From 409126a97c4412a286c0c7865cb58c21a97c47c3 Mon Sep 17 00:00:00 2001 From: Ludovic FLAMENT Date: Sat, 1 Aug 2015 18:28:18 +0200 Subject: [PATCH 01/14] add support for curve 25519 and Ed25519 in OpenSSH refactor curve25519 and Ed25519 code fix warning in PEM_xxx_mem_xxx functions --- configure.ac | 10 + cyassl/openssl/ec25519.h | 3 + cyassl/openssl/ed25519.h | 3 + cyassl/openssl/include.am | 2 + src/ssl.c | 323 ++++++++++++++++++++++++++++++++- wolfcrypt/src/curve25519.c | 310 +++++++++++++++++++++---------- wolfcrypt/src/ed25519.c | 278 ++++++++++++++++++---------- wolfcrypt/src/fe_operations.c | 21 ++- wolfcrypt/test/test.c | 21 +++ wolfssl/openssl/ec25519.h | 23 +++ wolfssl/openssl/ed25519.h | 26 +++ wolfssl/openssl/include.am | 2 + wolfssl/openssl/pem.h | 6 +- wolfssl/wolfcrypt/curve25519.h | 43 ++++- wolfssl/wolfcrypt/ed25519.h | 21 ++- 15 files changed, 888 insertions(+), 204 deletions(-) create mode 100644 cyassl/openssl/ec25519.h create mode 100644 cyassl/openssl/ed25519.h create mode 100644 wolfssl/openssl/ec25519.h create mode 100644 wolfssl/openssl/ed25519.h diff --git a/configure.ac b/configure.ac index 718675ae9..ab7614d31 100644 --- a/configure.ac +++ b/configure.ac @@ -733,6 +733,11 @@ AC_ARG_ENABLE([curve25519], ) +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_CURVE25519="yes" +fi + if test "$ENABLED_CURVE25519" = "small" then AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL" @@ -758,6 +763,11 @@ AC_ARG_ENABLE([ed25519], ) +if test "$ENABLED_OPENSSH" = "yes" +then + ENABLED_ED25519="yes" +fi + if test "$ENABLED_ED25519" = "small" then AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL" diff --git a/cyassl/openssl/ec25519.h b/cyassl/openssl/ec25519.h new file mode 100644 index 000000000..6ee894506 --- /dev/null +++ b/cyassl/openssl/ec25519.h @@ -0,0 +1,3 @@ +/* ec25519.h */ + +#include diff --git a/cyassl/openssl/ed25519.h b/cyassl/openssl/ed25519.h new file mode 100644 index 000000000..240cbcaaf --- /dev/null +++ b/cyassl/openssl/ed25519.h @@ -0,0 +1,3 @@ +/* ed25519.h */ + +#include diff --git a/cyassl/openssl/include.am b/cyassl/openssl/include.am index 88950eeec..f5c3c56e9 100644 --- a/cyassl/openssl/include.am +++ b/cyassl/openssl/include.am @@ -13,6 +13,8 @@ nobase_include_HEADERS+= \ cyassl/openssl/ecdsa.h \ cyassl/openssl/ecdh.h \ cyassl/openssl/ec.h \ + cyassl/openssl/ec25519.h \ + cyassl/openssl/ed25519.h \ cyassl/openssl/engine.h \ cyassl/openssl/err.h \ cyassl/openssl/evp.h \ diff --git a/src/ssl.c b/src/ssl.c index 5b7cc6f5e..5fe562526 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -48,6 +48,8 @@ #include #include #include + #include + #include #include #include /* openssl headers end, wolfssl internal headers next */ @@ -57,6 +59,8 @@ #include #include #include + #include + #include #ifdef WOLFSSL_SHA512 #include #endif @@ -12632,8 +12636,7 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa) return SSL_FAILURE; } - if (dsa->inSet == 0) - { + if (dsa->inSet == 0) { WOLFSSL_MSG("No DSA internal set, do it"); if (SetDsaInternal(dsa) != SSL_SUCCESS) { @@ -13493,7 +13496,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, */ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, - byte **pem, int *plen) + unsigned char **pem, int *plen) { byte *der, *tmp, *cipherInfo = NULL; int der_max_len = 0, derSz = 0; @@ -14864,7 +14867,7 @@ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ecc, int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, - byte **pem, int *plen) + unsigned char **pem, int *plen) { byte *der, *tmp, *cipherInfo = NULL; int der_max_len = 0, derSz = 0; @@ -15037,7 +15040,7 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa, int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, - byte **pem, int *plen) + unsigned char **pem, int *plen) { byte *der, *tmp, *cipherInfo = NULL; int der_max_len = 0, derSz = 0; @@ -16327,3 +16330,313 @@ const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen) return sess->sessionID; } #endif /* OPENSSL_EXTRA and HAVE_STUNNEL */ + +#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519) +/* return 1 if success, 0 if error + * output keys are little endian format + */ +int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz) +{ +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); + return SSL_FAILURE; +#else /* WOLFSSL_KEY_GEN */ + int ret = SSL_FAILURE; + int initTmpRng = 0; + RNG *rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + RNG *tmpRNG = NULL; +#else + RNG tmpRNG[1]; +#endif + + WOLFSSL_ENTER("wolfSSL_EC25519_generate_key"); + + if (priv == NULL || privSz == NULL || *privSz < CURVE25519_KEYSIZE || + pub == NULL || pubSz == NULL || *pubSz < CURVE25519_KEYSIZE) { + WOLFSSL_MSG("Bad arguments"); + return SSL_FAILURE; + } + +#ifdef WOLFSSL_SMALL_STACK + tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmpRNG == NULL) + return SSL_FAILURE; +#endif + if (wc_InitRng(tmpRNG) == 0) { + rng = tmpRNG; + initTmpRng = 1; + } + else { + WOLFSSL_MSG("Bad RNG Init, trying global"); + if (initGlobalRNG == 0) + WOLFSSL_MSG("Global RNG no Init"); + else + rng = &globalRNG; + } + + if (rng) { + curve25519_key key; + + if (wc_curve25519_init(&key) != MP_OKAY) + WOLFSSL_MSG("wc_curve25519_init failed"); + else if (wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, &key)!=MP_OKAY) + WOLFSSL_MSG("wc_curve25519_make_key failed"); + /* export key pair */ + else if (wc_curve25519_export_key_raw_ex(&key, priv, privSz, pub, + pubSz, EC25519_LITTLE_ENDIAN) + != MP_OKAY) + WOLFSSL_MSG("wc_curve25519_export_key_raw_ex failed"); + else + ret = SSL_SUCCESS; + + wc_curve25519_free(&key); + } + + if (initTmpRng) + wc_FreeRng(tmpRNG); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +#endif /* WOLFSSL_KEY_GEN */ +} + +/* return 1 if success, 0 if error + * input and output keys are little endian format + */ +int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz, + const unsigned char *priv, unsigned int privSz, + const unsigned char *pub, unsigned int pubSz) +{ +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); + return SSL_FAILURE; +#else /* WOLFSSL_KEY_GEN */ + int ret = SSL_FAILURE; + curve25519_key privkey, pubkey; + + WOLFSSL_ENTER("wolfSSL_EC25519_shared_key"); + + if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE25519_KEYSIZE || + priv == NULL || privSz < CURVE25519_KEYSIZE || + pub == NULL || pubSz < CURVE25519_KEYSIZE) { + WOLFSSL_MSG("Bad arguments"); + return SSL_FAILURE; + } + + /* import private key */ + if (wc_curve25519_init(&privkey) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_init privkey failed"); + return ret; + } + if (wc_curve25519_import_private_ex(priv, privSz, &privkey, + EC25519_LITTLE_ENDIAN) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_import_private_ex failed"); + wc_curve25519_free(&privkey); + return ret; + } + + /* import public key */ + if (wc_curve25519_init(&pubkey) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_init pubkey failed"); + wc_curve25519_free(&privkey); + return ret; + } + if (wc_curve25519_import_public_ex(pub, pubSz, &pubkey, + EC25519_LITTLE_ENDIAN) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_import_public_ex failed"); + wc_curve25519_free(&privkey); + wc_curve25519_free(&pubkey); + return ret; + } + + if (wc_curve25519_shared_secret_ex(&privkey, &pubkey, + shared, sharedSz, + EC25519_LITTLE_ENDIAN) != MP_OKAY) + WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed"); + else + ret = SSL_SUCCESS; + + wc_curve25519_free(&privkey); + wc_curve25519_free(&pubkey); + + return ret; +#endif /* WOLFSSL_KEY_GEN */ +} +#endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */ + +#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519) +/* return 1 if success, 0 if error + * output keys are little endian format + */ +int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz) +{ +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); + return SSL_FAILURE; +#else /* WOLFSSL_KEY_GEN */ + int ret = SSL_FAILURE; + int initTmpRng = 0; + RNG *rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + RNG *tmpRNG = NULL; +#else + RNG tmpRNG[1]; +#endif + + WOLFSSL_ENTER("wolfSSL_ED25519_generate_key"); + + if (priv == NULL || privSz == NULL || *privSz < ED25519_PRV_KEY_SIZE || + pub == NULL || pubSz == NULL || *pubSz < ED25519_PUB_KEY_SIZE) { + WOLFSSL_MSG("Bad arguments"); + return SSL_FAILURE; + } + +#ifdef WOLFSSL_SMALL_STACK + tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmpRNG == NULL) + return SSL_FATAL_ERROR; +#endif + if (wc_InitRng(tmpRNG) == 0) { + rng = tmpRNG; + initTmpRng = 1; + } + else { + WOLFSSL_MSG("Bad RNG Init, trying global"); + if (initGlobalRNG == 0) + WOLFSSL_MSG("Global RNG no Init"); + else + rng = &globalRNG; + } + + if (rng) { + ed25519_key key; + + if (wc_ed25519_init(&key) != MP_OKAY) + WOLFSSL_MSG("wc_ed25519_init failed"); + else if (wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &key)!=MP_OKAY) + WOLFSSL_MSG("wc_ed25519_make_key failed"); + /* export private key */ + else if (wc_ed25519_export_key(&key, priv, privSz, pub, pubSz)!=MP_OKAY) + WOLFSSL_MSG("wc_ed25519_export_key failed"); + else + ret = SSL_SUCCESS; + + wc_ed25519_free(&key); + } + + if (initTmpRng) + wc_FreeRng(tmpRNG); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +#endif /* WOLFSSL_KEY_GEN */ +} + +/* return 1 if success, 0 if error + * input and output keys are little endian format + * priv is a buffer containing private and public part of key + */ +int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz, + const unsigned char *priv, unsigned int privSz, + unsigned char *sig, unsigned int *sigSz) +{ +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); + return SSL_FAILURE; +#else /* WOLFSSL_KEY_GEN */ + ed25519_key key; + int ret = SSL_FAILURE; + + WOLFSSL_ENTER("wolfSSL_ED25519_sign"); + + if (priv == NULL || privSz != ED25519_PRV_KEY_SIZE || + msg == NULL || sig == NULL || *sigSz < ED25519_SIG_SIZE) { + WOLFSSL_MSG("Bad arguments"); + return SSL_FAILURE; + } + + /* import key */ + if (wc_ed25519_init(&key) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_init failed"); + return ret; + } + if (wc_ed25519_import_private_key(priv, privSz/2, + priv+(privSz/2), ED25519_PUB_KEY_SIZE, + &key) != MP_OKAY){ + WOLFSSL_MSG("wc_ed25519_import_private failed"); + wc_ed25519_free(&key); + return ret; + } + + if (wc_ed25519_sign_msg(msg, msgSz, sig, sigSz, &key) != MP_OKAY) + WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed"); + else + ret = SSL_SUCCESS; + + wc_ed25519_free(&key); + + return ret; +#endif /* WOLFSSL_KEY_GEN */ +} + +/* return 1 if success, 0 if error + * input and output keys are little endian format + * pub is a buffer containing public part of key + */ +int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz, + const unsigned char *pub, unsigned int pubSz, + const unsigned char *sig, unsigned int sigSz) +{ +#ifndef WOLFSSL_KEY_GEN + WOLFSSL_MSG("No Key Gen built in"); + return SSL_FAILURE; +#else /* WOLFSSL_KEY_GEN */ + ed25519_key key; + int ret = SSL_FAILURE, check = 0; + + WOLFSSL_ENTER("wolfSSL_ED25519_verify"); + + if (pub == NULL || pubSz != ED25519_PUB_KEY_SIZE || + msg == NULL || sig == NULL || sigSz != ED25519_SIG_SIZE) { + WOLFSSL_MSG("Bad arguments"); + return SSL_FAILURE; + } + + /* import key */ + if (wc_ed25519_init(&key) != MP_OKAY) { + WOLFSSL_MSG("wc_curve25519_init failed"); + return ret; + } + if (wc_ed25519_import_public(pub, pubSz, &key) != MP_OKAY){ + WOLFSSL_MSG("wc_ed25519_import_public failed"); + wc_ed25519_free(&key); + return ret; + } + + if ((ret = wc_ed25519_verify_msg((byte*)sig, sigSz, msg, msgSz, + &check, &key)) != MP_OKAY) { + WOLFSSL_MSG("wc_ed25519_verify_msg failed"); + fprintf(stderr, "err code = %d, sigSz=%d, msgSz=%d\n", ret, sigSz, msgSz); + } + else if (!check) + WOLFSSL_MSG("wc_ed25519_verify_msg failed (signature invalid)"); + else + ret = SSL_SUCCESS; + + wc_ed25519_free(&key); + + return ret; +#endif /* WOLFSSL_KEY_GEN */ +} + +#endif /* OPENSSL_EXTRA && HAVE_ED25519 */ + diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index b745a046c..2380e371e 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -46,94 +46,96 @@ const curve25519_set_type curve25519_sets[] = { }; - int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key) { - unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; - unsigned char n[CURVE25519_KEYSIZE]; - unsigned char p[CURVE25519_KEYSIZE]; - int i; - int ret; + unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; + int ret; - if (key == NULL || rng == NULL) - return ECC_BAD_ARG_E; + if (key == NULL || rng == NULL) + return BAD_FUNC_ARG; - /* currently only a key size of 32 bytes is used */ - if (keysize != CURVE25519_KEYSIZE) - return ECC_BAD_ARG_E; + /* currently only a key size of 32 bytes is used */ + if (keysize != CURVE25519_KEYSIZE) + return ECC_BAD_ARG_E; - /* get random number from RNG */ - ret = wc_RNG_GenerateBlock(rng, n, keysize); - if (ret != 0) - return ret; + /* random number for private key */ + ret = wc_RNG_GenerateBlock(rng, key->k.point, keysize); + if (ret != 0) + return ret; - for (i = 0; i < keysize; ++i) key->k.point[i] = n[i]; - key->k.point[ 0] &= 248; - key->k.point[31] &= 127; - key->k.point[31] |= 64; + /* Clamp the private key */ + key->k.point[0] &= 248; + key->k.point[CURVE25519_KEYSIZE-1] &= 63; /* same &=127 because |=64 after */ + key->k.point[CURVE25519_KEYSIZE-1] |= 64; - /* compute public key */ - ret = curve25519(p, key->k.point, basepoint); + /* compute public key */ + ret = curve25519(key->p.point, key->k.point, basepoint); + if (ret != 0) { + ForceZero(key->k.point, keysize); + ForceZero(key->p.point, keysize); + return ret; + } - /* store keys in big endian format */ - for (i = 0; i < keysize; ++i) n[i] = key->k.point[i]; - for (i = 0; i < keysize; ++i) { - key->p.point[keysize - i - 1] = p[i]; - key->k.point[keysize - i - 1] = n[i]; - } - - ForceZero(n, keysize); - ForceZero(p, keysize); - - return ret; + return ret; } - int wc_curve25519_shared_secret(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen) { - unsigned char k[CURVE25519_KEYSIZE]; - unsigned char p[CURVE25519_KEYSIZE]; + return wc_curve25519_shared_secret_ex(private_key, public_key, + out, outlen, EC25519_BIG_ENDIAN); +} + +int wc_curve25519_shared_secret_ex(curve25519_key* private_key, + curve25519_key* public_key, + byte* out, word32* outlen, int endian) +{ unsigned char o[CURVE25519_KEYSIZE]; int ret = 0; - int i; /* sanity check */ - if (private_key == NULL || public_key == NULL || out == NULL || - outlen == NULL) + if (private_key == NULL || public_key == NULL || + out == NULL || outlen == NULL || *outlen < CURVE25519_KEYSIZE) return BAD_FUNC_ARG; /* avoid implementation fingerprinting */ - if (public_key->p.point[0] > 0x7F) + if (public_key->p.point[CURVE25519_KEYSIZE-1] > 0x7F) return ECC_BAD_ARG_E; - XMEMSET(p, 0, sizeof(p)); - XMEMSET(k, 0, sizeof(k)); - XMEMSET(out, 0, CURVE25519_KEYSIZE); - - for (i = 0; i < CURVE25519_KEYSIZE; ++i) { - p[i] = public_key->p.point [CURVE25519_KEYSIZE - i - 1]; - k[i] = private_key->k.point[CURVE25519_KEYSIZE - i - 1]; + ret = curve25519(o, private_key->k.point, public_key->p.point); + if (ret != 0) { + ForceZero(o, CURVE25519_KEYSIZE); + return ret; } - ret = curve25519(o , k, p); + if (endian == EC25519_BIG_ENDIAN) { + int i; + /* put shared secret key in Big Endian format */ + for (i = 0; i < CURVE25519_KEYSIZE; i++) + out[i] = o[CURVE25519_KEYSIZE - i -1]; + } + else /* put shared secret key in Little Endian format */ + XMEMCPY(out, o, CURVE25519_KEYSIZE); + *outlen = CURVE25519_KEYSIZE; - for (i = 0; i < CURVE25519_KEYSIZE; ++i) { - out[i] = o[CURVE25519_KEYSIZE - i -1]; - } - - ForceZero(p, sizeof(p)); - ForceZero(k, sizeof(k)); ForceZero(o, sizeof(o)); return ret; } - -/* curve25519 uses a serialized string for key representation */ +/* export curve25519 public key (Big endian) + * return 0 on success */ int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen) +{ + return wc_curve25519_export_public_ex(key, out, outLen, EC25519_BIG_ENDIAN); +} + +/* export curve25519 public key (Big or Little endian) + * return 0 on success */ +int wc_curve25519_export_public_ex(curve25519_key* key, byte* out, + word32* outLen, int endian) { word32 keySz; @@ -143,30 +145,59 @@ int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen) /* check size of outgoing key */ keySz = wc_curve25519_size(key); - /* copy in public key */ - XMEMCPY(out, key->p.point, keySz); + /* check and set outgoing key size */ + if (*outLen < keySz) { + *outLen = keySz; + return ECC_BAD_ARG_E; + } *outLen = keySz; + if (endian == EC25519_BIG_ENDIAN) { + int i; + + /* read keys in Big Endian format */ + for (i = 0; i < CURVE25519_KEYSIZE; i++) + out[i] = key->p.point[CURVE25519_KEYSIZE - i - 1]; + } + else + XMEMCPY(out, key->p.point, keySz); + return 0; } -/* import curve25519 public key - return 0 on success */ +/* import curve25519 public key (Big endian) + * return 0 on success */ int wc_curve25519_import_public(const byte* in, word32 inLen, curve25519_key* key) +{ + return wc_curve25519_import_public_ex(in, inLen, key, EC25519_BIG_ENDIAN); +} + +/* import curve25519 public key (Big or Little endian) + * return 0 on success */ +int wc_curve25519_import_public_ex(const byte* in, word32 inLen, + curve25519_key* key, int endian) { word32 keySz; /* sanity check */ if (key == NULL || in == NULL) - return ECC_BAD_ARG_E; + return BAD_FUNC_ARG; /* check size of incoming keys */ keySz = wc_curve25519_size(key); if (inLen != keySz) return ECC_BAD_ARG_E; - XMEMCPY(key->p.point, in, inLen); + if (endian == EC25519_BIG_ENDIAN) { + int i; + + /* read keys in Big Endian format */ + for (i = 0; i < CURVE25519_KEYSIZE; i++) + key->p.point[i] = in[CURVE25519_KEYSIZE - i - 1]; + } + else + XMEMCPY(key->p.point, in, inLen); key->dp = &curve25519_sets[0]; @@ -174,63 +205,159 @@ int wc_curve25519_import_public(const byte* in, word32 inLen, } -/* export curve25519 private key only raw, outLen is in/out size - return 0 on success */ +/* export curve25519 private key only raw (Big endian) + * outLen is in/out size + * return 0 on success */ int wc_curve25519_export_private_raw(curve25519_key* key, byte* out, word32* outLen) +{ + return wc_curve25519_export_private_raw_ex(key, out, outLen, + EC25519_BIG_ENDIAN); +} + +/* export curve25519 private key only raw (Big or Little endian) + * outLen is in/out size + * return 0 on success */ +int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out, + word32* outLen, int endian) { word32 keySz; /* sanity check */ if (key == NULL || out == NULL || outLen == NULL) - return ECC_BAD_ARG_E; + return BAD_FUNC_ARG; + /* check size of outgoing buffer */ keySz = wc_curve25519_size(key); + if (*outLen < keySz) { + *outLen = keySz; + return ECC_BAD_ARG_E; + } *outLen = keySz; - XMEMSET(out, 0, keySz); - XMEMCPY(out, key->k.point, keySz); + + if (endian == EC25519_BIG_ENDIAN) { + int i; + + /* put the key in Big Endian format */ + for (i = 0; i < CURVE25519_KEYSIZE; i++) + out[i] = key->k.point[CURVE25519_KEYSIZE - i - 1]; + } + else + XMEMCPY(out, key->k.point, keySz); return 0; } - -/* curve25519 private key import. - Public key to match private key needs to be imported too */ -int wc_curve25519_import_private_raw(const byte* priv, word32 privSz, - const byte* pub, word32 pubSz, curve25519_key* key) +/* curve25519 key pair export (Big or Little endian) + * return 0 on success */ +int wc_curve25519_export_key_raw(curve25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz) { - int ret = 0; - word32 keySz; + return wc_curve25519_export_key_raw_ex(key, priv, privSz, + pub, pubSz, EC25519_BIG_ENDIAN); +} - /* sanity check */ - if (key == NULL || priv == NULL || pub == NULL) - return ECC_BAD_ARG_E; +/* curve25519 key pair export (Big or Little endian) + * return 0 on success */ +int wc_curve25519_export_key_raw_ex(curve25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz, + int endian) +{ + int ret; - /* check size of incoming keys */ - keySz = wc_curve25519_size(key); - if (privSz != keySz || pubSz != keySz) - return ECC_BAD_ARG_E; + /* export private part */ + ret = wc_curve25519_export_private_raw_ex(key, priv, privSz, endian); + if (ret != 0) + return ret; - XMEMCPY(key->k.point, priv, privSz); - XMEMCPY(key->p.point, pub, pubSz); - - return ret; + /* export public part */ + return wc_curve25519_export_public_ex(key, pub, pubSz, endian); } +/* curve25519 private key import (Big endian) + * Public key to match private key needs to be imported too + * return 0 on success */ +int wc_curve25519_import_private_raw(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, + curve25519_key* key) +{ + return wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz, + key, EC25519_BIG_ENDIAN); +} + +/* curve25519 private key import (Big or Little endian) + * Public key to match private key needs to be imported too + * return 0 on success */ +int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, + curve25519_key* key, int endian) +{ + int ret; + + /* import private part */ + ret = wc_curve25519_import_private_ex(priv, privSz, key, endian); + if (ret != 0) + return ret; + + /* import public part */ + return wc_curve25519_import_public_ex(pub, pubSz, key, endian); +} + +/* curve25519 private key import only. (Big endian) + * return 0 on success */ +int wc_curve25519_import_private(const byte* priv, word32 privSz, + curve25519_key* key) +{ + return wc_curve25519_import_private_ex(priv, privSz, + key, EC25519_BIG_ENDIAN); +} + +/* curve25519 private key import only. (Big or Little endian) + * return 0 on success */ +int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, + curve25519_key* key, int endian) +{ + /* sanity check */ + if (key == NULL || priv == NULL) + return BAD_FUNC_ARG; + + /* check size of incoming keys */ + if ((int)privSz != wc_curve25519_size(key)) + return ECC_BAD_ARG_E; + + if (endian == EC25519_BIG_ENDIAN) { + int i; + + /* read the key in Big Endian format */ + for (i = 0; i < CURVE25519_KEYSIZE; i++) + key->k.point[i] = priv[CURVE25519_KEYSIZE - i - 1]; + } + else + XMEMCPY(key->k.point, priv, privSz); + + key->dp = &curve25519_sets[0]; + + /* Clamp the key */ + key->k.point[0] &= 248; + key->k.point[privSz-1] &= 63; /* same &=127 because |=64 after */ + key->k.point[privSz-1] |= 64; + + return 0; +} + int wc_curve25519_init(curve25519_key* key) { - word32 keySz; - if (key == NULL) - return ECC_BAD_ARG_E; + return BAD_FUNC_ARG; /* currently the format for curve25519 */ key->dp = &curve25519_sets[0]; - keySz = key->dp->size; - XMEMSET(key->k.point, 0, keySz); - XMEMSET(key->p.point, 0, keySz); + XMEMSET(key->k.point, 0, key->dp->size); + XMEMSET(key->p.point, 0, key->dp->size); return 0; } @@ -251,7 +378,8 @@ void wc_curve25519_free(curve25519_key* key) /* get key size */ int wc_curve25519_size(curve25519_key* key) { - if (key == NULL) return 0; + if (key == NULL) + return 0; return key->dp->size; } diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index ba0dcbe53..a66e76353 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -38,14 +38,12 @@ #include #endif - -/* - generate an ed25519 key pair. - returns 0 on success +/* generate an ed25519 key pair. + * returns 0 on success */ int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key) { - byte az[64]; + byte az[ED25519_PRV_KEY_SIZE]; int ret; ge_p3 A; @@ -56,16 +54,25 @@ int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key) if (keySz != ED25519_KEY_SIZE) return BAD_FUNC_ARG; - ret = 0; - ret |= wc_RNG_GenerateBlock(rng, key->k, 32); - ret |= wc_Sha512Hash(key->k, 32, az); - az[0] &= 248; - az[31] &= 63; + ret = wc_RNG_GenerateBlock(rng, key->k, ED25519_KEY_SIZE); + if (ret != 0) + return ret; + ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); + if (ret != 0) { + ForceZero(key->k, ED25519_KEY_SIZE); + return ret; + } + + /* apply clamp */ + az[0] &= 248; + az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */ az[31] |= 64; ge_scalarmult_base(&A, az); ge_p3_tobytes(key->p, &A); - XMEMMOVE(key->k + 32, key->p, 32); + + /* put public key after private key, on the same buffer */ + XMEMMOVE(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE); return ret; } @@ -75,43 +82,54 @@ int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key) in contains the message to sign inlen is the length of the message to sign out is the buffer to write the signature - outlen [in/out] input size of out buf - output gets set as the final length of out + outLen [in/out] input size of out buf + output gets set as the final length of out key is the ed25519 key to use when signing return 0 on success */ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, - word32 *outlen, ed25519_key* key) + word32 *outLen, ed25519_key* key) { ge_p3 R; byte nonce[SHA512_DIGEST_SIZE]; byte hram[SHA512_DIGEST_SIZE]; - byte az[64]; - word32 sigSz; + byte az[ED25519_PRV_KEY_SIZE]; Sha512 sha; - int ret = 0; + int ret; /* sanity check on arguments */ - if (in == NULL || out == NULL || outlen == NULL || key == NULL) + if (in == NULL || out == NULL || outLen == NULL || key == NULL) return BAD_FUNC_ARG; /* check and set up out length */ - ret = 0; - sigSz = wc_ed25519_sig_size(key); - if (*outlen < sigSz) - return BAD_FUNC_ARG; - *outlen = sigSz; + if (*outLen < ED25519_SIG_SIZE) { + *outLen = ED25519_SIG_SIZE; + return BUFFER_E; + } + *outLen = ED25519_SIG_SIZE; /* step 1: create nonce to use where nonce is r in r = H(h_b, ... ,h_2b-1,M) */ - ret |= wc_Sha512Hash(key->k,32,az); + ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); + + /* apply clamp */ az[0] &= 248; - az[31] &= 63; + az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */ az[31] |= 64; - ret |= wc_InitSha512(&sha); - ret |= wc_Sha512Update(&sha, az + 32, 32); - ret |= wc_Sha512Update(&sha, in, inlen); - ret |= wc_Sha512Final(&sha, nonce); + + ret = wc_InitSha512(&sha); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, az + ED25519_KEY_SIZE, ED25519_KEY_SIZE); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, in, inlen); + if (ret != 0) + return ret; + ret = wc_Sha512Final(&sha, nonce); + if (ret != 0) + return ret; + sc_reduce(nonce); /* step 2: computing R = rB where rB is the scalar multiplication of @@ -121,13 +139,24 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, /* step 3: hash R + public key + message getting H(R,A,M) then creating S = (r + H(R,A,M)a) mod l */ - ret |= wc_InitSha512(&sha); - ret |= wc_Sha512Update(&sha, out, 32); - ret |= wc_Sha512Update(&sha, key->p, 32); - ret |= wc_Sha512Update(&sha, in, inlen); - ret |= wc_Sha512Final(&sha, hram); + ret = wc_InitSha512(&sha); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, out, ED25519_SIG_SIZE/2); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, in, inlen); + if (ret != 0) + return ret; + ret = wc_Sha512Final(&sha, hram); + if (ret != 0) + return ret; + sc_reduce(hram); - sc_muladd(out + 32, hram, az, nonce); + sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce); return ret; } @@ -143,11 +172,10 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg, word32 msglen, int* stat, ed25519_key* key) { - byte rcheck[32]; + byte rcheck[ED25519_KEY_SIZE]; byte h[SHA512_DIGEST_SIZE]; ge_p3 A; ge_p2 R; - word32 sigSz; int ret; Sha512 sha; @@ -155,14 +183,11 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg, if (sig == NULL || msg == NULL || stat == NULL || key == NULL) return BAD_FUNC_ARG; - ret = 0; + /* set verification failed by default */ *stat = 0; - sigSz = wc_ed25519_size(key); /* check on basics needed to verify signature */ - if (siglen < sigSz) - return BAD_FUNC_ARG; - if (sig[63] & 224) + if (siglen < ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224)) return BAD_FUNC_ARG; /* uncompress A (public key), test if valid, and negate it */ @@ -170,24 +195,41 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg, return BAD_FUNC_ARG; /* find H(R,A,M) and store it as h */ - ret |= wc_InitSha512(&sha); - ret |= wc_Sha512Update(&sha, sig, 32); - ret |= wc_Sha512Update(&sha, key->p, 32); - ret |= wc_Sha512Update(&sha, msg, msglen); - ret |= wc_Sha512Final(&sha, h); + ret = wc_InitSha512(&sha); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, sig, ED25519_SIG_SIZE/2); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE); + if (ret != 0) + return ret; + ret = wc_Sha512Update(&sha, msg, msglen); + if (ret != 0) + return ret; + ret = wc_Sha512Final(&sha, h); + if (ret != 0) + return ret; + sc_reduce(h); /* Uses a fast single-signature verification SB = R + H(R,A,M)A becomes SB - H(R,A,M)A saving decompression of R */ - ret |= ge_double_scalarmult_vartime(&R, h, &A, sig + 32); + ret = ge_double_scalarmult_vartime(&R, h, &A, sig + (ED25519_SIG_SIZE/2)); + if (ret != 0) + return ret; + ge_tobytes(rcheck, &R); /* comparison of R created to R in sig */ - ret |= ConstantCompare(rcheck, sig, 32); + ret = ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2); + if (ret != 0) + return ret; - *stat = (ret == 0)? 1: 0; + /* set the verification status */ + *stat = 1; return ret; } @@ -222,19 +264,17 @@ void wc_ed25519_free(ed25519_key* key) */ int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen) { - word32 keySz; - /* sanity check on arguments */ if (key == NULL || out == NULL || outLen == NULL) return BAD_FUNC_ARG; - keySz = wc_ed25519_size(key); - if (*outLen < keySz) { - *outLen = keySz; + if (*outLen < ED25519_PUB_KEY_SIZE) { + *outLen = ED25519_PUB_KEY_SIZE; return BUFFER_E; } - *outLen = keySz; - XMEMCPY(out, key->p, keySz); + + *outLen = ED25519_PUB_KEY_SIZE; + XMEMCPY(out, key->p, ED25519_PUB_KEY_SIZE); return 0; } @@ -248,37 +288,35 @@ int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen) */ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key) { - word32 keySz; int ret; /* sanity check on arguments */ if (in == NULL || key == NULL) return BAD_FUNC_ARG; - keySz = wc_ed25519_size(key); - - if (inLen < keySz) + if (inLen < ED25519_PUB_KEY_SIZE) return BAD_FUNC_ARG; /* compressed prefix according to draft http://www.ietf.org/id/draft-koch-eddsa-for-openpgp-02.txt */ - if (in[0] == 0x40) { + if (in[0] == 0x40 && inLen > ED25519_PUB_KEY_SIZE) { /* key is stored in compressed format so just copy in */ - XMEMCPY(key->p, (in + 1), keySz); + XMEMCPY(key->p, (in + 1), ED25519_PUB_KEY_SIZE); return 0; } /* importing uncompressed public key */ - if (in[0] == 0x04) { + if (in[0] == 0x04 && inLen > 2*ED25519_PUB_KEY_SIZE) { /* pass in (x,y) and store compressed key */ - ret = ge_compress_key(key->p, (in+1), (in+1+keySz), keySz); + ret = ge_compress_key(key->p, in+1, + in+1+ED25519_PUB_KEY_SIZE, ED25519_PUB_KEY_SIZE); return ret; } /* if not specified compressed or uncompressed check key size if key size is equal to compressed key size copy in key */ - if (inLen == keySz) { - XMEMCPY(key->p, in, keySz); + if (inLen == ED25519_PUB_KEY_SIZE) { + XMEMCPY(key->p, in, ED25519_PUB_KEY_SIZE); return 0; } @@ -293,77 +331,129 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key) int wc_ed25519_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ed25519_key* key) { - word32 keySz; int ret; /* sanity check on arguments */ if (priv == NULL || pub == NULL || key == NULL) return BAD_FUNC_ARG; - keySz = wc_ed25519_size(key); - /* key size check */ - if (privSz < keySz || pubSz < keySz) + if (privSz < ED25519_KEY_SIZE || pubSz < ED25519_PUB_KEY_SIZE) return BAD_FUNC_ARG; - XMEMCPY(key->k, priv, keySz); + /* import public key */ ret = wc_ed25519_import_public(pub, pubSz, key); - XMEMCPY((key->k + keySz), key->p, keySz); + if (ret != 0) + return ret; + + /* make the private key (priv + pub) */ + XMEMCPY(key->k, priv, ED25519_KEY_SIZE); + XMEMCPY(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE); return ret; } /* - outLen should contain the size of out buffer when input. outLen is than set - to the final output length. - returns 0 on success + export private key only (secret part so 32 bytes) + outLen should contain the size of out buffer when input. outLen is than set + to the final output length. + returns 0 on success */ int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen) { - word32 keySz; - /* sanity checks on arguments */ if (key == NULL || out == NULL || outLen == NULL) return BAD_FUNC_ARG; - keySz = wc_ed25519_size(key); - if (*outLen < keySz) { - *outLen = keySz; + if (*outLen < ED25519_KEY_SIZE) { + *outLen = ED25519_KEY_SIZE; return BUFFER_E; } - *outLen = keySz; - XMEMCPY(out, key->k, keySz); + + *outLen = ED25519_KEY_SIZE; + XMEMCPY(out, key->k, ED25519_KEY_SIZE); return 0; } +/* + export private key, including public part + outLen should contain the size of out buffer when input. outLen is than set + to the final output length. + returns 0 on success + */ +int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen) +{ + /* sanity checks on arguments */ + if (key == NULL || out == NULL || outLen == NULL) + return BAD_FUNC_ARG; -/* is the compressed key size in bytes */ + if (*outLen < ED25519_PRV_KEY_SIZE) { + *outLen = ED25519_PRV_KEY_SIZE; + return BUFFER_E; + } + + *outLen = ED25519_PRV_KEY_SIZE; + XMEMCPY(out, key->k, ED25519_PRV_KEY_SIZE); + + return 0; +} + +/* export full private key and public key + return 0 on success + */ +int wc_ed25519_export_key(ed25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz) +{ + int ret; + + /* export 'full' private part */ + ret = wc_ed25519_export_private(key, priv, privSz); + if (ret != 0) + return ret; + + /* export public part */ + ret = wc_ed25519_export_public(key, pub, pubSz); + + return ret; +} + +/* returns the private key size (secret only) in bytes */ int wc_ed25519_size(ed25519_key* key) { - word32 keySz; - if (key == NULL) return BAD_FUNC_ARG; - keySz = ED25519_KEY_SIZE; - - return keySz; + return ED25519_KEY_SIZE; } +/* returns the private key size (secret + public) in bytes */ +int wc_ed25519_priv_size(ed25519_key* key) +{ + if (key == NULL) + return BAD_FUNC_ARG; + + return ED25519_PRV_KEY_SIZE; +} + +/* returns the compressed key size in bytes (public key) */ +int wc_ed25519_pub_size(ed25519_key* key) +{ + if (key == NULL) + return BAD_FUNC_ARG; + + return ED25519_PUB_KEY_SIZE; +} /* returns the size of signature in bytes */ int wc_ed25519_sig_size(ed25519_key* key) { - word32 sigSz; - if (key == NULL) return BAD_FUNC_ARG; - sigSz = ED25519_SIG_SIZE; - - return sigSz; + return ED25519_SIG_SIZE; } #endif /* HAVE_ED25519 */ diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index da07c951c..d78467e21 100644 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -107,8 +107,9 @@ void fe_0(fe h) int curve25519(byte* q, byte* n, byte* p) { +#if 0 unsigned char e[32]; - unsigned int i; +#endif fe x1; fe x2; fe z2; @@ -120,10 +121,16 @@ int curve25519(byte* q, byte* n, byte* p) unsigned int swap; unsigned int b; - for (i = 0;i < 32;++i) e[i] = n[i]; - e[0] &= 248; - e[31] &= 127; - e[31] |= 64; + /* Clamp already done during key generation and import */ +#if 0 + { + unsigned int i; + for (i = 0;i < 32;++i) e[i] = n[i]; + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + } +#endif fe_frombytes(x1,p); fe_1(x2); @@ -133,7 +140,11 @@ int curve25519(byte* q, byte* n, byte* p) swap = 0; for (pos = 254;pos >= 0;--pos) { +#if 0 b = e[pos / 8] >> (pos & 7); +#else + b = n[pos / 8] >> (pos & 7); +#endif b &= 1; swap ^= b; fe_cswap(x2,x3,swap); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 26ee84d4c..61da86cdf 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -5510,6 +5510,27 @@ int curve25519_test(void) if (XMEMCMP(ss, sharedB, y)) return -1017; + /* test with 1 generated key and 1 from known test vector */ + if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) + != 0) + return -1018; + + if (wc_curve25519_make_key(&rng, 32, &userB) != 0) + return -1019; + + if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) + return -1020; + + if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) + return -1021; + + /* compare shared secret keys to test they are the same */ + if (y != x) + return -1022; + + if (XMEMCMP(sharedA, sharedB, x)) + return -1023; + /* clean up keys when done */ wc_curve25519_free(&pubKey); wc_curve25519_free(&userB); diff --git a/wolfssl/openssl/ec25519.h b/wolfssl/openssl/ec25519.h new file mode 100644 index 000000000..9ae255c6d --- /dev/null +++ b/wolfssl/openssl/ec25519.h @@ -0,0 +1,23 @@ +/* ec25519.h */ + +#ifndef WOLFSSL_EC25519_H_ +#define WOLFSSL_EC25519_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +WOLFSSL_API +int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz); + +WOLFSSL_API +int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz, + const unsigned char *priv, unsigned int privSz, + const unsigned char *pub, unsigned int pubSz); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* header */ diff --git a/wolfssl/openssl/ed25519.h b/wolfssl/openssl/ed25519.h new file mode 100644 index 000000000..8244555df --- /dev/null +++ b/wolfssl/openssl/ed25519.h @@ -0,0 +1,26 @@ +/* ed25519.h */ + +#ifndef WOLFSSL_ED25519_H_ +#define WOLFSSL_ED25519_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +WOLFSSL_API +int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, + unsigned char *pub, unsigned int *pubSz); +WOLFSSL_API +int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz, + const unsigned char *priv, unsigned int privSz, + unsigned char *sig, unsigned int *sigSz); +WOLFSSL_API +int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz, + const unsigned char *pub, unsigned int pubSz, + const unsigned char *sig, unsigned int sigSz); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* header */ diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am index 9d415962f..21d99ef00 100644 --- a/wolfssl/openssl/include.am +++ b/wolfssl/openssl/include.am @@ -13,6 +13,8 @@ nobase_include_HEADERS+= \ wolfssl/openssl/ecdsa.h \ wolfssl/openssl/ecdh.h \ wolfssl/openssl/ec.h \ + wolfssl/openssl/ec25519.h \ + wolfssl/openssl/ed25519.h \ wolfssl/openssl/engine.h \ wolfssl/openssl/err.h \ wolfssl/openssl/evp.h \ diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 7da6074a9..f21525818 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -28,7 +28,7 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, WOLFSSL_API int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - byte **pem, int *plen); + unsigned char **pem, int *plen); WOLFSSL_API WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x, pem_password_cb *cb, void *u); @@ -54,7 +54,7 @@ WOLFSSL_API int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - byte **pem, int *plen); + unsigned char **pem, int *plen); WOLFSSL_API int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x); @@ -73,7 +73,7 @@ WOLFSSL_API int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key, const EVP_CIPHER* cipher, unsigned char* passwd, int len, - byte **pem, int *plen); + unsigned char **pem, int *plen); WOLFSSL_API int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *key); diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 11715775f..ae795baca 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -42,7 +42,8 @@ typedef struct { } curve25519_set_type; -/* ECC point */ +/* ECC point, the internal structure is Little endian + * the mathematical functions used the endianess */ typedef struct { byte point[CURVE25519_KEYSIZE]; }ECPoint; @@ -58,6 +59,11 @@ typedef struct { ECPoint k; /* private key */ } curve25519_key; +enum { + EC25519_LITTLE_ENDIAN=0, + EC25519_BIG_ENDIAN=1 +}; + WOLFSSL_API int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key); @@ -66,6 +72,11 @@ int wc_curve25519_shared_secret(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen); +WOLFSSL_API +int wc_curve25519_shared_secret_ex(curve25519_key* private_key, + curve25519_key* public_key, + byte* out, word32* outlen, int endian); + WOLFSSL_API int wc_curve25519_init(curve25519_key* key); @@ -74,21 +85,49 @@ void wc_curve25519_free(curve25519_key* key); /* raw key helpers */ +WOLFSSL_API +int wc_curve25519_import_private(const byte* priv, word32 privSz, + curve25519_key* key); +WOLFSSL_API +int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, + curve25519_key* key, int endian); + WOLFSSL_API int wc_curve25519_import_private_raw(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, curve25519_key* key); WOLFSSL_API +int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, + curve25519_key* key, int endian); +WOLFSSL_API int wc_curve25519_export_private_raw(curve25519_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out, + word32* outLen, int endian); WOLFSSL_API int wc_curve25519_import_public(const byte* in, word32 inLen, curve25519_key* key); +WOLFSSL_API +int wc_curve25519_import_public_ex(const byte* in, word32 inLen, + curve25519_key* key, int endian); WOLFSSL_API int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_curve25519_export_public_ex(curve25519_key* key, byte* out, + word32* outLen, int endian); - +WOLFSSL_API +int wc_curve25519_export_key_raw(curve25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz); +WOLFSSL_API +int wc_curve25519_export_key_raw_ex(curve25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz, + int endian); /* size helper */ WOLFSSL_API int wc_curve25519_size(curve25519_key* key); diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 6f9a19989..3a8e287b3 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -46,14 +46,17 @@ "-121665/121666", value of d */ -#define ED25519_KEY_SIZE 32 -#define ED25519_SIG_SIZE 64 +#define ED25519_KEY_SIZE 32 /* private key only */ +#define ED25519_SIG_SIZE 64 +#define ED25519_PUB_KEY_SIZE 32 /* compressed */ +/* both private and public key */ +#define ED25519_PRV_KEY_SIZE (ED25519_PUB_KEY_SIZE+ED25519_KEY_SIZE) /* An ED25519 Key */ typedef struct { - byte p[32]; /* compressed public key */ - byte k[64]; /* private key : 32 secret -- 32 public */ + byte p[ED25519_PUB_KEY_SIZE]; /* compressed public key */ + byte k[ED25519_PRV_KEY_SIZE]; /* private key : 32 secret -- 32 public */ } ed25519_key; @@ -78,11 +81,21 @@ WOLFSSL_API int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen); WOLFSSL_API int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen); +WOLFSSL_API +int wc_ed25519_export_key(ed25519_key* key, + byte* priv, word32 *privSz, + byte* pub, word32 *pubSz); /* size helper */ WOLFSSL_API int wc_ed25519_size(ed25519_key* key); WOLFSSL_API +int wc_ed25519_priv_size(ed25519_key* key); +WOLFSSL_API +int wc_ed25519_pub_size(ed25519_key* key); +WOLFSSL_API int wc_ed25519_sig_size(ed25519_key* key); #ifdef __cplusplus From 281ba1c4c5676bd4204511dfb51bd64a1893c964 Mon Sep 17 00:00:00 2001 From: Ludovic FLAMENT Date: Mon, 3 Aug 2015 09:05:02 +0200 Subject: [PATCH 02/14] Fix Curve25519 test --- wolfcrypt/test/test.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 61da86cdf..a451d9d1d 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -5457,9 +5457,11 @@ int curve25519_test(void) return -1003; /* find shared secret key */ + x = sizeof(sharedA); if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) return -1004; + y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) return -1005; @@ -5471,6 +5473,7 @@ int curve25519_test(void) return -1007; /* export a public key and import it for another user */ + x = sizeof(exportBuf); if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0) return -1008; @@ -5479,6 +5482,7 @@ int curve25519_test(void) /* test shared key after importing a public key */ XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) return -1010; @@ -5496,6 +5500,7 @@ int curve25519_test(void) /* test against known test vector */ XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0) return -1014; @@ -5504,6 +5509,7 @@ int curve25519_test(void) /* test swaping roles of keys and generating same shared key */ XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) return -1016; @@ -5518,9 +5524,11 @@ int curve25519_test(void) if (wc_curve25519_make_key(&rng, 32, &userB) != 0) return -1019; + x = sizeof(sharedA); if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) return -1020; + y = sizeof(sharedB); if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) return -1021; From 838a873cf1131d79e050acc1c4010cefd56ecc6d Mon Sep 17 00:00:00 2001 From: Ludovic FLAMENT Date: Thu, 13 Aug 2015 10:20:47 +0200 Subject: [PATCH 03/14] Merge branch 'master' of https://github.com/wolfSSL/wolfssl --- IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp | 12 + .../Projects/CryptBenchmark/benchmark.c | 2 +- IDE/MDK5-ARM/Projects/CryptTest/test.c | 16 +- IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c | 2 +- IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c | 18 +- IDE/MYSQL/CMakeLists_wolfCrypt.txt | 5 +- .../wolfssl-FIPS.xcodeproj/project.pbxproj | 8 + IDE/iOS/wolfssl.xcodeproj/project.pbxproj | 8 + autogen.sh | 12 +- commit-tests.sh | 8 - configure.ac | 132 ++-- examples/client/client.c | 11 +- examples/echoclient/echoclient.c | 4 +- examples/echoserver/echoserver.c | 4 +- examples/server/server.c | 23 +- fips-check.sh | 10 +- mcapi/crypto.c | 14 +- mcapi/mcapi_test.c | 2 +- mplabx/README | 6 +- mplabx/wolfssl.X/nbproject/configurations.xml | 11 +- pre-push.sh | 19 + scripts/resume.test | 4 +- src/include.am | 6 +- src/internal.c | 51 +- src/io.c | 2 + src/keys.c | 6 +- src/sniffer.c | 14 +- src/ssl.c | 153 ++-- src/tls.c | 8 +- support/wolfssl.pc | 2 +- swig/wolfssl.i | 6 +- swig/wolfssl_adds.c | 4 +- tests/CONF_FILES_README.md | 4 + tests/README | 1 + tests/api.c | 6 +- tests/include.am | 3 + tests/srp.c | 696 ++++++++++++++++++ tests/suites.c | 46 +- tests/test-psk-no-id.conf | 154 ++++ tests/unit.c | 5 +- tests/unit.h | 10 +- wolfcrypt/benchmark/benchmark.c | 8 +- wolfcrypt/src/aes.c | 66 -- wolfcrypt/src/asn.c | 34 +- wolfcrypt/src/coding.c | 4 +- wolfcrypt/src/curve25519.c | 2 +- wolfcrypt/src/des3.c | 135 ---- wolfcrypt/src/dh.c | 4 +- wolfcrypt/src/dsa.c | 7 +- wolfcrypt/src/ecc.c | 16 +- wolfcrypt/src/ed25519.c | 8 +- wolfcrypt/src/error.c | 9 + wolfcrypt/src/hash.c | 136 ++++ wolfcrypt/src/hmac.c | 41 +- wolfcrypt/src/integer.c | 12 +- wolfcrypt/src/logging.c | 6 +- wolfcrypt/src/pkcs7.c | 4 +- wolfcrypt/src/random.c | 46 +- wolfcrypt/src/rsa.c | 30 +- wolfcrypt/src/sha.c | 35 - wolfcrypt/src/sha256.c | 36 - wolfcrypt/src/sha512.c | 71 -- wolfcrypt/src/srp.c | 677 +++++++++++++++++ wolfcrypt/src/tfm.c | 15 +- wolfcrypt/src/wc_encrypt.c | 201 +++++ wolfcrypt/test/test.c | 234 +++++- wolfssl.vcproj | 4 + wolfssl.vcxproj | 1 + wolfssl/internal.h | 74 +- wolfssl/sniffer_error.h | 1 + wolfssl/sniffer_error.rc | 1 + wolfssl/ssl.h | 6 +- wolfssl/test.h | 14 +- wolfssl/version.h | 4 +- wolfssl/wolfcrypt/aes.h | 6 - wolfssl/wolfcrypt/asn_public.h | 9 +- wolfssl/wolfcrypt/curve25519.h | 2 +- wolfssl/wolfcrypt/des3.h | 12 - wolfssl/wolfcrypt/dh.h | 2 +- wolfssl/wolfcrypt/dsa.h | 6 +- wolfssl/wolfcrypt/ecc.h | 10 +- wolfssl/wolfcrypt/ed25519.h | 2 +- wolfssl/wolfcrypt/error-crypt.h | 6 +- wolfssl/wolfcrypt/hash.h | 17 +- wolfssl/wolfcrypt/include.am | 3 +- wolfssl/wolfcrypt/integer.h | 4 +- wolfssl/wolfcrypt/pkcs7.h | 4 +- wolfssl/wolfcrypt/pwdbased.h | 6 +- wolfssl/wolfcrypt/random.h | 24 +- wolfssl/wolfcrypt/rsa.h | 19 +- wolfssl/wolfcrypt/settings.h | 21 +- wolfssl/wolfcrypt/sha.h | 1 - wolfssl/wolfcrypt/sha256.h | 1 - wolfssl/wolfcrypt/sha512.h | 2 - wolfssl/wolfcrypt/srp.h | 308 ++++++++ wolfssl/wolfcrypt/tfm.h | 2 +- wolfssl/wolfcrypt/types.h | 10 +- wolfssl/wolfcrypt/wc_encrypt.h | 62 ++ 98 files changed, 3195 insertions(+), 794 deletions(-) create mode 100755 pre-push.sh create mode 100644 tests/CONF_FILES_README.md create mode 100644 tests/README create mode 100644 tests/srp.c create mode 100644 tests/test-psk-no-id.conf create mode 100644 wolfcrypt/src/srp.c create mode 100644 wolfcrypt/src/wc_encrypt.c create mode 100644 wolfssl/wolfcrypt/srp.h create mode 100644 wolfssl/wolfcrypt/wc_encrypt.h diff --git a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp index 3888c46f6..61982d704 100644 --- a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp +++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp @@ -1956,9 +1956,15 @@ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\error.c + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_low_mem.c + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_operations.c + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_low_mem.c + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_operations.c @@ -2022,9 +2028,15 @@ $PROJ_DIR$\..\..\..\..\wolfcrypt\src\sha512.c + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\srp.c + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\tfm.c + + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_encrypt.c + $PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_port.c diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c index fa13b8b80..9ee281329 100644 --- a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c +++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c @@ -797,7 +797,7 @@ void bench_blake2(void) #if !defined(NO_RSA) || !defined(NO_DH) \ || defined(CYASSL_KEYGEN) || defined(HAVE_ECC) -static RNG rng; +static WC_RNG rng; #endif #ifndef NO_RSA diff --git a/IDE/MDK5-ARM/Projects/CryptTest/test.c b/IDE/MDK5-ARM/Projects/CryptTest/test.c index 167832eae..9b9bf3537 100644 --- a/IDE/MDK5-ARM/Projects/CryptTest/test.c +++ b/IDE/MDK5-ARM/Projects/CryptTest/test.c @@ -2667,7 +2667,7 @@ int random_test(void) int random_test(void) { - RNG rng; + WC_RNG rng; byte block[32]; int ret; @@ -2693,7 +2693,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out); byte GetEntropy(ENTROPY_CMD cmd, byte* out) { - static RNG rng; + static WC_RNG rng; if (cmd == INIT) return (InitRng(&rng) == 0) ? 1 : 0; @@ -2768,7 +2768,7 @@ int rsa_test(void) byte* tmp; size_t bytes; RsaKey key; - RNG rng; + WC_RNG rng; word32 idx = 0; int ret; byte in[] = "Everyone gets Friday off."; @@ -3652,7 +3652,7 @@ int dh_test(void) byte agree2[256]; DhKey key; DhKey key2; - RNG rng; + WC_RNG rng; #ifdef USE_CERT_BUFFERS_1024 @@ -3725,7 +3725,7 @@ int dsa_test(void) word32 idx = 0; byte tmp[1024]; DsaKey key; - RNG rng; + WC_RNG rng; Sha sha; byte hash[SHA_DIGEST_SIZE]; byte signature[40]; @@ -4200,7 +4200,7 @@ int hkdf_test(void) int ecc_test(void) { - RNG rng; + WC_RNG rng; byte sharedA[1024]; byte sharedB[1024]; byte sig[1024]; @@ -4300,7 +4300,7 @@ int ecc_test(void) int ecc_encrypt_test(void) { - RNG rng; + WC_RNG rng; int ret; ecc_key userA, userB; byte msg[48]; @@ -4669,7 +4669,7 @@ int pkcs7signed_test(void) char data[] = "Hello World"; word32 dataSz, outSz, certDerSz, keyDerSz; PKCS7 msg; - RNG rng; + WC_RNG rng; byte transIdOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c index 528c0a76f..faf6b7793 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c @@ -772,7 +772,7 @@ void bench_blake2(void) #if !defined(NO_RSA) || !defined(NO_DH) \ || defined(CYASSL_KEYGEN) || defined(HAVE_ECC) -static RNG rng; +static WC_RNG rng; #endif #ifndef NO_RSA diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c index 43f9e7952..751cfdf85 100644 --- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c +++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c @@ -2583,7 +2583,7 @@ int camellia_test(void) int random_test(void) { - RNG rng; + WC_RNG rng; byte block[32]; int ret; @@ -2607,7 +2607,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out); byte GetEntropy(ENTROPY_CMD cmd, byte* out) { - static RNG rng; + static WC_RNG rng; if (cmd == INIT) return (InitRng(&rng) == 0) ? 1 : 0; @@ -2682,7 +2682,7 @@ int rsa_test(void) byte* tmp; size_t bytes; RsaKey key; - RNG rng; + WC_RNG rng; word32 idx = 0; int ret; byte in[] = "Everyone gets Friday off."; @@ -3558,7 +3558,7 @@ int dh_test(void) byte agree2[256]; DhKey key; DhKey key2; - RNG rng; + WC_RNG rng; #ifdef USE_CERT_BUFFERS_1024 @@ -3631,7 +3631,7 @@ int dsa_test(void) word32 idx = 0; byte tmp[1024]; DsaKey key; - RNG rng; + WC_RNG rng; Sha sha; byte hash[SHA_DIGEST_SIZE]; byte signature[40]; @@ -4098,7 +4098,7 @@ int hkdf_test(void) int ecc_test(void) { - RNG rng; + WC_RNG rng; byte sharedA[1024]; byte sharedB[1024]; byte sig[1024]; @@ -4198,7 +4198,7 @@ int ecc_test(void) int ecc_encrypt_test(void) { - RNG rng; + WC_RNG rng; int ret; ecc_key userA, userB; byte msg[48]; @@ -4563,8 +4563,8 @@ int pkcs7signed_test(void) byte* out; char data[] = "Hello World"; word32 dataSz, outSz, certDerSz, keyDerSz; - PKCS7 msg; - RNG rng; + PKCS7 msg; + WC_RNG rng; byte transIdOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, diff --git a/IDE/MYSQL/CMakeLists_wolfCrypt.txt b/IDE/MYSQL/CMakeLists_wolfCrypt.txt index 6c6f6b13f..62184780b 100644 --- a/IDE/MYSQL/CMakeLists_wolfCrypt.txt +++ b/IDE/MYSQL/CMakeLists_wolfCrypt.txt @@ -29,14 +29,15 @@ SET(WOLFCRYPT_SOURCES src/aes.c src/arc4.c src/asn.c src/blake2b.c src/integer.c src/logging.c src/md2.c src/md4.c src/md5.c src/memory.c src/misc.c src/pkcs7.c src/poly1305.c src/pwdbased.c src/rabbit.c src/random.c src/ripemd.c src/rsa.c src/sha.c src/sha256.c src/sha512.c - src/tfm.c src/wc_port.c + src/tfm.c src/wc_port.c src/wc_encrypt.c src/hash.c ../wolfssl/wolfcrypt/aes.h ../wolfssl/wolfcrypt/arc4.h ../wolfssl/wolfcrypt/asn.h ../wolfssl/wolfcrypt/blake2.h ../wolfssl/wolfcrypt/camellia.h ../wolfssl/wolfcrypt/chacha.h ../wolfssl/wolfcrypt/coding.h ../wolfssl/wolfcrypt/compress.h ../wolfssl/wolfcrypt/des3.h ../wolfssl/wolfcrypt/dh.h ../wolfssl/wolfcrypt/dsa.h ../wolfssl/wolfcrypt/ecc.h ../wolfssl/wolfcrypt/error-crypt.h ../wolfssl/wolfcrypt/hc128.h ../wolfssl/wolfcrypt/hmac.h ../wolfssl/wolfcrypt/integer.h ../wolfssl/wolfcrypt/logging.h ../wolfssl/wolfcrypt/md2.h ../wolfssl/wolfcrypt/md4.h ../wolfssl/wolfcrypt/md5.h ../wolfssl/wolfcrypt/memory.h ../wolfssl/wolfcrypt/misc.h ../wolfssl/wolfcrypt/pkcs7.h ../wolfssl/wolfcrypt/poly1305.h ../wolfssl/wolfcrypt/pwdbased.h ../wolfssl/wolfcrypt/rabbit.h ../wolfssl/wolfcrypt/random.h ../wolfssl/wolfcrypt/ripemd.h ../wolfssl/wolfcrypt/rsa.h ../wolfssl/wolfcrypt/sha.h ../wolfssl/wolfcrypt/sha256.h ../wolfssl/wolfcrypt/sha512.h - ../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h + ../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h ../wolfssl/wolfcrypt/wc_encrypt.h + ../wolfssl/wolfcrypt/hash.h ) ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES}) diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj index e24cc16eb..e2ae6f02b 100644 --- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj +++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj @@ -165,6 +165,8 @@ 521648271A8AC2990062516A /* sha512.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481A1A8AC2990062516A /* sha512.c */; }; 521648281A8AC2990062516A /* wolfcrypt_first.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481B1A8AC2990062516A /* wolfcrypt_first.c */; }; 521648291A8AC2990062516A /* wolfcrypt_last.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481C1A8AC2990062516A /* wolfcrypt_last.c */; }; + 522DBE111B7929C80031F454 /* wc_encrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 522DBE101B7929C80031F454 /* wc_encrypt.c */; }; + 522DBE131B792A190031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE121B7929E70031F454 /* wc_encrypt.h */; }; 525BE5BA1B38853E0054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5B91B38853E0054BBCD /* hash.c */; }; 525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5BB1B3885580054BBCD /* hash.h */; }; /* End PBXBuildFile section */ @@ -176,6 +178,7 @@ dstPath = include/wolfssl/wolfcrypt; dstSubfolderSpec = 7; files = ( + 522DBE131B792A190031F454 /* wc_encrypt.h in CopyFiles */, 525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */, 521646CD1A8A7FF30062516A /* aes.h in CopyFiles */, 521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */, @@ -473,6 +476,8 @@ 5216481A1A8AC2990062516A /* sha512.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sha512.c; path = ../../ctaocrypt/src/sha512.c; sourceTree = ""; }; 5216481B1A8AC2990062516A /* wolfcrypt_first.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_first.c; path = ../../ctaocrypt/src/wolfcrypt_first.c; sourceTree = ""; }; 5216481C1A8AC2990062516A /* wolfcrypt_last.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_last.c; path = ../../ctaocrypt/src/wolfcrypt_last.c; sourceTree = ""; }; + 522DBE101B7929C80031F454 /* wc_encrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wc_encrypt.c; path = ../../wolfcrypt/src/wc_encrypt.c; sourceTree = SOURCE_ROOT; }; + 522DBE121B7929E70031F454 /* wc_encrypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_encrypt.h; path = ../../wolfssl/wolfcrypt/wc_encrypt.h; sourceTree = ""; }; 525BE5B91B38853E0054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = ""; }; 525BE5BB1B3885580054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = ""; }; 52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; }; @@ -613,6 +618,7 @@ 521646861A8993770062516A /* tfm.h */, 521646871A8993770062516A /* types.h */, 521646881A8993770062516A /* visibility.h */, + 522DBE121B7929E70031F454 /* wc_encrypt.h */, 521646891A8993770062516A /* wc_port.h */, ); name = wolfCrypt; @@ -680,6 +686,7 @@ 5216462E1A8992CC0062516A /* sha256.c */, 5216462F1A8992CC0062516A /* sha512.c */, 521646301A8992CC0062516A /* tfm.c */, + 522DBE101B7929C80031F454 /* wc_encrypt.c */, 521646311A8992CC0062516A /* wc_port.c */, ); name = wolfCrypt; @@ -828,6 +835,7 @@ 521646351A8992CC0062516A /* blake2b.c in Sources */, 5216464C1A8992CC0062516A /* ripemd.c in Sources */, 521646451A8992CC0062516A /* memory.c in Sources */, + 522DBE111B7929C80031F454 /* wc_encrypt.c in Sources */, 5216463C1A8992CC0062516A /* ecc.c in Sources */, 5216464F1A8992CC0062516A /* sha256.c in Sources */, 521646371A8992CC0062516A /* chacha.c in Sources */, diff --git a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj index 96743a577..9b6943fda 100644 --- a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj +++ b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj @@ -153,6 +153,8 @@ 5216472A1A8A80100062516A /* types.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BE1A8993F50062516A /* types.h */; }; 5216472B1A8A80100062516A /* visibility.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BF1A8993F50062516A /* visibility.h */; }; 5216472C1A8A80100062516A /* wc_port.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646C01A8993F50062516A /* wc_port.h */; }; + 522DBE0D1B7926FB0031F454 /* wc_encrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */; }; + 522DBE0F1B7927A50031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE0E1B7927290031F454 /* wc_encrypt.h */; }; 525BE5341B3869110054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5331B3869110054BBCD /* hash.c */; }; 525BE5361B3869780054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5351B3869430054BBCD /* hash.h */; }; /* End PBXBuildFile section */ @@ -164,6 +166,7 @@ dstPath = include/wolfssl/wolfcrypt; dstSubfolderSpec = 7; files = ( + 522DBE0F1B7927A50031F454 /* wc_encrypt.h in CopyFiles */, 525BE5361B3869780054BBCD /* hash.h in CopyFiles */, 521646CD1A8A7FF30062516A /* aes.h in CopyFiles */, 521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */, @@ -449,6 +452,8 @@ 521646BE1A8993F50062516A /* types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = types.h; path = ../../cyassl/ctaocrypt/types.h; sourceTree = ""; }; 521646BF1A8993F50062516A /* visibility.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = visibility.h; path = ../../cyassl/ctaocrypt/visibility.h; sourceTree = ""; }; 521646C01A8993F50062516A /* wc_port.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_port.h; path = ../../cyassl/ctaocrypt/wc_port.h; sourceTree = ""; }; + 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wc_encrypt.c; path = ../../wolfcrypt/src/wc_encrypt.c; sourceTree = SOURCE_ROOT; }; + 522DBE0E1B7927290031F454 /* wc_encrypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_encrypt.h; path = ../../wolfssl/wolfcrypt/wc_encrypt.h; sourceTree = ""; }; 525BE5331B3869110054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = ""; }; 525BE5351B3869430054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = ""; }; 52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; }; @@ -589,6 +594,7 @@ 521646861A8993770062516A /* tfm.h */, 521646871A8993770062516A /* types.h */, 521646881A8993770062516A /* visibility.h */, + 522DBE0E1B7927290031F454 /* wc_encrypt.h */, 521646891A8993770062516A /* wc_port.h */, ); name = wolfCrypt; @@ -655,6 +661,7 @@ 5216462E1A8992CC0062516A /* sha256.c */, 5216462F1A8992CC0062516A /* sha512.c */, 521646301A8992CC0062516A /* tfm.c */, + 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */, 521646311A8992CC0062516A /* wc_port.c */, ); name = wolfCrypt; @@ -764,6 +771,7 @@ 5216460F1A89928E0062516A /* ssl.c in Sources */, 5216464D1A8992CC0062516A /* rsa.c in Sources */, 5216464B1A8992CC0062516A /* random.c in Sources */, + 522DBE0D1B7926FB0031F454 /* wc_encrypt.c in Sources */, 521646101A89928E0062516A /* tls.c in Sources */, 5216460D1A89928E0062516A /* ocsp.c in Sources */, 521646431A8992CC0062516A /* md4.c in Sources */, diff --git a/autogen.sh b/autogen.sh index f0042765d..89e475c0b 100755 --- a/autogen.sh +++ b/autogen.sh @@ -9,17 +9,7 @@ if test -d .git; then mkdir .git/hooks fi ln -s -f ../../pre-commit.sh .git/hooks/pre-commit -fi - -# Set HAVE_FIPS_SOURCE to 1 in your .profile if you have access to the FIPS -# repository. (Hint: If you don't work for us, you don't. This will fail.) -if test -n "$HAVE_FIPS_SOURCE" -a ! -d ./fips; then - git clone git@github.com:wolfSSL/fips.git - SAVEDIR=`pwd` - cd ./ctaocrypt/src - ln -sf ../../fips/fips.c - ln -sf ../../fips/fips_test.c - cd $SAVEDIR + ln -s -f ../../pre-push.sh .git/hooks/pre-push fi # If this is a source checkout then call autoreconf with error as well diff --git a/commit-tests.sh b/commit-tests.sh index eae91ab19..d7a95af48 100755 --- a/commit-tests.sh +++ b/commit-tests.sh @@ -31,12 +31,4 @@ make -j 8 test; RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nFull config make test failed" && exit 1 -if [ -n "$HAVE_FIPS_SOURCE" ]; -then - echo -e "\n\nTesting with FIPS release code...\n\n" - ./fips-check.sh - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1 -fi - exit 0 diff --git a/configure.ac b/configure.ac index ab7614d31..dfce641b1 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.6.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.6.3],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -85,7 +85,7 @@ AC_CHECK_TYPES(__uint128_t) AC_C_BIGENDIAN # mktime check takes forever on some systems, if time supported it would be # highly unusual for mktime to be missing -#AC_FUNC_MKTIME +#AC_FUNC_MKTIME AC_PROG_CC AC_PROG_CC_C_O @@ -199,7 +199,7 @@ fi AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"]) -# Fortress build +# Fortress build AC_ARG_ENABLE([fortress], [ --enable-fortress Enable SSL fortress build (default: disabled)], [ ENABLED_FORTRESS=$enableval ], @@ -217,7 +217,7 @@ then fi -# ssl bump build +# ssl bump build AC_ARG_ENABLE([bump], [ --enable-bump Enable SSL Bump build (default: disabled)], [ ENABLED_BUMP=$enableval ], @@ -231,7 +231,7 @@ fi ENABLED_SLOWMATH="yes" -# lean psk build +# lean psk build AC_ARG_ENABLE([leanpsk], [ --enable-leanpsk Enable Lean PSK build (default: disabled)], [ ENABLED_LEANPSK=$enableval ], @@ -287,7 +287,7 @@ then fi -# Persistent session cache +# Persistent session cache AC_ARG_ENABLE([savesession], [ --enable-savesession Enable persistent session cache (default: disabled)], [ ENABLED_SAVESESSION=$enableval ], @@ -300,7 +300,7 @@ then fi -# Persistent cert cache +# Persistent cert cache AC_ARG_ENABLE([savecert], [ --enable-savecert Enable persistent cert cache (default: disabled)], [ ENABLED_SAVECERT=$enableval ], @@ -313,7 +313,7 @@ then fi -# Atomic User Record Layer +# Atomic User Record Layer AC_ARG_ENABLE([atomicuser], [ --enable-atomicuser Enable Atomic User Record Layer (default: disabled)], [ ENABLED_ATOMICUSER=$enableval ], @@ -326,7 +326,7 @@ then fi -# Public Key Callbacks +# Public Key Callbacks AC_ARG_ENABLE([pkcallbacks], [ --enable-pkcallbacks Enable Public Key Callbacks (default: disabled)], [ ENABLED_PKCALLBACKS=$enableval ], @@ -491,7 +491,7 @@ fi AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"]) -# NULL CIPHER +# NULL CIPHER AC_ARG_ENABLE([nullcipher], [ --enable-nullcipher Enable wolfSSL NULL cipher support (default: disabled)], [ ENABLED_NULL_CIPHER=$enableval ], @@ -650,7 +650,7 @@ then fi -# HKDF +# HKDF AC_ARG_ENABLE([hkdf], [ --enable-hkdf Enable HKDF (HMAC-KDF) support (default: disabled)], [ ENABLED_HKDF=$enableval ], @@ -802,7 +802,7 @@ if test "$ENABLED_FPECC" = "yes" then if test "$ENABLED_ECC" = "no" then - AC_MSG_ERROR([cannot enable fpecc without enabling ecc.]) + AC_MSG_ERROR([cannot enable fpecc without enabling ecc.]) fi AM_CFLAGS="$AM_CFLAGS -DFP_ECC" fi @@ -819,17 +819,17 @@ if test "$ENABLED_ECC_ENCRYPT" = "yes" then if test "$ENABLED_ECC" = "no" then - AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.]) + AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.]) fi if test "$ENABLED_HKDF" = "no" then - AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.]) + AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.]) fi AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT" fi -# PSK +# PSK AC_ARG_ENABLE([psk], [ --enable-psk Enable PSK (default: disabled)], [ ENABLED_PSK=$enableval ], @@ -867,7 +867,7 @@ else fi -# OLD TLS +# OLD TLS AC_ARG_ENABLE([oldtls], [ --enable-oldtls Enable old TLS versions < 1.2 (default: enabled)], [ ENABLED_OLD_TLS=$enableval ], @@ -887,7 +887,20 @@ else fi -# STACK SIZE info for examples +# SSLv3 +AC_ARG_ENABLE([sslv3], + [ --enable-sslv3 Enable SSL version 3.0 (default: disabled)], + [ ENABLED_SSLV3=$enableval ], + [ ENABLED_SSLV3=no] + ) + +if test "$ENABLED_SSLV3" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3" +fi + + +# STACK SIZE info for examples AC_ARG_ENABLE([stacksize], [ --enable-stacksize Enable stack size info on examples (default: disabled)], [ ENABLED_STACKSIZE=$enableval ], @@ -902,7 +915,7 @@ then fi -# MEMORY +# MEMORY AC_ARG_ENABLE([memory], [ --enable-memory Enable memory callbacks (default: enabled)], [ ENABLED_MEMORY=$enableval ], @@ -924,7 +937,7 @@ fi AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"]) -# RSA +# RSA AC_ARG_ENABLE([rsa], [ --enable-rsa Enable RSA (default: enabled)], [ ENABLED_RSA=$enableval ], @@ -1129,7 +1142,7 @@ fi AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"]) -# ARC4 +# ARC4 AC_ARG_ENABLE([arc4], [ --enable-arc4 Enable ARC4 (default: disabled)], [ ENABLED_ARC4=$enableval ], @@ -1156,7 +1169,7 @@ fi AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"]) -# MD5 +# MD5 AC_ARG_ENABLE([md5], [ --enable-md5 Enable MD5 (default: enabled)], [ ENABLED_MD5=$enableval ], @@ -1178,7 +1191,7 @@ fi AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"]) -# SHA +# SHA AC_ARG_ENABLE([sha], [ --enable-sha Enable SHA (default: enabled)], [ ENABLED_SHA=$enableval ], @@ -1200,7 +1213,7 @@ fi AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"]) -# Web Server Build +# Web Server Build AC_ARG_ENABLE([webserver], [ --enable-webserver Enable Web Server (default: disabled)], [ ENABLED_WEBSERVER=$enableval ], @@ -1214,7 +1227,7 @@ fi -# HC128 +# HC128 AC_ARG_ENABLE([hc128], [ --enable-hc128 Enable HC-128 (default: disabled)], [ ENABLED_HC128=$enableval ], @@ -1360,7 +1373,7 @@ else fi -# Filesystem Build +# Filesystem Build AC_ARG_ENABLE([filesystem], [ --enable-filesystem Enable Filesystem support (default: enabled)], [ ENABLED_FILESYSTEM=$enableval ], @@ -1380,7 +1393,7 @@ else fi -# inline Build +# inline Build AC_ARG_ENABLE([inline], [ --enable-inline Enable inline functions (default: enabled)], [ ENABLED_INLINE=$enableval ], @@ -1502,7 +1515,7 @@ AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"]) if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes" then - AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.]) + AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.]) fi # SNI @@ -1658,6 +1671,22 @@ then fi +# Secure Remote Password +AC_ARG_ENABLE([srp], + [ --enable-srp Enable Secure Remote Password (default: disabled)], + [ ENABLED_SRP=$enableval ], + [ ENABLED_SRP=no ] + ) + +if test "x$ENABLED_SRP" = "xyes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP" +fi + +AM_CONDITIONAL([BUILD_SRP], [test "x$ENABLED_SRP" = "xyes"]) + + + # Small Stack AC_ARG_ENABLE([smallstack], [ --enable-smallstack Enable Small Stack Usage (default: disabled)], @@ -1694,7 +1723,7 @@ fi AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"]) -# Test certs, use internal cert functions for extra testing +# Test certs, use internal cert functions for extra testing AC_ARG_ENABLE([testcert], [ --enable-testcert Enable Test Cert (default: disabled)], [ ENABLED_TESTCERT=$enableval ], @@ -1725,7 +1754,7 @@ then fi -# Certificate Service Support +# Certificate Service Support AC_ARG_ENABLE([certservice], [ --enable-certservice Enable cert service (default: disabled)], [ ENABLED_CERT_SERVICE=$enableval ], @@ -1967,7 +1996,7 @@ AC_ARG_WITH([libz], AM_CONDITIONAL([BUILD_LIBZ], [test "x$ENABLED_LIBZ" = "xyes"]) -# cavium +# cavium trycaviumdir="" AC_ARG_WITH([cavium], [ --with-cavium=PATH PATH to cavium/software dir ], @@ -2112,6 +2141,10 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ [AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" ENABLED_OLD_TLS=no]) +AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ + test "x$ENABLED_SSLV3" = "xyes"], + [AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])]) + # OPTIMIZE FLAGS if test "$GCC" = "yes" @@ -2138,6 +2171,12 @@ then AM_CFLAGS="$AM_CFLAGS -wd10006" fi +# Expose HAVE___UINT128_T to options flags" +if test "$ac_cv_type___uint128_t" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T" +fi + LIB_SOCKET_NSL AX_HARDEN_CC_COMPILER_FLAGS @@ -2187,7 +2226,7 @@ touch ctaocrypt/src/fips.c touch ctaocrypt/src/fips_test.c echo -# generate user options header +# generate user options header echo "---" echo "Generating user options header..." @@ -2197,7 +2236,7 @@ OPTION_FILE="wolfssl/options.h" #fi rm -f $OPTION_FILE -echo "/* wolfssl options.h" > $OPTION_FILE +echo "/* wolfssl options.h" > $OPTION_FILE echo " * generated from configure options" >> $OPTION_FILE echo " *" >> $OPTION_FILE echo " * Copyright (C) 2006-2015 wolfSSL Inc." >> $OPTION_FILE @@ -2206,13 +2245,13 @@ echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FI echo " *" >> $OPTION_FILE echo " */" >> $OPTION_FILE -echo "" >> $OPTION_FILE -echo "#pragma once" >> $OPTION_FILE -echo "" >> $OPTION_FILE -echo "#ifdef __cplusplus" >> $OPTION_FILE -echo "extern \"C\" {" >> $OPTION_FILE -echo "#endif" >> $OPTION_FILE -echo "" >> $OPTION_FILE +echo "" >> $OPTION_FILE +echo "#pragma once" >> $OPTION_FILE +echo "" >> $OPTION_FILE +echo "#ifdef __cplusplus" >> $OPTION_FILE +echo "extern \"C\" {" >> $OPTION_FILE +echo "#endif" >> $OPTION_FILE +echo "" >> $OPTION_FILE for option in $OPTION_FLAGS; do defonly=`echo $option | sed 's/-D//'` @@ -2248,11 +2287,11 @@ for option in $OPTION_FLAGS; do fi done -echo "" >> $OPTION_FILE -echo "#ifdef __cplusplus" >> $OPTION_FILE -echo "}" >> $OPTION_FILE -echo "#endif" >> $OPTION_FILE -echo "" >> $OPTION_FILE +echo "" >> $OPTION_FILE +echo "#ifdef __cplusplus" >> $OPTION_FILE +echo "}" >> $OPTION_FILE +echo "#endif" >> $OPTION_FILE +echo "" >> $OPTION_FILE echo #backwards compatability for those who have included options or version @@ -2283,7 +2322,7 @@ echo " * Debug enabled: $ax_enable_debug" echo " * Warnings as failure: $ac_cv_warnings_as_errors" echo " * make -j: $enable_jobserver" echo " * VCS checkout: $ac_cv_vcs_checkout" -echo +echo echo " Features " echo " * Single threaded: $ENABLED_SINGLETHREADED" echo " * Filesystem: $ENABLED_FILESYSTEM" @@ -2337,6 +2376,7 @@ echo " * STUNNEL: $ENABLED_STUNNEL" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * DTLS: $ENABLED_DTLS" echo " * Old TLS Versions: $ENABLED_OLD_TLS" +echo " * SSL version 3.0: $ENABLED_SSLV3" echo " * OCSP: $ENABLED_OCSP" echo " * CRL: $ENABLED_CRL" echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR" @@ -2355,10 +2395,10 @@ echo " * Session Ticket: $ENABLED_SESSION_TICKET" echo " * All TLS Extensions: $ENABLED_TLSX" echo " * PKCS#7 $ENABLED_PKCS7" echo " * wolfSCEP $ENABLED_WOLFSCEP" +echo " * Secure Remote Password $ENABLED_SRP" echo " * Small Stack: $ENABLED_SMALL_STACK" echo " * valgrind unit tests: $ENABLED_VALGRIND" echo " * LIBZ: $ENABLED_LIBZ" echo " * Examples: $ENABLED_EXAMPLES" echo "" echo "---" - diff --git a/examples/client/client.c b/examples/client/client.c index 5838c67b9..cb9c40f33 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -525,16 +525,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef USE_WOLFSSL_MEMORY if (trackMemory) - InitMemoryTracker(); + InitMemoryTracker(); #endif switch (version) { #ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 case 0: method = wolfSSLv3_client_method(); break; - - + #endif + #ifndef NO_TLS case 1: method = wolfTLSv1_client_method(); @@ -544,9 +545,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) method = wolfTLSv1_1_client_method(); break; #endif /* NO_TLS */ - + #endif /* NO_OLD_TLS */ - + #ifndef NO_TLS case 3: method = wolfTLSv1_2_client_method(); diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 594d146cf..bbf82ea9e 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -111,8 +111,10 @@ void echoclient_test(void* args) method = DTLSv1_2_client_method(); #elif !defined(NO_TLS) method = CyaSSLv23_client_method(); -#else +#elif defined(WOLFSSL_ALLOW_SSLV3) method = SSLv3_client_method(); +#else + #error "no valid client method type" #endif ctx = SSL_CTX_new(method); diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index db499ae08..cb512f4d8 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -132,8 +132,10 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) method = CyaDTLSv1_2_server_method(); #elif !defined(NO_TLS) method = CyaSSLv23_server_method(); -#else +#elif defined(WOLFSSL_ALLOW_SSLV3) method = CyaSSLv3_server_method(); +#else + #error "no valid server method built in" #endif ctx = CyaSSL_CTX_new(method); /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */ diff --git a/examples/server/server.c b/examples/server/server.c index 118a7e98e..7f0c07d61 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -158,6 +158,9 @@ static void Usage(void) #ifdef HAVE_ANON printf("-a Anonymous server\n"); #endif +#ifndef NO_PSK + printf("-I Do not send PSK identity hint\n"); +#endif } THREAD_RETURN CYASSL_THREAD server_test(void* args) @@ -199,6 +202,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; +#ifndef NO_PSK + int sendPskIdentityHint = 1; +#endif + #ifdef HAVE_SNI char* sniHostName = NULL; #endif @@ -230,7 +237,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) fdOpenSession(Task_self()); #endif - while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPp:v:l:A:c:k:Z:S:oO:D:")) + while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPIp:v:l:A:c:k:Z:S:oO:D:")) != -1) { switch (ch) { case '?' : @@ -363,6 +370,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) useAnon = 1; #endif break; + case 'I': + #ifndef NO_PSK + sendPskIdentityHint = 0; + #endif + break; default: Usage(); @@ -390,14 +402,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifdef USE_CYASSL_MEMORY if (trackMemory) - InitMemoryTracker(); + InitMemoryTracker(); #endif switch (version) { #ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 case 0: method = SSLv3_server_method(); break; + #endif #ifndef NO_TLS case 1: @@ -500,7 +514,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) if (usePsk) { #ifndef NO_PSK SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); - SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); + + if (sendPskIdentityHint == 1) + SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); + if (cipherList == NULL) { const char *defaultCipherList; #if defined(HAVE_AESGCM) && !defined(NO_DH) diff --git a/fips-check.sh b/fips-check.sh index d47cb1c32..a60050fe7 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -79,13 +79,13 @@ linux) esac git clone . $TEST_DIR -[ $? -ne 0 ] && echo -e "\n\nCouldn't duplicate current working directory.\n\n" && exit 1 +[ $? -ne 0 ] && echo "\n\nCouldn't duplicate current working directory.\n\n" && exit 1 pushd $TEST_DIR # make a clone of the last FIPS release tag git clone -b $CTAO_VERSION $CTAO_REPO old-tree -[ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1 +[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1 for MOD in ${WC_MODS[@]} do @@ -102,7 +102,7 @@ cp old-tree/$WC_INC_PATH/random.h $WC_INC_PATH # clone the FIPS repository git clone -b $FIPS_VERSION $FIPS_REPO fips -[ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1 +[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1 for SRC in ${FIPS_SRCS[@]} do @@ -113,7 +113,7 @@ done ./autogen.sh ./configure --enable-fips make -[ $? -ne 0 ] && echo -e "\n\nMake failed. Debris left for analysis." && exit 1 +[ $? -ne 0 ] && echo "\n\nMake failed. Debris left for analysis." && exit 1 NEWHASH=`./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p'` if [ -n "$NEWHASH" ]; then @@ -122,7 +122,7 @@ if [ -n "$NEWHASH" ]; then fi make test -[ $? -ne 0 ] && echo -e "\n\nTest failed. Debris left for analysis." && exit 1 +[ $? -ne 0 ] && echo "\n\nTest failed. Debris left for analysis." && exit 1 # Clean up popd diff --git a/mcapi/crypto.c b/mcapi/crypto.c index ef947567b..4cb890c48 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -285,13 +285,13 @@ int CRYPT_HUFFMAN_DeCompress(unsigned char* out, unsigned int outSz, /* RNG Initialize, < 0 on error */ int CRYPT_RNG_Initialize(CRYPT_RNG_CTX* rng) { - typedef char rng_test[sizeof(CRYPT_RNG_CTX) >= sizeof(RNG) ? 1 : -1]; + typedef char rng_test[sizeof(CRYPT_RNG_CTX) >= sizeof(WC_RNG) ? 1 : -1]; (void)sizeof(rng_test); if (rng == NULL) return BAD_FUNC_ARG; - return InitRng((RNG*)rng); + return InitRng((WC_RNG*)rng); } @@ -301,7 +301,7 @@ int CRYPT_RNG_Get(CRYPT_RNG_CTX* rng, unsigned char* b) if (rng == NULL || b == NULL) return BAD_FUNC_ARG; - return RNG_GenerateByte((RNG*)rng, (byte*)b); + return RNG_GenerateByte((WC_RNG*)rng, (byte*)b); } @@ -312,7 +312,7 @@ int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX* rng, unsigned char* b, if (rng == NULL || b == NULL) return BAD_FUNC_ARG; - return RNG_GenerateBlock((RNG*)rng, b, sz); + return RNG_GenerateBlock((WC_RNG*)rng, b, sz); } @@ -512,7 +512,7 @@ int CRYPT_RSA_PublicEncrypt(CRYPT_RSA_CTX* rsa, unsigned char* out, return BAD_FUNC_ARG; return RsaPublicEncrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder, - (RNG*)rng); + (WC_RNG*)rng); } @@ -614,7 +614,7 @@ int CRYPT_ECC_DHE_KeyMake(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng, int keySz) if (ecc == NULL || rng == NULL) return BAD_FUNC_ARG; - return wc_ecc_make_key((RNG*)rng, keySz, (ecc_key*)ecc->holder); + return wc_ecc_make_key((WC_RNG*)rng, keySz, (ecc_key*)ecc->holder); } @@ -649,7 +649,7 @@ int CRYPT_ECC_DSA_HashSign(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng, in == NULL) return BAD_FUNC_ARG; - ret = wc_ecc_sign_hash(in, inSz, sig, &inOut, (RNG*)rng, + ret = wc_ecc_sign_hash(in, inSz, sig, &inOut, (WC_RNG*)rng, (ecc_key*)ecc->holder); *usedSz = inOut; diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index e7d9665ed..b7bf06292 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -69,7 +69,7 @@ static byte ourData[OUR_DATA_SIZE]; static byte* key = NULL; static byte* iv = NULL; static CRYPT_RNG_CTX mcRng; -static RNG defRng; +static WC_RNG defRng; static int check_md5(void); static int check_sha(void); diff --git a/mplabx/README b/mplabx/README index fcc6c00c1..a78955cde 100644 --- a/mplabx/README +++ b/mplabx/README @@ -25,13 +25,13 @@ Included Project Files /mplabx/wolfssl.X/dist/default/production/wolfssl.X.a 2. wolfCrypt Test App (wolfcrypt_test.X) - + This project tests the wolfCrypt cryptography modules. It is generally a good idea to run this first on an embedded system after compiling wolfSSL in order to verify all underlying crypto is working correctly. 3. wolfCrypt Benchmark App (wolfcrypt_benchmark.X) - + This project builds the wolfCrypt benchmark application. For the benchmark timer, adjust CLOCK value under "#elif defined MICROCHIP_PIC32" in wolfcrypt/benchmark/benchmark.c @@ -40,7 +40,7 @@ PIC32MX/PIC32MZ --------------- The projects are set for PIC32MX by default. For PIC32MZ, change project -properties->Devices and add "CYASSL_MICROCHIP_PIC32M" to +properties->Devices and add "WOLFSSL_MICROCHIP_PIC32MZ" to XC32-gcc->Preprocessing and messages-> Preprocessor macros. diff --git a/mplabx/wolfssl.X/nbproject/configurations.xml b/mplabx/wolfssl.X/nbproject/configurations.xml index 3eab93236..043adc04e 100755 --- a/mplabx/wolfssl.X/nbproject/configurations.xml +++ b/mplabx/wolfssl.X/nbproject/configurations.xml @@ -50,6 +50,15 @@ ../../wolfcrypt/src/tfm.c ../../wolfcrypt/src/wc_port.c ../../wolfcrypt/src/port/pic32/pic32mz-hash.c + ../../wolfcrypt/src/hash.c + ../../wolfcrypt/src/chacha20_poly1305.c + ../../wolfcrypt/src/curve25519.c + ../../wolfcrypt/src/ed25519.c + ../../wolfcrypt/src/fe_low_mem.c + ../../wolfcrypt/src/fe_operations.c + ../../wolfcrypt/src/ge_low_mem.c + ../../wolfcrypt/src/ge_operations.c + ../../wolfcrypt/src/wc_encrypt.c ../../src/crl.c @@ -85,7 +94,7 @@ PKOBSKDEPlatformTool XC32 - + 1.33 4 diff --git a/pre-push.sh b/pre-push.sh new file mode 100755 index 000000000..f53b27c23 --- /dev/null +++ b/pre-push.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# +# +# Our "pre-push" hook. + +RESULT=0 + +if [ -d ./fips ]; +then + echo "\n\nTesting with FIPS release code...\n\n" + ./fips-check.sh + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1 +fi + +[ $RESULT -ne 0 ] && echo "\nOops, your push failed\n" && exit 1 + +echo "\nPush tests passed!\n" +exit 0 diff --git a/scripts/resume.test b/scripts/resume.test index 17bfd8c9f..b0592af90 100755 --- a/scripts/resume.test +++ b/scripts/resume.test @@ -6,6 +6,7 @@ resume_port=11112 no_pid=-1 server_pid=$no_pid +counter=0 remove_ready_file() { @@ -41,9 +42,10 @@ remove_ready_file ./examples/server/server -r -R -p $resume_port & server_pid=$! -while [ ! -s /tmp/wolfssl_server_ready ]; do +while [ ! -s /tmp/wolfssl_server_ready -a "$counter" -lt 20 ]; do echo -e "waiting for server_ready file..." sleep 0.1 + counter=$((counter+ 1)) done ./examples/client/client -r -p $resume_port diff --git a/src/include.am b/src/include.am index 80ed4de80..6c2629bc0 100644 --- a/src/include.am +++ b/src/include.am @@ -74,6 +74,7 @@ endif src_libwolfssl_la_SOURCES += \ wolfcrypt/src/logging.c \ + wolfcrypt/src/wc_encrypt.c \ wolfcrypt/src/wc_port.c \ wolfcrypt/src/error.c @@ -200,6 +201,10 @@ if BUILD_PKCS7 src_libwolfssl_la_SOURCES += wolfcrypt/src/pkcs7.c endif +if BUILD_SRP +src_libwolfssl_la_SOURCES += wolfcrypt/src/srp.c +endif + # ssl files src_libwolfssl_la_SOURCES += \ src/internal.c \ @@ -219,4 +224,3 @@ endif if BUILD_SNIFFER src_libwolfssl_la_SOURCES += src/sniffer.c endif - diff --git a/src/internal.c b/src/internal.c index fa4208c44..bd04bdbec 100644 --- a/src/internal.c +++ b/src/internal.c @@ -46,7 +46,11 @@ #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif @@ -244,7 +248,7 @@ static int QSH_FreeAll(WOLFSSL* ssl) #ifdef HAVE_NTRU -static RNG* rng; +static WC_RNG* rng; static wolfSSL_Mutex* rngMutex; static word32 GetEntropy(unsigned char* out, word32 num_bytes) @@ -252,7 +256,7 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes) int ret = 0; if (rng == NULL) { - if ((rng = XMALLOC(sizeof(RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL) + if ((rng = XMALLOC(sizeof(WC_RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL) return DRBG_OUT_OF_MEMORY; wc_InitRng(rng); } @@ -1765,7 +1769,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #endif /* NO_PSK */ /* RNG */ - ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG); + ssl->rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ssl->heap, DYNAMIC_TYPE_RNG); if (ssl->rng == NULL) { WOLFSSL_MSG("RNG Memory error"); return MEMORY_E; @@ -2367,7 +2371,7 @@ DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item) #endif /* WOLFSSL_DTLS */ -#ifndef NO_OLD_TLS +#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) ProtocolVersion MakeSSLv3(void) { @@ -2378,7 +2382,7 @@ ProtocolVersion MakeSSLv3(void) return pv; } -#endif /* NO_OLD_TLS */ +#endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */ #ifdef WOLFSSL_DTLS @@ -4780,9 +4784,17 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) } } if (ssl->msgsReceived.got_server_key_exchange == 0) { + int pskNoServerHint = 0; /* not required in this case */ + + #ifndef NO_PSK + if (ssl->specs.kea == psk_kea && + ssl->arrays->server_hint[0] == 0) + pskNoServerHint = 1; + #endif if (ssl->specs.static_ecdh == 1 || ssl->specs.kea == rsa_kea || - ssl->specs.kea == ntru_kea) { + ssl->specs.kea == ntru_kea || + pskNoServerHint) { WOLFSSL_MSG("No KeyExchange required"); } else { WOLFSSL_MSG("No ServerKeyExchange before ServerDone"); @@ -6674,6 +6686,22 @@ int ProcessReply(WOLFSSL* ssl) } #endif + /* Check for duplicate CCS message in DTLS mode. + * DTLS allows for duplicate messages, and it should be + * skipped. */ + if (ssl->options.dtls && + ssl->msgsReceived.got_change_cipher) { + + WOLFSSL_MSG("Duplicate ChangeCipher msg"); + if (ssl->curSize != 1) { + WOLFSSL_MSG("Malicious or corrupted" + " duplicate ChangeCipher msg"); + return LENGTH_ERROR; + } + ssl->buffers.inputBuffer.idx++; + break; + } + ret = SanityCheckMsgReceived(ssl, change_cipher_hs); if (ret != 0) return ret; @@ -14041,15 +14069,18 @@ int DoSessionTicket(WOLFSSL* ssl, #endif if (TLSX_SupportExtensions(ssl)) { int ret = 0; - /* auto populate extensions supported unless user defined */ - if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0) - return ret; #else if (IsAtLeastTLSv1_2(ssl)) { #endif /* Process the hello extension. Skip unsupported. */ word16 totalExtSz; +#ifdef HAVE_TLS_EXTENSIONS + /* auto populate extensions supported unless user defined */ + if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0) + return ret; +#endif + if ((i - begin) + OPAQUE16_LEN > helloSz) return BUFFER_ERROR; diff --git a/src/io.c b/src/io.c index a55fa8450..fac843b40 100644 --- a/src/io.c +++ b/src/io.c @@ -527,6 +527,8 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx) #ifdef HAVE_OCSP +#include /* atoi() */ + static int Word16ToString(char* d, word16 number) { diff --git a/src/keys.c b/src/keys.c index 1b15dbb93..2c232a762 100644 --- a/src/keys.c +++ b/src/keys.c @@ -31,7 +31,11 @@ #include #if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif diff --git a/src/sniffer.c b/src/sniffer.c index b961f7bd7..b2e1f3b48 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -239,7 +239,8 @@ static const char* const msgTable[] = "Decrypt Keys Not Set Up", "Late Key Load Error", "Got Certificate Status msg", - "RSA Key Missing Error" + "RSA Key Missing Error", + "Secure Renegotiation Not Supported" }; @@ -1117,7 +1118,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, sniffer->server = serverIp; sniffer->port = port; - sniffer->ctx = SSL_CTX_new(SSLv3_client_method()); + sniffer->ctx = SSL_CTX_new(TLSv1_client_method()); if (!sniffer->ctx) { SetError(MEMORY_STR, error, NULL, 0); #ifdef HAVE_SNI @@ -1322,7 +1323,6 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes, wc_FreeRsaKey(&key); return -1; } - ret = 0; /* not in error state */ session->sslServer->arrays->preMasterSz = SECRET_LEN; /* store for client side as well */ @@ -1816,6 +1816,14 @@ static int DoHandShake(const byte* input, int* sslBytes, SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE); return -1; } + + /* A session's arrays are released when the handshake is completed. */ + if (session->sslServer->arrays == NULL && + session->sslClient->arrays == NULL) { + + SetError(NO_SECURE_RENEGOTIATION, error, session, FATAL_ERROR_STATE); + return -1; + } switch (type) { case hello_verify_request: diff --git a/src/ssl.c b/src/ssl.c index 5fe562526..2b34f41dc 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -36,6 +36,8 @@ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_KEY_GEN) #include + /* openssl headers end, wolfssl internal headers next */ + #include #endif #ifdef OPENSSL_EXTRA @@ -1763,7 +1765,7 @@ int wolfSSL_set_group_messages(WOLFSSL* ssl) static int SetMinVersionHelper(byte* minVersion, int version) { switch (version) { -#ifndef NO_OLD_TLS +#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) case WOLFSSL_SSLV3: *minVersion = SSLv3_MINOR; break; @@ -1834,7 +1836,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version) } switch (version) { -#ifndef NO_OLD_TLS +#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) case WOLFSSL_SSLV3: ssl->version = MakeSSLv3(); break; @@ -3024,16 +3026,16 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, static INLINE WOLFSSL_METHOD* cm_pick_method(void) { #ifndef NO_WOLFSSL_CLIENT - #ifdef NO_OLD_TLS - return wolfTLSv1_2_client_method(); - #else + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) return wolfSSLv3_client_method(); + #else + return wolfTLSv1_2_client_method(); #endif #elif !defined(NO_WOLFSSL_SERVER) - #ifdef NO_OLD_TLS - return wolfTLSv1_2_server_method(); - #else + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) return wolfSSLv3_server_method(); + #else + return wolfTLSv1_2_server_method(); #endif #else return NULL; @@ -5333,7 +5335,7 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) /* client only parts */ #ifndef NO_WOLFSSL_CLIENT - #ifndef NO_OLD_TLS + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) WOLFSSL_METHOD* wolfSSLv3_client_method(void) { WOLFSSL_METHOD* method = @@ -5621,7 +5623,7 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) /* server only parts */ #ifndef NO_WOLFSSL_SERVER - #ifndef NO_OLD_TLS + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) WOLFSSL_METHOD* wolfSSLv3_server_method(void) { WOLFSSL_METHOD* method = @@ -10918,7 +10920,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) #endif -static RNG globalRNG; +static WC_RNG globalRNG; static int initGlobalRNG = 0; /* SSL_SUCCESS on ok */ @@ -10945,19 +10947,19 @@ int wolfSSL_RAND_seed(const void* seed, int len) /* SSL_SUCCESS on ok */ int wolfSSL_RAND_bytes(unsigned char* buf, int num) { - int ret = 0; - int initTmpRng = 0; - RNG* rng = NULL; + int ret = 0; + int initTmpRng = 0; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_RAND_bytes"); #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return ret; #endif @@ -11283,12 +11285,12 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) int ret = 0; int len = bits / 8; int initTmpRng = 0; - RNG* rng = NULL; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; byte* buff = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; byte buff[1024]; #endif @@ -11301,7 +11303,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) #ifdef WOLFSSL_SMALL_STACK buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); - tmpRNG = (RNG*) XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (buff == NULL || tmpRNG == NULL) { XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -11924,23 +11926,23 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) word32 pubSz = 768; word32 privSz = 768; int initTmpRng = 0; - RNG* rng = NULL; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK unsigned char* pub = NULL; unsigned char* priv = NULL; - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; #else unsigned char pub [768]; unsigned char priv[768]; - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_MSG("wolfSSL_DH_generate_key"); #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); - pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL || pub == NULL || priv == NULL) { XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -12515,11 +12517,12 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, (void)cb; (void)bn; + (void)bits; WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex"); - if (rsa == NULL || rsa->internal == NULL || - bits < RSA_MIN_SIZE || bits > RSA_MAX_SIZE) { + if (rsa == NULL || rsa->internal == NULL) { + /* bit size checked during make key call */ WOLFSSL_MSG("bad arguments"); return SSL_FAILURE; } @@ -12527,13 +12530,13 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, #ifdef WOLFSSL_KEY_GEN { #ifdef WOLFSSL_SMALL_STACK - RNG* rng = NULL; + WC_RNG* rng = NULL; #else - RNG rng[1]; + WC_RNG rng[1]; #endif #ifdef WOLFSSL_SMALL_STACK - rng = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (rng == NULL) return SSL_FAILURE; #endif @@ -12648,15 +12651,15 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa) #ifdef WOLFSSL_KEY_GEN { int initTmpRng = 0; - RNG *rng = NULL; + WC_RNG *rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG *tmpRNG = NULL; + WC_RNG *tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif @@ -12721,15 +12724,15 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits, #ifdef WOLFSSL_KEY_GEN { int initTmpRng = 0; - RNG *rng = NULL; + WC_RNG *rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG *tmpRNG = NULL; + WC_RNG *tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif @@ -12773,13 +12776,13 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits, int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WOLFSSL_DSA* dsa) { - int ret = SSL_FATAL_ERROR; - int initTmpRng = 0; - RNG* rng = NULL; + int ret = SSL_FATAL_ERROR; + int initTmpRng = 0; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_DSA_do_sign"); @@ -12800,7 +12803,7 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif @@ -12872,17 +12875,17 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa) { - word32 outLen; - word32 signSz; - int initTmpRng = 0; - RNG* rng = NULL; - int ret = 0; + word32 outLen; + word32 signSz; + int initTmpRng = 0; + WC_RNG* rng = NULL; + int ret = 0; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; - byte* encodedSig = NULL; + WC_RNG* tmpRNG = NULL; + byte* encodedSig = NULL; #else - RNG tmpRNG[1]; - byte encodedSig[MAX_ENCODED_SIG_SZ]; + WC_RNG tmpRNG[1]; + byte encodedSig[MAX_ENCODED_SIG_SZ]; #endif WOLFSSL_MSG("wolfSSL_RSA_sign"); @@ -12910,7 +12913,7 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, outLen = (word32)wolfSSL_BN_num_bytes(rsa->n); #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return 0; @@ -14021,12 +14024,12 @@ int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group) int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) { - int initTmpRng = 0; - RNG* rng = NULL; + int initTmpRng = 0; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key"); @@ -14038,7 +14041,7 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return 0; #endif @@ -14656,12 +14659,12 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, WOLFSSL_EC_KEY *key) { WOLFSSL_ECDSA_SIG *sig = NULL; - int initTmpRng = 0; - RNG* rng = NULL; + int initTmpRng = 0; + WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + WC_RNG* tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign"); @@ -14683,7 +14686,7 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return NULL; #endif @@ -15484,7 +15487,7 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, word32 szNeeded = 0; WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem"); - if (!chain || !outLen) + if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain)) return BAD_FUNC_ARG; /* Null output buffer return size needed in outLen */ @@ -16344,11 +16347,11 @@ int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, #else /* WOLFSSL_KEY_GEN */ int ret = SSL_FAILURE; int initTmpRng = 0; - RNG *rng = NULL; + WC_RNG *rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG *tmpRNG = NULL; + WC_RNG *tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_EC25519_generate_key"); @@ -16360,7 +16363,7 @@ int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return SSL_FAILURE; #endif @@ -16482,11 +16485,11 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, #else /* WOLFSSL_KEY_GEN */ int ret = SSL_FAILURE; int initTmpRng = 0; - RNG *rng = NULL; + WC_RNG *rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG *tmpRNG = NULL; + WC_RNG *tmpRNG = NULL; #else - RNG tmpRNG[1]; + WC_RNG tmpRNG[1]; #endif WOLFSSL_ENTER("wolfSSL_ED25519_generate_key"); @@ -16498,7 +16501,7 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif diff --git a/src/tls.c b/src/tls.c index 39f36bb17..59bafa0ed 100644 --- a/src/tls.c +++ b/src/tls.c @@ -310,7 +310,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, /* If a cipher suite wants an algorithm better than sha256, it * should use better. */ - if (hash_type < sha256_mac) + if (hash_type < sha256_mac || hash_type == blake2b_mac) hash_type = sha256_mac; ret = p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen, hash_type); @@ -350,7 +350,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 - if (ssl->specs.mac_algorithm <= sha256_mac) { + if (ssl->specs.mac_algorithm <= sha256_mac || ssl->specs.mac_algorithm == blake2b_mac) { int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash); if (ret != 0) @@ -2058,7 +2058,7 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket) #ifdef HAVE_QSH -static RNG* rng; +static WC_RNG* rng; static wolfSSL_Mutex* rngMutex; static void TLSX_QSH_FreeAll(QSHScheme* list) @@ -2841,7 +2841,7 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes) int ret = 0; if (rng == NULL) { - if ((rng = XMALLOC(sizeof(RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL) + if ((rng = XMALLOC(sizeof(WC_RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL) return DRBG_OUT_OF_MEMORY; wc_InitRng(rng); } diff --git a/support/wolfssl.pc b/support/wolfssl.pc index f95d19b7a..619d3a7c2 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.6.2 +Version: 3.6.3 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/swig/wolfssl.i b/swig/wolfssl.i index a03e79cbc..286e263e4 100644 --- a/swig/wolfssl.i +++ b/swig/wolfssl.i @@ -27,7 +27,7 @@ /* defn adds */ char* wolfSSL_error_string(int err); int wolfSSL_swig_connect(WOLFSSL*, const char* server, int port); - RNG* GetRng(void); + WC_RNG* GetRng(void); RsaKey* GetRsaPrivateKey(const char* file); void FillSignStr(unsigned char*, const char*, int); %} @@ -44,11 +44,11 @@ int wolfSSL_Init(void); char* wolfSSL_error_string(int); int wolfSSL_swig_connect(WOLFSSL*, const char* server, int port); -int wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, RNG* rng); +int wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, WC_RNG* rng); int wc_RsaSSL_Verify(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key); -RNG* GetRng(void); +WC_RNG* GetRng(void); RsaKey* GetRsaPrivateKey(const char* file); void FillSignStr(unsigned char*, const char*, int); diff --git a/swig/wolfssl_adds.c b/swig/wolfssl_adds.c index e12ccac74..00267c926 100644 --- a/swig/wolfssl_adds.c +++ b/swig/wolfssl_adds.c @@ -182,9 +182,9 @@ char* wolfSSL_error_string(int err) } -RNG* GetRng(void) +WC_RNG* GetRng(void) { - RNG* rng = (RNG*)malloc(sizeof(RNG)); + WC_RNG* rng = (WC_RNG*)malloc(sizeof(WC_RNG)); if (rng) if (wc_InitRng(rng) != 0) { diff --git a/tests/CONF_FILES_README.md b/tests/CONF_FILES_README.md new file mode 100644 index 000000000..ab260c25d --- /dev/null +++ b/tests/CONF_FILES_README.md @@ -0,0 +1,4 @@ +suites.c is a dynamicically written program where new test cases can be written +and added to as needed. When creating a new configure file for a test be sure +to use the exact formatting as the existing configure files. Reference test.conf +for an example. diff --git a/tests/README b/tests/README new file mode 100644 index 000000000..669d024ff --- /dev/null +++ b/tests/README @@ -0,0 +1 @@ +Before creating any new configure files (.conf) read the CONF_FILES_README.md diff --git a/tests/api.c b/tests/api.c index 02d9cd9b6..a34ecebbc 100644 --- a/tests/api.c +++ b/tests/api.c @@ -101,8 +101,10 @@ static void test_wolfSSL_Method_Allocators(void) TEST_METHOD_ALLOCATOR(a, AssertNull) #ifndef NO_OLD_TLS - TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method); - TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method); + #ifdef WOLFSSL_ALLOW_SSLV3 + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method); + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method); + #endif TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method); TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method); TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); diff --git a/tests/include.am b/tests/include.am index 006458523..802ec5ad1 100644 --- a/tests/include.am +++ b/tests/include.am @@ -11,6 +11,7 @@ tests_unit_test_SOURCES = \ tests/api.c \ tests/suites.c \ tests/hash.c \ + tests/srp.c \ examples/client/client.c \ examples/server/server.c tests_unit_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) @@ -19,5 +20,7 @@ tests_unit_test_DEPENDENCIES = src/libwolfssl.la endif EXTRA_DIST += tests/unit.h EXTRA_DIST += tests/test.conf \ + tests/test-qsh.conf \ + tests/test-psk-no-id.conf \ tests/test-dtls.conf DISTCLEANFILES+= tests/.libs/unit.test diff --git a/tests/srp.c b/tests/srp.c new file mode 100644 index 000000000..691bbdabe --- /dev/null +++ b/tests/srp.c @@ -0,0 +1,696 @@ +/* srp.c SRP unit tests + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU Geteral Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Geteral Public License for more details. + * + * You should have received a copy of the GNU Geteral Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#include +#include +#include + +#ifdef WOLFCRYPT_HAVE_SRP + +static byte username[] = "user"; +static word32 usernameSz = 4; + +static byte password[] = "password"; +static word32 passwordSz = 8; + +static byte N[] = { + 0xD4, 0xC7, 0xF8, 0xA2, 0xB3, 0x2C, 0x11, 0xB8, 0xFB, 0xA9, 0x58, 0x1E, + 0xC4, 0xBA, 0x4F, 0x1B, 0x04, 0x21, 0x56, 0x42, 0xEF, 0x73, 0x55, 0xE3, + 0x7C, 0x0F, 0xC0, 0x44, 0x3E, 0xF7, 0x56, 0xEA, 0x2C, 0x6B, 0x8E, 0xEB, + 0x75, 0x5A, 0x1C, 0x72, 0x30, 0x27, 0x66, 0x3C, 0xAA, 0x26, 0x5E, 0xF7, + 0x85, 0xB8, 0xFF, 0x6A, 0x9B, 0x35, 0x22, 0x7A, 0x52, 0xD8, 0x66, 0x33, + 0xDB, 0xDF, 0xCA, 0x43 +}; + +static byte g[] = { + 0x02 +}; + +static byte salt[] = { + 0x80, 0x66, 0x61, 0x5B, 0x7D, 0x33, 0xA2, 0x2E, 0x79, 0x18 +}; + +static byte verifier[] = { + 0x24, 0x5F, 0xA5, 0x1B, 0x2A, 0x28, 0xF8, 0xFF, 0xE2, 0xA0, 0xF8, 0x61, + 0x7B, 0x0F, 0x3C, 0x05, 0xD6, 0x4A, 0x55, 0xDF, 0x74, 0x31, 0x54, 0x47, + 0xA1, 0xFA, 0x9D, 0x25, 0x7B, 0x02, 0x88, 0x0A, 0xE8, 0x5A, 0xBA, 0x8B, + 0xA2, 0xD3, 0x8A, 0x62, 0x46, 0x8C, 0xEC, 0x52, 0xBE, 0xDE, 0xFC, 0x75, + 0xF5, 0xDB, 0x9C, 0x8C, 0x9B, 0x34, 0x7A, 0xE7, 0x4A, 0x5F, 0xBB, 0x96, + 0x38, 0x19, 0xAB, 0x24 +}; + +static byte a[] = { + 0x37, 0x95, 0xF2, 0xA6, 0xF1, 0x6F, 0x0D, 0x58, 0xBF, 0xED, 0x44, 0x87, + 0xE0, 0xB6, 0xCC, 0x1C, 0xA0, 0x50, 0xC6, 0x61, 0xBB, 0x36, 0xE0, 0x9A, + 0xF3, 0xF7, 0x1E, 0x7A, 0x61, 0x86, 0x5A, 0xF5 +}; + +static byte A[] = { + 0x8D, 0x28, 0xC5, 0x6A, 0x46, 0x5C, 0x82, 0xDB, 0xC7, 0xF6, 0x8B, 0x62, + 0x1A, 0xAD, 0xA1, 0x76, 0x1B, 0x55, 0xFF, 0xAB, 0x10, 0x2F, 0xFF, 0x4A, + 0xAA, 0x46, 0xAD, 0x33, 0x64, 0xDE, 0x28, 0x2E, 0x82, 0x7A, 0xBE, 0xEA, + 0x32, 0xFC, 0xD6, 0x14, 0x01, 0x71, 0xE6, 0xC8, 0xC9, 0x53, 0x69, 0x55, + 0xE1, 0xF8, 0x3D, 0xDD, 0xC7, 0xD5, 0x21, 0xCE, 0xFF, 0x17, 0xFC, 0x23, + 0xBF, 0xCF, 0x2D, 0xB0 +}; + +static byte b[] = { + 0x2B, 0xDD, 0x30, 0x30, 0x53, 0xAF, 0xD8, 0x3A, 0xE7, 0xE0, 0x17, 0x82, + 0x39, 0x44, 0x2C, 0xDB, 0x30, 0x88, 0x0F, 0xC8, 0x88, 0xC2, 0xB2, 0xC1, + 0x78, 0x43, 0x2F, 0xD5, 0x60, 0xD4, 0xDA, 0x43 +}; + +static byte B[] = { + 0xB5, 0x80, 0x36, 0x7F, 0x50, 0x89, 0xC1, 0x04, 0x42, 0x98, 0xD7, 0x6A, + 0x37, 0x8E, 0xF1, 0x81, 0x52, 0xC5, 0x7A, 0xA1, 0xD5, 0xB7, 0x66, 0x84, + 0xA1, 0x3E, 0x32, 0x82, 0x2B, 0x3A, 0xB5, 0xD7, 0x3D, 0x50, 0xF1, 0x58, + 0xBD, 0x89, 0x75, 0xC7, 0x51, 0xCF, 0x6C, 0x03, 0xD4, 0xCA, 0xD5, 0x6E, + 0x97, 0x4D, 0xA3, 0x1E, 0x19, 0x0B, 0xF0, 0xAA, 0x7D, 0x14, 0x90, 0x80, + 0x0E, 0xC7, 0x92, 0xAD +}; + +static byte key[] = { + 0x66, 0x00, 0x9D, 0x58, 0xB3, 0xD2, 0x0D, 0x4B, 0x69, 0x7F, 0xCF, 0x48, + 0xFF, 0x8F, 0x15, 0x81, 0x4C, 0x4B, 0xFE, 0x9D, 0x85, 0x77, 0x88, 0x60, + 0x1D, 0x1E, 0x51, 0xCF, 0x75, 0xCC, 0x58, 0x00, 0xE7, 0x8D, 0x22, 0x87, + 0x13, 0x6C, 0x88, 0x55 +}; + +static byte client_proof[] = { + 0x0D, 0x49, 0xE1, 0x9C, 0x3A, 0x88, 0x43, 0x15, 0x45, 0xA8, 0xAC, 0xAB, + 0xEA, 0x15, 0x1A, 0xEE, 0xF9, 0x38, 0x4D, 0x21 +}; + +static byte server_proof[] = { + 0xBD, 0xB1, 0x20, 0x70, 0x46, 0xC9, 0xD6, 0xCC, 0xE2, 0x1D, 0x75, 0xA2, + 0xD0, 0xAF, 0xC5, 0xBC, 0xAE, 0x12, 0xFC, 0x75 +}; + +static void test_SrpInit(void) +{ + Srp srp; + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, 255, SRP_CLIENT_SIDE)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, 255 )); + + /* success */ + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + + wc_SrpTerm(&srp); +} + +static void test_SrpSetUsername(void) +{ + Srp srp; + + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL, usernameSz)); + + /* success */ + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + AssertIntEQ((int) usernameSz, srp.userSz); + AssertIntEQ(0, XMEMCMP(srp.user, username, usernameSz)); + + wc_SrpTerm(&srp); +} + +static void test_SrpSetParams(void) +{ + Srp srp; + + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + + /* invalid call order */ + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, NULL, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, N, sizeof(N), + NULL, sizeof(g), + salt, sizeof(salt))); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + NULL, sizeof(salt))); + + /* success */ + AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + AssertIntEQ(sizeof(salt), srp.saltSz); + AssertIntEQ(0, XMEMCMP(srp.salt, salt, srp.saltSz)); + + wc_SrpTerm(&srp); +} + +static void test_SrpSetPassword(void) +{ + Srp srp; + byte v[64]; + word32 vSz = 0; + + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + + /* invalid call order */ + AssertIntEQ(SRP_CALL_ORDER_E, + wc_SrpSetPassword(&srp, password, passwordSz)); + AssertIntEQ(SRP_CALL_ORDER_E, + wc_SrpGetVerifier(&srp, v, &vSz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(NULL, password, passwordSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(&srp, NULL, passwordSz)); + + /* success */ + AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz)); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(NULL, v, &vSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(&srp, NULL, &vSz)); + AssertIntEQ(BUFFER_E, wc_SrpGetVerifier(&srp, v, &vSz)); + + /* success */ + vSz = sizeof(v); + AssertIntEQ(0, wc_SrpGetVerifier(&srp, v, &vSz)); + AssertIntEQ(vSz, sizeof(verifier)); + AssertIntEQ(0, XMEMCMP(verifier, v, vSz)); + + /* invalid params - client side srp */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, v, vSz)); + + wc_SrpTerm(&srp); + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(NULL, v, vSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, NULL, vSz)); + + /* success */ + AssertIntEQ(0, wc_SrpSetVerifier(&srp, v, vSz)); + + wc_SrpTerm(&srp); +} + +static void test_SrpGetPublic(void) +{ + Srp srp; + byte public[64]; + word32 publicSz = 0; + + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + /* invalid call order */ + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz)); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, public, &publicSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL, &publicSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, public, NULL)); + AssertIntEQ(BUFFER_E, wc_SrpGetPublic(&srp, public, &publicSz)); + + /* success */ + publicSz = sizeof(public); + AssertIntEQ(0, wc_SrpSetPrivate(&srp, a, sizeof(a))); + AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz)); + AssertIntEQ(publicSz, sizeof(A)); + AssertIntEQ(0, XMEMCMP(public, A, publicSz)); + + wc_SrpTerm(&srp); + + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetParams(&srp, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + /* invalid call order */ + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetVerifier(&srp, verifier, sizeof(verifier))); + + /* success */ + AssertIntEQ(0, wc_SrpSetPrivate(&srp, b, sizeof(b))); + AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz)); + AssertIntEQ(publicSz, sizeof(B)); + AssertIntEQ(0, XMEMCMP(public, B, publicSz)); + + wc_SrpTerm(&srp); +} + +static void test_SrpComputeKey(void) +{ + Srp cli, srv; + byte clientPubKey[64]; + byte serverPubKey[64]; + word32 clientPubKeySz = 64; + word32 serverPubKeySz = 64; + + AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + + /* invalid call order */ + AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpComputeKey(&cli, + clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz)); + + AssertIntEQ(0, wc_SrpSetParams(&cli, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + AssertIntEQ(0, wc_SrpSetParams(&srv, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz)); + AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier, sizeof(verifier))); + + AssertIntEQ(0, wc_SrpSetPrivate(&cli, a, sizeof(a))); + AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz)); + AssertIntEQ(0, XMEMCMP(clientPubKey, A, clientPubKeySz)); + AssertIntEQ(0, wc_SrpSetPrivate(&srv, b, sizeof(b))); + AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(serverPubKey, B, serverPubKeySz)); + + /* invalid params */ + AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(NULL, + clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli, + NULL, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli, + clientPubKey, 0, + serverPubKey, serverPubKeySz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli, + clientPubKey, clientPubKeySz, + NULL, serverPubKeySz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli, + clientPubKey, clientPubKeySz, + serverPubKey, 0)); + + /* success */ + AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(cli.key, key, sizeof(key))); + AssertIntEQ(0, XMEMCMP(srv.key, key, sizeof(key))); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); +} + +static void test_SrpGetProofAndVerify(void) +{ + Srp cli, srv; + byte clientPubKey[64]; + byte serverPubKey[64]; + word32 clientPubKeySz = 64; + word32 serverPubKeySz = 64; + byte clientProof[SRP_MAX_DIGEST_SIZE]; + byte serverProof[SRP_MAX_DIGEST_SIZE]; + word32 clientProofSz = SRP_MAX_DIGEST_SIZE; + word32 serverProofSz = SRP_MAX_DIGEST_SIZE; + + AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + + AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz)); + + AssertIntEQ(0, wc_SrpSetParams(&cli, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + AssertIntEQ(0, wc_SrpSetParams(&srv, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt))); + + AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz)); + AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier, sizeof(verifier))); + + AssertIntEQ(0, wc_SrpSetPrivate(&cli, a, sizeof(a))); + AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz)); + AssertIntEQ(0, XMEMCMP(clientPubKey, A, clientPubKeySz)); + + AssertIntEQ(0, wc_SrpSetPrivate(&srv, b, sizeof(b))); + AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(serverPubKey, B, serverPubKeySz)); + + AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(cli.key, key, sizeof(key))); + + AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(srv.key, key, sizeof(key))); + + /* invalid params */ + serverProofSz = 0; + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(NULL, clientProof,&clientProofSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, NULL, &clientProofSz)); + AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, clientProof,NULL)); + AssertIntEQ(BUFFER_E, wc_SrpGetProof(&srv, serverProof,&serverProofSz)); + + AssertIntEQ(BAD_FUNC_ARG, + wc_SrpVerifyPeersProof(NULL, clientProof, clientProofSz)); + AssertIntEQ(BAD_FUNC_ARG, + wc_SrpVerifyPeersProof(&cli, NULL, clientProofSz)); + AssertIntEQ(BUFFER_E, + wc_SrpVerifyPeersProof(&srv, serverProof, serverProofSz)); + serverProofSz = SRP_MAX_DIGEST_SIZE; + + /* success */ + AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz)); + AssertIntEQ(0, XMEMCMP(clientProof, client_proof, sizeof(client_proof))); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz)); + AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz)); + AssertIntEQ(0, XMEMCMP(serverProof, server_proof, sizeof(server_proof))); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz)); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); +} + +static int sha512_key_gen(Srp* srp, byte* secret, word32 size) +{ + Sha512 hash; + int r; + + srp->key = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_SRP); + if (srp->key == NULL) + return MEMORY_E; + + srp->keySz = SHA512_DIGEST_SIZE; + + r = wc_InitSha512(&hash); + if (!r) r = wc_Sha512Update(&hash, secret, size); + if (!r) r = wc_Sha512Final(&hash, srp->key); + + XMEMSET(&hash, 0, sizeof(Sha512)); + + return r; +} + +static void test_SrpKeyGenFunc_cb(void) +{ + Srp cli, srv; + byte clientPubKey[1024]; + byte serverPubKey[1024]; + word32 clientPubKeySz = 1024; + word32 serverPubKeySz = 1024; + byte clientProof[SRP_MAX_DIGEST_SIZE]; + byte serverProof[SRP_MAX_DIGEST_SIZE]; + word32 clientProofSz = SRP_MAX_DIGEST_SIZE; + word32 serverProofSz = SRP_MAX_DIGEST_SIZE; + + byte username_[] = "alice"; + word32 usernameSz_ = 5; + + byte password_[] = "password123"; + word32 passwordSz_ = 11; + + byte N_[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, + 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, + 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, + 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, + 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, + 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, + 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, + 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + }; + + byte g_[] = { + 0x05 + }; + + byte salt_[] = { + 0xBE, 0xB2, 0x53, 0x79, 0xD1, 0xA8, 0x58, 0x1E, 0xB5, 0xA7, 0x27, 0x67, + 0x3A, 0x24, 0x41, 0xEE + }; + + byte verifier_[] = { + 0x9B, 0x5E, 0x06, 0x17, 0x01, 0xEA, 0x7A, 0xEB, 0x39, 0xCF, 0x6E, 0x35, + 0x19, 0x65, 0x5A, 0x85, 0x3C, 0xF9, 0x4C, 0x75, 0xCA, 0xF2, 0x55, 0x5E, + 0xF1, 0xFA, 0xF7, 0x59, 0xBB, 0x79, 0xCB, 0x47, 0x70, 0x14, 0xE0, 0x4A, + 0x88, 0xD6, 0x8F, 0xFC, 0x05, 0x32, 0x38, 0x91, 0xD4, 0xC2, 0x05, 0xB8, + 0xDE, 0x81, 0xC2, 0xF2, 0x03, 0xD8, 0xFA, 0xD1, 0xB2, 0x4D, 0x2C, 0x10, + 0x97, 0x37, 0xF1, 0xBE, 0xBB, 0xD7, 0x1F, 0x91, 0x24, 0x47, 0xC4, 0xA0, + 0x3C, 0x26, 0xB9, 0xFA, 0xD8, 0xED, 0xB3, 0xE7, 0x80, 0x77, 0x8E, 0x30, + 0x25, 0x29, 0xED, 0x1E, 0xE1, 0x38, 0xCC, 0xFC, 0x36, 0xD4, 0xBA, 0x31, + 0x3C, 0xC4, 0x8B, 0x14, 0xEA, 0x8C, 0x22, 0xA0, 0x18, 0x6B, 0x22, 0x2E, + 0x65, 0x5F, 0x2D, 0xF5, 0x60, 0x3F, 0xD7, 0x5D, 0xF7, 0x6B, 0x3B, 0x08, + 0xFF, 0x89, 0x50, 0x06, 0x9A, 0xDD, 0x03, 0xA7, 0x54, 0xEE, 0x4A, 0xE8, + 0x85, 0x87, 0xCC, 0xE1, 0xBF, 0xDE, 0x36, 0x79, 0x4D, 0xBA, 0xE4, 0x59, + 0x2B, 0x7B, 0x90, 0x4F, 0x44, 0x2B, 0x04, 0x1C, 0xB1, 0x7A, 0xEB, 0xAD, + 0x1E, 0x3A, 0xEB, 0xE3, 0xCB, 0xE9, 0x9D, 0xE6, 0x5F, 0x4B, 0xB1, 0xFA, + 0x00, 0xB0, 0xE7, 0xAF, 0x06, 0x86, 0x3D, 0xB5, 0x3B, 0x02, 0x25, 0x4E, + 0xC6, 0x6E, 0x78, 0x1E, 0x3B, 0x62, 0xA8, 0x21, 0x2C, 0x86, 0xBE, 0xB0, + 0xD5, 0x0B, 0x5B, 0xA6, 0xD0, 0xB4, 0x78, 0xD8, 0xC4, 0xE9, 0xBB, 0xCE, + 0xC2, 0x17, 0x65, 0x32, 0x6F, 0xBD, 0x14, 0x05, 0x8D, 0x2B, 0xBD, 0xE2, + 0xC3, 0x30, 0x45, 0xF0, 0x38, 0x73, 0xE5, 0x39, 0x48, 0xD7, 0x8B, 0x79, + 0x4F, 0x07, 0x90, 0xE4, 0x8C, 0x36, 0xAE, 0xD6, 0xE8, 0x80, 0xF5, 0x57, + 0x42, 0x7B, 0x2F, 0xC0, 0x6D, 0xB5, 0xE1, 0xE2, 0xE1, 0xD7, 0xE6, 0x61, + 0xAC, 0x48, 0x2D, 0x18, 0xE5, 0x28, 0xD7, 0x29, 0x5E, 0xF7, 0x43, 0x72, + 0x95, 0xFF, 0x1A, 0x72, 0xD4, 0x02, 0x77, 0x17, 0x13, 0xF1, 0x68, 0x76, + 0xDD, 0x05, 0x0A, 0xE5, 0xB7, 0xAD, 0x53, 0xCC, 0xB9, 0x08, 0x55, 0xC9, + 0x39, 0x56, 0x64, 0x83, 0x58, 0xAD, 0xFD, 0x96, 0x64, 0x22, 0xF5, 0x24, + 0x98, 0x73, 0x2D, 0x68, 0xD1, 0xD7, 0xFB, 0xEF, 0x10, 0xD7, 0x80, 0x34, + 0xAB, 0x8D, 0xCB, 0x6F, 0x0F, 0xCF, 0x88, 0x5C, 0xC2, 0xB2, 0xEA, 0x2C, + 0x3E, 0x6A, 0xC8, 0x66, 0x09, 0xEA, 0x05, 0x8A, 0x9D, 0xA8, 0xCC, 0x63, + 0x53, 0x1D, 0xC9, 0x15, 0x41, 0x4D, 0xF5, 0x68, 0xB0, 0x94, 0x82, 0xDD, + 0xAC, 0x19, 0x54, 0xDE, 0xC7, 0xEB, 0x71, 0x4F, 0x6F, 0xF7, 0xD4, 0x4C, + 0xD5, 0xB8, 0x6F, 0x6B, 0xD1, 0x15, 0x81, 0x09, 0x30, 0x63, 0x7C, 0x01, + 0xD0, 0xF6, 0x01, 0x3B, 0xC9, 0x74, 0x0F, 0xA2, 0xC6, 0x33, 0xBA, 0x89 + }; + + byte a_[] = { + 0x60, 0x97, 0x55, 0x27, 0x03, 0x5C, 0xF2, 0xAD, 0x19, 0x89, 0x80, 0x6F, + 0x04, 0x07, 0x21, 0x0B, 0xC8, 0x1E, 0xDC, 0x04, 0xE2, 0x76, 0x2A, 0x56, + 0xAF, 0xD5, 0x29, 0xDD, 0xDA, 0x2D, 0x43, 0x93 + }; + + byte A_[] = { + 0xFA, 0xB6, 0xF5, 0xD2, 0x61, 0x5D, 0x1E, 0x32, 0x35, 0x12, 0xE7, 0x99, + 0x1C, 0xC3, 0x74, 0x43, 0xF4, 0x87, 0xDA, 0x60, 0x4C, 0xA8, 0xC9, 0x23, + 0x0F, 0xCB, 0x04, 0xE5, 0x41, 0xDC, 0xE6, 0x28, 0x0B, 0x27, 0xCA, 0x46, + 0x80, 0xB0, 0x37, 0x4F, 0x17, 0x9D, 0xC3, 0xBD, 0xC7, 0x55, 0x3F, 0xE6, + 0x24, 0x59, 0x79, 0x8C, 0x70, 0x1A, 0xD8, 0x64, 0xA9, 0x13, 0x90, 0xA2, + 0x8C, 0x93, 0xB6, 0x44, 0xAD, 0xBF, 0x9C, 0x00, 0x74, 0x5B, 0x94, 0x2B, + 0x79, 0xF9, 0x01, 0x2A, 0x21, 0xB9, 0xB7, 0x87, 0x82, 0x31, 0x9D, 0x83, + 0xA1, 0xF8, 0x36, 0x28, 0x66, 0xFB, 0xD6, 0xF4, 0x6B, 0xFC, 0x0D, 0xDB, + 0x2E, 0x1A, 0xB6, 0xE4, 0xB4, 0x5A, 0x99, 0x06, 0xB8, 0x2E, 0x37, 0xF0, + 0x5D, 0x6F, 0x97, 0xF6, 0xA3, 0xEB, 0x6E, 0x18, 0x20, 0x79, 0x75, 0x9C, + 0x4F, 0x68, 0x47, 0x83, 0x7B, 0x62, 0x32, 0x1A, 0xC1, 0xB4, 0xFA, 0x68, + 0x64, 0x1F, 0xCB, 0x4B, 0xB9, 0x8D, 0xD6, 0x97, 0xA0, 0xC7, 0x36, 0x41, + 0x38, 0x5F, 0x4B, 0xAB, 0x25, 0xB7, 0x93, 0x58, 0x4C, 0xC3, 0x9F, 0xC8, + 0xD4, 0x8D, 0x4B, 0xD8, 0x67, 0xA9, 0xA3, 0xC1, 0x0F, 0x8E, 0xA1, 0x21, + 0x70, 0x26, 0x8E, 0x34, 0xFE, 0x3B, 0xBE, 0x6F, 0xF8, 0x99, 0x98, 0xD6, + 0x0D, 0xA2, 0xF3, 0xE4, 0x28, 0x3C, 0xBE, 0xC1, 0x39, 0x3D, 0x52, 0xAF, + 0x72, 0x4A, 0x57, 0x23, 0x0C, 0x60, 0x4E, 0x9F, 0xBC, 0xE5, 0x83, 0xD7, + 0x61, 0x3E, 0x6B, 0xFF, 0xD6, 0x75, 0x96, 0xAD, 0x12, 0x1A, 0x87, 0x07, + 0xEE, 0xC4, 0x69, 0x44, 0x95, 0x70, 0x33, 0x68, 0x6A, 0x15, 0x5F, 0x64, + 0x4D, 0x5C, 0x58, 0x63, 0xB4, 0x8F, 0x61, 0xBD, 0xBF, 0x19, 0xA5, 0x3E, + 0xAB, 0x6D, 0xAD, 0x0A, 0x18, 0x6B, 0x8C, 0x15, 0x2E, 0x5F, 0x5D, 0x8C, + 0xAD, 0x4B, 0x0E, 0xF8, 0xAA, 0x4E, 0xA5, 0x00, 0x88, 0x34, 0xC3, 0xCD, + 0x34, 0x2E, 0x5E, 0x0F, 0x16, 0x7A, 0xD0, 0x45, 0x92, 0xCD, 0x8B, 0xD2, + 0x79, 0x63, 0x93, 0x98, 0xEF, 0x9E, 0x11, 0x4D, 0xFA, 0xAA, 0xB9, 0x19, + 0xE1, 0x4E, 0x85, 0x09, 0x89, 0x22, 0x4D, 0xDD, 0x98, 0x57, 0x6D, 0x79, + 0x38, 0x5D, 0x22, 0x10, 0x90, 0x2E, 0x9F, 0x9B, 0x1F, 0x2D, 0x86, 0xCF, + 0xA4, 0x7E, 0xE2, 0x44, 0x63, 0x54, 0x65, 0xF7, 0x10, 0x58, 0x42, 0x1A, + 0x01, 0x84, 0xBE, 0x51, 0xDD, 0x10, 0xCC, 0x9D, 0x07, 0x9E, 0x6F, 0x16, + 0x04, 0xE7, 0xAA, 0x9B, 0x7C, 0xF7, 0x88, 0x3C, 0x7D, 0x4C, 0xE1, 0x2B, + 0x06, 0xEB, 0xE1, 0x60, 0x81, 0xE2, 0x3F, 0x27, 0xA2, 0x31, 0xD1, 0x84, + 0x32, 0xD7, 0xD1, 0xBB, 0x55, 0xC2, 0x8A, 0xE2, 0x1F, 0xFC, 0xF0, 0x05, + 0xF5, 0x75, 0x28, 0xD1, 0x5A, 0x88, 0x88, 0x1B, 0xB3, 0xBB, 0xB7, 0xFE + }; + + byte b_[] = { + 0xE4, 0x87, 0xCB, 0x59, 0xD3, 0x1A, 0xC5, 0x50, 0x47, 0x1E, 0x81, 0xF0, + 0x0F, 0x69, 0x28, 0xE0, 0x1D, 0xDA, 0x08, 0xE9, 0x74, 0xA0, 0x04, 0xF4, + 0x9E, 0x61, 0xF5, 0xD1, 0x05, 0x28, 0x4D, 0x20 + }; + + byte B_[] = { + 0x40, 0xF5, 0x70, 0x88, 0xA4, 0x82, 0xD4, 0xC7, 0x73, 0x33, 0x84, 0xFE, + 0x0D, 0x30, 0x1F, 0xDD, 0xCA, 0x90, 0x80, 0xAD, 0x7D, 0x4F, 0x6F, 0xDF, + 0x09, 0xA0, 0x10, 0x06, 0xC3, 0xCB, 0x6D, 0x56, 0x2E, 0x41, 0x63, 0x9A, + 0xE8, 0xFA, 0x21, 0xDE, 0x3B, 0x5D, 0xBA, 0x75, 0x85, 0xB2, 0x75, 0x58, + 0x9B, 0xDB, 0x27, 0x98, 0x63, 0xC5, 0x62, 0x80, 0x7B, 0x2B, 0x99, 0x08, + 0x3C, 0xD1, 0x42, 0x9C, 0xDB, 0xE8, 0x9E, 0x25, 0xBF, 0xBD, 0x7E, 0x3C, + 0xAD, 0x31, 0x73, 0xB2, 0xE3, 0xC5, 0xA0, 0xB1, 0x74, 0xDA, 0x6D, 0x53, + 0x91, 0xE6, 0xA0, 0x6E, 0x46, 0x5F, 0x03, 0x7A, 0x40, 0x06, 0x25, 0x48, + 0x39, 0xA5, 0x6B, 0xF7, 0x6D, 0xA8, 0x4B, 0x1C, 0x94, 0xE0, 0xAE, 0x20, + 0x85, 0x76, 0x15, 0x6F, 0xE5, 0xC1, 0x40, 0xA4, 0xBA, 0x4F, 0xFC, 0x9E, + 0x38, 0xC3, 0xB0, 0x7B, 0x88, 0x84, 0x5F, 0xC6, 0xF7, 0xDD, 0xDA, 0x93, + 0x38, 0x1F, 0xE0, 0xCA, 0x60, 0x84, 0xC4, 0xCD, 0x2D, 0x33, 0x6E, 0x54, + 0x51, 0xC4, 0x64, 0xCC, 0xB6, 0xEC, 0x65, 0xE7, 0xD1, 0x6E, 0x54, 0x8A, + 0x27, 0x3E, 0x82, 0x62, 0x84, 0xAF, 0x25, 0x59, 0xB6, 0x26, 0x42, 0x74, + 0x21, 0x59, 0x60, 0xFF, 0xF4, 0x7B, 0xDD, 0x63, 0xD3, 0xAF, 0xF0, 0x64, + 0xD6, 0x13, 0x7A, 0xF7, 0x69, 0x66, 0x1C, 0x9D, 0x4F, 0xEE, 0x47, 0x38, + 0x26, 0x03, 0xC8, 0x8E, 0xAA, 0x09, 0x80, 0x58, 0x1D, 0x07, 0x75, 0x84, + 0x61, 0xB7, 0x77, 0xE4, 0x35, 0x6D, 0xDA, 0x58, 0x35, 0x19, 0x8B, 0x51, + 0xFE, 0xEA, 0x30, 0x8D, 0x70, 0xF7, 0x54, 0x50, 0xB7, 0x16, 0x75, 0xC0, + 0x8C, 0x7D, 0x83, 0x02, 0xFD, 0x75, 0x39, 0xDD, 0x1F, 0xF2, 0xA1, 0x1C, + 0xB4, 0x25, 0x8A, 0xA7, 0x0D, 0x23, 0x44, 0x36, 0xAA, 0x42, 0xB6, 0xA0, + 0x61, 0x5F, 0x3F, 0x91, 0x5D, 0x55, 0xCC, 0x3B, 0x96, 0x6B, 0x27, 0x16, + 0xB3, 0x6E, 0x4D, 0x1A, 0x06, 0xCE, 0x5E, 0x5D, 0x2E, 0xA3, 0xBE, 0xE5, + 0xA1, 0x27, 0x0E, 0x87, 0x51, 0xDA, 0x45, 0xB6, 0x0B, 0x99, 0x7B, 0x0F, + 0xFD, 0xB0, 0xF9, 0x96, 0x2F, 0xEE, 0x4F, 0x03, 0xBE, 0xE7, 0x80, 0xBA, + 0x0A, 0x84, 0x5B, 0x1D, 0x92, 0x71, 0x42, 0x17, 0x83, 0xAE, 0x66, 0x01, + 0xA6, 0x1E, 0xA2, 0xE3, 0x42, 0xE4, 0xF2, 0xE8, 0xBC, 0x93, 0x5A, 0x40, + 0x9E, 0xAD, 0x19, 0xF2, 0x21, 0xBD, 0x1B, 0x74, 0xE2, 0x96, 0x4D, 0xD1, + 0x9F, 0xC8, 0x45, 0xF6, 0x0E, 0xFC, 0x09, 0x33, 0x8B, 0x60, 0xB6, 0xB2, + 0x56, 0xD8, 0xCA, 0xC8, 0x89, 0xCC, 0xA3, 0x06, 0xCC, 0x37, 0x0A, 0x0B, + 0x18, 0xC8, 0xB8, 0x86, 0xE9, 0x5D, 0xA0, 0xAF, 0x52, 0x35, 0xFE, 0xF4, + 0x39, 0x30, 0x20, 0xD2, 0xB7, 0xF3, 0x05, 0x69, 0x04, 0x75, 0x90, 0x42 + }; + + byte key_[] = { + 0x5C, 0xBC, 0x21, 0x9D, 0xB0, 0x52, 0x13, 0x8E, 0xE1, 0x14, 0x8C, 0x71, + 0xCD, 0x44, 0x98, 0x96, 0x3D, 0x68, 0x25, 0x49, 0xCE, 0x91, 0xCA, 0x24, + 0xF0, 0x98, 0x46, 0x8F, 0x06, 0x01, 0x5B, 0xEB, 0x6A, 0xF2, 0x45, 0xC2, + 0x09, 0x3F, 0x98, 0xC3, 0x65, 0x1B, 0xCA, 0x83, 0xAB, 0x8C, 0xAB, 0x2B, + 0x58, 0x0B, 0xBF, 0x02, 0x18, 0x4F, 0xEF, 0xDF, 0x26, 0x14, 0x2F, 0x73, + 0xDF, 0x95, 0xAC, 0x50 + }; + + AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA512, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA512, SRP_SERVER_SIDE)); + + AssertIntEQ(0, wc_SrpSetUsername(&cli, username_, usernameSz_)); + AssertIntEQ(0, wc_SrpSetUsername(&srv, username_, usernameSz_)); + + AssertIntEQ(0, wc_SrpSetParams(&cli, N_, sizeof(N_), + g_, sizeof(g_), + salt_, sizeof(salt_))); + AssertIntEQ(0, wc_SrpSetParams(&srv, N_, sizeof(N_), + g_, sizeof(g_), + salt_, sizeof(salt_))); + + AssertIntEQ(0, wc_SrpSetPassword(&cli, password_, passwordSz_)); + AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier_, sizeof(verifier_))); + + AssertIntEQ(0, wc_SrpSetPrivate(&cli, a_, sizeof(a_))); + AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz)); + AssertIntEQ(0, XMEMCMP(clientPubKey, A_, clientPubKeySz)); + + AssertIntEQ(0, wc_SrpSetPrivate(&srv, b_, sizeof(b_))); + AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(serverPubKey, B_, serverPubKeySz)); + + cli.keyGenFunc_cb = sha512_key_gen; + AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(cli.key, key_, sizeof(key_))); + + srv.keyGenFunc_cb = sha512_key_gen; + AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(srv.key, key_, sizeof(key_))); + + AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz)); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz)); + + AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz)); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz)); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); +} + +#endif + +void SrpTest(void) +{ +#ifdef WOLFCRYPT_HAVE_SRP + test_SrpInit(); + test_SrpSetUsername(); + test_SrpSetParams(); + test_SrpSetPassword(); + test_SrpGetPublic(); + test_SrpComputeKey(); + test_SrpGetProofAndVerify(); + test_SrpKeyGenFunc_cb(); +#endif +} diff --git a/tests/suites.c b/tests/suites.c index cb30cdf25..bd8a8da3f 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -36,7 +36,7 @@ #define MAX_COMMAND_SZ 240 #define MAX_SUITE_SZ 80 #define NOT_BUILT_IN -123 -#ifdef NO_OLD_TLS +#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) #define VERSION_TOO_OLD -124 #endif @@ -52,6 +52,28 @@ static char flagSep[] = " "; static char svrPort[] = "0"; +#ifndef WOLFSSL_ALLOW_SSLV3 +/* if the protocol version is sslv3 return 1, else 0 */ +static int IsSslVersion(const char* line) +{ + const char* find = "-v "; + char* begin = strstr(line, find); + + if (begin) { + int version = -1; + + begin += 3; + + version = atoi(begin); + + if (version == 0) + return 1; + } + + return 0; +} +#endif /* !WOLFSSL_ALLOW_SSLV3 */ + #ifdef NO_OLD_TLS /* if the protocol version is less than tls 1.2 return 1, else 0 */ static int IsOldTlsVersion(const char* line) @@ -71,7 +93,7 @@ static int IsOldTlsVersion(const char* line) } return 0; -} +} #endif /* NO_OLD_TLS */ @@ -168,6 +190,15 @@ static int execute_test_case(int svr_argc, char** svr_argv, return NOT_BUILT_IN; } +#ifndef WOLFSSL_ALLOW_SSLV3 + if (IsSslVersion(commandLine) == 1) { + #ifdef DEBUG_SUITE_TESTS + printf("protocol version on line %s is too old\n", commandLine); + #endif + return VERSION_TOO_OLD; + } +#endif + #ifdef NO_OLD_TLS if (IsOldTlsVersion(commandLine) == 1) { #ifdef DEBUG_SUITE_TESTS @@ -476,6 +507,17 @@ int SuiteTest(void) } #endif +#ifndef NO_PSK + /* add psk extra suites */ + strcpy(argv0[1], "tests/test-psk-no-id.conf"); + printf("starting psk no identity extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } +#endif + printf(" End Cipher Suite Tests\n"); wolfSSL_CTX_free(cipherSuiteCtx); diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf new file mode 100644 index 000000000..9669dc5bc --- /dev/null +++ b/tests/test-psk-no-id.conf @@ -0,0 +1,154 @@ +# No Hint server TLSv1 PSK-AES128 +-s +-I +-v 1 +-l PSK-AES128-CBC-SHA + +# No Hint client TLSv1 PSK-AES128 +-s +-v 1 +-l PSK-AES128-CBC-SHA + +# No Hint server TLSv1 PSK-AES256 +-s +-I +-v 1 +-l PSK-AES256-CBC-SHA + +# No Hint client TLSv1 PSK-AES256 +-s +-v 1 +-l PSK-AES256-CBC-SHA + +# No Hint server TLSv1.1 PSK-AES128 +-s +-I +-v 2 +-l PSK-AES128-CBC-SHA + +# No Hint client TLSv1.1 PSK-AES128 +-s +-v 2 +-l PSK-AES128-CBC-SHA + +# No Hint server TLSv1.1 PSK-AES256 +-s +-I +-v 2 +-l PSK-AES256-CBC-SHA + +# No Hint client TLSv1.1 PSK-AES256 +-s +-v 2 +-l PSK-AES256-CBC-SHA + +# No Hint server TLSv1.2 PSK-AES128 +-s +-I +-v 3 +-l PSK-AES128-CBC-SHA + +# No Hint client TLSv1.2 PSK-AES128 +-s +-v 3 +-l PSK-AES128-CBC-SHA + +# No Hint server TLSv1.2 PSK-AES256 +-s +-I +-v 3 +-l PSK-AES256-CBC-SHA + +# No Hint client TLSv1.2 PSK-AES256 +-s +-v 3 +-l PSK-AES256-CBC-SHA + +# No Hint server TLSv1.0 PSK-AES128-SHA256 +-s +-I +-v 1 +-l PSK-AES128-CBC-SHA256 + +# No Hint client TLSv1.0 PSK-AES128-SHA256 +-s +-v 1 +-l PSK-AES128-CBC-SHA256 + +# No Hint server TLSv1.1 PSK-AES128-SHA256 +-s +-I +-v 2 +-l PSK-AES128-CBC-SHA256 + +# No Hint client TLSv1.1 PSK-AES128-SHA256 +-s +-v 2 +-l PSK-AES128-CBC-SHA256 + +# No Hint server TLSv1.2 PSK-AES128-SHA256 +-s +-I +-v 3 +-l PSK-AES128-CBC-SHA256 + +# No Hint client TLSv1.2 PSK-AES128-SHA256 +-s +-v 3 +-l PSK-AES128-CBC-SHA256 + +# No Hint server TLSv1.0 PSK-AES256-SHA384 +-s +-I +-v 1 +-l PSK-AES256-CBC-SHA384 + +# No Hint client TLSv1.0 PSK-AES256-SHA384 +-s +-v 1 +-l PSK-AES256-CBC-SHA384 + +# No Hint server TLSv1.1 PSK-AES256-SHA384 +-s +-I +-v 2 +-l PSK-AES256-CBC-SHA384 + +# No Hint client TLSv1.1 PSK-AES256-SHA384 +-s +-v 2 +-l PSK-AES256-CBC-SHA384 + +# No Hint server TLSv1.2 PSK-AES256-SHA384 +-s +-I +-v 3 +-l PSK-AES256-CBC-SHA384 + +# No Hint client TLSv1.2 PSK-AES256-SHA384 +-s +-v 3 +-l PSK-AES256-CBC-SHA384 + +# server TLSv1.2 PSK-AES128-GCM-SHA256 +-s +-I +-v 3 +-l PSK-AES128-GCM-SHA256 + +# client TLSv1.2 PSK-AES128-GCM-SHA256 +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# server TLSv1.2 PSK-AES256-GCM-SHA384 +-s +-I +-v 3 +-l PSK-AES256-GCM-SHA384 + +# client TLSv1.2 PSK-AES256-GCM-SHA384 +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + diff --git a/tests/unit.c b/tests/unit.c index 73ae2bcd7..3a7f2452c 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -77,6 +77,8 @@ int unit_test(int argc, char** argv) } #endif + SrpTest(); + #ifdef HAVE_CAVIUM CspShutdown(CAVIUM_DEV_ID); #endif @@ -92,7 +94,7 @@ void wait_tcp_ready(func_args* args) (void)args; #elif defined(_POSIX_THREADS) && !defined(__MINGW32__) pthread_mutex_lock(&args->signal->mutex); - + if (!args->signal->ready) pthread_cond_wait(&args->signal->cond, &args->signal->mutex); args->signal->ready = 0; /* reset */ @@ -176,4 +178,3 @@ void FreeTcpReady(tcp_ready* ready) (void)ready; #endif } - diff --git a/tests/unit.h b/tests/unit.h index bccd6d2ce..1a038a21f 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -27,8 +27,8 @@ #define Fail(description, result) do { \ printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \ - printf("\n\n test: "); printf description; \ - printf("\n\n result: "); printf result; \ + printf("\n expected: "); printf description; \ + printf("\n result: "); printf result; printf("\n\n"); \ abort(); \ } while(0) @@ -76,9 +76,9 @@ void ApiTest(void); -int SuiteTest(void); -int HashTest(void); +int SuiteTest(void); +int HashTest(void); +void SrpTest(void); #endif /* CyaSSL_UNIT_H */ - diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index e68af6177..ba36e1563 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -32,7 +32,11 @@ #ifdef FREESCALE_MQX #include - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif @@ -194,7 +198,7 @@ static int OpenNitroxDevice(int dma_mode,int dev_id) #if !defined(NO_RSA) || !defined(NO_DH) \ || defined(WOLFSSL_KEYGEN) || defined(HAVE_ECC) #define HAVE_LOCAL_RNG - static RNG rng; + static WC_RNG rng; #endif /* use kB instead of mB for embedded benchmarking */ diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index c9f8c74ad..9382edaf9 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -55,19 +55,6 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) } -int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, const byte* iv) -{ - return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv); -} - -int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, const byte* iv) -{ - return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv); -} - - /* AES-CTR */ #ifdef WOLFSSL_AES_COUNTER void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) @@ -1727,59 +1714,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } -int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Aes* aes = NULL; -#else - Aes aes[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (aes == NULL) - return MEMORY_E; -#endif - - ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION); - if (ret == 0) - ret = wc_AesCbcDecrypt(aes, out, in, inSz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - -int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Aes* aes = NULL; -#else - Aes aes[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (aes == NULL) - return MEMORY_E; -#endif - - ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION); - if (ret == 0) - ret = wc_AesCbcEncrypt(aes, out, in, inSz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} /* AES-DIRECT */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 05d882457..7b21b0aab 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -42,6 +42,7 @@ #include #include +#include #ifndef NO_RC4 @@ -66,7 +67,11 @@ #ifdef WOLFSSL_DEBUG_ENCODING #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif @@ -904,6 +909,9 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, byte key[MAX_KEY_SIZE]; #endif + (void)input; + (void)length; + switch (id) { case PBE_MD5_DES: typeH = MD5; @@ -1484,11 +1492,13 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */ if (sizes[i] <= MAX_SEQ_SZ) { + int err; + /* leading zero */ if (lbit) tmps[i][sizes[i]-1] = 0x00; - int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); + err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); if (err == MP_OKAY) { sizes[i] += (rawLen-lbit); /* lbit included in rawLen */ intTotalLen += sizes[i]; @@ -4913,11 +4923,13 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */ if (sizes[i] <= MAX_SEQ_SZ) { + int err; + /* leading zero */ if (lbit) tmps[i][sizes[i]-1] = 0x00; - int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); + err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); if (err == MP_OKAY) { sizes[i] += (rawLen-lbit); /* lbit included in rawLen */ intTotalLen += sizes[i]; @@ -5755,7 +5767,7 @@ static int SetName(byte* output, CertName* name) /* encode info from cert into DER encoded format */ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, - RNG* rng, const byte* ntruKey, word16 ntruSz) + WC_RNG* rng, const byte* ntruKey, word16 ntruSz) { int ret; @@ -5927,7 +5939,7 @@ static int WriteCertBody(DerCert* der, byte* buffer) /* Make RSA signature from buffer (sz), write to sig (sigSz) */ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, - RsaKey* rsaKey, ecc_key* eccKey, RNG* rng, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, int sigAlgoType) { int encSigSz, digestSz, typeH = 0, ret = 0; @@ -6052,7 +6064,7 @@ static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz, /* Make an x509 Certificate v3 any key type from cert input, write to buffer */ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, - RsaKey* rsaKey, ecc_key* eccKey, RNG* rng, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, const byte* ntruKey, word16 ntruSz) { int ret; @@ -6089,7 +6101,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, - ecc_key* eccKey, RNG* rng) + ecc_key* eccKey, WC_RNG* rng) { return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0); } @@ -6098,7 +6110,7 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, #ifdef HAVE_NTRU int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz, - const byte* ntruKey, word16 keySz, RNG* rng) + const byte* ntruKey, word16 keySz, WC_RNG* rng) { return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, ntruKey, keySz); } @@ -6314,7 +6326,7 @@ int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, - RsaKey* rsaKey, ecc_key* eccKey, RNG* rng) + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng) { int sigSz; #ifdef WOLFSSL_SMALL_STACK @@ -6351,7 +6363,7 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, - RsaKey* key, RNG* rng) + RsaKey* key, WC_RNG* rng) { int ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng); @@ -7583,7 +7595,7 @@ int EncodeOcspRequest(OcspRequest* req) extSz = 0; if (req->useNonce) { - RNG rng; + WC_RNG rng; if (wc_InitRng(&rng) != 0) { WOLFSSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce."); } else { diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index 21d10f9e9..c631d2960 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -225,7 +225,7 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max, } *i = idx; - return getSzOnly ? LENGTH_ONLY_E : 0; + return 0; } @@ -319,6 +319,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, return ASN_INPUT_E; *outLen = i; + if(ret == 0) + return getSzOnly ? LENGTH_ONLY_E : 0; return ret; } diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 2380e371e..56c5f04e0 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -46,7 +46,7 @@ const curve25519_set_type curve25519_sets[] = { }; -int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key) +int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) { unsigned char basepoint[CURVE25519_KEYSIZE] = {9}; int ret; diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index ee068a0bc..a26f109c2 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -91,37 +91,12 @@ void wc_Des_SetIV(Des* des, const byte* iv) } -int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - return Des_CbcEncryptWithKey(out, in, sz, key, iv); -} - -int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - return Des_CbcDecryptWithKey(out, in, sz, key, iv); -} - - int wc_Des3_SetIV(Des3* des, const byte* iv) { return Des3_SetIV_fips(des, iv); } -int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - return Des3_CbcEncryptWithKey(out, in, sz, key, iv); -} - -int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - return Des3_CbcDecryptWithKey(out, in, sz, key, iv); -} - #ifdef HAVE_CAVIUM /* Initiliaze Des3 for use with Nitrox device */ @@ -1501,61 +1476,6 @@ void wc_Des_SetIV(Des* des, const byte* iv) } -int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Des* des = NULL; -#else - Des des[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (des == NULL) - return MEMORY_E; -#endif - - ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION); - if (ret == 0) - ret = wc_Des_CbcEncrypt(des, out, in, sz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - -int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Des* des = NULL; -#else - Des des[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (des == NULL) - return MEMORY_E; -#endif - - ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION); - if (ret == 0) - ret = wc_Des_CbcDecrypt(des, out, in, sz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - - int wc_Des3_SetIV(Des3* des, const byte* iv) { if (des && iv) @@ -1567,61 +1487,6 @@ int wc_Des3_SetIV(Des3* des, const byte* iv) } -int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Des3* des3 = NULL; -#else - Des3 des3[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (des3 == NULL) - return MEMORY_E; -#endif - - ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION); - if (ret == 0) - ret = wc_Des3_CbcEncrypt(des3, out, in, sz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - -int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, - const byte* key, const byte* iv) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Des3* des3 = NULL; -#else - Des3 des3[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (des3 == NULL) - return MEMORY_E; -#endif - - ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION); - if (ret == 0) - ret = wc_Des3_CbcDecrypt(des3, out, in, sz); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - - #ifdef HAVE_CAVIUM #include "cavium_common.h" diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index bc4ce11d3..22db2298b 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -83,7 +83,7 @@ static word32 DiscreteLogWorkFactor(word32 n) } -static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz) +static int GeneratePrivate(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz) { int ret; word32 sz = mp_unsigned_bin_size(&key->p); @@ -132,7 +132,7 @@ static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz, } -int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz, +int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz, byte* pub, word32* pubSz) { int ret = GeneratePrivate(key, rng, priv, privSz); diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index dc0e20e4b..13d4c9bb9 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -18,7 +18,6 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -#include #ifdef HAVE_CONFIG_H #include @@ -85,7 +84,7 @@ void wc_FreeDsaKey(DsaKey* key) #ifdef WOLFSSL_KEY_GEN -int wc_MakeDsaKey(RNG *rng, DsaKey *dsa) +int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) { unsigned char *buf; int qsize, err; @@ -146,7 +145,7 @@ int wc_MakeDsaKey(RNG *rng, DsaKey *dsa) } /* modulus_size in bits */ -int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa) +int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) { mp_int tmp, tmp2; int err, msize, qsize, @@ -341,7 +340,7 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa) #endif /* WOLFSSL_KEY_GEN */ -int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng) +int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng) { mp_int k, kInv, r, s, H; int ret, sz; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index a14a9e08d..c8a8f87e6 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1652,7 +1652,7 @@ int wc_ecc_point_is_at_infinity(ecc_point* p) } -static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp) +static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp) { int err; ecc_point* base; @@ -1775,7 +1775,7 @@ static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp) return MP_OKAY if successful, upon error all allocated memory will be freed */ -int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key) +int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key) { int x, err; @@ -1835,7 +1835,7 @@ int wc_ecc_init(ecc_key* key) return MP_OKAY if successful */ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, - RNG* rng, ecc_key* key) + WC_RNG* rng, ecc_key* key) { mp_int r; mp_int s; @@ -1870,7 +1870,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, s [out] The destination for s component of the signature return MP_OKAY if successful */ -int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng, +int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, ecc_key* key, mp_int *r, mp_int *s) { mp_int e; @@ -4331,7 +4331,9 @@ static int accel_fp_mul2add(int idx1, int idx2, if ((err = mp_to_unsigned_bin(&tka, kb[0])) != MP_OKAY) { mp_clear(&tka); mp_clear(&tkb); +#ifdef WOLFSSL_SMALL_STACK XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return err; } @@ -4832,7 +4834,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt) } -static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, RNG* rng) +static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, WC_RNG* rng) { byte* saltBuffer = NULL; @@ -4864,7 +4866,7 @@ static void ecc_ctx_init(ecEncCtx* ctx, int flags) /* allow ecc context reset so user doesn't have to init/free for resue */ -int wc_ecc_ctx_reset(ecEncCtx* ctx, RNG* rng) +int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng) { if (ctx == NULL || rng == NULL) return BAD_FUNC_ARG; @@ -4875,7 +4877,7 @@ int wc_ecc_ctx_reset(ecEncCtx* ctx, RNG* rng) /* alloc/init and set defaults, return new Context */ -ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng) +ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng) { int ret = 0; ecEncCtx* ctx = (ecEncCtx*)XMALLOC(sizeof(ecEncCtx), 0, DYNAMIC_TYPE_ECC); diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index a66e76353..5e4d83d72 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -32,6 +32,7 @@ #include #include +#include #ifdef NO_INLINE #include #else @@ -41,7 +42,7 @@ /* generate an ed25519 key pair. * returns 0 on success */ -int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key) +int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) { byte az[ED25519_PRV_KEY_SIZE]; int ret; @@ -111,6 +112,8 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, /* step 1: create nonce to use where nonce is r in r = H(h_b, ... ,h_2b-1,M) */ ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); + if (ret != 0) + return ret; /* apply clamp */ az[0] &= 248; @@ -129,7 +132,7 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, ret = wc_Sha512Final(&sha, nonce); if (ret != 0) return ret; - + sc_reduce(nonce); /* step 2: computing R = rB where rB is the scalar multiplication of @@ -377,6 +380,7 @@ int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen) return 0; } + /* export private key, including public part outLen should contain the size of out buffer when input. outLen is than set diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 7d1d5ebe7..37b78422a 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -328,6 +328,15 @@ const char* wc_GetErrorString(int error) case ECC_PRIV_KEY_E: return " ECC private key is not valid error"; + case SRP_CALL_ORDER_E: + return "SRP function called in the wrong order error"; + + case SRP_VERIFY_E: + return "SRP proof verification error"; + + case SRP_BAD_KEY_E: + return "SRP bad key values error"; + default: return "unknown error number"; diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 55a1f6a1d..d397e91fa 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -24,6 +24,8 @@ #endif #include +#include +#include #if !defined(WOLFSSL_TI_HASH) @@ -55,8 +57,40 @@ int wc_ShaGetHash(Sha* sha, byte* hash) WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) { *s1 = *s2 ; } + +int wc_ShaHash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Sha* sha; +#else + Sha sha[1]; #endif +#ifdef WOLFSSL_SMALL_STACK + sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha == NULL) + return MEMORY_E; +#endif + + if ((ret = wc_InitSha(sha)) != 0) { + WOLFSSL_MSG("wc_InitSha failed"); + } + else { + wc_ShaUpdate(sha, data, len); + wc_ShaFinal(sha, hash); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; + +} + +#endif /* !defined(NO_SHA) */ + #if !defined(NO_SHA256) int wc_Sha256GetHash(Sha256* sha256, byte* hash) { @@ -70,7 +104,109 @@ int wc_Sha256GetHash(Sha256* sha256, byte* hash) WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) { *s1 = *s2 ; } + +int wc_Sha256Hash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Sha256* sha256; +#else + Sha256 sha256[1]; #endif +#ifdef WOLFSSL_SMALL_STACK + sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha256 == NULL) + return MEMORY_E; #endif + if ((ret = wc_InitSha256(sha256)) != 0) { + WOLFSSL_MSG("InitSha256 failed"); + } + else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) { + WOLFSSL_MSG("Sha256Update failed"); + } + else if ((ret = wc_Sha256Final(sha256, hash)) != 0) { + WOLFSSL_MSG("Sha256Final failed"); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif /* !defined(NO_SHA256) */ + + +#if defined(WOLFSSL_SHA512) +int wc_Sha512Hash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Sha512* sha512; +#else + Sha512 sha512[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha512 == NULL) + return MEMORY_E; +#endif + + if ((ret = wc_InitSha512(sha512)) != 0) { + WOLFSSL_MSG("InitSha512 failed"); + } + else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) { + WOLFSSL_MSG("Sha512Update failed"); + } + else if ((ret = wc_Sha512Final(sha512, hash)) != 0) { + WOLFSSL_MSG("Sha512Final failed"); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#if defined(WOLFSSL_SHA384) +int wc_Sha384Hash(const byte* data, word32 len, byte* hash) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Sha384* sha384; +#else + Sha384 sha384[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sha384 == NULL) + return MEMORY_E; +#endif + + if ((ret = wc_InitSha384(sha384)) != 0) { + WOLFSSL_MSG("InitSha384 failed"); + } + else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) { + WOLFSSL_MSG("Sha384Update failed"); + } + else if ((ret = wc_Sha384Final(sha384, hash)) != 0) { + WOLFSSL_MSG("Sha384Final failed"); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#endif /* defined(WOLFSSL_SHA384) */ +#endif /* defined(WOLFSSL_SHA512) */ + +#endif /* !defined(WOLFSSL_TI_HASH) */ + diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 242adfa55..50716f5d9 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -134,31 +134,31 @@ static int InitHmac(Hmac* hmac, int type) ret = wc_InitSha(&hmac->hash.sha); break; #endif - + #ifndef NO_SHA256 case SHA256: ret = wc_InitSha256(&hmac->hash.sha256); break; #endif - + #ifdef WOLFSSL_SHA384 case SHA384: ret = wc_InitSha384(&hmac->hash.sha384); break; #endif - + #ifdef WOLFSSL_SHA512 case SHA512: ret = wc_InitSha512(&hmac->hash.sha512); break; #endif - - #ifdef HAVE_BLAKE2 + + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256); break; #endif - + default: return BAD_FUNC_ARG; } @@ -287,7 +287,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) break; #endif - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: { hmac_block_size = BLAKE2B_BLOCKBYTES; @@ -367,7 +367,7 @@ static int HmacKeyInnerHash(Hmac* hmac) break; #endif - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: ret = wc_Blake2bUpdate(&hmac->hash.blake2b, (byte*) hmac->ipad,BLAKE2B_BLOCKBYTES); @@ -438,7 +438,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) break; #endif - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length); if (ret != 0) @@ -570,7 +570,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) break; #endif - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: { ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash, @@ -622,7 +622,7 @@ int wc_HmacInitCavium(Hmac* hmac, int devId) hmac->devId = devId; hmac->magic = WOLFSSL_HMAC_CAVIUM_MAGIC; hmac->data = NULL; /* buffered input data */ - + hmac->innerHashKeyed = 0; return 0; @@ -650,7 +650,7 @@ static void HmacCaviumFinal(Hmac* hmac, byte* hash) (byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId, hmac->devId) != 0) { WOLFSSL_MSG("Cavium Hmac failed"); - } + } hmac->innerHashKeyed = 0; /* tell update to start over if used again */ } @@ -685,7 +685,7 @@ static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length) if (hmac->dataLen) XMEMCPY(tmp, hmac->data, hmac->dataLen); XMEMCPY(tmp + hmac->dataLen, msg, add); - + hmac->dataLen += add; XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP); hmac->data = tmp; @@ -751,31 +751,31 @@ static INLINE int GetHashSizeByType(int type) return SHA_DIGEST_SIZE; break; #endif - + #ifndef NO_SHA256 case SHA256: return SHA256_DIGEST_SIZE; break; #endif - + #ifdef WOLFSSL_SHA384 case SHA384: return SHA384_DIGEST_SIZE; break; #endif - + #ifdef WOLFSSL_SHA512 case SHA512: return SHA512_DIGEST_SIZE; break; #endif - - #ifdef HAVE_BLAKE2 + + #ifdef HAVE_BLAKE2 case BLAKE2B_ID: return BLAKE2B_OUTBYTES; break; #endif - + default: return BAD_FUNC_ARG; break; @@ -824,7 +824,7 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz, localSalt = tmp; saltSz = hashSz; } - + do { ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz); if (ret != 0) @@ -876,4 +876,3 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz, #endif /* HAVE_FIPS */ #endif /* NO_HMAC */ - diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 5a79191b6..49b3fe195 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -47,7 +47,11 @@ #ifdef SHOW_GEN #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif @@ -4284,7 +4288,7 @@ static int mp_prime_is_divisible (mp_int * a, int *result) static const int USE_BBS = 1; -int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap) +int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap) { int err, res, type; byte* buf; @@ -4535,12 +4539,14 @@ LBL_U:mp_clear (&v); #endif /* WOLFSSL_KEY_GEN */ -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) /* chars used in radix conversions */ const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\ abcdefghijklmnopqrstuvwxyz+/"; +#endif +#ifdef HAVE_ECC /* read a string [ASCII] in a given radix */ int mp_read_radix (mp_int * a, const char *str, int radix) { diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 321530616..f2d155bb0 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -90,7 +90,11 @@ void wolfSSL_Debugging_OFF(void) #ifdef DEBUG_WOLFSSL #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include /* for default printf stuff */ #endif diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 84c26421a..c581cf5fb 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -945,7 +945,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) /* create ASN.1 fomatted RecipientInfo structure, returns sequence size */ WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz, int keyEncAlgo, int blockKeySz, - RNG* rng, byte* contentKeyPlain, + WC_RNG* rng, byte* contentKeyPlain, byte* contentKeyEnc, int* keyEncSz, byte* out, word32 outSz) { @@ -1178,7 +1178,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) byte envDataSeq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; - RNG rng; + WC_RNG rng; int contentKeyEncSz, blockKeySz; byte contentKeyPlain[MAX_CONTENT_KEY_LEN]; #ifdef WOLFSSL_SMALL_STACK diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 4a1f7ea5b..339114d96 100755 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -39,33 +39,33 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz) } #ifdef HAVE_CAVIUM - int wc_InitRngCavium(RNG* rng, int i) + int wc_InitRngCavium(WC_RNG* rng, int i) { return InitRngCavium(rng, i); } #endif -int wc_InitRng(RNG* rng) +int wc_InitRng(WC_RNG* rng) { return InitRng_fips(rng); } -int wc_RNG_GenerateBlock(RNG* rng, byte* b, word32 sz) +int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz) { return RNG_GenerateBlock_fips(rng, b, sz); } -int wc_RNG_GenerateByte(RNG* rng, byte* b) +int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) { return RNG_GenerateByte(rng, b); } #if defined(HAVE_HASHDRBG) || defined(NO_RC4) - int wc_FreeRng(RNG* rng) + int wc_FreeRng(WC_RNG* rng) { return FreeRng_fips(rng); } @@ -434,7 +434,7 @@ static int Hash_DRBG_Uninstantiate(DRBG* drbg) /* Get seed and key cipher */ -int wc_InitRng(RNG* rng) +int wc_InitRng(WC_RNG* rng) { int ret = BAD_FUNC_ARG; @@ -487,7 +487,7 @@ int wc_InitRng(RNG* rng) /* place a generated block in output */ -int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) { int ret; @@ -536,13 +536,13 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) } -int wc_RNG_GenerateByte(RNG* rng, byte* b) +int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) { return wc_RNG_GenerateBlock(rng, b, 1); } -int wc_FreeRng(RNG* rng) +int wc_FreeRng(WC_RNG* rng) { int ret = BAD_FUNC_ARG; @@ -687,7 +687,7 @@ static int wc_RNG_HealthTestLocal(int reseed) #else /* HAVE_HASHDRBG || NO_RC4 */ /* Get seed and key cipher */ -int wc_InitRng(RNG* rng) +int wc_InitRng(WC_RNG* rng) { int ret; #ifdef WOLFSSL_SMALL_STACK @@ -736,11 +736,11 @@ int wc_InitRng(RNG* rng) } #ifdef HAVE_CAVIUM - static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz); + static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz); #endif /* place a generated block in output */ -int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) { #ifdef HAVE_INTEL_RDGEN if(IS_INTEL_RDRAND) @@ -757,13 +757,13 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) } -int wc_RNG_GenerateByte(RNG* rng, byte* b) +int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) { return wc_RNG_GenerateBlock(rng, b, 1); } -int wc_FreeRng(RNG* rng) +int wc_FreeRng(WC_RNG* rng) { (void)rng; return 0; @@ -776,7 +776,7 @@ int wc_FreeRng(RNG* rng) #include "cavium_common.h" /* Initiliaze RNG for use with Nitrox device */ -int wc_InitRngCavium(RNG* rng, int devId) +int wc_InitRngCavium(WC_RNG* rng, int devId) { if (rng == NULL) return -1; @@ -788,7 +788,7 @@ int wc_InitRngCavium(RNG* rng, int devId) } -static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) { wolfssl_word offset = 0; word32 requestId; @@ -1017,18 +1017,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } -#elif defined(MBED) - -/* write a real one !!!, just for testing board */ -int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) -{ - int i; - for (i = 0; i < sz; i++ ) - output[i] = i; - - return 0; -} - #elif defined(MICROCHIP_PIC32) #ifdef MICROCHIP_MPLAB_HARMONY @@ -1225,7 +1213,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } -#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) +#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) || defined(MBED) #warning "write a real random seed!!!!, just for testing now" diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index bc85a949e..6f4c3a595 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -43,7 +43,7 @@ int wc_FreeRsaKey(RsaKey* key) int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, RNG* rng) + word32 outLen, RsaKey* key, WC_RNG* rng) { return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng); } @@ -64,7 +64,7 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, RNG* rng) + word32 outLen, RsaKey* key, WC_RNG* rng) { return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng); } @@ -96,7 +96,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, return RsaFlattenPublicKey(key, a, aSz, b, bSz); } #ifdef WOLFSSL_KEY_GEN - int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) + int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) { return MakeRsaKey(key, size, e, rng); } @@ -144,6 +144,22 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, word32 outLen, RsaKey* key); #endif +enum { + RSA_PUBLIC_ENCRYPT = 0, + RSA_PUBLIC_DECRYPT = 1, + RSA_PRIVATE_ENCRYPT = 2, + RSA_PRIVATE_DECRYPT = 3, + + RSA_BLOCK_TYPE_1 = 1, + RSA_BLOCK_TYPE_2 = 2, + + RSA_MIN_SIZE = 512, + RSA_MAX_SIZE = 4096, + + RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */ +}; + + int wc_InitRsaKey(RsaKey* key, void* heap) { #ifdef HAVE_CAVIUM @@ -203,7 +219,7 @@ int wc_FreeRsaKey(RsaKey* key) } static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, - word32 pkcsBlockLen, byte padValue, RNG* rng) + word32 pkcsBlockLen, byte padValue, WC_RNG* rng) { if (inputLen == 0) return 0; @@ -375,7 +391,7 @@ done: int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, - RsaKey* key, RNG* rng) + RsaKey* key, WC_RNG* rng) { int sz, ret; @@ -521,7 +537,7 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, /* for Rsa Sign */ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, - RsaKey* key, RNG* rng) + RsaKey* key, WC_RNG* rng) { int sz, ret; @@ -588,7 +604,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n, #ifdef WOLFSSL_KEY_GEN /* Make an RSA key for size bits, with e specified, 65537 is a good e */ -int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) +int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) { mp_int p, q, tmp1, tmp2, tmp3; int err; diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index be8cf17af..984d7343d 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -57,11 +57,6 @@ return ShaFinal_fips(sha,out); } - int wc_ShaHash(const byte* data, word32 sz, byte* out) - { - return ShaHash(data, sz, out); - } - #else /* else build without fips */ #if defined(WOLFSSL_TI_HASH) @@ -421,36 +416,6 @@ int wc_ShaFinal(Sha* sha, byte* hash) #endif /* STM32F2_HASH */ -int wc_ShaHash(const byte* data, word32 len, byte* hash) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Sha* sha; -#else - Sha sha[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha == NULL) - return MEMORY_E; -#endif - - if ((ret = wc_InitSha(sha)) != 0) { - WOLFSSL_MSG("wc_InitSha failed"); - } - else { - wc_ShaUpdate(sha, data, len); - wc_ShaFinal(sha, hash); - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; - -} #endif /* HAVE_FIPS */ #endif /* WOLFSSL_TI_HASH */ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index f9f02b003..3dc1f4a8e 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -49,11 +49,6 @@ int wc_Sha256Final(Sha256* sha, byte* out) } -int wc_Sha256Hash(const byte* data, word32 len, byte* out) -{ - return Sha256Hash(data, len, out); -} - #else /* else build without fips */ #if !defined(NO_SHA256) && defined(WOLFSSL_TI_HASH) @@ -545,37 +540,6 @@ int wc_Sha256Final(Sha256* sha256, byte* hash) -int wc_Sha256Hash(const byte* data, word32 len, byte* hash) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Sha256* sha256; -#else - Sha256 sha256[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha256 == NULL) - return MEMORY_E; -#endif - - if ((ret = wc_InitSha256(sha256)) != 0) { - WOLFSSL_MSG("InitSha256 failed"); - } - else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) { - WOLFSSL_MSG("Sha256Update failed"); - } - else if ((ret = wc_Sha256Final(sha256, hash)) != 0) { - WOLFSSL_MSG("Sha256Final failed"); - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 8e52da909..e5fa61dc1 100755 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -47,11 +47,6 @@ int wc_Sha512Final(Sha512* sha, byte* out) } -int wc_Sha512Hash(const byte* data, word32 len, byte* out) -{ - return Sha512Hash(data, len, out); -} - #if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM) int wc_InitSha384(Sha384* sha) @@ -72,10 +67,6 @@ int wc_Sha384Final(Sha384* sha, byte* out) } -int wc_Sha384Hash(const byte* data, word32 len, byte* out) -{ - return Sha384Hash(data, len, out); -} #endif /* WOLFSSL_SHA384 */ #else /* else build without using fips */ #include @@ -609,37 +600,6 @@ int wc_Sha512Final(Sha512* sha512, byte* hash) } -int wc_Sha512Hash(const byte* data, word32 len, byte* hash) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Sha512* sha512; -#else - Sha512 sha512[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha512 == NULL) - return MEMORY_E; -#endif - - if ((ret = wc_InitSha512(sha512)) != 0) { - WOLFSSL_MSG("InitSha512 failed"); - } - else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) { - WOLFSSL_MSG("Sha512Update failed"); - } - else if ((ret = wc_Sha512Final(sha512, hash)) != 0) { - WOLFSSL_MSG("Sha512Final failed"); - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} #if defined(HAVE_INTEL_AVX1) @@ -1563,37 +1523,6 @@ int wc_Sha384Final(Sha384* sha384, byte* hash) } -int wc_Sha384Hash(const byte* data, word32 len, byte* hash) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - Sha384* sha384; -#else - Sha384 sha384[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha384 == NULL) - return MEMORY_E; -#endif - - if ((ret = wc_InitSha384(sha384)) != 0) { - WOLFSSL_MSG("InitSha384 failed"); - } - else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) { - WOLFSSL_MSG("Sha384Update failed"); - } - else if ((ret = wc_Sha384Final(sha384, hash)) != 0) { - WOLFSSL_MSG("Sha384Final failed"); - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} #if defined(HAVE_INTEL_AVX1) diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c new file mode 100644 index 000000000..5d893c929 --- /dev/null +++ b/wolfcrypt/src/srp.c @@ -0,0 +1,677 @@ +/* srp.c + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLFCRYPT_HAVE_SRP + +#include +#include +#include + +#ifdef NO_INLINE + #include +#else + #include +#endif + +/** Computes the session key using the Mask Generation Function 1. */ +static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size); + +static int SrpHashInit(SrpHash* hash, SrpType type) +{ + hash->type = type; + + switch (type) { + #ifndef NO_SHA + case SRP_TYPE_SHA: + return wc_InitSha(&hash->data.sha); + #endif + + #ifndef NO_SHA256 + case SRP_TYPE_SHA256: + return wc_InitSha256(&hash->data.sha256); + #endif + + #ifdef WOLFSSL_SHA384 + case SRP_TYPE_SHA384: + return wc_InitSha384(&hash->data.sha384); + #endif + + #ifdef WOLFSSL_SHA512 + case SRP_TYPE_SHA512: + return wc_InitSha512(&hash->data.sha512); + #endif + + default: + return BAD_FUNC_ARG; + } +} + +static int SrpHashUpdate(SrpHash* hash, const byte* data, word32 size) +{ + switch (hash->type) { + #ifndef NO_SHA + case SRP_TYPE_SHA: + return wc_ShaUpdate(&hash->data.sha, data, size); + #endif + + #ifndef NO_SHA256 + case SRP_TYPE_SHA256: + return wc_Sha256Update(&hash->data.sha256, data, size); + #endif + + #ifdef WOLFSSL_SHA384 + case SRP_TYPE_SHA384: + return wc_Sha384Update(&hash->data.sha384, data, size); + #endif + + #ifdef WOLFSSL_SHA512 + case SRP_TYPE_SHA512: + return wc_Sha512Update(&hash->data.sha512, data, size); + #endif + + default: + return BAD_FUNC_ARG; + } +} + +static int SrpHashFinal(SrpHash* hash, byte* digest) +{ + switch (hash->type) { + #ifndef NO_SHA + case SRP_TYPE_SHA: + return wc_ShaFinal(&hash->data.sha, digest); + #endif + + #ifndef NO_SHA256 + case SRP_TYPE_SHA256: + return wc_Sha256Final(&hash->data.sha256, digest); + #endif + + #ifdef WOLFSSL_SHA384 + case SRP_TYPE_SHA384: + return wc_Sha384Final(&hash->data.sha384, digest); + #endif + + #ifdef WOLFSSL_SHA512 + case SRP_TYPE_SHA512: + return wc_Sha512Final(&hash->data.sha512, digest); + #endif + + default: + return BAD_FUNC_ARG; + } +} + +static word32 SrpHashSize(SrpType type) +{ + switch (type) { + #ifndef NO_SHA + case SRP_TYPE_SHA: + return SHA_DIGEST_SIZE; + #endif + + #ifndef NO_SHA256 + case SRP_TYPE_SHA256: + return SHA256_DIGEST_SIZE; + #endif + + #ifdef WOLFSSL_SHA384 + case SRP_TYPE_SHA384: + return SHA384_DIGEST_SIZE; + #endif + + #ifdef WOLFSSL_SHA512 + case SRP_TYPE_SHA512: + return SHA512_DIGEST_SIZE; + #endif + + default: + return 0; + } +} + +int wc_SrpInit(Srp* srp, SrpType type, SrpSide side) +{ + int r; + + /* validating params */ + + if (!srp) + return BAD_FUNC_ARG; + + if (side != SRP_CLIENT_SIDE && side != SRP_SERVER_SIDE) + return BAD_FUNC_ARG; + + if (type != SRP_TYPE_SHA && type != SRP_TYPE_SHA256 && + type != SRP_TYPE_SHA384 && type != SRP_TYPE_SHA512) + return BAD_FUNC_ARG; + + /* initializing variables */ + + XMEMSET(srp, 0, sizeof(Srp)); + + if ((r = SrpHashInit(&srp->client_proof, type)) != 0) + return r; + + if ((r = SrpHashInit(&srp->server_proof, type)) != 0) + return r; + + if ((r = mp_init_multi(&srp->N, &srp->g, &srp->auth, + &srp->priv, 0, 0)) != 0) + return r; + + srp->side = side; srp->type = type; + srp->salt = NULL; srp->saltSz = 0; + srp->user = NULL; srp->userSz = 0; + srp->key = NULL; srp->keySz = 0; + + srp->keyGenFunc_cb = wc_SrpSetKey; + + return 0; +} + +void wc_SrpTerm(Srp* srp) +{ + if (srp) { + mp_clear(&srp->N); mp_clear(&srp->g); + mp_clear(&srp->auth); mp_clear(&srp->priv); + + ForceZero(srp->salt, srp->saltSz); + XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); + ForceZero(srp->user, srp->userSz); + XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP); + ForceZero(srp->key, srp->keySz); + XFREE(srp->key, NULL, DYNAMIC_TYPE_SRP); + + ForceZero(srp, sizeof(Srp)); + } +} + +int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size) +{ + if (!srp || !username) + return BAD_FUNC_ARG; + + srp->user = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_SRP); + if (srp->user == NULL) + return MEMORY_E; + + srp->userSz = size; + XMEMCPY(srp->user, username, srp->userSz); + + return 0; +} + +int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, + const byte* g, word32 gSz, + const byte* salt, word32 saltSz) +{ + SrpHash hash; + byte digest1[SRP_MAX_DIGEST_SIZE]; + byte digest2[SRP_MAX_DIGEST_SIZE]; + byte pad = 0; + int i, j, r; + + if (!srp || !N || !g || !salt || nSz < gSz) + return BAD_FUNC_ARG; + + if (!srp->user) + return SRP_CALL_ORDER_E; + + /* Set N */ + if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY) + return MP_READ_E; + + if (mp_count_bits(&srp->N) < SRP_DEFAULT_MIN_BITS) + return BAD_FUNC_ARG; + + /* Set g */ + if (mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY) + return MP_READ_E; + + if (mp_cmp(&srp->N, &srp->g) != MP_GT) + return BAD_FUNC_ARG; + + /* Set salt */ + if (srp->salt) { + ForceZero(srp->salt, srp->saltSz); + XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); + } + + srp->salt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SRP); + if (srp->salt == NULL) + return MEMORY_E; + + XMEMCPY(srp->salt, salt, saltSz); + srp->saltSz = saltSz; + + /* Set k = H(N, g) */ + r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz); + for (i = 0; (word32)i < nSz - gSz; i++) + SrpHashUpdate(&hash, &pad, 1); + if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz); + if (!r) r = SrpHashFinal(&hash, srp->k); + + /* update client proof */ + + /* digest1 = H(N) */ + if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz); + if (!r) r = SrpHashFinal(&hash, digest1); + + /* digest2 = H(g) */ + if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz); + if (!r) r = SrpHashFinal(&hash, digest2); + + /* digest1 = H(N) ^ H(g) */ + if (r == 0) { + for (i = 0, j = SrpHashSize(srp->type); i < j; i++) + digest1[i] ^= digest2[i]; + } + + /* digest2 = H(user) */ + if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz); + if (!r) r = SrpHashFinal(&hash, digest2); + + /* client proof = H( H(N) ^ H(g) | H(user) | salt) */ + if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, j); + if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, j); + if (!r) r = SrpHashUpdate(&srp->client_proof, salt, saltSz); + + return r; +} + +int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) +{ + SrpHash hash; + byte digest[SRP_MAX_DIGEST_SIZE]; + word32 digestSz; + int r; + + if (!srp || !password || srp->side != SRP_CLIENT_SIDE) + return BAD_FUNC_ARG; + + if (!srp->salt) + return SRP_CALL_ORDER_E; + + digestSz = SrpHashSize(srp->type); + + /* digest = H(username | ':' | password) */ + r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz); + if (!r) r = SrpHashUpdate(&hash, (const byte*) ":", 1); + if (!r) r = SrpHashUpdate(&hash, password, size); + if (!r) r = SrpHashFinal(&hash, digest); + + /* digest = H(salt | H(username | ':' | password)) */ + if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz); + if (!r) r = SrpHashUpdate(&hash, digest, digestSz); + if (!r) r = SrpHashFinal(&hash, digest); + + /* Set x (private key) */ + if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, digestSz); + + ForceZero(digest, SRP_MAX_DIGEST_SIZE); + + return r; +} + +int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size) +{ + mp_int v; + int r; + + if (!srp || !verifier || !size || srp->side != SRP_CLIENT_SIDE) + return BAD_FUNC_ARG; + + if (mp_iszero(&srp->auth)) + return SRP_CALL_ORDER_E; + + r = mp_init(&v); + if (r != MP_OKAY) + return MP_INIT_E; + + /* v = g ^ x % N */ + if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v); + if (!r) r = *size < (word32)mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY; + if (!r) r = mp_to_unsigned_bin(&v, verifier); + if (!r) *size = mp_unsigned_bin_size(&v); + + mp_clear(&v); + + return r; +} + +int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size) +{ + if (!srp || !verifier || srp->side != SRP_SERVER_SIDE) + return BAD_FUNC_ARG; + + return mp_read_unsigned_bin(&srp->auth, verifier, size); +} + +int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) +{ + mp_int p; + int r; + + if (!srp || !private || !size) + return BAD_FUNC_ARG; + + if (mp_iszero(&srp->auth)) + return SRP_CALL_ORDER_E; + + r = mp_init(&p); + if (r != MP_OKAY) + return MP_INIT_E; + if (!r) r = mp_read_unsigned_bin(&p, private, size); + if (!r) r = mp_mod(&p, &srp->N, &srp->priv); + if (!r) r = mp_iszero(&srp->priv) ? SRP_BAD_KEY_E : 0; + + mp_clear(&p); + + return r; +} + +/** Generates random data using wolfcrypt RNG. */ +static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size) +{ + WC_RNG rng; + int r = wc_InitRng(&rng); + + if (!r) r = wc_RNG_GenerateBlock(&rng, private, size); + if (!r) r = wc_SrpSetPrivate(srp, private, size); + if (!r) wc_FreeRng(&rng); + + return r; +} + +int wc_SrpGetPublic(Srp* srp, byte* public, word32* size) +{ + mp_int pubkey; + word32 modulusSz; + int r; + + if (!srp || !public || !size) + return BAD_FUNC_ARG; + + if (mp_iszero(&srp->auth)) + return SRP_CALL_ORDER_E; + + modulusSz = mp_unsigned_bin_size(&srp->N); + if (*size < modulusSz) + return BUFFER_E; + + r = mp_init(&pubkey); + if (r != MP_OKAY) + return MP_INIT_E; + + /* priv = random() */ + if (mp_iszero(&srp->priv)) + r = wc_SrpGenPrivate(srp, public, modulusSz); + + /* client side: A = g ^ a % N */ + if (srp->side == SRP_CLIENT_SIDE) { + if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey); + + /* server side: B = (k * v + (g ^ b % N)) % N */ + } else { + mp_int i, j; + + if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) { + if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type)); + if (!r) r = mp_iszero(&i) ? SRP_BAD_KEY_E : 0; + if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey); + if (!r) r = mp_mulmod(&i, &srp->auth, &srp->N, &j); + if (!r) r = mp_add(&j, &pubkey, &i); + if (!r) r = mp_mod(&i, &srp->N, &pubkey); + + mp_clear(&i); mp_clear(&j); + } + } + + /* extract public key to buffer */ + XMEMSET(public, 0, modulusSz); + if (!r) r = mp_to_unsigned_bin(&pubkey, public); + if (!r) *size = mp_unsigned_bin_size(&pubkey); + mp_clear(&pubkey); + + return r; +} + +static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size) +{ + SrpHash hash; + byte digest[SRP_MAX_DIGEST_SIZE]; + word32 i, j, digestSz = SrpHashSize(srp->type); + byte counter[4]; + int r = BAD_FUNC_ARG; + + srp->key = (byte*)XMALLOC(2 * digestSz, NULL, DYNAMIC_TYPE_SRP); + if (srp->key == NULL) + return MEMORY_E; + + srp->keySz = 2 * digestSz; + + for (i = j = 0; j < srp->keySz; i++) { + counter[0] = (i >> 24) & 0xFF; + counter[1] = (i >> 16) & 0xFF; + counter[2] = (i >> 8) & 0xFF; + counter[3] = i & 0xFF; + + r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashUpdate(&hash, secret, size); + if (!r) r = SrpHashUpdate(&hash, counter, 4); + + if(j + digestSz > srp->keySz) { + if (!r) r = SrpHashFinal(&hash, digest); + XMEMCPY(srp->key + j, digest, srp->keySz - j); + j = srp->keySz; + } + else { + if (!r) r = SrpHashFinal(&hash, srp->key + j); + j += digestSz; + } + } + + ForceZero(digest, sizeof(digest)); + ForceZero(&hash, sizeof(SrpHash)); + + return r; +} + +int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, + byte* serverPubKey, word32 serverPubKeySz) +{ + SrpHash hash; + byte *secret; + byte digest[SRP_MAX_DIGEST_SIZE]; + word32 i, secretSz, digestSz; + mp_int u, s, temp1, temp2; + byte pad = 0; + int r; + + /* validating params */ + + if (!srp || !clientPubKey || clientPubKeySz == 0 + || !serverPubKey || serverPubKeySz == 0) + return BAD_FUNC_ARG; + + if (mp_iszero(&srp->priv)) + return SRP_CALL_ORDER_E; + + /* initializing variables */ + + if ((r = SrpHashInit(&hash, srp->type)) != 0) + return r; + + digestSz = SrpHashSize(srp->type); + secretSz = mp_unsigned_bin_size(&srp->N); + + if ((secret = (byte*)XMALLOC(secretSz, NULL, DYNAMIC_TYPE_SRP)) == NULL) + return MEMORY_E; + + if ((r = mp_init_multi(&u, &s, &temp1, &temp2, 0, 0)) != MP_OKAY) { + XFREE(secret, NULL, DYNAMIC_TYPE_SRP); + return r; + } + + /* building u (random scrambling parameeter) */ + + /* H(A) */ + for (i = 0; !r && i < secretSz - clientPubKeySz; i++) + r = SrpHashUpdate(&hash, &pad, 1); + if (!r) r = SrpHashUpdate(&hash, clientPubKey, clientPubKeySz); + + /* H(A | B) */ + for (i = 0; !r && i < secretSz - serverPubKeySz; i++) + r = SrpHashUpdate(&hash, &pad, 1); + if (!r) r = SrpHashUpdate(&hash, serverPubKey, serverPubKeySz); + + /* set u */ + if (!r) r = SrpHashFinal(&hash, digest); + if (!r) r = mp_read_unsigned_bin(&u, digest, SrpHashSize(srp->type)); + + /* building s (secret) */ + + if (!r && srp->side == SRP_CLIENT_SIDE) { + + /* temp1 = B - k * v; rejects k == 0, B == 0 and B >= N. */ + r = mp_read_unsigned_bin(&temp1, srp->k, digestSz); + if (!r) r = mp_iszero(&temp1) ? SRP_BAD_KEY_E : 0; + if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &temp2); + if (!r) r = mp_mulmod(&temp1, &temp2, &srp->N, &s); + if (!r) r = mp_read_unsigned_bin(&temp2, serverPubKey, serverPubKeySz); + if (!r) r = mp_iszero(&temp2) ? SRP_BAD_KEY_E : 0; + if (!r) r = mp_cmp(&temp2, &srp->N) != MP_LT ? SRP_BAD_KEY_E : 0; + if (!r) r = mp_sub(&temp2, &s, &temp1); + + /* temp2 = a + u * x */ + if (!r) r = mp_mulmod(&u, &srp->auth, &srp->N, &s); + if (!r) r = mp_add(&srp->priv, &s, &temp2); + + /* secret = temp1 ^ temp2 % N */ + if (!r) r = mp_exptmod(&temp1, &temp2, &srp->N, &s); + + } else if (!r && srp->side == SRP_SERVER_SIDE) { + /* temp1 = v ^ u % N */ + r = mp_exptmod(&srp->auth, &u, &srp->N, &temp1); + + /* temp2 = A * temp1 % N; rejects A == 0, A >= N */ + if (!r) r = mp_read_unsigned_bin(&s, clientPubKey, clientPubKeySz); + if (!r) r = mp_iszero(&s) ? SRP_BAD_KEY_E : 0; + if (!r) r = mp_cmp(&s, &srp->N) != MP_LT ? SRP_BAD_KEY_E : 0; + if (!r) r = mp_mulmod(&s, &temp1, &srp->N, &temp2); + + /* rejects A * v ^ u % N >= 1, A * v ^ u % N == -1 % N */ + if (!r) r = mp_read_unsigned_bin(&temp1, (const byte*)"\001", 1); + if (!r) r = mp_cmp(&temp2, &temp1) != MP_GT ? SRP_BAD_KEY_E : 0; + if (!r) r = mp_sub(&srp->N, &temp1, &s); + if (!r) r = mp_cmp(&temp2, &s) == MP_EQ ? SRP_BAD_KEY_E : 0; + + /* secret = temp2 * b % N */ + if (!r) r = mp_exptmod(&temp2, &srp->priv, &srp->N, &s); + } + + /* building session key from secret */ + + if (!r) r = mp_to_unsigned_bin(&s, secret); + if (!r) r = srp->keyGenFunc_cb(srp, secret, mp_unsigned_bin_size(&s)); + + /* updating client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */ + + if (!r) r = SrpHashUpdate(&srp->client_proof, clientPubKey, clientPubKeySz); + if (!r) r = SrpHashUpdate(&srp->client_proof, serverPubKey, serverPubKeySz); + if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, srp->keySz); + + /* updating server proof = H(A) */ + + if (!r) r = SrpHashUpdate(&srp->server_proof, clientPubKey, clientPubKeySz); + + XFREE(secret, NULL, DYNAMIC_TYPE_SRP); + mp_clear(&u); mp_clear(&s); mp_clear(&temp1); mp_clear(&temp2); + + return r; +} + +int wc_SrpGetProof(Srp* srp, byte* proof, word32* size) +{ + int r; + + if (!srp || !proof || !size) + return BAD_FUNC_ARG; + + if (*size < SrpHashSize(srp->type)) + return BUFFER_E; + + if ((r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE + ? &srp->client_proof + : &srp->server_proof, proof)) != 0) + return r; + + *size = SrpHashSize(srp->type); + + if (srp->side == SRP_CLIENT_SIDE) { + /* server proof = H( A | client proof | K) */ + if (!r) r = SrpHashUpdate(&srp->server_proof, proof, *size); + if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, srp->keySz); + } + + return r; +} + +int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size) +{ + byte digest[SRP_MAX_DIGEST_SIZE]; + int r; + + if (!srp || !proof) + return BAD_FUNC_ARG; + + if (size != SrpHashSize(srp->type)) + return BUFFER_E; + + r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE ? &srp->server_proof + : &srp->client_proof, digest); + + if (srp->side == SRP_SERVER_SIDE) { + /* server proof = H( A | client proof | K) */ + if (!r) r = SrpHashUpdate(&srp->server_proof, proof, size); + if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, srp->keySz); + } + + if (!r && XMEMCMP(proof, digest, size) != 0) + r = SRP_VERIFY_E; + + return r; +} + +#endif /* WOLFCRYPT_HAVE_SRP */ diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 5c5f60bda..021928d6e 100755 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -2264,6 +2264,7 @@ static const int lnz[16] = { 4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0 }; +#ifdef WOLFSSL_KEY_GEN /* swap the elements of two integers, for cases where you can't simply swap the * mp_int pointers around */ @@ -2275,6 +2276,7 @@ static void fp_exch (fp_int * a, fp_int * b) *a = *b; *b = t; } +#endif /* Counts the number of lsbs which are zero before the first zero bit */ int fp_cnt_lsb(fp_int *a) @@ -2410,7 +2412,7 @@ int mp_mod_d(fp_int *a, fp_digit b, fp_digit *c) void fp_gcd(fp_int *a, fp_int *b, fp_int *c); void fp_lcm(fp_int *a, fp_int *b, fp_int *c); int fp_isprime(fp_int *a); -int fp_randprime(fp_int* N, int len, RNG* rng, void* heap); +int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap); int mp_gcd(fp_int *a, fp_int *b, fp_int *c) { @@ -2433,7 +2435,7 @@ int mp_prime_is_prime(mp_int* a, int t, int* result) return MP_OKAY; } -int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap) +int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap) { int err; @@ -2587,7 +2589,7 @@ int fp_isprime(fp_int *a) return FP_YES; } -int fp_randprime(fp_int* N, int len, RNG* rng, void* heap) +int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap) { static const int USE_BBS = 1; int err, type; @@ -2724,12 +2726,14 @@ int mp_add_d(fp_int *a, fp_digit b, fp_int *c) #endif /* HAVE_ECC || !NO_PWDBASED */ -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) /* chars used in radix conversions */ static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\ abcdefghijklmnopqrstuvwxyz+/"; +#endif +#ifdef HAVE_ECC static int fp_read_radix(fp_int *a, const char *str, int radix) { int y, neg; @@ -2842,6 +2846,7 @@ int mp_cnt_lsb(fp_int* a) #endif /* HAVE_COMP_KEY */ +#endif /* HAVE_ECC */ #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) @@ -2953,7 +2958,5 @@ int mp_toradix (mp_int *a, char *str, int radix) #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */ -#endif /* HAVE_ECC */ - #endif /* USE_FAST_MATH */ diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c new file mode 100644 index 000000000..db8390ddc --- /dev/null +++ b/wolfcrypt/src/wc_encrypt.c @@ -0,0 +1,201 @@ +/* wc_encrypt.c + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include +#include +#include +#include + + +#ifndef NO_AES +int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Aes* aes = NULL; +#else + Aes aes[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (aes == NULL) + return MEMORY_E; +#endif + + ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION); + if (ret == 0) + ret = wc_AesCbcDecrypt(aes, out, in, inSz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Aes* aes = NULL; +#else + Aes aes[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (aes == NULL) + return MEMORY_E; +#endif + + ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION); + if (ret == 0) + ret = wc_AesCbcEncrypt(aes, out, in, inSz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif /* !NO_AES */ + + +#ifndef NO_DES3 +int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, + const byte* key, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Des* des = NULL; +#else + Des des[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (des == NULL) + return MEMORY_E; +#endif + + ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION); + if (ret == 0) + ret = wc_Des_CbcEncrypt(des, out, in, sz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, + const byte* key, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Des* des = NULL; +#else + Des des[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (des == NULL) + return MEMORY_E; +#endif + + ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION); + if (ret == 0) + ret = wc_Des_CbcDecrypt(des, out, in, sz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + +int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz, + const byte* key, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Des3* des3 = NULL; +#else + Des3 des3[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (des3 == NULL) + return MEMORY_E; +#endif + + ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION); + if (ret == 0) + ret = wc_Des3_CbcEncrypt(des3, out, in, sz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + +int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, + const byte* key, const byte* iv) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + Des3* des3 = NULL; +#else + Des3 des3[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (des3 == NULL) + return MEMORY_E; +#endif + + ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION); + if (ret == 0) + ret = wc_Des3_CbcDecrypt(des3, out, in, sz); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#endif /* !NO_DES3 */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a451d9d1d..c8d9b97ef 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include @@ -125,8 +126,12 @@ #ifdef FREESCALE_MQX #include - #include #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include #endif @@ -179,6 +184,7 @@ int camellia_test(void); int rsa_test(void); int dh_test(void); int dsa_test(void); +int srp_test(void); int random_test(void); int pwdbased_test(void); int ripemd_test(void); @@ -500,6 +506,13 @@ int wolfcrypt_test(void* args) printf( "DSA test passed!\n"); #endif +#ifdef WOLFCRYPT_HAVE_SRP + if ( (ret = srp_test()) != 0) + return err_sys("SRP test failed!\n", ret); + else + printf( "SRP test passed!\n"); +#endif + #ifndef NO_PWDBASED if ( (ret = pwdbased_test()) != 0) return err_sys("PWDBASED test failed!\n", ret); @@ -3244,7 +3257,7 @@ int random_test(void) int random_test(void) { - RNG rng; + WC_RNG rng; byte block[32]; int ret; @@ -3272,7 +3285,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out); byte GetEntropy(ENTROPY_CMD cmd, byte* out) { - static RNG rng; + static WC_RNG rng; if (cmd == INIT) return (wc_InitRng(&rng) == 0) ? 1 : 0; @@ -3344,7 +3357,7 @@ int rsa_test(void) byte* tmp; size_t bytes; RsaKey key; - RNG rng; + WC_RNG rng; word32 idx = 0; int ret; byte in[] = "Everyone gets Friday off."; @@ -3478,19 +3491,25 @@ int rsa_test(void) FILE* pemFile; ret = wc_InitRsaKey(&genKey, 0); - if (ret != 0) + if (ret != 0) { + free(tmp); return -300; + } ret = wc_MakeRsaKey(&genKey, 1024, 65537, &rng); - if (ret != 0) + if (ret != 0) { + free(tmp); return -301; + } der = (byte*)malloc(FOURK_BUF); if (der == NULL) { + free(tmp); wc_FreeRsaKey(&genKey); return -307; } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { + free(tmp); free(der); wc_FreeRsaKey(&genKey); return -308; @@ -3500,6 +3519,7 @@ int rsa_test(void) if (derSz < 0) { free(der); free(pem); + free(tmp); return -302; } @@ -3511,6 +3531,7 @@ int rsa_test(void) if (!keyFile) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -303; } @@ -3519,6 +3540,7 @@ int rsa_test(void) if (ret != derSz) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -313; } @@ -3527,6 +3549,7 @@ int rsa_test(void) if (pemSz < 0) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -304; } @@ -3539,6 +3562,7 @@ int rsa_test(void) if (!pemFile) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -305; } @@ -3547,6 +3571,7 @@ int rsa_test(void) if (ret != pemSz) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -314; } @@ -3555,6 +3580,7 @@ int rsa_test(void) if (ret != 0) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&genKey); return -3060; } @@ -3563,6 +3589,7 @@ int rsa_test(void) if (ret != 0) { free(der); free(pem); + free(tmp); wc_FreeRsaKey(&derIn); wc_FreeRsaKey(&genKey); return -306; @@ -3590,10 +3617,13 @@ int rsa_test(void) #endif derCert = (byte*)malloc(FOURK_BUF); - if (derCert == NULL) + if (derCert == NULL) { + free(tmp); return -309; + } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { + free(tmp); free(derCert); return -310; } @@ -3614,6 +3644,7 @@ int rsa_test(void) if (certSz < 0) { free(derCert); free(pem); + free(tmp); return -401; } @@ -3623,6 +3654,7 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); return -402; } FreeDecodedCert(&decode); @@ -3636,6 +3668,7 @@ int rsa_test(void) if (!derFile) { free(derCert); free(pem); + free(tmp); return -403; } ret = (int)fwrite(derCert, 1, certSz, derFile); @@ -3643,6 +3676,7 @@ int rsa_test(void) if (ret != certSz) { free(derCert); free(pem); + free(tmp); return -414; } @@ -3650,6 +3684,7 @@ int rsa_test(void) if (pemSz < 0) { free(derCert); free(pem); + free(tmp); return -404; } @@ -3661,6 +3696,7 @@ int rsa_test(void) if (!pemFile) { free(derCert); free(pem); + free(tmp); return -405; } ret = (int)fwrite(pem, 1, pemSz, pemFile); @@ -3668,6 +3704,7 @@ int rsa_test(void) if (ret != pemSz) { free(derCert); free(pem); + free(tmp); return -406; } free(pem); @@ -3691,11 +3728,14 @@ int rsa_test(void) #endif derCert = (byte*)malloc(FOURK_BUF); - if (derCert == NULL) + if (derCert == NULL) { + free(tmp); return -311; + } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { free(derCert); + free(tmp); return -312; } @@ -3704,6 +3744,7 @@ int rsa_test(void) if (!file3) { free(derCert); free(pem); + free(tmp); return -412; } @@ -3714,18 +3755,24 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); return -411; } ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); if (ret != 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -413; } wc_InitCert(&myCert); +#ifdef NO_SHA + myCert.sigType = CTC_SHA256wRSA; +#endif + strncpy(myCert.subject.country, "US", CTC_NAME_SIZE); strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE); strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE); @@ -3738,6 +3785,7 @@ int rsa_test(void) if (ret < 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -405; } @@ -3746,6 +3794,7 @@ int rsa_test(void) if (certSz < 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -407; } @@ -3755,6 +3804,7 @@ int rsa_test(void) if (certSz < 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -408; } @@ -3766,6 +3816,7 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -409; } @@ -3780,6 +3831,7 @@ int rsa_test(void) if (!derFile) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -410; } @@ -3788,6 +3840,7 @@ int rsa_test(void) if (ret != certSz) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -416; } @@ -3796,6 +3849,7 @@ int rsa_test(void) if (pemSz < 0) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -411; } @@ -3808,6 +3862,7 @@ int rsa_test(void) if (!pemFile) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -412; } @@ -3815,6 +3870,7 @@ int rsa_test(void) if (ret != pemSz) { free(derCert); free(pem); + free(tmp); wc_FreeRsaKey(&caKey); return -415; } @@ -3842,11 +3898,14 @@ int rsa_test(void) #endif derCert = (byte*)malloc(FOURK_BUF); - if (derCert == NULL) + if (derCert == NULL) { + free(tmp); return -5311; + } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { free(derCert); + free(tmp); return -5312; } @@ -3855,6 +3914,7 @@ int rsa_test(void) if (!file3) { free(derCert); free(pem); + free(tmp); return -5412; } @@ -3866,6 +3926,7 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); return -5413; } @@ -3885,6 +3946,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5405; } @@ -3893,6 +3955,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5407; } @@ -3902,6 +3965,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5408; } @@ -3909,6 +3973,7 @@ int rsa_test(void) InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { + free(tmp); free(pem); free(derCert); wc_ecc_free(&caKey); @@ -3926,6 +3991,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5410; } ret = (int)fwrite(derCert, 1, certSz, derFile); @@ -3934,6 +4000,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5414; } @@ -3942,6 +4009,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5411; } @@ -3954,6 +4022,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5412; } ret = (int)fwrite(pem, 1, pemSz, pemFile); @@ -3961,6 +4030,7 @@ int rsa_test(void) free(pem); free(derCert); wc_ecc_free(&caKey); + free(tmp); return -5415; } fclose(pemFile); @@ -3986,11 +4056,14 @@ int rsa_test(void) DecodedCert decode; #endif derCert = (byte*)malloc(FOURK_BUF); - if (derCert == NULL) + if (derCert == NULL) { + free(tmp); return -311; + } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { free(derCert); + free(tmp); return -312; } @@ -4007,6 +4080,7 @@ int rsa_test(void) if (rc != DRBG_OK) { free(derCert); free(pem); + free(tmp); return -448; } @@ -4016,6 +4090,7 @@ int rsa_test(void) if (rc != NTRU_OK) { free(derCert); free(pem); + free(tmp); return -449; } @@ -4025,6 +4100,7 @@ int rsa_test(void) if (rc != NTRU_OK) { free(derCert); free(pem); + free(tmp); return -450; } @@ -4033,6 +4109,7 @@ int rsa_test(void) if (rc != NTRU_OK) { free(derCert); free(pem); + free(tmp); return -451; } @@ -4041,6 +4118,7 @@ int rsa_test(void) if (!caFile) { free(derCert); free(pem); + free(tmp); return -452; } @@ -4051,12 +4129,14 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); return -453; } ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); if (ret != 0) { free(derCert); free(pem); + free(tmp); return -454; } @@ -4075,6 +4155,7 @@ int rsa_test(void) free(derCert); free(pem); wc_FreeRsaKey(&caKey); + free(tmp); return -455; } @@ -4084,6 +4165,7 @@ int rsa_test(void) free(derCert); free(pem); wc_FreeRsaKey(&caKey); + free(tmp); return -456; } @@ -4093,6 +4175,7 @@ int rsa_test(void) if (certSz < 0) { free(derCert); free(pem); + free(tmp); return -457; } @@ -4103,6 +4186,7 @@ int rsa_test(void) if (ret != 0) { free(derCert); free(pem); + free(tmp); return -458; } FreeDecodedCert(&decode); @@ -4111,6 +4195,7 @@ int rsa_test(void) if (!derFile) { free(derCert); free(pem); + free(tmp); return -459; } ret = (int)fwrite(derCert, 1, certSz, derFile); @@ -4118,6 +4203,7 @@ int rsa_test(void) if (ret != certSz) { free(derCert); free(pem); + free(tmp); return -473; } @@ -4125,6 +4211,7 @@ int rsa_test(void) if (pemSz < 0) { free(derCert); free(pem); + free(tmp); return -460; } @@ -4132,6 +4219,7 @@ int rsa_test(void) if (!pemFile) { free(derCert); free(pem); + free(tmp); return -461; } ret = (int)fwrite(pem, 1, pemSz, pemFile); @@ -4139,6 +4227,7 @@ int rsa_test(void) if (ret != pemSz) { free(derCert); free(pem); + free(tmp); return -474; } @@ -4146,6 +4235,7 @@ int rsa_test(void) if (!ntruPrivFile) { free(derCert); free(pem); + free(tmp); return -462; } ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile); @@ -4153,6 +4243,7 @@ int rsa_test(void) if (ret != private_key_len) { free(pem); free(derCert); + free(tmp); return -475; } free(pem); @@ -4169,11 +4260,14 @@ int rsa_test(void) FILE* reqFile; der = (byte*)malloc(FOURK_BUF); - if (der == NULL) + if (der == NULL) { + free(tmp); return -463; + } pem = (byte*)malloc(FOURK_BUF); if (pem == NULL) { free(der); + free(tmp); return -464; } @@ -4195,6 +4289,7 @@ int rsa_test(void) if (derSz < 0) { free(pem); free(der); + free(tmp); return -465; } @@ -4203,6 +4298,7 @@ int rsa_test(void) if (derSz < 0) { free(pem); free(der); + free(tmp); return -466; } @@ -4210,6 +4306,7 @@ int rsa_test(void) if (pemSz < 0) { free(pem); free(der); + free(tmp); return -467; } @@ -4221,6 +4318,7 @@ int rsa_test(void) if (!reqFile) { free(pem); free(der); + free(tmp); return -468; } @@ -4229,6 +4327,7 @@ int rsa_test(void) if (ret != derSz) { free(pem); free(der); + free(tmp); return -471; } @@ -4240,6 +4339,7 @@ int rsa_test(void) if (!reqFile) { free(pem); free(der); + free(tmp); return -469; } ret = (int)fwrite(pem, 1, pemSz, reqFile); @@ -4247,6 +4347,7 @@ int rsa_test(void) if (ret != pemSz) { free(pem); free(der); + free(tmp); return -470; } @@ -4295,7 +4396,7 @@ int dh_test(void) byte agree2[256]; DhKey key; DhKey key2; - RNG rng; + WC_RNG rng; #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, dh_key_der_1024, sizeof_dh_key_der_1024); @@ -4384,7 +4485,7 @@ int dsa_test(void) word32 idx = 0; byte tmp[1024]; DsaKey key; - RNG rng; + WC_RNG rng; Sha sha; byte hash[SHA_DIGEST_SIZE]; byte signature[40]; @@ -4537,6 +4638,101 @@ int dsa_test(void) #endif /* NO_DSA */ +#ifdef WOLFCRYPT_HAVE_SRP + +int srp_test(void) +{ + Srp cli, srv; + int r; + + byte clientPubKey[80]; /* A */ + byte serverPubKey[80]; /* B */ + word32 clientPubKeySz = 80; + word32 serverPubKeySz = 80; + byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */ + byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */ + word32 clientProofSz = SRP_MAX_DIGEST_SIZE; + word32 serverProofSz = SRP_MAX_DIGEST_SIZE; + + byte username[] = "user"; + word32 usernameSz = 4; + + byte password[] = "password"; + word32 passwordSz = 8; + + byte N[] = { + 0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F, + 0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4, + 0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7, + 0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22, + 0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37, + 0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15, + 0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83 + }; + + byte g[] = { + 0x02 + }; + + byte salt[] = { + 0xB2, 0xE5, 0x8E, 0xCC, 0xD0, 0xCF, 0x9D, 0x10, 0x3A, 0x56 + }; + + byte verifier[] = { + 0x7C, 0xAB, 0x17, 0xFE, 0x54, 0x3E, 0x8C, 0x13, 0xF2, 0x3D, 0x21, 0xE7, + 0xD2, 0xAF, 0xAF, 0xDB, 0xA1, 0x52, 0x69, 0x9D, 0x49, 0x01, 0x79, 0x91, + 0xCF, 0xD1, 0x3F, 0xE5, 0x28, 0x72, 0xCA, 0xBE, 0x13, 0xD1, 0xC2, 0xDA, + 0x65, 0x34, 0x55, 0x8F, 0x34, 0x0E, 0x05, 0xB8, 0xB4, 0x0F, 0x7F, 0x6B, + 0xBB, 0xB0, 0x6B, 0x50, 0xD8, 0xB1, 0xCC, 0xB7, 0x81, 0xFE, 0xD4, 0x42, + 0xF5, 0x11, 0xBC, 0x8A, 0x28, 0xEB, 0x50, 0xB3, 0x46, 0x08, 0xBA, 0x24, + 0xA2, 0xFB, 0x7F, 0x2E, 0x0A, 0xA5, 0x33, 0xCC + }; + + /* client knows username and password. */ + /* server knows N, g, salt and verifier. */ + + r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE); + if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz); + + /* client sends username to server */ + + if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE); + if (!r) r = wc_SrpSetUsername(&srv, username, usernameSz); + if (!r) r = wc_SrpSetParams(&srv, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt)); + if (!r) r = wc_SrpSetVerifier(&srv, verifier, sizeof(verifier)); + if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz); + + /* server sends N, g, salt and B to client */ + + if (!r) r = wc_SrpSetParams(&cli, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt)); + if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz); + if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz); + if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz); + if (!r) r = wc_SrpGetProof(&cli, clientProof, &clientProofSz); + + /* client sends A and M1 to server */ + + if (!r) r = wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz); + if (!r) r = wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz); + if (!r) r = wc_SrpGetProof(&srv, serverProof, &serverProofSz); + + /* server sends M2 to client */ + + if (!r) r = wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); + + return r; +} + +#endif /* WOLFCRYPT_HAVE_SRP */ #ifdef OPENSSL_EXTRA @@ -5000,7 +5196,7 @@ typedef struct rawEccVector { int ecc_test(void) { - RNG rng; + WC_RNG rng; byte sharedA[1024]; byte sharedB[1024]; byte sig[1024]; @@ -5256,7 +5452,7 @@ int ecc_test(void) int ecc_encrypt_test(void) { - RNG rng; + WC_RNG rng; int ret; ecc_key userA, userB; byte msg[48]; @@ -5391,7 +5587,7 @@ int ecc_encrypt_test(void) int curve25519_test(void) { - RNG rng; + WC_RNG rng; byte sharedA[32]; byte sharedB[32]; byte exportBuf[32]; @@ -5554,7 +5750,7 @@ int curve25519_test(void) #ifdef HAVE_ED25519 int ed25519_test(void) { - RNG rng; + WC_RNG rng; byte out[ED25519_SIG_SIZE]; byte exportPKey[ED25519_KEY_SIZE]; byte exportSKey[ED25519_KEY_SIZE]; @@ -6204,8 +6400,8 @@ int pkcs7signed_test(void) byte* out; char data[] = "Hello World"; word32 dataSz, outSz, certDerSz, keyDerSz; - PKCS7 msg; - RNG rng; + PKCS7 msg; + WC_RNG rng; byte transIdOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, diff --git a/wolfssl.vcproj b/wolfssl.vcproj index b4a4543ad..f81f47fbd 100755 --- a/wolfssl.vcproj +++ b/wolfssl.vcproj @@ -291,6 +291,10 @@ RelativePath=".\src\tls.c" > + + + diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 66c0d18cd..898356645 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -331,7 +331,9 @@ typedef byte word24[3]; #endif #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) - #define BUILD_TLS_RSA_WITH_HC_128_MD5 + #ifndef NO_MD5 + #define BUILD_TLS_RSA_WITH_HC_128_MD5 + #endif #if !defined(NO_SHA) #define BUILD_TLS_RSA_WITH_HC_128_SHA #endif @@ -366,13 +368,17 @@ typedef byte word24[3]; #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) #ifndef NO_SHA256 - #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + #ifndef NO_AES + #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + #endif #ifdef HAVE_NULL_CIPHER #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 #endif #endif #ifdef WOLFSSL_SHA384 - #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + #ifndef NO_AES + #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + #endif #ifdef HAVE_NULL_CIPHER #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 #endif @@ -385,46 +391,66 @@ typedef byte word24[3]; #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + #endif #endif #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + #endif #endif /* NO_SHA */ #ifndef NO_SHA256 #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + #endif #endif #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + #endif #endif #ifdef WOLFSSL_SHA384 #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + #endif #endif #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + #endif #endif #if defined (HAVE_AESGCM) #if !defined(NO_RSA) - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + #endif #if defined(WOLFSSL_SHA384) - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + #endif #endif #endif - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + #endif #if defined(WOLFSSL_SHA384) - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + #endif #endif #endif #endif /* NO_AES */ @@ -432,22 +458,30 @@ typedef byte word24[3]; #if !defined(NO_SHA) #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA + #endif #endif #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA + #endif #endif #endif #if !defined(NO_DES3) #ifndef NO_SHA #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA + #endif #endif #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA + #if defined(WOLFSSL_STATIC_DH) + #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA + #endif #endif /* NO_SHA */ #endif #endif @@ -2215,7 +2249,7 @@ struct WOLFSSL { HS_Hashes* hsHashes; void* IOCB_ReadCtx; void* IOCB_WriteCtx; - RNG* rng; + WC_RNG* rng; void* verifyCbCtx; /* cert verify callback user ctx*/ VerifyCallback verifyCallback; /* cert verification callback */ void* heap; /* for user overrides */ diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h index ad89a50d9..56fada416 100644 --- a/wolfssl/sniffer_error.h +++ b/wolfssl/sniffer_error.h @@ -107,6 +107,7 @@ #define CLIENT_HELLO_LATE_KEY_STR 72 #define GOT_CERT_STATUS_STR 73 #define RSA_KEY_MISSING_STR 74 +#define NO_SECURE_RENEGOTIATION 75 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ diff --git a/wolfssl/sniffer_error.rc b/wolfssl/sniffer_error.rc index 8bcd6926c..3c748193e 100644 --- a/wolfssl/sniffer_error.rc +++ b/wolfssl/sniffer_error.rc @@ -89,5 +89,6 @@ STRINGTABLE 72, "Late Key Load Error" 73, "Got Certificate Status msg" 74, "RSA Key Missing Error" + 75, "Secure Renegotiation Not Supported" } diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 25b86a6c5..863dcb0c9 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -32,7 +32,11 @@ #ifndef NO_FILESYSTEM #ifdef FREESCALE_MQX - #include + #if MQX_USE_IO_OLD + #include + #else + #include + #endif #else #include /* ERR_printf */ #endif diff --git a/wolfssl/test.h b/wolfssl/test.h index 4c95d72c8..add257133 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1520,6 +1520,8 @@ static INLINE int myDecryptVerifyCb(WOLFSSL* ssl, /* decrypt */ ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz); + if (ret != 0) + return ret; if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) { *padSz = wolfSSL_GetAeadMacSize(ssl); @@ -1606,7 +1608,7 @@ static INLINE void FreeAtomicUser(WOLFSSL* ssl) static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) { - RNG rng; + WC_RNG rng; int ret; word32 idx = 0; ecc_key myKey; @@ -1657,7 +1659,7 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz, static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) { - RNG rng; + WC_RNG rng; int ret; word32 idx = 0; RsaKey myKey; @@ -1715,7 +1717,7 @@ static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, int ret; word32 idx = 0; RsaKey myKey; - RNG rng; + WC_RNG rng; (void)ssl; (void)ctx; @@ -1820,8 +1822,8 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num) int x, size; static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz"; - RNG rng; - byte out; + WC_RNG rng; + byte out; if (tempfn == NULL || len < 1 || num < 1 || len <= num) { printf("Bad input\n"); @@ -1862,7 +1864,7 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num) } key_ctx; static key_ctx myKey_ctx; - static RNG rng; + static WC_RNG rng; static INLINE int TicketInit(void) { diff --git a/wolfssl/version.h b/wolfssl/version.h index f5a990a10..c14cdc514 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.6.2" -#define LIBWOLFSSL_VERSION_HEX 0x03006002 +#define LIBWOLFSSL_VERSION_STRING "3.6.3" +#define LIBWOLFSSL_VERSION_HEX 0x03006003 #ifdef __cplusplus } diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index d99558cbb..29e18f088 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -133,12 +133,6 @@ WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); -WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, - const byte* iv); -WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, - const byte* key, word32 keySz, - const byte* iv); /* AES-CTR */ #ifdef WOLFSSL_AES_COUNTER diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 04f77851a..7aea6f927 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -149,15 +149,15 @@ typedef struct Cert { */ WOLFSSL_API void wc_InitCert(Cert*); WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, - ecc_key*, RNG*); + ecc_key*, WC_RNG*); #ifdef WOLFSSL_CERT_REQ WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, RsaKey*, ecc_key*); #endif WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, - word32 derSz, RsaKey*, ecc_key*, RNG*); + word32 derSz, RsaKey*, ecc_key*, WC_RNG*); WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, - RNG*); + WC_RNG*); WOLFSSL_API int wc_SetIssuer(Cert*, const char*); WOLFSSL_API int wc_SetSubject(Cert*, const char*); #ifdef WOLFSSL_ALT_NAMES @@ -170,7 +170,8 @@ WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); #ifdef HAVE_NTRU WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, - const byte* ntruKey, word16 keySz, RNG*); + const byte* ntruKey, word16 keySz, + WC_RNG*); #endif #endif /* WOLFSSL_CERT_GEN */ diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index ae795baca..cb1dad032 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -65,7 +65,7 @@ enum { }; WOLFSSL_API -int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key); +int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key); WOLFSSL_API int wc_curve25519_shared_secret(curve25519_key* private_key, diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h index c0d9394a2..a61e5e2e1 100644 --- a/wolfssl/wolfcrypt/des3.h +++ b/wolfssl/wolfcrypt/des3.h @@ -92,12 +92,6 @@ WOLFSSL_API int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); WOLFSSL_API int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz); -WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out, - const byte* in, word32 sz, - const byte* key, const byte* iv); -WOLFSSL_API int wc_Des_CbcEncryptWithKey(byte* out, - const byte* in, word32 sz, - const byte* key, const byte* iv); WOLFSSL_API int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir); @@ -106,12 +100,6 @@ WOLFSSL_API int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz); WOLFSSL_API int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz); -WOLFSSL_API int wc_Des3_CbcEncryptWithKey(byte* out, - const byte* in, word32 sz, - const byte* key, const byte* iv); -WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, - const byte* in, word32 sz, - const byte* key, const byte* iv); #ifdef HAVE_CAVIUM WOLFSSL_API int wc_Des3_InitCavium(Des3*, int); diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index 7cee7dce3..a116eab7c 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -43,7 +43,7 @@ typedef struct DhKey { WOLFSSL_API void wc_InitDhKey(DhKey* key); WOLFSSL_API void wc_FreeDhKey(DhKey* key); -WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, +WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz, byte* pub, word32* pubSz); WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, word32 privSz, const byte* otherPub, diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h index 115c18c6e..1d26a3d69 100644 --- a/wolfssl/wolfcrypt/dsa.h +++ b/wolfssl/wolfcrypt/dsa.h @@ -57,7 +57,7 @@ typedef struct DsaKey { WOLFSSL_API void wc_InitDsaKey(DsaKey* key); WOLFSSL_API void wc_FreeDsaKey(DsaKey* key); WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out, - DsaKey* key, RNG* rng); + DsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key, int* answer); WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, @@ -67,8 +67,8 @@ WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen); #ifdef WOLFSSL_KEY_GEN -WOLFSSL_API int wc_MakeDsaKey(RNG *rng, DsaKey *dsa); -WOLFSSL_API int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa); +WOLFSSL_API int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa); +WOLFSSL_API int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa); #endif #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 6630a1ae8..0075f0d14 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -134,7 +134,7 @@ extern const ecc_set_type ecc_sets[]; WOLFSSL_API -int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key); +int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key); WOLFSSL_API int wc_ecc_check_key(ecc_key* key); WOLFSSL_API @@ -145,9 +145,9 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen); WOLFSSL_API int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, - RNG* rng, ecc_key* key); + WC_RNG* rng, ecc_key* key); WOLFSSL_API -int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng, +int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, ecc_key* key, mp_int *r, mp_int *s); WOLFSSL_API int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, @@ -248,11 +248,11 @@ enum ecFlags { typedef struct ecEncCtx ecEncCtx; WOLFSSL_API -ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng); +ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng); WOLFSSL_API void wc_ecc_ctx_free(ecEncCtx*); WOLFSSL_API -int wc_ecc_ctx_reset(ecEncCtx*, RNG*); /* reset for use again w/o alloc/free */ +int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */ WOLFSSL_API const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*); diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 3a8e287b3..606ff4145 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -61,7 +61,7 @@ typedef struct { WOLFSSL_API -int wc_ed25519_make_key(RNG* rng, int keysize, ed25519_key* key); +int wc_ed25519_make_key(WC_RNG* rng, int keysize, ed25519_key* key); WOLFSSL_API int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, word32 *outlen, ed25519_key* key); diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 79991fdf4..340d1db75 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -151,6 +151,10 @@ enum { ECC_INF_E = -215, /* ECC point infinity error */ ECC_PRIV_KEY_E = -216, /* ECC private key not valid error */ + SRP_CALL_ORDER_E = -217, /* SRP function called in the wrong order. */ + SRP_VERIFY_E = -218, /* SRP proof verification failed. */ + SRP_BAD_KEY_E = -219, /* SRP bad ephemeral values. */ + MIN_CODE_E = -300 /* errors -101 - -299 */ }; @@ -163,5 +167,3 @@ WOLFSSL_API const char* wc_GetErrorString(int error); } /* extern "C" */ #endif #endif /* WOLF_CRYPT_ERROR_H */ - - diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index ad1062809..2b35d5a6a 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -22,20 +22,35 @@ #ifndef WOLF_CRYPT_HASH_H #define WOLF_CRYPT_HASH_H +#include + #ifndef NO_MD5 #include WOLFSSL_API void wc_Md5GetHash(Md5*, byte*); WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ; #endif + #ifndef NO_SHA #include WOLFSSL_API int wc_ShaGetHash(Sha*, byte*); WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ; +WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); #endif + #ifndef NO_SHA256 #include WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*); WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ; +WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); #endif -#endif +#ifdef WOLFSSL_SHA512 +#include +WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); + #if defined(WOLFSSL_SHA384) + WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); + #endif /* defined(WOLFSSL_SHA384) */ +#endif /* WOLFSSL_SHA512 */ + + +#endif /* WOLF_CRYPT_HASH_H */ diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 1f3a726b8..8387ed7df 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -29,6 +29,7 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/md5.h \ wolfssl/wolfcrypt/misc.h \ wolfssl/wolfcrypt/pkcs7.h \ + wolfssl/wolfcrypt/wc_encrypt.h \ wolfssl/wolfcrypt/wc_port.h \ wolfssl/wolfcrypt/pwdbased.h \ wolfssl/wolfcrypt/rabbit.h \ @@ -45,6 +46,7 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/blake2-int.h \ wolfssl/wolfcrypt/blake2-impl.h \ wolfssl/wolfcrypt/tfm.h \ + wolfssl/wolfcrypt/srp.h \ wolfssl/wolfcrypt/types.h \ wolfssl/wolfcrypt/visibility.h \ wolfssl/wolfcrypt/logging.h \ @@ -56,4 +58,3 @@ noinst_HEADERS+= \ wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \ wolfssl/wolfcrypt/port/ti/ti-hash.h \ wolfssl/wolfcrypt/port/ti/ti-ccm.h - diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index 8e43a395b..099b9f4e3 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -307,7 +307,7 @@ int mp_radix_size (mp_int * a, int radix, int *size); #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c); #endif -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) int mp_read_radix(mp_int* a, const char* str, int radix); #endif @@ -315,7 +315,7 @@ int mp_radix_size (mp_int * a, int radix, int *size); int mp_prime_is_prime (mp_int * a, int t, int *result); int mp_gcd (mp_int * a, mp_int * b, mp_int * c); int mp_lcm (mp_int * a, mp_int * b, mp_int * c); - int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap); + int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap); #endif int mp_cnt_lsb(mp_int *a); diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index e39a12b9d..32a46faf2 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -73,7 +73,7 @@ typedef struct PKCS7 { word32 contentSz; /* content size */ int contentOID; /* PKCS#7 content type OID sum */ - RNG* rng; + WC_RNG* rng; int hashOID; int encryptOID; /* key encryption algorithm OID */ @@ -100,7 +100,7 @@ WOLFSSL_LOCAL int wc_GetContentType(const byte* input, word32* inOutIdx, word32* oid, word32 maxIdx); WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz, int keyEncAlgo, int blockKeySz, - RNG* rng, byte* contentKeyPlain, + WC_RNG* rng, byte* contentKeyPlain, byte* contentKeyEnc, int* keyEncSz, byte* out, word32 outSz); diff --git a/wolfssl/wolfcrypt/pwdbased.h b/wolfssl/wolfcrypt/pwdbased.h index 0173beef8..068dc5149 100644 --- a/wolfssl/wolfcrypt/pwdbased.h +++ b/wolfssl/wolfcrypt/pwdbased.h @@ -51,9 +51,9 @@ WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen, int kLen, int typeH, int purpose); /* helper functions */ -WOLFSSL_LOCAL int GetDigestSize(int hashType); -WOLFSSL_LOCAL int GetPKCS12HashSizes(int hashType, word32* v, word32* u); -WOLFSSL_LOCAL int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen, +WOLFSSL_LOCAL int GetDigestSize(int typeH); +WOLFSSL_LOCAL int GetPKCS12HashSizes(int typeH, word32* v, word32* u); +WOLFSSL_LOCAL int DoPKCS12Hash(int typeH, byte* buffer, word32 totalLen, byte* Ai, word32 u, int iterations); diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 989e53230..741d2531f 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -84,11 +84,11 @@ struct DRBG; /* Private DRBG state */ /* Hash-based Deterministic Random Bit Generator */ -typedef struct RNG { +typedef struct WC_RNG { struct DRBG* drbg; OS_Seed seed; byte status; -} RNG; +} WC_RNG; #else /* HAVE_HASHDRBG || NO_RC4 */ @@ -99,36 +99,42 @@ typedef struct RNG { /* secure Random Number Generator */ -typedef struct RNG { +typedef struct WC_RNG { OS_Seed seed; Arc4 cipher; #ifdef HAVE_CAVIUM int devId; /* nitrox device id */ word32 magic; /* using cavium magic */ #endif -} RNG; +} WC_RNG; #endif /* HAVE_HASH_DRBG || NO_RC4 */ #endif /* HAVE_FIPS */ +/* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts, + * can't be used with CTaoCrypt FIPS */ +#if !defined(NO_OLD_RNGNAME) && !defined(HAVE_FIPS) + #define RNG WC_RNG +#endif + WOLFSSL_LOCAL int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); #if defined(HAVE_HASHDRBG) || defined(NO_RC4) #ifdef HAVE_CAVIUM - WOLFSSL_API int wc_InitRngCavium(RNG*, int); + WOLFSSL_API int wc_InitRngCavium(WC_RNG*, int); #endif #endif /* HAVE_HASH_DRBG || NO_RC4 */ -WOLFSSL_API int wc_InitRng(RNG*); -WOLFSSL_API int wc_RNG_GenerateBlock(RNG*, byte*, word32 sz); -WOLFSSL_API int wc_RNG_GenerateByte(RNG*, byte*); -WOLFSSL_API int wc_FreeRng(RNG*); +WOLFSSL_API int wc_InitRng(WC_RNG*); +WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz); +WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*); +WOLFSSL_API int wc_FreeRng(WC_RNG*); #if defined(HAVE_HASHDRBG) || defined(NO_RC4) diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 1f12df941..ec6ef7b91 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -47,19 +47,6 @@ enum { RSA_PUBLIC = 0, RSA_PRIVATE = 1, - - RSA_PUBLIC_ENCRYPT = 0, - RSA_PUBLIC_DECRYPT = 1, - RSA_PRIVATE_ENCRYPT = 2, - RSA_PRIVATE_DECRYPT = 3, - - RSA_BLOCK_TYPE_1 = 1, - RSA_BLOCK_TYPE_2 = 2, - - RSA_MIN_SIZE = 512, - RSA_MAX_SIZE = 4096, - - RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */ }; @@ -90,13 +77,13 @@ WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void*); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, RNG* rng); + word32 outLen, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key); WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, RNG* rng); + word32 outLen, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, @@ -118,7 +105,7 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, word32*); #ifdef WOLFSSL_KEY_GEN - WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng); + WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); #endif #ifdef HAVE_CAVIUM diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index af8e690ff..fb6f9543a 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -111,6 +111,9 @@ /* Uncomment next line if building for VxWorks */ /* #define WOLFSSL_VXWORKS */ +/* Uncomment next line to enable deprecated less secure static DH suites */ +/* #define WOLFSSL_STATIC_DH */ + #include #ifdef WOLFSSL_USER_SETTINGS @@ -118,6 +121,12 @@ #endif +/* make sure old RNG name is used with CTaoCrypt FIPS */ +#ifdef HAVE_FIPS + #define WC_RNG RNG +#endif + + #ifdef IPHONE #define SIZEOF_LONG_LONG 8 #endif @@ -178,6 +187,7 @@ #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #define NEED_AES_TABLES + #define WOLFSSL_HAVE_MIN #endif #ifdef WOLFSSL_MICROCHIP_PIC32MZ @@ -307,6 +317,10 @@ #ifdef FREERTOS + #include "FreeRTOS.h" + /* FreeRTOS pvPortRealloc() only in AVR32_UC3 port */ + #define XMALLOC(s, h, type) pvPortMalloc((s)) + #define XFREE(p, h, type) vPortFree((p)) #ifndef NO_WRITEV #define NO_WRITEV #endif @@ -328,7 +342,6 @@ #endif #ifndef SINGLE_THREADED - #include "FreeRTOS.h" #include "semphr.h" #endif #endif @@ -454,7 +467,11 @@ #include "mqx.h" #ifndef NO_FILESYSTEM #include "mfs.h" - #include "fio.h" + #if MQX_USE_IO_OLD + #include "fio.h" + #else + #include "nio.h" + #endif #endif #ifndef SINGLE_THREADED #include "mutex.h" diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 80a2c9832..76a08ba92 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -76,7 +76,6 @@ typedef struct Sha { WOLFSSL_API int wc_InitSha(Sha*); WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32); WOLFSSL_API int wc_ShaFinal(Sha*, byte*); -WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 7cf6d8677..b7d0df1b6 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -74,7 +74,6 @@ typedef struct Sha256 { WOLFSSL_API int wc_InitSha256(Sha256*); WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32); WOLFSSL_API int wc_Sha256Final(Sha256*, byte*); -WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 83f07c738..455d83854 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -64,7 +64,6 @@ typedef struct Sha512 { WOLFSSL_API int wc_InitSha512(Sha512*); WOLFSSL_API int wc_Sha512Update(Sha512*, const byte*, word32); WOLFSSL_API int wc_Sha512Final(Sha512*, byte*); -WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); #if defined(WOLFSSL_SHA384) @@ -91,7 +90,6 @@ typedef struct Sha384 { WOLFSSL_API int wc_InitSha384(Sha384*); WOLFSSL_API int wc_Sha384Update(Sha384*, const byte*, word32); WOLFSSL_API int wc_Sha384Final(Sha384*, byte*); -WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); #endif /* WOLFSSL_SHA384 */ diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h new file mode 100644 index 000000000..3992a07ea --- /dev/null +++ b/wolfssl/wolfcrypt/srp.h @@ -0,0 +1,308 @@ +/* srp.h + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef WOLFCRYPT_HAVE_SRP + +#ifndef WOLFCRYPT_SRP_H +#define WOLFCRYPT_SRP_H + +#include +#include +#include +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +/* Select the largest available hash for the buffer size. */ +#if defined(WOLFSSL_SHA512) + #define SRP_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE +#elif defined(WOLFSSL_SHA384) + #define SRP_MAX_DIGEST_SIZE SHA384_DIGEST_SIZE +#elif !defined(NO_SHA256) + #define SRP_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE +#elif !defined(NO_SHA) + #define SRP_MAX_DIGEST_SIZE SHA_DIGEST_SIZE +#else + #error "You have to have some kind of SHA hash if you want to use SRP." +#endif + +/* Set the minimum number of bits acceptable in an SRP modulus */ +#define SRP_DEFAULT_MIN_BITS 512 + +/** + * SRP side, client or server. + */ +typedef enum { + SRP_CLIENT_SIDE = 0, + SRP_SERVER_SIDE = 1, +} SrpSide; + +/** + * SRP hash type, SHA[1|256|384|512]. + */ +typedef enum { + #ifndef NO_SHA + SRP_TYPE_SHA = 1, + #endif + #ifndef NO_SHA256 + SRP_TYPE_SHA256 = 2, + #endif + #ifdef WOLFSSL_SHA384 + SRP_TYPE_SHA384 = 3, + #endif + #ifdef WOLFSSL_SHA512 + SRP_TYPE_SHA512 = 4, + #endif +} SrpType; + +/** + * SRP hash struct. + */ +typedef struct { + byte type; + union { + #ifndef NO_SHA + Sha sha; + #endif + #ifndef NO_SHA256 + Sha256 sha256; + #endif + #ifdef WOLFSSL_SHA384 + Sha384 sha384; + #endif + #ifdef WOLFSSL_SHA512 + Sha512 sha512; + #endif + } data; +} SrpHash; + +typedef struct Srp { + SrpSide side; /**< Client or Server, @see SrpSide. */ + SrpType type; /**< Hash type, @see SrpType. */ + byte* user; /**< Username, login. */ + word32 userSz; /**< Username length. */ + byte* salt; /**< Small salt. */ + word32 saltSz; /**< Salt length. */ + mp_int N; /**< Modulus. N = 2q+1, [q, N] are primes.*/ + mp_int g; /**< Generator. A generator modulo N. */ + byte k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. k = H(N, g) */ + mp_int auth; /**< Client: x = H(salt + H(user:pswd)) */ + /**< Server: v = g ^ x % N */ + mp_int priv; /**< Private ephemeral value. */ + SrpHash client_proof; /**< Client proof. Sent to the Server. */ + SrpHash server_proof; /**< Server proof. Sent to the Client. */ + byte* key; /**< Session key. */ + word32 keySz; /**< Session key length. */ + int (*keyGenFunc_cb) (struct Srp* srp, byte* secret, word32 size); + /**< Function responsible for generating the session key. */ + /**< It MUST use XMALLOC with type DYNAMIC_TYPE_SRP to allocate the */ + /**< key buffer for this structure and set keySz to the buffer size. */ + /**< The default function used by this implementation is a modified */ + /**< version of t_mgf1 that uses the proper hash function according */ + /**< to srp->type. */ +} Srp; + +/** + * Initializes the Srp struct for usage. + * + * @param[out] srp the Srp structure to be initialized. + * @param[in] type the hash type to be used. + * @param[in] side the side of the communication. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpInit(Srp* srp, SrpType type, SrpSide side); + +/** + * Releases the Srp struct resources after usage. + * + * @param[in,out] srp the Srp structure to be terminated. + */ +WOLFSSL_API void wc_SrpTerm(Srp* srp); + +/** + * Sets the username. + * + * This function MUST be called after wc_SrpInit. + * + * @param[in,out] srp the Srp structure. + * @param[in] username the buffer containing the username. + * @param[in] size the username size in bytes + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size); + + +/** + * Sets the srp parameeters based on the username. + * + * This function MUST be called after wc_SrpSetUsername. + * + * @param[in,out] srp the Srp structure. + * @param[in] N the Modulus. N = 2q+1, [q, N] are primes. + * @param[in] nSz the N size in bytes. + * @param[in] g the Generator modulo N. + * @param[in] gSz the g size in bytes + * @param[in] salt a small random salt. Specific for each username. + * @param[in] saltSz the salt size in bytes + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, + const byte* g, word32 gSz, + const byte* salt, word32 saltSz); + +/** + * Sets the password. + * + * Setting the password does not persists the clear password data in the + * srp structure. The client calculates x = H(salt + H(user:pswd)) and stores + * it in the auth field. + * + * This function MUST be called after wc_SrpSetParams and is CLIENT SIDE ONLY. + * + * @param[in,out] srp the Srp structure. + * @param[in] password the buffer containing the password. + * @param[in] size the password size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size); + +/** + * Sets the password. + * + * This function MUST be called after wc_SrpSetParams and is SERVER SIDE ONLY. + * + * @param[in,out] srp the Srp structure. + * @param[in] verifier the buffer containing the verifier. + * @param[in] size the verifier size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size); + +/** + * Gets the verifier. + * + * The client calculates the verifier with v = g ^ x % N. + * This function MAY be called after wc_SrpSetPassword and is SERVER SIDE ONLY. + * + * @param[in,out] srp the Srp structure. + * @param[out] verifier the buffer to write the verifier. + * @param[in,out] size the buffer size in bytes. Will be updated with the + * verifier size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size); + +/** + * Sets the private ephemeral value. + * + * The private ephemeral value is known as: + * a at the client side. a = random() + * b at the server side. b = random() + * This function is handy for unit test cases or if the developer wants to use + * an external random source to set the ephemeral value. + * This function MAY be called before wc_SrpGetPublic. + * + * @param[in,out] srp the Srp structure. + * @param[in] private the ephemeral value. + * @param[in] size the private size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size); + +/** + * Gets the public ephemeral value. + * + * The public ephemeral value is known as: + * A at the client side. A = g ^ a % N + * B at the server side. B = (k * v + (g ˆ b % N)) % N + * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier. + * + * @param[in,out] srp the Srp structure. + * @param[out] public the buffer to write the public ephemeral value. + * @param[in,out] size the the buffer size in bytes. Will be updated with + * the ephemeral value size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* public, word32* size); + + +/** + * Computes the session key. + * + * This function is handy for unit test cases or if the developer wants to use + * an external random source to set the ephemeral value. + * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier. + * + * @param[in,out] srp the Srp structure. + * @param[out] public the buffer to write the public ephemeral value. + * @param[in,out] size the the buffer size in bytes. Will be updated with + the ephemeral value size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpComputeKey(Srp* srp, + byte* clientPubKey, word32 clientPubKeySz, + byte* serverPubKey, word32 serverPubKeySz); + +/** + * Gets the proof. + * + * This function MUST be called after wc_SrpComputeKey. + * + * @param[in,out] srp the Srp structure. + * @param[out] proof the buffer to write the proof. + * @param[in,out] size the buffer size in bytes. Will be updated with the + * proof size. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size); + +/** + * Verifies the peers proof. + * + * This function MUST be called before wc_SrpGetSessionKey. + * + * @param[in,out] srp the Srp structure. + * @param[in] proof the peers proof. + * @param[in] size the proof size in bytes. + * + * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h + */ +WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFCRYPT_SRP_H */ +#endif /* WOLFCRYPT_HAVE_SRP */ diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 157d58da4..ac24eb93c 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -718,7 +718,7 @@ int mp_radix_size (mp_int * a, int radix, int *size); int mp_gcd(fp_int *a, fp_int *b, fp_int *c); int mp_lcm(fp_int *a, fp_int *b, fp_int *c); int mp_prime_is_prime(mp_int* a, int t, int* result); -int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap); +int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap); int mp_exch(mp_int *a, mp_int *b); #endif /* WOLFSSL_KEY_GEN */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index a5ff1d3f2..0675af337 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -143,6 +143,9 @@ #ifdef HAVE_THREAD_LS #if defined(_MSC_VER) #define THREAD_LS_T __declspec(thread) + /* Thread local storage only in FreeRTOS v8.2.1 and higher */ + #elif defined(FREERTOS) + #define THREAD_LS_T #else #define THREAD_LS_T __thread #endif @@ -176,7 +179,7 @@ #define XREALLOC(p, n, h, t) realloc((p), (n)) #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ - && !defined(WOLFSSL_LEANPSK) + && !defined(WOLFSSL_LEANPSK) && !defined(FREERTOS) /* default C runtime, can install different routines at runtime via cbs */ #include #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) @@ -212,7 +215,7 @@ #ifndef CTYPE_USER #include - #if defined(HAVE_ECC) || defined(HAVE_OCSP) + #if defined(HAVE_ECC) || defined(HAVE_OCSP) || defined(WOLFSSL_KEY_GEN) #define XTOUPPER(c) toupper((c)) #define XISALPHA(c) isalpha((c)) #endif @@ -268,7 +271,8 @@ DYNAMIC_TYPE_TLSX = 43, DYNAMIC_TYPE_OCSP = 44, DYNAMIC_TYPE_SIGNATURE = 45, - DYNAMIC_TYPE_HASHES = 46 + DYNAMIC_TYPE_HASHES = 46, + DYNAMIC_TYPE_SRP = 47, }; /* max error buffer string size */ diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h new file mode 100644 index 000000000..f5425a03a --- /dev/null +++ b/wolfssl/wolfcrypt/wc_encrypt.h @@ -0,0 +1,62 @@ +/* wc_encrypt.h + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifndef WOLF_CRYPT_ENCRYPT_H +#define WOLF_CRYPT_ENCRYPT_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifndef NO_AES +WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, + const byte* iv); +WOLFSSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, + const byte* iv); +#endif /* !NO_AES */ + + +#ifndef NO_DES3 +WOLFSSL_API int wc_Des_CbcDecryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +WOLFSSL_API int wc_Des_CbcEncryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +WOLFSSL_API int wc_Des3_CbcEncryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, + const byte* in, word32 sz, + const byte* key, const byte* iv); +#endif /* !NO_DES3 */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLF_CRYPT_ENCRYPT_H */ + From 33595a0b3c8a088ad8c03d4537e6c75e152cb226 Mon Sep 17 00:00:00 2001 From: Ludovic FLAMENT Date: Wed, 19 Aug 2015 08:08:49 +0200 Subject: [PATCH 04/14] Merge branch 'master' of https://github.com/wolfSSL/wolfssl --- .../MDK-ARM/{CyaSSL => wolfSSL}/Retarget.c | 6 +- .../MDK-ARM/{CyaSSL => wolfSSL}/cert_data.c | 2 +- .../MDK-ARM/{CyaSSL => wolfSSL}/cert_data.h | 4 +- .../{CyaSSL => wolfSSL}/config-BARE-METAL.h | 33 +- .../MDK-ARM/{CyaSSL => wolfSSL}/config-FS.h | 40 +- .../{CyaSSL => wolfSSL}/config-RTX-TCP-FS.h | 58 +- IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h | 13 + .../MDK-ARM/{CyaSSL => wolfSSL}/config.h | 19 +- .../MDK-ARM/{CyaSSL => wolfSSL}/main.c | 34 +- .../MDK-ARM/{CyaSSL => wolfSSL}/shell.c | 86 +- .../ssl-dummy.c => wolfSSL/time-CortexM3-4.c} | 36 +- IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c | 34 + .../wolfssl_MDK_ARM.c} | 108 +- .../wolfssl_MDK_ARM.h} | 67 +- IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj | 3510 ----------------- IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt | 1191 ++---- IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj | 2723 ++++--------- ...PC43xx.uvopt => MDK-ARM-wolfSSL-Lib.uvopt} | 2241 +++++------ .../Projects/MDK-ARM-wolfSSL-Lib.uvproj | 2138 ++++++++++ IDE/MDK-ARM/Projects/Readme.txt | 8 + IDE/WIN/test.vcxproj | 16 +- IDE/WIN/wolfssl-fips.sln | 2 +- IDE/WIN/wolfssl-fips.vcxproj | 30 +- examples/client/client.c | 6 + examples/echoclient/echoclient.c | 18 +- examples/echoserver/echoserver.c | 12 +- examples/server/server.c | 12 +- src/internal.c | 382 +- src/io.c | 32 +- src/ssl.c | 54 +- tests/suites.c | 4 +- wolfcrypt/benchmark/benchmark.c | 7 +- wolfcrypt/src/asn.c | 21 +- wolfcrypt/src/fe_low_mem.c | 3 +- wolfcrypt/src/fe_operations.c | 4 +- wolfcrypt/src/ge_low_mem.c | 6 +- wolfcrypt/src/ge_operations.c | 2 + wolfcrypt/src/hash.c | 6 +- wolfcrypt/src/port/ti/ti-hash.c | 28 + wolfcrypt/src/random.c | 2 +- wolfcrypt/test/test.c | 6 - wolfssl/internal.h | 93 +- wolfssl/ssl.h | 2 +- wolfssl/wolfcrypt/hash.h | 33 + wolfssl/wolfcrypt/random.h | 7 - wolfssl/wolfcrypt/settings.h | 45 +- wolfssl/wolfcrypt/types.h | 3 +- wolfssl/wolfcrypt/wc_port.h | 15 +- 48 files changed, 5077 insertions(+), 8125 deletions(-) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/Retarget.c (98%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/cert_data.c (96%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/cert_data.h (95%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/config-BARE-METAL.h (91%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/config-FS.h (91%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/config-RTX-TCP-FS.h (88%) create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/config.h (75%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/main.c (85%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/shell.c (90%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL/ssl-dummy.c => wolfSSL/time-CortexM3-4.c} (61%) create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c rename IDE/MDK-ARM/MDK-ARM/{CyaSSL/cyassl_MDK_ARM.c => wolfSSL/wolfssl_MDK_ARM.c} (71%) rename IDE/MDK-ARM/MDK-ARM/{CyaSSL/cyassl_MDK_ARM.h => wolfSSL/wolfssl_MDK_ARM.h} (58%) delete mode 100644 IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj rename IDE/MDK-ARM/Projects/{MDK-ARM-LPC43xx.uvopt => MDK-ARM-wolfSSL-Lib.uvopt} (55%) create mode 100644 IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj create mode 100644 IDE/MDK-ARM/Projects/Readme.txt mode change 100644 => 100755 wolfcrypt/src/hash.c mode change 100644 => 100755 wolfcrypt/src/port/ti/ti-hash.c mode change 100644 => 100755 wolfssl/wolfcrypt/hash.h diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c similarity index 98% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c index bb59c8ce1..573247983 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c @@ -55,7 +55,9 @@ int sendchar (int c) int getkey (void) { int ch = SER_GetChar(); - + #if defined (HAVE_KEIL_RTX) + os_itv_wait (); + #endif if (ch < 0) { return 0; } @@ -250,7 +252,7 @@ char *_sys_command_string (char *cmd, int len) void _sys_exit (int return_code) { -#ifdef CYASSL_MDK_SHELL +#ifdef WOLFSSL_MDK_SHELL return ; #else /* Endless loop. */ diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c similarity index 96% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c index d6cef016d..a29e8fcbb 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c @@ -24,5 +24,5 @@ #endif /* Define initial data for cert buffers */ -#include +#include diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h similarity index 95% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h index 6629ee051..d06afdd1d 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h @@ -1,5 +1,5 @@ -#ifndef CYASSL_CERT_DATA_H -#define CYASSL_CERT_DATA_H +#ifndef WOLFSSL_CERT_DATA_H +#define WOLFSSL_CERT_DATA_H #ifdef USE_CERT_BUFFERS_1024 extern const unsigned char client_key_der_1024[] ; diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h similarity index 91% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h index 56178bf79..5ce08dc3d 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h @@ -20,20 +20,21 @@ */ -/**** CyaSSL for KEIL-RL Configuration ****/ +/**** wolfSSL for KEIL-RL Configuration ****/ #define __CORTEX_M3__ -#define CYASSL_MDK_ARM +#define WOLFSSL_MDK_ARM #define NO_WRITEV -#define NO_CYASSL_DIR -#define NO_MAIN_DRIVER +#define NO_WOLFSSL_DIR +//#define NO_MAIN_DRIVER -#define CYASSL_DER_LOAD +#define WOLFSSL_DER_LOAD #define HAVE_NULL_CIPHER #define SINGLE_THREADED #define NO_FILESYSTEM #define NO_TLS +#define WOLFSSL_USER_IO #define NO_ECHOSERVER #define NO_ECHOCLIENT @@ -48,10 +49,10 @@ // Command Shell #define MDK_CONF_SHELL 1 #if MDK_CONF_SHELL == 1 -#define CYASSL_MDK_SHELL +#define WOLFSSL_MDK_SHELL #endif // -// CyaSSL Apps +// wolfSSL Apps // Crypt/Cipher // Cert Storage <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes) #define MDK_CONF_CERT_BUFF 1 @@ -95,14 +96,14 @@ // -// CTaoCrypt Library +// wolfCrypt Library // MD5, SHA, SHA-256, AES, RC4, ASN, RSA // // MD2 #define MDK_CONF_MD2 0 #if MDK_CONF_MD2 == 1 -#define CYASSL_MD2 +#define WOLFSSL_MD2 #endif // // MD4 @@ -115,19 +116,19 @@ // This has to be with SHA512 #define MDK_CONF_SHA384 0 #if MDK_CONF_SHA384 == 1 -#define CYASSL_SHA384 +#define WOLFSSL_SHA384 #endif // // SHA-512 #define MDK_CONF_SHA512 0 #if MDK_CONF_SHA512 == 1 -#define CYASSL_SHA512 +#define WOLFSSL_SHA512 #endif // // RIPEMD #define MDK_CONF_RIPEMD 0 #if MDK_CONF_RIPEMD == 1 -#define CYASSL_RIPEMD +#define WOLFSSL_RIPEMD #endif // // HMAC @@ -169,7 +170,7 @@ // // DH -// need this for CYASSL_SERVER, OPENSSL_EXTRA +// need this for WOLFSSL_SERVER, OPENSSL_EXTRA #define MDK_CONF_DH 1 #if MDK_CONF_DH == 0 #define NO_DH @@ -233,13 +234,13 @@ // Debug Message #define MDK_CONF_DebugMessage 0 #if MDK_CONF_DebugMessage == 1 -#define DEBUG_CYASSL +#define DEBUG_WOLFSSL #endif // // Check malloc #define MDK_CONF_CheckMalloc 1 #if MDK_CONF_CheckMalloc == 1 -#define CYASSL_MALLOC_CHECK +#define WOLFSSL_MALLOC_CHECK #endif // @@ -274,7 +275,7 @@ // Small Stack #define MDK_CONF_SmallStack 1 #if MDK_CONF_SmallStack == 0 -#define NO_CYASSL_SMALL_STACK +#define NO_WOLFSSL_SMALL_STACK #endif // // Use Fast Math diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h similarity index 91% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h index 6d348a719..37c92f446 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h @@ -20,16 +20,16 @@ */ -/**** CyaSSL for KEIL-RL Configuration ****/ +/**** wolfSSL for KEIL-RL Configuration ****/ #define __CORTEX_M3__ -#define CYASSL_KEIL_RL +#define WOLFSSL_KEIL_RL #define NO_WRITEV -#define NO_CYASSL_DIR +#define NO_WOLFSSL_DIR #define NO_MAIN_DRIVER +#define WOLFSSL_USER_IO - -#define CYASSL_DER_LOAD +#define WOLFSSL_DER_LOAD #define HAVE_NULL_CIPHER #define SINGLE_THREADED @@ -47,10 +47,10 @@ // Command Shell #define MDK_CONF_SHELL 1 #if MDK_CONF_SHELL == 1 -#define CYASSL_MDK_SHELL +#define WOLFSSL_MDK_SHELL #endif // -// CyaSSL Apps +// wolfSSL Apps // Crypt/Cipher // Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes) #define MDK_CONF_CERT_BUFF 0 @@ -92,7 +92,7 @@ // -// CyaSSL Library +// wolfSSL Library // SSL (Included by default) // @@ -106,19 +106,19 @@ // CertGen #define MDK_CONF_CERT_GEN 0 #if MDK_CONF_CERT_GEN == 1 -#define CYASSL_CERT_GEN +#define WOLFSSL_CERT_GEN #endif // // KeyGen #define MDK_CONF_KEY_GEN 0 #if MDK_CONF_KEY_GEN == 1 -#define CYASSL_KEY_GEN +#define WOLFSSL_KEY_GEN #endif // // CRL #define MDK_CONF_DER_LOAD 0 #if MDK_CONF_DER_LOAD == 1 -#define CYASSL_DER_LOAD +#define WOLFSSL_DER_LOAD #endif // // OpenSSL Extra @@ -132,7 +132,7 @@ // -// CTaoCrypt Library +// wolfCrypt Library // MD5, SHA, SHA-256, AES, RC4, ASN, RSA // @@ -140,7 +140,7 @@ // MD2 #define MDK_CONF_MD2 0 #if MDK_CONF_MD2 == 1 -#define CYASSL_MD2 +#define WOLFSSL_MD2 #endif // // MD4 @@ -153,19 +153,19 @@ // This has to be with SHA512 #define MDK_CONF_SHA384 0 #if MDK_CONF_SHA384 == 1 -#define CYASSL_SHA384 +#define WOLFSSL_SHA384 #endif // // SHA-512 #define MDK_CONF_SHA512 0 #if MDK_CONF_SHA512 == 1 -#define CYASSL_SHA512 +#define WOLFSSL_SHA512 #endif // // RIPEMD #define MDK_CONF_RIPEMD 0 #if MDK_CONF_RIPEMD == 1 -#define CYASSL_RIPEMD +#define WOLFSSL_RIPEMD #endif // // HMAC @@ -207,7 +207,7 @@ // // DH -// need this for CYASSL_SERVER, OPENSSL_EXTRA +// need this for WOLFSSL_SERVER, OPENSSL_EXTRA #define MDK_CONF_DH 1 #if MDK_CONF_DH == 0 #define NO_DH @@ -271,13 +271,13 @@ // Debug Message #define MDK_CONF_DebugMessage 0 #if MDK_CONF_DebugMessage == 1 -#define DEBUG_CYASSL +#define DEBUG_WOLFSSL #endif // // Check malloc #define MDK_CONF_CheckMalloc 1 #if MDK_CONF_CheckMalloc == 1 -#define CYASSL_MALLOC_CHECK +#define WOLFSSL_MALLOC_CHECK #endif // @@ -312,7 +312,7 @@ // Small Stack #define MDK_CONF_SmallStack 1 #if MDK_CONF_SmallStack == 0 -#define NO_CYASSL_SMALL_STACK +#define NO_WOLFSSL_SMALL_STACK #endif // // Use Fast Math diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h similarity index 88% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h index 4f513ef14..454b86bce 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h @@ -20,20 +20,20 @@ */ -/**** CyaSSL for KEIL-RL Configuration ****/ + +/**** wolfSSL for MDK-RTX-TCP-FS Configuration ****/ #define __CORTEX_M3__ -#define CYASSL_MDK_ARM +#define WOLFSSL_MDK_ARM #define NO_WRITEV -#define NO_CYASSL_DIR +#define NO_WOLFSSL_DIR #define NO_MAIN_DRIVER - -#define CYASSL_DER_LOAD +#define WOLFSSL_DER_LOAD #define HAVE_NULL_CIPHER #define HAVE_KEIL_RTX -#define CYASSL_KEIL_TCP_NET +#define WOLFSSL_KEIL_TCP_NET // <<< Use Configuration Wizard in Context Menu >>> @@ -43,10 +43,10 @@ // Command Shell #define MDK_CONF_SHELL 1 #if MDK_CONF_SHELL == 1 -#define CYASSL_MDK_SHELL +#define WOLFSSL_MDK_SHELL #endif // -// CyaSSL Apps +// wolfSSL Apps // Crypt/Cipher // Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes) #define MDK_CONF_CERT_BUFF 0 @@ -115,7 +115,7 @@ // -// CyaSSL Library +// wolfSSL Library // SSL (Included by default) // @@ -129,23 +129,23 @@ // CertGen #define MDK_CONF_CERT_GEN 0 #if MDK_CONF_CERT_GEN == 1 -#define CYASSL_CERT_GEN +#define WOLFSSL_CERT_GEN #endif // // KeyGen #define MDK_CONF_KEY_GEN 0 #if MDK_CONF_KEY_GEN == 1 -#define CYASSL_KEY_GEN +#define WOLFSSL_KEY_GEN #endif // // CRL #define MDK_CONF_DER_LOAD 0 #if MDK_CONF_DER_LOAD == 1 -#define CYASSL_DER_LOAD +#define WOLFSSL_DER_LOAD #endif // // OpenSSL Extra -#define MDK_CONF_OPENSSL_EXTRA 1 +#define MDK_CONF_OPENSSL_EXTRA 0 #if MDK_CONF_OPENSSL_EXTRA == 1 #define OPENSSL_EXTRA #endif @@ -155,18 +155,18 @@ // -// CTaoCrypt Library +// wolfCrypt Library // MD5, SHA, SHA-256, AES, RC4, ASN, RSA // // MD2 #define MDK_CONF_MD2 0 #if MDK_CONF_MD2 == 1 -#define CYASSL_MD2 +#define WOLFSSL_MD2 #endif // // MD4 -#define MDK_CONF_MD4 1 +#define MDK_CONF_MD4 0 #if MDK_CONF_MD4 == 0 #define NO_MD4 #endif @@ -175,19 +175,19 @@ // This has to be with SHA512 #define MDK_CONF_SHA384 0 #if MDK_CONF_SHA384 == 1 -#define CYASSL_SHA384 +#define WOLFSSL_SHA384 #endif // // SHA-512 #define MDK_CONF_SHA512 0 #if MDK_CONF_SHA512 == 1 -#define CYASSL_SHA512 +#define WOLFSSL_SHA512 #endif // // RIPEMD -#define MDK_CONF_RIPEMD 1 +#define MDK_CONF_RIPEMD 0 #if MDK_CONF_RIPEMD == 1 -#define CYASSL_RIPEMD +#define WOLFSSL_RIPEMD #endif // // HMAC @@ -216,7 +216,7 @@ #endif // // DES3 -#define MDK_CONF_DES3 1 +#define MDK_CONF_DES3 0 #if MDK_CONF_DES3 == 0 #define NO_DES3 #endif @@ -229,7 +229,7 @@ // // DH -// need this for CYASSL_SERVER, OPENSSL_EXTRA +// need this for WOLFSSL_SERVER, OPENSSL_EXTRA #define MDK_CONF_DH 1 #if MDK_CONF_DH == 0 #define NO_DH @@ -249,7 +249,7 @@ // // ECC -#define MDK_CONF_ECC 1 +#define MDK_CONF_ECC 0 #if MDK_CONF_ECC == 1 #define HAVE_ECC #endif @@ -293,13 +293,13 @@ // Debug Message #define MDK_CONF_DEBUG_MSG 0 #if MDK_CONF_DEBUG_MSG == 1 -#define DEBUG_CYASSL +#define DEBUG_WOLFSSL #endif // // Check malloc #define MDK_CONF_CHECK_MALLOC 1 #if MDK_CONF_CHECK_MALLOC == 1 -#define CYASSL_MALLOC_CHECK +#define WOLFSSL_MALLOC_CHECK #endif // @@ -325,7 +325,7 @@ // // Error Strings -#define MDK_CONF_ErrorStrings 1 +#define MDK_CONF_ErrorStrings 0 #if MDK_CONF_ErrorStrings == 0 #define NO_ERROR_STRINGS #endif @@ -334,13 +334,14 @@ // Small Stack #define MDK_CONF_SMALL_STACK 1 #if MDK_CONF_SMALL_STACK == 0 -#define NO_CYASSL_SMALL_STACK +#define NO_WOLFSSL_SMALL_STACK #endif // // Use Fast Math -#define MDK_CONF_FASTMATH 0 +#define MDK_CONF_FASTMATH 1 #if MDK_CONF_FASTMATH == 1 #define USE_FAST_MATH +#define TFM_TIMING_RESISTANT #endif // @@ -349,3 +350,4 @@ // // <<< end of configuration section >>> + diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h new file mode 100644 index 000000000..3f4ddf4f6 --- /dev/null +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h @@ -0,0 +1,13 @@ + +#define SINGLE_THREADED /* or define RTOS option */ + +#define WOLFSSL_USER_IO /* Use own TCP/IP lib */ + +#define NO_DEV_RANDOM +#define WOLFSSL_MDK_ARM + +#define NO_WOLFSSL_DIR +#define NO_WRITEV + +#define USE_FAST_MATH +#define TFM_TIMING_RESISTANT diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h similarity index 75% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h index fff7a5ab8..3f5c11191 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h @@ -19,20 +19,26 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ - -/**** CyaSSL for KEIL-RL Configuration ****/ +#ifndef MDK_CONFIG_H__ +#define MDK_CONFIG_H__ +/**** wolfSSL for KEIL-RL Configuration ****/ #define __CORTEX_M3__ -#define CYASSL_MDK_ARM +#define WOLFSSL_MDK_ARM + #define NO_WRITEV -#define NO_CYASSL_DIR +#define NO_WOLFSSL_DIR +#define NO_MAIN_DRIVER /* for Retarget.c */ #define STDIO #define BENCH_EMBEDDED -#define CYASSL_DER_LOAD +#define WOLFSSL_DER_LOAD #define HAVE_NULL_CIPHER +#define WOLFSSL_USER_TIME +#define NO_TIME_H +static int ValidateDate(const unsigned char* date, unsigned char format, int dateType){ return 1; } #if defined(MDK_CONF_RTX_TCP_FS) #include "config-RTX-TCP-FS.h" @@ -42,5 +48,8 @@ #include "config-FS.h" #elif defined(MDK_CONF_BARE_METAL) #include "config-BARE-METAL.h" +#elif defined(MDK_WOLFLIB) +#include "config-WOLFLIB.h" #endif +#endif diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c similarity index 85% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c index db48b833d..a12d16249 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c @@ -23,12 +23,12 @@ #include #endif -#include -#include +#include +#include #include #include -#include "cyassl_MDK_ARM.h" +#include "wolfssl_MDK_ARM.h" /*----------------------------------------------------------------------------- * Initialize a Flash Memory Card @@ -53,11 +53,11 @@ static void init_card (void) /*----------------------------------------------------------------------------- * TCP/IP tasks *----------------------------------------------------------------------------*/ -#ifdef CYASSL_KEIL_TCP_NET +#ifdef WOLFSSL_KEIL_TCP_NET __task void tcp_tick (void) { - CYASSL_MSG("Time tick started.") ; + WOLFSSL_MSG("Time tick started.") ; #if defined (HAVE_KEIL_RTX) os_itv_set (10); #endif @@ -73,7 +73,7 @@ __task void tcp_tick (void) __task void tcp_poll (void) { - CYASSL_MSG("TCP polling started.\n") ; + WOLFSSL_MSG("TCP polling started.\n") ; while (1) { main_TcpNet (); #if defined (HAVE_KEIL_RTX) @@ -83,13 +83,13 @@ __task void tcp_poll (void) } #endif -#if defined(HAVE_KEIL_RTX) && defined(CYASSL_MDK_SHELL) +#if defined(HAVE_KEIL_RTX) && defined(WOLFSSL_MDK_SHELL) #define SHELL_STACKSIZE 1000 static unsigned char Shell_stack[SHELL_STACKSIZE] ; #endif -#if defined(CYASSL_MDK_SHELL) +#if defined(WOLFSSL_MDK_SHELL) extern void shell_main(void) ; #endif @@ -104,14 +104,14 @@ extern void SER_Init(void) ; /*** This is the parent task entry ***/ void main_task (void) { - #ifdef CYASSL_KEIL_TCP_NET + #ifdef WOLFSSL_KEIL_TCP_NET init_TcpNet (); os_tsk_create (tcp_tick, 2); os_tsk_create (tcp_poll, 1); #endif - #ifdef CYASSL_MDK_SHELL + #ifdef WOLFSSL_MDK_SHELL #ifdef HAVE_KEIL_RTX os_tsk_create_user(shell_main, 1, Shell_stack, SHELL_STACKSIZE) ; #else @@ -127,7 +127,7 @@ void main_task (void) #endif #ifdef HAVE_KEIL_RTX - CYASSL_MSG("Terminating tcp_main\n") ; + WOLFSSL_MSG("Terminating tcp_main\n") ; os_tsk_delete_self (); #endif @@ -137,28 +137,24 @@ void main_task (void) int myoptind = 0; char* myoptarg = NULL; -#if defined(DEBUG_CYASSL) - extern void CyaSSL_Debugging_ON(void) ; +#if defined(DEBUG_WOLFSSL) + extern void wolfSSL_Debugging_ON(void) ; #endif /*** main entry ***/ -extern void init_time(void) ; extern void SystemInit(void); int main() { SystemInit(); - SER_Init() ; #if !defined(NO_FILESYSTEM) init_card () ; /* initializing SD card */ #endif - init_time() ; - - #if defined(DEBUG_CYASSL) + #if defined(DEBUG_WOLFSSL) printf("Turning ON Debug message\n") ; - CyaSSL_Debugging_ON() ; + wolfSSL_Debugging_ON() ; #endif #ifdef HAVE_KEIL_RTX diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c similarity index 90% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c index 58b645e0e..446efbe20 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c @@ -19,26 +19,26 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ - /*** tiny Shell for CyaSSL apps ***/ + /*** tiny Shell for wolfSSL apps ***/ #ifdef HAVE_CONFIG_H #include #endif -#include "cyassl/internal.h" -#undef RNG -#include +#include -#if defined(CYASSL_MDK_ARM) +#include + +#if defined(WOLFSSL_MDK_ARM) #include #include #include #include - #include "cyassl_MDK_ARM.h" + #include "wolfssl_MDK_ARM.h" #endif -#ifdef CYASSL_KEIL_NET -#include "cyassl/test.h" +#ifdef WOLFSSL_KEIL_NET +#include "wolfassl/test.h" #else typedef struct func_args { int argc; @@ -66,7 +66,7 @@ typedef struct func_args { #define ctaocrypt_test command_not_found #endif -#ifndef CYASSL_KEIL_NET +#ifndef WOLFSSL_KEIL_NET #define ipaddr_comm command_not_found #endif @@ -75,7 +75,7 @@ typedef struct func_args { #endif -#if !defined(DEBUG_CYASSL) +#if !defined(DEBUG_WOLFSSL) #define dbg_comm command_not_found #endif @@ -87,11 +87,11 @@ void command_not_found(void *argv) { extern void echoclient_test(void *args) ; extern void echoserver_test(void *args) ; extern void benchmark_test(void *args) ; -extern void ctaocrypt_test(void *args) ; +extern void wolfcrypt_test(void *args) ; extern void client_test(void *args) ; extern void server_test(void *args) ; extern void kill_task(void *args) ; -extern void time_main(void *args) ; + extern void ipaddr_comm(void *args) ; extern void stack_comm(void *args) ; extern void for_command(void *args) ; @@ -103,7 +103,7 @@ extern void help_comm(void *arg) ; #ifndef NO_MD5 extern void md5_test(void *arg) ; #endif -#ifdef CYASSL_MD2 +#ifdef WOLFSSL_MD2 extern void md2_test(void *arg) ; #endif #ifndef NO_MD4 @@ -115,15 +115,15 @@ extern void sha_test(void *arg) ; #ifndef NO_SHA256 extern void sha256_test(void *arg) ; #endif -#ifdef CYASSL_SHA384 +#ifdef WOLFSSL_SHA384 extern void sha384_test(void *arg) ; #endif -#ifdef CYASSL_SHA512 +#ifdef WOLFSSL_SHA512 extern void sha512_test(void *arg) ; #endif -#ifdef CYASSL_RIPEMD +#ifdef WOLFSSL_RIPEMD extern void ripemd_test(void *arg) ; #endif #ifndef NO_HMAC @@ -136,7 +136,7 @@ extern void hmac_sha_test(void *arg) ; extern void hmac_sha256_test(void *arg) ; #endif - #ifdef CYASSL_SHA384 + #ifdef WOLFSSL_SHA384 extern void hmac_sha384_test(void *arg) ; #endif #endif @@ -206,10 +206,9 @@ static struct { "echoclient", echoclient_test, "echoserver", echoserver_test, "benchmark", benchmark_test, - "test", ctaocrypt_test, + "test", wolfcrypt_test, "client", client_test, "server", server_test, - "time", time_main, /* get/set RTC: [-d yy/mm/dd] [-t hh:mm:ss]*/ "ipaddr", ipaddr_comm, /* TBD */ "stack", stack_comm, /* On/Off check stack size */ "for", for_command, /* iterate next command X times */ @@ -220,7 +219,7 @@ static struct { "ec", echoclient_test, "es", echoserver_test, "bm", benchmark_test, - "te", ctaocrypt_test, + "te", wolfcrypt_test, "cl", client_test, "sv", server_test, "ip", ipaddr_comm, @@ -233,7 +232,7 @@ static struct { #ifndef NO_MD5 "md5", md5_test, #endif -#ifdef CYASSL_MD2 +#ifdef WOLFSSL_MD2 "md2", md2_test, #endif #ifndef NO_MD4 @@ -243,13 +242,13 @@ static struct { #ifndef NO_SHA256 "sha256", sha256_test, #endif -#ifdef CYASSL_SHA384 +#ifdef WOLFSSL_SHA384 "sha384", sha384_test, #endif -#ifdef CYASSL_SHA512 +#ifdef WOLFSSL_SHA512 "sha512", sha512_test, #endif -#ifdef CYASSL_RIPEMD +#ifdef WOLFSSL_RIPEMD "ripemd", ripemd_test, #endif #ifndef NO_HMAC @@ -260,7 +259,7 @@ static struct { #ifndef NO_SHA256 "hmac_sha256", hmac_sha256_test, #endif - #ifdef CYASSL_SHA384 + #ifdef WOLFSSL_SHA384 "hmac_sha384", hmac_sha384_test, #endif #endif @@ -362,18 +361,18 @@ static int BackGround = 0 ; /* 1: background job is running */ /************* Embedded Shell Commands **********************************/ #define IP_SIZE 16 -#ifdef CYASSL_KEIL_NET +#ifdef WOLFSSL_KEIL_NET static void ipaddr_comm(void *args) { if(((func_args *)args)->argc == 1) { - printf("IP addr: %s, port %d\n", yasslIP, yasslPort) ; + printf("IP addr: %s, port %d\n", wolfSSLIP, wolfSSLPort) ; } else { if(BackGround != 0) { printf("Cannot change IP addr while background server is running\n") ; } else if(((func_args *)args)->argc == 3 && ((func_args *)args)->argv[1][0] == '-'&& ((func_args *)args)->argv[1][1] == 'a' ) { -/* strcpy(yasslIP, ((func_args *)args)->argv[2]) ; */ +/* strcpy(wolfSSLIP, ((func_args *)args)->argv[2]) ; */ } else if(((func_args *)args)->argc == 3 && ((func_args *)args)->argv[1][0] == '-' && ((func_args *)args)->argv[1][1] == 'p' ) { @@ -442,20 +441,20 @@ static void for_command(void *args) } -#if defined(DEBUG_CYASSL) +#if defined(DEBUG_WOLFSSL) -static int CyasslDebug = 1 ; +static int wolfsslDebug = 1 ; static void dbg_comm(void *args) { - if(CyasslDebug == 1) { - CyasslDebug = 0 ; + if(wolfsslDebug == 1) { + wolfsslDebug = 0 ; printf("Turning OFF Debug message\n") ; - CyaSSL_Debugging_OFF() ; + wolfSSL_Debugging_OFF() ; } else { - CyasslDebug = 1 ; + wolfsslDebug = 1 ; printf("Turning ON Debug message\n") ; - CyaSSL_Debugging_ON() ; + wolfSSL_Debugging_ON() ; } } #endif @@ -467,20 +466,20 @@ static void help_comm(void *args) -#define BG_JOB_STACK_SIZE 12000 +#define BG_JOB_STACK_SIZE 16000 #if (!defined(NO_SIMPLE_SERVER) && !defined(NO_ECHOSERVER)) && \ defined(HAVE_KEIL_RTX) static char bg_job_stack[BG_JOB_STACK_SIZE] ; #endif -#define COMMAND_STACK_SIZE 12000 +#define COMMAND_STACK_SIZE 16000 #if defined(HAVE_KEIL_RTX) static char command_stack[COMMAND_STACK_SIZE] ; #endif #ifdef HAVE_KEIL_RTX -static CyaSSL_Mutex command_mutex ; +static wolfSSL_Mutex command_mutex ; #endif /*********** Invoke Forground Command *********************/ @@ -491,7 +490,7 @@ static void command_invoke(void *args) func = (void(*)(void *))((func_args *)args)->argv[0] ; #ifdef HAVE_KEIL_RTX - LockMutex((CyaSSL_Mutex *)&command_mutex) ; + LockMutex((wolfSSL_Mutex *)&command_mutex) ; #endif iteration = for_iteration ; for(i=0; i< iteration; i++) { @@ -509,7 +508,7 @@ static void command_invoke(void *args) if(iteration > 1) for_iteration = 1 ; #ifdef HAVE_KEIL_RTX - UnLockMutex((CyaSSL_Mutex *)&command_mutex) ; + UnLockMutex((wolfSSL_Mutex *)&command_mutex) ; os_tsk_delete_self() ; #endif } @@ -525,7 +524,7 @@ static void bg_job_invoke(void *args) func = (void(*)(void *))((func_args *)args)->argv[0] ; func(args) ; /* invoke command */ stack_check(bg_job_stack, BG_JOB_STACK_SIZE) ; - #ifdef CYASSL_KEIL_NET + #ifdef WOLFSSL_KEIL_NET init_TcpNet (); #endif BackGround = 0 ; @@ -550,7 +549,6 @@ void shell_main(void) { #if defined(HAVE_KEIL_RTX) InitMutex(&command_mutex) ; #endif - time_main(NULL) ; printf("Starting Shell\n") ; while(1) { if(getline(line, LINESIZE, &args, &bf_flg) > 0) { @@ -559,14 +557,14 @@ void shell_main(void) { args.argv[0] = (char *) commandTable[i].func ; if(bf_flg == FORGROUND) { #ifdef HAVE_KEIL_RTX - UnLockMutex((CyaSSL_Mutex *)&command_mutex) ; + UnLockMutex((wolfSSL_Mutex *)&command_mutex) ; os_tsk_create_user_ex( (void(*)(void *))&command_invoke, 7, command_stack, COMMAND_STACK_SIZE, &args) ; #else command_invoke(&args) ; #endif #ifdef HAVE_KEIL_RTX - LockMutex((CyaSSL_Mutex *)&command_mutex) ; + LockMutex((wolfSSL_Mutex *)&command_mutex) ; #endif } else { #if (!defined(NO_SIMPLE_SERVER) && \ diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c similarity index 61% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c index aee366966..ca5046138 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c @@ -1,4 +1,4 @@ -/* ssl-dummy.c +/* time-STM32F2.c * * Copyright (C) 2006-2015 wolfSSL Inc. * @@ -18,36 +18,24 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ - + #ifdef HAVE_CONFIG_H #include #endif -#include -#include -#include -#include -Signer* GetCA(void* vp, byte* hash) -{ - Signer*s ; - return s ; -} - -int CyaSSL_dtls(CYASSL* ssl) +#include +#define DWT ((DWT_Type *) (0xE0001000UL) ) +typedef struct { - return ssl->options.dtls; -} + uint32_t CTRL; /*!< Offset: 0x000 (R/W) Control Register */ + uint32_t CYCCNT; /*!< Offset: 0x004 (R/W) Cycle Count Register */ +} DWT_Type; -int CyaSSL_get_using_nonblock(CYASSL* ssl) -{ - CYASSL_ENTER("CyaSSL_get_using_nonblock"); - CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock); - return ssl->options.usingNonblock; -} +extern uint32_t SystemCoreClock ; -Signer* GetCAByName(void* vp, byte* hash) +double current_time(int reset) { - Signer * ca ; - return(ca) ; + if(reset) DWT->CYCCNT = 0 ; + return ((double)DWT->CYCCNT/SystemCoreClock) ; } diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c new file mode 100644 index 000000000..ba1a6a734 --- /dev/null +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c @@ -0,0 +1,34 @@ +/* time-dummy.c.c + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include "time.h" + +struct tm *wolfssl_MDK_gmtime(const time_t *c) +{ + static struct tm date ; + return(&date) ; +} + +time_t time(time_t * t) { return 0 ; } diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c similarity index 71% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c index 23ca2f63c..ab71b87ab 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c @@ -1,4 +1,4 @@ -/* cyassl_MDK_ARM.c +/* wolfssl_KEIL_RL.c * * Copyright (C) 2006-2015 wolfSSL Inc. * @@ -27,22 +27,29 @@ #include #endif -#include -#if defined (CYASSL_MDK5) - #include "cmsis_os.h" - #if defined(CYASSL_KEIL_TCP_NET) - #include "rl_net.h" - #endif -#else - #include +#include + +#if defined(WOLFSSL_MDK_ARM) + #include + #include + + #if defined(WOLFSSL_MDK5) + #include "cmsis_os.h" + #include "rl_fs.h" + #include "rl_net.h" + #else + #include "rtl.h" + #endif + + #include "wolfssl_MDK_ARM.h" #endif -#include "cyassl_MDK_ARM.h" +#include "wolfssl_MDK_ARM.h" -#include -#include +#include +#include -#if defined (CYASSL_CMSIS_RTOS) +#if defined (WOLFSSL_CMSIS_RTOS) #define os_dly_wait(t) osDelay(10*t) #endif @@ -50,7 +57,7 @@ /** KEIL-RL TCPnet ****/ /** TCPnet BSD socket does not have following functions. **/ -#if defined(CYASSL_KEIL_TCP_NET) +#if defined(WOLFSSL_KEIL_TCP_NET) char *inet_ntoa(struct in_addr in) { #define NAMESIZE 16 @@ -69,10 +76,10 @@ unsigned long inet_addr(const char *cp) /*** tcp_connect is actually associated with following syassl_tcp_connect. ***/ -int Cyassl_connect(int sd, const struct sockaddr* sa, int sz) +int wolfssl_connect(int sd, const struct sockaddr* sa, int sz) { int ret = 0 ; - #if defined(CYASSL_KEIL_TCP_NET) + #if defined(WOLFSSL_KEIL_TCP_NET) SOCKADDR_IN addr ; @@ -83,100 +90,100 @@ int Cyassl_connect(int sd, const struct sockaddr* sa, int sz) ret = connect(sd, (SOCKADDR *)&addr, sizeof(addr)) ; os_dly_wait(50); } while(ret == SCK_EWOULDBLOCK) ; - #ifdef DEBUG_CYASSL + #ifdef DEBUG_WOLFSSL { char msg[50] ; sprintf(msg, "BSD Connect return code: %d\n", ret) ; - CYASSL_MSG(msg) ; + WOLFSSL_MSG(msg) ; } #endif - #endif /* CYASSL_KEIL_TCP_NET */ + #endif /* WOLFSSL_KEIL_TCP_NET */ return(ret ) ; } -int Cyassl_accept(int sd, struct sockaddr *addr, int *addrlen) +int wolfssl_accept(int sd, struct sockaddr *addr, int *addrlen) { int ret = 0 ; - #if defined(CYASSL_KEIL_TCP_NET) + #if defined(WOLFSSL_KEIL_TCP_NET) while(1) { #undef accept /* Go to KEIL TCPnet accept */ ret = accept(sd, addr, addrlen) ; if(ret != SCK_EWOULDBLOCK) break ; os_dly_wait(1); } - #ifdef DEBUG_CYASSL + #ifdef DEBUG_WOLFSSL { char msg[50] ; sprintf(msg, "BSD Accept return code: %d\n", ret) ; - CYASSL_MSG(msg) ; + WOLFSSL_MSG(msg) ; } #endif - #endif /* CYASSL_KEIL_TCP_NET */ + #endif /* WOLFSSL_KEIL_TCP_NET */ return(ret ) ; } -int Cyassl_recv(int sd, void *buf, size_t len, int flags) +int wolfssl_recv(int sd, void *buf, size_t len, int flags) { int ret = 0; - #if defined(CYASSL_KEIL_TCP_NET) + #if defined(WOLFSSL_KEIL_TCP_NET) while(1) { #undef recv /* Go to KEIL TCPnet recv */ ret = recv(sd, buf, len, flags) ; if((ret != SCK_EWOULDBLOCK) &&( ret != SCK_ETIMEOUT)) break ; os_dly_wait(1); } - #ifdef DEBUG_CYASSL + #ifdef DEBUG_WOLFSSL { char msg[50] ; sprintf(msg, "BSD Recv return code: %d\n", ret) ; - CYASSL_MSG(msg) ; + WOLFSSL_MSG(msg) ; } #endif - #endif /* CYASSL_KEIL_TCP_NET */ + #endif /* WOLFSSL_KEIL_TCP_NET */ return(ret ) ; } -int Cyassl_send(int sd, const void *buf, size_t len, int flags) +int wolfssl_send(int sd, const void *buf, size_t len, int flags) { int ret = 0 ; - #if defined(CYASSL_KEIL_TCP_NET) + #if defined(WOLFSSL_KEIL_TCP_NET) while(1) { #undef send /* Go to KEIL TCPnet send */ ret = send(sd, buf, len, flags) ; if(ret != SCK_EWOULDBLOCK) break ; os_dly_wait(1); } - #ifdef DEBUG_CYASSL + #ifdef DEBUG_WOLFSSL { char msg[50] ; sprintf(msg, "BSD Send return code: %d\n", ret) ; - CYASSL_MSG(msg) ; + WOLFSSL_MSG(msg) ; } #endif -#endif /* CYASSL_KEIL_TCP_NET */ +#endif /* WOLFSSL_KEIL_TCP_NET */ return(ret) ; } -#endif /* CYASSL_KEIL_TCP_NET */ +#endif /* WOLFSSL_KEIL_TCP_NET */ -#if defined(CYASSL_KEIL_TCP_NET) -void Cyassl_sleep(int t) +#if defined(WOLFSSL_KEIL_TCP_NET) +void wolfssl_sleep(int t) { #if defined(HAVE_KEIL_RTX) os_dly_wait(t/1000+1) ; #endif } -int Cyassl_tcp_select(int sd, int timeout) +int wolfssl_tcp_select(int sd, int timeout) { return 0 ; @@ -184,9 +191,7 @@ int Cyassl_tcp_select(int sd, int timeout) } #endif -extern int strlen(const char *s) ; - -FILE * CyaSSL_fopen(const char *name, const char *openmode) +FILE * wolfSSL_fopen(const char *name, const char *openmode) { int i ; FILE * ret ; #define PATHSIZE 100 @@ -206,30 +211,23 @@ FILE * CyaSSL_fopen(const char *name, const char *openmode) return(ret) ; } -#if defined (CYASSL_MDK5) #define getkey getchar #define sendchar putchar -#else -extern int getkey(void) ; -extern int sendchar(int c) ; -#endif -char * Cyassl_fgets ( char * str, int num, FILE * f ) +char * wolfssl_fgets ( char * str, int num, FILE * f ) { int i ; for(i = 0 ; i< num ; i++) { while((str[i] = getkey()) == 0) { - #if defined (HAVE_KEIL_RTX) - #if !defined(CYASSL_CMSIS_RTOS) - os_tsk_pass (); - #else - osThreadYield (); - #endif - #endif + #if defined (HAVE_KEIL_RTX) && !defined(WOLFSSL_CMSIS_RTOS) + os_tsk_pass (); + #elif defined(WOLFSSL_CMSIS_RTOS) + osThreadYield (); + #endif } if(str[i] == '\n' || str[i] == '\012' || str[i] == '\015') { - sendchar('\n') ; + sendchar('\n') ; str[i++] = '\n' ; str[i] = '\0' ; break ; diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h similarity index 58% rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h index dbcfcf68e..665fc62c0 100644 --- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h @@ -1,4 +1,4 @@ -/* cyassl_KEIL_RL.h +/* wolfssl_KEIL_RL.h * * Copyright (C) 2006-2015 wolfSSL Inc. * @@ -22,16 +22,16 @@ /******************************************************************************/ /** This file is for defining types, values for specific to KEIL-MDK-ARM. **/ /******************************************************************************/ -#ifndef CYASSL_KEIL_RL_H -#define CYASSL_KEIL_RL_H +#ifndef WOLFSSL_KEIL_RL_H +#define WOLFSSL_KEIL_RL_H #include /* Go to STDIN */ -#define fgets(buff, sz, fd) Cyassl_fgets(buff, sz, fd) -extern char * Cyassl_fgets ( char * str, int num, FILE * f ) ; +#define fgets(buff, sz, fd) wolfssl_fgets(buff, sz, fd) +extern char * wolfssl_fgets ( char * str, int num, FILE * f ) ; #define SOCKET_T int @@ -43,7 +43,7 @@ typedef long fd_mask; #define NFDBITS (sizeof(fd_mask) * NUMBITSPERBYTE) /* bits per mask */ typedef struct fd_set { - fd_mask fds_bits[(FD_SETSIZE + NFDBITS - 1) / NFDBITS]; + fd_mask fds_bits[(FD_SETSIZE + NFDBITS - 1) / NFDBITS]; } fd_set; /*** #include ***/ @@ -52,39 +52,37 @@ struct timeval { long tv_usec; /* microseconds */ }; +#if defined(WOLFSSL_KEIL_TCP_NET) -/*** #include **/ -/* - int select(int nfds, fd_set *readfds, fd_set *writefds, - fd_set *exceptfds, const struct timeval *timeout); - void FD_CLR(int fd, fd_set *set); - int FD_ISSET(int fd, fd_set *set); - void FD_SET(int fd, fd_set *set); - void FD_ZERO(fd_set *set); -*/ +#if defined(WOLFSSL_MDK5) +#define SCK_EWOULDBLOCK BSD_ERROR_WOULDBLOCK +#define SCK_ETIMEOUT BSD_ERROR_TIMEOUT +#include "rl_net.h" +#endif + typedef int socklen_t ; /* for avoiding conflict with KEIL-TCPnet BSD socket */ -/* Bodies are in cyassl_KEIL_RL.c */ -#define connect Cyassl_connect -#define accept Cyassl_accept -#define recv Cyassl_recv -#define send Cyassl_send -#define sleep Cyassl_sleep +/* Bodies are in wolfssl_KEIL_RL.c */ +#define connect(a,b,c) wolfssl_connect(a, (struct sockaddr* )(b), c) +#define accept wolfssl_accept +#define recv wolfssl_recv +#define send wolfssl_send +#define sleep wolfssl_sleep /* for avoiding conflicting with KEIL-TCPnet TCP socket */ /* Bodies are in test.h */ -#define tcp_connect Cyassl_tcp_connect -#define tcp_socket Cyassl_tcp_soket -#define tcp_listen Cyassl_tcp_listen -#define tcp_select Cyassl_tcp_select +#define tcp_connect wolfssl_tcp_connect +#define tcp_socket wolfssl_tcp_soket +#define tcp_listen wolfssl_tcp_listen +#define tcp_select wolfssl_tcp_select -extern int Cyassl_connect(int sd, const struct sockaddr * sa, int sz) ; -extern int Cyassl_accept(int sd, struct sockaddr *addr, socklen_t *addrlen); -extern int Cyassl_recv(int sd, void *buf, size_t len, int flags); -extern int Cyassl_send(int sd, const void *buf, size_t len, int flags); -extern void Cyassl_sleep(int sec) ; -extern int Cyassl_tcp_select(int sd, int timeout) ; +extern int wolfssl_connect(int sd, const struct sockaddr* sa, int sz) ; +extern int wolfssl_accept(int sd, struct sockaddr*addr, socklen_t *addrlen); +extern int wolfssl_recv(int sd, void *buf, size_t len, int flags); +extern int wolfssl_send(int sd, const void *buf, size_t len, int flags); +extern void wolfssl_sleep(int sec) ; +extern int wolfssl_tcp_select(int sd, int timeout) ; /** KEIL-RL TCPnet ****/ /* TCPnet BSD socket does not have following functions. */ @@ -95,9 +93,6 @@ extern int setsockopt(int sockfd, int level, int optname, extern int select(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, const struct timeval *timeout); -/* CyaSSL MDK-ARM time functions */ -#include -struct tm *Cyassl_MDK_gmtime(const time_t *c) ; -extern double current_time(void) ; +#endif /* WOLFSSL_KEIL_TCP_NET */ -#endif /* CYASSL_KEIL_RL_H */ +#endif /* WOLFSSL_KEIL_RL_H */ diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj deleted file mode 100644 index 6504d782a..000000000 --- a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj +++ /dev/null @@ -1,3510 +0,0 @@ - - - - 1.1 - -
### uVision Project, (C) Keil Software
- - - - MDK-RTX-TCP-FS - 0x4 - ARM-ADS - - - LPC4357 - NXP (founded by Philips) - IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2 - - "STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code") - UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000) - 6414 - LPC43xx.H - - - - - - - - - - SFD\NXP\LPC43xx\LPC43xx.SFR - 0 - - - - NXP\LPC43xx\ - NXP\LPC43xx\ - - 0 - 0 - 0 - 0 - 1 - - .\MDK-RTX-TCP-FS\ - LCP43xx-MDK-RTX-TCP-FS - 1 - 0 - 0 - 1 - 1 - .\Lst\ - 1 - 0 - 0 - - 0 - 0 - - - 0 - 0 - 0 - 0 - - - 0 - 0 - - - 0 - 0 - - - 1 - 0 - $K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000) - - 0 - 0 - - 0 - - - - 0 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 3 - - - - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - - - - 1 - 0 - 0 - 0 - 16 - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - - - 1 - 1 - 0 - 1 - 1 - 1 - 0 - 1 - 0 - - 0 - 9 - - - - - - - - - - - - - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL - - - - - 1 - 0 - 0 - 1 - 1 - 4100 - - 0 - BIN\ULP2CM3.DLL - "" () - - - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 1 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 0 - "Cortex-M4" - - 1 - 0 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 8 - 0 - 0 - 0 - 3 - 3 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 1 - 1 - 1 - 0 - 0 - 1 - 1 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 1 - 0x1a000000 - 0x80000 - - - 0 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x1a000000 - 0x80000 - - - 1 - 0x1b000000 - 0x80000 - - - 0 - 0x10080000 - 0xa000 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 0 - 0x20000000 - 0x10000 - - - - - - 1 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - - - HAVE_CONFIG_H CYASSL_LPC43xx __DBG_ITM CORE_M4 __RTX USE_STDPERIPH_DRIVER MDK_CONF_RTX_TCP_FS - - ..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include - - - - 1 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - - - - - - - - - 1 - 0 - 0 - 0 - 1 - 0 - - - - - - - - - - - - - - CyaSSL Apps - - - echoclient.c - 1 - ..\..\..\examples\echoclient\echoclient.c - - - echoserver.c - 1 - ..\..\..\examples\echoserver\echoserver.c - - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - - - client.c - 1 - ..\..\..\examples\client\client.c - - - server.c - 1 - ..\..\..\examples\server\server.c - - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - - - main.c - 1 - ..\MDK-ARM\CyaSSL\main.c - - - cert_data.c - 1 - ..\MDK-ARM\CyaSSL\cert_data.c - - - - - LPC43xx - - - lpc43xx_rtc.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_rtc.c - - - lpc43xx_timer.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_timer.c - - - lpc43xx_cgu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_cgu.c - - - lpc43xx_scu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_scu.c - - - - - MDK-ARM - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - - - RTX_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib - - - TCPD_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - TCP_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib - - - Serial.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c - - - ETH_LPC43xx.c - 1 - C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c - - - SDIO_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c - - - system_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c - - - - - CyaSSL Library - - - crl.c - 1 - ..\..\..\src\crl.c - - - internal.c - 1 - ..\..\..\src\internal.c - - - io.c - 1 - ..\..\..\src\io.c - - - keys.c - 1 - ..\..\..\src\keys.c - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - tls.c - 1 - ..\..\..\src\tls.c - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - - - Configuration - - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - - - Net_Config.c - 1 - ..\MDK-ARM\config\Net_Config.c - - - config.h - 5 - ..\MDK-ARM\CyaSSL\config.h - - - RTX_Conf_CM.c - 1 - ..\MDK-ARM\config\RTX_Conf_CM.c - - - Net_Debug.c - 1 - ..\MDK-ARM\config\Net_Debug.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - config-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-FS.h - - - config-RTX-TCP-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h - - - config-BARE-METAL.h - 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h - - - startup_LPC43xx.s - 2 - ..\LPC43xx\startup_LPC43xx.s - - - - - CyaSSL-MDK - - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - - - Retarget.c - 1 - ..\MDK-ARM\CyaSSL\Retarget.c - - - time-LCP43xx.c - 1 - ..\LPC43xx\time-LCP43xx.c - - - - - - - MDK-FS - 0x4 - ARM-ADS - - - LPC4357 - NXP (founded by Philips) - IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2 - - "STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code") - UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000) - 6414 - LPC43xx.H - - - - - - - - - - SFD\NXP\LPC43xx\LPC43xx.SFR - 0 - - - - NXP\LPC43xx\ - NXP\LPC43xx\ - - 0 - 0 - 0 - 0 - 1 - - .\MDK-FS\ - LCP43xx-MDK-FS - 1 - 0 - 0 - 1 - 1 - .\Lst\ - 1 - 0 - 0 - - 0 - 0 - - - 0 - 0 - 0 - 0 - - - 0 - 0 - - - 0 - 0 - - - 1 - 0 - $K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000) - - 0 - 0 - - 0 - - - - 0 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 3 - - - - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - - - - 1 - 0 - 0 - 0 - 16 - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - - - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 0 - - 0 - 9 - - - - - - - - - - - - - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL - - - - - 1 - 0 - 0 - 1 - 1 - 4100 - - 0 - BIN\ULP2CM3.DLL - "" () - - - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 1 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 0 - "Cortex-M4" - - 0 - 0 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 8 - 0 - 0 - 0 - 3 - 3 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 1 - 1 - 1 - 0 - 0 - 1 - 1 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 1 - 0x1a000000 - 0x80000 - - - 0 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x1a000000 - 0x80000 - - - 1 - 0x1b000000 - 0x80000 - - - 0 - 0x10080000 - 0xa000 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 0 - 0x20000000 - 0x10000 - - - - - - 1 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - - - HAVE_CONFIG_H CYASSL_LPC43xx __DBG_ITM CORE_M4 __RTX USE_STDPERIPH_DRIVER MDK_CONF_FS - - ..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include - - - - 1 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - - - - - - - - - 1 - 0 - 0 - 0 - 1 - 0 - - - - - - - - - - - - - - CyaSSL Apps - - - echoclient.c - 1 - ..\..\..\examples\echoclient\echoclient.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - echoserver.c - 1 - ..\..\..\examples\echoserver\echoserver.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - - - client.c - 1 - ..\..\..\examples\client\client.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - server.c - 1 - ..\..\..\examples\server\server.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - - - main.c - 1 - ..\MDK-ARM\CyaSSL\main.c - - - cert_data.c - 1 - ..\MDK-ARM\CyaSSL\cert_data.c - - - - - LPC43xx - - - lpc43xx_rtc.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_rtc.c - - - lpc43xx_timer.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_timer.c - - - lpc43xx_cgu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_cgu.c - - - lpc43xx_scu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_scu.c - - - - - MDK-ARM - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - - - RTX_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - TCPD_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - TCP_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - Serial.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c - - - ETH_LPC43xx.c - 1 - C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - SDIO_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c - - - system_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c - - - - - CyaSSL Library - - - crl.c - 1 - ..\..\..\src\crl.c - - - internal.c - 1 - ..\..\..\src\internal.c - - - io.c - 1 - ..\..\..\src\io.c - - - keys.c - 1 - ..\..\..\src\keys.c - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - tls.c - 1 - ..\..\..\src\tls.c - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - - - Configuration - - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - - - Net_Config.c - 1 - ..\MDK-ARM\config\Net_Config.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - config.h - 5 - ..\MDK-ARM\CyaSSL\config.h - - - RTX_Conf_CM.c - 1 - ..\MDK-ARM\config\RTX_Conf_CM.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - Net_Debug.c - 1 - ..\MDK-ARM\config\Net_Debug.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - config-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-FS.h - - - config-RTX-TCP-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h - - - config-BARE-METAL.h - 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h - - - startup_LPC43xx.s - 2 - ..\LPC43xx\startup_LPC43xx.s - - - - - CyaSSL-MDK - - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - - - Retarget.c - 1 - ..\MDK-ARM\CyaSSL\Retarget.c - - - time-LCP43xx.c - 1 - ..\LPC43xx\time-LCP43xx.c - - - - - - - MDK-BARE-METAL - 0x4 - ARM-ADS - - - LPC4357 - NXP (founded by Philips) - IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2 - - "STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code") - UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000) - 6414 - LPC43xx.H - - - - - - - - - - SFD\NXP\LPC43xx\LPC43xx.SFR - 0 - - - - NXP\LPC43xx\ - NXP\LPC43xx\ - - 0 - 0 - 0 - 0 - 1 - - .\MDK-BARE-METAL\ - LCP43xx-MDK-BARE-METAL - 1 - 0 - 0 - 1 - 1 - .\Lst\ - 1 - 0 - 0 - - 0 - 0 - - - 0 - 0 - 0 - 0 - - - 0 - 0 - - - 0 - 0 - - - 1 - 0 - $K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000) - - 0 - 0 - - 0 - - - - 0 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 3 - - - - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - - - - 1 - 0 - 0 - 0 - 16 - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - - - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 0 - - 0 - 9 - - - - - - - - - - - - - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL - - - - - 1 - 0 - 0 - 1 - 1 - 4100 - - 0 - BIN\ULP2CM3.DLL - "" () - - - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 1 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 0 - "Cortex-M4" - - 0 - 0 - 0 - 1 - 1 - 0 - 0 - 1 - 1 - 1 - 8 - 0 - 0 - 0 - 3 - 3 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 1 - 1 - 1 - 0 - 0 - 1 - 1 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 1 - 0x1a000000 - 0x80000 - - - 0 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x0 - 0x0 - - - 1 - 0x1a000000 - 0x80000 - - - 1 - 0x1b000000 - 0x80000 - - - 0 - 0x10080000 - 0xa000 - - - 0 - 0x0 - 0x0 - - - 0 - 0x0 - 0x0 - - - 0 - 0x10000000 - 0x8000 - - - 0 - 0x20000000 - 0x10000 - - - - - - 1 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - - - HAVE_CONFIG_H CYASSL_LPC43xx __DBG_ITM CORE_M4 __RTX USE_STDPERIPH_DRIVER MDK_CONF_BARE_METAL - - ..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include - - - - 1 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - - - - - - - - - 1 - 0 - 0 - 0 - 1 - 0 - - - - - - - - - - - - - - CyaSSL Apps - - - echoclient.c - 1 - ..\..\..\examples\echoclient\echoclient.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - echoserver.c - 1 - ..\..\..\examples\echoserver\echoserver.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - - - client.c - 1 - ..\..\..\examples\client\client.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - server.c - 1 - ..\..\..\examples\server\server.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - - - main.c - 1 - ..\MDK-ARM\CyaSSL\main.c - - - cert_data.c - 1 - ..\MDK-ARM\CyaSSL\cert_data.c - - - - - LPC43xx - - - lpc43xx_rtc.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_rtc.c - - - lpc43xx_timer.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_timer.c - - - lpc43xx_cgu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_cgu.c - - - lpc43xx_scu.c - 1 - ..\LPC43xx\Drivers\source\lpc43xx_scu.c - - - - - MDK-ARM - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - RTX_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - TCPD_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - TCP_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - - - Serial.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c - - - ETH_LPC43xx.c - 1 - C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - SDIO_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - system_LPC43xx.c - 1 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c - - - - - CyaSSL Library - - - crl.c - 1 - ..\..\..\src\crl.c - - - internal.c - 1 - ..\..\..\src\internal.c - - - io.c - 1 - ..\..\..\src\io.c - - - keys.c - 1 - ..\..\..\src\keys.c - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - tls.c - 1 - ..\..\..\src\tls.c - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - - - Configuration - - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - Net_Config.c - 1 - ..\MDK-ARM\config\Net_Config.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - config.h - 5 - ..\MDK-ARM\CyaSSL\config.h - - - RTX_Conf_CM.c - 1 - ..\MDK-ARM\config\RTX_Conf_CM.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - Net_Debug.c - 1 - ..\MDK-ARM\config\Net_Debug.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - config-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-FS.h - - - config-RTX-TCP-FS.h - 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h - - - config-BARE-METAL.h - 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h - - - startup_LPC43xx.s - 2 - ..\LPC43xx\startup_LPC43xx.s - - - - - CyaSSL-MDK - - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - - - Retarget.c - 1 - ..\MDK-ARM\CyaSSL\Retarget.c - - - time-LCP43xx.c - 1 - ..\LPC43xx\time-LCP43xx.c - - - - - - - - diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt index f051310b2..173f3e1b0 100644 --- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt +++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt @@ -13,6 +13,7 @@ *.txt; *.h; *.inc *.plm *.cpp + 0 @@ -31,6 +32,7 @@ 1 0 1 + 0 1 @@ -76,16 +78,6 @@ 0 255 - - SARMCM3.DLL - -MPU - DARMSTM.DLL - -pSTM32F207IG - SARMCM3.DLL - -MPU - TARMSTM.DLL - -pSTM32F207IG - 0 1 @@ -97,16 +89,18 @@ 1 1 1 - 0 + 1 1 1 1 0 1 0 + 1 + 1 0 0 - 9 + 7 @@ -116,14 +110,19 @@ - ..\MDK-ARM\config\STM32_SWO.ini + c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini BIN\ULP2CM3.DLL + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + 0 UL2CM3 - UL2CM3(-S0 -C0 -P0 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 -FP0($$Device:STM32F207IG$Flash\STM32F2xx_1024.flm)) + -UM1020ADE -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC10 -TIE1 -TIP9 -FO7 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 0 @@ -143,10 +142,18 @@ 0 ULP2CM3 - -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + + + 1 + 0 + 0x802f36c + 0 + + 0 @@ -192,6 +199,7 @@ 1 1 0 + 0 1 @@ -237,16 +245,6 @@ 1 255 - - SARMCM3.DLL - -MPU - DARMSTM.DLL - -pSTM32F207IG - SARMCM3.DLL - -MPU - TARMSTM.DLL - -pSTM32F207IG - 0 1 @@ -265,9 +263,11 @@ 0 1 0 + 1 + 1 0 0 - 9 + 1 @@ -277,10 +277,20 @@ - ..\MDK-ARM\config\STM32_SWO.ini - BIN\ULP2CM3.DLL + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + + + 0 + UL2CM3 + -UM1020ADE -O207 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + 0 DLGTARM @@ -294,12 +304,12 @@ 0 DLGUARM - + (105=-1,-1,-1,-1,0) 0 ULP2CM3 - -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 @@ -348,6 +358,7 @@ 1 1 0 + 0 1 @@ -393,16 +404,6 @@ 0 255 - - SARMCM3.DLL - -MPU - DARMSTM.DLL - -pSTM32F207IG - SARMCM3.DLL - -MPU - TARMSTM.DLL - -pSTM32F207IG - 0 1 @@ -421,9 +422,11 @@ 0 1 0 + 1 + 1 0 0 - 9 + 1 @@ -433,10 +436,20 @@ - ..\MDK-ARM\config\STM32_SWO.ini - BIN\ULP2CM3.DLL + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + + + 0 + UL2CM3 + -UM1020ADE -O79 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + 0 DLGTARM @@ -450,15 +463,64 @@ 0 DLGUARM - + (105=-1,-1,-1,-1,0) 0 ULP2CM3 - -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 - + + + 0 + 0 + 542 + 1 +
0
+ 0 + 0 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\shell.c + + + + + 1 + 0 + 150 + 1 +
0
+ 0 + 0 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\main.c + + + + + 2 + 0 + 540 + 1 +
0
+ 0 + 0 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\shell.c + + + + 0 @@ -494,7 +556,7 @@ - CyaSSL Apps + wolfSSL Apps 1 0 0 @@ -505,13 +567,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\echoclient\echoclient.c - echoclient.c + ..\..\..\examples\client\client.c + client.c 0 0 @@ -521,13 +580,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\echoserver\echoserver.c - echoserver.c + ..\MDK-ARM\wolfSSL\shell.c + shell.c 0 0 @@ -537,13 +593,10 @@ 1 0 0 - 5 0 - 0 - 0 0 - ..\..\..\ctaocrypt\test\test.c - test.c + ..\..\..\examples\server\server.c + server.c 0 0 @@ -553,13 +606,10 @@ 1 0 0 - 21 0 - 0 - 0 0 - ..\..\..\ctaocrypt\benchmark\benchmark.c - benchmark.c + ..\MDK-ARM\wolfSSL\main.c + main.c 0 0 @@ -569,13 +619,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\client\client.c - client.c + ..\..\..\wolfcrypt\test\test.c + test.c 0 0 @@ -585,13 +632,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\server\server.c - server.c + ..\..\..\wolfcrypt\benchmark\benchmark.c + benchmark.c 0 0 @@ -601,13 +645,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\shell.c - shell.c + ..\..\..\examples\echoclient\echoclient.c + echoclient.c 0 0 @@ -617,40 +658,13 @@ 1 0 0 - 0 0 - 106 - 149 0 - ..\MDK-ARM\CyaSSL\main.c - main.c + ..\..\..\examples\echoserver\echoserver.c + echoserver.c 0 0 - - 1 - 9 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\cert_data.c - cert_data.c - 0 - 0 - - - - - STM32F2xx_StdPeriph_Lib - 1 - 0 - 0 - 0 @@ -660,786 +674,93 @@ 0 0 - 3 - 10 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c - Serial.c - 0 - 0 - - - 3 - 11 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c - SDIO_STM32F2xx.c - 0 - 0 - - - 3 - 12 + 2 + 9 4 0 0 - 0 0 - 0 - 0 0 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - FS_CM3.lib - 0 - 0 - - - 3 - 13 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib RTX_CM3.lib 0 0 - 3 - 14 + 2 + 10 1 0 0 - 0 0 - 0 - 0 0 - c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c + c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c ETH_STM32F2xx.c 0 0 - 3 - 15 + 2 + 11 4 0 0 - 0 0 - 0 - 0 0 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib TCPD_CM3.lib 0 0 - 3 - 16 + 2 + 12 4 0 0 - 0 0 - 0 - 0 0 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib TCP_CM3.lib 0 0 - 3 - 17 + 2 + 13 1 0 0 - 0 0 - 0 - 0 0 - C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c + C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c system_stm32f2xx.c 0 0 - - - - CyaSSL Library - 1 - 0 - 0 - 0 - 4 - 18 + 2 + 14 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\src\crl.c - crl.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c + SDIO_STM32F2xx.c 0 0 - 4 - 19 - 1 + 2 + 15 + 4 0 0 - 0 0 - 0 - 0 0 - ..\..\..\src\internal.c - internal.c - 0 - 0 - - - 4 - 20 - 1 - 0 - 0 - 23 - 0 - 0 - 0 - 0 - ..\..\..\src\io.c - io.c - 0 - 0 - - - 4 - 21 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\src\keys.c - keys.c - 0 - 0 - - - 4 - 22 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\src\ocsp.c - ocsp.c - 0 - 0 - - - 4 - 23 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\src\sniffer.c - sniffer.c - 0 - 0 - - - 4 - 24 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\src\ssl.c - ssl.c - 0 - 0 - - - 4 - 25 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\src\tls.c - tls.c - 0 - 0 - - - 4 - 26 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - ssl-dummy.c - 0 - 0 - - - - - Crypt/Cipher Library - 1 - 0 - 0 - 0 - - 5 - 27 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\aes.c - aes.c - 0 - 0 - - - 5 - 28 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\arc4.c - arc4.c - 0 - 0 - - - 5 - 29 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\asm.c - asm.c - 0 - 0 - - - 5 - 30 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\asn.c - asn.c - 0 - 0 - - - 5 - 31 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\camellia.c - camellia.c - 0 - 0 - - - 5 - 32 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\coding.c - coding.c - 0 - 0 - - - 5 - 33 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\des3.c - des3.c - 0 - 0 - - - 5 - 34 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\dh.c - dh.c - 0 - 0 - - - 5 - 35 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\dsa.c - dsa.c - 0 - 0 - - - 5 - 36 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ecc.c - ecc.c - 0 - 0 - - - 5 - 37 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ecc_fp.c - ecc_fp.c - 0 - 0 - - - 5 - 38 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\error.c - error.c - 0 - 0 - - - 5 - 39 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\hc128.c - hc128.c - 0 - 0 - - - 5 - 40 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\hmac.c - hmac.c - 0 - 0 - - - 5 - 41 - 1 - 0 - 0 - 19 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\integer.c - integer.c - 0 - 0 - - - 5 - 42 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\logging.c - logging.c - 0 - 0 - - - 5 - 43 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md2.c - md2.c - 0 - 0 - - - 5 - 44 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md4.c - md4.c - 0 - 0 - - - 5 - 45 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md5.c - md5.c - 0 - 0 - - - 5 - 46 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\memory.c - memory.c - 0 - 0 - - - 5 - 47 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\misc.c - misc.c - 0 - 0 - - - 5 - 48 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\wc_port.c - wc_port.c - 0 - 0 - - - 5 - 49 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\pwdbased.c - pwdbased.c - 0 - 0 - - - 5 - 50 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\rabbit.c - rabbit.c - 0 - 0 - - - 5 - 51 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\random.c - random.c - 0 - 0 - - - 5 - 52 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ripemd.c - ripemd.c - 0 - 0 - - - 5 - 53 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\rsa.c - rsa.c - 0 - 0 - - - 5 - 54 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha.c - sha.c - 0 - 0 - - - 5 - 55 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha256.c - sha256.c - 0 - 0 - - - 5 - 56 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha512.c - sha512.c - 0 - 0 - - - 5 - 57 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\tfm.c - tfm.c + C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib + FS_CM3.lib 0 0 @@ -1452,202 +773,226 @@ 0 0 - 6 - 58 + 3 + 16 1 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\config\File_Config.c - File_Config.c - 0 - 0 - - - 6 - 59 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\config\Net_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c Net_Config.c 0 0 - 6 - 60 + 3 + 17 5 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\config.h + ..\MDK-ARM\wolfSSL\config.h config.h 0 0 - 6 - 61 + 3 + 18 1 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\config\RTX_Conf_CM.c - RTX_Conf_CM.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c + RTX_Config.c 0 0 - 6 - 62 + 3 + 19 1 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\config\Net_Debug.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c Net_Debug.c 0 0 - 6 - 63 + 3 + 20 5 0 0 - 0 0 - 1 - 1 0 - ..\MDK-ARM\CyaSSL\config-FS.h + ..\MDK-ARM\wolfSSL\config-FS.h config-FS.h 0 0 - 6 - 64 + 3 + 21 5 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h config-RTX-TCP-FS.h 0 0 - 6 - 65 + 3 + 22 5 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h config-BARE-METAL.h 0 0 - 6 - 66 + 3 + 23 2 0 0 - 0 0 - 152 - 169 0 - ..\MDK-ARM\config\startup_stm32f2xx.s + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s startup_stm32f2xx.s 0 0 + + 3 + 24 + 1 + 0 + 0 + 0 + 0 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + File_Config.c + 0 + 0 + + + 3 + 25 + 5 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h + config-WOLFLIB.h + 0 + 0 + - CyaSSL-MDK + wolfSSL-MDK 1 0 0 0 - 7 - 67 + 4 + 26 1 0 0 - 0 0 - 182 - 222 0 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - cyassl_MDK_ARM.c - 0 - 0 - - - 7 - 68 - 1 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\Retarget.c + ..\MDK-ARM\wolfSSL\Retarget.c Retarget.c 0 0 - 7 - 69 + 4 + 27 1 0 0 - 1 0 - 0 - 0 0 - ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c - time-STM32F2xx.c + ..\MDK-ARM\wolfSSL\time-CortexM3-4.c + time-CortexM3-4.c + 0 + 0 + + + 4 + 28 + 1 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\time-dummy.c + time-dummy.c + 0 + 0 + + + 4 + 29 + 1 + 0 + 0 + 0 + 0 + ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c + wolfssl_MDK_ARM.c + 0 + 0 + + + 4 + 30 + 1 + 0 + 0 + 0 + 0 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c + Serial.c + 0 + 0 + + + + + wolfSSL-Lib + 1 + 0 + 0 + 0 + + 5 + 31 + 4 + 0 + 0 + 0 + 0 + .\wolfSSL-lib\wolfSSL.lib + wolfSSL.lib 0 0 diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj index f7cf9b176..b194c1113 100644 --- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj +++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj @@ -30,6 +30,7 @@ SFD\ST\STM32F2xx\STM32F20x.sfr + 0 0 @@ -71,6 +72,8 @@ 0 0 + 0 + 0 0 @@ -97,6 +100,7 @@ 3 + 1 SARMCM3.DLL @@ -126,20 +130,22 @@ 1 1 0 + 1 1 1 - 0 + 1 1 1 1 0 1 0 + 1 0 - 9 + 7 @@ -152,7 +158,7 @@ - ..\MDK-ARM\config\STM32_SWO.ini + c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini BIN\ULP2CM3.DLL @@ -169,6 +175,10 @@ BIN\ULP2CM3.DLL "" () + + + + 0 @@ -347,11 +357,13 @@ 0 0 0 + 0 + 0 HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM __RTX MDK_CONF_RTX_TCP_FS - ..\MDK-ARM\CyaSSL;C:..\STM32F2xx_StdPeriph_Lib\inc;..\..\..\ + ..\MDK-ARM\wolfSSL;..\..\..\; .\; C:\Keil_v5\ARM\RV31\INC @@ -363,6 +375,7 @@ 0 0 0 + 0 @@ -379,6 +392,7 @@ 0 0x08000000 0x20000000 + @@ -390,8 +404,38 @@ - CyaSSL Apps + wolfSSL Apps + + client.c + 1 + ..\..\..\examples\client\client.c + + + shell.c + 1 + ..\MDK-ARM\wolfSSL\shell.c + + + server.c + 1 + ..\..\..\examples\server\server.c + + + main.c + 1 + ..\MDK-ARM\wolfSSL\main.c + + + test.c + 1 + ..\..\..\wolfcrypt\test\test.c + + + benchmark.c + 1 + ..\..\..\wolfcrypt\benchmark\benchmark.c + echoclient.c 1 @@ -402,78 +446,25 @@ 1 ..\..\..\examples\echoserver\echoserver.c - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - - - client.c - 1 - ..\..\..\examples\client\client.c - - - server.c - 1 - ..\..\..\examples\server\server.c - - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - - - main.c - 1 - ..\MDK-ARM\CyaSSL\main.c - - - cert_data.c - 1 - ..\MDK-ARM\CyaSSL\cert_data.c - - - STM32F2xx_StdPeriph_Lib - MDK-ARM - - Serial.c - 1 - c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c - - - SDIO_STM32F2xx.c - 1 - c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - RTX_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib ETH_STM32F2xx.c 1 - c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c + c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c TCPD_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib 2 @@ -489,6 +480,7 @@ 11 + 1 @@ -496,332 +488,47 @@ TCP_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib system_stm32f2xx.c 1 - C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c - - - - - CyaSSL Library - - - crl.c - 1 - ..\..\..\src\crl.c + C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c - internal.c + SDIO_STM32F2xx.c 1 - ..\..\..\src\internal.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c - io.c - 1 - ..\..\..\src\io.c - - - keys.c - 1 - ..\..\..\src\keys.c - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - tls.c - 1 - ..\..\..\src\tls.c - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - + FS_CM3.lib + 4 + C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib Configuration - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - Net_Config.c 1 - ..\MDK-ARM\config\Net_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c config.h 5 - ..\MDK-ARM\CyaSSL\config.h + ..\MDK-ARM\wolfSSL\config.h - RTX_Conf_CM.c + RTX_Config.c 1 - ..\MDK-ARM\config\RTX_Conf_CM.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c Net_Debug.c 1 - ..\MDK-ARM\config\Net_Debug.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c 2 @@ -837,6 +544,7 @@ 11 + 1 @@ -853,6 +561,8 @@ 0 2 2 + 2 + 2 @@ -866,42 +576,91 @@ config-FS.h 5 - ..\MDK-ARM\CyaSSL\config-FS.h + ..\MDK-ARM\wolfSSL\config-FS.h config-RTX-TCP-FS.h 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h config-BARE-METAL.h 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h startup_stm32f2xx.s 2 - ..\MDK-ARM\config\startup_stm32f2xx.s + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s + + + File_Config.c + 1 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h - CyaSSL-MDK + wolfSSL-MDK - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - Retarget.c 1 - ..\MDK-ARM\CyaSSL\Retarget.c + ..\MDK-ARM\wolfSSL\Retarget.c - time-STM32F2xx.c + time-CortexM3-4.c 1 - ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c + ..\MDK-ARM\wolfSSL\time-CortexM3-4.c + + + time-dummy.c + 1 + ..\MDK-ARM\wolfSSL\time-dummy.c + + + wolfssl_MDK_ARM.c + 1 + ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c + + + Serial.c + 1 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c + + + + + wolfSSL-Lib + + + wolfSSL.lib + 4 + .\wolfSSL-lib\wolfSSL.lib + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + @@ -931,6 +690,7 @@ SFD\ST\STM32F2xx\STM32F20x.sfr + 0 0 @@ -972,6 +732,8 @@ 0 0 + 0 + 0 0 @@ -998,6 +760,7 @@ 3 + 1 SARMCM3.DLL @@ -1027,6 +790,7 @@ 1 1 0 + 1 1 @@ -1038,9 +802,10 @@ 0 1 0 + 1 0 - 9 + 1 @@ -1053,8 +818,8 @@ - ..\MDK-ARM\config\STM32_SWO.ini - BIN\ULP2CM3.DLL + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL @@ -1066,10 +831,14 @@ 1 4100 - 0 + 1 BIN\ULP2CM3.DLL "" () + + + + 0 @@ -1248,11 +1017,13 @@ 0 0 0 + 0 + 0 - HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM MDK_CONF_FS + HAVE_CONFIG_H WOLFSSL_STM32F2xx __DBG_ITM MDK_CONF_FS - ..\MDK-ARM\CyaSSL;..\MDK-ARM\inc;..\STM32F2xx_StdPeriph_Lib\inc;..\POSIX\..\..\..\ + ..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\ @@ -1264,6 +1035,7 @@ 0 0 0 + 0 @@ -1280,6 +1052,7 @@ 0 0x08000000 0x20000000 + @@ -1291,8 +1064,124 @@ - CyaSSL Apps + wolfSSL Apps + + client.c + 1 + ..\..\..\examples\client\client.c + + + 2 + 0 + 0 + 0 + 0 + 0 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 0 + 2 + 2 + 2 + 2 + + + + + + + + + + + + shell.c + 1 + ..\MDK-ARM\wolfSSL\shell.c + + + server.c + 1 + ..\..\..\examples\server\server.c + + + 2 + 0 + 0 + 0 + 0 + 0 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 0 + 2 + 2 + 2 + 2 + + + + + + + + + + + + main.c + 1 + ..\MDK-ARM\wolfSSL\main.c + + + test.c + 1 + ..\..\..\wolfcrypt\test\test.c + + + benchmark.c + 1 + ..\..\..\wolfcrypt\benchmark\benchmark.c + echoclient.c 1 @@ -1312,6 +1201,7 @@ 11 + 1 @@ -1325,9 +1215,11 @@ 2 2 2 - 0 + 2 2 2 + 2 + 2 @@ -1357,6 +1249,7 @@ 11 + 1 @@ -1370,9 +1263,11 @@ 2 2 2 - 0 + 2 2 2 + 2 + 2 @@ -1383,148 +1278,15 @@ - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - - - client.c - 1 - ..\..\..\examples\client\client.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - server.c - 1 - ..\..\..\examples\server\server.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - - - main.c - 1 - ..\MDK-ARM\CyaSSL\main.c - - - cert_data.c - 1 - ..\MDK-ARM\CyaSSL\cert_data.c - - - STM32F2xx_StdPeriph_Lib - MDK-ARM - - Serial.c - 1 - c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c - - - SDIO_STM32F2xx.c - 1 - c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - RTX_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib 2 @@ -1532,7 +1294,7 @@ 0 0 0 - 0 + 1 2 2 2 @@ -1540,6 +1302,7 @@ 11 + 1 @@ -1547,7 +1310,7 @@ ETH_STM32F2xx.c 1 - c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c + c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c 2 @@ -1563,6 +1326,7 @@ 11 + 1 @@ -1579,6 +1343,8 @@ 0 2 2 + 2 + 2 @@ -1592,7 +1358,7 @@ TCPD_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib 2 @@ -1608,6 +1374,7 @@ 11 + 1 @@ -1615,7 +1382,7 @@ TCP_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib 2 @@ -1631,6 +1398,7 @@ 11 + 1 @@ -1638,552 +1406,27 @@ system_stm32f2xx.c 1 - C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c - - - - - CyaSSL Library - - - crl.c - 1 - ..\..\..\src\crl.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - + C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c - internal.c + SDIO_STM32F2xx.c 1 - ..\..\..\src\internal.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c - io.c - 1 - ..\..\..\src\io.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - keys.c - 1 - ..\..\..\src\keys.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - tls.c - 1 - ..\..\..\src\tls.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c + FS_CM3.lib + 4 + C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib Configuration - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - Net_Config.c 1 - ..\MDK-ARM\config\Net_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c 2 @@ -2199,6 +1442,7 @@ 11 + 1 @@ -2215,6 +1459,8 @@ 0 2 2 + 2 + 2 @@ -2228,12 +1474,12 @@ config.h 5 - ..\MDK-ARM\CyaSSL\config.h + ..\MDK-ARM\wolfSSL\config.h - RTX_Conf_CM.c + RTX_Config.c 1 - ..\MDK-ARM\config\RTX_Conf_CM.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c 2 @@ -2249,6 +1495,7 @@ 11 + 1 @@ -2265,6 +1512,8 @@ 0 2 2 + 2 + 2 @@ -2278,7 +1527,7 @@ Net_Debug.c 1 - ..\MDK-ARM\config\Net_Debug.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c 2 @@ -2294,6 +1543,7 @@ 11 + 1 @@ -2310,6 +1560,8 @@ 0 2 2 + 2 + 2 @@ -2323,42 +1575,72 @@ config-FS.h 5 - ..\MDK-ARM\CyaSSL\config-FS.h + ..\MDK-ARM\wolfSSL\config-FS.h config-RTX-TCP-FS.h 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h config-BARE-METAL.h 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h startup_stm32f2xx.s 2 - ..\MDK-ARM\config\startup_stm32f2xx.s + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s + + + File_Config.c + 1 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h - CyaSSL-MDK + wolfSSL-MDK - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - Retarget.c 1 - ..\MDK-ARM\CyaSSL\Retarget.c + ..\MDK-ARM\wolfSSL\Retarget.c - time-STM32F2xx.c + time-CortexM3-4.c 1 - ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c + ..\MDK-ARM\wolfSSL\time-CortexM3-4.c + + + time-dummy.c + 1 + ..\MDK-ARM\wolfSSL\time-dummy.c + + + wolfssl_MDK_ARM.c + 1 + ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c + + + Serial.c + 1 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c + + + + + wolfSSL-Lib + + + wolfSSL.lib + 4 + .\wolfSSL-lib\wolfSSL.lib @@ -2388,6 +1670,7 @@ SFD\ST\STM32F2xx\STM32F20x.sfr + 0 0 @@ -2401,8 +1684,8 @@ 0 1 - .\MDK-BARE-METAL\ - STM32F2xx-MDK-BARE-METAL + .\MDK-BAREMETAL\ + STM32F2xx-BARE-METAL 1 0 0 @@ -2429,6 +1712,8 @@ 0 0 + 0 + 0 0 @@ -2455,6 +1740,7 @@ 3 + 1 SARMCM3.DLL @@ -2484,6 +1770,7 @@ 1 1 0 + 1 1 @@ -2495,9 +1782,10 @@ 0 1 0 + 1 0 - 9 + 1 @@ -2510,8 +1798,8 @@ - ..\MDK-ARM\config\STM32_SWO.ini - BIN\ULP2CM3.DLL + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL @@ -2523,10 +1811,14 @@ 1 4100 - 0 + 1 BIN\ULP2CM3.DLL "" () + + + + 0 @@ -2542,11 +1834,11 @@ 1 1 0 - 1 + 0 1 0 0 - 1 + 0 1 1 1 @@ -2705,11 +1997,13 @@ 0 0 0 + 0 + 0 HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM MDK_CONF_BARE_METAL - ..\MDK-ARM\CyaSSL;..\MDK-ARM\inc;..\STM32F2xx_StdPeriph_Lib\inc;..\POSIX;..\..\..\ + ..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\ @@ -2721,6 +2015,7 @@ 0 0 0 + 0 @@ -2737,6 +2032,7 @@ 0 0x08000000 0x20000000 + @@ -2748,108 +2044,8 @@ - CyaSSL Apps + wolfSSL Apps - - echoclient.c - 1 - ..\..\..\examples\echoclient\echoclient.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - echoserver.c - 1 - ..\..\..\examples\echoserver\echoserver.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - test.c - 1 - ..\..\..\ctaocrypt\test\test.c - - - benchmark.c - 1 - ..\..\..\ctaocrypt\benchmark\benchmark.c - client.c 1 @@ -2869,6 +2065,7 @@ 11 + 1 @@ -2885,6 +2082,56 @@ 0 2 2 + 2 + 2 + + + + + + + + + + + + shell.c + 1 + ..\MDK-ARM\wolfSSL\shell.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 @@ -2914,6 +2161,7 @@ 11 + 1 @@ -2930,6 +2178,8 @@ 0 2 2 + 2 + 2 @@ -2940,106 +2190,212 @@ - - shell.c - 1 - ..\MDK-ARM\CyaSSL\shell.c - main.c 1 - ..\MDK-ARM\CyaSSL\main.c + ..\MDK-ARM\wolfSSL\main.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + - cert_data.c + test.c 1 - ..\MDK-ARM\CyaSSL\cert_data.c + ..\..\..\wolfcrypt\test\test.c + + + benchmark.c + 1 + ..\..\..\wolfcrypt\benchmark\benchmark.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + + + + echoclient.c + 1 + ..\..\..\examples\echoclient\echoclient.c + + + 2 + 0 + 0 + 0 + 0 + 0 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + + + + echoserver.c + 1 + ..\..\..\examples\echoserver\echoserver.c + + + 2 + 0 + 0 + 0 + 0 + 0 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + - - STM32F2xx_StdPeriph_Lib - MDK-ARM - - Serial.c - 1 - c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c - - - SDIO_STM32F2xx.c - 1 - c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - FS_CM3.lib - 4 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - RTX_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib 2 @@ -3047,7 +2403,7 @@ 0 0 0 - 0 + 1 2 2 2 @@ -3055,6 +2411,7 @@ 11 + 1 @@ -3062,7 +2419,7 @@ ETH_STM32F2xx.c 1 - c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c + c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c 2 @@ -3078,6 +2435,7 @@ 11 + 1 @@ -3094,6 +2452,8 @@ 0 2 2 + 2 + 2 @@ -3107,7 +2467,7 @@ TCPD_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib 2 @@ -3123,6 +2483,7 @@ 11 + 1 @@ -3130,7 +2491,7 @@ TCP_CM3.lib 4 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib + c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib 2 @@ -3146,6 +2507,7 @@ 11 + 1 @@ -3153,17 +2515,12 @@ system_stm32f2xx.c 1 - C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c + C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c - - - - CyaSSL Library - - crl.c + SDIO_STM32F2xx.c 1 - ..\..\..\src\crl.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c 2 @@ -3179,6 +2536,7 @@ 11 + 1 @@ -3192,9 +2550,11 @@ 2 2 2 - 0 + 2 2 2 + 2 + 2 @@ -3206,579 +2566,19 @@ - internal.c - 1 - ..\..\..\src\internal.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - io.c - 1 - ..\..\..\src\io.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - keys.c - 1 - ..\..\..\src\keys.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ocsp.c - 1 - ..\..\..\src\ocsp.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - sniffer.c - 1 - ..\..\..\src\sniffer.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ssl.c - 1 - ..\..\..\src\ssl.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - tls.c - 1 - ..\..\..\src\tls.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - - - ssl-dummy.c - 1 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - - - - - Crypt/Cipher Library - - - aes.c - 1 - ..\..\..\ctaocrypt\src\aes.c - - - arc4.c - 1 - ..\..\..\ctaocrypt\src\arc4.c - - - asm.c - 1 - ..\..\..\ctaocrypt\src\asm.c - - - asn.c - 1 - ..\..\..\ctaocrypt\src\asn.c - - - camellia.c - 1 - ..\..\..\ctaocrypt\src\camellia.c - - - coding.c - 1 - ..\..\..\ctaocrypt\src\coding.c - - - des3.c - 1 - ..\..\..\ctaocrypt\src\des3.c - - - dh.c - 1 - ..\..\..\ctaocrypt\src\dh.c - - - dsa.c - 1 - ..\..\..\ctaocrypt\src\dsa.c - - - ecc.c - 1 - ..\..\..\ctaocrypt\src\ecc.c - - - ecc_fp.c - 1 - ..\..\..\ctaocrypt\src\ecc_fp.c - - - error.c - 1 - ..\..\..\ctaocrypt\src\error.c - - - hc128.c - 1 - ..\..\..\ctaocrypt\src\hc128.c - - - hmac.c - 1 - ..\..\..\ctaocrypt\src\hmac.c - - - integer.c - 1 - ..\..\..\ctaocrypt\src\integer.c - - - logging.c - 1 - ..\..\..\ctaocrypt\src\logging.c - - - md2.c - 1 - ..\..\..\ctaocrypt\src\md2.c - - - md4.c - 1 - ..\..\..\ctaocrypt\src\md4.c - - - md5.c - 1 - ..\..\..\ctaocrypt\src\md5.c - - - memory.c - 1 - ..\..\..\ctaocrypt\src\memory.c - - - misc.c - 1 - ..\..\..\ctaocrypt\src\misc.c - - - wc_port.c - 1 - ..\..\..\ctaocrypt\src\wc_port.c - - - pwdbased.c - 1 - ..\..\..\ctaocrypt\src\pwdbased.c - - - rabbit.c - 1 - ..\..\..\ctaocrypt\src\rabbit.c - - - random.c - 1 - ..\..\..\ctaocrypt\src\random.c - - - ripemd.c - 1 - ..\..\..\ctaocrypt\src\ripemd.c - - - rsa.c - 1 - ..\..\..\ctaocrypt\src\rsa.c - - - sha.c - 1 - ..\..\..\ctaocrypt\src\sha.c - - - sha256.c - 1 - ..\..\..\ctaocrypt\src\sha256.c - - - sha512.c - 1 - ..\..\..\ctaocrypt\src\sha512.c - - - tfm.c - 1 - ..\..\..\ctaocrypt\src\tfm.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - + FS_CM3.lib + 4 + C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib Configuration - - File_Config.c - 1 - ..\MDK-ARM\config\File_Config.c - - - 2 - 0 - 0 - 0 - 0 - 0 - 2 - 2 - 2 - 2 - 11 - - - - - - 2 - 0 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 2 - 0 - 2 - 2 - - - - - - - - - - Net_Config.c 1 - ..\MDK-ARM\config\Net_Config.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c 2 @@ -3794,6 +2594,7 @@ 11 + 1 @@ -3810,6 +2611,8 @@ 0 2 2 + 2 + 2 @@ -3823,12 +2626,12 @@ config.h 5 - ..\MDK-ARM\CyaSSL\config.h + ..\MDK-ARM\wolfSSL\config.h - RTX_Conf_CM.c + RTX_Config.c 1 - ..\MDK-ARM\config\RTX_Conf_CM.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c 2 @@ -3844,6 +2647,7 @@ 11 + 1 @@ -3860,6 +2664,8 @@ 0 2 2 + 2 + 2 @@ -3873,7 +2679,7 @@ Net_Debug.c 1 - ..\MDK-ARM\config\Net_Debug.c + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c 2 @@ -3889,6 +2695,7 @@ 11 + 1 @@ -3905,6 +2712,8 @@ 0 2 2 + 2 + 2 @@ -3918,42 +2727,244 @@ config-FS.h 5 - ..\MDK-ARM\CyaSSL\config-FS.h + ..\MDK-ARM\wolfSSL\config-FS.h config-RTX-TCP-FS.h 5 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h config-BARE-METAL.h 5 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h startup_stm32f2xx.s 2 - ..\MDK-ARM\config\startup_stm32f2xx.s + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s + + + File_Config.c + 1 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c + + + 2 + 0 + 0 + 0 + 0 + 0 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h - CyaSSL-MDK + wolfSSL-MDK - - cyassl_MDK_ARM.c - 1 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - Retarget.c 1 - ..\MDK-ARM\CyaSSL\Retarget.c + ..\MDK-ARM\wolfSSL\Retarget.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + - time-STM32F2xx.c + time-CortexM3-4.c 1 - ..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c + ..\MDK-ARM\wolfSSL\time-CortexM3-4.c + + + time-dummy.c + 1 + ..\MDK-ARM\wolfSSL\time-dummy.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + + + + wolfssl_MDK_ARM.c + 1 + ..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c + + + 2 + 0 + 0 + 0 + 0 + 1 + 2 + 2 + 2 + 2 + 11 + + + 1 + + + + 2 + 0 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + 2 + + + + + + + + + + + + Serial.c + 1 + C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c + + + + + wolfSSL-Lib + + + wolfSSL.lib + 4 + .\wolfSSL-lib\wolfSSL.lib diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt similarity index 55% rename from IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt rename to IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt index 1e83de18e..69f64de42 100644 --- a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt +++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt @@ -13,6 +13,7 @@ *.txt; *.h; *.inc *.plm *.cpp + 0 @@ -21,16 +22,17 @@ - MDK-RTX-TCP-FS + MDK-RTX-TCP-FS-Lib 0x4 ARM-ADS - 12000000 + 25000000 1 - 0 - 1 - 0 + 1 + 0 + 1 + 0 1 @@ -43,7 +45,166 @@ 79 66 8 - .\Lst\ + .\Flash\ + + + 1 + 1 + 1 + 0 + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + + + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + + + 1 + 0 + 0 + + 255 + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 0 + 1 + 1 + 0 + 0 + 7 + + + + + + + + + + c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\ULP2CM3.DLL + + + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + + + 0 + UL2CM3 + -UM1020ADE -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC10 -TIE1 -TIP9 -FO7 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + + + 0 + DLGTARM + (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0) + + + 0 + ARMDBGFLAGS + + + + 0 + DLGUARM + + + + 0 + ULP2CM3 + -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + + + + + 0 + + + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 1 + 0 + 0 + 0 + + + + + + + + MDK-FS-Lib + 0x4 + ARM-ADS + + 25000000 + + 1 + 1 + 1 + 0 + 0 + + + 1 + 65535 + 0 + 0 + 0 + + + 79 + 66 + 8 + .\Flash\ 1 @@ -75,17 +236,199 @@ 0 1 - 8 - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - + 255 + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 0 + 1 + 1 + 0 + 0 + 1 + + + + + + + + + + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + + + 0 + UL2CM3 + -UM1020ADE -O207 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + + + 0 + DLGTARM + (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0) + + + 0 + ARMDBGFLAGS + + + + 0 + DLGUARM + (105=-1,-1,-1,-1,0) + + + 0 + ULP2CM3 + -UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + + + + + 0 + 0 + 150 + 1 +
134219020
+ 0 + 0 + 0 + 0 + 0 + 1 + C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\main.c + + + + + 1 + 0 + 542 + 1 +
0
+ 0 + 0 + 0 + 0 + 0 + 0 + C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\shell.c + + + + + + 0 + + + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + + + + + + + + wolfSSL-Lib + 0x4 + ARM-ADS + + 25000000 + + 1 + 1 + 1 + 0 + 0 + + + 1 + 65535 + 0 + 0 + 0 + + + 79 + 66 + 8 + .\Flash\ + + + 1 + 1 + 1 + 0 + 1 + 1 + 0 + 1 + 0 + 0 + 0 + 0 + + + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + + + 1 + 0 + 0 + + 255 0 1 @@ -104,9 +447,11 @@ 0 1 0 + 1 + 1 0 0 - 9 + 1 @@ -116,10 +461,20 @@ - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + 0 + ARMRTXEVENTFLAGS + -L70 -Z18 -C0 -M0 -T1 + + + 0 + UL2CM3 + -UM1020ADE -O79 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 + 0 DLGTARM @@ -133,29 +488,48 @@ 0 DLGUARM - + (105=-1,-1,-1,-1,0) 0 ULP2CM3 - -UP1135060 -O974 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000 + -UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 - - - - 1 - 0 - 0x10005960 - - - - - 0 - Reset Peripherals - Per_Reset() - - + + + 0 + 0 + 150 + 1 +
134218980
+ 0 + 0 + 0 + 0 + 0 + 1 + C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\main.c + + + + + 1 + 0 + 542 + 1 +
0
+ 0 + 0 + 0 + 0 + 0 + 0 + C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\shell.c + + + + 0 @@ -170,347 +544,7 @@ 1 0 0 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - - - - - - - - MDK-FS - 0x4 - ARM-ADS - - 12000000 - - 1 - 1 - 1 - 0 - - - 1 - 65535 - 0 - 0 - 0 - - - 79 - 66 - 8 - .\Lst\ - - - 1 - 1 - 1 - 0 - 1 - 1 - 0 - 1 - 0 - 0 - 0 - 0 - - - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 0 - - - 1 - 0 - 0 - - 8 - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 0 - 0 - 0 - 9 - - - - - - - - - - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL - - - - 0 - DLGTARM - (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0) - - - 0 - ARMDBGFLAGS - - - - 0 - DLGUARM - - - - 0 - ULP2CM3 - -UP1135060 -O974 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000 - - - - - - 1 - 0 - 0x10005960 - - - - - 0 - Reset Peripherals - Per_Reset() - - - - 0 - - - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - - - - - - - - MDK-BARE-METAL - 0x4 - ARM-ADS - - 12000000 - - 1 - 1 - 1 - 0 - - - 1 - 65535 - 0 - 0 - 0 - - - 79 - 66 - 8 - .\Lst\ - - - 1 - 1 - 1 - 0 - 1 - 1 - 0 - 1 - 0 - 0 - 0 - 0 - - - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 0 - - - 1 - 0 - 0 - - 8 - - SARMCM3.DLL - -MPU - DCM.DLL - -pCM4 - SARMCM3.DLL - -MPU - TCM.DLL - -pCM4 - - - 0 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 1 - 0 - 1 - 0 - 0 - 0 - 9 - - - - - - - - - - ..\MDK-ARM\config\Dbg_Flash.ini - BIN\ULP2CM3.DLL - - - - 0 - DLGTARM - (1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0) - - - 0 - ARMDBGFLAGS - - - - 0 - DLGUARM - - - - 0 - ULP2CM3 - -UP1135060 -O975 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000 - - - - - - 1 - 0 - 0x10005960 - - - - - 0 - Reset Peripherals - Per_Reset() - - - - 0 - - - 0 - 0 - 1 - 0 - 0 - 0 - 0 - 1 - 0 - 0 - 1 + 0 0 0 0 @@ -531,24 +565,21 @@ - CyaSSL Apps - 1 + Crypt + 0 0 0 0 1 1 - 1 + 5 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\echoclient\echoclient.c - echoclient.c + ..\MDK-ARM\wolfSSL\config-FS.h + config-FS.h 0 0 @@ -558,13 +589,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\echoserver\echoserver.c - echoserver.c + ..\..\..\wolfcrypt\src\aes.c + aes.c 0 0 @@ -574,13 +602,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\ctaocrypt\test\test.c - test.c + ..\..\..\wolfcrypt\src\arc4.c + arc4.c 0 0 @@ -590,13 +615,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\ctaocrypt\benchmark\benchmark.c - benchmark.c + ..\..\..\wolfcrypt\src\asm.c + asm.c 0 0 @@ -606,13 +628,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\client\client.c - client.c + ..\..\..\wolfcrypt\src\asn.c + asn.c 0 0 @@ -622,13 +641,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\..\..\examples\server\server.c - server.c + ..\..\..\wolfcrypt\src\blake2b.c + blake2b.c 0 0 @@ -638,13 +654,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\shell.c - shell.c + ..\..\..\wolfcrypt\src\camellia.c + camellia.c 0 0 @@ -654,13 +667,10 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\main.c - main.c + ..\..\..\wolfcrypt\src\chacha.c + chacha.c 0 0 @@ -670,242 +680,522 @@ 1 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\cert_data.c - cert_data.c + ..\..\..\wolfcrypt\src\chacha20_poly1305.c + chacha20_poly1305.c 0 0 - - - - LPC43xx - 1 - 0 - 0 - 0 - 2 + 1 10 1 0 0 - 0 0 - 0 - 0 0 - ..\LPC43xx\Drivers\source\lpc43xx_rtc.c - lpc43xx_rtc.c + ..\..\..\wolfcrypt\src\coding.c + coding.c 0 0 - 2 + 1 11 1 0 0 - 0 0 - 0 - 0 0 - ..\LPC43xx\Drivers\source\lpc43xx_timer.c - lpc43xx_timer.c + ..\..\..\wolfcrypt\src\compress.c + compress.c 0 0 - 2 + 1 12 1 0 0 - 0 0 - 0 - 0 0 - ..\LPC43xx\Drivers\source\lpc43xx_cgu.c - lpc43xx_cgu.c + ..\..\..\wolfcrypt\src\curve25519.c + curve25519.c 0 0 - 2 + 1 13 1 0 0 - 0 0 - 0 - 0 0 - ..\LPC43xx\Drivers\source\lpc43xx_scu.c - lpc43xx_scu.c + ..\..\..\wolfcrypt\src\des3.c + des3.c + 0 + 0 + + + 1 + 14 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\dh.c + dh.c + 0 + 0 + + + 1 + 15 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\dsa.c + dsa.c + 0 + 0 + + + 1 + 16 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ecc.c + ecc.c + 0 + 0 + + + 1 + 17 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ecc_fp.c + ecc_fp.c + 0 + 0 + + + 1 + 18 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ed25519.c + ed25519.c + 0 + 0 + + + 1 + 19 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\error.c + error.c + 0 + 0 + + + 1 + 20 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\fe_operations.c + fe_operations.c + 0 + 0 + + + 1 + 21 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ge_operations.c + ge_operations.c + 0 + 0 + + + 1 + 22 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\hc128.c + hc128.c + 0 + 0 + + + 1 + 23 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\hmac.c + hmac.c + 0 + 0 + + + 1 + 24 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\integer.c + integer.c + 0 + 0 + + + 1 + 25 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\logging.c + logging.c + 0 + 0 + + + 1 + 26 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\md2.c + md2.c + 0 + 0 + + + 1 + 27 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\md4.c + md4.c + 0 + 0 + + + 1 + 28 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\md5.c + md5.c + 0 + 0 + + + 1 + 29 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\memory.c + memory.c + 0 + 0 + + + 1 + 30 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\pkcs7.c + pkcs7.c + 0 + 0 + + + 1 + 31 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\poly1305.c + poly1305.c + 0 + 0 + + + 1 + 32 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\pwdbased.c + pwdbased.c + 0 + 0 + + + 1 + 33 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\rabbit.c + rabbit.c + 0 + 0 + + + 1 + 34 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\random.c + random.c + 0 + 0 + + + 1 + 35 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ripemd.c + ripemd.c + 0 + 0 + + + 1 + 36 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\rsa.c + rsa.c + 0 + 0 + + + 1 + 37 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\sha.c + sha.c + 0 + 0 + + + 1 + 38 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\sha256.c + sha256.c + 0 + 0 + + + 1 + 39 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\sha512.c + sha512.c + 0 + 0 + + + 1 + 40 + 1 + 1 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\tfm.c + tfm.c + 0 + 0 + + + 1 + 41 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\wc_port.c + wc_port.c + 0 + 0 + + + 1 + 42 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\fe_low_mem.c + fe_low_mem.c + 0 + 0 + + + 1 + 43 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\ge_low_mem.c + ge_low_mem.c + 0 + 0 + + + 1 + 44 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\hash.c + hash.c + 0 + 0 + + + 1 + 45 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\misc.c + misc.c + 0 + 0 + + + 1 + 46 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\srp.c + srp.c + 0 + 0 + + + 1 + 47 + 1 + 0 + 0 + 0 + 0 + ..\..\..\wolfcrypt\src\wc_encrypt.c + wc_encrypt.c 0 0 - MDK-ARM + SSL 1 0 0 0 - 3 - 14 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RV31\LIB\FS_CM3.lib - FS_CM3.lib - 0 - 0 - - - 3 - 15 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib - RTX_CM3.lib - 0 - 0 - - - 3 - 16 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib - TCPD_CM3.lib - 0 - 0 - - - 3 - 17 - 4 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - c:\Keil\ARM\RV31\LIB\TCP_CM3.lib - TCP_CM3.lib - 0 - 0 - - - 3 - 18 + 2 + 48 1 0 0 - 0 0 - 0 - 0 - 0 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c - Serial.c - 0 - 0 - - - 3 - 19 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c - ETH_LPC43xx.c - 0 - 0 - - - 3 - 20 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c - SDIO_LPC43xx.c - 0 - 0 - - - 3 - 21 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c - system_LPC43xx.c - 0 - 0 - - - - - CyaSSL Library - 0 - 0 - 0 - 0 - - 4 - 22 - 1 - 0 - 0 - 0 - 0 - 0 - 0 0 ..\..\..\src\crl.c crl.c @@ -913,15 +1203,12 @@ 0 - 4 - 23 + 2 + 49 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\internal.c internal.c @@ -929,15 +1216,12 @@ 0 - 4 - 24 + 2 + 50 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\io.c io.c @@ -945,15 +1229,12 @@ 0 - 4 - 25 + 2 + 51 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\keys.c keys.c @@ -961,15 +1242,12 @@ 0 - 4 - 26 + 2 + 52 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\ocsp.c ocsp.c @@ -977,15 +1255,12 @@ 0 - 4 - 27 + 2 + 53 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\sniffer.c sniffer.c @@ -993,15 +1268,12 @@ 0 - 4 - 28 + 2 + 54 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\ssl.c ssl.c @@ -1009,746 +1281,75 @@ 0 - 4 - 29 + 2 + 55 1 0 0 - 0 0 - 0 - 0 0 ..\..\..\src\tls.c tls.c 0 0 - - 4 - 30 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\ssl-dummy.c - ssl-dummy.c - 0 - 0 - - Crypt/Cipher Library + Config 1 0 0 0 - 5 - 31 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\aes.c - aes.c - 0 - 0 - - - 5 - 32 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\arc4.c - arc4.c - 0 - 0 - - - 5 - 33 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\asm.c - asm.c - 0 - 0 - - - 5 - 34 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\asn.c - asn.c - 0 - 0 - - - 5 - 35 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\camellia.c - camellia.c - 0 - 0 - - - 5 - 36 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\coding.c - coding.c - 0 - 0 - - - 5 - 37 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\des3.c - des3.c - 0 - 0 - - - 5 - 38 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\dh.c - dh.c - 0 - 0 - - - 5 - 39 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\dsa.c - dsa.c - 0 - 0 - - - 5 - 40 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ecc.c - ecc.c - 0 - 0 - - - 5 - 41 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ecc_fp.c - ecc_fp.c - 0 - 0 - - - 5 - 42 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\error.c - error.c - 0 - 0 - - - 5 - 43 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\hc128.c - hc128.c - 0 - 0 - - - 5 - 44 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\hmac.c - hmac.c - 0 - 0 - - - 5 - 45 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\integer.c - integer.c - 0 - 0 - - - 5 - 46 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\logging.c - logging.c - 0 - 0 - - - 5 - 47 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md2.c - md2.c - 0 - 0 - - - 5 - 48 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md4.c - md4.c - 0 - 0 - - - 5 - 49 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\md5.c - md5.c - 0 - 0 - - - 5 - 50 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\memory.c - memory.c - 0 - 0 - - - 5 - 51 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\misc.c - misc.c - 0 - 0 - - - 5 - 52 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\pwdbased.c - pwdbased.c - 0 - 0 - - - 5 - 53 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\rabbit.c - rabbit.c - 0 - 0 - - - 5 - 54 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\random.c - random.c - 0 - 0 - - - 5 - 55 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\ripemd.c - ripemd.c - 0 - 0 - - - 5 + 3 56 - 1 + 5 0 0 - 0 0 - 0 - 0 0 - ..\..\..\ctaocrypt\src\rsa.c - rsa.c + .\Readme.txt + Readme.txt 0 0 - 5 + 3 57 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha.c - sha.c - 0 - 0 - - - 5 - 58 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha256.c - sha256.c - 0 - 0 - - - 5 - 59 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\sha512.c - sha512.c - 0 - 0 - - - 5 - 60 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\tfm.c - tfm.c - 0 - 0 - - - 5 - 61 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\..\..\ctaocrypt\src\wc_port.c - wc_port.c - 0 - 0 - - - - - Configuration - 1 - 0 - 0 - 0 - - 6 - 62 - 1 - 0 - 0 - 1 - 0 - 0 - 0 - 0 - ..\MDK-ARM\config\File_Config.c - File_Config.c - 0 - 0 - - - 6 - 63 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\config\Net_Config.c - Net_Config.c - 0 - 0 - - - 6 - 64 5 0 0 - 0 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\config.h - config.h - 0 - 0 - - - 6 - 65 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\config\RTX_Conf_CM.c - RTX_Conf_CM.c - 0 - 0 - - - 6 - 66 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\config\Net_Debug.c - Net_Debug.c - 0 - 0 - - - 6 - 67 - 5 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\config-FS.h - config-FS.h - 0 - 0 - - - 6 - 68 - 5 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h - config-RTX-TCP-FS.h - 0 - 0 - - - 6 - 69 - 5 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\config-BARE-METAL.h + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h config-BARE-METAL.h 0 0 - 6 - 70 - 2 + 3 + 58 + 5 0 0 - 0 0 - 0 - 0 0 - ..\LPC43xx\startup_LPC43xx.s - startup_LPC43xx.s - 0 - 0 - - - - - CyaSSL-MDK - 1 - 0 - 0 - 0 - - 7 - 71 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c - cyassl_MDK_ARM.c + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h + config-RTX-TCP-FS.h 0 0 - 7 - 72 - 1 + 3 + 59 + 5 0 0 - 8 0 - 0 - 0 0 - ..\MDK-ARM\CyaSSL\Retarget.c - Retarget.c - 0 - 0 - - - 7 - 73 - 1 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - ..\LPC43xx\time-LCP43xx.c - time-LCP43xx.c + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h + config-WOLFLIB.h 0 0 diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj new file mode 100644 index 000000000..7997abb80 --- /dev/null +++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj @@ -0,0 +1,2138 @@ + + + + 1.1 + +
### uVision Project, (C) Keil Software
+ + + + MDK-RTX-TCP-FS-Lib + 0x4 + ARM-ADS + + + STM32F207IG + STMicroelectronics + IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3") + + "STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code") + UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000) + 5124 + stm32f2xx.h + + + + + + + + + + SFD\ST\STM32F2xx\STM32F20x.sfr + 0 + 0 + + + + ST\STM32F2xx\ + ST\STM32F2xx\ + + 0 + 0 + 0 + 0 + 1 + + .\wolfSSL-Lib\ + wolfSSL + 0 + 1 + 0 + 1 + 1 + .\Flash\ + 1 + 0 + 0 + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + + 0 + + + + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 3 + + + 1 + + + SARMCM3.DLL + -MPU + DARMSTM.DLL + -pSTM32F207IG + SARMCM3.DLL + -MPU + TARMSTM.DLL + -pSTM32F207IG + + + + 1 + 0 + 0 + 0 + 16 + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + + + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 0 + 1 + + 0 + 7 + + + + + + + + + + + + + c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\ULP2CM3.DLL + + + + + 1 + 0 + 0 + 1 + 1 + 4100 + + 1 + BIN\ULP2CM3.DLL + "" () + + + + + 0 + + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 1 + 0 + 1 + 1 + 0 + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + "Cortex-M3" + + 1 + 0 + 0 + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 8 + 0 + 0 + 0 + 3 + 3 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 1 + 0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 1 + 0x8000000 + 0x100000 + + + 0 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x8000000 + 0x100000 + + + 1 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 0 + 0x0 + 0x0 + + + + + + 1 + 4 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + HAVE_CONFIG_H WOLFSSL_STM32F2xx __DBG_ITM __RTX MDK_CONF_RTX_TCP_FS + + ..\MDK-ARM\wolfSSL;..\..\..\; .\; C:\Keil_v5\ARM\RV31\INC + + + + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + + + + + + + 1 + 0 + 0 + 0 + 1 + 0 + 0x08000000 + 0x20000000 + + + + + + + + + + + + + Crypt + + + config-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-FS.h + + + aes.c + 1 + ..\..\..\wolfcrypt\src\aes.c + + + arc4.c + 1 + ..\..\..\wolfcrypt\src\arc4.c + + + asm.c + 1 + ..\..\..\wolfcrypt\src\asm.c + + + asn.c + 1 + ..\..\..\wolfcrypt\src\asn.c + + + blake2b.c + 1 + ..\..\..\wolfcrypt\src\blake2b.c + + + camellia.c + 1 + ..\..\..\wolfcrypt\src\camellia.c + + + chacha.c + 1 + ..\..\..\wolfcrypt\src\chacha.c + + + chacha20_poly1305.c + 1 + ..\..\..\wolfcrypt\src\chacha20_poly1305.c + + + coding.c + 1 + ..\..\..\wolfcrypt\src\coding.c + + + compress.c + 1 + ..\..\..\wolfcrypt\src\compress.c + + + curve25519.c + 1 + ..\..\..\wolfcrypt\src\curve25519.c + + + des3.c + 1 + ..\..\..\wolfcrypt\src\des3.c + + + dh.c + 1 + ..\..\..\wolfcrypt\src\dh.c + + + dsa.c + 1 + ..\..\..\wolfcrypt\src\dsa.c + + + ecc.c + 1 + ..\..\..\wolfcrypt\src\ecc.c + + + ecc_fp.c + 1 + ..\..\..\wolfcrypt\src\ecc_fp.c + + + ed25519.c + 1 + ..\..\..\wolfcrypt\src\ed25519.c + + + error.c + 1 + ..\..\..\wolfcrypt\src\error.c + + + fe_operations.c + 1 + ..\..\..\wolfcrypt\src\fe_operations.c + + + ge_operations.c + 1 + ..\..\..\wolfcrypt\src\ge_operations.c + + + hc128.c + 1 + ..\..\..\wolfcrypt\src\hc128.c + + + hmac.c + 1 + ..\..\..\wolfcrypt\src\hmac.c + + + integer.c + 1 + ..\..\..\wolfcrypt\src\integer.c + + + logging.c + 1 + ..\..\..\wolfcrypt\src\logging.c + + + md2.c + 1 + ..\..\..\wolfcrypt\src\md2.c + + + md4.c + 1 + ..\..\..\wolfcrypt\src\md4.c + + + md5.c + 1 + ..\..\..\wolfcrypt\src\md5.c + + + memory.c + 1 + ..\..\..\wolfcrypt\src\memory.c + + + pkcs7.c + 1 + ..\..\..\wolfcrypt\src\pkcs7.c + + + poly1305.c + 1 + ..\..\..\wolfcrypt\src\poly1305.c + + + pwdbased.c + 1 + ..\..\..\wolfcrypt\src\pwdbased.c + + + rabbit.c + 1 + ..\..\..\wolfcrypt\src\rabbit.c + + + random.c + 1 + ..\..\..\wolfcrypt\src\random.c + + + ripemd.c + 1 + ..\..\..\wolfcrypt\src\ripemd.c + + + rsa.c + 1 + ..\..\..\wolfcrypt\src\rsa.c + + + sha.c + 1 + ..\..\..\wolfcrypt\src\sha.c + + + sha256.c + 1 + ..\..\..\wolfcrypt\src\sha256.c + + + sha512.c + 1 + ..\..\..\wolfcrypt\src\sha512.c + + + tfm.c + 1 + ..\..\..\wolfcrypt\src\tfm.c + + + wc_port.c + 1 + ..\..\..\wolfcrypt\src\wc_port.c + + + fe_low_mem.c + 1 + ..\..\..\wolfcrypt\src\fe_low_mem.c + + + ge_low_mem.c + 1 + ..\..\..\wolfcrypt\src\ge_low_mem.c + + + hash.c + 1 + ..\..\..\wolfcrypt\src\hash.c + + + misc.c + 1 + ..\..\..\wolfcrypt\src\misc.c + + + srp.c + 1 + ..\..\..\wolfcrypt\src\srp.c + + + wc_encrypt.c + 1 + ..\..\..\wolfcrypt\src\wc_encrypt.c + + + + + SSL + + + crl.c + 1 + ..\..\..\src\crl.c + + + internal.c + 1 + ..\..\..\src\internal.c + + + io.c + 1 + ..\..\..\src\io.c + + + keys.c + 1 + ..\..\..\src\keys.c + + + ocsp.c + 1 + ..\..\..\src\ocsp.c + + + sniffer.c + 1 + ..\..\..\src\sniffer.c + + + ssl.c + 1 + ..\..\..\src\ssl.c + + + tls.c + 1 + ..\..\..\src\tls.c + + + + + Config + + + Readme.txt + 5 + .\Readme.txt + + + config-BARE-METAL.h + 5 + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h + + + config-RTX-TCP-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h + + + + + + + MDK-FS-Lib + 0x4 + ARM-ADS + + + STM32F207IG + STMicroelectronics + IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3") + + "STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code") + UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000) + 5124 + stm32f2xx.h + + + + + + + + + + SFD\ST\STM32F2xx\STM32F20x.sfr + 0 + 0 + + + + ST\STM32F2xx\ + ST\STM32F2xx\ + + 0 + 0 + 0 + 0 + 1 + + .\wolfSSL-Lib\ + wolfSSL + 0 + 1 + 0 + 1 + 1 + .\Flash\ + 1 + 0 + 0 + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + + 0 + + + + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 3 + + + 1 + + + SARMCM3.DLL + -MPU + DARMSTM.DLL + -pSTM32F207IG + SARMCM3.DLL + -MPU + TARMSTM.DLL + -pSTM32F207IG + + + + 1 + 0 + 0 + 0 + 16 + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + + + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 0 + 1 + + 0 + 1 + + + + + + + + + + + + + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + + + + 1 + 0 + 0 + 1 + 1 + 4100 + + 1 + BIN\ULP2CM3.DLL + "" () + + + + + 0 + + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 1 + 0 + 1 + 1 + 0 + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + "Cortex-M3" + + 0 + 0 + 0 + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 8 + 0 + 0 + 0 + 3 + 3 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 1 + 0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 1 + 0x8000000 + 0x100000 + + + 0 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x8000000 + 0x100000 + + + 1 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 0 + 0x0 + 0x0 + + + + + + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM MDK_CONF_FS + + ..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\ + + + + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + + + + + + + 1 + 0 + 0 + 0 + 1 + 0 + 0x08000000 + 0x20000000 + + + + + + + + + + + + + Crypt + + + config-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-FS.h + + + aes.c + 1 + ..\..\..\wolfcrypt\src\aes.c + + + arc4.c + 1 + ..\..\..\wolfcrypt\src\arc4.c + + + asm.c + 1 + ..\..\..\wolfcrypt\src\asm.c + + + asn.c + 1 + ..\..\..\wolfcrypt\src\asn.c + + + blake2b.c + 1 + ..\..\..\wolfcrypt\src\blake2b.c + + + camellia.c + 1 + ..\..\..\wolfcrypt\src\camellia.c + + + chacha.c + 1 + ..\..\..\wolfcrypt\src\chacha.c + + + chacha20_poly1305.c + 1 + ..\..\..\wolfcrypt\src\chacha20_poly1305.c + + + coding.c + 1 + ..\..\..\wolfcrypt\src\coding.c + + + compress.c + 1 + ..\..\..\wolfcrypt\src\compress.c + + + curve25519.c + 1 + ..\..\..\wolfcrypt\src\curve25519.c + + + des3.c + 1 + ..\..\..\wolfcrypt\src\des3.c + + + dh.c + 1 + ..\..\..\wolfcrypt\src\dh.c + + + dsa.c + 1 + ..\..\..\wolfcrypt\src\dsa.c + + + ecc.c + 1 + ..\..\..\wolfcrypt\src\ecc.c + + + ecc_fp.c + 1 + ..\..\..\wolfcrypt\src\ecc_fp.c + + + ed25519.c + 1 + ..\..\..\wolfcrypt\src\ed25519.c + + + error.c + 1 + ..\..\..\wolfcrypt\src\error.c + + + fe_operations.c + 1 + ..\..\..\wolfcrypt\src\fe_operations.c + + + ge_operations.c + 1 + ..\..\..\wolfcrypt\src\ge_operations.c + + + hc128.c + 1 + ..\..\..\wolfcrypt\src\hc128.c + + + hmac.c + 1 + ..\..\..\wolfcrypt\src\hmac.c + + + integer.c + 1 + ..\..\..\wolfcrypt\src\integer.c + + + logging.c + 1 + ..\..\..\wolfcrypt\src\logging.c + + + md2.c + 1 + ..\..\..\wolfcrypt\src\md2.c + + + md4.c + 1 + ..\..\..\wolfcrypt\src\md4.c + + + md5.c + 1 + ..\..\..\wolfcrypt\src\md5.c + + + memory.c + 1 + ..\..\..\wolfcrypt\src\memory.c + + + pkcs7.c + 1 + ..\..\..\wolfcrypt\src\pkcs7.c + + + poly1305.c + 1 + ..\..\..\wolfcrypt\src\poly1305.c + + + pwdbased.c + 1 + ..\..\..\wolfcrypt\src\pwdbased.c + + + rabbit.c + 1 + ..\..\..\wolfcrypt\src\rabbit.c + + + random.c + 1 + ..\..\..\wolfcrypt\src\random.c + + + ripemd.c + 1 + ..\..\..\wolfcrypt\src\ripemd.c + + + rsa.c + 1 + ..\..\..\wolfcrypt\src\rsa.c + + + sha.c + 1 + ..\..\..\wolfcrypt\src\sha.c + + + sha256.c + 1 + ..\..\..\wolfcrypt\src\sha256.c + + + sha512.c + 1 + ..\..\..\wolfcrypt\src\sha512.c + + + tfm.c + 1 + ..\..\..\wolfcrypt\src\tfm.c + + + wc_port.c + 1 + ..\..\..\wolfcrypt\src\wc_port.c + + + fe_low_mem.c + 1 + ..\..\..\wolfcrypt\src\fe_low_mem.c + + + ge_low_mem.c + 1 + ..\..\..\wolfcrypt\src\ge_low_mem.c + + + hash.c + 1 + ..\..\..\wolfcrypt\src\hash.c + + + misc.c + 1 + ..\..\..\wolfcrypt\src\misc.c + + + srp.c + 1 + ..\..\..\wolfcrypt\src\srp.c + + + wc_encrypt.c + 1 + ..\..\..\wolfcrypt\src\wc_encrypt.c + + + + + SSL + + + crl.c + 1 + ..\..\..\src\crl.c + + + internal.c + 1 + ..\..\..\src\internal.c + + + io.c + 1 + ..\..\..\src\io.c + + + keys.c + 1 + ..\..\..\src\keys.c + + + ocsp.c + 1 + ..\..\..\src\ocsp.c + + + sniffer.c + 1 + ..\..\..\src\sniffer.c + + + ssl.c + 1 + ..\..\..\src\ssl.c + + + tls.c + 1 + ..\..\..\src\tls.c + + + + + Config + + + Readme.txt + 5 + .\Readme.txt + + + config-BARE-METAL.h + 5 + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h + + + config-RTX-TCP-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h + + + + + + + wolfSSL-Lib + 0x4 + ARM-ADS + + + STM32F207IG + STMicroelectronics + IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3") + + "STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code") + UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000) + 5124 + stm32f2xx.h + + + + + + + + + + SFD\ST\STM32F2xx\STM32F20x.sfr + 0 + 0 + + + + ST\STM32F2xx\ + ST\STM32F2xx\ + + 0 + 0 + 0 + 0 + 1 + + .\wolfSSL-Lib\ + wolfSSL + 0 + 1 + 0 + 1 + 1 + .\Flash\ + 1 + 0 + 0 + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + 0 + 0 + + + 0 + 0 + + + 0 + 0 + + 0 + + + + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 3 + + + 1 + + + SARMCM3.DLL + -MPU + DARMSTM.DLL + -pSTM32F207IG + SARMCM3.DLL + -MPU + TARMSTM.DLL + -pSTM32F207IG + + + + 1 + 0 + 0 + 0 + 16 + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + + + 1 + 1 + 0 + 1 + 1 + 1 + 0 + 1 + 0 + 1 + + 0 + 1 + + + + + + + + + + + + + ..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini + BIN\UL2CM3.DLL + + + + + 1 + 0 + 0 + 1 + 1 + 4100 + + 1 + BIN\ULP2CM3.DLL + "" () + + + + + 0 + + + + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 1 + 1 + 0 + 0 + 1 + 0 + 0 + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 0 + 0 + "Cortex-M3" + + 0 + 0 + 0 + 1 + 1 + 0 + 0 + 0 + 0 + 0 + 8 + 0 + 0 + 0 + 3 + 3 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 1 + 0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 1 + 0x8000000 + 0x100000 + + + 0 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x0 + 0x0 + + + 1 + 0x8000000 + 0x100000 + + + 1 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x0 + 0x0 + + + 0 + 0x20000000 + 0x20000 + + + 0 + 0x0 + 0x0 + + + + + + 1 + 4 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + HAVE_CONFIG_H MDK_WOLFLIB + + ..\..\..\;.\;..\MDK-ARM\wolfSSL + + + + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + + + + + + + 1 + 0 + 0 + 0 + 1 + 0 + 0x08000000 + 0x20000000 + + + + + + + + + + + + + Crypt + + + config-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-FS.h + + + aes.c + 1 + ..\..\..\wolfcrypt\src\aes.c + + + arc4.c + 1 + ..\..\..\wolfcrypt\src\arc4.c + + + asm.c + 1 + ..\..\..\wolfcrypt\src\asm.c + + + asn.c + 1 + ..\..\..\wolfcrypt\src\asn.c + + + blake2b.c + 1 + ..\..\..\wolfcrypt\src\blake2b.c + + + camellia.c + 1 + ..\..\..\wolfcrypt\src\camellia.c + + + chacha.c + 1 + ..\..\..\wolfcrypt\src\chacha.c + + + chacha20_poly1305.c + 1 + ..\..\..\wolfcrypt\src\chacha20_poly1305.c + + + coding.c + 1 + ..\..\..\wolfcrypt\src\coding.c + + + compress.c + 1 + ..\..\..\wolfcrypt\src\compress.c + + + curve25519.c + 1 + ..\..\..\wolfcrypt\src\curve25519.c + + + des3.c + 1 + ..\..\..\wolfcrypt\src\des3.c + + + dh.c + 1 + ..\..\..\wolfcrypt\src\dh.c + + + dsa.c + 1 + ..\..\..\wolfcrypt\src\dsa.c + + + ecc.c + 1 + ..\..\..\wolfcrypt\src\ecc.c + + + ecc_fp.c + 1 + ..\..\..\wolfcrypt\src\ecc_fp.c + + + ed25519.c + 1 + ..\..\..\wolfcrypt\src\ed25519.c + + + error.c + 1 + ..\..\..\wolfcrypt\src\error.c + + + fe_operations.c + 1 + ..\..\..\wolfcrypt\src\fe_operations.c + + + ge_operations.c + 1 + ..\..\..\wolfcrypt\src\ge_operations.c + + + hc128.c + 1 + ..\..\..\wolfcrypt\src\hc128.c + + + hmac.c + 1 + ..\..\..\wolfcrypt\src\hmac.c + + + integer.c + 1 + ..\..\..\wolfcrypt\src\integer.c + + + logging.c + 1 + ..\..\..\wolfcrypt\src\logging.c + + + md2.c + 1 + ..\..\..\wolfcrypt\src\md2.c + + + md4.c + 1 + ..\..\..\wolfcrypt\src\md4.c + + + md5.c + 1 + ..\..\..\wolfcrypt\src\md5.c + + + memory.c + 1 + ..\..\..\wolfcrypt\src\memory.c + + + pkcs7.c + 1 + ..\..\..\wolfcrypt\src\pkcs7.c + + + poly1305.c + 1 + ..\..\..\wolfcrypt\src\poly1305.c + + + pwdbased.c + 1 + ..\..\..\wolfcrypt\src\pwdbased.c + + + rabbit.c + 1 + ..\..\..\wolfcrypt\src\rabbit.c + + + random.c + 1 + ..\..\..\wolfcrypt\src\random.c + + + ripemd.c + 1 + ..\..\..\wolfcrypt\src\ripemd.c + + + rsa.c + 1 + ..\..\..\wolfcrypt\src\rsa.c + + + sha.c + 1 + ..\..\..\wolfcrypt\src\sha.c + + + sha256.c + 1 + ..\..\..\wolfcrypt\src\sha256.c + + + sha512.c + 1 + ..\..\..\wolfcrypt\src\sha512.c + + + tfm.c + 1 + ..\..\..\wolfcrypt\src\tfm.c + + + wc_port.c + 1 + ..\..\..\wolfcrypt\src\wc_port.c + + + fe_low_mem.c + 1 + ..\..\..\wolfcrypt\src\fe_low_mem.c + + + ge_low_mem.c + 1 + ..\..\..\wolfcrypt\src\ge_low_mem.c + + + hash.c + 1 + ..\..\..\wolfcrypt\src\hash.c + + + misc.c + 1 + ..\..\..\wolfcrypt\src\misc.c + + + srp.c + 1 + ..\..\..\wolfcrypt\src\srp.c + + + wc_encrypt.c + 1 + ..\..\..\wolfcrypt\src\wc_encrypt.c + + + + + SSL + + + crl.c + 1 + ..\..\..\src\crl.c + + + internal.c + 1 + ..\..\..\src\internal.c + + + io.c + 1 + ..\..\..\src\io.c + + + keys.c + 1 + ..\..\..\src\keys.c + + + ocsp.c + 1 + ..\..\..\src\ocsp.c + + + sniffer.c + 1 + ..\..\..\src\sniffer.c + + + ssl.c + 1 + ..\..\..\src\ssl.c + + + tls.c + 1 + ..\..\..\src\tls.c + + + + + Config + + + Readme.txt + 5 + .\Readme.txt + + + config-BARE-METAL.h + 5 + ..\MDK-ARM\wolfSSL\config-BARE-METAL.h + + + config-RTX-TCP-FS.h + 5 + ..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h + + + config-WOLFLIB.h + 5 + ..\MDK-ARM\wolfSSL\config-WOLFLIB.h + + + + + + + + diff --git a/IDE/MDK-ARM/Projects/Readme.txt b/IDE/MDK-ARM/Projects/Readme.txt new file mode 100644 index 000000000..87ba83c96 --- /dev/null +++ b/IDE/MDK-ARM/Projects/Readme.txt @@ -0,0 +1,8 @@ + +Use appropriate config file for the target library. + +Configfile files Target +config-WOLFLIB.h: wolfSSL-Lib /* for general use wolfSSL library */ +config-BARE-METAL.h: MDK-BAREMETAL-Lib /* for linking with MDK-BAREMETAL target in MDK-ARM-STM32F2xx project */ +config-FS.h: MDK-FS-Lib /* for linking with MDK-FS target in MDK-ARM-STM32F2xx project */ +config-RTX-TCP-FS.h: MDK-RTX-TCP-FS-Lib /* for linking with MDK-RTX-TCP-FS target in MDK-ARM-STM32F2xx project */ diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj index 38e264b20..06ad22bd3 100644 --- a/IDE/WIN/test.vcxproj +++ b/IDE/WIN/test.vcxproj @@ -152,16 +152,16 @@ Level3 ProgramDatabase + true true Console + MachineX86 ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) true true - MachineX86 UseLinkTimeCodeGeneration - false @@ -187,7 +187,7 @@ Disabled ..\..\;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -200,18 +200,20 @@ Console MachineX86 ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + false Disabled ..\..\;%(AdditionalIncludeDirectories) - WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + _DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL Level3 ProgramDatabase + false true @@ -223,7 +225,7 @@ ..\..\;%(AdditionalIncludeDirectories) - WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions) MultiThreadedDLL Level3 @@ -243,7 +245,7 @@ ..\..\;%(AdditionalIncludeDirectories) - WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions) + WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions) MultiThreadedDLL Level3 @@ -271,4 +273,4 @@ - + \ No newline at end of file diff --git a/IDE/WIN/wolfssl-fips.sln b/IDE/WIN/wolfssl-fips.sln index f1fecbbae..306616419 100644 --- a/IDE/WIN/wolfssl-fips.sln +++ b/IDE/WIN/wolfssl-fips.sln @@ -1,5 +1,5 @@  -Microsoft Visual Studio Solution File, Format Version 12.00 +Microsoft Visual Studio Solution File, Format Version 10.00 # Visual Studio Express 2012 for Windows Desktop Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-fips", "wolfssl-fips.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}" EndProject diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj index c63c79bd1..5f007c9bf 100644 --- a/IDE/WIN/wolfssl-fips.vcxproj +++ b/IDE/WIN/wolfssl-fips.vcxproj @@ -132,7 +132,7 @@ Disabled ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) true EnableFastChecks MultiThreadedDebugDLL @@ -140,6 +140,9 @@ ProgramDatabase 4206;4214;4706;%(DisableSpecificWarnings) + + ws2_32.lib;%(AdditionalDependencies) + @@ -157,8 +160,9 @@ Disabled ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) - EnableFastChecks + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + true + EnableFastChecks MultiThreadedDebugDLL Level4 ProgramDatabase @@ -166,8 +170,7 @@ ws2_32.lib;%(AdditionalDependencies) - false - true + false @@ -175,11 +178,12 @@ MaxSpeed true ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + WIN32;OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) MultiThreadedDLL true Level3 ProgramDatabase + false @@ -187,12 +191,15 @@ MaxSpeed true ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) MultiThreadedDLL true Level3 ProgramDatabase + + ws2_32.lib;%(AdditionalDependencies) + @@ -212,12 +219,16 @@ MaxSpeed true ./;../../;%(AdditionalIncludeDirectories) - OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) + OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions) MultiThreadedDLL true Level3 ProgramDatabase + + ws2_32.lib;%(AdditionalDependencies) + false + @@ -287,6 +298,7 @@ + @@ -307,4 +319,4 @@ - + \ No newline at end of file diff --git a/examples/client/client.c b/examples/client/client.c index cb9c40f33..1dedf320f 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -499,6 +499,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) done = 1; /* external cert chain most likely has SHA */ #endif + #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) + if (!XSTRNCMP(domain, "www.google.com", 14)) { + done = 1; /* google needs ECDHE or static RSA */ + } + #endif + if (done) { printf("external test can't be run in this mode"); diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index bbf82ea9e..5757fb18d 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -29,11 +29,11 @@ #include #include -#if defined(CYASSL_MDK_ARM) +#if defined(WOLFSSL_MDK_ARM) #include #include - #if defined(CYASSL_MDK5) + #if defined(WOLFSSL_MDK5) #include "cmsis_os.h" #include "rl_fs.h" #include "rl_net.h" @@ -41,7 +41,7 @@ #include "rtl.h" #endif - #include "cyassl_MDK_ARM.h" + #include "wolfssl_MDK_ARM.h" #endif #include @@ -74,7 +74,7 @@ void echoclient_test(void* args) ((func_args*)args)->return_code = -1; /* error state */ -#ifndef CYASSL_MDK_SHELL +#ifndef WOLFSSL_MDK_SHELL argc = ((func_args*)args)->argc; argv = ((func_args*)args)->argv; #endif @@ -103,7 +103,7 @@ void echoclient_test(void* args) doPSK = 1; #endif -#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && !defined(CYASSL_MDK_SHELL) +#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_SHELL) port = ((func_args*)args)->signal->port; #endif @@ -143,6 +143,8 @@ void echoclient_test(void* args) CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; + #elif defined(HAVE_AESGCM) && !defined(NO_DH) + defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif @@ -155,7 +157,7 @@ void echoclient_test(void* args) SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif - #if defined(CYASSL_MDK_ARM) + #if defined(WOLFSSL_MDK_ARM) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif @@ -196,7 +198,7 @@ void echoclient_test(void* args) break; } - #ifndef CYASSL_MDK_SHELL + #ifndef WOLFSSL_MDK_SHELL while (sendSz) { int got; if ( (got = SSL_read(ssl, reply, sizeof(reply)-1)) > 0) { @@ -262,7 +264,7 @@ void echoclient_test(void* args) args.argv = argv; CyaSSL_Init(); -#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL) +#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL) CyaSSL_Debugging_ON(); #endif #ifndef CYASSL_TIRTOS diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index cb512f4d8..83f181e5a 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -29,11 +29,11 @@ #include /* ecc_fp_free */ #endif -#if defined(CYASSL_MDK_ARM) +#if defined(WOLFSSL_MDK_ARM) #include #include - #if defined(CYASSL_MDK5) + #if defined(WOLFSSL_MDK5) #include "cmsis_os.h" #include "rl_fs.h" #include "rl_net.h" @@ -41,7 +41,7 @@ #include "rtl.h" #endif - #include "cyassl_MDK_ARM.h" + #include "wolfssl_MDK_ARM.h" #endif #include @@ -83,7 +83,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) int outCreated = 0; int shutDown = 0; int useAnyAddr = 0; - word16 port = yasslPort; + word16 port = wolfSSLPort; int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; @@ -114,7 +114,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) #endif #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ - !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \ + !defined(CYASSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \ !defined(CYASSL_TIRTOS) port = 0; #endif @@ -210,6 +210,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; + #elif defined(HAVE_AESGCM) && !defined(NO_DH) + defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif diff --git a/examples/server/server.c b/examples/server/server.c index 7f0c07d61..80295d3f4 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -34,11 +34,11 @@ #define WOLFSSL_TRACK_MEMORY #endif -#if defined(CYASSL_MDK_ARM) +#if defined(WOLFSSL_MDK_ARM) #include #include - #if defined(CYASSL_MDK5) + #if defined(WOLFSSL_MDK5) #include "cmsis_os.h" #include "rl_fs.h" #include "rl_net.h" @@ -46,7 +46,7 @@ #include "rtl.h" #endif - #include "cyassl_MDK_ARM.h" + #include "wolfssl_MDK_ARM.h" #endif #include #include @@ -179,7 +179,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) int version = SERVER_DEFAULT_VERSION; int doCliCertCheck = 1; int useAnyAddr = 0; - word16 port = yasslPort; + word16 port = wolfSSLPort; int usePsk = 0; int useAnon = 0; int doDTLS = 0; @@ -661,7 +661,7 @@ while (1) { /* allow resume option */ if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) err_sys("SSL_write failed"); - #if defined(CYASSL_MDK_SHELL) && defined(HAVE_MDK_RTX) + #if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX) os_dly_wait(500) ; #elif defined (CYASSL_TIRTOS) Task_yield(); @@ -731,7 +731,7 @@ while (1) { /* allow resume option */ args.argv = argv; CyaSSL_Init(); -#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL) +#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL) CyaSSL_Debugging_ON(); #endif if (CurrentDir("_build")) diff --git a/src/internal.c b/src/internal.c index bd04bdbec..73d837847 100644 --- a/src/internal.c +++ b/src/internal.c @@ -45,7 +45,7 @@ #endif #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) - #ifdef FREESCALE_MQX + #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #if MQX_USE_IO_OLD #include #else @@ -2277,7 +2277,7 @@ void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type, XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ, fragSz + DTLS_HANDSHAKE_HEADER_SZ); else { - /* If fragOffet is non-zero, this is an additional fragment that + /* If fragOffset is non-zero, this is an additional fragment that * needs to be copied to its location in the message buffer. Also * copy the total size of the message over the fragment size. The * hash routines look at a defragmented message if it had actually @@ -2479,7 +2479,7 @@ ProtocolVersion MakeDTLSv1_2(void) #endif -#elif defined(FREESCALE_MQX) +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) word32 LowResTimer(void) { @@ -2535,6 +2535,45 @@ ProtocolVersion MakeDTLSv1_2(void) #endif /* USE_WINDOWS_API */ +static int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz) +{ +#ifdef HAVE_FUZZER + if (ssl->fuzzerCb) + ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx); +#endif +#ifndef NO_OLD_TLS +#ifndef NO_SHA + wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz); +#endif +#ifndef NO_MD5 + wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz); +#endif +#endif + + if (IsAtLeastTLSv1_2(ssl)) { + int ret; + +#ifndef NO_SHA256 + ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, output, sz); + if (ret != 0) + return ret; +#endif +#ifdef WOLFSSL_SHA384 + ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, output, sz); + if (ret != 0) + return ret; +#endif +#ifdef WOLFSSL_SHA512 + ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, output, sz); + if (ret != 0) + return ret; +#endif + } + + return 0; +} + + /* add output to md5 and sha handshake hashes, exclude record header */ static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) { @@ -2658,10 +2697,13 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl /* add handshake header for message */ -static void AddHandShakeHeader(byte* output, word32 length, byte type, - WOLFSSL* ssl) +static void AddHandShakeHeader(byte* output, word32 length, + word32 fragOffset, word32 fragLength, + byte type, WOLFSSL* ssl) { HandShakeHeader* hs; + (void)fragOffset; + (void)fragLength; (void)ssl; /* handshake header */ @@ -2675,8 +2717,8 @@ static void AddHandShakeHeader(byte* output, word32 length, byte type, /* dtls handshake header extensions */ dtls = (DtlsHandShakeHeader*)output; c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq); - c32to24(0, dtls->fragment_offset); - c32to24(length, dtls->fragment_length); + c32to24(fragOffset, dtls->fragment_offset); + c32to24(fragLength, dtls->fragment_length); } #endif } @@ -2685,16 +2727,37 @@ static void AddHandShakeHeader(byte* output, word32 length, byte type, /* add both headers for handshake message */ static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl) { - if (!ssl->options.dtls) { - AddRecordHeader(output, length + HANDSHAKE_HEADER_SZ, handshake, ssl); - AddHandShakeHeader(output + RECORD_HEADER_SZ, length, type, ssl); - } + word32 lengthAdj = HANDSHAKE_HEADER_SZ; + word32 outputAdj = RECORD_HEADER_SZ; + #ifdef WOLFSSL_DTLS - else { - AddRecordHeader(output, length+DTLS_HANDSHAKE_HEADER_SZ, handshake,ssl); - AddHandShakeHeader(output + DTLS_RECORD_HEADER_SZ, length, type, ssl); + if (ssl->options.dtls) { + lengthAdj += DTLS_HANDSHAKE_EXTRA; + outputAdj += DTLS_RECORD_EXTRA; } #endif + + AddRecordHeader(output, length + lengthAdj, handshake, ssl); + AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl); +} + + +static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset, + word32 length, byte type, WOLFSSL* ssl) +{ + word32 lengthAdj = HANDSHAKE_HEADER_SZ; + word32 outputAdj = RECORD_HEADER_SZ; + (void)fragSz; + +#ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + lengthAdj += DTLS_HANDSHAKE_EXTRA; + outputAdj += DTLS_RECORD_EXTRA; + } +#endif + + AddRecordHeader(output, fragSz + lengthAdj, handshake, ssl); + AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl); } @@ -4018,15 +4081,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, c24to32(input + *inOutIdx, &listSz); *inOutIdx += OPAQUE24_LEN; -#ifdef HAVE_MAX_FRAGMENT - if (listSz > ssl->max_fragment) { - SendAlert(ssl, alert_fatal, record_overflow); - return BUFFER_E; - } -#else if (listSz > MAX_RECORD_SIZE) return BUFFER_E; -#endif if ((*inOutIdx - begin) + listSz != size) return BUFFER_ERROR; @@ -5193,6 +5249,8 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->keys.dtls_expected_peer_handshake_number) { /* Already saw this message and processed it. It can be ignored. */ *inOutIdx += fragSz; + if(type == finished ) + *inOutIdx += ssl->keys.padSz; ret = 0; } else if (fragSz < size) { @@ -5943,6 +6001,7 @@ static INLINE void Md5Rounds(int rounds, const byte* data, int sz) for (i = 0; i < rounds; i++) wc_Md5Update(&md5, data, sz); + wc_Md5Free(&md5) ; /* in case needed to release resources */ } @@ -5957,6 +6016,7 @@ static INLINE void ShaRounds(int rounds, const byte* data, int sz) for (i = 0; i < rounds; i++) wc_ShaUpdate(&sha, data, sz); + wc_ShaFree(&sha) ; /* in case needed to release resources */ } #endif @@ -5974,7 +6034,7 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) wc_Sha256Update(&sha256, data, sz); /* no error check on purpose, dummy round */ } - + wc_Sha256Free(&sha256) ; /* in case needed to release resources */ } #endif @@ -5993,6 +6053,7 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) wc_Sha384Update(&sha384, data, sz); /* no error check on purpose, dummy round */ } + wc_Sha384Free(&sha384) ; /* in case needed to release resources */ } #endif @@ -6011,6 +6072,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) wc_Sha512Update(&sha512, data, sz); /* no error check on purpose, dummy round */ } + wc_Sha512Free(&sha512) ; /* in case needed to release resources */ } #endif @@ -7279,7 +7341,7 @@ int SendFinished(WOLFSSL* ssl) output = ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length; - AddHandShakeHeader(input, finishedSz, finished, ssl); + AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl); /* make finished hashes */ hashes = (Hashes*)&input[headerSz]; @@ -7360,117 +7422,231 @@ int SendFinished(WOLFSSL* ssl) return SendBuffered(ssl); } + #ifndef NO_CERTS int SendCertificate(WOLFSSL* ssl) { - int sendSz, length, ret = 0; - word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - word32 certSz, listSz; - byte* output = 0; + int ret = 0; + word32 certSz, certChainSz, headerSz, listSz, payloadSz; + word32 length, maxFragment; if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher) return 0; /* not needed */ if (ssl->options.sendVerify == SEND_BLANK_CERT) { certSz = 0; + certChainSz = 0; + headerSz = CERT_HEADER_SZ; length = CERT_HEADER_SZ; listSz = 0; } else { certSz = ssl->buffers.certificate.length; + headerSz = 2 * CERT_HEADER_SZ; /* list + cert size */ - length = certSz + 2 * CERT_HEADER_SZ; + length = certSz + headerSz; listSz = certSz + CERT_HEADER_SZ; /* may need to send rest of chain, already has leading size(s) */ - if (ssl->buffers.certChain.buffer) { - length += ssl->buffers.certChain.length; - listSz += ssl->buffers.certChain.length; + if (certSz) { + certChainSz = ssl->buffers.certChain.length; + length += certChainSz; + listSz += certChainSz; } + else + certChainSz = 0; } - sendSz = length + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + payloadSz = length; + + if (ssl->fragOffset != 0) + length -= (ssl->fragOffset + headerSz); + + maxFragment = MAX_RECORD_SIZE; + if (ssl->options.dtls) { #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - } - #endif - - if (ssl->keys.encryptionOn) - sendSz += MAX_MSG_EXTRA; - - /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) - return ret; - - /* get ouput buffer */ - output = ssl->buffers.outputBuffer.buffer + - ssl->buffers.outputBuffer.length; - - AddHeaders(output, length, certificate, ssl); - - /* list total */ - c32to24(listSz, output + i); - i += CERT_HEADER_SZ; - - /* member */ - if (certSz) { - c32to24(certSz, output + i); - i += CERT_HEADER_SZ; - XMEMCPY(output + i, ssl->buffers.certificate.buffer, certSz); - i += certSz; - - /* send rest of chain? */ - if (ssl->buffers.certChain.buffer) { - XMEMCPY(output + i, ssl->buffers.certChain.buffer, - ssl->buffers.certChain.length); - i += ssl->buffers.certChain.length; - } + maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ + - DTLS_HANDSHAKE_HEADER_SZ - 100; + #endif /* WOLFSSL_DTLS */ } - if (ssl->keys.encryptionOn) { - byte* input; - int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */ + #ifdef HAVE_MAX_FRAGMENT + if (ssl->max_fragment != 0 && maxFragment >= ssl->max_fragment) + maxFragment = ssl->max_fragment; + #endif /* HAVE_MAX_FRAGMENT */ - input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (input == NULL) - return MEMORY_E; + while (length > 0 && ret == 0) { + byte* output = NULL; + word32 fragSz = 0; + word32 i = RECORD_HEADER_SZ; + int sendSz = RECORD_HEADER_SZ; - XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); - sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake); - XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (!ssl->options.dtls) { + if (ssl->fragOffset == 0) { + if (headerSz + certSz + certChainSz <= + maxFragment - HANDSHAKE_HEADER_SZ) { - if (sendSz < 0) - return sendSz; - } else { - ret = HashOutput(ssl, output, sendSz, 0); - if (ret != 0) + fragSz = headerSz + certSz + certChainSz; + } + else { + fragSz = maxFragment - HANDSHAKE_HEADER_SZ; + } + sendSz += fragSz + HANDSHAKE_HEADER_SZ; + i += HANDSHAKE_HEADER_SZ; + } + else { + fragSz = min(length, maxFragment); + sendSz += fragSz; + } + + if (ssl->keys.encryptionOn) + sendSz += MAX_MSG_EXTRA; + } + else { + #ifdef WOLFSSL_DTLS + fragSz = min(length, maxFragment); + sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA + + HANDSHAKE_HEADER_SZ; + i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA + + HANDSHAKE_HEADER_SZ; + #endif + } + + /* check for available size */ + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) return ret; + + /* get ouput buffer */ + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + + if (ssl->fragOffset == 0) { + if (!ssl->options.dtls) { + AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl); + if (!ssl->keys.encryptionOn) + HashOutputRaw(ssl, output + RECORD_HEADER_SZ, + HANDSHAKE_HEADER_SZ); + } + else { + #ifdef WOLFSSL_DTLS + AddHeaders(output, payloadSz, certificate, ssl); + if (!ssl->keys.encryptionOn) + HashOutputRaw(ssl, + output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA, + HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA); + /* Adding the headers increments these, decrement them for + * actual message header. */ + ssl->keys.dtls_sequence_number--; + ssl->keys.dtls_handshake_number--; + AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl); + ssl->keys.dtls_handshake_number--; + #endif /* WOLFSSL_DTLS */ + } + + /* list total */ + c32to24(listSz, output + i); + if (!ssl->keys.encryptionOn) + HashOutputRaw(ssl, output + i, CERT_HEADER_SZ); + i += CERT_HEADER_SZ; + length -= CERT_HEADER_SZ; + fragSz -= CERT_HEADER_SZ; + if (certSz) { + c32to24(certSz, output + i); + if (!ssl->keys.encryptionOn) + HashOutputRaw(ssl, output + i, CERT_HEADER_SZ); + i += CERT_HEADER_SZ; + length -= CERT_HEADER_SZ; + fragSz -= CERT_HEADER_SZ; + + if (!ssl->keys.encryptionOn) { + HashOutputRaw(ssl, ssl->buffers.certificate.buffer, certSz); + if (certChainSz) + HashOutputRaw(ssl, ssl->buffers.certChain.buffer, + certChainSz); + } + } + } + else { + if (!ssl->options.dtls) { + AddRecordHeader(output, fragSz, handshake, ssl); + } + else { + #ifdef WOLFSSL_DTLS + AddFragHeaders(output, fragSz, ssl->fragOffset + headerSz, + payloadSz, certificate, ssl); + ssl->keys.dtls_handshake_number--; + #endif /* WOLFSSL_DTLS */ + } + } + + /* member */ + if (certSz && ssl->fragOffset < certSz) { + word32 copySz = min(certSz - ssl->fragOffset, fragSz); + XMEMCPY(output + i, + ssl->buffers.certificate.buffer + ssl->fragOffset, copySz); + i += copySz; + ssl->fragOffset += copySz; + length -= copySz; + fragSz -= copySz; + } + if (certChainSz && fragSz) { + word32 copySz = min(certChainSz + certSz - ssl->fragOffset, fragSz); + XMEMCPY(output + i, + ssl->buffers.certChain.buffer + ssl->fragOffset - certSz, + copySz); + i += copySz; + ssl->fragOffset += copySz; + length -= copySz; + } + + if (ssl->keys.encryptionOn) { + byte* input; + int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */ + + input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (input == NULL) + return MEMORY_E; + + XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); + sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake); + XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + + if (sendSz < 0) + return sendSz; + } + + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) + return ret; + } + #endif + + #ifdef WOLFSSL_CALLBACKS + if (ssl->hsInfoOn) + AddPacketName("Certificate", &ssl->handShakeInfo); + if (ssl->toInfoOn) + AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz, + ssl->heap); + #endif + + ssl->buffers.outputBuffer.length += sendSz; + if (!ssl->options.groupMessages) + ret = SendBuffered(ssl); } - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) - return ret; - } - #endif + if (ret != WANT_WRITE) { + /* Clean up the fragment offset. */ + ssl->fragOffset = 0; + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) + ssl->keys.dtls_handshake_number++; + #endif + if (ssl->options.side == WOLFSSL_SERVER_END) + ssl->options.serverState = SERVER_CERT_COMPLETE; + } - #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo); - if (ssl->toInfoOn) - AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz, - ssl->heap); - #endif - - if (ssl->options.side == WOLFSSL_SERVER_END) - ssl->options.serverState = SERVER_CERT_COMPLETE; - - ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) - return 0; - else - return SendBuffered(ssl); + return ret; } diff --git a/src/io.c b/src/io.c index fac843b40..5bd24273f 100644 --- a/src/io.c +++ b/src/io.c @@ -57,6 +57,8 @@ #elif defined(FREESCALE_MQX) #include #include + #elif defined(FREESCALE_KSDK_MQX) + #include #elif defined(WOLFSSL_MDK_ARM) #if defined(WOLFSSL_MDK5) #include "cmsis_os.h" @@ -129,15 +131,25 @@ #define SOCKET_EPIPE SYS_NET_EPIPE #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED -#elif defined(FREESCALE_MQX) - /* RTCS doesn't have an EWOULDBLOCK error */ - #define SOCKET_EWOULDBLOCK EAGAIN - #define SOCKET_EAGAIN EAGAIN - #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET - #define SOCKET_EINTR EINTR - #define SOCKET_EPIPE EPIPE - #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED - #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + #if MQX_USE_IO_OLD + /* RTCS old I/O doesn't have an EWOULDBLOCK */ + #define SOCKET_EWOULDBLOCK EAGAIN + #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET + #define SOCKET_EINTR EINTR + #define SOCKET_EPIPE EPIPE + #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED + #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED + #else + #define SOCKET_EWOULDBLOCK NIO_EWOULDBLOCK + #define SOCKET_EAGAIN NIO_EAGAIN + #define SOCKET_ECONNRESET NIO_ECONNRESET + #define SOCKET_EINTR NIO_EINTR + #define SOCKET_EPIPE NIO_EPIPE + #define SOCKET_ECONNREFUSED NIO_ECONNREFUSED + #define SOCKET_ECONNABORTED NIO_ECONNABORTED + #endif #elif defined(WOLFSSL_MDK_ARM) #if defined(WOLFSSL_MDK5) #define SOCKET_EWOULDBLOCK BSD_ERROR_WOULDBLOCK @@ -200,7 +212,7 @@ static INLINE int TranslateReturnCode(int old, int sd) { (void)sd; -#ifdef FREESCALE_MQX +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) if (old == 0) { errno = SOCKET_EWOULDBLOCK; return -1; /* convert to BSD style wouldblock as error */ diff --git a/src/ssl.c b/src/ssl.c index 2b34f41dc..30e266011 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -97,17 +97,15 @@ #endif /* WOLFSSSL_HAVE_MIN */ -#ifndef WOLFSSL_HAVE_MAX +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_HAVE_MAX) #define WOLFSSL_HAVE_MAX -#ifdef WOLFSSL_DTLS static INLINE word32 max(word32 a, word32 b) { return a > b ? a : b; } -#endif /* WOLFSSL_DTLS */ -#endif /* WOLFSSL_HAVE_MAX */ +#endif /* WOLFSSL_DTLS && !WOLFSSL_HAVE_MAX */ #ifndef WOLFSSL_LEANPSK @@ -5408,8 +5406,10 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) if (ssl->buffers.outputBuffer.length > 0) { if ( (ssl->error = SendBuffered(ssl)) == 0) { - ssl->options.connectState++; - WOLFSSL_MSG("connect state: Advanced from buffered send"); + if (ssl->fragOffset == 0) { + ssl->options.connectState++; + WOLFSSL_MSG("connect state: Advanced from buffered send"); + } } else { WOLFSSL_ERROR(ssl->error); @@ -5724,8 +5724,10 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) if (ssl->buffers.outputBuffer.length > 0) { if ( (ssl->error = SendBuffered(ssl)) == 0) { - ssl->options.acceptState++; - WOLFSSL_MSG("accept state: Advanced from buffered send"); + if (ssl->fragOffset == 0) { + ssl->options.acceptState++; + WOLFSSL_MSG("accept state: Advanced from buffered send"); + } } else { WOLFSSL_ERROR(ssl->error); @@ -13532,7 +13534,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, } /* Key to DER */ - derSz = wc_RsaKeyToDer(rsa->internal, der, der_max_len); + derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, der, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_RsaKeyToDer failed"); XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -13745,7 +13747,8 @@ static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) if (eckey->pub_key->internal != NULL) { /* set the internal public key */ - if (wc_ecc_copy_point(&key->pubkey, eckey->pub_key->internal) != MP_OKAY) { + if (wc_ecc_copy_point(&key->pubkey, + (ecc_point*)eckey->pub_key->internal) != MP_OKAY) { WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed"); return SSL_FATAL_ERROR; } @@ -13956,7 +13959,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void) } XMEMSET(external->internal, 0, sizeof(ecc_key)); - wc_ecc_init(external->internal); + wc_ecc_init((ecc_key*)external->internal); /* public key */ external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT), @@ -13968,7 +13971,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void) } XMEMSET(external->pub_key, 0, sizeof(WOLFSSL_EC_POINT)); - key = external->internal; + key = (ecc_key*)external->internal; external->pub_key->internal = (ecc_point*)&key->pubkey; /* curve group */ @@ -14307,15 +14310,15 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, return SSL_FAILURE; } - if (mp_init(order->internal) != MP_OKAY) { + if (mp_init((mp_int*)order->internal) != MP_OKAY) { WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure"); return SSL_FAILURE; } - if (mp_read_radix(order->internal, ecc_sets[group->curve_idx].order, - 16) != MP_OKAY) { + if (mp_read_radix((mp_int*)order->internal, + ecc_sets[group->curve_idx].order, 16) != MP_OKAY) { WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure"); - mp_clear(order->internal); + mp_clear((mp_int*)order->internal); return SSL_FAILURE; } @@ -14354,7 +14357,8 @@ int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group, if (out != NULL) wolfssl_EC_POINT_dump("i2d p", p); #endif - err = wc_ecc_export_point_der(group->curve_idx, p->internal, out, len); + err = wc_ecc_export_point_der(group->curve_idx, (ecc_point*)p->internal, + out, len); if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) { WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed"); return SSL_FAILURE; @@ -14377,7 +14381,7 @@ int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, } if (wc_ecc_import_point_der(in, len, group->curve_idx, - p->internal) != MP_OKAY) { + (ecc_point*)p->internal) != MP_OKAY) { WOLFSSL_MSG("wc_ecc_import_point_der failed"); return SSL_FAILURE; } @@ -14600,7 +14604,7 @@ int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, } } - ret = wc_ecc_point_is_at_infinity(point->internal); + ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal); if (ret <= 0) { WOLFSSL_MSG("ecc_point_is_at_infinity failure"); return SSL_FAILURE; @@ -14902,7 +14906,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, } /* Key to DER */ - derSz = wc_EccKeyToDer(ecc->internal, der, der_max_len); + derSz = wc_EccKeyToDer((ecc_key*)ecc->internal, der, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_DsaKeyToDer failed"); XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -15075,7 +15079,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, } /* Key to DER */ - derSz = wc_DsaKeyToDer(dsa->internal, der, der_max_len); + derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, der, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_DsaKeyToDer failed"); XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -16018,11 +16022,11 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) if(pSz <= 0 || gSz <= 0) return SSL_FATAL_ERROR; - p = XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH); + p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH); if(!p) return MEMORY_E; - g = XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH); + g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH); if(!g) { XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); return MEMORY_E; @@ -16064,10 +16068,10 @@ int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1, (void)cb1; (void)cb2; (void)cb3; - if(XSTRNCMP(data, "redirect index", 14) == 0) { + if(XSTRNCMP((const char*)data, "redirect index", 14) == 0) { return 0; } - else if(XSTRNCMP(data, "addr index", 10) == 0) { + else if(XSTRNCMP((const char*)data, "addr index", 10) == 0) { return 1; } return SSL_FAILURE; diff --git a/tests/suites.c b/tests/suites.c index bd8a8da3f..4ffe25398 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -57,7 +57,7 @@ static char svrPort[] = "0"; static int IsSslVersion(const char* line) { const char* find = "-v "; - char* begin = strstr(line, find); + const char* begin = strstr(line, find); if (begin) { int version = -1; @@ -79,7 +79,7 @@ static int IsSslVersion(const char* line) static int IsOldTlsVersion(const char* line) { const char* find = "-v "; - char* begin = strstr(line, find); + const char* begin = strstr(line, find); if (begin) { int version = -1; diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index ba36e1563..938a4a641 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -105,19 +105,14 @@ #if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \ || !defined(NO_DH) /* include test cert and key buffers for use with NO_FILESYSTEM */ - #if defined(WOLFSSL_MDK_ARM) - #include "cert_data.h" /* use certs_test.c for initial data, - so other commands can share the data. */ - #else #include - #endif #endif #ifdef HAVE_BLAKE2 #include void bench_blake2(void); -#endif +#endif #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 7b21b0aab..bee4abb2a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -66,7 +66,7 @@ #endif #ifdef WOLFSSL_DEBUG_ENCODING - #ifdef FREESCALE_MQX + #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #if MQX_USE_IO_OLD #include #else @@ -109,23 +109,11 @@ #define XTIME(t1) pic32_time((t1)) #define XGMTIME(c, t) gmtime((c)) #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) -#elif defined(FREESCALE_MQX) +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #define XTIME(t1) mqx_time((t1)) #define XGMTIME(c, t) mqx_gmtime((c), (t)) #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) -#elif defined(WOLFSSL_MDK_ARM) - #if defined(WOLFSSL_MDK5) - #include "cmsis_os.h" - #else - #include - #endif - #undef RNG - #include "wolfssl_MDK_ARM.h" - #undef RNG - #define RNG wolfSSL_RNG /*for avoiding name conflict in "stm32f2xx.h" */ - #define XTIME(tl) (0) - #define XGMTIME(c, t) wolfssl_MDK_gmtime((c)) - #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) + #elif defined(USER_TIME) /* user time, and gmtime compatible functions, there is a gmtime implementation here that WINCE uses, so really just need some ticks @@ -338,7 +326,7 @@ time_t pic32_time(time_t* timer) #endif /* MICROCHIP_TCPIP */ -#ifdef FREESCALE_MQX +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) time_t mqx_time(time_t* timer) { @@ -1456,6 +1444,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) word32 seqSz, verSz, rawLen, intTotalLen = 0; word32 sizes[DSA_INTS]; int i, j, outLen, ret = 0, lbit; + int err; byte seq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c index 80834f54c..2dc914c81 100644 --- a/wolfcrypt/src/fe_low_mem.c +++ b/wolfcrypt/src/fe_low_mem.c @@ -27,6 +27,7 @@ #include +#if defined(CURVED25519_SMALL) /* use slower code that takes less memory */ #if defined(HAVE_ED25519) || defined(HAVE_CURVE25519) #include @@ -593,4 +594,4 @@ void fe_sqrt(byte *r, const byte *a) } #endif /* HAVE_CURVE25519 or HAVE_ED25519 */ - +#endif /* CURVED25519_SMALL */ diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c index d78467e21..0908a755c 100644 --- a/wolfcrypt/src/fe_operations.c +++ b/wolfcrypt/src/fe_operations.c @@ -27,6 +27,7 @@ #include +#ifndef CURVED25519_SMALL /* run when not defined to use small memory math */ #if defined(HAVE_ED25519) || defined(HAVE_CURVE25519) #include @@ -1317,7 +1318,7 @@ Preconditions: |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ -static const unsigned char zero[32]; +static const unsigned char zero[32] = {0}; int fe_isnonzero(const fe f) { @@ -1405,4 +1406,5 @@ void fe_cmov(fe f,const fe g,unsigned int b) f[9] = f9 ^ x9; } #endif /* HAVE ED25519 or CURVE25519 */ +#endif /* not defined CURVED25519_SMALL */ diff --git a/wolfcrypt/src/ge_low_mem.c b/wolfcrypt/src/ge_low_mem.c index 43c533c69..f8dba9266 100644 --- a/wolfcrypt/src/ge_low_mem.c +++ b/wolfcrypt/src/ge_low_mem.c @@ -27,7 +27,8 @@ #include -#ifdef HAVE_ED25519 +#if defined(CURVED25519_SMALL) /* use slower code that takes less memory */ +#if defined(HAVE_ED25519) #include #include @@ -71,12 +72,12 @@ int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, { byte tmp[F25519_SIZE]; byte parity; + byte pt[32]; int i; fe_copy(tmp, xIn); parity = (tmp[0] & 1) << 7; - byte pt[32]; fe_copy(pt, yIn); pt[31] |= parity; @@ -555,4 +556,5 @@ int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h, } #endif /* HAVE_ED25519 */ +#endif /* CURVED25519_SMALL */ diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c index 665cfe89b..259b5b144 100644 --- a/wolfcrypt/src/ge_operations.c +++ b/wolfcrypt/src/ge_operations.c @@ -28,6 +28,7 @@ #include +#ifndef CURVED25519_SMALL /* run when not defined to use small memory math */ #ifdef HAVE_ED25519 #include @@ -2600,4 +2601,5 @@ void ge_tobytes(unsigned char *s,const ge_p2 *h) s[31] ^= fe_isnegative(x) << 7; } #endif /* HAVE_ED25519 */ +#endif /* not defined CURVED25519_SMALL */ diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c old mode 100644 new mode 100755 index d397e91fa..58fce69f8 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -42,6 +42,7 @@ void wc_Md5GetHash(Md5* md5, byte* hash) WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) { *m1 = *m2 ; } + #endif #if !defined(NO_SHA) @@ -136,8 +137,10 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash) return ret; } + #endif /* !defined(NO_SHA256) */ +#endif /* !defined(WOLFSSL_TI_HASH) */ #if defined(WOLFSSL_SHA512) int wc_Sha512Hash(const byte* data, word32 len, byte* hash) @@ -207,6 +210,3 @@ int wc_Sha384Hash(const byte* data, word32 len, byte* hash) #endif /* defined(WOLFSSL_SHA384) */ #endif /* defined(WOLFSSL_SHA512) */ - -#endif /* !defined(WOLFSSL_TI_HASH) */ - diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c old mode 100644 new mode 100755 index 04e6650b6..56526af86 --- a/wolfcrypt/src/port/ti/ti-hash.c +++ b/wolfcrypt/src/port/ti/ti-hash.c @@ -151,6 +151,13 @@ static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word3 return ret; } +static int hashFree(wolfssl_TI_Hash *hash) +{ + XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); + hashInit(hash) ; + return 0 ; +} + #if !defined(NO_MD5) WOLFSSL_API void wc_InitMd5(Md5* md5) { @@ -183,6 +190,11 @@ WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash) return hashHash(data, len, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ; } +WOLFSSL_API void wc_Md5Free(Md5* md5) +{ + hashFree((wolfssl_TI_Hash *)md5) ; +} + #endif /* NO_MD5 */ #if !defined(NO_SHA) @@ -217,6 +229,11 @@ WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash) return hashHash(data, len, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ; } +WOLFSSL_API void wc_ShaFree(Sha* sha) +{ + hashFree((wolfssl_TI_Hash *)sha) ; +} + #endif /* NO_SHA */ #if defined(HAVE_SHA224) @@ -251,6 +268,11 @@ WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash) return hashHash(data, len, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ; } +WOLFSSL_API void wc_Sha224Free(Sha224* sha224) +{ + hashFree((wolfssl_TI_Hash *)sha224) ; +} + #endif /* HAVE_SHA224 */ #if !defined(NO_SHA256) @@ -284,6 +306,12 @@ WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash) { return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ; } + +WOLFSSL_API void wc_Sha256Free(Sha256* sha256) +{ + hashFree((wolfssl_TI_Hash *)sha256) ; +} + #endif #endif diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 339114d96..dbf608f2e 100755 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1080,7 +1080,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } #endif /* WOLFSSL_MIC32MZ_RNG */ -#elif defined(FREESCALE_MQX) +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #ifdef FREESCALE_K70_RNGA /* diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c8d9b97ef..ec4ef607e 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -99,13 +99,7 @@ #if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \ || !defined(NO_DH) /* include test cert and key buffers for use with NO_FILESYSTEM */ - #if defined(WOLFSSL_MDK_ARM) - #include "cert_data.h" - /* use certs_test.c for initial data, so other - commands can share the data. */ - #else #include - #endif #endif #if defined(WOLFSSL_MDK_ARM) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 898356645..6fe87a9f1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -115,7 +115,7 @@ /* do nothing */ #elif defined(EBSNET) /* do nothing */ -#elif defined(FREESCALE_MQX) +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) /* do nothing */ #elif defined(WOLFSSL_MDK_ARM) #if defined(WOLFSSL_MDK5) @@ -211,11 +211,13 @@ typedef byte word24[3]; #ifndef WOLFSSL_MAX_STRENGTH #if !defined(NO_RSA) && !defined(NO_RC4) - #if !defined(NO_SHA) - #define BUILD_SSL_RSA_WITH_RC4_128_SHA - #endif - #if !defined(NO_MD5) - #define BUILD_SSL_RSA_WITH_RC4_128_MD5 + #if defined(WOLFSSL_STATIC_RSA) + #if !defined(NO_SHA) + #define BUILD_SSL_RSA_WITH_RC4_128_SHA + #endif + #if !defined(NO_MD5) + #define BUILD_SSL_RSA_WITH_RC4_128_MD5 + #endif #endif #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA @@ -224,7 +226,9 @@ typedef byte word24[3]; #if !defined(NO_RSA) && !defined(NO_DES3) #if !defined(NO_SHA) - #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA + #if defined(WOLFSSL_STATIC_RSA) + #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA + #endif #if !defined(NO_TLS) && defined(HAVE_NTRU) #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA #endif @@ -233,43 +237,49 @@ typedef byte word24[3]; #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA + #if defined(WOLFSSL_STATIC_RSA) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA + #endif #if defined(HAVE_NTRU) #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA #endif #endif - #if !defined (NO_SHA256) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 - #endif - #if defined (HAVE_AESGCM) - #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - #if defined (WOLFSSL_SHA384) - #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 + #if defined(WOLFSSL_STATIC_RSA) + #if !defined (NO_SHA256) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 + #endif + #if defined (HAVE_AESGCM) + #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 + #if defined (WOLFSSL_SHA384) + #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 + #endif + #endif + #if defined (HAVE_AESCCM) + #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 + #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 + #endif + #if defined(HAVE_BLAKE2) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 #endif - #endif - #if defined (HAVE_AESCCM) - #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 - #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 - #endif - #if defined(HAVE_BLAKE2) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 #endif #endif #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) #ifndef NO_RSA - #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - #endif + #if defined(WOLFSSL_STATIC_RSA) + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + #endif #ifndef NO_SHA256 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 #endif + #endif #if !defined(NO_DH) #if !defined(NO_SHA) #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA @@ -283,6 +293,7 @@ typedef byte word24[3]; #endif #endif +#if defined(WOLFSSL_STATIC_PSK) #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) #if !defined(NO_SHA) #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA @@ -307,17 +318,20 @@ typedef byte word24[3]; #endif #endif #endif +#endif #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) #if !defined(NO_RSA) - #if !defined(NO_SHA) - #define BUILD_TLS_RSA_WITH_NULL_SHA - #endif - #ifndef NO_SHA256 - #define BUILD_TLS_RSA_WITH_NULL_SHA256 + #if defined(WOLFSSL_STATIC_RSA) + #if !defined(NO_SHA) + #define BUILD_TLS_RSA_WITH_NULL_SHA + #endif + #ifndef NO_SHA256 + #define BUILD_TLS_RSA_WITH_NULL_SHA256 + #endif #endif #endif - #if !defined(NO_PSK) + #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK) #if !defined(NO_SHA) #define BUILD_TLS_PSK_WITH_NULL_SHA #endif @@ -330,6 +344,7 @@ typedef byte word24[3]; #endif #endif +#if defined(WOLFSSL_STATIC_RSA) #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS) #ifndef NO_MD5 #define BUILD_TLS_RSA_WITH_HC_128_MD5 @@ -347,6 +362,7 @@ typedef byte word24[3]; #define BUILD_TLS_RSA_WITH_RABBIT_SHA #endif #endif +#endif #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ !defined(NO_RSA) @@ -560,7 +576,8 @@ typedef byte word24[3]; #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \ - defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) + defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \ + defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256) #undef BUILD_AES #define BUILD_AES #endif @@ -568,7 +585,8 @@ typedef byte word24[3]; #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ - defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) + defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) #define BUILD_AESGCM #endif @@ -2270,6 +2288,7 @@ struct WOLFSSL { int rflags; /* user read flags */ int wflags; /* user write flags */ word32 timeout; /* session timeout */ + word32 fragOffset; /* fragment offset */ word16 curSize; RecordLayerHeader curRL; MsgsReceived msgsReceived; /* peer messages received */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 863dcb0c9..f1c492afa 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -31,7 +31,7 @@ #include #ifndef NO_FILESYSTEM - #ifdef FREESCALE_MQX + #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #if MQX_USE_IO_OLD #include #else diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h old mode 100644 new mode 100755 index 2b35d5a6a..4cdd85f11 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -24,10 +24,19 @@ #include +#ifdef __cplusplus + extern "C" { +#endif + #ifndef NO_MD5 #include WOLFSSL_API void wc_Md5GetHash(Md5*, byte*); WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ; +#if defined(WOLFSSL_TI_HASH) + WOLFSSL_API void wc_Md5Free(Md5*); +#else + #define wc_Md5Free(d) +#endif #endif #ifndef NO_SHA @@ -35,6 +44,11 @@ WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ; WOLFSSL_API int wc_ShaGetHash(Sha*, byte*); WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ; WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); +#if defined(WOLFSSL_TI_HASH) + WOLFSSL_API void wc_ShaFree(Sha*); +#else + #define wc_ShaFree(d) +#endif #endif #ifndef NO_SHA256 @@ -42,15 +56,34 @@ WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*); WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*); WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ; WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*); +#if defined(WOLFSSL_TI_HASH) + WOLFSSL_API void wc_Sha256Free(Sha256*); +#else + #define wc_Sha256Free(d) +#endif #endif #ifdef WOLFSSL_SHA512 #include WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*); +#if defined(WOLFSSL_TI_HASH) + WOLFSSL_API void wc_Sha512Free(Sha512*); +#else + #define wc_Sha512Free(d) +#endif #if defined(WOLFSSL_SHA384) WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*); + #if defined(WOLFSSL_TI_HASH) + WOLFSSL_API void wc_Sha384Free(Sha384*); + #else + #define wc_Sha384Free(d) + #endif #endif /* defined(WOLFSSL_SHA384) */ #endif /* WOLFSSL_SHA512 */ +#ifdef __cplusplus + } /* extern "C" */ +#endif + #endif /* WOLF_CRYPT_HASH_H */ diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 741d2531f..97048ffc2 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -67,13 +67,6 @@ typedef struct OS_Seed { #endif } OS_Seed; - -#if defined(WOLFSSL_MDK_ARM) -#undef RNG -#define RNG wolfSSL_RNG /* for avoiding name conflict in "stm32f2xx.h" */ -#endif - - #if defined(HAVE_HASHDRBG) || defined(NO_RC4) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index fb6f9543a..62927ffd3 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -72,9 +72,12 @@ /* Uncomment next line if building wolfSSL for LSR */ /* #define WOLFSSL_LSR */ -/* Uncomment next line if building wolfSSL for Freescale MQX/RTCS/MFS */ +/* Uncomment next line if building for Freescale Classic MQX/RTCS/MFS */ /* #define FREESCALE_MQX */ +/* Uncomment next line if building for Freescale KSDK MQX/RTCS/MFS */ +/* #define FREESCALE_KSDK_MQX */ + /* Uncomment next line if using STM32F2 */ /* #define WOLFSSL_STM32F2 */ @@ -114,6 +117,9 @@ /* Uncomment next line to enable deprecated less secure static DH suites */ /* #define WOLFSSL_STATIC_DH */ +/* Uncomment next line to enable deprecated less secure static RSA suites */ +/* #define WOLFSSL_STATIC_RSA */ + #include #ifdef WOLFSSL_USER_SETTINGS @@ -482,6 +488,35 @@ /* Note: MQX has no realloc, using fastmath above */ #endif +#ifdef FREESCALE_KSDK_MQX + #define SIZEOF_LONG_LONG 8 + #define NO_WRITEV + #define NO_DEV_RANDOM + #define NO_RABBIT + #define NO_WOLFSSL_DIR + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT + #define NO_OLD_RNGNAME + #define FREESCALE_K70_RNGA + /* #define FREESCALE_K53_RNGB */ + #include + #ifndef NO_FILESYSTEM + #if MQX_USE_IO_OLD + #include + #else + #include + #include + #endif + #endif + #ifndef SINGLE_THREADED + #include + #endif + + #define XMALLOC(s, h, t) (void *)_mem_alloc_system((s)) + #define XFREE(p, h, t) {void* xp = (p); if ((xp)) _mem_free((xp));} + #define XREALLOC(p, n, h, t) _mem_realloc((p), (n)) /* since MQX 4.1.2 */ +#endif + #ifdef WOLFSSL_STM32F2 #define SIZEOF_LONG_LONG 8 #define NO_DEV_RANDOM @@ -813,6 +848,14 @@ #define HAVE_HASHDRBG #endif + +/* sniffer requires static RSA cipher suites */ +#ifdef WOLFSSL_SNIFFER + #ifndef WOLFSSL_STATIC_RSA + #define WOLFSSL_STATIC_RSA + #endif +#endif + /* Place any other flags or defines here */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 0675af337..4a1dc31f8 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -179,7 +179,8 @@ #define XREALLOC(p, n, h, t) realloc((p), (n)) #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ - && !defined(WOLFSSL_LEANPSK) && !defined(FREERTOS) + && !defined(FREESCALE_KSDK_MQX) && !defined(WOLFSSL_LEANPSK) \ + && !defined(FREERTOS) /* default C runtime, can install different routines at runtime via cbs */ #include #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index c13f394f6..da747f017 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -53,7 +53,7 @@ /* do nothing */ #elif defined(EBSNET) /* do nothing */ -#elif defined(FREESCALE_MQX) +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) /* do nothing */ #elif defined(WOLFSSL_MDK_ARM) #if defined(WOLFSSL_MDK5) @@ -98,7 +98,7 @@ typedef OS_MUTEX wolfSSL_Mutex; #elif defined(EBSNET) typedef RTP_MUTEX wolfSSL_Mutex; - #elif defined(FREESCALE_MQX) + #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) typedef MUTEX_STRUCT wolfSSL_Mutex; #elif defined(WOLFSSL_MDK_ARM) #if defined(WOLFSSL_CMSIS_RTOS) @@ -194,9 +194,14 @@ WOLFSSL_LOCAL int UnLockMutex(wolfSSL_Mutex*); /* Windows API defines its own min() macro. */ -#if defined(USE_WINDOWS_API) && defined(min) - #define WOLFSSL_HAVE_MIN -#endif +#if defined(USE_WINDOWS_API) + #ifdef min + #define WOLFSSL_HAVE_MIN + #endif /* min */ + #ifdef max + #define WOLFSSL_HAVE_MAX + #endif /* max */ +#endif /* USE_WINDOWS_API */ #ifdef __cplusplus From c6ef29ac4c6d016cb4ea29d098c044db0f00e81f Mon Sep 17 00:00:00 2001 From: Ludovic FLAMENT Date: Wed, 19 Aug 2015 08:18:05 +0200 Subject: [PATCH 05/14] Merge branch 'master' of https://github.com/wolfSSL/wolfssl --- wolfcrypt/src/ed25519.c | 1 - 1 file changed, 1 deletion(-) diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 5e4d83d72..2e5f6545e 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -380,7 +380,6 @@ int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen) return 0; } - /* export private key, including public part outLen should contain the size of out buffer when input. outLen is than set From 66e91beb2d0a36f022d82666b168ba37a3ea7c64 Mon Sep 17 00:00:00 2001 From: Ludovic FLAMENT Date: Thu, 20 Aug 2015 13:22:30 +0200 Subject: [PATCH 06/14] Merge branch 'master' of https://github.com/wolfSSL/wolfssl --- README | 20 ++- README.md | 20 ++- configure.ac | 6 +- rpm/spec.in | 2 +- sslSniffer/sslSnifferTest/snifftest.c | 1 + support/wolfssl.pc | 2 +- wolfcrypt/src/asn.c | 231 +++++++++++++------------- wolfssl/version.h | 4 +- 8 files changed, 159 insertions(+), 127 deletions(-) diff --git a/README b/README index 74abbb0e8..84a0acb92 100644 --- a/README +++ b/README @@ -34,13 +34,29 @@ before calling wolfSSL_new(); Though it's not recommended. *** end Notes *** -wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015) +wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) -Release 3.6.2 of wolfSSL is an intermediate custom release including: +Release 3.6.6 of wolfSSL has bug fixes and new features including: - OpenSSH compatibility with --enable-openssh - stunnel compatibility with --enable-stunnel - lighttpd compatibility with --enable-lighty +- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 +- Ephemeral key cipher suites only are now supported by default + To enable static ECDH cipher suites define WOLFSSL_STATIC_DH + To enable static RSA cipher suites define WOLFSSL_STATIC_RSA + To enable static PSK cipher suites define WOLFSSL_STATIC_PSK +- Added QSH (quantum-safe handshake) extension with --enable-ntru +- SRP is now part of wolfCrypt, enable with --enabe-srp +- Certificate handshake messages can now be sent fragmented if the record + size is smaller than the total message size, no user action required. +- DTLS duplicate message fixes +- Visual Studio project files now support DLL and static builds for 32/64bit. +- Support for new Freesacle I/O +- FreeRTOS FIPS support + +- No high level security fixes that requires an update though we always + recommend updating to the latest See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html diff --git a/README.md b/README.md index edbfb9d35..e5e7bcb85 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,29 @@ before calling wolfSSL_new(); Though it's not recommended. - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error add -fdebug-types-section to C_EXTRA_FLAGS -#wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015) +#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) -##Release 3.6.2 of wolfSSL is an intermediate custom release including: +##Release 3.6.6 of wolfSSL has bug fixes and new features including: - OpenSSH compatibility with --enable-openssh - stunnel compatibility with --enable-stunnel - lighttpd compatibility with --enable-lighty +- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 +- Ephemeral key cipher suites only are now supported by default + To enable static ECDH cipher suites define WOLFSSL_STATIC_DH + To enable static RSA cipher suites define WOLFSSL_STATIC_RSA + To enable static PSK cipher suites define WOLFSSL_STATIC_PSK +- Added QSH (quantum-safe handshake) extension with --enable-ntru +- SRP is now part of wolfCrypt, enable with --enabe-srp +- Certificate handshake messages can now be sent fragmented if the record + size is smaller than the total message size, no user action required. +- DTLS duplicate message fixes +- Visual Studio project files now support DLL and static builds for 32/64bit. +- Support for new Freesacle I/O +- FreeRTOS FIPS support + +- No high level security fixes that requires an update though we always + recommend updating to the latest See INSTALL file for build instructions. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html diff --git a/configure.ac b/configure.ac index dfce641b1..57d6eb83d 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.6.3],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.6.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -31,7 +31,7 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -WOLFSSL_LIBRARY_VERSION=0:2:0 +WOLFSSL_LIBRARY_VERSION=0:3:0 # | | | # +------+ | +---+ # | | | @@ -889,7 +889,7 @@ fi # SSLv3 AC_ARG_ENABLE([sslv3], - [ --enable-sslv3 Enable SSL version 3.0 (default: disabled)], + [AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])], [ ENABLED_SSLV3=$enableval ], [ ENABLED_SSLV3=no] ) diff --git a/rpm/spec.in b/rpm/spec.in index 2c5de469b..b9d4b21c7 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so %{_libdir}/libwolfssl.so.0 -%{_libdir}/libwolfssl.so.0.0.2 +%{_libdir}/libwolfssl.so.0.0.3 %files devel %defattr(-,root,root,-) diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 8ffe24d5a..155a14954 100755 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -60,6 +60,7 @@ int main(void) #ifndef _WIN32 #include /* AF_INET */ #include + #include #endif typedef unsigned char byte; diff --git a/support/wolfssl.pc b/support/wolfssl.pc index 619d3a7c2..a461151f9 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.6.3 +Version: 3.6.6 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index bee4abb2a..73b51bc28 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -115,9 +115,9 @@ #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) #elif defined(USER_TIME) - /* user time, and gmtime compatible functions, there is a gmtime + /* user time, and gmtime compatible functions, there is a gmtime implementation here that WINCE uses, so really just need some ticks - since the EPOCH + since the EPOCH */ struct tm { @@ -391,7 +391,7 @@ CPU_INT32S NetSecure_ValidateDateHandler(CPU_INT08U *date, CPU_INT08U format, { CPU_BOOLEAN rtn_code; CPU_INT32S i; - CPU_INT32S val; + CPU_INT32S val; CPU_INT16U year; CPU_INT08U month; CPU_INT16U day; @@ -411,33 +411,33 @@ CPU_INT32S NetSecure_ValidateDateHandler(CPU_INT08U *date, CPU_INT08U format, else { /* format == GENERALIZED_TIME */ year += btoi(date[i++]) * 1000; year += btoi(date[i++]) * 100; - } + } val = year; GetTime(&val, date, &i); year = (CPU_INT16U)val; val = 0; - GetTime(&val, date, &i); - month = (CPU_INT08U)val; + GetTime(&val, date, &i); + month = (CPU_INT08U)val; val = 0; - GetTime(&val, date, &i); + GetTime(&val, date, &i); day = (CPU_INT16U)val; val = 0; - GetTime(&val, date, &i); + GetTime(&val, date, &i); hour = (CPU_INT08U)val; val = 0; - GetTime(&val, date, &i); + GetTime(&val, date, &i); min = (CPU_INT08U)val; val = 0; - GetTime(&val, date, &i); + GetTime(&val, date, &i); sec = (CPU_INT08U)val; - return NetSecure_ValidateDate(year, month, day, hour, min, sec, dateType); + return NetSecure_ValidateDate(year, month, day, hour, min, sec, dateType); } #endif /* MICRIUM */ @@ -458,7 +458,7 @@ WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, } b = input[i++]; - if (b >= ASN_LONG_LENGTH) { + if (b >= ASN_LONG_LENGTH) { word32 bytes = b & 0x7F; if ( (i+bytes) > maxIdx) { /* for reading bytes */ @@ -473,7 +473,7 @@ WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, } else length = b; - + if ( (i+length) > maxIdx) { /* for user of length */ WOLFSSL_MSG("GetLength value exceeds buffer length"); return BUFFER_E; @@ -625,20 +625,20 @@ static int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, word32 i = *inOutIdx; byte b; *oid = 0; - + b = input[i++]; - if (b != ASN_OBJECT_ID) + if (b != ASN_OBJECT_ID) return ASN_OBJECT_ID_E; - + if (GetLength(input, &i, &length, maxIdx) < 0) return ASN_PARSE_E; - + while(length--) *oid += input[i++]; /* just sum it up for now */ - + *inOutIdx = i; - + return 0; } @@ -650,29 +650,29 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, word32 i = *inOutIdx; byte b; *oid = 0; - + WOLFSSL_ENTER("GetAlgoId"); if (GetSequence(input, &i, &length, maxIdx) < 0) return ASN_PARSE_E; - + b = input[i++]; - if (b != ASN_OBJECT_ID) + if (b != ASN_OBJECT_ID) return ASN_OBJECT_ID_E; - + if (GetLength(input, &i, &length, maxIdx) < 0) return ASN_PARSE_E; - + while(length--) { /* odd HC08 compiler behavior here when input[i++] */ *oid += input[i]; i++; } /* just sum it up for now */ - + /* could have NULL tag and 0 terminator, but may not */ b = input[i++]; - + if (b == ASN_TAG_NULL) { b = input[i++]; if (b != 0) @@ -681,9 +681,9 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, else /* go back, didn't have it */ i--; - + *inOutIdx = i; - + return 0; } @@ -951,7 +951,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, #ifdef WOLFSSL_SMALL_STACK XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return UNICODE_SIZE_E; + return UNICODE_SIZE_E; } for (i = 0; i < passwordSz; i++) { @@ -1043,7 +1043,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, #ifdef WOLFSSL_SMALL_STACK XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return ALGO_ID_E; + return ALGO_ID_E; } #ifdef WOLFSSL_SMALL_STACK @@ -1068,13 +1068,13 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) byte salt[MAX_SALT_SIZE]; byte cbcIv[MAX_IV_SIZE]; #endif - + if (GetSequence(input, &inOutIdx, &length, sz) < 0) return ASN_PARSE_E; if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0) return ASN_PARSE_E; - + first = input[inOutIdx - 2]; /* PKCS version alwyas 2nd to last byte */ second = input[inOutIdx - 1]; /* version.algo, algo id last byte */ @@ -1098,13 +1098,13 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) if (input[inOutIdx++] != ASN_OCTET_STRING) return ASN_PARSE_E; - + if (GetLength(input, &inOutIdx, &saltSz, sz) < 0) return ASN_PARSE_E; if (saltSz > MAX_SALT_SIZE) return ASN_PARSE_E; - + #ifdef WOLFSSL_SMALL_STACK salt = (byte*)XMALLOC(MAX_SALT_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (salt == NULL) @@ -1154,7 +1154,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) #endif return ASN_PARSE_E; } - + if (GetLength(input, &inOutIdx, &length, sz) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1222,41 +1222,41 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, /* not from decoded cert, will have algo id, skip past */ if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; - + b = input[(*inOutIdx)++]; - if (b != ASN_OBJECT_ID) + if (b != ASN_OBJECT_ID) return ASN_OBJECT_ID_E; - + if (GetLength(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; - + *inOutIdx += length; /* skip past */ - + /* could have NULL tag and 0 terminator, but may not */ b = input[(*inOutIdx)++]; - + if (b == ASN_TAG_NULL) { b = input[(*inOutIdx)++]; - if (b != 0) + if (b != 0) return ASN_EXPECT_0_E; } else /* go back, didn't have it */ (*inOutIdx)--; - + /* should have bit tag length and seq next */ b = input[(*inOutIdx)++]; if (b != ASN_BIT_STRING) return ASN_BITSTR_E; - + if (GetLength(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; - + /* could have 0 */ b = input[(*inOutIdx)++]; if (b != 0) (*inOutIdx)--; - + if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; } /* end if */ @@ -1444,7 +1444,6 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) word32 seqSz, verSz, rawLen, intTotalLen = 0; word32 sizes[DSA_INTS]; int i, j, outLen, ret = 0, lbit; - int err; byte seq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; @@ -1769,7 +1768,7 @@ static int StoreRsaKey(DecodedCert* cert) if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) return ASN_PARSE_E; - + recvd = cert->srcIdx - recvd; length += recvd; @@ -1832,7 +1831,7 @@ static int GetKey(DecodedCert* cert) if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) return ASN_PARSE_E; - + if (GetAlgoId(cert->source, &cert->srcIdx, &cert->keyOID, cert->maxIdx) < 0) return ASN_PARSE_E; @@ -1849,7 +1848,7 @@ static int GetKey(DecodedCert* cert) b = cert->source[cert->srcIdx++]; if (b != 0x00) return ASN_EXPECT_0_E; - + return StoreRsaKey(cert); } @@ -1923,8 +1922,8 @@ static int GetKey(DecodedCert* cert) { int oidSz = 0; byte b = cert->source[cert->srcIdx++]; - - if (b != ASN_OBJECT_ID) + + if (b != ASN_OBJECT_ID) return ASN_OBJECT_ID_E; if (GetLength(cert->source,&cert->srcIdx,&oidSz,cert->maxIdx) < 0) @@ -2050,7 +2049,7 @@ static int GetName(DecodedCert* cert, int nameType) return ASN_PARSE_E; b = cert->source[cert->srcIdx++]; - if (b != ASN_OBJECT_ID) + if (b != ASN_OBJECT_ID) return ASN_OBJECT_ID_E; if (GetLength(cert->source, &cert->srcIdx, &oidSz, cert->maxIdx) < 0) @@ -2065,7 +2064,7 @@ static int GetName(DecodedCert* cert, int nameType) int strLen; cert->srcIdx += 2; - id = cert->source[cert->srcIdx++]; + id = cert->source[cert->srcIdx++]; b = cert->source[cert->srcIdx++]; /* encoding */ if (GetLength(cert->source, &cert->srcIdx, &strLen, @@ -2456,7 +2455,7 @@ static int DateGreaterThan(const struct tm* a, const struct tm* b) if (a->tm_year == b->tm_year && a->tm_mon > b->tm_mon) return 1; - + if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon && a->tm_mday > b->tm_mday) return 1; @@ -2597,10 +2596,10 @@ static int GetValidity(DecodedCert* cert, int verify) if (GetDate(cert, BEFORE) < 0 && verify) badDate = ASN_BEFORE_DATE_E; /* continue parsing */ - + if (GetDate(cert, AFTER) < 0 && verify) return ASN_AFTER_DATE_E; - + if (badDate != 0) return badDate; @@ -2679,7 +2678,7 @@ static word32 SetDigest(const byte* digest, word32 digSz, byte* output) XMEMCPY(&output[2], digest, digSz); return digSz + 2; -} +} static word32 BytePrecision(word32 value) @@ -2701,7 +2700,7 @@ WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output) output[i++] = (byte)length; else { output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH); - + for (j = BytePrecision(length); j; --j) { output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE)); i++; @@ -2846,7 +2845,7 @@ static int SetCurve(ecc_key* key, byte* output) WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) { /* adding TAG_NULL and 0 to end */ - + /* hashTypes */ static const byte shaAlgoID[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00 }; @@ -2879,9 +2878,9 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) static const byte sha512wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00}; #endif /* NO_RSA */ - + /* ECDSA sigTypes */ - #ifdef HAVE_ECC + #ifdef HAVE_ECC static const byte shawECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d, 0x04, 0x01, 0x05, 0x00}; static const byte sha256wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d, @@ -2891,14 +2890,14 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) static const byte sha512wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d, 0x04, 0x03, 0x04, 0x05, 0x00}; #endif /* HAVE_ECC */ - + /* RSA keyType */ #ifndef NO_RSA static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00}; #endif /* NO_RSA */ - #ifdef HAVE_ECC + #ifdef HAVE_ECC /* ECC keyType */ /* no tags, so set tagSz smaller later */ static const byte ECC_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d, @@ -2994,7 +2993,7 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) algoName = sha512wRSA_AlgoID; break; #endif /* NO_RSA */ - #ifdef HAVE_ECC + #ifdef HAVE_ECC case CTC_SHAwECDSA: algoSz = sizeof(shawECDSA_AlgoID); algoName = shawECDSA_AlgoID; @@ -3028,7 +3027,7 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) algoName = RSA_AlgoID; break; #endif /* NO_RSA */ - #ifdef HAVE_ECC + #ifdef HAVE_ECC case ECDSAk: algoSz = sizeof(ECC_AlgoID); algoName = ECC_AlgoID; @@ -3046,7 +3045,7 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) } idSz = SetLength(algoSz - tagSz, ID_Length); /* don't include tags */ - seqSz = SetSequence(idSz + algoSz + 1 + curveSz, seqArray); + seqSz = SetSequence(idSz + algoSz + 1 + curveSz, seqArray); /* +1 for object id, curveID of curveSz follows for ecc */ seqArray[seqSz++] = ASN_OBJECT_ID; @@ -3158,16 +3157,16 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, case CTC_SHAwRSA: case CTC_SHAwDSA: case CTC_SHAwECDSA: - if (wc_ShaHash(buf, bufSz, digest) == 0) { + if (wc_ShaHash(buf, bufSz, digest) == 0) { typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + digestSz = SHA_DIGEST_SIZE; } break; #endif #ifndef NO_SHA256 case CTC_SHA256wRSA: case CTC_SHA256wECDSA: - if (wc_Sha256Hash(buf, bufSz, digest) == 0) { + if (wc_Sha256Hash(buf, bufSz, digest) == 0) { typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; } @@ -3176,7 +3175,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, #ifdef WOLFSSL_SHA512 case CTC_SHA512wRSA: case CTC_SHA512wECDSA: - if (wc_Sha512Hash(buf, bufSz, digest) == 0) { + if (wc_Sha512Hash(buf, bufSz, digest) == 0) { typeH = SHA512h; digestSz = SHA512_DIGEST_SIZE; } @@ -3185,16 +3184,16 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, #ifdef WOLFSSL_SHA384 case CTC_SHA384wRSA: case CTC_SHA384wECDSA: - if (wc_Sha384Hash(buf, bufSz, digest) == 0) { + if (wc_Sha384Hash(buf, bufSz, digest) == 0) { typeH = SHA384h; digestSz = SHA384_DIGEST_SIZE; - } + } break; #endif default: WOLFSSL_MSG("Verify Signautre has unsupported type"); } - + if (typeH == 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -3226,17 +3225,17 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, DYNAMIC_TYPE_TMP_BUFFER); encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - + if (pubKey == NULL || plain == NULL || encodedSig == NULL) { WOLFSSL_MSG("Failed to allocate memory at ConfirmSignature"); - + if (pubKey) XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (plain) XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (encodedSig) XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - + break; /* not confirmed */ } #endif @@ -3334,7 +3333,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, if (wc_ecc_import_x963(key, keySz, pubKey) < 0) { WOLFSSL_MSG("ASN Key import error ECC"); } - else { + else { if (wc_ecc_verify_hash(sig, sigSz, digest, digestSz, &verify, pubKey) != 0) { WOLFSSL_MSG("ECC verify hash error"); @@ -3356,7 +3355,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, default: WOLFSSL_MSG("Verify Key type unknown"); } - + #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -3420,7 +3419,7 @@ static int MatchBaseName(int type, const char* name, int nameSz, } while (nameSz > 0) { - if (XTOLOWER((unsigned char)*name++) != + if (XTOLOWER((unsigned char)*name++) != XTOLOWER((unsigned char)*base++)) return 0; nameSz--; @@ -3811,7 +3810,7 @@ static int DecodeCrlDist(byte* input, int sz, DecodedCert* cert) if (GetLength(input, &idx, &length, sz) < 0) return ASN_PARSE_E; - if (input[idx] == + if (input[idx] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CRLDP_FULL_NAME)) { idx++; @@ -4236,7 +4235,7 @@ static int DecodeCertExtensions(DecodedCert* cert) if (GetSequence(input, &idx, &length, sz) < 0) return ASN_PARSE_E; - + while (idx < (word32)sz) { if (GetSequence(input, &idx, &length, sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE"); @@ -4425,7 +4424,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm) WOLFSSL_LOCAL Signer* GetCAByName(void* signers, byte* hash); #endif #ifdef __cplusplus - } + } #endif @@ -4504,7 +4503,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) ca = GetCA(cm, cert->issuerHash); #endif /* NO SKID */ WOLFSSL_MSG("About to verify certificate signature"); - + if (ca) { #ifdef HAVE_OCSP /* Need the ca's public key hash for OCSP */ @@ -4863,7 +4862,7 @@ static INLINE void FreeTmpRsas(byte** tmps, void* heap) (void)heap; - for (i = 0; i < RSA_INTS; i++) + for (i = 0; i < RSA_INTS; i++) XFREE(tmps[i], heap, DYNAMIC_TYPE_RSA); } @@ -5099,7 +5098,7 @@ static int SetSerial(const byte* serial, byte* output) } -#ifdef HAVE_ECC +#ifdef HAVE_ECC /* Write a public ECC key to output */ @@ -5367,7 +5366,7 @@ static void SetTime(struct tm* date, byte* output) output[i++] = itob(date->tm_sec / 10); output[i++] = itob(date->tm_sec % 10); - + output[i] = 'Z'; /* Zulu profile */ } @@ -5614,7 +5613,7 @@ static int SetCa(byte* output) { static const byte ca[] = { 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff }; - + XMEMCPY(output, ca, sizeof(ca)); return (int)sizeof(ca); @@ -5667,7 +5666,7 @@ static int SetName(byte* output, CertName* name) else { thisLen++; /* str type */ thisLen++; /* id type */ - thisLen += JOINT_LEN; + thisLen += JOINT_LEN; firstSz = SetLength(JOINT_LEN + 1, firstLen); } thisLen += firstSz; @@ -5711,7 +5710,7 @@ static int SetName(byte* output, CertName* name) names[i].encoded[idx++] = 0x55; names[i].encoded[idx++] = 0x04; /* id type */ - names[i].encoded[idx++] = bType; + names[i].encoded[idx++] = bType; /* str type */ names[i].encoded[idx++] = GetNameType(name, i); } @@ -5967,7 +5966,7 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, case CTC_SHAwECDSA: if ((ret = wc_ShaHash(buffer, sz, digest)) == 0) { typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + digestSz = SHA_DIGEST_SIZE; } break; #endif @@ -5984,19 +5983,19 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, WOLFSSL_MSG("MakeSignautre called with unsupported type"); ret = ALGO_ID_E; } - + if (ret != 0) return ret; - + #ifdef WOLFSSL_SMALL_STACK encSig = (byte*)XMALLOC(MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (encSig == NULL) return MEMORY_E; #endif - + ret = ALGO_ID_E; - + #ifndef NO_RSA if (rsaKey) { /* signature */ @@ -6004,7 +6003,7 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, ret = wc_RsaSSL_Sign(encSig, encSigSz, sig, sigSz, rsaKey, rng); } #endif - + #ifdef HAVE_ECC if (!rsaKey && eccKey) { word32 outSz = sigSz; @@ -6342,7 +6341,7 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, else sigSz = AddSignature(buffer, requestSz, sig, sigSz, sType); } - + #ifdef WOLFSSL_SMALL_STACK XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -6364,7 +6363,7 @@ int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, } -#ifdef WOLFSSL_ALT_NAMES +#ifdef WOLFSSL_ALT_NAMES /* Set Alt Names from der cert, return 0 on success */ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) @@ -6385,7 +6384,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) if (decoded == NULL) return MEMORY_E; #endif - + InitDecodedCert(decoded, (byte*)der, derSz, 0); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); @@ -6399,7 +6398,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) decoded->srcIdx = decoded->extensionsIdx; b = decoded->source[decoded->srcIdx++]; - + if (b != ASN_EXTENSIONS) { ret = ASN_PARSE_E; } @@ -6474,7 +6473,7 @@ static int SetDatesFromCert(Cert* cert, const byte* der, int derSz) WOLFSSL_ENTER("SetDatesFromCert"); if (derSz < 0) return derSz; - + #ifdef WOLFSSL_SMALL_STACK decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -6492,7 +6491,7 @@ static int SetDatesFromCert(Cert* cert, const byte* der, int derSz) WOLFSSL_MSG("Couldn't extract dates"); ret = -1; } - else if (decoded->beforeDateLen > MAX_DATE_SIZE || + else if (decoded->beforeDateLen > MAX_DATE_SIZE || decoded->afterDateLen > MAX_DATE_SIZE) { WOLFSSL_MSG("Bad date size"); ret = -1; @@ -6811,7 +6810,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, *inOutIdx += 1; /* priv type */ - if (b != 4 && b != 6 && b != 7) + if (b != 4 && b != 6 && b != 7) return ASN_PARSE_E; if (GetLength(input, inOutIdx, &length, inSz) < 0) @@ -6824,7 +6823,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, priv = (byte*)XMALLOC(ECC_MAXSIZE+1, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (priv == NULL) return MEMORY_E; - + pub = (byte*)XMALLOC(2*(ECC_MAXSIZE+1), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (pub == NULL) { XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -6881,7 +6880,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, /* key header */ b = input[*inOutIdx]; *inOutIdx += 1; - + if (b != ASN_BIT_STRING) { ret = ASN_BITSTR_E; } @@ -7137,7 +7136,7 @@ static int DecodeSingleResponse(byte* source, resp->issuerKeyHash = source + idx; idx += length; - /* Read the serial number, it is handled as a string, not as a + /* Read the serial number, it is handled as a string, not as a * proper number. Just XMEMCPY the data over, rather than load it * as an mp_int. */ if (source[idx++] != ASN_INTEGER) @@ -7186,10 +7185,10 @@ static int DecodeSingleResponse(byte* source, return ASN_PARSE_E; if (!XVALIDATE_DATE(cs->thisDate, cs->thisDateFormat, BEFORE)) return ASN_BEFORE_DATE_E; - + /* The following items are optional. Only check for them if there is more * unprocessed data in the singleResponse wrapper. */ - + if (((int)(idx - prevIndex) < wrapperSz) && (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))) { @@ -7230,7 +7229,7 @@ static int DecodeOcspRespExtensions(byte* source, if (GetLength(source, &idx, &length, sz) < 0) return ASN_PARSE_E; if (GetSequence(source, &idx, &length, sz) < 0) return ASN_PARSE_E; - + ext_bound = idx + length; while (idx < (word32)ext_bound) { @@ -7296,7 +7295,7 @@ static int DecodeResponseData(byte* source, * onto the next item. */ if (source[idx] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) - { + { idx += 2; /* Eat the value and length */ if (GetMyVersion(source, &idx, &version) < 0) return ASN_PARSE_E; @@ -7313,7 +7312,7 @@ static int DecodeResponseData(byte* source, } else return ASN_PARSE_E; - + /* save pointer to the producedAt time */ if (GetBasicDate(source, &idx, resp->producedDate, &resp->producedDateFormat, size) < 0) @@ -7374,7 +7373,7 @@ static int DecodeBasicOcspResponse(byte* source, if (DecodeResponseData(source, &idx, resp, size) < 0) return ASN_PARSE_E; - + /* Get the signature algorithm */ if (GetAlgoId(source, &idx, &resp->sigOID, size) < 0) return ASN_PARSE_E; @@ -7459,7 +7458,7 @@ int OcspResponseDecode(OcspResponse* resp) /* peel the outer SEQUENCE wrapper */ if (GetSequence(source, &idx, &length, size) < 0) return ASN_PARSE_E; - + /* First get the responseStatus, an ENUMERATED */ if (GetEnumerated(source, &idx, &resp->responseStatus) < 0) return ASN_PARSE_E; @@ -7492,7 +7491,7 @@ int OcspResponseDecode(OcspResponse* resp) if (DecodeBasicOcspResponse(source, &idx, resp, size) < 0) return ASN_PARSE_E; - + return 0; } @@ -7508,7 +7507,7 @@ static word32 SetOcspReqExtensions(word32 extSz, byte* output, WOLFSSL_ENTER("SetOcspReqExtensions"); if (nonce == NULL || nonceSz == 0) return 0; - + seqArray[0][0] = ASN_OCTET_STRING; seqSz[0] = 1 + SetLength(nonceSz, &seqArray[0][1]); @@ -7671,7 +7670,7 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp) WOLFSSL_MSG("\tnonceSz mismatch"); return cmp; } - + cmp = XMEMCMP(req->nonce, resp->nonce, req->nonceSz); if (cmp != 0) { diff --git a/wolfssl/version.h b/wolfssl/version.h index c14cdc514..8f69cdc53 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.6.3" -#define LIBWOLFSSL_VERSION_HEX 0x03006003 +#define LIBWOLFSSL_VERSION_STRING "3.6.6" +#define LIBWOLFSSL_VERSION_HEX 0x03006006 #ifdef __cplusplus } From d2ea6f7ef0795175c1172da8f47c8502594cce9f Mon Sep 17 00:00:00 2001 From: Ludovic FLAMENT Date: Mon, 7 Sep 2015 09:51:21 +0200 Subject: [PATCH 07/14] Add support for : - PEM public key loading - set/get KeyUsage in CSR and X.509 - set/get SKID in CSR and X.509 - set/get AKID in X.509 - set/get two Certificate Policies OID in X.509 --- certs/1024/client-keyPub.der | Bin 0 -> 162 bytes certs/client-keyPub.der | Bin 0 -> 294 bytes certs/ecc-keyPub.der | Bin 0 -> 91 bytes configure.ac | 25 +- gencertbuf.pl | 4 +- src/ssl.c | 120 ++- wolfcrypt/src/asn.c | 1252 ++++++++++++++++++++++++++++--- wolfcrypt/test/test.c | 459 ++++++++++- wolfssl/ssl.h | 15 +- wolfssl/wolfcrypt/asn.h | 40 +- wolfssl/wolfcrypt/asn_public.h | 75 +- wolfssl/wolfcrypt/error-crypt.h | 8 + wolfssl/wolfcrypt/logging.h | 4 + wolfssl/wolfcrypt/types.h | 1 + 14 files changed, 1847 insertions(+), 156 deletions(-) create mode 100644 certs/1024/client-keyPub.der create mode 100644 certs/client-keyPub.der create mode 100644 certs/ecc-keyPub.der diff --git a/certs/1024/client-keyPub.der b/certs/1024/client-keyPub.der new file mode 100644 index 0000000000000000000000000000000000000000..a5c1817d943c577c7cee292682f279f1fc6982ea GIT binary patch literal 162 zcmXqLoNvI(#;Mij(e|B}k&%&=fw{4l!Jx5|sj-n^Pch#L&(9@`R=$^5dMk9M;?EOr zHs^XgH8m|QH-B?6aYDS^%_mpyPdRmP<#owhZ6{y&9!WH7`nP&*UAgM+Ucse%lB`x( zoUvTQlD6gh_s^?t`7-hCj_b|zxKn;ogHP#Y_7b&SJ}(ab^~%?lf8Vw4+k~X2DRQs1 VZPHKNQD^uzF(Y*)6EhbJFWETE@p*r- z?Y?=SG|xiouOAnCnLc@VZrXk6y8V9BF9^I?!C}z2UV+4l~V~ zcgZ;vDT!YXN>wS|aPGb2*>(Rba;gsqF<qINs? z*P7k`Reg?Jto%}Vxy?aBcti5mB0qy8(_7kf!}PC@4lI3fA~ literal 0 HcmV?d00001 diff --git a/configure.ac b/configure.ac index 57d6eb83d..01cb9f44b 100644 --- a/configure.ac +++ b/configure.ac @@ -226,7 +226,7 @@ AC_ARG_ENABLE([bump], if test "$ENABLED_BUMP" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT" + AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT -DWOLFSSL_CERT_EXT" fi ENABLED_SLOWMATH="yes" @@ -638,6 +638,23 @@ then fi +# CERT REQUEST EXTENSION +AC_ARG_ENABLE([certext], + [ --enable-certext Enable cert request extensions (default: disabled)], + [ ENABLED_CERTEXT=$enableval ], + [ ENABLED_CERTEXT=no ] + ) + +if test "$ENABLED_CERTEXT" = "yes" +then + if test "$ENABLED_CERTEXT" = "no" + then + AC_MSG_ERROR([cannot enable certext without enabling certgen.]) + fi + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" +fi + + # SEP AC_ARG_ENABLE([sep], [ --enable-sep Enable sep extensions (default: disabled)], @@ -1661,6 +1678,11 @@ then ENABLED_CERTREQ="yes" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ" fi + if test "x$ENABLED_CERTEXT" = "xno" + then + ENABLED_CERTEXT="yes" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" + fi if test "x$ENABLED_PKCS7" = "xno" then ENABLED_PKCS7="yes" @@ -2348,6 +2370,7 @@ echo " * BLAKE2: $ENABLED_BLAKE2" echo " * keygen: $ENABLED_KEYGEN" echo " * certgen: $ENABLED_CERTGEN" echo " * certreq: $ENABLED_CERTREQ" +echo " * certext: $ENABLED_CERTEXT" echo " * HC-128: $ENABLED_HC128" echo " * RABBIT: $ENABLED_RABBIT" echo " * CHACHA: $ENABLED_CHACHA" diff --git a/gencertbuf.pl b/gencertbuf.pl index d3d116695..d58cd5aa7 100755 --- a/gencertbuf.pl +++ b/gencertbuf.pl @@ -20,6 +20,7 @@ my $outputFile = "./wolfssl/certs_test.h"; my @fileList_1024 = ( [ "./certs/1024/client-key.der", "client_key_der_1024" ], + [ "./certs/1024/client-keyPub.der", "client_keypub_der_1024" ], [ "./certs/1024/client-cert.der", "client_cert_der_1024" ], [ "./certs/1024/dh1024.der", "dh_key_der_1024" ], [ "./certs/1024/dsa1024.der", "dsa_key_der_1024" ], @@ -31,6 +32,7 @@ my @fileList_1024 = ( my @fileList_2048 = ( [ "./certs/client-key.der", "client_key_der_2048" ], + [ "./certs/client-keyPub.der", "client_keypub_der_2048" ], [ "./certs/client-cert.der", "client_cert_der_2048" ], [ "./certs/dh2048.der", "dh_key_der_2048" ], [ "./certs/dsa2048.der", "dsa_key_der_2048" ], @@ -140,6 +142,6 @@ sub file_to_hex { print OUT_FILE "\n"; - close($fp); + close($fp); } diff --git a/src/ssl.c b/src/ssl.c index 30e266011..a09d93c79 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1688,7 +1688,6 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, return ret; } - #endif /* !NO_CERTS */ @@ -2391,14 +2390,15 @@ int PemToDer(const unsigned char* buff, long longSz, int type, switch (type) { case CA_TYPE: /* same as below */ - case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; break; - case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break; - case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break; - case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break; - case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break; - case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break; - case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break; - default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break; + case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; break; + case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break; + case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break; + case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break; + case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break; + case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break; + case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break; + case PUBLICKEY_TYPE: header=BEGIN_PUB_KEY; footer=END_PUB_KEY; break; + default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break; } switch (type) { @@ -3968,6 +3968,108 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) #endif /* WOLFSSL_CERT_GEN */ +#ifdef WOLFSSL_CERT_EXT +/* load pem public key from file into der buffer, return der size or error */ +int wolfSSL_PemPubKeyToDer(const char* fileName, + unsigned char* derBuf, int derSz) +{ +#ifdef WOLFSSL_SMALL_STACK + byte staticBuffer[1]; /* force XMALLOC */ +#else + byte staticBuffer[FILE_BUFFER_SIZE]; +#endif + byte* fileBuf = staticBuffer; + int dynamic = 0; + int ret = 0; + long sz = 0; + XFILE file = XFOPEN(fileName, "rb"); + buffer converted; + + WOLFSSL_ENTER("wolfSSL_PemPubKeyToDer"); + + if (file == XBADFILE) + ret = SSL_BAD_FILE; + else { + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + + if (sz < 0) { + ret = SSL_BAD_FILE; + } + else if (sz > (long)sizeof(staticBuffer)) { + fileBuf = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_FILE); + if (fileBuf == NULL) + ret = MEMORY_E; + else + dynamic = 1; + } + + converted.buffer = 0; + + if (ret == 0) { + if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) + ret = SSL_BAD_FILE; + else + ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, &converted, + 0, NULL, NULL); + + if (ret == 0) { + if (converted.length < (word32)derSz) { + XMEMCPY(derBuf, converted.buffer, converted.length); + ret = converted.length; + } + else + ret = BUFFER_E; + } + + XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA); + } + + XFCLOSE(file); + if (dynamic) + XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE); + } + + return ret; +} + +/* Return bytes written to buff or < 0 for error */ +int wolfSSL_PubKeyPemToDer(const unsigned char* pem, int pemSz, + unsigned char* buff, int buffSz) +{ + int ret; + buffer der; + + WOLFSSL_ENTER("wolfSSL_PubKeyPemToDer"); + + if (pem == NULL || buff == NULL || buffSz <= 0) { + WOLFSSL_MSG("Bad pem der args"); + return BAD_FUNC_ARG; + } + + der.buffer = NULL; + + ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL); + if (ret < 0) { + WOLFSSL_MSG("Bad Pem To Der"); + } + else { + if (der.length <= (word32)buffSz) { + XMEMCPY(buff, der.buffer, der.length); + ret = der.length; + } + else { + WOLFSSL_MSG("Bad der length"); + ret = BAD_FUNC_ARG; + } + } + + XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY); + return ret; +} + +#endif /* WOLFSSL_CERT_EXT */ int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file, int format) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index cb8cee79c..0f28554e7 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1444,7 +1444,6 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) word32 seqSz, verSz, rawLen, intTotalLen = 0; word32 sizes[DSA_INTS]; int i, j, outLen, ret = 0, lbit; - int err; byte seq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; @@ -1645,6 +1644,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) cert->extCertPolicyCrit = 0; #endif /* OPENSSL_EXTRA */ #endif /* WOLFSSL_SEP */ +#ifdef WOLFSSL_CERT_EXT + XMEMSET(cert->extCertPolicies, 0, MAX_CERTPOL_NB*MAX_CERTPOL_SZ); + cert->extCertPoliciesNb = 0; +#endif } @@ -4011,12 +4014,9 @@ static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert) unusedBits = input[idx++]; length--; - if (length == 2) { - cert->extKeyUsage = (word16)((input[idx] << 8) | input[idx+1]); - cert->extKeyUsage >>= unusedBits; - } - else if (length == 1) - cert->extKeyUsage = (word16)(input[idx] << 1); + cert->extKeyUsage = (word16)(input[idx]); + if (length == 2) + cert->extKeyUsage |= (word16)(input[idx+1] << 8); return 0; } @@ -4163,17 +4163,69 @@ static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert) } #endif /* IGNORE_NAME_CONSTRAINTS */ +#ifdef WOLFSSL_CERT_EXT +/* Decode ITU-T X.690 OID format to a string representation + * return string length */ +static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz) +{ + word32 val, idx = 0, nb_bytes; + size_t w_bytes = 0; -#ifdef WOLFSSL_SEP + if (out == NULL || in == NULL || outSz < 4 || inSz < 2) + return BAD_FUNC_ARG; + + /* first two byte must be interpreted as : 40 * int1 + int2 */ + val = (word16)in[idx++]; + + XSNPRINTF(out, outSz, "%d.%d", val / 40, val % 40); + w_bytes += XSTRLEN(out); + + while (idx < inSz) { + /* init value */ + val = 0; + nb_bytes = 0; + + /* check that output size is ok */ + if (w_bytes > (outSz - 3)) + return BUFFER_E; + + /* first bit is used to set if value is coded on 1 or multiple bytes */ + while ((in[idx+nb_bytes] & 0x80)) + nb_bytes++; + + if (!nb_bytes) + val = (word32)(in[idx++] & 0x7f); + else { + word32 base = 1, tmp = nb_bytes; + + while (tmp != 0) { + val += (word32)(in[idx+tmp] & 0x7f) * base; + base *= 128; + tmp--; + } + val += (word32)(in[idx++] & 0x7f) * base; + + idx += nb_bytes; + } + + XSNPRINTF(out+XSTRLEN(out), outSz, ".%d", val); + w_bytes = XSTRLEN(out); + } + + return 0; +} +#endif /* WOLFSSL_CERT_EXT */ + +#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) static int DecodeCertPolicy(byte* input, int sz, DecodedCert* cert) { word32 idx = 0; - int length = 0; + int total_length = 0, length = 0; WOLFSSL_ENTER("DecodeCertPolicy"); /* Unwrap certificatePolicies */ - if (GetSequence(input, &idx, &length, sz) < 0) { + if (GetSequence(input, &idx, &total_length, sz) < 0) { WOLFSSL_MSG("\tdeviceType isn't OID"); return ASN_PARSE_E; } @@ -4182,11 +4234,13 @@ static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert) WOLFSSL_MSG("\tdeviceType isn't OID"); return ASN_PARSE_E; } + total_length -= (length+1); if (input[idx++] != ASN_OBJECT_ID) { WOLFSSL_MSG("\tdeviceType isn't OID"); return ASN_PARSE_E; } + total_length--; if (GetLength(input, &idx, &length, sz) < 0) { WOLFSSL_MSG("\tCouldn't read length of deviceType"); @@ -4194,6 +4248,7 @@ static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert) } if (length > 0) { +#if defined(WOLFSSL_SEP) cert->deviceType = (byte*)XMALLOC(length, cert->heap, 0); if (cert->deviceType == NULL) { WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); @@ -4201,6 +4256,46 @@ static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert) } cert->deviceTypeSz = length; XMEMCPY(cert->deviceType, input + idx, length); +#elif defined(WOLFSSL_CERT_EXT) + /* decode cert policy */ + if (DecodePolicyOID(cert->extCertPolicies[0], MAX_CERTPOL_SZ, + input+idx, length) != 0) { + WOLFSSL_MSG("\tCouldn't read Policy OID 1"); + return ASN_PARSE_E; + } + cert->extCertPoliciesNb++; + + /* check if we have a second value */ + if (total_length) { + idx += length; + + if (GetSequence(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tdeviceType isn't OID"); + return ASN_PARSE_E; + } + + if (input[idx++] != ASN_OBJECT_ID) { + WOLFSSL_MSG("\tdeviceType isn't OID"); + return ASN_PARSE_E; + } + + if (GetLength(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tCouldn't read length of deviceType"); + return ASN_PARSE_E; + } + + /* decode cert policy */ + if (DecodePolicyOID(cert->extCertPolicies[1], MAX_CERTPOL_SZ, + input+idx, length) != 0) { + WOLFSSL_MSG("\tCouldn't read Policy OID 2"); + return ASN_PARSE_E; + } + cert->extCertPoliciesNb++; + } +#else + WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0); + return 0; +#endif } WOLFSSL_LEAVE("DecodeCertPolicy", 0); @@ -4228,14 +4323,20 @@ static int DecodeCertExtensions(DecodedCert* cert) if (input == NULL || sz == 0) return BAD_FUNC_ARG; - if (input[idx++] != ASN_EXTENSIONS) + if (input[idx++] != ASN_EXTENSIONS) { + WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); return ASN_PARSE_E; + } - if (GetLength(input, &idx, &length, sz) < 0) + if (GetLength(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tfail: invalid length"); return ASN_PARSE_E; + } - if (GetSequence(input, &idx, &length, sz) < 0) + if (GetSequence(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)"); return ASN_PARSE_E; + } while (idx < (word32)sz) { if (GetSequence(input, &idx, &length, sz) < 0) { @@ -4327,8 +4428,10 @@ static int DecodeCertExtensions(DecodedCert* cert) cert->extCertPolicySet = 1; cert->extCertPolicyCrit = critical; #endif - if (DecodeCertPolicy(&input[idx], length, cert) < 0) - return ASN_PARSE_E; + #endif + #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) + if (DecodeCertPolicy(&input[idx], length, cert) < 0) + return ASN_PARSE_E; #endif break; @@ -4672,6 +4775,8 @@ const char* BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----"; const char* END_EC_PRIV = "-----END EC PRIVATE KEY-----"; const char* BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; const char* END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; +const char* BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----"; +const char* END_PUB_KEY = "-----END PUBLIC KEY-----"; #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) @@ -5000,6 +5105,15 @@ void wc_InitCert(Cert* cert) cert->altNamesSz = 0; cert->beforeDateSz = 0; cert->afterDateSz = 0; +#endif +#ifdef WOLFSSL_CERT_EXT + cert->skidSz = 0; + cert->akidSz = 0; + cert->keyUsage = 0; + cert->certPoliciesNb = 0; + XMEMSET(cert->akid, 0, CTC_MAX_AKID_SIZE); + XMEMSET(cert->skid, 0, CTC_MAX_SKID_SIZE); + XMEMSET(cert->certPolicies, 0, CTC_MAX_CERTPOL_NB*CTC_MAX_CERTPOL_SZ); #endif cert->keyType = RSA_KEY; XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE); @@ -5053,9 +5167,18 @@ typedef struct DerCert { byte validity[MAX_DATE_SIZE*2 + MAX_SEQ_SZ*2]; /* before and after dates */ byte publicKey[MAX_PUBLIC_KEY_SZ]; /* rsa / ntru public key encoded */ byte ca[MAX_CA_SZ]; /* basic constraint CA true size */ - byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */ + byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */ +#ifdef WOLFSSL_CERT_EXT + byte skid[MAX_KID_SZ]; /* Subject Key Identifier extension */ + byte akid[MAX_KID_SZ]; /* Authority Key Identifier extension */ + byte keyUsage[MAX_KEYUSAGE_SZ]; /* Key Usage extension */ + byte certPolicies[MAX_CERTPOL_NB*MAX_CERTPOL_SZ]; /* Certificate Policies */ +#endif #ifdef WOLFSSL_CERT_REQ byte attrib[MAX_ATTRIB_SZ]; /* Cert req attributes encoded */ +#endif +#ifdef WOLFSSL_ALT_NAMES + byte altNames[CTC_MAX_ALT_SIZE]; /* Alternative Names encoded */ #endif int sizeSz; /* encoded size length */ int versionSz; /* encoded version length */ @@ -5066,6 +5189,15 @@ typedef struct DerCert { int validitySz; /* encoded validity length */ int publicKeySz; /* encoded public key length */ int caSz; /* encoded CA extension length */ +#ifdef WOLFSSL_CERT_EXT + int skidSz; /* encoded SKID extension length */ + int akidSz; /* encoded SKID extension length */ + int keyUsageSz; /* encoded KeyUsage extension length */ + int certPoliciesSz; /* encoded CertPolicies extension length*/ +#endif +#ifdef WOLFSSL_ALT_NAMES + int altNamesSz; /* encoded AltNames extension length */ +#endif int extensionsSz; /* encoded extensions total length */ int total; /* total encoded lengths */ #ifdef WOLFSSL_CERT_REQ @@ -5103,7 +5235,7 @@ static int SetSerial(const byte* serial, byte* output) /* Write a public ECC key to output */ -static int SetEccPublicKey(byte* output, ecc_key* key) +static int SetEccPublicKey(byte* output, ecc_key* key, int with_header) { byte len[MAX_LENGTH_SZ + 1]; /* trailing 0 */ int algoSz; @@ -5135,58 +5267,63 @@ static int SetEccPublicKey(byte* output, ecc_key* key) return ret; } -#ifdef WOLFSSL_SMALL_STACK - curve = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (curve == NULL) { - XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return MEMORY_E; - } -#endif - /* headers */ - curveSz = SetCurve(key, curve); - if (curveSz <= 0) { + if (with_header) { #ifdef WOLFSSL_SMALL_STACK - XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); + curve = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (curve == NULL) { + XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } #endif - return curveSz; - } + curveSz = SetCurve(key, curve); + if (curveSz <= 0) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return curveSz; + } #ifdef WOLFSSL_SMALL_STACK - algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (algo == NULL) { - XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return MEMORY_E; - } + algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (algo == NULL) { + XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } #endif + algoSz = SetAlgoID(ECDSAk, algo, keyType, curveSz); - algoSz = SetAlgoID(ECDSAk, algo, keyType, curveSz); - lenSz = SetLength(pubSz + 1, len); - len[lenSz++] = 0; /* trailing 0 */ + lenSz = SetLength(pubSz + 1, len); + len[lenSz++] = 0; /* trailing 0 */ + + /* write, 1 is for ASN_BIT_STRING */ + idx = SetSequence(pubSz + curveSz + lenSz + 1 + algoSz, output); + /* algo */ + XMEMCPY(output + idx, algo, algoSz); + idx += algoSz; + /* curve */ + XMEMCPY(output + idx, curve, curveSz); + idx += curveSz; + /* bit string */ + output[idx++] = ASN_BIT_STRING; + /* length */ + XMEMCPY(output + idx, len, lenSz); + idx += lenSz; + } + else + idx = 0; - /* write */ - idx = SetSequence(pubSz + curveSz + lenSz + 1 + algoSz, output); - /* 1 is for ASN_BIT_STRING */ - /* algo */ - XMEMCPY(output + idx, algo, algoSz); - idx += algoSz; - /* curve */ - XMEMCPY(output + idx, curve, curveSz); - idx += curveSz; - /* bit string */ - output[idx++] = ASN_BIT_STRING; - /* length */ - XMEMCPY(output + idx, len, lenSz); - idx += lenSz; /* pub */ XMEMCPY(output + idx, pub, pubSz); idx += pubSz; #ifdef WOLFSSL_SMALL_STACK - XFREE(algo, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (with_header) { + XFREE(algo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(curve, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -5198,7 +5335,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key) /* Write a public RSA key to output */ -static int SetRsaPublicKey(byte* output, RsaKey* key) +static int SetRsaPublicKey(byte* output, RsaKey* key, int with_header) { #ifdef WOLFSSL_SMALL_STACK byte* n = NULL; @@ -5292,31 +5429,39 @@ static int SetRsaPublicKey(byte* output, RsaKey* key) } #ifdef WOLFSSL_SMALL_STACK - algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (algo == NULL) { - XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return MEMORY_E; + if (with_header) { + algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (algo == NULL) { + XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } } #endif - /* headers */ - algoSz = SetAlgoID(RSAk, algo, keyType, 0); seqSz = SetSequence(nSz + eSz, seq); - lenSz = SetLength(seqSz + nSz + eSz + 1, len); - len[lenSz++] = 0; /* trailing 0 */ - /* write */ - idx = SetSequence(nSz + eSz + seqSz + lenSz + 1 + algoSz, output); - /* 1 is for ASN_BIT_STRING */ - /* algo */ - XMEMCPY(output + idx, algo, algoSz); - idx += algoSz; - /* bit string */ - output[idx++] = ASN_BIT_STRING; - /* length */ - XMEMCPY(output + idx, len, lenSz); - idx += lenSz; + /* headers */ + if (with_header) { + algoSz = SetAlgoID(RSAk, algo, keyType, 0); + lenSz = SetLength(seqSz + nSz + eSz + 1, len); + len[lenSz++] = 0; /* trailing 0 */ + + /* write */ + idx = SetSequence(nSz + eSz + seqSz + lenSz + 1 + algoSz, output); + /* 1 is for ASN_BIT_STRING */ + /* algo */ + XMEMCPY(output + idx, algo, algoSz); + idx += algoSz; + /* bit string */ + output[idx++] = ASN_BIT_STRING; + /* length */ + XMEMCPY(output + idx, len, lenSz); + idx += lenSz; + } + else + idx = 0; + /* seq */ XMEMCPY(output + idx, seq, seqSz); idx += seqSz; @@ -5330,7 +5475,8 @@ static int SetRsaPublicKey(byte* output, RsaKey* key) #ifdef WOLFSSL_SMALL_STACK XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(algo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (with_header) + XFREE(algo, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return idx; @@ -5583,29 +5729,51 @@ static byte GetNameId(int idx) } } +/* + Extensions ::= SEQUENCE OF Extension + + Extension ::= SEQUENCE { + extnId OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING } + */ /* encode all extensions, return total bytes written */ -static int SetExtensions(byte* output, const byte* ext, int extSz, int header) +static int SetExtensions(byte* output, int *IdxInOut, + const byte* ext, int extSz) +{ + if (output == NULL || IdxInOut == NULL || ext == NULL) + return BAD_FUNC_ARG; + + XMEMCPY(&output[*IdxInOut], ext, extSz); /* extensions */ + *IdxInOut += extSz; + + return *IdxInOut; +} + +/* encode extensions header, return total bytes written */ +static int SetExtensionsHeader(byte* output, int extSz) { byte sequence[MAX_SEQ_SZ]; byte len[MAX_LENGTH_SZ]; + int seqSz, lenSz, idx = 0; - int sz = 0; - int seqSz = SetSequence(extSz, sequence); + if (output == NULL) + return BAD_FUNC_ARG; - if (header) { - int lenSz = SetLength(seqSz + extSz, len); - output[0] = ASN_EXTENSIONS; /* extensions id */ - sz++; - XMEMCPY(&output[sz], len, lenSz); /* length */ - sz += lenSz; - } - XMEMCPY(&output[sz], sequence, seqSz); /* sequence */ - sz += seqSz; - XMEMCPY(&output[sz], ext, extSz); /* extensions */ - sz += extSz; + seqSz = SetSequence(extSz, sequence); - return sz; + /* encode extensions length provided */ + lenSz = SetLength(extSz+seqSz, len); + + output[idx++] = ASN_EXTENSIONS; /* extensions id */ + XMEMCPY(&output[idx], len, lenSz); /* length */ + idx += lenSz; + + XMEMCPY(&output[idx], sequence, seqSz); /* sequence */ + idx += seqSz; + + return idx; } @@ -5621,6 +5789,289 @@ static int SetCa(byte* output) } +#ifdef WOLFSSL_CERT_EXT +/* encode OID and associated value, return total bytes written */ +static int SetOidValue(byte* out, const byte *oid, word32 oidSz, + byte *in, word32 inSz) +{ + int idx = 0; + + if (out == NULL || oid == NULL || in == NULL) + return BAD_FUNC_ARG; + + /* sequence, + 1 => byte to put value size */ + idx = SetSequence(inSz + oidSz + 1, out); + + XMEMCPY(out+idx, oid, oidSz); + idx += oidSz; + out[idx++] = (byte)inSz; + XMEMCPY(out+idx, in, inSz); + + return (idx+inSz); +} + +/* encode Subject Key Identifier, return total bytes written + * RFC5280 : non-critical */ +static int SetSKID(byte* output, byte *input, word32 length) +{ + byte skid_len[MAX_LENGTH_SZ]; + byte skid_enc_len[MAX_LENGTH_SZ]; + int idx = 0, skid_lenSz, skid_enc_lenSz; + static const byte skid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04 }; + + if (output == NULL || input == NULL) + return BAD_FUNC_ARG; + + /* length of value */ + skid_lenSz = SetLength(length, skid_len); + + /* length of encoded value */ + skid_enc_lenSz = SetLength(length + skid_lenSz + 1, skid_enc_len); + + /* sequence, + 1 => byte to put type size */ + idx = SetSequence(length + sizeof(skid_oid) + skid_lenSz + skid_enc_lenSz+1, + output); + + /* put oid */ + XMEMCPY(output+idx, skid_oid, sizeof(skid_oid)); + idx += sizeof(skid_oid); + + /* put encoded len */ + XMEMCPY(output+idx, skid_enc_len, skid_enc_lenSz); + idx += skid_enc_lenSz; + + /* put type */ + output[idx++] = ASN_OCTET_STRING; + + /* put value len */ + XMEMCPY(output+idx, skid_len, skid_lenSz); + idx += skid_lenSz; + + /* put value */ + XMEMCPY(output+idx, input, length); + idx += length; + + return idx; +} + +/* encode Authority Key Identifier, return total bytes written + * RFC5280 : non-critical */ +static int SetAKID(byte* output, byte *input, word32 length) +{ + byte *enc_val; + int ret, enc_valSz; + static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04}; + static const byte akid_cs[] = { 0x80 }; + + if (output == NULL || input == NULL) + return BAD_FUNC_ARG; + + enc_val = (byte *)XMALLOC(length+3+sizeof(akid_cs), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (enc_val == NULL) + return MEMORY_E; + + /* sequence for ContentSpec & value */ + enc_valSz = SetOidValue(enc_val, akid_cs, sizeof(akid_cs), input, length); + if (enc_valSz == 0) { + XFREE(enc_val, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return 0; + } + + ret = SetOidValue(output, akid_oid, sizeof(akid_oid), enc_val, enc_valSz); + + XFREE(enc_val, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} + +/* encode Key Usage, return total bytes written + * RFC5280 : critical */ +static int SetKeyUsage(byte* output, word16 input) +{ + byte ku[5]; + int unusedBits = 0; + static const byte keyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f, + 0x01, 0x01, 0xff, 0x04}; + + if (output == NULL) + return BAD_FUNC_ARG; + + /* Key Usage is a BitString */ + ku[0] = ASN_BIT_STRING; + + /* put the Bit String size */ + if (input > 255) { + ku[1] = (byte)3; + + /* compute unused bits */ + while (((((input >> 8) & 0xff) >> unusedBits) & 0x01) == 0) + unusedBits++; + } + else { + ku[1] = (byte)2; + + /* compute unused bits */ + while (((input >> unusedBits) & 0x01) == 0) + unusedBits++; + } + + /* put unused bits value */ + ku[2] = (byte)unusedBits; + + /* compute byte value */ + ku[3] = (byte)(input & 0xff); + if (input > 255) + ku[4] = (byte)((input >> 8) & 0xff); + + return SetOidValue(output, keyusage_oid, sizeof(keyusage_oid), + ku, (int)ku[1]+2); +} + +/* Encode OID string representation to ITU-T X.690 format */ +static int EncodePolicyOID(byte *out, word32 *outSz, const char *in) +{ + word32 val, idx = 0, nb_val; + char *token, *str; + word32 len; + + if (out == NULL || outSz == NULL || *outSz < 2 || in == NULL) + return BAD_FUNC_ARG; + + len = (word32)XSTRLEN(in); + + str = (char *)XMALLOC(len+1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (str == NULL) + return MEMORY_E; + + XSTRNCPY(str, in, len); + str[len] = 0x00; + + nb_val = 0; + + /* parse value, and set corresponding Policy OID value */ + while ((token = strsep(&str, ".")) != NULL) + { + val = (word32)atoi(token); + + if (nb_val == 0) { + if (val > 2) { + XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER); + return ASN_OBJECT_ID_E; + } + + out[idx] = (byte)(40 * val); + } + else if (nb_val == 1) { + if (val > 127) { + XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER); + return ASN_OBJECT_ID_E; + } + + if (idx > *outSz) { + XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER); + return BUFFER_E; + } + + out[idx++] += (byte)val; + } + else { + word32 tb = 0, x; + int i = 0; + byte oid[MAX_OID_SZ]; + + while (val >= 128) { + x = val % 128; + val /= 128; + oid[i++] = (byte) (((tb++) ? 0x80 : 0) | x); + } + + if ((idx+(word32)i) > *outSz) { + XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER); + return BUFFER_E; + } + + oid[i] = (byte) (((tb++) ? 0x80 : 0) | val); + + /* push value in the right order */ + while (i >= 0) + out[idx++] = oid[i--]; + } + + nb_val++; + } + + *outSz = idx; + + XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER); + return 0; +} + +/* encode Certificate Policies, return total bytes written + * each input value must be ITU-T X.690 formatted : a.b.c... + * input must be an array of values with a NULL terminated for the latest + * RFC5280 : non-critical */ +static int SetCertificatePolicies(byte *output, + char input[MAX_CERTPOL_NB][MAX_CERTPOL_SZ], + word16 nb_certpol) +{ + byte oid[MAX_OID_SZ], + der_oid[MAX_CERTPOL_NB][MAX_OID_SZ], + out[MAX_CERTPOL_SZ]; + word32 oidSz; + word32 outSz, i = 0, der_oidSz[MAX_CERTPOL_NB]; + int ret; + + static const byte certpol_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04 }; + static const byte oid_oid[] = { 0x06 }; + + if (output == NULL || input == NULL || nb_certpol > MAX_CERTPOL_NB) + return BAD_FUNC_ARG; + + for (i = 0; i < nb_certpol; i++) { + oidSz = sizeof(oid); + memset(oid, 0, oidSz); + + ret = EncodePolicyOID(oid, &oidSz, input[i]); + if (ret != 0) + return ret; + + /* compute sequence value for the oid */ + ret = SetOidValue(der_oid[i], oid_oid, sizeof(oid_oid), oid, oidSz); + if (ret <= 0) + return ret; + else + der_oidSz[i] = (word32)ret; + } + + /* concatene oid, keep two byte for sequence/size of the created value */ + for (i = 0, outSz = 2; i < nb_certpol; i++) { + XMEMCPY(out+outSz, der_oid[i], der_oidSz[i]); + outSz += der_oidSz[i]; + } + + /* add sequence */ + ret = SetSequence(outSz-2, out); + if (ret <= 0) + return ret; + + /* add Policy OID to compute final value */ + return SetOidValue(output, certpol_oid, sizeof(certpol_oid), + out, outSz); +} +#endif /* WOLFSSL_CERT_EXT */ + +#ifdef WOLFSSL_ALT_NAMES +/* encode Alternative Names, return total bytes written */ +static int SetAltNames(byte *output, byte *input, word32 length) +{ + /* Alternative Names come from certificate or computed by + * external function, so already encoded. Just copy value */ + XMEMCPY(output, input, length); + return length; +} +#endif /* WOLFSL_ALT_NAMES */ + + /* encode CertName into output, return total bytes written */ static int SetName(byte* output, CertName* name) { @@ -5787,7 +6238,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, if (cert->keyType == RSA_KEY) { if (rsaKey == NULL) return PUBLIC_KEY_E; - der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey); + der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey, 1); if (der->publicKeySz <= 0) return PUBLIC_KEY_E; } @@ -5796,7 +6247,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, if (cert->keyType == ECC_KEY) { if (eccKey == NULL) return PUBLIC_KEY_E; - der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey); + der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey, 1); if (der->publicKeySz <= 0) return PUBLIC_KEY_E; } @@ -5851,34 +6302,152 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, if (der->issuerSz == 0) return ISSUER_E; + /* set the extensions */ + der->extensionsSz = 0; + /* CA */ if (cert->isCA) { der->caSz = SetCa(der->ca); if (der->caSz == 0) return CA_TRUE_E; + + der->extensionsSz += der->caSz; } else der->caSz = 0; - /* extensions, just CA now */ - if (cert->isCA) { - der->extensionsSz = SetExtensions(der->extensions, - der->ca, der->caSz, TRUE); - if (der->extensionsSz == 0) - return EXTENSIONS_E; +#ifdef WOLFSSL_ALT_NAMES + /* Alternative Name */ + if (cert->altNamesSz) { + der->altNamesSz = SetAltNames(der->altNames, + cert->altNames, cert->altNamesSz); + if (der->altNamesSz == 0) + return ALT_NAME_E; + + der->extensionsSz += der->altNamesSz; } else - der->extensionsSz = 0; + der->altNamesSz = 0; +#endif -#ifdef WOLFSSL_ALT_NAMES - if (der->extensionsSz == 0 && cert->altNamesSz) { - der->extensionsSz = SetExtensions(der->extensions, cert->altNames, - cert->altNamesSz, TRUE); +#ifdef WOLFSSL_CERT_EXT + /* SKID */ + if (cert->skidSz) { + /* check the provided SKID size */ + if (cert->skidSz > (int)sizeof(der->skid)) + return SKID_E; + + der->skidSz = SetSKID(der->skid, cert->skid, cert->skidSz); + if (der->skidSz == 0) + return SKID_E; + + der->extensionsSz += der->skidSz; + } + else + der->skidSz = 0; + + /* AKID */ + if (cert->akidSz) { + /* check the provided AKID size */ + if (cert->akidSz > (int)sizeof(der->akid)) + return AKID_E; + + der->akidSz = SetAKID(der->akid, cert->akid, cert->akidSz); + if (der->akidSz == 0) + return AKID_E; + + der->extensionsSz += der->akidSz; + } + else + der->akidSz = 0; + + /* Key Usage */ + if (cert->keyUsage != 0){ + der->keyUsageSz = SetKeyUsage(der->keyUsage, cert->keyUsage); + if (der->keyUsageSz == 0) + return KEYUSAGE_E; + + der->extensionsSz += der->keyUsageSz; + } + else + der->keyUsageSz = 0; + + /* Certificate Policies */ + if (cert->certPoliciesNb != 0) { + der->certPoliciesSz = SetCertificatePolicies(der->certPolicies, + cert->certPolicies, + cert->certPoliciesNb); + if (der->certPoliciesSz == 0) + return CERTPOLICIES_E; + + der->extensionsSz += der->certPoliciesSz; + } + else + der->certPoliciesSz = 0; +#endif /* WOLFSSL_CERT_EXT */ + + /* put extensions */ + if (der->extensionsSz > 0) { + + /* put the start of extensions sequence (ID, Size) */ + der->extensionsSz = SetExtensionsHeader(der->extensions, + der->extensionsSz); if (der->extensionsSz == 0) return EXTENSIONS_E; - } + + /* put CA */ + if (der->caSz) { + ret = SetExtensions(der->extensions, &der->extensionsSz, + der->ca, der->caSz); + if (ret == 0) + return EXTENSIONS_E; + } + +#ifdef WOLFSSL_ALT_NAMES + /* put Alternative Names */ + if (der->altNamesSz) { + ret = SetExtensions(der->extensions, &der->extensionsSz, + der->altNames, der->altNamesSz); + if (ret == 0) + return EXTENSIONS_E; + } #endif +#ifdef WOLFSSL_CERT_EXT + /* put SKID */ + if (der->skidSz) { + ret = SetExtensions(der->extensions, &der->extensionsSz, + der->skid, der->skidSz); + if (ret == 0) + return EXTENSIONS_E; + } + + /* put AKID */ + if (der->akidSz) { + ret = SetExtensions(der->extensions, &der->extensionsSz, + der->akid, der->akidSz); + if (ret == 0) + return EXTENSIONS_E; + } + + /* put KeyUsage */ + if (der->keyUsageSz) { + ret = SetExtensions(der->extensions, &der->extensionsSz, + der->keyUsage, der->keyUsageSz); + if (ret == 0) + return EXTENSIONS_E; + } + + /* put Certificate Policies */ + if (der->certPoliciesSz) { + ret = SetExtensions(der->extensions, &der->extensionsSz, + der->certPolicies, der->certPoliciesSz); + if (ret == 0) + return EXTENSIONS_E; + } +#endif /* WOLFSSL_CERT_EXT */ + } + der->total = der->versionSz + der->serialSz + der->sigAlgoSz + der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz + der->extensionsSz; @@ -6072,7 +6641,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, #endif ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz); - if (ret == 0) { if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) ret = BUFFER_E; @@ -6201,7 +6769,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, if (cert->keyType == RSA_KEY) { if (rsaKey == NULL) return PUBLIC_KEY_E; - der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey); + der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey, 1); if (der->publicKeySz <= 0) return PUBLIC_KEY_E; } @@ -6210,30 +6778,98 @@ static int EncodeCertReq(Cert* cert, DerCert* der, if (cert->keyType == ECC_KEY) { if (eccKey == NULL) return PUBLIC_KEY_E; - der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey); + der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey, 1); if (der->publicKeySz <= 0) return PUBLIC_KEY_E; } #endif /* HAVE_ECC */ + /* set the extensions */ + der->extensionsSz = 0; + /* CA */ if (cert->isCA) { der->caSz = SetCa(der->ca); if (der->caSz == 0) return CA_TRUE_E; + + der->extensionsSz += der->caSz; } else der->caSz = 0; - /* extensions, just CA now */ - if (cert->isCA) { - der->extensionsSz = SetExtensions(der->extensions, - der->ca, der->caSz, FALSE); - if (der->extensionsSz == 0) - return EXTENSIONS_E; +#ifdef WOLFSSL_CERT_EXT + /* SKID */ + if (cert->skidSz) { + /* check the provided SKID size */ + if (cert->skidSz > (int)sizeof(der->skid)) + return SKID_E; + + der->skidSz = SetSKID(der->skid, cert->skid, cert->skidSz); + if (der->skidSz == 0) + return SKID_E; + + der->extensionsSz += der->skidSz; } else - der->extensionsSz = 0; + der->skidSz = 0; + + /* Key Usage */ + if (cert->keyUsage != 0){ + der->keyUsageSz = SetKeyUsage(der->keyUsage, cert->keyUsage); + if (der->keyUsageSz == 0) + return KEYUSAGE_E; + + der->extensionsSz += der->keyUsageSz; + } + else + der->keyUsageSz = 0; +#endif /* WOLFSSL_CERT_EXT */ + + /* put extensions */ + if (der->extensionsSz > 0) { + int ret; + + /* put the start of sequence (ID, Size) */ + der->extensionsSz = SetSequence(der->extensionsSz, der->extensions); + if (der->extensionsSz == 0) + return EXTENSIONS_E; + + /* put CA */ + if (der->caSz) { + ret = SetExtensions(der->extensions, &der->extensionsSz, + der->ca, der->caSz); + if (ret == 0) + return EXTENSIONS_E; + } + +#ifdef WOLFSSL_CERT_EXT + /* put SKID */ + if (der->skidSz) { + ret = SetExtensions(der->extensions, &der->extensionsSz, + der->skid, der->skidSz); + if (ret == 0) + return EXTENSIONS_E; + } + + /* put AKID */ + if (der->akidSz) { + ret = SetExtensions(der->extensions, &der->extensionsSz, + der->akid, der->akidSz); + if (ret == 0) + return EXTENSIONS_E; + } + + /* put KeyUsage */ + if (der->keyUsageSz) { + ret = SetExtensions(der->extensions, &der->extensionsSz, + der->keyUsage, der->keyUsageSz); + if (ret == 0) + return EXTENSIONS_E; + } + +#endif /* WOLFSSL_CERT_EXT */ + } der->attribSz = SetReqAttrib(der->attrib, cert->challengePw, der->extensionsSz); @@ -6354,8 +6990,9 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, WC_RNG* rng) { - int ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng); + int ret; + ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng); if (ret < 0) return ret; @@ -6364,6 +7001,321 @@ int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, } +#ifdef WOLFSSL_CERT_EXT + +/* Set KID from RSA or ECC public key */ +static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, + byte *ntruKey, word16 ntruKeySz, int kid_type) +{ + byte *buffer; + int bufferSz, ret; + +#ifndef HAVE_NTRU + (void)ntruKeySz; +#endif + + if (cert == NULL || (rsakey == NULL && eckey == NULL && ntruKey == NULL) || + (rsakey != NULL && eckey != NULL) || + (rsakey != NULL && ntruKey != NULL) || + (ntruKey != NULL && eckey != NULL) || + (kid_type != SKID_TYPE && kid_type != AKID_TYPE)) + return BAD_FUNC_ARG; + + buffer = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (buffer == NULL) + return MEMORY_E; + + /* RSA public key */ + if (rsakey != NULL) + bufferSz = SetRsaPublicKey(buffer, rsakey, 0); +#ifdef HAVE_ECC + /* ECC public key */ + else if (eckey != NULL) + bufferSz = SetEccPublicKey(buffer, eckey, 0); +#endif /* HAVE_ECC */ +#ifdef HAVE_NTRU + /* NTRU public key */ + else if (ntruKey != NULL) { + bufferSz = MAX_PUBLIC_KEY_SZ; + ret = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo( + ntruKeySz, ntruKey, (word16 *)(&bufferSz), buffer); + if (ret != NTRU_OK) + bufferSz = -1; + } +#endif + else + bufferSz = -1; + + if (bufferSz <= 0) { + XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return PUBLIC_KEY_E; + } + + /* Compute SKID by hashing public key */ +#ifdef NO_SHA + if (kid_type == SKID_TYPE) { + ret = wc_Sha256Hash(buffer, bufferSz, cert->skid); + cert->skidSz = SHA256_DIGEST_SIZE; + } + else if (kid_type == AKID_TYPE) { + ret = wc_Sha256Hash(buffer, bufferSz, cert->akid); + cert->akidSz = SHA256_DIGEST_SIZE; + } + else + ret = BAD_FUNC_ARG; +#else /* NO_SHA */ + if (kid_type == SKID_TYPE) { + ret = wc_ShaHash(buffer, bufferSz, cert->skid); + cert->skidSz = SHA_DIGEST_SIZE; + } + else if (kid_type == AKID_TYPE) { + ret = wc_ShaHash(buffer, bufferSz, cert->akid); + cert->akidSz = SHA_DIGEST_SIZE; + } + else + ret = BAD_FUNC_ARG; +#endif /* NO_SHA */ + + XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} + +/* Set SKID from RSA or ECC public key */ +int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey) +{ + return SetKeyIdFromPublicKey(cert, rsakey, eckey, NULL, 0, SKID_TYPE); +} + +#ifdef HAVE_NTRU +/* Set SKID from NTRU public key */ +int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, + byte *ntruKey, word16 ntruKeySz) +{ + return SetKeyIdFromPublicKey(cert, NULL,NULL,ntruKey, ntruKeySz, SKID_TYPE); +} +#endif + +/* Set SKID from RSA or ECC public key */ +int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey) +{ + return SetKeyIdFromPublicKey(cert, rsakey, eckey, NULL, 0, AKID_TYPE); +} + + +/* Set SKID from public key file in PEM */ +int wc_SetSubjectKeyId(Cert *cert, const char* file) +{ + int ret, derSz; + byte* der; + word32 idx; + RsaKey *rsakey = NULL; + ecc_key *eckey = NULL; + + if (cert == NULL || file == NULL) + return BAD_FUNC_ARG; + + der = (byte*)XMALLOC(MAX_PUBLIC_KEY_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + WOLFSSL_MSG("wc_SetSubjectKeyId memory Problem"); + return MEMORY_E; + } + + derSz = wolfSSL_PemPubKeyToDer(file, der, MAX_PUBLIC_KEY_SZ); + if (derSz <= 0) + { + XFREE(der, NULL, DYNAMIC_TYPE_CERT); + return derSz; + } + + /* Load PubKey in internal structure */ + rsakey = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); + if (rsakey == NULL) { + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + + if (wc_InitRsaKey(rsakey, NULL) != 0) { + WOLFSSL_MSG("wc_InitRsaKey failure"); + XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + + idx = 0; + ret = wc_RsaPublicKeyDecode(der, &idx, rsakey, derSz); + if (ret != 0) { + WOLFSSL_MSG("wc_RsaPublicKeyDecode failed"); + wc_FreeRsaKey(rsakey); + XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA); + rsakey = NULL; + + /* Check to load ecc public key */ + eckey = (ecc_key*) XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC); + if (eckey == NULL) { + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + + if (wc_ecc_init(eckey) != 0) { + WOLFSSL_MSG("wc_ecc_init failure"); + wc_ecc_free(eckey); + XFREE(eckey, NULL, DYNAMIC_TYPE_ECC); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + + idx = 0; + ret = wc_EccPublicKeyDecode(der, &idx, eckey, derSz); + if (ret != 0) { + WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wc_ecc_free(eckey); + return PUBLIC_KEY_E; + } + } + + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + ret = wc_SetSubjectKeyIdFromPublicKey(cert, rsakey, eckey); + + wc_FreeRsaKey(rsakey); + XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA); + wc_ecc_free(eckey); + XFREE(eckey, NULL, DYNAMIC_TYPE_ECC); + + return ret; +} + +/* Set AKID from certificate contains in buffer (DER encoded) */ +int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz) +{ + int ret; + +#ifdef WOLFSSL_SMALL_STACK + DecodedCert* decoded; +#else + DecodedCert decoded[1]; +#endif + + if (cert == NULL || der == NULL || derSz <= 0) + return BAD_FUNC_ARG; + +#ifdef WOLFSSL_SMALL_STACK + decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), + NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (decoded == NULL) + return MEMORY_E; +#endif + + /* decode certificate and get SKID that will be AKID of current cert */ + InitDecodedCert(decoded, (byte*)der, derSz, 0); + ret = ParseCert(decoded, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(decoded); + return ret; + } + + /* Subject Key Id not found !! */ + if (decoded->extSubjKeyIdSet == 0) { + FreeDecodedCert(decoded); + return ASN_NO_SKID; + } + + /* SKID invalid size */ + if (sizeof(cert->akid) < sizeof(decoded->extSubjKeyId)) { + FreeDecodedCert(decoded); + return MEMORY_E; + } + + /* Put the SKID of CA to AKID of certificate */ + XMEMCPY(cert->akid, decoded->extSubjKeyId, KEYID_SIZE); + cert->akidSz = KEYID_SIZE; + + FreeDecodedCert(decoded); + return 0; +} + +/* Set AKID from certificate file in PEM */ +int wc_SetAuthKeyId(Cert *cert, const char* file) +{ + int ret; + int derSz; + byte* der; + + if (cert == NULL || file == NULL) + return BAD_FUNC_ARG; + + der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT); + if (der == NULL) { + WOLFSSL_MSG("wc_SetAuthKeyId OOF Problem"); + return MEMORY_E; + } + + derSz = wolfSSL_PemCertToDer(file, der, EIGHTK_BUF); + if (derSz <= 0) + { + XFREE(der, NULL, DYNAMIC_TYPE_CERT); + return derSz; + } + + ret = wc_SetAuthKeyIdFromCert(cert, der, derSz); + XFREE(der, NULL, DYNAMIC_TYPE_CERT); + + return ret; +} + +/* Set KeyUsage from human readale string */ +int wc_SetKeyUsage(Cert *cert, const char *value) +{ + char *token, *str; + word32 len; + + if (cert == NULL || value == NULL) + return BAD_FUNC_ARG; + + cert->keyUsage = 0; + + str = (char *)XMALLOC(XSTRLEN(value)+1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (str == NULL) + return MEMORY_E; + + XMEMSET(str, 0, XSTRLEN(value)+1); + XSTRNCPY(str, value, XSTRLEN(value)); + + /* parse value, and set corresponding Key Usage value */ + while ((token = strsep(&str, ",")) != NULL) + { + len = (word32)XSTRLEN(token); + + if (!XSTRNCASECMP(token, "digitalSignature", len)) + cert->keyUsage |= KEYUSE_DIGITAL_SIG; + else if (!XSTRNCASECMP(token, "nonRepudiation", len) || + !XSTRNCASECMP(token, "contentCommitment", len)) + cert->keyUsage |= KEYUSE_CONTENT_COMMIT; + else if (!XSTRNCASECMP(token, "keyEncipherment", len)) + cert->keyUsage |= KEYUSE_KEY_ENCIPHER; + else if (!XSTRNCASECMP(token, "dataEncipherment", len)) + cert->keyUsage |= KEYUSE_DATA_ENCIPHER; + else if (!XSTRNCASECMP(token, "keyAgreement", len)) + cert->keyUsage |= KEYUSE_KEY_AGREE; + else if (!XSTRNCASECMP(token, "keyCertSign", len)) + cert->keyUsage |= KEYUSE_KEY_CERT_SIGN; + else if (!XSTRNCASECMP(token, "cRLSign", len)) + cert->keyUsage |= KEYUSE_CRL_SIGN; + else if (!XSTRNCASECMP(token, "encipherOnly", len)) + cert->keyUsage |= KEYUSE_ENCIPHER_ONLY; + else if (!XSTRNCASECMP(token, "decipherOnly", len)) + cert->keyUsage |= KEYUSE_DECIPHER_ONLY; + else + return KEYUSAGE_E; + } + + XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return 0; +} +#endif /* WOLFSSL_CERT_EXT */ + + #ifdef WOLFSSL_ALT_NAMES /* Set Alt Names from der cert, return 0 on success */ @@ -6918,6 +7870,70 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, return ret; } +int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, + ecc_key* key, word32 inSz) +{ + int length; + int ret = 0; + + if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) + return BAD_FUNC_ARG; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + +#if defined(OPENSSL_EXTRA) + { + byte b = input[*inOutIdx]; + if (b != ASN_INTEGER) { + /* not from decoded cert, will have algo id, skip past */ + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + b = input[(*inOutIdx)++]; + if (b != ASN_OBJECT_ID) + return ASN_OBJECT_ID_E; + + if (GetLength(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + *inOutIdx += length; /* skip past */ + + /* ecc params information */ + b = input[(*inOutIdx)++]; + if (b != ASN_OBJECT_ID) + return ASN_OBJECT_ID_E; + + if (GetLength(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + *inOutIdx += length; /* skip past */ + + /* key header */ + b = input[*inOutIdx]; + *inOutIdx += 1; + + if (b != ASN_BIT_STRING) + ret = ASN_BITSTR_E; + else if (GetLength(input, inOutIdx, &length, inSz) < 0) + ret = ASN_PARSE_E; + else { + b = input[*inOutIdx]; + *inOutIdx += 1; + + if (b != 0x00) + ret = ASN_EXPECT_0_E; + } + } + } /* openssl var block */ +#endif /* OPENSSL_EXTRA */ + + if (wc_ecc_import_x963(input+*inOutIdx, inSz - *inOutIdx, key) != 0) + return ASN_ECC_KEY_E; + + return ret; +} + #ifdef WOLFSSL_KEY_GEN diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ec4ef607e..454935498 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -208,7 +208,9 @@ int pbkdf2_test(void); int pkcs7enveloped_test(void); int pkcs7signed_test(void); #endif - +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) +int certext_test(void); +#endif /* General big buffer size for many tests. */ #define FOURK_BUF 4096 @@ -267,6 +269,17 @@ int wolfcrypt_test(void* args) #endif /* USE_FAST_MATH */ #endif /* !NO_BIG_INT */ + if ( (ret = rsa_test()) != 0) + return err_sys("RSA EXT test failed!\n", ret); + else + printf( "RSA EXT test passed!\n"); + +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) + if ( (ret = certext_test()) != 0) + return err_sys("CERT EXT test failed!\n", ret); + else + printf( "CERT EXT test passed!\n"); +#endif #ifndef NO_MD5 if ( (ret = md5_test()) != 0) @@ -3300,17 +3313,27 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) #endif /* HAVE_NTRU */ + #ifndef NO_RSA #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) #ifdef FREESCALE_MQX static const char* clientKey = "a:\\certs\\client-key.der"; static const char* clientCert = "a:\\certs\\client-cert.der"; + #ifdef WOLFSSL_CERT_EXT + static const char* clientKeyPub = "a:\\certs\\client-keyPub.der"; + #endif #ifdef WOLFSSL_CERT_GEN static const char* caKeyFile = "a:\\certs\\ca-key.der"; + #ifdef WOLFSSL_CERT_EXT + static const char* caKeyPubFile = "a:\\certs\\ca-keyPub.der"; + #endif static const char* caCertFile = "a:\\certs\\ca-cert.pem"; #ifdef HAVE_ECC static const char* eccCaKeyFile = "a:\\certs\\ecc-key.der"; + #ifdef WOLFSSL_CERT_EXT + static const char* eccCaKeyPubFile = "a:\\certs\\ecc-keyPub.der"; + #endif static const char* eccCaCertFile = "a:\\certs\\server-ecc.pem"; #endif #endif @@ -3319,13 +3342,25 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) static char* clientCert = "certs/client-cert.der"; void set_clientKey(char *key) { clientKey = key ; } void set_clientCert(char *cert) { clientCert = cert ; } + #ifdef WOLFSSL_CERT_EXT + static const char* clientKeyPub = "certs/client-keyPub.der"; + void set_clientKeyPub(char *key) { clientKeyPub = key ; } + #endif #ifdef WOLFSSL_CERT_GEN static char* caKeyFile = "certs/ca-key.der"; + #ifdef WOLFSSL_CERT_EXT + static const char* caKeyPubFile = "certs/ca-keyPub.der"; + void set_caKeyPubFile (char * key) { caKeyPubFile = key ; } + #endif static char* caCertFile = "certs/ca-cert.pem"; void set_caKeyFile (char * key) { caKeyFile = key ; } void set_caCertFile(char * cert) { caCertFile = cert ; } #ifdef HAVE_ECC static const char* eccCaKeyFile = "certs/ecc-key.der"; + #ifdef WOLFSSL_CERT_EXT + static const char* eccCaKeyPubFile = "certs/ecc-keyPub.der"; + void set_eccCaKeyPubFile(char * key) { eccCaKeyPubFile = key ; } + #endif static const char* eccCaCertFile = "certs/server-ecc.pem"; void set_eccCaKeyFile (char * key) { eccCaKeyFile = key ; } void set_eccCaCertFile(char * cert) { eccCaCertFile = cert ; } @@ -3334,11 +3369,17 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) #else static const char* clientKey = "./certs/client-key.der"; static const char* clientCert = "./certs/client-cert.der"; + #ifdef WOLFSSL_CERT_EXT + static const char* clientKeyPub = "./certs/client-keyPub.der"; + #endif #ifdef WOLFSSL_CERT_GEN static const char* caKeyFile = "./certs/ca-key.der"; static const char* caCertFile = "./certs/ca-cert.pem"; #ifdef HAVE_ECC static const char* eccCaKeyFile = "./certs/ecc-key.der"; + #ifdef WOLFSSL_CERT_EXT + static const char* eccCaKeyPubFile = "./certs/ecc-keyPub.der"; + #endif static const char* eccCaCertFile = "./certs/server-ecc.pem"; #endif #endif @@ -3346,11 +3387,200 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) #endif +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) +int certext_test(void) +{ + DecodedCert cert; + byte* tmp; + size_t bytes; + FILE *file; + int ret; + + /* created from rsa_test : othercert.der */ + byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" + "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; + + /* created from rsa_test : othercert.der */ + byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED" + "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5"; + + /* created from rsa_test : certecc.der */ + byte akid_ecc[] = "\x5D\x5D\x26\xEF\xAC\x7E\x36\xF9\x9B\x76" + "\x15\x2B\x4A\x25\x02\x23\xEF\xB2\x89\x30"; + + /* created from rsa_test : cert.der */ + byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" + "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; + + tmp = (byte*)malloc(FOURK_BUF); + if (tmp == NULL) + return -200; + + /* load othercert.pem (Cert signed by an authority) */ +#ifdef FREESCALE_MQX + file = fopen("a:\\certs\\othercert.der", "rb"); +#else + file = fopen("./othercert.der", "rb"); +#endif + if (!file) { + free(tmp); + return -200; + } + + bytes = fread(tmp, 1, FOURK_BUF, file); + fclose(file); + + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); + printf("ret = %d\n", ret); + if (ret != 0) + return -201; + + /* check the SKID from a RSA certificate */ + if (XMEMCMP(skid_rsa, cert.extSubjKeyId, cert.extSubjKeyIdSz)) + return -202; + + /* check the AKID from an RSA certificate */ + if (XMEMCMP(akid_rsa, cert.extAuthKeyId, cert.extAuthKeyIdSz)) + return -203; + + /* check the Key Usage from an RSA certificate */ + if (!cert.extKeyUsageSet) + return -204; + + if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE)) + return -205; + + /* check the CA Basic Constraints from an RSA certificate */ + if (cert.isCA) + return -206; + + /* check the Certificate Policies Id */ + if (cert.extCertPoliciesNb != 1) + return -227; + + if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) + return -228; + + FreeDecodedCert(&cert); + + + /* load certecc.pem (Cert signed by an authority) */ +#ifdef FREESCALE_MQX + file = fopen("a:\\certs\\certecc.der", "rb"); +#else + file = fopen("./certecc.der", "rb"); +#endif + if (!file) { + free(tmp); + return -210; + } + + bytes = fread(tmp, 1, FOURK_BUF, file); + fclose(file); + + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) + return -211; + + /* check the SKID from a ECC certificate */ + if (XMEMCMP(skid_rsa, cert.extSubjKeyId, cert.extSubjKeyIdSz)) + return -212; + + /* check the AKID from an ECC certificate */ + if (XMEMCMP(akid_ecc, cert.extAuthKeyId, cert.extAuthKeyIdSz)) + return -213; + + /* check the Key Usage from an ECC certificate */ + if (!cert.extKeyUsageSet) + return -214; + + if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT)) + return -215; + + /* check the CA Basic Constraints from an ECC certificate */ + if (cert.isCA) + return -216; + + /* check the Certificate Policies Id */ + if (cert.extCertPoliciesNb != 2) + return -217; + + if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32)) + return -218; + + if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22)) + return -219; + + FreeDecodedCert(&cert); + + /* load cert.pem (self signed certificate) */ +#ifdef FREESCALE_MQX + file = fopen("a:\\certs\\cert.der", "rb"); +#else + file = fopen("./cert.der", "rb"); +#endif + if (!file) { + free(tmp); + return -220; + } + + bytes = fread(tmp, 1, FOURK_BUF, file); + fclose(file); + + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) + return -221; + + /* check the SKID from a CA certificate */ + if (XMEMCMP(kid_ca, cert.extSubjKeyId, cert.extSubjKeyIdSz)) + return -222; + + /* check the AKID from an CA certificate */ + if (XMEMCMP(kid_ca, cert.extAuthKeyId, cert.extAuthKeyIdSz)) + return -223; + + /* check the Key Usage from CA certificate */ + if (!cert.extKeyUsageSet) + return -224; + + if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN)) + return -225; + + /* check the CA Basic Constraints CA certificate */ + if (!cert.isCA) + return -226; + + /* check the Certificate Policies Id */ + if (cert.extCertPoliciesNb != 2) + return -227; + + if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) + return -228; + + if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25)) + return -229; + + FreeDecodedCert(&cert); + + return 0; +} +#endif /* defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) */ + + int rsa_test(void) { byte* tmp; size_t bytes; RsaKey key; +#ifdef WOLFSSL_CERT_EXT + RsaKey keypub; +#endif WC_RNG rng; word32 idx = 0; int ret; @@ -3359,7 +3589,7 @@ int rsa_test(void) byte out[256]; byte plain[256]; #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - FILE* file, * file2; + FILE *file, *file2; #endif #ifdef WOLFSSL_TEST_CERT DecodedCert cert; @@ -3473,6 +3703,42 @@ int rsa_test(void) (void)bytes; #endif +#ifdef WOLFSSL_CERT_EXT + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); + bytes = sizeof_client_keypub_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); + bytes = sizeof_client_keypub_der_2048; +#else + file = fopen(clientKeyPub, "rb"); + if (!file) { + err_sys("can't open ./certs/client-keyPub.der, " + "Please run from wolfSSL home dir", -40); + free(tmp); + return -50; + } + + bytes = fread(tmp, 1, FOURK_BUF, file); + fclose(file); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(&keypub, 0); + if (ret != 0) { + free(tmp); + return -51; + } + idx = 0; + + ret = wc_RsaPublicKeyDecode(tmp, &idx, &keypub, (word32)bytes); + if (ret != 0) { + free(tmp); + wc_FreeRsaKey(&keypub); + return -52; + } +#endif /* WOLFSSL_CERT_EXT */ + #ifdef WOLFSSL_KEY_GEN { byte* der; @@ -3634,6 +3900,39 @@ int rsa_test(void) myCert.isCA = 1; myCert.sigType = CTC_SHA256wRSA; +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + strncpy(myCert.certPolicies[0], "2.16.840.1.101.3.4.1.42", + CTC_MAX_CERTPOL_SZ); + strncpy(myCert.certPolicies[1], "1.2.840.113549.1.9.16.6.5", + CTC_MAX_CERTPOL_SZ); + myCert.certPoliciesNb = 2; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0) { + free(pem); + free(derCert); + free(tmp); + return -399; + } + + /* add AKID from the Public Key */ + if (wc_SetAuthKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0) { + free(pem); + free(derCert); + free(tmp); + return -399; + } + + /* add Key Usage */ + if (wc_SetKeyUsage(&myCert,"cRLSign,keyCertSign") != 0) { + free(pem); + free(derCert); + free(tmp); + return -400; + } +#endif /* WOLFSSL_CERT_EXT */ + certSz = wc_MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, &rng); if (certSz < 0) { free(derCert); @@ -3775,6 +4074,37 @@ int rsa_test(void) strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE); strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE); +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + strncpy(myCert.certPolicies[0], "2.16.840.1.101.3.4.1.42", + CTC_MAX_CERTPOL_SZ); + myCert.certPoliciesNb =1; + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(&myCert, &key, NULL) != 0) { + free(pem); + free(derCert); + free(tmp); + return -399; + } + + /* add AKID from the CA certificate */ + if (wc_SetAuthKeyId(&myCert, caCertFile) != 0) { + free(pem); + free(derCert); + free(tmp); + return -399; + } + + /* add Key Usage */ + if (wc_SetKeyUsage(&myCert,"keyEncipherment,keyAgreement") != 0) { + free(pem); + free(derCert); + free(tmp); + return -400; + } +#endif /* WOLFSSL_CERT_EXT */ + ret = wc_SetIssuer(&myCert, caCertFile); if (ret < 0) { free(derCert); @@ -3803,7 +4133,6 @@ int rsa_test(void) return -408; } - #ifdef WOLFSSL_TEST_CERT InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); @@ -3887,6 +4216,9 @@ int rsa_test(void) size_t bytes3; word32 idx3 = 0; FILE* file3; +#ifdef WOLFSSL_CERT_EXT + ecc_key caKeyPub; +#endif #ifdef WOLFSSL_TEST_CERT DecodedCert decode; #endif @@ -3935,6 +4267,72 @@ int rsa_test(void) strncpy(myCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE); strncpy(myCert.subject.email, "info@wolfssl.com", CTC_NAME_SIZE); +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + strncpy(myCert.certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", + CTC_MAX_CERTPOL_SZ); + strncpy(myCert.certPolicies[1], "1.2.13025.489.1.113549", + CTC_MAX_CERTPOL_SZ); + myCert.certPoliciesNb = 2; + + + file3 = fopen(eccCaKeyPubFile, "rb"); + if (!file3) { + free(derCert); + free(pem); + free(tmp); + return -5500; + } + + bytes3 = fread(tmp, 1, FOURK_BUF, file3); + fclose(file3); + + wc_ecc_init(&caKeyPub); + if (ret != 0) { + free(derCert); + free(pem); + free(tmp); + return -5501; + } + + idx3 = 0; + ret = wc_EccPublicKeyDecode(tmp, &idx3, &caKeyPub, (word32)bytes3); + if (ret != 0) { + free(derCert); + free(pem); + free(tmp); + wc_ecc_free(&caKeyPub); + return -5502; + } + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(&myCert, &key, NULL) != 0) { + free(pem); + free(derCert); + free(tmp); + wc_ecc_free(&caKeyPub); + return -5503; + } + + /* add AKID from the Public Key */ + if (wc_SetAuthKeyIdFromPublicKey(&myCert, NULL, &caKeyPub) != 0) { + free(pem); + free(derCert); + free(tmp); + wc_ecc_free(&caKeyPub); + return -5504; + } + wc_ecc_free(&caKeyPub); + + /* add Key Usage */ + if (wc_SetKeyUsage(&myCert,"digitalSignature,nonRepudiation") != 0) { + free(pem); + free(derCert); + free(tmp); + return -5505; + } +#endif /* WOLFSSL_CERT_EXT */ + ret = wc_SetIssuer(&myCert, eccCaCertFile); if (ret < 0) { free(pem); @@ -3944,7 +4342,7 @@ int rsa_test(void) return -5405; } - certSz = wc_MakeCert(&myCert, derCert, FOURK_BUF, NULL, &caKey, &rng); + certSz = wc_MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng); if (certSz < 0) { free(pem); free(derCert); @@ -4045,7 +4443,7 @@ int rsa_test(void) FILE* ntruPrivFile; int certSz; int pemSz; - word32 idx3; + word32 idx3 = 0; #ifdef WOLFSSL_TEST_CERT DecodedCert decode; #endif @@ -4144,6 +4542,35 @@ int rsa_test(void) strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE); strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE); +#ifdef WOLFSSL_CERT_EXT + + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromNtruPublicKey(&myCert, public_key, + public_key_len) != 0) { + free(pem); + free(derCert); + free(tmp); + return -496; + } + + /* add AKID from the CA certificate */ + if (wc_SetAuthKeyId(&myCert, caCertFile) != 0) { + free(pem); + free(derCert); + free(tmp); + return -495; + } + + /* add Key Usage */ + if (wc_SetKeyUsage(&myCert,"digitalSignature,nonRepudiation," + "keyEncipherment,keyAgreement") != 0) { + free(pem); + free(derCert); + free(tmp); + return -494; + } +#endif /* WOLFSSL_CERT_EXT */ + ret = wc_SetIssuer(&myCert, caCertFile); if (ret < 0) { free(derCert); @@ -4279,6 +4706,25 @@ int rsa_test(void) strncpy(req.subject.email, "info@yassl.com", CTC_NAME_SIZE); req.sigType = CTC_SHA256wRSA; +#ifdef WOLFSSL_CERT_EXT + /* add SKID from the Public Key */ + if (wc_SetSubjectKeyIdFromPublicKey(&req, &keypub, NULL) != 0) { + free(pem); + free(der); + free(tmp); + return -496; + } + + /* add Key Usage */ + if (wc_SetKeyUsage(&req,"digitalSignature,nonRepudiation," + "keyEncipherment,keyAgreement") != 0) { + free(pem); + free(der); + free(tmp); + return -494; + } +#endif /* WOLFSSL_CERT_EXT */ + derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL); if (derSz < 0) { free(pem); @@ -4352,6 +4798,9 @@ int rsa_test(void) #endif /* WOLFSSL_CERT_GEN */ wc_FreeRsaKey(&key); +#ifdef WOLFSSL_CERT_EXT + wc_FreeRsaKey(&keypub); +#endif #ifdef HAVE_CAVIUM wc_RsaFreeCavium(&key); #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f1c492afa..58fe5dc00 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1069,11 +1069,16 @@ WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version); WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version); WOLFSSL_API int wolfSSL_GetObjectSize(void); /* object size based on build */ WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); -WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*, - int, const char*); -WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int sz, unsigned char*, - int, int); - +WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int, + unsigned char*, int, const char*); +WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int, + unsigned char*, int, int); +#ifdef WOLFSSL_CERT_EXT +WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, + unsigned char* derBuf, int derSz); +WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, + unsigned char*, int); +#endif /* WOLFSSL_CERT_EXT */ typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); typedef void (*CbMissingCRL)(const char* url); typedef int (*CbOCSPIO)(void*, const char*, int, diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 311cad852..b39114fa4 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -172,12 +172,20 @@ enum Misc_ASN { MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ #endif - #ifdef WOLFSSL_ALT_NAMES + #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT) MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, #else MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, #endif /* Max total extensions, id + len + others */ +#endif +#ifdef WOLFSSL_CERT_EXT + MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ + MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ + MAX_OID_SZ = 32, /* Max DER length of OID*/ + MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ + MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ + MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, #endif MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */ @@ -277,17 +285,23 @@ enum VerifyType { VERIFY = 1 }; +#ifdef WOLFSSL_CERT_EXT +enum KeyIdType { + SKID_TYPE = 0, + AKID_TYPE = 1 +}; +#endif /* Key usage extension bits */ -#define KEYUSE_DIGITAL_SIG 0x0100 -#define KEYUSE_CONTENT_COMMIT 0x0080 -#define KEYUSE_KEY_ENCIPHER 0x0040 -#define KEYUSE_DATA_ENCIPHER 0x0020 -#define KEYUSE_KEY_AGREE 0x0010 -#define KEYUSE_KEY_CERT_SIGN 0x0008 -#define KEYUSE_CRL_SIGN 0x0004 -#define KEYUSE_ENCIPHER_ONLY 0x0002 -#define KEYUSE_DECIPHER_ONLY 0x0001 +#define KEYUSE_DIGITAL_SIG 0x0080 +#define KEYUSE_CONTENT_COMMIT 0x0040 +#define KEYUSE_KEY_ENCIPHER 0x0020 +#define KEYUSE_DATA_ENCIPHER 0x0010 +#define KEYUSE_KEY_AGREE 0x0008 +#define KEYUSE_KEY_CERT_SIGN 0x0004 +#define KEYUSE_CRL_SIGN 0x0002 +#define KEYUSE_ENCIPHER_ONLY 0x0001 +#define KEYUSE_DECIPHER_ONLY 0x8000 #define EXTKEYUSE_ANY 0x08 #define EXTKEYUSE_OCSP_SIGN 0x04 @@ -475,6 +489,10 @@ struct DecodedCert { byte extCertPolicyCrit; #endif /* OPENSSL_EXTRA */ #endif /* WOLFSSL_SEP */ +#ifdef WOLFSSL_CERT_EXT + char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; + int extCertPoliciesNb; +#endif /* WOLFSSL_CERT_EXT */ }; extern const char* BEGIN_CERT; @@ -495,6 +513,8 @@ extern const char* BEGIN_EC_PRIV; extern const char* END_EC_PRIV; extern const char* BEGIN_DSA_PRIV; extern const char* END_DSA_PRIV; +extern const char* BEGIN_PUB_KEY; +extern const char* END_PUB_KEY; #ifdef NO_SHA #define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 7aea6f927..2658a6518 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -47,7 +47,10 @@ enum CertType { CERTREQ_TYPE, DSA_TYPE, ECC_TYPE, - RSA_TYPE + RSA_TYPE, + PUBLICKEY_TYPE, + RSA_PUBLICKEY_TYPE, + ECC_PUBLICKEY_TYPE }; @@ -79,10 +82,18 @@ enum Ctc_Encoding { #endif enum Ctc_Misc { - CTC_NAME_SIZE = 64, - CTC_DATE_SIZE = 32, - CTC_MAX_ALT_SIZE = 16384, /* may be huge */ - CTC_SERIAL_SIZE = 8 + CTC_NAME_SIZE = 64, + CTC_DATE_SIZE = 32, + CTC_MAX_ALT_SIZE = 16384, /* may be huge */ + CTC_SERIAL_SIZE = 8, +#ifdef WOLFSSL_CERT_EXT + /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum + * We support only hash */ + CTC_MAX_SKID_SIZE = SHA256_DIGEST_SIZE, + CTC_MAX_AKID_SIZE = SHA256_DIGEST_SIZE, + CTC_MAX_CERTPOL_SZ = 64, + CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */ +#endif /* WOLFSSL_CERT_EXT */ }; typedef struct CertName { @@ -125,6 +136,15 @@ typedef struct Cert { byte afterDate[CTC_DATE_SIZE]; /* after date copy */ int afterDateSz; /* size of copy */ #endif +#ifdef WOLFSSL_CERT_EXT + byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */ + int skidSz; /* SKID size in bytes */ + byte akid[CTC_MAX_AKID_SIZE]; /* Authority Key Identifier */ + int akidSz; /* AKID size in bytes */ + word16 keyUsage; /* Key Usage */ + char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ]; + word16 certPoliciesNb; /* Number of Cert Policy */ +#endif #ifdef WOLFSSL_CERT_REQ char challengePw[CTC_NAME_SIZE]; #endif @@ -168,6 +188,43 @@ WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int); WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int); WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); +#ifdef WOLFSSL_CERT_EXT +WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, + ecc_key *eckey); +WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz); +WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file); +WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, + ecc_key *eckey); +WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file); + +#ifdef HAVE_NTRU +WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey, + word16 ntruKeySz); +#endif + +/* Set the KeyUsage. + * Value is a string separated tokens with ','. Accepted tokens are : + * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign, + * dataEncipherment,keyAgreement,keyEncipherment,encipherOnly and decipherOnly. + * + * nonRepudiation and contentCommitment are for the same usage. + */ +WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value); + +/* encode Certificate Policies, return total bytes written + * each input value must be ITU-T X.690 formatted : a.b.c... + * input must be an array of values with a NULL terminated for the latest + * RFC5280 : non-critical */ +WOLFSSL_API int wc_SetCertificatePolicies(Cert *cert, const char **input); + +/* forward from wolfssl */ +WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, + unsigned char* derBuf, int derSz); +/* forward from wolfssl */ +WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, + unsigned char*, int); +#endif /* WOLFSSL_CERT_EXT */ + #ifdef HAVE_NTRU WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, const byte* ntruKey, word16 keySz, @@ -186,9 +243,13 @@ WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); #ifdef HAVE_ECC /* private key helpers */ - WOLFSSL_API int wc_EccPrivateKeyDecode(const byte* input,word32* inOutIdx, - ecc_key*,word32); + WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*, + ecc_key*, word32); WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen); + + /* public key helper */ + WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*, + ecc_key*, word32); #endif /* DER encode signature */ diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 340d1db75..4e39d77cd 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -155,6 +155,14 @@ enum { SRP_VERIFY_E = -218, /* SRP proof verification failed. */ SRP_BAD_KEY_E = -219, /* SRP bad ephemeral values. */ + ASN_NO_SKID = -220, /* ASN no Subject Key Identifier found */ + ASN_NO_AKID = -221, /* ASN no Authority Key Identifier found */ + ASN_NO_KEYUSAGE = -223, /* ASN no Key Usage found */ + SKID_E = -224, /* setting Subject Key Identifier error */ + AKID_E = -225, /* setting Authority Key Identifier error */ + KEYUSAGE_E = -226, /* Bad Key Usage value */ + CERTPOLICIES_E = -227, /* setting Certificate Policies error */ + MIN_CODE_E = -300 /* errors -101 - -299 */ }; diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 2e604080d..ad519f76d 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -25,6 +25,10 @@ #ifndef WOLFSSL_LOGGING_H #define WOLFSSL_LOGGING_H +#ifdef DEBUG_WOLFSSL +#include +#endif + #include #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 4a1dc31f8..a75dbd62e 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -190,6 +190,7 @@ #ifndef STRING_USER #include + #include /* for snprintf */ char* mystrnstr(const char* s1, const char* s2, unsigned int n); #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) From 25f24ed34fd64d7e099b78b6bdb0f5d0a0099dac Mon Sep 17 00:00:00 2001 From: Ludovic FLAMENT Date: Tue, 8 Sep 2015 08:49:29 +0200 Subject: [PATCH 08/14] fix to build on Fedora 32bits and Windows --- wolfcrypt/src/asn.c | 23 ++++++++++++++++------- wolfcrypt/test/test.c | 25 +++++++++++-------------- wolfssl/ssl.h | 12 ++++++++---- wolfssl/wolfcrypt/asn_public.h | 18 ++++++++++++------ 4 files changed, 47 insertions(+), 31 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 4a7c72b94..fabd3849e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4049,7 +4049,6 @@ static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert) { word32 idx = 0; int length; - byte unusedBits; WOLFSSL_ENTER("DecodeKeyUsage"); if (input[idx++] != ASN_BIT_STRING) { @@ -4062,8 +4061,8 @@ static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert) return ASN_PARSE_E; } - unusedBits = input[idx++]; - length--; + /* pass the unusedBits value */ + idx++; length--; cert->extKeyUsage = (word16)(input[idx]); if (length == 2) @@ -6034,7 +6033,8 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in) nb_val = 0; /* parse value, and set corresponding Policy OID value */ - while ((token = strsep(&str, ".")) != NULL) + token = strtok(str, "."); + while (token != NULL) { val = (word32)atoi(token); @@ -6082,6 +6082,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in) out[idx++] = oid[i--]; } + token = strtok (NULL, "."); nb_val++; } @@ -7244,7 +7245,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) wc_FreeRsaKey(rsakey); XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA); rsakey = NULL; - +#ifdef HAVE_ECC /* Check to load ecc public key */ eckey = (ecc_key*) XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC); if (eckey == NULL) { @@ -7268,6 +7269,10 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) wc_ecc_free(eckey); return PUBLIC_KEY_E; } +#else + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return PUBLIC_KEY_E; +#endif /* HAVE_ECC */ } XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -7276,9 +7281,10 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) wc_FreeRsaKey(rsakey); XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA); +#ifdef HAVE_ECC wc_ecc_free(eckey); XFREE(eckey, NULL, DYNAMIC_TYPE_ECC); - +#endif return ret; } @@ -7379,7 +7385,8 @@ int wc_SetKeyUsage(Cert *cert, const char *value) XSTRNCPY(str, value, XSTRLEN(value)); /* parse value, and set corresponding Key Usage value */ - while ((token = strsep(&str, ",")) != NULL) + token = strtok(str, ","); + while (token != NULL) { len = (word32)XSTRLEN(token); @@ -7404,6 +7411,8 @@ int wc_SetKeyUsage(Cert *cert, const char *value) cert->keyUsage |= KEYUSE_DECIPHER_ONLY; else return KEYUSAGE_E; + + token = strtok(NULL, ","); } XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4aebb8167..3245c6428 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -269,18 +269,6 @@ int wolfcrypt_test(void* args) #endif /* USE_FAST_MATH */ #endif /* !NO_BIG_INT */ - if ( (ret = rsa_test()) != 0) - return err_sys("RSA EXT test failed!\n", ret); - else - printf( "RSA EXT test passed!\n"); - -#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) - if ( (ret = certext_test()) != 0) - return err_sys("CERT EXT test failed!\n", ret); - else - printf( "CERT EXT test passed!\n"); -#endif - #ifndef NO_MD5 if ( (ret = md5_test()) != 0) return err_sys("MD5 test failed!\n", ret); @@ -499,6 +487,13 @@ int wolfcrypt_test(void* args) printf( "RSA test passed!\n"); #endif +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) + if ( (ret = certext_test()) != 0) + return err_sys("CERT EXT test failed!\n", ret); + else + printf( "CERT EXT test passed!\n"); +#endif + #ifndef NO_DH if ( (ret = dh_test()) != 0) return err_sys("DH test failed!\n", ret); @@ -3404,9 +3399,11 @@ int certext_test(void) byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED" "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5"; +#ifdef HAVE_ECC /* created from rsa_test : certecc.der */ byte akid_ecc[] = "\x5D\x5D\x26\xEF\xAC\x7E\x36\xF9\x9B\x76" "\x15\x2B\x4A\x25\x02\x23\xEF\xB2\x89\x30"; +#endif /* created from rsa_test : cert.der */ byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" @@ -3433,7 +3430,6 @@ int certext_test(void) InitDecodedCert(&cert, tmp, (word32)bytes, 0); ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); - printf("ret = %d\n", ret); if (ret != 0) return -201; @@ -3465,7 +3461,7 @@ int certext_test(void) FreeDecodedCert(&cert); - +#ifdef HAVE_ECC /* load certecc.pem (Cert signed by an authority) */ #ifdef FREESCALE_MQX file = fopen("a:\\certs\\certecc.der", "rb"); @@ -3516,6 +3512,7 @@ int certext_test(void) return -219; FreeDecodedCert(&cert); +#endif /* HAVE_ECC */ /* load cert.pem (self signed certificate) */ #ifdef FREESCALE_MQX diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index a7bea9e76..d80c728e0 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1074,11 +1074,15 @@ WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int, WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int, unsigned char*, int, int); #ifdef WOLFSSL_CERT_EXT -WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, - unsigned char* derBuf, int derSz); -WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, - unsigned char*, int); + #ifndef WOLFSSL_PEMPUBKEY_TODER_DEFINED + WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, + unsigned char* derBuf, int derSz); + WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, + unsigned char*, int); + #define WOLFSSL_PEMPUBKEY_TODER_DEFINED + #endif #endif /* WOLFSSL_CERT_EXT */ + typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); typedef void (*CbMissingCRL)(const char* url); typedef int (*CbOCSPIO)(void*, const char*, int, diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 2658a6518..6a1ab73bd 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -217,12 +217,18 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value); * RFC5280 : non-critical */ WOLFSSL_API int wc_SetCertificatePolicies(Cert *cert, const char **input); -/* forward from wolfssl */ -WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, - unsigned char* derBuf, int derSz); -/* forward from wolfssl */ -WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, - unsigned char*, int); +#ifndef WOLFSSL_PEMPUBKEY_TODER_DEFINED + #ifndef NO_FILESYSTEM + /* forward from wolfssl */ + WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, + unsigned char* derBuf, int derSz); + #endif + + /* forward from wolfssl */ + WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, + unsigned char*, int); + #define WOLFSSL_PEMPUBKEY_TODER_DEFINED +#endif /* WOLFSSL_PEMPUBKEY_TODER_DEFINED */ #endif /* WOLFSSL_CERT_EXT */ #ifdef HAVE_NTRU From 108679970a2611875bce4895921e7ddf330cf51c Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 8 Sep 2015 16:44:13 -0700 Subject: [PATCH 09/14] allow cert_ext to work w/o openssl extra --- configure.ac | 2 +- wolfcrypt/src/asn.c | 2 +- wolfssl/wolfcrypt/settings.h | 10 ++++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index d094b0fa2..7bf8e1922 100644 --- a/configure.ac +++ b/configure.ac @@ -647,7 +647,7 @@ AC_ARG_ENABLE([certext], if test "$ENABLED_CERTEXT" = "yes" then - if test "$ENABLED_CERTEXT" = "no" + if test "$ENABLED_CERTGEN" = "no" then AC_MSG_ERROR([cannot enable certext without enabling certgen.]) fi diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index fabd3849e..d24b9bcda 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7987,7 +7987,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) || defined(ECC_DECODE_EXTRA) { byte b = input[*inOutIdx]; if (b != ASN_INTEGER) { diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 488627ede..1421b73fc 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -952,6 +952,16 @@ static char *fgets(char *buff, int sz, FILE *fp) #endif #endif +/* Certificate Request Extensions needs decode extras */ +#ifdef WOLFSSL_CERT_EXT + #ifndef RSA_DECODE_EXTRA + #define RSA_DECODE_EXTRA + #endif + #ifndef ECC_DECODE_EXTRA + #define ECC_DECODE_EXTRA + #endif +#endif + /* Place any other flags or defines here */ From 5654d4beeef3b6439f16628c05450496f8289adb Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 11 Sep 2015 14:04:40 -0700 Subject: [PATCH 10/14] fix no_filesystem with certext --- wolfcrypt/src/asn.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index d24b9bcda..a889dc956 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7199,6 +7199,8 @@ int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey) } +#ifndef NO_FILESYSTEM + /* Set SKID from public key file in PEM */ int wc_SetSubjectKeyId(Cert *cert, const char* file) { @@ -7288,6 +7290,8 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) return ret; } +#endif /* NO_FILESYSTEM */ + /* Set AKID from certificate contains in buffer (DER encoded) */ int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz) { @@ -7337,6 +7341,9 @@ int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz) return 0; } + +#ifndef NO_FILESYSTEM + /* Set AKID from certificate file in PEM */ int wc_SetAuthKeyId(Cert *cert, const char* file) { @@ -7366,6 +7373,8 @@ int wc_SetAuthKeyId(Cert *cert, const char* file) return ret; } +#endif /* NO_FILESYSTEM */ + /* Set KeyUsage from human readale string */ int wc_SetKeyUsage(Cert *cert, const char *value) { From 088467d312cca5586be611222968979417161ead Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 11 Sep 2015 14:10:11 -0700 Subject: [PATCH 11/14] fix autoconf with new certext files --- certs/1024/include.am | 1 + certs/include.am | 2 ++ 2 files changed, 3 insertions(+) diff --git a/certs/1024/include.am b/certs/1024/include.am index c96849783..eeeb93bd3 100644 --- a/certs/1024/include.am +++ b/certs/1024/include.am @@ -11,6 +11,7 @@ EXTRA_DIST += \ EXTRA_DIST += \ certs/1024/client-cert.der \ certs/1024/client-key.der \ + certs/1024/client-keyPub.der \ certs/1024/dh1024.der \ certs/1024/dsa1024.der \ certs/1024/rsa1024.der diff --git a/certs/include.am b/certs/include.am index a5e1ae2cc..53bb31e27 100644 --- a/certs/include.am +++ b/certs/include.am @@ -33,10 +33,12 @@ EXTRA_DIST += \ certs/ca-cert.der \ certs/client-cert.der \ certs/client-key.der \ + certs/client-keyPub.der \ certs/dh2048.der \ certs/rsa2048.der \ certs/dsa2048.der \ certs/ecc-key.der \ + certs/ecc-keyPub.der \ certs/server-key.der \ certs/server-cert.der From c0f15b9326cc8c24cd8e71ab63a95cfc659e373e Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 11 Sep 2015 14:12:27 -0700 Subject: [PATCH 12/14] DEBUG_WOLFSSL can't assume C standard headers, fix --- wolfssl/wolfcrypt/logging.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index ad519f76d..2e604080d 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -25,10 +25,6 @@ #ifndef WOLFSSL_LOGGING_H #define WOLFSSL_LOGGING_H -#ifdef DEBUG_WOLFSSL -#include -#endif - #include #ifdef __cplusplus From 29270d88a40d5c6f643234f92520dc43037c1740 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 11 Sep 2015 15:13:47 -0700 Subject: [PATCH 13/14] remove another stdio.h assumption, breaks NO_FILESYSTEM --- wolfssl/wolfcrypt/types.h | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index dada779b5..4c24c6008 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -189,9 +189,24 @@ #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) #endif + #ifdef WOLFSSL_CERT_EXT + /* need snprintf for now, but breaks NO_FILESYSTEM w/ stdio.h + * TODO: will be fixed shortly */ + #ifndef SNPRINTF_USER + #ifdef NO_FILESYSTEM + #error "cert gen extensions don't support no filesystem for now" + #endif + #include /* for snprintf */ + #ifndef USE_WINDOWS_API + #define XSNPRINTF snprintf + #else + #define XSNPRINTF _snprintf + #endif + #endif + #endif + #ifndef STRING_USER #include - #include /* for snprintf */ char* mystrnstr(const char* s1, const char* s2, unsigned int n); #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) @@ -209,10 +224,8 @@ #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) #ifndef USE_WINDOWS_API #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) - #define XSNPRINTF snprintf #else #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) - #define XSNPRINTF _snprintf #endif #endif From 989f5ffb242faa185340268f2abb4892ffe1f6a5 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 11 Sep 2015 15:49:55 -0700 Subject: [PATCH 14/14] handle gmtime failures --- wolfcrypt/src/asn.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index a889dc956..b7e7031c4 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2585,6 +2585,11 @@ int ValidateDate(const byte* date, byte format, int dateType) localTime = XGMTIME(<ime, tmpTime); + if (localTime == NULL) { + WOLFSSL_MSG("XGMTIME failed"); + return 0; + } + if (dateType == BEFORE) { if (DateLessThan(localTime, &certTime)) return 0; @@ -5634,7 +5639,8 @@ static void RebuildTime(time_t* in, struct tm* out) } -/* Set Date validity from now until now + daysValid */ +/* Set Date validity from now until now + daysValid + * return size in bytes written to output, 0 on error */ static int SetValidity(byte* output, int daysValid) { byte before[MAX_DATE_SIZE]; @@ -5661,6 +5667,11 @@ static int SetValidity(byte* output, int daysValid) ticks = XTIME(0); now = XGMTIME(&ticks, tmpTime); + if (now == NULL) { + WOLFSSL_MSG("XGMTIME failed"); + return 0; /* error */ + } + /* before now */ local = *now; before[0] = ASN_GENERALIZED_TIME;