wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 04:12:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add Curve448, X448, Ed448 implementations

Browse Source
This commit is contained in:
Sean Parkinson
2020-02-19 18:07:45 +10:00
parent c7a2510d97
commit 2c6eb7cb39
79 changed files with 24343 additions and 2390 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
examples/client/client.c
View File

@@ -229,12 +229,14 @@ static void ShowVersions(void)
}
#ifdef WOLFSSL_TLS13
static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519)
static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
int useX448)
{
int groups[3] = {0};
int count = 0;
(void)useX25519;
(void)useX448;
WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
@@ -245,6 +247,14 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519)
err_sys("unable to use curve x25519");
}
else
#endif
#ifdef HAVE_CURVE448
if (useX448) {
groups[count++] = WOLFSSL_ECC_X448;
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448) != WOLFSSL_SUCCESS)
err_sys("unable to use curve x448");
}
else
#endif
{
#ifdef HAVE_ECC
@@ -342,7 +352,7 @@ static const char* client_bench_conmsg[][5] = {
static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519,
int helloRetry, int onlyKeyShare, int version, int earlyData)
int useX448, int helloRetry, int onlyKeyShare, int version, int earlyData)
{
/* time passed in number of connects give average */
int times = benchmark, skip = times * 0.1;
@@ -362,6 +372,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
(void)resumeSession;
(void)useX25519;
(void)useX448;
(void)helloRetry;
(void)onlyKeyShare;
(void)version;
@@ -391,7 +402,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
#ifdef WOLFSSL_TLS13
else if (version >= 4) {
if (!helloRetry)
SetKeyShare(ssl, onlyKeyShare, useX25519);
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448);
else
wolfSSL_NoKeyShares(ssl);
}
@@ -470,7 +481,8 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
/* Measures throughput in kbps. Throughput = number of bytes */
static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
int dtlsUDP, int dtlsSCTP, int block, size_t throughput, int useX25519)
int dtlsUDP, int dtlsSCTP, int block, size_t throughput, int useX25519,
int useX448)
{
double start, conn_time = 0, tx_time = 0, rx_time = 0;
SOCKET_T sockfd;
@@ -488,6 +500,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
}
(void)useX25519;
(void)useX448;
#ifdef WOLFSSL_TLS13
#ifdef HAVE_CURVE25519
if (useX25519) {
@@ -497,6 +510,14 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
}
}
#endif
#ifdef HAVE_CURVE448
if (useX448) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve x448");
}
}
#endif
#endif
do {
@@ -1000,6 +1021,9 @@ static const char* client_usage_msg[][59] = {
#endif
#ifdef HAVE_TRUSTED_CA
"-5 Use Trusted CA Key Indication\n", /* 62 */
#endif
#ifdef HAVE_CURVE448
"-8 Use X448 for key exchange\n", /* 65 */
#endif
NULL,
},
@@ -1162,6 +1186,9 @@ static const char* client_usage_msg[][59] = {
#endif
#ifdef HAVE_TRUSTED_CA
"-5 信頼できる認証局の鍵表示を使用する\n", /* 62 */
#endif
#ifdef HAVE_CURVE448
"-8 Use X448 for key exchange\n", /* 65 */
#endif
NULL,
},
@@ -1319,6 +1346,9 @@ static void Usage(void)
#ifdef HAVE_TRUSTED_CA
printf("%s", msg[++msgid]); /* -5 */
#endif
#ifdef HAVE_CURVE448
printf("%s", msg[++msgid]); /* -8 */
#endif
}
THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
@@ -1446,6 +1476,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
char* ocspUrl = NULL;
#endif
int useX25519 = 0;
int useX448 = 0;
int exitWithRet = 0;
int loadCertKeyIntoSSLObj = 0;
@@ -1493,6 +1524,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
verifyCert = caEdCertFile;
ourCert = cliEdCertFile;
ourKey = cliEdKeyFile;
#elif defined(HAVE_ED448)
verifyCert = caEd448CertFile;
ourCert = cliEd448CertFile;
ourKey = cliEd448KeyFile;
#else
verifyCert = NULL;
ourCert = NULL;
@@ -1521,6 +1556,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void)updateKeysIVs;
(void)earlyData;
(void)useX25519;
(void)useX448;
(void)helloRetry;
(void)onlyKeyShare;
(void)useSupCurve;
@@ -1533,7 +1569,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
while ((ch = mygetopt(argc, argv, "?:"
"ab:c:defgh:ijk:l:mnop:q:rstuv:wxyz"
"A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
"01:23:45")) != -1) {
"01:23:458")) != -1) {
switch (ch) {
case '?' :
if(myoptarg!=NULL) {
@@ -1971,6 +2007,18 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif /* HAVE_TRUSTED_CA */
break;
case '8' :
#ifdef HAVE_CURVE448
useX448 = 1;
#ifdef HAVE_ECC
useSupCurve = 1;
#ifdef WOLFSSL_TLS13
onlyKeyShare = 2;
#endif
#endif
#endif
break;
default:
Usage();
XEXIT_T(MY_EX_USAGE);
@@ -2216,7 +2264,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519)
#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
!defined(HAVE_ED448)
if (!usePsk) {
usePsk = 1;
}
@@ -2465,6 +2514,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
}
#endif /* HAVE_CURVE25519 */
#if defined(HAVE_CURVE448)
if (useX448) {
if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X448)
!= WOLFSSL_SUCCESS) {
err_sys("unable to support X448");
}
}
#endif /* HAVE_CURVE448 */
#ifdef HAVE_ECC
if (useSupCurve) {
#if !defined(NO_ECC_SECP) && \
@@ -2506,8 +2563,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
((func_args*)args)->return_code =
ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
benchmark, resumeSession, useX25519,
helloRetry, onlyKeyShare, version,
earlyData);
useX448, helloRetry, onlyKeyShare,
version, earlyData);
wolfSSL_CTX_free(ctx); ctx = NULL;
XEXIT_T(EXIT_SUCCESS);
}
@@ -2515,7 +2572,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (throughput) {
((func_args*)args)->return_code =
ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
block, throughput, useX25519);
block, throughput, useX25519, useX448);
wolfSSL_CTX_free(ctx); ctx = NULL;
XEXIT_T(EXIT_SUCCESS);
}
@@ -2621,6 +2678,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
}
#endif
#ifdef HAVE_CURVE448
if (useX448) {
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve x448");
}
}
#endif
#ifdef HAVE_ECC
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)

6
examples/echoclient/echoclient.c
View File

@@ -107,7 +107,8 @@ void echoclient_test(void* args)
doPSK = 1;
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519)
#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
!defined(HAVE_ED448)
doPSK = 1;
#endif
@@ -137,6 +138,9 @@ void echoclient_test(void* args)
#elif defined(HAVE_ED25519)
if (SSL_CTX_load_verify_locations(ctx, caEdCertFile, 0) != WOLFSSL_SUCCESS)
err_sys("can't load ca file, Please run from wolfSSL home dir");
#elif defined(HAVE_ED448)
if (SSL_CTX_load_verify_locations(ctx, caEd448CertFile, 0) != WOLFSSL_SUCCESS)
err_sys("can't load ca file, Please run from wolfSSL home dir");
#endif
#elif !defined(NO_CERTS)
if (!doPSK)

15
examples/echoserver/echoserver.c
View File

@@ -108,8 +108,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
doDTLS = 1;
#endif
#if (defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519)) || \
defined(CYASSL_LEANPSK)
#if (defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
!defined(HAVE_ED448)) || defined(CYASSL_LEANPSK)
doPSK = 1;
#else
doPSK = 0;
@@ -193,6 +193,17 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
!= WOLFSSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from wolfSSL home dir");
#elif defined(HAVE_ED448) && !defined(CYASSL_SNIFFER)
/* ed448 */
if (CyaSSL_CTX_use_certificate_chain_file(ctx, ed448CertFile)
!= WOLFSSL_SUCCESS)
err_sys("can't load server cert file, "
"Please run from wolfSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from wolfSSL home dir");
#elif defined(NO_CERTS)
/* do nothing, just don't load cert files */
#else

45
examples/server/server.c
View File

@@ -631,6 +631,9 @@ static const char* server_usage_msg[][49] = {
"\n 0: English, 1: Japanese\n", /* 49 */
#ifdef HAVE_TRUSTED_CA
"-5 Use Trusted CA Key Indication\n", /* 52 */
#endif
#ifdef HAVE_CURVE448
"-8 Pre-generate Key share using Curve448 only\n", /* 55 */
#endif
NULL,
},
@@ -750,6 +753,9 @@ static const char* server_usage_msg[][49] = {
"\n 0: 英語、 1: 日本語\n", /* 49 */
#ifdef HAVE_TRUSTED_CA
"-5 信頼できる認証局の鍵表示を使用する\n", /* 52 */
#endif
#ifdef HAVE_CURVE448
"-8 Pre-generate Key share using Curve448 only\n", /* 55 */
#endif
NULL,
},
@@ -870,6 +876,9 @@ static void Usage(void)
#ifdef HAVE_TRUSTED_CA
printf("%s", msg[++msgId]); /* -5 */
#endif /* HAVE_TRUSTED_CA */
#ifdef HAVE_CURVE448
printf("%s", msg[++msgId]); /* -8 */
#endif
}
THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
@@ -1013,6 +1022,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
int noTicket = 0;
#endif
int useX25519 = 0;
int useX448 = 0;
int exitWithRet = 0;
int loadCertKeyIntoSSLObj = 0;
@@ -1035,6 +1045,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
verifyCert = cliEdCertFile;
ourCert = edCertFile;
ourKey = edKeyFile;
#elif defined(HAVE_ED448)
verifyCert = cliEd448CertFile;
ourCert = ed448CertFile;
ourKey = ed448KeyFile;
#else
verifyCert = NULL;
ourCert = NULL;
@@ -1074,7 +1088,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
while ((ch = mygetopt(argc, argv, "?:"
"abc:defgijk:l:mnop:q:rstuv:wxy"
"A:B:C:D:E:GH:IJKL:MNO:PQR:S:TUVYZ:"
"01:23:4:5")) != -1) {
"01:23:4:58")) != -1) {
switch (ch) {
case '?' :
if(myoptarg!=NULL) {
@@ -1455,6 +1469,15 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#endif /* HAVE_TRUSTED_CA */
break;
case '8' :
#ifdef HAVE_CURVE448
useX448 = 1;
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
onlyKeyShare = 2;
#endif
#endif
break;
default:
Usage();
XEXIT_T(MY_EX_USAGE);
@@ -1611,7 +1634,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
#endif
#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519)
#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
!defined(HAVE_ED448)
if (!usePsk) {
usePsk = 1;
}
@@ -2028,8 +2052,20 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
#endif
}
else
{
else if (useX448 == 1) {
#ifdef HAVE_CURVE448
int groups[1] = { WOLFSSL_ECC_X448 };
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve x448");
}
if (wolfSSL_set_groups(ssl, groups, 1) != WOLFSSL_SUCCESS) {
err_sys("unable to set groups: x448");
}
#endif
}
else {
#ifdef HAVE_ECC
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
int groups[1] = { WOLFSSL_ECC_SECP256R1 };
@@ -2458,6 +2494,7 @@ exit:
(void) ourDhParam;
(void) ourCert;
(void) useX25519;
(void) useX448;
#ifdef HAVE_SECURE_RENEGOTIATION
(void) forceScr;
#endif