feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add session tickets to echoserver example too

Browse Source
This commit is contained in:
toddouska
2015-05-18 09:13:34 -07:00
parent ebf73fab5d
commit 8ff17b66f3
3 changed files with 103 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
examples/echoserver/echoserver.c
View File

@@ -53,7 +53,6 @@
#include "examples/echoserver/echoserver.h" #include "examples/echoserver/echoserver.h"
#define SVR_COMMAND_SIZE 256 #define SVR_COMMAND_SIZE 256
static void SignalReady(void* args, word16 port) static void SignalReady(void* args, word16 port)
@@ -143,6 +142,13 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif #endif
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)
if (TicketInit() != 0)
err_sys("unable to setup Session Ticket Key context");
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM
if (doPSK == 0) { if (doPSK == 0) {
#ifdef HAVE_NTRU #ifdef HAVE_NTRU
@@ -337,6 +343,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
fdCloseSession(Task_self()); fdCloseSession(Task_self());
#endif #endif
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)
TicketCleanup();
#endif
#ifndef CYASSL_TIRTOS #ifndef CYASSL_TIRTOS
return 0; return 0;
#endif #endif
@@ -382,5 +393,3 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#endif /* NO_MAIN_DRIVER */ #endif /* NO_MAIN_DRIVER */

94
examples/server/server.c
View File

@@ -64,15 +64,6 @@
int myHsDoneCb(WOLFSSL* ssl, void* user_ctx); int myHsDoneCb(WOLFSSL* ssl, void* user_ctx);
#endif #endif
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
static int TicketInit(void);
static void TicketCleanup(void);
static int myTicketEncCb(WOLFSSL* ssl, byte key_name[16], byte iv[16],
byte mac[32], int enc, byte* ticket, int inLen,
int* outLen);
#endif
static void NonBlockingSSL_Accept(SSL* ssl) static void NonBlockingSSL_Accept(SSL* ssl)
@@ -755,88 +746,3 @@ while (1) { /* allow resume option */
#endif #endif
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)
typedef struct key_ctx {
byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
byte key[16]; /* cipher key */
} key_ctx;
static key_ctx myKey_ctx;
static RNG rng;
static int TicketInit(void)
{
int ret = wc_InitRng(&rng);
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.key, sizeof(myKey_ctx.key));
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.name,sizeof(myKey_ctx.name));
if (ret != 0) return ret;
return 0;
}
static void TicketCleanup(void)
{
wc_FreeRng(&rng);
}
static int myTicketEncCb(WOLFSSL* ssl,
byte key_name[WOLFSSL_TICKET_NAME_SZ],
byte iv[WOLFSSL_TICKET_IV_SZ],
byte mac[WOLFSSL_TICKET_MAC_SZ],
int enc, byte* ticket, int inLen, int* outLen)
{
(void)ssl;
int ret;
word16 sLen = htons(inLen);
byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
byte* tmp = aad;
if (enc) {
XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
ret = wc_RNG_GenerateBlock(&rng, iv, WOLFSSL_TICKET_IV_SZ);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
/* build aad from key name, iv, and length */
XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
tmp += WOLFSSL_TICKET_NAME_SZ;
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
tmp += WOLFSSL_TICKET_IV_SZ;
XMEMCPY(tmp, &sLen, 2);
ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
aad, aadSz,
ticket, inLen,
ticket,
mac);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
*outLen = inLen; /* no padding in this mode */
} else {
/* decrypt */
/* build aad from key name, iv, and length */
XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
tmp += WOLFSSL_TICKET_NAME_SZ;
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
tmp += WOLFSSL_TICKET_IV_SZ;
XMEMCPY(tmp, &sLen, 2);
ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
aad, aadSz,
ticket, inLen,
mac,
ticket);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
*outLen = inLen; /* no padding in this mode */
}
return WOLFSSL_TICKET_RET_OK;
}
#endif

92
wolfssl/test.h
View File

@@ -1835,5 +1835,95 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
return tempfn; return tempfn;
} }
#endif /* wolfSSL_TEST_H */
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
typedef struct key_ctx {
byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
byte key[16]; /* cipher key */
} key_ctx;
static key_ctx myKey_ctx;
static RNG rng;
static INLINE int TicketInit(void)
{
int ret = wc_InitRng(&rng);
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.key, sizeof(myKey_ctx.key));
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.name,sizeof(myKey_ctx.name));
if (ret != 0) return ret;
return 0;
}
static INLINE void TicketCleanup(void)
{
wc_FreeRng(&rng);
}
static INLINE int myTicketEncCb(WOLFSSL* ssl,
byte key_name[WOLFSSL_TICKET_NAME_SZ],
byte iv[WOLFSSL_TICKET_IV_SZ],
byte mac[WOLFSSL_TICKET_MAC_SZ],
int enc, byte* ticket, int inLen, int* outLen)
{
(void)ssl;
int ret;
word16 sLen = htons(inLen);
byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
byte* tmp = aad;
if (enc) {
XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
ret = wc_RNG_GenerateBlock(&rng, iv, WOLFSSL_TICKET_IV_SZ);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
/* build aad from key name, iv, and length */
XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
tmp += WOLFSSL_TICKET_NAME_SZ;
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
tmp += WOLFSSL_TICKET_IV_SZ;
XMEMCPY(tmp, &sLen, 2);
ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
aad, aadSz,
ticket, inLen,
ticket,
mac);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
*outLen = inLen; /* no padding in this mode */
} else {
/* decrypt */
/* build aad from key name, iv, and length */
XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
tmp += WOLFSSL_TICKET_NAME_SZ;
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
tmp += WOLFSSL_TICKET_IV_SZ;
XMEMCPY(tmp, &sLen, 2);
ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
aad, aadSz,
ticket, inLen,
mac,
ticket);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
*outLen = inLen; /* no padding in this mode */
}
return WOLFSSL_TICKET_RET_OK;
}
#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
#endif /* wolfSSL_TEST_H */