Merge branch 'master' into frosted-fix

This commit is contained in:
Daniele Lacamera
2016-09-16 11:46:01 +02:00
91 changed files with 11872 additions and 5542 deletions
+6
View File
@@ -41,6 +41,8 @@ fips_test.c
fips
src/async.c
wolfssl/async.h
wolfcrypt/src/async.c
wolfssl/wolfcrypt/async.h
ctaocrypt/benchmark/benchmark
ctaocrypt/test/testctaocrypt
wolfcrypt/benchmark/benchmark
@@ -49,6 +51,10 @@ examples/client/client
examples/echoclient/echoclient
examples/echoserver/echoserver
examples/server/server
examples/sctp/sctp-server
examples/sctp/sctp-server-dtls
examples/sctp/sctp-client
examples/sctp/sctp-client-dtls
server_ready
snifftest
output
+8 -2
View File
@@ -7,10 +7,16 @@ files to be in the library's root directory with a header file in the name of
the library. This script moves all src/ files to the root wolfssl directory and
creates a stub header file called wolfssl.h.
To configure wolfSSL with Arduino, enter the following from within the
Step 1: To configure wolfSSL with Arduino, enter the following from within the
wolfssl/IDE/ARDUINO directory:
./wolfssl-arduino.sh
./wolfssl-arduino.sh
Step 2: Edit <wolfssl-root>/wolfssl/wolfcrypt/settings.h uncomment the define for
WOLFSSL_ARDUINO
also uncomment the define for INTEL_GALILEO if building for that platform
#####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
1. Copy the wolfSSL directory into Arduino/libraries (or wherever Arduino searches for libraries).
+1 -1
View File
@@ -6,7 +6,7 @@
DIR=${PWD##*/}
if [ "$DIR" == "ARDUINO" ]; then
if [ "$DIR" = "ARDUINO" ]; then
cp ../../src/*.c ../../
cp ../../wolfcrypt/src/*.c ../../
echo "/* stub header file for Arduino compatibility */" >> ../../wolfssl.h
+1
View File
@@ -28,6 +28,7 @@
#define WOLFSSL_RIPEMD
#define WOLFSSL_SHA512
#define NO_PSK
#define HAVE_EXTENDED_MASTER
#define WOLFSSL_SNIFFER
#else
/* The servers and clients */
+1
View File
@@ -300,6 +300,7 @@
<ClCompile Include="..\..\src\ssl.c" />
<ClCompile Include="..\..\src\tls.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
<ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
</ItemGroup>
<ItemGroup>
<CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
+2 -2
View File
@@ -20,8 +20,8 @@ if test -d .git; then
touch ./ctaocrypt/src/fips_test.c
# touch async crypt files
touch ./src/async.c
touch ./wolfssl/async.h
touch ./wolfcrypt/src/async.c
touch ./wolfssl/wolfcrypt/async.h
else
WARNINGS="all"
fi
+193 -17
View File
@@ -125,6 +125,71 @@ AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
# Distro build feature subset (Debian, Ubuntu, etc.)
AC_ARG_ENABLE([distro],
[ --enable-distro Enable wolfSSL distro build (default: disabled)],
[ ENABLED_DISTRO=$enableval ],
[ ENABLED_DISTRO=no ]
)
if test "$ENABLED_DISTRO" = "yes"
then
enable_shared=yes
enable_static=yes
enable_dtls=yes
enable_openssh=yes
enable_opensslextra=yes
enable_savesession=yes
enable_savecert=yes
enable_atomicuser=yes
enable_pkcallbacks=yes
enable_aesgcm=yes
enable_aesccm=yes
enable_camellia=yes
enable_ripemd=yes
enable_sha512=yes
enable_sessioncerts=yes
enable_keygen=yes
enable_certgen=yes
enable_certreq=yes
enable_certext=yes
enable_sep=yes
enable_hkdf=yes
enable_dsa=yes
enable_ecccustcurves=yes
enable_compkey=yes
enable_curve25519=yes
enable_ed25519=yes
enable_fpecc=yes
enable_eccencrypt=yes
enable_psk=yes
enable_idea=yes
enable_cmac=yes
enable_webserver=yes
enable_hc128=yes
enable_rabbit=yes
enable_ocsp=yes
enable_ocspstapling=yes
enable_ocspstapling2=yes
enable_crl=yes
enable_crl_monitor=yes
enable_sni=yes
enable_maxfragment=yes
enable_alpn=yes
enable_truncatedhmac=yes
enable_supportedcurves=yes
enable_session_ticket=yes
enable_tlsx=yes
enable_pkcs7=yes
enable_scep=yes
enable_srp=yes
enable_certservice=yes
enable_jni=yes
enable_lighty=yes
enable_stunnel=yes
enable_pwdbased=yes
fi
# SINGLE THREADED
AC_ARG_ENABLE([singlethreaded],
[ --enable-singlethreaded Enable wolfSSL single threaded (default: disabled)],
@@ -156,6 +221,29 @@ then
fi
# DTLS-SCTP
AC_ARG_ENABLE([sctp],
[AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])],
[ENABLED_SCTP=$enableval],
[ENABLED_SCTP=no])
AM_CONDITIONAL([BUILD_SCTP], [test "x$ENABLED_SCTP" = "xyes"])
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AC_MSG_CHECKING([for SCTP])
AC_RUN_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <sys/socket.h>
#include <arpa/inet.h>
]],
[[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])],
[AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)
AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])])
])
# OpenSSH compatibility Build
AC_ARG_ENABLE([openssh],
[AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
@@ -454,6 +542,24 @@ fi
AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"])
# AES-ARM
AC_ARG_ENABLE([armasm],
[AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARM ASM support (default: disabled)])],
[ ENABLED_ARMASM=$enableval ],
[ ENABLED_ARMASM=no ]
)
if test "$ENABLED_ARMASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM"
if test "$GCC" = "yes"
then
# GCC needs this flag
AM_CFLAGS="$AM_CFLAGS -mcpu=generic+crypto"
fi
fi
AM_CONDITIONAL([BUILD_ARMASM], [test "x$ENABLED_ARMASM" = "xyes"])
# AES-NI
AC_ARG_ENABLE([aesni],
[AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
@@ -1869,6 +1975,18 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
fi
# Extended Master Secret Extension
AC_ARG_ENABLE([extended-master],
[AS_HELP_STRING([--enable-extended-master],[Enable Extended Master Secret (default: enabled)])],
[ ENABLED_EXTENDED_MASTER=$enableval ],
[ ENABLED_EXTENDED_MASTER=yes ]
)
if test "x$ENABLED_EXTENDED_MASTER" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXTENDED_MASTER"
fi
# TLS Extensions
AC_ARG_ENABLE([tlsx],
[ --enable-tlsx Enable all TLS Extensions (default: disabled)],
@@ -2439,28 +2557,69 @@ AC_ARG_WITH([cavium],
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium=/dir/])
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium=/dir/])
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
ENABLED_CAVIUM=yes
],
[ ENABLED_CAVIUM=no ]
)
# cavium V
trycaviumdir=""
AC_ARG_WITH([cavium-v],
[ --with-cavium-v=PATH PATH to Cavium V/software dir ],
[
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
LDFLAGS="$AM_LDFLAGS $trycaviumdir/utils/sample_tests/cavium_common.o $trycaviumdir/utils/sample_tests/cavium_sym_crypto.o $trycaviumdir/utils/sample_tests/cavium_asym_crypto.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
#AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(0); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium-v=/dir/])
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
ENABLED_CAVIUM=yes
ENABLED_CAVIUM_V=yes
],
[
ENABLED_CAVIUM_=no
ENABLED_CAVIUM_V=no
]
)
AM_CONDITIONAL([BUILD_CAVIUM], [test "x$ENABLED_CAVIUM" = "xyes"])
# Fast RSA using Intel IPP
ippdir="${srcdir}/IPP"
@@ -2668,7 +2827,7 @@ AC_ARG_ENABLE([asynccrypt],
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT"
# if Cavium not enabled the use async simulator for testing
if test "x$ENABLED_CAVIUM" = "xno"
@@ -2679,6 +2838,9 @@ fi
AM_CONDITIONAL([BUILD_ASYNCCRYPT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
AM_CONDITIONAL([BUILD_WOLFEVENT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
# Session Export
AC_ARG_ENABLE([sessionexport],
@@ -2777,6 +2939,15 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_SSLV3" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_SCTP $AM_CFLAGS"])
# SCTP requires DTLS
AS_IF([test "x$ENABLED_DTLS" = "xno" && \
test "x$ENABLED_SCTP" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
ENABLED_DTLS=yes])
################################################################################
# OPTIMIZE FLAGS
@@ -2986,6 +3157,7 @@ echo " * Filesystem: $ENABLED_FILESYSTEM"
echo " * OpenSSH Build: $ENABLED_OPENSSH"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
echo " * Distro Build: $ENABLED_DISTRO"
echo " * fastmath: $ENABLED_FASTMATH"
echo " * sniffer: $ENABLED_SNIFFER"
echo " * snifftest: $ENABLED_SNIFFTEST"
@@ -3037,6 +3209,7 @@ echo " * LIGHTY: $ENABLED_LIGHTY"
echo " * STUNNEL: $ENABLED_STUNNEL"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
echo " * SCTP: $ENABLED_SCTP"
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
echo " * SSL version 3.0: $ENABLED_SSLV3"
echo " * OCSP: $ENABLED_OCSP"
@@ -3056,6 +3229,7 @@ echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
echo " * Session Ticket: $ENABLED_SESSION_TICKET"
echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER"
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
echo " * All TLS Extensions: $ENABLED_TLSX"
@@ -3069,6 +3243,8 @@ echo " * Examples: $ENABLED_EXAMPLES"
echo " * User Crypto: $ENABLED_USER_CRYPTO"
echo " * Fast RSA: $ENABLED_FAST_RSA"
echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
echo " * Cavium: $ENABLED_CAVIUM"
echo " * ARM ASM: $ENABLED_ARMASM"
echo ""
echo "---"
-5
View File
@@ -56,11 +56,6 @@
#define AesCcmDecrypt wc_AesCcmDecrypt
#endif /* HAVE_AESCCM */
#ifdef HAVE_CAVIUM
#define AesInitCavium wc_AesInitCavium
#define AesFreeCavium wc_AesFreeCavium
#endif
#endif /* CTAO_CRYPT_AES_H */
#endif /* NO_AES */
+2 -3
View File
@@ -26,11 +26,10 @@
/* for arc4 reverse compatibility */
#ifndef NO_RC4
#include <wolfssl/wolfcrypt/arc4.h>
#define CYASSL_ARC4_CAVIUM_MAGIC WOLFSSL_ARC4_CAVIUM_MAGIC
#define Arc4Process wc_Arc4Process
#define Arc4SetKey wc_Arc4SetKey
#define Arc4InitCavium wc_Arc4InitCavium
#define Arc4FreeCavium wc_Arc4FreeCavium
#define Arc4AsyncInit wc_Arc4AsyncInit
#define Arc4AsyncFree wc_Arc4AsyncFree
#endif
#endif /* CTAO_CRYPT_ARC4_H */
+3 -3
View File
@@ -39,9 +39,9 @@
#define Des3_CbcEncrypt wc_Des3_CbcEncrypt
#define Des3_CbcDecrypt wc_Des3_CbcDecrypt
#define Des3_CbcDecryptWithKey wc_Des3_CbcDecryptWithKey
#ifdef HAVE_CAVIUM
#define Des3_InitCavium wc_Des3_InitCavium
#define Des3_FreeCavium wc_Des3_FreeCavium
#ifdef WOLFSSL_ASYNC_CRYPT
#define Des3AsyncInit wc_Des3AsyncInit
#define Des3AsyncFree wc_Des3AsyncFree
#endif
#endif /* NO_DES3 */
+3 -3
View File
@@ -30,9 +30,9 @@
#define HmacSetKey wc_HmacSetKey
#define HmacUpdate wc_HmacUpdate
#define HmacFinal wc_HmacFinal
#ifdef HAVE_CAVIUM
#define HmacInitCavium wc_HmacInitCavium
#define HmacFreeCavium wc_HmacFreeCavium
#ifdef WOLFSSL_ASYNC_CRYPT
#define HmacAsyncInit wc_HmacAsyncInit
#define HmacAsyncFree wc_HmacAsyncFree
#endif
#define CyaSSL_GetHmacMaxSize wolfSSL_GetHmacMaxSize
#ifdef HAVE_HKDF
+3 -3
View File
@@ -47,9 +47,9 @@
#define RsaKeyToDer wc_RsaKeyToDer
#endif
#ifdef HAVE_CAVIUM
#define RsaInitCavium wc_RsaInitCavium
#define RsaFreeCavium wc_RsaFreeCavium
#ifdef WOLFSSL_ASYNC_CRYPT
#define RsaAsyncInit wc_RsaAsyncInit
#define RsaAsyncFree wc_RsaAsyncFree
#endif
#endif /* CTAO_CRYPT_RSA_H */
+109 -35
View File
@@ -53,6 +53,10 @@
#include "examples/client/client.h"
#ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID;
#endif
/* Note on using port 0: the client standalone example doesn't utilize the
* port 0 port sharing; that is used by (1) the server in external control
* test mode and (2) the testsuite which uses this code and sets up the correct
@@ -78,7 +82,7 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl)
#endif
int error = wolfSSL_get_error(ssl, 0);
SOCKET_T sockfd = (SOCKET_T)wolfSSL_get_fd(ssl);
int select_ret;
int select_ret = 0;
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
error == SSL_ERROR_WANT_WRITE ||
@@ -91,15 +95,17 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl)
printf("... client would write block\n");
#ifdef WOLFSSL_ASYNC_CRYPT
else if (error == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
#ifdef WOLFSSL_DTLS
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
#endif
select_ret = tcp_select(sockfd, currTimeout);
if (error != WC_PENDING_E) {
#ifdef WOLFSSL_DTLS
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
#endif
select_ret = tcp_select(sockfd, currTimeout);
}
if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY)) {
@@ -150,8 +156,10 @@ static void ShowVersions(void)
printf("3\n");
}
int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
int doDTLS, int benchmark, int resumeSession)
/* Measures average time to create, connect and disconnect a connection (TPS).
Benchmark = number of connections. */
static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession)
{
/* time passed in number of connects give average */
int times = benchmark;
@@ -174,7 +182,7 @@ int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
if (ssl == NULL)
err_sys("unable to get SSL object");
tcp_connect(&sockfd, host, port, doDTLS, ssl);
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
#ifndef NO_SESSION_CACHE
if (benchResume)
@@ -209,8 +217,9 @@ int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
return EXIT_SUCCESS;
}
int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
int doDTLS, int throughput)
/* Measures throughput in kbps. Throughput = number of bytes */
static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
int dtlsUDP, int dtlsSCTP, int throughput)
{
double start, conn_time = 0, tx_time = 0, rx_time = 0;
SOCKET_T sockfd;
@@ -221,7 +230,7 @@ int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
tcp_connect(&sockfd, host, port, doDTLS, ssl);
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
err_sys("error in setting fd");
}
@@ -337,7 +346,8 @@ const char* starttlsCmd[6] = {
"QUIT\r\n",
};
int StartTLS_Init(SOCKET_T* sockfd)
/* Initiates the STARTTLS command sequence over TCP */
static int StartTLS_Init(SOCKET_T* sockfd)
{
char tmpBuf[256];
@@ -393,7 +403,8 @@ int StartTLS_Init(SOCKET_T* sockfd)
return SSL_SUCCESS;
}
int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
/* Closes down the SMTP connection */
static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
{
int ret;
char tmpBuf[256];
@@ -455,6 +466,10 @@ static void Usage(void)
printf("-g Send server HTTP GET\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
#ifdef WOLFSSL_SCTP
printf("-G Use SCTP DTLS,"
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
#endif
printf("-m Match domain name in cert\n");
printf("-N Use Non-blocking sockets\n");
printf("-r Resume session\n");
@@ -479,6 +494,9 @@ static void Usage(void)
#ifdef HAVE_TRUNCATED_HMAC
printf("-T Use Truncated HMAC\n");
#endif
#ifdef HAVE_EXTENDED_MASTER
printf("-n Disable Extended Master Secret\n");
#endif
#ifdef HAVE_OCSP
printf("-o Perform OCSP lookup on peer certificate\n");
printf("-O <url> Perform OCSP lookup using <url> as responder\n");
@@ -545,6 +563,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int benchmark = 0;
int throughput = 0;
int doDTLS = 0;
int dtlsUDP = 0;
int dtlsSCTP = 0;
int matchName = 0;
int doPeerCheck = 1;
int nonBlocking = 0;
@@ -592,6 +612,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
byte statusRequest = 0;
#endif
#ifdef HAVE_EXTENDED_MASTER
byte disableExtMasterSecret = 0;
#endif
#ifdef HAVE_OCSP
@@ -634,7 +657,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifndef WOLFSSL_VXWORKS
while ((ch = mygetopt(argc, argv,
"?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:ToO:aB:W:E:M:q:"))
"?gdeDuGsmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:TnoO:aB:W:E:M:q:"))
!= -1) {
switch (ch) {
case '?' :
@@ -664,7 +687,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
break;
case 'u' :
doDTLS = 1;
doDTLS = 1;
dtlsUDP = 1;
break;
case 'G' :
#ifdef WOLFSSL_SCTP
doDTLS = 1;
dtlsSCTP = 1;
#endif
break;
case 's' :
@@ -832,6 +863,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
break;
case 'n' :
#ifdef HAVE_EXTENDED_MASTER
disableExtMasterSecret = 1;
#endif
break;
case 'W' :
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
@@ -1106,6 +1143,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
}
#ifdef WOLFSSL_SCTP
if (dtlsSCTP)
wolfSSL_CTX_dtls_set_sctp(ctx);
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
@@ -1175,9 +1217,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
#endif
#ifdef HAVE_CAVIUM
wolfSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret != 0) {
err_sys("Async device open failed");
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef HAVE_SNI
if (sniHostName)
@@ -1199,17 +1245,24 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
err_sys("UseSessionTicket failed");
#endif
#ifdef HAVE_EXTENDED_MASTER
if (disableExtMasterSecret)
if (wolfSSL_CTX_DisableExtendedMasterSecret(ctx) != SSL_SUCCESS)
err_sys("DisableExtendedMasterSecret failed");
#endif
if (benchmark) {
((func_args*)args)->return_code =
ClientBenchmarkConnections(ctx, host, port, doDTLS, benchmark, resumeSession);
ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
benchmark, resumeSession);
wolfSSL_CTX_free(ctx);
exit(EXIT_SUCCESS);
}
if(throughput) {
((func_args*)args)->return_code =
ClientBenchmarkThroughput(ctx, host, port, doDTLS, throughput);
ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
throughput);
wolfSSL_CTX_free(ctx);
exit(EXIT_SUCCESS);
}
@@ -1295,7 +1348,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
#endif
tcp_connect(&sockfd, host, port, doDTLS, ssl);
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
err_sys("error in setting fd");
}
@@ -1343,7 +1396,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
@@ -1474,7 +1527,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
#endif
if (doDTLS == 0) { /* don't send alert after "break" command */
if (dtlsUDP == 0) { /* don't send alert after "break" command */
ret = wolfSSL_shutdown(ssl);
if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
wolfSSL_shutdown(ssl); /* bidirectional shutdown */
@@ -1488,7 +1541,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
if (dtlsUDP) {
#ifdef USE_WINDOWS_API
Sleep(500);
#elif defined(WOLFSSL_TIRTOS)
@@ -1497,7 +1550,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
sleep(1);
#endif
}
tcp_connect(&sockfd, host, port, doDTLS, sslResume);
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume);
if (wolfSSL_set_fd(sslResume, sockfd) != SSL_SUCCESS) {
err_sys("error in setting fd");
}
@@ -1519,6 +1572,32 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
(void*)"resumed session");
#endif
#ifdef HAVE_SUPPORTED_CURVES /* add curves to supported curves extension */
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP256R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp256r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP384R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp384r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP521R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp521r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP224R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp224r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP192R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp192r1");
}
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP160R1)
!= SSL_SUCCESS) {
err_sys("unable to set curve secp160r1");
}
#endif
#ifndef WOLFSSL_CALLBACKS
if (nonBlocking) {
@@ -1622,6 +1701,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
((func_args*)args)->return_code = 0;
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
if (trackMemory)
ShowMemoryTracker();
@@ -1650,11 +1733,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
{
func_args args;
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0)
err_sys("Cavium OpenNitroxDevice failed");
#endif /* HAVE_CAVIUM */
StartTCP();
@@ -1674,10 +1752,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
wolfSSL_Cleanup();
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");
-15
View File
@@ -26,21 +26,6 @@
THREAD_RETURN WOLFSSL_THREAD client_test(void* args);
/* Measures average time to create, connect and disconnect a connection (TPS).
Benchmark = number of connections. */
int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
int doDTLS, int benchmark, int resumeSession);
/* Measures throughput in kbps. Throughput = number of bytes */
int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
int doDTLS, int throughput);
/* Initiates the STARTTLS command sequence over TCP */
int StartTLS_Init(SOCKET_T* sockfd);
/* Closes down the SMTP connection */
int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown);
#endif /* WOLFSSL_CLIENT_H */
+21 -14
View File
@@ -52,6 +52,11 @@
#include "examples/echoclient/echoclient.h"
#ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID;
#endif
void echoclient_test(void* args)
{
SOCKET_T sockfd = 0;
@@ -162,12 +167,20 @@ void echoclient_test(void* args)
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(WOLFSSL_MDK_ARM)
#if defined(WOLFSSL_MDK_ARM)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
#endif
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret != 0) {
err_sys("Async device open failed");
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
ssl = SSL_new(ctx);
tcp_connect(&sockfd, yasslIP, port, doDTLS, ssl);
tcp_connect(&sockfd, yasslIP, port, doDTLS, 0, ssl);
SSL_set_fd(ssl, sockfd);
#if defined(USE_WINDOWS_API) && defined(CYASSL_DTLS) && defined(NO_MAIN_DRIVER)
@@ -178,7 +191,7 @@ void echoclient_test(void* args)
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
@@ -250,6 +263,10 @@ void echoclient_test(void* args)
SSL_free(ssl);
SSL_CTX_free(ctx);
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
fflush(fout);
if (inCreated) fclose(fin);
if (outCreated) fclose(fout);
@@ -266,12 +283,6 @@ void echoclient_test(void* args)
{
func_args args;
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0)
err_sys("Cavium OpenNitroxDevice failed");
#endif /* HAVE_CAVIUM */
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
err_sys("Whitewood netRandom global config failed");
@@ -293,10 +304,6 @@ void echoclient_test(void* args)
CyaSSL_Cleanup();
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");
+19 -13
View File
@@ -53,6 +53,10 @@
#include "examples/echoserver/echoserver.h"
#ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID;
#endif
#define SVR_COMMAND_SIZE 256
static void SignalReady(void* args, word16 port)
@@ -132,7 +136,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
fdOpenSession(Task_self());
#endif
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
#if defined(CYASSL_DTLS)
method = CyaDTLSv1_2_server_method();
@@ -226,6 +230,14 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#endif
}
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret != 0) {
err_sys("Async device open failed");
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
SignalReady(args, port);
while (!shutDown) {
@@ -272,7 +284,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
@@ -361,7 +373,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_free(ssl);
CloseSocket(clientfd);
#ifdef CYASSL_DTLS
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
SignalReady(args, port);
#endif
}
@@ -390,6 +402,10 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
TicketCleanup();
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
#ifndef CYASSL_TIRTOS
return 0;
#endif
@@ -403,12 +419,6 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
{
func_args args;
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0)
err_sys("Cavium OpenNitroxDevice failed");
#endif /* HAVE_CAVIUM */
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
err_sys("Whitewood netRandom global config failed");
@@ -427,10 +437,6 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
echoserver_test(&args);
CyaSSL_Cleanup();
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");
+1
View File
@@ -5,3 +5,4 @@ include examples/client/include.am
include examples/echoclient/include.am
include examples/echoserver/include.am
include examples/server/include.am
include examples/sctp/include.am
+38
View File
@@ -0,0 +1,38 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
if BUILD_SCTP
if BUILD_EXAMPLE_SERVERS
noinst_PROGRAMS += \
examples/sctp/sctp-server \
examples/sctp/sctp-server-dtls
examples_sctp_sctp_server_SOURCES = examples/sctp/sctp-server.c
examples_sctp_sctp_server_LDADD = $(LIB_STATIC_ADD)
examples_sctp_sctp_server_dtls_SOURCES = examples/sctp/sctp-server-dtls.c
examples_sctp_sctp_server_dtls_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
examples_sctp_sctp_server_dtls_DEPENDENCIES = src/libwolfssl.la
endif
if BUILD_EXAMPLE_CLIENTS
noinst_PROGRAMS += \
examples/sctp/sctp-client \
examples/sctp/sctp-client-dtls
examples_sctp_sctp_client_SOURCES = examples/sctp/sctp-client.c
examples_sctp_sctp_client_LDADD = $(LIB_STATIC_ADD)
examples_sctp_sctp_client_dtls_SOURCES = examples/sctp/sctp-client-dtls.c
examples_sctp_sctp_client_dtls_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
examples_sctp_sctp_client_dtls_DEPENDENCIES = src/libwolfssl.la
endif
endif
dist_example_DATA += \
examples/sctp/sctp-server.c \
examples/sctp/sctp-server-dtls.c \
examples/sctp/sctp-client.c \
examples/sctp/sctp-client-dtls.c
DISTCLEANFILES += \
examples/sctp/.libs/sctp-server \
examples/sctp/.libs/sctp-server-dtls \
examples/sctp/.libs/sctp-client \
examples/sctp/.libs/sctp-client-dtls
+125
View File
@@ -0,0 +1,125 @@
/* sctp-client-dtls.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* sctp */
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <netinet/in.h>
/* std */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
/* wolfssl */
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#define cacert "./certs/ca-cert.pem"
static int err_sys(const char* msg)
{
perror(msg);
exit(EXIT_FAILURE);
}
int main()
{
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0)
err_sys("sctp socket error");
struct sockaddr_in sa;
memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr("127.0.0.1");
sa.sin_port = htons(12345);
int ret = connect(sd, (struct sockaddr*)&sa, sizeof(sa));
if (ret < 0)
err_sys("sctp connect error");
const char* response = "hello there";
char buffer[80];
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
if (ctx == NULL)
err_sys("ctx new dtls client failed");
ret = wolfSSL_CTX_dtls_set_sctp(ctx);
if (ret != SSL_SUCCESS)
err_sys("set sctp mode failed");
ret = wolfSSL_CTX_load_verify_locations(ctx, cacert, NULL);
if (ret != SSL_SUCCESS)
err_sys("ca cert error");
WOLFSSL* ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("ssl new dtls client failed");
wolfSSL_set_fd(ssl, sd);
ret = wolfSSL_connect(ssl);
if (ret != SSL_SUCCESS)
err_sys("ssl connect failed");
printf("TLS version is %s\n", wolfSSL_get_version(ssl));
printf("Cipher Suite is %s\n",
wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)));
wolfSSL_write(ssl, response, (int)strlen(response));
int got = wolfSSL_read(ssl, buffer, sizeof(buffer));
if (got > 0) {
buffer[got] = 0;
printf("server said: %s\n", buffer);
}
unsigned char bigBuf[4096];
unsigned int i;
for (i = 0; i < (int)sizeof(bigBuf); i++)
bigBuf[i] = (unsigned char)(i & 0xFF);
wolfSSL_write(ssl, bigBuf, sizeof(bigBuf));
memset(bigBuf, 0, sizeof(bigBuf));
wolfSSL_read(ssl, bigBuf, sizeof(bigBuf));
for (i = 0; i < sizeof(bigBuf); i++) {
if (bigBuf[i] != (unsigned char)(i & 0xFF)) {
printf("big message check fail\n");
break;
}
}
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
close(sd);
return 0;
}
+64
View File
@@ -0,0 +1,64 @@
/* sctp-client.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* sctp */
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <netinet/in.h>
/* std */
#include <stdio.h>
#include <string.h>
#include <unistd.h>
int main()
{
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0)
perror("sctp socket error");
struct sockaddr_in sa;
memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr("127.0.0.1");
sa.sin_port = htons(12345);
int ret = connect(sd, (struct sockaddr*)&sa, sizeof(sa));
if (ret < 0)
perror("sctp connect error");
const char* msg = "hello sctp";
char buffer[80];
send(sd, msg, strlen(msg), 0);
int got = (int)recv(sd, buffer, sizeof(buffer), 0);
if (got > 0) {
buffer[got] = 0;
printf("server said: %s\n", buffer);
}
close(sd);
return 0;
}
+124
View File
@@ -0,0 +1,124 @@
/* sctp-server-dtls.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* sctp */
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
/* std */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
/* wolfssl */
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#define key "./certs/server-key.pem"
#define cert "./certs/server-cert.pem"
static int err_sys(const char* msg)
{
perror(msg);
exit(EXIT_FAILURE);
}
int main()
{
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0)
err_sys("sctp socket error");
struct sockaddr_in sa;
memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = htonl(INADDR_ANY);
sa.sin_port = htons(12345);
int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa));
if (ret < 0)
err_sys("sctp bind error");
listen(sd, 3);
int client_sd = accept(sd, NULL, NULL);
if (client_sd < 0)
err_sys("sctp accept error");
const char* response = "well hello to you";
char buffer[80];
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
if (ctx == NULL)
err_sys("ctx new dtls server failed");
ret = wolfSSL_CTX_dtls_set_sctp(ctx);
if (ret != SSL_SUCCESS)
err_sys("set sctp mode failed");
ret = wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS)
err_sys("use private key error");
ret = wolfSSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS)
err_sys("use cert error");
WOLFSSL* ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("ssl new dtls server failed");
wolfSSL_set_fd(ssl, client_sd);
ret = wolfSSL_accept(ssl);
if (ret != SSL_SUCCESS)
err_sys("ssl accept failed");
printf("TLS version is %s\n", wolfSSL_get_version(ssl));
printf("Cipher Suite is %s\n",
wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)));
int got = wolfSSL_read(ssl, buffer, sizeof(buffer));
if (got > 0) {
buffer[got] = 0;
printf("client said: %s\n", buffer);
}
wolfSSL_write(ssl, response, (int)strlen(response));
unsigned char bigBuf[4096];
wolfSSL_read(ssl, bigBuf, sizeof(bigBuf));
wolfSSL_write(ssl, bigBuf, sizeof(bigBuf));
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
close(sd);
return 0;
}
+70
View File
@@ -0,0 +1,70 @@
/* sctp-server.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* sctp */
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
/* std */
#include <stdio.h>
#include <string.h>
#include <unistd.h>
int main()
{
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0)
perror("sctp socket error");
struct sockaddr_in sa;
memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = htonl(INADDR_ANY);
sa.sin_port = htons(12345);
int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa));
if (ret < 0)
perror("sctp bind error");
listen(sd, 3);
int client_sd = accept(sd, NULL, NULL);
if (client_sd < 0)
perror("sctp accept error");
const char* response = "hi there";
char buffer[80];
int got = (int)recv(client_sd, buffer, sizeof(buffer), 0);
if (got > 0) {
buffer[got] = 0;
printf("client said: %s\n", buffer);
}
send(client_sd, response, strlen(response), 0);
close(sd);
return 0;
}
+48 -17
View File
@@ -55,6 +55,10 @@
#include "examples/server/server.h"
#ifdef WOLFSSL_ASYNC_CRYPT
static int devId = INVALID_DEVID;
#endif
/* Note on using port 0: if the server uses port 0 to bind an ephemeral port
* number and is using the ready file for scripted testing, the code in
* test.h will write the actual port number into the ready file for use
@@ -215,6 +219,10 @@ static void Usage(void)
printf("-t Track wolfSSL memory use\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
#ifdef WOLFSSL_SCTP
printf("-G Use SCTP DTLS,"
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
#endif
printf("-f Fewer packets/group messages\n");
printf("-r Allow one client Resumption\n");
printf("-N Use Non-blocking sockets\n");
@@ -271,6 +279,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int usePskPlus = 0;
int useAnon = 0;
int doDTLS = 0;
int dtlsUDP = 0;
int dtlsSCTP = 0;
int needDH = 0;
int useNtruKey = 0;
int nonBlocking = 0;
@@ -366,7 +376,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
useAnyAddr = 1;
#else
while ((ch = mygetopt(argc, argv,
"?jdbstnNufrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:")) != -1) {
"?jdbstnNuGfrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:")) != -1) {
switch (ch) {
case '?' :
Usage();
@@ -400,6 +410,14 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
case 'u' :
doDTLS = 1;
dtlsUDP = 1;
break;
case 'G' :
#ifdef WOLFSSL_SCTP
doDTLS = 1;
dtlsSCTP = 1;
#endif
break;
case 'f' :
@@ -559,6 +577,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
myoptind = 0; /* reset for test cases */
#endif /* !WOLFSSL_VXWORKS */
/* Can only use DTLS over UDP or SCTP, can't do both. */
if (dtlsUDP && dtlsSCTP) {
err_sys("Cannot use DTLS with both UDP and SCTP.");
}
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
@@ -655,7 +678,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
err_sys("unable to load static memory and create ctx");
#else
ctx = SSL_CTX_new(method(NULL));
#endif
#endif /* WOLFSSL_STATIC_MEMORY */
if (ctx == NULL)
err_sys("unable to get ctx");
@@ -685,6 +708,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (fewerPackets)
CyaSSL_CTX_set_group_messages(ctx);
#ifdef WOLFSSL_SCTP
if (dtlsSCTP)
wolfSSL_CTX_dtls_set_sctp(ctx);
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
@@ -806,16 +834,24 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
#endif /* USE_WINDOWS_API */
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret != 0) {
err_sys("Async device open failed");
}
wolfSSL_CTX_UseAsync(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
while (1) {
/* allow resume option */
if(resumeCount > 1) {
if (doDTLS == 0) {
if (dtlsUDP == 0) {
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
clientfd = accept(sockfd, (struct sockaddr*)&client,
(ACCEPT_THIRD_T)&client_len);
} else {
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
tcp_listen(&sockfd, &port, useAnyAddr, dtlsUDP, dtlsSCTP);
clientfd = sockfd;
}
if(WOLFSSL_SOCKET_IS_INVALID(clientfd)) {
@@ -896,7 +932,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
readySignal->srfName = serverReadyFile;
}
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr,
doDTLS, serverReadyFile ? 1 : 0, doListen);
dtlsUDP, dtlsSCTP, serverReadyFile ? 1 : 0, doListen);
doListen = 0; /* Don't listen next time */
if (SSL_set_fd(ssl, clientfd) != SSL_SUCCESS) {
@@ -911,7 +947,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
#ifdef WOLFSSL_DTLS
if (doDTLS) {
if (doDTLS && dtlsUDP) {
SOCKADDR_IN_T cliaddr;
byte b[1500];
int n;
@@ -947,7 +983,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
@@ -1027,7 +1063,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
Task_yield();
#endif
if (doDTLS == 0) {
if (dtlsUDP == 0) {
ret = SSL_shutdown(ssl);
if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
SSL_shutdown(ssl); /* bidirectional shutdown */
@@ -1088,6 +1124,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
TicketCleanup();
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
/* There are use cases when these assignments are not read. To avoid
* potential confusion those warnings have been handled here.
*/
@@ -1112,11 +1152,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
func_args args;
tcp_ready ready;
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0)
err_sys("Cavium OpenNitroxDevice failed");
#endif /* HAVE_CAVIUM */
StartTCP();
@@ -1139,10 +1174,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
CyaSSL_Cleanup();
FreeTcpReady(&ready);
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");
+1
View File
@@ -223,6 +223,7 @@ int CRYPT_SHA512_Finalize(CRYPT_SHA512_CTX* sha512, unsigned char* digest)
int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX* hmac, int type, const unsigned char* key,
unsigned int sz)
{
/* compile-time check to verify CRYPT_HMAC_CTX is large enough to hold Hmac */
typedef char hmac_test[sizeof(CRYPT_HMAC_CTX) >= sizeof(Hmac) ? 1 : -1];
(void)sizeof(hmac_test);
+1 -1
View File
@@ -104,7 +104,7 @@ enum {
/* HMAC */
typedef struct CRYPT_HMAC_CTX {
long long holder[67]; /* big enough to hold internal, but check on init */
long long holder[68]; /* big enough to hold internal, but check on init */
} CRYPT_HMAC_CTX;
int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX*, int, const unsigned char*, unsigned int);
+2 -2
View File
@@ -25,14 +25,14 @@ sleep 1
# client test against our own server - GOOD CERT
./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
# client test against our own server - REVOKED CERT
./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
+6 -6
View File
@@ -16,39 +16,39 @@ sleep 1
# client test against our own server - GOOD CERTS
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
# client test against our own server - REVOKED SERVER CERT
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
# client test against our own server - REVOKED INTERMEDIATE CERT
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
sleep 1
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
+63 -47
View File
@@ -5,6 +5,7 @@
# need a unique resume port since may run the same time as testsuite
# use server port zero hack to get one
resume_string="reused"
ems_string="Extended\ Master\ Secret"
resume_port=0
no_pid=-1
server_pid=$no_pid
@@ -41,57 +42,72 @@ do_trap() {
exit -1
}
do_test() {
echo -e "\nStarting example server for resume test...\n"
remove_ready_file
./examples/server/server -r -R $ready_file -p $resume_port &
server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
else
echo -e "NO ready file ending test..."
do_cleanup
exit 1
fi
# get created port 0 ephemeral port
resume_port=`cat $ready_file`
capture_out=$(./examples/client/client $1 -r -p $resume_port 2>&1)
client_result=$?
if [ $client_result != 0 ]
then
echo -e "client failed!"
do_cleanup
exit 1
fi
wait $server_pid
server_result=$?
remove_ready_file
if [ $server_result != 0 ]
then
echo -e "client failed!"
exit 1
fi
case "$capture_out" in
*$resume_string*)
echo "resumed session" ;;
*)
echo "did NOT resume session as expected"
exit 1
;;
esac
}
trap do_trap INT TERM
echo -e "\nStarting example server for resume test...\n"
do_test
remove_ready_file
./examples/server/server -r -R $ready_file -p $resume_port &
server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..."
sleep 0.1
counter=$((counter+ 1))
done
if test -e $ready_file; then
echo -e "found ready file, starting client..."
else
echo -e "NO ready file ending test..."
do_cleanup
exit 1
fi
# get created port 0 ephemeral port
resume_port=`cat $ready_file`
capture_out=$(./examples/client/client -r -p $resume_port 2>&1)
client_result=$?
if [ $client_result != 0 ]
then
echo -e "client failed!"
do_cleanup
exit 1
fi
wait $server_pid
server_result=$?
remove_ready_file
if [ $server_result != 0 ]
then
echo -e "client failed!"
exit 1
fi
case "$capture_out" in
*$resume_string*)
echo "resumed session" ;;
# Check the client for the extended master secret disable option. If
# present we need to run the test twice.
options_check=`./examples/client/client -?`
case "$options_check" in
*$ems_string*)
echo -e "\nRepeating resume test without extended master secret..."
do_test -n ;;
*)
echo "did NOT resume session as expected"
exit 1
;;
esac
+14 -5
View File
@@ -62,9 +62,22 @@ endif
src_libwolfssl_la_SOURCES += \
wolfcrypt/src/hmac.c \
wolfcrypt/src/random.c \
wolfcrypt/src/sha256.c \
wolfcrypt/src/hash.c
if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
else
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256.c
endif
if BUILD_WOLFEVENT
src_libwolfssl_la_SOURCES += wolfcrypt/src/wolfevent.c
endif
if BUILD_ASYNCCRYPT
src_libwolfssl_la_SOURCES += wolfcrypt/src/async.c
endif
if !BUILD_USER_RSA
if BUILD_RSA
if BUILD_FAST_RSA
@@ -254,8 +267,4 @@ if BUILD_SNIFFER
src_libwolfssl_la_SOURCES += src/sniffer.c
endif
if BUILD_ASYNCCRYPT
src_libwolfssl_la_SOURCES += src/async.c
endif
endif # !BUILD_CRYPTONLY
+3299 -2480
View File
File diff suppressed because it is too large Load Diff
+2 -2
View File
@@ -1015,7 +1015,7 @@ static int process_http_response(int sfd, byte** respBuf,
XMEMCPY(recvBuf, start, len);
/* receive the OCSP response data */
do {
while (len < recvBufSz) {
result = (int)recv(sfd, (char*)recvBuf+len, recvBufSz-len, 0);
if (result > 0)
len += result;
@@ -1023,7 +1023,7 @@ static int process_http_response(int sfd, byte** respBuf,
WOLFSSL_MSG("process_http_response recv ocsp from peer failed");
return -1;
}
} while (len != recvBufSz);
}
*respBuf = recvBuf;
return recvBufSz;
+26 -26
View File
@@ -2070,18 +2070,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
if (dec && dec->arc4 == NULL)
return MEMORY_E;
#ifdef HAVE_CAVIUM
if (devId != NO_CAVIUM_DEVICE) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (devId != INVALID_DEVID) {
if (enc) {
if (wc_Arc4InitCavium(enc->arc4, devId) != 0) {
WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_Arc4AsyncInit(enc->arc4, devId) != 0) {
WOLFSSL_MSG("Arc4AsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
if (dec) {
if (wc_Arc4InitCavium(dec->arc4, devId) != 0) {
WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_Arc4AsyncInit(dec->arc4, devId) != 0) {
WOLFSSL_MSG("Arc4AsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
}
@@ -2282,18 +2282,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
if (dec && dec->des3 == NULL)
return MEMORY_E;
#ifdef HAVE_CAVIUM
if (devId != NO_CAVIUM_DEVICE) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (devId != INVALID_DEVID) {
if (enc) {
if (wc_Des3_InitCavium(enc->des3, devId) != 0) {
WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_Des3AsyncInit(enc->des3, devId) != 0) {
WOLFSSL_MSG("Des3AsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
if (dec) {
if (wc_Des3_InitCavium(dec->des3, devId) != 0) {
WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_Des3AsyncInit(dec->des3, devId) != 0) {
WOLFSSL_MSG("Des3AsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
}
@@ -2346,18 +2346,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (dec && dec->aes == NULL)
return MEMORY_E;
#ifdef HAVE_CAVIUM
if (devId != NO_CAVIUM_DEVICE) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (devId != INVALID_DEVID) {
if (enc) {
if (wc_AesInitCavium(enc->aes, devId) != 0) {
WOLFSSL_MSG("AesInitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_AesAsyncInit(enc->aes, devId) != 0) {
WOLFSSL_MSG("AesAsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
if (dec) {
if (wc_AesInitCavium(dec->aes, devId) != 0) {
WOLFSSL_MSG("AesInitCavium failed in SetKeys");
return CAVIUM_INIT_E;
if (wc_AesAsyncInit(dec->aes, devId) != 0) {
WOLFSSL_MSG("AesAsyncInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
}
@@ -2675,14 +2675,14 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
*/
int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
{
int devId = NO_CAVIUM_DEVICE, ret, copy = 0;
int devId = INVALID_DEVID, ret, copy = 0;
Ciphers* wc_encrypt = NULL;
Ciphers* wc_decrypt = NULL;
Keys* keys = &ssl->keys;
(void)copy;
#ifdef HAVE_CAVIUM
#ifdef WOLFSSL_ASYNC_CRYPT
devId = ssl->devId;
#endif
+236 -5
View File
@@ -90,6 +90,7 @@ enum {
EXT_TYPE_SZ = 2, /* Extension length */
MAX_INPUT_SZ = MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA +
MTU_EXTRA, /* Max input sz of reassembly */
EXT_MASTER_SECRET = 0x17, /* Extended Master Secret Extension ID */
TICKET_EXT_ID = 0x23 /* Session Ticket Extension ID */
};
@@ -253,7 +254,8 @@ static const char* const msgTable[] =
"Clear ACK Fault",
/* 81 */
"Bad Decrypt Size"
"Bad Decrypt Size",
"Extended Master Secret Hash Error"
};
@@ -329,6 +331,9 @@ typedef struct Flags {
byte srvAckFault; /* server acked unseen data from client */
byte cliSkipPartial; /* client skips partial data to catch up */
byte srvSkipPartial; /* server skips partial data to catch up */
#ifdef HAVE_EXTENDED_MASTER
byte expectEms; /* expect extended master secret */
#endif
} Flags;
@@ -341,6 +346,24 @@ typedef struct FinCaputre {
} FinCaputre;
typedef struct HsHashes {
#ifndef NO_OLD_TLS
#ifndef NO_SHA
Sha hashSha;
#endif
#ifndef NO_MD5
Md5 hashMd5;
#endif
#endif
#ifndef NO_SHA256
Sha256 hashSha256;
#endif
#ifdef WOLFSSL_SHA384
Sha384 hashSha384;
#endif
} HsHashes;
/* Sniffer Session holds info for each client/server SSL/TLS session */
typedef struct SnifferSession {
SnifferServer* context; /* server context */
@@ -363,6 +386,9 @@ typedef struct SnifferSession {
word32 srvReassemblyMemory; /* server packet memory used */
struct SnifferSession* next; /* for hash table list */
byte* ticketID; /* mac ID of session ticket */
#ifdef HAVE_EXTENDED_MASTER
HsHashes* hash;
#endif
} SnifferSession;
@@ -483,6 +509,9 @@ static void FreeSnifferSession(SnifferSession* session)
FreePacketList(session->srvReassemblyList);
free(session->ticketID);
#ifdef HAVE_EXTENDED_MASTER
free(session->hash);
#endif
}
free(session);
}
@@ -533,6 +562,91 @@ void ssl_FreeSniffer(void)
}
#ifdef HAVE_EXTENDED_MASTER
static int HashInit(HsHashes* hash)
{
int ret = 0;
XMEMSET(hash, 0, sizeof(HsHashes));
#ifndef NO_OLD_TLS
#ifndef NO_SHA
if (ret == 0)
ret = wc_InitSha(&hash->hashSha);
#endif
#ifndef NO_MD5
if (ret == 0)
wc_InitMd5(&hash->hashMd5);
#endif
#endif
#ifndef NO_SHA256
if (ret == 0)
ret = wc_InitSha256(&hash->hashSha256);
#endif
#ifdef WOLFSSL_SHA384
if (ret == 0)
ret = wc_InitSha384(&hash->hashSha384);
#endif
return ret;
}
static int HashUpdate(HsHashes* hash, const byte* input, int sz)
{
int ret = 0;
input -= HANDSHAKE_HEADER_SZ;
sz += HANDSHAKE_HEADER_SZ;
#ifndef NO_OLD_TLS
#ifndef NO_SHA
if (ret == 0)
ret = wc_ShaUpdate(&hash->hashSha, input, sz);
#endif
#ifndef NO_MD5
if (ret == 0)
wc_Md5Update(&hash->hashMd5, input, sz);
#endif
#endif
#ifndef NO_SHA256
if (ret == 0)
ret = wc_Sha256Update(&hash->hashSha256, input, sz);
#endif
#ifdef WOLFSSL_SHA384
if (ret == 0)
ret = wc_Sha384Update(&hash->hashSha384, input, sz);
#endif
return ret;
}
static int HashCopy(HS_Hashes* d, HsHashes* s)
{
#ifndef NO_OLD_TLS
#ifndef NO_SHA
XMEMCPY(&d->hashSha, &s->hashSha, sizeof(Sha));
#endif
#ifndef NO_MD5
XMEMCPY(&d->hashMd5, &s->hashMd5, sizeof(Md5));
#endif
#endif
#ifndef NO_SHA256
XMEMCPY(&d->hashSha256, &s->hashSha256, sizeof(Sha256));
#endif
#ifdef WOLFSSL_SHA384
XMEMCPY(&d->hashSha384, &s->hashSha384, sizeof(Sha384));
#endif
return 0;
}
#endif
/* Initialize a SnifferServer */
static void InitSnifferServer(SnifferServer* sniffer)
{
@@ -563,6 +677,9 @@ static void InitFlags(Flags* flags)
flags->srvAckFault = 0;
flags->cliSkipPartial = 0;
flags->srvSkipPartial = 0;
#ifdef HAVE_EXTENDED_MASTER
flags->expectEms = 0;
#endif
}
@@ -600,6 +717,9 @@ static void InitSession(SnifferSession* session)
InitFlags(&session->flags);
InitFinCapture(&session->finCaputre);
#ifdef HAVE_EXTENDED_MASTER
session->hash = 0;
#endif
}
@@ -1483,13 +1603,17 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
/* Process Server Hello */
static int ProcessServerHello(const byte* input, int* sslBytes,
static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
SnifferSession* session, char* error)
{
ProtocolVersion pv;
byte b;
int toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
int doResume = 0;
int initialBytes = *sslBytes;
(void)msgSz;
(void)initialBytes;
/* make sure we didn't miss ClientHello */
if (session->flags.clientHello == 0) {
@@ -1548,6 +1672,62 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
return -1;
}
#ifdef HAVE_EXTENDED_MASTER
/* extensions */
if ((initialBytes - *sslBytes) < msgSz) {
word16 len;
/* skip extensions until extended master secret */
/* make sure can read len */
if (SUITE_LEN > *sslBytes) {
SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
len = (word16)((input[0] << 8) | input[1]);
input += SUITE_LEN;
*sslBytes -= SUITE_LEN;
/* make sure can read through all extensions */
if (len > *sslBytes) {
SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
byte extType[EXT_TYPE_SZ];
word16 extLen;
extType[0] = input[0];
extType[1] = input[1];
input += EXT_TYPE_SZ;
*sslBytes -= EXT_TYPE_SZ;
extLen = (word16)((input[0] << 8) | input[1]);
input += LENGTH_SZ;
*sslBytes -= LENGTH_SZ;
/* make sure can read through individual extension */
if (extLen > *sslBytes) {
SetError(SERVER_HELLO_INPUT_STR, error, session,
FATAL_ERROR_STATE);
return -1;
}
if (extType[0] == 0x00 && extType[1] == EXT_MASTER_SECRET) {
session->flags.expectEms = 1;
}
input += extLen;
*sslBytes -= extLen;
len -= extLen + EXT_TYPE_SZ + LENGTH_SZ;
}
}
if (!session->flags.expectEms) {
free(session->hash);
session->hash = NULL;
}
#endif
if (session->sslServer->options.haveSessionId &&
XMEMCMP(session->sslServer->arrays->sessionID,
session->sslClient->arrays->sessionID, ID_LEN) == 0)
@@ -1758,7 +1938,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
return -1;
}
while (len > EXT_TYPE_SZ + LENGTH_SZ) {
while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
byte extType[EXT_TYPE_SZ];
word16 extLen;
@@ -1883,6 +2063,16 @@ static int DoHandShake(const byte* input, int* sslBytes,
return -1;
}
#ifdef HAVE_EXTENDED_MASTER
if (session->hash) {
if (HashUpdate(session->hash, input, size) != 0) {
SetError(EXTENDED_MASTER_HASH_STR, error,
session, FATAL_ERROR_STATE);
return -1;
}
}
#endif
switch (type) {
case hello_verify_request:
Trace(GOT_HELLO_VERIFY_STR);
@@ -1896,7 +2086,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
break;
case server_hello:
Trace(GOT_SERVER_HELLO_STR);
ret = ProcessServerHello(input, sslBytes, session, error);
ret = ProcessServerHello(size, input, sslBytes, session, error);
break;
case certificate_request:
Trace(GOT_CERT_REQ_STR);
@@ -1923,7 +2113,32 @@ static int DoHandShake(const byte* input, int* sslBytes,
break;
case client_key_exchange:
Trace(GOT_CLIENT_KEY_EX_STR);
ret = ProcessClientKeyExchange(input, sslBytes, session, error);
#ifdef HAVE_EXTENDED_MASTER
if (session->flags.expectEms && session->hash != NULL) {
if (HashCopy(session->sslServer->hsHashes,
session->hash) == 0 &&
HashCopy(session->sslClient->hsHashes,
session->hash) == 0) {
session->sslServer->options.haveEMS = 1;
session->sslClient->options.haveEMS = 1;
}
else {
SetError(EXTENDED_MASTER_HASH_STR, error,
session, FATAL_ERROR_STATE);
ret = -1;
}
XMEMSET(session->hash, 0, sizeof(HsHashes));
free(session->hash);
session->hash = NULL;
}
else {
session->sslServer->options.haveEMS = 0;
session->sslClient->options.haveEMS = 0;
}
#endif
if (ret == 0)
ret = ProcessClientKeyExchange(input, sslBytes, session, error);
break;
case certificate_verify:
Trace(GOT_CERT_VER_STR);
@@ -2135,6 +2350,22 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
return 0;
}
InitSession(session);
#ifdef HAVE_EXTENDED_MASTER
{
HsHashes* newHash = (HsHashes*)malloc(sizeof(HsHashes));
if (newHash == NULL) {
SetError(MEMORY_STR, error, NULL, 0);
free(session);
return 0;
}
if (HashInit(newHash) != 0) {
SetError(EXTENDED_MASTER_HASH_STR, error, NULL, 0);
free(session);
return 0;
}
session->hash = newHash;
}
#endif
session->server = ipInfo->dst;
session->client = ipInfo->src;
session->srvPort = (word16)tcpInfo->dstPort;
+152 -161
View File
@@ -547,6 +547,61 @@ int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz)
return SSL_NOT_IMPLEMENTED;
#endif
}
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx)
{
WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_sctp()");
if (ctx == NULL)
return BAD_FUNC_ARG;
ctx->dtlsSctp = 1;
return SSL_SUCCESS;
}
int wolfSSL_dtls_set_sctp(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_dtls_set_sctp()");
if (ssl == NULL)
return BAD_FUNC_ARG;
ssl->options.dtlsSctp = 1;
return SSL_SUCCESS;
}
int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, word16 newMtu)
{
if (ctx == NULL || newMtu > MAX_RECORD_SIZE)
return BAD_FUNC_ARG;
ctx->dtlsMtuSz = newMtu;
return SSL_SUCCESS;
}
int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
if (newMtu > MAX_RECORD_SIZE) {
ssl->error = BAD_FUNC_ARG;
return SSL_FAILURE;
}
ssl->dtlsMtuSz = newMtu;
return SSL_SUCCESS;
}
#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
#endif /* WOLFSSL_LEANPSK */
@@ -638,32 +693,10 @@ int wolfSSL_GetObjectSize(void)
return sizeof(WOLFSSL);
}
#endif
#ifdef WOLFSSL_STATIC_MEMORY
int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap)
{
word32 wc_MemSz[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS };
word32 wc_Dist[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST };
if (heap == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(heap, 0, sizeof(WOLFSSL_HEAP));
XMEMCPY(heap->sizeList, wc_MemSz, sizeof(wc_MemSz));
XMEMCPY(heap->distList, wc_Dist, sizeof(wc_Dist));
if (InitMutex(&(heap->memory_mutex)) != 0) {
WOLFSSL_MSG("Error creating heap memory mutex");
return BAD_MUTEX_E;
}
return SSL_SUCCESS;
}
int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method,
unsigned char* buf, unsigned int sz,
int flag, int max)
@@ -680,34 +713,23 @@ int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method
return BAD_FUNC_ARG;
}
if (*ctx == NULL) {
if (*ctx == NULL || (*ctx)->heap == NULL) {
if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) {
return BUFFER_E; /* not enough memory for structures */
}
heap = (WOLFSSL_HEAP*)buf;
idx += sizeof(WOLFSSL_HEAP);
if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) {
if (wolfSSL_init_memory_heap(heap) != 0) {
return SSL_FAILURE;
}
hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
idx += sizeof(WOLFSSL_HEAP_HINT);
XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
hint->memory = heap;
}
else if ((*ctx)->heap == NULL) {
if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) {
return BUFFER_E; /* not enough memory for structures */
if (*ctx && (*ctx)->heap == NULL) {
(*ctx)->heap = (void*)hint;
}
heap = (WOLFSSL_HEAP*)buf;
idx += sizeof(WOLFSSL_HEAP);
if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) {
return SSL_FAILURE;
}
hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
idx += sizeof(WOLFSSL_HEAP_HINT);
XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
hint->memory = heap;
(*ctx)->heap = (void*)hint;
}
else {
#ifdef WOLFSSL_HEAP_TEST
@@ -767,7 +789,7 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats)
}
}
return (ssl->heap)? 1 : 0;
return (ssl->heap) ? 1 : 0;
}
@@ -786,7 +808,7 @@ int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats)
}
}
return (ctx->heap)? 1 : 0;
return (ctx->heap) ? 1 : 0;
}
#endif /* WOLFSSL_STATIC_MEMORY */
@@ -1053,17 +1075,22 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
#ifdef HAVE_ERRNO_H
errno = 0;
#endif
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls)
if (ssl->options.dtls) {
ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
#ifdef WOLFSSL_SCTP
if (ssl->options.dtlsSctp)
ssl->dtls_expected_rx = max(ssl->dtls_expected_rx, ssl->dtlsMtuSz);
#endif
}
#endif
sz = min(sz, OUTPUT_RECORD_SIZE);
#ifdef HAVE_MAX_FRAGMENT
ret = ReceiveData(ssl, (byte*)data,
min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)),peek);
#else
ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
sz = min(sz, ssl->max_fragment);
#endif
ret = ReceiveData(ssl, (byte*)data, sz, peek);
WOLFSSL_LEAVE("wolfSSL_read_internal()", ret);
@@ -1090,10 +1117,10 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
}
#ifdef HAVE_CAVIUM
#ifdef WOLFSSL_ASYNC_CRYPT
/* let's use cavium, SSL_SUCCESS on ok */
int wolfSSL_UseCavium(WOLFSSL* ssl, int devId)
/* let's use async hardware, SSL_SUCCESS on ok */
int wolfSSL_UseAsync(WOLFSSL* ssl, int devId)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
@@ -1104,8 +1131,8 @@ int wolfSSL_UseCavium(WOLFSSL* ssl, int devId)
}
/* let's use cavium, SSL_SUCCESS on ok */
int wolfSSL_CTX_UseCavium(WOLFSSL_CTX* ctx, int devId)
/* let's use async hardware, SSL_SUCCESS on ok */
int wolfSSL_CTX_UseAsync(WOLFSSL_CTX* ctx, int devId)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
@@ -1115,8 +1142,7 @@ int wolfSSL_CTX_UseCavium(WOLFSSL_CTX* ctx, int devId)
return SSL_SUCCESS;
}
#endif /* HAVE_CAVIUM */
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef HAVE_SNI
@@ -1723,6 +1749,35 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
}
#endif
#ifdef HAVE_EXTENDED_MASTER
#ifndef NO_WOLFSSL_CLIENT
int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
ctx->haveEMS = 0;
return SSL_SUCCESS;
}
int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
ssl->options.haveEMS = 0;
return SSL_SUCCESS;
}
#endif
#endif
#ifndef WOLFSSL_LEANPSK
int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags)
@@ -4544,7 +4599,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
InitDecodedCert(cert, der, sz, NULL);
if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm)) != 0) {
WOLFSSL_MSG("ParseCert failed");
}
else if ((ret = CheckCertOCSP(cm->ocsp, cert, NULL)) != 0) {
@@ -5020,7 +5075,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
InitDecodedCert(cert, der, sz, NULL);
if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm)) != 0) {
WOLFSSL_MSG("ParseCert failed");
}
else if ((ret = CheckCertCRL(cm->crl, cert)) != 0) {
@@ -6787,6 +6842,21 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
}
#endif
/* If SCTP is not enabled returns the state of the dtls option.
* If SCTP is enabled returns dtls && !sctp. */
static INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
{
int result = ssl->options.dtls;
if (result) {
#ifdef WOLFSSL_SCTP
result = !ssl->options.dtlsSctp;
#endif
}
return result;
}
/* please see note at top of README if you get an error from connect */
int wolfSSL_connect(WOLFSSL* ssl)
{
@@ -6856,7 +6926,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
/* In DTLS, when resuming, we can go straight to FINISHED,
* or do a cookie exchange and then skip to FINISHED, assume
* we need the cookie exchange first. */
if (ssl->options.dtls)
if (IsDtlsNotSctpMode(ssl))
neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
#endif
/* get response */
@@ -6868,7 +6938,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
/* if resumption failed, reset needed state */
else if (neededState == SERVER_FINISHED_COMPLETE)
if (!ssl->options.resuming) {
if (!ssl->options.dtls)
if (!IsDtlsNotSctpMode(ssl))
neededState = SERVER_HELLODONE_COMPLETE;
else
neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
@@ -6883,7 +6953,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
return SSL_SUCCESS;
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
if (IsDtlsNotSctpMode(ssl)) {
/* re-init hashes, exclude first hello and verify request */
#ifndef NO_OLD_TLS
wc_InitMd5(&ssl->hsHashes->hashMd5);
@@ -6928,7 +6998,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
case HELLO_AGAIN_REPLY :
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
if (IsDtlsNotSctpMode(ssl)) {
neededState = ssl->options.resuming ?
SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
@@ -7806,6 +7876,7 @@ int AddSession(WOLFSSL* ssl)
XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
ssl->arrays->masterSecret, SECRET_LEN);
SessionCache[row].Sessions[idx].haveEMS = ssl->options.haveEMS;
XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID,
ID_LEN);
SessionCache[row].Sessions[idx].sessionIDSz = ssl->arrays->sessionIDSz;
@@ -19016,118 +19087,38 @@ void* wolfSSL_get_jobject(WOLFSSL* ssl)
#endif /* WOLFSSL_JNI */
#ifdef HAVE_WOLF_EVENT
static int _wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLFSSL* ssl, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount)
#ifdef WOLFSSL_ASYNC_CRYPT
int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
WOLF_EVENT_FLAG flags, int* eventCount)
{
WOLF_EVENT* event, *event_prev = NULL;
int count = 0, ret = SSL_ERROR_NONE;
if (ctx == NULL || maxEvents <= 0) {
if (ctx == NULL) {
return BAD_FUNC_ARG;
}
/* Events arg can be NULL only if peek */
if (events == NULL && !(flags & WOLF_POLL_FLAG_PEEK)) {
return wolfAsync_EventQueuePoll(&ctx->event_queue, NULL,
events, maxEvents, flags, eventCount);
}
int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags)
{
int ret, eventCount = 0;
WOLF_EVENT* events[1];
if (ssl == NULL) {
return BAD_FUNC_ARG;
}
#ifndef SINGLE_THREADED
/* In single threaded mode "event_queue.lock" doesn't exist */
if (LockMutex(&ctx->event_queue.lock) != 0) {
return BAD_MUTEX_E;
}
#endif
/* Itterate event queue */
for (event = ctx->event_queue.head; event != NULL; event = event->next)
{
byte removeEvent = 0;
/* Optionally filter by ssl object pointer */
if (ssl == NULL || (ssl == event->ssl)) {
if (flags & WOLF_POLL_FLAG_PEEK) {
if (events) {
/* Copy event data to provided buffer */
XMEMCPY(&events[count], event, sizeof(WOLF_EVENT));
}
count++;
}
else {
/* Check hardware */
if (flags & WOLF_POLL_FLAG_CHECK_HW) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST &&
event->type <= WOLF_EVENT_TYPE_ASYNC_LAST)
{
ret = wolfSSL_async_poll(event, flags);
}
#endif /* WOLFSSL_ASYNC_CRYPT */
}
/* If event is done then return in 'events' argument */
if (event->done) {
/* Copy event data to provided buffer */
XMEMCPY(&events[count], event, sizeof(WOLF_EVENT));
count++;
removeEvent = 1;
}
}
}
if (removeEvent) {
/* Remove from queue list */
if (event_prev == NULL) {
ctx->event_queue.head = event->next;
if (ctx->event_queue.head == NULL) {
ctx->event_queue.tail = NULL;
}
}
else {
event_prev->next = event->next;
}
}
else {
/* Leave in queue, save prev pointer */
event_prev = event;
}
/* Check to make sure our event list isn't full */
if (events && count >= maxEvents) {
break; /* Exit for */
}
/* Check for error */
if (ret < 0) {
break; /* Exit for */
}
}
#ifndef SINGLE_THREADED
UnLockMutex(&ctx->event_queue.lock);
#endif
/* Return number of properly populated events */
if (eventCount) {
*eventCount = count;
/* not filtering on "ssl", since its the asyncDev */
ret = wolfAsync_EventQueuePoll(&ssl->ctx->event_queue, NULL,
events, sizeof(events)/sizeof(events), flags, &eventCount);
if (ret == 0 && eventCount > 0) {
ret = 1; /* Success */
}
return ret;
}
#endif /* WOLFSSL_ASYNC_CRYPT */
int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount)
{
return _wolfSSL_CTX_poll(ctx, NULL, events, maxEvents, flags, eventCount);
}
int wolfSSL_poll(WOLFSSL* ssl, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount)
{
return _wolfSSL_CTX_poll(ssl->ctx, ssl, events, maxEvents, flags,
eventCount);
}
#endif /* HAVE_WOLF_EVENT */
#endif /* WOLFCRYPT_ONLY */
+118 -15
View File
@@ -341,21 +341,23 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
#endif
int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen)
{
const byte* side;
byte handshake_hash[HSHASH_SZ];
word32 hashSz = FINISHED_SZ;
word32 hashSz = FINISHED_SZ;
if (ssl == NULL || hash == NULL || hashLen == NULL || *hashLen < HSHASH_SZ)
return BAD_FUNC_ARG;
#ifndef NO_OLD_TLS
wc_Md5GetHash(&ssl->hsHashes->hashMd5, handshake_hash);
wc_ShaGetHash(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash);
wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[MD5_DIGEST_SIZE]);
#endif
if (IsAtLeastTLSv1_2(ssl)) {
#ifndef NO_SHA256
if (ssl->specs.mac_algorithm <= sha256_mac || ssl->specs.mac_algorithm == blake2b_mac) {
int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash);
if (ssl->specs.mac_algorithm <= sha256_mac ||
ssl->specs.mac_algorithm == blake2b_mac) {
int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash);
if (ret != 0)
return ret;
@@ -365,7 +367,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#endif
#ifdef WOLFSSL_SHA384
if (ssl->specs.mac_algorithm == sha384_mac) {
int ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,handshake_hash);
int ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash);
if (ret != 0)
return ret;
@@ -375,6 +377,23 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#endif
}
*hashLen = hashSz;
return 0;
}
int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
{
int ret;
const byte* side;
byte handshake_hash[HSHASH_SZ];
word32 hashSz = HSHASH_SZ;
ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
if (ret < 0)
return ret;
if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
side = tls_client;
else
@@ -420,6 +439,10 @@ ProtocolVersion MakeTLSv1_2(void)
}
#ifdef HAVE_EXTENDED_MASTER
static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] =
"extended master secret";
#endif
static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
@@ -490,10 +513,41 @@ int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
}
#ifdef HAVE_EXTENDED_MASTER
/* External facing wrapper so user can call as well, 0 on success */
int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
const byte* pms, word32 pmsLen,
const byte* sHash, word32 sHashLen,
int tls1_2, int hash_type)
{
return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ,
sHash, sHashLen, tls1_2, hash_type);
}
#endif /* HAVE_EXTENDED_MASTER */
int MakeTlsMasterSecret(WOLFSSL* ssl)
{
int ret;
int ret;
#ifdef HAVE_EXTENDED_MASTER
byte handshake_hash[HSHASH_SZ];
word32 hashSz = HSHASH_SZ;
if (ssl->options.haveEMS) {
ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
if (ret < 0)
return ret;
ret = wolfSSL_MakeTlsExtendedMasterSecret(
ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
handshake_hash, hashSz,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
} else
#endif
ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
ssl->arrays->clientRandom, ssl->arrays->serverRandom,
@@ -4434,7 +4488,13 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl)
length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1);
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
length += ssl->suites->hashSigAlgoSz + HELLO_EXT_LEN;
length += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ
+ ssl->suites->hashSigAlgoSz;
#ifdef HAVE_EXTENDED_MASTER
if (ssl->options.haveEMS)
length += HELLO_EXT_SZ;
#endif
}
if (length)
@@ -4465,15 +4525,15 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
offset += TLSX_Write(ssl->ctx->extensions, output + offset,
semaphore, 1);
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
{
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) {
int i;
/* extension type */
c16toa(HELLO_EXT_SIG_ALGO, output + offset);
offset += HELLO_EXT_TYPE_SZ;
/* extension data length */
c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, output + offset);
c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz,
output + offset);
offset += OPAQUE16_LEN;
/* sig algos length */
@@ -4485,6 +4545,15 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
output[offset] = ssl->suites->hashSigAlgo[i];
}
#ifdef HAVE_EXTENDED_MASTER
if (ssl->options.haveEMS) {
c16toa(HELLO_EXT_EXTMS, output + offset);
offset += HELLO_EXT_TYPE_SZ;
c16toa(0, output + offset);
offset += HELLO_EXT_SZ_SZ;
}
#endif
if (offset > OPAQUE16_LEN)
c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
}
@@ -4511,13 +4580,18 @@ word16 TLSX_GetResponseSize(WOLFSSL* ssl)
}
#endif
#ifdef HAVE_EXTENDED_MASTER
if (ssl->options.haveEMS)
length += HELLO_EXT_SZ;
#endif
if (TLSX_SupportExtensions(ssl))
length += TLSX_GetSize(ssl->extensions, semaphore, 0);
/* All the response data is set at the ssl object only, so no ctx here. */
if (length)
length += OPAQUE16_LEN; /* for total length storage */
length += OPAQUE16_LEN; /* for total length storage. */
return length;
}
@@ -4534,6 +4608,15 @@ word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output)
offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0);
#ifdef HAVE_EXTENDED_MASTER
if (ssl->options.haveEMS) {
c16toa(HELLO_EXT_EXTMS, output + offset);
offset += HELLO_EXT_TYPE_SZ;
c16toa(0, output + offset);
offset += HELLO_EXT_SZ_SZ;
}
#endif
if (offset > OPAQUE16_LEN)
c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
}
@@ -4549,6 +4632,9 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
{
int ret = 0;
word16 offset = 0;
#ifdef HAVE_EXTENDED_MASTER
byte pendingEMS = 0;
#endif
if (!ssl || !input || (isRequest && !suites))
return BAD_FUNC_ARG;
@@ -4606,6 +4692,18 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
ret = CSR2_PARSE(ssl, input + offset, size, isRequest);
break;
#ifdef HAVE_EXTENDED_MASTER
case HELLO_EXT_EXTMS:
WOLFSSL_MSG("Extended Master Secret extension received");
#ifndef NO_WOLFSSL_SERVER
if (isRequest)
ssl->options.haveEMS = 1;
#endif
pendingEMS = 1;
break;
#endif
case TLSX_RENEGOTIATION_INFO:
WOLFSSL_MSG("Secure Renegotiation extension received");
@@ -4655,6 +4753,11 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
offset += size;
}
#ifdef HAVE_EXTENDED_MASTER
if (!isRequest && ssl->options.haveEMS && !pendingEMS)
ssl->options.haveEMS = 0;
#endif
if (ret == 0)
ret = SNI_VERIFY_PARSE(ssl, isRequest);
+325 -26
View File
@@ -29,6 +29,7 @@
#endif
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_STATIC_MEMORY)
#include <wolfssl/wolfcrypt/memory.h>
#endif /* WOLFSSL_STATIC_MEMORY */
@@ -101,6 +102,22 @@ static int test_wolfSSL_Cleanup(void)
return result;
}
/* Initialize the wolfCrypt state.
* POST: 0 success.
*/
static int test_wolfCrypt_Init(void)
{
int result;
printf(testingFmt, "wolfCrypt_Init()");
result = wolfCrypt_Init();
printf(resultFmt, result == 0 ? passed : failed);
return result;
} /* END test_wolfCrypt_Init */
/*----------------------------------------------------------------------------*
| Method Allocators
*----------------------------------------------------------------------------*/
@@ -194,6 +211,32 @@ static void test_wolfSSL_CTX_use_certificate_file(void)
#endif
}
/* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
* context using buffer.
* PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
* --enable-testcert flag.
*/
static int test_wolfSSL_CTX_use_certificate_buffer(void)
{
#if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
WOLFSSL_CTX* ctx;
int ret;
printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1);
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx);
return ret;
#else
return SSL_SUCCESS;
#endif
} /*END test_wolfSSL_CTX_use_certificate_buffer*/
static void test_wolfSSL_CTX_use_PrivateKey_file(void)
{
@@ -486,6 +529,48 @@ static void test_wolfSSL_SetTmpDH_buffer(void)
#endif
}
/* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
* allowed.
* POST: return 1 on success.
*/
static int test_wolfSSL_SetMinVersion(void)
{
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
int failFlag, itr;
#ifndef NO_OLD_TLS
const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2};
#else
const int versions[] = { WOLFSSL_TLSV1_2 };
#endif
failFlag = SSL_SUCCESS;
AssertTrue(wolfSSL_Init());
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_SetMinVersion()");
for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != SSL_SUCCESS){
failFlag = SSL_FAILURE;
}
}
printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
AssertTrue(wolfSSL_Cleanup());
return failFlag;
} /* END test_wolfSSL_SetMinVersion */
/*----------------------------------------------------------------------------*
| IO
*----------------------------------------------------------------------------*/
@@ -537,6 +622,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
int ret, err = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
@@ -586,7 +672,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
}
ssl = wolfSSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 1);
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1);
CloseSocket(sockfd);
if (wolfSSL_set_fd(ssl, clientfd) != SSL_SUCCESS) {
@@ -602,9 +688,22 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
#endif
#endif
if (wolfSSL_accept(ssl) != SSL_SUCCESS)
{
int err = wolfSSL_get_error(ssl, 0);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = wolfSSL_accept(ssl);
if (ret != SSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
/*err_sys("SSL_accept failed");*/
@@ -666,6 +765,7 @@ static void test_client_nofail(void* args)
char reply[1024];
int input;
int msgSz = (int)XSTRLEN(msg);
int ret, err = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
@@ -700,18 +800,32 @@ static void test_client_nofail(void* args)
}
ssl = wolfSSL_new(ctx);
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, ssl);
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, ssl);
if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done2;
}
if (wolfSSL_connect(ssl) != SSL_SUCCESS)
{
int err = wolfSSL_get_error(ssl, 0);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = wolfSSL_connect(ssl);
if (ret != SSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
/*printf("SSL_connect failed");*/
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
/*err_sys("SSL_connect failed");*/
goto done2;
}
@@ -759,6 +873,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
int ret, err = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
@@ -805,14 +920,14 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
socklen_t cliLen;
cliLen = sizeof(cliAddr);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0);
idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK,
(struct sockaddr*)&cliAddr, &cliLen);
AssertIntGT(idx, 0);
wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
}
else {
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 1);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1);
CloseSocket(sfd);
}
@@ -829,13 +944,27 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
/* AssertIntEQ(SSL_SUCCESS, wolfSSL_accept(ssl)); */
if (wolfSSL_accept(ssl) != SSL_SUCCESS) {
int err = wolfSSL_get_error(ssl, 0);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = wolfSSL_accept(ssl);
if (ret != SSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
} else {
/*err_sys("SSL_accept failed");*/
}
else {
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
printf("Client message: %s\n", input);
@@ -898,6 +1027,7 @@ static void run_wolfssl_client(void* args)
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
int ret, err = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
@@ -922,22 +1052,39 @@ static void run_wolfssl_client(void* args)
ssl = wolfSSL_new(ctx);
if (wolfSSL_dtls(ssl)) {
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 1, ssl);
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
1, 0, ssl);
}
else {
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, ssl);
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, ssl);
}
AssertIntEQ(SSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
int err = wolfSSL_get_error(ssl, 0);
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = wolfSSL_connect(ssl);
if (ret != SSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
} else {
/*err_sys("SSL_connect failed");*/
}
else {
AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
@@ -1780,6 +1927,28 @@ static void test_wolfSSL_UseALPN(void)
#endif
}
static void test_wolfSSL_DisableExtendedMasterSecret(void)
{
#ifdef HAVE_EXTENDED_MASTER
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
AssertIntNE(SSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));
/* success cases */
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
AssertIntEQ(SSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
/*----------------------------------------------------------------------------*
| X509 Tests
*----------------------------------------------------------------------------*/
@@ -1827,6 +1996,126 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
#endif /* !NO_CERTS */
}
/* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade
* version allowed.
* POST: 1 on success.
*/
static int test_wolfSSL_CTX_SetMinVersion(void)
{
WOLFSSL_CTX* ctx;
int failFlag, itr;
#ifndef NO_OLD_TLS
const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2 };
#else
const int versions[] = { WOLFSSL_TLSV1_2 };
#endif
failFlag = SSL_SUCCESS;
AssertTrue(wolfSSL_Init());
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
printf(testingFmt, "wolfSSL_CTX_SetMinVersion()");
for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != SSL_SUCCESS){
failFlag = SSL_FAILURE;
}
}
printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx);
AssertTrue(wolfSSL_Cleanup());
return failFlag;
} /* END test_wolfSSL_CTX_SetMinVersion */
/*----------------------------------------------------------------------------*
| OCSP Stapling
*----------------------------------------------------------------------------*/
/* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need
* need to contact the CA, lowering the cost of cert revocation checking.
* PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
* POST: 1 returned for success.
*/
static int test_wolfSSL_UseOCSPStapling(void)
{
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP)
int ret;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
wolfSSL_Init();
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStapling()");
ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE);
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
if(ret != SSL_SUCCESS){
wolfSSL_Cleanup();
return SSL_FAILURE;
}
return wolfSSL_Cleanup();
#else
return SSL_SUCCESS;
#endif
} /*END test_wolfSSL_UseOCSPStapling */
/* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 funciton. OCSP
* stapling eliminates the need ot contact the CA and lowers cert revocation
* check.
* PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined.
*/
static int test_wolfSSL_UseOCSPStaplingV2(void)
{
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP)
int ret;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
wolfSSL_Init();
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()");
ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE );
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
if(ret != SSL_SUCCESS){
wolfSSL_Cleanup();
return SSL_FAILURE;
}
return wolfSSL_Cleanup();
#else
return SSL_SUCCESS;
#endif
} /*END test_wolfSSL_UseOCSPStaplingV2*/
/*----------------------------------------------------------------------------*
| Main
@@ -1835,11 +2124,13 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
void ApiTest(void)
{
printf(" Begin API Tests\n");
test_wolfSSL_Init();
AssertIntEQ(test_wolfSSL_Init(), SSL_SUCCESS);
/* wolfcrypt initialization tests */
AssertFalse(test_wolfCrypt_Init());
test_wolfSSL_Method_Allocators();
test_wolfSSL_CTX_new(wolfSSLv23_server_method());
test_wolfSSL_CTX_use_certificate_file();
AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), SSL_SUCCESS);
test_wolfSSL_CTX_use_PrivateKey_file();
test_wolfSSL_CTX_load_verify_locations();
test_wolfSSL_CTX_trust_peer_cert();
@@ -1851,6 +2142,8 @@ void ApiTest(void)
test_wolfSSL_SetTmpDH_buffer();
test_wolfSSL_read_write();
test_wolfSSL_dtls_export();
AssertIntEQ(test_wolfSSL_SetMinVersion(), SSL_SUCCESS);
AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), SSL_SUCCESS);
/* TLS extensions tests */
test_wolfSSL_UseSNI();
@@ -1858,10 +2151,16 @@ void ApiTest(void)
test_wolfSSL_UseTruncatedHMAC();
test_wolfSSL_UseSupportedCurve();
test_wolfSSL_UseALPN();
test_wolfSSL_DisableExtendedMasterSecret();
/* X509 tests */
test_wolfSSL_X509_NAME_get_entry();
test_wolfSSL_Cleanup();
/*OCSP Stapling. */
AssertIntEQ(test_wolfSSL_UseOCSPStapling(), SSL_SUCCESS);
AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), SSL_SUCCESS);
AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS);
printf(" End API Tests\n");
}
+43 -5
View File
@@ -48,6 +48,7 @@
static WOLFSSL_CTX* cipherSuiteCtx = NULL;
static char nonblockFlag[] = "-N";
static char noVerifyFlag[] = "-d";
static char disableEMSFlag[] = "-n";
static char flagSep[] = " ";
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
static char portFlag[] = "-p";
@@ -153,7 +154,8 @@ static int IsValidCipherSuite(const char* line, char* suite)
static int execute_test_case(int svr_argc, char** svr_argv,
int cli_argc, char** cli_argv,
int addNoVerify, int addNonBlocking)
int addNoVerify, int addNonBlocking,
int addDisableEMS)
{
#ifdef WOLFSSL_TIRTOS
func_args cliArgs = {0};
@@ -270,6 +272,18 @@ static int execute_test_case(int svr_argc, char** svr_argv,
cliArgs.argc = cli_argc;
}
}
if (addDisableEMS) {
printf("repeating test without extended master secret\n");
added += 4; /* -n plus terminator */
if (added >= MAX_COMMAND_SZ)
printf("client command line too long\n");
else {
cli_argv[cli_argc++] = disableEMSFlag;
strcat(commandLine, disableEMSFlag);
strcat(commandLine, flagSep);
cliArgs.argc = cli_argc;
}
}
printf("trying client command line[%d]: %s\n", tests++, commandLine);
InitTcpReady(&ready);
@@ -437,12 +451,26 @@ static void test_harness(void* vargs)
}
if (do_it) {
ret = execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs,0,0);
ret = execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 0);
/* don't repeat if not supported in build */
if (ret == 0) {
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 0, 1);
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 1, 0);
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 1, 1);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 1, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 0);
#ifdef HAVE_EXTENDED_MASTER
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 1);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 1, 1);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 1);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 1);
#endif
}
svrArgsSz = 1;
cliArgsSz = 1;
@@ -513,6 +541,16 @@ int SuiteTest(void)
exit(EXIT_FAILURE);
}
#endif
#ifdef WOLFSSL_SCTP
/* add dtls-sctp extra suites */
strcpy(argv0[1], "tests/test-sctp.conf");
printf("starting dtls-sctp extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifndef WC_STRICT_SIG
#if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */
/* add extra signature test suites */
+1111
View File
File diff suppressed because it is too large Load Diff
-9
View File
@@ -54,11 +54,6 @@ int unit_test(int argc, char** argv)
#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
wolfSSL_Debugging_ON();
#endif
#ifdef HAVE_CAVIUM
ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0)
err_sys("Cavium OpenNitroxDevice failed");
#endif /* HAVE_CAVIUM */
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
@@ -85,10 +80,6 @@ int unit_test(int argc, char** argv)
SrpTest();
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");
-10
View File
@@ -84,12 +84,6 @@ int testsuite_test(int argc, char** argv)
int num = 6;
#endif
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0)
err_sys("Cavium OpenNitroxDevice failed");
#endif /* HAVE_CAVIUM */
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0) {
err_sys("Whitewood netRandom global config failed");
@@ -204,10 +198,6 @@ int testsuite_test(int argc, char** argv)
fdCloseSession(Task_self());
#endif
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");
+342 -90
View File
@@ -32,6 +32,13 @@
/* Macro to disable benchmark */
#ifndef NO_CRYPT_BENCHMARK
#ifdef WOLFSSL_STATIC_MEMORY
#include <wolfssl/wolfcrypt/memory.h>
static WOLFSSL_HEAP_HINT* HEAP_HINT;
#else
#define HEAP_HINT NULL
#endif /* WOLFSSL_STATIC_MEMORY */
#include <string.h>
#ifdef FREESCALE_MQX
@@ -77,15 +84,18 @@
#endif
#include <wolfssl/wolfcrypt/dh.h>
#ifdef HAVE_CAVIUM
#include "cavium_sysdep.h"
#include "cavium_common.h"
#include "cavium_ioctl.h"
#endif
#ifdef HAVE_NTRU
#include "libntruencrypt/ntru_crypto.h"
#endif
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(HAVE_ECC)
static int devId = INVALID_DEVID;
#endif
#ifdef HAVE_WNR
const char* wnrConfigFile = "wnr-example.conf";
@@ -100,11 +110,39 @@
#define HAVE_GET_CYCLES
static INLINE word64 get_intel_cycles(void);
static word64 total_cycles;
#define INIT_CYCLE_COUNTER
#define BEGIN_INTEL_CYCLES total_cycles = get_intel_cycles();
#define END_INTEL_CYCLES total_cycles = get_intel_cycles() - total_cycles;
#define SHOW_INTEL_CYCLES printf(" Cycles per byte = %6.2f", \
(float)total_cycles / (numBlocks*sizeof(plain)));
#elif defined(LINUX_CYCLE_COUNT)
#include <linux/perf_event.h>
#include <sys/syscall.h>
#include <unistd.h>
#define HAVE_GET_CYCLES
static word64 begin_cycles;
static word64 total_cycles;
static int cycles = -1;
static struct perf_event_attr atr;
#define INIT_CYCLE_COUNTER do { \
atr.type = PERF_TYPE_HARDWARE; \
atr.config = PERF_COUNT_HW_CPU_CYCLES; \
cycles = syscall(__NR_perf_event_open, &atr, 0, -1, -1, 0); \
} while (0);
#define BEGIN_INTEL_CYCLES read(cycles, &begin_cycles, sizeof(begin_cycles));
#define END_INTEL_CYCLES do { \
read(cycles, &total_cycles, sizeof(total_cycles)); \
total_cycles = total_cycles - begin_cycles; \
} while (0);
#define SHOW_INTEL_CYCLES printf(" Cycles per byte = %6.2f", \
(float)total_cycles / (numBlocks*sizeof(plain)));
#else
#define INIT_CYCLE_COUNTER
#define BEGIN_INTEL_CYCLES
#define END_INTEL_CYCLES
#define SHOW_INTEL_CYCLES
@@ -161,6 +199,9 @@ void bench_ripemd(void);
void bench_cmac(void);
void bench_rsa(void);
#ifdef WOLFSSL_ASYNC_CRYPT
void bench_rsa_async(void);
#endif
void bench_rsaKeyGen(void);
void bench_dh(void);
#ifdef HAVE_ECC
@@ -189,29 +230,6 @@ void bench_rng(void);
double current_time(int);
#ifdef HAVE_CAVIUM
static int OpenNitroxDevice(int dma_mode,int dev_id)
{
Csp1CoreAssignment core_assign;
Uint32 device;
if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID))
return -1;
if (Csp1GetDevType(&device))
return -1;
if (device != NPX_DEVICE) {
if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
(Uint32 *)&core_assign)!= 0)
return -1;
}
CspShutdown(CAVIUM_DEV_ID);
return CspInitialize(dma_mode, dev_id);
}
#endif
#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
WOLFSSL_API int wolfSSL_Debugging_ON();
#endif
@@ -268,35 +286,49 @@ int benchmark_test(void *args)
(void)args;
#endif
#ifdef WOLFSSL_STATIC_MEMORY
#ifdef BENCH_EMBEDDED
byte memory[50000];
#else
byte memory[400000];
#endif
if (wc_LoadStaticMemory(&HEAP_HINT, memory, sizeof(memory),
WOLFMEM_GENERAL, 1) != 0) {
printf("unable to load static memory");
exit(EXIT_FAILURE);
}
#endif
#if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY)
InitMemoryTracker();
#endif
wolfCrypt_Init();
INIT_CYCLE_COUNTER
#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
wolfSSL_Debugging_ON();
#endif
#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
wolfSSL_Debugging_ON();
#endif
(void)plain;
(void)cipher;
(void)key;
(void)iv;
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0) {
printf("Cavium OpenNitroxDevice failed\n");
#ifdef WOLFSSL_ASYNC_CRYPT
if (wolfAsync_DevOpen(&devId) != 0) {
printf("Async device open failed\n");
exit(-1);
}
#endif /* HAVE_CAVIUM */
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef HAVE_WNR
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) {
printf("Whitewood netRandom config init failed\n");
exit(-1);
}
#endif /* HAVE_WNR */
#endif /* HAVE_WNR */
#if defined(HAVE_LOCAL_RNG)
{
@@ -384,16 +416,18 @@ int benchmark_test(void *args)
#ifndef NO_RSA
bench_rsa();
#ifdef WOLFSSL_ASYNC_CRYPT
bench_rsa_async();
#endif
#ifdef WOLFSSL_KEY_GEN
bench_rsaKeyGen();
#endif
#endif
#ifndef NO_DH
bench_dh();
#endif
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
bench_rsaKeyGen();
#endif
#ifdef HAVE_NTRU
bench_ntru();
bench_ntruKeyGen();
@@ -426,6 +460,10 @@ int benchmark_test(void *args)
wc_FreeRng(&rng);
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0) {
printf("Failed to free netRandom context\n");
@@ -452,9 +490,15 @@ static const char blockType[] = "kB"; /* used in printf output */
#else
enum BenchmarkBounds {
numBlocks = 50, /* how many megs to test (en/de)cryption */
#ifdef WOLFSSL_ASYNC_CRYPT
ntimes = 1000,
genTimes = 1000,
agreeTimes = 1000
#else
ntimes = 100,
genTimes = 100,
agreeTimes = 100
#endif
};
static const char blockType[] = "megs"; /* used in printf output */
#endif
@@ -526,9 +570,9 @@ void bench_aes(int show)
int i;
int ret;
#ifdef HAVE_CAVIUM
if (wc_AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) {
printf("aes init cavium failed\n");
#ifdef WOLFSSL_ASYNC_CRYPT
if ((ret = wc_AesAsyncInit(&enc, devId)) != 0) {
printf("wc_AesAsyncInit failed, ret = %d\n", ret);
return;
}
#endif
@@ -559,10 +603,10 @@ void bench_aes(int show)
SHOW_INTEL_CYCLES
printf("\n");
}
#ifdef HAVE_CAVIUM
wc_AesFreeCavium(&enc);
if (wc_AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) {
printf("aes init cavium failed\n");
#ifdef WOLFSSL_ASYNC_CRYPT
wc_AesAsyncFree(&enc);
if ((ret = wc_AesAsyncInit(&enc, devId)) != 0) {
printf("wc_AesAsyncInit failed, ret = %d\n", ret);
return;
}
#endif
@@ -593,8 +637,8 @@ void bench_aes(int show)
SHOW_INTEL_CYCLES
printf("\n");
}
#ifdef HAVE_CAVIUM
wc_AesFreeCavium(&enc);
#ifdef WOLFSSL_ASYNC_CRYPT
wc_AesAsyncFree(&enc);
#endif
}
#endif /* HAVE_AES_CBC */
@@ -805,9 +849,9 @@ void bench_des(void)
double start, total, persec;
int i, ret;
#ifdef HAVE_CAVIUM
if (wc_Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0)
printf("des3 init cavium failed\n");
#ifdef WOLFSSL_ASYNC_CRYPT
if (wc_Des3AsyncInit(&enc, devId) != 0)
printf("des3 async init failed\n");
#endif
ret = wc_Des3_SetKey(&enc, key, iv, DES_ENCRYPTION);
if (ret != 0) {
@@ -833,8 +877,8 @@ void bench_des(void)
blockType, total, persec);
SHOW_INTEL_CYCLES
printf("\n");
#ifdef HAVE_CAVIUM
wc_Des3_FreeCavium(&enc);
#ifdef WOLFSSL_ASYNC_CRYPT
wc_Des3AsyncFree(&enc);
#endif
}
#endif
@@ -882,9 +926,9 @@ void bench_arc4(void)
double start, total, persec;
int i;
#ifdef HAVE_CAVIUM
if (wc_Arc4InitCavium(&enc, CAVIUM_DEV_ID) != 0)
printf("arc4 init cavium failed\n");
#ifdef WOLFSSL_ASYNC_CRYPT
if (wc_Arc4AsyncInit(&enc, devId) != 0)
printf("arc4 async init failed\n");
#endif
wc_Arc4SetKey(&enc, key, 16);
@@ -906,8 +950,8 @@ void bench_arc4(void)
blockType, total, persec);
SHOW_INTEL_CYCLES
printf("\n");
#ifdef HAVE_CAVIUM
wc_Arc4FreeCavium(&enc);
#ifdef WOLFSSL_ASYNC_CRYPT
wc_Arc4AsyncFree(&enc);
#endif
}
#endif
@@ -1395,7 +1439,7 @@ void bench_rsa(void)
word32 idx = 0;
const byte* tmp;
byte message[] = "Everyone gets Friday off.";
const byte message[] = "Everyone gets Friday off.";
byte enc[256]; /* for up to 2048 bit */
const int len = (int)strlen((char*)message);
double start, total, each, milliEach;
@@ -1414,32 +1458,33 @@ void bench_rsa(void)
#error "need a cert buffer size"
#endif /* USE_CERT_BUFFERS */
#ifdef HAVE_CAVIUM
if (wc_RsaInitCavium(&rsaKey, CAVIUM_DEV_ID) != 0)
printf("RSA init cavium failed\n");
#endif
ret = wc_InitRsaKey(&rsaKey, 0);
if (ret < 0) {
printf("InitRsaKey failed\n");
if ((ret = wc_InitRsaKey(&rsaKey, HEAP_HINT)) < 0) {
printf("InitRsaKey failed! %d\n", ret);
return;
}
/* decode the private key */
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes);
start = current_time(1);
for (i = 0; i < ntimes; i++)
ret = wc_RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng);
for (i = 0; i < ntimes; i++) {
ret = wc_RsaPublicEncrypt(message, len, enc, sizeof(enc),
&rsaKey, &rng);
if (ret < 0) {
break;
}
} /* for ntimes */
total = current_time(0) - start;
each = total / ntimes; /* per second */
milliEach = each * 1000; /* milliseconds */
printf("RSA %d encryption took %6.3f milliseconds, avg over %d"
printf("RSA %d public %6.3f milliseconds, avg over %d"
" iterations\n", rsaKeySz, milliEach, ntimes);
if (ret < 0) {
printf("Rsa Public Encrypt failed\n");
printf("Rsa Public Encrypt failed! %d\n", ret);
return;
}
@@ -1448,24 +1493,231 @@ void bench_rsa(void)
#endif
start = current_time(1);
/* capture resulting encrypt length */
idx = ret;
for (i = 0; i < ntimes; i++) {
byte out[256]; /* for up to 2048 bit */
wc_RsaPrivateDecrypt(enc, (word32)ret, out, sizeof(out), &rsaKey);
}
byte out[256]; /* for up to 2048 bit */
ret = wc_RsaPrivateDecrypt(enc, idx, out, sizeof(out), &rsaKey);
if (ret < 0 && ret != WC_PENDING_E) {
break;
}
} /* for ntimes */
total = current_time(0) - start;
each = total / ntimes; /* per second */
milliEach = each * 1000; /* milliseconds */
printf("RSA %d decryption took %6.3f milliseconds, avg over %d"
printf("RSA %d private %6.3f milliseconds, avg over %d"
" iterations\n", rsaKeySz, milliEach, ntimes);
wc_FreeRsaKey(&rsaKey);
#ifdef HAVE_CAVIUM
wc_RsaFreeCavium(&rsaKey);
#endif
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
void bench_rsa_async(void)
{
int i;
int ret;
size_t bytes;
word32 idx = 0;
const byte* tmp;
const byte message[] = "Everyone gets Friday off.";
byte enc[256]; /* for up to 2048 bit */
const int len = (int)strlen((char*)message);
double start, total, each, milliEach;
RsaKey rsaKey[WOLF_ASYNC_MAX_PENDING];
int rsaKeySz = 2048; /* used in printf */
WOLF_EVENT events[WOLF_ASYNC_MAX_PENDING];
WOLF_EVENT_QUEUE eventQueue;
int evtNum, asyncDone, asyncPend;
#ifdef USE_CERT_BUFFERS_1024
tmp = rsa_key_der_1024;
bytes = sizeof_rsa_key_der_1024;
rsaKeySz = 1024;
#elif defined(USE_CERT_BUFFERS_2048)
tmp = rsa_key_der_2048;
bytes = sizeof_rsa_key_der_2048;
#else
#error "need a cert buffer size"
#endif /* USE_CERT_BUFFERS */
/* init event queue */
ret = wolfEventQueue_Init(&eventQueue);
if (ret != 0) {
return;
}
/* clear for done cleanup */
XMEMSET(&events, 0, sizeof(events));
XMEMSET(&rsaKey, 0, sizeof(rsaKey));
/* init events and keys */
for (i = 0; i < WOLF_ASYNC_MAX_PENDING; i++) {
/* setup an async context for each key */
if ((ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT, devId)) < 0) {
goto done;
}
#ifdef WC_RSA_BLINDING
wc_RsaSetRNG(&rsaKey[i], &rng);
#endif
if ((ret = wolfAsync_EventInit(&events[i],
WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, &rsaKey[i].asyncDev)) != 0) {
goto done;
}
events[i].pending = 0; /* Reset pending flag */
/* decode the private key */
idx = 0;
if ((ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsaKey[i],
(word32)bytes)) != 0) {
printf("wc_RsaPrivateKeyDecode failed! %d\n", ret);
goto done;
}
}
/* begin public async RSA */
start = current_time(1);
asyncPend = 0;
for (i = 0; i < ntimes; ) {
/* while free pending slots in queue, submit RSA operations */
for (evtNum = 0; evtNum < WOLF_ASYNC_MAX_PENDING; evtNum++) {
if (events[evtNum].done || (events[evtNum].pending == 0 &&
(i + asyncPend) < ntimes))
{
/* check for event error */
if (events[evtNum].ret != WC_PENDING_E && events[evtNum].ret < 0) {
printf("wc_RsaPublicEncrypt: Async event error: %d\n", events[evtNum].ret);
goto done;
}
ret = wc_RsaPublicEncrypt(message, len, enc, sizeof(enc),
&rsaKey[evtNum], &rng);
if (ret == WC_PENDING_E) {
ret = wc_RsaAsyncHandle(&rsaKey[evtNum], &eventQueue,
&events[evtNum]);
if (ret != 0) goto done;
asyncPend++;
}
else if (ret >= 0) {
/* operation completed */
i++;
asyncPend--;
events[evtNum].done = 0;
}
else {
printf("wc_RsaPublicEncrypt failed: %d\n", ret);
goto done;
}
}
} /* for evtNum */
/* poll until there are events done */
if (asyncPend > 0) {
do {
ret = wolfAsync_EventQueuePoll(&eventQueue, NULL, NULL, 0,
WOLF_POLL_FLAG_CHECK_HW, &asyncDone);
if (ret != 0) goto done;
} while (asyncDone == 0);
}
} /* for ntimes */
total = current_time(0) - start;
each = total / ntimes; /* per second */
milliEach = each * 1000; /* milliseconds */
printf("RSA %d public async %6.3f milliseconds, avg over %d"
" iterations\n", rsaKeySz, milliEach, ntimes);
if (ret < 0) {
goto done;
}
/* begin private async RSA */
start = current_time(1);
/* capture resulting encrypt length */
idx = sizeof(enc); /* fixed at 2048 bit */
asyncPend = 0;
for (i = 0; i < ntimes; ) {
byte out[256]; /* for up to 2048 bit */
/* while free pending slots in queue, submit RSA operations */
for (evtNum = 0; evtNum < WOLF_ASYNC_MAX_PENDING; evtNum++) {
if (events[evtNum].done || (events[evtNum].pending == 0 &&
(i + asyncPend) < ntimes))
{
/* check for event error */
if (events[evtNum].ret != WC_PENDING_E && events[evtNum].ret < 0) {
printf("wc_RsaPrivateDecrypt: Async event error: %d\n", events[evtNum].ret);
goto done;
}
ret = wc_RsaPrivateDecrypt(enc, idx, out, sizeof(out),
&rsaKey[evtNum]);
if (ret == WC_PENDING_E) {
ret = wc_RsaAsyncHandle(&rsaKey[evtNum], &eventQueue,
&events[evtNum]);
if (ret != 0) goto done;
asyncPend++;
}
else if (ret >= 0) {
/* operation completed */
i++;
asyncPend--;
events[evtNum].done = 0;
}
else {
printf("wc_RsaPrivateDecrypt failed: %d\n", ret);
goto done;
}
}
} /* for evtNum */
/* poll until there are events done */
if (asyncPend > 0) {
do {
ret = wolfAsync_EventQueuePoll(&eventQueue, NULL, NULL, 0,
WOLF_POLL_FLAG_CHECK_HW, &asyncDone);
if (ret != 0) goto done;
} while (asyncDone == 0);
}
} /* for ntimes */
total = current_time(0) - start;
each = total / ntimes; /* per second */
milliEach = each * 1000; /* milliseconds */
printf("RSA %d private async %6.3f milliseconds, avg over %d"
" iterations\n", rsaKeySz, milliEach, ntimes);
done:
if (ret < 0) {
printf("bench_rsa_async failed: %d\n", ret);
}
/* cleanup */
for (i = 0; i < WOLF_ASYNC_MAX_PENDING; i++) {
wc_FreeRsaKey(&rsaKey[i]);
}
/* free event queue */
wolfEventQueue_Free(&eventQueue);
}
#endif /* WOLFSSL_ASYNC_CRYPT */
#endif /* !NO_RSA */
#ifndef NO_DH
@@ -1572,7 +1824,7 @@ void bench_rsaKeyGen(void)
start = current_time(1);
for(i = 0; i < genTimes; i++) {
wc_InitRsaKey(&genKey, 0);
wc_InitRsaKey(&genKey, HEAP_HINT);
wc_MakeRsaKey(&genKey, 1024, 65537, &rng);
wc_FreeRsaKey(&genKey);
}
@@ -1588,7 +1840,7 @@ void bench_rsaKeyGen(void)
start = current_time(1);
for(i = 0; i < genTimes; i++) {
wc_InitRsaKey(&genKey, 0);
wc_InitRsaKey(&genKey, HEAP_HINT);
wc_MakeRsaKey(&genKey, 2048, 65537, &rng);
wc_FreeRsaKey(&genKey);
}
@@ -1845,7 +2097,7 @@ void bench_eccKeyGen(void)
start = current_time(1);
for(i = 0; i < genTimes; i++) {
wc_ecc_init(&genKey);
wc_ecc_init_ex(&genKey, HEAP_HINT, devId);
wc_ecc_make_key(&rng, 32, &genKey);
wc_ecc_free(&genKey);
}
@@ -1871,8 +2123,8 @@ void bench_eccKeyAgree(void)
byte digest[32];
word32 x = 0;
wc_ecc_init(&genKey);
wc_ecc_init(&genKey2);
wc_ecc_init_ex(&genKey, HEAP_HINT, devId);
wc_ecc_init_ex(&genKey2, HEAP_HINT, devId);
ret = wc_ecc_make_key(&rng, 32, &genKey);
if (ret != 0) {
@@ -1958,8 +2210,8 @@ void bench_eccEncrypt(void)
int ret, i;
double start, total, each, milliEach;
wc_ecc_init(&userA);
wc_ecc_init(&userB);
wc_ecc_init_ex(&userA, HEAP_HINT, devId);
wc_ecc_init_ex(&userB, HEAP_HINT, devId);
wc_ecc_make_key(&rng, 32, &userA);
wc_ecc_make_key(&rng, 32, &userB);
@@ -2249,7 +2501,7 @@ void bench_ed25519KeySign(void)
}
#elif defined(WOLFSSL_EMBOS)
#include "RTOS.h"
double current_time(int reset)
+655 -345
View File
File diff suppressed because it is too large Load Diff
+16 -70
View File
@@ -28,23 +28,19 @@
#ifndef NO_RC4
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/arc4.h>
#ifdef HAVE_CAVIUM
static void wc_Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length);
static void wc_Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in,
word32 length);
#endif
void wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
{
word32 i;
word32 keyIndex = 0, stateIndex = 0;
#ifdef HAVE_CAVIUM
if (arc4->magic == WOLFSSL_ARC4_CAVIUM_MAGIC)
return wc_Arc4CaviumSetKey(arc4, key, length);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) && !defined(HAVE_CAVIUM_V)
if (arc4->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ARC4) {
return NitroxArc4SetKey(arc4, key, length);
}
#endif
arc4->x = 1;
@@ -85,9 +81,10 @@ void wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
word32 x;
word32 y;
#ifdef HAVE_CAVIUM
if (arc4->magic == WOLFSSL_ARC4_CAVIUM_MAGIC)
return wc_Arc4CaviumProcess(arc4, out, in, length);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) && !defined(HAVE_CAVIUM_V)
if (arc4->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ARC4) {
return NitroxArc4Process(arc4, out, in, length);
}
#endif
x = arc4->x;
@@ -101,79 +98,28 @@ void wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
}
#ifdef HAVE_CAVIUM
#include <wolfssl/wolfcrypt/logging.h>
#include "cavium_common.h"
#ifdef WOLFSSL_ASYNC_CRYPT
/* Initialize Arc4 for use with Nitrox device */
int wc_Arc4InitCavium(Arc4* arc4, int devId)
int wc_Arc4AsyncInit(Arc4* arc4, int devId)
{
if (arc4 == NULL)
return -1;
return BAD_FUNC_ARG;
if (CspAllocContext(CONTEXT_SSL, &arc4->contextHandle, devId) != 0)
return -1;
arc4->devId = devId;
arc4->magic = WOLFSSL_ARC4_CAVIUM_MAGIC;
return 0;
return wolfAsync_DevCtxInit(&arc4->asyncDev, WOLFSSL_ASYNC_MARKER_ARC4, devId);
}
/* Free Arc4 from use with Nitrox device */
void wc_Arc4FreeCavium(Arc4* arc4)
void wc_Arc4AsyncFree(Arc4* arc4)
{
if (arc4 == NULL)
return;
if (arc4->magic != WOLFSSL_ARC4_CAVIUM_MAGIC)
return;
CspFreeContext(CONTEXT_SSL, arc4->contextHandle, arc4->devId);
arc4->magic = 0;
wolfAsync_DevCtxFree(&arc4->asyncDev);
}
static void wc_Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length)
{
word32 requestId;
if (CspInitializeRc4(CAVIUM_BLOCKING, arc4->contextHandle, length,
(byte*)key, &requestId, arc4->devId) != 0) {
WOLFSSL_MSG("Bad Cavium Arc4 Init");
}
}
static void wc_Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in,
word32 length)
{
wolfssl_word offset = 0;
word32 requestId;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE,
slen, (byte*)in + offset, out + offset, &requestId,
arc4->devId) != 0) {
WOLFSSL_MSG("Bad Cavium Arc4 Encrypt");
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
}
if (length) {
word16 slen = (word16)length;
if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE,
slen, (byte*)in + offset, out + offset, &requestId,
arc4->devId) != 0) {
WOLFSSL_MSG("Bad Cavium Arc4 Encrypt");
}
}
}
#endif /* HAVE_CAVIUM */
#endif /* WOLFSSL_ASYNC_CRYPT */
#endif /* NO_RC4 */
+112 -98
View File
@@ -646,7 +646,7 @@ static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version)
}
#endif /* !NO_ASN_TIME */
WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
word32 maxIdx)
{
word32 i = *inOutIdx;
@@ -676,6 +676,65 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
return 0;
}
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
static int GetIntRsa(RsaKey* key, mp_int* mpi, const byte* input,
word32* inOutIdx, word32 maxIdx)
{
word32 i = *inOutIdx;
byte b = input[i++];
int length;
(void)key;
if (b != ASN_INTEGER)
return ASN_PARSE_E;
if (GetLength(input, &i, &length, maxIdx) < 0)
return ASN_PARSE_E;
if (length > 0) {
/* remove leading zero */
if ( (b = input[i++]) == 0x00)
length--;
else
i--;
}
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
XMEMSET(mpi, 0, sizeof(mp_int));
mpi->used = length;
#ifdef USE_FAST_MATH
if (length > (FP_SIZE * (int)sizeof(fp_digit))) {
return MEMORY_E;
}
mpi->dpraw = (byte*)mpi->dp;
#else
mpi->dpraw = (byte*)XMALLOC(length, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
#endif
if (mpi->dpraw == NULL) {
return MEMORY_E;
}
XMEMCPY(mpi->dpraw, input + i, length);
}
else
#endif /* WOLFSSL_ASYNC_CRYPT && HAVE_CAVIUM */
{
if (mp_init(mpi) != MP_OKAY)
return MP_INIT_E;
if (mp_read_unsigned_bin(mpi, (byte*)input + i, length) != 0) {
mp_clear(mpi);
return ASN_GETINT_E;
}
}
*inOutIdx = i + length;
return 0;
}
#endif /* !NO_RSA && !HAVE_USER_RSA */
/* hashType */
static const byte hashMd2hOid[] = {42, 134, 72, 134, 247, 13, 2, 2};
@@ -1297,78 +1356,11 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
#ifndef NO_RSA
#ifdef HAVE_CAVIUM
static int GetCaviumInt(byte** buff, word16* buffSz, const byte* input,
word32* inOutIdx, word32 maxIdx, void* heap)
{
word32 i = *inOutIdx;
byte b = input[i++];
int length;
if (b != ASN_INTEGER)
return ASN_PARSE_E;
if (GetLength(input, &i, &length, maxIdx) < 0)
return ASN_PARSE_E;
if ( (b = input[i++]) == 0x00)
length--;
else
i--;
*buffSz = (word16)length;
*buff = XMALLOC(*buffSz, heap, DYNAMIC_TYPE_CAVIUM_RSA);
if (*buff == NULL)
return MEMORY_E;
XMEMCPY(*buff, input + i, *buffSz);
*inOutIdx = i + length;
return 0;
}
static int CaviumRsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
RsaKey* key, word32 inSz)
{
int version, length;
void* h = key->heap;
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
if (GetMyVersion(input, inOutIdx, &version) < 0)
return ASN_PARSE_E;
key->type = RSA_PRIVATE;
if (GetCaviumInt(&key->c_n, &key->c_nSz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_e, &key->c_eSz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_d, &key->c_dSz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_p, &key->c_pSz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_q, &key->c_qSz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_dP, &key->c_dP_Sz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_dQ, &key->c_dQ_Sz, input, inOutIdx, inSz, h) < 0 ||
GetCaviumInt(&key->c_u, &key->c_uSz, input, inOutIdx, inSz, h) < 0 )
return ASN_RSA_KEY_E;
return 0;
}
#endif /* HAVE_CAVIUM */
#ifndef HAVE_USER_RSA
int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
word32 inSz)
{
int version, length;
#ifdef HAVE_CAVIUM
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
return CaviumRsaPrivateKeyDecode(input, inOutIdx, key, inSz);
#endif
int version, length;
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
@@ -1378,14 +1370,14 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
key->type = RSA_PRIVATE;
if (GetInt(&key->n, input, inOutIdx, inSz) < 0 ||
GetInt(&key->e, input, inOutIdx, inSz) < 0 ||
GetInt(&key->d, input, inOutIdx, inSz) < 0 ||
GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
GetInt(&key->dP, input, inOutIdx, inSz) < 0 ||
GetInt(&key->dQ, input, inOutIdx, inSz) < 0 ||
GetInt(&key->u, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E;
if (GetIntRsa(key, &key->n, input, inOutIdx, inSz) < 0 ||
GetIntRsa(key, &key->e, input, inOutIdx, inSz) < 0 ||
GetIntRsa(key, &key->d, input, inOutIdx, inSz) < 0 ||
GetIntRsa(key, &key->p, input, inOutIdx, inSz) < 0 ||
GetIntRsa(key, &key->q, input, inOutIdx, inSz) < 0 ||
GetIntRsa(key, &key->dP, input, inOutIdx, inSz) < 0 ||
GetIntRsa(key, &key->dQ, input, inOutIdx, inSz) < 0 ||
GetIntRsa(key, &key->u, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E;
return 0;
}
@@ -3674,11 +3666,22 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
else {
XMEMCPY(plain, sig, sigSz);
if ((verifySz = wc_RsaSSL_VerifyInline(plain, sigSz, &out,
pubKey)) < 0) {
ret = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_RsaAsyncWait(ret, pubKey);
#endif
if (ret >= 0) {
ret = wc_RsaSSL_VerifyInline(plain, sigSz, &out,
pubKey);
}
} while (ret == WC_PENDING_E);
if (ret < 0) {
WOLFSSL_MSG("Rsa SSL verify error");
}
else {
verifySz = ret;
/* make sure we're right justified */
encodedSigSz =
wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
@@ -5071,7 +5074,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
}
#endif
if (verify && type != CA_TYPE && type != TRUSTED_PEER_TYPE) {
if (verify != NO_VERIFY && type != CA_TYPE && type != TRUSTED_PEER_TYPE) {
Signer* ca = NULL;
#ifndef NO_SKID
if (cert->extAuthKeyIdSet)
@@ -5096,23 +5099,26 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
if (ret != 0)
return ret;
#endif /* HAVE_OCSP */
/* try to confirm/verify signature */
if (!ConfirmSignature(cert->source + cert->certBegin,
cert->sigIndex - cert->certBegin,
ca->publicKey, ca->pubKeySize, ca->keyOID,
cert->signature, cert->sigLength, cert->signatureOID,
cert->heap)) {
WOLFSSL_MSG("Confirm signature failed");
return ASN_SIG_CONFIRM_E;
if (verify == VERIFY) {
/* try to confirm/verify signature */
if (!ConfirmSignature(cert->source + cert->certBegin,
cert->sigIndex - cert->certBegin,
ca->publicKey, ca->pubKeySize, ca->keyOID,
cert->signature, cert->sigLength, cert->signatureOID,
cert->heap)) {
WOLFSSL_MSG("Confirm signature failed");
return ASN_SIG_CONFIRM_E;
}
#ifndef IGNORE_NAME_CONSTRAINTS
/* check that this cert's name is permitted by the signer's
* name constraints */
if (!ConfirmNameConstraints(ca, cert)) {
WOLFSSL_MSG("Confirm name constraint failed");
return ASN_NAME_INVALID_E;
}
#endif /* IGNORE_NAME_CONSTRAINTS */
}
#ifndef IGNORE_NAME_CONSTRAINTS
/* check that this cert's name is permitted by the signer's
* name constraints */
if (!ConfirmNameConstraints(ca, cert)) {
WOLFSSL_MSG("Confirm name constraint failed");
return ASN_NAME_INVALID_E;
}
#endif /* IGNORE_NAME_CONSTRAINTS */
}
else {
/* no signer */
@@ -5569,7 +5575,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
n[0] = ASN_INTEGER;
nSz = SetLength(rawLen, n + 1) + 1; /* int tag */
if ( (nSz + rawLen) < MAX_RSA_INT_SZ) {
if ( (nSz + rawLen) <= MAX_RSA_INT_SZ) {
if (leadingBit)
n[nSz] = 0;
#ifdef HAVE_USER_RSA
@@ -7359,7 +7365,15 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
if (rsaKey) {
/* signature */
encSigSz = wc_EncodeSignature(encSig, digest, digestSz, typeH);
ret = wc_RsaSSL_Sign(encSig, encSigSz, sig, sigSz, rsaKey, rng);
ret = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_RsaAsyncWait(ret, rsaKey);
#endif
if (ret >= 0) {
ret = wc_RsaSSL_Sign(encSig, encSigSz, sig, sigSz, rsaKey, rng);
}
} while (ret == WC_PENDING_E);
}
#endif
+27 -134
View File
@@ -31,13 +31,6 @@
#include <wolfssl/wolfcrypt/des3.h>
#ifdef HAVE_FIPS
#ifdef HAVE_CAVIUM
static int wc_Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv);
static int wc_Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
word32 length);
static int wc_Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
word32 length);
#endif
int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
{
@@ -98,23 +91,24 @@ int wc_Des3_SetIV(Des3* des, const byte* iv)
}
#ifdef HAVE_CAVIUM
#ifdef WOLFSSL_ASYNC_CRYPT
/* Initialize Des3 for use with Nitrox device */
int wc_Des3_InitCavium(Des3* des3, int devId)
int wc_Des3AsyncInit(Des3* des3, int devId)
{
return Des3_InitCavium(des3, devId);
return Des3AsyncInit(des3, devId);
}
/* Free Des3 from use with Nitrox device */
void wc_Des3_FreeCavium(Des3* des3)
void wc_Des3AsyncFree(Des3* des3)
{
Des3_FreeCavium(des3);
Des3AsyncFree(des3);
}
#endif /* HAVE_CAVIUM */
#endif /* WOLFSSL_ASYNC_CRYPT */
#else /* build without fips */
#if defined(WOLFSSL_TI_CRYPT)
@@ -132,17 +126,6 @@ void wc_Des3_FreeCavium(Des3* des3)
#endif
#ifdef HAVE_CAVIUM
static int wc_Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv);
static int wc_Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
word32 length);
static int wc_Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
word32 length);
#endif
#ifdef STM32F2_CRYPTO
/*
* STM32F2 hardware DES/3DES support through the STM32F2 standard
@@ -150,7 +133,7 @@ void wc_Des3_FreeCavium(Des3* des3)
* Peripheral Library document (See note in README).
*/
#include "stm32f2xx.h"
#include "stm32f2xx_cryp.h"
#include "stm32f2xx_cryp.h"
int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
{
@@ -1292,9 +1275,10 @@ int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
{
int ret;
#ifdef HAVE_CAVIUM
if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC)
return wc_Des3_CaviumSetKey(des, key, iv);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (des->asyncDev.marker == WOLFSSL_ASYNC_MARKER_3DES) {
return NitroxDes3SetKey(des, key, iv);
}
#endif
ret = DesSetKey(key + (dir == DES_ENCRYPTION ? 0:16), dir, des->key[0]);
@@ -1433,9 +1417,10 @@ int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
word32 blocks;
#ifdef HAVE_CAVIUM
if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC)
return wc_Des3_CaviumCbcEncrypt(des, out, in, sz);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (des->asyncDev.marker == WOLFSSL_ASYNC_MARKER_3DES) {
return NitroxDes3CbcEncrypt(des, out, in, sz);
}
#endif
blocks = sz / DES_BLOCK_SIZE;
@@ -1455,9 +1440,10 @@ int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
word32 blocks;
#ifdef HAVE_CAVIUM
if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC)
return wc_Des3_CaviumCbcDecrypt(des, out, in, sz);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (des->asyncDev.marker == WOLFSSL_ASYNC_MARKER_3DES) {
return NitroxDes3CbcDecrypt(des, out, in, sz);
}
#endif
blocks = sz / DES_BLOCK_SIZE;
@@ -1513,122 +1499,29 @@ int wc_Des3_SetIV(Des3* des, const byte* iv)
}
#ifdef HAVE_CAVIUM
#include "cavium_common.h"
#ifdef WOLFSSL_ASYNC_CRYPT
/* Initialize Des3 for use with Nitrox device */
int wc_Des3_InitCavium(Des3* des3, int devId)
int wc_Des3AsyncInit(Des3* des3, int devId)
{
if (des3 == NULL)
return -1;
return BAD_FUNC_ARG;
if (CspAllocContext(CONTEXT_SSL, &des3->contextHandle, devId) != 0)
return -1;
des3->devId = devId;
des3->magic = WOLFSSL_3DES_CAVIUM_MAGIC;
return 0;
return wolfAsync_DevCtxInit(&des3->asyncDev, WOLFSSL_ASYNC_MARKER_3DES, devId);
}
/* Free Des3 from use with Nitrox device */
void wc_Des3_FreeCavium(Des3* des3)
void wc_Des3AsyncFree(Des3* des3)
{
if (des3 == NULL)
return;
if (des3->magic != WOLFSSL_3DES_CAVIUM_MAGIC)
return;
CspFreeContext(CONTEXT_SSL, des3->contextHandle, des3->devId);
des3->magic = 0;
wolfAsync_DevCtxFree(&des3->asyncDev);
}
#endif /* WOLFSSL_ASYNC_CRYPT */
static int wc_Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv)
{
if (des3 == NULL)
return -1;
/* key[0] holds key, iv in reg */
XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3);
return wc_Des3_SetIV(des3, iv);
}
static int wc_Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
word32 length)
{
wolfssl_word offset = 0;
word32 requestId;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
&requestId, des3->devId) != 0) {
WOLFSSL_MSG("Bad Cavium 3DES Cbc Encrypt");
return -1;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
XMEMCPY(des3->reg, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
}
if (length) {
word16 slen = (word16)length;
if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
&requestId, des3->devId) != 0) {
WOLFSSL_MSG("Bad Cavium 3DES Cbc Encrypt");
return -1;
}
XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
}
return 0;
}
static int wc_Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
word32 length)
{
word32 requestId;
wolfssl_word offset = 0;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset,
(byte*)des3->reg, (byte*)des3->key[0], &requestId,
des3->devId) != 0) {
WOLFSSL_MSG("Bad Cavium 3Des Decrypt");
return -1;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
}
if (length) {
word16 slen = (word16)length;
XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE,DES_BLOCK_SIZE);
if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset,
(byte*)des3->reg, (byte*)des3->key[0], &requestId,
des3->devId) != 0) {
WOLFSSL_MSG("Bad Cavium 3Des Decrypt");
return -1;
}
XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
}
return 0;
}
#endif /* HAVE_CAVIUM */
#endif /* WOLFSSL_TI_CRYPT */
#endif /* HAVE_FIPS */
#endif /* NO_DES3 */
+245 -40
View File
@@ -436,7 +436,7 @@ const ecc_set_type ecc_sets[] = {
"9487239995A5EE76B55F9C2F098", /* Gx */
"A89CE5AF8724C0A23E0E0FF77500", /* Gy */
ecc_oid_secp112r1, /* oid/oidSz */
sizeof(ecc_oid_secp112r1) / sizeof(ecc_oid_t),
sizeof(ecc_oid_secp112r1) / sizeof(ecc_oid_t),
ECC_SECP112R1_OID, /* oid sum */
1, /* cofactor */
},
@@ -805,7 +805,7 @@ const ecc_set_type ecc_sets[] = {
"8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
"547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
ecc_oid_brainpoolp256r1, /* oid/oidSz */
sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t),
sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t),
ECC_BRAINPOOLP256R1_OID, /* oid sum */
1, /* cofactor */
},
@@ -936,7 +936,7 @@ static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen);
static int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id)
{
if (keysize <=0 && curve_id <= 0) {
if (keysize <= 0 && curve_id <= 0) {
return BAD_FUNC_ARG;
}
@@ -1037,12 +1037,12 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
return ecc_projective_dbl_point(P, R, a, modulus, mp);
}
}
if (err != MP_OKAY) {
goto done;
}
/* If use ALT_ECC_SIZE we need to use local stack variable since
/* If use ALT_ECC_SIZE we need to use local stack variable since
ecc_point x,y,z is reduced size */
#ifdef ALT_ECC_SIZE
/* Use local stack variable */
@@ -1312,7 +1312,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
return err;
}
/* If use ALT_ECC_SIZE we need to use local stack variable since
/* If use ALT_ECC_SIZE we need to use local stack variable since
ecc_point x,y,z is reduced size */
#ifdef ALT_ECC_SIZE
/* Use local stack variable */
@@ -1571,7 +1571,7 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
if ((err = mp_init_multi(x, y, z, NULL, NULL, NULL)) != MP_OKAY) {
goto done;
}
if (err == MP_OKAY)
err = mp_copy(P->x, x);
if (err == MP_OKAY)
@@ -1871,11 +1871,34 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
{
return wc_ecc_mulmod_ex(k, G, R, a, modulus, map, NULL);
}
#endif /* ! FP_ECC */
#endif /* !FP_ECC */
#undef WINSIZE
#else /* ECC_TIMING_RESISTANT */
#ifndef WC_NO_CACHE_RESISTANT
#if defined(TFM_TIMING_RESISTANT) && defined(USE_FAST_MATH)
/* let's use the one we already have */
extern const wolfssl_word wc_off_on_addr[2];
#else
static const wolfssl_word wc_off_on_addr[2] =
{
#if defined(WC_64BIT_CPU)
W64LIT(0x0000000000000000),
W64LIT(0xffffffffffffffff)
#elif defined(WC_16BIT_CPU)
0x0000U,
0xffffU
#else
/* 32 bit */
0x00000000U,
0xffffffffU
#endif
};
#endif /* TFM_TIMING_RESISTANT && USE_FAST_MATH */
#endif /* WC_NO_CACHE_RESISTANT */
/**
Perform a point multiplication (timing resistant)
k The scalar to multiply by
@@ -1979,7 +2002,7 @@ int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
break;
}
buf = get_digit(k, digidx);
bitcnt = (int) DIGIT_BIT;
bitcnt = (int)DIGIT_BIT;
--digidx;
}
@@ -2013,10 +2036,49 @@ int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
if (err == MP_OKAY)
err = ecc_projective_add_point(M[0], M[1], M[i^1], a, modulus,
mp);
#ifdef WC_NO_CACHE_RESISTANT
if (err == MP_OKAY)
err = ecc_projective_dbl_point(M[i], M[i], a, modulus, mp);
#else
/* instead of using M[i] for double, which leaks key bit to cache
* monitor, use M[2] as temp, make sure address calc is constant,
* keep &M[0] and &M[1] in cache */
if (err == MP_OKAY)
err = mp_copy((mp_int*)
( ((wolfssl_word)&M[0]->x & wc_off_on_addr[i^1]) +
((wolfssl_word)&M[1]->x & wc_off_on_addr[i])),
M[2]->x);
if (err == MP_OKAY)
err = mp_copy((mp_int*)
( ((wolfssl_word)&M[0]->y & wc_off_on_addr[i^1]) +
((wolfssl_word)&M[1]->y & wc_off_on_addr[i])),
M[2]->y);
if (err == MP_OKAY)
err = mp_copy((mp_int*)
( ((wolfssl_word)&M[0]->z & wc_off_on_addr[i^1]) +
((wolfssl_word)&M[1]->z & wc_off_on_addr[i])),
M[2]->z);
if (err == MP_OKAY)
err = ecc_projective_dbl_point(M[2], M[2], a, modulus, mp);
/* copy M[2] back to M[i] */
if (err == MP_OKAY)
err = mp_copy(M[2]->x,
(mp_int*)
( ((wolfssl_word)&M[0]->x & wc_off_on_addr[i^1]) +
((wolfssl_word)&M[1]->x & wc_off_on_addr[i])) );
if (err == MP_OKAY)
err = mp_copy(M[2]->y,
(mp_int*)
( ((wolfssl_word)&M[0]->y & wc_off_on_addr[i^1]) +
((wolfssl_word)&M[1]->y & wc_off_on_addr[i])) );
if (err == MP_OKAY)
err = mp_copy(M[2]->z,
(mp_int*)
( ((wolfssl_word)&M[0]->z & wc_off_on_addr[i^1]) +
((wolfssl_word)&M[1]->z & wc_off_on_addr[i])) );
if (err != MP_OKAY)
break;
#endif /* WC_NO_CACHE_RESISTANT */
} /* end for */
}
@@ -2223,8 +2285,9 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
int err;
if (private_key == NULL || public_key == NULL || out == NULL ||
outlen == NULL)
outlen == NULL) {
return BAD_FUNC_ARG;
}
/* type valid? */
if (private_key->type != ECC_PRIVATEKEY) {
@@ -2242,6 +2305,24 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
return ECC_BAD_ARG_E;
}
#ifdef WOLFSSL_ASYNC_CRYPT
if (private_key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
#ifdef HAVE_CAVIUM
/* TODO: Not implemented */
#else
AsyncCryptTestDev* testDev = &private_key->asyncDev.dev;
if (testDev->type == ASYNC_TEST_NONE) {
testDev->type = ASYNC_TEST_ECC_SHARED_SEC;
testDev->eccSharedSec.private_key = private_key;
testDev->eccSharedSec.public_key = public_key;
testDev->eccSharedSec.out = out;
testDev->eccSharedSec.outLen = outlen;
return WC_PENDING_E;
}
#endif
}
#endif
/* make new point */
result = wc_ecc_new_point_h(private_key->heap);
if (result == NULL) {
@@ -2302,8 +2383,10 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
mp_int a;
int err;
if (private_key == NULL || point == NULL || out == NULL || outlen == NULL)
if (private_key == NULL || point == NULL || out == NULL ||
outlen == NULL) {
return BAD_FUNC_ARG;
}
/* type valid? */
if (private_key->type != ECC_PRIVATEKEY) {
@@ -2391,6 +2474,24 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
return err;
}
#ifdef WOLFSSL_ASYNC_CRYPT
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
#ifdef HAVE_CAVIUM
/* TODO: Not implemented */
#else
AsyncCryptTestDev* testDev = &key->asyncDev.dev;
if (testDev->type == ASYNC_TEST_NONE) {
testDev->type = ASYNC_TEST_ECC_MAKE;
testDev->eccMake.rng = rng;
testDev->eccMake.key = key;
testDev->eccMake.size = keysize;
testDev->eccMake.curve_id = curve_id;
return WC_PENDING_E;
}
#endif
}
#endif
#ifdef WOLFSSL_SMALL_STACK
buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (buf == NULL)
@@ -2567,13 +2668,18 @@ int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key)
return wc_ecc_make_key_ex(rng, keysize, key, ECC_CURVE_DEF);
}
/* Setup dynamic pointers is using normal math for proper freeing */
int wc_ecc_init(ecc_key* key)
/* Setup dynamic pointers if using normal math for proper freeing */
int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
{
int ret = 0;
if (key == NULL) {
return BAD_FUNC_ARG;
}
(void)devId;
#ifdef ECC_DUMP_OID
wc_ecc_dump_oids();
#endif
@@ -2590,8 +2696,9 @@ int wc_ecc_init(ecc_key* key)
#endif
#ifdef ALT_ECC_SIZE
if (mp_init(&key->k) != MP_OKAY)
if (mp_init(&key->k) != MP_OKAY) {
return MEMORY_E;
}
key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
@@ -2604,26 +2711,26 @@ int wc_ecc_init(ecc_key* key)
#ifdef WOLFSSL_HEAP_TEST
key->heap = (void*)WOLFSSL_HEAP_TEST;
#else
key->heap = NULL;
key->heap = heap;
#endif
return MP_OKAY;
}
int wc_ecc_init_h(ecc_key* key, void* heap)
{
int ret;
if ((ret = wc_ecc_init(key)) != MP_OKAY) {
return ret;
#ifdef WOLFSSL_ASYNC_CRYPT
if (devId != INVALID_DEVID) {
/* handle as async */
ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC,
devId);
}
#endif
key->heap = heap;
return MP_OKAY;
return ret;
}
int wc_ecc_init(ecc_key* key)
{
return wc_ecc_init_ex(key, NULL, INVALID_DEVID);
}
#ifdef HAVE_ECC_SIGN
#ifndef NO_ASN
@@ -2644,16 +2751,40 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
int err;
if (in == NULL || out == NULL || outlen == NULL ||
key == NULL || rng == NULL)
key == NULL || rng == NULL) {
return ECC_BAD_ARG_E;
}
#ifdef WOLFSSL_ASYNC_CRYPT
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
#ifdef HAVE_CAVIUM
/* TODO: Not implemented */
#else
AsyncCryptTestDev* testDev = &key->asyncDev.dev;
if (testDev->type == ASYNC_TEST_NONE) {
testDev->type = ASYNC_TEST_ECC_SIGN;
testDev->eccSign.in = in;
testDev->eccSign.inSz = inlen;
testDev->eccSign.out = out;
testDev->eccSign.outSz = outlen;
testDev->eccSign.rng = rng;
testDev->eccSign.key = key;
return WC_PENDING_E;
}
#endif
}
#endif
if ((err = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL)) != MP_OKAY) {
return err;
}
err = wc_ecc_sign_hash_ex(in, inlen, rng, key, &r, &s);
if (err == MP_OKAY)
if (err == MP_OKAY) {
/* encoded with DSA header */
err = StoreECC_DSA_Sig(out, outlen, &r, &s);
}
#ifndef USE_FAST_MATH
mp_clear(&r);
@@ -2780,8 +2911,15 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
*/
void wc_ecc_free(ecc_key* key)
{
if (key == NULL)
if (key == NULL) {
return;
}
#ifdef WOLFSSL_ASYNC_CRYPT
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
wolfAsync_DevCtxFree(&key->asyncDev);
}
#endif
mp_clear(key->pubkey.x);
mp_clear(key->pubkey.y);
@@ -3048,12 +3186,33 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
mp_int s;
int err;
if (sig == NULL || hash == NULL || stat == NULL || key == NULL)
if (sig == NULL || hash == NULL || stat == NULL || key == NULL) {
return ECC_BAD_ARG_E;
}
/* default to invalid signature */
*stat = 0;
#ifdef WOLFSSL_ASYNC_CRYPT
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
#ifdef HAVE_CAVIUM
/* TODO: Not implemented */
#else
AsyncCryptTestDev* testDev = &key->asyncDev.dev;
if (testDev->type == ASYNC_TEST_NONE) {
testDev->type = ASYNC_TEST_ECC_VERIFY;
testDev->eccVerify.in = sig;
testDev->eccVerify.inSz = siglen;
testDev->eccVerify.out = hash;
testDev->eccVerify.outSz = hashlen;
testDev->eccVerify.stat = stat;
testDev->eccVerify.key = key;
return WC_PENDING_E;
}
#endif
}
#endif
/* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
* If either of those don't allocate correctly, none of
* the rest of this function will execute, and everything
@@ -3689,7 +3848,7 @@ static int ecc_check_pubkey_order(ecc_key* key, mp_int* a, mp_int* prime,
if (inf == NULL)
err = MEMORY_E;
else {
err = wc_ecc_mulmod_ex(order, &key->pubkey, inf, a, prime, 1,
err = wc_ecc_mulmod_ex(order, &key->pubkey, inf, a, prime, 1,
key->heap);
if (err == MP_OKAY && !wc_ecc_point_is_at_infinity(inf))
err = ECC_INF_E;
@@ -5680,7 +5839,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
ctx->cliSt = ecCLI_SALT_SET;
else {
ctx->cliSt = ecCLI_BAD_STATE;
return BAD_ENC_STATE_E;
return BAD_STATE_E;
}
}
else {
@@ -5689,7 +5848,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
ctx->srvSt = ecSRV_SALT_SET;
else {
ctx->srvSt = ecSRV_BAD_STATE;
return BAD_ENC_STATE_E;
return BAD_STATE_E;
}
}
@@ -5871,13 +6030,13 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
keysLen *= 2;
if (ctx->srvSt != ecSRV_RECV_REQ)
return BAD_ENC_STATE_E;
return BAD_STATE_E;
ctx->srvSt = ecSRV_BAD_STATE; /* we're done no more ops allowed */
}
else if (ctx->protocol == REQ_RESP_CLIENT) {
if (ctx->cliSt != ecCLI_SALT_SET)
return BAD_ENC_STATE_E;
return BAD_STATE_E;
ctx->cliSt = ecCLI_SENT_REQ; /* only do this once */
}
@@ -6023,13 +6182,13 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
keysLen *= 2;
if (ctx->cliSt != ecCLI_SENT_REQ)
return BAD_ENC_STATE_E;
return BAD_STATE_E;
ctx->cliSt = ecSRV_BAD_STATE; /* we're done no more ops allowed */
}
else if (ctx->protocol == REQ_RESP_SERVER) {
if (ctx->srvSt != ecSRV_SALT_SET)
return BAD_ENC_STATE_E;
return BAD_STATE_E;
ctx->srvSt = ecSRV_RECV_REQ; /* only do this once */
}
@@ -6518,7 +6677,7 @@ int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp)
return BAD_FUNC_ARG;
}
key->idx = WOLFSSL_CUSTOM_CURVES;
key->idx = ECC_CUSTOM_IDX;
key->dp = dp;
return 0;
@@ -6526,4 +6685,50 @@ int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp)
#endif /* WOLFSSL_CUSTOM_CURVES */
#ifdef WOLFSSL_ASYNC_CRYPT
int wc_ecc_async_handle(ecc_key* key, WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event)
{
int ret;
if (key == NULL || queue == NULL || event == NULL) {
return BAD_FUNC_ARG;
}
/* make sure this ECC context had "wc_EccAsyncInit" called on it */
if (key->asyncDev.marker != WOLFSSL_ASYNC_MARKER_ECC) {
return ASYNC_INIT_E;
}
/* setup the event and push to queue */
ret = wolfAsync_EventInit(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL, &key->asyncDev);
if (ret == 0) {
ret = wolfEventQueue_Push(queue, event);
}
/* check for error (helps with debugging) */
if (ret != 0) {
WOLFSSL_MSG("wc_EccAsyncHandle failed");
}
return ret;
}
int wc_ecc_async_wait(int ret, ecc_key* key)
{
if (ret == WC_PENDING_E) {
WOLF_EVENT event;
XMEMSET(&event, 0, sizeof(event));
ret = wolfAsync_EventInit(&event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL, &key->asyncDev);
if (ret == 0) {
ret = wolfAsync_EventWait(&event);
if (ret == 0 && event.ret >= 0) {
ret = event.ret;
}
}
}
return ret;
}
#endif /* WOLFSSL_ASYNC_CRYPT */
#endif /* HAVE_ECC */
+13 -7
View File
@@ -62,6 +62,15 @@ const char* wc_GetErrorString(int error)
case BAD_MUTEX_E :
return "Bad mutex, operation failed";
case WC_TIMEOUT_E:
return "Timeout error";
case WC_PENDING_E:
return "wolfCrypt Operation Pending (would block / eagain) error";
case WC_NOT_PENDING_E:
return "wolfCrypt operation not pending error";
case MP_INIT_E :
return "mp_init error state";
@@ -227,8 +236,8 @@ const char* wc_GetErrorString(int error)
case AES_CCM_AUTH_E:
return "AES-CCM Authentication check fail";
case CAVIUM_INIT_E:
return "Cavium Init type error";
case ASYNC_INIT_E:
return "Async Init error";
case COMPRESS_INIT_E:
return "Compress Init error";
@@ -257,8 +266,8 @@ const char* wc_GetErrorString(int error)
case ASN_OCSP_CONFIRM_E :
return "ASN OCSP sig error, confirm failure";
case BAD_ENC_STATE_E:
return "Bad ecc encrypt state operation";
case BAD_STATE_E:
return "Bad state operation";
case BAD_PADDING_E:
return "Bad padding, message wrong length";
@@ -377,9 +386,6 @@ const char* wc_GetErrorString(int error)
case HASH_TYPE_E:
return "Hash type not enabled/available";
case WC_PENDING_E:
return "wolfCrypt Operation Pending (would block / eagain) error";
case WC_KEY_SIZE_E:
return "Key size error, either too small or large";
+55 -13
View File
@@ -34,42 +34,54 @@
#include <wolfssl/wolfcrypt/hash.h>
#ifndef NO_ASN
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
#ifdef NO_ASN
enum Hash_Sum {
MD2h = 646,
MD5h = 649,
SHAh = 88,
SHA256h = 414,
SHA384h = 415,
SHA512h = 416
};
#endif
int wc_HashGetOID(enum wc_HashType hash_type)
{
int oid = HASH_TYPE_E; /* Default to hash type error */
switch(hash_type)
{
case WC_HASH_TYPE_MD2:
#ifdef WOLFSSL_MD2
#ifdef WOLFSSL_MD2
oid = MD2h;
#endif
#endif
break;
case WC_HASH_TYPE_MD5_SHA:
case WC_HASH_TYPE_MD5:
#ifndef NO_MD5
#ifndef NO_MD5
oid = MD5h;
#endif
#endif
break;
case WC_HASH_TYPE_SHA:
#ifndef NO_SHA
#ifndef NO_SHA
oid = SHAh;
#endif
#endif
break;
case WC_HASH_TYPE_SHA256:
#ifndef NO_SHA256
#ifndef NO_SHA256
oid = SHA256h;
#endif
#endif
break;
case WC_HASH_TYPE_SHA384:
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_SHA384)
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_SHA384)
oid = SHA384h;
#endif
#endif
break;
case WC_HASH_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA512
oid = SHA512h;
#endif
#endif
break;
/* Not Supported */
@@ -312,6 +324,21 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
#endif /* !defined(WOLFSSL_TI_HASH) */
#if defined(WOLFSSL_SHA512)
int wc_Sha512GetHash(Sha512* sha512, byte* hash)
{
int ret;
Sha512 save;
if (sha512 == NULL || hash == NULL)
return BAD_FUNC_ARG;
save= *sha512;
ret = wc_Sha512Final(sha512, hash);
*sha512 = save;
return ret;
}
int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
@@ -345,6 +372,21 @@ int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
}
#if defined(WOLFSSL_SHA384)
int wc_Sha384GetHash(Sha384* sha384, byte* hash)
{
int ret;
Sha384 save;
if (sha384 == NULL || hash == NULL)
return BAD_FUNC_ARG;
save= *sha384;
ret = wc_Sha384Final(sha384, hash);
*sha384 = save;
return ret;
}
int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
+83 -159
View File
@@ -50,16 +50,16 @@ int wc_HmacFinal(Hmac* hmac, byte* out)
}
#ifdef HAVE_CAVIUM
int wc_HmacInitCavium(Hmac* hmac, int i)
#ifdef WOLFSSL_ASYNC_CRYPT
int wc_HmacAsyncInit(Hmac* hmac, int i)
{
return HmacInitCavium(hmac, i);
return HmacAsyncInit(hmac, i);
}
void wc_HmacFreeCavium(Hmac* hmac)
void wc_HmacAsyncFree(Hmac* hmac)
{
HmacFreeCavium(hmac);
HmacAsyncFree(hmac);
}
#endif
@@ -105,12 +105,48 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef HAVE_CAVIUM
static int HmacCaviumFinal(Hmac* hmac, byte* hash);
static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length);
static int HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
word32 length);
#endif
int wc_HmacSizeByType(int type)
{
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
|| type == SHA512 || type == BLAKE2B_ID)) {
return BAD_FUNC_ARG;
}
switch (type) {
#ifndef NO_MD5
case MD5:
return MD5_DIGEST_SIZE;
#endif
#ifndef NO_SHA
case SHA:
return SHA_DIGEST_SIZE;
#endif
#ifndef NO_SHA256
case SHA256:
return SHA256_DIGEST_SIZE;
#endif
#ifdef WOLFSSL_SHA384
case SHA384:
return SHA384_DIGEST_SIZE;
#endif
#ifdef WOLFSSL_SHA512
case SHA512:
return SHA512_DIGEST_SIZE;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
return BLAKE2B_OUTBYTES;
#endif
default:
return BAD_FUNC_ARG;
}
}
static int InitHmac(Hmac* hmac, int type)
{
@@ -175,9 +211,10 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
word32 i, hmac_block_size = 0;
int ret;
#ifdef HAVE_CAVIUM
if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumSetKey(hmac, type, key, length);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
return NitroxHmacSetKey(hmac, type, key, length);
}
#endif
ret = InitHmac(hmac, type);
@@ -391,9 +428,10 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
{
int ret;
#ifdef HAVE_CAVIUM
if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumUpdate(hmac, msg, length);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
return NitroxHmacUpdate(hmac, msg, length);
}
#endif
if (!hmac->innerHashKeyed) {
@@ -459,9 +497,10 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
{
int ret;
#ifdef HAVE_CAVIUM
if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
return HmacCaviumFinal(hmac, hash);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
return NitroxHmacFinal(hmac, hash);
}
#endif
if (!hmac->innerHashKeyed) {
@@ -606,129 +645,57 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
}
#ifdef HAVE_CAVIUM
#ifdef WOLFSSL_ASYNC_CRYPT
/* Initialize Hmac for use with Nitrox device */
int wc_HmacInitCavium(Hmac* hmac, int devId)
int wc_HmacAsyncInit(Hmac* hmac, int devId)
{
int ret = 0;
if (hmac == NULL)
return -1;
if (CspAllocContext(CONTEXT_SSL, &hmac->contextHandle, devId) != 0)
return -1;
ret = wolfAsync_DevCtxInit(&hmac->asyncDev, WOLFSSL_ASYNC_MARKER_HMAC, devId);
if (ret != 0) {
return ret;
}
#ifdef HAVE_CAVIUM
hmac->keyLen = 0;
hmac->dataLen = 0;
hmac->type = 0;
hmac->devId = devId;
hmac->magic = WOLFSSL_HMAC_CAVIUM_MAGIC;
hmac->data = NULL; /* buffered input data */
hmac->innerHashKeyed = 0;
#endif /* HAVE_CAVIUM */
/* default to NULL heap hint or test value */
#ifdef WOLFSSL_HEAP_TEST
hmac->heap = (void)WOLFSSL_HEAP_TEST;
#else
hmac->heap = NULL;
#endif
#endif /* WOLFSSL_HEAP_TEST */
return 0;
}
/* Free Hmac from use with Nitrox device */
void wc_HmacFreeCavium(Hmac* hmac)
void wc_HmacAsyncFree(Hmac* hmac)
{
if (hmac == NULL)
return;
CspFreeContext(CONTEXT_SSL, hmac->contextHandle, hmac->devId);
hmac->magic = 0;
XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
wolfAsync_DevCtxFree(&hmac->asyncDev);
#ifdef HAVE_CAVIUM
XFREE(hmac->data, hmac->heap, DYNAMIC_TYPE_ASYNC_TMP);
hmac->data = NULL;
#endif
}
#endif /* WOLFSSL_ASYNC_CRYPT */
static int HmacCaviumFinal(Hmac* hmac, byte* hash)
{
word32 requestId;
if (CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen,
(byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId,
hmac->devId) != 0) {
WOLFSSL_MSG("Cavium Hmac failed");
return -1;
}
hmac->innerHashKeyed = 0; /* tell update to start over if used again */
return 0;
}
static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
{
word16 add = (word16)length;
word32 total;
byte* tmp;
if (length > WOLFSSL_MAX_16BIT) {
WOLFSSL_MSG("Too big msg for cavium hmac");
return -1;
}
if (hmac->innerHashKeyed == 0) { /* starting new */
hmac->dataLen = 0;
hmac->innerHashKeyed = 1;
}
total = add + hmac->dataLen;
if (total > WOLFSSL_MAX_16BIT) {
WOLFSSL_MSG("Too big msg for cavium hmac");
return -1;
}
tmp = XMALLOC(hmac->dataLen + add, hmac->heap ,DYNAMIC_TYPE_CAVIUM_TMP);
if (tmp == NULL) {
WOLFSSL_MSG("Out of memory for cavium update");
return -1;
}
if (hmac->dataLen)
XMEMCPY(tmp, hmac->data, hmac->dataLen);
XMEMCPY(tmp + hmac->dataLen, msg, add);
hmac->dataLen += add;
XFREE(hmac->data, hmac->heap, DYNAMIC_TYPE_CAVIUM_TMP);
hmac->data = tmp;
return 0;
}
static int HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
word32 length)
{
hmac->macType = (byte)type;
if (type == MD5)
hmac->type = MD5_TYPE;
else if (type == SHA)
hmac->type = SHA1_TYPE;
else if (type == SHA256)
hmac->type = SHA256_TYPE;
else {
WOLFSSL_MSG("unsupported cavium hmac type");
}
hmac->innerHashKeyed = 0; /* should we key Startup flag */
hmac->keyLen = (word16)length;
/* store key in ipad */
XMEMCPY(hmac->ipad, key, length);
return 0;
}
#endif /* HAVE_CAVIUM */
int wolfSSL_GetHmacMaxSize(void)
{
@@ -748,49 +715,6 @@ int wolfSSL_GetHmacMaxSize(void)
#endif /* WOLFSSL_HAVE_MIN */
static INLINE int GetHashSizeByType(int type)
{
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
|| type == SHA512 || type == BLAKE2B_ID))
return BAD_FUNC_ARG;
switch (type) {
#ifndef NO_MD5
case MD5:
return MD5_DIGEST_SIZE;
#endif
#ifndef NO_SHA
case SHA:
return SHA_DIGEST_SIZE;
#endif
#ifndef NO_SHA256
case SHA256:
return SHA256_DIGEST_SIZE;
#endif
#ifdef WOLFSSL_SHA384
case SHA384:
return SHA384_DIGEST_SIZE;
#endif
#ifdef WOLFSSL_SHA512
case SHA512:
return SHA512_DIGEST_SIZE;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
return BLAKE2B_OUTBYTES;
#endif
default:
return BAD_FUNC_ARG;
}
}
/* HMAC-KDF with hash type, optional salt and info, return 0 on success */
int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
const byte* salt, word32 saltSz,
@@ -806,7 +730,7 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
byte prk[MAX_DIGEST_SIZE];
#endif
const byte* localSalt; /* either points to user input or tmp */
int hashSz = GetHashSizeByType(type);
int hashSz = wc_HmacSizeByType(type);
word32 outIdx = 0;
byte n = 0x1;
int ret;
@@ -815,13 +739,13 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK
tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
return MEMORY_E;
prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
if (prk == NULL) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#endif
@@ -873,8 +797,8 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, hmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prk, hmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
+6 -1
View File
@@ -44,6 +44,11 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/ti/ti-hash.c \
wolfcrypt/src/port/ti/ti-ccm.c \
wolfcrypt/src/port/pic32/pic32mz-hash.c \
wolfcrypt/src/port/nrf51.c
wolfcrypt/src/port/nrf51.c \
wolfcrypt/src/port/arm/armv8-sha256.c
if BUILD_CAVIUM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/cavium/cavium_nitrox.c
EXTRA_DIST += wolfcrypt/src/port/cavium/README.md
endif
+117 -6
View File
@@ -196,6 +196,92 @@ static int create_memory_buckets(byte* buffer, word32 bufSz,
return ret;
}
int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap)
{
word32 wc_MemSz[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS };
word32 wc_Dist[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST };
if (heap == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(heap, 0, sizeof(WOLFSSL_HEAP));
XMEMCPY(heap->sizeList, wc_MemSz, sizeof(wc_MemSz));
XMEMCPY(heap->distList, wc_Dist, sizeof(wc_Dist));
if (InitMutex(&(heap->memory_mutex)) != 0) {
WOLFSSL_MSG("Error creating heap memory mutex");
return BAD_MUTEX_E;
}
return 0;
}
int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
unsigned char* buf, unsigned int sz, int flag, int max)
{
int ret;
WOLFSSL_HEAP* heap;
WOLFSSL_HEAP_HINT* hint;
word32 idx = 0;
if (pHint == NULL || buf == NULL) {
return BAD_FUNC_ARG;
}
if ((sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)) > sz - idx) {
return BUFFER_E; /* not enough memory for structures */
}
/* check if hint has already been assigned */
if (*pHint == NULL) {
heap = (WOLFSSL_HEAP*)buf;
idx += sizeof(WOLFSSL_HEAP);
hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
idx += sizeof(WOLFSSL_HEAP_HINT);
ret = wolfSSL_init_memory_heap(heap);
if (ret != 0) {
return ret;
}
XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
hint->memory = heap;
}
else {
#ifdef WOLFSSL_HEAP_TEST
/* do not load in memory if test has been set */
if (heap == (void*)WOLFSSL_HEAP_TEST) {
return 0;
}
#endif
hint = (WOLFSSL_HEAP_HINT*)(*pHint);
heap = hint->memory;
}
ret = wolfSSL_load_static_memory(buf + idx, sz - idx, flag, heap);
if (ret != 1) {
WOLFSSL_MSG("Error partitioning memory");
return -1;
}
/* determine what max applies too */
if ((flag & WOLFMEM_IO_POOL) || (flag & WOLFMEM_IO_POOL_FIXED)) {
heap->maxIO = max;
}
else { /* general memory used in handshakes */
heap->maxHa = max;
}
heap->flag |= flag;
*pHint = hint;
(void)max;
return 0;
}
int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag,
WOLFSSL_HEAP* heap)
@@ -219,6 +305,10 @@ int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag,
ava--;
}
#ifdef WOLFSSL_DEBUG_MEMORY
printf("Allocated %d bytes for static memory @ %p\n", ava, pt);
#endif
/* devide into chunks of memory and add them to available list */
while (ava >= (heap->sizeList[0] + padSz + memSz)) {
int i;
@@ -392,7 +482,11 @@ int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap, WOLFSSL_MEM_STATS* stats)
}
#ifdef WOLFSSL_DEBUG_MEMORY
void* wolfSSL_Malloc(size_t size, void* heap, int type, const char* func, unsigned int line)
#else
void* wolfSSL_Malloc(size_t size, void* heap, int type)
#endif
{
void* res = 0;
wc_Memory* pt = NULL;
@@ -473,6 +567,10 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
mem->alloc += 1;
res = pt->buffer;
#ifdef WOLFSSL_DEBUG_MEMORY
printf("Alloc: %p -> %u at %s:%d\n", pt->buffer, pt->sz, func, line);
#endif
/* keep track of connection statistics if flag is set */
if (mem->flag & WOLFMEM_TRACK_STATS) {
WOLFSSL_MEM_CONN_STATS* stats = hint->stats;
@@ -512,7 +610,11 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
}
#ifdef WOLFSSL_DEBUG_MEMORY
void wolfSSL_Free(void *ptr, void* heap, int type, const char* func, unsigned int line)
#else
void wolfSSL_Free(void *ptr, void* heap, int type)
#endif
{
int i;
wc_Memory* pt;
@@ -579,6 +681,10 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
mem->inUse -= pt->sz;
mem->frAlc += 1;
#ifdef WOLFSSL_DEBUG_MEMORY
printf("Free: %p -> %u at %s:%d\n", pt->buffer, pt->sz, func, line);
#endif
/* keep track of connection statistics if flag is set */
if (mem->flag & WOLFMEM_TRACK_STATS) {
WOLFSSL_MEM_CONN_STATS* stats = hint->stats;
@@ -606,8 +712,11 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
(void)type;
}
#ifdef WOLFSSL_DEBUG_MEMORY
void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line)
#else
void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
#endif
{
void* res = 0;
wc_Memory* pt = NULL;
@@ -678,7 +787,11 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
/* free memory that was previously being used */
UnLockMutex(&(mem->memory_mutex));
wolfSSL_Free(ptr, heap, type);
wolfSSL_Free(ptr, heap, type
#ifdef WOLFSSL_DEBUG_MEMORY
, func, line
#endif
);
if (LockMutex(&(mem->memory_mutex)) != 0) {
WOLFSSL_MSG("Bad memory_mutex lock");
return NULL;
@@ -719,7 +832,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
/* allow simple per thread in and out pools */
/* use 17k size sense max record size is 16k plus overhead */
/* use 17k size since max record size is 16k plus overhead */
static THREAD_LS_T byte pool_in[17*1024];
static THREAD_LS_T byte pool_out[17*1024];
@@ -766,9 +879,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type)
return realloc(p, n);
}
/* unit api calls, let's make sure visible with WOLFSSL_API */
WOLFSSL_API void XFREE(void *p, void* heap, int type)
void XFREE(void *p, void* heap, int type)
{
(void)heap;
+666
View File
@@ -0,0 +1,666 @@
/* armv8-sha256.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#if !defined(NO_SHA256) && defined(WOLFSSL_ARMASM)
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#ifndef WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MIN
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* WOLFSSL_HAVE_MIN */
#if !defined (ALIGN32)
#if defined (__GNUC__)
#define ALIGN32 __attribute__ ( (aligned (32)))
#elif defined(_MSC_VER)
/* disable align warning, we want alignment ! */
#pragma warning(disable: 4324)
#define ALIGN32 __declspec (align (32))
#else
#define ALIGN32
#endif
#endif
static const ALIGN32 word32 K[64] = {
0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL,
0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L,
0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L,
0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL,
0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L,
0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L,
0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L,
0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL,
0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L,
0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
};
int wc_InitSha256(Sha256* sha256)
{
int ret = 0;
sha256->digest[0] = 0x6A09E667L;
sha256->digest[1] = 0xBB67AE85L;
sha256->digest[2] = 0x3C6EF372L;
sha256->digest[3] = 0xA54FF53AL;
sha256->digest[4] = 0x510E527FL;
sha256->digest[5] = 0x9B05688CL;
sha256->digest[6] = 0x1F83D9ABL;
sha256->digest[7] = 0x5BE0CD19L;
sha256->buffLen = 0;
sha256->loLen = 0;
sha256->hiLen = 0;
return ret;
}
static INLINE void AddLength(Sha256* sha256, word32 len)
{
word32 tmp = sha256->loLen;
if ( (sha256->loLen += len) < tmp)
sha256->hiLen++; /* carry low to high */
}
/* ARMv8 hardware accleration */
int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
{
word32 add;
word32 numBlocks;
if (sha256 == NULL || (data == NULL && len != 0)) {
return BAD_FUNC_ARG;
}
/* fill leftover buffer with data */
add = min(len, SHA256_BLOCK_SIZE - sha256->buffLen);
XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
sha256->buffLen += add;
data += add;
len -= add;
/* number of blocks in a row to complete */
numBlocks = (len + sha256->buffLen)/SHA256_BLOCK_SIZE;
if (numBlocks > 0) {
/* get leftover amount after blocks */
add = (len + sha256->buffLen) - numBlocks * SHA256_BLOCK_SIZE;
__asm__ volatile (
"#load leftover data\n"
"LD1 {v0.2d-v3.2d}, %[buffer] \n"
"#load current digest\n"
"LD1 {v12.2d-v13.2d}, %[digest] \n"
"MOV w8, %w[blocks] \n"
"REV32 v0.16b, v0.16b \n"
"REV32 v1.16b, v1.16b \n"
"REV32 v2.16b, v2.16b \n"
"REV32 v3.16b, v3.16b \n"
"#load K values in \n"
"LD1 {v16.4s-v19.4s}, [%[k]], #64 \n"
"LD1 {v20.4s-v23.4s}, [%[k]], #64 \n"
"MOV v14.16b, v12.16b \n" /* store digest for add at the end */
"MOV v15.16b, v13.16b \n"
"LD1 {v24.4s-v27.4s}, [%[k]], #64 \n"
"LD1 {v28.4s-v31.4s}, [%[k]], #64 \n"
/* begining of SHA256 block operation */
"sha256Start:\n"
"MOV v4.16b, v0.16b \n"
"ADD v0.4s, v0.4s, v16.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"ADD v0.4s, v1.4s, v17.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"ADD v0.4s, v2.4s, v18.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"SHA256SU0 v4.4s, v1.4s \n"
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
"ADD v0.4s, v3.4s, v19.4s \n"
"MOV v11.16b, v12.16b \n"
"MOV v5.16b, v1.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"SHA256SU0 v5.4s, v2.4s \n"
"SHA256SU1 v5.4s, v3.4s, v4.4s \n"
"ADD v0.4s, v4.4s, v20.4s \n"
"MOV v11.16b, v12.16b \n"
"MOV v6.16b, v2.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"SHA256SU0 v6.4s, v3.4s \n"
"SHA256SU1 v6.4s, v4.4s, v5.4s \n"
"ADD v0.4s, v5.4s, v21.4s \n"
"MOV v11.16b, v12.16b \n"
"MOV v7.16b, v3.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"SHA256SU0 v7.4s, v4.4s \n"
"SHA256SU1 v7.4s, v5.4s, v6.4s \n"
"ADD v0.4s, v6.4s, v22.4s \n"
"MOV v11.16b, v12.16b \n"
"MOV v8.16b, v4.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"SHA256SU0 v8.4s, v5.4s \n"
"SHA256SU1 v8.4s, v6.4s, v7.4s \n"
"ADD v0.4s, v7.4s, v23.4s \n"
"MOV v11.16b, v12.16b \n"
"MOV v9.16b, v5.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"SHA256SU0 v9.4s, v6.4s \n"
"SHA256SU1 v9.4s, v7.4s, v8.4s \n"
"ADD v0.4s, v8.4s, v24.4s \n"
"MOV v11.16b, v12.16b \n"
"MOV v10.16b, v6.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"SHA256SU0 v10.4s, v7.4s \n"
"SHA256SU1 v10.4s, v8.4s, v9.4s \n"
"ADD v0.4s, v9.4s, v25.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"ADD v0.4s, v10.4s, v26.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
/* Re-use of registers is needed in order to not overwrite
* previous digest value. */
"#move to lower register and handle last rounds 11-15 \n"
"MOV v4.16b, v7.16b \n"
"MOV v1.16b, v8.16b \n"
"MOV v2.16b, v9.16b \n"
"MOV v3.16b, v10.16b \n"
"MOV v5.16b, v8.16b \n"
"SHA256SU0 v4.4s, v1.4s \n" /* 4 -> 11 */
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
"SHA256SU0 v5.4s, v2.4s \n"
"SHA256SU1 v5.4s, v3.4s, v4.4s \n"
"ADD v0.4s, v4.4s, v27.4s \n"
"MOV v11.16b, v12.16b \n"
"MOV v6.16b, v2.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"SHA256SU0 v6.4s, v3.4s \n"
"SHA256SU1 v6.4s, v4.4s, v5.4s \n"
"ADD v0.4s, v5.4s, v28.4s \n"
"MOV v11.16b, v12.16b \n"
"MOV v7.16b, v3.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"SHA256SU0 v7.4s, v4.4s \n"
"SHA256SU1 v7.4s, v5.4s, v6.4s \n"
"ADD v0.4s, v6.4s, v29.4s \n"
"MOV v11.16b, v12.16b \n"
"MOV v8.16b, v4.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"SHA256SU0 v8.4s, v5.4s \n"
"SHA256SU1 v8.4s, v6.4s, v7.4s \n"
"ADD v0.4s, v7.4s, v30.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"ADD v0.4s, v8.4s, v31.4s \n"
"MOV v11.16b, v12.16b \n"
"SHA256H q12, q13, v0.4s \n"
"SHA256H2 q13, q11, v0.4s \n"
"#Add working vars back into digest state \n"
"ADD v12.4s, v12.4s, v14.4s \n"
"ADD v13.4s, v13.4s, v15.4s \n"
"#check if more blocks should be done\n"
"SUB w8, w8, #1 \n"
"CBZ w8, sha256End \n"
"#load in message and schedual updates \n"
"LD1 {v0.2d-v3.2d}, [%[dataIn]], #64 \n"
"MOV v14.16b, v12.16b \n"
"MOV v15.16b, v13.16b \n"
"REV32 v0.16b, v0.16b \n"
"REV32 v1.16b, v1.16b \n"
"REV32 v2.16b, v2.16b \n"
"REV32 v3.16b, v3.16b \n"
"B sha256Start \n" /* do another block */
"sha256End:\n"
"STP q12, q13, %[out] \n"
: [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks),
"=r" (data)
: [k] "r" (K), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer),
[blocks] "2" (numBlocks), [dataIn] "3" (data)
: "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
"v8", "v9", "v10", "v11", "v12", "v13", "v14",
"v15"
);
AddLength(sha256, SHA256_BLOCK_SIZE * numBlocks);
/* copy over any remaining data leftover */
XMEMCPY(sha256->buffer, data, add);
sha256->buffLen = add;
}
return 0;
}
int wc_Sha256Final(Sha256* sha256, byte* hash)
{
byte* local;
if (sha256 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
local = (byte*)sha256->buffer;
AddLength(sha256, sha256->buffLen); /* before adding pads */
local[sha256->buffLen++] = 0x80; /* add 1 */
/* pad with zeros */
if (sha256->buffLen > SHA256_PAD_SIZE) {
XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
__asm__ volatile (
"LD1 {v4.2d-v7.2d}, %[buffer] \n"
"MOV v0.16b, v4.16b \n"
"MOV v1.16b, v5.16b \n"
"REV32 v0.16b, v0.16b \n"
"REV32 v1.16b, v1.16b \n"
"MOV v2.16b, v6.16b \n"
"MOV v3.16b, v7.16b \n"
"REV32 v2.16b, v2.16b \n"
"REV32 v3.16b, v3.16b \n"
"MOV v4.16b, v0.16b \n"
"MOV v5.16b, v1.16b \n"
"LD1 {v20.2d-v21.2d}, %[digest] \n"
"#SHA256 operation on updated message \n"
"MOV v16.16b, v20.16b \n"
"MOV v17.16b, v21.16b \n"
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
"SHA256SU0 v4.4s, v1.4s \n"
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
"ADD v0.4s, v0.4s, v22.4s \n"
"MOV v6.16b, v2.16b \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v0.4s \n"
"SHA256H2 q17, q18, v0.4s \n"
"SHA256SU0 v5.4s, v2.4s \n"
"SHA256SU1 v5.4s, v3.4s, v4.4s \n"
"ADD v1.4s, v1.4s, v23.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v7.16b, v3.16b \n"
"SHA256H q16, q17, v1.4s \n"
"SHA256H2 q17, q18, v1.4s \n"
"SHA256SU0 v6.4s, v3.4s \n"
"SHA256SU1 v6.4s, v4.4s, v5.4s \n"
"ADD v2.4s, v2.4s, v24.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v8.16b, v4.16b \n"
"SHA256H q16, q17, v2.4s \n"
"SHA256H2 q17, q18, v2.4s \n"
"SHA256SU0 v7.4s, v4.4s \n"
"SHA256SU1 v7.4s, v5.4s, v6.4s \n"
"ADD v3.4s, v3.4s, v25.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v9.16b, v5.16b \n"
"SHA256H q16, q17, v3.4s \n"
"SHA256H2 q17, q18, v3.4s \n"
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
"SHA256SU0 v8.4s, v5.4s \n"
"SHA256SU1 v8.4s, v6.4s, v7.4s \n"
"ADD v4.4s, v4.4s, v22.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v10.16b, v6.16b \n"
"SHA256H q16, q17, v4.4s \n"
"SHA256H2 q17, q18, v4.4s \n"
"SHA256SU0 v9.4s, v6.4s \n"
"SHA256SU1 v9.4s, v7.4s, v8.4s \n"
"ADD v5.4s, v5.4s, v23.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v11.16b, v7.16b \n"
"SHA256H q16, q17, v5.4s \n"
"SHA256H2 q17, q18, v5.4s \n"
"SHA256SU0 v10.4s, v7.4s \n"
"SHA256SU1 v10.4s, v8.4s, v9.4s \n"
"ADD v6.4s, v6.4s, v24.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v12.16b, v8.16b \n"
"SHA256H q16, q17, v6.4s \n"
"SHA256H2 q17, q18, v6.4s \n"
"SHA256SU0 v11.4s, v8.4s \n"
"SHA256SU1 v11.4s, v9.4s, v10.4s \n"
"ADD v7.4s, v7.4s, v25.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v13.16b, v9.16b \n"
"SHA256H q16, q17, v7.4s \n"
"SHA256H2 q17, q18, v7.4s \n"
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
"SHA256SU0 v12.4s, v9.4s \n"
"SHA256SU1 v12.4s, v10.4s, v11.4s \n"
"ADD v8.4s, v8.4s, v22.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v14.16b, v10.16b \n"
"SHA256H q16, q17, v8.4s \n"
"SHA256H2 q17, q18, v8.4s \n"
"SHA256SU0 v13.4s, v10.4s \n"
"SHA256SU1 v13.4s, v11.4s, v12.4s \n"
"ADD v9.4s, v9.4s, v23.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v15.16b, v11.16b \n"
"SHA256H q16, q17, v9.4s \n"
"SHA256H2 q17, q18, v9.4s \n"
"SHA256SU0 v14.4s, v11.4s \n"
"SHA256SU1 v14.4s, v12.4s, v13.4s \n"
"ADD v10.4s, v10.4s, v24.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v10.4s \n"
"SHA256H2 q17, q18, v10.4s \n"
"SHA256SU0 v15.4s, v12.4s \n"
"SHA256SU1 v15.4s, v13.4s, v14.4s \n"
"ADD v11.4s, v11.4s, v25.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v11.4s \n"
"SHA256H2 q17, q18, v11.4s \n"
"LD1 {v22.16b-v25.16b}, [%[k]] \n"
"ADD v12.4s, v12.4s, v22.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v12.4s \n"
"SHA256H2 q17, q18, v12.4s \n"
"ADD v13.4s, v13.4s, v23.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v13.4s \n"
"SHA256H2 q17, q18, v13.4s \n"
"ADD v14.4s, v14.4s, v24.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v14.4s \n"
"SHA256H2 q17, q18, v14.4s \n"
"ADD v15.4s, v15.4s, v25.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v15.4s \n"
"SHA256H2 q17, q18, v15.4s \n"
"#Add working vars back into digest state \n"
"ADD v16.4s, v16.4s, v20.4s \n"
"ADD v17.4s, v17.4s, v21.4s \n"
"STP q16, q17, %[out] \n"
: [out] "=m" (sha256->digest)
: [k] "r" (K), [digest] "m" (sha256->digest),
[buffer] "m" (sha256->buffer)
: "cc", "memory", "v0", "v1", "v2", "v3", "v8", "v9", "v10", "v11"
, "v12", "v13", "v14", "v15", "v16", "v17", "v18"
);
sha256->buffLen = 0;
}
XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);
/* put lengths in bits */
sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
(sha256->hiLen << 3);
sha256->loLen = sha256->loLen << 3;
/* store lengths */
#if defined(LITTLE_ENDIAN_ORDER)
__asm__ volatile (
"LD1 {v0.2d-v3.2d}, %[in] \n"
"REV32 v0.16b, v0.16b \n"
"REV32 v1.16b, v1.16b \n"
"REV32 v2.16b, v2.16b \n"
"REV32 v3.16b, v3.16b \n"
"ST1 {v0.2d-v3.2d}, %[out] \n"
: [out] "=m" (sha256->buffer)
: [in] "m" (sha256->buffer)
: "cc", "memory"
);
#endif
/* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
sizeof(word32));
__asm__ volatile (
"#load in message and schedual updates \n"
"LD1 {v4.2d-v7.2d}, %[buffer] \n"
"MOV v0.16b, v4.16b \n"
"MOV v1.16b, v5.16b \n"
"MOV v2.16b, v6.16b \n"
"MOV v3.16b, v7.16b \n"
"LD1 {v20.2d-v21.2d}, %[digest] \n"
"MOV v16.16b, v20.16b \n"
"MOV v17.16b, v21.16b \n"
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
"SHA256SU0 v4.4s, v1.4s \n"
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
"ADD v0.4s, v0.4s, v22.4s \n"
"MOV v6.16b, v2.16b \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v0.4s \n"
"SHA256H2 q17, q18, v0.4s \n"
"SHA256SU0 v5.4s, v2.4s \n"
"SHA256SU1 v5.4s, v3.4s, v4.4s \n"
"ADD v1.4s, v1.4s, v23.4s \n"
"MOV v7.16b, v3.16b \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v1.4s \n"
"SHA256H2 q17, q18, v1.4s \n"
"SHA256SU0 v6.4s, v3.4s \n"
"SHA256SU1 v6.4s, v4.4s, v5.4s \n"
"ADD v2.4s, v2.4s, v24.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v8.16b, v4.16b \n"
"SHA256H q16, q17, v2.4s \n"
"SHA256H2 q17, q18, v2.4s \n"
"SHA256SU0 v7.4s, v4.4s \n"
"SHA256SU1 v7.4s, v5.4s, v6.4s \n"
"ADD v3.4s, v3.4s, v25.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v9.16b, v5.16b \n"
"SHA256H q16, q17, v3.4s \n"
"SHA256H2 q17, q18, v3.4s \n"
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
"SHA256SU0 v8.4s, v5.4s \n"
"SHA256SU1 v8.4s, v6.4s, v7.4s \n"
"ADD v4.4s, v4.4s, v22.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v10.16b, v6.16b \n"
"SHA256H q16, q17, v4.4s \n"
"SHA256H2 q17, q18, v4.4s \n"
"SHA256SU0 v9.4s, v6.4s \n"
"SHA256SU1 v9.4s, v7.4s, v8.4s \n"
"ADD v5.4s, v5.4s, v23.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v11.16b, v7.16b \n"
"SHA256H q16, q17, v5.4s \n"
"SHA256H2 q17, q18, v5.4s \n"
"SHA256SU0 v10.4s, v7.4s \n"
"SHA256SU1 v10.4s, v8.4s, v9.4s \n"
"ADD v6.4s, v6.4s, v24.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v12.16b, v8.16b \n"
"SHA256H q16, q17, v6.4s \n"
"SHA256H2 q17, q18, v6.4s \n"
"SHA256SU0 v11.4s, v8.4s \n"
"SHA256SU1 v11.4s, v9.4s, v10.4s \n"
"ADD v7.4s, v7.4s, v25.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v13.16b, v9.16b \n"
"SHA256H q16, q17, v7.4s \n"
"SHA256H2 q17, q18, v7.4s \n"
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
"SHA256SU0 v12.4s, v9.4s \n"
"SHA256SU1 v12.4s, v10.4s, v11.4s \n"
"ADD v8.4s, v8.4s, v22.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v14.16b, v10.16b \n"
"SHA256H q16, q17, v8.4s \n"
"SHA256H2 q17, q18, v8.4s \n"
"SHA256SU0 v13.4s, v10.4s \n"
"SHA256SU1 v13.4s, v11.4s, v12.4s \n"
"ADD v9.4s, v9.4s, v23.4s \n"
"MOV v18.16b, v16.16b \n"
"MOV v15.16b, v11.16b \n"
"SHA256H q16, q17, v9.4s \n"
"SHA256H2 q17, q18, v9.4s \n"
"SHA256SU0 v14.4s, v11.4s \n"
"SHA256SU1 v14.4s, v12.4s, v13.4s \n"
"ADD v10.4s, v10.4s, v24.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v10.4s \n"
"SHA256H2 q17, q18, v10.4s \n"
"SHA256SU0 v15.4s, v12.4s \n"
"SHA256SU1 v15.4s, v13.4s, v14.4s \n"
"ADD v11.4s, v11.4s, v25.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v11.4s \n"
"SHA256H2 q17, q18, v11.4s \n"
"LD1 {v22.16b-v25.16b}, [%[k]] \n"
"ADD v12.4s, v12.4s, v22.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v12.4s \n"
"SHA256H2 q17, q18, v12.4s \n"
"ADD v13.4s, v13.4s, v23.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v13.4s \n"
"SHA256H2 q17, q18, v13.4s \n"
"ADD v14.4s, v14.4s, v24.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v14.4s \n"
"SHA256H2 q17, q18, v14.4s \n"
"ADD v15.4s, v15.4s, v25.4s \n"
"MOV v18.16b, v16.16b \n"
"SHA256H q16, q17, v15.4s \n"
"SHA256H2 q17, q18, v15.4s \n"
"#Add working vars back into digest state \n"
"ADD v16.4s, v16.4s, v20.4s \n"
"ADD v17.4s, v17.4s, v21.4s \n"
"#Store value as hash output \n"
#if defined(LITTLE_ENDIAN_ORDER)
"REV32 v16.16b, v16.16b \n"
#endif
"ST1 {v16.16b}, [%[hashOut]], #16 \n"
#if defined(LITTLE_ENDIAN_ORDER)
"REV32 v17.16b, v17.16b \n"
#endif
"ST1 {v17.16b}, [%[hashOut]] \n"
: [hashOut] "=r" (hash)
: [k] "r" (K), [digest] "m" (sha256->digest),
[buffer] "m" (sha256->buffer),
"0" (hash)
: "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
"v8", "v9", "v10", "v11", "v12", "v13", "v14",
"v15", "v16", "v17", "v18"
);
return wc_InitSha256(sha256); /* reset state */
}
#endif /* NO_SHA256 and WOLFSSL_ARMASM */
+32
View File
@@ -0,0 +1,32 @@
# Cavium Nitrox V Support
## Directory Structure:
`/`
`/CNN55XX-SDK`
`/wolfssl`
## Cavium Driver
Tested again `CNN55XX-Driver-Linux-KVM-XEN-PF-SDK-0.2-04.tar`
From inside `CNN55XX-SDK`:
1. `make`
Note: To resolve warnings in `CNN55XX-SDK/include/vf_defs.h`:
a. Changed `vf_config_mode_str` to return `const char*` and modify `vf_mode_str` to be `const char*`.
b. In `vf_config_mode_to_num_vfs` above `default:` add `case PF:`.
2. `sudo make load`
## wolfSSL
Currently the AES and DES3 benchmark tests causes the kernel to crash, so they are disabled for now, even though the wolfCrypt tests pass for those.
From inside `wolfssl`:
1. `./configure --with-cavium-v=../CNN55XX-SDK --enable-asynccrypt --enable-aesni --enable-intelasm --disable-aes --disable-aesgcm --disable-des3`
2. `make`
## Usage
Note: Must run applications with sudo to access device.
`sudo ./wolfcrypt/benchmark/benchmark`
`sudo ./wolfcrypt/test/testwolfcrypt`
+778
View File
@@ -0,0 +1,778 @@
/* cavium-nitrox.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_CAVIUM
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#endif
#ifndef NO_AES
#include <wolfssl/wolfcrypt/aes.h>
#endif
#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
#include <netinet/in.h> /* For ntohs */
static CspHandle mLastDevHandle = INVALID_DEVID;
int NitroxTranslateResponseCode(int ret)
{
switch (ret) {
case EAGAIN:
case ERR_REQ_PENDING:
ret = WC_PENDING_E;
break;
case ERR_REQ_TIMEOUT:
ret = WC_TIMEOUT_E;
break;
case 0:
/* leave as-is */
break;
default:
printf("NitroxTranslateResponseCode Unknown ret=%x\n", ret);
ret = ASYNC_INIT_E;
}
return ret;
}
CspHandle NitroxGetDeviceHandle(void)
{
return mLastDevHandle;
}
CspHandle NitroxOpenDevice(int dma_mode, int dev_id)
{
mLastDevHandle = INVALID_DEVID;
#ifdef HAVE_CAVIUM_V
(void)dma_mode;
if (CspInitialize(dev_id, &mLastDevHandle)) {
return -1;
}
#else
Csp1CoreAssignment core_assign;
Uint32 device;
if (CspInitialize(CAVIUM_DIRECT, CAVIUM_DEV_ID)) {
return -1;
}
if (Csp1GetDevType(&device)) {
return -1;
}
if (device != NPX_DEVICE) {
if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
(Uint32 *)&core_assign)!= 0) {
return -1;
}
}
CspShutdown(CAVIUM_DEV_ID);
mLastDevHandle = CspInitialize(dma_mode, dev_id);
if (mLastDevHandle == 0) {
mLastDevHandle = dev_id;
}
#endif /* HAVE_CAVIUM_V */
return mLastDevHandle;
}
int NitroxAllocContext(CaviumNitroxDev* nitrox, CspHandle devId,
ContextType type)
{
int ret;
if (nitrox == NULL) {
return -1;
}
/* If invalid handle provided, use last open one */
if (devId == INVALID_DEVID) {
devId = NitroxGetDeviceHandle();
}
#ifdef HAVE_CAVIUM_V
ret = CspAllocContext(devId, type, &nitrox->contextHandle);
#else
ret = CspAllocContext(type, &nitrox->contextHandle, devId);
#endif
if (ret != 0) {
return -1;
}
nitrox->type = type;
nitrox->devId = devId;
return 0;
}
void NitroxFreeContext(CaviumNitroxDev* nitrox)
{
if (nitrox == NULL) {
return;
}
#ifdef HAVE_CAVIUM_V
CspFreeContext(nitrox->devId, nitrox->type, nitrox->contextHandle);
#else
CspFreeContext(nitrox->type, nitrox->contextHandle, nitrox->devId);
#endif
}
void NitroxCloseDevice(CspHandle devId)
{
if (devId >= 0) {
CspShutdown(devId);
}
}
#if defined(WOLFSSL_ASYNC_CRYPT)
int NitroxCheckRequest(CspHandle devId, CavReqId reqId)
{
int ret = CspCheckForCompletion(devId, reqId);
return NitroxTranslateResponseCode(ret);
}
int NitroxCheckRequests(CspHandle devId, CspMultiRequestStatusBuffer* req_stat_buf)
{
int ret = CspGetAllResults(req_stat_buf, devId);
return NitroxTranslateResponseCode(ret);
}
#ifndef NO_RSA
int NitroxRsaExptMod(const byte* in, word32 inLen,
byte* exponent, word32 expLen,
byte* modulus, word32 modLen,
byte* out, word32* outLen, RsaKey* key)
{
int ret;
if (key == NULL || in == NULL || inLen == 0 || exponent == NULL ||
modulus == NULL || out == NULL) {
return BAD_FUNC_ARG;
}
(void)outLen;
#ifdef HAVE_CAVIUM_V
ret = CspMe(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP,
CAVIUM_DPORT, modLen, expLen, inLen,
modulus, exponent, (Uint8*)in, out,
&key->asyncDev.dev.reqId);
#if 0
/* TODO: Try MeCRT */
ret = CspMeCRT();
#endif
#else
/* Not implemented/supported */
ret = NOT_COMPILED_IN;
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
return ret;
}
int NitroxRsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 ret;
if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->n.used) {
return BAD_FUNC_ARG;
}
#ifdef HAVE_CAVIUM_V
ret = CspPkcs1v15Enc(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
BT2, key->n.used, key->e.used,
(word16)inLen, key->n.dpraw, key->e.dpraw, (byte*)in, out,
&key->asyncDev.dev.reqId);
#else
ret = CspPkcs1v15Enc(CAVIUM_REQ_MODE, BT2, key->n.used, key->e.used,
(word16)inLen, key->n.dpraw, key->e.dpraw, (byte*)in, out,
&key->asyncDev.dev.reqId, key->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
return key->n.used;
}
static INLINE void ato16(const byte* c, word16* u16)
{
*u16 = (c[0] << 8) | (c[1]);
}
int NitroxRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 ret;
word16 outSz = (word16)outLen;
if (key == NULL || in == NULL || out == NULL ||
inLen != (word32)key->n.used) {
return BAD_FUNC_ARG;
}
#ifdef HAVE_CAVIUM_V
ret = CspPkcs1v15CrtDec(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
BT2, key->n.used, key->q.dpraw,
key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
(byte*)in, &outSz, out, &key->asyncDev.dev.reqId);
#else
ret = CspPkcs1v15CrtDec(CAVIUM_REQ_MODE, BT2, key->n.used, key->q.dpraw,
key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
(byte*)in, &outSz, out, &key->asyncDev.dev.reqId,
key->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
ato16((const byte*)&outSz, &outSz);
return outSz;
}
int NitroxRsaSSL_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 ret;
if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen <
(word32)key->n.used) {
return BAD_FUNC_ARG;
}
#ifdef HAVE_CAVIUM_V
ret = CspPkcs1v15CrtEnc(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
BT1, key->n.used, (word16)inLen,
key->q.dpraw, key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
(byte*)in, out, &key->asyncDev.dev.reqId);
#else
ret = CspPkcs1v15CrtEnc(CAVIUM_REQ_MODE, BT1, key->n.used, (word16)inLen,
key->q.dpraw, key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
(byte*)in, out, &key->asyncDev.dev.reqId, key->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
return key->n.used;
}
int NitroxRsaSSL_Verify(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 ret;
word16 outSz = (word16)outLen;
if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->n.used) {
return BAD_FUNC_ARG;
}
#ifdef HAVE_CAVIUM_V
ret = CspPkcs1v15Dec(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
BT1, key->n.used, key->e.used,
key->n.dpraw, key->e.dpraw, (byte*)in, &outSz, out,
&key->asyncDev.dev.reqId);
#else
ret = CspPkcs1v15Dec(CAVIUM_REQ_MODE, BT1, key->n.used, key->e.used,
key->n.dpraw, key->e.dpraw, (byte*)in, &outSz, out,
&key->asyncDev.dev.reqId, key->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
outSz = ntohs(outSz);
return outSz;
}
#endif /* !NO_RSA */
#ifndef NO_AES
int NitroxAesSetKey(Aes* aes, const byte* key, word32 length, const byte* iv)
{
if (aes == NULL)
return BAD_FUNC_ARG;
XMEMCPY(aes->key, key, length); /* key still holds key, iv still in reg */
if (length == 16)
aes->type = AES_128_BIT;
else if (length == 24)
aes->type = AES_192_BIT;
else if (length == 32)
aes->type = AES_256_BIT;
return wc_AesSetIV(aes, iv);
}
#ifdef HAVE_AES_CBC
int NitroxAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 length)
{
int ret;
wolfssl_word offset = 0;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
#ifdef HAVE_CAVIUM_V
ret = CspEncryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key,
(byte*)aes->reg, 0, NULL, slen, (byte*)in + offset,
out + offset, &aes->asyncDev.dev.reqId);
#else
ret = CspEncryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
aes->type, slen, (byte*)in + offset, out + offset,
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
aes->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
XMEMCPY(aes->reg, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
}
if (length) {
word16 slen = (word16)length;
#ifdef HAVE_CAVIUM_V
ret = CspEncryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key,
(byte*)aes->reg, 0, NULL, slen, (byte*)in + offset,
out + offset, &aes->asyncDev.dev.reqId);
#else
ret = CspEncryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
aes->type, slen, (byte*)in + offset, out + offset,
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
aes->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
XMEMCPY(aes->reg, out + offset+length - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
}
return 0;
}
#ifdef HAVE_AES_DECRYPT
int NitroxAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 length)
{
wolfssl_word offset = 0;
int ret;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
#ifdef HAVE_CAVIUM_V
ret = CspDecryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key, (byte*)aes->reg,
0, NULL, slen, (byte*)in + offset, out + offset, &aes->asyncDev.dev.reqId);
#else
ret = CspDecryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
aes->type, slen, (byte*)in + offset, out + offset,
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
aes->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
}
if (length) {
word16 slen = (word16)length;
XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
#ifdef HAVE_CAVIUM_V
ret = CspDecryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key, (byte*)aes->reg,
0, NULL, slen, (byte*)in + offset, out + offset, &aes->asyncDev.dev.reqId);
#else
ret = CspDecryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
aes->type, slen, (byte*)in + offset, out + offset,
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
aes->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
}
return 0;
}
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES */
#if !defined(NO_ARC4) && !defined(HAVE_CAVIUM_V)
void NitroxArc4SetKey(Arc4* arc4, const byte* key, word32 length)
{
if (CspInitializeRc4(CAVIUM_BLOCKING, arc4->asyncDev.dev.contextHandle, length,
(byte*)key, &arc4->asyncDev.dev.reqId, arc4->devId) != 0) {
WOLFSSL_MSG("Bad Cavium Arc4 Init");
}
}
void NitroxArc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
{
int ret;
wolfssl_word offset = 0;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
ret = CspEncryptRc4(CAVIUM_BLOCKING, arc4->asyncDev.dev.contextHandle,
CAVIUM_UPDATE, slen, (byte*)in + offset, out + offset,
&arc4->asyncDev.dev.reqId, arc4->devId);
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
}
if (length) {
word16 slen = (word16)length;
ret = CspEncryptRc4(CAVIUM_BLOCKING, arc4->asyncDev.dev.contextHandle,
CAVIUM_UPDATE, slen, (byte*)in + offset, out + offset,
&arc4->asyncDev.dev.reqId, arc4->devId);
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
}
}
#endif /* !NO_ARC4 && !HAVE_CAVIUM_V */
#ifndef NO_DES3
int NitroxDes3SetKey(Des3* des3, const byte* key, const byte* iv)
{
if (des3 == NULL)
return BAD_FUNC_ARG;
/* key[0] holds key, iv in reg */
XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3);
return wc_Des3_SetIV(des3, iv);
}
int NitroxDes3CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 length)
{
wolfssl_word offset = 0;
int ret;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
#ifdef HAVE_CAVIUM_V
ret = CspEncrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0],
(byte*)des3->reg, slen, (byte*)in + offset,
out + offset, &des3->asyncDev.dev.reqId);
#else
ret = CspEncrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
&des3->asyncDev.dev.reqId, des3->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
XMEMCPY(des3->reg, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
}
if (length) {
word16 slen = (word16)length;
#ifdef HAVE_CAVIUM_V
ret = CspEncrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0], (byte*)des3->reg,
slen, (byte*)in + offset, out + offset,
&des3->asyncDev.dev.reqId);
#else
ret = CspEncrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
&des3->asyncDev.dev.reqId, des3->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
}
return 0;
}
int NitroxDes3CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 length)
{
wolfssl_word offset = 0;
int ret;
while (length > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
#ifdef HAVE_CAVIUM_V
ret = CspDecrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0], (byte*)des3->reg,
slen, (byte*)in + offset, out + offset,
&des3->asyncDev.dev.reqId);
#else
ret = CspDecrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in + offset, out + offset,
(byte*)des3->reg, (byte*)des3->key[0], &des3->asyncDev.dev.reqId,
des3->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
length -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
}
if (length) {
word16 slen = (word16)length;
XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE,DES_BLOCK_SIZE);
#ifdef HAVE_CAVIUM_V
ret = CspDecrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0], (byte*)des3->reg,
slen, (byte*)in + offset, out + offset,
&des3->asyncDev.dev.reqId);
#else
ret = CspDecrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
CAVIUM_NO_UPDATE, slen, (byte*)in + offset, out + offset,
(byte*)des3->reg, (byte*)des3->key[0], &des3->asyncDev.dev.reqId,
des3->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
}
return 0;
}
#endif /* !NO_DES3 */
#ifndef NO_HMAC
int NitroxHmacFinal(Hmac* hmac, byte* hash)
{
int ret = -1;
#ifdef HAVE_CAVIUM_V
word16 hashLen = wc_HmacSizeByType(hmac->macType);
ret = CspHmac(hmac->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, hmac->type, hmac->keyLen,
(byte*)hmac->ipad, hmac->dataLen, hmac->data, hashLen,
hash, &hmac->asyncDev.dev.reqId);
#else
ret = CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen,
(byte*)hmac->ipad, hmac->dataLen, hmac->data, hash,
&hmac->asyncDev.dev.reqId, hmac->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
hmac->innerHashKeyed = 0; /* tell update to start over if used again */
return 0;
}
int NitroxHmacUpdate(Hmac* hmac, const byte* msg, word32 length)
{
word16 add = (word16)length;
word32 total;
byte* tmp;
if (length > WOLFSSL_MAX_16BIT) {
WOLFSSL_MSG("Too big msg for cavium hmac");
return -1;
}
if (hmac->innerHashKeyed == 0) { /* starting new */
hmac->dataLen = 0;
hmac->innerHashKeyed = 1;
}
total = add + hmac->dataLen;
if (total > WOLFSSL_MAX_16BIT) {
WOLFSSL_MSG("Too big msg for cavium hmac");
return -1;
}
tmp = XMALLOC(hmac->dataLen + add, NULL, DYNAMIC_TYPE_ASYNC_TMP);
if (tmp == NULL) {
WOLFSSL_MSG("Out of memory for cavium update");
return -1;
}
if (hmac->dataLen)
XMEMCPY(tmp, hmac->data, hmac->dataLen);
XMEMCPY(tmp + hmac->dataLen, msg, add);
hmac->dataLen += add;
XFREE(hmac->data, NULL, DYNAMIC_TYPE_ASYNC_TMP);
hmac->data = tmp;
return 0;
}
int NitroxHmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
{
hmac->macType = (byte)type;
/* Determine Cavium HashType */
switch(type) {
#ifndef NO_MD5
case MD5:
hmac->type = MD5_TYPE;
break;
#endif
#ifndef NO_SHA
case SHA:
hmac->type = SHA1_TYPE;
break;
#endif
#ifndef NO_SHA256
case SHA256:
#ifdef HAVE_CAVIUM_V
hmac->type = SHA2_SHA256;
#else
hmac->type = SHA256_TYPE;
#endif
break;
#endif
#ifdef HAVE_CAVIUM_V
#ifndef WOLFSSL_SHA512
case SHA512:
hmac->type = SHA2_SHA512;
break;
#endif
#ifndef WOLFSSL_SHA384
case SHA384:
hmac->type = SHA2_SHA384;
break;
#endif
#endif /* HAVE_CAVIUM_V */
default:
WOLFSSL_MSG("unsupported cavium hmac type");
break;
}
hmac->innerHashKeyed = 0; /* should we key Startup flag */
hmac->keyLen = (word16)length;
/* store key in ipad */
XMEMCPY(hmac->ipad, key, length);
return 0;
}
#endif /* !NO_HMAC */
#if !defined(HAVE_HASHDRBG) && !defined(NO_RC4)
void NitroxRngGenerateBlock(WC_RNG* rng, byte* output, word32 sz)
{
wolfssl_word offset = 0;
word32 requestId;
while (sz > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
#ifdef HAVE_CAVIUM_V
ret = CspTrueRandom(rng->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, slen, output + offset, &requestId);
#else
ret = CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
rng->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
sz -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
}
if (sz) {
word16 slen = (word16)sz;
#ifdef HAVE_CAVIUM_V
ret = CspTrueRandom(rng->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
CAVIUM_SSL_GRP, CAVIUM_DPORT, slen, output + offset, &requestId);
#else
ret = CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
rng->asyncDev.dev.devId);
#endif
ret = NitroxTranslateResponseCode(ret);
if (ret != 0) {
return ret;
}
}
}
#endif /* !defined(HAVE_HASHDRBG) && !defined(NO_RC4) */
#endif /* WOLFSSL_ASYNC_CRYPT */
#endif /* HAVE_CAVIUM */
+15 -63
View File
@@ -47,14 +47,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
return GenerateSeed(os, seed, sz);
}
#ifdef HAVE_CAVIUM
int wc_InitRngCavium(WC_RNG* rng, int i)
{
return InitRngCavium(rng, i);
}
#endif
int wc_InitRng(WC_RNG* rng)
{
return InitRng_fips(rng);
@@ -178,6 +170,7 @@ int wc_FreeRng(WC_RNG* rng)
#define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED)
#endif
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
/* Start NIST DRBG code */
@@ -811,12 +804,13 @@ int wc_InitRng(WC_RNG* rng)
#endif
#ifdef HAVE_INTEL_RDGEN
wc_InitRng_IntelRD() ;
if(IS_INTEL_RDRAND)return 0 ;
wc_InitRng_IntelRD();
if(IS_INTEL_RDRAND) return 0;
#endif
#ifdef HAVE_CAVIUM
if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC)
return 0;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG, INVALID_DEVID);
if (ret != 0) return ret;
#endif
#ifdef WOLFSSL_SMALL_STACK
@@ -847,10 +841,6 @@ int wc_InitRng(WC_RNG* rng)
return ret;
}
#ifdef HAVE_CAVIUM
static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz);
#endif
/* place a generated block in output */
int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
{
@@ -858,9 +848,10 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
if(IS_INTEL_RDRAND)
return wc_GenerateRand_IntelRD(NULL, output, sz) ;
#endif
#ifdef HAVE_CAVIUM
if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC)
return CaviumRNG_GenerateBlock(rng, output, sz);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
return NitroxRngGenerateBlock(rng, output, sz);
}
#endif
XMEMSET(output, 0, sz);
wc_Arc4Process(&rng->cipher, output, output, sz);
@@ -878,53 +869,14 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
int wc_FreeRng(WC_RNG* rng)
{
(void)rng;
return 0;
}
#ifdef HAVE_CAVIUM
#include <wolfssl/ctaocrypt/logging.h>
#include "cavium_common.h"
/* Initialize RNG for use with Nitrox device */
int wc_InitRngCavium(WC_RNG* rng, int devId)
{
if (rng == NULL)
return -1;
rng->devId = devId;
rng->magic = WOLFSSL_RNG_CAVIUM_MAGIC;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
wolfAsync_DevCtxFree(&rng->asyncDev);
#endif
return 0;
}
static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
{
wolfssl_word offset = 0;
word32 requestId;
while (sz > WOLFSSL_MAX_16BIT) {
word16 slen = (word16)WOLFSSL_MAX_16BIT;
if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
rng->devId) != 0) {
WOLFSSL_MSG("Cavium RNG failed");
}
sz -= WOLFSSL_MAX_16BIT;
offset += WOLFSSL_MAX_16BIT;
}
if (sz) {
word16 slen = (word16)sz;
if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
rng->devId) != 0) {
WOLFSSL_MSG("Cavium RNG failed");
}
}
}
#endif /* HAVE_CAVIUM */
#endif /* HAVE_HASHDRBG || NO_RC4 */
@@ -1127,7 +1079,7 @@ static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#else
#else /* HAVE_HASHDRBG || NO_RC4 */
/* return 0 on success */
static INLINE int IntelRDrand32(unsigned int *rnd)
+750 -689
View File
File diff suppressed because it is too large Load Diff
+1 -1
View File
@@ -209,7 +209,7 @@ int wc_SignatureVerify(
if (plain_len < sig_len) {
plain_len = sig_len;
}
plain_data = (byte*)XMALLOC(hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
plain_data = (byte*)XMALLOC(plain_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (plain_data) {
/* Perform verification of signature using provided RSA key */
ret = wc_RsaSSL_Verify(sig, sig_len, plain_data, plain_len,
+41
View File
@@ -1035,13 +1035,37 @@ int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
#ifdef TFM_TIMING_RESISTANT
#ifndef WC_NO_CACHE_RESISTANT
/* all off / all on pointer addresses for constant calculations */
/* ecc.c uses same table */
const wolfssl_word wc_off_on_addr[2] =
{
#if defined(WC_64BIT_CPU)
W64LIT(0x0000000000000000),
W64LIT(0xffffffffffffffff)
#elif defined(WC_16BIT_CPU)
0x0000U,
0xffffU
#else
/* 32 bit */
0x00000000U,
0xffffffffU
#endif
};
#endif /* WC_NO_CACHE_RESISTANT */
/* timing resistant montgomery ladder based exptmod
Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder",
Cryptographic Hardware and Embedded Systems, CHES 2002
*/
static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
{
#ifdef WC_NO_CACHE_RESISTANT
fp_int R[2];
#else
fp_int R[3]; /* need a temp for cache resistance */
#endif
fp_digit buf, mp;
int err, bitcnt, digidx, y;
@@ -1052,6 +1076,9 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
fp_init(&R[0]);
fp_init(&R[1]);
#ifndef WC_NO_CACHE_RESISTANT
fp_init(&R[2]);
#endif
/* now we need R mod m */
fp_montgomery_calc_normalization (&R[0], P);
@@ -1092,7 +1119,21 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
/* do ops */
fp_mul(&R[0], &R[1], &R[y^1]); fp_montgomery_reduce(&R[y^1], P, mp);
#ifdef WC_NO_CACHE_RESISTANT
fp_sqr(&R[y], &R[y]); fp_montgomery_reduce(&R[y], P, mp);
#else
/* instead of using R[y] for sqr, which leaks key bit to cache monitor,
* use R[2] as temp, make sure address calc is constant, keep
* &R[0] and &R[1] in cache */
fp_copy((fp_int*) ( ((wolfssl_word)&R[0] & wc_off_on_addr[y^1]) +
((wolfssl_word)&R[1] & wc_off_on_addr[y]) ),
&R[2]);
fp_sqr(&R[2], &R[2]); fp_montgomery_reduce(&R[2], P, mp);
fp_copy(&R[2],
(fp_int*) ( ((wolfssl_word)&R[0] & wc_off_on_addr[y^1]) +
((wolfssl_word)&R[1] & wc_off_on_addr[y]) ) );
#endif /* WC_NO_CACHE_RESISTANT */
}
fp_montgomery_reduce(&R[0], P, mp);
+274
View File
@@ -0,0 +1,274 @@
/* wolfevent.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_WOLF_EVENT
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/wolfevent.h>
int wolfEvent_Init(WOLF_EVENT* event, WOLF_EVENT_TYPE type, void* context)
{
if (event == NULL) {
return BAD_FUNC_ARG;
}
if (event->pending) {
WOLFSSL_MSG("event already pending!");
return BAD_COND_E;
}
XMEMSET(event, 0, sizeof(WOLF_EVENT));
event->type = type;
event->context = context;
return 0;
}
int wolfEvent_Poll(WOLF_EVENT* event, WOLF_EVENT_FLAG flags)
{
int ret = BAD_COND_E;
/* Check hardware */
#ifdef WOLFSSL_ASYNC_CRYPT
if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST &&
event->type <= WOLF_EVENT_TYPE_ASYNC_LAST)
{
ret = wolfAsync_EventPoll(event, flags);
}
#endif /* WOLFSSL_ASYNC_CRYPT */
return ret;
}
int wolfEventQueue_Init(WOLF_EVENT_QUEUE* queue)
{
int ret = 0;
if (queue == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(queue, 0, sizeof(WOLF_EVENT_QUEUE));
#ifndef SINGLE_THREADED
ret = InitMutex(&queue->lock);
#endif
return ret;
}
int wolfEventQueue_Push(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event)
{
int ret;
if (queue == NULL || event == NULL) {
return BAD_FUNC_ARG;
}
#ifndef SINGLE_THREADED
if ((ret = LockMutex(&queue->lock)) != 0) {
return ret;
}
#endif
/* Setup event */
event->next = NULL;
event->pending = 1;
if (queue->tail == NULL) {
queue->head = event;
}
else {
queue->tail->next = event;
event->prev = queue->tail;
}
queue->tail = event; /* add to the end either way */
queue->count++;
ret = 0;
#ifndef SINGLE_THREADED
UnLockMutex(&queue->lock);
#endif
return ret;
}
int wolfEventQueue_Pop(WOLF_EVENT_QUEUE* queue, WOLF_EVENT** event)
{
int ret = 0;
if (queue == NULL || event == NULL) {
return BAD_FUNC_ARG;
}
#ifndef SINGLE_THREADED
/* In single threaded mode "event_queue.lock" doesn't exist */
if ((ret = LockMutex(&queue->lock)) != 0) {
return ret;
}
#endif
/* Pop first item off queue */
*event = queue->head;
ret = wolfEventQueue_Remove(queue, *event);
#ifndef SINGLE_THREADED
UnLockMutex(&queue->lock);
#endif
return ret;
}
/* assumes queue is locked by caller */
int wolfEventQueue_Remove(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event)
{
int ret = 0;
if (queue == NULL || event == NULL) {
return BAD_FUNC_ARG;
}
if (event == queue->head && event == queue->tail) {
queue->head = NULL;
queue->tail = NULL;
}
else if (event == queue->head) {
queue->head = event->next;
queue->head->prev = NULL;
}
else if (event == queue->tail) {
queue->tail = event->prev;
queue->tail->next = NULL;
}
else {
WOLF_EVENT* next = event->next;
WOLF_EVENT* prev = event->prev;
next->prev = prev;
prev->next = next;
}
queue->count--;
return ret;
}
int wolfEventQueue_Poll(WOLF_EVENT_QUEUE* queue, void* context_filter,
WOLF_EVENT** events, int maxEvents, WOLF_EVENT_FLAG flags, int* eventCount)
{
WOLF_EVENT* event;
int ret = 0, count = 0;
if (queue == NULL) {
return BAD_FUNC_ARG;
}
#ifndef SINGLE_THREADED
/* In single threaded mode "event_queue.lock" doesn't exist */
if ((ret = LockMutex(&queue->lock)) != 0) {
return ret;
}
#endif
/* itterate event queue */
for (event = queue->head; event != NULL; event = event->next)
{
/* optional filter based on context */
if (context_filter == NULL || event->context == context_filter) {
/* poll event */
ret = wolfEvent_Poll(event, flags);
if (ret < 0) break; /* exit for */
/* If event is done then process */
if (event->done) {
/* remove from queue */
ret = wolfEventQueue_Remove(queue, event);
if (ret < 0) break; /* exit for */
/* return pointer in 'events' arg */
if (events) {
events[count] = event; /* return pointer */
}
count++;
/* check to make sure our event list isn't full */
if (events && count >= maxEvents) {
break; /* exit for */
}
}
}
}
#ifndef SINGLE_THREADED
UnLockMutex(&queue->lock);
#endif
/* return number of properly populated events */
if (eventCount) {
*eventCount = count;
}
return ret;
}
int wolfEventQueue_Count(WOLF_EVENT_QUEUE* queue)
{
int ret;
if (queue == NULL) {
return BAD_FUNC_ARG;
}
#ifndef SINGLE_THREADED
/* In single threaded mode "event_queue.lock" doesn't exist */
if ((ret = LockMutex(&queue->lock)) != 0) {
return ret;
}
#endif
ret = queue->count;
#ifndef SINGLE_THREADED
UnLockMutex(&queue->lock);
#endif
return ret;
}
void wolfEventQueue_Free(WOLF_EVENT_QUEUE* queue)
{
if (queue) {
#ifndef SINGLE_THREADED
FreeMutex(&queue->lock);
#endif
}
}
#endif /* HAVE_WOLF_EVENT */
+744 -588
View File
File diff suppressed because it is too large Load Diff
+1
View File
@@ -76,6 +76,7 @@ typedef struct RsaKey {
} RsaKey;
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void*);
WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
+7 -1
View File
@@ -74,7 +74,7 @@ enum {
};
int wc_InitRsaKey(RsaKey* key, void* heap)
int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
{
USER_DEBUG(("Entering wc_InitRsaKey\n"));
@@ -87,10 +87,16 @@ int wc_InitRsaKey(RsaKey* key, void* heap)
USER_DEBUG(("\tExit wc_InitRsaKey\n"));
(void)devId;
(void)heap;
return 0;
}
int wc_InitRsaKey(RsaKey* key, void* heap)
{
return wc_InitRsaKey_ex(key, heap, INVALID_DEVID);
}
/* three functions needed for cert and key gen */
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)
+4
View File
@@ -322,6 +322,10 @@
RelativePath=".\wolfcrypt\src\wc_encrypt.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\wolfevent.c"
>
</File>
</Filter>
<Filter
Name="Header Files"
+4
View File
@@ -315,6 +315,10 @@
RelativePath=".\wolfcrypt\src\wc_encrypt.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\wolfevent.c"
>
</File>
</Filter>
<Filter
Name="Header Files"
+1
View File
@@ -317,6 +317,7 @@
<ClCompile Include="wolfcrypt\src\signature.c" />
<ClCompile Include="wolfcrypt\src\wc_encrypt.c" />
<ClCompile Include="wolfcrypt\src\wc_port.c" />
<ClCompile Include="wolfcrypt\src\wolfevent.c" />
</ItemGroup>
<ItemGroup>
<CustomBuild Include="wolfcrypt\src\aes_asm.asm">
+3 -2
View File
@@ -142,7 +142,6 @@ enum wolfSSL_ErrorCodes {
UNKNOWN_ALPN_PROTOCOL_NAME_E = -405, /* Unrecognized protocol name Error*/
BAD_CERTIFICATE_STATUS_ERROR = -406, /* Bad certificate status message */
OCSP_INVALID_STATUS = -407, /* Invalid OCSP Status */
ASYNC_NOT_PENDING = -408, /* Async operation not pending */
RSA_KEY_SIZE_E = -409, /* RSA key too small */
ECC_KEY_SIZE_E = -410, /* ECC key too small */
@@ -150,11 +149,13 @@ enum wolfSSL_ErrorCodes {
DTLS_EXPORT_VER_E = -411, /* export version error */
INPUT_SIZE_E = -412, /* input size too big error */
CTX_INIT_MUTEX_E = -413, /* initialize ctx mutex error */
EXT_MASTER_SECRET_NEEDED_E = -414, /* need EMS enabled to resume */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
/* begin negotiation parameter errors */
UNSUPPORTED_SUITE = -500, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -501 /* can't match cipher suite */
MATCH_SUITE_ERROR = -501, /* can't match cipher suite */
COMPRESSION_ERROR = -502 /* compression mismatch */
/* end negotiation parameter errors only 10 for now */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
+32 -37
View File
@@ -155,7 +155,7 @@
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/async.h>
#include <wolfssl/wolfcrypt/async.h>
#endif
#ifdef _MSC_VER
@@ -878,6 +878,7 @@ enum Misc {
NO_COMPRESSION = 0,
ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
SECRET_LEN = 48, /* pre RSA and all master */
#if defined(WOLFSSL_MYSQL_COMPATIBLE)
ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */
@@ -939,10 +940,10 @@ enum Misc {
REQ_HEADER_SZ = 2, /* cert request header sz */
HINT_LEN_SZ = 2, /* length of hint size field */
TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
HELLO_EXT_SZ = 4, /* base length of a hello extension */
HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */
HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */
HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */
HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
@@ -963,6 +964,7 @@ enum Misc {
MAX_EXPORT_BUFFER = 500, /* max size of buffer for exporting */
FINISHED_LABEL_SZ = 15, /* TLS finished label size */
TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
MAX_PRF_HALF = 256, /* Maximum half secret len */
@@ -1059,8 +1061,6 @@ enum Misc {
HASH_SIG_SIZE = 2, /* default SHA1 RSA */
NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */
NO_COPY = 0, /* should we copy static buffer for write */
COPY = 1 /* should we copy static buffer for write */
};
@@ -1899,24 +1899,6 @@ WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
#endif /* HAVE_QSH */
#ifdef HAVE_WOLF_EVENT
typedef struct {
WOLF_EVENT* head; /* head of queue */
WOLF_EVENT* tail; /* tail of queue */
#ifndef SINGLE_THREADED
wolfSSL_Mutex lock; /* queue lock */
#endif
} WOLF_EVENT_QUEUE;
WOLFSSL_LOCAL int wolfSSL_EventInit(WOLFSSL* ssl, WOLF_EVENT_TYPE type);
WOLFSSL_LOCAL int wolfSSL_CTX_EventPush(WOLFSSL_CTX* ctx, WOLF_EVENT* event);
#endif /* HAVE_WOLF_EVENT */
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_LOCAL int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap);
#endif
/* wolfSSL context type */
struct WOLFSSL_CTX {
WOLFSSL_METHOD* method;
@@ -1956,6 +1938,11 @@ struct WOLFSSL_CTX {
byte quietShutdown; /* don't send close notify */
byte groupMessages; /* group handshake messages before sending */
byte minDowngrade; /* minimum downgrade version */
byte haveEMS; /* have extended master secret extension */
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
byte dtlsSctp; /* DTLS-over-SCTP mode */
word16 dtlsMtuSz; /* DTLS MTU size */
#endif
#ifndef NO_DH
word16 minDhKeySz; /* minimum DH key size */
#endif
@@ -2002,9 +1989,7 @@ struct WOLFSSL_CTX {
#ifdef HAVE_OCSP
WOLFSSL_OCSP ocsp;
#endif
#ifdef HAVE_CAVIUM
int devId; /* cavium device id to use */
#endif
int devId; /* async device id to use */
#ifdef HAVE_TLS_EXTENSIONS
TLSX* extensions; /* RFC 6066 TLS Extensions data */
#ifndef NO_WOLFSSL_SERVER
@@ -2243,6 +2228,7 @@ struct WOLFSSL_SESSION {
byte sessionID[ID_LEN]; /* id for protocol */
byte sessionIDSz;
byte masterSecret[SECRET_LEN]; /* stored secret */
word16 haveEMS; /* ext master secret flag */
#ifdef SESSION_CERTS
WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
ProtocolVersion version; /* which version was used */
@@ -2314,6 +2300,7 @@ enum AcceptState {
enum KeyShareState {
KEYSHARE_BEGIN = 0,
KEYSHARE_BUILD,
KEYSHARE_DO,
KEYSHARE_VERIFY,
KEYSHARE_FINALIZE,
KEYSHARE_END
@@ -2326,6 +2313,7 @@ typedef struct Buffers {
buffer domainName; /* for client check */
buffer clearOutputBuffer;
buffer sig; /* signature data */
buffer digest; /* digest data */
int prevSent; /* previous plain text bytes sent
when got WANT_WRITE */
int plainSz; /* plain text bytes in buffer to send
@@ -2421,7 +2409,11 @@ typedef struct Options {
#endif
#ifdef WOLFSSL_DTLS
word16 dtlsHsRetain:1; /* DTLS retaining HS data */
#ifdef WOLFSSL_SCTP
word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
#endif
#endif
word16 haveEMS:1; /* using extended master secret */
/* need full byte values for this section */
byte processReply; /* nonblocking resume */
@@ -2683,7 +2675,8 @@ struct WOLFSSL {
void* hsDoneCtx; /* user handshake cb context */
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
AsyncCrypt async;
AsyncCryptSSLState async;
AsyncCryptDev asyncDev;
#endif
void* sigKey; /* RsaKey or ecc_key allocated from heap */
word32 sigType; /* Type of sigKey */
@@ -2759,6 +2752,9 @@ struct WOLFSSL {
void* IOCB_CookieCtx; /* gen cookie ctx */
word32 dtls_expected_rx;
wc_dtls_export dtls_export; /* export function for session */
#ifdef WOLFSSL_SCTP
word16 dtlsMtuSz;
#endif /* WOLFSSL_SCTP */
#endif
#ifdef WOLFSSL_CALLBACKS
HandShakeInfo handShakeInfo; /* info saved during handshake */
@@ -2782,9 +2778,7 @@ struct WOLFSSL {
#if defined(FORTRESS) || defined(HAVE_STUNNEL)
void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
#endif
#ifdef HAVE_CAVIUM
int devId; /* cavium device id to use */
#endif
int devId; /* async device id to use */
#ifdef HAVE_ONE_TIME_AUTH
OneTimeAuth auth;
#endif
@@ -2846,9 +2840,6 @@ struct WOLFSSL {
#ifdef HAVE_WOLF_EVENT
WOLF_EVENT event;
#endif /* HAVE_WOLF_EVENT */
#ifdef WOLFSSL_ASYNC_CRYPT_TEST
AsyncCryptTests asyncCryptTest;
#endif /* WOLFSSL_ASYNC_CRYPT_TEST */
};
@@ -3001,7 +2992,7 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
#ifndef NO_CERTS
#ifndef NO_RSA
WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl,
const byte* sig, word32 sigSz,
byte* verifySig, word32 sigSz,
const byte* plain, word32 plainSz,
RsaKey* key);
WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
@@ -3010,6 +3001,8 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
byte** out, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
#endif /* !NO_RSA */
#ifdef HAVE_ECC
@@ -3017,7 +3010,7 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
byte* out, word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz,
void* ctx);
WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
byte* out, word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
const byte* out, word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
void* ctx);
WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
ecc_key* pub_key, byte* out, word32* outSz);
@@ -3040,6 +3033,8 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
#endif
#endif /* !NO_CERTS */
WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
word32* hashLen);
WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
const byte* sender);
WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
@@ -3132,7 +3127,7 @@ WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
#endif
#ifdef HAVE_ECC
WOLFSSL_LOCAL int EccMakeTempKey(WOLFSSL* ssl);
WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
#endif
WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
+1
View File
@@ -117,6 +117,7 @@
#define CLEAR_ACK_FAULT 80
#define BAD_DECRYPT_SIZE 81
#define EXTENDED_MASTER_HASH_STR 82
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
+1
View File
@@ -98,5 +98,6 @@ STRINGTABLE
80, "Clear ACK Fault"
81, "Bad Decrypt Size"
82, "Extended Master Secret Hash Error"
}
+28 -36
View File
@@ -31,6 +31,10 @@
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/version.h>
#ifdef HAVE_WOLF_EVENT
#include <wolfssl/wolfcrypt/wolfevent.h>
#endif
#ifndef NO_FILESYSTEM
#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
#if MQX_USE_IO_OLD
@@ -405,6 +409,11 @@ WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL*);
WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short);
WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short);
WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err);
WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
@@ -1416,9 +1425,9 @@ WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
/* cavium additions */
WOLFSSL_API int wolfSSL_UseCavium(WOLFSSL*, int devId);
WOLFSSL_API int wolfSSL_CTX_UseCavium(WOLFSSL_CTX*, int devId);
/* async additions */
WOLFSSL_API int wolfSSL_UseAsync(WOLFSSL*, int devId);
WOLFSSL_API int wolfSSL_CTX_UseAsync(WOLFSSL_CTX*, int devId);
/* TLS Extensions */
@@ -1695,6 +1704,11 @@ WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name);
#endif
#endif
/* TLS Extended Master Secret Extension */
WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx);
#define WOLFSSL_CRL_MONITOR 0x01 /* monitor this dir flag */
#define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */
@@ -1716,6 +1730,12 @@ int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, unsigned int msLen,
const unsigned char* cr, const unsigned char* sr,
int tls1_2, int hash_type);
WOLFSSL_API
int wolfSSL_MakeTlsExtendedMasterSecret(unsigned char* ms, unsigned int msLen,
const unsigned char* pms, unsigned int pmsLen,
const unsigned char* sHash, unsigned int sHashLen,
int tls1_2, int hash_type);
WOLFSSL_API
int wolfSSL_DeriveTlsKeys(unsigned char* key_data, unsigned int keyLen,
const unsigned char* ms, unsigned int msLen,
@@ -1909,41 +1929,13 @@ WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr);
WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl);
#endif /* WOLFSSL_JNI */
#ifdef HAVE_WOLF_EVENT
typedef enum WOLF_EVENT_TYPE {
WOLF_EVENT_TYPE_NONE,
#ifdef WOLFSSL_ASYNC_CRYPT
WOLF_EVENT_TYPE_ASYNC_ACCEPT,
WOLF_EVENT_TYPE_ASYNC_CONNECT,
WOLF_EVENT_TYPE_ASYNC_READ,
WOLF_EVENT_TYPE_ASYNC_WRITE,
WOLF_EVENT_TYPE_ASYNC_FIRST = WOLF_EVENT_TYPE_ASYNC_ACCEPT,
WOLF_EVENT_TYPE_ASYNC_LAST = WOLF_EVENT_TYPE_ASYNC_WRITE,
#endif
} WOLF_EVENT_TYPE;
typedef struct WOLF_EVENT WOLF_EVENT;
struct WOLF_EVENT {
WOLF_EVENT* next; /* To support event linked list */
WOLFSSL* ssl; /* Reference back to SSL object */
int ret; /* Async return code */
WOLF_EVENT_TYPE type;
unsigned short pending:1;
unsigned short done:1;
/* Future event flags can go here */
};
#ifdef WOLFSSL_ASYNC_CRYPT
WOLFSSL_API int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags);
WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
WOLF_EVENT_FLAG flags, int* eventCount);
#endif /* WOLFSSL_ASYNC_CRYPT */
enum WOLF_POLL_FLAGS {
WOLF_POLL_FLAG_CHECK_HW = 0x01,
WOLF_POLL_FLAG_PEEK = 0x02,
};
WOLFSSL_API int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount);
WOLFSSL_API int wolfSSL_poll(WOLFSSL* ssl, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount);
#endif /* HAVE_WOLF_EVENT */
#ifdef __cplusplus
} /* extern "C" */
+53 -63
View File
@@ -107,10 +107,11 @@
#define SNPRINTF snprintf
#endif /* USE_WINDOWS_API */
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#ifdef HAVE_CAVIUM
#include "cavium_sysdep.h"
#include "cavium_common.h"
#include "cavium_ioctl.h"
#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
#endif
#ifdef _MSC_VER
@@ -354,11 +355,29 @@ void join_thread(THREAD_TYPE);
#endif
static const word16 wolfSSLPort = 11111;
static INLINE void err_sys(const char* msg)
#if defined(__GNUC__)
#define WC_NORETURN __attribute__((noreturn))
#else
#define WC_NORETURN
#endif
static INLINE WC_NORETURN void err_sys(const char* msg)
{
printf("wolfSSL error: %s\n", msg);
#if !defined(__GNUC__)
/* scan-build (which pretends to be gnuc) can get confused and think the
* msg pointer can be null even when hardcoded and then it won't exit,
* making null pointer checks above the err_sys() call useless.
* We could just always exit() but some compilers will complain about no
* possible return, with gcc we know the attribute to handle that with
* WC_NORETURN. */
if (msg)
#endif
{
exit(EXIT_FAILURE);
}
}
@@ -545,11 +564,12 @@ static INLINE void showPeer(WOLFSSL* ssl)
static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
word16 port, int udp)
word16 port, int udp, int sctp)
{
int useLookup = 0;
(void)useLookup;
(void)udp;
(void)sctp;
if (addr == NULL)
err_sys("invalid argument to build_addr, addr is NULL");
@@ -609,8 +629,17 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET_V;
hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP;
if (udp) {
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
} else if (sctp) {
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_SCTP;
}
else {
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
}
SNPRINTF(strPort, sizeof(strPort), "%d", port);
strPort[79] = '\0';
@@ -630,12 +659,14 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
}
static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
static INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
{
if (udp)
*sockfd = socket(AF_INET_V, SOCK_DGRAM, 0);
*sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP);
else if (sctp)
*sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_SCTP);
else
*sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
*sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_TCP);
if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) {
err_sys("socket failed\n");
@@ -658,7 +689,7 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
#endif /* S_NOSIGPIPE */
#if defined(TCP_NODELAY)
if (!udp)
if (!udp && !sctp)
{
int on = 1;
socklen_t len = sizeof(on);
@@ -671,14 +702,14 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
}
static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
int udp, WOLFSSL* ssl)
int udp, int sctp, WOLFSSL* ssl)
{
SOCKADDR_IN_T addr;
build_addr(&addr, ip, port, udp);
if(udp) {
build_addr(&addr, ip, port, udp, sctp);
if (udp) {
wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
}
tcp_socket(sockfd, udp);
tcp_socket(sockfd, udp, sctp);
if (!udp) {
if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
@@ -738,14 +769,14 @@ static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
int udp)
int udp, int sctp)
{
SOCKADDR_IN_T addr;
/* don't use INADDR_ANY by default, firewall may block, make user switch
on */
build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp);
tcp_socket(sockfd, udp);
build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp, sctp);
tcp_socket(sockfd, udp, sctp);
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
&& !defined(WOLFSSL_KEIL_TCP_NET)
@@ -807,8 +838,8 @@ static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
SOCKADDR_IN_T addr;
(void)args;
build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1);
tcp_socket(sockfd, 1);
build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1, 0);
tcp_socket(sockfd, 1, 0);
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \
@@ -860,7 +891,7 @@ static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
func_args* args, word16 port, int useAnyAddr,
int udp, int ready_file, int do_listen)
int udp, int sctp, int ready_file, int do_listen)
{
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
@@ -874,7 +905,7 @@ static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
}
if(do_listen) {
tcp_listen(sockfd, &port, useAnyAddr, udp);
tcp_listen(sockfd, &port, useAnyAddr, udp, sctp);
#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
/* signal ready to tcp_accept */
@@ -1218,29 +1249,6 @@ static INLINE void CaCb(unsigned char* der, int sz, int type)
#endif /* !NO_CERTS */
#ifdef HAVE_CAVIUM
static INLINE int OpenNitroxDevice(int dma_mode,int dev_id)
{
Csp1CoreAssignment core_assign;
Uint32 device;
if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID))
return -1;
if (Csp1GetDevType(&device))
return -1;
if (device != NPX_DEVICE) {
if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
(Uint32 *)&core_assign)!= 0)
return -1;
}
CspShutdown(CAVIUM_DEV_ID);
return CspInitialize(dma_mode, dev_id);
}
#endif /* HAVE_CAVIUM */
/* Wolf Root Directory Helper */
/* KEIL-RL File System does not support relative directory */
@@ -1974,24 +1982,6 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
#ifdef WOLFSSL_ASYNC_CRYPT
static INLINE int AsyncCryptPoll(WOLFSSL* ssl)
{
int ret, eventCount = 0;
WOLF_EVENT events[1];
printf("Connect/Accept got WC_PENDING_E\n");
ret = wolfSSL_poll(ssl, events, sizeof(events)/sizeof(WOLF_EVENT),
WOLF_POLL_FLAG_CHECK_HW, &eventCount);
if (ret == 0 && eventCount > 0) {
ret = 1; /* Success */
}
return ret;
}
#endif
static INLINE word16 GetRandomPort(void)
{
word16 port = 0;
+13 -29
View File
@@ -39,10 +39,6 @@
#endif
#ifndef HAVE_FIPS /* to avoid redefinition of macros */
#ifdef HAVE_CAVIUM
#include <wolfssl/wolfcrypt/logging.h>
#include "cavium_common.h"
#endif
#ifdef WOLFSSL_AESNI
@@ -50,23 +46,8 @@
#include <emmintrin.h>
#include <smmintrin.h>
#if !defined (ALIGN16)
#if defined (__GNUC__)
#define ALIGN16 __attribute__ ( (aligned (16)))
#elif defined(_MSC_VER)
/* disable align warning, we want alignment ! */
#pragma warning(disable: 4324)
#define ALIGN16 __declspec (align (16))
#else
#define ALIGN16
#endif
#endif
#endif /* WOLFSSL_AESNI */
#if !defined (ALIGN16)
#define ALIGN16
#endif
#endif /* HAVE_FIPS */
#ifdef __cplusplus
@@ -74,7 +55,10 @@
#endif
#ifndef HAVE_FIPS /* to avoid redefinition of structures */
#define WOLFSSL_AES_CAVIUM_MAGIC 0xBEEF0002
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
enum {
AES_ENC_TYPE = 1, /* cipher unique type */
@@ -102,12 +86,12 @@ typedef struct Aes {
#ifdef WOLFSSL_AESNI
byte use_aesni;
#endif /* WOLFSSL_AESNI */
#ifdef HAVE_CAVIUM
AesType type; /* aes key type */
int devId; /* nitrox device id */
word32 magic; /* using cavium magic */
word64 contextHandle; /* nitrox context memory handle */
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
AsyncCryptDev asyncDev;
#ifdef HAVE_CAVIUM
AesType type; /* aes key type */
#endif
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef WOLFSSL_AES_COUNTER
word32 left; /* unused bytes left from last call */
#endif
@@ -183,9 +167,9 @@ WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out,
const byte* authIn, word32 authInSz);
#endif /* HAVE_AESCCM */
#ifdef HAVE_CAVIUM
WOLFSSL_API int wc_AesInitCavium(Aes*, int);
WOLFSSL_API void wc_AesFreeCavium(Aes*);
#ifdef WOLFSSL_ASYNC_CRYPT
WOLFSSL_API int wc_AesAsyncInit(Aes*, int);
WOLFSSL_API void wc_AesAsyncFree(Aes*);
#endif
#ifdef __cplusplus
+8 -8
View File
@@ -30,7 +30,9 @@
extern "C" {
#endif
#define WOLFSSL_ARC4_CAVIUM_MAGIC 0xBEEF0001
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
enum {
ARC4_ENC_TYPE = 4, /* cipher unique type */
@@ -42,19 +44,17 @@ typedef struct Arc4 {
byte x;
byte y;
byte state[ARC4_STATE_SIZE];
#ifdef HAVE_CAVIUM
int devId; /* nitrox device id */
word32 magic; /* using cavium magic */
word64 contextHandle; /* nitrox context memory handle */
#ifdef WOLFSSL_ASYNC_CRYPT
AsyncCryptDev asyncDev;
#endif
} Arc4;
WOLFSSL_API void wc_Arc4Process(Arc4*, byte*, const byte*, word32);
WOLFSSL_API void wc_Arc4SetKey(Arc4*, const byte*, word32);
#ifdef HAVE_CAVIUM
WOLFSSL_API int wc_Arc4InitCavium(Arc4*, int);
WOLFSSL_API void wc_Arc4FreeCavium(Arc4*);
#ifdef WOLFSSL_ASYNC_CRYPT
WOLFSSL_API int wc_Arc4AsyncInit(Arc4*, int);
WOLFSSL_API void wc_Arc4AsyncFree(Arc4*);
#endif
#ifdef __cplusplus
+4 -2
View File
@@ -312,8 +312,10 @@ enum ExtKeyUsage_Sum { /* From RFC 5280 */
enum VerifyType {
NO_VERIFY = 0,
VERIFY = 1
NO_VERIFY = 0,
VERIFY = 1,
VERIFY_CRL = 2,
VERIFY_OCSP = 3
};
#ifdef WOLFSSL_CERT_EXT
+9 -8
View File
@@ -37,7 +37,10 @@
#endif
#ifndef HAVE_FIPS /* to avoid redefinition of macros */
#define WOLFSSL_3DES_CAVIUM_MAGIC 0xBEEF0003
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
enum {
DES_ENC_TYPE = 2, /* cipher unique type */
@@ -76,10 +79,8 @@ typedef struct Des3 {
word32 key[3][DES_KS_SIZE];
word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */
#ifdef HAVE_CAVIUM
int devId; /* nitrox device id */
word32 magic; /* using cavium magic */
word64 contextHandle; /* nitrox context memory handle */
#ifdef WOLFSSL_ASYNC_CRYPT
AsyncCryptDev asyncDev;
#endif
} Des3;
#endif /* HAVE_FIPS */
@@ -102,9 +103,9 @@ WOLFSSL_API int wc_Des3_CbcEncrypt(Des3* des, byte* out,
WOLFSSL_API int wc_Des3_CbcDecrypt(Des3* des, byte* out,
const byte* in,word32 sz);
#ifdef HAVE_CAVIUM
WOLFSSL_API int wc_Des3_InitCavium(Des3*, int);
WOLFSSL_API void wc_Des3_FreeCavium(Des3*);
#ifdef WOLFSSL_ASYNC_CRYPT
WOLFSSL_API int wc_Des3AsyncInit(Des3*, int);
WOLFSSL_API void wc_Des3AsyncFree(Des3*);
#endif
#ifdef __cplusplus
+15 -1
View File
@@ -30,6 +30,10 @@
#include <wolfssl/wolfcrypt/integer.h>
#include <wolfssl/wolfcrypt/random.h>
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
@@ -230,6 +234,10 @@ typedef struct {
ecc_point pubkey; /* public key */
mp_int k; /* private key */
void* heap; /* heap hint */
#ifdef WOLFSSL_ASYNC_CRYPT
AsyncCryptDev asyncDev;
#endif
} ecc_key;
@@ -275,7 +283,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
WOLFSSL_API
int wc_ecc_init(ecc_key* key);
WOLFSSL_API
int wc_ecc_init_h(ecc_key* key, void* heap);
int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
WOLFSSL_API
void wc_ecc_free(ecc_key* key);
WOLFSSL_API
@@ -421,6 +429,12 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
#endif /* HAVE_ECC_ENCRYPT */
#ifdef WOLFSSL_ASYNC_CRYPT
WOLFSSL_API int wc_ecc_async_handle(ecc_key* key,
WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event);
WOLFSSL_API int wc_ecc_async_wait(int ret, ecc_key* key);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
+5 -4
View File
@@ -44,6 +44,9 @@ enum {
CRYPTGEN_E = -104, /* windows crypt generation error */
RAN_BLOCK_E = -105, /* reading random device would block */
BAD_MUTEX_E = -106, /* Bad mutex operation */
WC_TIMEOUT_E = -107, /* timeout error */
WC_PENDING_E = -108, /* wolfCrypt operation pending (would block) */
WC_NOT_PENDING_E = -109, /* wolfCrypt operation not pending */
MP_INIT_E = -110, /* mp_init error state */
MP_READ_E = -111, /* mp_read error state */
@@ -61,7 +64,6 @@ enum {
MEMORY_E = -125, /* out of memory error */
VAR_STATE_CHANGE_E = -126, /* var state modified by different thread */
RSA_WRONG_TYPE_E = -130, /* RSA wrong block type for RSA function */
RSA_BUFFER_E = -131, /* RSA buffer error, output too small or
input too large */
@@ -108,7 +110,7 @@ enum {
AES_GCM_AUTH_E = -180, /* AES-GCM Authentication check failure */
AES_CCM_AUTH_E = -181, /* AES-CCM Authentication check failure */
CAVIUM_INIT_E = -182, /* Cavium Init type error */
ASYNC_INIT_E = -182, /* Async Init type error */
COMPRESS_INIT_E = -183, /* Compress init error */
COMPRESS_E = -184, /* Compress error */
@@ -121,7 +123,7 @@ enum {
ASN_CRL_NO_SIGNER_E = -190, /* ASN CRL no signer to confirm failure */
ASN_OCSP_CONFIRM_E = -191, /* ASN OCSP signature confirm failure */
BAD_ENC_STATE_E = -192, /* Bad ecc enc state operation */
BAD_STATE_E = -192, /* Bad state operation */
BAD_PADDING_E = -193, /* Bad padding, msg not correct length */
REQ_ATTRIBUTE_E = -194, /* setting cert request attributes error */
@@ -169,7 +171,6 @@ enum {
BAD_COND_E = -230, /* Bad condition variable operation */
SIG_TYPE_E = -231, /* Signature Type not enabled/available */
HASH_TYPE_E = -232, /* Hash Type not enabled/available */
WC_PENDING_E = -233, /* wolfCrypt operation pending (would block) */
WC_KEY_SIZE_E = -234, /* Key size error, either too small or large */
ASN_COUNTRY_SIZE_E = -235, /* ASN Cert Gen, invalid country code size */
+3 -1
View File
@@ -58,7 +58,7 @@ enum wc_HashType {
#define WC_MAX_DIGEST_SIZE 64 /* default to max size of 64 */
#endif
#ifndef NO_ASN
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type);
#endif
@@ -105,10 +105,12 @@ WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
#ifdef WOLFSSL_SHA512
#include <wolfssl/wolfcrypt/sha512.h>
WOLFSSL_API int wc_Sha512GetHash(Sha512*, byte*);
WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
#define wc_Sha512Free(d)
#if defined(WOLFSSL_SHA384)
WOLFSSL_API int wc_Sha384GetHash(Sha384*, byte*);
WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
#define wc_Sha384Free(d)
#endif /* defined(WOLFSSL_SHA384) */
+22 -22
View File
@@ -53,17 +53,15 @@
#include <cyassl/ctaocrypt/hmac.h>
#endif
#ifdef HAVE_CAVIUM
#include <wolfssl/wolfcrypt/logging.h>
#include "cavium_common.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifndef HAVE_FIPS
#define WOLFSSL_HMAC_CAVIUM_MAGIC 0xBEEF0005
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
enum {
HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */
@@ -144,18 +142,18 @@ typedef struct Hmac {
word32 ipad[HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
word32 opad[HMAC_BLOCK_SIZE / sizeof(word32)];
word32 innerHash[MAX_DIGEST_SIZE / sizeof(word32)];
#ifdef HAVE_CAVIUM
word64 contextHandle; /* nitrox context memory handle */
HashType type; /* hmac key type */
word32 magic; /* using cavium magic */
int devId; /* nitrox device id */
void* heap /* heap hint , currently only used with cavium */
byte* data; /* buffered input data for one call */
word16 keyLen; /* hmac key length */
word16 dataLen;
#endif
byte macType; /* md5 sha or sha256 */
byte innerHashKeyed; /* keyed flag */
void* heap; /* heap hint */
byte macType; /* md5 sha or sha256 */
byte innerHashKeyed; /* keyed flag */
#ifdef WOLFSSL_ASYNC_CRYPT
AsyncCryptDev asyncDev;
#ifdef HAVE_CAVIUM
word16 keyLen; /* hmac key length */
word16 dataLen;
HashType type; /* hmac key type */
byte* data; /* buffered input data for one call */
#endif /* HAVE_CAVIUM */
#endif /* WOLFSSL_ASYNC_CRYPT */
} Hmac;
#endif /* HAVE_FIPS */
@@ -164,12 +162,14 @@ typedef struct Hmac {
WOLFSSL_API int wc_HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
WOLFSSL_API int wc_HmacUpdate(Hmac*, const byte*, word32);
WOLFSSL_API int wc_HmacFinal(Hmac*, byte*);
#ifdef HAVE_CAVIUM
WOLFSSL_API int wc_HmacInitCavium(Hmac*, int);
WOLFSSL_API void wc_HmacFreeCavium(Hmac*);
WOLFSSL_API int wc_HmacSizeByType(int type);
#ifdef WOLFSSL_ASYNC_CRYPT
WOLFSSL_API int wc_HmacAsyncInit(Hmac*, int);
WOLFSSL_API void wc_HmacAsyncFree(Hmac*);
#endif
WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
+6 -1
View File
@@ -56,10 +56,15 @@ nobase_include_HEADERS+= \
wolfssl/wolfcrypt/memory.h \
wolfssl/wolfcrypt/mpi_class.h \
wolfssl/wolfcrypt/mpi_superclass.h \
wolfssl/wolfcrypt/mem_track.h
wolfssl/wolfcrypt/mem_track.h \
wolfssl/wolfcrypt/wolfevent.h
noinst_HEADERS+= \
wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \
wolfssl/wolfcrypt/port/ti/ti-hash.h \
wolfssl/wolfcrypt/port/ti/ti-ccm.h \
wolfssl/wolfcrypt/port/nrf51.h
if BUILD_CAVIUM
noinst_HEADERS+= wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h
endif
+4
View File
@@ -96,6 +96,7 @@ extern "C" {
#elif defined(MP_16BIT) || defined(NO_64BIT)
typedef unsigned short mp_digit;
typedef unsigned int mp_word;
#define DIGIT_BIT 12
#elif defined(MP_64BIT)
/* for GCC only on supported platforms */
typedef unsigned long long mp_digit; /* 64 bit type, 128 uses mode(TI) */
@@ -181,6 +182,9 @@ typedef int mp_err;
typedef struct {
int used, alloc, sign;
mp_digit *dp;
#ifdef WOLFSSL_ASYNC_CRYPT
byte* dpraw; /* Used for hardware crypto */
#endif
} mp_int;
/* callback for mp_prime_random, should fill dst with random bytes and return
+38 -29
View File
@@ -33,36 +33,42 @@
extern "C" {
#endif
#ifdef WOLFSSL_DEBUG_MEMORY
typedef void *(*wolfSSL_Malloc_cb)(size_t size, const char* func, unsigned int line);
typedef void (*wolfSSL_Free_cb)(void *ptr, const char* func, unsigned int line);
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, const char* func, unsigned int line);
/* Public in case user app wants to use XMALLOC/XFREE */
WOLFSSL_API void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line);
WOLFSSL_API void wolfSSL_Free(void *ptr, const char* func, unsigned int line);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, const char* func, unsigned int line);
#else
#if defined(WOLFSSL_STATIC_MEMORY)
typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type);
typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type);
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size,
void* heap, int type);
WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type);
WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size,
void* heap, int type);
#ifdef WOLFSSL_STATIC_MEMORY
#ifdef WOLFSSL_DEBUG_MEMORY
typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type, const char* func, unsigned int line);
typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type, const char* func, unsigned int line);
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line);
WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type, const char* func, unsigned int line);
WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type, const char* func, unsigned int line);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line);
#else
typedef void *(*wolfSSL_Malloc_cb)(size_t size);
typedef void (*wolfSSL_Free_cb)(void *ptr);
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size);
/* Public in case user app wants to use XMALLOC/XFREE */
WOLFSSL_API void* wolfSSL_Malloc(size_t size);
WOLFSSL_API void wolfSSL_Free(void *ptr);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size);
#endif
#endif
typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type);
typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type);
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, void* heap, int type);
WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type);
WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type);
#endif /* WOLFSSL_DEBUG_MEMORY */
#else
#ifdef WOLFSSL_DEBUG_MEMORY
typedef void *(*wolfSSL_Malloc_cb)(size_t size, const char* func, unsigned int line);
typedef void (*wolfSSL_Free_cb)(void *ptr, const char* func, unsigned int line);
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, const char* func, unsigned int line);
/* Public in case user app wants to use XMALLOC/XFREE */
WOLFSSL_API void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line);
WOLFSSL_API void wolfSSL_Free(void *ptr, const char* func, unsigned int line);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, const char* func, unsigned int line);
#else
typedef void *(*wolfSSL_Malloc_cb)(size_t size);
typedef void (*wolfSSL_Free_cb)(void *ptr);
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size);
/* Public in case user app wants to use XMALLOC/XFREE */
WOLFSSL_API void* wolfSSL_Malloc(size_t size);
WOLFSSL_API void wolfSSL_Free(void *ptr);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size);
#endif /* WOLFSSL_DEBUG_MEMORY */
#endif /* WOLFSSL_STATIC_MEMORY */
/* Public set function */
WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function,
@@ -156,7 +162,10 @@ WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function,
byte haFlag; /* flag used for checking handshake count */
} WOLFSSL_HEAP_HINT;
WOLFSSL_API int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
unsigned char* buf, unsigned int sz, int flag, int max);
WOLFSSL_LOCAL int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap);
WOLFSSL_LOCAL int wolfSSL_load_static_memory(byte* buffer, word32 sz,
int flag, WOLFSSL_HEAP* heap);
WOLFSSL_LOCAL int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap,
@@ -0,0 +1,165 @@
/* cavium-nitrox.h
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef _CAVIUM_NITROX_H_
#define _CAVIUM_NITROX_H_
#ifdef HAVE_CAVIUM
#include <wolfssl/wolfcrypt/logging.h>
#ifndef HAVE_CAVIUM_V
#include "cavium_sysdep.h"
#endif
#include "cavium_common.h"
#ifndef HAVE_CAVIUM_V
#include "cavium_ioctl.h"
#else
#include "cavium_sym_crypto.h"
#include "cavium_asym_crypto.h"
#endif
#include <errno.h>
#define CAVIUM_SSL_GRP 0
#define CAVIUM_DPORT 256
/* Compatibility with older Cavium SDK's */
#ifndef HAVE_CAVIUM_V
typedef int CspHandle;
typedef word32 CavReqId;
#define AES_128 AES_128_BIT
#define AES_192 AES_192_BIT
#define AES_256 AES_256_BIT
#else
#define CAVIUM_DEV_ID 0
#define CAVIUM_BLOCKING BLOCKING
#define CAVIUM_NON_BLOCKING NON_BLOCKING
#define CAVIUM_DIRECT DMA_DIRECT_DIRECT
typedef Uint64 CavReqId;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#define CAVIUM_REQ_MODE CAVIUM_NON_BLOCKING
#else
#define CAVIUM_REQ_MODE CAVIUM_BLOCKING
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#define CAVIUM_MAX_PENDING 90
#define CAVIUM_MAX_POLL MAX_TO_POLL
#endif
typedef struct CaviumNitroxDev {
CspHandle devId; /* nitrox device id */
ContextType type; /* Typically CONTEXT_SSL, but also ECC types */
Uint64 contextHandle; /* nitrox context memory handle */
CavReqId reqId; /* Current requestId */
} CaviumNitroxDev;
struct WOLF_EVENT;
/* Wrapper API's */
WOLFSSL_LOCAL int NitroxTranslateResponseCode(int ret);
WOLFSSL_LOCAL CspHandle NitroxGetDeviceHandle(void);
WOLFSSL_LOCAL CspHandle NitroxOpenDevice(int dma_mode, int dev_id);
WOLFSSL_LOCAL int NitroxAllocContext(CaviumNitroxDev* nitrox, CspHandle devId,
ContextType type);
WOLFSSL_LOCAL void NitroxFreeContext(CaviumNitroxDev* nitrox);
WOLFSSL_LOCAL void NitroxCloseDevice(CspHandle devId);
#if defined(WOLFSSL_ASYNC_CRYPT)
WOLFSSL_LOCAL int NitroxCheckRequest(CspHandle devId, CavReqId reqId);
WOLFSSL_LOCAL int NitroxCheckRequests(CspHandle devId,
CspMultiRequestStatusBuffer* req_stat_buf);
#endif /* WOLFSSL_ASYNC_CRYPT */
/* Crypto wrappers */
#ifndef NO_RSA
struct RsaKey;
WOLFSSL_LOCAL int NitroxRsaExptMod(
const byte* in, word32 inLen,
byte* exponent, word32 expLen,
byte* modulus, word32 modLen,
byte* out, word32* outLen, struct RsaKey* key);
WOLFSSL_LOCAL int NitroxRsaPublicEncrypt(const byte* in, word32 inLen,
byte* out, word32 outLen, struct RsaKey* key);
WOLFSSL_LOCAL int NitroxRsaPrivateDecrypt(const byte* in, word32 inLen,
byte* out, word32 outLen, struct RsaKey* key);
WOLFSSL_LOCAL int NitroxRsaSSL_Sign(const byte* in, word32 inLen,
byte* out, word32 outLen, struct RsaKey* key);
WOLFSSL_LOCAL int NitroxRsaSSL_Verify(const byte* in, word32 inLen,
byte* out, word32 outLen, struct RsaKey* key);
#endif /* !NO_RSA */
#ifndef NO_AES
struct Aes;
WOLFSSL_LOCAL int NitroxAesSetKey(struct Aes* aes, const byte* key,
word32 length, const byte* iv);
#ifdef HAVE_AES_CBC
WOLFSSL_LOCAL int NitroxAesCbcEncrypt(struct Aes* aes, byte* out,
const byte* in, word32 length);
#ifdef HAVE_AES_DECRYPT
WOLFSSL_LOCAL int NitroxAesCbcDecrypt(struct Aes* aes, byte* out,
const byte* in, word32 length);
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES */
#ifndef NO_RC4
struct Arc4;
WOLFSSL_LOCAL void NitroxArc4SetKey(struct Arc4* arc4, const byte* key,
word32 length);
WOLFSSL_LOCAL void NitroxArc4Process(struct Arc4* arc4, byte* out,
const byte* in, word32 length);
#endif /* !NO_RC4 */
#ifndef NO_DES3
struct Des3;
WOLFSSL_LOCAL int NitroxDes3SetKey(struct Des3* des3, const byte* key,
const byte* iv);
WOLFSSL_LOCAL int NitroxDes3CbcEncrypt(struct Des3* des3, byte* out,
const byte* in, word32 length);
WOLFSSL_LOCAL int NitroxDes3CbcDecrypt(struct Des3* des3, byte* out,
const byte* in, word32 length);
#endif /* !NO_DES3 */
#ifndef NO_HMAC
struct Hmac;
WOLFSSL_LOCAL int NitroxHmacFinal(struct Hmac* hmac, byte* hash);
WOLFSSL_LOCAL int NitroxHmacUpdate(struct Hmac* hmac, const byte* msg,
word32 length);
WOLFSSL_LOCAL int NitroxHmacSetKey(struct Hmac* hmac, int type,
const byte* key, word32 length);
#endif /* NO_HMAC */
#if !defined(HAVE_HASHDRBG) && !defined(NO_RC4)
WOLFSSL_API void NitroxRngGenerateBlock(WC_RNG* rng, byte* output, word32 sz);
#endif
#endif /* HAVE_CAVIUM */
#endif /* _CAVIUM_NITROX_H_ */
+25 -14
View File
@@ -39,18 +39,35 @@
#define RNG_MAX_BLOCK_LEN (0x10000)
#ifndef HAVE_FIPS /* avoid redefining structs and macros */
#if defined(WOLFSSL_FORCE_RC4_DRBG) && defined(NO_RC4)
#error Cannot have WOLFSSL_FORCE_RC4_DRBG and NO_RC4 defined.
#endif /* WOLFSSL_FORCE_RC4_DRBG && NO_RC4 */
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
/* RNG supports the following sources (in order):
* 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and
* bypasses the P-RNG.
* 2. HAVE_HASHDRBG && !NO_SHA256 (SHA256 enabled): Uses SHA256 based P-RNG
* seeded via wc_GenerateSeed. This is the default source.
* 3. !NO_RC4 (RC4 enabled): Uses RC4
*/
#if defined(CUSTOM_RAND_GENERATE_BLOCK)
/* To use define the following:
* #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
* extern int myRngFunc(byte* output, word32 sz);
*/
#elif (defined(HAVE_HASHDRBG) || defined(NO_RC4))
#ifdef NO_SHA256
#error "Hash DRBG requires SHA-256."
#endif /* NO_SHA256 */
#include <wolfssl/wolfcrypt/sha256.h>
#else /* HAVE_HASHDRBG || NO_RC4 */
#else
#include <wolfssl/wolfcrypt/arc4.h>
#endif /* HAVE_HASHDRBG || NO_RC4 */
#endif
#ifdef HAVE_WNR
#include <wnr.h>
@@ -101,7 +118,9 @@ struct WC_RNG {
#else /* (HAVE_HASHDRBG || NO_RC4) && !CUSTOM_RAND_GENERATE_BLOCK */
#define WOLFSSL_RNG_CAVIUM_MAGIC 0xBEEF0004
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
/* secure Random Number Generator */
@@ -111,9 +130,8 @@ struct WC_RNG {
#ifndef NO_RC4
Arc4 cipher;
#endif
#ifdef HAVE_CAVIUM
int devId; /* nitrox device id */
word32 magic; /* using cavium magic */
#ifdef WOLFSSL_ASYNC_CRYPT
AsyncCryptDev asyncDev;
#endif
};
@@ -131,13 +149,6 @@ struct WC_RNG {
WOLFSSL_LOCAL
int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
#ifdef HAVE_CAVIUM
WOLFSSL_API int wc_InitRngCavium(WC_RNG*, int);
#endif
#endif /* HAVE_HASH_DRBG || NO_RC4 */
#ifdef HAVE_WNR
/* Whitewood netRandom client library */
+36 -20
View File
@@ -52,42 +52,55 @@
/* avoid redefinition of structs */
#if !defined(HAVE_FIPS)
#define WOLFSSL_RSA_CAVIUM_MAGIC 0xBEEF0006
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
enum {
RSA_PUBLIC = 0,
RSA_PRIVATE = 1,
};
RSA_TYPE_UNKNOWN = -1,
RSA_PUBLIC_ENCRYPT = 0,
RSA_PUBLIC_DECRYPT = 1,
RSA_PRIVATE_ENCRYPT = 2,
RSA_PRIVATE_DECRYPT = 3,
RSA_BLOCK_TYPE_1 = 1,
RSA_BLOCK_TYPE_2 = 2,
RSA_MIN_SIZE = 512,
RSA_MAX_SIZE = 4096,
RSA_MIN_PAD_SZ = 11 /* separator + 0 + pad value + 8 pads */
};
/* RSA */
typedef struct RsaKey {
mp_int n, e, d, p, q, dP, dQ, u;
int type; /* public or private */
void* heap; /* for user memory overrides */
int state;
byte* tmp; /* temp buffer for async RSA */
word32 tmpLen;
byte tmpIsAlloc;
#ifdef WC_RSA_BLINDING
WC_RNG* rng; /* for PrivateDecrypt blinding */
#endif
#ifdef HAVE_CAVIUM
int devId; /* nitrox device id */
word32 magic; /* using cavium magic */
word64 contextHandle; /* nitrox context memory handle */
byte* c_n; /* cavium byte buffers for key parts */
byte* c_e;
byte* c_d;
byte* c_p;
byte* c_q;
byte* c_dP;
byte* c_dQ;
byte* c_u; /* sizes in bytes */
word16 c_nSz, c_eSz, c_dSz, c_pSz, c_qSz, c_dP_Sz, c_dQ_Sz, c_uSz;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
AsyncCryptDev asyncDev;
#endif /* WOLFSSL_ASYNC_CRYPT */
} RsaKey;
#endif /*HAVE_FIPS */
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void*);
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap);
WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
WOLFSSL_LOCAL int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng);
WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng);
WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
@@ -120,6 +133,7 @@ WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
*/
/* Mask Generation Function Identifiers */
#define WC_MGF1NONE 0
#define WC_MGF1SHA1 26
#define WC_MGF1SHA256 1
#define WC_MGF1SHA384 2
@@ -147,11 +161,13 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
#endif
#ifdef HAVE_CAVIUM
WOLFSSL_API int wc_RsaInitCavium(RsaKey*, int);
WOLFSSL_API void wc_RsaFreeCavium(RsaKey*);
#ifdef WOLFSSL_ASYNC_CRYPT
WOLFSSL_API int wc_RsaAsyncHandle(RsaKey* key, WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event);
WOLFSSL_API int wc_RsaAsyncWait(int ret, RsaKey* key);
#endif
#endif /* HAVE_USER_RSA */
#ifdef __cplusplus
} /* extern "C" */
#endif
+11 -3
View File
@@ -134,7 +134,9 @@
/* #define WOLFSSL_STATIC_RSA */
/* Uncomment next line if building for ARDUINO */
/* Uncomment both lines if building for ARDUINO on INTEL_GALILEO */
/* #define WOLFSSL_ARDUINO */
/* #define INTEL_GALILEO */
/* Uncomment next line to enable asynchronous crypto WC_PENDING_E */
/* #define WOLFSSL_ASYNC_CRYPT */
@@ -1235,9 +1237,10 @@ static char *fgets(char *buff, int sz, FILE *fp)
/* Make sure wolf events are enabled */
#undef HAVE_WOLF_EVENT
#define HAVE_WOLF_EVENT
#else
#ifdef WOLFSSL_ASYNC_CRYPT_TEST
#error Must have WOLFSSL_ASYNC_CRYPT enabled with WOLFSSL_ASYNC_CRYPT_TEST
#if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \
!defined(WOLFSSL_ASYNC_CRYPT_TEST)
#error No async hardware defined with WOLFSSL_ASYNC_CRYPT!
#endif
#endif /* WOLFSSL_ASYNC_CRYPT */
@@ -1250,6 +1253,9 @@ static char *fgets(char *buff, int sz, FILE *fp)
/* restriction with static memory */
#ifdef WOLFSSL_STATIC_MEMORY
#if defined(HAVE_IO_POOL) || defined(XMALLOC_USER) || defined(NO_WOLFSSL_MEMORY)
#error static memory cannot be used with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY
#endif
#ifndef USE_FAST_MATH
#error static memory requires fast math please define USE_FAST_MATH
#endif
@@ -1257,6 +1263,8 @@ static char *fgets(char *buff, int sz, FILE *fp)
#error static memory does not support small stack please undefine
#endif
#endif /* WOLFSSL_STATIC_MEMORY */
/* Place any other flags or defines here */
#if defined(WOLFSSL_MYSQL_COMPATIBLE) && defined(_WIN32) \
+2 -2
View File
@@ -59,8 +59,8 @@ typedef struct Sha256 {
word32 buffLen; /* in bytes */
word32 loLen; /* length in bytes */
word32 hiLen; /* length in bytes */
word32 digest[SHA256_DIGEST_SIZE / sizeof(word32)];
word32 buffer[SHA256_BLOCK_SIZE / sizeof(word32)];
ALIGN16 word32 digest[SHA256_DIGEST_SIZE / sizeof(word32)];
ALIGN16 word32 buffer[SHA256_BLOCK_SIZE / sizeof(word32)];
#ifdef WOLFSSL_PIC32MZ_HASH
pic32mz_desc desc ; /* Crypt Engine descriptor */
#endif
+3
View File
@@ -289,6 +289,9 @@ typedef struct {
int size;
#endif
fp_digit dp[FP_SIZE];
#ifdef WOLFSSL_ASYNC_CRYPT
byte *dpraw; /* Used for hardware crypto */
#endif
} fp_int;
/* externally define this symbol to ignore the default settings, useful for changing the build from the make process */
+52 -22
View File
@@ -91,6 +91,7 @@
defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \
defined(__aarch64__)
typedef word64 wolfssl_word;
#define WC_64BIT_CPU
#else
typedef word32 wolfssl_word;
#ifdef WORD64_AVAILABLE
@@ -171,24 +172,22 @@
/* default to libc stuff */
/* XREALLOC is used once in normal math lib, not in fast math lib */
/* XFREE on some embeded systems doesn't like free(0) so test */
#if defined(XMALLOC_USER)
#if defined(HAVE_IO_POOL)
WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type);
WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type);
WOLFSSL_API void XFREE(void *p, void* heap, int type);
#elif defined(XMALLOC_USER)
/* prototypes for user heap override functions */
#include <stddef.h> /* for size_t */
extern void *XMALLOC(size_t n, void* heap, int type);
extern void *XREALLOC(void *p, size_t n, void* heap, int type);
extern void XFREE(void *p, void* heap, int type);
#ifdef WOLFSSL_STATIC_MEMORY /* don't use wolfSSL static memory either*/
#undef WOLFSSL_STATIC_MEMORY
#endif
#elif defined(NO_WOLFSSL_MEMORY)
/* just use plain C stdlib stuff if desired */
#include <stdlib.h>
#define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));}
#define XREALLOC(p, n, h, t) realloc((p), (n))
#ifdef WOLFSSL_STATIC_MEMORY /* don't use wolfSSL static memory either*/
#undef WOLFSSL_STATIC_MEMORY
#endif
#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
&& !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
&& !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \
@@ -196,19 +195,27 @@
&& !defined(WOLFSSL_uITRON4) && !defined(WOLFSSL_uTKERNEL2)
/* default C runtime, can install different routines at runtime via cbs */
#include <wolfssl/wolfcrypt/memory.h>
#if defined(WOLFSSL_DEBUG_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__)
#elif defined(WOLFSSL_STATIC_MEMORY)
#define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
#else
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
#endif
#ifdef WOLFSSL_STATIC_MEMORY
#ifdef WOLFSSL_DEBUG_MEMORY
#define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__)
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__)
#else
#define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
#endif /* WOLFSSL_DEBUG_MEMORY */
#else
#ifdef WOLFSSL_DEBUG_MEMORY
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__)
#else
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
#endif /* WOLFSSL_DEBUG_MEMORY */
#endif /* WOLFSSL_STATIC_MEMORY */
#endif
@@ -312,8 +319,8 @@
DYNAMIC_TYPE_ECC = 37,
DYNAMIC_TYPE_TMP_BUFFER = 38,
DYNAMIC_TYPE_DTLS_MSG = 39,
DYNAMIC_TYPE_CAVIUM_TMP = 40,
DYNAMIC_TYPE_CAVIUM_RSA = 41,
DYNAMIC_TYPE_ASYNC_TMP = 40,
DYNAMIC_TYPE_ASYNC_RSA = 41,
DYNAMIC_TYPE_X509 = 42,
DYNAMIC_TYPE_TLSX = 43,
DYNAMIC_TYPE_OCSP = 44,
@@ -376,6 +383,29 @@
return 1 if a match otherwise 0 */
#define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings())
/* invalid device id */
#define INVALID_DEVID -2
/* AESNI requires alignment and ARMASM gains some performance from it */
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM)
#if !defined (ALIGN16)
#if defined (__GNUC__)
#define ALIGN16 __attribute__ ( (aligned (16)))
#elif defined(_MSC_VER)
/* disable align warning, we want alignment ! */
#pragma warning(disable: 4324)
#define ALIGN16 __declspec (align (16))
#else
#define ALIGN16
#endif
#endif
#else
#ifndef ALIGN16
#define ALIGN16
#endif
#endif /* WOLFSSL_AESNI or WOLFSSL_ARMASM */
#ifdef __cplusplus
} /* extern "C" */
+103
View File
@@ -0,0 +1,103 @@
/* wolfevent.h
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _WOLF_EVENT_H_
#define _WOLF_EVENT_H_
#ifdef __cplusplus
extern "C" {
#endif
#ifndef SINGLE_THREADED
#include <wolfssl/wolfcrypt/wc_port.h>
#endif
typedef struct WOLFSSL WOLFSSL;
typedef struct WOLF_EVENT WOLF_EVENT;
typedef struct WOLFSSL_CTX WOLFSSL_CTX;
typedef unsigned short WOLF_EVENT_FLAG;
typedef enum WOLF_EVENT_TYPE {
WOLF_EVENT_TYPE_NONE,
#ifdef WOLFSSL_ASYNC_CRYPT
WOLF_EVENT_TYPE_ASYNC_ANY,
WOLF_EVENT_TYPE_ASYNC_WOLFSSL,
WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT,
WOLF_EVENT_TYPE_ASYNC_FIRST = WOLF_EVENT_TYPE_ASYNC_WOLFSSL,
WOLF_EVENT_TYPE_ASYNC_LAST = WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT,
#endif
} WOLF_EVENT_TYPE;
struct WOLF_EVENT {
/* double linked list */
WOLF_EVENT* next;
WOLF_EVENT* prev;
void* context;
#ifdef HAVE_CAVIUM
word64 reqId;
#endif
int ret; /* Async return code */
WOLF_EVENT_TYPE type;
WOLF_EVENT_FLAG pending:1;
WOLF_EVENT_FLAG done:1;
/* Future event flags can go here */
};
enum WOLF_POLL_FLAGS {
WOLF_POLL_FLAG_CHECK_HW = 0x01,
};
typedef struct {
WOLF_EVENT* head; /* head of queue */
WOLF_EVENT* tail; /* tail of queue */
#ifndef SINGLE_THREADED
wolfSSL_Mutex lock; /* queue lock */
#endif
int count;
} WOLF_EVENT_QUEUE;
#ifdef HAVE_WOLF_EVENT
/* Event */
WOLFSSL_API int wolfEvent_Init(WOLF_EVENT* event, WOLF_EVENT_TYPE type, void* context);
WOLFSSL_API int wolfEvent_Poll(WOLF_EVENT* event, WOLF_EVENT_FLAG flags);
/* Event Queue */
WOLFSSL_API int wolfEventQueue_Init(WOLF_EVENT_QUEUE* queue);
WOLFSSL_API int wolfEventQueue_Push(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event);
WOLFSSL_API int wolfEventQueue_Pop(WOLF_EVENT_QUEUE* queue, WOLF_EVENT** event);
WOLFSSL_API int wolfEventQueue_Remove(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event);
WOLFSSL_API int wolfEventQueue_Poll(WOLF_EVENT_QUEUE* queue, void* context_filter,
WOLF_EVENT** events, int maxEvents, WOLF_EVENT_FLAG flags, int* eventCount);
WOLFSSL_API int wolfEventQueue_Count(WOLF_EVENT_QUEUE* queue);
WOLFSSL_API void wolfEventQueue_Free(WOLF_EVENT_QUEUE* queue);
#endif /* HAVE_WOLF_EVENT */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* _WOLF_EVENT_H_ */