Merge pull request #225 from JacobBarthelmeh/master

help message to use NTRU key in example server
2015-12-28 11:56:13 -08:00
parent c3df8af997 41f50b7a73
commit 2d33380abc
5 changed files with 17 additions and 5 deletions
--- a/4
+++ b/4
@ -12,7 +12,9 @@ key cipher suites with
    WOLFSSL_STATIC_PSK

 though static key cipher suites are deprecated and will be removed from future
-versions of TLS.  They also lower your security by removing PFS.
+versions of TLS.  They also lower your security by removing PFS. Since current
+NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
+used in order to build with NTRU suites.

 When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
 are available.  You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@ -152,7 +152,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)

 #ifndef NO_FILESYSTEM
    if (doPSK == 0) {
-    #ifdef HAVE_NTRU
+    #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
        /* ntru */
        if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
                != SSL_SUCCESS)
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -234,6 +234,9 @@ static void Usage(void)
 #endif
    printf("-i          Loop indefinitely (allow repeated connections)\n");
    printf("-e          Echo data mode (return raw bytes received)\n");
+#ifdef HAVE_NTRU
+    printf("-n          Use NTRU key (needed for NTRU suites)\n");
+#endif
    printf("-B <num>    Benchmark throughput using <num> bytes and print stats\n");
 }

--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -229,7 +229,8 @@ typedef byte word24[3];
                #define BUILD_SSL_RSA_WITH_RC4_128_MD5
            #endif
        #endif
-        #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
+        #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
+            && defined(WOLFSSL_STATIC_RSA)
            #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
        #endif
    #endif
@ -239,7 +240,8 @@ typedef byte word24[3];
            #if defined(WOLFSSL_STATIC_RSA)
                #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
            #endif
-            #if !defined(NO_TLS) && defined(HAVE_NTRU)
+            #if !defined(NO_TLS) && defined(HAVE_NTRU) \
+                && defined(WOLFSSL_STATIC_RSA)
                    #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
            #endif
        #endif
@ -257,7 +259,7 @@ typedef byte word24[3];
                #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
                #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
            #endif
-            #if defined(HAVE_NTRU)
+            #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
                    #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
                    #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
            #endif
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@ -481,7 +481,12 @@ static INLINE void showPeer(WOLFSSL* ssl)
    printf("SSL version is %s\n", wolfSSL_get_version(ssl));

    cipher = wolfSSL_get_current_cipher(ssl);
+#ifdef HAVE_QSH
+    printf("SSL cipher suite is %s%s\n", (wolfSSL_isQSH(ssl))? "QSH:": "",
+            wolfSSL_CIPHER_get_name(cipher));
+#else
    printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
+#endif

 #if defined(SESSION_CERTS) && defined(SHOW_CERTS)
    {