From c466fac59762afe8faebf6aa84d662543e3b011f Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Tue, 17 Dec 2013 16:28:08 -0700 Subject: [PATCH 1/7] add Freescale K60 mmCAU MD5, SHA, SHA256 support --- ctaocrypt/src/md5.c | 24 ++++++++++++++------ ctaocrypt/src/sha.c | 45 +++++++++++++++++++++++++++---------- ctaocrypt/src/sha256.c | 51 +++++++++++++++++++++++++++++------------- 3 files changed, 86 insertions(+), 34 deletions(-) diff --git a/ctaocrypt/src/md5.c b/ctaocrypt/src/md5.c index 176bf44cd..7d2fe1429 100644 --- a/ctaocrypt/src/md5.c +++ b/ctaocrypt/src/md5.c @@ -36,6 +36,13 @@ #include #endif +#ifdef FREESCALE_MMCAU + #include "cau_api.h" + #define XTRANSFORM(S,B) cau_md5_hash_n((B), 1, (unsigned char*)(S)->digest) +#else + #define XTRANSFORM(S,B) Transform((S)) +#endif + #ifdef STM32F2_HASH /* @@ -174,6 +181,7 @@ void InitMd5(Md5* md5) md5->hiLen = 0; } +#ifndef FREESCALE_MMCAU static void Transform(Md5* md5) { @@ -266,6 +274,8 @@ static void Transform(Md5* md5) md5->digest[3] += d; } +#endif /* FREESCALE_MMCAU */ + static INLINE void AddLength(Md5* md5, word32 len) { @@ -289,10 +299,10 @@ void Md5Update(Md5* md5, const byte* data, word32 len) len -= add; if (md5->buffLen == MD5_BLOCK_SIZE) { - #ifdef BIG_ENDIAN_ORDER + #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseBytes(local, local, MD5_BLOCK_SIZE); #endif - Transform(md5); + XTRANSFORM(md5, local); AddLength(md5, MD5_BLOCK_SIZE); md5->buffLen = 0; } @@ -304,7 +314,7 @@ void Md5Final(Md5* md5, byte* hash) { byte* local = (byte*)md5->buffer; - AddLength(md5, md5->buffLen); /* before adding pads */ + AddLength(md5, md5->buffLen); /* before adding pads */ local[md5->buffLen++] = 0x80; /* add 1 */ @@ -313,10 +323,10 @@ void Md5Final(Md5* md5, byte* hash) XMEMSET(&local[md5->buffLen], 0, MD5_BLOCK_SIZE - md5->buffLen); md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen; - #ifdef BIG_ENDIAN_ORDER + #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseBytes(local, local, MD5_BLOCK_SIZE); #endif - Transform(md5); + XTRANSFORM(md5, local); md5->buffLen = 0; } XMEMSET(&local[md5->buffLen], 0, MD5_PAD_SIZE - md5->buffLen); @@ -327,14 +337,14 @@ void Md5Final(Md5* md5, byte* hash) md5->loLen = md5->loLen << 3; /* store lengths */ - #ifdef BIG_ENDIAN_ORDER + #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseBytes(local, local, MD5_BLOCK_SIZE); #endif /* ! length ordering dependent on digest endian type ! */ XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32)); XMEMCPY(&local[MD5_PAD_SIZE + sizeof(word32)], &md5->hiLen, sizeof(word32)); - Transform(md5); + XTRANSFORM(md5, local); #ifdef BIG_ENDIAN_ORDER ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE); #endif diff --git a/ctaocrypt/src/sha.c b/ctaocrypt/src/sha.c index 20d2261f5..30b669341 100644 --- a/ctaocrypt/src/sha.c +++ b/ctaocrypt/src/sha.c @@ -35,6 +35,13 @@ #include #endif +#ifdef FREESCALE_MMCAU + #include "cau_api.h" + #define XTRANSFORM(S,B) cau_sha1_hash_n((B), 1, ((S))->digest) +#else + #define XTRANSFORM(S,B) Transform((S)) +#endif + #ifdef STM32F2_HASH /* @@ -164,17 +171,23 @@ void InitSha(Sha* sha) { - sha->digest[0] = 0x67452301L; - sha->digest[1] = 0xEFCDAB89L; - sha->digest[2] = 0x98BADCFEL; - sha->digest[3] = 0x10325476L; - sha->digest[4] = 0xC3D2E1F0L; + #ifdef FREESCALE_MMCAU + cau_sha1_initialize_output(sha->digest); + #else + sha->digest[0] = 0x67452301L; + sha->digest[1] = 0xEFCDAB89L; + sha->digest[2] = 0x98BADCFEL; + sha->digest[3] = 0x10325476L; + sha->digest[4] = 0xC3D2E1F0L; + #endif sha->buffLen = 0; sha->loLen = 0; sha->hiLen = 0; } +#ifndef FREESCALE_MMCAU + #define blk0(i) (W[i] = sha->buffer[i]) #define blk1(i) (W[i&15] = \ rotlFixed(W[(i+13)&15]^W[(i+8)&15]^W[(i+2)&15]^W[i&15],1)) @@ -272,6 +285,8 @@ static void Transform(Sha* sha) sha->digest[4] += e; } +#endif /* FREESCALE_MMCAU */ + static INLINE void AddLength(Sha* sha, word32 len) { @@ -295,10 +310,10 @@ void ShaUpdate(Sha* sha, const byte* data, word32 len) len -= add; if (sha->buffLen == SHA_BLOCK_SIZE) { - #ifdef LITTLE_ENDIAN_ORDER + #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseBytes(local, local, SHA_BLOCK_SIZE); #endif - Transform(sha); + XTRANSFORM(sha, local); AddLength(sha, SHA_BLOCK_SIZE); sha->buffLen = 0; } @@ -310,7 +325,7 @@ void ShaFinal(Sha* sha, byte* hash) { byte* local = (byte*)sha->buffer; - AddLength(sha, sha->buffLen); /* before adding pads */ + AddLength(sha, sha->buffLen); /* before adding pads */ local[sha->buffLen++] = 0x80; /* add 1 */ @@ -319,10 +334,10 @@ void ShaFinal(Sha* sha, byte* hash) XMEMSET(&local[sha->buffLen], 0, SHA_BLOCK_SIZE - sha->buffLen); sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen; - #ifdef LITTLE_ENDIAN_ORDER + #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseBytes(local, local, SHA_BLOCK_SIZE); #endif - Transform(sha); + XTRANSFORM(sha, local); sha->buffLen = 0; } XMEMSET(&local[sha->buffLen], 0, SHA_PAD_SIZE - sha->buffLen); @@ -333,14 +348,20 @@ void ShaFinal(Sha* sha, byte* hash) sha->loLen = sha->loLen << 3; /* store lengths */ - #ifdef LITTLE_ENDIAN_ORDER + #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseBytes(local, local, SHA_BLOCK_SIZE); #endif /* ! length ordering dependent on digest endian type ! */ XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32)); XMEMCPY(&local[SHA_PAD_SIZE + sizeof(word32)], &sha->loLen, sizeof(word32)); - Transform(sha); + #ifdef FREESCALE_MMCAU + /* Kinetis requires only these bytes reversed */ + ByteReverseBytes(&local[SHA_PAD_SIZE], &local[SHA_PAD_SIZE], + 2 * sizeof(word32)); + #endif + + XTRANSFORM(sha, local); #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE); #endif diff --git a/ctaocrypt/src/sha256.c b/ctaocrypt/src/sha256.c index baa379059..97f64a3ca 100644 --- a/ctaocrypt/src/sha256.c +++ b/ctaocrypt/src/sha256.c @@ -37,6 +37,13 @@ #include #endif +#ifdef FREESCALE_MMCAU + #include "cau_api.h" + #define XTRANSFORM(S,B) cau_sha256_hash_n((B), 1, ((S))->digest) +#else + #define XTRANSFORM(S,B) Transform((S)) +#endif + #ifndef min @@ -50,20 +57,26 @@ void InitSha256(Sha256* sha256) { - sha256->digest[0] = 0x6A09E667L; - sha256->digest[1] = 0xBB67AE85L; - sha256->digest[2] = 0x3C6EF372L; - sha256->digest[3] = 0xA54FF53AL; - sha256->digest[4] = 0x510E527FL; - sha256->digest[5] = 0x9B05688CL; - sha256->digest[6] = 0x1F83D9ABL; - sha256->digest[7] = 0x5BE0CD19L; + #ifdef FREESCALE_MMCAU + cau_sha256_initialize_output(sha256->digest); + #else + sha256->digest[0] = 0x6A09E667L; + sha256->digest[1] = 0xBB67AE85L; + sha256->digest[2] = 0x3C6EF372L; + sha256->digest[3] = 0xA54FF53AL; + sha256->digest[4] = 0x510E527FL; + sha256->digest[5] = 0x9B05688CL; + sha256->digest[6] = 0x1F83D9ABL; + sha256->digest[7] = 0x5BE0CD19L; + #endif sha256->buffLen = 0; sha256->loLen = 0; sha256->hiLen = 0; } +#ifndef FREESCALE_MMCAU + static const word32 K[64] = { 0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL, 0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L, @@ -128,6 +141,8 @@ static void Transform(Sha256* sha256) } } +#endif /* FREESCALE_MMCAU */ + static INLINE void AddLength(Sha256* sha256, word32 len) { @@ -151,10 +166,10 @@ void Sha256Update(Sha256* sha256, const byte* data, word32 len) len -= add; if (sha256->buffLen == SHA256_BLOCK_SIZE) { - #ifdef LITTLE_ENDIAN_ORDER + #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseBytes(local, local, SHA256_BLOCK_SIZE); #endif - Transform(sha256); + XTRANSFORM(sha256, local); AddLength(sha256, SHA256_BLOCK_SIZE); sha256->buffLen = 0; } @@ -168,17 +183,17 @@ void Sha256Final(Sha256* sha256, byte* hash) AddLength(sha256, sha256->buffLen); /* before adding pads */ - local[sha256->buffLen++] = 0x80; /* add 1 */ + local[sha256->buffLen++] = 0x80; /* add 1 */ /* pad with zeros */ if (sha256->buffLen > SHA256_PAD_SIZE) { XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen); sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen; - #ifdef LITTLE_ENDIAN_ORDER + #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseBytes(local, local, SHA256_BLOCK_SIZE); #endif - Transform(sha256); + XTRANSFORM(sha256, local); sha256->buffLen = 0; } XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen); @@ -189,7 +204,7 @@ void Sha256Final(Sha256* sha256, byte* hash) sha256->loLen = sha256->loLen << 3; /* store lengths */ - #ifdef LITTLE_ENDIAN_ORDER + #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) ByteReverseBytes(local, local, SHA256_BLOCK_SIZE); #endif /* ! length ordering dependent on digest endian type ! */ @@ -197,7 +212,13 @@ void Sha256Final(Sha256* sha256, byte* hash) XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen, sizeof(word32)); - Transform(sha256); + #ifdef FREESCALE_MMCAU + /* Kinetis requires only these bytes reversed */ + ByteReverseBytes(&local[SHA256_PAD_SIZE], &local[SHA256_PAD_SIZE], + 2 * sizeof(word32)); + #endif + + XTRANSFORM(sha256, local); #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE); #endif From 8c8a1b0db8665a7497e4e76bda2df1d90345483f Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Tue, 17 Dec 2013 16:29:21 -0700 Subject: [PATCH 2/7] add Freescale K60 mmCAU AES, DES, 3DES support --- ctaocrypt/src/aes.c | 91 +++++++++++++++++++++- ctaocrypt/src/des3.c | 181 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 270 insertions(+), 2 deletions(-) diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index 8f5e357d7..6cb0dcd94 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -62,8 +62,8 @@ * document (See note in README). */ #include "stm32f2xx.h" - #include "stm32f2xx_cryp.h" - + #include "stm32f2xx_cryp.h" + int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir) { @@ -553,6 +553,93 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, return 0; } +#elif defined FREESCALE_MMCAU + /* + * Freescale mmCAU hardware AES support through the CAU/mmCAU library. + * Documentation located in ColdFire/ColdFire+ CAU and Kinetis mmCAU + * Software Library User Guide (See note in README). + */ + #include "cau_api.h" + + int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, + int dir) + { + byte *rk = (byte*)aes->key; + + if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) + return BAD_FUNC_ARG; + + aes->rounds = keylen/4 + 6; + cau_aes_set_key(userKey, keylen*8, rk); + + return AesSetIV(aes, iv); + } + + int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + + byte *iv, *enc_key; + byte temp_block[AES_BLOCK_SIZE]; + + iv = (byte*)aes->reg; + enc_key = (byte*)aes->key; + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); + + /* XOR block with IV for CBC */ + for (i = 0; i < AES_BLOCK_SIZE; i++) + temp_block[i] ^= iv[i]; + + cau_aes_encrypt(temp_block, enc_key, aes->rounds, out + offset); + + len -= AES_BLOCK_SIZE; + offset += AES_BLOCK_SIZE; + + /* store IV for next block */ + XMEMCPY(iv, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + } + + return 0; + } + + int AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + + byte* iv, *dec_key; + byte temp_block[AES_BLOCK_SIZE]; + + iv = (byte*)aes->reg; + dec_key = (byte*)aes->key; + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); + + cau_aes_decrypt(in + offset, dec_key, aes->rounds, out + offset); + + /* XOR block with IV for CBC */ + for (i = 0; i < AES_BLOCK_SIZE; i++) + (out + offset)[i] ^= iv[i]; + + /* store IV for next block */ + XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); + + len -= AES_BLOCK_SIZE; + offset += AES_BLOCK_SIZE; + } + + return 0; + } + + #else /* CTaoCrypt software implementation */ static const word32 rcon[] = { diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index c5e7ef580..cdccaaaea 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -413,6 +413,187 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) } } +#elif defined FREESCALE_MMCAU + /* + * Freescale mmCAU hardware DES/3DES support through the CAU/mmCAU library. + * Documentation located in ColdFire/ColdFire+ CAU and Kinetis mmCAU + * Software Library User Guide (See note in README). + */ + #include "cau_api.h" + + const unsigned char parityLookup[128] = + { + 1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0, + 0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1, + 0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1, + 1,0,0,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0 + }; + + void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) + { + int i = 0; + byte* dkey = (byte*)des->key; + + XMEMCPY(dkey, key, 8); + + Des_SetIV(des, iv); + + /* fix key parity, if needed */ + for (i = 0; i < 8; i++) { + dkey[i] = ((dkey[i] & 0xFE) | parityLookup[dkey[i] >> 1]); + } + } + + void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) + { + int i = 0; + byte* dkey1 = (byte*)des->key[0]; + byte* dkey2 = (byte*)des->key[1]; + byte* dkey3 = (byte*)des->key[2]; + + XMEMCPY(dkey1, key, 8); /* set key 1 */ + XMEMCPY(dkey2, key + 8, 8); /* set key 2 */ + XMEMCPY(dkey3, key + 16, 8); /* set key 3 */ + + Des3_SetIV(des, iv); + + /* fix key parity if needed */ + for (i = 0; i < 8; i++) + dkey1[i] = ((dkey1[i] & 0xFE) | parityLookup[dkey1[i] >> 1]); + + for (i = 0; i < 8; i++) + dkey2[i] = ((dkey2[i] & 0xFE) | parityLookup[dkey2[i] >> 1]); + + for (i = 0; i < 8; i++) + dkey3[i] = ((dkey3[i] & 0xFE) | parityLookup[dkey3[i] >> 1]); + } + + void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + byte *iv; + byte temp_block[DES_BLOCK_SIZE]; + + iv = (byte*)des->reg; + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + /* XOR block with IV for CBC */ + for (i = 0; i < DES_BLOCK_SIZE; i++) + temp_block[i] ^= iv[i]; + + cau_des_encrypt(temp_block, (byte*)des->key, out + offset); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + + /* store IV for next block */ + XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + } + + return; + } + + void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + byte* iv; + byte temp_block[DES_BLOCK_SIZE]; + + iv = (byte*)des->reg; + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + cau_des_decrypt(in + offset, (byte*)des->key, out + offset); + + /* XOR block with IV for CBC */ + for (i = 0; i < DES_BLOCK_SIZE; i++) + (out + offset)[i] ^= iv[i]; + + /* store IV for next block */ + XMEMCPY(iv, temp_block, DES_BLOCK_SIZE); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + } + + return; + } + + void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + + byte *iv; + byte temp_block[DES_BLOCK_SIZE]; + + iv = (byte*)des->reg; + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + /* XOR block with IV for CBC */ + for (i = 0; i < DES_BLOCK_SIZE; i++) + temp_block[i] ^= iv[i]; + + cau_des_encrypt(temp_block , (byte*)des->key[0], out + offset); + cau_des_decrypt(out + offset, (byte*)des->key[1], out + offset); + cau_des_encrypt(out + offset, (byte*)des->key[2], out + offset); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + + /* store IV for next block */ + XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + } + + return; + } + + void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + + byte* iv; + byte temp_block[DES_BLOCK_SIZE]; + + iv = (byte*)des->reg; + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + cau_des_decrypt(in + offset , (byte*)des->key[2], out + offset); + cau_des_encrypt(out + offset, (byte*)des->key[1], out + offset); + cau_des_decrypt(out + offset, (byte*)des->key[0], out + offset); + + /* XOR block with IV for CBC */ + for (i = 0; i < DES_BLOCK_SIZE; i++) + (out + offset)[i] ^= iv[i]; + + /* store IV for next block */ + XMEMCPY(iv, temp_block, DES_BLOCK_SIZE); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + } + + return; + } + #else /* CTaoCrypt software implementation */ /* permuted choice table (key) */ From 6c43a008abb24bd81c624eff3e9dab9af78c39dc Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Tue, 17 Dec 2013 16:33:56 -0700 Subject: [PATCH 3/7] update README --- README | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README b/README index 98a59480d..f0c02b584 100644 --- a/README +++ b/README @@ -37,10 +37,19 @@ before calling SSL_new(); Though it's not recommended. CyaSSL Release 2.9.0 (X/XX/XXXX) +Release 2.9.0 CyaSSL has bug fixes and new features including: +- Freescale Kinetis RNGB support +- Freescale Kinetis mmCAU support + The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the K53 Sub-Family Reference Manual: http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf +Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation +can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library +User Guide": +http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf + *****************CyaSSL Release 2.8.0 (8/30/2013) From 003446a5cd194c32fd55b6a7e427b5f26492a998 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 17 Dec 2013 18:26:29 -0800 Subject: [PATCH 4/7] Using OCSP override URL should enable OCSP url overriding. --- examples/client/client.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 6c82d627c..d973de638 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -505,10 +505,14 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) #ifdef HAVE_OCSP if (useOcsp) { - CyaSSL_CTX_OCSP_set_options(ctx, - CYASSL_OCSP_ENABLE | CYASSL_OCSP_NO_NONCE); - if (ocspUrl != NULL) + if (ocspUrl != NULL) { CyaSSL_CTX_OCSP_set_override_url(ctx, ocspUrl); + CyaSSL_CTX_OCSP_set_options(ctx, CYASSL_OCSP_URL_OVERRIDE | + CYASSL_OCSP_ENABLE | CYASSL_OCSP_NO_NONCE); + } + else + CyaSSL_CTX_OCSP_set_options(ctx, + CYASSL_OCSP_ENABLE | CYASSL_OCSP_NO_NONCE); } #endif From fe4f10418f11b9d48b2c0e726d2cb19d4dc69b6a Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 17 Dec 2013 18:30:42 -0800 Subject: [PATCH 5/7] OCSP lookups are IPv4/IPv6 agnostic. --- src/io.c | 85 +++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 53 insertions(+), 32 deletions(-) diff --git a/src/io.c b/src/io.c index ca620d4ad..e216d4713 100644 --- a/src/io.c +++ b/src/io.c @@ -512,52 +512,62 @@ int EmbedGenerateCookie(CYASSL* ssl, byte *buf, int sz, void *ctx) #ifdef HAVE_OCSP -#ifdef TEST_IPV6 - typedef struct sockaddr_in6 SOCKADDR_IN_T; - #define AF_INET_V AF_INET6 -#else - typedef struct sockaddr_in SOCKADDR_IN_T; - #define AF_INET_V AF_INET -#endif - -static INLINE int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port) +static int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port) { - SOCKADDR_IN_T addr; - const char* host = ip; + struct sockaddr_storage addr; + int sockaddr_len = sizeof(struct sockaddr_in); + XMEMSET(&addr, 0, sizeof(addr)); - /* peer could be in human readable form */ - if (ip != INADDR_ANY && isalpha(ip[0])) { + #ifdef HAVE_GETADDRINFO + { + struct addrinfo hints; + struct addrinfo* answer = NULL; + char strPort[8]; + + XMEMSET(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + XSNPRINTF(strPort, sizeof(strPort), "%d", port); + strPort[7] = '\0'; + + if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) { + CYASSL_MSG("no addr info for OCSP responder"); + return -1; + } + + sockaddr_len = answer->ai_addrlen; + XMEMCPY(&addr, answer->ai_addr, sockaddr_len); + freeaddrinfo(answer); + + } + #else /* HAVE_GETADDRINFO */ + { struct hostent* entry = gethostbyname(ip); + struct sockaddr_in *sin = (struct sockaddr_in *)&addr; if (entry) { - struct sockaddr_in tmp; - XMEMSET(&tmp, 0, sizeof(struct sockaddr_in)); - XMEMCPY(&tmp.sin_addr.s_addr, entry->h_addr_list[0], - entry->h_length); - host = inet_ntoa(tmp.sin_addr); + sin->sin_family = AF_INET; + sin->sin_port = htons(port); + XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0], + entry->h_length); } else { - CYASSL_MSG("no addr entry for OCSP responder"); + CYASSL_MSG("no addr info for OCSP responder"); return -1; } } + #endif /* HAVE_GETADDRINFO */ - *sockfd = socket(AF_INET_V, SOCK_STREAM, 0); + *sockfd = socket(addr.ss_family, SOCK_STREAM, 0); if (*sockfd < 0) { CYASSL_MSG("bad socket fd, out of fds?"); return -1; } - XMEMSET(&addr, 0, sizeof(SOCKADDR_IN_T)); - addr.sin_family = AF_INET_V; - addr.sin_port = htons(port); - if (host == INADDR_ANY) - addr.sin_addr.s_addr = INADDR_ANY; - else - addr.sin_addr.s_addr = inet_addr(host); - - if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) { + if (connect(*sockfd, (struct sockaddr *)&addr, sockaddr_len) != 0) { CYASSL_MSG("OCSP responder tcp connect failed"); return -1; } @@ -597,15 +607,26 @@ static int decode_url(const char* url, int urlSz, int i, cur; /* need to break the url down into scheme, address, and port */ - /* "http://example.com:8080/" */ + /* "http://example.com:8080/" */ + /* "http://[::1]:443/" */ if (XSTRNCMP(url, "http://", 7) == 0) { cur = 7; } else cur = 0; i = 0; - while (url[cur] != 0 && url[cur] != ':' && + if (url[cur] == '[') { + cur++; + /* copy until ']' */ + while (url[cur] != 0 && url[cur] != ']' && cur < urlSz) { + outName[i++] = url[cur++]; + } + cur++; /* skip ']' */ + } + else { + while (url[cur] != 0 && url[cur] != ':' && url[cur] != '/' && cur < urlSz) { - outName[i++] = url[cur++]; + outName[i++] = url[cur++]; + } } outName[i] = 0; /* Need to pick out the path after the domain name */ From 75e6ac534eadc59c4cc6cdb471a1901b59f0ad24 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 18 Dec 2013 10:58:10 -0800 Subject: [PATCH 6/7] Force Cygwin to use function tolower() rather than macro version --- cyassl/ctaocrypt/types.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index f873592e3..c5075c51c 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -217,6 +217,11 @@ enum { #define XISALPHA(c) isalpha((c)) #endif /* needed by CyaSSL_check_domain_name() */ + #ifdef __CYGWIN__ + /* Cygwin uses a macro version of tolower() by default, use the + * function version. */ + #undef tolower + #endif #define XTOLOWER(c) tolower((c)) #endif From 4ffc92a4d6736bedc3e9f4806e7d78f56423cba1 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 18 Dec 2013 12:34:40 -0800 Subject: [PATCH 7/7] Use OCSP override URL enable in both example client and server. --- examples/client/client.c | 8 ++++---- examples/server/server.c | 10 +++++++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index d973de638..9a9c41c32 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -507,12 +507,12 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args) if (useOcsp) { if (ocspUrl != NULL) { CyaSSL_CTX_OCSP_set_override_url(ctx, ocspUrl); - CyaSSL_CTX_OCSP_set_options(ctx, CYASSL_OCSP_URL_OVERRIDE | - CYASSL_OCSP_ENABLE | CYASSL_OCSP_NO_NONCE); + CyaSSL_CTX_OCSP_set_options(ctx, CYASSL_OCSP_ENABLE | + CYASSL_OCSP_URL_OVERRIDE | CYASSL_OCSP_NO_NONCE); } else - CyaSSL_CTX_OCSP_set_options(ctx, - CYASSL_OCSP_ENABLE | CYASSL_OCSP_NO_NONCE); + CyaSSL_CTX_OCSP_set_options(ctx, CYASSL_OCSP_ENABLE | + CYASSL_OCSP_NO_NONCE); } #endif diff --git a/examples/server/server.c b/examples/server/server.c index 9be9c4802..863999c79 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -459,10 +459,14 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #endif #ifdef HAVE_OCSP if (useOcsp) { - CyaSSL_CTX_OCSP_set_options(ctx, - CYASSL_OCSP_ENABLE | CYASSL_OCSP_NO_NONCE); - if (ocspUrl != NULL) + if (ocspUrl != NULL) { CyaSSL_CTX_OCSP_set_override_url(ctx, ocspUrl); + CyaSSL_CTX_OCSP_set_options(ctx, CYASSL_OCSP_ENABLE | + CYASSL_OCSP_URL_OVERRIDE | CYASSL_OCSP_NO_NONCE); + } + else + CyaSSL_CTX_OCSP_set_options(ctx, CYASSL_OCSP_ENABLE | + CYASSL_OCSP_NO_NONCE); } #endif #ifdef HAVE_PK_CALLBACKS