssl) && output) {
if (TLSX_SupportExtensions(ssl) && output) {
byte semaphore[16] = {0};
offset += OPAQUE16_LEN; /* extensions length */
@ -1843,7 +1833,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_SUPPORTED_CURVES)
#error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined."
#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
#endif /* HAVE_TLS_EXTENSIONS */

155
tests/api.c
View File

@ -24,6 +24,7 @@
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/error-ssl.h>
#include <stdlib.h>
#include <cyassl/ssl.h>
@ -252,7 +253,8 @@ static void use_SNI_at_ctx(CYASSL_CTX* ctx)
byte type = CYASSL_SNI_HOST_NAME;
char name[] = "www.yassl.com";
AssertIntEQ(1, CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name)));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name)));
}
static void use_SNI_at_ssl(CYASSL* ssl)
@ -260,7 +262,8 @@ static void use_SNI_at_ssl(CYASSL* ssl)
byte type = CYASSL_SNI_HOST_NAME;
char name[] = "www.yassl.com";
AssertIntEQ(1, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
}
static void different_SNI_at_ssl(CYASSL* ssl)
@ -268,7 +271,8 @@ static void different_SNI_at_ssl(CYASSL* ssl)
byte type = CYASSL_SNI_HOST_NAME;
char name[] = "ww2.yassl.com";
AssertIntEQ(1, CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
}
static void use_SNI_WITH_CONTINUE_at_ssl(CYASSL* ssl)
@ -291,14 +295,12 @@ static void use_SNI_WITH_FAKE_ANSWER_at_ssl(CYASSL* ssl)
static void verify_SNI_abort_on_client(CYASSL* ssl)
{
/* FATAL_ERROR */
AssertIntEQ(-213, CyaSSL_get_error(ssl, 0));
AssertIntEQ(FATAL_ERROR, CyaSSL_get_error(ssl, 0));
}
static void verify_SNI_abort_on_server(CYASSL* ssl)
{
/* UNKNOWN_SNI_HOST_NAME_E */
AssertIntEQ(-281, CyaSSL_get_error(ssl, 0));
AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, CyaSSL_get_error(ssl, 0));
}
static void verify_SNI_no_matching(CYASSL* ssl)
@ -385,40 +387,63 @@ static void test_CyaSSL_SNI_GetFromBuffer(void)
0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
};
byte buffer4[] = { /* last extension has zero size */
0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00,
0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11,
0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35,
0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01,
0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00,
0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f,
0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02,
0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00,
0x12, 0x00, 0x00
};
byte result[32] = {0};
word32 length = 32;
AssertIntEQ(SSL_SUCCESS, CyaSSL_SNI_GetFromBuffer(buffer3, sizeof(buffer3),
AssertIntEQ(0, CyaSSL_SNI_GetFromBuffer(buffer4, sizeof(buffer4),
0, result, &length));
AssertIntEQ(SSL_SUCCESS, CyaSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2),
AssertIntEQ(0, CyaSSL_SNI_GetFromBuffer(buffer3, sizeof(buffer3),
0, result, &length));
AssertIntEQ(0, CyaSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2),
1, result, &length));
AssertIntEQ(-228, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0,
result, &length));
AssertIntEQ(BUFFER_ERROR, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer),
0, result, &length));
buffer[0] = 0x16;
AssertIntEQ(-228, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0,
result, &length));
AssertIntEQ(BUFFER_ERROR, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer),
0, result, &length));
buffer[1] = 0x03;
AssertIntEQ(-228, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0,
result, &length));
AssertIntEQ(BUFFER_ERROR, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer),
0, result, &length));
buffer[2] = 0x03;
AssertIntEQ(-210, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0,
result, &length));
AssertIntEQ(INCOMPLETE_DATA, CyaSSL_SNI_GetFromBuffer(buffer,
sizeof(buffer), 0, result, &length));
buffer[4] = 0x64;
AssertIntEQ(1, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0,
result, &length));
AssertIntEQ(SSL_SUCCESS, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer),
0, result, &length));
result[length] = 0;
AssertStrEQ("www.paypal.com", (const char*) result);
length = 32;
AssertIntEQ(1, CyaSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2), 0,
result, &length));
AssertIntEQ(SSL_SUCCESS, CyaSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2),
0, result, &length));
result[length] = 0;
AssertStrEQ("api.textmate.org", (const char*) result);
}
@ -435,16 +460,24 @@ void test_CyaSSL_UseSNI(void)
AssertNotNull(ssl);
/* error cases */
AssertIntNE(1, CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(1, CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(1, CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(1, CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(1, CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx")));
AssertIntNE(1, CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx")));
AssertIntNE(SSL_SUCCESS,
CyaSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl")));
/* success case */
AssertIntEQ(1, CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntEQ(1, CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl")));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx")));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl")));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
@ -500,24 +533,24 @@ static void test_CyaSSL_UseMaxFragment(void)
AssertNotNull(ssl);
/* error cases */
AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9));
AssertIntNE(1, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9));
AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(ctx, 0));
AssertIntNE(1, CyaSSL_CTX_UseMaxFragment(ctx, 6));
AssertIntNE(1, CyaSSL_UseMaxFragment(ssl, 0));
AssertIntNE(1, CyaSSL_UseMaxFragment(ssl, 6));
AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(NULL, CYASSL_MFL_2_9));
AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment( NULL, CYASSL_MFL_2_9));
AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, 0));
AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, 6));
AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment(ssl, 0));
AssertIntNE(SSL_SUCCESS, CyaSSL_UseMaxFragment(ssl, 6));
/* success case */
AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9));
AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10));
AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11));
AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12));
AssertIntEQ(1, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13));
AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9));
AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10));
AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11));
AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12));
AssertIntEQ(1, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13));
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_9));
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_10));
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_11));
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_12));
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseMaxFragment(ctx, CYASSL_MFL_2_13));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_9));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_10));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_11));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_12));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseMaxFragment( ssl, CYASSL_MFL_2_13));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
@ -534,12 +567,12 @@ static void test_CyaSSL_UseTruncatedHMAC(void)
AssertNotNull(ssl);
/* error cases */
AssertIntNE(1, CyaSSL_CTX_UseTruncatedHMAC(NULL));
AssertIntNE(1, CyaSSL_UseTruncatedHMAC(NULL));
AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseTruncatedHMAC(NULL));
AssertIntNE(SSL_SUCCESS, CyaSSL_UseTruncatedHMAC(NULL));
/* success case */
AssertIntEQ(1, CyaSSL_CTX_UseTruncatedHMAC(ctx));
AssertIntEQ(1, CyaSSL_UseTruncatedHMAC(ssl));
AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_UseTruncatedHMAC(ctx));
AssertIntEQ(SSL_SUCCESS, CyaSSL_UseTruncatedHMAC(ssl));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
@ -557,15 +590,19 @@ static void test_CyaSSL_UseSupportedCurve(void)
#ifndef NO_CYASSL_CLIENT
/* error cases */
AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(ctx, 0));
AssertIntNE(SSL_SUCCESS,
CyaSSL_CTX_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(SSL_SUCCESS, CyaSSL_CTX_UseSupportedCurve(ctx, 0));
AssertIntNE(1, CyaSSL_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_UseSupportedCurve(ssl, 0));
AssertIntNE(SSL_SUCCESS,
CyaSSL_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(SSL_SUCCESS, CyaSSL_UseSupportedCurve(ssl, 0));
/* success case */
AssertIntEQ(1, CyaSSL_CTX_UseSupportedCurve(ctx, CYASSL_ECC_SECP160R1));
AssertIntEQ(1, CyaSSL_UseSupportedCurve(ssl, CYASSL_ECC_SECP160R1));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_CTX_UseSupportedCurve(ctx, CYASSL_ECC_SECP160R1));
AssertIntEQ(SSL_SUCCESS,
CyaSSL_UseSupportedCurve(ssl, CYASSL_ECC_SECP160R1));
#endif
CyaSSL_free(ssl);
@ -1009,9 +1046,9 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
CyaSSL_set_fd(ssl, clientfd);
#ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#else
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
#endif
@ -1232,9 +1269,9 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
CyaSSL_set_fd(ssl, cfd);
#ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
#else
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
#endif

16
tests/hash.c
View File

@ -608,6 +608,10 @@ int hmac_md5_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4014;
@ -674,6 +678,10 @@ int hmac_sha_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4017;
@ -743,6 +751,10 @@ int hmac_sha256_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac,SHA256, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4020;
@ -816,6 +828,10 @@ int hmac_sha384_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac,SHA384, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4023;