feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

adds srp files to build process.

Browse Source
This commit is contained in:
Moisés Guimarães
2015-07-06 14:10:20 -03:00
parent daf01977a1
commit 6d7b5bd2f8
5 changed files with 109 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
configure.ac
View File

@ -85,7 +85,7 @@ AC_CHECK_TYPES(__uint128_t)
AC_C_BIGENDIAN
# mktime check takes forever on some systems, if time supported it would be
# highly unusual for mktime to be missing
#AC_FUNC_MKTIME
#AC_FUNC_MKTIME
AC_PROG_CC
AC_PROG_CC_C_O
@ -199,7 +199,7 @@ fi
AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"])
# Fortress build
# Fortress build
AC_ARG_ENABLE([fortress],
[ --enable-fortress Enable SSL fortress build (default: disabled)],
[ ENABLED_FORTRESS=$enableval ],
@ -217,7 +217,7 @@ then
fi
# ssl bump build
# ssl bump build
AC_ARG_ENABLE([bump],
[ --enable-bump Enable SSL Bump build (default: disabled)],
[ ENABLED_BUMP=$enableval ],
@ -231,7 +231,7 @@ fi
ENABLED_SLOWMATH="yes"
# lean psk build
# lean psk build
AC_ARG_ENABLE([leanpsk],
[ --enable-leanpsk Enable Lean PSK build (default: disabled)],
[ ENABLED_LEANPSK=$enableval ],
@ -287,7 +287,7 @@ then
fi
# Persistent session cache
# Persistent session cache
AC_ARG_ENABLE([savesession],
[ --enable-savesession Enable persistent session cache (default: disabled)],
[ ENABLED_SAVESESSION=$enableval ],
@ -300,7 +300,7 @@ then
fi
# Persistent cert cache
# Persistent cert cache
AC_ARG_ENABLE([savecert],
[ --enable-savecert Enable persistent cert cache (default: disabled)],
[ ENABLED_SAVECERT=$enableval ],
@ -313,7 +313,7 @@ then
fi
# Atomic User Record Layer
# Atomic User Record Layer
AC_ARG_ENABLE([atomicuser],
[ --enable-atomicuser Enable Atomic User Record Layer (default: disabled)],
[ ENABLED_ATOMICUSER=$enableval ],
@ -326,7 +326,7 @@ then
fi
# Public Key Callbacks
# Public Key Callbacks
AC_ARG_ENABLE([pkcallbacks],
[ --enable-pkcallbacks Enable Public Key Callbacks (default: disabled)],
[ ENABLED_PKCALLBACKS=$enableval ],
@ -491,7 +491,7 @@ fi
AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
# NULL CIPHER
# NULL CIPHER
AC_ARG_ENABLE([nullcipher],
[ --enable-nullcipher Enable wolfSSL NULL cipher support (default: disabled)],
[ ENABLED_NULL_CIPHER=$enableval ],
@ -650,7 +650,7 @@ then
fi
# HKDF
# HKDF
AC_ARG_ENABLE([hkdf],
[ --enable-hkdf Enable HKDF (HMAC-KDF) support (default: disabled)],
[ ENABLED_HKDF=$enableval ],
@ -792,7 +792,7 @@ if test "$ENABLED_FPECC" = "yes"
then
if test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
fi
AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
fi
@ -809,17 +809,17 @@ if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
if test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
fi
if test "$ENABLED_HKDF" = "no"
then
AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
fi
# PSK
# PSK
AC_ARG_ENABLE([psk],
[ --enable-psk Enable PSK (default: disabled)],
[ ENABLED_PSK=$enableval ],
@ -857,7 +857,7 @@ else
fi
# OLD TLS
# OLD TLS
AC_ARG_ENABLE([oldtls],
[ --enable-oldtls Enable old TLS versions < 1.2 (default: enabled)],
[ ENABLED_OLD_TLS=$enableval ],
@ -877,7 +877,7 @@ else
fi
# STACK SIZE info for examples
# STACK SIZE info for examples
AC_ARG_ENABLE([stacksize],
[ --enable-stacksize Enable stack size info on examples (default: disabled)],
[ ENABLED_STACKSIZE=$enableval ],
@ -892,7 +892,7 @@ then
fi
# MEMORY
# MEMORY
AC_ARG_ENABLE([memory],
[ --enable-memory Enable memory callbacks (default: enabled)],
[ ENABLED_MEMORY=$enableval ],
@ -914,7 +914,7 @@ fi
AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"])
# RSA
# RSA
AC_ARG_ENABLE([rsa],
[ --enable-rsa Enable RSA (default: enabled)],
[ ENABLED_RSA=$enableval ],
@ -1119,7 +1119,7 @@ fi
AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
# ARC4
# ARC4
AC_ARG_ENABLE([arc4],
[ --enable-arc4 Enable ARC4 (default: disabled)],
[ ENABLED_ARC4=$enableval ],
@ -1146,7 +1146,7 @@ fi
AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"])
# MD5
# MD5
AC_ARG_ENABLE([md5],
[ --enable-md5 Enable MD5 (default: enabled)],
[ ENABLED_MD5=$enableval ],
@ -1168,7 +1168,7 @@ fi
AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"])
# SHA
# SHA
AC_ARG_ENABLE([sha],
[ --enable-sha Enable SHA (default: enabled)],
[ ENABLED_SHA=$enableval ],
@ -1190,7 +1190,7 @@ fi
AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
# Web Server Build
# Web Server Build
AC_ARG_ENABLE([webserver],
[ --enable-webserver Enable Web Server (default: disabled)],
[ ENABLED_WEBSERVER=$enableval ],
@ -1204,7 +1204,7 @@ fi
# HC128
# HC128
AC_ARG_ENABLE([hc128],
[ --enable-hc128 Enable HC-128 (default: disabled)],
[ ENABLED_HC128=$enableval ],
@ -1350,7 +1350,7 @@ else
fi
# Filesystem Build
# Filesystem Build
AC_ARG_ENABLE([filesystem],
[ --enable-filesystem Enable Filesystem support (default: enabled)],
[ ENABLED_FILESYSTEM=$enableval ],
@ -1370,7 +1370,7 @@ else
fi
# inline Build
# inline Build
AC_ARG_ENABLE([inline],
[ --enable-inline Enable inline functions (default: enabled)],
[ ENABLED_INLINE=$enableval ],
@ -1492,7 +1492,7 @@ AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.])
AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.])
fi
# SNI
@ -1648,6 +1648,22 @@ then
fi
# Secure Remote Password
AC_ARG_ENABLE([srp],
[ --enable-srp Enable Secure Remote Password (default: disabled)],
[ ENABLED_SRP=$enableval ],
[ ENABLED_SRP=no ]
)
if test "x$ENABLED_SRP" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
fi
AM_CONDITIONAL([BUILD_SRP], [test "x$ENABLED_SRP" = "xyes"])
# Small Stack
AC_ARG_ENABLE([smallstack],
[ --enable-smallstack Enable Small Stack Usage (default: disabled)],
@ -1684,7 +1700,7 @@ fi
AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"])
# Test certs, use internal cert functions for extra testing
# Test certs, use internal cert functions for extra testing
AC_ARG_ENABLE([testcert],
[ --enable-testcert Enable Test Cert (default: disabled)],
[ ENABLED_TESTCERT=$enableval ],
@ -1715,7 +1731,7 @@ then
fi
# Certificate Service Support
# Certificate Service Support
AC_ARG_ENABLE([certservice],
[ --enable-certservice Enable cert service (default: disabled)],
[ ENABLED_CERT_SERVICE=$enableval ],
@ -1957,7 +1973,7 @@ AC_ARG_WITH([libz],
AM_CONDITIONAL([BUILD_LIBZ], [test "x$ENABLED_LIBZ" = "xyes"])
# cavium
# cavium
trycaviumdir=""
AC_ARG_WITH([cavium],
[ --with-cavium=PATH PATH to cavium/software dir ],
@ -2183,7 +2199,7 @@ touch ctaocrypt/src/fips.c
touch ctaocrypt/src/fips_test.c
echo
# generate user options header
# generate user options header
echo "---"
echo "Generating user options header..."
@ -2193,7 +2209,7 @@ OPTION_FILE="wolfssl/options.h"
#fi
rm -f $OPTION_FILE
echo "/* wolfssl options.h" > $OPTION_FILE
echo "/* wolfssl options.h" > $OPTION_FILE
echo " * generated from configure options" >> $OPTION_FILE
echo " *" >> $OPTION_FILE
echo " * Copyright (C) 2006-2015 wolfSSL Inc." >> $OPTION_FILE
@ -2202,13 +2218,13 @@ echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FI
echo " *" >> $OPTION_FILE
echo " */" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "#pragma once" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "extern \"C\" {" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "#pragma once" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "extern \"C\" {" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
for option in $OPTION_FLAGS; do
defonly=`echo $option | sed 's/-D//'`
@ -2244,11 +2260,11 @@ for option in $OPTION_FLAGS; do
fi
done
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "}" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "}" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo
#backwards compatability for those who have included options or version
@ -2279,7 +2295,7 @@ echo " * Debug enabled: $ax_enable_debug"
echo " * Warnings as failure: $ac_cv_warnings_as_errors"
echo " * make -j: $enable_jobserver"
echo " * VCS checkout: $ac_cv_vcs_checkout"
echo
echo
echo " Features "
echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * Filesystem: $ENABLED_FILESYSTEM"
@ -2351,10 +2367,10 @@ echo " * Session Ticket: $ENABLED_SESSION_TICKET"
echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7 $ENABLED_PKCS7"
echo " * wolfSCEP $ENABLED_WOLFSCEP"
echo " * Secure Remote Password $ENABLED_SRP"
echo " * Small Stack: $ENABLED_SMALL_STACK"
echo " * valgrind unit tests: $ENABLED_VALGRIND"
echo " * LIBZ: $ENABLED_LIBZ"
echo " * Examples: $ENABLED_EXAMPLES"
echo ""
echo "---"

5
src/include.am
View File

@ -201,6 +201,10 @@ if BUILD_PKCS7
src_libwolfssl_la_SOURCES += wolfcrypt/src/pkcs7.c
endif
if BUILD_SRP
src_libwolfssl_la_SOURCES += wolfcrypt/src/srp.c
endif
# ssl files
src_libwolfssl_la_SOURCES += \
src/internal.c \
@ -220,4 +224,3 @@ endif
if BUILD_SNIFFER
src_libwolfssl_la_SOURCES += src/sniffer.c
endif

6
wolfcrypt/src/srp.c
View File

@ -19,4 +19,8 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifdef WOLFCRYPT_HAVE_SRP
#include <wolfssl/wolfcrypt/srp.h>
#endif /* WOLFCRYPT_HAVE_SRP */

2
wolfssl/wolfcrypt/include.am
View File

@ -46,6 +46,7 @@ nobase_include_HEADERS+= \
wolfssl/wolfcrypt/blake2-int.h \
wolfssl/wolfcrypt/blake2-impl.h \
wolfssl/wolfcrypt/tfm.h \
wolfssl/wolfcrypt/srp.h \
wolfssl/wolfcrypt/types.h \
wolfssl/wolfcrypt/visibility.h \
wolfssl/wolfcrypt/logging.h \
@ -57,4 +58,3 @@ noinst_HEADERS+= \
wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \
wolfssl/wolfcrypt/port/ti/ti-hash.h \
wolfssl/wolfcrypt/port/ti/ti-ccm.h

56
wolfssl/wolfcrypt/srp.h
View File

@ -19,12 +19,30 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef WOLF_CRYPT_SRP_H
#define WOLF_CRYPT_SRP_H
#ifndef WOLFCRYPT_SRP_H
#define WOLFCRYPT_SRP_H
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/sha512.h>
#include <wolfssl/wolfcrypt/integer.h>
#ifdef HAVE_SRP
#ifdef WOLFCRYPT_HAVE_SRP
enum {
#ifdef NO_SHA
SRP_SHA = 1,
#endif
#ifdef NO_SHA256
SRP_SHA256 = 2,
#endif
#ifndef WOLFSSL_SHA384
SRP_SHA384 = 3,
#endif
#ifndef WOLFSSL_SHA512
SRP_SHA512 = 4,
#endif
/* Select the largest available hash for the buffer size. */
#if defined(WOLFSSL_SHA512)
@ -38,41 +56,43 @@
#else
#error "You have to have some kind of SHA hash if you want to use SRP."
#endif
};
typedef struct {
mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */
mp_int g; /**< Generator. A generator modulo N. */
mp_int a; /**< Private ephemeral value. Random. */
mp_int A; /**< Public ephemeral value. pow(g, a, N) */
mp_int B; /**< Server's public ephemeral value. */
mp_int s; /**< Session key. */
byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */
byte x[SRP_MAX_DIGEST_SIZE]; /**< Priv key. H(salt, H(user, ":", pswd)) */
byte u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter. */
byte type; /**< Hash type, SHA[1:256:384:512] */
byte* user; /**< Username, login. */
word32 userSz; /**< Username length. */
byte* salt; /**< Small salt. */
word32 saltSz; /**< Salt length. */
byte* pswd; /**< Password. */
word32 pswdSz; /**< Password length. */
} SrpClient;
typedef struct {
mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */
mp_int g; /**< Generator. A generator modulo N. */
mp_int b; /**< Private ephemeral value. */
mp_int B; /**< Public ephemeral value. */
mp_int A; /**< Client's public ephemeral value. */
mp_int v; /**< Verifier. v = pow(g, x, N) */
} SrpServer;
typedef struct {
mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes. */
mp_int g; /**< Generator. A generator modulo N. */
mp_int s; /**< Session key. */
byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g) */
mp_int v; /**< Verifier. v = pow(g, x, N) */
byte u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter. */
byte type; /**< Hash type, SHA[1:256:384:512] */
byte side; /**< Client or Server side. */
byte* user; /**< Username, login. */
word32 userSz; /**< Username length. */
byte* salt; /**< Small salt. */
word32 saltSz; /**< Salt length. */
} SrpServer;
union {
SrpClient client;
SrpServer server;
} specific;
} Srp;
#endif /* HAVE_SRP */
int SrpInit(Srp* srp, byte* N, word32 nSz, byte* g, word32 gSz);
#endif /* WOLFCRYPT_HAVE_SRP */
#endif /* WOLF_CRYPT_SRP_H */