diff --git a/.gitignore b/.gitignore index 9bcf512de..1d8b7f5bd 100644 --- a/.gitignore +++ b/.gitignore @@ -75,3 +75,5 @@ swig/cyassl_wrap.c stamp-h1 clang_output_* internal.plist +cov-int +cyassl.tgz diff --git a/Makefile.am b/Makefile.am index ec4f72093..62a1de399 100644 --- a/Makefile.am +++ b/Makefile.am @@ -34,9 +34,11 @@ EXTRA_DIST+= cyassl-iphone.xcodeproj/project.pbxproj EXTRA_DIST+= cyassl-ntru.sln EXTRA_DIST+= cyassl.sln EXTRA_DIST+= valgrind-error.sh +EXTRA_DIST+= gencertbuf.pl include cyassl/include.am include certs/include.am +include certs/1024/include.am include certs/crl/include.am include doc/include.am include swig/include.am @@ -53,6 +55,13 @@ include testsuite/include.am include tests/include.am include sslSniffer/sslSnifferTest/include.am include rpm/include.am +include mqx/ctaocrypt_test/Sources/include.am +include mqx/cyassl/include.am +include mqx/cyassl_client/Sources/include.am +include mqx/util_lib/Sources/include.am +include mplabx/ctaocrypt_benchmark.X/nbproject/include.am +include mplabx/ctaocrypt_test.X/nbproject/include.am +include mplabx/cyassl.X/nbproject/include.am if USE_VALGRIND TESTS_ENVIRONMENT=./valgrind-error.sh diff --git a/README b/README index 5ae5971f6..c3c335c91 100644 --- a/README +++ b/README @@ -32,18 +32,58 @@ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling SSL_new(); Though it's not recommended. +*** end Notes *** + + +CyaSSL Release 2.5.0 (02/04/2013) + +Release 2.5.0 CyaSSL has bug fixes and new features including: +- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and + Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ +- Microchip PIC32 (MIPS16, MIPS32) support +- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit +- Updated CTaoCrypt benchmark app for embedded systems +- 1024-bit test certs/keys and cert/key buffers +- AES-CCM-8 crypto and cipher suites +- Camellia crypto and cipher suites +- Bumped minimum autoconf version to 2.65, automake version to 1.12 +- Addition of OCSP callbacks +- STM32F2 support with hardware crypto and RNG +- Cavium NITROX support + +CTaoCrypt now has support for the Microchip PIC32 and has been tested with +the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and +MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README +located under the /mplabx directory for more details. + +To add Cavium NITROX support do: + +./configure --with-cavium=/home/user/cavium/software + +pointing to your licensed cavium/software directory. Since Cavium doesn't +build a library we pull in the cavium_common.o file which gives a libtool +warning about the portability of this. Also, if you're using the github source +tree you'll need to remove the -Wredundant-decls warning from the generated +Makefile because the cavium headers don't conform to this warning. Currently +CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto +layer. Support at the SSL level is parital and currently just does AES, 3DES, +and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non +blocking mode. The example client turns on cavium support as does the crypto +test and benchmark. Please see the HAVE_CAVIUM define. -Note 3) CyaSSL is able to use the STM32F2 hardware-based cryptography and random number generator through the STM32F2 Standard Peripheral Library. For necessary defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the STM32F2 Standard Peripheral Library can be found in the following document: http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf -*** end Notes *** +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. -CyaSSL Release 2.4.6 (12/20/2012) + +*************** CyaSSL Release 2.4.6 (12/20/2012) Release 2.4.6 CyaSSL has bug fixes and a few new features including: - ECC into main version diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der new file mode 100644 index 000000000..6b796b638 Binary files /dev/null and b/certs/1024/client-cert.der differ diff --git a/certs/1024/client-cert.pem b/certs/1024/client-cert.pem new file mode 100644 index 000000000..09d603a3d --- /dev/null +++ b/certs/1024/client-cert.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10163970144298616102 (0x8d0dacfec6984526) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com + Validity + Not Before: Jan 18 21:42:49 2013 GMT + Not After : Oct 15 21:42:49 2015 GMT + Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55: + 99:21:f9:c8:ec:b3:6d:48:e5:35:35:75:77:37:ec: + d1:61:90:5f:3e:d9:e4:d5:df:94:ca:c1:a9:d7:19: + da:86:c9:e8:4d:c4:61:36:82:fe:ab:ad:7e:77:25: + bb:8d:11:a5:bc:62:3a:a8:38:cc:39:a2:04:66:b4: + f7:f7:f3:aa:da:4d:02:0e:bb:5e:8d:69:48:dc:77: + c9:28:0e:22:e9:6b:a4:26:ba:4c:e8:c1:fd:4a:6f: + 2b:1f:ef:8a:ae:f6:90:62:e5:64:1e:eb:2b:3c:67: + c8:dc:27:00:f6:91:68:65:a9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC + X509v3 Authority Key Identifier: + keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 72:66:0f:6a:a1:85:95:06:e6:87:1a:ed:2b:da:ed:84:90:89: + a6:31:4d:60:f2:7b:63:0c:dc:9b:44:4c:d6:62:41:24:74:30: + 70:4e:07:10:05:12:5e:14:b3:dd:cf:58:27:93:cf:aa:4f:85: + 2c:35:0e:ff:5b:a8:6b:b5:95:32:d5:cc:73:68:5b:1b:c4:f8: + 89:5e:3d:f8:02:39:32:7d:06:a4:32:e9:b3:ef:62:a0:43:5d: + 4f:fb:ce:3d:08:33:af:3d:7f:12:cb:8a:5a:c2:63:db:3e:dd: + ea:5b:67:10:49:9f:5b:96:1b:4e:5d:bc:4e:9a:7c:1f:ab:56: + 47:4a +-----BEGIN CERTIFICATE----- +MIIC7DCCAlWgAwIBAgIJAI0NrP7GmEUmMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD +VQQGEwJVUzEPMA0GA1UECAwGT3JlZ29uMREwDwYDVQQHDAhQb3J0bGFuZDEOMAwG +A1UECgwFeWFTU0wxFDASBgNVBAsMC1Byb2dyYW1taW5nMRYwFAYDVQQDDA13d3cu +eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMzAx +MTgyMTQyNDlaFw0xNTEwMTUyMTQyNDlaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE +CAwGT3JlZ29uMREwDwYDVQQHDAhQb3J0bGFuZDEOMAwGA1UECgwFeWFTU0wxFDAS +BgNVBAsMC1Byb2dyYW1taW5nMRYwFAYDVQQDDA13d3cueWFzc2wuY29tMR0wGwYJ +KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAvHMOqEnzdKKp7xil2lWZIfnI7LNtSOU1NXV3N+zRYZBfPtnk1d+UysGp +1xnahsnoTcRhNoL+q61+dyW7jRGlvGI6qDjMOaIEZrT39/Oq2k0CDrtejWlI3HfJ +KA4i6WukJrpM6MH9Sm8rH++KrvaQYuVkHusrPGfI3CcA9pFoZakCAwEAAaNQME4w +HQYDVR0OBBYEFIFpD/jf3c80KdVndXGFx3UQaVnsMB8GA1UdIwQYMBaAFIFpD/jf +3c80KdVndXGFx3UQaVnsMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +cmYPaqGFlQbmhxrtK9rthJCJpjFNYPJ7Ywzcm0RM1mJBJHQwcE4HEAUSXhSz3c9Y +J5PPqk+FLDUO/1uoa7WVMtXMc2hbG8T4iV49+AI5Mn0GpDLps+9ioENdT/vOPQgz +rz1/EsuKWsJj2z7d6ltnEEmfW5YbTl28Tpp8H6tWR0o= +-----END CERTIFICATE----- diff --git a/certs/1024/client-key.der b/certs/1024/client-key.der new file mode 100644 index 000000000..1c47c2532 Binary files /dev/null and b/certs/1024/client-key.der differ diff --git a/certs/1024/client-key.pem b/certs/1024/client-key.pem new file mode 100644 index 000000000..79e398cc6 --- /dev/null +++ b/certs/1024/client-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC8cw6oSfN0oqnvGKXaVZkh+cjss21I5TU1dXc37NFhkF8+2eTV +35TKwanXGdqGyehNxGE2gv6rrX53JbuNEaW8YjqoOMw5ogRmtPf386raTQIOu16N +aUjcd8koDiLpa6Qmukzowf1Kbysf74qu9pBi5WQe6ys8Z8jcJwD2kWhlqQIDAQAB +AoGAE5fq6Dh4JaJcBM4NQHwx5cRwzZuCO1gJhjtmX9wxkPFP1dsV3d7XO5WTMRgx +Dl6j1qIacW6BSBxLz9uOeoZhMtz7VcEWbSeSJEWL8bhIsUsdrN7a3Y4vwpH7palu ++Dpq8f1QGO+f58PKeOpW09NyW5bdTgZOOsPZvnK2ZQcHTAECQQD6R9R6fJI8Ve+B +8EEwLaPPjxzmhycFcA3fmDXW8Ys4LyS10IS2eU9xKZRa8GRqrOdyxu1NWZg+Zzrz +dCz5YRdpAkEAwMGCDQzrxi/ckvmdghox6en3S/KChxzuFmrRHRiCcPPAti/28/cd +8YYjyE7rj1aOj/W/8fcrtcw9xlc5DBtUQQJBAJ1+Bd7t9Ley+/wwS1Ud4y8BR5Zp +Bc0OLiy9g2O2q3y3bcpbZKfOvobfO1PeYdIe66X2N+2sq3jZTOdV+9cRmcECQBiY +GCnmHic5cCForAovoXLBIYaVOMZYkKBXnLrjp7EVyN72G8JhI3bvsJ0cRL4TQzln +F8idyvv1RWSLOIIs8oECQDmJ5ZwZVTC6t0iMSBQO9J9+d5dD4bQZNTEjdZw7RK1p +ElbuAGFkFmbTfHQrFbSi/r8IaxpdP5ASsQWGMSnb2eI= +-----END RSA PRIVATE KEY----- diff --git a/certs/1024/dh1024.der b/certs/1024/dh1024.der new file mode 100644 index 000000000..f29e6dc04 Binary files /dev/null and b/certs/1024/dh1024.der differ diff --git a/certs/1024/dh1024.pem b/certs/1024/dh1024.pem new file mode 100644 index 000000000..372f50a12 --- /dev/null +++ b/certs/1024/dh1024.pem @@ -0,0 +1,17 @@ + PKCS#3 DH Parameters: (1024 bit) + prime: + 00:a4:d2:b8:6e:78:f5:d9:ed:2d:7c:dd:b6:16:86: + 5a:4b:05:76:90:dd:66:61:b9:6d:52:a7:1c:af:62: + c6:69:47:7b:39:f2:fb:94:ec:bc:79:ff:24:5e:ef: + 79:bb:59:b2:fc:ca:07:d6:f4:e9:34:f7:e8:38:e7: + d7:33:44:1d:a3:64:76:1a:84:97:54:74:40:84:1f: + 15:fe:7c:25:2a:2b:25:fd:9e:c1:89:33:8c:39:25: + 2b:40:e6:cd:f8:a8:a1:8a:53:c6:47:b2:a0:d7:8f: + eb:2e:60:0a:0d:4b:f8:b4:94:8c:63:0a:ad:c7:10: + ea:c7:a1:b9:9d:f2:a8:37:73 + generator: 2 (0x2) +-----BEGIN DH PARAMETERS----- +MIGHAoGBAKTSuG549dntLXzdthaGWksFdpDdZmG5bVKnHK9ixmlHezny+5TsvHn/ +JF7vebtZsvzKB9b06TT36Djn1zNEHaNkdhqEl1R0QIQfFf58JSorJf2ewYkzjDkl +K0DmzfiooYpTxkeyoNeP6y5gCg1L+LSUjGMKrccQ6sehuZ3yqDdzAgEC +-----END DH PARAMETERS----- diff --git a/certs/1024/dsa1024.der b/certs/1024/dsa1024.der new file mode 100644 index 000000000..65db155bc Binary files /dev/null and b/certs/1024/dsa1024.der differ diff --git a/certs/1024/dsa1024.pem b/certs/1024/dsa1024.pem new file mode 100644 index 000000000..c5bb06759 --- /dev/null +++ b/certs/1024/dsa1024.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQD3S/m7FZjr3d4eTnGIhfK3uuJK2nZAzWlInoN8EfdlMXj1JS33 +t/hSP77YtsX+GBVbudWShryyF3zYsL6gfPLVc3pYj43lSgCZg0rAnhYJoRA01Rm7 +Y+Pdg3R/EMpzde4xSt2f4AJqne6yS6drKmzHhnfoBBXckrR6KR9Og2OFVQIVANIF +5HP7wZnF3GikjZInPeJSX4mLAoGBAKohAglDbvuiVBSFCvQofMvM2/UeohipId6I +iDOMLuuNo/AdyI/2fvjPEvW0oRFvDNTwBq3E/BRFx5QVvBlLru+Tak/MFNhHizlm +hwLUKAq47gk39ACgBKd5p9I89zRDVo7QfMLYTQ+J7RTBLJxMGZue3FMJn98t8Awn +VDp3FC3eAoGBAOgffLfAVFGnKC1YfN7UXN3VdoQ8NiDAwyXXOjjhVMj9QGgaIVQm +ORS/9qOcXtkr98klugAJy38MSiT9FRYVSM0LUkRAe5BjK5AixRgFgFOvgx9U4rCi +C1qSJOFiKD+3yrmJ1qC3ra4F4cFZQO1KG2ine/vDIIHvS/NpkbDOOrA4AhQlODuh +GXXfm/VyU0854RzsE4SCGA== +-----END DSA PRIVATE KEY----- diff --git a/certs/1024/include.am b/certs/1024/include.am new file mode 100644 index 000000000..c96849783 --- /dev/null +++ b/certs/1024/include.am @@ -0,0 +1,17 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + certs/1024/client-cert.pem \ + certs/1024/client-key.pem \ + certs/1024/dh1024.pem \ + certs/1024/dsa1024.pem + +EXTRA_DIST += \ + certs/1024/client-cert.der \ + certs/1024/client-key.der \ + certs/1024/dh1024.der \ + certs/1024/dsa1024.der \ + certs/1024/rsa1024.der + diff --git a/certs/1024/rsa1024.der b/certs/1024/rsa1024.der new file mode 100644 index 000000000..173d32bce Binary files /dev/null and b/certs/1024/rsa1024.der differ diff --git a/configure.ac b/configure.ac index b692a1247..a98585ddb 100644 --- a/configure.ac +++ b/configure.ac @@ -1,12 +1,12 @@ # configure.ac # -# Copyright (C) 2006-2012 Sawtooth Consulting Ltd. +# Copyright (C) 2006-2013 wolfSSL Inc. # # This file is part of CyaSSL. # # -AC_INIT([cyassl],[2.4.7],[http://www.yassl.com]) +AC_INIT([cyassl],[2.5.1],[http://www.yassl.com]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) @@ -439,7 +439,7 @@ AC_ARG_ENABLE([sha512], if test "$ENABLED_SHA512" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512" + AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512 -DCYASSL_SHA384" fi if test "$ENABLED_FORTRESS" = "yes" @@ -729,6 +729,7 @@ AS_IF([test "x$ENABLED_SINGLETHREADED" = "xyes"], [ENABLED_EXAMPLES="no"]) AS_IF([test "x$ENABLED_NOFILESYSTEM" = "xyes"], [ENABLED_EXAMPLES="no"]) AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"]) + # LIBZ trylibzdir="" AC_ARG_WITH([libz], @@ -766,6 +767,36 @@ AC_ARG_WITH([libz], ) +# cavium +trycaviumdir="" +AC_ARG_WITH([cavium], + [ --with-cavium=PATH PATH to cavium/software dir ], + [ + AC_MSG_CHECKING([for cavium]) + CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM" + + if test "x$withval" == "xyes" ; then + AC_MSG_ERROR([need a PATH for --with-cavium]) + fi + if test "x$withval" != "xno" ; then + trycaviumdir=$withval + fi + + LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o" + CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include" + + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ]) + + if test "x$cavium_linked" == "xno" ; then + AC_MSG_ERROR([cavium isn't found. + If it's already installed, specify its path using --with-cavium=/dir/]) + fi + AC_MSG_RESULT([yes]) + enable_shared=no + ] +) + + # OPTIMIZE FLAGS if test "$GCC" = "yes" then diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 0b79296b2..05e17f711 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -1,6 +1,6 @@ /* benchmark.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -44,6 +44,16 @@ #include #include +#ifdef HAVE_CAVIUM + #include "cavium_sysdep.h" + #include "cavium_common.h" + #include "cavium_ioctl.h" +#endif +#if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) + /* include test cert and key buffers for use with NO_FILESYSTEM */ + #include +#endif + #ifdef CYASSL_BLAKE2 #include @@ -78,14 +88,47 @@ void bench_eccKeyGen(void); void bench_eccKeyAgree(void); #endif -double current_time(void); +double current_time(int); +#ifdef HAVE_CAVIUM + +static int OpenNitroxDevice(int dma_mode,int dev_id) +{ + Csp1CoreAssignment core_assign; + Uint32 device; + + if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID)) + return -1; + if (Csp1GetDevType(&device)) + return -1; + if (device != NPX_DEVICE) { + if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT, + (Uint32 *)&core_assign)!= 0) + return -1; + } + CspShutdown(CAVIUM_DEV_ID); + + return CspInitialize(dma_mode, dev_id); +} + +#endif + + +/* so embedded projects can pull in tests on their own */ +#ifndef NO_MAIN_DRIVER int main(int argc, char** argv) { (void)argc; (void)argv; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) { + printf("Cavium OpenNitroxDevice failed\n"); + exit(-1); + } +#endif /* HAVE_CAVIUM */ #ifndef NO_AES bench_aes(0); bench_aes(1); @@ -153,8 +196,17 @@ int main(int argc, char** argv) return 0; } -const int megs = 5; /* how many megs to test (en/de)cryption */ -const int times = 100; /* public key iterations */ +#endif /* NO_MAIN_DRIVER */ + +#ifdef BENCH_EMBEDDED +const int numBlocks = 25; /* how many kB/megs to test (en/de)cryption */ +const char blockType[] = "kB"; /* used in printf output */ +const int times = 1; /* public key iterations */ +#else +const int numBlocks = 5; +const char blockType[] = "megs"; +const int times = 100; +#endif const byte key[] = { @@ -172,8 +224,14 @@ const byte iv[] = }; +/* use kB instead of mB for embedded benchmarking */ +#ifdef BENCH_EMBEDDED +byte plain [1024]; +byte cipher[1024]; +#else byte plain [1024*1024]; byte cipher[1024*1024]; +#endif #ifndef NO_AES @@ -183,19 +241,31 @@ void bench_aes(int show) double start, total, persec; int i; - AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION); - start = current_time(); +#ifdef HAVE_CAVIUM + if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) + printf("aes init cavium failed\n"); +#endif - for(i = 0; i < megs; i++) + AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION); + start = current_time(1); + + for(i = 0; i < numBlocks; i++) AesCbcEncrypt(&enc, plain, cipher, sizeof(plain)); - total = current_time() - start; + total = current_time(0) - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif if (show) - printf("AES %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("AES %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); +#ifdef HAVE_CAVIUM + AesFreeCavium(&enc); +#endif } #endif @@ -212,17 +282,22 @@ void bench_aesgcm(void) int i; AesGcmSetKey(&enc, key, 16); - start = current_time(); + start = current_time(1); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) AesGcmEncrypt(&enc, cipher, plain, sizeof(plain), iv, 12, tag, 16, additional, 13); - total = current_time() - start; + total = current_time(0) - start; - persec = 1 / total * megs; - printf("AES-GCM %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + + printf("AES-GCM %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif @@ -235,17 +310,22 @@ void bench_aesccm(void) int i; AesCcmSetKey(&enc, key, 16); - start = current_time(); + start = current_time(1); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) AesCcmEncrypt(&enc, cipher, plain, sizeof(plain), iv, 12, tag, 16, additional, 13); - total = current_time() - start; + total = current_time(0) - start; - persec = 1 / total * megs; - printf("AES-CCM %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + + printf("AES-CCM %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif @@ -258,16 +338,21 @@ void bench_camellia(void) int i; CamelliaSetKey(&cam, key, 16, iv); - start = current_time(); + start = current_time(1); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) CamelliaCbcEncrypt(&cam, plain, cipher, sizeof(plain)); - total = current_time() - start; + total = current_time(0) - start; - persec = 1 / total * megs; - printf("Camellia %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif + + printf("Camellia %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif @@ -279,18 +364,29 @@ void bench_des(void) double start, total, persec; int i; +#ifdef HAVE_CAVIUM + if (Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0) + printf("des3 init cavium failed\n"); +#endif Des3_SetKey(&enc, key, iv, DES_ENCRYPTION); - start = current_time(); + start = current_time(1); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) Des3_CbcEncrypt(&enc, plain, cipher, sizeof(plain)); - total = current_time() - start; + total = current_time(0) - start; - persec = 1 / total * megs; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("3DES %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("3DES %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); +#ifdef HAVE_CAVIUM + Des3_FreeCavium(&enc); +#endif } #endif @@ -302,17 +398,29 @@ void bench_arc4(void) double start, total, persec; int i; - Arc4SetKey(&enc, key, 16); - start = current_time(); +#ifdef HAVE_CAVIUM + if (Arc4InitCavium(&enc, CAVIUM_DEV_ID) != 0) + printf("arc4 init cavium failed\n"); +#endif - for(i = 0; i < megs; i++) + Arc4SetKey(&enc, key, 16); + start = current_time(1); + + for(i = 0; i < numBlocks; i++) Arc4Process(&enc, cipher, plain, sizeof(plain)); - total = current_time() - start; - persec = 1 / total * megs; + total = current_time(0) - start; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("ARC4 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("ARC4 %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); +#ifdef HAVE_CAVIUM + Arc4FreeCavium(&enc); +#endif } #endif @@ -325,16 +433,20 @@ void bench_hc128(void) int i; Hc128_SetKey(&enc, key, iv); - start = current_time(); + start = current_time(1); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) Hc128_Process(&enc, cipher, plain, sizeof(plain)); - total = current_time() - start; - persec = 1 / total * megs; + total = current_time(0) - start; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("HC128 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("HC128 %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif /* HAVE_HC128 */ @@ -347,16 +459,20 @@ void bench_rabbit(void) int i; RabbitSetKey(&enc, key, iv); - start = current_time(); + start = current_time(1); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) RabbitProcess(&enc, cipher, plain, sizeof(plain)); - total = current_time() - start; - persec = 1 / total * megs; + total = current_time(0) - start; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("RABBIT %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("RABBIT %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif /* NO_RABBIT */ @@ -370,18 +486,22 @@ void bench_md5(void) int i; InitMd5(&hash); - start = current_time(); + start = current_time(1); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) Md5Update(&hash, plain, sizeof(plain)); Md5Final(&hash, digest); - total = current_time() - start; - persec = 1 / total * megs; + total = current_time(0) - start; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("MD5 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("MD5 %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif /* NO_MD5 */ @@ -394,18 +514,22 @@ void bench_sha(void) int i; InitSha(&hash); - start = current_time(); + start = current_time(1); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) ShaUpdate(&hash, plain, sizeof(plain)); ShaFinal(&hash, digest); - total = current_time() - start; - persec = 1 / total * megs; + total = current_time(0) - start; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("SHA %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("SHA %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } @@ -418,18 +542,22 @@ void bench_sha256(void) int i; InitSha256(&hash); - start = current_time(); + start = current_time(1); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) Sha256Update(&hash, plain, sizeof(plain)); Sha256Final(&hash, digest); - total = current_time() - start; - persec = 1 / total * megs; + total = current_time(0) - start; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("SHA-256 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("SHA-256 %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif @@ -442,18 +570,22 @@ void bench_sha512(void) int i; InitSha512(&hash); - start = current_time(); + start = current_time(1); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) Sha512Update(&hash, plain, sizeof(plain)); Sha512Final(&hash, digest); - total = current_time() - start; - persec = 1 / total * megs; + total = current_time(0) - start; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("SHA-512 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("SHA-512 %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif @@ -466,18 +598,22 @@ void bench_ripemd(void) int i; InitRipeMd(&hash); - start = current_time(); + start = current_time(1); - for(i = 0; i < megs; i++) + for(i = 0; i < numBlocks; i++) RipeMdUpdate(&hash, plain, sizeof(plain)); RipeMdFinal(&hash, digest); - total = current_time() - start; - persec = 1 / total * megs; + total = current_time(0) - start; + persec = 1 / total * numBlocks; +#ifdef BENCH_EMBEDDED + /* since using kB, convert to MB/s */ + persec = persec / 1024; +#endif - printf("RIPEMD %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total, - persec); + printf("RIPEMD %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks, + blockType, total, persec); } #endif @@ -516,6 +652,7 @@ RNG rng; void bench_rsa(void) { int i; + int ret; byte tmp[3072]; size_t bytes; word32 idx = 0; @@ -526,6 +663,16 @@ void bench_rsa(void) double start, total, each, milliEach; RsaKey rsaKey; + int rsaKeySz = 2048; /* used in printf */ + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, rsa_key_der_1024, sizeof(rsa_key_der_1024)); + bytes = sizeof(rsa_key_der_1024); + rsaKeySz = 1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, rsa_key_der_2048, sizeof(rsa_key_der_2048)); + bytes = sizeof(rsa_key_der_2048); +#else FILE* file = fopen("./certs/rsa2048.der", "rb"); if (!file) { @@ -533,40 +680,58 @@ void bench_rsa(void) "Please run from CyaSSL home dir\n"); return; } - - InitRng(&rng); - bytes = fread(tmp, 1, sizeof(tmp), file); - InitRsaKey(&rsaKey, 0); - bytes = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes); - start = current_time(); + bytes = fread(tmp, 1, sizeof(tmp), file); + fclose(file); +#endif /* USE_CERT_BUFFERS */ + +#ifdef HAVE_CAVIUM + if (RsaInitCavium(&rsaKey, CAVIUM_DEV_ID) != 0) + printf("RSA init cavium failed\n"); +#endif + ret = InitRng(&rng); + if (ret < 0) { + printf("InitRNG failed\n"); + return; + } + InitRsaKey(&rsaKey, 0); + ret = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes); + + start = current_time(1); for (i = 0; i < times; i++) - bytes = RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng); + ret = RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng); - total = current_time() - start; + total = current_time(0) - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ - printf("RSA 2048 encryption took %6.2f milliseconds, avg over %d" - " iterations\n", milliEach, times); + printf("RSA %d encryption took %6.2f milliseconds, avg over %d" + " iterations\n", rsaKeySz, milliEach, times); - start = current_time(); + if (ret < 0) { + printf("Rsa Public Encrypt failed\n"); + return; + } + + start = current_time(1); for (i = 0; i < times; i++) { byte out[512]; /* for up to 4096 bit */ - RsaPrivateDecrypt(enc, (word32)bytes, out, sizeof(out), &rsaKey); + RsaPrivateDecrypt(enc, (word32)ret, out, sizeof(out), &rsaKey); } - total = current_time() - start; + total = current_time(0) - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ - printf("RSA 2048 decryption took %6.2f milliseconds, avg over %d" - " iterations\n", milliEach, times); + printf("RSA %d decryption took %6.2f milliseconds, avg over %d" + " iterations\n", rsaKeySz, milliEach, times); - fclose(file); FreeRsaKey(&rsaKey); +#ifdef HAVE_CAVIUM + RsaFreeCavium(&rsaKey); +#endif } #endif @@ -587,6 +752,16 @@ void bench_dh(void) double start, total, each, milliEach; DhKey dhKey; + int dhKeySz = 2048; /* used in printf */ + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, dh_key_der_1024, sizeof(dh_key_der_1024)); + bytes = sizeof(dh_key_der_1024); + dhKeySz = 1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dh_key_der_2048, sizeof(dh_key_der_2048)); + bytes = sizeof(dh_key_der_2048); +#else FILE* file = fopen("./certs/dh2048.der", "rb"); if (!file) { @@ -596,39 +771,46 @@ void bench_dh(void) } bytes = fread(tmp, 1, sizeof(tmp), file); +#endif /* USE_CERT_BUFFERS */ + InitDhKey(&dhKey); bytes = DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes); if (bytes != 0) { printf("dhekydecode failed, can't benchmark\n"); + #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + fclose(file); + #endif return; } - start = current_time(); + start = current_time(1); for (i = 0; i < times; i++) DhGenerateKeyPair(&dhKey, &rng, priv, &privSz, pub, &pubSz); - total = current_time() - start; + total = current_time(0) - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ - printf("DH 2048 key generation %6.2f milliseconds, avg over %d" - " iterations\n", milliEach, times); + printf("DH %d key generation %6.2f milliseconds, avg over %d" + " iterations\n", dhKeySz, milliEach, times); DhGenerateKeyPair(&dhKey, &rng, priv2, &privSz2, pub2, &pubSz2); - start = current_time(); + start = current_time(1); for (i = 0; i < times; i++) DhAgree(&dhKey, agree, &agreeSz, priv, privSz, pub2, pubSz2); - total = current_time() - start; + total = current_time(0) - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ - printf("DH 2048 key agreement %6.2f milliseconds, avg over %d" - " iterations\n", milliEach, times); + printf("DH %d key agreement %6.2f milliseconds, avg over %d" + " iterations\n", dhKeySz, milliEach, times); +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) fclose(file); +#endif FreeDhKey(&dhKey); } #endif @@ -642,7 +824,7 @@ void bench_rsaKeyGen(void) const int genTimes = 5; /* 1024 bit */ - start = current_time(); + start = current_time(1); for(i = 0; i < genTimes; i++) { InitRsaKey(&genKey, 0); @@ -650,7 +832,7 @@ void bench_rsaKeyGen(void) FreeRsaKey(&genKey); } - total = current_time() - start; + total = current_time(0) - start; each = total / genTimes; /* per second */ milliEach = each * 1000; /* millisconds */ printf("\n"); @@ -658,7 +840,7 @@ void bench_rsaKeyGen(void) " iterations\n", milliEach, genTimes); /* 2048 bit */ - start = current_time(); + start = current_time(1); for(i = 0; i < genTimes; i++) { InitRsaKey(&genKey, 0); @@ -666,7 +848,7 @@ void bench_rsaKeyGen(void) FreeRsaKey(&genKey); } - total = current_time() - start; + total = current_time(0) - start; each = total / genTimes; /* per second */ milliEach = each * 1000; /* millisconds */ printf("RSA 2048 key generation %6.2f milliseconds, avg over %d" @@ -683,14 +865,14 @@ void bench_eccKeyGen(void) const int genTimes = 5; /* 256 bit */ - start = current_time(); + start = current_time(1); for(i = 0; i < genTimes; i++) { ecc_make_key(&rng, 32, &genKey); ecc_free(&genKey); } - total = current_time() - start; + total = current_time(0) - start; each = total / genTimes; /* per second */ milliEach = each * 1000; /* millisconds */ printf("\n"); @@ -703,25 +885,36 @@ void bench_eccKeyAgree(void) { ecc_key genKey, genKey2; double start, total, each, milliEach; - int i; + int i, ret; const int agreeTimes = 5; byte shared[1024]; byte sig[1024]; byte digest[32]; word32 x; - - ecc_make_key(&rng, 32, &genKey); - ecc_make_key(&rng, 32, &genKey2); + + ecc_init(&genKey); + ecc_init(&genKey2); + + ret = ecc_make_key(&rng, 32, &genKey); + if (ret != 0) { + printf("ecc_make_key failed\n"); + return; + } + ret = ecc_make_key(&rng, 32, &genKey2); + if (ret != 0) { + printf("ecc_make_key failed\n"); + return; + } /* 256 bit */ - start = current_time(); + start = current_time(1); for(i = 0; i < agreeTimes; i++) { x = sizeof(shared); ecc_shared_secret(&genKey, &genKey2, shared, &x); } - total = current_time() - start; + total = current_time(0) - start; each = total / agreeTimes; /* per second */ milliEach = each * 1000; /* millisconds */ printf("EC-DHE key agreement %6.2f milliseconds, avg over %d" @@ -732,14 +925,14 @@ void bench_eccKeyAgree(void) digest[i] = i; - start = current_time(); + start = current_time(1); for(i = 0; i < agreeTimes; i++) { x = sizeof(sig); ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &genKey); } - total = current_time() - start; + total = current_time(0) - start; each = total / agreeTimes; /* per second */ milliEach = each * 1000; /* millisconds */ printf("EC-DSA sign time %6.2f milliseconds, avg over %d" @@ -756,8 +949,10 @@ void bench_eccKeyAgree(void) #define WIN32_LEAN_AND_MEAN #include - double current_time() + double current_time(int reset) { + (void)reset; + static int init = 0; static LARGE_INTEGER freq; @@ -773,12 +968,38 @@ void bench_eccKeyAgree(void) return (double)count.QuadPart / freq.QuadPart; } +#elif defined MICROCHIP_PIC32 + + #include + + double current_time(int reset) + { + /* NOTE: core timer tick rate = 40 Mhz, 1 tick = 25 ns */ + + unsigned int ns; + + /* should we reset our timer back to zero? Helps prevent timer + rollover */ + + if (reset) { + WriteCoreTimer(0); + } + + /* get timer in ns */ + ns = ReadCoreTimer() * 25; + + /* return seconds as a double */ + return ( ns / 1000000000.0 ); + } + #else #include - double current_time(void) + double current_time(int reset) { + (void) reset; + struct timeval tv; gettimeofday(&tv, 0); diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index 448ed130c..24b9f0e0d 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -1,6 +1,6 @@ /* aes.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -41,6 +41,15 @@ #endif +#ifdef HAVE_CAVIUM + static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length, + const byte* iv); + static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, + word32 length); + static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, + word32 length); +#endif + #ifdef STM32F2_CRYPTO /* * STM32F2 hardware AES support through the STM32F2 standard peripheral @@ -1349,6 +1358,11 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) return BAD_FUNC_ARG; +#ifdef HAVE_CAVIUM + if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) + return AesCaviumSetKey(aes, userKey, keylen, iv); +#endif + #ifdef CYASSL_AESNI if (checkAESNI == 0) { haveAESNI = Check_CPU_support_AES(); @@ -1661,6 +1675,11 @@ void AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { word32 blocks = sz / AES_BLOCK_SIZE; +#ifdef HAVE_CAVIUM + if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) + return AesCaviumCbcEncrypt(aes, out, in, sz); +#endif + #ifdef CYASSL_AESNI if (haveAESNI) { #ifdef DEBUG_AESNI @@ -1695,6 +1714,11 @@ void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { word32 blocks = sz / AES_BLOCK_SIZE; +#ifdef HAVE_CAVIUM + if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) + return AesCaviumCbcDecrypt(aes, out, in, sz); +#endif + #ifdef CYASSL_AESNI if (haveAESNI) { #ifdef DEBUG_AESNI @@ -2738,5 +2762,122 @@ int AesSetIV(Aes* aes, const byte* iv) } +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze Aes for use with Nitrox device */ +int AesInitCavium(Aes* aes, int devId) +{ + if (aes == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &aes->contextHandle, devId) != 0) + return -1; + + aes->devId = devId; + aes->magic = CYASSL_AES_CAVIUM_MAGIC; + + return 0; +} + + +/* Free Aes from use with Nitrox device */ +void AesFreeCavium(Aes* aes) +{ + if (aes == NULL) + return; + + if (aes->magic != CYASSL_AES_CAVIUM_MAGIC) + return; + + CspFreeContext(CONTEXT_SSL, aes->contextHandle, aes->devId); + aes->magic = 0; +} + + +static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length, + const byte* iv) +{ + if (aes == NULL) + return -1; + + XMEMCPY(aes->key, key, length); /* key still holds key, iv still in reg */ + if (length == 16) + aes->type = AES_128; + else if (length == 24) + aes->type = AES_192; + else if (length == 32) + aes->type = AES_256; + + return AesSetIV(aes, iv); +} + + +static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, + word32 length) +{ + word offset = 0; + word32 requestId; + + while (length > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspEncryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE, + aes->type, slen, (byte*)in + offset, out + offset, + (byte*)aes->reg, (byte*)aes->key, &requestId, + aes->devId) != 0) { + CYASSL_MSG("Bad Cavium Aes Encrypt"); + } + length -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + XMEMCPY(aes->reg, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + } + if (length) { + word16 slen = (word16)length; + if (CspEncryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE, + aes->type, slen, (byte*)in + offset, out + offset, + (byte*)aes->reg, (byte*)aes->key, &requestId, + aes->devId) != 0) { + CYASSL_MSG("Bad Cavium Aes Encrypt"); + } + XMEMCPY(aes->reg, out + offset+length - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + } +} + +static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, + word32 length) +{ + word32 requestId; + word offset = 0; + + while (length > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + if (CspDecryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE, + aes->type, slen, (byte*)in + offset, out + offset, + (byte*)aes->reg, (byte*)aes->key, &requestId, + aes->devId) != 0) { + CYASSL_MSG("Bad Cavium Aes Decrypt"); + } + length -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + } + if (length) { + word16 slen = (word16)length; + XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + if (CspDecryptAes(CAVIUM_BLOCKING, aes->contextHandle, CAVIUM_NO_UPDATE, + aes->type, slen, (byte*)in + offset, out + offset, + (byte*)aes->reg, (byte*)aes->key, &requestId, + aes->devId) != 0) { + CYASSL_MSG("Bad Cavium Aes Decrypt"); + } + XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + } +} + +#endif /* HAVE_CAVIUM */ + #endif /* NO_AES */ diff --git a/ctaocrypt/src/aes_asm.s b/ctaocrypt/src/aes_asm.s index 4aa358619..458db1ae8 100755 --- a/ctaocrypt/src/aes_asm.s +++ b/ctaocrypt/src/aes_asm.s @@ -1,6 +1,6 @@ /* aes_asm.s * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/arc4.c b/ctaocrypt/src/arc4.c index cbb132da8..7c3c2f07a 100644 --- a/ctaocrypt/src/arc4.c +++ b/ctaocrypt/src/arc4.c @@ -1,6 +1,6 @@ /* arc4.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -26,11 +26,23 @@ #include +#ifdef HAVE_CAVIUM + static void Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length); + static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in, + word32 length); +#endif + + void Arc4SetKey(Arc4* arc4, const byte* key, word32 length) { word32 i; word32 keyIndex = 0, stateIndex = 0; +#ifdef HAVE_CAVIUM + if (arc4->magic == CYASSL_ARC4_CAVIUM_MAGIC) + return Arc4CaviumSetKey(arc4, key, length); +#endif + arc4->x = 1; arc4->y = 0; @@ -66,8 +78,16 @@ static INLINE byte MakeByte(word32* x, word32* y, byte* s) void Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length) { - word32 x = arc4->x; - word32 y = arc4->y; + word32 x; + word32 y; + +#ifdef HAVE_CAVIUM + if (arc4->magic == CYASSL_ARC4_CAVIUM_MAGIC) + return Arc4CaviumProcess(arc4, out, in, length); +#endif + + x = arc4->x; + y = arc4->y; while(length--) *out++ = *in++ ^ MakeByte(&x, &y, arc4->state); @@ -76,3 +96,77 @@ void Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length) arc4->y = (byte)y; } + +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze Arc4 for use with Nitrox device */ +int Arc4InitCavium(Arc4* arc4, int devId) +{ + if (arc4 == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &arc4->contextHandle, devId) != 0) + return -1; + + arc4->devId = devId; + arc4->magic = CYASSL_ARC4_CAVIUM_MAGIC; + + return 0; +} + + +/* Free Arc4 from use with Nitrox device */ +void Arc4FreeCavium(Arc4* arc4) +{ + if (arc4 == NULL) + return; + + if (arc4->magic != CYASSL_ARC4_CAVIUM_MAGIC) + return; + + CspFreeContext(CONTEXT_SSL, arc4->contextHandle, arc4->devId); + arc4->magic = 0; +} + + +static void Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length) +{ + word32 requestId; + + if (CspInitializeRc4(CAVIUM_BLOCKING, arc4->contextHandle, length, + (byte*)key, &requestId, arc4->devId) != 0) { + CYASSL_MSG("Bad Cavium Arc4 Init"); + } +} + + +static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in, + word32 length) +{ + word offset = 0; + word32 requestId; + + while (length > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE, + slen, (byte*)in + offset, out + offset, &requestId, + arc4->devId) != 0) { + CYASSL_MSG("Bad Cavium Arc4 Encrypt"); + } + length -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + } + if (length) { + word16 slen = (word16)length; + if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE, + slen, (byte*)in + offset, out + offset, &requestId, + arc4->devId) != 0) { + CYASSL_MSG("Bad Cavium Arc4 Encrypt"); + } + } +} + +#endif /* HAVE_CAVIUM */ diff --git a/ctaocrypt/src/asm.c b/ctaocrypt/src/asm.c index d33418afe..ba1d4a716 100644 --- a/ctaocrypt/src/asm.c +++ b/ctaocrypt/src/asm.c @@ -1,6 +1,6 @@ /* asm.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 96cba9cd4..fb19e214c 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1,6 +1,6 @@ /* asn.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -531,11 +531,78 @@ static int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, #ifndef NO_RSA + +#ifdef HAVE_CAVIUM + +static int GetCaviumInt(byte** buff, word16* buffSz, const byte* input, + word32* inOutIdx, word32 maxIdx, void* heap) +{ + word32 i = *inOutIdx; + byte b = input[i++]; + int length; + + if (b != ASN_INTEGER) + return ASN_PARSE_E; + + if (GetLength(input, &i, &length, maxIdx) < 0) + return ASN_PARSE_E; + + if ( (b = input[i++]) == 0x00) + length--; + else + i--; + + *buffSz = (word16)length; + *buff = XMALLOC(*buffSz, heap, DYNAMIC_TYPE_CAVIUM_RSA); + if (*buff == NULL) + return MEMORY_E; + + XMEMCPY(*buff, input + i, *buffSz); + + *inOutIdx = i + length; + return 0; +} + +static int CaviumRsaPrivateKeyDecode(const byte* input, word32* inOutIdx, + RsaKey* key, word32 inSz) +{ + int version, length; + void* h = key->heap; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetMyVersion(input, inOutIdx, &version) < 0) + return ASN_PARSE_E; + + key->type = RSA_PRIVATE; + + if (GetCaviumInt(&key->c_n, &key->c_nSz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_e, &key->c_eSz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_d, &key->c_dSz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_p, &key->c_pSz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_q, &key->c_qSz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_dP, &key->c_dP_Sz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_dQ, &key->c_dQ_Sz, input, inOutIdx, inSz, h) < 0 || + GetCaviumInt(&key->c_u, &key->c_uSz, input, inOutIdx, inSz, h) < 0 ) + return ASN_RSA_KEY_E; + + return 0; +} + + +#endif /* HAVE_CAVIUM */ + int RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, word32 inSz) { int version, length; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return CaviumRsaPrivateKeyDecode(input, inOutIdx, key, inSz); +#endif + if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; @@ -724,6 +791,8 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, ret += PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz, iterations, 8, typeH, 2); } + else + return ALGO_ID_E; if (ret != 0) return ret; @@ -1543,7 +1612,7 @@ static int GetName(DecodedCert* cert, int nameType) } if (email) { - if (14 > (ASN_NAME_MAX - idx)) { + if ( (14 + adv) > (int)(ASN_NAME_MAX - idx)) { CYASSL_MSG("ASN name too big, skipping"); tooBig = TRUE; } @@ -1566,7 +1635,7 @@ static int GetName(DecodedCert* cert, int nameType) } if (uid) { - if (5 > (ASN_NAME_MAX - idx)) { + if ( (5 + adv) > (int)(ASN_NAME_MAX - idx)) { CYASSL_MSG("ASN name too big, skipping"); tooBig = TRUE; } @@ -3355,6 +3424,10 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, RNG* rng, { (void)ntruKey; (void)ntruSz; + + /* init */ + XMEMSET(der, 0, sizeof(DerCert)); + /* version */ der->versionSz = SetMyVersion(cert->version, der->version, TRUE); @@ -4226,7 +4299,8 @@ static int DecodeSingleResponse(byte* source, break; case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED): cs->status = CERT_REVOKED; - GetLength(source, &idx, &length, size); + if (GetLength(source, &idx, &length, size) < 0) + return ASN_PARSE_E; idx += length; break; case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN): diff --git a/ctaocrypt/src/camellia.c b/ctaocrypt/src/camellia.c index 573eb2af3..a56487807 100644 --- a/ctaocrypt/src/camellia.c +++ b/ctaocrypt/src/camellia.c @@ -27,7 +27,7 @@ /* camellia.c * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/coding.c b/ctaocrypt/src/coding.c index 063656ca4..d5afdcbe6 100644 --- a/ctaocrypt/src/coding.c +++ b/ctaocrypt/src/coding.c @@ -1,6 +1,6 @@ /* coding.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index 25a5a690f..12cf4692b 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -1,6 +1,6 @@ /* des3.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -34,6 +34,14 @@ #endif +#ifdef HAVE_CAVIUM + static void Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv); + static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, + word32 length); + static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, + word32 length); +#endif + #ifdef STM32F2_CRYPTO /* * STM32F2 hardware DES/3DES support through the STM32F2 standard @@ -554,6 +562,11 @@ void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) { +#ifdef HAVE_CAVIUM + if (des->magic == CYASSL_3DES_CAVIUM_MAGIC) + return Des3_CaviumSetKey(des, key, iv); +#endif + DesSetKey(key + (dir == DES_ENCRYPTION ? 0 : 16), dir, des->key[0]); DesSetKey(key + 8, Reverse(dir), des->key[1]); DesSetKey(key + (dir == DES_DECRYPTION ? 0 : 16), dir, des->key[2]); @@ -682,8 +695,14 @@ void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) { - word32 blocks = sz / DES_BLOCK_SIZE; + word32 blocks; +#ifdef HAVE_CAVIUM + if (des->magic == CYASSL_3DES_CAVIUM_MAGIC) + return Des3_CaviumCbcEncrypt(des, out, in, sz); +#endif + + blocks = sz / DES_BLOCK_SIZE; while (blocks--) { xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE); Des3ProcessBlock(des, (byte*)des->reg, (byte*)des->reg); @@ -697,8 +716,14 @@ void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) { - word32 blocks = sz / DES_BLOCK_SIZE; + word32 blocks; +#ifdef HAVE_CAVIUM + if (des->magic == CYASSL_3DES_CAVIUM_MAGIC) + return Des3_CaviumCbcDecrypt(des, out, in, sz); +#endif + + blocks = sz / DES_BLOCK_SIZE; while (blocks--) { XMEMCPY(des->tmp, in, DES_BLOCK_SIZE); Des3ProcessBlock(des, (byte*)des->tmp, out); @@ -743,4 +768,116 @@ void Des3_SetIV(Des3* des, const byte* iv) } +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze Des3 for use with Nitrox device */ +int Des3_InitCavium(Des3* des3, int devId) +{ + if (des3 == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &des3->contextHandle, devId) != 0) + return -1; + + des3->devId = devId; + des3->magic = CYASSL_3DES_CAVIUM_MAGIC; + + return 0; +} + + +/* Free Des3 from use with Nitrox device */ +void Des3_FreeCavium(Des3* des3) +{ + if (des3 == NULL) + return; + + if (des3->magic != CYASSL_3DES_CAVIUM_MAGIC) + return; + + CspFreeContext(CONTEXT_SSL, des3->contextHandle, des3->devId); + des3->magic = 0; +} + + +static void Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv) +{ + if (des3 == NULL) + return; + + /* key[0] holds key, iv in reg */ + XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3); + + Des3_SetIV(des3, iv); +} + + +static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, + word32 length) +{ + word offset = 0; + word32 requestId; + + while (length > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in + offset, + out + offset, (byte*)des3->reg, (byte*)des3->key[0], + &requestId, des3->devId) != 0) { + CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt"); + } + length -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + XMEMCPY(des3->reg, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + } + if (length) { + word16 slen = (word16)length; + + if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in + offset, + out + offset, (byte*)des3->reg, (byte*)des3->key[0], + &requestId, des3->devId) != 0) { + CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt"); + } + XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + } +} + +static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, + word32 length) +{ + word32 requestId; + word offset = 0; + + while (length > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset, + (byte*)des3->reg, (byte*)des3->key[0], &requestId, + des3->devId) != 0) { + CYASSL_MSG("Bad Cavium 3Des Decrypt"); + } + length -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE); + } + if (length) { + word16 slen = (word16)length; + XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE,DES_BLOCK_SIZE); + if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle, + CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset, + (byte*)des3->reg, (byte*)des3->key[0], &requestId, + des3->devId) != 0) { + CYASSL_MSG("Bad Cavium 3Des Decrypt"); + } + XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE); + } +} + +#endif /* HAVE_CAVIUM */ + #endif /* NO_DES3 */ diff --git a/ctaocrypt/src/dh.c b/ctaocrypt/src/dh.c index e7c6faa03..ff64543b0 100644 --- a/ctaocrypt/src/dh.c +++ b/ctaocrypt/src/dh.c @@ -1,6 +1,6 @@ /* dh.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/dsa.c b/ctaocrypt/src/dsa.c index 6aded3e3a..d9b0992ed 100644 --- a/ctaocrypt/src/dsa.c +++ b/ctaocrypt/src/dsa.c @@ -1,6 +1,6 @@ /* dsa.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/ecc.c b/ctaocrypt/src/ecc.c index ef35477f2..fc37b66d1 100644 --- a/ctaocrypt/src/ecc.c +++ b/ctaocrypt/src/ecc.c @@ -1,6 +1,6 @@ /* ecc.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c index b4d1eb258..b98db04ca 100644 --- a/ctaocrypt/src/error.c +++ b/ctaocrypt/src/error.c @@ -1,6 +1,6 @@ /* error.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -277,6 +277,10 @@ void CTaoCryptErrorString(int error, char* buffer) XSTRNCPY(buffer, "AES-CCM Authentication check fail", max); break; + case CAVIUM_INIT_E: + XSTRNCPY(buffer, "Cavium Init type error", max); + break; + default: XSTRNCPY(buffer, "unknown error number", max); diff --git a/ctaocrypt/src/fp_mont_small.i b/ctaocrypt/src/fp_mont_small.i index 3b50d6b21..783d8a258 100644 --- a/ctaocrypt/src/fp_mont_small.i +++ b/ctaocrypt/src/fp_mont_small.i @@ -1,6 +1,6 @@ /* fp_mont_small.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_12.i b/ctaocrypt/src/fp_mul_comba_12.i index a7c5871bd..eb3bf16e9 100644 --- a/ctaocrypt/src/fp_mul_comba_12.i +++ b/ctaocrypt/src/fp_mul_comba_12.i @@ -1,6 +1,6 @@ /* fp_mul_comba_12.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_17.i b/ctaocrypt/src/fp_mul_comba_17.i index 3ad0716a6..a6508a58d 100644 --- a/ctaocrypt/src/fp_mul_comba_17.i +++ b/ctaocrypt/src/fp_mul_comba_17.i @@ -1,6 +1,6 @@ /* fp_mul_comba_17.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_20.i b/ctaocrypt/src/fp_mul_comba_20.i index b82e77921..ed7a23bbe 100644 --- a/ctaocrypt/src/fp_mul_comba_20.i +++ b/ctaocrypt/src/fp_mul_comba_20.i @@ -1,6 +1,6 @@ /* fp_mul_comba_20.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_24.i b/ctaocrypt/src/fp_mul_comba_24.i index 42f44b6ec..0664bd50a 100644 --- a/ctaocrypt/src/fp_mul_comba_24.i +++ b/ctaocrypt/src/fp_mul_comba_24.i @@ -1,6 +1,6 @@ /* fp_mul_comba_24.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_28.i b/ctaocrypt/src/fp_mul_comba_28.i index 060bb8a7e..0b047adc1 100644 --- a/ctaocrypt/src/fp_mul_comba_28.i +++ b/ctaocrypt/src/fp_mul_comba_28.i @@ -1,6 +1,6 @@ /* fp_mul_comba_28.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_3.i b/ctaocrypt/src/fp_mul_comba_3.i index 03499c954..77fffae60 100644 --- a/ctaocrypt/src/fp_mul_comba_3.i +++ b/ctaocrypt/src/fp_mul_comba_3.i @@ -1,6 +1,6 @@ /* fp_mul_comba_3.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_32.i b/ctaocrypt/src/fp_mul_comba_32.i index 3ca1fdbb3..1de4f4b8e 100644 --- a/ctaocrypt/src/fp_mul_comba_32.i +++ b/ctaocrypt/src/fp_mul_comba_32.i @@ -1,6 +1,6 @@ /* fp_mul_comba_32.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_4.i b/ctaocrypt/src/fp_mul_comba_4.i index d715937d0..231a0e176 100644 --- a/ctaocrypt/src/fp_mul_comba_4.i +++ b/ctaocrypt/src/fp_mul_comba_4.i @@ -1,6 +1,6 @@ /* fp_mul_comba_4.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_48.i b/ctaocrypt/src/fp_mul_comba_48.i index 4c185698f..0bd73c4e8 100644 --- a/ctaocrypt/src/fp_mul_comba_48.i +++ b/ctaocrypt/src/fp_mul_comba_48.i @@ -1,6 +1,6 @@ /* fp_mul_comba_48.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_6.i b/ctaocrypt/src/fp_mul_comba_6.i index e691e9813..94f3f63c3 100644 --- a/ctaocrypt/src/fp_mul_comba_6.i +++ b/ctaocrypt/src/fp_mul_comba_6.i @@ -1,6 +1,6 @@ /* fp_mul_comba_6.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_64.i b/ctaocrypt/src/fp_mul_comba_64.i index ba0517b13..804391a78 100644 --- a/ctaocrypt/src/fp_mul_comba_64.i +++ b/ctaocrypt/src/fp_mul_comba_64.i @@ -1,6 +1,6 @@ /* fp_mul_comba_64.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_7.i b/ctaocrypt/src/fp_mul_comba_7.i index 46fb97010..0318beb6e 100644 --- a/ctaocrypt/src/fp_mul_comba_7.i +++ b/ctaocrypt/src/fp_mul_comba_7.i @@ -1,6 +1,6 @@ /* fp_mul_comba_7.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_8.i b/ctaocrypt/src/fp_mul_comba_8.i index 987d13edf..cf7459157 100644 --- a/ctaocrypt/src/fp_mul_comba_8.i +++ b/ctaocrypt/src/fp_mul_comba_8.i @@ -1,6 +1,6 @@ /* fp_mul_comba_8.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_9.i b/ctaocrypt/src/fp_mul_comba_9.i index 5b1b3c79b..c84d3bca6 100644 --- a/ctaocrypt/src/fp_mul_comba_9.i +++ b/ctaocrypt/src/fp_mul_comba_9.i @@ -1,6 +1,6 @@ /* fp_mul_comba_9.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_mul_comba_small_set.i b/ctaocrypt/src/fp_mul_comba_small_set.i index db40da73b..b9cd31f95 100644 --- a/ctaocrypt/src/fp_mul_comba_small_set.i +++ b/ctaocrypt/src/fp_mul_comba_small_set.i @@ -1,6 +1,6 @@ /* fp_mul_comba_small_set.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_12.i b/ctaocrypt/src/fp_sqr_comba_12.i index 382ebe271..7ecb7c9e1 100644 --- a/ctaocrypt/src/fp_sqr_comba_12.i +++ b/ctaocrypt/src/fp_sqr_comba_12.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_12.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_17.i b/ctaocrypt/src/fp_sqr_comba_17.i index 153ce878b..fcd4daa5e 100644 --- a/ctaocrypt/src/fp_sqr_comba_17.i +++ b/ctaocrypt/src/fp_sqr_comba_17.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_17.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_20.i b/ctaocrypt/src/fp_sqr_comba_20.i index 34d6593c3..b31ed7f15 100644 --- a/ctaocrypt/src/fp_sqr_comba_20.i +++ b/ctaocrypt/src/fp_sqr_comba_20.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_20.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_24.i b/ctaocrypt/src/fp_sqr_comba_24.i index 35092def4..a99a2bc4b 100644 --- a/ctaocrypt/src/fp_sqr_comba_24.i +++ b/ctaocrypt/src/fp_sqr_comba_24.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_24.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_28.i b/ctaocrypt/src/fp_sqr_comba_28.i index 7164f3946..9c0315af1 100644 --- a/ctaocrypt/src/fp_sqr_comba_28.i +++ b/ctaocrypt/src/fp_sqr_comba_28.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_28.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_3.i b/ctaocrypt/src/fp_sqr_comba_3.i index 6ff9d156b..5d1221c47 100644 --- a/ctaocrypt/src/fp_sqr_comba_3.i +++ b/ctaocrypt/src/fp_sqr_comba_3.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_3.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_32.i b/ctaocrypt/src/fp_sqr_comba_32.i index ada0007d8..e245ba9f9 100644 --- a/ctaocrypt/src/fp_sqr_comba_32.i +++ b/ctaocrypt/src/fp_sqr_comba_32.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_32.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_4.i b/ctaocrypt/src/fp_sqr_comba_4.i index cd19f761b..5233e2883 100644 --- a/ctaocrypt/src/fp_sqr_comba_4.i +++ b/ctaocrypt/src/fp_sqr_comba_4.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_4.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_48.i b/ctaocrypt/src/fp_sqr_comba_48.i index 27dddfe50..77cb92035 100644 --- a/ctaocrypt/src/fp_sqr_comba_48.i +++ b/ctaocrypt/src/fp_sqr_comba_48.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_48.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_6.i b/ctaocrypt/src/fp_sqr_comba_6.i index 695e6d3d0..189f339a4 100644 --- a/ctaocrypt/src/fp_sqr_comba_6.i +++ b/ctaocrypt/src/fp_sqr_comba_6.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_6.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_64.i b/ctaocrypt/src/fp_sqr_comba_64.i index a2fedc8e4..ca9742fd5 100644 --- a/ctaocrypt/src/fp_sqr_comba_64.i +++ b/ctaocrypt/src/fp_sqr_comba_64.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_64.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_7.i b/ctaocrypt/src/fp_sqr_comba_7.i index 1d620fce6..1a0cd2c19 100644 --- a/ctaocrypt/src/fp_sqr_comba_7.i +++ b/ctaocrypt/src/fp_sqr_comba_7.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_7.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_8.i b/ctaocrypt/src/fp_sqr_comba_8.i index 7d7e58f3f..b71feae3b 100644 --- a/ctaocrypt/src/fp_sqr_comba_8.i +++ b/ctaocrypt/src/fp_sqr_comba_8.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_8.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_9.i b/ctaocrypt/src/fp_sqr_comba_9.i index f0b04b645..1db06de22 100644 --- a/ctaocrypt/src/fp_sqr_comba_9.i +++ b/ctaocrypt/src/fp_sqr_comba_9.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_9.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/fp_sqr_comba_small_set.i b/ctaocrypt/src/fp_sqr_comba_small_set.i index 140c4361f..96c06c017 100644 --- a/ctaocrypt/src/fp_sqr_comba_small_set.i +++ b/ctaocrypt/src/fp_sqr_comba_small_set.i @@ -1,6 +1,6 @@ /* fp_sqr_comba_small_set.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/hc128.c b/ctaocrypt/src/hc128.c index 20081fc54..8c3b34369 100644 --- a/ctaocrypt/src/hc128.c +++ b/ctaocrypt/src/hc128.c @@ -1,6 +1,6 @@ /* hc128.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index af69368bf..291c6b70f 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -1,6 +1,6 @@ /* hmac.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -29,6 +29,14 @@ #include +#ifdef HAVE_CAVIUM + static void HmacCaviumFinal(Hmac* hmac, byte* hash); + static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length); + static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key, + word32 length); +#endif + + static int InitHmac(Hmac* hmac, int type) { hmac->innerHashKeyed = 0; @@ -74,6 +82,11 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) byte* op = (byte*) hmac->opad; word32 i, hmac_block_size = SHA_BLOCK_SIZE; +#ifdef HAVE_CAVIUM + if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) + return HmacCaviumSetKey(hmac, type, key, length); +#endif + InitHmac(hmac, type); switch (hmac->macType) { @@ -141,7 +154,8 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) default: break; } - XMEMSET(ip + length, 0, hmac_block_size - length); + if (length < hmac_block_size) + XMEMSET(ip + length, 0, hmac_block_size - length); for(i = 0; i < hmac_block_size; i++) { op[i] = ip[i] ^ OPAD; @@ -187,6 +201,11 @@ static void HmacKeyInnerHash(Hmac* hmac) void HmacUpdate(Hmac* hmac, const byte* msg, word32 length) { +#ifdef HAVE_CAVIUM + if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) + return HmacCaviumUpdate(hmac, msg, length); +#endif + if (!hmac->innerHashKeyed) HmacKeyInnerHash(hmac); @@ -222,6 +241,11 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length) void HmacFinal(Hmac* hmac, byte* hash) { +#ifdef HAVE_CAVIUM + if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) + return HmacCaviumFinal(hmac, hash); +#endif + if (!hmac->innerHashKeyed) HmacKeyInnerHash(hmac); @@ -290,5 +314,115 @@ void HmacFinal(Hmac* hmac, byte* hash) } +#ifdef HAVE_CAVIUM + +/* Initiliaze Hmac for use with Nitrox device */ +int HmacInitCavium(Hmac* hmac, int devId) +{ + if (hmac == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &hmac->contextHandle, devId) != 0) + return -1; + + hmac->keyLen = 0; + hmac->dataLen = 0; + hmac->type = 0; + hmac->devId = devId; + hmac->magic = CYASSL_HMAC_CAVIUM_MAGIC; + hmac->data = NULL; /* buffered input data */ + + hmac->innerHashKeyed = 0; + + return 0; +} + + +/* Free Hmac from use with Nitrox device */ +void HmacFreeCavium(Hmac* hmac) +{ + if (hmac == NULL) + return; + + CspFreeContext(CONTEXT_SSL, hmac->contextHandle, hmac->devId); + hmac->magic = 0; + XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP); + hmac->data = NULL; +} + + +static void HmacCaviumFinal(Hmac* hmac, byte* hash) +{ + word32 requestId; + + if (CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen, + (byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId, + hmac->devId) != 0) { + CYASSL_MSG("Cavium Hmac failed"); + } + hmac->innerHashKeyed = 0; /* tell update to start over if used again */ +} + + +static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length) +{ + word16 add = (word16)length; + word32 total; + byte* tmp; + + if (length > CYASSL_MAX_16BIT) { + CYASSL_MSG("Too big msg for cavium hmac"); + return; + } + + if (hmac->innerHashKeyed == 0) { /* starting new */ + hmac->dataLen = 0; + hmac->innerHashKeyed = 1; + } + + total = add + hmac->dataLen; + if (total > CYASSL_MAX_16BIT) { + CYASSL_MSG("Too big msg for cavium hmac"); + return; + } + + tmp = XMALLOC(hmac->dataLen + add, NULL,DYNAMIC_TYPE_CAVIUM_TMP); + if (tmp == NULL) { + CYASSL_MSG("Out of memory for cavium update"); + return; + } + if (hmac->dataLen) + XMEMCPY(tmp, hmac->data, hmac->dataLen); + XMEMCPY(tmp + hmac->dataLen, msg, add); + + hmac->dataLen += add; + XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP); + hmac->data = tmp; +} + + +static void HmacCaviumSetKey(Hmac* hmac, int type, const byte* key, + word32 length) +{ + hmac->macType = (byte)type; + if (type == MD5) + hmac->type = MD5_TYPE; + else if (type == SHA) + hmac->type = SHA1_TYPE; + else if (type == SHA256) + hmac->type = SHA256_TYPE; + else { + CYASSL_MSG("unsupported cavium hmac type"); + } + + hmac->innerHashKeyed = 0; /* should we key Startup flag */ + + hmac->keyLen = (word16)length; + /* store key in ipad */ + XMEMCPY(hmac->ipad, key, length); +} + +#endif /* HAVE_CAVIUM */ + #endif /* NO_HMAC */ diff --git a/ctaocrypt/src/integer.c b/ctaocrypt/src/integer.c index 000669db5..94d5f944e 100644 --- a/ctaocrypt/src/integer.c +++ b/ctaocrypt/src/integer.c @@ -1,6 +1,6 @@ /* integer.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/logging.c b/ctaocrypt/src/logging.c index 790b0db94..2dfc551b7 100644 --- a/ctaocrypt/src/logging.c +++ b/ctaocrypt/src/logging.c @@ -1,6 +1,6 @@ /* logging.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/md2.c b/ctaocrypt/src/md2.c index 0c1bb9c38..125c0cd1a 100644 --- a/ctaocrypt/src/md2.c +++ b/ctaocrypt/src/md2.c @@ -1,6 +1,6 @@ /* md2.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/md4.c b/ctaocrypt/src/md4.c index e47c43277..d9a3dfc53 100644 --- a/ctaocrypt/src/md4.c +++ b/ctaocrypt/src/md4.c @@ -1,6 +1,6 @@ /* md4.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/md5.c b/ctaocrypt/src/md5.c index 13bee81bd..6009c569b 100644 --- a/ctaocrypt/src/md5.c +++ b/ctaocrypt/src/md5.c @@ -1,6 +1,6 @@ /* md5.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/memory.c b/ctaocrypt/src/memory.c index b98e548ad..a2e5fa883 100644 --- a/ctaocrypt/src/memory.c +++ b/ctaocrypt/src/memory.c @@ -1,6 +1,6 @@ /* memory.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/misc.c b/ctaocrypt/src/misc.c index 60d84de19..653be2f3b 100644 --- a/ctaocrypt/src/misc.c +++ b/ctaocrypt/src/misc.c @@ -1,6 +1,6 @@ /* misc.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index 3e9535ba9..4a791ed14 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -1,6 +1,6 @@ /* pwdbased.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -103,7 +103,11 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, int hLen; int j; Hmac hmac; - byte buffer[INNER_HASH_SIZE]; /* max size */ +#ifdef CYASSL_SHA512 + byte buffer[SHA512_DIGEST_SIZE]; +#else + byte buffer[INNER_HASH_SIZE]; /* max size, doesn't handle 512 yet */ +#endif if (hashType == MD5) { hLen = MD5_DIGEST_SIZE; diff --git a/ctaocrypt/src/rabbit.c b/ctaocrypt/src/rabbit.c index d1ecc3421..ee1b4d664 100644 --- a/ctaocrypt/src/rabbit.c +++ b/ctaocrypt/src/rabbit.c @@ -1,6 +1,6 @@ /* rabbit.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/random.c b/ctaocrypt/src/random.c index 3b0b90d14..ba5092e31 100644 --- a/ctaocrypt/src/random.c +++ b/ctaocrypt/src/random.c @@ -1,6 +1,6 @@ /* random.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -307,8 +307,13 @@ int InitRng(RNG* rng) { byte key[32]; byte junk[256]; + int ret; - int ret = GenerateSeed(&rng->seed, key, sizeof(key)); +#ifdef HAVE_CAVIUM + if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC) + return 0; +#endif + ret = GenerateSeed(&rng->seed, key, sizeof(key)); if (ret == 0) { Arc4SetKey(&rng->cipher, key, sizeof(key)); @@ -318,10 +323,17 @@ int InitRng(RNG* rng) return ret; } +#ifdef HAVE_CAVIUM + static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz); +#endif /* place a generated block in output */ void RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) { +#ifdef HAVE_CAVIUM + if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC) + return CaviumRNG_GenerateBlock(rng, output, sz); +#endif XMEMSET(output, 0, sz); Arc4Process(&rng->cipher, output, output, sz); } @@ -335,6 +347,50 @@ byte RNG_GenerateByte(RNG* rng) return b; } + +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze RNG for use with Nitrox device */ +int InitRngCavium(RNG* rng, int devId) +{ + if (rng == NULL) + return -1; + + rng->devId = devId; + rng->magic = CYASSL_RNG_CAVIUM_MAGIC; + + return 0; +} + + +static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz) +{ + word offset = 0; + word32 requestId; + + while (sz > CYASSL_MAX_16BIT) { + word16 slen = (word16)CYASSL_MAX_16BIT; + if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, + rng->devId) != 0) { + CYASSL_MSG("Cavium RNG failed"); + } + sz -= CYASSL_MAX_16BIT; + offset += CYASSL_MAX_16BIT; + } + if (sz) { + word16 slen = (word16)sz; + if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId, + rng->devId) != 0) { + CYASSL_MSG("Cavium RNG failed"); + } + } +} + +#endif /* HAVE_CAVIUM */ + #endif /* NO_RC4 */ @@ -399,6 +455,25 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } +#elif defined(MICROCHIP_PIC32) + +#include + +/* uses the core timer, in nanoseconds to seed srand */ +int GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int i; + srand(ReadCoreTimer() * 25); + + for (i = 0; i < sz; i++ ) { + output[i] = rand() % 256; + if ( (i % 8) == 7) + srand(ReadCoreTimer() * 25); + } + + return 0; +} + #elif defined(CYASSL_SAFERTOS) || defined(CYASSL_LEANPSK) #warning "write a real random seed!!!!, just for testing now" diff --git a/ctaocrypt/src/ripemd.c b/ctaocrypt/src/ripemd.c index 1cb6ae8f1..6501aac09 100644 --- a/ctaocrypt/src/ripemd.c +++ b/ctaocrypt/src/ripemd.c @@ -1,6 +1,6 @@ /* ripemd.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/rsa.c b/ctaocrypt/src/rsa.c index 06ad74351..9f93253fb 100644 --- a/ctaocrypt/src/rsa.c +++ b/ctaocrypt/src/rsa.c @@ -1,6 +1,6 @@ /* rsa.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -39,6 +39,18 @@ #endif #endif +#ifdef HAVE_CAVIUM + static void InitCaviumRsaKey(RsaKey* key, void* heap); + static void FreeCaviumRsaKey(RsaKey* key); + static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); + static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); + static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); + static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); +#endif enum { RSA_PUBLIC_ENCRYPT = 0, @@ -58,6 +70,11 @@ enum { void InitRsaKey(RsaKey* key, void* heap) { +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return InitCaviumRsaKey(key, heap); +#endif + key->type = -1; /* haven't decided yet */ key->heap = heap; @@ -75,6 +92,12 @@ void InitRsaKey(RsaKey* key, void* heap) void FreeRsaKey(RsaKey* key) { (void)key; + +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return FreeCaviumRsaKey(key); +#endif + /* TomsFastMath doesn't use memory allocation */ #ifndef USE_FAST_MATH if (key->type == RSA_PRIVATE) { @@ -249,8 +272,14 @@ done: int RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, RNG* rng) { - int sz = mp_unsigned_bin_size(&key->n), ret; + int sz, ret; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return CaviumRsaPublicEncrypt(in, inLen, out, outLen, key); +#endif + + sz = mp_unsigned_bin_size(&key->n); if (sz > (int)outLen) return RSA_BUFFER_E; @@ -270,6 +299,15 @@ int RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) { int plainLen, ret; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) { + ret = CaviumRsaPrivateDecrypt(in, inLen, in, inLen, key); + if (ret > 0) + *out = in; + return ret; + } +#endif + if ((ret = RsaFunction(in, inLen, in, &inLen, RSA_PRIVATE_DECRYPT, key)) < 0) { return ret; @@ -288,6 +326,11 @@ int RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, byte* tmp; byte* pad = 0; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return CaviumRsaPrivateDecrypt(in, inLen, out, outLen, key); +#endif + tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); if (tmp == NULL) { return MEMORY_E; @@ -316,6 +359,15 @@ int RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) { int plainLen, ret; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) { + ret = CaviumRsaSSL_Verify(in, inLen, in, inLen, key); + if (ret > 0) + *out = in; + return ret; + } +#endif + if ((ret = RsaFunction(in, inLen, in, &inLen, RSA_PUBLIC_DECRYPT, key)) < 0) { return ret; @@ -334,6 +386,11 @@ int RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, byte* tmp; byte* pad = 0; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return CaviumRsaSSL_Verify(in, inLen, out, outLen, key); +#endif + tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); if (tmp == NULL) { return MEMORY_E; @@ -362,8 +419,14 @@ int RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, int RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, RNG* rng) { - int sz = mp_unsigned_bin_size(&key->n), ret; + int sz, ret; +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return CaviumRsaSSL_Sign(in, inLen, out, outLen, key); +#endif + + sz = mp_unsigned_bin_size(&key->n); if (sz > (int)outLen) return RSA_BUFFER_E; @@ -381,6 +444,10 @@ int RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, int RsaEncryptSize(RsaKey* key) { +#ifdef HAVE_CAVIUM + if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) + return key->c_nSz; +#endif return mp_unsigned_bin_size(&key->n); } @@ -561,4 +628,180 @@ int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) #endif /* CYASSL_KEY_GEN */ + +#ifdef HAVE_CAVIUM + +#include +#include "cavium_common.h" + +/* Initiliaze RSA for use with Nitrox device */ +int RsaInitCavium(RsaKey* rsa, int devId) +{ + if (rsa == NULL) + return -1; + + if (CspAllocContext(CONTEXT_SSL, &rsa->contextHandle, devId) != 0) + return -1; + + rsa->devId = devId; + rsa->magic = CYASSL_RSA_CAVIUM_MAGIC; + + return 0; +} + + +/* Free RSA from use with Nitrox device */ +void RsaFreeCavium(RsaKey* rsa) +{ + if (rsa == NULL) + return; + + CspFreeContext(CONTEXT_SSL, rsa->contextHandle, rsa->devId); + rsa->magic = 0; +} + + +/* Initialize cavium RSA key */ +static void InitCaviumRsaKey(RsaKey* key, void* heap) +{ + if (key == NULL) + return; + + key->heap = heap; + key->type = -1; /* don't know yet */ + + key->c_n = NULL; + key->c_e = NULL; + key->c_d = NULL; + key->c_p = NULL; + key->c_q = NULL; + key->c_dP = NULL; + key->c_dQ = NULL; + key->c_u = NULL; + + key->c_nSz = 0; + key->c_eSz = 0; + key->c_dSz = 0; + key->c_pSz = 0; + key->c_qSz = 0; + key->c_dP_Sz = 0; + key->c_dQ_Sz = 0; + key->c_uSz = 0; +} + + +/* Free cavium RSA key */ +static void FreeCaviumRsaKey(RsaKey* key) +{ + if (key == NULL) + return; + + XFREE(key->c_n, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_e, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_d, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_p, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_q, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_dP, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_dQ, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(key->c_u, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); + + InitCaviumRsaKey(key, key->heap); /* reset pointers */ +} + + +static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + + if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15Enc(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_eSz, + (word16)inLen, key->c_n, key->c_e, (byte*)in, out, + &requestId, key->devId); + if (ret != 0) { + CYASSL_MSG("Cavium Enc BT2 failed"); + return -1; + } + return key->c_nSz; +} + + +static INLINE void ato16(const byte* c, word16* u16) +{ + *u16 = (c[0] << 8) | (c[1]); +} + + +static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + word16 outSz = (word16)outLen; + + if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15CrtDec(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_q, + key->c_dQ, key->c_p, key->c_dP, key->c_u, + (byte*)in, &outSz, out, &requestId, key->devId); + if (ret != 0) { + CYASSL_MSG("Cavium CRT Dec BT2 failed"); + return -1; + } + ato16((const byte*)&outSz, &outSz); + + return outSz; +} + + +static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + + if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen < + (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15CrtEnc(CAVIUM_BLOCKING, BT1, key->c_nSz, (word16)inLen, + key->c_q, key->c_dQ, key->c_p, key->c_dP, key->c_u, + (byte*)in, out, &requestId, key->devId); + if (ret != 0) { + CYASSL_MSG("Cavium CRT Enc BT1 failed"); + return -1; + } + return key->c_nSz; +} + + +static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + word32 requestId; + word32 ret; + word16 outSz = (word16)outLen; + + if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) + return -1; + + ret = CspPkcs1v15Dec(CAVIUM_BLOCKING, BT1, key->c_nSz, key->c_eSz, + key->c_n, key->c_e, (byte*)in, &outSz, out, + &requestId, key->devId); + if (ret != 0) { + CYASSL_MSG("Cavium Dec BT1 failed"); + return -1; + } + outSz = ntohs(outSz); + + return outSz; +} + + +#endif /* HAVE_CAVIUM */ + #endif /* NO_RSA */ diff --git a/ctaocrypt/src/sha.c b/ctaocrypt/src/sha.c index 725760d19..b0b0cc8f1 100644 --- a/ctaocrypt/src/sha.c +++ b/ctaocrypt/src/sha.c @@ -1,6 +1,6 @@ /* sha.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/sha256.c b/ctaocrypt/src/sha256.c index 5290d1d9a..4dd3e11ef 100644 --- a/ctaocrypt/src/sha256.c +++ b/ctaocrypt/src/sha256.c @@ -1,6 +1,6 @@ /* sha256.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/sha512.c b/ctaocrypt/src/sha512.c index f14efecff..f0f10338b 100644 --- a/ctaocrypt/src/sha512.c +++ b/ctaocrypt/src/sha512.c @@ -1,6 +1,6 @@ /* sha512.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/src/tfm.c b/ctaocrypt/src/tfm.c index e6c1af2aa..7dfb24e35 100644 --- a/ctaocrypt/src/tfm.c +++ b/ctaocrypt/src/tfm.c @@ -1,6 +1,6 @@ /* tfm.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index c96baee46..08ef0a1e1 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1,6 +1,6 @@ /* test.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -64,9 +64,19 @@ #include #endif +#if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) + /* include test cert and key buffers for use with NO_FILESYSTEM */ + #include +#endif + #ifdef HAVE_NTRU #include "crypto_ntru.h" #endif +#ifdef HAVE_CAVIUM + #include "cavium_sysdep.h" + #include "cavium_common.h" + #include "cavium_ioctl.h" +#endif #include #ifdef FREESCALE_MQX @@ -149,6 +159,7 @@ typedef struct func_args { } func_args; + void ctaocrypt_test(void* args) { int ret = 0; @@ -165,6 +176,7 @@ void ctaocrypt_test(void* args) #endif /* USE_FAST_MATH */ #endif /* !CYASSL_LEANPSK */ + #ifndef NO_MD5 if ( (ret = md5_test()) ) err_sys("MD5 test failed!\n", ret); @@ -358,21 +370,56 @@ void ctaocrypt_test(void* args) printf( "ECC test passed!\n"); #endif + ((func_args*)args)->return_code = ret; } -/* so overall tests can pull in test function */ #ifndef NO_MAIN_DRIVER +#ifdef HAVE_CAVIUM + +static int OpenNitroxDevice(int dma_mode,int dev_id) +{ + Csp1CoreAssignment core_assign; + Uint32 device; + + if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID)) + return -1; + if (Csp1GetDevType(&device)) + return -1; + if (device != NPX_DEVICE) { + if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT, + (Uint32 *)&core_assign)!= 0) + return -1; + } + CspShutdown(CAVIUM_DEV_ID); + + return CspInitialize(dma_mode, dev_id); +} + +#endif /* HAVE_CAVIUM */ + + /* so overall tests can pull in test function */ + int main(int argc, char** argv) { func_args args; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed", -1236); +#endif /* HAVE_CAVIUM */ + args.argc = argc; args.argv = argv; ctaocrypt_test(&args); + +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif return args.return_code; } @@ -393,45 +440,45 @@ int md2_test() a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69" "\x27\x73"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = MD2_DIGEST_SIZE; b.input = "a"; b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0" "\xb5\xd1"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = MD2_DIGEST_SIZE; c.input = "abc"; c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde" "\xd6\xbb"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = MD2_DIGEST_SIZE; d.input = "message digest"; d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe" "\x06\xb0"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = MD2_DIGEST_SIZE; e.input = "abcdefghijklmnopqrstuvwxyz"; e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47" "\x94\x0b"; e.inLen = strlen(e.input); - e.outLen = strlen(e.output); + e.outLen = MD2_DIGEST_SIZE; f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" "6789"; f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03" "\x38\xcd"; f.inLen = strlen(f.input); - f.outLen = strlen(f.output); + f.outLen = MD2_DIGEST_SIZE; g.input = "1234567890123456789012345678901234567890123456789012345678" "9012345678901234567890"; g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3" "\xef\xd8"; g.inLen = strlen(g.input); - g.outLen = strlen(g.output); + g.outLen = MD2_DIGEST_SIZE; test_md2[0] = a; test_md2[1] = b; @@ -469,33 +516,33 @@ int md5_test(void) a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f" "\x72"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = MD5_DIGEST_SIZE; b.input = "message digest"; b.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61" "\xd0"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = MD5_DIGEST_SIZE; c.input = "abcdefghijklmnopqrstuvwxyz"; c.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1" "\x3b"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = MD5_DIGEST_SIZE; d.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" "6789"; d.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d" "\x9f"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = MD5_DIGEST_SIZE; e.input = "1234567890123456789012345678901234567890123456789012345678" "9012345678901234567890"; e.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" "\x7a"; e.inLen = strlen(e.input); - e.outLen = strlen(e.output); + e.outLen = MD5_DIGEST_SIZE; test_md5[0] = a; test_md5[1] = b; @@ -533,45 +580,45 @@ int md4_test(void) a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89" "\xc0"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = MD4_DIGEST_SIZE; b.input = "a"; b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb" "\x24"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = MD4_DIGEST_SIZE; c.input = "abc"; c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72" "\x9d"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = MD4_DIGEST_SIZE; d.input = "message digest"; d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01" "\x4b"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = MD4_DIGEST_SIZE; e.input = "abcdefghijklmnopqrstuvwxyz"; e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d" "\xa9"; e.inLen = strlen(e.input); - e.outLen = strlen(e.output); + e.outLen = MD4_DIGEST_SIZE; f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" "6789"; f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0" "\xe4"; f.inLen = strlen(f.input); - f.outLen = strlen(f.output); + f.outLen = MD4_DIGEST_SIZE; g.input = "1234567890123456789012345678901234567890123456789012345678" "9012345678901234567890"; g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05" "\x36"; g.inLen = strlen(g.input); - g.outLen = strlen(g.output); + g.outLen = MD4_DIGEST_SIZE; test_md4[0] = a; test_md4[1] = b; @@ -609,20 +656,20 @@ int sha_test(void) a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2" "\x6C\x9C\xD0\xD8\x9D"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA_DIGEST_SIZE; b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; b.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29" "\xE5\xE5\x46\x70\xF1"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA_DIGEST_SIZE; c.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaa"; c.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44" "\x2A\x25\xEC\x64\x4D"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = SHA_DIGEST_SIZE; d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" @@ -630,7 +677,7 @@ int sha_test(void) d.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" "\x53\x99\x5E\x26\xA0"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = SHA_DIGEST_SIZE; test_sha[0] = a; test_sha[1] = b; @@ -665,26 +712,26 @@ int ripemd_test(void) a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6" "\xb0\x87\xf1\x5a\x0b\xfc"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = RIPEMD_DIGEST_SIZE; b.input = "message digest"; b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8" "\x5f\xfa\x21\x59\x5f\x36"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = RIPEMD_DIGEST_SIZE; c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc" "\xf4\x9a\xda\x62\xeb\x2b"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = RIPEMD_DIGEST_SIZE; d.input = "12345678901234567890123456789012345678901234567890123456" "789012345678901234567890"; d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab" "\x82\xbf\x63\x32\x6b\xfb"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = RIPEMD_DIGEST_SIZE; test_ripemd[0] = a; test_ripemd[1] = b; @@ -722,14 +769,14 @@ int sha256_test(void) "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA256_DIGEST_SIZE; b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; b.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" "\x06\xC1"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA256_DIGEST_SIZE; test_sha[0] = a; test_sha[1] = b; @@ -766,7 +813,7 @@ int sha512_test(void) "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" "\xa5\x4c\xa4\x9f"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA512_DIGEST_SIZE; b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; @@ -776,7 +823,7 @@ int sha512_test(void) "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" "\x87\x4b\xe9\x09"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA512_DIGEST_SIZE; test_sha[0] = a; test_sha[1] = b; @@ -812,7 +859,7 @@ int sha384_test(void) "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" "\xc8\x25\xa7"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA384_DIGEST_SIZE; b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; @@ -821,7 +868,7 @@ int sha384_test(void) "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" "\x74\x60\x39"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA384_DIGEST_SIZE; test_sha[0] = a; test_sha[1] = b; @@ -863,13 +910,13 @@ int hmac_md5_test(void) a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" "\x9d"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = MD5_DIGEST_SIZE; b.input = "what do ya want for nothing?"; b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7" "\x38"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = MD5_DIGEST_SIZE; c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" @@ -878,13 +925,19 @@ int hmac_md5_test(void) c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3" "\xf6"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = MD5_DIGEST_SIZE; test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; for (i = 0; i < times; ++i) { +#ifdef HAVE_CAVIUM + if (i == 1) + continue; /* driver can't handle keys <= bytes */ + if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) + return -20009; +#endif HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); @@ -892,6 +945,9 @@ int hmac_md5_test(void) if (memcmp(hash, test_hmac[i].output, MD5_DIGEST_SIZE) != 0) return -20 - i; +#ifdef HAVE_CAVIUM + HmacFreeCavium(&hmac); +#endif } return 0; @@ -922,13 +978,13 @@ int hmac_sha_test(void) a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" "\x8e\xf1\x46\xbe\x00"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA_DIGEST_SIZE; b.input = "what do ya want for nothing?"; b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf" "\x9c\x25\x9a\x7c\x79"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA_DIGEST_SIZE; c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" @@ -937,13 +993,19 @@ int hmac_sha_test(void) c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b" "\x4f\x63\xf1\x75\xd3"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = SHA_DIGEST_SIZE; test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; for (i = 0; i < times; ++i) { +#ifdef HAVE_CAVIUM + if (i == 1) + continue; /* driver can't handle keys <= bytes */ + if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) + return -20010; +#endif HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); @@ -951,6 +1013,9 @@ int hmac_sha_test(void) if (memcmp(hash, test_hmac[i].output, SHA_DIGEST_SIZE) != 0) return -20 - i; +#ifdef HAVE_CAVIUM + HmacFreeCavium(&hmac); +#endif } return 0; @@ -983,14 +1048,14 @@ int hmac_sha256_test(void) "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" "\xcf\xf7"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA256_DIGEST_SIZE; b.input = "what do ya want for nothing?"; b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75" "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec" "\x38\x43"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA256_DIGEST_SIZE; c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" @@ -1000,13 +1065,19 @@ int hmac_sha256_test(void) "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5" "\x65\xfe"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = SHA256_DIGEST_SIZE; test_hmac[0] = a; test_hmac[1] = b; test_hmac[2] = c; for (i = 0; i < times; ++i) { +#ifdef HAVE_CAVIUM + if (i == 1) + continue; /* driver can't handle keys <= bytes */ + if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) + return -20011; +#endif HmacSetKey(&hmac, SHA256, (byte*)keys[i], (word32)strlen(keys[i])); HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); @@ -1014,6 +1085,9 @@ int hmac_sha256_test(void) if (memcmp(hash, test_hmac[i].output, SHA256_DIGEST_SIZE) != 0) return -20 - i; +#ifdef HAVE_CAVIUM + HmacFreeCavium(&hmac); +#endif } return 0; @@ -1047,7 +1121,7 @@ int hmac_sha384_test(void) "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2" "\xfa\x9c\xb6"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = SHA384_DIGEST_SIZE; b.input = "what do ya want for nothing?"; b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b" @@ -1055,7 +1129,7 @@ int hmac_sha384_test(void) "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa" "\xb2\x16\x49"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA384_DIGEST_SIZE; c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" @@ -1066,7 +1140,7 @@ int hmac_sha384_test(void) "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01" "\xa3\x4f\x27"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = SHA384_DIGEST_SIZE; test_hmac[0] = a; test_hmac[1] = b; @@ -1108,23 +1182,23 @@ int arc4_test(void) a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef"; a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96"; - a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.inLen = 8; + a.outLen = 8; b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79"; - b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.inLen = 8; + b.outLen = 8; c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a"; - c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.inLen = 8; + c.outLen = 8; d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61"; - d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.inLen = 10; + d.outLen = 10; test_arc4[0] = a; test_arc4[1] = b; @@ -1134,9 +1208,19 @@ int arc4_test(void) for (i = 0; i < times; ++i) { Arc4 enc; Arc4 dec; + int keylen = 8; /* strlen with key 0x00 not good */ + if (i == 3) + keylen = 4; - Arc4SetKey(&enc, (byte*)keys[i], (word32)strlen(keys[i])); - Arc4SetKey(&dec, (byte*)keys[i], (word32)strlen(keys[i])); +#ifdef HAVE_CAVIUM + if (Arc4InitCavium(&enc, CAVIUM_DEV_ID) != 0) + return -20001; + if (Arc4InitCavium(&dec, CAVIUM_DEV_ID) != 0) + return -20002; +#endif + + Arc4SetKey(&enc, (byte*)keys[i], keylen); + Arc4SetKey(&dec, (byte*)keys[i], keylen); Arc4Process(&enc, cipher, (byte*)test_arc4[i].input, (word32)test_arc4[i].outLen); @@ -1147,6 +1231,11 @@ int arc4_test(void) if (memcmp(cipher, test_arc4[i].output, test_arc4[i].outLen)) return -20 - 5 - i; + +#ifdef HAVE_CAVIUM + Arc4FreeCavium(&enc); + Arc4FreeCavium(&dec); +#endif } return 0; @@ -1184,23 +1273,23 @@ int hc128_test(void) a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48"; - a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.inLen = 8; + a.outLen = 8; b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F"; - b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.inLen = 8; + b.outLen = 8; c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A"; - c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.inLen = 8; + c.outLen = 8; d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29"; - d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.inLen = 15; + d.outLen = 15; test_hc128[0] = a; test_hc128[1] = b; @@ -1262,18 +1351,18 @@ int rabbit_test(void) a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C"; - a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.inLen = 8; + a.outLen = 8; b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0"; - b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.inLen = 8; + b.outLen = 8; c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; c.output = "\x9C\x51\xE2\x87\x84\xC3\x7F\xE9"; - c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.inLen = 8; + c.outLen = 8; test_rabbit[0] = a; test_rabbit[1] = b; @@ -1397,9 +1486,15 @@ int des3_test(void) }; +#ifdef HAVE_CAVIUM + if (Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0) + return -20005; + if (Des3_InitCavium(&dec, CAVIUM_DEV_ID) != 0) + return -20006; +#endif Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); - Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); + Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); if (memcmp(plain, vector, sizeof(plain))) @@ -1408,6 +1503,10 @@ int des3_test(void) if (memcmp(cipher, verify3, sizeof(cipher))) return -34; +#ifdef HAVE_CAVIUM + Des3_FreeCavium(&enc); + Des3_FreeCavium(&dec); +#endif return 0; } #endif /* NO_DES */ @@ -1437,6 +1536,12 @@ int aes_test(void) byte cipher[AES_BLOCK_SIZE * 4]; byte plain [AES_BLOCK_SIZE * 4]; +#ifdef HAVE_CAVIUM + if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) + return -20003; + if (AesInitCavium(&dec, CAVIUM_DEV_ID) != 0) + return -20004; +#endif AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); @@ -1449,6 +1554,10 @@ int aes_test(void) if (memcmp(cipher, verify, AES_BLOCK_SIZE)) return -61; +#ifdef HAVE_CAVIUM + AesFreeCavium(&enc); + AesFreeCavium(&dec); +#endif #ifdef CYASSL_AES_COUNTER { const byte ctrKey[] = @@ -1895,7 +2004,13 @@ int random_test(void) { RNG rng; byte block[32]; - int ret = InitRng(&rng); + int ret; + +#ifdef HAVE_CAVIUM + ret = InitRngCavium(&rng, CAVIUM_DEV_ID); + if (ret != 0) return -2007; +#endif + ret = InitRng(&rng); if (ret != 0) return -39; RNG_GenerateBlock(&rng, block, sizeof(block)); @@ -1947,7 +2062,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) static const char* caKeyFile = "a:\certs\\ca-key.der"; static const char* caCertFile = "a:\certs\\ca-cert.pem"; #endif - #else +#elif !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) static const char* clientKey = "./certs/client-key.der"; static const char* clientCert = "./certs/client-cert.der"; #ifdef CYASSL_CERT_GEN @@ -1970,7 +2085,9 @@ int rsa_test(void) word32 inLen = (word32)strlen((char*)in); byte out[256]; byte plain[256]; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) FILE* file, * file2; +#endif #ifdef CYASSL_TEST_CERT DecodedCert cert; #endif @@ -1979,6 +2096,13 @@ int rsa_test(void) if (tmp == NULL) return -40; +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, sizeof(client_key_der_1024)); + bytes = sizeof(client_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, sizeof(client_key_der_2048)); + bytes = sizeof(client_key_der_2048); +#else file = fopen(clientKey, "rb"); if (!file) @@ -1986,7 +2110,12 @@ int rsa_test(void) "Please run from CyaSSL home dir", -40); bytes = fread(tmp, 1, FOURK_BUF, file); - + fclose(file); +#endif /* USE_CERT_BUFFERS */ + +#ifdef HAVE_CAVIUM + RsaInitCavium(&key, CAVIUM_DEV_ID); +#endif InitRsaKey(&key, 0); ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) return -41; @@ -2011,11 +2140,20 @@ int rsa_test(void) if (memcmp(plain, in, ret)) return -48; +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_cert_der_1024, sizeof(client_cert_der_1024)); + bytes = sizeof(client_cert_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_cert_der_2048, sizeof(client_cert_der_2048)); + bytes = sizeof(client_cert_der_2048); +#else file2 = fopen(clientCert, "rb"); if (!file2) return -49; bytes = fread(tmp, 1, FOURK_BUF, file2); + fclose(file2); +#endif #ifdef CYASSL_TEST_CERT InitDecodedCert(&cert, tmp, (word32)bytes, 0); @@ -2028,8 +2166,6 @@ int rsa_test(void) (void)bytes; #endif - fclose(file2); - fclose(file); #ifdef CYASSL_KEY_GEN { @@ -2356,6 +2492,9 @@ int rsa_test(void) #endif /* CYASSL_CERT_GEN */ FreeRsaKey(&key); +#ifdef HAVE_CAVIUM + RsaFreeCavium(&key); +#endif free(tmp); return 0; @@ -2368,7 +2507,7 @@ int rsa_test(void) #ifdef FREESCALE_MQX static const char* dhKey = "a:\certs\\dh2048.der"; -#else +#elif !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) static const char* dhKey = "./certs/dh2048.der"; #endif @@ -2387,12 +2526,21 @@ int dh_test(void) DhKey key; DhKey key2; RNG rng; +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, dh_key_der_1024, sizeof(dh_key_der_1024)); + bytes = sizeof(dh_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dh_key_der_2048, sizeof(dh_key_der_2048)); + bytes = sizeof(dh_key_der_2048); +#else FILE* file = fopen(dhKey, "rb"); if (!file) return -50; bytes = (word32) fread(tmp, 1, sizeof(tmp), file); + fclose(file); +#endif /* USE_CERT_BUFFERS */ InitDhKey(&key); InitDhKey(&key2); @@ -2424,7 +2572,6 @@ int dh_test(void) FreeDhKey(&key); FreeDhKey(&key2); - fclose(file); return 0; } @@ -2436,7 +2583,7 @@ int dh_test(void) #ifdef FREESCALE_MQX static const char* dsaKey = "a:\certs\\dsa2048.der"; -#else +#elif !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) static const char* dsaKey = "./certs/dsa2048.der"; #endif @@ -2448,15 +2595,24 @@ int dsa_test(void) byte tmp[1024]; DsaKey key; RNG rng; - FILE* file = fopen(dsaKey, "rb"); Sha sha; byte hash[SHA_DIGEST_SIZE]; byte signature[40]; +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, dsa_key_der_1024, sizeof(dsa_key_der_1024)); + bytes = sizeof(dsa_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dsa_key_der_2048, sizeof(dsa_key_der_2048)); + bytes = sizeof(dsa_key_der_2048); +#else + FILE* file = fopen(dsaKey, "rb"); if (!file) return -60; bytes = (word32) fread(tmp, 1, sizeof(tmp), file); + fclose(file); +#endif /* USE_CERT_BUFFERS */ InitSha(&sha); ShaUpdate(&sha, tmp, bytes); @@ -2477,7 +2633,6 @@ int dsa_test(void) if (answer != 1) return -65; FreeDsaKey(&key); - fclose(file); return 0; } @@ -2501,7 +2656,7 @@ int openssl_test(void) a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" "\x7a"; a.inLen = strlen(a.input); - a.outLen = strlen(a.output); + a.outLen = MD5_DIGEST_SIZE; EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_md5()); @@ -2518,7 +2673,7 @@ int openssl_test(void) b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" "\x53\x99\x5E\x26\xA0"; b.inLen = strlen(b.input); - b.outLen = strlen(b.output); + b.outLen = SHA_DIGEST_SIZE; EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha1()); @@ -2535,7 +2690,7 @@ int openssl_test(void) "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" "\x06\xC1"; d.inLen = strlen(d.input); - d.outLen = strlen(d.output); + d.outLen = SHA256_DIGEST_SIZE; EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha256()); @@ -2555,7 +2710,7 @@ int openssl_test(void) "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" "\x74\x60\x39"; e.inLen = strlen(e.input); - e.outLen = strlen(e.output); + e.outLen = SHA384_DIGEST_SIZE; EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha384()); @@ -2579,7 +2734,7 @@ int openssl_test(void) "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" "\x87\x4b\xe9\x09"; f.inLen = strlen(f.input); - f.outLen = strlen(f.output); + f.outLen = SHA512_DIGEST_SIZE; EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha512()); @@ -2600,7 +2755,7 @@ int openssl_test(void) c.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7" "\x38"; c.inLen = strlen(c.input); - c.outLen = strlen(c.output); + c.outLen = MD5_DIGEST_SIZE; HMAC(EVP_md5(), "Jefe", 4, (byte*)c.input, (int)c.inLen, hash, 0); diff --git a/ctaocrypt/test/test.h b/ctaocrypt/test/test.h index 3557f9773..17e8e90b6 100644 --- a/ctaocrypt/test/test.h +++ b/ctaocrypt/test/test.h @@ -1,6 +1,6 @@ /* ctaocrypt/test/test.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/callbacks.h b/cyassl/callbacks.h index f43fbdd7b..71f23bc43 100644 --- a/cyassl/callbacks.h +++ b/cyassl/callbacks.h @@ -1,6 +1,6 @@ /* cyassl_callbacks.h * - * Copyright (C) 2012 Sawtooth Consulting Ltd. + * Copyright (C) 2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/certs_test.h b/cyassl/certs_test.h new file mode 100644 index 000000000..c3b644a38 --- /dev/null +++ b/cyassl/certs_test.h @@ -0,0 +1,790 @@ +/* certs_test.h */ + +#ifndef CYASSL_CERTS_TEST_H +#define CYASSL_CERTS_TEST_H + +#ifdef USE_CERT_BUFFERS_1024 + +/* ./certs/1024/client-key.der, 1024-bit */ +const unsigned char client_key_der_1024[] = +{ + 0x30, 0x82, 0x02, 0x5C, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, + 0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC, + 0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC, + 0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94, + 0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D, + 0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25, + 0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC, + 0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA, + 0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77, + 0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C, + 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, + 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, + 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, + 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x13, 0x97, 0xEA, + 0xE8, 0x38, 0x78, 0x25, 0xA2, 0x5C, 0x04, 0xCE, 0x0D, 0x40, + 0x7C, 0x31, 0xE5, 0xC4, 0x70, 0xCD, 0x9B, 0x82, 0x3B, 0x58, + 0x09, 0x86, 0x3B, 0x66, 0x5F, 0xDC, 0x31, 0x90, 0xF1, 0x4F, + 0xD5, 0xDB, 0x15, 0xDD, 0xDE, 0xD7, 0x3B, 0x95, 0x93, 0x31, + 0x18, 0x31, 0x0E, 0x5E, 0xA3, 0xD6, 0xA2, 0x1A, 0x71, 0x6E, + 0x81, 0x48, 0x1C, 0x4B, 0xCF, 0xDB, 0x8E, 0x7A, 0x86, 0x61, + 0x32, 0xDC, 0xFB, 0x55, 0xC1, 0x16, 0x6D, 0x27, 0x92, 0x24, + 0x45, 0x8B, 0xF1, 0xB8, 0x48, 0xB1, 0x4B, 0x1D, 0xAC, 0xDE, + 0xDA, 0xDD, 0x8E, 0x2F, 0xC2, 0x91, 0xFB, 0xA5, 0xA9, 0x6E, + 0xF8, 0x3A, 0x6A, 0xF1, 0xFD, 0x50, 0x18, 0xEF, 0x9F, 0xE7, + 0xC3, 0xCA, 0x78, 0xEA, 0x56, 0xD3, 0xD3, 0x72, 0x5B, 0x96, + 0xDD, 0x4E, 0x06, 0x4E, 0x3A, 0xC3, 0xD9, 0xBE, 0x72, 0xB6, + 0x65, 0x07, 0x07, 0x4C, 0x01, 0x02, 0x41, 0x00, 0xFA, 0x47, + 0xD4, 0x7A, 0x7C, 0x92, 0x3C, 0x55, 0xEF, 0x81, 0xF0, 0x41, + 0x30, 0x2D, 0xA3, 0xCF, 0x8F, 0x1C, 0xE6, 0x87, 0x27, 0x05, + 0x70, 0x0D, 0xDF, 0x98, 0x35, 0xD6, 0xF1, 0x8B, 0x38, 0x2F, + 0x24, 0xB5, 0xD0, 0x84, 0xB6, 0x79, 0x4F, 0x71, 0x29, 0x94, + 0x5A, 0xF0, 0x64, 0x6A, 0xAC, 0xE7, 0x72, 0xC6, 0xED, 0x4D, + 0x59, 0x98, 0x3E, 0x67, 0x3A, 0xF3, 0x74, 0x2C, 0xF9, 0x61, + 0x17, 0x69, 0x02, 0x41, 0x00, 0xC0, 0xC1, 0x82, 0x0D, 0x0C, + 0xEB, 0xC6, 0x2F, 0xDC, 0x92, 0xF9, 0x9D, 0x82, 0x1A, 0x31, + 0xE9, 0xE9, 0xF7, 0x4B, 0xF2, 0x82, 0x87, 0x1C, 0xEE, 0x16, + 0x6A, 0xD1, 0x1D, 0x18, 0x82, 0x70, 0xF3, 0xC0, 0xB6, 0x2F, + 0xF6, 0xF3, 0xF7, 0x1D, 0xF1, 0x86, 0x23, 0xC8, 0x4E, 0xEB, + 0x8F, 0x56, 0x8E, 0x8F, 0xF5, 0xBF, 0xF1, 0xF7, 0x2B, 0xB5, + 0xCC, 0x3D, 0xC6, 0x57, 0x39, 0x0C, 0x1B, 0x54, 0x41, 0x02, + 0x41, 0x00, 0x9D, 0x7E, 0x05, 0xDE, 0xED, 0xF4, 0xB7, 0xB2, + 0xFB, 0xFC, 0x30, 0x4B, 0x55, 0x1D, 0xE3, 0x2F, 0x01, 0x47, + 0x96, 0x69, 0x05, 0xCD, 0x0E, 0x2E, 0x2C, 0xBD, 0x83, 0x63, + 0xB6, 0xAB, 0x7C, 0xB7, 0x6D, 0xCA, 0x5B, 0x64, 0xA7, 0xCE, + 0xBE, 0x86, 0xDF, 0x3B, 0x53, 0xDE, 0x61, 0xD2, 0x1E, 0xEB, + 0xA5, 0xF6, 0x37, 0xED, 0xAC, 0xAB, 0x78, 0xD9, 0x4C, 0xE7, + 0x55, 0xFB, 0xD7, 0x11, 0x99, 0xC1, 0x02, 0x40, 0x18, 0x98, + 0x18, 0x29, 0xE6, 0x1E, 0x27, 0x39, 0x70, 0x21, 0x68, 0xAC, + 0x0A, 0x2F, 0xA1, 0x72, 0xC1, 0x21, 0x86, 0x95, 0x38, 0xC6, + 0x58, 0x90, 0xA0, 0x57, 0x9C, 0xBA, 0xE3, 0xA7, 0xB1, 0x15, + 0xC8, 0xDE, 0xF6, 0x1B, 0xC2, 0x61, 0x23, 0x76, 0xEF, 0xB0, + 0x9D, 0x1C, 0x44, 0xBE, 0x13, 0x43, 0x39, 0x67, 0x17, 0xC8, + 0x9D, 0xCA, 0xFB, 0xF5, 0x45, 0x64, 0x8B, 0x38, 0x82, 0x2C, + 0xF2, 0x81, 0x02, 0x40, 0x39, 0x89, 0xE5, 0x9C, 0x19, 0x55, + 0x30, 0xBA, 0xB7, 0x48, 0x8C, 0x48, 0x14, 0x0E, 0xF4, 0x9F, + 0x7E, 0x77, 0x97, 0x43, 0xE1, 0xB4, 0x19, 0x35, 0x31, 0x23, + 0x75, 0x9C, 0x3B, 0x44, 0xAD, 0x69, 0x12, 0x56, 0xEE, 0x00, + 0x61, 0x64, 0x16, 0x66, 0xD3, 0x7C, 0x74, 0x2B, 0x15, 0xB4, + 0xA2, 0xFE, 0xBF, 0x08, 0x6B, 0x1A, 0x5D, 0x3F, 0x90, 0x12, + 0xB1, 0x05, 0x86, 0x31, 0x29, 0xDB, 0xD9, 0xE2 +}; + +/* ./certs/1024/client-cert.der, 1024-bit */ +const unsigned char client_cert_der_1024[] = +{ + 0x30, 0x82, 0x02, 0xEC, 0x30, 0x82, 0x02, 0x55, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x8D, 0x0D, 0xAC, 0xFE, + 0xC6, 0x98, 0x45, 0x26, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, + 0x81, 0x8E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, + 0x6F, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x08, 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, + 0x64, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x0C, 0x05, 0x79, 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, + 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, + 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, + 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x33, + 0x30, 0x31, 0x31, 0x38, 0x32, 0x31, 0x34, 0x32, 0x34, 0x39, + 0x5A, 0x17, 0x0D, 0x31, 0x35, 0x31, 0x30, 0x31, 0x35, 0x32, + 0x31, 0x34, 0x32, 0x34, 0x39, 0x5A, 0x30, 0x81, 0x8E, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, + 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x08, + 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, 0x64, 0x31, 0x0E, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x05, 0x79, + 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, + 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, 0x77, 0x77, 0x77, + 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, + 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, 0xEF, + 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, 0xEC, 0xB3, + 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, 0xEC, 0xD1, + 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, 0x94, 0xCA, + 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, 0x4D, 0xC4, + 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, 0x25, 0xBB, + 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, 0xCC, 0x39, + 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, 0xDA, 0x4D, + 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, 0x77, 0xC9, + 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, 0x4C, 0xE8, + 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 0xAE, 0xF6, + 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 0x67, 0xC8, + 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xA3, 0x50, 0x30, 0x4E, 0x30, 0x1D, 0x06, + 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x81, 0x69, + 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, + 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 0xEC, 0x30, 0x1F, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, + 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, + 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, + 0xEC, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, + 0x03, 0x81, 0x81, 0x00, 0x72, 0x66, 0x0F, 0x6A, 0xA1, 0x85, + 0x95, 0x06, 0xE6, 0x87, 0x1A, 0xED, 0x2B, 0xDA, 0xED, 0x84, + 0x90, 0x89, 0xA6, 0x31, 0x4D, 0x60, 0xF2, 0x7B, 0x63, 0x0C, + 0xDC, 0x9B, 0x44, 0x4C, 0xD6, 0x62, 0x41, 0x24, 0x74, 0x30, + 0x70, 0x4E, 0x07, 0x10, 0x05, 0x12, 0x5E, 0x14, 0xB3, 0xDD, + 0xCF, 0x58, 0x27, 0x93, 0xCF, 0xAA, 0x4F, 0x85, 0x2C, 0x35, + 0x0E, 0xFF, 0x5B, 0xA8, 0x6B, 0xB5, 0x95, 0x32, 0xD5, 0xCC, + 0x73, 0x68, 0x5B, 0x1B, 0xC4, 0xF8, 0x89, 0x5E, 0x3D, 0xF8, + 0x02, 0x39, 0x32, 0x7D, 0x06, 0xA4, 0x32, 0xE9, 0xB3, 0xEF, + 0x62, 0xA0, 0x43, 0x5D, 0x4F, 0xFB, 0xCE, 0x3D, 0x08, 0x33, + 0xAF, 0x3D, 0x7F, 0x12, 0xCB, 0x8A, 0x5A, 0xC2, 0x63, 0xDB, + 0x3E, 0xDD, 0xEA, 0x5B, 0x67, 0x10, 0x49, 0x9F, 0x5B, 0x96, + 0x1B, 0x4E, 0x5D, 0xBC, 0x4E, 0x9A, 0x7C, 0x1F, 0xAB, 0x56, + 0x47, 0x4A +}; + +/* ./certs/1024/dh1024.der, 1024-bit */ +const unsigned char dh_key_der_1024[] = +{ + 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0xA4, 0xD2, 0xB8, + 0x6E, 0x78, 0xF5, 0xD9, 0xED, 0x2D, 0x7C, 0xDD, 0xB6, 0x16, + 0x86, 0x5A, 0x4B, 0x05, 0x76, 0x90, 0xDD, 0x66, 0x61, 0xB9, + 0x6D, 0x52, 0xA7, 0x1C, 0xAF, 0x62, 0xC6, 0x69, 0x47, 0x7B, + 0x39, 0xF2, 0xFB, 0x94, 0xEC, 0xBC, 0x79, 0xFF, 0x24, 0x5E, + 0xEF, 0x79, 0xBB, 0x59, 0xB2, 0xFC, 0xCA, 0x07, 0xD6, 0xF4, + 0xE9, 0x34, 0xF7, 0xE8, 0x38, 0xE7, 0xD7, 0x33, 0x44, 0x1D, + 0xA3, 0x64, 0x76, 0x1A, 0x84, 0x97, 0x54, 0x74, 0x40, 0x84, + 0x1F, 0x15, 0xFE, 0x7C, 0x25, 0x2A, 0x2B, 0x25, 0xFD, 0x9E, + 0xC1, 0x89, 0x33, 0x8C, 0x39, 0x25, 0x2B, 0x40, 0xE6, 0xCD, + 0xF8, 0xA8, 0xA1, 0x8A, 0x53, 0xC6, 0x47, 0xB2, 0xA0, 0xD7, + 0x8F, 0xEB, 0x2E, 0x60, 0x0A, 0x0D, 0x4B, 0xF8, 0xB4, 0x94, + 0x8C, 0x63, 0x0A, 0xAD, 0xC7, 0x10, 0xEA, 0xC7, 0xA1, 0xB9, + 0x9D, 0xF2, 0xA8, 0x37, 0x73, 0x02, 0x01, 0x02 +}; + +/* ./certs/1024/dsa1024.der, 1024-bit */ +const unsigned char dsa_key_der_1024[] = +{ + 0x30, 0x82, 0x01, 0xBC, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xF7, 0x4B, 0xF9, 0xBB, 0x15, 0x98, 0xEB, 0xDD, 0xDE, + 0x1E, 0x4E, 0x71, 0x88, 0x85, 0xF2, 0xB7, 0xBA, 0xE2, 0x4A, + 0xDA, 0x76, 0x40, 0xCD, 0x69, 0x48, 0x9E, 0x83, 0x7C, 0x11, + 0xF7, 0x65, 0x31, 0x78, 0xF5, 0x25, 0x2D, 0xF7, 0xB7, 0xF8, + 0x52, 0x3F, 0xBE, 0xD8, 0xB6, 0xC5, 0xFE, 0x18, 0x15, 0x5B, + 0xB9, 0xD5, 0x92, 0x86, 0xBC, 0xB2, 0x17, 0x7C, 0xD8, 0xB0, + 0xBE, 0xA0, 0x7C, 0xF2, 0xD5, 0x73, 0x7A, 0x58, 0x8F, 0x8D, + 0xE5, 0x4A, 0x00, 0x99, 0x83, 0x4A, 0xC0, 0x9E, 0x16, 0x09, + 0xA1, 0x10, 0x34, 0xD5, 0x19, 0xBB, 0x63, 0xE3, 0xDD, 0x83, + 0x74, 0x7F, 0x10, 0xCA, 0x73, 0x75, 0xEE, 0x31, 0x4A, 0xDD, + 0x9F, 0xE0, 0x02, 0x6A, 0x9D, 0xEE, 0xB2, 0x4B, 0xA7, 0x6B, + 0x2A, 0x6C, 0xC7, 0x86, 0x77, 0xE8, 0x04, 0x15, 0xDC, 0x92, + 0xB4, 0x7A, 0x29, 0x1F, 0x4E, 0x83, 0x63, 0x85, 0x55, 0x02, + 0x15, 0x00, 0xD2, 0x05, 0xE4, 0x73, 0xFB, 0xC1, 0x99, 0xC5, + 0xDC, 0x68, 0xA4, 0x8D, 0x92, 0x27, 0x3D, 0xE2, 0x52, 0x5F, + 0x89, 0x8B, 0x02, 0x81, 0x81, 0x00, 0xAA, 0x21, 0x02, 0x09, + 0x43, 0x6E, 0xFB, 0xA2, 0x54, 0x14, 0x85, 0x0A, 0xF4, 0x28, + 0x7C, 0xCB, 0xCC, 0xDB, 0xF5, 0x1E, 0xA2, 0x18, 0xA9, 0x21, + 0xDE, 0x88, 0x88, 0x33, 0x8C, 0x2E, 0xEB, 0x8D, 0xA3, 0xF0, + 0x1D, 0xC8, 0x8F, 0xF6, 0x7E, 0xF8, 0xCF, 0x12, 0xF5, 0xB4, + 0xA1, 0x11, 0x6F, 0x0C, 0xD4, 0xF0, 0x06, 0xAD, 0xC4, 0xFC, + 0x14, 0x45, 0xC7, 0x94, 0x15, 0xBC, 0x19, 0x4B, 0xAE, 0xEF, + 0x93, 0x6A, 0x4F, 0xCC, 0x14, 0xD8, 0x47, 0x8B, 0x39, 0x66, + 0x87, 0x02, 0xD4, 0x28, 0x0A, 0xB8, 0xEE, 0x09, 0x37, 0xF4, + 0x00, 0xA0, 0x04, 0xA7, 0x79, 0xA7, 0xD2, 0x3C, 0xF7, 0x34, + 0x43, 0x56, 0x8E, 0xD0, 0x7C, 0xC2, 0xD8, 0x4D, 0x0F, 0x89, + 0xED, 0x14, 0xC1, 0x2C, 0x9C, 0x4C, 0x19, 0x9B, 0x9E, 0xDC, + 0x53, 0x09, 0x9F, 0xDF, 0x2D, 0xF0, 0x0C, 0x27, 0x54, 0x3A, + 0x77, 0x14, 0x2D, 0xDE, 0x02, 0x81, 0x81, 0x00, 0xE8, 0x1F, + 0x7C, 0xB7, 0xC0, 0x54, 0x51, 0xA7, 0x28, 0x2D, 0x58, 0x7C, + 0xDE, 0xD4, 0x5C, 0xDD, 0xD5, 0x76, 0x84, 0x3C, 0x36, 0x20, + 0xC0, 0xC3, 0x25, 0xD7, 0x3A, 0x38, 0xE1, 0x54, 0xC8, 0xFD, + 0x40, 0x68, 0x1A, 0x21, 0x54, 0x26, 0x39, 0x14, 0xBF, 0xF6, + 0xA3, 0x9C, 0x5E, 0xD9, 0x2B, 0xF7, 0xC9, 0x25, 0xBA, 0x00, + 0x09, 0xCB, 0x7F, 0x0C, 0x4A, 0x24, 0xFD, 0x15, 0x16, 0x15, + 0x48, 0xCD, 0x0B, 0x52, 0x44, 0x40, 0x7B, 0x90, 0x63, 0x2B, + 0x90, 0x22, 0xC5, 0x18, 0x05, 0x80, 0x53, 0xAF, 0x83, 0x1F, + 0x54, 0xE2, 0xB0, 0xA2, 0x0B, 0x5A, 0x92, 0x24, 0xE1, 0x62, + 0x28, 0x3F, 0xB7, 0xCA, 0xB9, 0x89, 0xD6, 0xA0, 0xB7, 0xAD, + 0xAE, 0x05, 0xE1, 0xC1, 0x59, 0x40, 0xED, 0x4A, 0x1B, 0x68, + 0xA7, 0x7B, 0xFB, 0xC3, 0x20, 0x81, 0xEF, 0x4B, 0xF3, 0x69, + 0x91, 0xB0, 0xCE, 0x3A, 0xB0, 0x38, 0x02, 0x14, 0x25, 0x38, + 0x3B, 0xA1, 0x19, 0x75, 0xDF, 0x9B, 0xF5, 0x72, 0x53, 0x4F, + 0x39, 0xE1, 0x1C, 0xEC, 0x13, 0x84, 0x82, 0x18 +}; + +/* ./certs/1024/rsa1024.der, 1024-bit */ +const unsigned char rsa_key_der_1024[] = +{ + 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xBE, 0x70, 0x70, 0xB8, 0x04, 0x18, 0xE5, 0x28, 0xFE, + 0x66, 0xD8, 0x90, 0x88, 0xE0, 0xF1, 0xB7, 0xC3, 0xD0, 0xD2, + 0x3E, 0xE6, 0x4B, 0x94, 0x74, 0xB0, 0xFF, 0xB0, 0xF7, 0x63, + 0xA5, 0xAB, 0x7E, 0xAF, 0xB6, 0x2B, 0xB7, 0x38, 0x16, 0x1A, + 0x50, 0xBF, 0xF1, 0xCA, 0x87, 0x3A, 0xD5, 0xB0, 0xDA, 0xF8, + 0x43, 0x7A, 0x15, 0xB9, 0x7E, 0xEA, 0x2A, 0x80, 0xD2, 0x51, + 0xB0, 0x35, 0xAF, 0x07, 0xF3, 0xF2, 0x5D, 0x24, 0x3A, 0x4B, + 0x87, 0x56, 0x48, 0x1B, 0x3C, 0x24, 0x9A, 0xDA, 0x70, 0x80, + 0xBD, 0x3C, 0x8B, 0x03, 0x4A, 0x0C, 0x83, 0x71, 0xDE, 0xE3, + 0x03, 0x70, 0xA2, 0xB7, 0x60, 0x09, 0x1B, 0x5E, 0xC7, 0x3D, + 0xA0, 0x64, 0x60, 0xE3, 0xA9, 0x06, 0x8D, 0xD3, 0xFF, 0x42, + 0xBB, 0x0A, 0x94, 0x27, 0x2D, 0x57, 0x42, 0x0D, 0xB0, 0x2D, + 0xE0, 0xBA, 0x18, 0x25, 0x60, 0x92, 0x11, 0x92, 0xF3, 0x02, + 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x0E, 0xEE, 0x1D, + 0xC8, 0x2F, 0x7A, 0x0C, 0x2D, 0x44, 0x94, 0xA7, 0x91, 0xDD, + 0x49, 0x55, 0x6A, 0x04, 0xCE, 0x10, 0x4D, 0xA2, 0x1C, 0x76, + 0xCD, 0x17, 0x3B, 0x54, 0x92, 0x70, 0x9B, 0x82, 0x70, 0x72, + 0x32, 0x24, 0x07, 0x3F, 0x3C, 0x6C, 0x5F, 0xBC, 0x4C, 0xA6, + 0x86, 0x27, 0x94, 0xAD, 0x42, 0xDD, 0x87, 0xDC, 0xC0, 0x6B, + 0x44, 0x89, 0xF3, 0x3F, 0x1A, 0x3E, 0x11, 0x44, 0x84, 0x2E, + 0x69, 0x4C, 0xBB, 0x4A, 0x71, 0x1A, 0xBB, 0x9A, 0x52, 0x3C, + 0x6B, 0xDE, 0xBC, 0xB2, 0x7C, 0x51, 0xEF, 0x4F, 0x8F, 0x3A, + 0xDC, 0x50, 0x04, 0x4E, 0xB6, 0x31, 0x66, 0xA8, 0x8E, 0x06, + 0x3B, 0x51, 0xA9, 0xC1, 0x8A, 0xCB, 0xC4, 0x81, 0xCA, 0x2D, + 0x69, 0xEC, 0x88, 0xFC, 0x33, 0x88, 0xD1, 0xD4, 0x29, 0x47, + 0x87, 0x37, 0xF9, 0x6A, 0x22, 0x69, 0xB9, 0xC9, 0xFE, 0xEB, + 0x8C, 0xC5, 0x21, 0x41, 0x71, 0x02, 0x41, 0x00, 0xFD, 0x17, + 0x98, 0x42, 0x54, 0x1C, 0x23, 0xF8, 0xD7, 0x5D, 0xEF, 0x49, + 0x4F, 0xAF, 0xD9, 0x35, 0x6F, 0x08, 0xC6, 0xC7, 0x40, 0x5C, + 0x7E, 0x58, 0x86, 0xC2, 0xB2, 0x16, 0x39, 0x24, 0xC5, 0x06, + 0xB0, 0x3D, 0xAF, 0x02, 0xD2, 0x87, 0x77, 0xD2, 0x76, 0xBA, + 0xE3, 0x59, 0x60, 0x42, 0xF1, 0x16, 0xEF, 0x33, 0x0B, 0xF2, + 0x0B, 0xBA, 0x99, 0xCC, 0xB6, 0x4C, 0x46, 0x3F, 0x33, 0xE4, + 0xD4, 0x67, 0x02, 0x41, 0x00, 0xC0, 0xA0, 0x91, 0x6D, 0xFE, + 0x28, 0xE0, 0x81, 0x5A, 0x15, 0xA7, 0xC9, 0xA8, 0x98, 0xC6, + 0x0A, 0xAB, 0x00, 0xC5, 0x40, 0xC9, 0x21, 0xBB, 0xB2, 0x33, + 0x5A, 0xA7, 0xCB, 0x6E, 0xB8, 0x08, 0x56, 0x4A, 0x76, 0x28, + 0xE8, 0x6D, 0xBD, 0xF5, 0x26, 0x7B, 0xBF, 0xC5, 0x46, 0x45, + 0x0D, 0xEC, 0x7D, 0xEE, 0x82, 0xD6, 0xCA, 0x5F, 0x3D, 0x6E, + 0xCC, 0x94, 0x73, 0xCD, 0xCE, 0x86, 0x6E, 0x95, 0x95, 0x02, + 0x40, 0x38, 0xFD, 0x28, 0x1E, 0xBF, 0x5B, 0xBA, 0xC9, 0xDC, + 0x8C, 0xDD, 0x45, 0xAF, 0xB8, 0xD3, 0xFB, 0x11, 0x2E, 0x73, + 0xBC, 0x08, 0x05, 0x0B, 0xBA, 0x19, 0x56, 0x1B, 0xCD, 0x9F, + 0x3E, 0x65, 0x53, 0x15, 0x3A, 0x3E, 0x7F, 0x2F, 0x32, 0xAB, + 0xCB, 0x6B, 0x4A, 0xB7, 0xC8, 0xB7, 0x41, 0x3B, 0x92, 0x43, + 0x78, 0x46, 0x17, 0x51, 0x86, 0xC9, 0xFC, 0xEB, 0x8B, 0x8F, + 0x41, 0xCA, 0x08, 0x9B, 0xBF, 0x02, 0x41, 0x00, 0xAD, 0x9B, + 0x89, 0xB6, 0xF2, 0x8C, 0x70, 0xDA, 0xE4, 0x10, 0x04, 0x6B, + 0x11, 0x92, 0xAF, 0x5A, 0xCA, 0x08, 0x25, 0xBF, 0x60, 0x07, + 0x11, 0x1D, 0x68, 0x7F, 0x5A, 0x1F, 0x55, 0x28, 0x74, 0x0B, + 0x21, 0x8D, 0x21, 0x0D, 0x6A, 0x6A, 0xFB, 0xD9, 0xB5, 0x4A, + 0x7F, 0x47, 0xF7, 0xD0, 0xB6, 0xC6, 0x41, 0x02, 0x97, 0x07, + 0x49, 0x93, 0x1A, 0x9B, 0x33, 0x68, 0xB3, 0xA2, 0x61, 0x32, + 0xA5, 0x89, 0x02, 0x41, 0x00, 0x8F, 0xEF, 0xAD, 0xB5, 0xB0, + 0xB0, 0x7E, 0x86, 0x03, 0x43, 0x93, 0x6E, 0xDD, 0x3C, 0x2D, + 0x9B, 0x6A, 0x55, 0xFF, 0x6F, 0x3E, 0x70, 0x2A, 0xD4, 0xBF, + 0x1F, 0x8C, 0x93, 0x60, 0x9E, 0x6D, 0x2F, 0x18, 0x6C, 0x11, + 0x36, 0x98, 0x3F, 0x10, 0x78, 0xE8, 0x3E, 0x8F, 0xFE, 0x55, + 0xB9, 0x9E, 0xD5, 0x5B, 0x2E, 0x87, 0x1C, 0x58, 0xD0, 0x37, + 0x89, 0x96, 0xEC, 0x48, 0x54, 0xF5, 0x9F, 0x0F, 0xB3 +}; + +#elif defined(USE_CERT_BUFFERS_2048) + +/* ./certs/client-key.der, 2048-bit */ +const unsigned char client_key_der_2048[] = +{ + 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, + 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, + 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, + 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, + 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, + 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, + 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E, + 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, + 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, + 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, + 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, + 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, + 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, + 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, + 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, + 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, + 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, + 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF, + 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03, + 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, + 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, + 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, + 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, + 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, + 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, + 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xA2, 0xE6, + 0xD8, 0x5F, 0x10, 0x71, 0x64, 0x08, 0x9E, 0x2E, 0x6D, 0xD1, + 0x6D, 0x1E, 0x85, 0xD2, 0x0A, 0xB1, 0x8C, 0x47, 0xCE, 0x2C, + 0x51, 0x6A, 0xA0, 0x12, 0x9E, 0x53, 0xDE, 0x91, 0x4C, 0x1D, + 0x6D, 0xEA, 0x59, 0x7B, 0xF2, 0x77, 0xAA, 0xD9, 0xC6, 0xD9, + 0x8A, 0xAB, 0xD8, 0xE1, 0x16, 0xE4, 0x63, 0x26, 0xFF, 0xB5, + 0x6C, 0x13, 0x59, 0xB8, 0xE3, 0xA5, 0xC8, 0x72, 0x17, 0x2E, + 0x0C, 0x9F, 0x6F, 0xE5, 0x59, 0x3F, 0x76, 0x6F, 0x49, 0xB1, + 0x11, 0xC2, 0x5A, 0x2E, 0x16, 0x29, 0x0D, 0xDE, 0xB7, 0x8E, + 0xDC, 0x40, 0xD5, 0xA2, 0xEE, 0xE0, 0x1E, 0xA1, 0xF4, 0xBE, + 0x97, 0xDB, 0x86, 0x63, 0x96, 0x14, 0xCD, 0x98, 0x09, 0x60, + 0x2D, 0x30, 0x76, 0x9C, 0x3C, 0xCD, 0xE6, 0x88, 0xEE, 0x47, + 0x92, 0x79, 0x0B, 0x5A, 0x00, 0xE2, 0x5E, 0x5F, 0x11, 0x7C, + 0x7D, 0xF9, 0x08, 0xB7, 0x20, 0x06, 0x89, 0x2A, 0x5D, 0xFD, + 0x00, 0xAB, 0x22, 0xE1, 0xF0, 0xB3, 0xBC, 0x24, 0xA9, 0x5E, + 0x26, 0x0E, 0x1F, 0x00, 0x2D, 0xFE, 0x21, 0x9A, 0x53, 0x5B, + 0x6D, 0xD3, 0x2B, 0xAB, 0x94, 0x82, 0x68, 0x43, 0x36, 0xD8, + 0xF6, 0x2F, 0xC6, 0x22, 0xFC, 0xB5, 0x41, 0x5D, 0x0D, 0x33, + 0x60, 0xEA, 0xA4, 0x7D, 0x7E, 0xE8, 0x4B, 0x55, 0x91, 0x56, + 0xD3, 0x5C, 0x57, 0x8F, 0x1F, 0x94, 0x17, 0x2F, 0xAA, 0xDE, + 0xE9, 0x9E, 0xA8, 0xF4, 0xCF, 0x8A, 0x4C, 0x8E, 0xA0, 0xE4, + 0x56, 0x73, 0xB2, 0xCF, 0x4F, 0x86, 0xC5, 0x69, 0x3C, 0xF3, + 0x24, 0x20, 0x8B, 0x5C, 0x96, 0x0C, 0xFA, 0x6B, 0x12, 0x3B, + 0x9A, 0x67, 0xC1, 0xDF, 0xC6, 0x96, 0xB2, 0xA5, 0xD5, 0x92, + 0x0D, 0x9B, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, 0xD4, 0x50, + 0xE4, 0x17, 0x39, 0x48, 0xD0, 0x35, 0x8B, 0x94, 0x6D, 0x11, + 0xDE, 0x8F, 0xCA, 0x59, 0x02, 0x81, 0x81, 0x00, 0xEA, 0x24, + 0xA7, 0xF9, 0x69, 0x33, 0xE9, 0x71, 0xDC, 0x52, 0x7D, 0x88, + 0x21, 0x28, 0x2F, 0x49, 0xDE, 0xBA, 0x72, 0x16, 0xE9, 0xCC, + 0x47, 0x7A, 0x88, 0x0D, 0x94, 0x57, 0x84, 0x58, 0x16, 0x3A, + 0x81, 0xB0, 0x3F, 0xA2, 0xCF, 0xA6, 0x6C, 0x1E, 0xB0, 0x06, + 0x29, 0x00, 0x8F, 0xE7, 0x77, 0x76, 0xAC, 0xDB, 0xCA, 0xC7, + 0xD9, 0x5E, 0x9B, 0x3F, 0x26, 0x90, 0x52, 0xAE, 0xFC, 0x38, + 0x90, 0x00, 0x14, 0xBB, 0xB4, 0x0F, 0x58, 0x94, 0xE7, 0x2F, + 0x6A, 0x7E, 0x1C, 0x4F, 0x41, 0x21, 0xD4, 0x31, 0x59, 0x1F, + 0x4E, 0x8A, 0x1A, 0x8D, 0xA7, 0x57, 0x6C, 0x22, 0xD8, 0xE5, + 0xF4, 0x7E, 0x32, 0xA6, 0x10, 0xCB, 0x64, 0xA5, 0x55, 0x03, + 0x87, 0xA6, 0x27, 0x05, 0x8C, 0xC3, 0xD7, 0xB6, 0x27, 0xB2, + 0x4D, 0xBA, 0x30, 0xDA, 0x47, 0x8F, 0x54, 0xD3, 0x3D, 0x8B, + 0x84, 0x8D, 0x94, 0x98, 0x58, 0xA5, 0x02, 0x81, 0x81, 0x00, + 0xD5, 0x38, 0x1B, 0xC3, 0x8F, 0xC5, 0x93, 0x0C, 0x47, 0x0B, + 0x6F, 0x35, 0x92, 0xC5, 0xB0, 0x8D, 0x46, 0xC8, 0x92, 0x18, + 0x8F, 0xF5, 0x80, 0x0A, 0xF7, 0xEF, 0xA1, 0xFE, 0x80, 0xB9, + 0xB5, 0x2A, 0xBA, 0xCA, 0x18, 0xB0, 0x5D, 0xA5, 0x07, 0xD0, + 0x93, 0x8D, 0xD8, 0x9C, 0x04, 0x1C, 0xD4, 0x62, 0x8E, 0xA6, + 0x26, 0x81, 0x01, 0xFF, 0xCE, 0x8A, 0x2A, 0x63, 0x34, 0x35, + 0x40, 0xAA, 0x6D, 0x80, 0xDE, 0x89, 0x23, 0x6A, 0x57, 0x4D, + 0x9E, 0x6E, 0xAD, 0x93, 0x4E, 0x56, 0x90, 0x0B, 0x6D, 0x9D, + 0x73, 0x8B, 0x0C, 0xAE, 0x27, 0x3D, 0xDE, 0x4E, 0xF0, 0xAA, + 0xC5, 0x6C, 0x78, 0x67, 0x6C, 0x94, 0x52, 0x9C, 0x37, 0x67, + 0x6C, 0x2D, 0xEF, 0xBB, 0xAF, 0xDF, 0xA6, 0x90, 0x3C, 0xC4, + 0x47, 0xCF, 0x8D, 0x96, 0x9E, 0x98, 0xA9, 0xB4, 0x9F, 0xC5, + 0xA6, 0x50, 0xDC, 0xB3, 0xF0, 0xFB, 0x74, 0x17, 0x02, 0x81, + 0x80, 0x5E, 0x83, 0x09, 0x62, 0xBD, 0xBA, 0x7C, 0xA2, 0xBF, + 0x42, 0x74, 0xF5, 0x7C, 0x1C, 0xD2, 0x69, 0xC9, 0x04, 0x0D, + 0x85, 0x7E, 0x3E, 0x3D, 0x24, 0x12, 0xC3, 0x18, 0x7B, 0xF3, + 0x29, 0xF3, 0x5F, 0x0E, 0x76, 0x6C, 0x59, 0x75, 0xE4, 0x41, + 0x84, 0x69, 0x9D, 0x32, 0xF3, 0xCD, 0x22, 0xAB, 0xB0, 0x35, + 0xBA, 0x4A, 0xB2, 0x3C, 0xE5, 0xD9, 0x58, 0xB6, 0x62, 0x4F, + 0x5D, 0xDE, 0xE5, 0x9E, 0x0A, 0xCA, 0x53, 0xB2, 0x2C, 0xF7, + 0x9E, 0xB3, 0x6B, 0x0A, 0x5B, 0x79, 0x65, 0xEC, 0x6E, 0x91, + 0x4E, 0x92, 0x20, 0xF6, 0xFC, 0xFC, 0x16, 0xED, 0xD3, 0x76, + 0x0C, 0xE2, 0xEC, 0x7F, 0xB2, 0x69, 0x13, 0x6B, 0x78, 0x0E, + 0x5A, 0x46, 0x64, 0xB4, 0x5E, 0xB7, 0x25, 0xA0, 0x5A, 0x75, + 0x3A, 0x4B, 0xEF, 0xC7, 0x3C, 0x3E, 0xF7, 0xFD, 0x26, 0xB8, + 0x20, 0xC4, 0x99, 0x0A, 0x9A, 0x73, 0xBE, 0xC3, 0x19, 0x02, + 0x81, 0x81, 0x00, 0xBA, 0x44, 0x93, 0x14, 0xAC, 0x34, 0x19, + 0x3B, 0x5F, 0x91, 0x60, 0xAC, 0xF7, 0xB4, 0xD6, 0x81, 0x05, + 0x36, 0x51, 0x53, 0x3D, 0xE8, 0x65, 0xDC, 0xAF, 0x2E, 0xDC, + 0x61, 0x3E, 0xC9, 0x7D, 0xB8, 0x7F, 0x87, 0xF0, 0x3B, 0x9B, + 0x03, 0x82, 0x29, 0x37, 0xCE, 0x72, 0x4E, 0x11, 0xD5, 0xB1, + 0xC1, 0x0C, 0x07, 0xA0, 0x99, 0x91, 0x4A, 0x8D, 0x7F, 0xEC, + 0x79, 0xCF, 0xF1, 0x39, 0xB5, 0xE9, 0x85, 0xEC, 0x62, 0xF7, + 0xDA, 0x7D, 0xBC, 0x64, 0x4D, 0x22, 0x3C, 0x0E, 0xF2, 0xD6, + 0x51, 0xF5, 0x87, 0xD8, 0x99, 0xC0, 0x11, 0x20, 0x5D, 0x0F, + 0x29, 0xFD, 0x5B, 0xE2, 0xAE, 0xD9, 0x1C, 0xD9, 0x21, 0x56, + 0x6D, 0xFC, 0x84, 0xD0, 0x5F, 0xED, 0x10, 0x15, 0x1C, 0x18, + 0x21, 0xE7, 0xC4, 0x3D, 0x4B, 0xD7, 0xD0, 0x9E, 0x6A, 0x95, + 0xCF, 0x22, 0xC9, 0x03, 0x7B, 0x9E, 0xE3, 0x60, 0x01, 0xFC, + 0x2F, 0x02, 0x81, 0x80, 0x11, 0xD0, 0x4B, 0xCF, 0x1B, 0x67, + 0xB9, 0x9F, 0x10, 0x75, 0x47, 0x86, 0x65, 0xAE, 0x31, 0xC2, + 0xC6, 0x30, 0xAC, 0x59, 0x06, 0x50, 0xD9, 0x0F, 0xB5, 0x70, + 0x06, 0xF7, 0xF0, 0xD3, 0xC8, 0x62, 0x7C, 0xA8, 0xDA, 0x6E, + 0xF6, 0x21, 0x3F, 0xD3, 0x7F, 0x5F, 0xEA, 0x8A, 0xAB, 0x3F, + 0xD9, 0x2A, 0x5E, 0xF3, 0x51, 0xD2, 0xC2, 0x30, 0x37, 0xE3, + 0x2D, 0xA3, 0x75, 0x0D, 0x1E, 0x4D, 0x21, 0x34, 0xD5, 0x57, + 0x70, 0x5C, 0x89, 0xBF, 0x72, 0xEC, 0x4A, 0x6E, 0x68, 0xD5, + 0xCD, 0x18, 0x74, 0x33, 0x4E, 0x8C, 0x3A, 0x45, 0x8F, 0xE6, + 0x96, 0x40, 0xEB, 0x63, 0xF9, 0x19, 0x86, 0x3A, 0x51, 0xDD, + 0x89, 0x4B, 0xB0, 0xF3, 0xF9, 0x9F, 0x5D, 0x28, 0x95, 0x38, + 0xBE, 0x35, 0xAB, 0xCA, 0x5C, 0xE7, 0x93, 0x53, 0x34, 0xA1, + 0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, + 0xF5, 0xBF +}; + +/* ./certs/client-cert.der, 2048-bit */ +const unsigned char client_cert_der_2048[] = +{ + 0x30, 0x82, 0x04, 0x98, 0x30, 0x82, 0x03, 0x80, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x87, 0x4A, 0x75, 0xBE, + 0x91, 0x66, 0xD8, 0x3D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, + 0x81, 0x8E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x13, 0x06, 0x4F, 0x72, 0x65, 0x67, + 0x6F, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x13, 0x08, 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, + 0x64, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x13, 0x05, 0x79, 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x0B, 0x50, 0x72, + 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, + 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0D, + 0x77, 0x77, 0x77, 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x31, + 0x31, 0x30, 0x32, 0x34, 0x31, 0x38, 0x32, 0x31, 0x35, 0x35, + 0x5A, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x37, 0x32, 0x30, 0x31, + 0x38, 0x32, 0x31, 0x35, 0x35, 0x5A, 0x30, 0x81, 0x8E, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x13, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, + 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, + 0x50, 0x6F, 0x72, 0x74, 0x6C, 0x61, 0x6E, 0x64, 0x31, 0x0E, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x05, 0x79, + 0x61, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x13, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, + 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0D, 0x77, 0x77, 0x77, + 0x2E, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, + 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, + 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, + 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, + 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, + 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, + 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, + 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, + 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, + 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, + 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, + 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, + 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, + 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, + 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, + 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, + 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, + 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, + 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, + 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, + 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, + 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, + 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, + 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, + 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, + 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xF6, 0x30, 0x81, + 0xF3, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, + 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, + 0x65, 0xC0, 0x30, 0x81, 0xC3, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xBB, 0x30, 0x81, 0xB8, 0x80, 0x14, 0x33, 0xD8, + 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, + 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0xA1, 0x81, + 0x94, 0xA4, 0x81, 0x91, 0x30, 0x81, 0x8E, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, + 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x11, 0x30, + 0x0F, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x50, 0x6F, + 0x72, 0x74, 0x6C, 0x61, 0x6E, 0x64, 0x31, 0x0E, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x05, 0x79, 0x61, 0x53, + 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x13, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, + 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x0D, 0x77, 0x77, 0x77, 0x2E, 0x79, + 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1D, + 0x30, 0x1B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x0E, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x79, 0x61, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, + 0x09, 0x00, 0x87, 0x4A, 0x75, 0xBE, 0x91, 0x66, 0xD8, 0x3D, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x1C, 0x7C, 0x42, 0x81, 0x29, 0x9E, + 0x21, 0xCF, 0xD0, 0xD8, 0xC1, 0x54, 0x6F, 0xCC, 0xAE, 0x14, + 0x09, 0x38, 0xFF, 0x68, 0x98, 0x9A, 0x95, 0x53, 0x76, 0x18, + 0x7B, 0xE6, 0x30, 0x76, 0xEC, 0x28, 0x0D, 0x75, 0xA7, 0xDE, + 0xE0, 0xCD, 0x8E, 0xD5, 0x55, 0x23, 0x6A, 0x47, 0x2B, 0x4E, + 0x8D, 0xFC, 0x7D, 0x06, 0xA3, 0xD8, 0x0F, 0xAD, 0x5E, 0xD6, + 0x04, 0xC9, 0x00, 0x33, 0xFB, 0x77, 0x27, 0xD3, 0xB5, 0x03, + 0xB3, 0x7B, 0x21, 0x74, 0x31, 0x0B, 0x4A, 0xAF, 0x2D, 0x1A, + 0xB3, 0x93, 0x8E, 0xCC, 0xF3, 0x5F, 0x3D, 0x90, 0x3F, 0xCC, + 0xE3, 0x55, 0x19, 0x91, 0x7B, 0x78, 0x24, 0x2E, 0x4A, 0x09, + 0xBB, 0x18, 0x4E, 0x61, 0x2D, 0x9C, 0xC6, 0x0A, 0xA0, 0x34, + 0x91, 0x88, 0x70, 0x6B, 0x3B, 0x48, 0x47, 0xBC, 0x79, 0x94, + 0xA2, 0xA0, 0x4D, 0x32, 0x47, 0x54, 0xC2, 0xA3, 0xDC, 0x2E, + 0xD2, 0x51, 0x4C, 0x29, 0x39, 0x11, 0xFF, 0xE2, 0x15, 0x5E, + 0x58, 0x97, 0x36, 0xF6, 0xE9, 0x06, 0x06, 0x86, 0x0E, 0x8D, + 0x9D, 0x95, 0x03, 0x72, 0xB2, 0x8B, 0x19, 0x7C, 0xE9, 0x14, + 0x6E, 0xA1, 0x88, 0x73, 0x68, 0x58, 0x6D, 0x71, 0x5E, 0xC2, + 0xD5, 0xD3, 0x13, 0xD2, 0x5F, 0xDE, 0xEA, 0x03, 0xBE, 0xE2, + 0x00, 0x40, 0xE5, 0xCE, 0xFD, 0xE6, 0x92, 0x31, 0x57, 0xC3, + 0xEB, 0xBB, 0x66, 0xAC, 0xCB, 0x2F, 0x1A, 0xFA, 0xE0, 0x62, + 0xA2, 0x47, 0xF4, 0x93, 0x43, 0x2A, 0x4B, 0x6C, 0x5E, 0x0A, + 0x2F, 0xF9, 0xE7, 0xE6, 0x4A, 0x63, 0x86, 0xB0, 0xAC, 0x2A, + 0xA1, 0xEB, 0xB4, 0x5B, 0x67, 0xCD, 0x32, 0xE4, 0xB6, 0x11, + 0x4B, 0x9A, 0x72, 0x66, 0x0D, 0xA2, 0x4A, 0x76, 0x8F, 0xFE, + 0x22, 0xBC, 0x83, 0xFD, 0xDB, 0xB7, 0xD5, 0xA9, 0xEE, 0x05, + 0xC9, 0xB1, 0x71, 0x7E, 0x1B, 0x2B, 0xE1, 0xE3, 0xAF, 0xC0 + +}; + +/* ./certs/dh2048.der, 2048-bit */ +const unsigned char dh_key_der_2048[] = +{ + 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB0, + 0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C, + 0xBC, 0x30, 0xD5, 0xF5, 0x00, 0xC1, 0x4F, 0x44, 0xA7, 0xD6, + 0xEF, 0x4A, 0xC6, 0x25, 0x27, 0x1C, 0xE8, 0xD2, 0x96, 0x53, + 0x0A, 0x5C, 0x91, 0xDD, 0xA2, 0xC2, 0x94, 0x84, 0xBF, 0x7D, + 0xB2, 0x44, 0x9F, 0x9B, 0xD2, 0xC1, 0x8A, 0xC5, 0xBE, 0x72, + 0x5C, 0xA7, 0xE7, 0x91, 0xE6, 0xD4, 0x9F, 0x73, 0x07, 0x85, + 0x5B, 0x66, 0x48, 0xC7, 0x70, 0xFA, 0xB4, 0xEE, 0x02, 0xC9, + 0x3D, 0x9A, 0x4A, 0xDA, 0x3D, 0xC1, 0x46, 0x3E, 0x19, 0x69, + 0xD1, 0x17, 0x46, 0x07, 0xA3, 0x4D, 0x9F, 0x2B, 0x96, 0x17, + 0x39, 0x6D, 0x30, 0x8D, 0x2A, 0xF3, 0x94, 0xD3, 0x75, 0xCF, + 0xA0, 0x75, 0xE6, 0xF2, 0x92, 0x1F, 0x1A, 0x70, 0x05, 0xAA, + 0x04, 0x83, 0x57, 0x30, 0xFB, 0xDA, 0x76, 0x93, 0x38, 0x50, + 0xE8, 0x27, 0xFD, 0x63, 0xEE, 0x3C, 0xE5, 0xB7, 0xC8, 0x09, + 0xAE, 0x6F, 0x50, 0x35, 0x8E, 0x84, 0xCE, 0x4A, 0x00, 0xE9, + 0x12, 0x7E, 0x5A, 0x31, 0xD7, 0x33, 0xFC, 0x21, 0x13, 0x76, + 0xCC, 0x16, 0x30, 0xDB, 0x0C, 0xFC, 0xC5, 0x62, 0xA7, 0x35, + 0xB8, 0xEF, 0xB7, 0xB0, 0xAC, 0xC0, 0x36, 0xF6, 0xD9, 0xC9, + 0x46, 0x48, 0xF9, 0x40, 0x90, 0x00, 0x2B, 0x1B, 0xAA, 0x6C, + 0xE3, 0x1A, 0xC3, 0x0B, 0x03, 0x9E, 0x1B, 0xC2, 0x46, 0xE4, + 0x48, 0x4E, 0x22, 0x73, 0x6F, 0xC3, 0x5F, 0xD4, 0x9A, 0xD6, + 0x30, 0x07, 0x48, 0xD6, 0x8C, 0x90, 0xAB, 0xD4, 0xF6, 0xF1, + 0xE3, 0x48, 0xD3, 0x58, 0x4B, 0xA6, 0xB9, 0xCD, 0x29, 0xBF, + 0x68, 0x1F, 0x08, 0x4B, 0x63, 0x86, 0x2F, 0x5C, 0x6B, 0xD6, + 0xB6, 0x06, 0x65, 0xF7, 0xA6, 0xDC, 0x00, 0x67, 0x6B, 0xBB, + 0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E, + 0x7E, 0xAF, 0x00, 0x3F, 0x93, 0x02, 0x01, 0x02 +}; + +/* ./certs/dsa2048.der, 2048-bit */ +const unsigned char dsa_key_der_2048[] = +{ + 0x30, 0x82, 0x03, 0x3F, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xCC, 0x8E, 0xC9, 0xA0, 0xD5, 0x9A, 0x27, 0x1C, + 0xDA, 0x52, 0xDF, 0xC7, 0xC0, 0xE6, 0x06, 0xA4, 0x3E, 0x8A, + 0x66, 0x49, 0xD0, 0x59, 0x33, 0x51, 0x69, 0xC4, 0x9C, 0x5E, + 0x64, 0x85, 0xC7, 0xF1, 0xAB, 0xD5, 0xD9, 0x62, 0xAC, 0xFD, + 0xA1, 0xE0, 0x1B, 0x57, 0xFF, 0x96, 0xEF, 0x0C, 0x9F, 0xC8, + 0x44, 0x87, 0xEB, 0x5C, 0x91, 0xD0, 0x46, 0x42, 0x09, 0x50, + 0x6A, 0x23, 0xCB, 0x89, 0x6F, 0x55, 0xE9, 0x6A, 0x11, 0xA9, + 0xA8, 0x32, 0xAB, 0x33, 0x0D, 0x51, 0xB5, 0x79, 0x51, 0xB4, + 0xAB, 0xA2, 0x25, 0x11, 0x8D, 0xE5, 0x24, 0xBE, 0xD8, 0xF1, + 0x9D, 0x4E, 0x12, 0x6F, 0xAC, 0x44, 0x54, 0x80, 0xA9, 0xB4, + 0x81, 0x68, 0x4E, 0x44, 0x0E, 0xB8, 0x39, 0xF3, 0xBE, 0x83, + 0x08, 0x74, 0xA2, 0xC6, 0x7A, 0xD7, 0x6A, 0x7D, 0x0A, 0x88, + 0x57, 0x83, 0x48, 0xDC, 0xCF, 0x5E, 0x6F, 0xEE, 0x68, 0x0C, + 0xF7, 0xFF, 0x03, 0x04, 0x90, 0xAA, 0xF7, 0x07, 0x98, 0xF8, + 0x67, 0x5A, 0x83, 0x23, 0x66, 0x47, 0x60, 0xC3, 0x43, 0x6E, + 0x03, 0x91, 0xAC, 0x28, 0x66, 0xCB, 0xF0, 0xD3, 0x05, 0xC8, + 0x09, 0x97, 0xB5, 0xAE, 0x01, 0x5E, 0x80, 0x3B, 0x9D, 0x4F, + 0xDE, 0x3E, 0x94, 0xFE, 0xCB, 0x82, 0xB0, 0xB1, 0xFC, 0x91, + 0x8B, 0x1D, 0x8A, 0xEE, 0xC6, 0x06, 0x1F, 0x37, 0x91, 0x48, + 0xD2, 0xF8, 0x6C, 0x5D, 0x60, 0x13, 0x83, 0xA7, 0x81, 0xAC, + 0xCA, 0x8D, 0xD0, 0x6A, 0x04, 0x0A, 0xEA, 0x3E, 0x22, 0x4E, + 0x13, 0xF1, 0x0D, 0xBB, 0x60, 0x6B, 0xCD, 0xBC, 0x5C, 0x87, + 0xA3, 0x67, 0x2B, 0x42, 0xA1, 0x9F, 0xCD, 0x39, 0x58, 0xBE, + 0x55, 0xB1, 0x93, 0x84, 0xCE, 0xB2, 0x10, 0x4E, 0xE4, 0xC3, + 0x9F, 0xB2, 0x53, 0x61, 0x01, 0x29, 0xAA, 0x96, 0xCB, 0x20, + 0x60, 0x42, 0x1D, 0xBA, 0x75, 0x4B, 0x63, 0xC1, 0x02, 0x15, + 0x00, 0xE7, 0xA5, 0x39, 0xD4, 0x6A, 0x37, 0x5E, 0x95, 0x06, + 0x39, 0x07, 0x77, 0x0A, 0xEB, 0xA0, 0x03, 0xEB, 0x78, 0x82, + 0x9B, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9A, 0xD4, 0x4C, 0x71, + 0x2F, 0xEC, 0xFA, 0x32, 0xB2, 0x80, 0x7E, 0x61, 0x4A, 0x6B, + 0x5F, 0x18, 0x76, 0x43, 0xC3, 0x69, 0xBA, 0x41, 0xC7, 0xA7, + 0x1D, 0x79, 0x01, 0xEC, 0xAF, 0x34, 0x87, 0x67, 0x4F, 0x29, + 0x80, 0xA8, 0x3B, 0x87, 0xF6, 0xE8, 0xA1, 0xE8, 0xCD, 0x1B, + 0x1C, 0x86, 0x38, 0xF6, 0xD1, 0x0C, 0x46, 0x2E, 0xC8, 0xE0, + 0xC9, 0x30, 0x26, 0xD5, 0x2C, 0x7F, 0xC1, 0x08, 0xBF, 0xCC, + 0x5A, 0x82, 0x8E, 0xD4, 0xD4, 0x49, 0xAA, 0xA2, 0xFA, 0xE6, + 0xC1, 0x9D, 0xF0, 0xD9, 0x96, 0xB0, 0xFF, 0x0C, 0x5B, 0x33, + 0x8E, 0x06, 0xDD, 0x9D, 0x28, 0xA9, 0xE9, 0x80, 0x41, 0x3B, + 0xD8, 0x7A, 0x94, 0x21, 0x8F, 0x56, 0xF1, 0xA2, 0xB4, 0x2B, + 0x89, 0x1C, 0x74, 0xFF, 0x7E, 0x91, 0xDC, 0x1F, 0x91, 0x13, + 0x98, 0xAF, 0xC7, 0x06, 0xD2, 0x4C, 0x90, 0xA2, 0xBD, 0xDA, + 0x16, 0xBA, 0x65, 0xB0, 0x2D, 0x68, 0x87, 0x3C, 0x6E, 0x25, + 0x8D, 0x90, 0xC7, 0xBC, 0x0D, 0xA9, 0x43, 0x03, 0xC9, 0xBE, + 0xCF, 0x85, 0x6F, 0xDB, 0x07, 0x7B, 0x8C, 0xF8, 0xB1, 0xC2, + 0x49, 0x10, 0x69, 0x63, 0x56, 0x37, 0xC5, 0x30, 0xD2, 0xFB, + 0x71, 0x9A, 0xE8, 0x82, 0x07, 0x2E, 0x3E, 0x95, 0x50, 0xF3, + 0x73, 0xCF, 0x34, 0x5B, 0xD5, 0xAB, 0x02, 0x15, 0xF2, 0xCC, + 0xD7, 0x52, 0xC5, 0x28, 0xD8, 0x41, 0x19, 0x55, 0x6F, 0xB8, + 0x5F, 0xF1, 0x99, 0xB3, 0xC7, 0xD9, 0xB3, 0x71, 0xF4, 0x2D, + 0xDF, 0x22, 0x59, 0x35, 0x86, 0xDB, 0x39, 0xCA, 0x1B, 0x4D, + 0x35, 0x90, 0x19, 0x6B, 0x31, 0xE3, 0xC8, 0xC6, 0x09, 0xBF, + 0x7C, 0xED, 0x01, 0xB4, 0xB2, 0xF5, 0x6E, 0xDA, 0x63, 0x41, + 0x3C, 0xE6, 0x3A, 0x72, 0x2D, 0x65, 0x48, 0xF6, 0x07, 0xCD, + 0x92, 0x84, 0x8B, 0x1D, 0xA7, 0x31, 0x6B, 0xD6, 0xF0, 0xFB, + 0xD9, 0xF4, 0x02, 0x82, 0x01, 0x00, 0x66, 0x4B, 0xBB, 0xB7, + 0xC9, 0x48, 0x95, 0x0D, 0x5A, 0xA6, 0x2D, 0xA1, 0x7F, 0xDF, + 0x1F, 0x67, 0x6D, 0xED, 0x52, 0x4B, 0x16, 0x6C, 0x17, 0xC6, + 0xAE, 0xF8, 0x6A, 0xC4, 0x57, 0xED, 0x2F, 0xB3, 0xF0, 0x2A, + 0x55, 0xAB, 0xBA, 0xCA, 0xEA, 0x17, 0xE8, 0x35, 0x7C, 0xE5, + 0x31, 0x0D, 0x4A, 0x95, 0xFC, 0x43, 0x6F, 0x97, 0x3C, 0x5C, + 0x67, 0xAC, 0xBE, 0x67, 0x7F, 0xE9, 0x4E, 0xAA, 0x48, 0xB3, + 0x92, 0xA1, 0x76, 0x75, 0xEA, 0x04, 0x34, 0x7F, 0x87, 0x33, + 0x2D, 0x24, 0xB6, 0x29, 0x97, 0xE3, 0x04, 0x77, 0x93, 0x89, + 0x13, 0xDB, 0x1B, 0x93, 0xB8, 0x2C, 0x90, 0x1A, 0x09, 0x3B, + 0x26, 0xD9, 0x59, 0xF3, 0x2A, 0x09, 0x58, 0xDC, 0xAC, 0x25, + 0xB4, 0xA9, 0x45, 0x3B, 0xA2, 0x3A, 0x6C, 0x61, 0x84, 0xBF, + 0x68, 0xD4, 0xEA, 0x9B, 0xC5, 0x29, 0x48, 0x60, 0x15, 0x10, + 0x35, 0x2C, 0x44, 0x1D, 0xB5, 0x9A, 0xEE, 0xAC, 0xC1, 0x68, + 0xE8, 0x47, 0xB7, 0x41, 0x34, 0x39, 0x9A, 0xF8, 0xA5, 0x20, + 0xE9, 0x24, 0xC4, 0x2C, 0x58, 0x3F, 0x4C, 0x41, 0x30, 0x3A, + 0x14, 0x6E, 0x8D, 0xEA, 0xAD, 0xBA, 0x9B, 0x43, 0xD3, 0x98, + 0x2F, 0x83, 0xD8, 0x14, 0x67, 0xE8, 0xF8, 0xD5, 0x4F, 0xAC, + 0xE0, 0x3B, 0xBF, 0xA7, 0x54, 0x16, 0x5E, 0x49, 0x64, 0x26, + 0x54, 0xA4, 0x6B, 0x69, 0x7C, 0xBA, 0x8A, 0x83, 0xD9, 0x2E, + 0x65, 0x0A, 0xA2, 0x27, 0xEF, 0x99, 0x99, 0x08, 0xD7, 0xB5, + 0x9F, 0xA0, 0x01, 0xEF, 0x7E, 0x17, 0xBF, 0x83, 0x6B, 0x2E, + 0xDD, 0xC0, 0x39, 0x38, 0x23, 0x68, 0xB4, 0x76, 0x6B, 0xE5, + 0xCA, 0xF7, 0x7C, 0xEE, 0xC0, 0x52, 0xE2, 0xDD, 0xAD, 0x59, + 0x3A, 0x42, 0x06, 0x45, 0xB0, 0xC7, 0xC1, 0x77, 0x05, 0xB2, + 0x0C, 0x32, 0x40, 0x46, 0xAA, 0xDA, 0x79, 0x77, 0x04, 0x71, + 0xDF, 0x7A, 0x02, 0x15, 0x00, 0x98, 0xEE, 0xB9, 0x51, 0x37, + 0x3E, 0x75, 0x13, 0x13, 0x06, 0x8F, 0x94, 0xD3, 0xE6, 0xE9, + 0x00, 0xCB, 0x62, 0x6D, 0x9A +}; + +/* ./certs/rsa2048.der, 2048-bit */ +const unsigned char rsa_key_der_2048[] = +{ + 0x30, 0x82, 0x04, 0xA3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xE9, 0x8A, 0x5D, 0x15, 0xA4, 0xD4, 0x34, 0xB9, + 0x59, 0xA2, 0xDA, 0xAF, 0x74, 0xC8, 0xC9, 0x03, 0x26, 0x38, + 0xFA, 0x48, 0xFC, 0x4D, 0x30, 0x6E, 0xEA, 0x76, 0x89, 0xCE, + 0x4F, 0xF6, 0x87, 0xDE, 0x32, 0x3A, 0x46, 0x6E, 0x38, 0x12, + 0x58, 0x37, 0x22, 0x0D, 0x80, 0xAC, 0x2D, 0xAF, 0x2F, 0x12, + 0x3E, 0x62, 0x73, 0x60, 0x66, 0x68, 0x90, 0xB2, 0x6F, 0x47, + 0x17, 0x04, 0x2B, 0xCA, 0xB7, 0x26, 0xB7, 0x10, 0xC2, 0x13, + 0xF9, 0x7A, 0x62, 0x0A, 0x93, 0x32, 0x90, 0x42, 0x0D, 0x16, + 0x2E, 0xFA, 0xD7, 0x29, 0xD7, 0x9F, 0x54, 0xE4, 0xFC, 0x65, + 0x74, 0xF8, 0xF6, 0x43, 0x6B, 0x4E, 0x9E, 0x34, 0x7F, 0xCB, + 0x6B, 0x1C, 0x1A, 0xDE, 0x82, 0x81, 0xBF, 0x08, 0x5D, 0x3F, + 0xC0, 0xB6, 0xB1, 0xA8, 0xA5, 0x9C, 0x81, 0x70, 0xA7, 0x4E, + 0x32, 0x87, 0x15, 0x1C, 0x78, 0x0E, 0xF0, 0x18, 0xFE, 0xEB, + 0x4B, 0x37, 0x2B, 0xE9, 0xE1, 0xF7, 0xFA, 0x51, 0xC6, 0x58, + 0xB9, 0xD8, 0x06, 0x03, 0xED, 0xC0, 0x03, 0x18, 0x55, 0x8B, + 0x98, 0xFE, 0xB1, 0xF6, 0xD0, 0x3D, 0xFA, 0x63, 0xC0, 0x38, + 0x19, 0xC7, 0x00, 0xEF, 0x4D, 0x99, 0x60, 0xB4, 0xBA, 0xCE, + 0xE3, 0xCE, 0xD9, 0x6B, 0x2D, 0x76, 0x94, 0xFF, 0xFB, 0x77, + 0x18, 0x4A, 0xFE, 0x65, 0xF0, 0x0A, 0x91, 0x5C, 0x3B, 0x22, + 0x94, 0x85, 0xD0, 0x20, 0x18, 0x59, 0x2E, 0xA5, 0x33, 0x03, + 0xAC, 0x1B, 0x5F, 0x78, 0x32, 0x11, 0x25, 0xEE, 0x7F, 0x96, + 0x21, 0xA9, 0xD6, 0x76, 0x97, 0x8D, 0x66, 0x7E, 0xB2, 0x91, + 0xD0, 0x36, 0x2E, 0xA3, 0x1D, 0xBF, 0xF1, 0x85, 0xED, 0xC0, + 0x3E, 0x60, 0xB8, 0x5A, 0x9F, 0xAB, 0x80, 0xE0, 0xEA, 0x5D, + 0x5F, 0x75, 0x56, 0xC7, 0x4D, 0x51, 0x8E, 0xD4, 0x1F, 0x34, + 0xA6, 0x36, 0xF1, 0x30, 0x1F, 0x51, 0x99, 0x2F, 0x02, 0x03, + 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x52, 0x11, 0x33, + 0x40, 0xC5, 0xD9, 0x64, 0x65, 0xB5, 0xE0, 0x0A, 0xA5, 0x19, + 0x8E, 0xED, 0x44, 0x54, 0x0C, 0x35, 0xB7, 0xAC, 0x21, 0x9B, + 0xE1, 0x7E, 0x37, 0x05, 0x9A, 0x20, 0x73, 0x6B, 0xAF, 0x63, + 0x4B, 0x23, 0x30, 0xDC, 0x37, 0x66, 0x14, 0x89, 0xBC, 0xE0, + 0xF8, 0xA0, 0x5D, 0x2D, 0x57, 0x65, 0xE0, 0xC6, 0xD6, 0x9B, + 0x66, 0x27, 0x62, 0xEC, 0xC3, 0xB8, 0x8C, 0xD8, 0xAE, 0xB5, + 0xC9, 0xBF, 0x0E, 0xFE, 0x84, 0x72, 0x68, 0xD5, 0x47, 0x0E, + 0x0E, 0xF8, 0xAE, 0x9D, 0x56, 0xAC, 0x4F, 0xAD, 0x88, 0xA0, + 0xA2, 0xF6, 0xFC, 0x38, 0xCD, 0x96, 0x5B, 0x5E, 0x7E, 0xB6, + 0x98, 0xBB, 0xF3, 0x8A, 0xEC, 0xFA, 0xC8, 0xB7, 0x90, 0x75, + 0xA0, 0x0E, 0x77, 0x6B, 0xFD, 0x59, 0x45, 0x5A, 0x0C, 0xFF, + 0x95, 0x8D, 0xCE, 0xFE, 0x9B, 0xF6, 0x19, 0x8E, 0x0B, 0xA1, + 0x0C, 0xEE, 0xC6, 0x79, 0xDD, 0x9D, 0x61, 0x85, 0x5C, 0x19, + 0x6C, 0x47, 0xCC, 0x08, 0xFF, 0xA5, 0x62, 0xDB, 0xE4, 0x2D, + 0x2D, 0xDD, 0x14, 0x67, 0xD6, 0x4A, 0x64, 0x2A, 0x66, 0x49, + 0x54, 0x9C, 0xE3, 0x85, 0x18, 0xE7, 0x31, 0x42, 0xE2, 0xD0, + 0x2C, 0x20, 0xA0, 0x74, 0x0F, 0x1F, 0x20, 0x89, 0xBA, 0xAB, + 0x80, 0xD8, 0x38, 0xD9, 0x46, 0x69, 0xBB, 0xEF, 0xCC, 0x8B, + 0xA1, 0x73, 0xA7, 0xF2, 0xE4, 0x38, 0x5D, 0xD6, 0x75, 0x9F, + 0x88, 0x0E, 0x56, 0xCD, 0xD8, 0x84, 0x59, 0x29, 0x73, 0xF5, + 0xA1, 0x79, 0xDA, 0x7A, 0x1F, 0xBF, 0x73, 0x83, 0xC0, 0x6D, + 0x9F, 0x8B, 0x34, 0x15, 0xC0, 0x6D, 0x69, 0x6A, 0x20, 0xE6, + 0x51, 0xCF, 0x45, 0x6E, 0xCC, 0x05, 0xC4, 0x3A, 0xC0, 0x9E, + 0xAA, 0xC1, 0x06, 0x2F, 0xAB, 0x99, 0x30, 0xE1, 0x6E, 0x9D, + 0x45, 0x7A, 0xFF, 0xA9, 0xCE, 0x70, 0xB8, 0x16, 0x1A, 0x0E, + 0x20, 0xFA, 0xC1, 0x02, 0x81, 0x81, 0x00, 0xFF, 0x30, 0x11, + 0xC2, 0x3C, 0x6B, 0xB4, 0xD6, 0x9E, 0x6B, 0xC1, 0x93, 0xD1, + 0x48, 0xCE, 0x80, 0x2D, 0xBE, 0xAF, 0xF7, 0xBA, 0xB2, 0xD7, + 0xC3, 0xC4, 0x53, 0x6E, 0x15, 0x02, 0xAA, 0x61, 0xB9, 0xEA, + 0x05, 0x9B, 0x79, 0x67, 0x0B, 0xCE, 0xD9, 0xFB, 0x98, 0x8C, + 0x1D, 0x6B, 0xF4, 0x5A, 0xA7, 0xA0, 0x5E, 0x54, 0x18, 0xE9, + 0x31, 0x44, 0x7C, 0xC7, 0x52, 0xD8, 0x6D, 0xA0, 0x3E, 0xD6, + 0x14, 0x2D, 0x7B, 0x15, 0x9D, 0x1E, 0x39, 0x87, 0x96, 0xDD, + 0xA8, 0x33, 0x55, 0x2A, 0x8E, 0x32, 0xC0, 0xC4, 0xE5, 0xB8, + 0xCB, 0xCD, 0x32, 0x8D, 0xAD, 0x7B, 0xE5, 0xC6, 0x7E, 0x4D, + 0x6F, 0xF3, 0xA4, 0xC5, 0xA6, 0x40, 0xBE, 0x90, 0x3A, 0x33, + 0x6A, 0x24, 0xB2, 0x80, 0x81, 0x12, 0xAC, 0xE3, 0x7B, 0x26, + 0x63, 0xCF, 0x88, 0xB9, 0xFF, 0x74, 0x23, 0x37, 0x52, 0xF0, + 0xC4, 0x27, 0x5D, 0x45, 0x1F, 0x02, 0x81, 0x81, 0x00, 0xEA, + 0x48, 0xA7, 0xDD, 0x73, 0x41, 0x56, 0x21, 0x15, 0xF7, 0x42, + 0x45, 0x4D, 0xA9, 0xE1, 0x66, 0x5B, 0xBD, 0x25, 0x7D, 0xF7, + 0xA8, 0x65, 0x13, 0xAE, 0x2D, 0x38, 0x11, 0xCD, 0x93, 0xFC, + 0x30, 0xA3, 0x2C, 0x44, 0xBB, 0xCF, 0xD0, 0x21, 0x8F, 0xFB, + 0xC1, 0xF9, 0xAD, 0x1D, 0xEE, 0x96, 0xCF, 0x97, 0x49, 0x60, + 0x53, 0x80, 0xA5, 0xA2, 0xF8, 0xEE, 0xB9, 0xD5, 0x77, 0x44, + 0xDD, 0xFD, 0x19, 0x2A, 0xF1, 0x81, 0xF4, 0xD9, 0x3C, 0xEC, + 0x73, 0xD0, 0x2A, 0xD8, 0x3C, 0x27, 0x87, 0x79, 0x12, 0x86, + 0xE7, 0x57, 0x0C, 0x59, 0xD1, 0x44, 0x55, 0xAE, 0xC3, 0x4D, + 0x42, 0xAD, 0xA9, 0xB3, 0x28, 0x61, 0xB4, 0x9C, 0xA6, 0x63, + 0xD3, 0x96, 0xB1, 0x75, 0x9F, 0x2A, 0x78, 0x99, 0xE3, 0x1E, + 0x71, 0x47, 0x39, 0xF4, 0x52, 0xE3, 0x66, 0xF1, 0xEB, 0x7F, + 0xEF, 0xC6, 0x81, 0x93, 0x4C, 0x99, 0xF1, 0x02, 0x81, 0x81, + 0x00, 0xC5, 0xB6, 0x20, 0x8C, 0x34, 0xF3, 0xDD, 0xF0, 0x4A, + 0x5D, 0x82, 0x65, 0x5C, 0x48, 0xE4, 0x75, 0x3A, 0xFB, 0xFA, + 0xAA, 0x1C, 0xE4, 0x63, 0x77, 0x31, 0xAC, 0xD2, 0x25, 0x45, + 0x23, 0x6D, 0x03, 0xF5, 0xE4, 0xD2, 0x48, 0x85, 0x26, 0x08, + 0xE5, 0xAA, 0xA0, 0xCE, 0x2E, 0x1D, 0x6D, 0xFC, 0xAE, 0xD2, + 0xF9, 0x42, 0x7E, 0xEA, 0x6D, 0x59, 0x7A, 0xB3, 0x93, 0xE4, + 0x4B, 0x4B, 0x54, 0x63, 0xD8, 0xCE, 0x44, 0x06, 0xC2, 0xEC, + 0x9F, 0xF6, 0x05, 0x55, 0x46, 0xF4, 0x3E, 0x8F, 0xF2, 0x0C, + 0x30, 0x7E, 0x5C, 0xDD, 0x88, 0x49, 0x3B, 0x59, 0xB9, 0x87, + 0xBC, 0xC6, 0xC5, 0x24, 0x8A, 0x10, 0x63, 0x21, 0x1F, 0x66, + 0x1A, 0x3E, 0xF4, 0x58, 0xD1, 0x6C, 0x0D, 0x40, 0xB2, 0xC0, + 0x1D, 0x63, 0x42, 0x0E, 0xC4, 0x56, 0x0E, 0xC0, 0xCC, 0xC2, + 0xD6, 0x66, 0x0E, 0xC4, 0xAB, 0xB5, 0x33, 0xF6, 0x51, 0x02, + 0x81, 0x80, 0x19, 0x7E, 0xE6, 0xA5, 0xB6, 0xD1, 0x39, 0x6A, + 0x48, 0x55, 0xAC, 0x24, 0x96, 0x9B, 0x12, 0x28, 0x6D, 0x7B, + 0x5C, 0x05, 0x25, 0x5A, 0x72, 0x05, 0x7E, 0x42, 0xF5, 0x83, + 0x1A, 0x78, 0x2C, 0x4D, 0xAE, 0xB4, 0x36, 0x96, 0xA9, 0xBA, + 0xE0, 0xAC, 0x26, 0x9D, 0xA9, 0x6A, 0x29, 0x83, 0xB9, 0x6D, + 0xC5, 0xEC, 0xFA, 0x4A, 0x9C, 0x09, 0x6A, 0x7E, 0xE4, 0x9B, + 0xDC, 0x9B, 0x2A, 0x27, 0x6E, 0x4F, 0xBA, 0xD8, 0xA5, 0x67, + 0xDB, 0xEC, 0x41, 0x5F, 0x29, 0x1C, 0x40, 0x83, 0xEB, 0x59, + 0x56, 0xD7, 0xA9, 0x4E, 0xAB, 0xAE, 0x70, 0x67, 0xD1, 0xA3, + 0xF1, 0x6C, 0xD7, 0x8F, 0x96, 0x0E, 0x8D, 0xAC, 0xAB, 0x55, + 0x58, 0x66, 0xD3, 0x1E, 0x47, 0x9B, 0xF0, 0x4C, 0xED, 0xF6, + 0x49, 0xE8, 0xE9, 0x7B, 0x32, 0x61, 0x20, 0x31, 0x95, 0x05, + 0xB2, 0xF6, 0x09, 0xEA, 0x32, 0x14, 0x0F, 0xCF, 0x9A, 0x41, + 0x02, 0x81, 0x80, 0x77, 0x3F, 0xB6, 0x14, 0x8D, 0xC5, 0x13, + 0x08, 0x7E, 0xC9, 0xC4, 0xEA, 0xD4, 0xBA, 0x0D, 0xA4, 0x9E, + 0xB3, 0x6E, 0xDE, 0x1A, 0x7A, 0xF8, 0x89, 0x88, 0xEF, 0x36, + 0x3C, 0x11, 0xBC, 0x83, 0xE8, 0x30, 0x6C, 0x81, 0x7C, 0x47, + 0xF3, 0x4D, 0xCA, 0xEA, 0x56, 0x01, 0x62, 0x55, 0x2E, 0x4B, + 0x89, 0xA9, 0xBD, 0x6F, 0x01, 0xF6, 0x74, 0x02, 0xAA, 0xE3, + 0x84, 0x66, 0x06, 0x95, 0x34, 0xA1, 0xE2, 0xCA, 0x65, 0xFE, + 0xA3, 0x2D, 0x43, 0x97, 0x95, 0x6C, 0x6F, 0xD5, 0xB4, 0x38, + 0xF6, 0xF9, 0x95, 0x30, 0xFA, 0xF8, 0x9C, 0x25, 0x2B, 0xB6, + 0x14, 0x51, 0xCC, 0x2E, 0xB3, 0x5B, 0xD6, 0xDC, 0x1A, 0xEC, + 0x2D, 0x09, 0x5B, 0x3F, 0x3A, 0xD0, 0xB8, 0x4E, 0x27, 0x1F, + 0xDC, 0x2A, 0xEE, 0xAC, 0xA9, 0x59, 0x5D, 0x07, 0x63, 0x11, + 0x83, 0x0B, 0xD4, 0x74, 0x80, 0xB6, 0x7D, 0x62, 0x45, 0xBF, + 0x56 +}; + +#endif /* USE_CERT_BUFFERS_1024 */ + +#endif /* CYASSL_CERTS_TEST_H */ + diff --git a/cyassl/crl.h b/cyassl/crl.h index 2e3a29e06..4b350164f 100644 --- a/cyassl/crl.h +++ b/cyassl/crl.h @@ -1,6 +1,6 @@ /* crl.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index 4272973da..18b7a035c 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -28,6 +28,11 @@ #include +#ifdef HAVE_CAVIUM + #include + #include "cavium_common.h" +#endif + #ifdef CYASSL_AESNI #include @@ -53,6 +58,8 @@ #endif +#define CYASSL_AES_CAVIUM_MAGIC 0xBEEF0002 + enum { AES_ENC_TYPE = 1, /* cipher unique type */ AES_ENCRYPTION = 0, @@ -79,6 +86,12 @@ typedef struct Aes { #ifdef CYASSL_AESNI byte use_aesni; #endif /* CYASSL_AESNI */ +#ifdef HAVE_CAVIUM + AesType type; /* aes key type */ + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ + word64 contextHandle; /* nitrox context memory handle */ +#endif } Aes; @@ -115,6 +128,10 @@ CYASSL_API int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* authIn, word32 authInSz); #endif /* HAVE_AESCCM */ +#ifdef HAVE_CAVIUM + CYASSL_API int AesInitCavium(Aes*, int); + CYASSL_API void AesFreeCavium(Aes*); +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/cyassl/ctaocrypt/arc4.h b/cyassl/ctaocrypt/arc4.h index b49146675..2654aaaaa 100644 --- a/cyassl/ctaocrypt/arc4.h +++ b/cyassl/ctaocrypt/arc4.h @@ -1,6 +1,6 @@ /* arc4.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -32,6 +32,8 @@ #endif +#define CYASSL_ARC4_CAVIUM_MAGIC 0xBEEF0001 + enum { ARC4_ENC_TYPE = 4, /* cipher unique type */ ARC4_STATE_SIZE = 256 @@ -42,11 +44,20 @@ typedef struct Arc4 { byte x; byte y; byte state[ARC4_STATE_SIZE]; +#ifdef HAVE_CAVIUM + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ + word64 contextHandle; /* nitrox context memory handle */ +#endif } Arc4; CYASSL_API void Arc4Process(Arc4*, byte*, const byte*, word32); CYASSL_API void Arc4SetKey(Arc4*, const byte*, word32); +#ifdef HAVE_CAVIUM + CYASSL_API int Arc4InitCavium(Arc4*, int); + CYASSL_API void Arc4FreeCavium(Arc4*); +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index cc3d8a4f0..99854207c 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -1,6 +1,6 @@ /* asn.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index efc21fd83..a1b05bcd5 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -1,6 +1,6 @@ /* asn_public.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/camellia.h b/cyassl/ctaocrypt/camellia.h index f736ce1d7..32219cbf1 100644 --- a/cyassl/ctaocrypt/camellia.h +++ b/cyassl/ctaocrypt/camellia.h @@ -27,7 +27,7 @@ /* camellia.h * - * Copyright (C) 2006-2013 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/coding.h b/cyassl/ctaocrypt/coding.h index 5bed1009d..a22cd3801 100644 --- a/cyassl/ctaocrypt/coding.h +++ b/cyassl/ctaocrypt/coding.h @@ -1,6 +1,6 @@ /* coding.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index 8fbe195d8..6a970d40d 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -1,6 +1,6 @@ /* des3.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -33,6 +33,8 @@ extern "C" { #endif +#define CYASSL_3DES_CAVIUM_MAGIC 0xBEEF0003 + enum { DES_ENC_TYPE = 2, /* cipher unique type */ DES3_ENC_TYPE = 3, /* cipher unique type */ @@ -64,6 +66,11 @@ typedef struct Des3 { word32 key[3][DES_KS_SIZE]; word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */ +#ifdef HAVE_CAVIUM + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ + word64 contextHandle; /* nitrox context memory handle */ +#endif } Des3; @@ -79,6 +86,12 @@ CYASSL_API void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz); CYASSL_API void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz); +#ifdef HAVE_CAVIUM + CYASSL_API int Des3_InitCavium(Des3*, int); + CYASSL_API void Des3_FreeCavium(Des3*); +#endif + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/cyassl/ctaocrypt/dh.h b/cyassl/ctaocrypt/dh.h index 0b002ac84..35f5a481c 100644 --- a/cyassl/ctaocrypt/dh.h +++ b/cyassl/ctaocrypt/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/dsa.h b/cyassl/ctaocrypt/dsa.h index 2264773cc..b8cc026a4 100644 --- a/cyassl/ctaocrypt/dsa.h +++ b/cyassl/ctaocrypt/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/ecc.h b/cyassl/ctaocrypt/ecc.h index 4d54c0415..7b5e8d5ed 100644 --- a/cyassl/ctaocrypt/ecc.h +++ b/cyassl/ctaocrypt/ecc.h @@ -1,6 +1,6 @@ /* ecc.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/error.h b/cyassl/ctaocrypt/error.h index 308fb1d81..204600721 100644 --- a/cyassl/ctaocrypt/error.h +++ b/cyassl/ctaocrypt/error.h @@ -1,6 +1,6 @@ /* error.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -101,6 +101,8 @@ enum { AES_GCM_AUTH_E = -180, /* AES-GCM Authentication check failure */ AES_CCM_AUTH_E = -181, /* AES-CCM Authentication check failure */ + CAVIUM_INIT_E = -182, /* Cavium Init type error */ + MIN_CODE_E = -200 /* errors -101 - -199 */ }; diff --git a/cyassl/ctaocrypt/hc128.h b/cyassl/ctaocrypt/hc128.h index d3e5f21e8..c395b0483 100644 --- a/cyassl/ctaocrypt/hc128.h +++ b/cyassl/ctaocrypt/hc128.h @@ -1,6 +1,6 @@ /* hc128.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/hmac.h b/cyassl/ctaocrypt/hmac.h index 0be5b9ccf..7d71522be 100644 --- a/cyassl/ctaocrypt/hmac.h +++ b/cyassl/ctaocrypt/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -39,11 +39,18 @@ #include #endif +#ifdef HAVE_CAVIUM + #include + #include "cavium_common.h" +#endif + #ifdef __cplusplus extern "C" { #endif +#define CYASSL_HMAC_CAVIUM_MAGIC 0xBEEF0005 + enum { IPAD = 0x36, OPAD = 0x5C, @@ -88,6 +95,15 @@ typedef struct Hmac { word32 innerHash[INNER_HASH_SIZE / sizeof(word32)]; /* max size */ byte macType; /* md5 sha or sha256 */ byte innerHashKeyed; /* keyed flag */ +#ifdef HAVE_CAVIUM + word16 keyLen; /* hmac key length */ + word16 dataLen; + HashType type; /* hmac key type */ + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ + word64 contextHandle; /* nitrox context memory handle */ + byte* data; /* buffered input data for one call */ +#endif } Hmac; @@ -96,6 +112,11 @@ CYASSL_API void HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); CYASSL_API void HmacUpdate(Hmac*, const byte*, word32); CYASSL_API void HmacFinal(Hmac*, byte*); +#ifdef HAVE_CAVIUM + CYASSL_API int HmacInitCavium(Hmac*, int); + CYASSL_API void HmacFreeCavium(Hmac*); +#endif + #ifdef __cplusplus } /* extern "C" */ diff --git a/cyassl/ctaocrypt/integer.h b/cyassl/ctaocrypt/integer.h index ff1c5916b..9b4b6db16 100644 --- a/cyassl/ctaocrypt/integer.h +++ b/cyassl/ctaocrypt/integer.h @@ -1,6 +1,6 @@ /* integer.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/logging.h b/cyassl/ctaocrypt/logging.h index efe3d3bfa..04ad59e24 100644 --- a/cyassl/ctaocrypt/logging.h +++ b/cyassl/ctaocrypt/logging.h @@ -1,6 +1,6 @@ /* logging.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/md2.h b/cyassl/ctaocrypt/md2.h index a57a92fb0..ea67d8912 100644 --- a/cyassl/ctaocrypt/md2.h +++ b/cyassl/ctaocrypt/md2.h @@ -1,6 +1,6 @@ /* md2.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/md4.h b/cyassl/ctaocrypt/md4.h index f6e8c7b7a..1a581aacb 100644 --- a/cyassl/ctaocrypt/md4.h +++ b/cyassl/ctaocrypt/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/md5.h b/cyassl/ctaocrypt/md5.h index 9c06722a4..6c4b8c887 100644 --- a/cyassl/ctaocrypt/md5.h +++ b/cyassl/ctaocrypt/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/memory.h b/cyassl/ctaocrypt/memory.h index e1467bcf9..9646c106f 100644 --- a/cyassl/ctaocrypt/memory.h +++ b/cyassl/ctaocrypt/memory.h @@ -1,6 +1,6 @@ /* memory.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/misc.h b/cyassl/ctaocrypt/misc.h index 41e236828..49c9fa179 100644 --- a/cyassl/ctaocrypt/misc.h +++ b/cyassl/ctaocrypt/misc.h @@ -1,6 +1,6 @@ /* misc.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/mpi_class.h b/cyassl/ctaocrypt/mpi_class.h index 1381a8666..d27ea2371 100644 --- a/cyassl/ctaocrypt/mpi_class.h +++ b/cyassl/ctaocrypt/mpi_class.h @@ -1,6 +1,6 @@ /* mpi_class.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/mpi_superclass.h b/cyassl/ctaocrypt/mpi_superclass.h index 60d6e3404..a6cc2608d 100644 --- a/cyassl/ctaocrypt/mpi_superclass.h +++ b/cyassl/ctaocrypt/mpi_superclass.h @@ -1,6 +1,6 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/pwdbased.h b/cyassl/ctaocrypt/pwdbased.h index 27029eaa5..4e85f0ee5 100644 --- a/cyassl/ctaocrypt/pwdbased.h +++ b/cyassl/ctaocrypt/pwdbased.h @@ -1,6 +1,6 @@ /* pwdbased.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/rabbit.h b/cyassl/ctaocrypt/rabbit.h index ea1ea9f16..93f9c7a95 100644 --- a/cyassl/ctaocrypt/rabbit.h +++ b/cyassl/ctaocrypt/rabbit.h @@ -1,6 +1,6 @@ /* rabbit.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/random.h b/cyassl/ctaocrypt/random.h index 2bc790dc5..8aa294296 100644 --- a/cyassl/ctaocrypt/random.h +++ b/cyassl/ctaocrypt/random.h @@ -1,6 +1,6 @@ /* random.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -61,12 +61,23 @@ int GenerateSeed(OS_Seed* os, byte* seed, word32 sz); #ifndef NO_RC4 +#define CYASSL_RNG_CAVIUM_MAGIC 0xBEEF0004 + /* secure Random Nnumber Generator */ typedef struct RNG { OS_Seed seed; Arc4 cipher; +#ifdef HAVE_CAVIUM + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ +#endif } RNG; + +#ifdef HAVE_CAVIUM + CYASSL_API int InitRngCavium(RNG*, int); +#endif + #else /* NO_RC4 */ #define DBRG_SEED_LEN (440/8) diff --git a/cyassl/ctaocrypt/ripemd.h b/cyassl/ctaocrypt/ripemd.h index 5895cce26..eb9956cb2 100644 --- a/cyassl/ctaocrypt/ripemd.h +++ b/cyassl/ctaocrypt/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/rsa.h b/cyassl/ctaocrypt/rsa.h index c029e4b09..a4339e158 100644 --- a/cyassl/ctaocrypt/rsa.h +++ b/cyassl/ctaocrypt/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -32,6 +32,7 @@ extern "C" { #endif +#define CYASSL_RSA_CAVIUM_MAGIC 0xBEEF0006 enum { RSA_PUBLIC = 0, @@ -43,6 +44,20 @@ typedef struct RsaKey { mp_int n, e, d, p, q, dP, dQ, u; int type; /* public or private */ void* heap; /* for user memory overrides */ +#ifdef HAVE_CAVIUM + int devId; /* nitrox device id */ + word32 magic; /* using cavium magic */ + word64 contextHandle; /* nitrox context memory handle */ + byte* c_n; /* cavium byte buffers for key parts */ + byte* c_e; + byte* c_d; + byte* c_p; + byte* c_q; + byte* c_dP; + byte* c_dQ; + byte* c_u; /* sizes in bytes */ + word16 c_nSz, c_eSz, c_dSz, c_pSz, c_qSz, c_dP_Sz, c_dQ_Sz, c_uSz; +#endif } RsaKey; @@ -72,6 +87,10 @@ CYASSL_API int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, CYASSL_API int RsaKeyToDer(RsaKey*, byte* output, word32 inLen); #endif +#ifdef HAVE_CAVIUM + CYASSL_API int RsaInitCavium(RsaKey*, int); + CYASSL_API void RsaFreeCavium(RsaKey*); +#endif #ifdef __cplusplus diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h index 2890ebd18..b80bcc13f 100644 --- a/cyassl/ctaocrypt/settings.h +++ b/cyassl/ctaocrypt/settings.h @@ -1,6 +1,6 @@ /* settings.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -88,9 +88,14 @@ #endif #ifdef MICROCHIP_PIC32 - /* use MBED plus no filesystem */ - #define MBED + #define SIZEOF_LONG_LONG 8 + #define SINGLE_THREADED + #define CYASSL_USER_IO + #define NO_WRITEV + #define NO_DEV_RANDOM #define NO_FILESYSTEM + #define USE_FAST_MATH + #define TFM_TIMING_RESISTANT #endif #ifdef MBED diff --git a/cyassl/ctaocrypt/sha.h b/cyassl/ctaocrypt/sha.h index 5ce340445..aaed8813a 100644 --- a/cyassl/ctaocrypt/sha.h +++ b/cyassl/ctaocrypt/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/sha256.h b/cyassl/ctaocrypt/sha256.h index 179a78031..7c65e133c 100644 --- a/cyassl/ctaocrypt/sha256.h +++ b/cyassl/ctaocrypt/sha256.h @@ -1,6 +1,6 @@ /* sha256.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/sha512.h b/cyassl/ctaocrypt/sha512.h index 79861afee..c9ec31a8d 100644 --- a/cyassl/ctaocrypt/sha512.h +++ b/cyassl/ctaocrypt/sha512.h @@ -1,6 +1,6 @@ /* sha512.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index 320fb594e..314feb608 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -1,6 +1,6 @@ /* tfm.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h index 82bbaec5b..43d7717f4 100644 --- a/cyassl/ctaocrypt/types.h +++ b/cyassl/ctaocrypt/types.h @@ -1,6 +1,6 @@ /* types.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -98,6 +98,7 @@ enum { WORD_BITS = WORD_SIZE * BIT_SIZE }; +#define CYASSL_MAX_16BIT 0xffffU /* use inlining if compiler allows */ #ifndef INLINE @@ -228,7 +229,10 @@ enum { DYNAMIC_TYPE_SOCKADDR = 35, DYNAMIC_TYPE_LIBZ = 36, DYNAMIC_TYPE_ECC = 37, - DYNAMIC_TYPE_TMP_BUFFER = 38 + DYNAMIC_TYPE_TMP_BUFFER = 38, + DYNAMIC_TYPE_DTLS_MSG = 39, + DYNAMIC_TYPE_CAVIUM_TMP = 40, + DYNAMIC_TYPE_CAVIUM_RSA = 41 }; /* stack protection */ diff --git a/cyassl/ctaocrypt/visibility.h b/cyassl/ctaocrypt/visibility.h index 0143f208d..6efe2728b 100644 --- a/cyassl/ctaocrypt/visibility.h +++ b/cyassl/ctaocrypt/visibility.h @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/error.h b/cyassl/error.h index e46fed4e5..7ad273910 100644 --- a/cyassl/error.h +++ b/cyassl/error.h @@ -1,6 +1,6 @@ /* error.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -108,6 +108,8 @@ enum CyaSSL_ErrorCodes { OUT_OF_ORDER_E = -273, /* out of order message */ BAD_KEA_TYPE_E = -274, /* bad KEA type found */ SANITY_CIPHER_E = -275, /* sanity check on cipher error */ + RECV_OVERFLOW_E = -276, /* RXCB returned more than rqed */ + GEN_COOKIE_E = -277, /* Generate Cookie Error */ /* add strings to SetErrorString !!!!! */ /* begin negotiation parameter errors */ diff --git a/cyassl/include.am b/cyassl/include.am index f2b07a767..688479545 100644 --- a/cyassl/include.am +++ b/cyassl/include.am @@ -14,6 +14,7 @@ nobase_include_HEADERS+= \ cyassl/sniffer_error.h \ cyassl/sniffer.h \ cyassl/callbacks.h \ + cyassl/certs_test.h \ cyassl/test.h \ cyassl/version.h \ cyassl/ocsp.h \ diff --git a/cyassl/internal.h b/cyassl/internal.h index 45eba0a69..5865025b9 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -34,6 +34,7 @@ #include #include #include +#include #include #ifndef NO_RC4 #include @@ -168,6 +169,25 @@ void c32to24(word32 in, word24 out); #endif #endif +#if defined(HAVE_CAMELLIA) && !defined(NO_TLS) + #ifndef NO_RSA + #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + #ifndef NO_SHA256 + #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + #endif + #if !defined(NO_DH) && defined(OPENSSL_EXTRA) + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + #ifndef NO_SHA256 + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + #endif + #endif + #endif +#endif + #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA @@ -235,6 +255,10 @@ void c32to24(word32 in, word24 out); #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 #endif + #if defined (HAVE_AESCCM) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 + #endif #endif #if !defined(NO_RC4) #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA @@ -367,8 +391,20 @@ enum { * also, in some of the other AES-CCM suites * there will be second byte number conflicts * with non-ECC AES-GCM */ - TLS_RSA_WITH_AES_128_CCM_8_SHA256 = 0xa0, - TLS_RSA_WITH_AES_256_CCM_8_SHA384 = 0xa1 + TLS_RSA_WITH_AES_128_CCM_8_SHA256 = 0xa0, + TLS_RSA_WITH_AES_256_CCM_8_SHA384 = 0xa1, + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 = 0xac, /* Still TBD, made up */ + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 = 0xad, /* Still TBD, made up */ + + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4 + }; @@ -426,6 +462,7 @@ enum Misc { ALERT_SIZE = 2, /* level + description */ REQUEST_HEADER = 2, /* always use 2 bytes */ VERIFY_HEADER = 2, /* always use 2 bytes */ + EXT_ID_SZ = 2, /* always use 2 bytes */ MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */ MAX_SUITE_SZ = 200, /* 100 suites for now! */ @@ -444,10 +481,10 @@ enum Misc { CERT_HEADER_SZ = 3, /* always 3 bytes */ REQ_HEADER_SZ = 2, /* cert request header sz */ HINT_LEN_SZ = 2, /* length of hint size field */ - HELLO_EXT_SZ = 14, /* total length of the lazy hello extensions */ - HELLO_EXT_LEN = 12, /* length of the lazy hello extensions */ - HELLO_EXT_SIGALGO_SZ = 8, /* length of signature algo extension */ - HELLO_EXT_SIGALGO_LEN = 6, /* number of items in the signature algo list */ + HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */ + HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */ + HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */ + HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */ DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ @@ -487,6 +524,11 @@ enum Misc { AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */ AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ, + CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */ + CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */ + CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */ + CAMELLIA_IV_SIZE = 16, /* always block size */ + HC_128_KEY_SIZE = 16, /* 128 bits */ HC_128_IV_SIZE = 16, /* also 128 bits */ @@ -508,6 +550,8 @@ enum Misc { MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ MAX_PSK_KEY_LEN = 64, /* max psk key supported */ + MAX_CYASSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */ + #ifdef FORTRESS MAX_EX_DATA = 3, /* allow for three items of ex_data */ #endif @@ -526,6 +570,8 @@ enum Misc { HASH_SIG_SIZE = 2, /* default SHA1 RSA */ + NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */ + NO_COPY = 0, /* should we copy static buffer for write */ COPY = 1 /* should we copy static buffer for write */ }; @@ -706,6 +752,10 @@ typedef struct Suites { int setSuites; /* user set suites from default */ byte suites[MAX_SUITE_SZ]; word16 suiteSz; /* suite length in bytes */ + byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */ + word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ + byte hashAlgo; /* selected hash algorithm */ + byte sigAlgo; /* selected sig algorithm */ } Suites; @@ -928,6 +978,9 @@ struct CYASSL_CTX { #ifdef HAVE_OCSP CYASSL_OCSP ocsp; #endif +#ifdef HAVE_CAVIUM + int devId; /* cavium device id to use */ +#endif }; @@ -981,6 +1034,7 @@ enum BulkCipherAlgorithm { aes, aes_gcm, aes_ccm, + camellia, hc128, /* CyaSSL extensions */ rabbit }; @@ -1100,6 +1154,9 @@ typedef struct Ciphers { #ifdef BUILD_AES Aes* aes; #endif +#ifdef HAVE_CAMELLIA + Camellia* cam; +#endif #ifdef HAVE_HC128 HC128* hc128; #endif @@ -1118,9 +1175,13 @@ CYASSL_LOCAL void FreeCiphers(CYASSL* ssl); typedef struct Hashes { #ifndef NO_MD5 byte md5[MD5_DIGEST_SIZE]; - byte sha[SHA_DIGEST_SIZE]; - #else - byte hash[FINISHED_SZ]; + #endif + byte sha[SHA_DIGEST_SIZE]; + #ifndef NO_SHA256 + byte sha256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + byte sha384[SHA384_DIGEST_SIZE]; #endif } Hashes; @@ -1219,9 +1280,6 @@ typedef struct Buffers { byte weOwnKey; /* SSL own key flag */ byte weOwnDH; /* SSL own dh (p,g) flag */ #ifdef CYASSL_DTLS - buffer dtlsHandshake; /* DTLS handshake defragment buf */ - word32 dtlsUsed; /* DTLS bytes used in buffer */ - byte dtlsType; /* DTLS handshake frag type */ CYASSL_DTLS_CTX dtlsCtx; /* DTLS connection context */ #endif } Buffers; @@ -1340,6 +1398,16 @@ typedef struct DtlsPool { int used; } DtlsPool; +typedef struct DtlsMsg { + struct DtlsMsg* next; + word32 seq; /* Handshake sequence number */ + word32 sz; /* Length of whole mesage */ + word32 fragSz; /* Length of fragments received */ + byte type; + byte* buf; + byte* msg; +} DtlsMsg; + /* CyaSSL ssl type */ struct CYASSL { @@ -1412,6 +1480,7 @@ struct CYASSL { #ifdef CYASSL_DTLS int dtls_timeout; DtlsPool* dtls_pool; + DtlsMsg* dtls_msg_list; #endif #ifdef CYASSL_CALLBACKS HandShakeInfo handShakeInfo; /* info saved during handshake */ @@ -1425,6 +1494,9 @@ struct CYASSL { #ifdef FORTRESS void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ #endif +#ifdef HAVE_CAVIUM + int devId; /* cavium device id to use */ +#endif }; @@ -1632,6 +1704,16 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength); CYASSL_LOCAL int DtlsPoolTimeout(CYASSL*); CYASSL_LOCAL int DtlsPoolSend(CYASSL*); CYASSL_LOCAL void DtlsPoolReset(CYASSL*); + + CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); + CYASSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); + CYASSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); + CYASSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, + word32, word32); + CYASSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); + CYASSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32, + byte, word32, word32, void*); + CYASSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); #endif /* CYASSL_DTLS */ #ifndef NO_TLS diff --git a/cyassl/ocsp.h b/cyassl/ocsp.h index 4a01cecb2..8ce560a43 100644 --- a/cyassl/ocsp.h +++ b/cyassl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/des.h b/cyassl/openssl/des.h index aacc276b0..8bedd3cc5 100644 --- a/cyassl/openssl/des.h +++ b/cyassl/openssl/des.h @@ -1,6 +1,6 @@ /* des.h * - * Copyright (C) 2012 Sawtooth Consulting Ltd. + * Copyright (C) 2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/evp.h b/cyassl/openssl/evp.h index 1ffc3b6aa..b934e6112 100644 --- a/cyassl/openssl/evp.h +++ b/cyassl/openssl/evp.h @@ -1,6 +1,6 @@ /* evp.h * - * Copyright (C) 2012 Sawtooth Consulting Ltd. + * Copyright (C) 2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/hmac.h b/cyassl/openssl/hmac.h index 03e9bcef7..ac966f4e8 100644 --- a/cyassl/openssl/hmac.h +++ b/cyassl/openssl/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2012 Sawtooth Consulting Ltd. + * Copyright (C) 2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index 432abd32d..b5070d18f 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/sniffer.h b/cyassl/sniffer.h index 0d14fbc6f..543b2e6cf 100644 --- a/cyassl/sniffer.h +++ b/cyassl/sniffer.h @@ -1,6 +1,6 @@ /* sniffer.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/sniffer_error.h b/cyassl/sniffer_error.h index 27e56f8ee..586efcb7d 100644 --- a/cyassl/sniffer_error.h +++ b/cyassl/sniffer_error.h @@ -1,6 +1,6 @@ /* sniffer_error.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/cyassl/ssl.h b/cyassl/ssl.h index fdd6a3221..f9876fb23 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -838,7 +838,7 @@ typedef void (*CbMissingCRL)(const char* url); CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f, int format); CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, - const unsigned char* buff, int sz, int format); + const unsigned char* buff, long sz, int format); CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*, int sz); CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, @@ -867,6 +867,11 @@ CYASSL_API void CyaSSL_KeepArrays(CYASSL*); CYASSL_API void CyaSSL_FreeArrays(CYASSL*); +/* cavium additions */ +CYASSL_API int CyaSSL_UseCavium(CYASSL*, int devId); +CYASSL_API int CyaSSL_CTX_UseCavium(CYASSL_CTX*, int devId); + + #define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */ #define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */ diff --git a/cyassl/test.h b/cyassl/test.h index 99b005c62..d4a2b986f 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -40,6 +40,12 @@ #endif #endif /* USE_WINDOWS_API */ +#ifdef HAVE_CAVIUM + #include "cavium_sysdep.h" + #include "cavium_common.h" + #include "cavium_ioctl.h" +#endif + #ifdef _MSC_VER /* disable conversion warning */ /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ @@ -353,6 +359,9 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, int udp) else *sockfd = socket(AF_INET_V, SOCK_STREAM, 0); + if (*sockfd < 0) + err_sys("socket failed\n"); + #ifndef USE_WINDOWS_API #ifdef SO_NOSIGPIPE { @@ -408,11 +417,11 @@ enum { TEST_ERROR_READY }; -static INLINE int tcp_select(SOCKET_T socketfd, unsigned int to_sec) +static INLINE int tcp_select(SOCKET_T socketfd, int to_sec) { fd_set recvfds, errfds; SOCKET_T nfds = socketfd + 1; - struct timeval timeout = {to_sec, 0}; + struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0}; int result; FD_ZERO(&recvfds); @@ -447,9 +456,11 @@ static INLINE void tcp_listen(SOCKET_T* sockfd, int port, int useAnyAddr, #ifndef USE_WINDOWS_API { - int on = 1; + int res, on = 1; socklen_t len = sizeof(on); - setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + if (res < 0) + err_sys("setsockopt SO_REUSEADDR failed\n"); } #endif @@ -494,9 +505,11 @@ static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, int useAnyAddr, #ifndef USE_WINDOWS_API { - int on = 1; + int res, on = 1; socklen_t len = sizeof(on); - setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + if (res < 0) + err_sys("setsockopt SO_REUSEADDR failed\n"); } #endif @@ -555,7 +568,11 @@ static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) int ret = ioctlsocket(*sockfd, FIONBIO, &blocking); #else int flags = fcntl(*sockfd, F_GETFL, 0); - fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK); + if (flags < 0) + err_sys("fcntl get failed"); + flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK); + if (flags < 0) + err_sys("fcntl set failed"); #endif } @@ -798,6 +815,30 @@ static INLINE void SetDHCtx(CYASSL_CTX* ctx) #endif /* !NO_CERTS */ +#ifdef HAVE_CAVIUM + +static INLINE int OpenNitroxDevice(int dma_mode,int dev_id) +{ + Csp1CoreAssignment core_assign; + Uint32 device; + + if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID)) + return -1; + if (Csp1GetDevType(&device)) + return -1; + if (device != NPX_DEVICE) { + if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT, + (Uint32 *)&core_assign)!= 0) + return -1; + } + CspShutdown(CAVIUM_DEV_ID); + + return CspInitialize(dma_mode, dev_id); +} + +#endif /* HAVE_CAVIUM */ + + #ifdef USE_WINDOWS_API /* do back x number of directories */ diff --git a/cyassl/version.h b/cyassl/version.h index 04b3923bd..403c3725a 100644 --- a/cyassl/version.h +++ b/cyassl/version.h @@ -1,6 +1,6 @@ /* cyassl_version.h.in * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBCYASSL_VERSION_STRING "2.4.7" -#define LIBCYASSL_VERSION_HEX 0x02004007 +#define LIBCYASSL_VERSION_STRING "2.5.1" +#define LIBCYASSL_VERSION_HEX 0x02005001 #ifdef __cplusplus } diff --git a/cyassl/version.h.in b/cyassl/version.h.in index 6af4f0ae5..f84bd0cd1 100644 --- a/cyassl/version.h.in +++ b/cyassl/version.h.in @@ -1,6 +1,6 @@ /* cyassl_version.h.in * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/client/client.c b/examples/client/client.c index a6cb574c6..fa9f2dae9 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -272,7 +272,7 @@ void client_test(void* args) if (cipherList) if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) - err_sys("can't set cipher list"); + err_sys("client can't set cipher list 1"); #ifdef CYASSL_LEANPSK usePsk = 1; @@ -289,7 +289,7 @@ void client_test(void* args) defaultCipherList = "PSK-AES256-CBC-SHA"; #endif if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS) - err_sys("can't set cipher list"); + err_sys("client can't set cipher list 2"); } #endif } @@ -302,7 +302,7 @@ void client_test(void* args) if (cipherList == NULL) { /* don't use EDH, can't sniff tmp keys */ if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) { - err_sys("can't set cipher list"); + err_sys("client can't set cipher list 3"); } } #endif @@ -333,6 +333,10 @@ void client_test(void* args) if (!usePsk && doPeerCheck == 0) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); +#ifdef HAVE_CAVIUM + CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID); +#endif + if (benchmark) { /* time passed in number of connects give average */ int times = benchmark; @@ -411,18 +415,19 @@ void client_test(void* args) printf("SSL connect ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); + msg[msgSz] = '\0'; } if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); - input = CyaSSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); if (sendGET) { /* get html */ while (1) { - input = CyaSSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); @@ -506,7 +511,7 @@ void client_test(void* args) #endif } - input = CyaSSL_read(sslResume, reply, sizeof(reply)); + input = CyaSSL_read(sslResume, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server resume response: %s\n", reply); @@ -517,10 +522,10 @@ void client_test(void* args) CyaSSL_shutdown(sslResume); CyaSSL_free(sslResume); + CloseSocket(sockfd); } CyaSSL_CTX_free(ctx); - CloseSocket(sockfd); ((func_args*)args)->return_code = 0; } @@ -533,6 +538,12 @@ void client_test(void* args) { func_args args; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + StartTCP(); args.argc = argc; @@ -548,6 +559,9 @@ void client_test(void* args) client_test(&args); CyaSSL_Cleanup(); +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif return args.return_code; } diff --git a/examples/client/client.h b/examples/client/client.h index d4f33df55..75356b75f 100644 --- a/examples/client/client.h +++ b/examples/client/client.h @@ -1,6 +1,6 @@ /* client.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index d61cebb59..9f9ce0a85 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -1,6 +1,6 @@ /* echoclient.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -39,7 +39,7 @@ void echoclient_test(void* args) int outCreated = 0; char msg[1024]; - char reply[1024]; + char reply[1024+1]; SSL_METHOD* method = 0; SSL_CTX* ctx = 0; @@ -148,7 +148,7 @@ void echoclient_test(void* args) while (sendSz) { int got; - if ( (got = SSL_read(ssl, reply, sizeof(reply))) > 0) { + if ( (got = SSL_read(ssl, reply, sizeof(reply)-1)) > 0) { reply[got] = 0; fputs(reply, fout); sendSz -= got; @@ -186,6 +186,12 @@ void echoclient_test(void* args) { func_args args; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + StartTCP(); args.argc = argc; @@ -200,6 +206,9 @@ void echoclient_test(void* args) echoclient_test(&args); CyaSSL_Cleanup(); +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif return args.return_code; } diff --git a/examples/echoclient/echoclient.h b/examples/echoclient/echoclient.h index 37e6c0929..815301a8c 100644 --- a/examples/echoclient/echoclient.h +++ b/examples/echoclient/echoclient.h @@ -1,6 +1,6 @@ /* echoclient.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 4cd5ba266..364527607 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -1,6 +1,6 @@ /* echoserver.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -163,7 +163,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) while (!shutDown) { CYASSL* ssl = 0; - char command[1024]; + char command[1024+1]; int echoSz = 0; int clientfd; int firstRead = 1; @@ -197,7 +197,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) showPeer(ssl); #endif - while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command))) > 0) { + while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command)-1)) > 0) { if (firstRead == 1) { firstRead = 0; /* browser may send 1 byte 'G' to start */ @@ -287,6 +287,12 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) { func_args args; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + StartTCP(); args.argc = argc; @@ -301,6 +307,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) echoserver_test(&args); CyaSSL_Cleanup(); +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif return args.return_code; } diff --git a/examples/echoserver/echoserver.h b/examples/echoserver/echoserver.h index 20f7b52e2..e88c4c699 100644 --- a/examples/echoserver/echoserver.h +++ b/examples/echoserver/echoserver.h @@ -1,6 +1,6 @@ /* echoserver.h * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/examples/server/server.c b/examples/server/server.c index a69a3175b..fc22537ad 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -240,7 +240,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) if (cipherList) if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) - err_sys("can't set cipher list"); + err_sys("server can't set cipher list 1"); #ifdef CYASSL_LEANPSK usePsk = 1; @@ -285,7 +285,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) defaultCipherList = "PSK-AES256-CBC-SHA"; #endif if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS) - err_sys("can't set cipher list"); + err_sys("server can't set cipher list 2"); } #endif } @@ -308,7 +308,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) /* don't use EDH, can't sniff tmp keys */ if (cipherList == NULL) { if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) - err_sys("can't set cipher list"); + err_sys("server can't set cipher list 3"); } #endif @@ -351,7 +351,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #endif showPeer(ssl); - idx = SSL_read(ssl, input, sizeof(input)); + idx = SSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); @@ -383,6 +383,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) { func_args args; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + StartTCP(); args.argc = argc; @@ -398,6 +404,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) server_test(&args); CyaSSL_Cleanup(); +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif return args.return_code; } diff --git a/examples/server/server.h b/examples/server/server.h index 658c4007b..3c03c4dba 100644 --- a/examples/server/server.h +++ b/examples/server/server.h @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/gencertbuf.pl b/gencertbuf.pl new file mode 100755 index 000000000..6fb1929a1 --- /dev/null +++ b/gencertbuf.pl @@ -0,0 +1,110 @@ +#!/usr/bin/perl + +# gencertbuf.pl +# version 1.0 +# Updated 01/28/2013 +# +# Copyright (C) 2006-2013 wolfSSL +# + +use strict; +use warnings; + +# ---- SCRIPT SETTINGS ------------------------------------------------------- + +# output C header file to write cert/key buffers to +my $outputFile = "./cyassl/certs_test.h"; + +# 1024-bit certs/keys to be converted +# Used with USE_CERT_BUFFERS_1024 define. + +my @fileList_1024 = ( + [ "./certs/1024/client-key.der", "client_key_der_1024" ], + [ "./certs/1024/client-cert.der", "client_cert_der_1024" ], + [ "./certs/1024/dh1024.der", "dh_key_der_1024" ], + [ "./certs/1024/dsa1024.der", "dsa_key_der_1024" ], + [ "./certs/1024/rsa1024.der", "rsa_key_der_1024" ] + ); + +# 2048-bit certs/keys to be converted +# Used with USE_CERT_BUFFERS_2048 define. + +my @fileList_2048 = ( + [ "./certs/client-key.der", "client_key_der_2048" ], + [ "./certs/client-cert.der", "client_cert_der_2048" ], + [ "./certs/dh2048.der", "dh_key_der_2048" ], + [ "./certs/dsa2048.der", "dsa_key_der_2048" ], + [ "./certs/rsa2048.der", "rsa_key_der_2048" ] + ); + +# ---------------------------------------------------------------------------- + +my $num_1024 = @fileList_1024; +my $num_2048 = @fileList_2048; + +# open our output file, "+>" creates and/or truncates +open OUT_FILE, "+>", $outputFile or die $!; + +print OUT_FILE "/* certs_test.h */\n\n"; +print OUT_FILE "#ifndef CYASSL_CERTS_TEST_H\n"; +print OUT_FILE "#define CYASSL_CERTS_TEST_H\n\n"; + +# convert and print 1024-bit cert/keys +print OUT_FILE "#ifdef USE_CERT_BUFFERS_1024\n\n"; +for(my $i = 0; $i < $num_1024; $i++) { + print OUT_FILE "/* $fileList_1024[$i][0], 1024-bit */\n"; + print OUT_FILE "const unsigned char $fileList_1024[$i][1]\[] =\n"; + print OUT_FILE "{\n"; + file_to_hex($fileList_1024[$i][0]); + print OUT_FILE "};\n\n"; +} + +# convert and print 2048-bit certs/keys +print OUT_FILE "#elif defined(USE_CERT_BUFFERS_2048)\n\n"; +for(my $i = 0; $i < $num_2048; $i++) { + print OUT_FILE "/* $fileList_2048[$i][0], 2048-bit */\n"; + print OUT_FILE "const unsigned char $fileList_2048[$i][1]\[] =\n"; + print OUT_FILE "{\n"; + file_to_hex($fileList_2048[$i][0]); + print OUT_FILE "};\n\n"; +} + +print OUT_FILE "#endif /* USE_CERT_BUFFERS_1024 */\n\n"; +print OUT_FILE "#endif /* CYASSL_CERTS_TEST_H */\n\n"; + +# close certs_test.h file +close OUT_FILE or die $!; + +# print file as hex, comma-separated, as needed by C buffer +sub file_to_hex { + my $fileName = $_[0]; + + open my $fp, "<", $fileName or die $!; + binmode($fp); + + my $fileLen = -s $fileName; + my $byte; + + for (my $i = 0, my $j = 1; $i < $fileLen; $i++, $j++) + { + if ($j == 1) { + print OUT_FILE "\t"; + } + read($fp, $byte, 1) or die "Error reading $fileName"; + my $output = sprintf("0x%02X", ord($byte)); + print OUT_FILE $output; + + if ($i != ($fileLen - 1)) { + print OUT_FILE ", "; + } + + if ($j == 10) { + $j = 0; + print OUT_FILE "\n"; + } + } + + print OUT_FILE "\n"; + + close($fp); +} diff --git a/m4/ax_debug.m4 b/m4/ax_debug.m4 index 769d48d5e..5c63daa11 100644 --- a/m4/ax_debug.m4 +++ b/m4/ax_debug.m4 @@ -49,7 +49,7 @@ AC_DEFUN([AX_DEBUG],[ AC_ARG_ENABLE([debug], [AS_HELP_STRING([--enable-debug], [Add debug code/turns off optimizations (yes|no) @<:@default=no@:>@])],[ - ax_enable_debug=yes + ax_enable_debug=$enableval AC_DEFINE(DEBUG, [ 1 ], [Define to 1 to enable debugging code.]) ],[ ax_enable_debug=no diff --git a/mplabx/README b/mplabx/README new file mode 100644 index 000000000..3879a79c7 --- /dev/null +++ b/mplabx/README @@ -0,0 +1,37 @@ +CyaSSL MPLAB X Project Files + +This directory contains project files for the Microchip MPLAB X IDE. These +projects have been set up to use the Microchip PIC32 Ethernet Starter Kit +and the Microchip XC32 compiler. + +In order to generate the necessary auto-generated MPLAB X files, make sure +to import the cyassl.X project into your MPLAB X workspace before trying to +build either the CTaoCrypt test or benchmark applications. + +Included Project Files +----------------------- + +1. CyaSSL library (cyassl.X) + + This project builds a static CyaSSL library. Prior to building this + project, uncomment the MICROCHIP_PIC32 define located in: + + /cyassl/ctaocrypt/settings.h + + After this project has been built, the compiled library will be located + at: + + /mplabx/cyassl.X/dist/default/production/cyassl.X.a + +2. CTaoCrypt Test App (ctaocrypt_test.X) + +3. CTaoCrypt Benchmark App (ctaocrypt_benchmark.X) + + +MIPS16 and MIPS32 Support +------------------------- + +These projects support both MIPS16 and MIPS32 instruction sets. Switching +between these two instruction sets can be done in each project's properties +settings by checking the "Generate 16-bit code" checkbox. + diff --git a/mplabx/ctaocrypt_benchmark.X/Makefile b/mplabx/ctaocrypt_benchmark.X/Makefile new file mode 100644 index 000000000..05a3fb1b6 --- /dev/null +++ b/mplabx/ctaocrypt_benchmark.X/Makefile @@ -0,0 +1,108 @@ +# +# There exist several targets which are by default empty and which can be +# used for execution of your targets. These targets are usually executed +# before and after some main targets. They are: +# +# .build-pre: called before 'build' target +# .build-post: called after 'build' target +# .clean-pre: called before 'clean' target +# .clean-post: called after 'clean' target +# .clobber-pre: called before 'clobber' target +# .clobber-post: called after 'clobber' target +# .all-pre: called before 'all' target +# .all-post: called after 'all' target +# .help-pre: called before 'help' target +# .help-post: called after 'help' target +# +# Targets beginning with '.' are not intended to be called on their own. +# +# Main targets can be executed directly, and they are: +# +# build build a specific configuration +# clean remove built files from a configuration +# clobber remove all built files +# all build all configurations +# help print help mesage +# +# Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and +# .help-impl are implemented in nbproject/makefile-impl.mk. +# +# Available make variables: +# +# CND_BASEDIR base directory for relative paths +# CND_DISTDIR default top distribution directory (build artifacts) +# CND_BUILDDIR default top build directory (object files, ...) +# CONF name of current configuration +# CND_ARTIFACT_DIR_${CONF} directory of build artifact (current configuration) +# CND_ARTIFACT_NAME_${CONF} name of build artifact (current configuration) +# CND_ARTIFACT_PATH_${CONF} path to build artifact (current configuration) +# CND_PACKAGE_DIR_${CONF} directory of package (current configuration) +# CND_PACKAGE_NAME_${CONF} name of package (current configuration) +# CND_PACKAGE_PATH_${CONF} path to package (current configuration) +# +# NOCDDL + + +# Environment +MKDIR=mkdir +CP=cp +CCADMIN=CCadmin +RANLIB=ranlib + + +# build +build: .build-post + +.build-pre: +# Add your pre 'build' code here... + +.build-post: .build-impl +# Add your post 'build' code here... + + +# clean +clean: .clean-post + +.clean-pre: +# Add your pre 'clean' code here... + +.clean-post: .clean-impl +# Add your post 'clean' code here... + + +# clobber +clobber: .clobber-post + +.clobber-pre: +# Add your pre 'clobber' code here... + +.clobber-post: .clobber-impl +# Add your post 'clobber' code here... + + +# all +all: .all-post + +.all-pre: +# Add your pre 'all' code here... + +.all-post: .all-impl +# Add your post 'all' code here... + + +# help +help: .help-post + +.help-pre: +# Add your pre 'help' code here... + +.help-post: .help-impl +# Add your post 'help' code here... + + + +# include project implementation makefile +include nbproject/Makefile-impl.mk + +# include project make variables +include nbproject/Makefile-variables.mk diff --git a/mplabx/ctaocrypt_benchmark.X/main.c b/mplabx/ctaocrypt_benchmark.X/main.c new file mode 100644 index 000000000..587eae1e2 --- /dev/null +++ b/mplabx/ctaocrypt_benchmark.X/main.c @@ -0,0 +1,116 @@ +/* main.c + * + * Copyright (C) 2006-2013 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#define PIC32_STARTER_KIT + +#include +#include +#include + +void bench_des(void); +void bench_arc4(void); +void bench_hc128(void); +void bench_rabbit(void); +void bench_aes(int); +void bench_aesgcm(void); + +void bench_md5(void); +void bench_sha(void); +void bench_sha256(void); +void bench_sha512(void); +void bench_ripemd(void); + +void bench_rsa(void); +void bench_rsaKeyGen(void); +void bench_dh(void); +#ifdef HAVE_ECC +void bench_eccKeyGen(void); +void bench_eccKeyAgree(void); +#endif + +/* + * Main driver for CTaoCrypt benchmarks. + */ +int main(int argc, char** argv) { + + SYSTEMConfigPerformance(80000000); + + DBINIT(); + printf("CTaoCrypt Benchmark:\n"); + +#ifndef NO_AES + bench_aes(0); + bench_aes(1); +#endif +#ifdef HAVE_AESGCM + bench_aesgcm(); +#endif +#ifndef NO_RC4 + bench_arc4(); +#endif +#ifdef HAVE_HC128 + bench_hc128(); +#endif +#ifndef NO_RABBIT + bench_rabbit(); +#endif +#ifndef NO_DES3 + bench_des(); +#endif + + printf("\n"); + +#ifndef NO_MD5 + bench_md5(); +#endif + bench_sha(); +#ifndef NO_SHA256 + bench_sha256(); +#endif +#ifdef CYASSL_SHA512 + bench_sha512(); +#endif +#ifdef CYASSL_RIPEMD + bench_ripemd(); +#endif + + printf("\n"); + +#ifndef NO_RSA + bench_rsa(); +#endif + +#ifndef NO_DH + bench_dh(); +#endif + +#if defined(CYASSL_KEY_GEN) && !defined(NO_RSA) + bench_rsaKeyGen(); +#endif + +#ifdef HAVE_ECC + bench_eccKeyGen(); + bench_eccKeyAgree(); +#endif + + return 0; +} + diff --git a/mplabx/ctaocrypt_benchmark.X/nbproject/configurations.xml b/mplabx/ctaocrypt_benchmark.X/nbproject/configurations.xml new file mode 100644 index 000000000..8617c2123 --- /dev/null +++ b/mplabx/ctaocrypt_benchmark.X/nbproject/configurations.xml @@ -0,0 +1,167 @@ + + + + + + + + + main.c + ../../ctaocrypt/benchmark/benchmark.c + + + Makefile + + + Makefile + + + + localhost + PIC32MX795F512L + + + SKDEPIC32PlatformTool + XC32 + 1.10 + 4 + + + + + + + + + + + + false + + + + + false + + false + + false + false + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mplabx/ctaocrypt_benchmark.X/nbproject/include.am b/mplabx/ctaocrypt_benchmark.X/nbproject/include.am new file mode 100644 index 000000000..567fbba38 --- /dev/null +++ b/mplabx/ctaocrypt_benchmark.X/nbproject/include.am @@ -0,0 +1,12 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mplabx/ctaocrypt_benchmark.X/Makefile \ + mplabx/ctaocrypt_benchmark.X/main.c + +EXTRA_DIST += \ + mplabx/ctaocrypt_benchmark.X/nbproject/configurations.xml \ + mplabx/ctaocrypt_benchmark.X/nbproject/project.xml + diff --git a/mplabx/ctaocrypt_benchmark.X/nbproject/project.xml b/mplabx/ctaocrypt_benchmark.X/nbproject/project.xml new file mode 100644 index 000000000..9ec9516cc --- /dev/null +++ b/mplabx/ctaocrypt_benchmark.X/nbproject/project.xml @@ -0,0 +1,18 @@ + + + com.microchip.mplab.nbide.embedded.makeproject + + + ctaocrypt_benchmark + 22e4138b-5f20-4957-ac0a-c181b94d3342 + 0 + c + + + ISO-8859-1 + + ../cyassl.X + + + + diff --git a/mplabx/ctaocrypt_test.X/Makefile b/mplabx/ctaocrypt_test.X/Makefile new file mode 100644 index 000000000..05a3fb1b6 --- /dev/null +++ b/mplabx/ctaocrypt_test.X/Makefile @@ -0,0 +1,108 @@ +# +# There exist several targets which are by default empty and which can be +# used for execution of your targets. These targets are usually executed +# before and after some main targets. They are: +# +# .build-pre: called before 'build' target +# .build-post: called after 'build' target +# .clean-pre: called before 'clean' target +# .clean-post: called after 'clean' target +# .clobber-pre: called before 'clobber' target +# .clobber-post: called after 'clobber' target +# .all-pre: called before 'all' target +# .all-post: called after 'all' target +# .help-pre: called before 'help' target +# .help-post: called after 'help' target +# +# Targets beginning with '.' are not intended to be called on their own. +# +# Main targets can be executed directly, and they are: +# +# build build a specific configuration +# clean remove built files from a configuration +# clobber remove all built files +# all build all configurations +# help print help mesage +# +# Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and +# .help-impl are implemented in nbproject/makefile-impl.mk. +# +# Available make variables: +# +# CND_BASEDIR base directory for relative paths +# CND_DISTDIR default top distribution directory (build artifacts) +# CND_BUILDDIR default top build directory (object files, ...) +# CONF name of current configuration +# CND_ARTIFACT_DIR_${CONF} directory of build artifact (current configuration) +# CND_ARTIFACT_NAME_${CONF} name of build artifact (current configuration) +# CND_ARTIFACT_PATH_${CONF} path to build artifact (current configuration) +# CND_PACKAGE_DIR_${CONF} directory of package (current configuration) +# CND_PACKAGE_NAME_${CONF} name of package (current configuration) +# CND_PACKAGE_PATH_${CONF} path to package (current configuration) +# +# NOCDDL + + +# Environment +MKDIR=mkdir +CP=cp +CCADMIN=CCadmin +RANLIB=ranlib + + +# build +build: .build-post + +.build-pre: +# Add your pre 'build' code here... + +.build-post: .build-impl +# Add your post 'build' code here... + + +# clean +clean: .clean-post + +.clean-pre: +# Add your pre 'clean' code here... + +.clean-post: .clean-impl +# Add your post 'clean' code here... + + +# clobber +clobber: .clobber-post + +.clobber-pre: +# Add your pre 'clobber' code here... + +.clobber-post: .clobber-impl +# Add your post 'clobber' code here... + + +# all +all: .all-post + +.all-pre: +# Add your pre 'all' code here... + +.all-post: .all-impl +# Add your post 'all' code here... + + +# help +help: .help-post + +.help-pre: +# Add your pre 'help' code here... + +.help-post: .help-impl +# Add your post 'help' code here... + + + +# include project implementation makefile +include nbproject/Makefile-impl.mk + +# include project make variables +include nbproject/Makefile-variables.mk diff --git a/mplabx/ctaocrypt_test.X/main.c b/mplabx/ctaocrypt_test.X/main.c new file mode 100644 index 000000000..1ecfc2ada --- /dev/null +++ b/mplabx/ctaocrypt_test.X/main.c @@ -0,0 +1,57 @@ +/* main.c + * + * Copyright (C) 2006-2013 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#define PIC32_STARTER_KIT + +#include +#include +#include +#include + +/* func_args from test.h, so don't have to pull in other junk */ +typedef struct func_args { + int argc; + char** argv; + int return_code; +} func_args; + +/* + * Main driver for CTaoCrypt tests. + */ +int main(int argc, char** argv) { + + DBINIT(); + printf("CTaoCrypt Test:\n"); + + func_args args; + + args.argc = argc; + args.argv = argv; + + ctaocrypt_test(&args); + + if (args.return_code == 0) { + printf("All tests passed!\n"); + } + + return 0; +} + diff --git a/mplabx/ctaocrypt_test.X/nbproject/configurations.xml b/mplabx/ctaocrypt_test.X/nbproject/configurations.xml new file mode 100644 index 000000000..bd3e33e66 --- /dev/null +++ b/mplabx/ctaocrypt_test.X/nbproject/configurations.xml @@ -0,0 +1,168 @@ + + + + + ../../ctaocrypt/test/test.h + + + + + main.c + ../../ctaocrypt/test/test.c + + + Makefile + + + Makefile + + + + localhost + PIC32MX795F512L + + + SKDEPIC32PlatformTool + XC32 + 1.10 + 4 + + + + + + + + + + + + false + + + + + false + + false + + false + false + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mplabx/ctaocrypt_test.X/nbproject/include.am b/mplabx/ctaocrypt_test.X/nbproject/include.am new file mode 100644 index 000000000..e7d868de8 --- /dev/null +++ b/mplabx/ctaocrypt_test.X/nbproject/include.am @@ -0,0 +1,12 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mplabx/ctaocrypt_test.X/Makefile \ + mplabx/ctaocrypt_test.X/main.c + +EXTRA_DIST += \ + mplabx/ctaocrypt_test.X/nbproject/configurations.xml \ + mplabx/ctaocrypt_test.X/nbproject/project.xml + diff --git a/mplabx/ctaocrypt_test.X/nbproject/project.xml b/mplabx/ctaocrypt_test.X/nbproject/project.xml new file mode 100644 index 000000000..3567a51b8 --- /dev/null +++ b/mplabx/ctaocrypt_test.X/nbproject/project.xml @@ -0,0 +1,18 @@ + + + com.microchip.mplab.nbide.embedded.makeproject + + + ctaocrypt_test + b34c4937-7042-4352-88b1-7717bcdf8aeb + 0 + c + + h + ISO-8859-1 + + ../cyassl.X + + + + diff --git a/mplabx/cyassl.X/Makefile b/mplabx/cyassl.X/Makefile new file mode 100644 index 000000000..05a3fb1b6 --- /dev/null +++ b/mplabx/cyassl.X/Makefile @@ -0,0 +1,108 @@ +# +# There exist several targets which are by default empty and which can be +# used for execution of your targets. These targets are usually executed +# before and after some main targets. They are: +# +# .build-pre: called before 'build' target +# .build-post: called after 'build' target +# .clean-pre: called before 'clean' target +# .clean-post: called after 'clean' target +# .clobber-pre: called before 'clobber' target +# .clobber-post: called after 'clobber' target +# .all-pre: called before 'all' target +# .all-post: called after 'all' target +# .help-pre: called before 'help' target +# .help-post: called after 'help' target +# +# Targets beginning with '.' are not intended to be called on their own. +# +# Main targets can be executed directly, and they are: +# +# build build a specific configuration +# clean remove built files from a configuration +# clobber remove all built files +# all build all configurations +# help print help mesage +# +# Targets .build-impl, .clean-impl, .clobber-impl, .all-impl, and +# .help-impl are implemented in nbproject/makefile-impl.mk. +# +# Available make variables: +# +# CND_BASEDIR base directory for relative paths +# CND_DISTDIR default top distribution directory (build artifacts) +# CND_BUILDDIR default top build directory (object files, ...) +# CONF name of current configuration +# CND_ARTIFACT_DIR_${CONF} directory of build artifact (current configuration) +# CND_ARTIFACT_NAME_${CONF} name of build artifact (current configuration) +# CND_ARTIFACT_PATH_${CONF} path to build artifact (current configuration) +# CND_PACKAGE_DIR_${CONF} directory of package (current configuration) +# CND_PACKAGE_NAME_${CONF} name of package (current configuration) +# CND_PACKAGE_PATH_${CONF} path to package (current configuration) +# +# NOCDDL + + +# Environment +MKDIR=mkdir +CP=cp +CCADMIN=CCadmin +RANLIB=ranlib + + +# build +build: .build-post + +.build-pre: +# Add your pre 'build' code here... + +.build-post: .build-impl +# Add your post 'build' code here... + + +# clean +clean: .clean-post + +.clean-pre: +# Add your pre 'clean' code here... + +.clean-post: .clean-impl +# Add your post 'clean' code here... + + +# clobber +clobber: .clobber-post + +.clobber-pre: +# Add your pre 'clobber' code here... + +.clobber-post: .clobber-impl +# Add your post 'clobber' code here... + + +# all +all: .all-post + +.all-pre: +# Add your pre 'all' code here... + +.all-post: .all-impl +# Add your post 'all' code here... + + +# help +help: .help-post + +.help-pre: +# Add your pre 'help' code here... + +.help-post: .help-impl +# Add your post 'help' code here... + + + +# include project implementation makefile +include nbproject/Makefile-impl.mk + +# include project make variables +include nbproject/Makefile-variables.mk diff --git a/mplabx/cyassl.X/nbproject/configurations.xml b/mplabx/cyassl.X/nbproject/configurations.xml new file mode 100644 index 000000000..cf2aebe06 --- /dev/null +++ b/mplabx/cyassl.X/nbproject/configurations.xml @@ -0,0 +1,182 @@ + + + + + + + + + ../../src/crl.c + ../../src/internal.c + ../../src/io.c + ../../src/keys.c + ../../src/ocsp.c + ../../src/sniffer.c + ../../src/ssl.c + ../../src/tls.c + ../../ctaocrypt/src/aes.c + ../../ctaocrypt/src/arc4.c + ../../ctaocrypt/src/asm.c + ../../ctaocrypt/src/asn.c + ../../ctaocrypt/src/coding.c + ../../ctaocrypt/src/des3.c + ../../ctaocrypt/src/dh.c + ../../ctaocrypt/src/dsa.c + ../../ctaocrypt/src/ecc.c + ../../ctaocrypt/src/ecc_fp.c + ../../ctaocrypt/src/error.c + ../../ctaocrypt/src/hc128.c + ../../ctaocrypt/src/hmac.c + ../../ctaocrypt/src/integer.c + ../../ctaocrypt/src/logging.c + ../../ctaocrypt/src/md2.c + ../../ctaocrypt/src/md4.c + ../../ctaocrypt/src/md5.c + ../../ctaocrypt/src/memory.c + ../../ctaocrypt/src/misc.c + ../../ctaocrypt/src/pwdbased.c + ../../ctaocrypt/src/rabbit.c + ../../ctaocrypt/src/random.c + ../../ctaocrypt/src/ripemd.c + ../../ctaocrypt/src/rsa.c + ../../ctaocrypt/src/sha.c + ../../ctaocrypt/src/sha256.c + ../../ctaocrypt/src/sha512.c + ../../ctaocrypt/src/tfm.c + + + Makefile + + + + .. + + Makefile + + + + localhost + PIC32MX795F512L + + + SKDEPIC32PlatformTool + XC32 + 1.10 + 4 + + + + + + + false + + false + + false + false + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mplabx/cyassl.X/nbproject/include.am b/mplabx/cyassl.X/nbproject/include.am new file mode 100644 index 000000000..4db3841b2 --- /dev/null +++ b/mplabx/cyassl.X/nbproject/include.am @@ -0,0 +1,12 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mplabx/README \ + mplabx/cyassl.X/Makefile + +EXTRA_DIST += \ + mplabx/cyassl.X/nbproject/configurations.xml \ + mplabx/cyassl.X/nbproject/project.xml + diff --git a/mplabx/cyassl.X/nbproject/project.xml b/mplabx/cyassl.X/nbproject/project.xml new file mode 100644 index 000000000..831eae925 --- /dev/null +++ b/mplabx/cyassl.X/nbproject/project.xml @@ -0,0 +1,16 @@ + + + com.microchip.mplab.nbide.embedded.makeproject + + + cyassl + 93bbfc3a-a0fa-4d48-bbc8-6cd47a2bd05b + 0 + c + + + ISO-8859-1 + + + + diff --git a/mqx/README b/mqx/README new file mode 100644 index 000000000..3765ba57b --- /dev/null +++ b/mqx/README @@ -0,0 +1,37 @@ +CyaSSL Freescale CodeWarrior Project Files + +This directory contains project files for Freescale CodeWarrior 10.2. These +project have been created to use MQX, RTCS, and MFS on the Freescale +Kinetis K70 Tower System. + +Included Project Files +----------------------- + +1. CyaSSL library (/cyassl) + + Prior to building this project, uncomment the FREESCALE_MQX define + located in: + + /cyassl/ctaocrypt/settings.h + +2. CTaoCrypt Test App (/ctaocrypt_test) + +3. Example CyaSSL Client (/cyassl_client) + + +Importing into CodeWarrior Workspace +------------------------------------ + +These projects can be imported into a CodeWarrior workspace using the standard +"Import Project" feature. To import a project from CodeWarrior, follow +these steps: + +1. File -> Import +2. General -> Existing Projects into Workspace +3. Select Root Directory (browse to this "/mqx" directory) +4. Select desired projects -> Finish + +Keep in mind that the projects above reference CyaSSL source files and header +files with relative paths to the projects' current location in the +/mqx directory. + diff --git a/mqx/ctaocrypt_test/Sources/include.am b/mqx/ctaocrypt_test/Sources/include.am new file mode 100644 index 000000000..b167955e2 --- /dev/null +++ b/mqx/ctaocrypt_test/Sources/include.am @@ -0,0 +1,15 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mqx/ctaocrypt_test/.cproject \ + mqx/ctaocrypt_test/.project \ + mqx/ctaocrypt_test/ReferencedRSESystems.xml \ + mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch \ + mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch + +EXTRA_DIST += \ + mqx/ctaocrypt_test/Sources/main.c \ + mqx/ctaocrypt_test/Sources/main.h + diff --git a/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.launch b/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch similarity index 100% rename from mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.launch rename to mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch diff --git a/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.launch b/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch similarity index 100% rename from mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.launch rename to mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch diff --git a/mqx/cyassl/include.am b/mqx/cyassl/include.am new file mode 100644 index 000000000..509e078a5 --- /dev/null +++ b/mqx/cyassl/include.am @@ -0,0 +1,11 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mqx/README + +EXTRA_DIST += \ + mqx/cyassl/.cproject \ + mqx/cyassl/.project + diff --git a/mqx/cyassl_client/Sources/include.am b/mqx/cyassl_client/Sources/include.am new file mode 100644 index 000000000..dd4b2ffd9 --- /dev/null +++ b/mqx/cyassl_client/Sources/include.am @@ -0,0 +1,15 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mqx/cyassl_client/.cproject \ + mqx/cyassl_client/.project \ + mqx/cyassl_client/ReferencedRSESystems.xml \ + mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch \ + mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch + +EXTRA_DIST += \ + mqx/cyassl_client/Sources/main.c \ + mqx/cyassl_client/Sources/main.h + diff --git a/mqx/cyassl_client/Sources/main.c b/mqx/cyassl_client/Sources/main.c index 7d04f9f3f..3938a87ac 100644 --- a/mqx/cyassl_client/Sources/main.c +++ b/mqx/cyassl_client/Sources/main.c @@ -214,13 +214,13 @@ void client_test(void) { if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("CyaSSL_write() failed"); - input = CyaSSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); while(1) { - input = CyaSSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); diff --git a/mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.launch b/mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch similarity index 100% rename from mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.launch rename to mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch diff --git a/mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.launch b/mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch similarity index 100% rename from mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.launch rename to mqx/cyassl_client/cyassl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch diff --git a/mqx/util_lib/Sources/include.am b/mqx/util_lib/Sources/include.am new file mode 100644 index 000000000..4b54a5a60 --- /dev/null +++ b/mqx/util_lib/Sources/include.am @@ -0,0 +1,12 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + mqx/util_lib/.cproject \ + mqx/util_lib/.project + +EXTRA_DIST += \ + mqx/util_lib/Sources/util.c \ + mqx/util_lib/Sources/util.h + diff --git a/src/crl.c b/src/crl.c index 7b06b8218..38487eb67 100644 --- a/src/crl.c +++ b/src/crl.c @@ -1,6 +1,6 @@ /* crl.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/src/internal.c b/src/internal.c index ac0f387bf..7cbf03ca2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1,6 +1,6 @@ /* internal.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -97,6 +97,8 @@ static void Hmac(CYASSL* ssl, byte* digest, const byte* buffer, word32 sz, static void BuildCertHashes(CYASSL* ssl, Hashes* hashes); #endif +static void PickHashSigAlgo(CYASSL* ssl, + const byte* hashSigAlgo, word32 hashSigAlgoSz); #ifndef min @@ -274,7 +276,7 @@ static INLINE void ato32(const byte* c, word32* u32) static int Compress(CYASSL* ssl, byte* in, int inSz, byte* out, int outSz) { int err; - int currTotal = ssl->c_stream.total_out; + int currTotal = (int)ssl->c_stream.total_out; ssl->c_stream.next_in = in; ssl->c_stream.avail_in = inSz; @@ -284,7 +286,7 @@ static INLINE void ato32(const byte* c, word32* u32) err = deflate(&ssl->c_stream, Z_SYNC_FLUSH); if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR; - return ssl->c_stream.total_out - currTotal; + return (int)ssl->c_stream.total_out - currTotal; } @@ -292,7 +294,7 @@ static INLINE void ato32(const byte* c, word32* u32) static int DeCompress(CYASSL* ssl, byte* in, int inSz, byte* out, int outSz) { int err; - int currTotal = ssl->d_stream.total_out; + int currTotal = (int)ssl->d_stream.total_out; ssl->d_stream.next_in = in; ssl->d_stream.avail_in = inSz; @@ -302,7 +304,7 @@ static INLINE void ato32(const byte* c, word32* u32) err = inflate(&ssl->d_stream, Z_SYNC_FLUSH); if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR; - return ssl->d_stream.total_out - currTotal; + return (int)ssl->d_stream.total_out - currTotal; } #endif /* HAVE_LIBZ */ @@ -397,6 +399,9 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method) #ifdef HAVE_OCSP CyaSSL_OCSP_Init(&ctx->ocsp); #endif +#ifdef HAVE_CAVIUM + ctx->devId = NO_CAVIUM_DEVICE; +#endif if (InitMutex(&ctx->countMutex) < 0) { CYASSL_MSG("Mutex error on CTX init"); @@ -471,6 +476,10 @@ void InitCiphers(CYASSL* ssl) ssl->encrypt.aes = NULL; ssl->decrypt.aes = NULL; #endif +#ifdef HAVE_CAMELLIA + ssl->encrypt.cam = NULL; + ssl->decrypt.cam = NULL; +#endif #ifdef HAVE_HC128 ssl->encrypt.hc128 = NULL; ssl->decrypt.hc128 = NULL; @@ -489,17 +498,39 @@ void FreeCiphers(CYASSL* ssl) { (void)ssl; #ifdef BUILD_ARC4 + #ifdef HAVE_CAVIUM + if (ssl->devId != NO_CAVIUM_DEVICE) { + Arc4FreeCavium(ssl->encrypt.arc4); + Arc4FreeCavium(ssl->decrypt.arc4); + } + #endif XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); #endif #ifdef BUILD_DES3 + #ifdef HAVE_CAVIUM + if (ssl->devId != NO_CAVIUM_DEVICE) { + Des3_FreeCavium(ssl->encrypt.des3); + Des3_FreeCavium(ssl->decrypt.des3); + } + #endif XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); #endif #ifdef BUILD_AES + #ifdef HAVE_CAVIUM + if (ssl->devId != NO_CAVIUM_DEVICE) { + AesFreeCavium(ssl->encrypt.aes); + AesFreeCavium(ssl->decrypt.aes); + } + #endif XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); #endif +#ifdef BUILD_CAMELLIA + XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); +#endif #ifdef HAVE_HC128 XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER); @@ -767,6 +798,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 + if (tls1_2 && haveECDSAsig && haveDH) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256; + } +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 + if (tls1_2 && haveECDSAsig && haveDH) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384; + } +#endif + #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256 if (tls1_2 && haveRSA) { suites->suites[idx++] = ECC_BYTE; @@ -949,7 +994,95 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + if (tls && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA; + } +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA; + } +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + if (tls && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA; + } +#endif + +#ifdef BUILD_TLS_DHE_WITH_RSA_CAMELLIA_256_CBC_SHA + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA; + } +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + if (tls && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256; + } +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256; + } +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + if (tls && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256; + } +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + if (tls && haveDH && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256; + } +#endif + suites->suiteSz = idx; + + { + idx = 0; + + if (haveECDSAsig) { + #ifdef CYASSL_SHA384 + suites->hashSigAlgo[idx++] = sha384_mac; + suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + #ifndef NO_SHA256 + suites->hashSigAlgo[idx++] = sha256_mac; + suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + suites->hashSigAlgo[idx++] = sha_mac; + suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + } + + if (haveRSAsig) { + #ifdef CYASSL_SHA384 + suites->hashSigAlgo[idx++] = sha384_mac; + suites->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + #ifndef NO_SHA256 + suites->hashSigAlgo[idx++] = sha256_mac; + suites->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + suites->hashSigAlgo[idx++] = sha_mac; + suites->hashSigAlgo[idx++] = rsa_sa_algo; + } + + suites->hashSigAlgoSz = idx; + } } @@ -1086,6 +1219,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->keys.dtls_expected_peer_epoch = 0; ssl->dtls_timeout = DTLS_DEFAULT_TIMEOUT; ssl->dtls_pool = NULL; + ssl->dtls_msg_list = NULL; #endif ssl->keys.encryptionOn = 0; /* initially off */ ssl->keys.decryptedCur = 0; /* initially off */ @@ -1133,9 +1267,6 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->buffers.weOwnDH = 0; #ifdef CYASSL_DTLS - ssl->buffers.dtlsHandshake.length = 0; - ssl->buffers.dtlsHandshake.buffer = NULL; - ssl->buffers.dtlsType = 0; ssl->buffers.dtlsCtx.fd = -1; ssl->buffers.dtlsCtx.peer.sa = NULL; ssl->buffers.dtlsCtx.peer.sz = 0; @@ -1163,6 +1294,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->toInfoOn = 0; #endif +#ifdef HAVE_CAVIUM + ssl->devId = ctx->devId; +#endif + ssl->rng = NULL; ssl->arrays = NULL; InitCiphers(ssl); @@ -1328,12 +1463,14 @@ void SSL_ResourceFree(CYASSL* ssl) if (ssl->buffers.outputBuffer.dynamicFlag) ShrinkOutputBuffer(ssl); #ifdef CYASSL_DTLS - if (ssl->buffers.dtlsHandshake.buffer != NULL) - XFREE(ssl->buffers.dtlsHandshake.buffer, ssl->heap, DYNAMIC_TYPE_NONE); if (ssl->dtls_pool != NULL) { DtlsPoolReset(ssl); XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_NONE); } + if (ssl->dtls_msg_list != NULL) { + DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap); + ssl->dtls_msg_list = NULL; + } XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR); ssl->buffers.dtlsCtx.peer.sa = NULL; #endif @@ -1566,7 +1703,167 @@ int DtlsPoolSend(CYASSL* ssl) return 0; } -#endif + +/* functions for managing DTLS datagram reordering */ + +/* Need to allocate space for the handshake message header. The hashing + * routines assume the message pointer is still within the buffer that + * has the headers, and will include those headers in the hash. The store + * routines need to take that into account as well. New will allocate + * extra space for the headers. */ +DtlsMsg* DtlsMsgNew(word32 sz, void* heap) +{ + DtlsMsg* msg = NULL; + + msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG); + + if (msg != NULL) { + msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ, + heap, DYNAMIC_TYPE_NONE); + if (msg->buf != NULL) { + msg->next = NULL; + msg->seq = 0; + msg->sz = sz; + msg->fragSz = 0; + msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ; + } + else { + XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG); + msg = NULL; + } + } + + return msg; +} + +void DtlsMsgDelete(DtlsMsg* item, void* heap) +{ + (void)heap; + + if (item != NULL) { + if (item->buf != NULL) + XFREE(item->buf, heap, DYNAMIC_TYPE_NONE); + XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG); + } +} + + +void DtlsMsgListDelete(DtlsMsg* head, void* heap) +{ + DtlsMsg* next; + while (head) { + next = head->next; + DtlsMsgDelete(head, heap); + head = next; + } +} + + +void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type, + word32 fragOffset, word32 fragSz) +{ + if (msg != NULL && data != NULL && msg->fragSz <= msg->sz) { + msg->seq = seq; + msg->type = type; + msg->fragSz += fragSz; + /* If fragOffset is zero, this is either a full message that is out + * of order, or the first fragment of a fragmented message. Copy the + * handshake message header as well as the message data. */ + if (fragOffset == 0) + XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ, + fragSz + DTLS_HANDSHAKE_HEADER_SZ); + else { + /* If fragOffet is non-zero, this is an additional fragment that + * needs to be copied to its location in the message buffer. Also + * copy the total size of the message over the fragment size. The + * hash routines look at a defragmented message if it had actually + * come across as a single handshake message. */ + XMEMCPY(msg->msg + fragOffset, data, fragSz); + c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ); + } + } +} + + +DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq) +{ + while (head != NULL && head->seq != seq) { + head = head->next; + } + return head; +} + + +DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data, + word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap) +{ + + /* See if seq exists in the list. If it isn't in the list, make + * a new item of size dataSz, copy fragSz bytes from data to msg->msg + * starting at offset fragOffset, and add fragSz to msg->fragSz. If + * the seq is in the list and it isn't full, copy fragSz bytes from + * data to msg->msg starting at offset fragOffset, and add fragSz to + * msg->fragSz. The new item should be inserted into the list in its + * proper position. + * + * 1. Find seq in list, or where seq should go in list. If seq not in + * list, create new item and insert into list. Either case, keep + * pointer to item. + * 2. If msg->fragSz + fragSz < sz, copy data to msg->msg at offset + * fragOffset. Add fragSz to msg->fragSz. + */ + + if (head != NULL) { + DtlsMsg* cur = DtlsMsgFind(head, seq); + if (cur == NULL) { + cur = DtlsMsgNew(dataSz, heap); + DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz); + head = DtlsMsgInsert(head, cur); + } + else { + DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz); + } + } + else { + head = DtlsMsgNew(dataSz, heap); + DtlsMsgSet(head, seq, data, type, fragOffset, fragSz); + } + + return head; +} + + +/* DtlsMsgInsert() is an in-order insert. */ +DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item) +{ + if (head == NULL || item->seq < head->seq) { + item->next = head; + head = item; + } + else if (head->next == NULL) { + head->next = item; + } + else { + DtlsMsg* cur = head->next; + DtlsMsg* prev = head; + while (cur) { + if (item->seq < cur->seq) { + item->next = cur; + prev->next = item; + break; + } + prev = cur; + cur = cur->next; + } + if (cur == NULL) { + prev->next = item; + } + } + + return head; +} + +#endif /* CYASSL_DTLS */ #ifndef NO_OLD_TLS @@ -2049,7 +2346,9 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, return VERSION_ERROR; /* only use requested version */ } } - +#if 0 + /* Instead of this, check the datagram against the sliding window of + * received datagram goodness. */ #ifdef CYASSL_DTLS /* If DTLS, check the sequence number against expected. If out of * order, drop the record. Allows newer records in and resets the @@ -2067,7 +2366,7 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, } } #endif - +#endif /* record layer length check */ if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) return LENGTH_ERROR; @@ -2125,7 +2424,6 @@ static int GetDtlsHandShakeHeader(CYASSL* ssl, const byte* input, c24to32(input + idx, fragOffset); idx += DTLS_HANDSHAKE_FRAG_SZ; c24to32(input + idx, fragSz); - idx += DTLS_HANDSHAKE_FRAG_SZ; return 0; } @@ -2206,16 +2504,16 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) Sha384 sha384; #endif -#ifndef NO_SHA256 - InitSha256(&sha256); - if (IsAtLeastTLSv1_2(ssl)) - sha256 = ssl->hashSha256; -#endif -#ifdef CYASSL_SHA384 - InitSha384(&sha384); - if (IsAtLeastTLSv1_2(ssl)) - sha384 = ssl->hashSha384; -#endif + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 + InitSha256(&sha256); + sha256 = ssl->hashSha256; + #endif + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + sha384 = ssl->hashSha384; + #endif + } if (ssl->options.tls) BuildTlsFinished(ssl, hashes, sender); @@ -2227,17 +2525,17 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) #endif /* restore */ -#ifndef NO_MD5 - ssl->hashMd5 = md5; -#endif + #ifndef NO_MD5 + ssl->hashMd5 = md5; + #endif ssl->hashSha = sha; if (IsAtLeastTLSv1_2(ssl)) { -#ifndef NO_SHA256 - ssl->hashSha256 = sha256; -#endif -#ifdef CYASSL_SHA384 - ssl->hashSha384 = sha384; -#endif + #ifndef NO_SHA256 + ssl->hashSha256 = sha256; + #endif + #ifdef CYASSL_SHA384 + ssl->hashSha384 = sha384; + #endif } } @@ -2854,6 +3152,31 @@ static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, #ifdef CYASSL_DTLS +static int DtlsMsgDrain(CYASSL* ssl) +{ + DtlsMsg* item = ssl->dtls_msg_list; + int ret = 0; + word32 idx = 0; + + /* While there is an item in the store list, and it is the expected + * message, and it is complete, and there hasn't been an error in the + * last messge... */ + while (item != NULL && + ssl->keys.dtls_expected_peer_handshake_number == item->seq && + item->fragSz == item->sz && + ret == 0) { + ssl->keys.dtls_expected_peer_handshake_number++; + ret = DoHandShakeMsgType(ssl, item->msg, + &idx, item->type, item->sz, item->sz); + ssl->dtls_msg_list = item->next; + DtlsMsgDelete(item, ssl->heap); + item = ssl->dtls_msg_list; + } + + return ret; +} + + static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, word32 totalSz) { @@ -2870,74 +3193,49 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, if (*inOutIdx + fragSz > totalSz) return INCOMPLETE_DATA; - if (fragSz < size) { - /* message is fragmented, knit back together */ - byte* buf = ssl->buffers.dtlsHandshake.buffer; - if (ssl->buffers.dtlsHandshake.length == 0) { - /* Need to add a header back into the data. The Hash is calculated - * as if this were a single message, not several fragments. */ - buf = (byte*)XMALLOC(size + DTLS_HANDSHAKE_HEADER_SZ, - ssl->heap, DYNAMIC_TYPE_NONE); - if (buf == NULL) - return MEMORY_ERROR; - - ssl->buffers.dtlsHandshake.length = size; - ssl->buffers.dtlsHandshake.buffer = buf; - ssl->buffers.dtlsUsed = 0; - ssl->buffers.dtlsType = type; - - /* Construct a new header for the reassembled message as if it - * were originally sent as one fragment for the hashing later. */ - XMEMCPY(buf, - input + *inOutIdx - DTLS_HANDSHAKE_HEADER_SZ, - DTLS_HANDSHAKE_HEADER_SZ - DTLS_HANDSHAKE_FRAG_SZ); - XMEMCPY(buf + DTLS_HANDSHAKE_HEADER_SZ - DTLS_HANDSHAKE_FRAG_SZ, - input + *inOutIdx - DTLS_HANDSHAKE_HEADER_SZ + ENUM_LEN, - DTLS_HANDSHAKE_FRAG_SZ); - } - /* readjust the buf pointer past the header */ - buf += DTLS_HANDSHAKE_HEADER_SZ; - - XMEMCPY(buf + fragOffset, input + *inOutIdx, fragSz); - ssl->buffers.dtlsUsed += fragSz; - *inOutIdx += fragSz; - - if (ssl->buffers.dtlsUsed != size) { - CYASSL_LEAVE("DoDtlsHandShakeMsg()", 0); - return 0; - } - else { - if (ssl->keys.dtls_peer_handshake_number == + /* Check the handshake sequence number first. If out of order, + * add the current message to the list. If the message is in order, + * but it is a fragment, add the current message to the list, then + * check the head of the list to see if it is complete, if so, pop + * it out as the current message. If the message is complete and in + * order, process it. Check the head of the list to see if it is in + * order, if so, process it. (Repeat until list exhausted.) If the + * head is out of order, return for more processing. + */ + if (ssl->keys.dtls_peer_handshake_number > ssl->keys.dtls_expected_peer_handshake_number) { - word32 idx = 0; - totalSz = size; - ssl->keys.dtls_expected_peer_handshake_number++; - ret = DoHandShakeMsgType(ssl, buf, &idx, type, size, totalSz); - } - else { - *inOutIdx += size; - ret = 0; - } - } + /* Current message is out of order. It will get stored in the list. + * Storing also takes care of defragmentation. */ + ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, + ssl->keys.dtls_peer_handshake_number, input + *inOutIdx, + size, type, fragOffset, fragSz, ssl->heap); + *inOutIdx += fragSz; + ret = 0; + } + else if (ssl->keys.dtls_peer_handshake_number < + ssl->keys.dtls_expected_peer_handshake_number) { + /* Already saw this message and processed it. It can be ignored. */ + *inOutIdx += fragSz; + ret = 0; + } + else if (fragSz < size) { + /* Since this branch is in order, but fragmented, dtls_msg_list will be + * pointing to the message with this fragment in it. Check it to see + * if it is completed. */ + ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, + ssl->keys.dtls_peer_handshake_number, input + *inOutIdx, + size, type, fragOffset, fragSz, ssl->heap); + *inOutIdx += fragSz; + ret = 0; + if (ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz) + ret = DtlsMsgDrain(ssl); } else { - if (ssl->keys.dtls_peer_handshake_number == - ssl->keys.dtls_expected_peer_handshake_number) { - ssl->keys.dtls_expected_peer_handshake_number++; - ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); - } - else { - *inOutIdx += size; - ret = 0; - } - } - - if (ssl->buffers.dtlsHandshake.buffer != NULL) { - XFREE(ssl->buffers.dtlsHandshake.buffer, ssl->heap, DYNAMIC_TYPE_NONE); - ssl->buffers.dtlsHandshake.length = 0; - ssl->buffers.dtlsHandshake.buffer = NULL; - ssl->buffers.dtlsUsed = 0; - ssl->buffers.dtlsType = 0; + /* This branch is in order next, and a complete message. */ + ssl->keys.dtls_expected_peer_handshake_number++; + ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); + if (ret == 0 && ssl->dtls_msg_list != NULL) + ret = DtlsMsgDrain(ssl); } CYASSL_LEAVE("DoDtlsHandShakeMsg()", ret); @@ -3080,6 +3378,12 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) break; #endif + #ifdef HAVE_CAMELLIA + case camellia: + CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz); + break; + #endif + #ifdef HAVE_HC128 case hc128: #ifdef XSTREAM_ALIGNMENT @@ -3234,6 +3538,12 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, } #endif + #ifdef HAVE_CAMELLIA + case camellia: + CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz); + break; + #endif + #ifdef HAVE_HC128 case hc128: Hc128_Process(ssl->decrypt.hc128, plain, input, sz); @@ -3330,7 +3640,7 @@ static INLINE void Md5Rounds(int rounds, const byte* data, int sz) InitMd5(&md5); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) Md5Update(&md5, data, sz); } @@ -3344,7 +3654,7 @@ static INLINE void ShaRounds(int rounds, const byte* data, int sz) InitSha(&sha); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) ShaUpdate(&sha, data, sz); } @@ -3358,7 +3668,7 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) InitSha256(&sha256); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) Sha256Update(&sha256, data, sz); } @@ -3374,7 +3684,7 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) InitSha384(&sha384); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) Sha384Update(&sha384, data, sz); } @@ -3390,7 +3700,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) InitSha512(&sha512); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) Sha512Update(&sha512, data, sz); } @@ -3406,7 +3716,7 @@ static INLINE void RmdRounds(int rounds, const byte* data, int sz) InitRipeMd(&ripemd); - for (i = 0; i < rounds; i++); + for (i = 0; i < rounds; i++) RipeMdUpdate(&ripemd, data, sz); } @@ -3766,6 +4076,9 @@ static int GetInputData(CYASSL *ssl, word32 size) if (in == WANT_READ) return WANT_READ; + + if (in > inSz) + return RECV_OVERFLOW_E; ssl->buffers.inputBuffer.length += in; inSz -= in; @@ -3880,7 +4193,8 @@ int ProcessReply(CYASSL* ssl) &ssl->curRL, &ssl->curSize); #ifdef CYASSL_DTLS if (ssl->options.dtls && ret == SEQUENCE_ERROR) { - /* This message is out of order. Forget it ever happened. */ + /* This message is out of order. If we are handshaking, save + *it for later. Otherwise go ahead and process it. */ ssl->options.processReply = doProcessInit; ssl->buffers.inputBuffer.length = 0; ssl->buffers.inputBuffer.idx = 0; @@ -4204,16 +4518,35 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) /* store current states, building requires get_digest which resets state */ Md5 md5 = ssl->hashMd5; Sha sha = ssl->hashSha; -#ifndef NO_SHA256 /* for possible future changes */ - Sha256 sha256; - InitSha256(&sha256); - if (IsAtLeastTLSv1_2(ssl)) - sha256 = ssl->hashSha256; -#endif + #ifndef NO_SHA256 + Sha256 sha256; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + #endif + + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 + InitSha256(&sha256); + sha256 = ssl->hashSha256; + #endif + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + sha384 = ssl->hashSha384; + #endif + } if (ssl->options.tls) { Md5Final(&ssl->hashMd5, hashes->md5); ShaFinal(&ssl->hashSha, hashes->sha); + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 + Sha256Final(&ssl->hashSha256, hashes->sha256); + #endif + #ifdef CYASSL_SHA384 + Sha384Final(&ssl->hashSha384, hashes->sha384); + #endif + } } else { BuildMD5_CertVerify(ssl, hashes->md5); @@ -4223,10 +4556,14 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes) /* restore */ ssl->hashMd5 = md5; ssl->hashSha = sha; -#ifndef NO_SHA256 - if (IsAtLeastTLSv1_2(ssl)) - ssl->hashSha256 = sha256; -#endif + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 + ssl->hashSha256 = sha256; + #endif + #ifdef CYASSL_SHA384 + ssl->hashSha384 = sha384; + #endif + } } #endif @@ -4482,7 +4819,7 @@ int SendCertificateRequest(CYASSL* ssl) int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */ if (IsAtLeastTLSv1_2(ssl)) - reqSz += LENGTH_SZ + HASH_SIG_SIZE; + reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz; if (ssl->options.usingPSK_cipher) return 0; /* not needed */ @@ -4510,11 +4847,12 @@ int SendCertificateRequest(CYASSL* ssl) /* supported hash/sig */ if (IsAtLeastTLSv1_2(ssl)) { - c16toa(HASH_SIG_SIZE, &output[i]); + c16toa(ssl->suites->hashSigAlgoSz, &output[i]); i += LENGTH_SZ; - output[i++] = sha_mac; /* hash */ - output[i++] = rsa_sa_algo; /* sig */ + XMEMCPY(&output[i], + ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz); + i += ssl->suites->hashSigAlgoSz; } c16toa(0, &output[i]); /* auth's */ @@ -4598,7 +4936,7 @@ int SendData(CYASSL* ssl, const void* data, int sz) /* check for avalaible size */ if ((ret = CheckAvalaibleSize(ssl, len + COMP_EXTRA + MAX_MSG_EXTRA)) != 0) - return ret; + return ssl->error = ret; /* get ouput buffer */ out = ssl->buffers.outputBuffer.buffer + @@ -5087,6 +5425,14 @@ void SetErrorString(int error, char* str) XSTRNCPY(str, "Sanity check on ciphertext failed", max); break; + case RECV_OVERFLOW_E: + XSTRNCPY(str, "Receive callback returned more than requested", max); + break; + + case GEN_COOKIE_E: + XSTRNCPY(str, "Generate Cookie Error", max); + break; + default : XSTRNCPY(str, "unknown error number", max); } @@ -5191,6 +5537,14 @@ const char* const cipher_names[] = "AES256-CCM-8-SHA384", #endif +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 + "ECDHE-ECDSA-AES128-CCM-8-SHA256", +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 + "ECDHE-ECDSA-AES256-CCM-8-SHA384", +#endif + #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA", #endif @@ -5316,7 +5670,39 @@ const char* const cipher_names[] = #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - "ECDH-ECDSA-AES256-GCM-SHA384" + "ECDH-ECDSA-AES256-GCM-SHA384", +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + "CAMELLIA128-SHA", +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + "DHE-RSA-CAMELLIA128-SHA", +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + "CAMELLIA256-SHA", +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + "DHE-RSA-CAMELLIA256-SHA", +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + "CAMELLIA128-SHA256", +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + "DHE-RSA-CAMELLIA128-SHA256", +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + "CAMELLIA256-SHA256", +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + "DHE-RSA-CAMELLIA256-SHA256" #endif }; @@ -5419,6 +5805,14 @@ int cipher_name_idx[] = TLS_RSA_WITH_AES_256_CCM_8_SHA384, #endif +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256, +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384, +#endif + #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, #endif @@ -5544,7 +5938,39 @@ int cipher_name_idx[] = #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 #endif }; @@ -5563,6 +5989,7 @@ int SetCipherList(Suites* s, const char* list) const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]); int idx = 0; + int haveRSA = 0, haveECDSA = 0; if (s == NULL) { CYASSL_MSG("SetCipherList suite pointer error"); @@ -5597,6 +6024,15 @@ int SetCipherList(Suites* s, const char* list) s->suites[idx++] = 0x00; /* normal */ s->suites[idx++] = (byte)cipher_name_idx[i]; + /* The suites are either ECDSA, RSA, or PSK. The RSA suites + * don't necessarily have RSA in the name. */ + if ((haveECDSA == 0) && XSTRSTR(name, "ECDSA")) { + haveECDSA = 1; + } + else if ((haveRSA == 0) && (XSTRSTR(name, "PSK") == NULL)) { + haveRSA = 1; + } + if (!ret) ret = 1; /* found at least one */ break; } @@ -5607,6 +6043,36 @@ int SetCipherList(Suites* s, const char* list) if (ret) { s->setSuites = 1; s->suiteSz = (word16)idx; + + idx = 0; + + if (haveECDSA) { + #ifdef CYASSL_SHA384 + s->hashSigAlgo[idx++] = sha384_mac; + s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + #ifndef NO_SHA256 + s->hashSigAlgo[idx++] = sha256_mac; + s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + #endif + s->hashSigAlgo[idx++] = sha_mac; + s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; + } + + if (haveRSA) { + #ifdef CYASSL_SHA384 + s->hashSigAlgo[idx++] = sha384_mac; + s->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + #ifndef NO_SHA256 + s->hashSigAlgo[idx++] = sha256_mac; + s->hashSigAlgo[idx++] = rsa_sa_algo; + #endif + s->hashSigAlgo[idx++] = sha_mac; + s->hashSigAlgo[idx++] = rsa_sa_algo; + } + + s->hashSigAlgoSz = idx; } return ret; @@ -5778,9 +6244,9 @@ int SetCipherList(Suites* s, const char* list) + ssl->suites->suiteSz + SUITE_LEN + COMP_LEN + ENUM_LEN; - if (IsAtLeastTLSv1_2(ssl)) - length += HELLO_EXT_SZ; - + if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) { + length += ssl->suites->hashSigAlgoSz + HELLO_EXT_SZ; + } sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; #ifdef CYASSL_DTLS @@ -5853,26 +6319,22 @@ int SetCipherList(Suites* s, const char* list) else output[idx++] = NO_COMPRESSION; - if (IsAtLeastTLSv1_2(ssl)) + if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) { + int i; /* add in the extensions length */ - c16toa(HELLO_EXT_LEN, output + idx); + c16toa(HELLO_EXT_LEN + ssl->suites->hashSigAlgoSz, output + idx); idx += 2; c16toa(HELLO_EXT_SIG_ALGO, output + idx); idx += 2; - c16toa(HELLO_EXT_SIGALGO_SZ, output + idx); + c16toa(HELLO_EXT_SIGALGO_SZ+ssl->suites->hashSigAlgoSz, output+idx); idx += 2; - /* This is a lazy list setup. Eventually, we'll need to support - * using other hash types or even other extensions. */ - c16toa(HELLO_EXT_SIGALGO_LEN, output + idx); + c16toa(ssl->suites->hashSigAlgoSz, output + idx); idx += 2; - output[idx++] = sha_mac; - output[idx++] = rsa_sa_algo; - output[idx++] = sha_mac; - output[idx++] = dsa_sa_algo; - output[idx++] = sha_mac; - output[idx++] = ecc_dsa_sa_algo; + for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) { + output[idx] = ssl->suites->hashSigAlgo[i]; + } } #ifdef CYASSL_DTLS @@ -6056,17 +6518,18 @@ int SetCipherList(Suites* s, const char* list) /* types, read in here */ *inOutIdx += len; - ato16(&input[*inOutIdx], &len); - *inOutIdx += LENGTH_SZ; if (IsAtLeastTLSv1_2(ssl)) { /* hash sig format */ - *inOutIdx += len; ato16(&input[*inOutIdx], &len); *inOutIdx += LENGTH_SZ; + PickHashSigAlgo(ssl, &input[*inOutIdx], len); + *inOutIdx += len; } /* authorities */ + ato16(&input[*inOutIdx], &len); + *inOutIdx += LENGTH_SZ; while (len) { word16 dnSz; @@ -6201,7 +6664,17 @@ int SetCipherList(Suites* s, const char* list) Md5 md5; Sha sha; byte hash[FINISHED_SZ]; + #ifndef NO_SHA256 + Sha256 sha256; + byte hash256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + byte hash384[SHA384_DIGEST_SIZE]; + #endif byte messageVerify[MAX_DH_SZ]; + byte hashAlgo = sha_mac; + byte sigAlgo = ssl->specs.sig_algo; /* adjust from start idx */ verifySz = (word16)(*inOutIdx - verifySz); @@ -6212,8 +6685,10 @@ int SetCipherList(Suites* s, const char* list) XMEMCPY(messageVerify, &input[*inOutIdx - verifySz], verifySz); if (IsAtLeastTLSv1_2(ssl)) { - /* just advance for now TODO: validate hash algo params */ - *inOutIdx += LENGTH_SZ; + hashAlgo = input[*inOutIdx]; + *inOutIdx += 1; + sigAlgo = input[*inOutIdx]; + *inOutIdx += 1; } /* signature */ @@ -6240,8 +6715,24 @@ int SetCipherList(Suites* s, const char* list) ShaUpdate(&sha, messageVerify, verifySz); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); + #ifndef NO_SHA256 + InitSha256(&sha256); + Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + Sha256Update(&sha256, messageVerify, verifySz); + Sha256Final(&sha256, hash256); + #endif + + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + Sha384Update(&sha384, messageVerify, verifySz); + Sha384Final(&sha384, hash384); + #endif + /* rsa */ - if (ssl->specs.sig_algo == rsa_sa_algo) + if (sigAlgo == rsa_sa_algo) { int ret; byte* out; @@ -6254,14 +6745,24 @@ int SetCipherList(Suites* s, const char* list) if (IsAtLeastTLSv1_2(ssl)) { byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 encSigSz; - byte* digest; - int typeH; - int digestSz; + byte* digest = &hash[MD5_DIGEST_SIZE]; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = &hash[MD5_DIGEST_SIZE]; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); @@ -6276,13 +6777,30 @@ int SetCipherList(Suites* s, const char* list) } #ifdef HAVE_ECC /* ecdsa */ - else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { + else if (sigAlgo == ecc_dsa_sa_algo) { int verify = 0, ret; + byte* digest = &hash[MD5_DIGEST_SIZE]; + word32 digestSz = SHA_DIGEST_SIZE; if (!ssl->peerEccDsaKeyPresent) return NO_PEER_KEY; - ret = ecc_verify_hash(signature, sigLen, &hash[MD5_DIGEST_SIZE], - SHA_DIGEST_SIZE, &verify, ssl->peerEccDsaKey); + if (IsAtLeastTLSv1_2(ssl)) { + if (hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + + ret = ecc_verify_hash(signature, sigLen, digest, digestSz, + &verify, ssl->peerEccDsaKey); if (ret != 0 || verify == 0) return VERIFY_SIGN_ERROR; } @@ -6598,7 +7116,7 @@ int SetCipherList(Suites* s, const char* list) byte* verify = (byte*)&output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ]; byte* signBuffer = ssl->certHashes.md5; - word32 signSz = sizeof(Hashes); + word32 signSz = FINISHED_SZ; byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 extraSz = 0; /* tls 1.2 hash/sig */ @@ -6608,7 +7126,7 @@ int SetCipherList(Suites* s, const char* list) #endif length = sigOutSz; if (IsAtLeastTLSv1_2(ssl)) { - verify[0] = sha_mac; + verify[0] = ssl->suites->hashAlgo; verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo; extraSz = HASH_SIG_SIZE; } @@ -6617,21 +7135,49 @@ int SetCipherList(Suites* s, const char* list) if (usingEcc) { #ifdef HAVE_ECC word32 localSz = sigOutSz; - ret = ecc_sign_hash(signBuffer + MD5_DIGEST_SIZE, - SHA_DIGEST_SIZE, verify + extraSz + VERIFY_HEADER, + word32 digestSz = SHA_DIGEST_SIZE; + byte* digest = ssl->certHashes.sha; + + if (IsAtLeastTLSv1_2(ssl)) { + if (ssl->suites->hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = ssl->certHashes.sha256; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->suites->hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = ssl->certHashes.sha384; + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + + ret = ecc_sign_hash(digest, digestSz, + verify + extraSz + VERIFY_HEADER, &localSz, ssl->rng, &eccKey); #endif } else { if (IsAtLeastTLSv1_2(ssl)) { - byte* digest; - int typeH; - int digestSz; + byte* digest = ssl->certHashes.sha; + int digestSz = SHA_DIGEST_SIZE; + int typeH = SHAh; - /* sha1 for now */ - digest = ssl->certHashes.sha; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (ssl->suites->hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = ssl->certHashes.sha256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->suites->hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = ssl->certHashes.sha384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } signSz = EncodeSignature(encodedSig, digest,digestSz,typeH); signBuffer = encodedSig; @@ -6970,8 +7516,8 @@ int SetCipherList(Suites* s, const char* list) XMEMCPY(output + idx, exportBuf, expSz); idx += expSz; if (IsAtLeastTLSv1_2(ssl)) { - output[idx++] = sha_mac; - output[idx++] = ssl->specs.sig_algo; + output[idx++] = ssl->suites->hashAlgo; + output[idx++] = ssl->suites->sigAlgo; } c16toa((word16)sigSz, output + idx); idx += LENGTH_SZ; @@ -6981,6 +7527,14 @@ int SetCipherList(Suites* s, const char* list) Md5 md5; Sha sha; byte hash[FINISHED_SZ]; + #ifndef NO_SHA256 + Sha256 sha256; + byte hash256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + byte hash384[SHA384_DIGEST_SIZE]; + #endif /* md5 */ InitMd5(&md5); @@ -6996,22 +7550,48 @@ int SetCipherList(Suites* s, const char* list) ShaUpdate(&sha, output + preSigIdx, preSigSz); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); - if (ssl->specs.sig_algo == rsa_sa_algo) { + #ifndef NO_SHA256 + InitSha256(&sha256); + Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + Sha256Update(&sha256, output + preSigIdx, preSigSz); + Sha256Final(&sha256, hash256); + #endif + + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + Sha384Update(&sha384, output + preSigIdx, preSigSz); + Sha384Final(&sha384, hash384); + #endif + + if (ssl->suites->sigAlgo == rsa_sa_algo) { byte* signBuffer = hash; word32 signSz = sizeof(hash); byte encodedSig[MAX_ENCODED_SIG_SZ]; if (IsAtLeastTLSv1_2(ssl)) { - byte* digest; - int hType; - int digestSz; + byte* digest = &hash[MD5_DIGEST_SIZE]; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = &hash[MD5_DIGEST_SIZE]; - hType = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (ssl->suites->hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->suites->hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } signSz = EncodeSignature(encodedSig, digest, digestSz, - hType); + typeH); signBuffer = encodedSig; } ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz, @@ -7023,10 +7603,27 @@ int SetCipherList(Suites* s, const char* list) else return ret; } - else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { + else if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) { + byte* digest = &hash[MD5_DIGEST_SIZE]; + word32 digestSz = SHA_DIGEST_SIZE; word32 sz = sigSz; - ret = ecc_sign_hash(&hash[MD5_DIGEST_SIZE], SHA_DIGEST_SIZE, + if (IsAtLeastTLSv1_2(ssl)) { + if (ssl->suites->hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->suites->hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + + ret = ecc_sign_hash(digest, digestSz, output + idx, &sz, ssl->rng, &dsaKey); FreeRsaKey(&rsaKey); ecc_free(&dsaKey); @@ -7096,6 +7693,7 @@ int SetCipherList(Suites* s, const char* list) &ssl->buffers.serverDH_Pub.length); FreeDhKey(&dhKey); + InitRsaKey(&rsaKey, ssl->heap); if (ret == 0) { length = LENGTH_SZ * 3; /* p, g, pub */ length += ssl->buffers.serverDH_P.length + @@ -7111,7 +7709,6 @@ int SetCipherList(Suites* s, const char* list) if (!ssl->buffers.key.buffer) return NO_PRIVATE_KEY; - InitRsaKey(&rsaKey, ssl->heap); ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, &rsaKey, ssl->buffers.key.length); if (ret == 0) { @@ -7171,8 +7768,8 @@ int SetCipherList(Suites* s, const char* list) /* Add signature */ if (IsAtLeastTLSv1_2(ssl)) { - output[idx++] = sha_mac; - output[idx++] = ssl->specs.sig_algo; + output[idx++] = ssl->suites->hashAlgo; + output[idx++] = ssl->suites->sigAlgo; } /* size */ c16toa((word16)sigSz, output + idx); @@ -7183,6 +7780,14 @@ int SetCipherList(Suites* s, const char* list) Md5 md5; Sha sha; byte hash[FINISHED_SZ]; + #ifndef NO_SHA256 + Sha256 sha256; + byte hash256[SHA256_DIGEST_SIZE]; + #endif + #ifdef CYASSL_SHA384 + Sha384 sha384; + byte hash384[SHA384_DIGEST_SIZE]; + #endif /* md5 */ InitMd5(&md5); @@ -7198,19 +7803,45 @@ int SetCipherList(Suites* s, const char* list) ShaUpdate(&sha, output + preSigIdx, preSigSz); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); - if (ssl->specs.sig_algo == rsa_sa_algo) { + #ifndef NO_SHA256 + InitSha256(&sha256); + Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); + Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); + Sha256Update(&sha256, output + preSigIdx, preSigSz); + Sha256Final(&sha256, hash256); + #endif + + #ifdef CYASSL_SHA384 + InitSha384(&sha384); + Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); + Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); + Sha384Update(&sha384, output + preSigIdx, preSigSz); + Sha384Final(&sha384, hash384); + #endif + + if (ssl->suites->sigAlgo == rsa_sa_algo) { byte* signBuffer = hash; word32 signSz = sizeof(hash); byte encodedSig[MAX_ENCODED_SIG_SZ]; if (IsAtLeastTLSv1_2(ssl)) { - byte* digest; - int typeH; - int digestSz; + byte* digest = &hash[MD5_DIGEST_SIZE]; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = &hash[MD5_DIGEST_SIZE]; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (ssl->suites->hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = hash256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (ssl->suites->hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = hash384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } signSz = EncodeSignature(encodedSig, digest, digestSz, typeH); @@ -7416,6 +8047,12 @@ int SetCipherList(Suites* s, const char* list) return 1; break; + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 : + case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + default: CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); return 0; @@ -7567,6 +8204,26 @@ int SetCipherList(Suites* s, const char* list) return 1; break; + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + break; + + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + if (requirement == REQUIRES_RSA) + return 1; + if (requirement == REQUIRES_RSA_SIG) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; + default: CYASSL_MSG("Unsupported cipher suite, CipherRequires"); return 0; @@ -7667,6 +8324,36 @@ int SetCipherList(Suites* s, const char* list) } + static void PickHashSigAlgo(CYASSL* ssl, + const byte* hashSigAlgo, word32 hashSigAlgoSz) + { + word32 i; + + ssl->suites->sigAlgo = ssl->specs.sig_algo; + ssl->suites->hashAlgo = sha_mac; + + for (i = 0; i < hashSigAlgoSz; i += 2) { + if (hashSigAlgo[i+1] == ssl->specs.sig_algo) { + if (hashSigAlgo[i] == sha_mac) { + break; + } + #ifndef NO_SHA256 + else if (hashSigAlgo[i] == sha256_mac) { + ssl->suites->hashAlgo = sha256_mac; + break; + } + #endif + #ifdef CYASSL_SHA384 + else if (hashSigAlgo[i] == sha384_mac) { + ssl->suites->hashAlgo = sha384_mac; + break; + } + #endif + } + } + } + + static int MatchSuite(CYASSL* ssl, Suites* peerSuites) { word16 i, j; @@ -7679,7 +8366,6 @@ int SetCipherList(Suites* s, const char* list) if (ssl->suites == NULL) return SUITES_ERROR; - /* start with best, if a match we are good */ for (i = 0; i < ssl->suites->suiteSz; i += 2) for (j = 0; j < peerSuites->suiteSz; j += 2) @@ -7687,10 +8373,15 @@ int SetCipherList(Suites* s, const char* list) ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) { if (VerifySuite(ssl, i)) { + int result; CYASSL_MSG("Verified suite validity"); ssl->options.cipherSuite0 = ssl->suites->suites[i]; ssl->options.cipherSuite = ssl->suites->suites[i+1]; - return SetCipherSpecs(ssl); + result = SetCipherSpecs(ssl); + if (result == 0) + PickHashSigAlgo(ssl, peerSuites->hashSigAlgo, + peerSuites->hashSigAlgoSz); + return result; } else { CYASSL_MSG("Could not verify suite validity, continue"); @@ -7975,6 +8666,7 @@ int SetCipherList(Suites* s, const char* list) return BUFFER_ERROR; XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz); i += clSuites.suiteSz; + clSuites.hashSigAlgoSz = 0; b = input[i++]; /* comp len */ if (i + b > totalSz) @@ -7998,8 +8690,45 @@ int SetCipherList(Suites* s, const char* list) ssl->options.clientState = CLIENT_HELLO_COMPLETE; *inOutIdx = i; - if ( (i - begin) < helloSz) - *inOutIdx = begin + helloSz; /* skip extensions */ + if ( (i - begin) < helloSz) { + if (IsAtLeastTLSv1_2(ssl)) { + /* Process the hello extension. Skip unsupported. */ + word16 totalExtSz; + + ato16(&input[i], &totalExtSz); + i += LENGTH_SZ; + if (totalExtSz > helloSz + begin - i) + return INCOMPLETE_DATA; + while (totalExtSz) { + word16 extId, extSz; + + ato16(&input[i], &extId); + i += LENGTH_SZ; + ato16(&input[i], &extSz); + i += EXT_ID_SZ; + if (extSz > totalExtSz - LENGTH_SZ - EXT_ID_SZ) + return INCOMPLETE_DATA; + + if (extId == HELLO_EXT_SIG_ALGO) { + ato16(&input[i], &clSuites.hashSigAlgoSz); + i += LENGTH_SZ; + if (clSuites.hashSigAlgoSz > extSz - LENGTH_SZ) + return INCOMPLETE_DATA; + + XMEMCPY(clSuites.hashSigAlgo, &input[i], + min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX)); + i += clSuites.hashSigAlgoSz; + } + else + i += extSz; + + totalExtSz -= LENGTH_SZ + EXT_ID_SZ + extSz; + } + *inOutIdx = i; + } + else + *inOutIdx = begin + helloSz; /* skip extensions */ + } ssl->options.haveSessionId = 1; /* ProcessOld uses same resume code */ @@ -8042,6 +8771,8 @@ int SetCipherList(Suites* s, const char* list) byte* sig; byte* out; int outLen; + byte hashAlgo = sha_mac; + byte sigAlgo; #ifdef CYASSL_CALLBACKS if (ssl->hsInfoOn) @@ -8052,8 +8783,10 @@ int SetCipherList(Suites* s, const char* list) if ( (i + VERIFY_HEADER) > totalSz) return INCOMPLETE_DATA; - if (IsAtLeastTLSv1_2(ssl)) - i += HASH_SIG_SIZE; + if (IsAtLeastTLSv1_2(ssl)) { + hashAlgo = input[i++]; + sigAlgo = input[i++]; + } ato16(&input[i], &sz); i += VERIFY_HEADER; @@ -8076,14 +8809,24 @@ int SetCipherList(Suites* s, const char* list) if (IsAtLeastTLSv1_2(ssl)) { byte encodedSig[MAX_ENCODED_SIG_SZ]; word32 sigSz; - byte* digest; - int typeH; - int digestSz; + byte* digest = ssl->certHashes.sha; + int typeH = SHAh; + int digestSz = SHA_DIGEST_SIZE; - /* sha1 for now */ - digest = ssl->certHashes.sha; - typeH = SHAh; - digestSz = SHA_DIGEST_SIZE; + if (hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = ssl->certHashes.sha256; + typeH = SHA256h; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = ssl->certHashes.sha384; + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + #endif + } sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); @@ -8092,8 +8835,8 @@ int SetCipherList(Suites* s, const char* list) ret = 0; /* verified */ } else { - if (outLen == sizeof(ssl->certHashes) && XMEMCMP(out, - &ssl->certHashes, sizeof(ssl->certHashes)) == 0) + if (outLen == FINISHED_SZ && XMEMCMP(out, + &ssl->certHashes, FINISHED_SZ) == 0) ret = 0; /* verified */ } } @@ -8102,10 +8845,26 @@ int SetCipherList(Suites* s, const char* list) if (ssl->peerEccDsaKeyPresent) { int verify = 0; int err = -1; + byte* digest = ssl->certHashes.sha; + word32 digestSz = SHA_DIGEST_SIZE; CYASSL_MSG("Doing ECC peer cert verify"); - err = ecc_verify_hash(sig, sz, ssl->certHashes.sha, SHA_DIGEST_SIZE, + if (IsAtLeastTLSv1_2(ssl)) { + if (hashAlgo == sha256_mac) { + #ifndef NO_SHA256 + digest = ssl->certHashes.sha256; + digestSz = SHA256_DIGEST_SIZE; + #endif + } + else if (hashAlgo == sha384_mac) { + #ifdef CYASSL_SHA384 + digest = ssl->certHashes.sha384; + digestSz = SHA384_DIGEST_SIZE; + #endif + } + } + err = ecc_verify_hash(sig, sz, digest, digestSz, &verify, ssl->peerEccDsaKey); if (err == 0 && verify == 1) @@ -8304,7 +9063,10 @@ int SetCipherList(Suites* s, const char* list) XMEMCPY(ssl->arrays->client_identity, &input[*inOutIdx], ci_sz); *inOutIdx += ci_sz; - ssl->arrays->client_identity[ci_sz] = 0; + if (ci_sz < MAX_PSK_ID_LEN) + ssl->arrays->client_identity[ci_sz] = 0; + else + ssl->arrays->client_identity[MAX_PSK_ID_LEN-1] = 0; ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, ssl->arrays->client_identity, ssl->arrays->psk_key, diff --git a/src/io.c b/src/io.c index 259297325..624f5742c 100644 --- a/src/io.c +++ b/src/io.c @@ -1,6 +1,6 @@ /* io.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -29,6 +29,7 @@ #endif #include +#include /* if user writes own I/O callbacks they can define CYASSL_USER_IO to remove automatic setting of default I/O functions EmbedSend() and EmbedReceive() @@ -199,8 +200,10 @@ int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx) #else struct timeval timeout = {dtls_timeout, 0}; #endif - setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, - (char*)&timeout, TIMEVAL_BYTES); + if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, + TIMEVAL_BYTES) != 0) { + CYASSL_MSG("setsockopt rcvtimeo failed"); + } } } #endif @@ -318,14 +321,17 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx) XSOCKLENT peerSz = sizeof(peer); CYASSL_ENTER("EmbedReceiveFrom()"); + if (!CyaSSL_get_using_nonblock(ssl) && dtls_timeout != 0) { #ifdef USE_WINDOWS_API DWORD timeout = dtls_timeout * 1000; #else struct timeval timeout = { dtls_timeout, 0 }; #endif - setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, - (char*)&timeout, TIMEVAL_BYTES); + if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, + TIMEVAL_BYTES) != 0) { + CYASSL_MSG("setsockopt rcvtimeo failed"); + } } recvd = (int)RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags, @@ -365,8 +371,7 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx) } } else { - if (dtlsCtx != NULL - && dtlsCtx->peer.sz > 0 + if (dtlsCtx->peer.sz > 0 && peerSz != (XSOCKLENT)dtlsCtx->peer.sz && memcmp(&peer, dtlsCtx->peer.sa, peerSz) != 0) { CYASSL_MSG(" Ignored packet from invalid peer"); @@ -390,6 +395,7 @@ int EmbedSendTo(CYASSL* ssl, char *buf, int sz, void *ctx) int err; CYASSL_ENTER("EmbedSendTo()"); + sent = (int)SENDTO_FUNCTION(sd, &buf[sz - len], len, ssl->wflags, dtlsCtx->peer.sa, dtlsCtx->peer.sz); if (sent < 0) { @@ -435,7 +441,10 @@ int EmbedGenerateCookie(byte *buf, int sz, void *ctx) int cookieSrcSz = 0; Sha sha; - getpeername(sd, (struct sockaddr*)&peer, &peerSz); + if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) { + CYASSL_MSG("getpeername failed in EmbedGenerateCookie"); + return GEN_COOKIE_E; + } if (peer.sin_family == AF_INET) { struct sockaddr_in *s = (struct sockaddr_in*)&peer; @@ -497,6 +506,10 @@ static INLINE int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port) } *sockfd = socket(AF_INET_V, SOCK_STREAM, 0); + if (*sockfd < 0) { + CYASSL_MSG("bad socket fd, out of fds?"); + return -1; + } XMEMSET(&addr, 0, sizeof(SOCKADDR_IN_T)); addr.sin_family = AF_INET_V; @@ -663,7 +676,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz, byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf) { char domainName[80], path[80]; - int port, httpBufSz, sfd; + int port, httpBufSz, sfd = -1; int ocspRespSz = 0; byte* httpBuf = NULL; @@ -716,6 +729,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz, } } else { CYASSL_MSG("OCSP Responder connection failed"); + close(sfd); return -1; } diff --git a/src/keys.c b/src/keys.c index 2ab48a93c..75866cf16 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1,6 +1,6 @@ /* keys.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -451,6 +451,38 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 : + ssl->specs.bulk_cipher_algorithm = aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + break; +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 + case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 : + ssl->specs.bulk_cipher_algorithm = aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + break; +#endif #endif /* HAVE_ECC */ #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256 @@ -499,6 +531,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -515,6 +548,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -531,6 +565,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = md5_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = MD5_DIGEST_SIZE; ssl->specs.pad_size = PAD_MD5; ssl->specs.static_ecdh = 0; @@ -547,6 +582,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -563,6 +599,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -579,6 +616,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -595,6 +633,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -611,6 +650,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -627,6 +667,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -643,6 +684,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -659,6 +701,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -675,6 +718,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -691,6 +735,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -707,6 +752,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -724,6 +770,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -741,6 +788,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -758,6 +806,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; ssl->specs.hash_size = SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -775,6 +824,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -860,6 +910,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = md5_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = MD5_DIGEST_SIZE; ssl->specs.pad_size = PAD_MD5; ssl->specs.static_ecdh = 0; @@ -876,6 +927,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -892,6 +944,7 @@ int SetCipherSpecs(CYASSL* ssl) ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; @@ -970,6 +1023,142 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = camellia; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; + ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; + ssl->specs.iv_size = CAMELLIA_IV_SIZE; + + break; +#endif + default: CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs"); return UNSUPPORTED_SUITE; @@ -1039,7 +1228,7 @@ static int SetPrefix(byte* sha_input, int idx) static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, - byte side, void* heap) + byte side, void* heap, int devId) { #ifdef BUILD_ARC4 word32 sz = specs->key_size; @@ -1050,6 +1239,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); if (dec->arc4 == NULL) return MEMORY_E; +#ifdef HAVE_CAVIUM + if (devId != NO_CAVIUM_DEVICE) { + if (Arc4InitCavium(enc->arc4, devId) != 0) { + CYASSL_MSG("Arc4InitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + if (Arc4InitCavium(dec->arc4, devId) != 0) { + CYASSL_MSG("Arc4InitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + } +#endif if (side == CLIENT_END) { Arc4SetKey(enc->arc4, keys->client_write_key, sz); Arc4SetKey(dec->arc4, keys->server_write_key, sz); @@ -1121,6 +1322,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); if (dec->des3 == NULL) return MEMORY_E; +#ifdef HAVE_CAVIUM + if (devId != NO_CAVIUM_DEVICE) { + if (Des3_InitCavium(enc->des3, devId) != 0) { + CYASSL_MSG("Des3_InitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + if (Des3_InitCavium(dec->des3, devId) != 0) { + CYASSL_MSG("Des3_InitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + } +#endif if (side == CLIENT_END) { Des3_SetKey(enc->des3, keys->client_write_key, keys->client_write_IV, DES_ENCRYPTION); @@ -1146,6 +1359,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); if (dec->aes == NULL) return MEMORY_E; +#ifdef HAVE_CAVIUM + if (devId != NO_CAVIUM_DEVICE) { + if (AesInitCavium(enc->aes, devId) != 0) { + CYASSL_MSG("AesInitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + if (AesInitCavium(dec->aes, devId) != 0) { + CYASSL_MSG("AesInitCavium failed in SetKeys"); + return CAVIUM_INIT_E; + } + } +#endif if (side == CLIENT_END) { AesSetKey(enc->aes, keys->client_write_key, specs->key_size, keys->client_write_IV, @@ -1227,6 +1452,33 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, } #endif +#ifdef HAVE_CAMELLIA + if (specs->bulk_cipher_algorithm == camellia) { + enc->cam = (Camellia*)XMALLOC(sizeof(Camellia), + heap, DYNAMIC_TYPE_CIPHER); + if (enc->cam == NULL) + return MEMORY_E; + dec->cam = (Camellia*)XMALLOC(sizeof(Camellia), + heap, DYNAMIC_TYPE_CIPHER); + if (dec->cam == NULL) + return MEMORY_E; + if (side == CLIENT_END) { + CamelliaSetKey(enc->cam, keys->client_write_key, + specs->key_size, keys->client_write_IV); + CamelliaSetKey(dec->cam, keys->server_write_key, + specs->key_size, keys->server_write_IV); + } + else { + CamelliaSetKey(enc->cam, keys->server_write_key, + specs->key_size, keys->server_write_IV); + CamelliaSetKey(dec->cam, keys->client_write_key, + specs->key_size, keys->client_write_IV); + } + enc->setup = 1; + dec->setup = 1; + } +#endif + #ifdef HAVE_NULL_CIPHER if (specs->bulk_cipher_algorithm == cipher_null) { enc->setup = 1; @@ -1242,6 +1494,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, (void)enc; (void)dec; (void)specs; + (void)devId; return 0; } @@ -1251,6 +1504,11 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, int StoreKeys(CYASSL* ssl, const byte* keyData) { int sz, i = 0; + int devId = NO_CAVIUM_DEVICE; + +#ifdef HAVE_CAVIUM + devId = ssl->devId; +#endif if (ssl->specs.cipher_type != aead) { sz = ssl->specs.hash_size; @@ -1278,7 +1536,7 @@ int StoreKeys(CYASSL* ssl, const byte* keyData) #endif return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs, - ssl->options.side, ssl->heap); + ssl->options.side, ssl->heap, devId); } #ifndef NO_OLD_TLS diff --git a/src/ocsp.c b/src/ocsp.c index 1826e6ee8..6fd3dbe13 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1,6 +1,6 @@ /* ocsp.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -274,7 +274,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert) } if (ocsp->useOverrideUrl || cert->extAuthInfo == NULL) { - if (ocsp->overrideUrl != NULL) { + if (ocsp->overrideUrl[0] != '\0') { url = ocsp->overrideUrl; urlSz = (int)XSTRLEN(url); } @@ -299,7 +299,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert) ocspReqBuf, ocspReqSz, &ocspRespBuf); } - if (result >= 0) { + if (result >= 0 && ocspRespBuf) { InitOcspResponse(&ocspResponse, certStatus, ocspRespBuf, result); OcspResponseDecode(&ocspResponse); diff --git a/src/sniffer.c b/src/sniffer.c index 02a64d9f3..56aeac9d8 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1,6 +1,6 @@ /* sniffer.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/src/ssl.c b/src/ssl.c index 2017d3533..b2d0b0d55 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1,6 +1,6 @@ /* ssl.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -433,6 +433,34 @@ int CyaSSL_read(CYASSL* ssl, void* data, int sz) return CyaSSL_read_internal(ssl, data, sz, FALSE); } + +#ifdef HAVE_CAVIUM + +int CyaSSL_UseCavium(CYASSL* ssl, int devId) +{ + if (ssl == NULL) + return BAD_FUNC_ARG; + + ssl->devId = devId; + + return 0; +} + + +int CyaSSL_CTX_UseCavium(CYASSL_CTX* ctx, int devId) +{ + if (ctx == NULL) + return BAD_FUNC_ARG; + + ctx->devId = devId; + + return 0; +} + + +#endif /* HAVE_CAVIUM */ + + #ifndef CYASSL_LEANPSK int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags) { @@ -472,6 +500,9 @@ int CyaSSL_shutdown(CYASSL* ssl) { CYASSL_ENTER("SSL_shutdown()"); + if (ssl == NULL) + return 0; + if (ssl->options.quietShutdown) { CYASSL_MSG("quiet shutdown, no close notify sent"); return 0; @@ -924,7 +955,10 @@ int CyaSSL_Init(void) ret = BAD_MUTEX_ERROR; } if (ret == 0) { - LockMutex(&count_mutex); + if (LockMutex(&count_mutex) != 0) { + CYASSL_MSG("Bad Lock Mutex count"); + return BAD_MUTEX_ERROR; + } initRefCount++; UnLockMutex(&count_mutex); } @@ -1550,6 +1584,10 @@ int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type, } dynamic = 1; } + else if (sz < 0) { + XFCLOSE(file); + return SSL_BAD_FILE; + } if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) ret = SSL_BAD_FILE; @@ -1647,7 +1685,7 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file, /* Verify the ceritficate, 1 for success, < 0 for error */ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff, - int sz, int format) + long sz, int format) { int ret = 0; int eccKey = 0; /* not used */ @@ -1670,7 +1708,7 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff, InitDecodedCert(&cert, der.buffer, der.length, cm->heap); } else - InitDecodedCert(&cert, (byte*)buff, sz, cm->heap); + InitDecodedCert(&cert, (byte*)buff, (word32)sz, cm->heap); if (ret == 0) ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm); @@ -1704,6 +1742,12 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname, sz = XFTELL(file); XREWIND(file); + if (sz > MAX_CYASSL_FILE_SIZE || sz < 0) { + CYASSL_MSG("CertManagerVerify file bad size"); + XFCLOSE(file); + return SSL_BAD_FILE; + } + if (sz > (long)sizeof(staticBuffer)) { CYASSL_MSG("Getting dynamic buffer"); myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE); @@ -1717,7 +1761,7 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname, if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) ret = SSL_BAD_FILE; else - ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, (int)sz, format); + ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format); XFCLOSE(file); if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE); @@ -2023,6 +2067,10 @@ int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) } dynamic = 1; } + else if (sz < 0) { + XFCLOSE(file); + return SSL_BAD_FILE; + } if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) ret = SSL_BAD_FILE; @@ -2234,6 +2282,10 @@ static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl, } dynamic = 1; } + else if (sz < 0) { + XFCLOSE(file); + return SSL_BAD_FILE; + } if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) ret = SSL_BAD_FILE; @@ -2467,6 +2519,8 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) { #ifdef CYASSL_DTLS int result = SSL_SUCCESS; + DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap); + ssl->dtls_msg_list = NULL; if (DtlsPoolTimeout(ssl) < 0 || DtlsPoolSend(ssl) < 0) { result = SSL_FATAL_ERROR; } @@ -2969,7 +3023,10 @@ int CyaSSL_Cleanup(void) CYASSL_ENTER("CyaSSL_Cleanup"); - LockMutex(&count_mutex); + if (LockMutex(&count_mutex) != 0) { + CYASSL_MSG("Bad Lock Mutex count"); + return BAD_MUTEX_ERROR; + } release = initRefCount-- == 1; if (initRefCount < 0) @@ -3269,7 +3326,7 @@ int CyaSSL_set_compression(CYASSL* ssl) { byte tmp[FILE_BUFFER_SIZE]; byte* myBuffer = tmp; - int send = 0; + int sending = 0; int newBuffer = 0; int idx = 0; int i; @@ -3278,10 +3335,10 @@ int CyaSSL_set_compression(CYASSL* ssl) CYASSL_ENTER("CyaSSL_writev"); for (i = 0; i < iovcnt; i++) - send += (int)iov[i].iov_len; + sending += (int)iov[i].iov_len; - if (send > (int)sizeof(tmp)) { - byte* tmp2 = (byte*) XMALLOC(send, ssl->heap, + if (sending > (int)sizeof(tmp)) { + byte* tmp2 = (byte*) XMALLOC(sending, ssl->heap, DYNAMIC_TYPE_WRITEV); if (!tmp2) return MEMORY_ERROR; @@ -3294,7 +3351,7 @@ int CyaSSL_set_compression(CYASSL* ssl) idx += (int)iov[i].iov_len; } - ret = CyaSSL_write(ssl, myBuffer, send); + ret = CyaSSL_write(ssl, myBuffer, sending); if (newBuffer) XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV); @@ -3984,6 +4041,8 @@ int CyaSSL_set_compression(CYASSL* ssl) bio->fd = sfd; bio->prev = 0; bio->next = 0; + bio->mem = NULL; + bio->memLen = 0; } return bio; } @@ -5434,6 +5493,10 @@ int CyaSSL_set_compression(CYASSL* ssl) return "TLS_RSA_WITH_AES_128_CCM_8_SHA256"; case TLS_RSA_WITH_AES_256_CCM_8_SHA384 : return "TLS_RSA_WITH_AES_256_CCM_8_SHA384"; + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 : + return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256"; + case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 : + return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384"; default: return "NONE"; @@ -5501,6 +5564,22 @@ int CyaSSL_set_compression(CYASSL* ssl) return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"; case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"; + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : + return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"; + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : + return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"; + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"; + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"; + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : + return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"; + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : + return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"; + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : + return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"; + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : + return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"; default: return "NONE"; } /* switch */ @@ -6351,6 +6430,7 @@ int CyaSSL_set_compression(CYASSL* ssl) } if ((myBuffer != NULL) && + (sz > 0) && (XFREAD(myBuffer, sz, 1, file) > 0) && (PemToDer(myBuffer, sz, CERT_TYPE, &fileDer, ctx->heap, &info, &eccKey) == 0) && diff --git a/src/tls.c b/src/tls.c index db19785f6..acb44e9c5 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1,6 +1,6 @@ /* tls.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -239,15 +239,9 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) else side = tls_server; -#ifndef NO_MD5 - PRF(hashes->md5, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, + PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); -#else - PRF(hashes->hash, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, - side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), - ssl->specs.mac_algorithm); -#endif } diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index e7cc499fa..6cb141b77 100755 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -1,6 +1,6 @@ /* snifftest.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/swig/cyassl.i b/swig/cyassl.i index d32776ff2..a381ad689 100644 --- a/swig/cyassl.i +++ b/swig/cyassl.i @@ -1,6 +1,6 @@ /* cyassl.i * - * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/swig/cyassl_adds.c b/swig/cyassl_adds.c index a6c7b2e4a..d9035f17b 100644 --- a/swig/cyassl_adds.c +++ b/swig/cyassl_adds.c @@ -1,6 +1,6 @@ /* cyassl_adds.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/tests/api.c b/tests/api.c index cdeeaf411..7db26fc68 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1,6 +1,6 @@ /* api.c API unit tests * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -613,21 +613,21 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) if (CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS) { /*err_sys("can't load ca file, Please run from CyaSSL home dir");*/ - return 0; + goto done; } if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from CyaSSL home dir");*/ - return 0; + goto done; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from CyaSSL home dir");*/ - return 0; + goto done; } ssl = CyaSSL_new(ctx); tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0); @@ -648,10 +648,10 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) char buffer[80]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*err_sys("SSL_accept failed");*/ - return 0; + goto done; } - idx = CyaSSL_read(ssl, input, sizeof(input)); + idx = CyaSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); @@ -663,6 +663,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) return 0; } +done: CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); @@ -696,21 +697,21 @@ void test_client_nofail(void* args) if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) { /* err_sys("can't load ca file, Please run from CyaSSL home dir");*/ - return; + goto done2; } if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from CyaSSL home dir");*/ - return; + goto done2; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from CyaSSL home dir");*/ - return; + goto done2; } tcp_connect(&sockfd, yasslIP, yasslPort, 0); @@ -723,22 +724,23 @@ void test_client_nofail(void* args) char buffer[80]; printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*printf("SSL_connect failed");*/ - return; + goto done2; } if (CyaSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ - return; + goto done2; } - input = CyaSSL_read(ssl, reply, sizeof(reply)); + input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); } +done2: CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); diff --git a/tests/hash.c b/tests/hash.c index 1baa5ca59..420dc36cb 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -1,6 +1,6 @@ /* hash.c has unit tests * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * diff --git a/tests/suites.c b/tests/suites.c index bc22cc865..00df11a55 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -1,6 +1,6 @@ /* suites.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -37,7 +37,7 @@ #include "examples/server/server.h" static void execute_test_case(int svr_argc, char** svr_argv, - int cli_argc, char** cli_argv) + int cli_argc, char** cli_argv, int addNoVerify) { func_args cliArgs = {cli_argc, cli_argv, 0, NULL}; func_args svrArgs = {svr_argc, svr_argv, 0, NULL}; @@ -46,17 +46,37 @@ static void execute_test_case(int svr_argc, char** svr_argv, THREAD_TYPE serverThread; char commandLine[MAX_COMMAND_SZ]; int i; + size_t added = 0; static int tests = 1; commandLine[0] = '\0'; for (i = 0; i < svr_argc; i++) { + added += strlen(svr_argv[i]) + 2; + if (added >= MAX_COMMAND_SZ) { + printf("server command line too long\n"); + break; + } strcat(commandLine, svr_argv[i]); strcat(commandLine, " "); } + if (addNoVerify) { + printf("repeating test with client cert request off\n"); + added += 3; /* -d plus terminator */ + if (added >= MAX_COMMAND_SZ) + printf("server command line too long\n"); + else + strcat(commandLine, "-d"); + } printf("trying server command line[%d]: %s\n", tests, commandLine); commandLine[0] = '\0'; + added = 0; for (i = 0; i < cli_argc; i++) { + added += strlen(cli_argv[i]) + 2; + if (added >= MAX_COMMAND_SZ) { + printf("client command line too long\n"); + break; + } strcat(commandLine, cli_argv[i]); strcat(commandLine, " "); } @@ -124,7 +144,7 @@ static void test_harness(void* vargs) fseek(file, 0, SEEK_END); sz = ftell(file); rewind(file); - if (sz == 0) { + if (sz <= 0) { fprintf(stderr, "%s is empty\n", fname); fclose(file); args->return_code = 1; @@ -143,6 +163,7 @@ static void test_harness(void* vargs) if (len != sz) { fprintf(stderr, "read error\n"); fclose(file); + free(script); args->return_code = 1; return; } @@ -200,7 +221,8 @@ static void test_harness(void* vargs) } if (do_it) { - execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs); + execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 0); + execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 1); svrArgsSz = 1; cliArgsSz = 1; cliMode = 0; @@ -373,12 +395,44 @@ int SuiteTest(void) #if defined(HAVE_AESCCM) /* add aesccm extra suites */ strcpy(argv0[1], "tests/test-aesccm.conf"); - printf("starting aesccm extra cipher suite tests\n"); + printf("starting aesccm cipher suite tests\n"); test_harness(&args); if (args.return_code != 0) { printf("error from script %d\n", args.return_code); exit(EXIT_FAILURE); } + #ifdef HAVE_ECC + /* add aesccm ecc extra suites */ + strcpy(argv0[1], "tests/test-aesccm-ecc.conf"); + printf("starting aesccm ecc cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + #endif +#endif + +#ifdef HAVE_CAMELLIA + /* add camellia suites */ + strcpy(argv0[1], "tests/test-camellia.conf"); + printf("starting camellia suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + #ifdef OPENSSL_EXTRA + /* add camellia openssl extra suites */ + strcpy(argv0[1], "tests/test-camellia-openssl.conf"); + printf("starting camellia openssl extra suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + + #endif #endif #ifdef CYASSL_DTLS diff --git a/tests/test-aesccm-ecc.conf b/tests/test-aesccm-ecc.conf new file mode 100644 index 000000000..8cfcb9846 --- /dev/null +++ b/tests/test-aesccm-ecc.conf @@ -0,0 +1,48 @@ +# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-A ./certs/server-ecc.pem + +# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-A ./certs/server-ecc.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem +-N + +# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-A ./certs/server-ecc.pem +-N + +# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem +-N + +# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-A ./certs/server-ecc.pem +-N + diff --git a/tests/test-aesccm.conf b/tests/test-aesccm.conf index eba2a9ea7..a86643120 100644 --- a/tests/test-aesccm.conf +++ b/tests/test-aesccm.conf @@ -14,3 +14,23 @@ -v 3 -l AES256-CCM-8-SHA384 +# server TLSv1.2 AES128-CCM-8-SHA256 NON-BLOCKING +-v 3 +-l AES128-CCM-8-SHA256 +-N + +# client TLSv1.2 AES128-CCM-8-SHA256 NON-BLOCKING +-v 3 +-l AES128-CCM-8-SHA256 +-N + +# server TLSv1.2 AES256-CCM-8-SHA384 NON-BLOCKING +-v 3 +-l AES256-CCM-8-SHA384 +-N + +# client TLSv1.2 AES256-CCM-8-SHA384 NON-BLOCKING +-v 3 +-l AES256-CCM-8-SHA384 +-N + diff --git a/tests/test-camellia-openssl.conf b/tests/test-camellia-openssl.conf new file mode 100644 index 000000000..2b9ff8919 --- /dev/null +++ b/tests/test-camellia-openssl.conf @@ -0,0 +1,216 @@ +# server TLSv1 DHE-RSA-CAMELLIA128-SHA +-v 1 +-l DHE-RSA-CAMELLIA128-SHA + +# client TLSv1 DHE-RSA-CAMELLIA128-SHA +-v 1 +-l DHE-RSA-CAMELLIA128-SHA + +# server TLSv1 DHE-RSA-CAMELLIA256-SHA +-v 1 +-l DHE-RSA-CAMELLIA256-SHA + +# client TLSv1 DHE-RSA-CAMELLIA256-SHA +-v 1 +-l DHE-RSA-CAMELLIA256-SHA + +# server TLSv1 DHE-RSA-CAMELLIA128-SHA256 +-v 1 +-l DHE-RSA-CAMELLIA128-SHA256 + +# client TLSv1 DHE-RSA-CAMELLIA128-SHA256 +-v 1 +-l DHE-RSA-CAMELLIA128-SHA256 + +# server TLSv1 DHE-RSA-CAMELLIA256-SHA256 +-v 1 +-l DHE-RSA-CAMELLIA256-SHA256 + +# client TLSv1 DHE-RSA-CAMELLIA256-SHA256 +-v 1 +-l DHE-RSA-CAMELLIA256-SHA256 + +# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA +-v 2 +-l DHE-RSA-CAMELLIA128-SHA + +# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA +-v 2 +-l DHE-RSA-CAMELLIA128-SHA + +# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA +-v 2 +-l DHE-RSA-CAMELLIA256-SHA + +# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA +-v 2 +-l DHE-RSA-CAMELLIA256-SHA + +# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 +-v 2 +-l DHE-RSA-CAMELLIA128-SHA256 + +# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 +-v 2 +-l DHE-RSA-CAMELLIA128-SHA256 + +# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 +-v 2 +-l DHE-RSA-CAMELLIA256-SHA256 + +# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 +-v 2 +-l DHE-RSA-CAMELLIA256-SHA256 + +# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA +-v 3 +-l DHE-RSA-CAMELLIA128-SHA + +# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA +-v 3 +-l DHE-RSA-CAMELLIA128-SHA + +# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA +-v 3 +-l DHE-RSA-CAMELLIA256-SHA + +# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA +-v 3 +-l DHE-RSA-CAMELLIA256-SHA + +# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA128-SHA256 + +# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA128-SHA256 + +# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA256-SHA256 + +# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA256-SHA256 + +# server TLSv1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA128-SHA +-N + +# client TLSv1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA128-SHA +-N + +# server TLSv1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA256-SHA +-N + +# client TLSv1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA256-SHA +-N + +# server TLSv1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA128-SHA256 +-N + +# client TLSv1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA128-SHA256 +-N + +# server TLSv1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA256-SHA256 +-N + +# client TLSv1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING +-v 1 +-l DHE-RSA-CAMELLIA256-SHA256 +-N + +# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA128-SHA +-N + +# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA128-SHA +-N + +# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA256-SHA +-N + +# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA256-SHA +-N + +# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA128-SHA256 +-N + +# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA128-SHA256 +-N + +# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA256-SHA256 +-N + +# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING +-v 2 +-l DHE-RSA-CAMELLIA256-SHA256 +-N + +# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA128-SHA +-N + +# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA128-SHA +-N + +# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA256-SHA +-N + +# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA256-SHA +-N + +# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA128-SHA256 +-N + +# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA128-SHA256 +-N + +# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA256-SHA256 +-N + +# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 NON-BLOCKING +-v 3 +-l DHE-RSA-CAMELLIA256-SHA256 +-N + diff --git a/tests/test-camellia.conf b/tests/test-camellia.conf new file mode 100644 index 000000000..f0ed3cc4f --- /dev/null +++ b/tests/test-camellia.conf @@ -0,0 +1,216 @@ +# server TLSv1 CAMELLIA128-SHA +-v 1 +-l CAMELLIA128-SHA + +# client TLSv1 CAMELLIA128-SHA +-v 1 +-l CAMELLIA128-SHA + +# server TLSv1 CAMELLIA256-SHA +-v 1 +-l CAMELLIA256-SHA + +# client TLSv1 CAMELLIA256-SHA +-v 1 +-l CAMELLIA256-SHA + +# server TLSv1 CAMELLIA128-SHA256 +-v 1 +-l CAMELLIA128-SHA256 + +# client TLSv1 CAMELLIA128-SHA256 +-v 1 +-l CAMELLIA128-SHA256 + +# server TLSv1 CAMELLIA256-SHA256 +-v 1 +-l CAMELLIA256-SHA256 + +# client TLSv1 CAMELLIA256-SHA256 +-v 1 +-l CAMELLIA256-SHA256 + +# server TLSv1.1 CAMELLIA128-SHA +-v 2 +-l CAMELLIA128-SHA + +# client TLSv1.1 CAMELLIA128-SHA +-v 2 +-l CAMELLIA128-SHA + +# server TLSv1.1 CAMELLIA256-SHA +-v 2 +-l CAMELLIA256-SHA + +# client TLSv1.1 CAMELLIA256-SHA +-v 2 +-l CAMELLIA256-SHA + +# server TLSv1.1 CAMELLIA128-SHA256 +-v 2 +-l CAMELLIA128-SHA256 + +# client TLSv1.1 CAMELLIA128-SHA256 +-v 2 +-l CAMELLIA128-SHA256 + +# server TLSv1.1 CAMELLIA256-SHA256 +-v 2 +-l CAMELLIA256-SHA256 + +# client TLSv1.1 CAMELLIA256-SHA256 +-v 2 +-l CAMELLIA256-SHA256 + +# server TLSv1.2 CAMELLIA128-SHA +-v 3 +-l CAMELLIA128-SHA + +# client TLSv1.2 CAMELLIA128-SHA +-v 3 +-l CAMELLIA128-SHA + +# server TLSv1.2 CAMELLIA256-SHA +-v 3 +-l CAMELLIA256-SHA + +# client TLSv1.2 CAMELLIA256-SHA +-v 3 +-l CAMELLIA256-SHA + +# server TLSv1.2 CAMELLIA128-SHA256 +-v 3 +-l CAMELLIA128-SHA256 + +# client TLSv1.2 CAMELLIA128-SHA256 +-v 3 +-l CAMELLIA128-SHA256 + +# server TLSv1.2 CAMELLIA256-SHA256 +-v 3 +-l CAMELLIA256-SHA256 + +# client TLSv1.2 CAMELLIA256-SHA256 +-v 3 +-l CAMELLIA256-SHA256 + +# server TLSv1 CAMELLIA128-SHA NON-BLOCKING +-v 1 +-l CAMELLIA128-SHA +-N + +# client TLSv1 CAMELLIA128-SHA NON-BLOCKING +-v 1 +-l CAMELLIA128-SHA +-N + +# server TLSv1 CAMELLIA256-SHA NON-BLOCKING +-v 1 +-l CAMELLIA256-SHA +-N + +# client TLSv1 CAMELLIA256-SHA NON-BLOCKING +-v 1 +-l CAMELLIA256-SHA +-N + +# server TLSv1 CAMELLIA128-SHA256 NON-BLOCKING +-v 1 +-l CAMELLIA128-SHA256 +-N + +# client TLSv1 CAMELLIA128-SHA256 NON-BLOCKING +-v 1 +-l CAMELLIA128-SHA256 +-N + +# server TLSv1 CAMELLIA256-SHA256 NON-BLOCKING +-v 1 +-l CAMELLIA256-SHA256 +-N + +# client TLSv1 CAMELLIA256-SHA256 NON-BLOCKING +-v 1 +-l CAMELLIA256-SHA256 +-N + +# server TLSv1.1 CAMELLIA128-SHA NON-BLOCKING +-v 2 +-l CAMELLIA128-SHA +-N + +# client TLSv1.1 CAMELLIA128-SHA NON-BLOCKING +-v 2 +-l CAMELLIA128-SHA +-N + +# server TLSv1.1 CAMELLIA256-SHA NON-BLOCKING +-v 2 +-l CAMELLIA256-SHA +-N + +# client TLSv1.1 CAMELLIA256-SHA NON-BLOCKING +-v 2 +-l CAMELLIA256-SHA +-N + +# server TLSv1.1 CAMELLIA128-SHA256 NON-BLOCKING +-v 2 +-l CAMELLIA128-SHA256 +-N + +# client TLSv1.1 CAMELLIA128-SHA256 NON-BLOCKING +-v 2 +-l CAMELLIA128-SHA256 +-N + +# server TLSv1.1 CAMELLIA256-SHA256 NON-BLOCKING +-v 2 +-l CAMELLIA256-SHA256 +-N + +# client TLSv1.1 CAMELLIA256-SHA256 NON-BLOCKING +-v 2 +-l CAMELLIA256-SHA256 +-N + +# server TLSv1.2 CAMELLIA128-SHA NON-BLOCKING +-v 3 +-l CAMELLIA128-SHA +-N + +# client TLSv1.2 CAMELLIA128-SHA NON-BLOCKING +-v 3 +-l CAMELLIA128-SHA +-N + +# server TLSv1.2 CAMELLIA256-SHA NON-BLOCKING +-v 3 +-l CAMELLIA256-SHA +-N + +# client TLSv1.2 CAMELLIA256-SHA NON-BLOCKING +-v 3 +-l CAMELLIA256-SHA +-N + +# server TLSv1.2 CAMELLIA128-SHA256 NON-BLOCKING +-v 3 +-l CAMELLIA128-SHA256 +-N + +# client TLSv1.2 CAMELLIA128-SHA256 NON-BLOCKING +-v 3 +-l CAMELLIA128-SHA256 +-N + +# server TLSv1.2 CAMELLIA256-SHA256 NON-BLOCKING +-v 3 +-l CAMELLIA256-SHA256 +-N + +# client TLSv1.2 CAMELLIA256-SHA256 NON-BLOCKING +-v 3 +-l CAMELLIA256-SHA256 +-N + diff --git a/tests/unit.c b/tests/unit.c index bc3154ace..5cd361bbe 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -19,6 +19,12 @@ int main(int argc, char** argv) (void)argv; printf("starting unit tests...\n"); +#ifdef HAVE_CAVIUM + ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + if (CurrentDir("tests")) ChangeDirBack(1); else if (CurrentDir("build")) @@ -39,6 +45,10 @@ int main(int argc, char** argv) return ret; } +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif + return 0; } diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 80a8c878f..afa3e4199 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -1,6 +1,6 @@ /* testsuite.c * - * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. + * Copyright (C) 2006-2013 wolfSSL Inc. * * This file is part of CyaSSL. * @@ -60,6 +60,12 @@ int main(int argc, char** argv) tcp_ready ready; THREAD_TYPE serverThread; +#ifdef HAVE_CAVIUM + int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); + if (ret != 0) + err_sys("Cavium OpenNitroxDevice failed"); +#endif /* HAVE_CAVIUM */ + StartTCP(); args.argc = server_args.argc = argc; @@ -144,6 +150,9 @@ int main(int argc, char** argv) CyaSSL_Cleanup(); FreeTcpReady(&ready); +#ifdef HAVE_CAVIUM + CspShutdown(CAVIUM_DEV_ID); +#endif printf("\nAll tests passed!\n"); return EXIT_SUCCESS; }