From 8779c3a884b572a23b915120d7e7b769fae75004 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 10 May 2021 10:32:55 +1000 Subject: [PATCH] ECC: Disable ECC but have Curve25519/448 and PK callbacks fix Fix ed25519 certificates. Tidy up testsuite.c --- certs/ed25519/ca-ed25519-key.der | Bin 84 -> 44 bytes certs/ed25519/ca-ed25519-key.pem | 7 +- certs/ed25519/ca-ed25519-priv.der | Bin 48 -> 48 bytes certs/ed25519/ca-ed25519-priv.pem | 2 +- certs/ed25519/ca-ed25519.der | Bin 600 -> 592 bytes certs/ed25519/ca-ed25519.pem | 58 ++++-- certs/ed25519/client-ed25519-key.der | Bin 84 -> 44 bytes certs/ed25519/client-ed25519-key.pem | 7 +- certs/ed25519/client-ed25519-priv.der | Bin 48 -> 48 bytes certs/ed25519/client-ed25519-priv.pem | 2 +- certs/ed25519/client-ed25519.der | Bin 592 -> 856 bytes certs/ed25519/client-ed25519.pem | 68 +++++-- certs/ed25519/root-ed25519-key.der | Bin 84 -> 44 bytes certs/ed25519/root-ed25519-key.pem | 7 +- certs/ed25519/root-ed25519-priv.der | Bin 48 -> 48 bytes certs/ed25519/root-ed25519-priv.pem | 2 +- certs/ed25519/root-ed25519.der | Bin 602 -> 613 bytes certs/ed25519/root-ed25519.pem | 59 ++++-- certs/ed25519/server-ed25519-cert.pem | 78 +++++--- certs/ed25519/server-ed25519-key.der | Bin 84 -> 44 bytes certs/ed25519/server-ed25519-key.pem | 7 +- certs/ed25519/server-ed25519-priv.der | Bin 48 -> 48 bytes certs/ed25519/server-ed25519-priv.pem | 2 +- certs/ed25519/server-ed25519.der | Bin 586 -> 633 bytes certs/ed25519/server-ed25519.pem | 121 +++++++++--- src/internal.c | 5 + tests/test-ed25519.conf | 12 +- testsuite/testsuite.c | 265 +++++++++++++++++--------- wolfssl/internal.h | 88 ++++----- wolfssl/test.h | 4 +- 30 files changed, 538 insertions(+), 256 deletions(-) diff --git a/certs/ed25519/ca-ed25519-key.der b/certs/ed25519/ca-ed25519-key.der index 819013780c2acf8664bec44a2c5cb6687e31edcb..f1dfb912e8e2788b4590534b19572a42549c6001 100644 GIT binary patch literal 44 zcmXreGGJw6)=n*8R%CFpuKL+@{^xzkyPrQ8Y3Ba=Tjrl}=+J{4_jQLtGuH6>0swuf B6XgH^ literal 84 zcmXpAVq#=4U}a<0PAy~)&&=CugRYQyC> q7b>wRteRGvUU>cA+7{P7YWM5N~_y23lqecJ@HzS$= diff --git a/certs/ed25519/ca-ed25519-key.pem b/certs/ed25519/ca-ed25519-key.pem index f964dca0f..0eb5c3ca4 100644 --- a/certs/ed25519/ca-ed25519-key.pem +++ b/certs/ed25519/ca-ed25519-key.pem @@ -1,4 +1,3 @@ ------BEGIN EDDSA PRIVATE KEY----- -MFICAQAwBQYDK2VwBCIEIAw37caag1d0w0pY63b7oe9Frg8SA0rLDtnWWDl7MafZ -oSIEIKqWfWdx1/6tqF8UGL4C0BV+gGS5IXuyP3x0bv/1hOKB ------END EDDSA PRIVATE KEY----- +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAQjt6+YLP+d8Z3fPwMilt+v12T2jCwuBsR67CVWisDU0= +-----END PUBLIC KEY----- diff --git a/certs/ed25519/ca-ed25519-priv.der b/certs/ed25519/ca-ed25519-priv.der index 47edd8f9059df9cff22c70935df45e272f5f47b8..4d7e9b5bf0a43f91ed4480100db5152a4a920076 100644 GIT binary patch literal 48 zcmXreV`5}5U}a<0PAyTKEphjHGWFK&{XdpF&E~)&&=CugRYQyC> E0aTL_zW@LL diff --git a/certs/ed25519/ca-ed25519-priv.pem b/certs/ed25519/ca-ed25519-priv.pem index a1c81d93c..da2e90598 100644 --- a/certs/ed25519/ca-ed25519-priv.pem +++ b/certs/ed25519/ca-ed25519-priv.pem @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIAw37caag1d0w0pY63b7oe9Frg8SA0rLDtnWWDl7MafZ +MC4CAQAwBQYDK2VwBCIEIPhVt7ZJP5mciOPFQmqkR0rkldrbv/inQp0O59BXjxZp -----END PRIVATE KEY----- diff --git a/certs/ed25519/ca-ed25519.der b/certs/ed25519/ca-ed25519.der index 8b7788d0dd59ceb3a33684be7442165864fa1fde..d46aa7926b5bd0a0887b34f95d0dbb0087b1effc 100644 GIT binary patch literal 592 zcmXqLV)8L)V*Iy&nTe5!iILHOm5o_DwZNcpt|7MpCmVAp3!5-gXt1Gx0UwCN!NcyG zpI4HYmk1MK=V5osuS(5L%rlfQ5Cf^<;^8mP&q)go_K9~*F)}qZv@{eo5C+L`^Y8@a z=a=ZhgrORkdHBoA%k@B-ii>mflJj#7nrVXH&!dsZjR|8wf(&&*ki>3lpTk^;*ziW>#cy zvab5sbpGdk$-AFF7-{DI`dj9oap=&49QSpHLNnIz`Yuj3NHmaTV-A(&V-aH!DY6*Ihtn4{n08p)|CjbBd literal 600 zcmXqLVhS;6Vq#ms%*4pVB;df&<=fig;Zka;{yBTUrJ?~V8?$z5fkER;Lv903Hs(+k zHesgFU_$`|J`jh4hut?nuOu-q5hlXU!|s${m71HFXUJ>74N}9x!xEIAUjkFW#lv2n zpOY3G>;n_w=3#erF)}qZv^1135Cdsp=HV|dFV_R9D=yB_OU}|i zGOU_bn_hVR-`W-NA`<(UE{N7Or0i6z-eg}>lK1~>%cI7{2?lWnJZ#LNvcfE^2F#3% z{|#h8JU$jN7LmMe-jh0!&I#+68nxzpE&04FWcC>Yd62X+i-dt#gNS4m=dx#N@$qay z=aN;T`eO=hcb9`>QI?;P@jnX-GZW)6m|Gkfb|0=P%sVtK(k%6g2=jysQae>bgPLYE xY})naxsJ>+;iWsy>aP6R`{dt!yKUX=x6fSg=9%#4YpGD*tqI$ME-vt81pwwQr6T|U diff --git a/certs/ed25519/ca-ed25519.pem b/certs/ed25519/ca-ed25519.pem index c8abf6880..7b645aaf3 100644 --- a/certs/ed25519/ca-ed25519.pem +++ b/certs/ed25519/ca-ed25519.pem @@ -1,15 +1,47 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: ED25519 + Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Validity + Not Before: Mar 10 06:49:03 2021 GMT + Not After : Dec 5 06:49:03 2023 GMT + Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: ED25519 + ED25519 Public-Key: + pub: + 42:3b:7a:f9:82:cf:f9:df:19:dd:f3:f0:32:29:6d: + fa:fd:76:4f:68:c2:c2:e0:6c:47:ae:c2:55:68:ac: + 0d:4d + X509v3 extensions: + X509v3 Subject Key Identifier: + 74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9 + X509v3 Authority Key Identifier: + keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: ED25519 + da:fe:58:53:89:43:85:98:35:dc:13:1c:a3:f1:1f:8d:26:be: + b6:a2:fc:b7:fe:9c:b9:35:69:31:7e:d4:b9:11:45:16:a2:29: + 35:a9:74:a7:97:da:7e:71:4f:b1:72:5d:75:17:ac:e3:f6:b8: + ce:1e:e4:8a:95:ba:cd:1d:ce:0d -----BEGIN CERTIFICATE----- -MIICVDCCAgagAwIBAgIQQAiKTYWESER1OSfza785ITAFBgMrZXAwgZkxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD -VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw -FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j -b20wIhgPMjAyMTAyMDkxOTUwMDRaGA8yMDIzMDIxMDE5NTAwNFowgZcxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD -VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG -A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t -MCowBQYDK2VwAyEAqpZ9Z3HX/q2oXxQYvgLQFX6AZLkhe7I/fHRu//WE4oGjYDBe -MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG6LDcksWUNgr6UyhWz1dPO6VJvMMB8G -A1UdIwQYMBaAFBl6CabmJl9fBlLOYyRaj1xxPbt3MA4GA1UdDwEB/wQEAwIBxjAF -BgMrZXADQQC7w3pxbsKWWTZl1BQDkNAauSRVUoKYgLK67OcsHMYTpbjNLan5jeT+ -3z62i4fbzNBLDJD89XUSjtqQt1LRoE0F +MIICTDCCAf6gAwIBAgIBATAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX0Vk +MjU1MTkxFTATBgNVBAsMDFJvb3QtRWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIxMDMx +MDA2NDkwM1oXDTIzMTIwNTA2NDkwM1owgZsxCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk +MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAqMAUGAytlcAMh +AEI7evmCz/nfGd3z8DIpbfr9dk9owsLgbEeuwlVorA1No2MwYTAdBgNVHQ4EFgQU +dNU4GV6DuQP4AYo1NbuJTEm0I+kwHwYDVR0jBBgwFoAU+rpbdh3xHR1NdEjYmDtW +77MU894wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VwA0EA +2v5YU4lDhZg13BMco/EfjSa+tqL8t/6cuTVpMX7UuRFFFqIpNal0p5fafnFPsXJd +dRes4/a4zh7kipW6zR3ODQ== -----END CERTIFICATE----- diff --git a/certs/ed25519/client-ed25519-key.der b/certs/ed25519/client-ed25519-key.der index 0672c15f1c49038a408c289b6a85ec38fd8572f0..70cd43c5fe0910551fc89a7357dd0a724749823d 100644 GIT binary patch literal 44 zcmXreGGJw6)=n*8R%Cb<9xW_=JWwS2t@YQ7zgEx7+4h==bMeftdHd(u{0p&s1^`oU B6AJ(U literal 84 zcmXpAVq#=4U}a<0PAy{C(1hL_2Qe)zp3x;{9V4~@tQ*%SqA_W?Ie%@ diff --git a/certs/ed25519/client-ed25519-key.pem b/certs/ed25519/client-ed25519-key.pem index f9742bdbd..134666eaa 100644 --- a/certs/ed25519/client-ed25519-key.pem +++ b/certs/ed25519/client-ed25519-key.pem @@ -1,4 +1,3 @@ ------BEGIN EDDSA PRIVATE KEY----- -MFICAQAwBQYDK2VwBCIEICkn2+pW4KyBhuv1IuoymGLEqp9hTFcALhcvKrmHgkhs -oSIEIE6fglljSpes+m6VbFo7Uuuj2ef2J7uJ+3e046zCCGrA ------END EDDSA PRIVATE KEY----- +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEA5ldbExvHURRr7Tv10fqrnmy26wIJo5n1br+dPP5UOeY= +-----END PUBLIC KEY----- diff --git a/certs/ed25519/client-ed25519-priv.der b/certs/ed25519/client-ed25519-priv.der index 0ee0ad2887ebc0be123e469623c3aa3dc42eefd1..eaf16472fc1e62d791cf8a2bcfa725164a96fe39 100644 GIT binary patch literal 48 zcmXreV`5}5U}a<0PAy(^b diff --git a/certs/ed25519/client-ed25519-priv.pem b/certs/ed25519/client-ed25519-priv.pem index 214c1eaaa..d7c8a771a 100644 --- a/certs/ed25519/client-ed25519-priv.pem +++ b/certs/ed25519/client-ed25519-priv.pem @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEICkn2+pW4KyBhuv1IuoymGLEqp9hTFcALhcvKrmHgkhs +MC4CAQAwBQYDK2VwBCIEIJK1TOyvgca7AdbV3r03l1rSxvbDhbU75uTsMunHylLr -----END PRIVATE KEY----- diff --git a/certs/ed25519/client-ed25519.der b/certs/ed25519/client-ed25519.der index f9d6fe85d54f657db020971e6320da50bc782163..adfdaa58ee6f7eec40be3a37f977ad6a847affc4 100644 GIT binary patch literal 856 zcmXqLVh%BAVrE;w%*4pVB;t^EOmGjwkHDW#ymxc2J;-UX!Rv_uD;u+RYJoxHd_!&n zPB!LH7B*p~&|pIW13nOkgNNNWKd&S)FA*lf&cp7MUzM7hm}e+qAO=#y#lv5opOY3G z>=U1wVq|J+XlW>JAPSP<=HYYB$xO{F(S=DswJ`JWmzS68fwUDD=jbKp=Nifz$g**2 zwRyCC=Vjz%6cfnIOUrjaQeYq_&TC|7U~Fh$U}j=zU>qgRYh-L_WMB&A4gnu%K?9pv zk>Oc*w6OH?K#}aX)?Y9FT0Jjk+iNDy#WTO=?VoG&FU0cM;wHubgC<5F16elaP+2|} zF&2@3j&XL4kM!I&+qrj6xN>MqpWwAFgU0(Hd1aQy>jsTi8nCKa*tm2_7Cy(i=9iBFD;u+RYJoxHY(s7XPB!LH z7B*p~&|pIW13nOkgNNNWKd&S)FA*lf&cp7MUzM7hm}kguzzb5t!o!xFlbM=V0#m}p z!(N`BlNKE80~6uqVRv;gGBq`{G?Xw918HLB;V&;Q*8{05F3!9Apq+Aj`%aD$BrYk>Q5HNsG`Ims1&8c~)?J z=XzGV^-ofoD947WEF2uc#;gDTI@-CXvfJ1EOA1$k^QqI1m#=uv%vSLFGtVw7L+;|Y FTmWXksDA(e diff --git a/certs/ed25519/client-ed25519.pem b/certs/ed25519/client-ed25519.pem index b340a1265..809742d6b 100644 --- a/certs/ed25519/client-ed25519.pem +++ b/certs/ed25519/client-ed25519.pem @@ -1,15 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 40:66:c6:11:bc:00:f8:51:f9:e4:4b:bb:0b:ad:c1:09:38:b0:4a:e4 + Signature Algorithm: ED25519 + Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Client-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Validity + Not Before: Mar 10 06:49:03 2021 GMT + Not After : Dec 5 06:49:03 2023 GMT + Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Client-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: ED25519 + ED25519 Public-Key: + pub: + e6:57:5b:13:1b:c7:51:14:6b:ed:3b:f5:d1:fa:ab: + 9e:6c:b6:eb:02:09:a3:99:f5:6e:bf:9d:3c:fe:54: + 39:e6 + X509v3 extensions: + X509v3 Subject Key Identifier: + FE:41:5E:3E:81:E2:2E:46:B3:3E:47:89:90:D4:C2:B4:8E:11:D6:8A + X509v3 Authority Key Identifier: + keyid:FE:41:5E:3E:81:E2:2E:46:B3:3E:47:89:90:D4:C2:B4:8E:11:D6:8A + DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_ed25519/OU=Client-ed25519/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:40:66:C6:11:BC:00:F8:51:F9:E4:4B:BB:0B:AD:C1:09:38:B0:4A:E4 + + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Alternative Name: + DNS:example.com, IP Address:127.0.0.1 + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: ED25519 + e0:87:e2:ce:d3:87:77:9d:f7:44:c0:73:00:ff:07:6d:2e:90: + 90:5c:bf:30:46:9c:75:a9:48:50:8a:da:09:0f:a8:a8:04:b4: + 33:c8:f4:28:61:9e:c2:a5:19:b7:70:1e:69:cd:49:5c:9a:f3: + 81:e0:de:38:b3:37:ff:33:bb:07 -----BEGIN CERTIFICATE----- -MIICTDCCAf6gAwIBAgIQFcHfya6OWie0wxPOBaz6TDAFBgMrZXAwgZsxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ8wDQYD -VQQEDAZjbGllbnQxEDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkx -GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEZMBcGA1UEBQAQaW5mb0B3b2xmc3Ns -LmNvbTAiGA8yMDIxMDIwOTE5NTAwNFoYDzIwMjMwMjEwMTk1MDA0WjCBmzELMAkG -A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xDzAN -BgNVBAQMBmNsaWVudDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUx -OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZz -c2wuY29tMCowBQYDK2VwAyEATp+CWWNKl6z6bpVsWjtS66PZ5/Ynu4n7d7TjrMII -asCjUjBQMB0GA1UdDgQWBBQxmyle67rNf5gcL3e47pgvKH2Z+DAfBgNVHSMEGDAW -gBQxmyle67rNf5gcL3e47pgvKH2Z+DAOBgNVHQ8BAf8EBAMCBsAwBQYDK2VwA0EA -2DDJOFXo02UBBQyoCvcK5n21/GJmFQiwlQQICFMzq//6xYm8eYtNN/RkCnBDysvj -p6jnAwZw6/MMujoxC3PtCg== +MIIDVDCCAwagAwIBAgIUQGbGEbwA+FH55Eu7C63BCTiwSuQwBQYDK2VwMIGfMQsw +CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY +MBYGA1UECgwPd29sZlNTTF9lZDI1NTE5MRcwFQYDVQQLDA5DbGllbnQtZWQyNTUx +OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tMB4XDTIxMDMxMDA2NDkwM1oXDTIzMTIwNTA2NDkwM1owgZ8x +CzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFu +MRgwFgYDVQQKDA93b2xmU1NMX2VkMjU1MTkxFzAVBgNVBAsMDkNsaWVudC1lZDI1 +NTE5MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb20wKjAFBgMrZXADIQDmV1sTG8dRFGvtO/XR+quebLbrAgmj +mfVuv508/lQ55qOCAVAwggFMMB0GA1UdDgQWBBT+QV4+geIuRrM+R4mQ1MK0jhHW +ijCB3wYDVR0jBIHXMIHUgBT+QV4+geIuRrM+R4mQ1MK0jhHWiqGBpaSBojCBnzEL +MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x +GDAWBgNVBAoMD3dvbGZTU0xfZWQyNTUxOTEXMBUGA1UECwwOQ2xpZW50LWVkMjU1 +MTkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m +b0B3b2xmc3NsLmNvbYIUQGbGEbwA+FH55Eu7C63BCTiwSuQwDAYDVR0TBAUwAwEB +/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwBQYDK2VwA0EA4IfiztOHd533RMBzAP8HbS6QkFy/MEac +dalIUIraCQ+oqAS0M8j0KGGewqUZt3Aeac1JXJrzgeDeOLM3/zO7Bw== -----END CERTIFICATE----- diff --git a/certs/ed25519/root-ed25519-key.der b/certs/ed25519/root-ed25519-key.der index 230709878827ec15501d759984dc32a6cdaddb11..cc03be2a1e938e82284fea4035f4353f9ea91e76 100644 GIT binary patch literal 44 zcmXreGGJw6)=n*8R%Cd&Ilrc$YxSuR1;3Os8!7+qzv8_9f4;plMOR=cPn7*F09Hd0 A*Z=?k literal 84 zcmXpAVq#=4U}a<0PAyk) r7AmnQbm*;Jze@eN^_=C>Gw=3k&!4ORes(=4@0Nc~n=g6)s^J3wJqIL{ diff --git a/certs/ed25519/root-ed25519-key.pem b/certs/ed25519/root-ed25519-key.pem index 6d6b2d8ec..eb8a72ce1 100644 --- a/certs/ed25519/root-ed25519-key.pem +++ b/certs/ed25519/root-ed25519-key.pem @@ -1,4 +1,3 @@ ------BEGIN EDDSA PRIVATE KEY----- -MFICAQAwBQYDK2VwBCIEIPUBUd1CTNITOelSbDQlzuGA30xv42CVcvpe92sq7N+o -oSIEIIgura+qJ+c7nKcbmd2OK5+dL++bfwkNtP5Cs9JL+nwO ------END EDDSA PRIVATE KEY----- +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEA6bNvfHCKq8pUIE5kdjwaT/f6Xkr/89u5ZC0QpQxaP9o= +-----END PUBLIC KEY----- diff --git a/certs/ed25519/root-ed25519-priv.der b/certs/ed25519/root-ed25519-priv.der index 2c51356ebb0eb545e7f864d451020abeb03b2454..3cab31329708a25d6e883a683f35158b2ed89fd7 100644 GIT binary patch literal 48 zcmXreV`5}5U}a<0PAyvzYp_}Bg| F001vA5qkgt literal 48 zcmXreV`5}5U}a<0PAyk) E08z*jBme*a diff --git a/certs/ed25519/root-ed25519-priv.pem b/certs/ed25519/root-ed25519-priv.pem index 18efe8f48..6f725f119 100644 --- a/certs/ed25519/root-ed25519-priv.pem +++ b/certs/ed25519/root-ed25519-priv.pem @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIPUBUd1CTNITOelSbDQlzuGA30xv42CVcvpe92sq7N+o +MC4CAQAwBQYDK2VwBCIEIFcyr6XNVwsNpxIoY6ENIWmuvF/LJs2xkuvuxmoPrf1w -----END PRIVATE KEY----- diff --git a/certs/ed25519/root-ed25519.der b/certs/ed25519/root-ed25519.der index 3e481a16b84c2740e8cd80de16c5303b13893987..76117a27ebeb223b118cdc3eefd3bdef8aaa363f 100644 GIT binary patch literal 613 zcmXqLVoEe*2>D;u+RYJoxHTtjXH zPB!LH7B*p~&|pIW13nOkgNNNWKd&S)FA*lf&cp7MUzM7hm}e+qAO=#y#lv5opOY3G z>=W;rVq|J+XlW>FAPkb>=HUs-&o9x12}3n7^YE9Km+OHv6&L5|CFkcF${WbCacZ@B zw0-AgvgFg09u4LKOT`%50?kzyFH!`v3X%&J= zCi_uV*0;pt#tiGQ_nSpN-!qU0Nh`BR7>G4sSHKTaAk4`4pM}+cnUV27I67tdK>{qy zOpI+X=QuLBe2-mwAR~@v{n5L(mi#pFH}>Crd-pc8^e?{2OA}x0n6dr&<)H50rxK^% cHVI8$q5eWiY}?9@y?j3|hH#$>{<8+GY|PrJ1qO{X4Y>_C*_cCF z*o2uvgAD}?_&^*E9(LdSypqJcM3@LW54%%-RcdZxo*}ORH%JW&4@*#fehEwg7Y}=R zeok6&un$axn}^-i#mLmu(9%%CKn$dXnTNl;yj%~YuDCcyFF8NgP|`pgB*V%ekeQd3 z?|>v_pd`U>WME`yU}RuvXlZI-U=jruFb0W11qQYIwV;8_tjN%zw|4z1_2<@emP^mP z+owH$uKxSk^_;w0{yA;FpONuD3kx$7<1v_992wqR&DlTo zPp9SU9Y)_p*`C~Cy7JN9vrzTbT08Jeb A`%1*2yZc3Q<-S1km2)LuX!Vuw1+m`KPu{#xCD)K` qp%RNi_vii}|6hJdwKR$Qs#LQ*{%@_Wdg&g+r?W1<`}Ep;y#@gBPb1|3 diff --git a/certs/ed25519/server-ed25519-key.pem b/certs/ed25519/server-ed25519-key.pem index b64ae01fe..f99c16453 100644 --- a/certs/ed25519/server-ed25519-key.pem +++ b/certs/ed25519/server-ed25519-key.pem @@ -1,4 +1,3 @@ ------BEGIN EDDSA PRIVATE KEY----- -MFICAQAwBQYDK2VwBCIEIHyd6hRAi4voY3m+UTepnRnoKo50DlIF3i9js6EkbTEG -oSIEIIvzj/j/6fRlOTRe9SJ8t1/9fS0ndbwx5ZrT7vLrN68o ------END EDDSA PRIVATE KEY----- +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAI6pNYFDgE9M67av2qcxK/tdNL9JbGhAF71pBJc4bU3g= +-----END PUBLIC KEY----- diff --git a/certs/ed25519/server-ed25519-priv.der b/certs/ed25519/server-ed25519-priv.der index b25e2969d3463476a232de3d6630a7e6bfcf8b12..23acaaf1b5f02af28ad24ab3d37c97c88df44c42 100644 GIT binary patch literal 48 zcmXreV`5}5U}a<0PAy E082v`%1*2yZc3Q<-S1km2)LuX!Vuw1+m`KPu{#xCD)J* E07w20#Q*>R diff --git a/certs/ed25519/server-ed25519-priv.pem b/certs/ed25519/server-ed25519-priv.pem index 20f443f28..9fdbd2ede 100644 --- a/certs/ed25519/server-ed25519-priv.pem +++ b/certs/ed25519/server-ed25519-priv.pem @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIHyd6hRAi4voY3m+UTepnRnoKo50DlIF3i9js6EkbTEG +MC4CAQAwBQYDK2VwBCIEII6YRLBUgcY6R9j7wza/GXBhCSN24xxvgziuSVXFnoci -----END PRIVATE KEY----- diff --git a/certs/ed25519/server-ed25519.der b/certs/ed25519/server-ed25519.der index ce580d991a5ebdbc1f743f6673e468f65575ff9c..dbc551d449348653a05bf35eaafb33acaa067bac 100644 GIT binary patch literal 633 zcmXqLVk$LgVp3ng%*4pV#K>sC%EqjnT42yP+mPFUlZ`o)g-w_#G}utUfDgps;9>X8 z&nrpHON5EA^RPSRSEc4A<{3&Dh=J5_@$i@D=cEM(`^2ZF7@3+HS{e!)2!dp|dAOV% zbzy=~<;*<%<>lpiAT7nkIeN+YxrXuvvTU4MZ60mkc^Nqw#RM|*(()aU6d1^f^BNf% z7#kWGn3-4_7)Oco8W|fJ8JI%3295Kn>3VSkQHbmLf>VpiQj4hJ11)GkGb=JEukuX@ zcp!Y)>h0=pE6;fSyY8!hDOyT^^?j71>N)A)ip7nc290e7vTV$uvV1IJEFz0F8=p_e z-?|FRx&y9s^`<&T}PedGc<2v}!*Z#L{#j~;qwR6`aL*E?T dx`p-a&nwe2)2``AJ4Xe^>=V$KdSu#q1^{6>uN(jX literal 586 zcmXqLVsbNRV*IgynTe5!Nx)gbHTmmp6H{>?pWMd9x zVH0Kw4K@@o-~(|uc-VdO^GXu)5@90jJnT;SRjIj&c`ywuJWS4xFljCx_VWCkwBTSL zm6j;C*BnA~QXq*Xi4Dqh#HQ)wW$-=|plbV9zTKjm1F*0S2;c%%QS;EMhDo znxBN%ANs%S;)&liGxYfc^(;~r^%=;6q?K7D48$5l^169X>O?vxtY2!>n)9{f^RAHD zXTb3$%g@O8pM`~)iR}Q)c1MQAzu97hmLKVU(U7q_bi326wO+Zp77-5Hw6u5e^ls~U n6;OF^`}zrE~$E*{$lcL)!J2iG}a^*YLw1Rk>&*e4=|>H diff --git a/certs/ed25519/server-ed25519.pem b/certs/ed25519/server-ed25519.pem index d9d035a52..d8d2277e7 100644 --- a/certs/ed25519/server-ed25519.pem +++ b/certs/ed25519/server-ed25519.pem @@ -1,30 +1,99 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: ED25519 + Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Validity + Not Before: Mar 10 06:49:03 2021 GMT + Not After : Dec 5 06:49:03 2023 GMT + Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Server-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: ED25519 + ED25519 Public-Key: + pub: + 23:aa:4d:60:50:e0:13:d3:3a:ed:ab:f6:a9:cc:4a: + fe:d7:4d:2f:d2:5b:1a:10:05:ef:5a:41:25:ce:1b: + 53:78 + X509v3 extensions: + X509v3 Subject Key Identifier: + A3:29:81:E7:90:6F:B9:60:F8:AF:CC:15:7A:AE:D7:A1:F4:B4:86:BA + X509v3 Authority Key Identifier: + keyid:74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9 + + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Netscape Cert Type: + SSL Server + Signature Algorithm: ED25519 + f3:c2:ef:8b:55:65:4f:bc:e3:df:fc:d8:a1:ad:8e:43:07:73: + c8:58:c3:46:0a:c1:f1:4d:3f:fb:3d:78:e6:76:58:26:ce:d7: + 59:55:ec:c5:b5:b4:05:ed:f9:d4:97:69:66:d6:2c:1b:43:5a: + 51:5c:be:10:28:95:c4:96:af:00 -----BEGIN CERTIFICATE----- -MIICRjCCAfigAwIBAgIQQyBFY/XbM3h5GPnWdnTeajAFBgMrZXAwgZcxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD -VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG -A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t -MCIYDzIwMjEwMjA5MTk1MDA0WhgPMjAyMzAyMTAxOTUwMDRaMIGZMQswCQYDVQQG -EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UE -BAwETGVhZjEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG -A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t -MCowBQYDK2VwAyEAi/OP+P/p9GU5NF71Iny3X/19LSd1vDHlmtPu8us3ryijUjBQ -MB0GA1UdDgQWBBQp8hOvwv+m0cj7fJgvDhEuOGSijjAfBgNVHSMEGDAWgBRuiw3J -LFlDYK+lMoVs9XTzulSbzDAOBgNVHQ8BAf8EBAMCBsAwBQYDK2VwA0EAo/sGXBKn -xIvogGi7VbdCmq1KbS04WEC2Kiu6DI22jOpQecqeUQ+iJ+Ua7tIlSsv0NPqqraq8 -KKxhcSh1nWQbDQ== +MIICdTCCAiegAwIBAgIBATAFBgMrZXAwgZsxCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk +MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMTAzMTAw +NjQ5MDNaFw0yMzEyMDUwNjQ5MDNaMIGfMQswCQYDVQQGEwJVUzEQMA4GA1UECAwH +TW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9lZDI1 +NTE5MRcwFQYDVQQLDA5TZXJ2ZXItZWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCowBQYDK2Vw +AyEAI6pNYFDgE9M67av2qcxK/tdNL9JbGhAF71pBJc4bU3ijgYkwgYYwHQYDVR0O +BBYEFKMpgeeQb7lg+K/MFXqu16H0tIa6MB8GA1UdIwQYMBaAFHTVOBleg7kD+AGK +NTW7iUxJtCPpMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAFBgMrZXADQQDzwu+LVWVP +vOPf/NihrY5DB3PIWMNGCsHxTT/7PXjmdlgmztdZVezFtbQF7fnUl2lm1iwbQ1pR +XL4QKJXElq8A -----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: ED25519 + Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Validity + Not Before: Mar 10 06:49:03 2021 GMT + Not After : Dec 5 06:49:03 2023 GMT + Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: ED25519 + ED25519 Public-Key: + pub: + 42:3b:7a:f9:82:cf:f9:df:19:dd:f3:f0:32:29:6d: + fa:fd:76:4f:68:c2:c2:e0:6c:47:ae:c2:55:68:ac: + 0d:4d + X509v3 extensions: + X509v3 Subject Key Identifier: + 74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9 + X509v3 Authority Key Identifier: + keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: ED25519 + da:fe:58:53:89:43:85:98:35:dc:13:1c:a3:f1:1f:8d:26:be: + b6:a2:fc:b7:fe:9c:b9:35:69:31:7e:d4:b9:11:45:16:a2:29: + 35:a9:74:a7:97:da:7e:71:4f:b1:72:5d:75:17:ac:e3:f6:b8: + ce:1e:e4:8a:95:ba:cd:1d:ce:0d -----BEGIN CERTIFICATE----- -MIICVDCCAgagAwIBAgIQQAiKTYWESER1OSfza785ITAFBgMrZXAwgZkxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD -VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw -FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j -b20wIhgPMjAyMTAyMDkxOTUwMDRaGA8yMDIzMDIxMDE5NTAwNFowgZcxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD -VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG -A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t -MCowBQYDK2VwAyEAqpZ9Z3HX/q2oXxQYvgLQFX6AZLkhe7I/fHRu//WE4oGjYDBe -MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG6LDcksWUNgr6UyhWz1dPO6VJvMMB8G -A1UdIwQYMBaAFBl6CabmJl9fBlLOYyRaj1xxPbt3MA4GA1UdDwEB/wQEAwIBxjAF -BgMrZXADQQC7w3pxbsKWWTZl1BQDkNAauSRVUoKYgLK67OcsHMYTpbjNLan5jeT+ -3z62i4fbzNBLDJD89XUSjtqQt1LRoE0F +MIICTDCCAf6gAwIBAgIBATAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX0Vk +MjU1MTkxFTATBgNVBAsMDFJvb3QtRWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIxMDMx +MDA2NDkwM1oXDTIzMTIwNTA2NDkwM1owgZsxCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk +MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAqMAUGAytlcAMh +AEI7evmCz/nfGd3z8DIpbfr9dk9owsLgbEeuwlVorA1No2MwYTAdBgNVHQ4EFgQU +dNU4GV6DuQP4AYo1NbuJTEm0I+kwHwYDVR0jBBgwFoAU+rpbdh3xHR1NdEjYmDtW +77MU894wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VwA0EA +2v5YU4lDhZg13BMco/EfjSa+tqL8t/6cuTVpMX7UuRFFFqIpNal0p5fafnFPsXJd +dRes4/a4zh7kipW6zR3ODQ== -----END CERTIFICATE----- diff --git a/src/internal.c b/src/internal.c index d5d56c36a..db890a72a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -24108,9 +24108,14 @@ int SendClientKeyExchange(WOLFSSL* ssl) } else #endif + #ifdef HAVE_ECC if (ssl->ctx->EccSharedSecretCb != NULL) { break; } + else + #endif + { + } #endif /* HAVE_PK_CALLBACKS */ #ifdef HAVE_CURVE25519 diff --git a/tests/test-ed25519.conf b/tests/test-ed25519.conf index 342a476b6..d6cc898e7 100644 --- a/tests/test-ed25519.conf +++ b/tests/test-ed25519.conf @@ -2,7 +2,7 @@ -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem --k ./certs/ed25519/server-ed25519-key.pem +-k ./certs/ed25519/server-ed25519-priv.pem -d # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 @@ -28,7 +28,7 @@ -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem --k ./certs/ed25519/server-ed25519-key.pem +-k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem -V # Remove -V when CRL for ED25519 certificates available. @@ -37,7 +37,7 @@ -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/ed25519/client-ed25519.pem --k ./certs/ed25519/client-ed25519-key.pem +-k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem -C @@ -45,7 +45,7 @@ -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem --k ./certs/ed25519/server-ed25519-key.pem +-k ./certs/ed25519/server-ed25519-priv.pem -d # client TLSv1.3 TLS13-AES128-GCM-SHA256 @@ -59,7 +59,7 @@ -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem --k ./certs/ed25519/server-ed25519-key.pem +-k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem -V # Remove -V when CRL for ED25519 certificates available. @@ -68,7 +68,7 @@ -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/client-ed25519.pem --k ./certs/ed25519/client-ed25519-key.pem +-k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem -C diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 1091d3f48..f68eaa4f8 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -56,6 +56,10 @@ static THREAD_RETURN simple_test(func_args*); #else static void simple_test(func_args*); #endif +static int test_tls(func_args* server_args); +static void show_ciphers(void); +static void cleanup_output(void); +static int validate_cleanup_output(void); enum { NUMARGS = 3 @@ -79,6 +83,7 @@ char* myoptarg = NULL; #endif /* NO_TESTSUITE_MAIN_DRIVER */ #ifdef HAVE_STACK_SIZE +/* Wrap TLS echo client to free thread locals. */ static void *echoclient_test_wrapper(void* args) { echoclient_test(args); @@ -108,8 +113,9 @@ int testsuite_test(int argc, char** argv) int num = 6; #endif #ifdef HAVE_STACK_SIZE - void *serverThreadStackContext = 0; + void *serverThreadStackContext = NULL; #endif + int ret; #ifdef HAVE_WNR if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0) { @@ -158,94 +164,42 @@ int testsuite_test(int argc, char** argv) if (server_args.return_code != 0) return server_args.return_code; /* Echo input wolfSSL client server test */ #ifdef HAVE_STACK_SIZE - StackSizeCheck_launch(&server_args, echoserver_test, &serverThread, &serverThreadStackContext); + StackSizeCheck_launch(&server_args, echoserver_test, &serverThread, + &serverThreadStackContext); #else start_thread(echoserver_test, &server_args, &serverThread); #endif - wait_tcp_ready(&server_args); - { - func_args echo_args; - char* myArgv[NUMARGS]; - char arg[3][32]; + /* Create unique file name */ + outputName = mymktemp(tempName, len, num); + if (outputName == NULL) { + printf("Could not create unique file name"); + return EXIT_FAILURE; + } - myArgv[0] = arg[0]; - myArgv[1] = arg[1]; - myArgv[2] = arg[2]; + ret = test_tls(&server_args); + if (ret != 0) { + cleanup_output(); + return ret; + } - echo_args.argc = 3; - echo_args.argv = myArgv; - - /* Create unique file name */ - outputName = mymktemp(tempName, len, num); - if (outputName == NULL) { - printf("Could not create unique file name"); - return EXIT_FAILURE; - } - - strcpy(arg[0], "testsuite"); - strcpy(arg[1], "input"); - strcpy(arg[2], outputName); - - /* Share the signal, it has the new port number in it. */ - echo_args.signal = server_args.signal; - - /* make sure OK */ - - #ifdef HAVE_STACK_SIZE - fputs("echoclient_test #1: ", stdout); - StackSizeCheck(&echo_args, echoclient_test_wrapper); - #else - echoclient_test(&echo_args); - #endif - if (echo_args.return_code != 0) return echo_args.return_code; - -#ifdef WOLFSSL_DTLS - wait_tcp_ready(&server_args); + /* Server won't quit unless TLS test has worked. */ +#ifdef HAVE_STACK_SIZE + fputs("reaping echoserver_test: ", stdout); + StackSizeCheck_reap(serverThread, serverThreadStackContext); +#else + join_thread(serverThread); #endif - /* send quit to echoserver */ - echo_args.argc = 2; - strcpy(echo_args.argv[1], "quit"); - - #ifdef HAVE_STACK_SIZE - fputs("echoclient_test #2: ", stdout); - StackSizeCheck(&echo_args, echoclient_test_wrapper); - #else - echoclient_test(&echo_args); - #endif - if (echo_args.return_code != 0) return echo_args.return_code; - #ifdef HAVE_STACK_SIZE - fputs("reaping echoserver_test: ", stdout); - StackSizeCheck_reap(serverThread, serverThreadStackContext); - #else - join_thread(serverThread); - #endif - if (server_args.return_code != 0) return server_args.return_code; + if (server_args.return_code != 0) { + cleanup_output(); + return server_args.return_code; } - /* show ciphers */ - { - char ciphers[WOLFSSL_CIPHER_LIST_MAX_SIZE]; - XMEMSET(ciphers, 0, sizeof(ciphers)); - wolfSSL_get_ciphers(ciphers, sizeof(ciphers)-1); - printf("ciphers = %s\n", ciphers); - } + show_ciphers(); - /* validate output equals input */ - { - #ifndef NO_SHA256 - byte input[WC_SHA256_DIGEST_SIZE]; - byte output[WC_SHA256_DIGEST_SIZE]; - - file_test("input", input); - file_test(outputName, output); - #endif - remove(outputName); - #ifndef NO_SHA256 - if (memcmp(input, output, sizeof(input)) != 0) - return EXIT_FAILURE; - #endif - } + ret = validate_cleanup_output(); + if (ret != 0) + return EXIT_FAILURE; wolfSSL_Cleanup(); FreeTcpReady(&ready); @@ -270,6 +224,114 @@ int testsuite_test(int argc, char** argv) } #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) +/* Perform a basic TLS handshake. + * + * First connection to echo a file. + * Second to tell TLS server to quit. + * + * @param [in,out] server_args Object sent to server thread. + * @return 0 on success. + * @return echoclient error return code on failure. + */ +static int test_tls(func_args* server_args) +{ + func_args echo_args; + char* myArgv[NUMARGS]; + char arg[3][32]; + + /* Set up command line arguments for echoclient to send input file + * and write echoed data to temporary output file. */ + myArgv[0] = arg[0]; + myArgv[1] = arg[1]; + myArgv[2] = arg[2]; + + echo_args.argc = 3; + echo_args.argv = myArgv; + + strcpy(arg[0], "testsuite"); + strcpy(arg[1], "input"); + strcpy(arg[2], outputName); + + /* Share the signal, it has the new port number in it. */ + echo_args.signal = server_args->signal; + + /* Ready to execute client - wait for server to be ready. */ + wait_tcp_ready(server_args); + + /* Do a client TLS connection. */ +#ifdef HAVE_STACK_SIZE + fputs("echoclient_test #1: ", stdout); + StackSizeCheck(&echo_args, echoclient_test_wrapper); +#else + echoclient_test(&echo_args); +#endif + if (echo_args.return_code != 0) + return echo_args.return_code; + +#ifdef WOLFSSL_DTLS + /* Ensure server is ready for UDP data. */ + wait_tcp_ready(server_args); +#endif + + /* Next client connection - send quit to shutdown server. */ + echo_args.argc = 2; + strcpy(echo_args.argv[1], "quit"); + + /* Do a client TLS connection. */ +#ifdef HAVE_STACK_SIZE + fputs("echoclient_test #2: ", stdout); + StackSizeCheck(&echo_args, echoclient_test_wrapper); +#else + echoclient_test(&echo_args); +#endif + if (echo_args.return_code != 0) + return echo_args.return_code; + + return 0; +} + +/* Show cipher suites available. */ +static void show_ciphers() +{ + char ciphers[WOLFSSL_CIPHER_LIST_MAX_SIZE]; + XMEMSET(ciphers, 0, sizeof(ciphers)); + wolfSSL_get_ciphers(ciphers, sizeof(ciphers)-1); + printf("ciphers = %s\n", ciphers); +} + +/* Cleanup temporary output file. */ +static void cleanup_output() +{ + remove(outputName); +} + +/* Validate output equals input using a hash. Remove temporary output file. + * + * @return 0 on success. + * @return 1 on failure. + */ +static int validate_cleanup_output() +{ +#ifndef NO_SHA256 + byte input[WC_SHA256_DIGEST_SIZE]; + byte output[WC_SHA256_DIGEST_SIZE]; + + file_test("input", input); + file_test(outputName, output); +#endif + cleanup_output(); +#ifndef NO_SHA256 + if (memcmp(input, output, sizeof(input)) != 0) + return 1; +#endif + return 0; +} + +/* Simple server. + * + * @param [in] args Object for server data in thread. + * @return Return code. + */ #ifdef HAVE_STACK_SIZE static THREAD_RETURN simple_test(func_args* args) #else @@ -313,13 +375,13 @@ static void simple_test(func_args* args) strcpy(argvc[0], "SimpleClient"); cliArgs.argv = cliArgv; cliArgs.return_code = 0; - #ifndef USE_WINDOWS_API - cliArgs.argc = NUMARGS; - strcpy(argvc[1], "-p"); - snprintf(argvc[2], sizeof(argvc[2]), "%d", svrArgs.signal->port); - #else - cliArgs.argc = 1; - #endif +#ifndef USE_WINDOWS_API + cliArgs.argc = NUMARGS; + strcpy(argvc[1], "-p"); + snprintf(argvc[2], sizeof(argvc[2]), "%d", svrArgs.signal->port); +#else + cliArgs.argc = 1; +#endif client_test(&cliArgs); if (cliArgs.return_code != 0) { @@ -339,6 +401,10 @@ static void simple_test(func_args* args) #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ +/* Wait for the server to be ready for a connection. + * + * @param [in] args Object to send to thread. + */ void wait_tcp_ready(func_args* args) { #if defined(_POSIX_THREADS) && !defined(__MINGW32__) @@ -355,6 +421,12 @@ void wait_tcp_ready(func_args* args) } +/* Start a thread. + * + * @param [in] fun Function to executre in thread. + * @param [in] args Object to send to function in thread. + * @param [out] thread Handle to thread. + */ void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread) { #if defined(_POSIX_THREADS) && !defined(__MINGW32__) @@ -377,6 +449,10 @@ void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread) } +/* Join thread to wait for completion. + * + * @param [in] thread Handle to thread. + */ void join_thread(THREAD_TYPE thread) { #if defined(_POSIX_THREADS) && !defined(__MINGW32__) @@ -400,6 +476,11 @@ void join_thread(THREAD_TYPE thread) #ifndef NO_SHA256 +/* Create SHA-256 hash of the file based on filename. + * + * @param [in] file Name of file. + * @parma [out] check Buffer to hold SHA-256 hash. + */ void file_test(const char* file, byte* check) { FILE* f; @@ -455,16 +536,18 @@ char* myoptarg = NULL; int main(int argc, char** argv) { - func_args server_args; + func_args wolfcrypt_test_args; - server_args.argc = argc; - server_args.argv = argv; + wolfcrypt_test_args.argc = argc; + wolfcrypt_test_args.argv = argv; wolfSSL_Init(); ChangeToWolfRoot(); - wolfcrypt_test(&server_args); - if (server_args.return_code != 0) return server_args.return_code; + /* No TLS - only doing cryptographic algorithm testing. */ + wolfcrypt_test(&wolfcrypt_test_args); + if (wolfcrypt_test_args.return_code != 0) + return wolfcrypt_test_args.return_code; wolfSSL_Cleanup(); printf("\nAll tests passed!\n"); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 7a8a87765..95a48d7b8 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2978,31 +2978,31 @@ struct WOLFSSL_CTX { CallbackEccSign EccSignCb; /* User EccSign Callback handler */ CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */ CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */ - #ifdef HAVE_ED25519 - /* User Ed25519Sign Callback handler */ - CallbackEd25519Sign Ed25519SignCb; - /* User Ed25519Verify Callback handler */ - CallbackEd25519Verify Ed25519VerifyCb; - #endif - #ifdef HAVE_CURVE25519 - /* User X25519 KeyGen Callback Handler */ - CallbackX25519KeyGen X25519KeyGenCb; - /* User X25519 SharedSecret Callback handler */ - CallbackX25519SharedSecret X25519SharedSecretCb; - #endif - #ifdef HAVE_ED448 - /* User Ed448Sign Callback handler */ - CallbackEd448Sign Ed448SignCb; - /* User Ed448Verify Callback handler */ - CallbackEd448Verify Ed448VerifyCb; - #endif - #ifdef HAVE_CURVE448 - /* User X448 KeyGen Callback Handler */ - CallbackX448KeyGen X448KeyGenCb; - /* User X448 SharedSecret Callback handler */ - CallbackX448SharedSecret X448SharedSecretCb; - #endif #endif /* HAVE_ECC */ + #ifdef HAVE_ED25519 + /* User Ed25519Sign Callback handler */ + CallbackEd25519Sign Ed25519SignCb; + /* User Ed25519Verify Callback handler */ + CallbackEd25519Verify Ed25519VerifyCb; + #endif + #ifdef HAVE_CURVE25519 + /* User X25519 KeyGen Callback Handler */ + CallbackX25519KeyGen X25519KeyGenCb; + /* User X25519 SharedSecret Callback handler */ + CallbackX25519SharedSecret X25519SharedSecretCb; + #endif + #ifdef HAVE_ED448 + /* User Ed448Sign Callback handler */ + CallbackEd448Sign Ed448SignCb; + /* User Ed448Verify Callback handler */ + CallbackEd448Verify Ed448VerifyCb; + #endif + #ifdef HAVE_CURVE448 + /* User X448 KeyGen Callback Handler */ + CallbackX448KeyGen X448KeyGenCb; + /* User X448 SharedSecret Callback handler */ + CallbackX448SharedSecret X448SharedSecretCb; + #endif #ifndef NO_DH CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */ #endif @@ -4358,27 +4358,27 @@ struct WOLFSSL { #endif #ifdef HAVE_PK_CALLBACKS #ifdef HAVE_ECC - void* EccKeyGenCtx; /* EccKeyGen Callback Context */ - void* EccSignCtx; /* Ecc Sign Callback Context */ - void* EccVerifyCtx; /* Ecc Verify Callback Context */ - void* EccSharedSecretCtx; /* Ecc Pms Callback Context */ - #ifdef HAVE_ED25519 - void* Ed25519SignCtx; /* ED25519 Sign Callback Context */ - void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */ - #endif - #ifdef HAVE_CURVE25519 - void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */ - void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */ - #endif - #ifdef HAVE_ED448 - void* Ed448SignCtx; /* ED448 Sign Callback Context */ - void* Ed448VerifyCtx; /* ED448 Verify Callback Context */ - #endif - #ifdef HAVE_CURVE448 - void* X448KeyGenCtx; /* X448 KeyGen Callback Context */ - void* X448SharedSecretCtx; /* X448 Pms Callback Context */ - #endif + void* EccKeyGenCtx; /* EccKeyGen Callback Context */ + void* EccSignCtx; /* Ecc Sign Callback Context */ + void* EccVerifyCtx; /* Ecc Verify Callback Context */ + void* EccSharedSecretCtx; /* Ecc Pms Callback Context */ #endif /* HAVE_ECC */ + #ifdef HAVE_ED25519 + void* Ed25519SignCtx; /* ED25519 Sign Callback Context */ + void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */ + #endif + #ifdef HAVE_CURVE25519 + void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */ + void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */ + #endif + #ifdef HAVE_ED448 + void* Ed448SignCtx; /* ED448 Sign Callback Context */ + void* Ed448VerifyCtx; /* ED448 Verify Callback Context */ + #endif + #ifdef HAVE_CURVE448 + void* X448KeyGenCtx; /* X448 KeyGen Callback Context */ + void* X448SharedSecretCtx; /* X448 Pms Callback Context */ + #endif #ifndef NO_DH void* DhAgreeCtx; /* DH Pms Callback Context */ #endif /* !NO_DH */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 8532125d7..24f5c5ced 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -3084,6 +3084,8 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, return ret; } +#endif /* HAVE_ECC */ + #ifdef HAVE_ED25519 static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) @@ -3406,8 +3408,6 @@ static WC_INLINE int myX448SharedSecret(WOLFSSL* ssl, curve448_key* otherKey, } #endif /* HAVE_CURVE448 */ -#endif /* HAVE_ECC */ - #ifndef NO_DH static WC_INLINE int myDhCallback(WOLFSSL* ssl, struct DhKey* key, const unsigned char* priv, unsigned int privSz,