feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

progress on suite

Browse Source
This commit is contained in:
JacobBarthelmeh
2014-07-01 14:16:44 -06:00
parent 257959bcde
commit 5bf411f345
42 changed files with 13175 additions and 1873 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
configure.ac
View File

@@ -6,7 +6,7 @@
#
#
AC_INIT([cyassl],[3.0.3],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com])
AC_INIT([cyassl],[3.0.0],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])
@@ -81,7 +81,6 @@ AC_CHECK_HEADERS([errno.h])
AC_CHECK_LIB(network,socket)
AC_CHECK_SIZEOF(long long, 8)
AC_CHECK_SIZEOF(long, 4)
AC_CHECK_TYPES(__uint128_t)
AC_C_BIGENDIAN
# mktime check takes forever on some systems, if time supported it would be
# highly unusual for mktime to be missing
@@ -391,16 +390,28 @@ then
then
# GCC needs these flags, icc doesn't
# opt levels greater than 2 may cause problems on systems w/o aesni
if test "$CC" != "icc"
then
AM_CFLAGS="$AM_CFLAGS -maes -msse4"
fi
AM_CFLAGS="$AM_CFLAGS -maes -msse4"
fi
fi
AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
# POLY1305
AC_ARG_ENABLE([poly1305],
[ --enable-poly1305 Enable CyaSSL POLY1305 support (default: disabled)],
[ ENABLED_POLY1305=$enableval ],
[ ENABLED_POLY1305=no ]
)
if test "$ENABLED_POLY1305" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305"
fi
AM_CONDITIONAL([BUILD_POLY1305], [test "x$ENABLED_POLY1305" = "xyes"])
# Camellia
AC_ARG_ENABLE([camellia],
[ --enable-camellia Enable CyaSSL Camellia support (default: disabled)],
@@ -1062,6 +1073,21 @@ fi
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
# CHACHA
AC_ARG_ENABLE([chacha],
[ --enable-chacha Enable CHACHA (default: disabled)],
[ ENABLED_CHACHA=$enableval ],
[ ENABLED_CHACHA=no ]
)
if test "$ENABLED_CHACHA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
fi
AM_CONDITIONAL([BUILD_CHACHA], [test "x$ENABLED_CHACHA" = "xyes"])
# FIPS
AC_ARG_ENABLE([fips],
[ --enable-fips Enable FIPS 140-2 (default: disabled)],
@@ -1209,44 +1235,21 @@ AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
# NTRU
ENABLED_NTRU="no"
tryntrudir=""
AC_ARG_WITH([ntru],
[ --with-ntru=PATH Path to NTRU install (default /usr/) ],
[
AC_MSG_CHECKING([for NTRU])
CPPFLAGS="$CPPFLAGS -DHAVE_NTRU"
LIBS="$LIBS -lNTRUEncrypt"
ntruHome=`pwd`/NTRU_algorithm
ntruInclude=$ntruHome/cryptolib
ntruLib=$ntruHome
AC_ARG_ENABLE([ntru],
[ --enable-ntru Enable NTRU (default: disabled)],
[ ENABLED_NTRU=$enableval ],
[ ENABLED_NTRU=no ]
)
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" == "xno" ; then
if test "x$withval" != "xno" ; then
tryntrudir=$withval
fi
if test "x$withval" == "xyes" ; then
tryntrudir="/usr"
fi
LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" == "xno" ; then
AC_MSG_ERROR([NTRU isn't found.
If it's already installed, specify its path using --with-ntru=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU"
ENABLED_NTRU="yes"
]
)
if test "$ENABLED_NTRU" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -I$ntruInclude"
AM_LDFLAGS="$AM_LDFLAGS -L$ntruLib"
LIBS="$LIBS -lntru_encrypt"
fi
AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
@@ -1662,13 +1665,6 @@ then
fi
fi
# ICC command line warning for non supported warning flags
if test "$CC" = "icc"
then
AM_CFLAGS="$AM_CFLAGS -wd10006"
fi
LIB_SOCKET_NSL
AX_HARDEN_CC_COMPILER_FLAGS
@@ -1717,7 +1713,7 @@ echo "Generating user options header..."
OPTION_FILE="cyassl/options.h"
rm -f $OPTION_FILE
echo "/* cyassl options.h" > $OPTION_FILE
echo "/* cyassl options.h" >> $OPTION_FILE
echo " * generated from configure options" >> $OPTION_FILE
echo " *" >> $OPTION_FILE
echo " * Copyright (C) 2006-2014 wolfSSL Inc." >> $OPTION_FILE
@@ -1797,11 +1793,13 @@ echo " * certgen: $ENABLED_CERTGEN"
echo " * certreq: $ENABLED_CERTREQ"
echo " * HC-128: $ENABLED_HC128"
echo " * RABBIT: $ENABLED_RABBIT"
echo " * CHACHA: $ENABLED_CHACHA"
echo " * Hash DRBG: $ENABLED_HASHDRBG"
echo " * PWDBASED: $ENABLED_PWDBASED"
echo " * HKDF: $ENABLED_HKDF"
echo " * MD4: $ENABLED_MD4"
echo " * PSK: $ENABLED_PSK"
echo " * Poly1305: $ENABLED_POLY1305"
echo " * LEANPSK: $ENABLED_LEANPSK"
echo " * RSA: $ENABLED_RSA"
echo " * DSA: $ENABLED_DSA"

97
ctaocrypt/benchmark/benchmark.c
View File

@@ -34,7 +34,9 @@
#include <cyassl/ctaocrypt/arc4.h>
#include <cyassl/ctaocrypt/hc128.h>
#include <cyassl/ctaocrypt/rabbit.h>
#include <cyassl/ctaocrypt/chacha.h>
#include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/poly1305.h>
#include <cyassl/ctaocrypt/camellia.h>
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/sha.h>
@@ -82,10 +84,12 @@ void bench_des(void);
void bench_arc4(void);
void bench_hc128(void);
void bench_rabbit(void);
void bench_chacha(void);
void bench_aes(int);
void bench_aesgcm(void);
void bench_aesccm(void);
void bench_aesctr(void);
void bench_poly1305(void);
void bench_camellia(void);
void bench_md5(void);
@@ -128,9 +132,6 @@ static int OpenNitroxDevice(int dma_mode,int dev_id)
#endif
#if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND)
CYASSL_API int CyaSSL_Debugging_ON();
#endif
/* so embedded projects can pull in tests on their own */
#if !defined(NO_MAIN_DRIVER)
@@ -145,10 +146,6 @@ int benchmark_test(void *args)
{
#endif
#if defined(DEBUG_CYASSL) && !defined(HAVE_VALGRIND)
CyaSSL_Debugging_ON();
#endif
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0) {
@@ -183,6 +180,9 @@ int benchmark_test(void *args)
#ifndef NO_RABBIT
bench_rabbit();
#endif
#ifdef HAVE_CHACHA
bench_chacha();
#endif
#ifndef NO_DES3
bench_des();
#endif
@@ -192,6 +192,9 @@ int benchmark_test(void *args)
#ifndef NO_MD5
bench_md5();
#endif
#ifdef HAVE_POLY1305
bench_poly1305();
#endif
#ifndef NO_SHA
bench_sha();
#endif
@@ -407,6 +410,41 @@ void bench_aesccm(void)
#endif
#ifdef HAVE_POLY1305
void bench_poly1305()
{
Poly1305 enc;
byte mac[16];
double start, total, persec;
int i;
int ret;
ret = Poly1305SetKey(&enc, key, 32);
if (ret != 0) {
printf("Poly1305SetKey failed, ret = %d\n", ret);
return;
}
start = current_time(1);
for(i = 0; i < numBlocks; i++)
Poly1305Update(&enc, plain, sizeof(plain));
Poly1305Final(&enc, mac);
total = current_time(0) - start;
persec = 1 / total * numBlocks;
#ifdef BENCH_EMBEDDED
/* since using kB, convert to MB/s */
persec = persec / 1024;
#endif
printf("POLY1305 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec);
}
#endif /* HAVE_POLY1305 */
#ifdef HAVE_CAMELLIA
void bench_camellia(void)
{
@@ -562,6 +600,33 @@ void bench_rabbit(void)
#endif /* NO_RABBIT */
#ifdef HAVE_CHACHA
void bench_chacha(void)
{
ChaCha enc;
double start, total, persec;
int i;
Chacha_SetKey(&enc, key, 16);
start = current_time(1);
for (i = 0; i < numBlocks; i++) {
Chacha_SetIV(&enc, iv, 0);
Chacha_Process(&enc, cipher, plain, sizeof(plain));
}
total = current_time(0) - start;
persec = 1 / total * numBlocks;
#ifdef BENCH_EMBEDDED
/* since using kB, convert to MB/s */
persec = persec / 1024;
#endif
printf("CHACHA %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec);
}
#endif /* HAVE_CHACHA*/
#ifndef NO_MD5
void bench_md5(void)
{
@@ -903,10 +968,7 @@ static const char *certDHname = "certs/dh2048.der" ;
void bench_dh(void)
{
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
int ret;
#endif
int i ;
int i, ret;
byte tmp[1024];
size_t bytes;
word32 idx = 0, pubSz, privSz = 0, pubSz2, privSz2, agreeSz;
@@ -1149,6 +1211,7 @@ void bench_eccKeyAgree(void)
}
#endif /* HAVE_ECC */
#ifdef _WIN32
#define WIN32_LEAN_AND_MEAN
@@ -1175,10 +1238,10 @@ void bench_eccKeyAgree(void)
#elif defined MICROCHIP_PIC32
#if defined(CYASSL_MICROCHIP_PIC32MZ)
#define CLOCK 80000000.0
#define CLOCK 8000000.0
#else
#include <peripheral/timer.h>
#define CLOCK 40000000.0
#define CLOCK 4000000.0
#endif
double current_time(int reset)
@@ -1196,10 +1259,10 @@ void bench_eccKeyAgree(void)
return ( ns / CLOCK * 2.0);
}
#elif defined(CYASSL_IAR_ARM) || defined (CYASSL_MDK_ARM)
#warning "Write your current_time()"
double current_time(int reset) { return 0.0 ; }
#elif defined CYASSL_MDK_ARM
extern double current_time(int reset) ;
#elif defined FREERTOS
double current_time(int reset)

10
ctaocrypt/ctaocrypt.vcproj
View File

@@ -216,6 +216,10 @@
RelativePath=".\include\rabbit.h"
>
</File>
<File
RelativePath=".\include\chacha.h"
>
</File>
<File
RelativePath=".\include\random.h"
>
@@ -297,13 +301,17 @@
>
</File>
<File
RelativePath=".\src\wc_port.c"
RelativePath=".\src\port.c"
>
</File>
<File
RelativePath=".\src\rabbit.c"
>
</File>
<File
RelativePath=".\src\chacha.c"
>
</File>
<File
RelativePath=".\src\random.c"
>

52
ctaocrypt/src/aes.c
View File

@@ -804,11 +804,6 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
iv = (byte*)aes->reg;
enc_key = (byte*)aes->key;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad cau_aes_encrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
@@ -841,11 +836,6 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
iv = (byte*)aes->reg;
dec_key = (byte*)aes->key;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad cau_aes_decrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
@@ -1551,34 +1541,31 @@ static const word32 Td[5][256] = {
#ifdef CYASSL_AESNI
/* Each platform needs to query info type 1 from cpuid to see if aesni is
* supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
*/
#ifndef _MSC_VER
#define cpuid(reg, func)\
#define cpuid(func,ax,bx,cx,dx)\
__asm__ __volatile__ ("cpuid":\
"=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
"a" (func));
"=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func));
#define XASM_LINK(f) asm(f)
#else
#include <intrin.h>
#define cpuid(a,b) __cpuid((int*)a,b)
#define XASM_LINK(f)
#define cpuid(func,ax,bx,cx,dx)\
__asm mov eax, func \
__asm cpuid \
__asm mov ax, eax \
__asm mov bx, ebx \
__asm mov cx, ecx \
__asm mov dx, edx
#endif /* _MSC_VER */
static int Check_CPU_support_AES(void)
{
unsigned int reg[4]; /* put a,b,c,d into 0,1,2,3 */
cpuid(reg, 1); /* query info 1 */
unsigned int a,b,c,d;
cpuid(1,a,b,c,d);
if (reg[2] & 0x2000000)
if (c & 0x2000000)
return 1;
return 0;
@@ -1593,34 +1580,34 @@ static int haveAESNI = 0;
void AES_CBC_encrypt(const unsigned char* in, unsigned char* out,
unsigned char* ivec, unsigned long length,
const unsigned char* KS, int nr)
XASM_LINK("AES_CBC_encrypt");
asm ("AES_CBC_encrypt");
void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
unsigned char* ivec, unsigned long length,
const unsigned char* KS, int nr)
XASM_LINK("AES_CBC_decrypt");
asm ("AES_CBC_decrypt");
void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
unsigned long length, const unsigned char* KS, int nr)
XASM_LINK("AES_ECB_encrypt");
asm ("AES_ECB_encrypt");
void AES_ECB_decrypt(const unsigned char* in, unsigned char* out,
unsigned long length, const unsigned char* KS, int nr)
XASM_LINK("AES_ECB_decrypt");
asm ("AES_ECB_decrypt");
void AES_128_Key_Expansion(const unsigned char* userkey,
unsigned char* key_schedule)
XASM_LINK("AES_128_Key_Expansion");
asm ("AES_128_Key_Expansion");
void AES_192_Key_Expansion(const unsigned char* userkey,
unsigned char* key_schedule)
XASM_LINK("AES_192_Key_Expansion");
asm ("AES_192_Key_Expansion");
void AES_256_Key_Expansion(const unsigned char* userkey,
unsigned char* key_schedule)
XASM_LINK("AES_256_Key_Expansion");
asm ("AES_256_Key_Expansion");
static int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
@@ -2241,7 +2228,6 @@ int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
if ((word)in % 16) {
#ifndef NO_CYASSL_ALLOC_ALIGN
byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
CYASSL_MSG("AES-CBC encrypt with bad alignment");
if (tmp == NULL) return MEMORY_E;
XMEMCPY(tmp, in, sz);

2
ctaocrypt/src/aes_asm.s
View File

@@ -24,8 +24,6 @@
* by Intel Mobility Group, Israel Development Center, Israel Shay Gueron
*/
/* This file is in at&t asm syntax, see .asm for intel syntax */
/*
AES_CBC_encrypt (const unsigned char *in,

97
ctaocrypt/src/asn.c
View File

@@ -53,7 +53,7 @@
#endif
#ifdef HAVE_NTRU
#include "ntru_crypto.h"
#include "crypto_ntru.h"
#endif
#ifdef HAVE_ECC
@@ -626,7 +626,7 @@ CYASSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
if (b == ASN_TAG_NULL) {
b = input[i++];
if (b != 0)
if (b != 0)
return ASN_EXPECT_0_E;
}
else
@@ -1270,7 +1270,6 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->signature = 0;
cert->subjectCN = 0;
cert->subjectCNLen = 0;
cert->subjectCNEnc = CTC_UTF8;
cert->subjectCNStored = 0;
cert->altNames = NULL;
#ifndef IGNORE_NAME_CONSTRAINTS
@@ -1309,22 +1308,16 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
#ifdef CYASSL_CERT_GEN
cert->subjectSN = 0;
cert->subjectSNLen = 0;
cert->subjectSNEnc = CTC_UTF8;
cert->subjectC = 0;
cert->subjectCLen = 0;
cert->subjectCEnc = CTC_PRINTABLE;
cert->subjectL = 0;
cert->subjectLLen = 0;
cert->subjectLEnc = CTC_UTF8;
cert->subjectST = 0;
cert->subjectSTLen = 0;
cert->subjectSTEnc = CTC_UTF8;
cert->subjectO = 0;
cert->subjectOLen = 0;
cert->subjectOEnc = CTC_UTF8;
cert->subjectOU = 0;
cert->subjectOULen = 0;
cert->subjectOUEnc = CTC_UTF8;
cert->subjectEmail = 0;
cert->subjectEmailLen = 0;
#endif /* CYASSL_CERT_GEN */
@@ -1544,9 +1537,8 @@ static int GetKey(DecodedCert* cert)
byte* next = (byte*)key;
word16 keyLen;
byte keyBlob[MAX_NTRU_KEY_SZ];
word32 rc;
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key,
word32 rc = crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key,
&keyLen, NULL, &next);
if (rc != NTRU_OK)
@@ -1554,8 +1546,8 @@ static int GetKey(DecodedCert* cert)
if (keyLen > sizeof(keyBlob))
return ASN_NTRU_KEY_E;
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key,
&keyLen, keyBlob, &next);
rc = crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(key,&keyLen,
keyBlob, &next);
if (rc != NTRU_OK)
return ASN_NTRU_KEY_E;
@@ -1715,7 +1707,8 @@ static int GetName(DecodedCert* cert, int nameType)
cert->srcIdx += 2;
id = cert->source[cert->srcIdx++];
b = cert->source[cert->srcIdx++]; /* encoding */
b = cert->source[cert->srcIdx++]; /* strType */
(void)b; /* may want to validate? */
if (GetLength(cert->source, &cert->srcIdx, &strLen,
cert->maxIdx) < 0)
@@ -1731,7 +1724,6 @@ static int GetName(DecodedCert* cert, int nameType)
if (nameType == SUBJECT) {
cert->subjectCN = (char *)&cert->source[cert->srcIdx];
cert->subjectCNLen = strLen;
cert->subjectCNEnc = b;
}
if (!tooBig) {
@@ -1754,7 +1746,6 @@ static int GetName(DecodedCert* cert, int nameType)
if (nameType == SUBJECT) {
cert->subjectSN = (char*)&cert->source[cert->srcIdx];
cert->subjectSNLen = strLen;
cert->subjectSNEnc = b;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
@@ -1772,7 +1763,6 @@ static int GetName(DecodedCert* cert, int nameType)
if (nameType == SUBJECT) {
cert->subjectC = (char*)&cert->source[cert->srcIdx];
cert->subjectCLen = strLen;
cert->subjectCEnc = b;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
@@ -1790,7 +1780,6 @@ static int GetName(DecodedCert* cert, int nameType)
if (nameType == SUBJECT) {
cert->subjectL = (char*)&cert->source[cert->srcIdx];
cert->subjectLLen = strLen;
cert->subjectLEnc = b;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
@@ -1808,7 +1797,6 @@ static int GetName(DecodedCert* cert, int nameType)
if (nameType == SUBJECT) {
cert->subjectST = (char*)&cert->source[cert->srcIdx];
cert->subjectSTLen = strLen;
cert->subjectSTEnc = b;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
@@ -1826,7 +1814,6 @@ static int GetName(DecodedCert* cert, int nameType)
if (nameType == SUBJECT) {
cert->subjectO = (char*)&cert->source[cert->srcIdx];
cert->subjectOLen = strLen;
cert->subjectOEnc = b;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
@@ -1844,7 +1831,6 @@ static int GetName(DecodedCert* cert, int nameType)
if (nameType == SUBJECT) {
cert->subjectOU = (char*)&cert->source[cert->srcIdx];
cert->subjectOULen = strLen;
cert->subjectOUEnc = b;
}
#endif /* CYASSL_CERT_GEN */
#ifdef OPENSSL_EXTRA
@@ -3500,8 +3486,8 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
}
if (input[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) {
CYASSL_MSG("\tinfo: OPTIONAL item 0, not available\n");
return 0;
CYASSL_MSG("\tfail: wanted OPTIONAL item 0, not available\n");
return ASN_PARSE_E;
}
if (GetLength(input, &idx, &length, sz) < 0) {
@@ -4464,35 +4450,21 @@ void InitCert(Cert* cert)
XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE);
cert->issuer.country[0] = '\0';
cert->issuer.countryEnc = CTC_PRINTABLE;
cert->issuer.state[0] = '\0';
cert->issuer.stateEnc = CTC_UTF8;
cert->issuer.locality[0] = '\0';
cert->issuer.localityEnc = CTC_UTF8;
cert->issuer.sur[0] = '\0';
cert->issuer.surEnc = CTC_UTF8;
cert->issuer.org[0] = '\0';
cert->issuer.orgEnc = CTC_UTF8;
cert->issuer.unit[0] = '\0';
cert->issuer.unitEnc = CTC_UTF8;
cert->issuer.commonName[0] = '\0';
cert->issuer.commonNameEnc = CTC_UTF8;
cert->issuer.email[0] = '\0';
cert->subject.country[0] = '\0';
cert->subject.countryEnc = CTC_PRINTABLE;
cert->subject.state[0] = '\0';
cert->subject.stateEnc = CTC_UTF8;
cert->subject.locality[0] = '\0';
cert->subject.localityEnc = CTC_UTF8;
cert->subject.sur[0] = '\0';
cert->subject.surEnc = CTC_UTF8;
cert->subject.org[0] = '\0';
cert->subject.orgEnc = CTC_UTF8;
cert->subject.unit[0] = '\0';
cert->subject.unitEnc = CTC_UTF8;
cert->subject.commonName[0] = '\0';
cert->subject.commonNameEnc = CTC_UTF8;
cert->subject.email[0] = '\0';
#ifdef CYASSL_CERT_REQ
@@ -4851,37 +4823,6 @@ static const char* GetOneName(CertName* name, int idx)
}
/* Get Which Name Encoding from index */
static char GetNameType(CertName* name, int idx)
{
switch (idx) {
case 0:
return name->countryEnc;
case 1:
return name->stateEnc;
case 2:
return name->localityEnc;
case 3:
return name->surEnc;
case 4:
return name->orgEnc;
case 5:
return name->unitEnc;
case 6:
return name->commonNameEnc;
default:
return 0;
}
}
/* Get ASN Name from index */
static byte GetNameId(int idx)
{
@@ -5031,7 +4972,10 @@ static int SetName(byte* output, CertName* name)
/* id type */
names[i].encoded[idx++] = bType;
/* str type */
names[i].encoded[idx++] = GetNameType(name, i);
if (bType == ASN_COUNTRY_NAME)
names[i].encoded[idx++] = 0x13; /* printable */
else
names[i].encoded[idx++] = 0x0c; /* utf8 */
}
/* second length */
XMEMCPY(names[i].encoded + idx, secondLen, secondSz);
@@ -5116,15 +5060,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
word32 rc;
word16 encodedSz;
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz,
ntruKey, &encodedSz, NULL);
rc = crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz,
ntruKey, &encodedSz, NULL);
if (rc != NTRU_OK)
return PUBLIC_KEY_E;
if (encodedSz > MAX_PUBLIC_KEY_SZ)
return PUBLIC_KEY_E;
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz,
ntruKey, &encodedSz, der->publicKey);
rc = crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( ntruSz,
ntruKey, &encodedSz, der->publicKey);
if (rc != NTRU_OK)
return PUBLIC_KEY_E;
@@ -5755,49 +5699,42 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
CTC_NAME_SIZE - 1;
strncpy(cn->commonName, decoded.subjectCN, CTC_NAME_SIZE);
cn->commonName[sz] = 0;
cn->commonNameEnc = decoded.subjectCNEnc;
}
if (decoded.subjectC) {
sz = (decoded.subjectCLen < CTC_NAME_SIZE) ? decoded.subjectCLen :
CTC_NAME_SIZE - 1;
strncpy(cn->country, decoded.subjectC, CTC_NAME_SIZE);
cn->country[sz] = 0;
cn->countryEnc = decoded.subjectCEnc;
}
if (decoded.subjectST) {
sz = (decoded.subjectSTLen < CTC_NAME_SIZE) ? decoded.subjectSTLen :
CTC_NAME_SIZE - 1;
strncpy(cn->state, decoded.subjectST, CTC_NAME_SIZE);
cn->state[sz] = 0;
cn->stateEnc = decoded.subjectSTEnc;
}
if (decoded.subjectL) {
sz = (decoded.subjectLLen < CTC_NAME_SIZE) ? decoded.subjectLLen :
CTC_NAME_SIZE - 1;
strncpy(cn->locality, decoded.subjectL, CTC_NAME_SIZE);
cn->locality[sz] = 0;
cn->localityEnc = decoded.subjectLEnc;
}
if (decoded.subjectO) {
sz = (decoded.subjectOLen < CTC_NAME_SIZE) ? decoded.subjectOLen :
CTC_NAME_SIZE - 1;
strncpy(cn->org, decoded.subjectO, CTC_NAME_SIZE);
cn->org[sz] = 0;
cn->orgEnc = decoded.subjectOEnc;
}
if (decoded.subjectOU) {
sz = (decoded.subjectOULen < CTC_NAME_SIZE) ? decoded.subjectOULen :
CTC_NAME_SIZE - 1;
strncpy(cn->unit, decoded.subjectOU, CTC_NAME_SIZE);
cn->unit[sz] = 0;
cn->unitEnc = decoded.subjectOUEnc;
}
if (decoded.subjectSN) {
sz = (decoded.subjectSNLen < CTC_NAME_SIZE) ? decoded.subjectSNLen :
CTC_NAME_SIZE - 1;
strncpy(cn->sur, decoded.subjectSN, CTC_NAME_SIZE);
cn->sur[sz] = 0;
cn->surEnc = decoded.subjectSNEnc;
}
if (decoded.subjectEmail) {
sz = (decoded.subjectEmailLen < CTC_NAME_SIZE) ?

244
ctaocrypt/src/chacha.c Normal file
View File

@@ -0,0 +1,244 @@
/* chacha.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
* chacha-ref.c version 20080118
* D. J. Bernstein
* Public domain.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#ifdef HAVE_CHACHA
#include <cyassl/ctaocrypt/chacha.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#include <cyassl/ctaocrypt/logging.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
#else
#include <ctaocrypt/src/misc.c>
#endif
#ifdef CHACHA_AEAD_TEST
#include <stdio.h>
#endif
#ifdef BIG_ENDIAN_ORDER
#define LITTLE32(x) ByteReverseWord32(x)
#else
#define LITTLE32(x) (x)
#endif
/* Number of rounds */
#define ROUNDS 20
#define U32C(v) (v##U)
#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF))
#define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0])
#define ROTATE(v,c) rotlFixed(v, c)
#define XOR(v,w) ((v) ^ (w))
#define PLUS(v,w) (U32V((v) + (w)))
#define PLUSONE(v) (PLUS((v),1))
#define QUARTERROUND(a,b,c,d) \
x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \
x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \
x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \
x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7);
/**
* Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version
* uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB.
*/
int Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
{
word32 temp[3]; /* used for alignment of memory */
XMEMSET(temp, 0, 12);
#ifdef CHACHA_AEAD_TEST
int k;
printf("NONCE : ");
for (k = 0; k < 12; k++) {
printf("%02x", nonce[k]);
}
printf("\n");
#endif
XMEMCPY(temp, inIv, 12);
ctx->X[12] = counter; /* block counter */
ctx->X[13] = temp[0]; /* fixed variable from nonce */
ctx->X[14] = temp[1]; /* counter from nonce */
ctx->X[15] = temp[2]; /* counter from nonce */
return 0;
}
/* "expand 32-byte k" as unsigned 32 byte */
static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574};
/* "expand 16-byte k" as unsigned 16 byte */
static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574};
/**
* Key setup. 8 word iv (nonce)
*/
int Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
{
const word32* constants;
const byte* k;
if (ctx == NULL)
return BAD_FUNC_ARG;
#ifdef XSTREAM_ALIGN
word32 alignKey[4];
if ((word)key % 4) {
CYASSL_MSG("ChachaSetKey unaligned key");
XMEMCPY(alignKey, key, sizeof(alignKey));
k = (byte*)alignKey;
}
else {
k = key;
}
#else
k = key;
#endif /* XSTREAM_ALIGN */
#ifdef CHACHA_AEAD_TEST
int k;
printf("ChaCha key used : ");
for (k = 0; k < keySz; k++) {
printf("%02x", key[k]);
}
printf("\n");
#endif
ctx->X[4] = U8TO32_LITTLE(k + 0);
ctx->X[5] = U8TO32_LITTLE(k + 4);
ctx->X[6] = U8TO32_LITTLE(k + 8);
ctx->X[7] = U8TO32_LITTLE(k + 12);
if (keySz == 32) {
k += 16;
constants = sigma;
}
else {
/* key size of 128 */
if (keySz != 16)
return BAD_FUNC_ARG;
constants = tau;
}
ctx->X[ 8] = U8TO32_LITTLE(k + 0);
ctx->X[ 9] = U8TO32_LITTLE(k + 4);
ctx->X[10] = U8TO32_LITTLE(k + 8);
ctx->X[11] = U8TO32_LITTLE(k + 12);
ctx->X[ 0] = U8TO32_LITTLE(constants + 0);
ctx->X[ 1] = U8TO32_LITTLE(constants + 1);
ctx->X[ 2] = U8TO32_LITTLE(constants + 2);
ctx->X[ 3] = U8TO32_LITTLE(constants + 3);
return 0;
}
/**
* Converts word into bytes with rotations having been done.
*/
static INLINE void Chacha_wordtobyte(word32 output[16], const word32 input[16])
{
word32 x[16];
word32 i;
for (i = 0; i < 16; i++) {
x[i] = input[i];
}
for (i = (ROUNDS); i > 0; i -= 2) {
QUARTERROUND(0, 4, 8, 12)
QUARTERROUND(1, 5, 9, 13)
QUARTERROUND(2, 6, 10, 14)
QUARTERROUND(3, 7, 11, 15)
QUARTERROUND(0, 5, 10, 15)
QUARTERROUND(1, 6, 11, 12)
QUARTERROUND(2, 7, 8, 13)
QUARTERROUND(3, 4, 9, 14)
}
for (i = 0; i < 16; i++) {
x[i] = PLUS(x[i], input[i]);
}
for (i = 0; i < 16; i++) {
output[i] = LITTLE32(x[i]);
}
}
/**
* Encrypt a stream of bytes
*/
static void Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
word32 bytes)
{
byte* output;
word32 temp[16]; /* used to make sure aligned */
word32 i;
output = (byte*)temp;
if (!bytes) return;
for (;;) {
Chacha_wordtobyte(temp, ctx->X);
ctx->X[12] = PLUSONE(ctx->X[12]);
if (bytes <= 64) {
for (i = 0; i < bytes; ++i) {
c[i] = m[i] ^ output[i];
}
return;
}
for (i = 0; i < 64; ++i) {
c[i] = m[i] ^ output[i];
}
bytes -= 64;
c += 64;
m += 64;
}
}
/**
* API to encrypt/decrypt a message of any size.
*/
int Chacha_Process(ChaCha* ctx, byte* output, const byte* input, word32 msglen)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
Chacha_encrypt_bytes(ctx, input, output, msglen);
return 0;
}
#endif /* HAVE_CHACHA*/

60
ctaocrypt/src/des3.c
View File

@@ -34,7 +34,6 @@
#include <cyassl/ctaocrypt/des3.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#include <cyassl/ctaocrypt/logging.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
@@ -170,22 +169,19 @@
CRYP_Cmd(DISABLE);
}
int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_CBC);
return 0;
}
int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des, out, in, sz, DES_DECRYPTION, DES_CBC);
return 0;
}
int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_ECB);
return 0;
}
void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz,
@@ -393,16 +389,14 @@ static void Des_Cbc(byte* out, const byte* in, word32 sz,
}
int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_ENCRYPT) ;
return 0;
}
int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
Des_Cbc(out, in, sz, (byte *)des->key, (byte *)des->reg, SEC_DESC_DES_CBC_DECRYPT) ;
return 0;
}
int Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz)
@@ -562,7 +556,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
return ret;
}
int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
int i;
int offset = 0;
@@ -572,11 +566,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
iv = (byte*)des->reg;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad cau_des_encrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
@@ -594,10 +583,10 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
}
return 0;
return;
}
int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
int i;
int offset = 0;
@@ -607,11 +596,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
iv = (byte*)des->reg;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad cau_des_decrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
@@ -629,7 +613,7 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
offset += DES_BLOCK_SIZE;
}
return 0;
return;
}
int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
@@ -643,11 +627,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
iv = (byte*)des->reg;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad 3ede cau_des_encrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
@@ -681,11 +660,6 @@ int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir)
iv = (byte*)des->reg;
if ((word)out % CYASSL_MMCAU_ALIGNMENT) {
CYASSL_MSG("Bad 3ede cau_des_decrypt alignment");
return BAD_ALIGN_E;
}
while (len > 0)
{
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
@@ -819,18 +793,16 @@ int Des3_SetIV(Des3* des, const byte* iv);
ByteReverseWords((word32*)out, (word32 *)KVA0_TO_KVA1(out), sz);
}
int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des->key, des->reg, out, in, sz,
PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC );
return 0;
}
int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
DesCrypt(des->key, des->reg, out, in, sz,
PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
return 0;
}
int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
@@ -1278,7 +1250,7 @@ static void Des3ProcessBlock(Des3* des, const byte* in, byte* out)
}
int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
@@ -1290,11 +1262,10 @@ int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
out += DES_BLOCK_SIZE;
in += DES_BLOCK_SIZE;
}
return 0;
}
int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
byte hold[DES_BLOCK_SIZE];
@@ -1311,7 +1282,6 @@ int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
out += DES_BLOCK_SIZE;
in += DES_BLOCK_SIZE;
}
return 0;
}
@@ -1362,7 +1332,7 @@ int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
#ifdef CYASSL_DES_ECB
/* One block, compatibility only */
int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
@@ -1372,7 +1342,6 @@ int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
out += DES_BLOCK_SIZE;
in += DES_BLOCK_SIZE;
}
return 0;
}
#endif /* CYASSL_DES_ECB */
@@ -1401,6 +1370,7 @@ int Des3_SetIV(Des3* des, const byte* iv)
#ifdef HAVE_CAVIUM
#include <cyassl/ctaocrypt/logging.h>
#include "cavium_common.h"
/* Initiliaze Des3 for use with Nitrox device */

265
ctaocrypt/src/error.c
View File

@@ -22,7 +22,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ctaocrypt/error-crypt.h>
@@ -32,261 +32,334 @@
#pragma warning(disable: 4996)
#endif
const char* CTaoCryptGetErrorString(int error)
void CTaoCryptErrorString(int error, char* buffer)
{
const int max = CYASSL_MAX_ERROR_SZ; /* shorthand */
#ifdef NO_ERROR_STRINGS
(void)error;
return "no support for error strings built in";
XSTRNCPY(buffer, "no support for error strings built in", max);
#else
switch (error) {
case OPEN_RAN_E :
return "opening random device error";
case OPEN_RAN_E :
XSTRNCPY(buffer, "opening random device error", max);
break;
case READ_RAN_E :
return "reading random device error";
XSTRNCPY(buffer, "reading random device error", max);
break;
case WINCRYPT_E :
return "windows crypt init error";
XSTRNCPY(buffer, "windows crypt init error", max);
break;
case CRYPTGEN_E :
return "windows crypt generation error";
case CRYPTGEN_E :
XSTRNCPY(buffer, "windows crypt generation error", max);
break;
case RAN_BLOCK_E :
return "random device read would block error";
case RAN_BLOCK_E :
XSTRNCPY(buffer, "random device read would block error", max);
break;
case BAD_MUTEX_E :
return "Bad mutex, operation failed";
case BAD_MUTEX_E :
XSTRNCPY(buffer, "Bad mutex, operation failed", max);
break;
case MP_INIT_E :
return "mp_init error state";
XSTRNCPY(buffer, "mp_init error state", max);
break;
case MP_READ_E :
return "mp_read error state";
XSTRNCPY(buffer, "mp_read error state", max);
break;
case MP_EXPTMOD_E :
return "mp_exptmod error state";
XSTRNCPY(buffer, "mp_exptmod error state", max);
break;
case MP_TO_E :
return "mp_to_xxx error state, can't convert";
XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max);
break;
case MP_SUB_E :
return "mp_sub error state, can't subtract";
XSTRNCPY(buffer, "mp_sub error state, can't subtract", max);
break;
case MP_ADD_E :
return "mp_add error state, can't add";
XSTRNCPY(buffer, "mp_add error state, can't add", max);
break;
case MP_MUL_E :
return "mp_mul error state, can't multiply";
XSTRNCPY(buffer, "mp_mul error state, can't multiply", max);
break;
case MP_MULMOD_E :
return "mp_mulmod error state, can't multiply mod";
XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max);
break;
case MP_MOD_E :
return "mp_mod error state, can't mod";
XSTRNCPY(buffer, "mp_mod error state, can't mod", max);
break;
case MP_INVMOD_E :
return "mp_invmod error state, can't inv mod";
XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max);
break;
case MP_CMP_E :
return "mp_cmp error state";
XSTRNCPY(buffer, "mp_cmp error state", max);
break;
case MP_ZERO_E :
return "mp zero result, not expected";
XSTRNCPY(buffer, "mp zero result, not expected", max);
break;
case MEMORY_E :
return "out of memory error";
XSTRNCPY(buffer, "out of memory error", max);
break;
case RSA_WRONG_TYPE_E :
return "RSA wrong block type for RSA function";
XSTRNCPY(buffer, "RSA wrong block type for RSA function", max);
break;
case RSA_BUFFER_E :
return "RSA buffer error, output too small or input too big";
XSTRNCPY(buffer, "RSA buffer error, output too small or input too big",
max);
break;
case BUFFER_E :
return "Buffer error, output too small or input too big";
XSTRNCPY(buffer, "Buffer error, output too small or input too big",max);
break;
case ALGO_ID_E :
return "Setting Cert AlogID error";
XSTRNCPY(buffer, "Setting Cert AlogID error", max);
break;
case PUBLIC_KEY_E :
return "Setting Cert Public Key error";
XSTRNCPY(buffer, "Setting Cert Public Key error", max);
break;
case DATE_E :
return "Setting Cert Date validity error";
XSTRNCPY(buffer, "Setting Cert Date validity error", max);
break;
case SUBJECT_E :
return "Setting Cert Subject name error";
XSTRNCPY(buffer, "Setting Cert Subject name error", max);
break;
case ISSUER_E :
return "Setting Cert Issuer name error";
XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
break;
case CA_TRUE_E :
return "Setting basic constraint CA true error";
XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
break;
case EXTENSIONS_E :
return "Setting extensions error";
XSTRNCPY(buffer, "Setting extensions error", max);
break;
case ASN_PARSE_E :
return "ASN parsing error, invalid input";
XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
break;
case ASN_VERSION_E :
return "ASN version error, invalid number";
XSTRNCPY(buffer, "ASN version error, invalid number", max);
break;
case ASN_GETINT_E :
return "ASN get big int error, invalid data";
XSTRNCPY(buffer, "ASN get big int error, invalid data", max);
break;
case ASN_RSA_KEY_E :
return "ASN key init error, invalid input";
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
break;
case ASN_OBJECT_ID_E :
return "ASN object id error, invalid id";
XSTRNCPY(buffer, "ASN object id error, invalid id", max);
break;
case ASN_TAG_NULL_E :
return "ASN tag error, not null";
XSTRNCPY(buffer, "ASN tag error, not null", max);
break;
case ASN_EXPECT_0_E :
return "ASN expect error, not zero";
XSTRNCPY(buffer, "ASN expect error, not zero", max);
break;
case ASN_BITSTR_E :
return "ASN bit string error, wrong id";
XSTRNCPY(buffer, "ASN bit string error, wrong id", max);
break;
case ASN_UNKNOWN_OID_E :
return "ASN oid error, unknown sum id";
XSTRNCPY(buffer, "ASN oid error, unknown sum id", max);
break;
case ASN_DATE_SZ_E :
return "ASN date error, bad size";
XSTRNCPY(buffer, "ASN date error, bad size", max);
break;
case ASN_BEFORE_DATE_E :
return "ASN date error, current date before";
XSTRNCPY(buffer, "ASN date error, current date before", max);
break;
case ASN_AFTER_DATE_E :
return "ASN date error, current date after";
XSTRNCPY(buffer, "ASN date error, current date after", max);
break;
case ASN_SIG_OID_E :
return "ASN signature error, mismatched oid";
XSTRNCPY(buffer, "ASN signature error, mismatched oid", max);
break;
case ASN_TIME_E :
return "ASN time error, unkown time type";
XSTRNCPY(buffer, "ASN time error, unkown time type", max);
break;
case ASN_INPUT_E :
return "ASN input error, not enough data";
XSTRNCPY(buffer, "ASN input error, not enough data", max);
break;
case ASN_SIG_CONFIRM_E :
return "ASN sig error, confirm failure";
XSTRNCPY(buffer, "ASN sig error, confirm failure", max);
break;
case ASN_SIG_HASH_E :
return "ASN sig error, unsupported hash type";
XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max);
break;
case ASN_SIG_KEY_E :
return "ASN sig error, unsupported key type";
XSTRNCPY(buffer, "ASN sig error, unsupported key type", max);
break;
case ASN_DH_KEY_E :
return "ASN key init error, invalid input";
XSTRNCPY(buffer, "ASN key init error, invalid input", max);
break;
case ASN_NTRU_KEY_E :
return "ASN NTRU key decode error, invalid input";
XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max);
break;
case ASN_CRIT_EXT_E:
return "X.509 Critical extension ignored";
XSTRNCPY(buffer, "X.509 Critical extension ignored", max);
break;
case ECC_BAD_ARG_E :
return "ECC input argument wrong type, invalid input";
XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max);
break;
case ASN_ECC_KEY_E :
return "ECC ASN1 bad key data, invalid input";
XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max);
break;
case ECC_CURVE_OID_E :
return "ECC curve sum OID unsupported, invalid input";
XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max);
break;
case BAD_FUNC_ARG :
return "Bad function argument";
XSTRNCPY(buffer, "Bad function argument", max);
break;
case NOT_COMPILED_IN :
return "Feature not compiled in";
XSTRNCPY(buffer, "Feature not compiled in", max);
break;
case UNICODE_SIZE_E :
return "Unicode password too big";
XSTRNCPY(buffer, "Unicode password too big", max);
break;
case NO_PASSWORD :
return "No password provided by user";
XSTRNCPY(buffer, "No password provided by user", max);
break;
case ALT_NAME_E :
return "Alt Name problem, too big";
XSTRNCPY(buffer, "Alt Name problem, too big", max);
break;
case AES_GCM_AUTH_E:
return "AES-GCM Authentication check fail";
XSTRNCPY(buffer, "AES-GCM Authentication check fail", max);
break;
case AES_CCM_AUTH_E:
return "AES-CCM Authentication check fail";
XSTRNCPY(buffer, "AES-CCM Authentication check fail", max);
break;
case CAVIUM_INIT_E:
return "Cavium Init type error";
XSTRNCPY(buffer, "Cavium Init type error", max);
break;
case COMPRESS_INIT_E:
return "Compress Init error";
XSTRNCPY(buffer, "Compress Init error", max);
break;
case COMPRESS_E:
return "Compress error";
XSTRNCPY(buffer, "Compress error", max);
break;
case DECOMPRESS_INIT_E:
return "DeCompress Init error";
XSTRNCPY(buffer, "DeCompress Init error", max);
break;
case DECOMPRESS_E:
return "DeCompress error";
XSTRNCPY(buffer, "DeCompress error", max);
break;
case BAD_ALIGN_E:
return "Bad alignment error, no alloc help";
XSTRNCPY(buffer, "Bad alignment error, no alloc help", max);
break;
case ASN_NO_SIGNER_E :
return "ASN no signer error to confirm failure";
XSTRNCPY(buffer, "ASN no signer error to confirm failure", max);
break;
case ASN_CRL_CONFIRM_E :
return "ASN CRL sig error, confirm failure";
XSTRNCPY(buffer, "ASN CRL sig error, confirm failure", max);
break;
case ASN_CRL_NO_SIGNER_E :
return "ASN CRL no signer error to confirm failure";
XSTRNCPY(buffer, "ASN CRL no signer error to confirm failure", max);
break;
case ASN_OCSP_CONFIRM_E :
return "ASN OCSP sig error, confirm failure";
XSTRNCPY(buffer, "ASN OCSP sig error, confirm failure", max);
break;
case BAD_ENC_STATE_E:
return "Bad ecc encrypt state operation";
XSTRNCPY(buffer, "Bad ecc encrypt state operation", max);
break;
case BAD_PADDING_E:
return "Bad padding, message wrong length";
XSTRNCPY(buffer, "Bad padding, message wrong length", max);
break;
case REQ_ATTRIBUTE_E:
return "Setting cert request attributes error";
XSTRNCPY(buffer, "Setting cert request attributes error", max);
break;
case PKCS7_OID_E:
return "PKCS#7 error: mismatched OID value";
XSTRNCPY(buffer, "PKCS#7 error: mismatched OID value", max);
break;
case PKCS7_RECIP_E:
return "PKCS#7 error: no matching recipient found";
XSTRNCPY(buffer, "PKCS#7 error: no matching recipient found", max);
break;
case FIPS_NOT_ALLOWED_E:
return "FIPS mode not allowed error";
XSTRNCPY(buffer, "FIPS mode not allowed error", max);
break;
case ASN_NAME_INVALID_E:
return "Name Constraint error";
case RNG_FAILURE_E:
return "Random Number Generator failed";
XSTRNCPY(buffer, "Name Constraint error", max);
break;
default:
return "unknown error number";
XSTRNCPY(buffer, "unknown error number", max);
}
#endif /* NO_ERROR_STRINGS */
}
void CTaoCryptErrorString(int error, char* buffer)
{
XSTRNCPY(buffer, CTaoCryptGetErrorString(error), CYASSL_MAX_ERROR_SZ);
}

3
ctaocrypt/src/include.am
View File

@@ -2,8 +2,7 @@
# All paths should be given relative to the root
EXTRA_DIST += ctaocrypt/src/misc.c
EXTRA_DIST += ctaocrypt/src/asm.c
EXTRA_DIST += ctaocrypt/src/aes_asm.asm
EXTRA_DIST += ctaocrypt/src/asm.c
EXTRA_DIST += \
ctaocrypt/src/ecc_fp.c \

14
ctaocrypt/src/integer.c
View File

@@ -1854,15 +1854,15 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
}
/* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times*/
if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) {
goto LBL_RES;
}
for (x = 0; x < (winsize - 1); x++) {
if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
if ((err = mp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)])) != MP_OKAY) {
goto LBL_RES;
}
if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, mp)) != MP_OKAY) {
if ((err = redux (&M[1 << (winsize - 1)], P, mp)) != MP_OKAY) {
goto LBL_RES;
}
}
@@ -3250,19 +3250,19 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
/* compute the value at M[1<<(winsize-1)] by squaring
* M[1] (winsize-1) times
*/
if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) {
goto LBL_MU;
}
for (x = 0; x < (winsize - 1); x++) {
/* square it */
if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))],
&M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
if ((err = mp_sqr (&M[1 << (winsize - 1)],
&M[1 << (winsize - 1)])) != MP_OKAY) {
goto LBL_MU;
}
/* reduce modulo P */
if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, &mu)) != MP_OKAY) {
if ((err = redux (&M[1 << (winsize - 1)], P, &mu)) != MP_OKAY) {
goto LBL_MU;
}
}

2
ctaocrypt/src/misc.c
View File

@@ -45,8 +45,6 @@
#include <stdlib.h> /* get intrinsic definitions */
/* for non visual studio probably need no long version, 32 bit only
* i.e., _rotl and _rotr */
#pragma intrinsic(_lrotl, _lrotr)
STATIC INLINE word32 rotlFixed(word32 x, word32 y)

521
ctaocrypt/src/poly1305.c Normal file
View File

@@ -0,0 +1,521 @@
/* poly1305.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifdef HAVE_POLY1305
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ctaocrypt/poly1305.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#include <cyassl/ctaocrypt/logging.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
#else
#include <ctaocrypt/src/misc.c>
#endif
#ifdef _MSC_VER
/* 4127 warning constant while(1) */
#pragma warning(disable: 4127)
#endif
#ifdef BIG_ENDIAN_ORDER
#define LITTLE32(x) ByteReverseWord32(x)
#else
#define LITTLE32(x) (x)
#endif
#ifdef POLY130564
#if defined(_MSC_VER)
#define POLY1305_NOINLINE __declspec(noinline)
#elif defined(__GNUC__)
#define POLY1305_NOINLINE __attribute__((noinline))
#else
#define POLY1305_NOINLINE
#endif
#if defined(_MSC_VER)
#include <intrin.h>
typedef struct word128 {
word64 lo;
word64 hi;
} word128;
#define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi)
#define ADD(out, in) { word64 t = out.lo; out.lo += in.lo;
out.hi += (out.lo < t) + in.hi; }
#define ADDLO(out, in) { word64 t = out.lo; out.lo += in;
out.hi += (out.lo < t); }
#define SHR(in, shift) (__shiftright128(in.lo, in.hi, (shift)))
#define LO(in) (in.lo)
#elif defined(__GNUC__)
#if defined(__SIZEOF_INT128__)
typedef unsigned __int128 word128;
#else
typedef unsigned word128 __attribute__((mode(TI)));
#endif
#define MUL(out, x, y) out = ((word128)x * y)
#define ADD(out, in) out += in
#define ADDLO(out, in) out += in
#define SHR(in, shift) (word64)(in >> (shift))
#define LO(in) (word64)(in)
#endif
static word64 U8TO64(const byte* p) {
return
(((word64)(p[0] & 0xff) ) |
((word64)(p[1] & 0xff) << 8) |
((word64)(p[2] & 0xff) << 16) |
((word64)(p[3] & 0xff) << 24) |
((word64)(p[4] & 0xff) << 32) |
((word64)(p[5] & 0xff) << 40) |
((word64)(p[6] & 0xff) << 48) |
((word64)(p[7] & 0xff) << 56));
}
static void U64TO8(byte* p, word64 v) {
p[0] = (v ) & 0xff;
p[1] = (v >> 8) & 0xff;
p[2] = (v >> 16) & 0xff;
p[3] = (v >> 24) & 0xff;
p[4] = (v >> 32) & 0xff;
p[5] = (v >> 40) & 0xff;
p[6] = (v >> 48) & 0xff;
p[7] = (v >> 56) & 0xff;
}
#else /* if not 64 bit then use 32 bit */
static word32 U8TO32(const byte *p) {
return
(((word32)(p[0] & 0xff) ) |
((word32)(p[1] & 0xff) << 8) |
((word32)(p[2] & 0xff) << 16) |
((word32)(p[3] & 0xff) << 24));
}
static void U32TO8(byte *p, word32 v) {
p[0] = (v ) & 0xff;
p[1] = (v >> 8) & 0xff;
p[2] = (v >> 16) & 0xff;
p[3] = (v >> 24) & 0xff;
}
#endif
int Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) {
if (keySz != 32)
return 1;
#ifdef CHACHA_AEAD_TEST
int k;
printf("Poly key used: ");
for (k = 0; k < keySz; k++)
printf("%02x", key[k]);
printf("\n");
#endif
#ifdef POLY130564
word64 t0,t1;
/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
t0 = U8TO64(key + 0);
t1 = U8TO64(key + 8);
ctx->r[0] = ( t0 ) & 0xffc0fffffff;
ctx->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff;
ctx->r[2] = ((t1 >> 24) ) & 0x00ffffffc0f;
/* h (accumulator) = 0 */
ctx->h[0] = 0;
ctx->h[1] = 0;
ctx->h[2] = 0;
/* save pad for later */
ctx->pad[0] = U8TO64(key + 16);
ctx->pad[1] = U8TO64(key + 24);
#else /* if not 64 bit then use 32 bit */
/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
ctx->r[0] = (U8TO32(key + 0) ) & 0x3ffffff;
ctx->r[1] = (U8TO32(key + 3) >> 2) & 0x3ffff03;
ctx->r[2] = (U8TO32(key + 6) >> 4) & 0x3ffc0ff;
ctx->r[3] = (U8TO32(key + 9) >> 6) & 0x3f03fff;
ctx->r[4] = (U8TO32(key + 12) >> 8) & 0x00fffff;
/* h = 0 */
ctx->h[0] = 0;
ctx->h[1] = 0;
ctx->h[2] = 0;
ctx->h[3] = 0;
ctx->h[4] = 0;
/* save pad for later */
ctx->pad[0] = U8TO32(key + 16);
ctx->pad[1] = U8TO32(key + 20);
ctx->pad[2] = U8TO32(key + 24);
ctx->pad[3] = U8TO32(key + 28);
#endif
ctx->leftover = 0;
ctx->final = 0;
return 0;
}
static void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
size_t bytes) {
#ifdef POLY130564
const word64 hibit = (ctx->final) ? 0 : ((word64)1 << 40); /* 1 << 128 */
word64 r0,r1,r2;
word64 s1,s2;
word64 h0,h1,h2;
word64 c;
word128 d0,d1,d2,d;
r0 = ctx->r[0];
r1 = ctx->r[1];
r2 = ctx->r[2];
h0 = ctx->h[0];
h1 = ctx->h[1];
h2 = ctx->h[2];
s1 = r1 * (5 << 2);
s2 = r2 * (5 << 2);
while (bytes >= POLY1305_BLOCK_SIZE) {
word64 t0,t1;
/* h += m[i] */
t0 = U8TO64(&m[0]);
t1 = U8TO64(&m[8]);
h0 += (( t0 ) & 0xfffffffffff);
h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff);
h2 += (((t1 >> 24) ) & 0x3ffffffffff) | hibit;
/* h *= r */
MUL(d0, h0, r0); MUL(d, h1, s2); ADD(d0, d); MUL(d, h2, s1); ADD(d0, d);
MUL(d1, h0, r1); MUL(d, h1, r0); ADD(d1, d); MUL(d, h2, s2); ADD(d1, d);
MUL(d2, h0, r2); MUL(d, h1, r1); ADD(d2, d); MUL(d, h2, r0); ADD(d2, d);
/* (partial) h %= p */
c = SHR(d0, 44); h0 = LO(d0) & 0xfffffffffff;
ADDLO(d1, c); c = SHR(d1, 44); h1 = LO(d1) & 0xfffffffffff;
ADDLO(d2, c); c = SHR(d2, 42); h2 = LO(d2) & 0x3ffffffffff;
h0 += c * 5; c = (h0 >> 44); h0 = h0 & 0xfffffffffff;
h1 += c;
m += POLY1305_BLOCK_SIZE;
bytes -= POLY1305_BLOCK_SIZE;
}
ctx->h[0] = h0;
ctx->h[1] = h1;
ctx->h[2] = h2;
#else /* if not 64 bit then use 32 bit */
const word32 hibit = (ctx->final) ? 0 : (1 << 24); /* 1 << 128 */
word32 r0,r1,r2,r3,r4;
word32 s1,s2,s3,s4;
word32 h0,h1,h2,h3,h4;
word64 d0,d1,d2,d3,d4;
word32 c;
r0 = ctx->r[0];
r1 = ctx->r[1];
r2 = ctx->r[2];
r3 = ctx->r[3];
r4 = ctx->r[4];
s1 = r1 * 5;
s2 = r2 * 5;
s3 = r3 * 5;
s4 = r4 * 5;
h0 = ctx->h[0];
h1 = ctx->h[1];
h2 = ctx->h[2];
h3 = ctx->h[3];
h4 = ctx->h[4];
while (bytes >= POLY1305_BLOCK_SIZE) {
/* h += m[i] */
h0 += (U8TO32(m+ 0) ) & 0x3ffffff;
h1 += (U8TO32(m+ 3) >> 2) & 0x3ffffff;
h2 += (U8TO32(m+ 6) >> 4) & 0x3ffffff;
h3 += (U8TO32(m+ 9) >> 6) & 0x3ffffff;
h4 += (U8TO32(m+12) >> 8) | hibit;
/* h *= r */
d0 = ((word64)h0 * r0) + ((word64)h1 * s4) + ((word64)h2 * s3) +
((word64)h3 * s2) + ((word64)h4 * s1);
d1 = ((word64)h0 * r1) + ((word64)h1 * r0) + ((word64)h2 * s4) +
((word64)h3 * s3) + ((word64)h4 * s2);
d2 = ((word64)h0 * r2) + ((word64)h1 * r1) + ((word64)h2 * r0) +
((word64)h3 * s4) + ((word64)h4 * s3);
d3 = ((word64)h0 * r3) + ((word64)h1 * r2) + ((word64)h2 * r1) +
((word64)h3 * r0) + ((word64)h4 * s4);
d4 = ((word64)h0 * r4) + ((word64)h1 * r3) + ((word64)h2 * r2) +
((word64)h3 * r1) + ((word64)h4 * r0);
/* (partial) h %= p */
c = (word32)(d0 >> 26); h0 = (word32)d0 & 0x3ffffff;
d1 += c; c = (word32)(d1 >> 26); h1 = (word32)d1 & 0x3ffffff;
d2 += c; c = (word32)(d2 >> 26); h2 = (word32)d2 & 0x3ffffff;
d3 += c; c = (word32)(d3 >> 26); h3 = (word32)d3 & 0x3ffffff;
d4 += c; c = (word32)(d4 >> 26); h4 = (word32)d4 & 0x3ffffff;
h0 += c * 5; c = (h0 >> 26); h0 = h0 & 0x3ffffff;
h1 += c;
m += POLY1305_BLOCK_SIZE;
bytes -= POLY1305_BLOCK_SIZE;
}
ctx->h[0] = h0;
ctx->h[1] = h1;
ctx->h[2] = h2;
ctx->h[3] = h3;
ctx->h[4] = h4;
#endif
}
int Poly1305Final(Poly1305* ctx, byte* mac) {
#ifdef POLY130564
word64 h0,h1,h2,c;
word64 g0,g1,g2;
word64 t0,t1;
/* process the remaining block */
if (ctx->leftover) {
size_t i = ctx->leftover;
ctx->buffer[i] = 1;
for (i = i + 1; i < POLY1305_BLOCK_SIZE; i++)
ctx->buffer[i] = 0;
ctx->final = 1;
poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE);
}
/* fully carry h */
h0 = ctx->h[0];
h1 = ctx->h[1];
h2 = ctx->h[2];
c = (h1 >> 44); h1 &= 0xfffffffffff;
h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff;
h0 += c * 5; c = (h0 >> 44); h0 &= 0xfffffffffff;
h1 += c; c = (h1 >> 44); h1 &= 0xfffffffffff;
h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff;
h0 += c * 5; c = (h0 >> 44); h0 &= 0xfffffffffff;
h1 += c;
/* compute h + -p */
g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff;
g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff;
g2 = h2 + c - ((word64)1 << 42);
/* select h if h < p, or h + -p if h >= p */
c = (g2 >> ((sizeof(word64) * 8) - 1)) - 1;
g0 &= c;
g1 &= c;
g2 &= c;
c = ~c;
h0 = (h0 & c) | g0;
h1 = (h1 & c) | g1;
h2 = (h2 & c) | g2;
/* h = (h + pad) */
t0 = ctx->pad[0];
t1 = ctx->pad[1];
h0 += (( t0 ) & 0xfffffffffff) ;
c = (h0 >> 44); h0 &= 0xfffffffffff;
h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff) + c;
c = (h1 >> 44); h1 &= 0xfffffffffff;
h2 += (((t1 >> 24) ) & 0x3ffffffffff) + c;
h2 &= 0x3ffffffffff;
/* mac = h % (2^128) */
h0 = ((h0 ) | (h1 << 44));
h1 = ((h1 >> 20) | (h2 << 24));
U64TO8(mac + 0, h0);
U64TO8(mac + 8, h1);
/* zero out the state */
ctx->h[0] = 0;
ctx->h[1] = 0;
ctx->h[2] = 0;
ctx->r[0] = 0;
ctx->r[1] = 0;
ctx->r[2] = 0;
ctx->pad[0] = 0;
ctx->pad[1] = 0;
#else /* if not 64 bit then use 32 bit */
word32 h0,h1,h2,h3,h4,c;
word32 g0,g1,g2,g3,g4;
word64 f;
word32 mask;
/* process the remaining block */
if (ctx->leftover) {
size_t i = ctx->leftover;
ctx->buffer[i++] = 1;
for (; i < POLY1305_BLOCK_SIZE; i++)
ctx->buffer[i] = 0;
ctx->final = 1;
poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE);
}
/* fully carry h */
h0 = ctx->h[0];
h1 = ctx->h[1];
h2 = ctx->h[2];
h3 = ctx->h[3];
h4 = ctx->h[4];
c = h1 >> 26; h1 = h1 & 0x3ffffff;
h2 += c; c = h2 >> 26; h2 = h2 & 0x3ffffff;
h3 += c; c = h3 >> 26; h3 = h3 & 0x3ffffff;
h4 += c; c = h4 >> 26; h4 = h4 & 0x3ffffff;
h0 += c * 5; c = h0 >> 26; h0 = h0 & 0x3ffffff;
h1 += c;
/* compute h + -p */
g0 = h0 + 5; c = g0 >> 26; g0 &= 0x3ffffff;
g1 = h1 + c; c = g1 >> 26; g1 &= 0x3ffffff;
g2 = h2 + c; c = g2 >> 26; g2 &= 0x3ffffff;
g3 = h3 + c; c = g3 >> 26; g3 &= 0x3ffffff;
g4 = h4 + c - (1 << 26);
/* select h if h < p, or h + -p if h >= p */
mask = (g4 >> ((sizeof(word32) * 8) - 1)) - 1;
g0 &= mask;
g1 &= mask;
g2 &= mask;
g3 &= mask;
g4 &= mask;
mask = ~mask;
h0 = (h0 & mask) | g0;
h1 = (h1 & mask) | g1;
h2 = (h2 & mask) | g2;
h3 = (h3 & mask) | g3;
h4 = (h4 & mask) | g4;
/* h = h % (2^128) */
h0 = ((h0 ) | (h1 << 26)) & 0xffffffff;
h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff;
h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff;
h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff;
/* mac = (h + pad) % (2^128) */
f = (word64)h0 + ctx->pad[0] ; h0 = (word64)f;
f = (word64)h1 + ctx->pad[1] + (f >> 32); h1 = (word64)f;
f = (word64)h2 + ctx->pad[2] + (f >> 32); h2 = (word64)f;
f = (word64)h3 + ctx->pad[3] + (f >> 32); h3 = (word64)f;
U32TO8(mac + 0, h0);
U32TO8(mac + 4, h1);
U32TO8(mac + 8, h2);
U32TO8(mac + 12, h3);
/* zero out the state */
ctx->h[0] = 0;
ctx->h[1] = 0;
ctx->h[2] = 0;
ctx->h[3] = 0;
ctx->h[4] = 0;
ctx->r[0] = 0;
ctx->r[1] = 0;
ctx->r[2] = 0;
ctx->r[3] = 0;
ctx->r[4] = 0;
ctx->pad[0] = 0;
ctx->pad[1] = 0;
ctx->pad[2] = 0;
ctx->pad[3] = 0;
#endif
return 0;
}
int Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) {
size_t i;
#ifdef CHACHA_AEAD_TEST
int k;
printf("Raw input to poly: ");
for (k = 0; k < bytes; k++)
printf("%02x", m[k]);
printf("\n");
#endif
/* handle leftover */
if (ctx->leftover) {
size_t want = (POLY1305_BLOCK_SIZE - ctx->leftover);
if (want > bytes)
want = bytes;
for (i = 0; i < want; i++)
ctx->buffer[ctx->leftover + i] = m[i];
bytes -= want;
m += want;
ctx->leftover += want;
if (ctx->leftover < POLY1305_BLOCK_SIZE)
return 0;
poly1305_blocks(ctx, ctx->buffer, POLY1305_BLOCK_SIZE);
ctx->leftover = 0;
}
/* process full blocks */
if (bytes >= POLY1305_BLOCK_SIZE) {
size_t want = (bytes & ~(POLY1305_BLOCK_SIZE - 1));
poly1305_blocks(ctx, m, want);
m += want;
bytes -= want;
}
/* store leftover */
if (bytes) {
for (i = 0; i < bytes; i++)
ctx->buffer[ctx->leftover + i] = m[i];
ctx->leftover += bytes;
}
return 0;
}
#endif /* HAVE_POLY1305 */

436
ctaocrypt/src/port.c Normal file
View File

@@ -0,0 +1,436 @@
/* port.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ctaocrypt/types.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#ifdef _MSC_VER
/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
#pragma warning(disable: 4996)
#endif
#ifdef SINGLE_THREADED
int InitMutex(CyaSSL_Mutex* m)
{
(void)m;
return 0;
}
int FreeMutex(CyaSSL_Mutex *m)
{
(void)m;
return 0;
}
int LockMutex(CyaSSL_Mutex *m)
{
(void)m;
return 0;
}
int UnLockMutex(CyaSSL_Mutex *m)
{
(void)m;
return 0;
}
#else /* MULTI_THREAD */
#if defined(FREERTOS)
int InitMutex(CyaSSL_Mutex* m)
{
int iReturn;
*m = ( CyaSSL_Mutex ) xSemaphoreCreateMutex();
if( *m != NULL )
iReturn = 0;
else
iReturn = BAD_MUTEX_E;
return iReturn;
}
int FreeMutex(CyaSSL_Mutex* m)
{
vSemaphoreDelete( *m );
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
/* Assume an infinite block, or should there be zero block? */
xSemaphoreTake( *m, portMAX_DELAY );
return 0;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
xSemaphoreGive( *m );
return 0;
}
#elif defined(CYASSL_SAFERTOS)
int InitMutex(CyaSSL_Mutex* m)
{
vSemaphoreCreateBinary(m->mutexBuffer, m->mutex);
if (m->mutex == NULL)
return BAD_MUTEX_E;
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
(void)m;
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
/* Assume an infinite block */
xSemaphoreTake(m->mutex, portMAX_DELAY);
return 0;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
xSemaphoreGive(m->mutex);
return 0;
}
#elif defined(USE_WINDOWS_API)
int InitMutex(CyaSSL_Mutex* m)
{
InitializeCriticalSection(m);
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
DeleteCriticalSection(m);
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
EnterCriticalSection(m);
return 0;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
LeaveCriticalSection(m);
return 0;
}
#elif defined(CYASSL_PTHREADS)
int InitMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_init(m, 0) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int FreeMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_destroy(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_lock(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_unlock(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
#elif defined(THREADX)
int InitMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_create(m, "CyaSSL Mutex", TX_NO_INHERIT) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int FreeMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_delete(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_get(m, TX_WAIT_FOREVER) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_put(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
#elif defined(MICRIUM)
int InitMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_MutexCreate(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
int FreeMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_FreeMutex(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
int LockMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_LockMutex(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
int UnLockMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_UnLockMutex(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
#elif defined(EBSNET)
int InitMutex(CyaSSL_Mutex* m)
{
if (rtp_sig_mutex_alloc(m, "CyaSSL Mutex") == -1)
return BAD_MUTEX_E;
else
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
rtp_sig_mutex_free(*m);
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (rtp_sig_mutex_claim_timed(*m, RTIP_INF) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
rtp_sig_mutex_release(*m);
return 0;
}
#elif defined(FREESCALE_MQX)
int InitMutex(CyaSSL_Mutex* m)
{
if (_mutex_init(m, NULL) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
int FreeMutex(CyaSSL_Mutex* m)
{
if (_mutex_destroy(m) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (_mutex_lock(m) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
if (_mutex_unlock(m) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
#elif defined(CYASSL_MDK_ARM)|| defined(CYASSL_CMSIS_RTOS)
#if defined(CYASSL_CMSIS_RTOS)
#include "cmsis_os.h"
#define CMSIS_NMUTEX 10
osMutexDef(CyaSSL_mt0) ; osMutexDef(CyaSSL_mt1) ; osMutexDef(CyaSSL_mt2) ;
osMutexDef(CyaSSL_mt3) ; osMutexDef(CyaSSL_mt4) ; osMutexDef(CyaSSL_mt5) ;
osMutexDef(CyaSSL_mt6) ; osMutexDef(CyaSSL_mt7) ; osMutexDef(CyaSSL_mt8) ;
osMutexDef(CyaSSL_mt9) ;
static const osMutexDef_t *CMSIS_mutex[] = { osMutex(CyaSSL_mt0),
osMutex(CyaSSL_mt1), osMutex(CyaSSL_mt2), osMutex(CyaSSL_mt3),
osMutex(CyaSSL_mt4), osMutex(CyaSSL_mt5), osMutex(CyaSSL_mt6),
osMutex(CyaSSL_mt7), osMutex(CyaSSL_mt8), osMutex(CyaSSL_mt9) } ;
static osMutexId CMSIS_mutexID[CMSIS_NMUTEX] = {0} ;
int InitMutex(CyaSSL_Mutex* m)
{
int i ;
for (i=0; i<CMSIS_NMUTEX; i++) {
if(CMSIS_mutexID[i] == 0) {
CMSIS_mutexID[i] = osMutexCreate(CMSIS_mutex[i]) ;
(*m) = CMSIS_mutexID[i] ;
return 0 ;
}
}
return -1 ;
}
int FreeMutex(CyaSSL_Mutex* m)
{
int i ;
osMutexDelete (*m) ;
for (i=0; i<CMSIS_NMUTEX; i++) {
if(CMSIS_mutexID[i] == (*m)) {
CMSIS_mutexID[i] = 0 ;
return(0) ;
}
}
return(-1) ;
}
int LockMutex(CyaSSL_Mutex* m)
{
osMutexWait(*m, osWaitForever) ;
return(0) ;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
osMutexRelease (*m);
return 0;
}
#else
int InitMutex(CyaSSL_Mutex* m)
{
os_mut_init (m);
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
return(0) ;
}
int LockMutex(CyaSSL_Mutex* m)
{
os_mut_wait (m, 0xffff);
return(0) ;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
os_mut_release (m);
return 0;
}
#endif
#endif /* USE_WINDOWS_API */
#endif /* SINGLE_THREADED */

296
ctaocrypt/src/random.c
View File

@@ -30,16 +30,10 @@
*/
#ifdef HAVE_FIPS
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
#define FIPS_NO_WRAPPERS
#endif
#include <cyassl/ctaocrypt/random.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
#include <cyassl/ctaocrypt/sha256.h>
#ifdef NO_INLINE
@@ -80,16 +74,9 @@
#define NONCE_SZ (ENTROPY_SZ/2)
#define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ)
/* Internal return codes */
#define DRBG_SUCCESS 0
#define DRBG_ERROR 1
#define DRBG_FAILURE 2
#define DRBG_NEED_RESEED 3
/* RNG health states */
#define DRBG_NOT_INIT 0
#define DRBG_OK 1
#define DRBG_FAILED 2
#define DRBG_SUCCESS 0
#define DRBG_ERROR 1
#define DRBG_NEED_RESEED 2
enum {
@@ -101,11 +88,10 @@ enum {
};
/* Hash Derivation Function */
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type,
const byte* inA, word32 inASz,
const byte* inB, word32 inBSz)
byte* inA, word32 inASz,
byte* inB, word32 inBSz,
byte* inC, word32 inCSz)
{
byte ctr;
int i;
@@ -121,29 +107,33 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type,
for (i = 0, ctr = 1; i < len; i++, ctr++)
{
if (InitSha256(&rng->sha) != 0)
return DRBG_FAILURE;
return DRBG_ERROR;
if (Sha256Update(&rng->sha, &ctr, sizeof(ctr)) != 0)
return DRBG_FAILURE;
return DRBG_ERROR;
if (Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits)) != 0)
return DRBG_FAILURE;
return DRBG_ERROR;
/* churning V is the only string that doesn't have
* the type added */
if (type != drbgInitV)
if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0)
return DRBG_FAILURE;
return DRBG_ERROR;
if (Sha256Update(&rng->sha, inA, inASz) != 0)
return DRBG_FAILURE;
return DRBG_ERROR;
if (inB != NULL && inBSz > 0)
if (Sha256Update(&rng->sha, inB, inBSz) != 0)
return DRBG_FAILURE;
return DRBG_ERROR;
if (inC != NULL && inCSz > 0)
if (Sha256Update(&rng->sha, inC, inCSz) != 0)
return DRBG_ERROR;
if (Sha256Final(&rng->sha, rng->digest) != 0)
return DRBG_FAILURE;
return DRBG_ERROR;
if (outSz > OUTPUT_BLOCK_LEN) {
XMEMCPY(out, rng->digest, OUTPUT_BLOCK_LEN);
@@ -159,26 +149,26 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type,
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_DRBG_Reseed(RNG* rng, const byte* entropy, word32 entropySz)
static int Hash_DRBG_Reseed(RNG* rng, byte* entropy, word32 entropySz)
{
int ret;
byte seed[DRBG_SEED_LEN];
if (Hash_df(rng, seed, sizeof(seed), drbgReseed, rng->V, sizeof(rng->V),
entropy, entropySz) != DRBG_SUCCESS) {
return DRBG_FAILURE;
}
ret = Hash_df(rng, seed, sizeof(seed), drbgReseed, rng->V, sizeof(rng->V),
entropy, entropySz, NULL, 0);
if (ret != 0)
return ret;
XMEMCPY(rng->V, seed, sizeof(rng->V));
XMEMSET(seed, 0, sizeof(seed));
if (Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V,
sizeof(rng->V), NULL, 0) != DRBG_SUCCESS) {
return DRBG_FAILURE;
}
ret = Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V,
sizeof(rng->V), NULL, 0, NULL, 0);
if (ret != 0)
return ret;
rng->reseedCtr = 1;
return DRBG_SUCCESS;
return 0;
}
static INLINE void array_add_one(byte* data, word32 dataSz)
@@ -192,23 +182,26 @@ static INLINE void array_add_one(byte* data, word32 dataSz)
}
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_gen(RNG* rng, byte* out, word32 outSz, const byte* V)
static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V)
{
byte data[DRBG_SEED_LEN];
int i;
int i, ret;
int len = (outSz / OUTPUT_BLOCK_LEN)
+ ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
XMEMCPY(data, V, sizeof(data));
for (i = 0; i < len; i++) {
if (InitSha256(&rng->sha) != 0 ||
Sha256Update(&rng->sha, data, sizeof(data)) != 0 ||
Sha256Final(&rng->sha, rng->digest) != 0) {
ret = InitSha256(&rng->sha);
if (ret != 0)
return ret;
return DRBG_FAILURE;
}
ret = Sha256Update(&rng->sha, data, sizeof(data));
if (ret != 0)
return ret;
ret = Sha256Final(&rng->sha, rng->digest);
if (ret != 0)
return ret;
if (outSz > OUTPUT_BLOCK_LEN) {
XMEMCPY(out, rng->digest, OUTPUT_BLOCK_LEN);
@@ -222,11 +215,11 @@ static int Hash_gen(RNG* rng, byte* out, word32 outSz, const byte* V)
}
XMEMSET(data, 0, sizeof(data));
return DRBG_SUCCESS;
return 0;
}
static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
static INLINE void array_add(byte* d, word32 dLen, byte* s, word32 sLen)
{
word16 carry = 0;
@@ -245,67 +238,74 @@ static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
}
/* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */
static int Hash_DRBG_Generate(RNG* rng, byte* out, word32 outSz)
{
int ret = DRBG_NEED_RESEED;
int ret;
if (rng->reseedCtr != RESEED_INTERVAL) {
byte type = drbgGenerateH;
word32 reseedCtr = rng->reseedCtr;
rng->reseedCtr++;
if (Hash_gen(rng, out, outSz, rng->V) != 0 ||
InitSha256(&rng->sha) != 0 ||
Sha256Update(&rng->sha, &type, sizeof(type)) != 0 ||
Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0 ||
Sha256Final(&rng->sha, rng->digest) != 0) {
if (Hash_gen(rng, out, outSz, rng->V) != 0)
return DRBG_ERROR;
if (InitSha256(&rng->sha) != 0)
return DRBG_ERROR;
if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0)
return DRBG_ERROR;
if (Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0)
return DRBG_ERROR;
if (Sha256Final(&rng->sha, rng->digest) != 0)
return DRBG_ERROR;
ret = DRBG_FAILURE;
}
else {
array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest));
array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C));
#ifdef LITTLE_ENDIAN_ORDER
reseedCtr = ByteReverseWord32(reseedCtr);
#endif
array_add(rng->V, sizeof(rng->V),
(byte*)&reseedCtr, sizeof(reseedCtr));
ret = DRBG_SUCCESS;
}
}
return ret;
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_DRBG_Instantiate(RNG* rng, const byte* seed, word32 seedSz,
const byte* nonce, word32 nonceSz)
{
int ret = DRBG_FAILURE;
XMEMSET(rng, 0, sizeof(*rng));
if (Hash_df(rng, rng->V, sizeof(rng->V), drbgInitV, seed, seedSz,
nonce, nonceSz) == DRBG_SUCCESS &&
Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V,
sizeof(rng->V), NULL, 0) == DRBG_SUCCESS) {
rng->reseedCtr = 1;
array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest));
array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C));
#ifdef LITTLE_ENDIAN_ORDER
reseedCtr = ByteReverseWord32(reseedCtr);
#endif
array_add(rng->V, sizeof(rng->V), (byte*)&reseedCtr, sizeof(reseedCtr));
ret = DRBG_SUCCESS;
}
else {
ret = DRBG_NEED_RESEED;
}
return ret;
}
/* Returns: DRBG_SUCCESS */
static int Hash_DRBG_Instantiate(RNG* rng, byte* seed, word32 seedSz,
byte* nonce, word32 nonceSz, byte* personal, word32 personalSz)
{
int ret;
XMEMSET(rng, 0, sizeof(*rng));
ret = Hash_df(rng, rng->V, sizeof(rng->V), drbgInitV, seed, seedSz,
nonce, nonceSz, personal, personalSz);
if (ret != 0)
return ret;
ret = Hash_df(rng, rng->C, sizeof(rng->C), drbgInitC, rng->V,
sizeof(rng->V), NULL, 0, NULL, 0);
if (ret != 0)
return ret;
rng->reseedCtr = 1;
return 0;
}
static int Hash_DRBG_Uninstantiate(RNG* rng)
{
XMEMSET(rng, 0, sizeof(*rng));
int result = DRBG_ERROR;
return DRBG_SUCCESS;
if (rng != NULL) {
XMEMSET(rng, 0, sizeof(*rng));
result = DRBG_SUCCESS;
}
return result;
}
/* End NIST DRBG Code */
@@ -314,27 +314,17 @@ static int Hash_DRBG_Uninstantiate(RNG* rng)
/* Get seed and key cipher */
int InitRng(RNG* rng)
{
int ret = BAD_FUNC_ARG;
byte entropy[ENTROPY_NONCE_SZ];
int ret = DRBG_ERROR;
if (rng != NULL) {
byte entropy[ENTROPY_NONCE_SZ];
/* This doesn't use a separate nonce. The entropy input will be
* the default size plus the size of the nonce making the seed
* size. */
if (GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0)
ret = Hash_DRBG_Instantiate(rng, entropy, ENTROPY_NONCE_SZ,
NULL, 0, NULL, 0);
/* This doesn't use a separate nonce. The entropy input will be
* the default size plus the size of the nonce making the seed
* size. */
if (GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0 &&
Hash_DRBG_Instantiate(rng, entropy, ENTROPY_NONCE_SZ,
NULL, 0) == DRBG_SUCCESS) {
rng->status = DRBG_OK;
ret = 0;
}
else {
rng->status = DRBG_FAILED;
ret = RNG_FAILURE_E;
}
XMEMSET(entropy, 0, ENTROPY_NONCE_SZ);
}
XMEMSET(entropy, 0, ENTROPY_NONCE_SZ);
return ret;
}
@@ -345,36 +335,24 @@ int RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
{
int ret;
if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN)
return BAD_FUNC_ARG;
if (rng->status != DRBG_OK)
return RNG_FAILURE_E;
XMEMSET(output, 0, sz);
ret = Hash_DRBG_Generate(rng, output, sz);
if (ret == DRBG_SUCCESS) {
ret = 0;
}
else if (ret == DRBG_NEED_RESEED) {
if (ret == DRBG_NEED_RESEED) {
byte entropy[ENTROPY_SZ];
if (GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 &&
Hash_DRBG_Reseed(rng, entropy, ENTROPY_SZ) == DRBG_SUCCESS &&
Hash_DRBG_Generate(rng, output, sz) == DRBG_SUCCESS) {
ret = GenerateSeed(&rng->seed, entropy, ENTROPY_SZ);
if (ret == 0) {
ret = Hash_DRBG_Reseed(rng, entropy, ENTROPY_SZ);
ret = 0;
}
else {
ret = RNG_FAILURE_E;
rng->status = DRBG_FAILED;
if (ret == 0)
ret = Hash_DRBG_Generate(rng, output, sz);
}
else
ret = DRBG_ERROR;
XMEMSET(entropy, 0, ENTROPY_SZ);
}
else {
ret = RNG_FAILURE_E;
rng->status = DRBG_FAILED;
}
return ret;
}
@@ -386,59 +364,11 @@ int RNG_GenerateByte(RNG* rng, byte* b)
}
int FreeRng(RNG* rng)
void FreeRng(RNG* rng)
{
int ret = BAD_FUNC_ARG;
if (rng != NULL) {
if (Hash_DRBG_Uninstantiate(rng) == DRBG_SUCCESS)
ret = 0;
else
ret = RNG_FAILURE_E;
}
return ret;
Hash_DRBG_Uninstantiate(rng);
}
int RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz,
const byte* output, word32 outputSz)
{
RNG rng;
byte check[SHA256_DIGEST_SIZE * 4];
if (Hash_DRBG_Instantiate(&rng, entropyA, entropyASz, NULL, 0) != 0)
return -1;
if (reseed) {
if (Hash_DRBG_Reseed(&rng, entropyB, entropyBSz) != 0) {
Hash_DRBG_Uninstantiate(&rng);
return -1;
}
}
if (Hash_DRBG_Generate(&rng, check, sizeof(check)) != 0) {
Hash_DRBG_Uninstantiate(&rng);
return -1;
}
if (Hash_DRBG_Generate(&rng, check, sizeof(check)) != 0) {
Hash_DRBG_Uninstantiate(&rng);
return -1;
}
if (outputSz != sizeof(check) || XMEMCMP(output, check, sizeof(check))) {
Hash_DRBG_Uninstantiate(&rng);
return -1;
}
Hash_DRBG_Uninstantiate(&rng);
return 0;
}
#else /* HAVE_HASHDRBG || NO_RC4 */
/* Get seed and key cipher */

335
ctaocrypt/test/test.c
View File

@@ -48,12 +48,14 @@
#include <cyassl/ctaocrypt/rsa.h>
#include <cyassl/ctaocrypt/des3.h>
#include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/poly1305.h>
#include <cyassl/ctaocrypt/camellia.h>
#include <cyassl/ctaocrypt/hmac.h>
#include <cyassl/ctaocrypt/dh.h>
#include <cyassl/ctaocrypt/dsa.h>
#include <cyassl/ctaocrypt/hc128.h>
#include <cyassl/ctaocrypt/rabbit.h>
#include <cyassl/ctaocrypt/chacha.h>
#include <cyassl/ctaocrypt/pwdbased.h>
#include <cyassl/ctaocrypt/ripemd.h>
#ifdef HAVE_ECC
@@ -101,7 +103,7 @@
#endif
#ifdef HAVE_NTRU
#include "ntru_crypto.h"
#include "crypto_ntru.h"
#endif
#ifdef HAVE_CAVIUM
#include "cavium_sysdep.h"
@@ -152,9 +154,11 @@ int hkdf_test(void);
int arc4_test(void);
int hc128_test(void);
int rabbit_test(void);
int chacha_test(void);
int des_test(void);
int des3_test(void);
int aes_test(void);
int poly1305_test(void);
int aesgcm_test(void);
int gmac_test(void);
int aesccm_test(void);
@@ -367,6 +371,13 @@ void ctaocrypt_test(void* args)
printf( "Rabbit test passed!\n");
#endif
#ifdef HAVE_CHACHA
if ( (ret = chacha_test()) != 0)
err_sys("Chacha test failed!\n", ret);
else
printf( "Chacha test passed!\n");
#endif
#ifndef NO_DES3
if ( (ret = des_test()) != 0)
err_sys("DES test failed!\n", ret);
@@ -387,6 +398,13 @@ void ctaocrypt_test(void* args)
else
printf( "AES test passed!\n");
#ifdef HAVE_POLY1305
if ( (ret = poly1305_test()) != 0)
err_sys("POLY1305 test failed!\n", ret);
else
printf( "POLY1305 test passed!\n");
#endif
#ifdef HAVE_AESGCM
if ( (ret = aesgcm_test()) != 0)
err_sys("AES-GCM test failed!\n", ret);
@@ -1800,6 +1818,107 @@ int rabbit_test(void)
#endif /* NO_RABBIT */
#ifdef HAVE_CHACHA
int chacha_test(void)
{
byte cipher[32];
byte plain[32];
byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
word32 keySz;
int i;
int times = 4;
const byte key1[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
const byte key2[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
};
const byte key3[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
/* 128 bit key */
const byte key4[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
const byte* keys[] = {key1, key2, key3, key4};
const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01};
const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
byte* test_chacha[4];
test_chacha[0] = a;
test_chacha[1] = b;
test_chacha[2] = c;
test_chacha[3] = d;
for (i = 0; i < times; ++i) {
if (i < 3) {
keySz = 32;
}
else {
keySz = 16;
}
ChaCha enc;
ChaCha dec;
XMEMCPY(plain, keys[i], keySz);
XMEMSET(cipher, 0, 32);
XMEMCPY(cipher + 4, ivs[i], 8);
Chacha_SetKey(&enc, keys[i], keySz);
Chacha_SetKey(&dec, keys[i], keySz);
Chacha_SetIV(&enc, cipher,0);
Chacha_SetIV(&dec, cipher,0);
XMEMCPY(plain, input, 8);
Chacha_Process(&enc, cipher, plain, (word32)8);
Chacha_Process(&dec, plain, cipher, (word32)8);
if (memcmp(test_chacha[i], cipher, 8))
return -130 - 5 - i;
if (memcmp(plain, input, 8))
return -130 - i;
}
return 0;
}
#endif /* HAVE_CHACHA */
#ifndef NO_DES3
int des_test(void)
{
@@ -2110,6 +2229,96 @@ int aes_test(void)
return 0;
}
#ifdef HAVE_POLY1305
int poly1305_test(void)
{
int ret = 0;
int i;
byte tag[16];
Poly1305 enc;
const byte msg[] =
{
0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f,
0x75,0x70
};
const byte msg2[] =
{
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
0x6c,0x64,0x21
};
const byte msg3[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
const byte correct[] =
{
0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
};
const byte correct2[] =
{
0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
};
const byte correct3[] =
{
0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
};
const byte key[] = {
0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
};
const byte key2[] = {
0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,
0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,
0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,
0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35
};
const byte* msgs[] = {msg, msg2, msg3};
word32 szm[] = {sizeof(msg),sizeof(msg2),sizeof(msg3)};
const byte* keys[] = {key, key2, key2};
const byte* tests[] = {correct, correct2, correct3};
for (i = 0; i < 3; i++) {
ret = Poly1305SetKey(&enc, keys[i], 32);
if (ret != 0)
return -1001;
ret = Poly1305Update(&enc, msgs[i], szm[i]);
if (ret != 0)
return -1005;
ret = Poly1305Final(&enc, tag);
if (ret != 0)
return -60;
if (memcmp(tag, tests[i], sizeof(tag)))
return -61;
}
return 0;
}
#endif /* HAVE_POLY1305 */
#ifdef HAVE_AESGCM
int aesgcm_test(void)
{
@@ -2581,74 +2790,6 @@ int camellia_test(void)
#endif /* HAVE_CAMELLIA */
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
int random_test(void)
{
const byte test1Entropy[] =
{
0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
};
const byte test1Output[] =
{
0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
};
const byte test2EntropyA[] =
{
0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
};
const byte test2EntropyB[] =
{
0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
};
const byte test2Output[] =
{
0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
};
int ret;
ret = RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
test1Output, sizeof(test1Output));
if (ret != 0) return -39;
ret = RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
test2EntropyB, sizeof(test2EntropyB),
test2Output, sizeof(test2Output));
if (ret != 0) return -40;
return 0;
}
#else /* HAVE_HASHDRBG || NO_RC4 */
int random_test(void)
{
RNG rng;
@@ -2668,8 +2809,6 @@ int random_test(void)
return 0;
}
#endif /* HAVE_HASHDRBG || NO_RC4 */
#ifdef HAVE_NTRU
@@ -2858,8 +2997,8 @@ int rsa_test(void)
int pemSz = 0;
RsaKey derIn;
RsaKey genKey;
FILE* keyFile;
FILE* pemFile;
FILE* keyFile;
FILE* pemFile;
ret = InitRsaKey(&genKey, 0);
if (ret != 0)
@@ -3053,7 +3192,7 @@ int rsa_test(void)
int pemSz;
size_t bytes3;
word32 idx3 = 0;
FILE* file3 ;
FILE* file3 ;
#ifdef CYASSL_TEST_CERT
DecodedCert decode;
#endif
@@ -3354,46 +3493,38 @@ int rsa_test(void)
static uint8_t const pers_str[] = {
'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
};
word32 rc = ntru_crypto_drbg_instantiate(112, pers_str,
sizeof(pers_str), GetEntropy, &drbg);
word32 rc = crypto_drbg_instantiate(112, pers_str, sizeof(pers_str),
GetEntropy, &drbg);
if (rc != DRBG_OK) {
free(derCert);
free(pem);
return -448;
}
rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
&public_key_len, NULL,
&private_key_len, NULL);
if (rc != NTRU_OK) {
free(derCert);
free(pem);
return -449;
}
rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
&public_key_len, public_key,
&private_key_len, private_key);
if (rc != NTRU_OK) {
free(derCert);
free(pem);
return -450;
}
rc = ntru_crypto_drbg_uninstantiate(drbg);
rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
NULL, &private_key_len, NULL);
if (rc != NTRU_OK) {
free(derCert);
free(pem);
return -451;
}
rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
public_key, &private_key_len, private_key);
crypto_drbg_uninstantiate(drbg);
if (rc != NTRU_OK) {
free(derCert);
free(pem);
return -452;
}
caFile = fopen(caKeyFile, "rb");
if (!caFile) {
free(derCert);
free(pem);
return -452;
return -453;
}
bytes = fread(tmp, 1, FOURK_BUF, caFile);
@@ -3403,7 +3534,7 @@ int rsa_test(void)
if (ret != 0) {
free(derCert);
free(pem);
return -453;
return -459;
}
ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes);
if (ret != 0) {
@@ -3780,7 +3911,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_md5());
EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
EVP_DigestUpdate(&md_ctx, a.input, a.inLen);
EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0)
@@ -3797,7 +3928,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_sha1());
EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
EVP_DigestUpdate(&md_ctx, b.input, b.inLen);
EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0)
@@ -3814,7 +3945,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_sha256());
EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
EVP_DigestUpdate(&md_ctx, d.input, d.inLen);
EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, d.output, SHA256_DIGEST_SIZE) != 0)
@@ -3858,7 +3989,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_sha512());
EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
EVP_DigestUpdate(&md_ctx, f.input, f.inLen);
EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0)

2
cyassl/ctaocrypt/aes.h
View File

@@ -41,8 +41,6 @@
#if defined (__GNUC__)
#define ALIGN16 __attribute__ ( (aligned (16)))
#elif defined(_MSC_VER)
/* disable align warning, we want alignment ! */
#pragma warning(disable: 4324)
#define ALIGN16 __declspec (align (16))
#else
#define ALIGN16

11
cyassl/ctaocrypt/asn.h
View File

@@ -189,7 +189,7 @@ enum Block_Sum {
enum Key_Sum {
DSAk = 515,
RSAk = 645,
NTRUk = 274,
NTRUk = 364,
ECDSAk = 518
};
@@ -340,8 +340,7 @@ struct DecodedCert {
#endif /* HAVE_OCSP */
byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */
int subjectCNLen; /* CommonName Length */
char subjectCNEnc; /* CommonName Encoding */
int subjectCNLen;
int subjectCNStored; /* have we saved a copy we own */
char issuer[ASN_NAME_MAX]; /* full name including common name */
char subject[ASN_NAME_MAX]; /* full name including common name */
@@ -412,22 +411,16 @@ struct DecodedCert {
/* easy access to subject info for other sign */
char* subjectSN;
int subjectSNLen;
char subjectSNEnc;
char* subjectC;
int subjectCLen;
char subjectCEnc;
char* subjectL;
int subjectLLen;
char subjectLEnc;
char* subjectST;
int subjectSTLen;
char subjectSTEnc;
char* subjectO;
int subjectOLen;
char subjectOEnc;
char* subjectOU;
int subjectOULen;
char subjectOUEnc;
char* subjectEmail;
int subjectEmailLen;
#endif /* CYASSL_CERT_GEN */

20
cyassl/ctaocrypt/asn_public.h
View File

@@ -62,11 +62,6 @@ enum Ctc_SigType {
CTC_SHA512wECDSA = 526
};
enum Ctc_Encoding {
CTC_UTF8 = 0x0c, /* utf8 */
CTC_PRINTABLE = 0x13 /* printable */
};
#ifdef CYASSL_CERT_GEN
@@ -75,27 +70,20 @@ enum Ctc_Encoding {
#endif
enum Ctc_Misc {
CTC_NAME_SIZE = 64,
CTC_DATE_SIZE = 32,
CTC_MAX_ALT_SIZE = 16384, /* may be huge */
CTC_SERIAL_SIZE = 8
CTC_NAME_SIZE = 64,
CTC_DATE_SIZE = 32,
CTC_MAX_ALT_SIZE = 8192, /* may be huge */
CTC_SERIAL_SIZE = 8
};
typedef struct CertName {
char country[CTC_NAME_SIZE];
char countryEnc;
char state[CTC_NAME_SIZE];
char stateEnc;
char locality[CTC_NAME_SIZE];
char localityEnc;
char sur[CTC_NAME_SIZE];
char surEnc;
char org[CTC_NAME_SIZE];
char orgEnc;
char unit[CTC_NAME_SIZE];
char unitEnc;
char commonName[CTC_NAME_SIZE];
char commonNameEnc;
char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */
} CertName;

55
cyassl/ctaocrypt/chacha.h Normal file
View File

@@ -0,0 +1,55 @@
/* chacha.h
*
* Copyright (C) 2006-2014 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef CHACHA_H
#define CHACHA_H
#include "types.h"
#ifdef __cplusplus
extern "C" {
#endif
enum {
CHACHA_ENC_TYPE = 7 /* cipher unique type */
};
typedef struct ChaCha {
word32 X[16]; /* state of cipher */
} ChaCha;
CYASSL_API int Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
word32 msglen);
CYASSL_API int Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz);
/**
* IV(nonce) changes with each record
* counter is for what value the block counter should start ... usually 0
*/
CYASSL_API int Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif

6
cyassl/ctaocrypt/des3.h
View File

@@ -82,9 +82,9 @@ typedef struct Des3 {
CYASSL_API int Des_SetKey(Des* des, const byte* key, const byte* iv, int dir);
CYASSL_API void Des_SetIV(Des* des, const byte* iv);
CYASSL_API int Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API int Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API int Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz);
CYASSL_API int Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir);
CYASSL_API int Des3_SetIV(Des3* des, const byte* iv);

3
cyassl/ctaocrypt/error-crypt.h
View File

@@ -125,14 +125,11 @@ enum {
FIPS_NOT_ALLOWED_E = -197, /* FIPS not allowed error */
ASN_NAME_INVALID_E = -198, /* ASN name constraint error */
RNG_FAILURE_E = -199, /* RNG Failed, Reinitialize */
MIN_CODE_E = -200 /* errors -101 - -199 */
};
CYASSL_API void CTaoCryptErrorString(int err, char* buff);
CYASSL_API const char* CTaoCryptGetErrorString(int error);
#ifdef __cplusplus

4
cyassl/ctaocrypt/include.am
View File

@@ -6,6 +6,7 @@ nobase_include_HEADERS+= \
cyassl/ctaocrypt/arc4.h \
cyassl/ctaocrypt/asn.h \
cyassl/ctaocrypt/asn_public.h \
cyassl/ctaocrypt/poly1305.h \
cyassl/ctaocrypt/camellia.h \
cyassl/ctaocrypt/coding.h \
cyassl/ctaocrypt/compress.h \
@@ -23,9 +24,10 @@ nobase_include_HEADERS+= \
cyassl/ctaocrypt/md5.h \
cyassl/ctaocrypt/misc.h \
cyassl/ctaocrypt/pkcs7.h \
cyassl/ctaocrypt/wc_port.h \
cyassl/ctaocrypt/port.h \
cyassl/ctaocrypt/pwdbased.h \
cyassl/ctaocrypt/rabbit.h \
cyassl/ctaocrypt/chacha.h \
cyassl/ctaocrypt/random.h \
cyassl/ctaocrypt/ripemd.h \
cyassl/ctaocrypt/rsa.h \

4
cyassl/ctaocrypt/integer.h
View File

@@ -70,10 +70,6 @@ extern "C" {
#define MP_64BIT
#endif
#endif
/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */
#if defined(MP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T)
#undef MP_64BIT
#endif
/* some default configurations.
*

88
cyassl/ctaocrypt/poly1305.h Normal file
View File

@@ -0,0 +1,88 @@
/* poly1305.h
*
* Copyright (C) 2006-2014 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifdef HAVE_POLY1305
#ifndef CTAO_CRYPT_POLY1305_H
#define CTAO_CRYPT_POLY1305_H
#include <cyassl/ctaocrypt/types.h>
#ifdef __cplusplus
extern "C" {
#endif
//#define POLY1305_BLOCK_SIZE 16
/* auto detect between 32bit / 64bit */
#define HAS_SIZEOF_INT128_64BIT (defined(__SIZEOF_INT128__) && defined(__LP64__))
#define HAS_MSVC_64BIT (defined(_MSC_VER) && defined(_M_X64))
#define HAS_GCC_4_4_64BIT (defined(__GNUC__) && defined(__LP64__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4))))
#if (HAS_SIZEOF_INT128_64BIT || HAS_MSVC_64BIT || HAS_GCC_4_4_64BIT)
#define POLY130564
#else
#define POLY130532
#endif
enum {
POLY1305 = 7,
POLY1305_BLOCK_SIZE = 16,
POLY1305_DIGEST_SIZE = 16,
POLY1305_PAD_SIZE = 56
};
/* Poly1305 state */
typedef struct Poly1305 {
#ifdef POLY130564
word64 r[3];
word64 h[3];
word64 pad[2];
size_t leftover;
unsigned char buffer[POLY1305_BLOCK_SIZE];
unsigned char final;
#else
word32 r[5];
word32 h[5];
word32 pad[4];
size_t leftover;
unsigned char buffer[POLY1305_BLOCK_SIZE];
unsigned char final;
#endif
} Poly1305;
/* does init */
CYASSL_API int Poly1305SetKey(Poly1305* poly1305, const byte* key, word32 kySz);
CYASSL_API int Poly1305Update(Poly1305* poly1305, const byte*, word32);
CYASSL_API int Poly1305Final(Poly1305* poly1305, byte* tag);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* CTAO_CRYPT_POLY1305_H */
#endif /* HAVE_POLY1305 */

195
cyassl/ctaocrypt/port.h Normal file
View File

@@ -0,0 +1,195 @@
/* port.h
*
* Copyright (C) 2006-2014 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef CTAO_CRYPT_PORT_H
#define CTAO_CRYPT_PORT_H
#ifdef __cplusplus
extern "C" {
#endif
#ifdef USE_WINDOWS_API
#ifdef CYASSL_GAME_BUILD
#include "system/xtl.h"
#else
#ifndef WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN
#endif
#if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
/* On WinCE winsock2.h must be included before windows.h */
#include <winsock2.h>
#endif
#include <windows.h>
#endif
#elif defined(THREADX)
#ifndef SINGLE_THREADED
#include "tx_api.h"
#endif
#elif defined(MICRIUM)
/* do nothing, just don't pick Unix */
#elif defined(FREERTOS) || defined(CYASSL_SAFERTOS)
/* do nothing */
#elif defined(EBSNET)
/* do nothing */
#elif defined(FREESCALE_MQX)
/* do nothing */
#elif defined(CYASSL_MDK_ARM)
#if defined(CYASSL_MDK5)
#include "cmsis_os.h"
#else
#include <rtl.h>
#endif
#elif defined(CYASSL_CMSIS_RTOS)
#include "cmsis_os.h"
#else
#ifndef SINGLE_THREADED
#define CYASSL_PTHREADS
#include <pthread.h>
#endif
#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
#include <unistd.h> /* for close of BIO */
#endif
#endif
#ifdef SINGLE_THREADED
typedef int CyaSSL_Mutex;
#else /* MULTI_THREADED */
/* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
#ifdef FREERTOS
typedef xSemaphoreHandle CyaSSL_Mutex;
#elif defined(CYASSL_SAFERTOS)
typedef struct CyaSSL_Mutex {
signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
xSemaphoreHandle mutex;
} CyaSSL_Mutex;
#elif defined(USE_WINDOWS_API)
typedef CRITICAL_SECTION CyaSSL_Mutex;
#elif defined(CYASSL_PTHREADS)
typedef pthread_mutex_t CyaSSL_Mutex;
#elif defined(THREADX)
typedef TX_MUTEX CyaSSL_Mutex;
#elif defined(MICRIUM)
typedef OS_MUTEX CyaSSL_Mutex;
#elif defined(EBSNET)
typedef RTP_MUTEX CyaSSL_Mutex;
#elif defined(FREESCALE_MQX)
typedef MUTEX_STRUCT CyaSSL_Mutex;
#elif defined(CYASSL_MDK_ARM)
#if defined(CYASSL_CMSIS_RTOS)
typedef osMutexId CyaSSL_Mutex;
#else
typedef OS_MUT CyaSSL_Mutex;
#endif
#elif defined(CYASSL_CMSIS_RTOS)
typedef osMutexId CyaSSL_Mutex;
#else
#error Need a mutex type in multithreaded mode
#endif /* USE_WINDOWS_API */
#endif /* SINGLE_THREADED */
CYASSL_LOCAL int InitMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
/* filesystem abstraction layer, used by ssl.c */
#ifndef NO_FILESYSTEM
#if defined(EBSNET)
#define XFILE int
#define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
#define XFSEEK vf_lseek
#define XFTELL vf_tell
#define XREWIND vf_rewind
#define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
#define XFCLOSE vf_close
#define XSEEK_END VSEEK_END
#define XBADFILE -1
#elif defined(LSR_FS)
#include <fs.h>
#define XFILE struct fs_file*
#define XFOPEN(NAME, MODE) fs_open((char*)NAME);
#define XFSEEK(F, O, W) (void)F
#define XFTELL(F) (F)->len
#define XREWIND(F) (void)F
#define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
#define XFCLOSE fs_close
#define XSEEK_END 0
#define XBADFILE NULL
#elif defined(FREESCALE_MQX)
#define XFILE MQX_FILE_PTR
#define XFOPEN fopen
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND(F) fseek(F, 0, IO_SEEK_SET)
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END IO_SEEK_END
#define XBADFILE NULL
#elif defined(MICRIUM)
#include <fs.h>
#define XFILE FS_FILE*
#define XFOPEN fs_fopen
#define XFSEEK fs_fseek
#define XFTELL fs_ftell
#define XREWIND fs_rewind
#define XFREAD fs_fread
#define XFWRITE fs_fwrite
#define XFCLOSE fs_fclose
#define XSEEK_END FS_SEEK_END
#define XBADFILE NULL
#else
/* stdio, default case */
#define XFILE FILE*
#if defined(CYASSL_MDK_ARM)
#include <stdio.h>
extern FILE * CyaSSL_fopen(const char *name, const char *mode) ;
#define XFOPEN CyaSSL_fopen
#else
#define XFOPEN fopen
#endif
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND rewind
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END SEEK_END
#define XBADFILE NULL
#endif
#endif /* NO_FILESYSTEM */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* CTAO_CRYPT_PORT_H */

26
cyassl/ctaocrypt/random.h
View File

@@ -84,7 +84,6 @@ typedef struct RNG {
byte V[DRBG_SEED_LEN];
byte C[DRBG_SEED_LEN];
word32 reseedCtr;
byte status;
} RNG;
@@ -120,33 +119,10 @@ CYASSL_API int RNG_GenerateByte(RNG*, byte*);
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
CYASSL_API int FreeRng(RNG*);
CYASSL_API int RNG_HealthTest(int reseed,
const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz,
const byte* output, word32 outputSz);
CYASSL_API void FreeRng(RNG*);
#endif /* HAVE_HASHDRBG || NO_RC4 */
#ifdef HAVE_FIPS
/* fips wrapper calls, user can call direct */
CYASSL_API int InitRng_fips(RNG* rng);
CYASSL_API int FreeRng_fips(RNG* rng);
CYASSL_API int RNG_GenerateBlock_fips(RNG* rng, byte* buf, word32 bufSz);
CYASSL_API int RNG_HealthTest_fips(int reseed,
const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz,
const byte* output, word32 outputSz);
#ifndef FIPS_NO_WRAPPERS
/* if not impl or fips.c impl wrapper force fips calls if fips build */
#define InitRng InitRng_fips
#define FreeRng FreeRng_fips
#define RNG_GenerateBlock RNG_GenerateBlock_fips
#define RNG_HealthTest RNG_HealthTest_fips
#endif /* FIPS_NO_WRAPPERS */
#endif /* HAVE_FIPS */
#ifdef __cplusplus
} /* extern "C" */
#endif

13
cyassl/ctaocrypt/settings.h
View File

@@ -647,11 +647,6 @@
#endif
/* FreeScale MMCAU hardware crypto has 4 byte alignment */
#ifdef FREESCALE_MMCAU
#define CYASSL_MMCAU_ALIGNMENT 4
#endif
/* if using hardware crypto and have alignment requirements, specify the
requirement here. The record header of SSL/TLS will prvent easy alignment.
This hint tries to help as much as possible. */
@@ -660,8 +655,6 @@
#define CYASSL_GENERAL_ALIGNMENT 16
#elif defined(XSTREAM_ALIGNMENT)
#define CYASSL_GENERAL_ALIGNMENT 4
#elif defined(FREESCALE_MMCAU)
#define CYASSL_GENERAL_ALIGNMENT CYASSL_MMCAU_ALIGNMENT
#else
#define CYASSL_GENERAL_ALIGNMENT 0
#endif
@@ -673,12 +666,6 @@
#define NO_SKID
#endif
#ifdef __INTEL_COMPILER
#pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */
#endif
/* Place any other flags or defines here */

5
cyassl/ctaocrypt/tfm.h
View File

@@ -73,11 +73,6 @@
#if defined(__x86_64__) && !defined(FP_64BIT)
#define FP_64BIT
#endif
/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */
#if defined(FP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T)
#undef FP_64BIT
#undef TFM_X86_64
#endif
#endif /* NO_64BIT */
/* try to detect x86-32 */

2
cyassl/ctaocrypt/types.h
View File

@@ -24,7 +24,7 @@
#define CTAO_CRYPT_TYPES_H
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ctaocrypt/wc_port.h>
#include <cyassl/ctaocrypt/port.h>
#ifdef __cplusplus
extern "C" {

89
cyassl/internal.h
View File

@@ -31,10 +31,12 @@
#include <cyassl/ctaocrypt/des3.h>
#include <cyassl/ctaocrypt/hc128.h>
#include <cyassl/ctaocrypt/rabbit.h>
#include <cyassl/ctaocrypt/chacha.h>
#include <cyassl/ctaocrypt/asn.h>
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/sha.h>
#include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/poly1305.h>
#include <cyassl/ctaocrypt/camellia.h>
#include <cyassl/ctaocrypt/logging.h>
#include <cyassl/ctaocrypt/hmac.h>
@@ -240,14 +242,6 @@ void c32to24(word32 in, word24 out);
#ifdef HAVE_AESCCM
#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
#define BUILD_TLS_PSK_WITH_AES_128_CCM
#define BUILD_TLS_PSK_WITH_AES_256_CCM
#endif
#endif
#ifdef CYASSL_SHA384
#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
#ifdef HAVE_AESGCM
#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
#endif
#endif
#endif
@@ -268,9 +262,6 @@ void c32to24(word32 in, word24 out);
#ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_NULL_SHA256
#endif
#ifdef CYASSL_SHA384
#define BUILD_TLS_PSK_WITH_NULL_SHA384
#endif
#endif
#endif
@@ -308,33 +299,6 @@ void c32to24(word32 in, word24 out);
#endif
#endif
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \
defined(OPENSSL_EXTRA)
#ifndef NO_SHA256
#define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
#ifdef HAVE_NULL_CIPHER
#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
#endif
#ifdef HAVE_AESGCM
#define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
#endif
#ifdef HAVE_AESGCM
#define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
#define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
#endif
#endif
#ifdef CYASSL_SHA384
#define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
#ifdef HAVE_NULL_CIPHER
#define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
#endif
#ifdef HAVE_AESGCM
#define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
#endif
#endif
#endif
#if defined(HAVE_ECC) && !defined(NO_TLS)
#if !defined(NO_AES)
#if !defined(NO_SHA)
@@ -465,13 +429,17 @@ void c32to24(word32 in, word24 out);
#define BUILD_ARC4
#endif
#ifdef HAVE_CHACHA
#define CHACHA20_BLOCK_SIZE 16
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256
#endif
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_CHACHA)
#define HAVE_AEAD
#endif
/* actual cipher values, 2nd byte */
enum {
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
@@ -481,10 +449,8 @@ enum {
TLS_RSA_WITH_NULL_SHA = 0x02,
TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
TLS_PSK_WITH_NULL_SHA256 = 0xb0,
TLS_PSK_WITH_NULL_SHA384 = 0xb1,
TLS_PSK_WITH_NULL_SHA = 0x2c,
SSL_RSA_WITH_RC4_128_SHA = 0x05,
SSL_RSA_WITH_RC4_128_MD5 = 0x04,
@@ -518,6 +484,7 @@ enum {
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
/* CyaSSL extension - eSTREAM */
TLS_RSA_WITH_HC_128_MD5 = 0xFB,
TLS_RSA_WITH_HC_128_SHA = 0xFC,
@@ -531,7 +498,7 @@ enum {
/* CyaSSL extension - NTRU */
TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */
TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
/* SHA256 */
@@ -540,22 +507,12 @@ enum {
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
TLS_RSA_WITH_NULL_SHA256 = 0x3b,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
/* SHA384 */
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
/* AES-GCM */
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
@@ -579,10 +536,7 @@ enum {
TLS_PSK_WITH_AES_256_CCM = 0xa5,
TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
/* Camellia */
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
@@ -592,13 +546,16 @@ enum {
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 = 0x13,
/* Renegotiation Indication Extension Special Suite */
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
};
enum Misc {
ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
SEND_CERT = 1,
SEND_BLANK_CERT = 2,
@@ -687,7 +644,7 @@ enum Misc {
TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
MAX_PRF_HALF = 256, /* Maximum half secret len */
MAX_PRF_HALF = 128, /* Maximum half secret len */
MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
MAX_PRF_DIG = 224, /* Maximum digest len */
MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
@@ -721,6 +678,12 @@ enum Misc {
CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
CAMELLIA_IV_SIZE = 16, /* always block size */
CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
CHACHA20_IV_SIZE = 8, /* 64 bits for iv */
POLY1305_AUTH_SZ = 16, /* 128 bits */
HC_128_KEY_SIZE = 16, /* 128 bits */
HC_128_IV_SIZE = 16, /* also 128 bits */
@@ -1379,6 +1342,7 @@ void InitCipherSpecs(CipherSpecs* cs);
enum MACAlgorithm {
no_mac,
md5_mac,
poly1305_mac,
sha_mac,
sha224_mac,
sha256_mac,
@@ -1396,7 +1360,6 @@ enum KeyExchangeAlgorithm {
diffie_hellman_kea,
fortezza_kea,
psk_kea,
dhe_psk_kea,
ntru_kea,
ecc_diffie_hellman_kea,
ecc_static_diffie_hellman_kea /* for verify suite only */
@@ -1517,6 +1480,12 @@ typedef struct Ciphers {
#ifdef HAVE_CAMELLIA
Camellia* cam;
#endif
#ifdef HAVE_CHACHA
ChaCha* chacha;
#endif
#ifdef HAVE_POLY1305
Poly1305* poly1305;
#endif
#ifdef HAVE_HC128
HC128* hc128;
#endif
@@ -2142,6 +2111,8 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*);
CYASSL_LOCAL int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in,
word32 sz, int content, int verify);
CYASSL_LOCAL int TLS_poly1305(CYASSL* ssl, byte* digest, const byte* in,
word32 sz, int content, int verify);
#endif
#ifndef NO_CYASSL_CLIENT

1
cyassl/openssl/ssl.h
View File

@@ -142,7 +142,6 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
#define ERR_error_string CyaSSL_ERR_error_string
#define ERR_error_string_n CyaSSL_ERR_error_string_n
#define ERR_reason_error_string CyaSSL_ERR_reason_error_string
#define SSL_set_ex_data CyaSSL_set_ex_data
#define SSL_get_shutdown CyaSSL_get_shutdown

4
cyassl/ssl.h
View File

@@ -312,7 +312,6 @@ CYASSL_API int CyaSSL_ERR_GET_REASON(int err);
CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*);
CYASSL_API void CyaSSL_ERR_error_string_n(unsigned long e, char* buf,
unsigned long sz);
CYASSL_API const char* CyaSSL_ERR_reason_error_string(unsigned long);
/* extras */
@@ -1045,7 +1044,8 @@ enum BulkCipherAlgorithm {
cyassl_aes_ccm,
cyassl_camellia,
cyassl_hc128, /* CyaSSL extensions */
cyassl_rabbit
cyassl_rabbit,
cyassl_chacha
};

4
cyassl/version.h
View File

@@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBCYASSL_VERSION_STRING "3.0.3"
#define LIBCYASSL_VERSION_HEX 0x03000003
#define LIBCYASSL_VERSION_STRING "3.0.0"
#define LIBCYASSL_VERSION_HEX 0x03000000
#ifdef __cplusplus
}

4
pre-commit.sh
View File

@@ -14,8 +14,8 @@ git stash -q --keep-index
# do the commit tests
echo "\n\nRunning commit tests...\n\n"
./commit-tests.sh
RESULT=$?
#./commit-tests.sh
#RESULT=$?
# restore modified files not part of this commit
echo "\n\nPopping any stashed modified files not part of commit\n"

10
src/include.am
View File

@@ -19,7 +19,7 @@ src_libcyassl_la_SOURCES += \
ctaocrypt/src/random.c \
ctaocrypt/src/sha256.c \
ctaocrypt/src/logging.c \
ctaocrypt/src/wc_port.c \
ctaocrypt/src/port.c \
ctaocrypt/src/error.c
src_libcyassl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${CYASSL_LIBRARY_VERSION}
src_libcyassl_la_LIBADD = $(LIBM)
@@ -55,6 +55,10 @@ if BUILD_AES
src_libcyassl_la_SOURCES += ctaocrypt/src/aes.c
endif
if BUILD_POLY1305
src_libcyassl_la_SOURCES += ctaocrypt/src/poly1305.c
endif
if BUILD_DES3
src_libcyassl_la_SOURCES += ctaocrypt/src/des3.c
endif
@@ -119,6 +123,10 @@ if BUILD_RABBIT
src_libcyassl_la_SOURCES += ctaocrypt/src/rabbit.c
endif
if BUILD_CHACHA
src_libcyassl_la_SOURCES += ctaocrypt/src/chacha.c
endif
if !BUILD_INLINE
src_libcyassl_la_SOURCES += ctaocrypt/src/misc.c
endif

1303
src/internal.c
View File

File diff suppressed because it is too large Load Diff

361
src/keys.c
View File

@@ -28,7 +28,7 @@
#include <cyassl/internal.h>
#include <cyassl/error-ssl.h>
#ifdef SHOW_SECRETS
#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
#ifdef FREESCALE_MQX
#include <fio.h>
#else
@@ -46,13 +46,42 @@ int SetCipherSpecs(CYASSL* ssl)
return UNSUPPORTED_SUITE;
}
}
/* Chacha extensions, 0xcc */
if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
switch (ssl->options.cipherSuite) {
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256
case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256:
ssl->specs.bulk_cipher_algorithm = cyassl_chacha;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
ssl->specs.iv_size = CHACHA20_IV_SIZE;
ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
break;
#endif
default:
CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
return UNSUPPORTED_SUITE;
}
}
/* ECC extensions, or AES-CCM */
if (ssl->options.cipherSuite0 == ECC_BYTE) {
switch (ssl->options.cipherSuite) {
#ifdef HAVE_ECC
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
@@ -708,88 +737,13 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
case TLS_PSK_WITH_AES_128_CCM :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
case TLS_PSK_WITH_AES_256_CCM :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
case TLS_DHE_PSK_WITH_AES_128_CCM :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
case TLS_DHE_PSK_WITH_AES_256_CCM :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
default:
CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
return UNSUPPORTED_SUITE;
} /* switch */
} /* if */
if (ssl->options.cipherSuite0 != ECC_BYTE) { /* normal suites */
if (ssl->options.cipherSuite0 != ECC_BYTE &&
ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */
switch (ssl->options.cipherSuite) {
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
@@ -1013,82 +967,6 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
case TLS_PSK_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
@@ -1107,60 +985,6 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
case TLS_PSK_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
@@ -1215,24 +1039,6 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
case TLS_PSK_WITH_NULL_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
case TLS_PSK_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
@@ -1251,42 +1057,6 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
case TLS_DHE_PSK_WITH_NULL_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
case TLS_DHE_PSK_WITH_NULL_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
@@ -1529,6 +1299,10 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
@@ -1771,7 +1545,62 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
dec->setup = 1;
}
#endif
#ifdef HAVE_POLY1305
/* set up memory space for poly1305 */
if (enc->poly1305 == NULL)
enc->poly1305 = (Poly1305*)malloc(sizeof(Poly1305));
if (enc->poly1305 == NULL)
return MEMORY_E;
if (dec->poly1305 == NULL)
dec->poly1305 =
(Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER);
if (dec->poly1305 == NULL)
return MEMORY_E;
#endif
#ifdef HAVE_CHACHA
if (specs->bulk_cipher_algorithm == cyassl_chacha) {
int chachaRet;
if (enc->chacha == NULL)
enc->chacha = (ChaCha*)malloc(sizeof(ChaCha));
if (enc->chacha == NULL)
return MEMORY_E;
if (dec->chacha == NULL)
dec->chacha =
(ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
if (dec->chacha == NULL)
return MEMORY_E;
if (side == CYASSL_CLIENT_END) {
chachaRet = Chacha_SetKey(enc->chacha, keys->client_write_key,
specs->key_size);
XMEMCPY(keys->aead_enc_imp_IV,
keys->client_write_IV, AEAD_IMP_IV_SZ);
if (chachaRet != 0) return chachaRet;
chachaRet = Chacha_SetKey(dec->chacha, keys->server_write_key,
specs->key_size);
XMEMCPY(keys->aead_dec_imp_IV,
keys->server_write_IV, AEAD_IMP_IV_SZ);
if (chachaRet != 0) return chachaRet;
}
else {
chachaRet = Chacha_SetKey(enc->chacha, keys->server_write_key,
specs->key_size);
XMEMCPY(keys->aead_enc_imp_IV,
keys->server_write_IV, AEAD_IMP_IV_SZ);
if (chachaRet != 0) return chachaRet;
chachaRet = Chacha_SetKey(dec->chacha, keys->client_write_key,
specs->key_size);
XMEMCPY(keys->aead_dec_imp_IV,
keys->client_write_IV, AEAD_IMP_IV_SZ);
if (chachaRet != 0) return chachaRet;
}
enc->setup = 1;
dec->setup = 1;
}
#endif
#ifdef HAVE_HC128
if (specs->bulk_cipher_algorithm == cyassl_hc128) {
int hcRet;
@@ -2103,7 +1932,9 @@ int StoreKeys(CYASSL* ssl, const byte* keyData)
/* Initialize the AES-GCM/CCM explicit IV to a zero. */
XMEMSET(ssl->keys.aead_exp_IV, 0, AEAD_EXP_IV_SZ);
}
#endif
return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs,
ssl->options.side, ssl->heap, devId);
@@ -2209,8 +2040,8 @@ static int MakeSslMasterSecret(CYASSL* ssl)
XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
for (i = 0; i < MASTER_ROUNDS; ++i) {
byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */
if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */
byte prefix[PREFIX];
if (!SetPrefix(prefix, i)) {
return PREFIX_ERROR;
}

6
src/sniffer.c
View File

@@ -1594,6 +1594,12 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
break;
#endif
#ifdef BUILD_CHACHA
case cyassl_chacha:
Chacha_Process(ssl->decrypt.chacha, output, input, sz);
break;
#endif
#ifdef HAVE_CAMELLIA
case cyassl_camellia:
CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz);

76
src/ssl.c
View File

@@ -324,6 +324,9 @@ int CyaSSL_GetObjectSize(void)
#endif
#ifndef NO_RABBIT
printf(" sizeof rabbit = %lu\n", sizeof(Rabbit));
#endif
#ifdef HAVE_CHACHA
printf(" sizeof chacha = %lu\n", sizeof(Chacha));
#endif
printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs));
printf("sizeof keys = %lu\n", sizeof(Keys));
@@ -8301,14 +8304,21 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
CYASSL_ENTER("SSL_CIPHER_get_name");
#ifndef NO_ERROR_STRINGS
if (cipher) {
#if defined(HAVE_ECC) || defined(HAVE_AESCCM)
/* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
* but the AES-CCM cipher suites also use it, even the ones that
* aren't ECC. */
if (cipher->ssl->options.cipherSuite0 == CHACHA_BYTE) {
/* ChaCha suites */
switch (cipher->ssl->options.cipherSuite) {
#ifdef HAVE_CHACHA
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 :
return "TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256";
#endif
#endif
}
}
#ifdef HAVE_ECC
if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
/* ECC suites */
switch (cipher->ssl->options.cipherSuite) {
#ifdef HAVE_ECC
#ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
@@ -8375,6 +8385,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
#ifndef NO_RSA
case TLS_ECDH_RSA_WITH_RC4_128_SHA :
return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
#endif
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
@@ -8411,7 +8422,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
#endif
#endif /* HAVE_ECC */
#ifdef HAVE_AESCCM
#ifndef NO_RSA
@@ -8420,26 +8430,10 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
case TLS_RSA_WITH_AES_256_CCM_8 :
return "TLS_RSA_WITH_AES_256_CCM_8";
#endif
#ifndef NO_PSK
case TLS_PSK_WITH_AES_128_CCM_8 :
return "TLS_PSK_WITH_AES_128_CCM_8";
case TLS_PSK_WITH_AES_256_CCM_8 :
return "TLS_PSK_WITH_AES_256_CCM_8";
case TLS_PSK_WITH_AES_128_CCM :
return "TLS_PSK_WITH_AES_128_CCM";
case TLS_PSK_WITH_AES_256_CCM :
return "TLS_PSK_WITH_AES_256_CCM";
case TLS_DHE_PSK_WITH_AES_128_CCM :
return "TLS_DHE_PSK_WITH_AES_128_CCM";
case TLS_DHE_PSK_WITH_AES_256_CCM :
return "TLS_DHE_PSK_WITH_AES_256_CCM";
#endif
#ifdef HAVE_ECC
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
#endif
#endif
default:
@@ -8447,7 +8441,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
}
}
#endif /* ECC */
if (cipher->ssl->options.cipherSuite0 != ECC_BYTE) {
if (cipher->ssl->options.cipherSuite0 != ECC_BYTE && cipher->ssl->options.cipherSuite0 != CHACHA_BYTE) {
/* normal suites */
switch (cipher->ssl->options.cipherSuite) {
#ifndef NO_RSA
@@ -8489,6 +8483,8 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
return "TLS_RSA_WITH_NULL_SHA256";
#endif /* NO_RSA */
#ifndef NO_PSK
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_PSK_WITH_AES_128_CBC_SHA256";
#ifndef NO_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA :
return "TLS_PSK_WITH_AES_128_CBC_SHA";
@@ -8496,36 +8492,14 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
return "TLS_PSK_WITH_AES_256_CBC_SHA";
#endif
#ifndef NO_SHA256
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_PSK_WITH_AES_128_CBC_SHA256";
#ifdef HAVE_AESCCM
case TLS_PSK_WITH_AES_128_CCM_8 :
return "TLS_PSK_WITH_AES_128_CCM_8";
case TLS_PSK_WITH_AES_256_CCM_8 :
return "TLS_PSK_WITH_AES_256_CCM_8";
#endif
case TLS_PSK_WITH_NULL_SHA256 :
return "TLS_PSK_WITH_NULL_SHA256";
case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
case TLS_DHE_PSK_WITH_NULL_SHA256 :
return "TLS_DHE_PSK_WITH_NULL_SHA256";
#ifdef HAVE_AESGCM
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
return "TLS_PSK_WITH_AES_128_GCM_SHA256";
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
#endif
#endif
#ifdef CYASSL_SHA384
case TLS_PSK_WITH_AES_256_CBC_SHA384 :
return "TLS_PSK_WITH_AES_256_CBC_SHA384";
case TLS_PSK_WITH_NULL_SHA384 :
return "TLS_PSK_WITH_NULL_SHA384";
case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
case TLS_DHE_PSK_WITH_NULL_SHA384 :
return "TLS_DHE_PSK_WITH_NULL_SHA384";
#ifdef HAVE_AESGCM
case TLS_PSK_WITH_AES_256_GCM_SHA384 :
return "TLS_PSK_WITH_AES_256_GCM_SHA384";
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
#endif
#endif
#ifndef NO_SHA
case TLS_PSK_WITH_NULL_SHA :

49
src/tls.c
View File

@@ -23,13 +23,17 @@
#include <config.h>
#endif
#ifdef CHACHA_AEAD_TEST
#include <stdio.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ssl.h>
#include <cyassl/internal.h>
#include <cyassl/error-ssl.h>
#include <cyassl/ctaocrypt/hmac.h>
#include <cyassl/ctaocrypt/poly1305.h>
#ifndef NO_TLS
@@ -481,6 +485,7 @@ int CyaSSL_GetHmacType(CYASSL* ssl)
if (ssl == NULL)
return BAD_FUNC_ARG;
printf("getting mac \n");
switch (ssl->specs.mac_algorithm) {
#ifndef NO_MD5
case md5_mac:
@@ -488,6 +493,13 @@ int CyaSSL_GetHmacType(CYASSL* ssl)
return MD5;
}
#endif
#ifdef HAVE_POLY1305
case poly1305_mac:
{
printf("poly1305 selected\n");
return POLY1305;
}
#endif
#ifndef NO_SHA256
case sha256_mac:
{
@@ -547,30 +559,31 @@ int CyaSSL_SetTlsHmacInner(CYASSL* ssl, byte* inner, word32 sz, int content,
int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify)
{
Hmac hmac;
int ret;
byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
if (ssl == NULL)
return BAD_FUNC_ARG;
CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
Hmac hmac;
byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
CyaSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
if (ret != 0)
return ret;
ret = HmacUpdate(&hmac, myInner, sizeof(myInner));
if (ret != 0)
return ret;
ret = HmacUpdate(&hmac, in, sz); /* content */
if (ret != 0)
return ret;
ret = HmacFinal(&hmac, digest);
if (ret != 0)
return ret;
if (ret != 0)
return ret;
ret = HmacUpdate(&hmac, myInner, sizeof(myInner));
if (ret != 0)
return ret;
ret = HmacUpdate(&hmac, in, sz); /* content */
if (ret != 0)
return ret;
ret = HmacFinal(&hmac, digest);
if (ret != 0)
return ret;
return 0;
return 0;
}
#ifdef HAVE_TLS_EXTENSIONS

10173
stdout.txt Normal file
View File

File diff suppressed because it is too large Load Diff