feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' of github.com:wolfssl/wolfssl

Browse Source
This commit is contained in:
toddouska
2015-11-16 13:20:26 -08:00
parent ca7956b50d 4e7935f5f5
commit 5e80bf46bf
44 changed files with 1079 additions and 407 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
IDE/ROWLEY-CROSSWORKS-ARM/hw.h
View File

@@ -10,4 +10,4 @@ uint32_t hw_get_time_sec(void);
uint32_t hw_get_time_msec(void); uint32_t hw_get_time_msec(void);
void hw_uart_printchar(int c); void hw_uart_printchar(int c);
void hw_watchdog_disable(void); void hw_watchdog_disable(void);
int hw_rand(void); uint32_t hw_rand(void);

2
IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
View File

@@ -167,7 +167,7 @@ void hw_uart_printchar(int c)
UART_PORT->D = (uint8_t)c; /* Send the character */ UART_PORT->D = (uint8_t)c; /* Send the character */
} }
int hw_rand(void) uint32_t hw_rand(void)
{ {
while((RNG->SR & RNG_SR_OREG_LVL(0xF)) == 0) {}; /* Wait until FIFO has a value available */ while((RNG->SR & RNG_SR_OREG_LVL(0xF)) == 0) {}; /* Wait until FIFO has a value available */
return RNG->OR; /* Return next value in FIFO output register */ return RNG->OR; /* Return next value in FIFO output register */

2
IDE/ROWLEY-CROSSWORKS-ARM/user_libc.c
View File

@@ -29,7 +29,7 @@ double current_time(int reset)
return time; return time;
} }
int custom_rand_generate(void) uint32_t custom_rand_generate(void)
{ {
return hw_rand(); return hw_rand();
} }

3
IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
View File

@@ -18,7 +18,8 @@
/* Custom functions */ /* Custom functions */
extern int custom_rand_generate(void); extern int custom_rand_generate(void);
#define CUSTOM_RAND_GENERATE custom_rand_generate #define CUSTOM_RAND_GENERATE custom_rand_generate
#define CUSTOM_RAND_TYPE word32
#define WOLFSSL_USER_CURRTIME #define WOLFSSL_USER_CURRTIME
/* Debugging - Optional */ /* Debugging - Optional */

20
IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp
View File

@@ -10,12 +10,14 @@
project_type="Library" /> project_type="Library" />
<folder Name="Source Files"> <folder Name="Source Files">
<configuration Name="Common" filter="c;cpp;cxx;cc;h;s;inc" /> <configuration Name="Common" filter="c;cpp;cxx;cc;h;s;inc" />
<folder <folder Name="wolfcrypt">
Name="wolfcrypt" <folder Name="benchmark" path="../../wolfcrypt/benchmark" />
exclude="*.asm;*.s" <folder Name="src" path="../../wolfcrypt/src" />
filter="" <folder Name="test" path="../../wolfcrypt/test" />
path="../../wolfcrypt" <folder Name="user-crypto" path="../../wolfcrypt/user-crypto">
recurse="Yes" /> <configuration Name="Common" build_exclude_from_build="Yes" />
</folder>
</folder>
<folder <folder
Name="wolfssl" Name="wolfssl"
exclude="*.asm;*.s" exclude="*.asm;*.s"
@@ -24,6 +26,12 @@
recurse="Yes" /> recurse="Yes" />
<file file_name="user_settings.h" /> <file file_name="user_settings.h" />
<file file_name="README.md" /> <file file_name="README.md" />
<folder
Name="source"
exclude=""
filter=""
path="../../src"
recurse="No" />
</folder> </folder>
</project> </project>
<project Name="test"> <project Name="test">

281
IDE/WORKBENCH/README.md
View File

@@ -1,150 +1,175 @@
## Wind River Workbench using VxWorks with wolfSSL ## Wind River Workbench using VxWorks with wolfSSL
###1 SETUP: ####1 Necessary Files if Using VxWorks Simulator
####1.1 Steps The following files are required to replicate this build:
* vxsim\_linux\_1\_0\_2\_2 (directory)
* compilers/gnu-4.8.1.5/include/c++/4.8
* compilers/gnu-4.8.1.5/include/c++/4.8/i586-wrs-vxworks
* compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include
* compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include-fixed
* vsb\_vxsim\_linux/share/h
* vsb\_vxsim\_linux/krnl/h/system
* vsb\_vxsim\_linux/krnl/h/public
* vsb\_vxsim\_linux/krnl/configlette
* vsb\_vxsim\_linux/h
Note: This project was tested with a pre-built image in the VxWorks distribution
called vip\_vxsim\_linux\_gnu.
####2 Steps to Add wolfSSL to Workbench Project
1. Start by creating a new VxWorks image in Workbench by going to File > New > 1. Start by creating a new VxWorks image in Workbench by going to File > New >
Project and then select VxWorks Image Project. Project and then selecting VxWorks Image Project.
2. Include the path to the wolfSSL header files(wolfssl/wolfssl):
Right click the project and go to Properties > Build Properties > Paths. 2. Right click on the project and go to Import > General > Filesystem. Choose the path
Choose Browse and select the wolfssl directory. Click ok. to the wolfSSL library here. Uncheck everything except the examples, src and
3. Add preprocessor definitions: wolfcrypt directories. Uncheck the following:
Right click on project, go to Properties > Build Properties > Variables.
wolfcrypt/src/aes_asm.asm
wolfcrypt/src/aes_asm.s
examples/echoclient/
examples/echoserver/
wolcrypt/user-crypto
Leave "Create top level folder" unchecked. Click Finish.
3. To include the path to the wolfSSL header files, right click on the project and go to Properties > Build Properties > Paths.
Choose Browse and select:
<path_to_wolfssl>/
Click ok.
4. In \<path\_to\_wolfssl\>/wolfssl/wolfcrypt/settings.h, uncomment #define WOLFSSL_VXWORKS
5. If not using a filesystem, right click on project, go to Properties >
Build Properties > Variables.
Highlight EXTRA\_DEFINE. Click Edit and add the following to this line: Highlight EXTRA\_DEFINE. Click Edit and add the following to this line:
-DWOLFSSL\_VXWORKS.
This can also be done in wolfssl/wolfcrypt/settings.h by uncommenting the -DUSE_CERT_BUFFERS_2048 -DNO_FILESYSTEM
#define WOLFSSL_VXWORKS
line. USE\_CERT\_BUFFERS is only necessary for the wolfCrypt test and benchmark applications.
If there is not a filesystem set up, add -DUSE\_CERT\_BUFFERS\_2048 and
-DNO\_FILESYSTEM to the variables or #define USE\_CERT\_BUFFERS\_2048 and 6. If using the VxWorks simulator add the following to EXTRA\_DEFINE:
\#define NO\_FILESYSTEM at the top of settings.h.
If there is a filesystem, paths may need to be changed to the path of -DVXWORKS_SIM /* only if using the VxWorks simulator */
filesystem for certificate files in wolfssl/test.h.
4. Right click on the project and go to Import > Filesystem. Choose the path 7. If using a filesystem and running the wolfCrypt test and benchmark applications, copy the certs folder in \<path\_to\_wolfssl\>/wolfssl to the Wind River Workbench workspace folder. This is where the simulator looks for the filesystem.
to the wolfSSL library here. Uncheck everything except the src and wolfcrypt
directories. 8. If NO\_DEV\_RANDOM is defined in \<path\_to\_wolfssl\>wolfssl/wolfcrypt/settings.h inside the
In the wolfcrypt/src folder, uncheck aes\_asm.asm and aes\_asm.s. \#ifdef WOLFSSL\_VXWORKS block, a new GenerateSeed() function will need to be defined
5. If NO\_\_DEV\_RANDOM remains defined in wolfssl/wolfcrypt/settings.h under
\#ifdef WOLFSSL\_VXWORKS, a new GenerateSeed() function will need to be defined
in wolfcrypt/src/random.c. in wolfcrypt/src/random.c.
####1.2 Testing wolfSSL with VxWorks: ####3 Testing wolfSSL with VxWorks:
#####1.2.1 wolfCrypt Test Application #####3.1 wolfCrypt Test and Benchmark Applications
The wolfCrypt test application will test each of the cryptographic algorithms The wolfCrypt test application will test each of the cryptographic algorithms
and output the status for each. This should return success for each algorithm and output the status for each as a success or failure. The benchmark application will output the runtime of
if everything is working. the cryptographic algorithms in milliseconds.
1. In usrAppInit.c, make a call to the wolfCrypt test application by adding 1. Include the following at the top of usrAppInit.c:
the following to the usrAppInit() function:
typedef struct func_args {
int argc;
char** argv;
int return_code;
} func_args;
func_args args;
wolfcrypt_test(&args);
2. Include these header files in usrAppInit.c:
#include <wolfcrypt/test/test.h> #include <wolfcrypt/test/test.h>
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/test.h> #include <wolfssl/test.h>
3. Start the simulator and check that all wolfCrypt tests pass. If there is a extern int benchmark_test(void* args);
certificate file error, adjust the caCert file locations in
wolfcrypt/test/test.c or wolfssl/test.h to those of the filesystem in use.
#####1.2.2 Example Client 2. In usrAppInit.c, make a call to the wolfCrypt test and benchmark applications
The wolfSSL example client can be found in wolfssl/examples/client. by adding the following to the usrAppInit() function:
1. Add client.c and client.h from the examples/client folder to the Workbench typedef struct func_args {
project. int argc;
2. In usrAppInit.c, inlucde the func\_args as described in the Test Application char** argv;
int return_code;
tcp_ready* signal;
callback_functions *callbacks;
} func_args;
func_args args;
wolfcrypt_test(&args);
benchmark_test(&args);
3. Right click on the project and select "Build Project".
4. To run the VxWorks simulator, click the dropdown list next to "VxWorks Simulator" at the top of Workbench and go to "Open Connection Details". Add the correct Kernel Image file. This will be located in ```workspace/<project\_name>/default/vxWorks```. Click Apply. Start the simulator by clicking the green, "Connect 'VxWorks Simulator'" button to the right of the "VxWorks Simulator" dropdown list. Verify in the simulator terminal that all wolfCrypt tests pass.
#####3.2 Example Client
The wolfSSL example client.c file can be found in \<path\_to\_wolfssl\>/wolfssl/examples/client.
1. Add the following include to usrAppInit.c:
#include <examples/client/client.h>
2. In usrAppInit.c, include the func\_args as described in the Test Application
section, and add a call to the client function: section, and add a call to the client function:
client_test(&args);
3. Add the client.h header file to the includes at the top of usrAppInit.c.
4. The wolfSSLIP will need to be changed to the IP address the server is
running on. If using the VxWorks Simulator, localhost will not work. NAT should
be selected in the Simulator Connection Advanced setup.
5. Start the example server from within the wolfSSL directory on the host
machine:
./examples/server/server -d -b
The -d option disables peer checks, -b allows for binding to any interface.
6. Start the example client in Workbench.
#####1.2.3 Example Server client_test(&args);
The example server requires more configuration than the client if using the
VxWorks simulator.
1. Add server.c and server.h from the wolfssl/examples/server folder to the
Workbench project.
2. In usrAppInit.c, inlcude the func\args as described in the Test and Client
applications and add a call to the server function:
func_args args = { 0 }; 3. The char* host in examples/client/client.c will need to be changed to the IP address to connect to. For example:
tcp_ready ready;
InitTcpReady(&ready); char* host = "192.168.15.1";
args.signal = &ready;
4. Right click on the project and select "Build Project".
5. If using the VxWorks Simulator, localhost will not work. NAT should be selected in the Simulator Connection Advanced setup. To do this, click the dropdown button next to VxWorks Simulator at the top of Workbench and select "Open Connection Details". Make sure the correct kernel image file is selected for you project as stated in section 3.1 step 4. Then click Advanced and select NAT as the Network Config. Click OK and Apply.
6. There is an example server in \<path\_to\_wolfssl\> that can be used for testing the client. wolfSSL will first need to be built. Follow the instructions [here](https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html) to do so. See the [wolfSSL manual]( https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-3-getting-started.html) for instructions on setting up the example server. From within \<path\_to\_wolfssl\>/wolfssl, the following command can be used to run the server on the host machine:
./examples/server/server -d -b
7. Start the example client in Workbench by following step 3 in section 3.1.
8. The following output should be expected in the simulator terminal:
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Server response: I hear you fa shizzle!
#####3.3 Example Server
The example server requires more configuration than the client if using the
VxWorks simulator.
Note: The wolfSSL example server and client cannot run at the same time on the VxWorks simulator. Either remove or comment out the ```client_test(&args);``` line.
1. Add the following include to usrAppInit.c:
#include </examples/server/server.h>
2. In usrAppInit.c, after the ```func_args args;``` call, add:
tcp_ready ready;
ready.ready = 0;
ready.port = 0;
args.signal = &ready;
server_test(&args); server_test(&args);
3. Add the server.h header file to the includes at the top of usrAppInit.c. 3. Right click on the project and select "Build Project".
4. Start the server by following the directions in Section 2 for setting up
the VxWorks Simulator.
5. Start the client on the host machine:
./examples/client/client -d
The -d option disables peer checks.
Note: If there are certificate file errors, the file paths in wolfssl/test.h
will need to be adjusted to follow the paths located on the filesystem used
by the VxWorks project.
####1.3 Necessary Files 4. Start the server and complete the following:
The following files are required to replicate this build: Go to "Open Connection Details" under VxWorks Simulator which is in the connections
* vxsim\_linux\_1\_0\_2\_2 (directory) dropdown. Follow step 4 of section 3.1 to select the correct kernel image for the simulator. In "Open Connection Details" of the simulator, go to "Advanced...". Select simnetd from the Network Config dropdown and enter
* Includes 192.168.200.1 as the IP address. To connect to the server running on the VxWorks Simulator, enter these commands
* compilers/gnu-4.8.1.5/include/c++/4.8 into the host machine's terminal from any directory (for Ubuntu 14.04):
* compilers/gnu-4.8.1.5/include/c++/4.8/i586-wrs-vxworks
* compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include
* compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include-fixed
* vsb\_vxsim\_linux/share/h
* vsb\_vxsim\_linux/krnl/h/system
* vsb\_vxsim\_linux/krnl/h/public
* vsb\_vxsim\_linux/krnl/configlette
* vsb\_vxsim\_linux/h
* usrAppInit.c (should be created when with new VxWorks image)
* Include this at the top:
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfcrypt/test/test.h>
#include <wolfssl/ssl.h> /* name change portability layer */
#include <wolfssl/test.h>
extern int benchmark_test(void* args);
extern THREAD\_RETURN WOLFSSL\_THREAD client\_test(void* args);
extern THREAD\_RETURN WOLFSSL\_THREAD server\_test(void* args);
* Inside main function UsrAppInit (void):
func\_args args = { 0 };
tcp\_ready ready;
InitTcpReady(&ready);
args.signal = &ready;
benchmark\_test(NULL);
wolfcrypt\_test(NULL);
/* client\_test(NULL); */
/*server\_test(&args);*/
* usrRtpAppInit.c (should be created when with new VxWorks image)
Leave unchanged
* This project was tested with a pre-built image in the VxWorks distribution
called vsb\_vxsim\_linux.
###2 VXWORKS SIMULATOR: sudo openvpn --mktun --dev tap0
######The VxWorks simulator was used for testing the wolfSSL example applications (server, client, benchmark, and test).
######These are the steps to reproduce this testing method. Note: openvpn may need to be installed first.
In Wind River directory on the host machine:
Go to "Open Connection Details" under VxWorks Simulator which is in the connections sudo vxworks-7/host/x86-linux2/bin/vxsimnetd
dropdown. Choose the corresponding kernel image, typically called
project/default/VxWorks. Select simnetd from the dropdown and enter This will start the vxsimnetd application. Leave it running in the background.
192.168.200.1 as the IP address.
5. There is an example client in \<path\_to\_wolfssl\>/wolfssl/examples. Again, wolfSSL will first need to be built. Follow the instructions [here](https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html) to do so. See the [wolfSSL manual]( https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-3-getting-started.html) for instructions on how to set up the client. From within \<path\_to\_wolfssl\>/wolfssl, the following command can be used to run the client on the host machine:
./examples/client/client -h 192.168.200.1 -d
The -d option disables peer checks.
6. The following output should be expected in the simulator terminal:
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Client message: hello wolfssl!
To connect to a server running on the VxWorks Simulator, enter these commands
into the host terminal (for Ubuntu 14.04):
sudo openvpn --mktun --dev tap0
In Wind River directory:
sudo vxworks-7/host/x86-linux2/bin/vxsimnetd
This will start the vxsimnetd application. Leave it open. The IP address to
connect to the server is the same as above.

4
configure.ac
View File

@@ -70,6 +70,7 @@ m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
AC_CHECK_FUNCS([gethostbyname]) AC_CHECK_FUNCS([gethostbyname])
AC_CHECK_FUNCS([getaddrinfo]) AC_CHECK_FUNCS([getaddrinfo])
AC_CHECK_FUNCS([gettimeofday]) AC_CHECK_FUNCS([gettimeofday])
AC_CHECK_FUNCS([gmtime_r])
AC_CHECK_FUNCS([inet_ntoa]) AC_CHECK_FUNCS([inet_ntoa])
AC_CHECK_FUNCS([memset]) AC_CHECK_FUNCS([memset])
AC_CHECK_FUNCS([socket]) AC_CHECK_FUNCS([socket])
@@ -1966,7 +1967,8 @@ then
if test "x$ENABLED_ECC" = "xno" if test "x$ENABLED_ECC" = "xno"
then then
ENABLED_ECC="yes" ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC" AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
fi fi
if test "x$ENABLED_PKCALLBACKS" = "xno" if test "x$ENABLED_PKCALLBACKS" = "xno"
then then

4
examples/client/client.c
View File

@@ -905,7 +905,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
| WOLFSSL_OCSP_URL_OVERRIDE); | WOLFSSL_OCSP_URL_OVERRIDE);
} }
else else
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE); wolfSSL_CTX_EnableOCSP(ctx, 0);
} }
#endif #endif
@@ -1007,7 +1007,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS) WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS)
err_sys("UseCertificateStatusRequest failed"); err_sys("UseCertificateStatusRequest failed");
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE); wolfSSL_CTX_EnableOCSP(ctx, 0);
} }
#endif #endif

1
examples/client/client.vcxproj
View File

@@ -193,6 +193,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation> <GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine> <TargetMachine>MachineX86</TargetMachine>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

1
examples/echoclient/echoclient.vcxproj
View File

@@ -194,6 +194,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation> <GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine> <TargetMachine>MachineX86</TargetMachine>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

1
examples/echoserver/echoserver.vcxproj
View File

@@ -194,6 +194,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation> <GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine> <TargetMachine>MachineX86</TargetMachine>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

4
examples/server/server.c
View File

@@ -314,7 +314,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
fdOpenSession(Task_self()); fdOpenSession(Task_self());
#endif #endif
#ifndef WOLFSSL_VXWORKS #ifdef WOLFSSL_VXWORKS
useAnyAddr = 1;
#else
while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPIp:v:l:A:c:k:Z:S:oO:D:L:ieB:")) while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPIp:v:l:A:c:k:Z:S:oO:D:L:ieB:"))
!= -1) { != -1) {
switch (ch) { switch (ch) {

1
examples/server/server.vcxproj
View File

@@ -194,6 +194,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation> <GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine> <TargetMachine>MachineX86</TargetMachine>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

3
src/include.am
View File

@@ -95,7 +95,8 @@ src_libwolfssl_la_SOURCES += \
wolfcrypt/src/logging.c \ wolfcrypt/src/logging.c \
wolfcrypt/src/wc_encrypt.c \ wolfcrypt/src/wc_encrypt.c \
wolfcrypt/src/wc_port.c \ wolfcrypt/src/wc_port.c \
wolfcrypt/src/error.c wolfcrypt/src/error.c \
wolfcrypt/src/signature.c
if BUILD_MEMORY if BUILD_MEMORY
src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c

64
src/ssl.c
View File

@@ -2382,7 +2382,7 @@ int wolfSSL_Init(void)
static int wolfssl_decrypt_buffer_key(buffer* der, byte* password, static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
int passwordSz, EncryptedInfo* info) int passwordSz, EncryptedInfo* info)
{ {
int ret; int ret = SSL_BAD_FILE;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
byte* key = NULL; byte* key = NULL;
@@ -2434,7 +2434,7 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
key, info->iv); key, info->iv);
#endif /* NO_DES3 */ #endif /* NO_DES3 */
#ifndef NO_AES #ifndef NO_AES
else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
key, AES_128_KEY_SIZE, info->iv); key, AES_128_KEY_SIZE, info->iv);
else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
@@ -2444,8 +2444,6 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
key, AES_256_KEY_SIZE, info->iv); key, AES_256_KEY_SIZE, info->iv);
#endif /* NO_AES */ #endif /* NO_AES */
else
ret = SSL_BAD_FILE;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2465,7 +2463,7 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password, static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
int passwordSz, EncryptedInfo* info) int passwordSz, EncryptedInfo* info)
{ {
int ret; int ret = SSL_BAD_FILE;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
byte* key = NULL; byte* key = NULL;
@@ -2509,7 +2507,7 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv); ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
#endif /* NO_DES3 */ #endif /* NO_DES3 */
#ifndef NO_AES #ifndef NO_AES
else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcEncryptWithKey(der, der, derSz, ret = wc_AesCbcEncryptWithKey(der, der, derSz,
key, AES_128_KEY_SIZE, info->iv); key, AES_128_KEY_SIZE, info->iv);
else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
@@ -2519,8 +2517,6 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
ret = wc_AesCbcEncryptWithKey(der, der, derSz, ret = wc_AesCbcEncryptWithKey(der, der, derSz,
key, AES_256_KEY_SIZE, info->iv); key, AES_256_KEY_SIZE, info->iv);
#endif /* NO_AES */ #endif /* NO_AES */
else
ret = SSL_BAD_FILE;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2555,6 +2551,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
int sz = (int)longSz; int sz = (int)longSz;
int encrypted_key = 0; int encrypted_key = 0;
(void)dynamicType;
(void)heap;
WOLFSSL_ENTER("PemToDer"); WOLFSSL_ENTER("PemToDer");
switch (type) { switch (type) {
@@ -8332,17 +8331,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
} }
/* SSL_SUCCESS on ok */ /* return SSL_SUCCESS on ok, 0 on failure to match API compatibility */
int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type, byte* key, const WOLFSSL_EVP_CIPHER* type, byte* key,
byte* iv, int enc) byte* iv, int enc)
{ {
#if defined(NO_AES) && defined(NO_DES3) && !defined(HAVE_IDEA) int ret = -1; /* failure local, during function 0 means success
because internal functions work that way */
(void)iv; (void)iv;
(void)enc; (void)enc;
#else
int ret = 0;
#endif
WOLFSSL_ENTER("wolfSSL_EVP_CipherInit"); WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
if (ctx == NULL) { if (ctx == NULL) {
@@ -8475,7 +8472,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif /* NO_AES */ #endif /* NO_AES */
#ifndef NO_DES3 #ifndef NO_DES3
else if (ctx->cipherType == DES_CBC_TYPE || if (ctx->cipherType == DES_CBC_TYPE ||
(type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) { (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) {
WOLFSSL_MSG(EVP_DES_CBC); WOLFSSL_MSG(EVP_DES_CBC);
ctx->cipherType = DES_CBC_TYPE; ctx->cipherType = DES_CBC_TYPE;
@@ -8515,7 +8512,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
} }
#endif /* NO_DES3 */ #endif /* NO_DES3 */
#ifndef NO_RC4 #ifndef NO_RC4
else if (ctx->cipherType == ARC4_TYPE || (type && if (ctx->cipherType == ARC4_TYPE || (type &&
XSTRNCMP(type, "ARC4", 4) == 0)) { XSTRNCMP(type, "ARC4", 4) == 0)) {
WOLFSSL_MSG("ARC4"); WOLFSSL_MSG("ARC4");
ctx->cipherType = ARC4_TYPE; ctx->cipherType = ARC4_TYPE;
@@ -8523,10 +8520,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ctx->keyLen = 16; /* default to 128 */ ctx->keyLen = 16; /* default to 128 */
if (key) if (key)
wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen); wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
ret = 0; /* success */
} }
#endif /* NO_RC4 */ #endif /* NO_RC4 */
#ifdef HAVE_IDEA #ifdef HAVE_IDEA
else if (ctx->cipherType == IDEA_CBC_TYPE || if (ctx->cipherType == IDEA_CBC_TYPE ||
(type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) { (type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) {
WOLFSSL_MSG(EVP_IDEA_CBC); WOLFSSL_MSG(EVP_IDEA_CBC);
ctx->cipherType = IDEA_CBC_TYPE; ctx->cipherType = IDEA_CBC_TYPE;
@@ -8534,8 +8532,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) { if (key) {
ret = wc_IdeaSetKey(&ctx->cipher.idea, key, ctx->keyLen, iv, ret = wc_IdeaSetKey(&ctx->cipher.idea, key, (word16)ctx->keyLen,
ctx->enc ? IDEA_ENCRYPTION : IDEA_DECRYPTION); iv, ctx->enc ? IDEA_ENCRYPTION :
IDEA_DECRYPTION);
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
@@ -8544,17 +8543,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
wc_IdeaSetIV(&ctx->cipher.idea, iv); wc_IdeaSetIV(&ctx->cipher.idea, iv);
} }
#endif /* HAVE_IDEA */ #endif /* HAVE_IDEA */
else if (ctx->cipherType == NULL_CIPHER_TYPE || (type && if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
XSTRNCMP(type, "NULL", 4) == 0)) { XSTRNCMP(type, "NULL", 4) == 0)) {
WOLFSSL_MSG("NULL cipher"); WOLFSSL_MSG("NULL cipher");
ctx->cipherType = NULL_CIPHER_TYPE; ctx->cipherType = NULL_CIPHER_TYPE;
ctx->keyLen = 0; ctx->keyLen = 0;
ret = 0; /* success */
} }
if (ret == 0)
return SSL_SUCCESS;
else else
return 0; /* failure */ return 0; /* overall failure */
return SSL_SUCCESS;
} }
@@ -9953,13 +9953,10 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl)
int wolfSSL_get_shutdown(const WOLFSSL* ssl) int wolfSSL_get_shutdown(const WOLFSSL* ssl)
{ {
WOLFSSL_ENTER("wolfSSL_get_shutdown"); WOLFSSL_ENTER("wolfSSL_get_shutdown");
#ifdef HAVE_STUNNEL /* in OpenSSL, SSL_SENT_SHUTDOWN = 1, when closeNotifySent *
return (ssl->options.sentNotify << 1) | (ssl->options.closeNotify); * SSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */
#else return ((ssl->options.closeNotify||ssl->options.connReset) << 1)
return (ssl->options.isClosed || | (ssl->options.sentNotify);
ssl->options.connReset ||
ssl->options.sentNotify);
#endif
} }
@@ -9971,6 +9968,7 @@ int wolfSSL_session_reused(WOLFSSL* ssl)
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
void wolfSSL_SESSION_free(WOLFSSL_SESSION* session) void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
{ {
/* No need to free since cache is static */
(void)session; (void)session;
} }
#endif #endif
@@ -10413,10 +10411,10 @@ char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len)
} }
WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl) /* what's ref count */ WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl)
{ {
(void)ssl; /* sessions are stored statically, no need for reference count */
return 0; return wolfSSL_get_session(ssl);
} }

2
src/tls.c
View File

@@ -1921,7 +1921,7 @@ static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
size += ENUM_LEN + 2 * OPAQUE16_LEN; size += ENUM_LEN + 2 * OPAQUE16_LEN;
if (csr->request.ocsp.nonceSz) if (csr->request.ocsp.nonceSz)
size += MAX_OCSP_EXT_SZ; size += OCSP_NONCE_EXT_SZ;
} }
} }
#endif #endif

1
testsuite/testsuite.vcxproj
View File

@@ -193,6 +193,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation> <GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
<TargetMachine>MachineX86</TargetMachine> <TargetMachine>MachineX86</TargetMachine>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

1
tirtos/include.am
View File

@@ -6,6 +6,7 @@ EXTRA_DIST += \
tirtos/README \ tirtos/README \
tirtos/wolfssl.bld \ tirtos/wolfssl.bld \
tirtos/wolfssl.mak \ tirtos/wolfssl.mak \
tirtos/products.mak \
tirtos/packages/ti/net/wolfssl/package.bld \ tirtos/packages/ti/net/wolfssl/package.bld \
tirtos/packages/ti/net/wolfssl/package.xdc \ tirtos/packages/ti/net/wolfssl/package.xdc \
tirtos/packages/ti/net/wolfssl/package.xs \ tirtos/packages/ti/net/wolfssl/package.xs \

30
tirtos/products.mak Normal file
View File

@@ -0,0 +1,30 @@
#
# ======== products.mak ========
#
#
# Read the http://processors.wiki.ti.com/index.php/Using_wolfSSL_with_TI-RTOS
# for instructions to download the software required.
# XDC_INSTALL_DIR is the path to XDCtools directory.
XDC_INSTALL_DIR =
# BIOS_INSTALL_DIR is the path to TI-RTOS Kernel (SYS/BIOS) directory. If you
# have installed TI-RTOS, it is located in the products/bios_* path.
BIOS_INSTALL_DIR =
# NDK_INSTALL_DIR is the path to TI-RTOS NDK directory. If you have
# installed TI-RTOS, it is located in the products/ndk_* path.
NDK_INSTALL_DIR =
# TIVAWARE_INSTALL_DIR is the path to Tivaware driverlib directory. If you have
# installed TI-RTOS, it is located in the products/TivaWare_* path.
TIVAWARE_INSTALL_DIR =
# Define the code generation tools path for TI, IAR and GCC ARM compilers.
# If you have installed Code Composer Studio, the TI and GCC compiler are
# located in the ccsv*/tools/compiler/* path.
#
# Leave assignment empty to disable any toolchain.
ti.targets.arm.elf.M4F =
iar.targets.arm.M4F =
gnu.targets.arm.M4F =

14
tirtos/wolfssl.bld
View File

@@ -34,7 +34,7 @@
var armOpts = " -ms "; var armOpts = " -ms ";
var gnuOpts = " -D_POSIX_SOURCE "; var gnuOpts = " -D_POSIX_SOURCE ";
var iarOpts = " --diag_suppress=Pa134 "; var iarOpts = " --diag_suppress=Pa134 ";
var TivaWareDir = ""; var ndkDir = "";
/* Uncomment the following lines to build libraries for debug mode: */ /* Uncomment the following lines to build libraries for debug mode: */
// Pkg.attrs.profile = "debug"; // Pkg.attrs.profile = "debug";
@@ -57,7 +57,7 @@ var ccOpts = {
for (arg = 0; arg < arguments.length; arg++) { for (arg = 0; arg < arguments.length; arg++) {
/* /*
* Get the compiler's installation directory. * Get the compiler's installation directory.
* For "ti.targets.arm.elf.M4F=/vendors/arm/6.1.0", * For "ti.targets.arm.elf.M4F=/vendors/arm/6.1.0",
* we get "/vendors/arm/6.1.0" * we get "/vendors/arm/6.1.0"
*/ */
var targetName = arguments[arg].split("=")[0]; var targetName = arguments[arg].split("=")[0];
@@ -68,8 +68,8 @@ for (arg = 0; arg < arguments.length; arg++) {
continue; continue;
} }
if (targetName.match(/^TIVAWARE/) ) { if (targetName.match(/^NDK/) ) {
TivaWareDir = rootDir; ndkDir = rootDir;
continue; continue;
} }
@@ -81,9 +81,9 @@ for (arg = 0; arg < arguments.length; arg++) {
} }
/* Include Path (needed to find NDK headers) */ /* Include Path (needed to find NDK headers) */
var ndkPath = "$(NDK_INSTALL_DIR)/packages/ti/ndk/"; var wolfsslPathInclude = " -I" + ndkDir + "/packages/ti/ndk/inc/bsd "
var wolfsslPathInclude = " -I" + ndkPath + "/inc/bsd -DWOLFSSL_TIRTOS "; + "-DWOLFSSL_TIRTOS ";
/* lib/ is a generated directory that 'xdc clean' should remove */ /* lib/ is a generated directory that 'xdc clean' should remove */
var Pkg = xdc.useModule('xdc.bld.PackageContents'); var Pkg = xdc.useModule('xdc.bld.PackageContents');
Pkg.generatedFiles.$add("lib/"); Pkg.generatedFiles.$add("lib/");

32
tirtos/wolfssl.mak
View File

@@ -1,27 +1,17 @@
# #
# ======== wolfssl.mak ======== # ======== wolfssl.mak ========
# #
include ./products.mak
# USER OPTIONAL STEP: These variables are set when building wolfssl # Enable older TI-RTOS 2.14-based variables
# through the tirtos.mak ifeq ($(BIOS_INSTALL_DIR),)
# Set up dependencies BIOS_INSTALL_DIR=$(SYSBIOS_INSTALL_DIR)
XDC_INSTALL_DIR ?= C:/ti/xdctools_3_24_02_30 endif
SYSBIOS_INSTALL_DIR ?= C:/ti/bios_6_34_01_14 ifeq ($(TIVAWARE_INSTALL_DIR),)
NDK_INSTALL_DIR ?= C:/ti/ndk_2_24_00_02 TIVAWARE_INSTALL_DIR=$(TIVAWARE)
TIRTOS_INSTALLATION_DIR ?= C:/ti/tirtos_tivac_2_00_00_22 endif
TIVAWARE ?= C:/ti/tivaware
WOLFSSL_INSTALL_DIR ?= C:/wolfssl/wolfssl-2.9.4
# WOLFSSL_INSTALL_DIR=$(CURDIR)/../
# Set location of various cgtools
# These variables can be set here or on the command line. These
# variables are set when building wolfssl through tirtos.mak
# USER OPTIONAL STEP: user can define below paths to compilers
ti.targets.arm.elf.M4F ?=
gnu.targets.arm.M4F ?=
iar.targets.arm.M4F ?=
# #
# Set XDCARGS to some of the variables above. XDCARGS are passed # Set XDCARGS to some of the variables above. XDCARGS are passed
@@ -40,12 +30,12 @@ XDCARGS= \
ti.targets.arm.elf.M4F=\"$(ti.targets.arm.elf.M4F)\" \ ti.targets.arm.elf.M4F=\"$(ti.targets.arm.elf.M4F)\" \
gnu.targets.arm.M4F=\"$(gnu.targets.arm.M4F)\" \ gnu.targets.arm.M4F=\"$(gnu.targets.arm.M4F)\" \
iar.targets.arm.M4F=\"$(iar.targets.arm.M4F)\" \ iar.targets.arm.M4F=\"$(iar.targets.arm.M4F)\" \
TIVAWARE=\"$(TIVAWARE)\" NDK=\"$(NDK_INSTALL_DIR)\"
# #
# Set XDCPATH to contain necessary repositories. # Set XDCPATH to contain necessary repositories.
# #
XDCPATH = $(SYSBIOS_INSTALL_DIR)/packages;$(NDK_INSTALL_DIR)/packages;$(WOLFSSL_INSTALL_DIR);$(TIRTOS_INSTALLATION_DIR)/packages;$(TIVAWARE); XDCPATH = $(BIOS_INSTALL_DIR)/packages;$(NDK_INSTALL_DIR)/packages;$(WOLFSSL_INSTALL_DIR);$(TIVAWARE_INSTALL_DIR)
export XDCPATH export XDCPATH
# #

47
wolfcrypt/src/aes.c
View File

@@ -2651,19 +2651,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
#endif #endif
enum { enum {
CTR_SZ = 4 NONCE_SZ = 12,
CTR_SZ = 4
}; };
static INLINE void InitGcmCounter(byte* inOutCtr)
{
inOutCtr[AES_BLOCK_SIZE - 4] = 0;
inOutCtr[AES_BLOCK_SIZE - 3] = 0;
inOutCtr[AES_BLOCK_SIZE - 2] = 0;
inOutCtr[AES_BLOCK_SIZE - 1] = 1;
}
static INLINE void IncrementGcmCounter(byte* inOutCtr) static INLINE void IncrementGcmCounter(byte* inOutCtr)
{ {
int i; int i;
@@ -2752,6 +2744,12 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
XMEMSET(iv, 0, AES_BLOCK_SIZE); XMEMSET(iv, 0, AES_BLOCK_SIZE);
ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION); ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
#ifdef WOLFSSL_AESNI
/* AES-NI code generates its own H value. */
if (haveAESNI)
return ret;
#endif /* WOLFSSL_AESNI */
if (ret == 0) { if (ret == 0) {
wc_AesEncrypt(aes, iv, aes->H); wc_AesEncrypt(aes, iv, aes->H);
#ifdef GCM_TABLE #ifdef GCM_TABLE
@@ -3696,6 +3694,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* p = in; const byte* p = in;
byte* c = out; byte* c = out;
byte counter[AES_BLOCK_SIZE]; byte counter[AES_BLOCK_SIZE];
byte initialCounter[AES_BLOCK_SIZE];
byte *ctr ; byte *ctr ;
byte scratch[AES_BLOCK_SIZE]; byte scratch[AES_BLOCK_SIZE];
@@ -3715,9 +3714,15 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
ctr = counter ; ctr = counter ;
#endif #endif
XMEMSET(ctr, 0, AES_BLOCK_SIZE); XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
XMEMCPY(ctr, iv, ivSz); if (ivSz == NONCE_SZ) {
InitGcmCounter(ctr); XMEMCPY(initialCounter, iv, ivSz);
initialCounter[AES_BLOCK_SIZE - 1] = 1;
}
else {
GHASH(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
}
XMEMCPY(ctr, initialCounter, AES_BLOCK_SIZE);
#ifdef WOLFSSL_PIC32MZ_CRYPT #ifdef WOLFSSL_PIC32MZ_CRYPT
if(blocks) if(blocks)
@@ -3744,8 +3749,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
} }
GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
InitGcmCounter(ctr); wc_AesEncrypt(aes, initialCounter, scratch);
wc_AesEncrypt(aes, ctr, scratch);
xorbuf(authTag, scratch, authTagSz); xorbuf(authTag, scratch, authTagSz);
return 0; return 0;
@@ -3762,6 +3766,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* c = in; const byte* c = in;
byte* p = out; byte* p = out;
byte counter[AES_BLOCK_SIZE]; byte counter[AES_BLOCK_SIZE];
byte initialCounter[AES_BLOCK_SIZE];
byte *ctr ; byte *ctr ;
byte scratch[AES_BLOCK_SIZE]; byte scratch[AES_BLOCK_SIZE];
@@ -3782,9 +3787,15 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
ctr = counter ; ctr = counter ;
#endif #endif
XMEMSET(ctr, 0, AES_BLOCK_SIZE); XMEMSET(initialCounter, 0, AES_BLOCK_SIZE);
XMEMCPY(ctr, iv, ivSz); if (ivSz == NONCE_SZ) {
InitGcmCounter(ctr); XMEMCPY(initialCounter, iv, ivSz);
initialCounter[AES_BLOCK_SIZE - 1] = 1;
}
else {
GHASH(aes, NULL, 0, iv, ivSz, initialCounter, AES_BLOCK_SIZE);
}
XMEMCPY(ctr, initialCounter, AES_BLOCK_SIZE);
/* Calculate the authTag again using the received auth data and the /* Calculate the authTag again using the received auth data and the
* cipher text. */ * cipher text. */

123
wolfcrypt/src/aes_asm.asm
View File

@@ -981,69 +981,86 @@ MAKE_RK256_b:
gfmul PROC gfmul PROC
; xmm0 holds operand a (128 bits) ; xmm0 holds operand a (128 bits)
; xmm1 holds operand b (128 bits) ; xmm1 holds operand b (128 bits)
; rdi holds the pointer to output (128 bits) ; r8 holds the pointer to output (128 bits)
movdqa %xmm0, %xmm3
pclmulqdq $0, %xmm1, %xmm3 ; xmm3 holds a0*b0 ; convert to what we had for att&t convention
movdqa %xmm0, %xmm4 movdqa xmm0, [rcx]
pclmulqdq $16, %xmm1, %xmm4 ; xmm4 holds a0*b1 movdqa xmm1, [rdx]
movdqa %xmm0, %xmm5
pclmulqdq $1, %xmm1, %xmm5 ; xmm5 holds a1*b0 ; on microsoft xmm6-xmm15 are non volaitle, let's save on stack and restore at end
movdqa %xmm0, %xmm6 sub rsp,8+4*16 ; 8 = align stack , 4 xmm6-9 16 bytes each
pclmulqdq $17, %xmm1, %xmm6 ; xmm6 holds a1*b1 movdqa [rsp+0], xmm6
pxor %xmm5, %xmm4 ; xmm4 holds a0*b1 + a1*b0 movdqa [rsp+16], xmm7
movdqa %xmm4, %xmm5 movdqa [rsp+32], xmm8
psrldq $8, %xmm4 movdqa [rsp+48], xmm9
pslldq $8, %xmm5
pxor %xmm5, %xmm3 movdqa xmm3, xmm0
pxor %xmm4, %xmm6 ; <xmm6:xmm3> holds the result of pclmulqdq xmm3, xmm1, 0 ; xmm3 holds a0*b0
movdqa xmm4, xmm0
pclmulqdq xmm4, xmm1, 16 ; xmm4 holds a0*b1
movdqa xmm5, xmm0
pclmulqdq xmm5, xmm1, 1 ; xmm5 holds a1*b0
movdqa xmm6, xmm0
pclmulqdq xmm6, xmm1, 17 ; xmm6 holds a1*b1
pxor xmm4, xmm5 ; xmm4 holds a0*b1 + a1*b0
movdqa xmm5, xmm4
psrldq xmm4, 8
pslldq xmm5, 8
pxor xmm3, xmm5
pxor xmm6, xmm4 ; <xmm6:xmm3> holds the result of
; the carry-less multiplication of ; the carry-less multiplication of
; xmm0 by xmm1 ; xmm0 by xmm1
; shift the result by one bit position to the left cope for the fact ; shift the result by one bit position to the left cope for the fact
; that bits are reversed ; that bits are reversed
movdqa %xmm3, %xmm7 movdqa xmm7, xmm3
movdqa %xmm6, %xmm8 movdqa xmm8, xmm6
pslld $1, %xmm3 pslld xmm3, 1
pslld $1, %xmm6 pslld xmm6, 1
psrld $31, %xmm7 psrld xmm7, 31
psrld $31, %xmm8 psrld xmm8, 31
movdqa %xmm7, %xmm9 movdqa xmm9, xmm7
pslldq $4, %xmm8 pslldq xmm8, 4
pslldq $4, %xmm7 pslldq xmm7, 4
psrldq $12, %xmm9 psrldq xmm9, 12
por %xmm7, %xmm3 por xmm3, xmm7
por %xmm8, %xmm6 por xmm6, xmm8
por %xmm9, %xmm6 por xmm6, xmm9
; first phase of the reduction ; first phase of the reduction
movdqa %xmm3, %xmm7 movdqa xmm7, xmm3
movdqa %xmm3, %xmm8 movdqa xmm8, xmm3
movdqa %xmm3, %xmm9 movdqa xmm9, xmm3
pslld $31, %xmm7 ; packed right shifting << 31 pslld xmm7, 31 ; packed right shifting << 31
pslld $30, %xmm8 ; packed right shifting shift << 30 pslld xmm8, 30 ; packed right shifting shift << 30
pslld $25, %xmm9 ; packed right shifting shift << 25 pslld xmm9, 25 ; packed right shifting shift << 25
pxor %xmm8, %xmm7 ; xor the shifted versions pxor xmm7, xmm8 ; xor the shifted versions
pxor %xmm9, %xmm7 pxor xmm7, xmm9
movdqa %xmm7, %xmm8 movdqa xmm8, xmm7
pslldq $12, %xmm7 pslldq xmm7, 12
psrldq $4, %xmm8 psrldq xmm8, 4
pxor %xmm7, %xmm3 ; first phase of the reduction complete pxor xmm3, xmm7 ; first phase of the reduction complete
movdqa %xmm3,%xmm2 ; second phase of the reduction movdqa xmm2, xmm3 ; second phase of the reduction
movdqa %xmm3,%xmm4 movdqa xmm4, xmm3
movdqa %xmm3,%xmm5 movdqa xmm5, xmm3
psrld $1, %xmm2 ; packed left shifting >> 1 psrld xmm2, 1 ; packed left shifting >> 1
psrld $2, %xmm4 ; packed left shifting >> 2 psrld xmm4, 2 ; packed left shifting >> 2
psrld $7, %xmm5 ; packed left shifting >> 7 psrld xmm5, 7 ; packed left shifting >> 7
pxor %xmm4, %xmm2 ; xor the shifted versions pxor xmm2, xmm4 ; xor the shifted versions
pxor %xmm5, %xmm2 pxor xmm2, xmm5
pxor %xmm8, %xmm2 pxor xmm2, xmm8
pxor %xmm2, %xmm3 pxor xmm3, xmm2
pxor %xmm3, %xmm6 ; the result is in xmm6 pxor xmm6, xmm3 ; the result is in xmm6
movdqu %xmm6, (%rdi) ; store the result movdqu [r8],xmm6 ; store the result
; restore xmm6 and xmm7 ; restore non volatile xmms from stack
movdqa xmm6, [rsp+0]
movdqa xmm7, [rsp+16]
movdqa xmm8, [rsp+32]
movdqa xmm9, [rsp+48]
add rsp,8+4*16 ; 8 = align stack , 4 xmm6-9 16 bytes each
ret ret
gfmul ENDP gfmul ENDP

49
wolfcrypt/src/asn.c
View File

@@ -200,7 +200,12 @@
/* uses complete <time.h> facility */ /* uses complete <time.h> facility */
#include <time.h> #include <time.h>
#define XTIME(tl) time((tl)) #define XTIME(tl) time((tl))
#define XGMTIME(c, t) gmtime((c)) #ifdef HAVE_GMTIME_R
#define XGMTIME(c, t) gmtime_r((c), (t))
#define NEED_TMP_TIME
#else
#define XGMTIME(c, t) gmtime((c))
#endif
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#endif #endif
@@ -2554,8 +2559,11 @@ int ValidateDate(const byte* date, byte format, int dateType)
struct tm* localTime; struct tm* localTime;
struct tm* tmpTime = NULL; struct tm* tmpTime = NULL;
int i = 0; int i = 0;
int timeDiff = 0 ;
int diffHH = 0 ; int diffMM = 0 ;
int diffSign = 0 ;
#if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES) #if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES) || defined(NEED_TMP_TIME)
struct tm tmpTimeStorage; struct tm tmpTimeStorage;
tmpTime = &tmpTimeStorage; tmpTime = &tmpTimeStorage;
#else #else
@@ -2584,11 +2592,18 @@ int ValidateDate(const byte* date, byte format, int dateType)
GetTime((int*)&certTime.tm_min, date, &i); GetTime((int*)&certTime.tm_min, date, &i);
GetTime((int*)&certTime.tm_sec, date, &i); GetTime((int*)&certTime.tm_sec, date, &i);
if (date[i] != 'Z') { /* only Zulu supported for this profile */ if ((date[i] == '+') || (date[i] == '-')) {
WOLFSSL_MSG("Only Zulu time supported for this profile"); WOLFSSL_MSG("Using time differential, not Zulu") ;
diffSign = date[i++] == '+' ? 1 : -1 ;
GetTime(&diffHH, date, &i);
GetTime(&diffMM, date, &i);
timeDiff = diffSign * (diffHH*60 + diffMM) * 60 ;
} else if (date[i] != 'Z') {
WOLFSSL_MSG("UTCtime, niether Zulu or time differential") ;
return 0; return 0;
} }
ltime -= (time_t)timeDiff ;
localTime = XGMTIME(&ltime, tmpTime); localTime = XGMTIME(&ltime, tmpTime);
if (localTime == NULL) { if (localTime == NULL) {
@@ -5744,7 +5759,7 @@ static int SetValidity(byte* output, int daysValid)
struct tm* tmpTime = NULL; struct tm* tmpTime = NULL;
struct tm local; struct tm local;
#if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES) #if defined(FREESCALE_MQX) || defined(TIME_OVERRIDES) || defined(NEED_TMP_TIME)
/* for use with gmtime_r */ /* for use with gmtime_r */
struct tm tmpTimeStorage; struct tm tmpTimeStorage;
tmpTime = &tmpTimeStorage; tmpTime = &tmpTimeStorage;
@@ -8569,6 +8584,17 @@ static int DecodeOcspRespExtensions(byte* source,
} }
if (oid == OCSP_NONCE_OID) { if (oid == OCSP_NONCE_OID) {
/* get data inside extra OCTET_STRING */
if (source[idx++] != ASN_OCTET_STRING) {
WOLFSSL_MSG("\tfail: should be an OCTET STRING");
return ASN_PARSE_E;
}
if (GetLength(source, &idx, &length, sz) < 0) {
WOLFSSL_MSG("\tfail: extension data length");
return ASN_PARSE_E;
}
resp->nonce = source + idx; resp->nonce = source + idx;
resp->nonceSz = length; resp->nonceSz = length;
} }
@@ -8673,7 +8699,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
int length; int length;
word32 idx = *ioIndex; word32 idx = *ioIndex;
word32 end_index; word32 end_index;
int ret; int ret = -1;
WOLFSSL_ENTER("DecodeBasicOcspResponse"); WOLFSSL_ENTER("DecodeBasicOcspResponse");
@@ -8732,13 +8758,9 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
else { else {
Signer* ca = GetCA(cm, resp->issuerHash); Signer* ca = GetCA(cm, resp->issuerHash);
if (ca) if (!ca || !ConfirmSignature(resp->response, resp->responseSz,
ret = ConfirmSignature(resp->response, resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
ca->publicKey, ca->pubKeySize, ca->keyOID, resp->sig, resp->sigSz, resp->sigOID, NULL)) {
resp->sig, resp->sigSz, resp->sigOID, NULL);
if (!ca || ret == 0)
{
WOLFSSL_MSG("\tOCSP Confirm signature failed"); WOLFSSL_MSG("\tOCSP Confirm signature failed");
return ASN_OCSP_CONFIRM_E; return ASN_OCSP_CONFIRM_E;
} }
@@ -9378,4 +9400,3 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
#endif /* WOLFSSL_SEP */ #endif /* WOLFSSL_SEP */

2
wolfcrypt/src/ecc.c
View File

@@ -3254,7 +3254,7 @@ int wc_ecc_sig_size(ecc_key* key)
if (sz <= 0) if (sz <= 0)
return sz; return sz;
return sz * 2 + SIG_HEADER_SZ + 4; /* (4) worst case estimate */ return (sz * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ;
} }

3
wolfcrypt/src/error.c
View File

@@ -361,6 +361,9 @@ const char* wc_GetErrorString(int error)
case WC_INIT_E: case WC_INIT_E:
return "wolfCrypt Initialize Failure error"; return "wolfCrypt Initialize Failure error";
case SIG_VERIFY_E:
return "Signature verify error";
default: default:
return "unknown error number"; return "unknown error number";

128
wolfcrypt/src/hash.c
View File

@@ -27,10 +27,130 @@
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#if !defined(WOLFSSL_TI_HASH)
#include <wolfssl/wolfcrypt/hash.h> #include <wolfssl/wolfcrypt/hash.h>
#ifdef WOLFSSL_MD2
#include <wolfssl/wolfcrypt/md2.h>
#endif
#ifndef NO_MD4
#include <wolfssl/wolfcrypt/md4.h>
#endif
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h>
#endif
/* Get Hash digest size */
int wc_HashGetDigestSize(enum wc_HashType hash_type)
{
int dig_size = BAD_FUNC_ARG;
switch(hash_type)
{
#ifdef WOLFSSL_MD2
case WC_HASH_TYPE_MD2:
dig_size = MD2_DIGEST_SIZE;
break;
#endif
#ifndef NO_MD4
case WC_HASH_TYPE_MD4:
dig_size = MD4_DIGEST_SIZE;
break;
#endif
#ifndef NO_MD5
case WC_HASH_TYPE_MD5:
dig_size = MD5_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA
case WC_HASH_TYPE_SHA:
dig_size = SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case WC_HASH_TYPE_SHA256:
dig_size = SHA256_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA384
case WC_HASH_TYPE_SHA384:
dig_size = SHA384_DIGEST_SIZE;
break;
#endif /* WOLFSSL_SHA384 */
case WC_HASH_TYPE_SHA512:
dig_size = SHA512_DIGEST_SIZE;
break;
#endif /* WOLFSSL_SHA512 */
case WC_HASH_TYPE_NONE:
default:
break;
}
return dig_size;
}
/* Generic Hashing Wrapper */
int wc_Hash(enum wc_HashType hash_type, const byte* data,
word32 data_len, byte* hash, word32 hash_len)
{
int ret = BAD_FUNC_ARG;
word32 dig_size;
/* Validate hash buffer size */
dig_size = wc_HashGetDigestSize(hash_type);
if (hash_len < dig_size) {
return BUFFER_E;
}
switch(hash_type)
{
#ifdef WOLFSSL_MD2
case WC_HASH_TYPE_MD2:
ret = wc_Md2Hash(data, data_len, hash);
break;
#endif
#ifndef NO_MD4
case WC_HASH_TYPE_MD4:
ret = wc_Md4Hash(data, data_len, hash);
break;
#endif
#ifndef NO_MD5
case WC_HASH_TYPE_MD5:
ret = wc_Md5Hash(data, data_len, hash);
break;
#endif
#ifndef NO_SHA
case WC_HASH_TYPE_SHA:
ret = wc_ShaHash(data, data_len, hash);
break;
#endif
#ifndef NO_SHA256
case WC_HASH_TYPE_SHA256:
ret = wc_Sha256Hash(data, data_len, hash);
break;
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA384
case WC_HASH_TYPE_SHA384:
ret = wc_Sha384Hash(data, data_len, hash);
break;
#endif /* WOLFSSL_SHA384 */
case WC_HASH_TYPE_SHA512:
ret = wc_Sha512Hash(data, data_len, hash);
break;
#endif /* WOLFSSL_SHA512 */
case WC_HASH_TYPE_NONE:
default:
WOLFSSL_MSG("wc_Hash: Bad hash type");
break;
}
return ret;
}
#if !defined(WOLFSSL_TI_HASH)
#if !defined(NO_MD5) #if !defined(NO_MD5)
void wc_Md5GetHash(Md5* md5, byte* hash) void wc_Md5GetHash(Md5* md5, byte* hash)
{ {
@@ -55,7 +175,7 @@ int wc_ShaGetHash(Sha* sha, byte* hash)
return ret ; return ret ;
} }
WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) { void wc_ShaRestorePos(Sha* s1, Sha* s2) {
*s1 = *s2 ; *s1 = *s2 ;
} }
@@ -102,7 +222,7 @@ int wc_Sha256GetHash(Sha256* sha256, byte* hash)
return ret ; return ret ;
} }
WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) { void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
*s1 = *s2 ; *s1 = *s2 ;
} }

10
wolfcrypt/src/idea.c
View File

@@ -48,7 +48,7 @@ static INLINE word16 idea_mult(word16 x, word16 y)
mul = (long)x * (long)y; mul = (long)x * (long)y;
if (mul) { if (mul) {
res = (mul & IDEA_MASK) - (mul >> 16); res = (mul & IDEA_MASK) - ((word32)mul >> 16);
if (res <= 0) if (res <= 0)
res += IDEA_MODULO; res += IDEA_MODULO;
@@ -211,17 +211,17 @@ void wc_IdeaCipher(Idea *idea, byte* out, const byte* in)
x[3] = idea_mult(x[3], idea->skey[skey_idx++]); x[3] = idea_mult(x[3], idea->skey[skey_idx++]);
t2 = x[0] ^ x[2]; t2 = x[0] ^ x[2];
t2 = idea_mult(t2, idea->skey[skey_idx++]); t2 = idea_mult((word16)t2, idea->skey[skey_idx++]);
t1 = (t2 + (x[1] ^ x[3])) & IDEA_MASK; t1 = (t2 + (x[1] ^ x[3])) & IDEA_MASK;
t1 = idea_mult(t1, idea->skey[skey_idx++]); t1 = idea_mult((word16)t1, idea->skey[skey_idx++]);
t2 = (t1 + t2) & IDEA_MASK; t2 = (t1 + t2) & IDEA_MASK;
x[0] ^= t1; x[0] ^= t1;
x[3] ^= t2; x[3] ^= t2;
t2 ^= x[1]; t2 ^= x[1];
x[1] = x[2] ^ t1; x[1] = x[2] ^ (word16)t1;
x[2] = t2; x[2] = (word16)t2;
} }
x[0] = idea_mult(x[0], idea->skey[skey_idx++]); x[0] = idea_mult(x[0], idea->skey[skey_idx++]);

3
wolfcrypt/src/integer.c
View File

@@ -3828,7 +3828,8 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c)
#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(WOLFSSL_SNIFFER) || \ #if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(WOLFSSL_SNIFFER) || \
defined(WOLFSSL_HAVE_WOLFSCEP) || defined(WOLFSSL_KEY_GEN) defined(WOLFSSL_HAVE_WOLFSCEP) || defined(WOLFSSL_KEY_GEN) || \
defined(OPENSSL_EXTRA)
/* single digit addition */ /* single digit addition */
int mp_add_d (mp_int* a, mp_digit b, mp_int* c) int mp_add_d (mp_int* a, mp_digit b, mp_int* c)

2
wolfcrypt/src/logging.c
View File

@@ -119,6 +119,8 @@ static void wolfssl_log(const int logLevel, const char *const logMessage)
fflush(stdout) ; fflush(stdout) ;
printf("%s\n", logMessage); printf("%s\n", logMessage);
fflush(stdout) ; fflush(stdout) ;
#elif defined(WOLFSSL_LOG_PRINTF)
printf("%s\n", logMessage);
#else #else
fprintf(stderr, "%s\n", logMessage); fprintf(stderr, "%s\n", logMessage);
#endif #endif

71
wolfcrypt/src/port/pic32/pic32mz-hash.c
View File

@@ -72,7 +72,7 @@ static void reset_engine(pic32mz_desc *desc, int algo)
uc_desc->bd[i].NXTPTR = KVA_TO_PA(&uc_desc->bd[0]); uc_desc->bd[i].NXTPTR = KVA_TO_PA(&uc_desc->bd[0]);
XMEMSET((void *)&dataBuffer[i], 0, PIC32_BLOCK_SIZE); XMEMSET((void *)&dataBuffer[i], 0, PIC32_BLOCK_SIZE);
} }
uc_desc->bd[0].BD_CTRL.SA_FETCH_EN = 1; // Fetch the security association on the first BD uc_desc->bd[0].BD_CTRL.SA_FETCH_EN = 1; /* Fetch the security association on the first BD */
desc->dbPtr = 0; desc->dbPtr = 0;
desc->currBd = 0; desc->currBd = 0;
desc->msgSize = 0; desc->msgSize = 0;
@@ -86,49 +86,45 @@ static void reset_engine(pic32mz_desc *desc, int algo)
#define PIC32MZ_IF_RAM(addr) (KVA_TO_PA(addr) < 0x80000) #define PIC32MZ_IF_RAM(addr) (KVA_TO_PA(addr) < 0x80000)
static void update_data_size(pic32mz_desc *desc, word32 msgSize) static void update_engine(pic32mz_desc *desc, const byte *input, word32 len,
{
desc->msgSize = msgSize;
}
static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
word32 *hash) word32 *hash)
{ {
int total ; int total ;
pic32mz_desc *uc_desc = KVA0_TO_KVA1(desc); pic32mz_desc *uc_desc = KVA0_TO_KVA1(desc);
uc_desc->bd[desc->currBd].UPDPTR = KVA_TO_PA(hash); uc_desc->bd[desc->currBd].UPDPTR = KVA_TO_PA(hash);
// Add the data to the current buffer. If the buffer fills, start processing it /* Add the data to the current buffer. If the buffer fills, start processing it
// and fill the next one. and fill the next one. */
while (len) while (len)
{ {
// If the engine is processing the current BD, spin. /* If the engine is processing the current BD, spin.
// if (uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN) if (uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN)
// continue; continue; */
if (desc->msgSize) if (desc->msgSize)
{ {
// If we've been given the message size, we can process along the /* If we've been given the message size, we can process along the
// way. way.
// Enable the current buffer descriptor if it is full. Enable the current buffer descriptor if it is full. */
if (desc->dbPtr >= PIC32_BLOCK_SIZE) if (desc->dbPtr >= PIC32_BLOCK_SIZE)
{ {
// Wrap up the buffer descriptor and enable it so the engine can process /* Wrap up the buffer descriptor and enable it so the engine can process */
uc_desc->bd[desc->currBd].MSGLEN = desc->msgSize; uc_desc->bd[desc->currBd].MSGLEN = desc->msgSize;
uc_desc->bd[desc->currBd].BD_CTRL.BUFLEN = desc->dbPtr; uc_desc->bd[desc->currBd].BD_CTRL.BUFLEN = desc->dbPtr;
uc_desc->bd[desc->currBd].BD_CTRL.LAST_BD = 0; uc_desc->bd[desc->currBd].BD_CTRL.LAST_BD = 0;
uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 0; uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 0;
//SYS_DEVCON_DataCacheClean((word32)desc, sizeof(pic32mz_desc)); /* SYS_DEVCON_DataCacheClean((word32)desc, sizeof(pic32mz_desc)); */
uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN = 1; uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN = 1;
// Move to the next buffer descriptor, or wrap around. /* Move to the next buffer descriptor, or wrap around. */
desc->currBd++; desc->currBd++;
if (desc->currBd >= PIC32MZ_MAX_BD) if (desc->currBd >= PIC32MZ_MAX_BD)
desc->currBd = 0; desc->currBd = 0;
// Wait until the engine has processed the new BD. /* Wait until the engine has processed the new BD. */
while (uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN); while (uc_desc->bd[desc->currBd].BD_CTRL.DESC_EN);
uc_desc->bd[desc->currBd].UPDPTR = KVA_TO_PA(hash); uc_desc->bd[desc->currBd].UPDPTR = KVA_TO_PA(hash);
desc->dbPtr = 0; desc->dbPtr = 0;
} }
if (!PIC32MZ_IF_RAM(input)) // If we're inputting from flash, let the BD have the address and max the buffer size if (!PIC32MZ_IF_RAM(input)) /* If we're inputting from flash, let the BD have
the address and max the buffer size */
{ {
uc_desc->bd[desc->currBd].SRCADDR = KVA_TO_PA(input); uc_desc->bd[desc->currBd].SRCADDR = KVA_TO_PA(input);
total = (len > PIC32MZ_MAX_BLOCK ? PIC32MZ_MAX_BLOCK : len); total = (len > PIC32MZ_MAX_BLOCK ? PIC32MZ_MAX_BLOCK : len);
@@ -140,7 +136,7 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
{ {
if (len > PIC32_BLOCK_SIZE - desc->dbPtr) if (len > PIC32_BLOCK_SIZE - desc->dbPtr)
{ {
// We have more data than can be put in the buffer. Fill what we can. /* We have more data than can be put in the buffer. Fill what we can.*/
total = PIC32_BLOCK_SIZE - desc->dbPtr; total = PIC32_BLOCK_SIZE - desc->dbPtr;
XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, total); XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, total);
len -= total; len -= total;
@@ -149,7 +145,7 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
} }
else else
{ {
// Fill up what we have, but don't turn on the engine. /* Fill up what we have, but don't turn on the engine.*/
XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, len); XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, len);
desc->dbPtr += len; desc->dbPtr += len;
len = 0; len = 0;
@@ -158,13 +154,13 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
} }
else else
{ {
// We have to buffer everything and keep track of how much has been /* We have to buffer everything and keep track of how much has been
// added in order to get a total size. If the buffer fills, we move added in order to get a total size. If the buffer fills, we move
// to the next one. If we try to add more when the last buffer is to the next one. If we try to add more when the last buffer is
// full, we error out. full, we error out. */
if (desc->dbPtr == PIC32_BLOCK_SIZE) if (desc->dbPtr == PIC32_BLOCK_SIZE)
{ {
// We filled the last BD buffer, so move on to the next one /* We filled the last BD buffer, so move on to the next one */
uc_desc->bd[desc->currBd].BD_CTRL.LAST_BD = 0; uc_desc->bd[desc->currBd].BD_CTRL.LAST_BD = 0;
uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 0; uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 0;
uc_desc->bd[desc->currBd].BD_CTRL.BUFLEN = PIC32_BLOCK_SIZE; uc_desc->bd[desc->currBd].BD_CTRL.BUFLEN = PIC32_BLOCK_SIZE;
@@ -178,7 +174,7 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
} }
if (len > PIC32_BLOCK_SIZE - desc->dbPtr) if (len > PIC32_BLOCK_SIZE - desc->dbPtr)
{ {
// We have more data than can be put in the buffer. Fill what we can. /* We have more data than can be put in the buffer. Fill what we can. */
total = PIC32_BLOCK_SIZE - desc->dbPtr; total = PIC32_BLOCK_SIZE - desc->dbPtr;
XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, total); XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, total);
len -= total; len -= total;
@@ -188,7 +184,7 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
} }
else else
{ {
// Fill up what we have /* Fill up what we have */
XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, len); XMEMCPY(&dataBuffer[desc->currBd][desc->dbPtr], input, len);
desc->dbPtr += len; desc->dbPtr += len;
desc->processed += len; desc->processed += len;
@@ -199,7 +195,7 @@ static void update_engine(pic32mz_desc *desc, const char *input, word32 len,
} }
static void start_engine(pic32mz_desc *desc) { static void start_engine(pic32mz_desc *desc) {
// Wrap up the last buffer descriptor and enable it /* Wrap up the last buffer descriptor and enable it */
int i ; int i ;
int bufferLen ; int bufferLen ;
pic32mz_desc *uc_desc = KVA0_TO_KVA1(desc); pic32mz_desc *uc_desc = KVA0_TO_KVA1(desc);
@@ -212,8 +208,8 @@ static void start_engine(pic32mz_desc *desc) {
uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 1; uc_desc->bd[desc->currBd].BD_CTRL.LIFM = 1;
if (desc->msgSize == 0) if (desc->msgSize == 0)
{ {
// We were not given the size, so now we have to go through every BD /* We were not given the size, so now we have to go through every BD
// and give it what will be processed, and enable them. and give it what will be processed, and enable them. */
for (i = desc->currBd; i >= 0; i--) for (i = desc->currBd; i >= 0; i--)
{ {
uc_desc->bd[i].MSGLEN = desc->processed; uc_desc->bd[i].MSGLEN = desc->processed;
@@ -251,17 +247,6 @@ void wait_engine(pic32mz_desc *desc, char *hash, int hash_sz) {
} }
} }
static int fillBuff(char *buff, int *bufflen, const char *data, int len, int blocksz)
{
int room, copysz ;
room = blocksz - *bufflen ;
copysz = (len <= room) ? len : room ;
XMEMCPY(buff, data, copysz) ;
*bufflen += copysz ;
return (*bufflen == blocksz) ? 1 : 0 ;
}
#endif #endif
#ifndef NO_MD5 #ifndef NO_MD5

49
wolfcrypt/src/random.c
View File

@@ -32,6 +32,12 @@
#include <wolfssl/wolfcrypt/random.h> #include <wolfssl/wolfcrypt/random.h>
#if defined(CUSTOM_RAND_GENERATE) && !defined(CUSTOM_RAND_TYPE)
/* To maintain compatiblity the default return vaule from CUSTOM_RAND_GENERATE is byte */
#define CUSTOM_RAND_TYPE byte
#endif
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
{ {
@@ -973,8 +979,22 @@ static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz)
#endif /* HAVE_INTEL_RDGEN */ #endif /* HAVE_INTEL_RDGEN */
#if defined(USE_WINDOWS_API) /* wc_GenerateSeed Implementations */
#if defined(CUSTOM_RAND_GENERATE_SEED)
/* Implement your own random generation function
* Return 0 to indicate success
* int rand_gen_seed(byte* output, word32 sz);
* #define CUSTOM_RAND_GENERATE_SEED rand_gen_seed */
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
(void)os;
return CUSTOM_RAND_GENERATE_SEED(output, sz);
}
#elif defined(USE_WINDOWS_API)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{ {
@@ -1088,7 +1108,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \ #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \
defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS) defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS)
#ifdef FREESCALE_K70_RNGA #if defined(FREESCALE_K70_RNGA) || defined(FREESCALE_RNGA)
/* /*
* wc_Generates a RNG seed using the Random Number Generator Accelerator * wc_Generates a RNG seed using the Random Number Generator Accelerator
* on the Kinetis K70. Documentation located in Chapter 37 of * on the Kinetis K70. Documentation located in Chapter 37 of
@@ -1122,7 +1142,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0; return 0;
} }
#elif defined(FREESCALE_K53_RNGB) #elif defined(FREESCALE_K53_RNGB) || defined(FREESCALE_RNGB)
/* /*
* wc_Generates a RNG seed using the Random Number Generator (RNGB) * wc_Generates a RNG seed using the Random Number Generator (RNGB)
* on the Kinetis K53. Documentation located in Chapter 33 of * on the Kinetis K53. Documentation located in Chapter 33 of
@@ -1165,7 +1185,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{ {
TRNG_DRV_GetRandomData(TRNG_INSTANCE, output, sz); TRNG_DRV_GetRandomData(TRNG_INSTANCE, output, sz);
return(0); return 0;
} }
#else #else
@@ -1273,12 +1293,25 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{ {
word32 i; word32 i = 0;
(void)os; (void)os;
for (i = 0; i < sz; i++ ) while (i < sz)
output[i] = CUSTOM_RAND_GENERATE(); {
/* If not aligned or there is odd/remainder */
if( (i + sizeof(CUSTOM_RAND_TYPE)) > sz ||
((wolfssl_word)&output[i] % sizeof(CUSTOM_RAND_TYPE)) != 0
) {
/* Single byte at a time */
output[i++] = (byte)CUSTOM_RAND_GENERATE();
}
else {
/* Use native 8, 16, 32 or 64 copy instruction */
*((CUSTOM_RAND_TYPE*)&output[i]) = CUSTOM_RAND_GENERATE();
i += sizeof(CUSTOM_RAND_TYPE);
}
}
return 0; return 0;
} }

234
wolfcrypt/src/signature.c Normal file
View File

@@ -0,0 +1,234 @@
/* signature.c
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/signature.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
#endif
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#endif
#ifndef NO_SIG_WRAPPER
int wc_SignatureGetSize(enum wc_SignatureType sig_type,
const void* key, word32 key_len)
{
int sig_len = BAD_FUNC_ARG;
switch(sig_type) {
#ifdef HAVE_ECC
case WC_SIGNATURE_TYPE_ECC:
{
if (key_len >= sizeof(ecc_key)) {
sig_len = wc_ecc_sig_size((ecc_key*)key);
}
else {
WOLFSSL_MSG("wc_SignatureGetSize: Invalid ECC key size");
}
break;
}
#endif
#ifndef NO_RSA
case WC_SIGNATURE_TYPE_RSA:
if (key_len >= sizeof(RsaKey)) {
sig_len = wc_RsaEncryptSize((RsaKey*)key);
}
else {
WOLFSSL_MSG("wc_SignatureGetSize: Invalid RsaKey key size");
}
break;
#endif
case WC_SIGNATURE_TYPE_NONE:
default:
break;
}
return sig_len;
}
int wc_SignatureVerify(
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
const byte* data, word32 data_len,
const byte* sig, word32 sig_len,
const void* key, word32 key_len)
{
int ret, hash_len;
byte *hash_data = NULL;
/* Check arguments */
if (data == NULL || data_len <= 0 || sig == NULL || sig_len <= 0 ||
key == NULL || key_len <= 0) {
return BAD_FUNC_ARG;
}
/* Validate signature len (1 to max is okay) */
if ((int)sig_len > wc_SignatureGetSize(sig_type, key, key_len)) {
WOLFSSL_MSG("wc_SignatureVerify: Invalid sig type/len");
return BAD_FUNC_ARG;
}
/* Validate hash size */
hash_len = wc_HashGetDigestSize(hash_type);
if (hash_len <= 0) {
WOLFSSL_MSG("wc_SignatureVerify: Invalid hash type/len");
return BAD_FUNC_ARG;
}
/* Allocate temporary buffer for hash data */
hash_data = XMALLOC(hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (hash_data == NULL) {
return MEMORY_E;
}
/* Perform hash of data */
ret = wc_Hash(hash_type, data, data_len, hash_data, hash_len);
if(ret == 0) {
/* Verify signature using hash as data */
switch(sig_type) {
#ifdef HAVE_ECC
case WC_SIGNATURE_TYPE_ECC:
{
int is_valid_sig = 0;
/* Perform verification of signature using provided ECC key */
ret = wc_ecc_verify_hash(sig, sig_len, hash_data, hash_len, &is_valid_sig, (ecc_key*)key);
if (ret != 0 || is_valid_sig != 1) {
ret = SIG_VERIFY_E;
}
break;
}
#endif
#ifndef NO_RSA
case WC_SIGNATURE_TYPE_RSA:
{
byte *plain_data = XMALLOC(hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (plain_data) {
/* Perform verification of signature using provided RSA key */
ret = wc_RsaSSL_Verify(sig, sig_len, plain_data, hash_len, (RsaKey*)key);
if (ret != hash_len || XMEMCMP(plain_data, hash_data, hash_len) != 0) {
ret = SIG_VERIFY_E;
}
XFREE(plain_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
else {
ret = MEMORY_E;
}
break;
}
#endif
case WC_SIGNATURE_TYPE_NONE:
default:
ret = BAD_FUNC_ARG;
break;
}
}
if (hash_data) {
XFREE(hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
}
int wc_SignatureGenerate(
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
const byte* data, word32 data_len,
byte* sig, word32 *sig_len,
const void* key, word32 key_len, RNG* rng)
{
int ret, hash_len;
byte *hash_data = NULL;
/* Check arguments */
if (data == NULL || data_len <= 0 || sig == NULL || sig_len == NULL ||
*sig_len <= 0 || key == NULL || key_len <= 0) {
return BAD_FUNC_ARG;
}
/* Validate signature len (needs to be at least max) */
if ((int)*sig_len < wc_SignatureGetSize(sig_type, key, key_len)) {
WOLFSSL_MSG("wc_SignatureGenerate: Invalid sig type/len");
return BAD_FUNC_ARG;
}
/* Validate hash size */
hash_len = wc_HashGetDigestSize(hash_type);
if (hash_len <= 0) {
WOLFSSL_MSG("wc_SignatureGenerate: Invalid hash type/len");
return BAD_FUNC_ARG;
}
/* Allocate temporary buffer for hash data */
hash_data = XMALLOC(hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (hash_data == NULL) {
return MEMORY_E;
}
/* Perform hash of data */
ret = wc_Hash(hash_type, data, data_len, hash_data, hash_len);
if (ret == 0) {
/* Create signature using hash as data */
switch(sig_type) {
#ifdef HAVE_ECC
case WC_SIGNATURE_TYPE_ECC:
{
/* Create signature using provided ECC key */
ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, rng, (ecc_key*)key);
break;
}
#endif
#ifndef NO_RSA
case WC_SIGNATURE_TYPE_RSA:
/* Create signature using provided RSA key */
ret = wc_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, (RsaKey*)key, rng);
if (ret > 0) {
*sig_len = ret;
}
break;
#endif
case WC_SIGNATURE_TYPE_NONE:
default:
ret = BAD_FUNC_ARG;
break;
}
}
if (hash_data) {
XFREE(hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
}
#endif /* NO_SIG_WRAPPER */

2
wolfcrypt/src/tfm.c
View File

@@ -2716,7 +2716,7 @@ void fp_gcd(fp_int *a, fp_int *b, fp_int *c)
#endif /* WOLFSSL_KEY_GEN */ #endif /* WOLFSSL_KEY_GEN */
#if defined(HAVE_ECC) || !defined(NO_PWDBASED) #if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(OPENSSL_EXTRA)
/* c = a + b */ /* c = a + b */
void fp_add_d(fp_int *a, fp_digit b, fp_int *c) void fp_add_d(fp_int *a, fp_digit b, fp_int *c)
{ {

175
wolfcrypt/test/test.c
View File

@@ -2729,20 +2729,6 @@ int aesgcm_test(void)
* Counter Mode of Operation (GCM) by McGrew and * Counter Mode of Operation (GCM) by McGrew and
* Viega. * Viega.
*/ */
const byte k[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
const byte iv[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
const byte p[] = const byte p[] =
{ {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
@@ -2762,7 +2748,21 @@ int aesgcm_test(void)
0xab, 0xad, 0xda, 0xd2 0xab, 0xad, 0xda, 0xd2
}; };
const byte c[] = const byte k1[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
const byte iv1[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
const byte c1[] =
{ {
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
@@ -2774,38 +2774,99 @@ int aesgcm_test(void)
0xbc, 0xc9, 0xf6, 0x62 0xbc, 0xc9, 0xf6, 0x62
}; };
const byte t[] = const byte t1[] =
{ {
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
}; };
byte t2[sizeof(t)]; #ifndef HAVE_FIPS
byte p2[sizeof(c)]; /* Test Case 12, uses same plaintext and AAD data. */
byte c2[sizeof(p)]; const byte k2[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
};
int result; const byte iv2[] =
{
0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
0xa6, 0x37, 0xb3, 0x9b
};
memset(t2, 0, sizeof(t2)); const byte c2[] =
memset(c2, 0, sizeof(c2)); {
memset(p2, 0, sizeof(p2)); 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
0xe9, 0xb7, 0x37, 0x3b
};
wc_AesGcmSetKey(&enc, k, sizeof(k)); const byte t2[] =
{
0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
};
#endif /* HAVE_FIPS */
byte resultT[sizeof(t1)];
byte resultP[sizeof(p)];
byte resultC[sizeof(p)];
int result;
memset(resultT, 0, sizeof(resultT));
memset(resultC, 0, sizeof(resultC));
memset(resultP, 0, sizeof(resultP));
wc_AesGcmSetKey(&enc, k1, sizeof(k1));
/* AES-GCM encrypt and decrypt both use AES encrypt internally */ /* AES-GCM encrypt and decrypt both use AES encrypt internally */
wc_AesGcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv), wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
t2, sizeof(t2), a, sizeof(a)); resultT, sizeof(resultT), a, sizeof(a));
if (memcmp(c, c2, sizeof(c2))) if (memcmp(c1, resultC, sizeof(resultC)))
return -68; return -68;
if (memcmp(t, t2, sizeof(t2))) if (memcmp(t1, resultT, sizeof(resultT)))
return -69; return -69;
result = wc_AesGcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv), result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC),
t2, sizeof(t2), a, sizeof(a)); iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
if (result != 0) if (result != 0)
return -70; return -70;
if (memcmp(p, p2, sizeof(p2))) if (memcmp(p, resultP, sizeof(resultP)))
return -71; return -71;
#ifndef HAVE_FIPS
memset(resultT, 0, sizeof(resultT));
memset(resultC, 0, sizeof(resultC));
memset(resultP, 0, sizeof(resultP));
wc_AesGcmSetKey(&enc, k2, sizeof(k2));
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv2, sizeof(iv2),
resultT, sizeof(resultT), a, sizeof(a));
if (memcmp(c2, resultC, sizeof(resultC)))
return -230;
if (memcmp(t2, resultT, sizeof(resultT)))
return -231;
result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC),
iv2, sizeof(iv2), resultT, sizeof(resultT), a, sizeof(a));
if (result != 0)
return -232;
if (memcmp(p, resultP, sizeof(resultP)))
return -233;
#endif /* HAVE_FIPS */
return 0; return 0;
} }
@@ -5337,6 +5398,23 @@ int dsa_test(void)
#ifdef WOLFCRYPT_HAVE_SRP #ifdef WOLFCRYPT_HAVE_SRP
static int generate_random_salt(byte *buf, word32 size)
{
int ret = -1;
WC_RNG rng;
if(NULL == buf || !size)
return -1;
if (buf && size && wc_InitRng(&rng) == 0) {
ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
wc_FreeRng(&rng);
}
return ret;
}
int srp_test(void) int srp_test(void)
{ {
Srp cli, srv; Srp cli, srv;
@@ -5371,26 +5449,29 @@ int srp_test(void)
0x02 0x02
}; };
byte salt[] = { byte salt[10];
0xB2, 0xE5, 0x8E, 0xCC, 0xD0, 0xCF, 0x9D, 0x10, 0x3A, 0x56
};
byte verifier[] = { byte verifier[80];
0x7C, 0xAB, 0x17, 0xFE, 0x54, 0x3E, 0x8C, 0x13, 0xF2, 0x3D, 0x21, 0xE7, word32 v_size = sizeof(verifier);
0xD2, 0xAF, 0xAF, 0xDB, 0xA1, 0x52, 0x69, 0x9D, 0x49, 0x01, 0x79, 0x91,
0xCF, 0xD1, 0x3F, 0xE5, 0x28, 0x72, 0xCA, 0xBE, 0x13, 0xD1, 0xC2, 0xDA, /* generating random salt */
0x65, 0x34, 0x55, 0x8F, 0x34, 0x0E, 0x05, 0xB8, 0xB4, 0x0F, 0x7F, 0x6B,
0xBB, 0xB0, 0x6B, 0x50, 0xD8, 0xB1, 0xCC, 0xB7, 0x81, 0xFE, 0xD4, 0x42, r = generate_random_salt(salt, sizeof(salt));
0xF5, 0x11, 0xBC, 0x8A, 0x28, 0xEB, 0x50, 0xB3, 0x46, 0x08, 0xBA, 0x24,
0xA2, 0xFB, 0x7F, 0x2E, 0x0A, 0xA5, 0x33, 0xCC
};
/* client knows username and password. */ /* client knows username and password. */
/* server knows N, g, salt and verifier. */ /* server knows N, g, salt and verifier. */
r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE); if (!r) r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz); if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz);
/* loading N, g and salt in advance to generate the verifier. */
if (!r) r = wc_SrpSetParams(&cli, N, sizeof(N),
g, sizeof(g),
salt, sizeof(salt));
if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz);
if (!r) r = wc_SrpGetVerifier(&cli, verifier, &v_size);
/* client sends username to server */ /* client sends username to server */
if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE); if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE);
@@ -5398,15 +5479,11 @@ int srp_test(void)
if (!r) r = wc_SrpSetParams(&srv, N, sizeof(N), if (!r) r = wc_SrpSetParams(&srv, N, sizeof(N),
g, sizeof(g), g, sizeof(g),
salt, sizeof(salt)); salt, sizeof(salt));
if (!r) r = wc_SrpSetVerifier(&srv, verifier, sizeof(verifier)); if (!r) r = wc_SrpSetVerifier(&srv, verifier, v_size);
if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz); if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz);
/* server sends N, g, salt and B to client */ /* server sends N, g, salt and B to client */
if (!r) r = wc_SrpSetParams(&cli, N, sizeof(N),
g, sizeof(g),
salt, sizeof(salt));
if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz);
if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz); if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz);
if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
serverPubKey, serverPubKeySz); serverPubKey, serverPubKeySz);

1
wolfssl.vcxproj
View File

@@ -176,6 +176,7 @@
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OptimizeReferences>false</OptimizeReferences> <OptimizeReferences>false</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation> <GenerateDebugInformation>true</GenerateDebugInformation>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

2
wolfssl/test.h
View File

@@ -503,7 +503,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
#elif defined(WOLFSSL_TIRTOS) #elif defined(WOLFSSL_TIRTOS)
struct hostent* entry = DNSGetHostByName(peer); struct hostent* entry = DNSGetHostByName(peer);
#elif defined(WOLFSSL_VXWORKS) #elif defined(WOLFSSL_VXWORKS)
struct hostent* entry = (struct hostent*)hostGetByName(peer); struct hostent* entry = (struct hostent*)hostGetByName((char*)peer);
#else #else
struct hostent* entry = gethostbyname(peer); struct hostent* entry = gethostbyname(peer);
#endif #endif

1
wolfssl/wolfcrypt/asn.h
View File

@@ -187,6 +187,7 @@ enum Misc_ASN {
MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
#endif #endif
OCSP_NONCE_EXT_SZ = 37, /* OCSP Nonce Extension size */
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
EIGHTK_BUF = 8192, /* Tmp buffer size */ EIGHTK_BUF = 8192, /* Tmp buffer size */

3
wolfssl/wolfcrypt/ecc.h
View File

@@ -41,7 +41,8 @@ enum {
ECC_BUFSIZE = 256, /* for exported keys temp buffer */ ECC_BUFSIZE = 256, /* for exported keys temp buffer */
ECC_MINSIZE = 20, /* MIN Private Key size */ ECC_MINSIZE = 20, /* MIN Private Key size */
ECC_MAXSIZE = 66, /* MAX Private Key size */ ECC_MAXSIZE = 66, /* MAX Private Key size */
ECC_MAXSIZE_GEN = 74 /* MAX Buffer size required when generating ECC keys*/ ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/
ECC_MAX_PAD_SZ = 4 /* ECC maximum padding size */
}; };

1
wolfssl/wolfcrypt/error-crypt.h
View File

@@ -162,6 +162,7 @@ enum {
CERTPOLICIES_E = -227, /* setting Certificate Policies error */ CERTPOLICIES_E = -227, /* setting Certificate Policies error */
WC_INIT_E = -228, /* wolfcrypt failed to initialize */ WC_INIT_E = -228, /* wolfcrypt failed to initialize */
SIG_VERIFY_E = -229, /* wolfcrypt signature verify error */
MIN_CODE_E = -300 /* errors -101 - -299 */ MIN_CODE_E = -300 /* errors -101 - -299 */
}; };

38
wolfssl/wolfcrypt/hash.h
View File

@@ -28,10 +28,42 @@
extern "C" { extern "C" {
#endif #endif
/* Hash types */
enum wc_HashType {
WC_HASH_TYPE_NONE = 0,
#ifdef WOLFSSL_MD2
WC_HASH_TYPE_MD2 = 1,
#endif
#ifndef NO_MD4
WC_HASH_TYPE_MD4 = 2,
#endif
#ifndef NO_MD5
WC_HASH_TYPE_MD5 = 3,
#endif
#ifndef NO_SHA
WC_HASH_TYPE_SHA = 4,
#endif
#ifndef NO_SHA256
WC_HASH_TYPE_SHA256 = 5,
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384 = 6,
#endif /* WOLFSSL_SHA384 */
WC_HASH_TYPE_SHA512 = 7,
#endif /* WOLFSSL_SHA512 */
};
WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type);
WOLFSSL_API int wc_Hash(enum wc_HashType hash_type,
const byte* data, word32 data_len,
byte* hash, word32 hash_len);
#ifndef NO_MD5 #ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h> #include <wolfssl/wolfcrypt/md5.h>
WOLFSSL_API void wc_Md5GetHash(Md5*, byte*); WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ; WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*);
#if defined(WOLFSSL_TI_HASH) #if defined(WOLFSSL_TI_HASH)
WOLFSSL_API void wc_Md5Free(Md5*); WOLFSSL_API void wc_Md5Free(Md5*);
#else #else
@@ -42,7 +74,7 @@ WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ;
#ifndef NO_SHA #ifndef NO_SHA
#include <wolfssl/wolfcrypt/sha.h> #include <wolfssl/wolfcrypt/sha.h>
WOLFSSL_API int wc_ShaGetHash(Sha*, byte*); WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ; WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*);
WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
#if defined(WOLFSSL_TI_HASH) #if defined(WOLFSSL_TI_HASH)
WOLFSSL_API void wc_ShaFree(Sha*); WOLFSSL_API void wc_ShaFree(Sha*);
@@ -54,7 +86,7 @@ WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
#ifndef NO_SHA256 #ifndef NO_SHA256
#include <wolfssl/wolfcrypt/sha256.h> #include <wolfssl/wolfcrypt/sha256.h>
WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*); WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ; WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*);
WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
#if defined(WOLFSSL_TI_HASH) #if defined(WOLFSSL_TI_HASH)
WOLFSSL_API void wc_Sha256Free(Sha256*); WOLFSSL_API void wc_Sha256Free(Sha256*);

1
wolfssl/wolfcrypt/include.am
View File

@@ -42,6 +42,7 @@ nobase_include_HEADERS+= \
wolfssl/wolfcrypt/sha256.h \ wolfssl/wolfcrypt/sha256.h \
wolfssl/wolfcrypt/sha512.h \ wolfssl/wolfcrypt/sha512.h \
wolfssl/wolfcrypt/sha.h \ wolfssl/wolfcrypt/sha.h \
wolfssl/wolfcrypt/signature.h \
wolfssl/wolfcrypt/blake2.h \ wolfssl/wolfcrypt/blake2.h \
wolfssl/wolfcrypt/blake2-int.h \ wolfssl/wolfcrypt/blake2-int.h \
wolfssl/wolfcrypt/blake2-impl.h \ wolfssl/wolfcrypt/blake2-impl.h \

5
wolfssl/wolfcrypt/settings.h
View File

@@ -305,6 +305,10 @@
#ifdef WOLFSSL_VXWORKS #ifdef WOLFSSL_VXWORKS
/* VxWorks simulator incorrectly detects building for i386 */
#ifdef VXWORKS_SIM
#define TFM_NO_ASM
#endif
#define WOLFSSL_HAVE_MIN #define WOLFSSL_HAVE_MIN
#define USE_FAST_MATH #define USE_FAST_MATH
#define TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT
@@ -449,6 +453,7 @@ static char *fgets(char *buff, int sz, FILE *fp)
#define USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048
#define NO_ERROR_STRINGS #define NO_ERROR_STRINGS
#define USER_TIME #define USER_TIME
#define HAVE_ECC
#ifdef __IAR_SYSTEMS_ICC__ #ifdef __IAR_SYSTEMS_ICC__
#pragma diag_suppress=Pa089 #pragma diag_suppress=Pa089

63
wolfssl/wolfcrypt/signature.h Normal file
View File

@@ -0,0 +1,63 @@
/* signature.h
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef WOLF_CRYPT_SIGNATURE_H
#define WOLF_CRYPT_SIGNATURE_H
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/hash.h>
#include <wolfssl/wolfcrypt/random.h>
#ifdef __cplusplus
extern "C" {
#endif
enum wc_SignatureType {
WC_SIGNATURE_TYPE_NONE = 0,
#ifdef HAVE_ECC
WC_SIGNATURE_TYPE_ECC = 1,
#endif
#ifndef NO_RSA
WC_SIGNATURE_TYPE_RSA = 2,
#endif
};
WOLFSSL_API int wc_SignatureGetSize(enum wc_SignatureType sig_type,
const void* key, word32 key_len);
WOLFSSL_API int wc_SignatureVerify(
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
const byte* data, word32 data_len,
const byte* sig, word32 sig_len,
const void* key, word32 key_len);
WOLFSSL_API int wc_SignatureGenerate(
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
const byte* data, word32 data_len,
byte* sig, word32 *sig_len,
const void* key, word32 key_len,
RNG* rng);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_SIGNATURE_H */