mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-11 08:20:51 +02:00
Merge branch 'master' into frosted-fix
This commit is contained in:
@@ -41,6 +41,8 @@ fips_test.c
|
||||
fips
|
||||
src/async.c
|
||||
wolfssl/async.h
|
||||
wolfcrypt/src/async.c
|
||||
wolfssl/wolfcrypt/async.h
|
||||
ctaocrypt/benchmark/benchmark
|
||||
ctaocrypt/test/testctaocrypt
|
||||
wolfcrypt/benchmark/benchmark
|
||||
@@ -49,6 +51,10 @@ examples/client/client
|
||||
examples/echoclient/echoclient
|
||||
examples/echoserver/echoserver
|
||||
examples/server/server
|
||||
examples/sctp/sctp-server
|
||||
examples/sctp/sctp-server-dtls
|
||||
examples/sctp/sctp-client
|
||||
examples/sctp/sctp-client-dtls
|
||||
server_ready
|
||||
snifftest
|
||||
output
|
||||
|
||||
@@ -7,10 +7,16 @@ files to be in the library's root directory with a header file in the name of
|
||||
the library. This script moves all src/ files to the root wolfssl directory and
|
||||
creates a stub header file called wolfssl.h.
|
||||
|
||||
To configure wolfSSL with Arduino, enter the following from within the
|
||||
Step 1: To configure wolfSSL with Arduino, enter the following from within the
|
||||
wolfssl/IDE/ARDUINO directory:
|
||||
|
||||
./wolfssl-arduino.sh
|
||||
./wolfssl-arduino.sh
|
||||
|
||||
|
||||
Step 2: Edit <wolfssl-root>/wolfssl/wolfcrypt/settings.h uncomment the define for
|
||||
WOLFSSL_ARDUINO
|
||||
|
||||
also uncomment the define for INTEL_GALILEO if building for that platform
|
||||
|
||||
#####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
|
||||
1. Copy the wolfSSL directory into Arduino/libraries (or wherever Arduino searches for libraries).
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
DIR=${PWD##*/}
|
||||
|
||||
if [ "$DIR" == "ARDUINO" ]; then
|
||||
if [ "$DIR" = "ARDUINO" ]; then
|
||||
cp ../../src/*.c ../../
|
||||
cp ../../wolfcrypt/src/*.c ../../
|
||||
echo "/* stub header file for Arduino compatibility */" >> ../../wolfssl.h
|
||||
|
||||
@@ -28,6 +28,7 @@
|
||||
#define WOLFSSL_RIPEMD
|
||||
#define WOLFSSL_SHA512
|
||||
#define NO_PSK
|
||||
#define HAVE_EXTENDED_MASTER
|
||||
#define WOLFSSL_SNIFFER
|
||||
#else
|
||||
/* The servers and clients */
|
||||
|
||||
@@ -300,6 +300,7 @@
|
||||
<ClCompile Include="..\..\src\ssl.c" />
|
||||
<ClCompile Include="..\..\src\tls.c" />
|
||||
<ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
|
||||
<ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
|
||||
|
||||
+2
-2
@@ -20,8 +20,8 @@ if test -d .git; then
|
||||
touch ./ctaocrypt/src/fips_test.c
|
||||
|
||||
# touch async crypt files
|
||||
touch ./src/async.c
|
||||
touch ./wolfssl/async.h
|
||||
touch ./wolfcrypt/src/async.c
|
||||
touch ./wolfssl/wolfcrypt/async.h
|
||||
else
|
||||
WARNINGS="all"
|
||||
fi
|
||||
|
||||
+193
-17
@@ -125,6 +125,71 @@ AS_IF([test "$ax_enable_debug" = "yes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
|
||||
|
||||
|
||||
# Distro build feature subset (Debian, Ubuntu, etc.)
|
||||
AC_ARG_ENABLE([distro],
|
||||
[ --enable-distro Enable wolfSSL distro build (default: disabled)],
|
||||
[ ENABLED_DISTRO=$enableval ],
|
||||
[ ENABLED_DISTRO=no ]
|
||||
)
|
||||
if test "$ENABLED_DISTRO" = "yes"
|
||||
then
|
||||
enable_shared=yes
|
||||
enable_static=yes
|
||||
enable_dtls=yes
|
||||
enable_openssh=yes
|
||||
enable_opensslextra=yes
|
||||
enable_savesession=yes
|
||||
enable_savecert=yes
|
||||
enable_atomicuser=yes
|
||||
enable_pkcallbacks=yes
|
||||
enable_aesgcm=yes
|
||||
enable_aesccm=yes
|
||||
enable_camellia=yes
|
||||
enable_ripemd=yes
|
||||
enable_sha512=yes
|
||||
enable_sessioncerts=yes
|
||||
enable_keygen=yes
|
||||
enable_certgen=yes
|
||||
enable_certreq=yes
|
||||
enable_certext=yes
|
||||
enable_sep=yes
|
||||
enable_hkdf=yes
|
||||
enable_dsa=yes
|
||||
enable_ecccustcurves=yes
|
||||
enable_compkey=yes
|
||||
enable_curve25519=yes
|
||||
enable_ed25519=yes
|
||||
enable_fpecc=yes
|
||||
enable_eccencrypt=yes
|
||||
enable_psk=yes
|
||||
enable_idea=yes
|
||||
enable_cmac=yes
|
||||
enable_webserver=yes
|
||||
enable_hc128=yes
|
||||
enable_rabbit=yes
|
||||
enable_ocsp=yes
|
||||
enable_ocspstapling=yes
|
||||
enable_ocspstapling2=yes
|
||||
enable_crl=yes
|
||||
enable_crl_monitor=yes
|
||||
enable_sni=yes
|
||||
enable_maxfragment=yes
|
||||
enable_alpn=yes
|
||||
enable_truncatedhmac=yes
|
||||
enable_supportedcurves=yes
|
||||
enable_session_ticket=yes
|
||||
enable_tlsx=yes
|
||||
enable_pkcs7=yes
|
||||
enable_scep=yes
|
||||
enable_srp=yes
|
||||
enable_certservice=yes
|
||||
enable_jni=yes
|
||||
enable_lighty=yes
|
||||
enable_stunnel=yes
|
||||
enable_pwdbased=yes
|
||||
fi
|
||||
|
||||
|
||||
# SINGLE THREADED
|
||||
AC_ARG_ENABLE([singlethreaded],
|
||||
[ --enable-singlethreaded Enable wolfSSL single threaded (default: disabled)],
|
||||
@@ -156,6 +221,29 @@ then
|
||||
fi
|
||||
|
||||
|
||||
# DTLS-SCTP
|
||||
AC_ARG_ENABLE([sctp],
|
||||
[AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])],
|
||||
[ENABLED_SCTP=$enableval],
|
||||
[ENABLED_SCTP=no])
|
||||
|
||||
AM_CONDITIONAL([BUILD_SCTP], [test "x$ENABLED_SCTP" = "xyes"])
|
||||
|
||||
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
|
||||
[AC_MSG_CHECKING([for SCTP])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM(
|
||||
[[
|
||||
#include <sys/socket.h>
|
||||
#include <arpa/inet.h>
|
||||
]],
|
||||
[[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])],
|
||||
[AC_MSG_RESULT(yes)],
|
||||
[AC_MSG_RESULT(no)
|
||||
AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])])
|
||||
])
|
||||
|
||||
|
||||
# OpenSSH compatibility Build
|
||||
AC_ARG_ENABLE([openssh],
|
||||
[AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
|
||||
@@ -454,6 +542,24 @@ fi
|
||||
AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"])
|
||||
|
||||
|
||||
# AES-ARM
|
||||
AC_ARG_ENABLE([armasm],
|
||||
[AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARM ASM support (default: disabled)])],
|
||||
[ ENABLED_ARMASM=$enableval ],
|
||||
[ ENABLED_ARMASM=no ]
|
||||
)
|
||||
if test "$ENABLED_ARMASM" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM"
|
||||
if test "$GCC" = "yes"
|
||||
then
|
||||
# GCC needs this flag
|
||||
AM_CFLAGS="$AM_CFLAGS -mcpu=generic+crypto"
|
||||
fi
|
||||
fi
|
||||
|
||||
AM_CONDITIONAL([BUILD_ARMASM], [test "x$ENABLED_ARMASM" = "xyes"])
|
||||
|
||||
# AES-NI
|
||||
AC_ARG_ENABLE([aesni],
|
||||
[AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
|
||||
@@ -1869,6 +1975,18 @@ then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
|
||||
fi
|
||||
|
||||
# Extended Master Secret Extension
|
||||
AC_ARG_ENABLE([extended-master],
|
||||
[AS_HELP_STRING([--enable-extended-master],[Enable Extended Master Secret (default: enabled)])],
|
||||
[ ENABLED_EXTENDED_MASTER=$enableval ],
|
||||
[ ENABLED_EXTENDED_MASTER=yes ]
|
||||
)
|
||||
|
||||
if test "x$ENABLED_EXTENDED_MASTER" = "xyes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXTENDED_MASTER"
|
||||
fi
|
||||
|
||||
# TLS Extensions
|
||||
AC_ARG_ENABLE([tlsx],
|
||||
[ --enable-tlsx Enable all TLS Extensions (default: disabled)],
|
||||
@@ -2439,28 +2557,69 @@ AC_ARG_WITH([cavium],
|
||||
AC_MSG_CHECKING([for cavium])
|
||||
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
|
||||
|
||||
if test "x$withval" == "xyes" ; then
|
||||
AC_MSG_ERROR([need a PATH for --with-cavium])
|
||||
fi
|
||||
if test "x$withval" != "xno" ; then
|
||||
trycaviumdir=$withval
|
||||
fi
|
||||
if test "x$withval" == "xyes" ; then
|
||||
AC_MSG_ERROR([need a PATH for --with-cavium])
|
||||
fi
|
||||
if test "x$withval" != "xno" ; then
|
||||
trycaviumdir=$withval
|
||||
fi
|
||||
|
||||
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
|
||||
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
|
||||
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
|
||||
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
|
||||
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
|
||||
|
||||
if test "x$cavium_linked" == "xno" ; then
|
||||
AC_MSG_ERROR([cavium isn't found.
|
||||
If it's already installed, specify its path using --with-cavium=/dir/])
|
||||
fi
|
||||
AC_MSG_RESULT([yes])
|
||||
enable_shared=no
|
||||
enable_static=yes
|
||||
if test "x$cavium_linked" == "xno" ; then
|
||||
AC_MSG_ERROR([cavium isn't found.
|
||||
If it's already installed, specify its path using --with-cavium=/dir/])
|
||||
fi
|
||||
AC_MSG_RESULT([yes])
|
||||
enable_shared=no
|
||||
enable_static=yes
|
||||
ENABLED_CAVIUM=yes
|
||||
],
|
||||
[ ENABLED_CAVIUM=no ]
|
||||
)
|
||||
|
||||
# cavium V
|
||||
trycaviumdir=""
|
||||
AC_ARG_WITH([cavium-v],
|
||||
[ --with-cavium-v=PATH PATH to Cavium V/software dir ],
|
||||
[
|
||||
AC_MSG_CHECKING([for cavium])
|
||||
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
|
||||
|
||||
if test "x$withval" == "xyes" ; then
|
||||
AC_MSG_ERROR([need a PATH for --with-cavium])
|
||||
fi
|
||||
if test "x$withval" != "xno" ; then
|
||||
trycaviumdir=$withval
|
||||
fi
|
||||
|
||||
LDFLAGS="$AM_LDFLAGS $trycaviumdir/utils/sample_tests/cavium_common.o $trycaviumdir/utils/sample_tests/cavium_sym_crypto.o $trycaviumdir/utils/sample_tests/cavium_asym_crypto.o"
|
||||
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
|
||||
|
||||
#AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(0); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
|
||||
|
||||
if test "x$cavium_linked" == "xno" ; then
|
||||
AC_MSG_ERROR([cavium isn't found.
|
||||
If it's already installed, specify its path using --with-cavium-v=/dir/])
|
||||
fi
|
||||
AC_MSG_RESULT([yes])
|
||||
|
||||
enable_shared=no
|
||||
enable_static=yes
|
||||
ENABLED_CAVIUM=yes
|
||||
ENABLED_CAVIUM_V=yes
|
||||
],
|
||||
[
|
||||
ENABLED_CAVIUM_=no
|
||||
ENABLED_CAVIUM_V=no
|
||||
]
|
||||
)
|
||||
|
||||
AM_CONDITIONAL([BUILD_CAVIUM], [test "x$ENABLED_CAVIUM" = "xyes"])
|
||||
|
||||
|
||||
# Fast RSA using Intel IPP
|
||||
ippdir="${srcdir}/IPP"
|
||||
@@ -2668,7 +2827,7 @@ AC_ARG_ENABLE([asynccrypt],
|
||||
|
||||
if test "$ENABLED_ASYNCCRYPT" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT"
|
||||
|
||||
# if Cavium not enabled the use async simulator for testing
|
||||
if test "x$ENABLED_CAVIUM" = "xno"
|
||||
@@ -2679,6 +2838,9 @@ fi
|
||||
|
||||
AM_CONDITIONAL([BUILD_ASYNCCRYPT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
|
||||
|
||||
AM_CONDITIONAL([BUILD_WOLFEVENT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
|
||||
|
||||
|
||||
|
||||
# Session Export
|
||||
AC_ARG_ENABLE([sessionexport],
|
||||
@@ -2777,6 +2939,15 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
|
||||
test "x$ENABLED_SSLV3" = "xyes"],
|
||||
[AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
|
||||
|
||||
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
|
||||
[AM_CFLAGS="-DWOLFSSL_SCTP $AM_CFLAGS"])
|
||||
|
||||
# SCTP requires DTLS
|
||||
AS_IF([test "x$ENABLED_DTLS" = "xno" && \
|
||||
test "x$ENABLED_SCTP" = "xyes"],
|
||||
[AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
|
||||
ENABLED_DTLS=yes])
|
||||
|
||||
################################################################################
|
||||
|
||||
# OPTIMIZE FLAGS
|
||||
@@ -2986,6 +3157,7 @@ echo " * Filesystem: $ENABLED_FILESYSTEM"
|
||||
echo " * OpenSSH Build: $ENABLED_OPENSSH"
|
||||
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
|
||||
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
|
||||
echo " * Distro Build: $ENABLED_DISTRO"
|
||||
echo " * fastmath: $ENABLED_FASTMATH"
|
||||
echo " * sniffer: $ENABLED_SNIFFER"
|
||||
echo " * snifftest: $ENABLED_SNIFFTEST"
|
||||
@@ -3037,6 +3209,7 @@ echo " * LIGHTY: $ENABLED_LIGHTY"
|
||||
echo " * STUNNEL: $ENABLED_STUNNEL"
|
||||
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
|
||||
echo " * DTLS: $ENABLED_DTLS"
|
||||
echo " * SCTP: $ENABLED_SCTP"
|
||||
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
|
||||
echo " * SSL version 3.0: $ENABLED_SSLV3"
|
||||
echo " * OCSP: $ENABLED_OCSP"
|
||||
@@ -3056,6 +3229,7 @@ echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
|
||||
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
|
||||
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
|
||||
echo " * Session Ticket: $ENABLED_SESSION_TICKET"
|
||||
echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER"
|
||||
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
|
||||
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
|
||||
echo " * All TLS Extensions: $ENABLED_TLSX"
|
||||
@@ -3069,6 +3243,8 @@ echo " * Examples: $ENABLED_EXAMPLES"
|
||||
echo " * User Crypto: $ENABLED_USER_CRYPTO"
|
||||
echo " * Fast RSA: $ENABLED_FAST_RSA"
|
||||
echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
|
||||
echo " * Cavium: $ENABLED_CAVIUM"
|
||||
echo " * ARM ASM: $ENABLED_ARMASM"
|
||||
echo ""
|
||||
echo "---"
|
||||
|
||||
|
||||
@@ -56,11 +56,6 @@
|
||||
#define AesCcmDecrypt wc_AesCcmDecrypt
|
||||
#endif /* HAVE_AESCCM */
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
#define AesInitCavium wc_AesInitCavium
|
||||
#define AesFreeCavium wc_AesFreeCavium
|
||||
#endif
|
||||
|
||||
#endif /* CTAO_CRYPT_AES_H */
|
||||
#endif /* NO_AES */
|
||||
|
||||
|
||||
@@ -26,11 +26,10 @@
|
||||
/* for arc4 reverse compatibility */
|
||||
#ifndef NO_RC4
|
||||
#include <wolfssl/wolfcrypt/arc4.h>
|
||||
#define CYASSL_ARC4_CAVIUM_MAGIC WOLFSSL_ARC4_CAVIUM_MAGIC
|
||||
#define Arc4Process wc_Arc4Process
|
||||
#define Arc4SetKey wc_Arc4SetKey
|
||||
#define Arc4InitCavium wc_Arc4InitCavium
|
||||
#define Arc4FreeCavium wc_Arc4FreeCavium
|
||||
#define Arc4AsyncInit wc_Arc4AsyncInit
|
||||
#define Arc4AsyncFree wc_Arc4AsyncFree
|
||||
#endif
|
||||
|
||||
#endif /* CTAO_CRYPT_ARC4_H */
|
||||
|
||||
@@ -39,9 +39,9 @@
|
||||
#define Des3_CbcEncrypt wc_Des3_CbcEncrypt
|
||||
#define Des3_CbcDecrypt wc_Des3_CbcDecrypt
|
||||
#define Des3_CbcDecryptWithKey wc_Des3_CbcDecryptWithKey
|
||||
#ifdef HAVE_CAVIUM
|
||||
#define Des3_InitCavium wc_Des3_InitCavium
|
||||
#define Des3_FreeCavium wc_Des3_FreeCavium
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#define Des3AsyncInit wc_Des3AsyncInit
|
||||
#define Des3AsyncFree wc_Des3AsyncFree
|
||||
#endif
|
||||
|
||||
#endif /* NO_DES3 */
|
||||
|
||||
@@ -30,9 +30,9 @@
|
||||
#define HmacSetKey wc_HmacSetKey
|
||||
#define HmacUpdate wc_HmacUpdate
|
||||
#define HmacFinal wc_HmacFinal
|
||||
#ifdef HAVE_CAVIUM
|
||||
#define HmacInitCavium wc_HmacInitCavium
|
||||
#define HmacFreeCavium wc_HmacFreeCavium
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#define HmacAsyncInit wc_HmacAsyncInit
|
||||
#define HmacAsyncFree wc_HmacAsyncFree
|
||||
#endif
|
||||
#define CyaSSL_GetHmacMaxSize wolfSSL_GetHmacMaxSize
|
||||
#ifdef HAVE_HKDF
|
||||
|
||||
@@ -47,9 +47,9 @@
|
||||
#define RsaKeyToDer wc_RsaKeyToDer
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
#define RsaInitCavium wc_RsaInitCavium
|
||||
#define RsaFreeCavium wc_RsaFreeCavium
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#define RsaAsyncInit wc_RsaAsyncInit
|
||||
#define RsaAsyncFree wc_RsaAsyncFree
|
||||
#endif
|
||||
|
||||
#endif /* CTAO_CRYPT_RSA_H */
|
||||
|
||||
+109
-35
@@ -53,6 +53,10 @@
|
||||
|
||||
#include "examples/client/client.h"
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
static int devId = INVALID_DEVID;
|
||||
#endif
|
||||
|
||||
/* Note on using port 0: the client standalone example doesn't utilize the
|
||||
* port 0 port sharing; that is used by (1) the server in external control
|
||||
* test mode and (2) the testsuite which uses this code and sets up the correct
|
||||
@@ -78,7 +82,7 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl)
|
||||
#endif
|
||||
int error = wolfSSL_get_error(ssl, 0);
|
||||
SOCKET_T sockfd = (SOCKET_T)wolfSSL_get_fd(ssl);
|
||||
int select_ret;
|
||||
int select_ret = 0;
|
||||
|
||||
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
|
||||
error == SSL_ERROR_WANT_WRITE ||
|
||||
@@ -91,15 +95,17 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl)
|
||||
printf("... client would write block\n");
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
else if (error == WC_PENDING_E) {
|
||||
ret = AsyncCryptPoll(ssl);
|
||||
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
||||
if (ret < 0) { break; } else if (ret == 0) { continue; }
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
|
||||
#endif
|
||||
select_ret = tcp_select(sockfd, currTimeout);
|
||||
if (error != WC_PENDING_E) {
|
||||
#ifdef WOLFSSL_DTLS
|
||||
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
|
||||
#endif
|
||||
select_ret = tcp_select(sockfd, currTimeout);
|
||||
}
|
||||
|
||||
if ((select_ret == TEST_RECV_READY) ||
|
||||
(select_ret == TEST_ERROR_READY)) {
|
||||
@@ -150,8 +156,10 @@ static void ShowVersions(void)
|
||||
printf("3\n");
|
||||
}
|
||||
|
||||
int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
int doDTLS, int benchmark, int resumeSession)
|
||||
/* Measures average time to create, connect and disconnect a connection (TPS).
|
||||
Benchmark = number of connections. */
|
||||
static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession)
|
||||
{
|
||||
/* time passed in number of connects give average */
|
||||
int times = benchmark;
|
||||
@@ -174,7 +182,7 @@ int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
if (ssl == NULL)
|
||||
err_sys("unable to get SSL object");
|
||||
|
||||
tcp_connect(&sockfd, host, port, doDTLS, ssl);
|
||||
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
|
||||
|
||||
#ifndef NO_SESSION_CACHE
|
||||
if (benchResume)
|
||||
@@ -209,8 +217,9 @@ int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
int doDTLS, int throughput)
|
||||
/* Measures throughput in kbps. Throughput = number of bytes */
|
||||
static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
int dtlsUDP, int dtlsSCTP, int throughput)
|
||||
{
|
||||
double start, conn_time = 0, tx_time = 0, rx_time = 0;
|
||||
SOCKET_T sockfd;
|
||||
@@ -221,7 +230,7 @@ int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
ssl = wolfSSL_new(ctx);
|
||||
if (ssl == NULL)
|
||||
err_sys("unable to get SSL object");
|
||||
tcp_connect(&sockfd, host, port, doDTLS, ssl);
|
||||
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
|
||||
if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
|
||||
err_sys("error in setting fd");
|
||||
}
|
||||
@@ -337,7 +346,8 @@ const char* starttlsCmd[6] = {
|
||||
"QUIT\r\n",
|
||||
};
|
||||
|
||||
int StartTLS_Init(SOCKET_T* sockfd)
|
||||
/* Initiates the STARTTLS command sequence over TCP */
|
||||
static int StartTLS_Init(SOCKET_T* sockfd)
|
||||
{
|
||||
char tmpBuf[256];
|
||||
|
||||
@@ -393,7 +403,8 @@ int StartTLS_Init(SOCKET_T* sockfd)
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
|
||||
/* Closes down the SMTP connection */
|
||||
static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
|
||||
{
|
||||
int ret;
|
||||
char tmpBuf[256];
|
||||
@@ -455,6 +466,10 @@ static void Usage(void)
|
||||
printf("-g Send server HTTP GET\n");
|
||||
printf("-u Use UDP DTLS,"
|
||||
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
|
||||
#ifdef WOLFSSL_SCTP
|
||||
printf("-G Use SCTP DTLS,"
|
||||
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
|
||||
#endif
|
||||
printf("-m Match domain name in cert\n");
|
||||
printf("-N Use Non-blocking sockets\n");
|
||||
printf("-r Resume session\n");
|
||||
@@ -479,6 +494,9 @@ static void Usage(void)
|
||||
#ifdef HAVE_TRUNCATED_HMAC
|
||||
printf("-T Use Truncated HMAC\n");
|
||||
#endif
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
printf("-n Disable Extended Master Secret\n");
|
||||
#endif
|
||||
#ifdef HAVE_OCSP
|
||||
printf("-o Perform OCSP lookup on peer certificate\n");
|
||||
printf("-O <url> Perform OCSP lookup using <url> as responder\n");
|
||||
@@ -545,6 +563,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
int benchmark = 0;
|
||||
int throughput = 0;
|
||||
int doDTLS = 0;
|
||||
int dtlsUDP = 0;
|
||||
int dtlsSCTP = 0;
|
||||
int matchName = 0;
|
||||
int doPeerCheck = 1;
|
||||
int nonBlocking = 0;
|
||||
@@ -592,6 +612,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|
||||
byte statusRequest = 0;
|
||||
#endif
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
byte disableExtMasterSecret = 0;
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef HAVE_OCSP
|
||||
@@ -634,7 +657,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|
||||
#ifndef WOLFSSL_VXWORKS
|
||||
while ((ch = mygetopt(argc, argv,
|
||||
"?gdeDusmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:ToO:aB:W:E:M:q:"))
|
||||
"?gdeDuGsmNrwRitfxXUPCVh:p:v:l:A:c:k:Z:b:zS:F:L:TnoO:aB:W:E:M:q:"))
|
||||
!= -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
@@ -664,7 +687,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
break;
|
||||
|
||||
case 'u' :
|
||||
doDTLS = 1;
|
||||
doDTLS = 1;
|
||||
dtlsUDP = 1;
|
||||
break;
|
||||
|
||||
case 'G' :
|
||||
#ifdef WOLFSSL_SCTP
|
||||
doDTLS = 1;
|
||||
dtlsSCTP = 1;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 's' :
|
||||
@@ -832,6 +863,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 'n' :
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
disableExtMasterSecret = 1;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 'W' :
|
||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|
||||
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
|
||||
@@ -1106,6 +1143,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SCTP
|
||||
if (dtlsSCTP)
|
||||
wolfSSL_CTX_dtls_set_sctp(ctx);
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
||||
#endif
|
||||
@@ -1175,9 +1217,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
wolfSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
ret = wolfAsync_DevOpen(&devId);
|
||||
if (ret != 0) {
|
||||
err_sys("Async device open failed");
|
||||
}
|
||||
wolfSSL_CTX_UseAsync(ctx, devId);
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
#ifdef HAVE_SNI
|
||||
if (sniHostName)
|
||||
@@ -1199,17 +1245,24 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
|
||||
err_sys("UseSessionTicket failed");
|
||||
#endif
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
if (disableExtMasterSecret)
|
||||
if (wolfSSL_CTX_DisableExtendedMasterSecret(ctx) != SSL_SUCCESS)
|
||||
err_sys("DisableExtendedMasterSecret failed");
|
||||
#endif
|
||||
|
||||
if (benchmark) {
|
||||
((func_args*)args)->return_code =
|
||||
ClientBenchmarkConnections(ctx, host, port, doDTLS, benchmark, resumeSession);
|
||||
ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
|
||||
benchmark, resumeSession);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
if(throughput) {
|
||||
((func_args*)args)->return_code =
|
||||
ClientBenchmarkThroughput(ctx, host, port, doDTLS, throughput);
|
||||
ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
|
||||
throughput);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
@@ -1295,7 +1348,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
}
|
||||
#endif
|
||||
|
||||
tcp_connect(&sockfd, host, port, doDTLS, ssl);
|
||||
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl);
|
||||
if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
|
||||
err_sys("error in setting fd");
|
||||
}
|
||||
@@ -1343,7 +1396,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
do {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (err == WC_PENDING_E) {
|
||||
ret = AsyncCryptPoll(ssl);
|
||||
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
||||
if (ret < 0) { break; } else if (ret == 0) { continue; }
|
||||
}
|
||||
#endif
|
||||
@@ -1474,7 +1527,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
}
|
||||
#endif
|
||||
|
||||
if (doDTLS == 0) { /* don't send alert after "break" command */
|
||||
if (dtlsUDP == 0) { /* don't send alert after "break" command */
|
||||
ret = wolfSSL_shutdown(ssl);
|
||||
if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
|
||||
wolfSSL_shutdown(ssl); /* bidirectional shutdown */
|
||||
@@ -1488,7 +1541,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|
||||
#ifndef NO_SESSION_CACHE
|
||||
if (resumeSession) {
|
||||
if (doDTLS) {
|
||||
if (dtlsUDP) {
|
||||
#ifdef USE_WINDOWS_API
|
||||
Sleep(500);
|
||||
#elif defined(WOLFSSL_TIRTOS)
|
||||
@@ -1497,7 +1550,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
sleep(1);
|
||||
#endif
|
||||
}
|
||||
tcp_connect(&sockfd, host, port, doDTLS, sslResume);
|
||||
tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume);
|
||||
if (wolfSSL_set_fd(sslResume, sockfd) != SSL_SUCCESS) {
|
||||
err_sys("error in setting fd");
|
||||
}
|
||||
@@ -1519,6 +1572,32 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
|
||||
(void*)"resumed session");
|
||||
#endif
|
||||
#ifdef HAVE_SUPPORTED_CURVES /* add curves to supported curves extension */
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP256R1)
|
||||
!= SSL_SUCCESS) {
|
||||
err_sys("unable to set curve secp256r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP384R1)
|
||||
!= SSL_SUCCESS) {
|
||||
err_sys("unable to set curve secp384r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP521R1)
|
||||
!= SSL_SUCCESS) {
|
||||
err_sys("unable to set curve secp521r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP224R1)
|
||||
!= SSL_SUCCESS) {
|
||||
err_sys("unable to set curve secp224r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP192R1)
|
||||
!= SSL_SUCCESS) {
|
||||
err_sys("unable to set curve secp192r1");
|
||||
}
|
||||
if (wolfSSL_UseSupportedCurve(sslResume, WOLFSSL_ECC_SECP160R1)
|
||||
!= SSL_SUCCESS) {
|
||||
err_sys("unable to set curve secp160r1");
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_CALLBACKS
|
||||
if (nonBlocking) {
|
||||
@@ -1622,6 +1701,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|
||||
((func_args*)args)->return_code = 0;
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wolfAsync_DevClose(&devId);
|
||||
#endif
|
||||
|
||||
#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
|
||||
if (trackMemory)
|
||||
ShowMemoryTracker();
|
||||
@@ -1650,11 +1733,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
{
|
||||
func_args args;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
|
||||
if (ret != 0)
|
||||
err_sys("Cavium OpenNitroxDevice failed");
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
StartTCP();
|
||||
|
||||
@@ -1674,10 +1752,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#endif
|
||||
wolfSSL_Cleanup();
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
CspShutdown(CAVIUM_DEV_ID);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_FreeNetRandom() < 0)
|
||||
err_sys("Failed to free netRandom context");
|
||||
|
||||
@@ -26,21 +26,6 @@
|
||||
|
||||
THREAD_RETURN WOLFSSL_THREAD client_test(void* args);
|
||||
|
||||
/* Measures average time to create, connect and disconnect a connection (TPS).
|
||||
Benchmark = number of connections. */
|
||||
int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
int doDTLS, int benchmark, int resumeSession);
|
||||
|
||||
/* Measures throughput in kbps. Throughput = number of bytes */
|
||||
int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
int doDTLS, int throughput);
|
||||
|
||||
/* Initiates the STARTTLS command sequence over TCP */
|
||||
int StartTLS_Init(SOCKET_T* sockfd);
|
||||
|
||||
/* Closes down the SMTP connection */
|
||||
int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown);
|
||||
|
||||
|
||||
#endif /* WOLFSSL_CLIENT_H */
|
||||
|
||||
|
||||
@@ -52,6 +52,11 @@
|
||||
|
||||
#include "examples/echoclient/echoclient.h"
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
static int devId = INVALID_DEVID;
|
||||
#endif
|
||||
|
||||
|
||||
void echoclient_test(void* args)
|
||||
{
|
||||
SOCKET_T sockfd = 0;
|
||||
@@ -162,12 +167,20 @@ void echoclient_test(void* args)
|
||||
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_MDK_ARM)
|
||||
#if defined(WOLFSSL_MDK_ARM)
|
||||
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
ret = wolfAsync_DevOpen(&devId);
|
||||
if (ret != 0) {
|
||||
err_sys("Async device open failed");
|
||||
}
|
||||
wolfSSL_CTX_UseAsync(ctx, devId);
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
ssl = SSL_new(ctx);
|
||||
tcp_connect(&sockfd, yasslIP, port, doDTLS, ssl);
|
||||
tcp_connect(&sockfd, yasslIP, port, doDTLS, 0, ssl);
|
||||
|
||||
SSL_set_fd(ssl, sockfd);
|
||||
#if defined(USE_WINDOWS_API) && defined(CYASSL_DTLS) && defined(NO_MAIN_DRIVER)
|
||||
@@ -178,7 +191,7 @@ void echoclient_test(void* args)
|
||||
do {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (err == WC_PENDING_E) {
|
||||
ret = AsyncCryptPoll(ssl);
|
||||
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
||||
if (ret < 0) { break; } else if (ret == 0) { continue; }
|
||||
}
|
||||
#endif
|
||||
@@ -250,6 +263,10 @@ void echoclient_test(void* args)
|
||||
SSL_free(ssl);
|
||||
SSL_CTX_free(ctx);
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wolfAsync_DevClose(&devId);
|
||||
#endif
|
||||
|
||||
fflush(fout);
|
||||
if (inCreated) fclose(fin);
|
||||
if (outCreated) fclose(fout);
|
||||
@@ -266,12 +283,6 @@ void echoclient_test(void* args)
|
||||
{
|
||||
func_args args;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
|
||||
if (ret != 0)
|
||||
err_sys("Cavium OpenNitroxDevice failed");
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
|
||||
err_sys("Whitewood netRandom global config failed");
|
||||
@@ -293,10 +304,6 @@ void echoclient_test(void* args)
|
||||
|
||||
CyaSSL_Cleanup();
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
CspShutdown(CAVIUM_DEV_ID);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_FreeNetRandom() < 0)
|
||||
err_sys("Failed to free netRandom context");
|
||||
|
||||
@@ -53,6 +53,10 @@
|
||||
|
||||
#include "examples/echoserver/echoserver.h"
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
static int devId = INVALID_DEVID;
|
||||
#endif
|
||||
|
||||
#define SVR_COMMAND_SIZE 256
|
||||
|
||||
static void SignalReady(void* args, word16 port)
|
||||
@@ -132,7 +136,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
||||
fdOpenSession(Task_self());
|
||||
#endif
|
||||
|
||||
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
|
||||
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
|
||||
|
||||
#if defined(CYASSL_DTLS)
|
||||
method = CyaDTLSv1_2_server_method();
|
||||
@@ -226,6 +230,14 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
ret = wolfAsync_DevOpen(&devId);
|
||||
if (ret != 0) {
|
||||
err_sys("Async device open failed");
|
||||
}
|
||||
wolfSSL_CTX_UseAsync(ctx, devId);
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
SignalReady(args, port);
|
||||
|
||||
while (!shutDown) {
|
||||
@@ -272,7 +284,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
||||
do {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (err == WC_PENDING_E) {
|
||||
ret = AsyncCryptPoll(ssl);
|
||||
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
||||
if (ret < 0) { break; } else if (ret == 0) { continue; }
|
||||
}
|
||||
#endif
|
||||
@@ -361,7 +373,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
||||
CyaSSL_free(ssl);
|
||||
CloseSocket(clientfd);
|
||||
#ifdef CYASSL_DTLS
|
||||
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
|
||||
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0);
|
||||
SignalReady(args, port);
|
||||
#endif
|
||||
}
|
||||
@@ -390,6 +402,10 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
||||
TicketCleanup();
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wolfAsync_DevClose(&devId);
|
||||
#endif
|
||||
|
||||
#ifndef CYASSL_TIRTOS
|
||||
return 0;
|
||||
#endif
|
||||
@@ -403,12 +419,6 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
||||
{
|
||||
func_args args;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
|
||||
if (ret != 0)
|
||||
err_sys("Cavium OpenNitroxDevice failed");
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
|
||||
err_sys("Whitewood netRandom global config failed");
|
||||
@@ -427,10 +437,6 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
||||
echoserver_test(&args);
|
||||
CyaSSL_Cleanup();
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
CspShutdown(CAVIUM_DEV_ID);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_FreeNetRandom() < 0)
|
||||
err_sys("Failed to free netRandom context");
|
||||
|
||||
@@ -5,3 +5,4 @@ include examples/client/include.am
|
||||
include examples/echoclient/include.am
|
||||
include examples/echoserver/include.am
|
||||
include examples/server/include.am
|
||||
include examples/sctp/include.am
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
# vim:ft=automake
|
||||
# included from Top Level Makefile.am
|
||||
# All paths should be given relative to the root
|
||||
|
||||
|
||||
if BUILD_SCTP
|
||||
if BUILD_EXAMPLE_SERVERS
|
||||
noinst_PROGRAMS += \
|
||||
examples/sctp/sctp-server \
|
||||
examples/sctp/sctp-server-dtls
|
||||
examples_sctp_sctp_server_SOURCES = examples/sctp/sctp-server.c
|
||||
examples_sctp_sctp_server_LDADD = $(LIB_STATIC_ADD)
|
||||
examples_sctp_sctp_server_dtls_SOURCES = examples/sctp/sctp-server-dtls.c
|
||||
examples_sctp_sctp_server_dtls_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
|
||||
examples_sctp_sctp_server_dtls_DEPENDENCIES = src/libwolfssl.la
|
||||
endif
|
||||
if BUILD_EXAMPLE_CLIENTS
|
||||
noinst_PROGRAMS += \
|
||||
examples/sctp/sctp-client \
|
||||
examples/sctp/sctp-client-dtls
|
||||
examples_sctp_sctp_client_SOURCES = examples/sctp/sctp-client.c
|
||||
examples_sctp_sctp_client_LDADD = $(LIB_STATIC_ADD)
|
||||
examples_sctp_sctp_client_dtls_SOURCES = examples/sctp/sctp-client-dtls.c
|
||||
examples_sctp_sctp_client_dtls_LDADD = src/libwolfssl.la $(LIB_STATIC_ADD)
|
||||
examples_sctp_sctp_client_dtls_DEPENDENCIES = src/libwolfssl.la
|
||||
endif
|
||||
endif
|
||||
|
||||
dist_example_DATA += \
|
||||
examples/sctp/sctp-server.c \
|
||||
examples/sctp/sctp-server-dtls.c \
|
||||
examples/sctp/sctp-client.c \
|
||||
examples/sctp/sctp-client-dtls.c
|
||||
DISTCLEANFILES += \
|
||||
examples/sctp/.libs/sctp-server \
|
||||
examples/sctp/.libs/sctp-server-dtls \
|
||||
examples/sctp/.libs/sctp-client \
|
||||
examples/sctp/.libs/sctp-client-dtls
|
||||
@@ -0,0 +1,125 @@
|
||||
/* sctp-client-dtls.c
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
|
||||
/* sctp */
|
||||
#include <sys/socket.h>
|
||||
#include <sys/types.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netinet/in.h>
|
||||
|
||||
/* std */
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
/* wolfssl */
|
||||
#include <wolfssl/options.h>
|
||||
#include <wolfssl/ssl.h>
|
||||
|
||||
|
||||
|
||||
#define cacert "./certs/ca-cert.pem"
|
||||
|
||||
static int err_sys(const char* msg)
|
||||
{
|
||||
perror(msg);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
int main()
|
||||
{
|
||||
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
|
||||
|
||||
if (sd < 0)
|
||||
err_sys("sctp socket error");
|
||||
|
||||
struct sockaddr_in sa;
|
||||
memset(&sa, 0, sizeof(sa));
|
||||
sa.sin_family = AF_INET;
|
||||
sa.sin_addr.s_addr = inet_addr("127.0.0.1");
|
||||
sa.sin_port = htons(12345);
|
||||
|
||||
int ret = connect(sd, (struct sockaddr*)&sa, sizeof(sa));
|
||||
if (ret < 0)
|
||||
err_sys("sctp connect error");
|
||||
|
||||
const char* response = "hello there";
|
||||
char buffer[80];
|
||||
|
||||
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
|
||||
if (ctx == NULL)
|
||||
err_sys("ctx new dtls client failed");
|
||||
|
||||
ret = wolfSSL_CTX_dtls_set_sctp(ctx);
|
||||
if (ret != SSL_SUCCESS)
|
||||
err_sys("set sctp mode failed");
|
||||
|
||||
ret = wolfSSL_CTX_load_verify_locations(ctx, cacert, NULL);
|
||||
if (ret != SSL_SUCCESS)
|
||||
err_sys("ca cert error");
|
||||
|
||||
WOLFSSL* ssl = wolfSSL_new(ctx);
|
||||
if (ssl == NULL)
|
||||
err_sys("ssl new dtls client failed");
|
||||
|
||||
wolfSSL_set_fd(ssl, sd);
|
||||
|
||||
ret = wolfSSL_connect(ssl);
|
||||
if (ret != SSL_SUCCESS)
|
||||
err_sys("ssl connect failed");
|
||||
|
||||
printf("TLS version is %s\n", wolfSSL_get_version(ssl));
|
||||
printf("Cipher Suite is %s\n",
|
||||
wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)));
|
||||
|
||||
wolfSSL_write(ssl, response, (int)strlen(response));
|
||||
int got = wolfSSL_read(ssl, buffer, sizeof(buffer));
|
||||
if (got > 0) {
|
||||
buffer[got] = 0;
|
||||
printf("server said: %s\n", buffer);
|
||||
}
|
||||
|
||||
unsigned char bigBuf[4096];
|
||||
unsigned int i;
|
||||
|
||||
for (i = 0; i < (int)sizeof(bigBuf); i++)
|
||||
bigBuf[i] = (unsigned char)(i & 0xFF);
|
||||
wolfSSL_write(ssl, bigBuf, sizeof(bigBuf));
|
||||
memset(bigBuf, 0, sizeof(bigBuf));
|
||||
|
||||
wolfSSL_read(ssl, bigBuf, sizeof(bigBuf));
|
||||
for (i = 0; i < sizeof(bigBuf); i++) {
|
||||
if (bigBuf[i] != (unsigned char)(i & 0xFF)) {
|
||||
printf("big message check fail\n");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
wolfSSL_shutdown(ssl);
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
|
||||
close(sd);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -0,0 +1,64 @@
|
||||
/* sctp-client.c
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
|
||||
/* sctp */
|
||||
#include <sys/socket.h>
|
||||
#include <sys/types.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netinet/in.h>
|
||||
|
||||
/* std */
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main()
|
||||
{
|
||||
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
|
||||
|
||||
if (sd < 0)
|
||||
perror("sctp socket error");
|
||||
|
||||
struct sockaddr_in sa;
|
||||
memset(&sa, 0, sizeof(sa));
|
||||
sa.sin_family = AF_INET;
|
||||
sa.sin_addr.s_addr = inet_addr("127.0.0.1");
|
||||
sa.sin_port = htons(12345);
|
||||
|
||||
int ret = connect(sd, (struct sockaddr*)&sa, sizeof(sa));
|
||||
if (ret < 0)
|
||||
perror("sctp connect error");
|
||||
|
||||
const char* msg = "hello sctp";
|
||||
char buffer[80];
|
||||
|
||||
send(sd, msg, strlen(msg), 0);
|
||||
int got = (int)recv(sd, buffer, sizeof(buffer), 0);
|
||||
if (got > 0) {
|
||||
buffer[got] = 0;
|
||||
printf("server said: %s\n", buffer);
|
||||
}
|
||||
|
||||
close(sd);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -0,0 +1,124 @@
|
||||
/* sctp-server-dtls.c
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
|
||||
/* sctp */
|
||||
#include <sys/socket.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in.h>
|
||||
|
||||
/* std */
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
/* wolfssl */
|
||||
#include <wolfssl/options.h>
|
||||
#include <wolfssl/ssl.h>
|
||||
|
||||
|
||||
|
||||
#define key "./certs/server-key.pem"
|
||||
#define cert "./certs/server-cert.pem"
|
||||
|
||||
static int err_sys(const char* msg)
|
||||
{
|
||||
perror(msg);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
int main()
|
||||
{
|
||||
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
|
||||
|
||||
if (sd < 0)
|
||||
err_sys("sctp socket error");
|
||||
|
||||
struct sockaddr_in sa;
|
||||
memset(&sa, 0, sizeof(sa));
|
||||
sa.sin_family = AF_INET;
|
||||
sa.sin_addr.s_addr = htonl(INADDR_ANY);
|
||||
sa.sin_port = htons(12345);
|
||||
|
||||
int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa));
|
||||
if (ret < 0)
|
||||
err_sys("sctp bind error");
|
||||
|
||||
listen(sd, 3);
|
||||
|
||||
int client_sd = accept(sd, NULL, NULL);
|
||||
if (client_sd < 0)
|
||||
err_sys("sctp accept error");
|
||||
|
||||
const char* response = "well hello to you";
|
||||
char buffer[80];
|
||||
|
||||
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
|
||||
if (ctx == NULL)
|
||||
err_sys("ctx new dtls server failed");
|
||||
|
||||
ret = wolfSSL_CTX_dtls_set_sctp(ctx);
|
||||
if (ret != SSL_SUCCESS)
|
||||
err_sys("set sctp mode failed");
|
||||
|
||||
ret = wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM);
|
||||
if (ret != SSL_SUCCESS)
|
||||
err_sys("use private key error");
|
||||
|
||||
ret = wolfSSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM);
|
||||
if (ret != SSL_SUCCESS)
|
||||
err_sys("use cert error");
|
||||
|
||||
WOLFSSL* ssl = wolfSSL_new(ctx);
|
||||
if (ssl == NULL)
|
||||
err_sys("ssl new dtls server failed");
|
||||
|
||||
wolfSSL_set_fd(ssl, client_sd);
|
||||
|
||||
ret = wolfSSL_accept(ssl);
|
||||
if (ret != SSL_SUCCESS)
|
||||
err_sys("ssl accept failed");
|
||||
|
||||
printf("TLS version is %s\n", wolfSSL_get_version(ssl));
|
||||
printf("Cipher Suite is %s\n",
|
||||
wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)));
|
||||
|
||||
int got = wolfSSL_read(ssl, buffer, sizeof(buffer));
|
||||
if (got > 0) {
|
||||
buffer[got] = 0;
|
||||
printf("client said: %s\n", buffer);
|
||||
}
|
||||
wolfSSL_write(ssl, response, (int)strlen(response));
|
||||
|
||||
unsigned char bigBuf[4096];
|
||||
|
||||
wolfSSL_read(ssl, bigBuf, sizeof(bigBuf));
|
||||
wolfSSL_write(ssl, bigBuf, sizeof(bigBuf));
|
||||
|
||||
wolfSSL_shutdown(ssl);
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
|
||||
close(sd);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -0,0 +1,70 @@
|
||||
/* sctp-server.c
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
|
||||
/* sctp */
|
||||
#include <sys/socket.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in.h>
|
||||
|
||||
/* std */
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main()
|
||||
{
|
||||
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
|
||||
|
||||
if (sd < 0)
|
||||
perror("sctp socket error");
|
||||
|
||||
struct sockaddr_in sa;
|
||||
memset(&sa, 0, sizeof(sa));
|
||||
sa.sin_family = AF_INET;
|
||||
sa.sin_addr.s_addr = htonl(INADDR_ANY);
|
||||
sa.sin_port = htons(12345);
|
||||
|
||||
int ret = bind(sd, (struct sockaddr*)&sa, sizeof(sa));
|
||||
if (ret < 0)
|
||||
perror("sctp bind error");
|
||||
|
||||
listen(sd, 3);
|
||||
|
||||
int client_sd = accept(sd, NULL, NULL);
|
||||
if (client_sd < 0)
|
||||
perror("sctp accept error");
|
||||
|
||||
const char* response = "hi there";
|
||||
char buffer[80];
|
||||
|
||||
int got = (int)recv(client_sd, buffer, sizeof(buffer), 0);
|
||||
if (got > 0) {
|
||||
buffer[got] = 0;
|
||||
printf("client said: %s\n", buffer);
|
||||
}
|
||||
send(client_sd, response, strlen(response), 0);
|
||||
|
||||
|
||||
close(sd);
|
||||
|
||||
return 0;
|
||||
}
|
||||
+48
-17
@@ -55,6 +55,10 @@
|
||||
|
||||
#include "examples/server/server.h"
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
static int devId = INVALID_DEVID;
|
||||
#endif
|
||||
|
||||
/* Note on using port 0: if the server uses port 0 to bind an ephemeral port
|
||||
* number and is using the ready file for scripted testing, the code in
|
||||
* test.h will write the actual port number into the ready file for use
|
||||
@@ -215,6 +219,10 @@ static void Usage(void)
|
||||
printf("-t Track wolfSSL memory use\n");
|
||||
printf("-u Use UDP DTLS,"
|
||||
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
|
||||
#ifdef WOLFSSL_SCTP
|
||||
printf("-G Use SCTP DTLS,"
|
||||
" add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n");
|
||||
#endif
|
||||
printf("-f Fewer packets/group messages\n");
|
||||
printf("-r Allow one client Resumption\n");
|
||||
printf("-N Use Non-blocking sockets\n");
|
||||
@@ -271,6 +279,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
int usePskPlus = 0;
|
||||
int useAnon = 0;
|
||||
int doDTLS = 0;
|
||||
int dtlsUDP = 0;
|
||||
int dtlsSCTP = 0;
|
||||
int needDH = 0;
|
||||
int useNtruKey = 0;
|
||||
int nonBlocking = 0;
|
||||
@@ -366,7 +376,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
useAnyAddr = 1;
|
||||
#else
|
||||
while ((ch = mygetopt(argc, argv,
|
||||
"?jdbstnNufrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:")) != -1) {
|
||||
"?jdbstnNuGfrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
Usage();
|
||||
@@ -400,6 +410,14 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
|
||||
case 'u' :
|
||||
doDTLS = 1;
|
||||
dtlsUDP = 1;
|
||||
break;
|
||||
|
||||
case 'G' :
|
||||
#ifdef WOLFSSL_SCTP
|
||||
doDTLS = 1;
|
||||
dtlsSCTP = 1;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 'f' :
|
||||
@@ -559,6 +577,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
myoptind = 0; /* reset for test cases */
|
||||
#endif /* !WOLFSSL_VXWORKS */
|
||||
|
||||
/* Can only use DTLS over UDP or SCTP, can't do both. */
|
||||
if (dtlsUDP && dtlsSCTP) {
|
||||
err_sys("Cannot use DTLS with both UDP and SCTP.");
|
||||
}
|
||||
|
||||
/* sort out DTLS versus TLS versions */
|
||||
if (version == CLIENT_INVALID_VERSION) {
|
||||
if (doDTLS)
|
||||
@@ -655,7 +678,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
err_sys("unable to load static memory and create ctx");
|
||||
#else
|
||||
ctx = SSL_CTX_new(method(NULL));
|
||||
#endif
|
||||
#endif /* WOLFSSL_STATIC_MEMORY */
|
||||
if (ctx == NULL)
|
||||
err_sys("unable to get ctx");
|
||||
|
||||
@@ -685,6 +708,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
if (fewerPackets)
|
||||
CyaSSL_CTX_set_group_messages(ctx);
|
||||
|
||||
#ifdef WOLFSSL_SCTP
|
||||
if (dtlsSCTP)
|
||||
wolfSSL_CTX_dtls_set_sctp(ctx);
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
||||
#endif
|
||||
@@ -806,16 +834,24 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
}
|
||||
#endif /* USE_WINDOWS_API */
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
ret = wolfAsync_DevOpen(&devId);
|
||||
if (ret != 0) {
|
||||
err_sys("Async device open failed");
|
||||
}
|
||||
wolfSSL_CTX_UseAsync(ctx, devId);
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
while (1) {
|
||||
/* allow resume option */
|
||||
if(resumeCount > 1) {
|
||||
if (doDTLS == 0) {
|
||||
if (dtlsUDP == 0) {
|
||||
SOCKADDR_IN_T client;
|
||||
socklen_t client_len = sizeof(client);
|
||||
clientfd = accept(sockfd, (struct sockaddr*)&client,
|
||||
(ACCEPT_THIRD_T)&client_len);
|
||||
} else {
|
||||
tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
|
||||
tcp_listen(&sockfd, &port, useAnyAddr, dtlsUDP, dtlsSCTP);
|
||||
clientfd = sockfd;
|
||||
}
|
||||
if(WOLFSSL_SOCKET_IS_INVALID(clientfd)) {
|
||||
@@ -896,7 +932,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
readySignal->srfName = serverReadyFile;
|
||||
}
|
||||
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr,
|
||||
doDTLS, serverReadyFile ? 1 : 0, doListen);
|
||||
dtlsUDP, dtlsSCTP, serverReadyFile ? 1 : 0, doListen);
|
||||
doListen = 0; /* Don't listen next time */
|
||||
|
||||
if (SSL_set_fd(ssl, clientfd) != SSL_SUCCESS) {
|
||||
@@ -911,7 +947,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (doDTLS) {
|
||||
if (doDTLS && dtlsUDP) {
|
||||
SOCKADDR_IN_T cliaddr;
|
||||
byte b[1500];
|
||||
int n;
|
||||
@@ -947,7 +983,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
do {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (err == WC_PENDING_E) {
|
||||
ret = AsyncCryptPoll(ssl);
|
||||
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
||||
if (ret < 0) { break; } else if (ret == 0) { continue; }
|
||||
}
|
||||
#endif
|
||||
@@ -1027,7 +1063,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
Task_yield();
|
||||
#endif
|
||||
|
||||
if (doDTLS == 0) {
|
||||
if (dtlsUDP == 0) {
|
||||
ret = SSL_shutdown(ssl);
|
||||
if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
|
||||
SSL_shutdown(ssl); /* bidirectional shutdown */
|
||||
@@ -1088,6 +1124,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
TicketCleanup();
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wolfAsync_DevClose(&devId);
|
||||
#endif
|
||||
|
||||
/* There are use cases when these assignments are not read. To avoid
|
||||
* potential confusion those warnings have been handled here.
|
||||
*/
|
||||
@@ -1112,11 +1152,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
func_args args;
|
||||
tcp_ready ready;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
|
||||
if (ret != 0)
|
||||
err_sys("Cavium OpenNitroxDevice failed");
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
StartTCP();
|
||||
|
||||
@@ -1139,10 +1174,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
CyaSSL_Cleanup();
|
||||
FreeTcpReady(&ready);
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
CspShutdown(CAVIUM_DEV_ID);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_FreeNetRandom() < 0)
|
||||
err_sys("Failed to free netRandom context");
|
||||
|
||||
@@ -223,6 +223,7 @@ int CRYPT_SHA512_Finalize(CRYPT_SHA512_CTX* sha512, unsigned char* digest)
|
||||
int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX* hmac, int type, const unsigned char* key,
|
||||
unsigned int sz)
|
||||
{
|
||||
/* compile-time check to verify CRYPT_HMAC_CTX is large enough to hold Hmac */
|
||||
typedef char hmac_test[sizeof(CRYPT_HMAC_CTX) >= sizeof(Hmac) ? 1 : -1];
|
||||
(void)sizeof(hmac_test);
|
||||
|
||||
|
||||
+1
-1
@@ -104,7 +104,7 @@ enum {
|
||||
|
||||
/* HMAC */
|
||||
typedef struct CRYPT_HMAC_CTX {
|
||||
long long holder[67]; /* big enough to hold internal, but check on init */
|
||||
long long holder[68]; /* big enough to hold internal, but check on init */
|
||||
} CRYPT_HMAC_CTX;
|
||||
|
||||
int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX*, int, const unsigned char*, unsigned int);
|
||||
|
||||
@@ -25,14 +25,14 @@ sleep 1
|
||||
# client test against our own server - GOOD CERT
|
||||
./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
|
||||
|
||||
# client test against our own server - REVOKED CERT
|
||||
./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
|
||||
|
||||
|
||||
@@ -16,39 +16,39 @@ sleep 1
|
||||
# client test against our own server - GOOD CERTS
|
||||
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
|
||||
|
||||
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
|
||||
|
||||
# client test against our own server - REVOKED SERVER CERT
|
||||
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
|
||||
|
||||
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
|
||||
|
||||
# client test against our own server - REVOKED INTERMEDIATE CERT
|
||||
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1
|
||||
|
||||
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
|
||||
|
||||
|
||||
+63
-47
@@ -5,6 +5,7 @@
|
||||
# need a unique resume port since may run the same time as testsuite
|
||||
# use server port zero hack to get one
|
||||
resume_string="reused"
|
||||
ems_string="Extended\ Master\ Secret"
|
||||
resume_port=0
|
||||
no_pid=-1
|
||||
server_pid=$no_pid
|
||||
@@ -41,57 +42,72 @@ do_trap() {
|
||||
exit -1
|
||||
}
|
||||
|
||||
do_test() {
|
||||
echo -e "\nStarting example server for resume test...\n"
|
||||
|
||||
remove_ready_file
|
||||
./examples/server/server -r -R $ready_file -p $resume_port &
|
||||
server_pid=$!
|
||||
|
||||
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
|
||||
echo -e "waiting for ready file..."
|
||||
sleep 0.1
|
||||
counter=$((counter+ 1))
|
||||
done
|
||||
|
||||
if test -e $ready_file; then
|
||||
echo -e "found ready file, starting client..."
|
||||
else
|
||||
echo -e "NO ready file ending test..."
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# get created port 0 ephemeral port
|
||||
resume_port=`cat $ready_file`
|
||||
|
||||
capture_out=$(./examples/client/client $1 -r -p $resume_port 2>&1)
|
||||
client_result=$?
|
||||
|
||||
if [ $client_result != 0 ]
|
||||
then
|
||||
echo -e "client failed!"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
|
||||
wait $server_pid
|
||||
server_result=$?
|
||||
remove_ready_file
|
||||
|
||||
if [ $server_result != 0 ]
|
||||
then
|
||||
echo -e "client failed!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
case "$capture_out" in
|
||||
*$resume_string*)
|
||||
echo "resumed session" ;;
|
||||
*)
|
||||
echo "did NOT resume session as expected"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
trap do_trap INT TERM
|
||||
|
||||
echo -e "\nStarting example server for resume test...\n"
|
||||
do_test
|
||||
|
||||
remove_ready_file
|
||||
./examples/server/server -r -R $ready_file -p $resume_port &
|
||||
server_pid=$!
|
||||
|
||||
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
|
||||
echo -e "waiting for ready file..."
|
||||
sleep 0.1
|
||||
counter=$((counter+ 1))
|
||||
done
|
||||
|
||||
if test -e $ready_file; then
|
||||
echo -e "found ready file, starting client..."
|
||||
else
|
||||
echo -e "NO ready file ending test..."
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# get created port 0 ephemeral port
|
||||
resume_port=`cat $ready_file`
|
||||
|
||||
capture_out=$(./examples/client/client -r -p $resume_port 2>&1)
|
||||
client_result=$?
|
||||
|
||||
if [ $client_result != 0 ]
|
||||
then
|
||||
echo -e "client failed!"
|
||||
do_cleanup
|
||||
exit 1
|
||||
fi
|
||||
|
||||
wait $server_pid
|
||||
server_result=$?
|
||||
remove_ready_file
|
||||
|
||||
if [ $server_result != 0 ]
|
||||
then
|
||||
echo -e "client failed!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
case "$capture_out" in
|
||||
*$resume_string*)
|
||||
echo "resumed session" ;;
|
||||
# Check the client for the extended master secret disable option. If
|
||||
# present we need to run the test twice.
|
||||
options_check=`./examples/client/client -?`
|
||||
case "$options_check" in
|
||||
*$ems_string*)
|
||||
echo -e "\nRepeating resume test without extended master secret..."
|
||||
do_test -n ;;
|
||||
*)
|
||||
echo "did NOT resume session as expected"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
+14
-5
@@ -62,9 +62,22 @@ endif
|
||||
src_libwolfssl_la_SOURCES += \
|
||||
wolfcrypt/src/hmac.c \
|
||||
wolfcrypt/src/random.c \
|
||||
wolfcrypt/src/sha256.c \
|
||||
wolfcrypt/src/hash.c
|
||||
|
||||
if BUILD_ARMASM
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
|
||||
else
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256.c
|
||||
endif
|
||||
|
||||
if BUILD_WOLFEVENT
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/wolfevent.c
|
||||
endif
|
||||
|
||||
if BUILD_ASYNCCRYPT
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/async.c
|
||||
endif
|
||||
|
||||
if !BUILD_USER_RSA
|
||||
if BUILD_RSA
|
||||
if BUILD_FAST_RSA
|
||||
@@ -254,8 +267,4 @@ if BUILD_SNIFFER
|
||||
src_libwolfssl_la_SOURCES += src/sniffer.c
|
||||
endif
|
||||
|
||||
if BUILD_ASYNCCRYPT
|
||||
src_libwolfssl_la_SOURCES += src/async.c
|
||||
endif
|
||||
|
||||
endif # !BUILD_CRYPTONLY
|
||||
|
||||
+3299
-2480
File diff suppressed because it is too large
Load Diff
@@ -1015,7 +1015,7 @@ static int process_http_response(int sfd, byte** respBuf,
|
||||
XMEMCPY(recvBuf, start, len);
|
||||
|
||||
/* receive the OCSP response data */
|
||||
do {
|
||||
while (len < recvBufSz) {
|
||||
result = (int)recv(sfd, (char*)recvBuf+len, recvBufSz-len, 0);
|
||||
if (result > 0)
|
||||
len += result;
|
||||
@@ -1023,7 +1023,7 @@ static int process_http_response(int sfd, byte** respBuf,
|
||||
WOLFSSL_MSG("process_http_response recv ocsp from peer failed");
|
||||
return -1;
|
||||
}
|
||||
} while (len != recvBufSz);
|
||||
}
|
||||
|
||||
*respBuf = recvBuf;
|
||||
return recvBufSz;
|
||||
|
||||
+26
-26
@@ -2070,18 +2070,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
||||
dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
|
||||
if (dec && dec->arc4 == NULL)
|
||||
return MEMORY_E;
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (devId != NO_CAVIUM_DEVICE) {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (devId != INVALID_DEVID) {
|
||||
if (enc) {
|
||||
if (wc_Arc4InitCavium(enc->arc4, devId) != 0) {
|
||||
WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
|
||||
return CAVIUM_INIT_E;
|
||||
if (wc_Arc4AsyncInit(enc->arc4, devId) != 0) {
|
||||
WOLFSSL_MSG("Arc4AsyncInit failed in SetKeys");
|
||||
return ASYNC_INIT_E;
|
||||
}
|
||||
}
|
||||
if (dec) {
|
||||
if (wc_Arc4InitCavium(dec->arc4, devId) != 0) {
|
||||
WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
|
||||
return CAVIUM_INIT_E;
|
||||
if (wc_Arc4AsyncInit(dec->arc4, devId) != 0) {
|
||||
WOLFSSL_MSG("Arc4AsyncInit failed in SetKeys");
|
||||
return ASYNC_INIT_E;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -2282,18 +2282,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
||||
dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
|
||||
if (dec && dec->des3 == NULL)
|
||||
return MEMORY_E;
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (devId != NO_CAVIUM_DEVICE) {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (devId != INVALID_DEVID) {
|
||||
if (enc) {
|
||||
if (wc_Des3_InitCavium(enc->des3, devId) != 0) {
|
||||
WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
|
||||
return CAVIUM_INIT_E;
|
||||
if (wc_Des3AsyncInit(enc->des3, devId) != 0) {
|
||||
WOLFSSL_MSG("Des3AsyncInit failed in SetKeys");
|
||||
return ASYNC_INIT_E;
|
||||
}
|
||||
}
|
||||
if (dec) {
|
||||
if (wc_Des3_InitCavium(dec->des3, devId) != 0) {
|
||||
WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
|
||||
return CAVIUM_INIT_E;
|
||||
if (wc_Des3AsyncInit(dec->des3, devId) != 0) {
|
||||
WOLFSSL_MSG("Des3AsyncInit failed in SetKeys");
|
||||
return ASYNC_INIT_E;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -2346,18 +2346,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
||||
dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
|
||||
if (dec && dec->aes == NULL)
|
||||
return MEMORY_E;
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (devId != NO_CAVIUM_DEVICE) {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (devId != INVALID_DEVID) {
|
||||
if (enc) {
|
||||
if (wc_AesInitCavium(enc->aes, devId) != 0) {
|
||||
WOLFSSL_MSG("AesInitCavium failed in SetKeys");
|
||||
return CAVIUM_INIT_E;
|
||||
if (wc_AesAsyncInit(enc->aes, devId) != 0) {
|
||||
WOLFSSL_MSG("AesAsyncInit failed in SetKeys");
|
||||
return ASYNC_INIT_E;
|
||||
}
|
||||
}
|
||||
if (dec) {
|
||||
if (wc_AesInitCavium(dec->aes, devId) != 0) {
|
||||
WOLFSSL_MSG("AesInitCavium failed in SetKeys");
|
||||
return CAVIUM_INIT_E;
|
||||
if (wc_AesAsyncInit(dec->aes, devId) != 0) {
|
||||
WOLFSSL_MSG("AesAsyncInit failed in SetKeys");
|
||||
return ASYNC_INIT_E;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -2675,14 +2675,14 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
|
||||
*/
|
||||
int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
|
||||
{
|
||||
int devId = NO_CAVIUM_DEVICE, ret, copy = 0;
|
||||
int devId = INVALID_DEVID, ret, copy = 0;
|
||||
Ciphers* wc_encrypt = NULL;
|
||||
Ciphers* wc_decrypt = NULL;
|
||||
Keys* keys = &ssl->keys;
|
||||
|
||||
(void)copy;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
devId = ssl->devId;
|
||||
#endif
|
||||
|
||||
|
||||
+236
-5
@@ -90,6 +90,7 @@ enum {
|
||||
EXT_TYPE_SZ = 2, /* Extension length */
|
||||
MAX_INPUT_SZ = MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA +
|
||||
MTU_EXTRA, /* Max input sz of reassembly */
|
||||
EXT_MASTER_SECRET = 0x17, /* Extended Master Secret Extension ID */
|
||||
TICKET_EXT_ID = 0x23 /* Session Ticket Extension ID */
|
||||
};
|
||||
|
||||
@@ -253,7 +254,8 @@ static const char* const msgTable[] =
|
||||
"Clear ACK Fault",
|
||||
|
||||
/* 81 */
|
||||
"Bad Decrypt Size"
|
||||
"Bad Decrypt Size",
|
||||
"Extended Master Secret Hash Error"
|
||||
};
|
||||
|
||||
|
||||
@@ -329,6 +331,9 @@ typedef struct Flags {
|
||||
byte srvAckFault; /* server acked unseen data from client */
|
||||
byte cliSkipPartial; /* client skips partial data to catch up */
|
||||
byte srvSkipPartial; /* server skips partial data to catch up */
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
byte expectEms; /* expect extended master secret */
|
||||
#endif
|
||||
} Flags;
|
||||
|
||||
|
||||
@@ -341,6 +346,24 @@ typedef struct FinCaputre {
|
||||
} FinCaputre;
|
||||
|
||||
|
||||
typedef struct HsHashes {
|
||||
#ifndef NO_OLD_TLS
|
||||
#ifndef NO_SHA
|
||||
Sha hashSha;
|
||||
#endif
|
||||
#ifndef NO_MD5
|
||||
Md5 hashMd5;
|
||||
#endif
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
Sha256 hashSha256;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
Sha384 hashSha384;
|
||||
#endif
|
||||
} HsHashes;
|
||||
|
||||
|
||||
/* Sniffer Session holds info for each client/server SSL/TLS session */
|
||||
typedef struct SnifferSession {
|
||||
SnifferServer* context; /* server context */
|
||||
@@ -363,6 +386,9 @@ typedef struct SnifferSession {
|
||||
word32 srvReassemblyMemory; /* server packet memory used */
|
||||
struct SnifferSession* next; /* for hash table list */
|
||||
byte* ticketID; /* mac ID of session ticket */
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
HsHashes* hash;
|
||||
#endif
|
||||
} SnifferSession;
|
||||
|
||||
|
||||
@@ -483,6 +509,9 @@ static void FreeSnifferSession(SnifferSession* session)
|
||||
FreePacketList(session->srvReassemblyList);
|
||||
|
||||
free(session->ticketID);
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
free(session->hash);
|
||||
#endif
|
||||
}
|
||||
free(session);
|
||||
}
|
||||
@@ -533,6 +562,91 @@ void ssl_FreeSniffer(void)
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
|
||||
static int HashInit(HsHashes* hash)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
XMEMSET(hash, 0, sizeof(HsHashes));
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
#ifndef NO_SHA
|
||||
if (ret == 0)
|
||||
ret = wc_InitSha(&hash->hashSha);
|
||||
#endif
|
||||
#ifndef NO_MD5
|
||||
if (ret == 0)
|
||||
wc_InitMd5(&hash->hashMd5);
|
||||
#endif
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
if (ret == 0)
|
||||
ret = wc_InitSha256(&hash->hashSha256);
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
if (ret == 0)
|
||||
ret = wc_InitSha384(&hash->hashSha384);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
static int HashUpdate(HsHashes* hash, const byte* input, int sz)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
input -= HANDSHAKE_HEADER_SZ;
|
||||
sz += HANDSHAKE_HEADER_SZ;
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
#ifndef NO_SHA
|
||||
if (ret == 0)
|
||||
ret = wc_ShaUpdate(&hash->hashSha, input, sz);
|
||||
#endif
|
||||
#ifndef NO_MD5
|
||||
if (ret == 0)
|
||||
wc_Md5Update(&hash->hashMd5, input, sz);
|
||||
#endif
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
if (ret == 0)
|
||||
ret = wc_Sha256Update(&hash->hashSha256, input, sz);
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
if (ret == 0)
|
||||
ret = wc_Sha384Update(&hash->hashSha384, input, sz);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
static int HashCopy(HS_Hashes* d, HsHashes* s)
|
||||
{
|
||||
#ifndef NO_OLD_TLS
|
||||
#ifndef NO_SHA
|
||||
XMEMCPY(&d->hashSha, &s->hashSha, sizeof(Sha));
|
||||
#endif
|
||||
#ifndef NO_MD5
|
||||
XMEMCPY(&d->hashMd5, &s->hashMd5, sizeof(Md5));
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef NO_SHA256
|
||||
XMEMCPY(&d->hashSha256, &s->hashSha256, sizeof(Sha256));
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
XMEMCPY(&d->hashSha384, &s->hashSha384, sizeof(Sha384));
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
/* Initialize a SnifferServer */
|
||||
static void InitSnifferServer(SnifferServer* sniffer)
|
||||
{
|
||||
@@ -563,6 +677,9 @@ static void InitFlags(Flags* flags)
|
||||
flags->srvAckFault = 0;
|
||||
flags->cliSkipPartial = 0;
|
||||
flags->srvSkipPartial = 0;
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
flags->expectEms = 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
@@ -600,6 +717,9 @@ static void InitSession(SnifferSession* session)
|
||||
|
||||
InitFlags(&session->flags);
|
||||
InitFinCapture(&session->finCaputre);
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
session->hash = 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
@@ -1483,13 +1603,17 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
|
||||
|
||||
|
||||
/* Process Server Hello */
|
||||
static int ProcessServerHello(const byte* input, int* sslBytes,
|
||||
static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
|
||||
SnifferSession* session, char* error)
|
||||
{
|
||||
ProtocolVersion pv;
|
||||
byte b;
|
||||
int toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
|
||||
int doResume = 0;
|
||||
int initialBytes = *sslBytes;
|
||||
|
||||
(void)msgSz;
|
||||
(void)initialBytes;
|
||||
|
||||
/* make sure we didn't miss ClientHello */
|
||||
if (session->flags.clientHello == 0) {
|
||||
@@ -1548,6 +1672,62 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
/* extensions */
|
||||
if ((initialBytes - *sslBytes) < msgSz) {
|
||||
word16 len;
|
||||
|
||||
/* skip extensions until extended master secret */
|
||||
/* make sure can read len */
|
||||
if (SUITE_LEN > *sslBytes) {
|
||||
SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
|
||||
return -1;
|
||||
}
|
||||
len = (word16)((input[0] << 8) | input[1]);
|
||||
input += SUITE_LEN;
|
||||
*sslBytes -= SUITE_LEN;
|
||||
/* make sure can read through all extensions */
|
||||
if (len > *sslBytes) {
|
||||
SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
|
||||
byte extType[EXT_TYPE_SZ];
|
||||
word16 extLen;
|
||||
|
||||
extType[0] = input[0];
|
||||
extType[1] = input[1];
|
||||
input += EXT_TYPE_SZ;
|
||||
*sslBytes -= EXT_TYPE_SZ;
|
||||
|
||||
extLen = (word16)((input[0] << 8) | input[1]);
|
||||
input += LENGTH_SZ;
|
||||
*sslBytes -= LENGTH_SZ;
|
||||
|
||||
/* make sure can read through individual extension */
|
||||
if (extLen > *sslBytes) {
|
||||
SetError(SERVER_HELLO_INPUT_STR, error, session,
|
||||
FATAL_ERROR_STATE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (extType[0] == 0x00 && extType[1] == EXT_MASTER_SECRET) {
|
||||
session->flags.expectEms = 1;
|
||||
}
|
||||
|
||||
input += extLen;
|
||||
*sslBytes -= extLen;
|
||||
len -= extLen + EXT_TYPE_SZ + LENGTH_SZ;
|
||||
}
|
||||
}
|
||||
|
||||
if (!session->flags.expectEms) {
|
||||
free(session->hash);
|
||||
session->hash = NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (session->sslServer->options.haveSessionId &&
|
||||
XMEMCMP(session->sslServer->arrays->sessionID,
|
||||
session->sslClient->arrays->sessionID, ID_LEN) == 0)
|
||||
@@ -1758,7 +1938,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
|
||||
return -1;
|
||||
}
|
||||
|
||||
while (len > EXT_TYPE_SZ + LENGTH_SZ) {
|
||||
while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
|
||||
byte extType[EXT_TYPE_SZ];
|
||||
word16 extLen;
|
||||
|
||||
@@ -1883,6 +2063,16 @@ static int DoHandShake(const byte* input, int* sslBytes,
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
if (session->hash) {
|
||||
if (HashUpdate(session->hash, input, size) != 0) {
|
||||
SetError(EXTENDED_MASTER_HASH_STR, error,
|
||||
session, FATAL_ERROR_STATE);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
switch (type) {
|
||||
case hello_verify_request:
|
||||
Trace(GOT_HELLO_VERIFY_STR);
|
||||
@@ -1896,7 +2086,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
|
||||
break;
|
||||
case server_hello:
|
||||
Trace(GOT_SERVER_HELLO_STR);
|
||||
ret = ProcessServerHello(input, sslBytes, session, error);
|
||||
ret = ProcessServerHello(size, input, sslBytes, session, error);
|
||||
break;
|
||||
case certificate_request:
|
||||
Trace(GOT_CERT_REQ_STR);
|
||||
@@ -1923,7 +2113,32 @@ static int DoHandShake(const byte* input, int* sslBytes,
|
||||
break;
|
||||
case client_key_exchange:
|
||||
Trace(GOT_CLIENT_KEY_EX_STR);
|
||||
ret = ProcessClientKeyExchange(input, sslBytes, session, error);
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
if (session->flags.expectEms && session->hash != NULL) {
|
||||
if (HashCopy(session->sslServer->hsHashes,
|
||||
session->hash) == 0 &&
|
||||
HashCopy(session->sslClient->hsHashes,
|
||||
session->hash) == 0) {
|
||||
|
||||
session->sslServer->options.haveEMS = 1;
|
||||
session->sslClient->options.haveEMS = 1;
|
||||
}
|
||||
else {
|
||||
SetError(EXTENDED_MASTER_HASH_STR, error,
|
||||
session, FATAL_ERROR_STATE);
|
||||
ret = -1;
|
||||
}
|
||||
XMEMSET(session->hash, 0, sizeof(HsHashes));
|
||||
free(session->hash);
|
||||
session->hash = NULL;
|
||||
}
|
||||
else {
|
||||
session->sslServer->options.haveEMS = 0;
|
||||
session->sslClient->options.haveEMS = 0;
|
||||
}
|
||||
#endif
|
||||
if (ret == 0)
|
||||
ret = ProcessClientKeyExchange(input, sslBytes, session, error);
|
||||
break;
|
||||
case certificate_verify:
|
||||
Trace(GOT_CERT_VER_STR);
|
||||
@@ -2135,6 +2350,22 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
|
||||
return 0;
|
||||
}
|
||||
InitSession(session);
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
{
|
||||
HsHashes* newHash = (HsHashes*)malloc(sizeof(HsHashes));
|
||||
if (newHash == NULL) {
|
||||
SetError(MEMORY_STR, error, NULL, 0);
|
||||
free(session);
|
||||
return 0;
|
||||
}
|
||||
if (HashInit(newHash) != 0) {
|
||||
SetError(EXTENDED_MASTER_HASH_STR, error, NULL, 0);
|
||||
free(session);
|
||||
return 0;
|
||||
}
|
||||
session->hash = newHash;
|
||||
}
|
||||
#endif
|
||||
session->server = ipInfo->dst;
|
||||
session->client = ipInfo->src;
|
||||
session->srvPort = (word16)tcpInfo->dstPort;
|
||||
|
||||
@@ -547,6 +547,61 @@ int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz)
|
||||
return SSL_NOT_IMPLEMENTED;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
|
||||
|
||||
int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_sctp()");
|
||||
|
||||
if (ctx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
ctx->dtlsSctp = 1;
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_dtls_set_sctp(WOLFSSL* ssl)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_dtls_set_sctp()");
|
||||
|
||||
if (ssl == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
ssl->options.dtlsSctp = 1;
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, word16 newMtu)
|
||||
{
|
||||
if (ctx == NULL || newMtu > MAX_RECORD_SIZE)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
ctx->dtlsMtuSz = newMtu;
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (newMtu > MAX_RECORD_SIZE) {
|
||||
ssl->error = BAD_FUNC_ARG;
|
||||
return SSL_FAILURE;
|
||||
}
|
||||
|
||||
ssl->dtlsMtuSz = newMtu;
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
|
||||
|
||||
#endif /* WOLFSSL_LEANPSK */
|
||||
|
||||
|
||||
@@ -638,32 +693,10 @@ int wolfSSL_GetObjectSize(void)
|
||||
return sizeof(WOLFSSL);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
|
||||
|
||||
int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap)
|
||||
{
|
||||
word32 wc_MemSz[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS };
|
||||
word32 wc_Dist[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST };
|
||||
|
||||
if (heap == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
XMEMSET(heap, 0, sizeof(WOLFSSL_HEAP));
|
||||
|
||||
XMEMCPY(heap->sizeList, wc_MemSz, sizeof(wc_MemSz));
|
||||
XMEMCPY(heap->distList, wc_Dist, sizeof(wc_Dist));
|
||||
|
||||
if (InitMutex(&(heap->memory_mutex)) != 0) {
|
||||
WOLFSSL_MSG("Error creating heap memory mutex");
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method,
|
||||
unsigned char* buf, unsigned int sz,
|
||||
int flag, int max)
|
||||
@@ -680,34 +713,23 @@ int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (*ctx == NULL) {
|
||||
if (*ctx == NULL || (*ctx)->heap == NULL) {
|
||||
if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) {
|
||||
return BUFFER_E; /* not enough memory for structures */
|
||||
}
|
||||
heap = (WOLFSSL_HEAP*)buf;
|
||||
idx += sizeof(WOLFSSL_HEAP);
|
||||
if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) {
|
||||
if (wolfSSL_init_memory_heap(heap) != 0) {
|
||||
return SSL_FAILURE;
|
||||
}
|
||||
hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
|
||||
idx += sizeof(WOLFSSL_HEAP_HINT);
|
||||
XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
|
||||
hint->memory = heap;
|
||||
}
|
||||
else if ((*ctx)->heap == NULL) {
|
||||
if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) {
|
||||
return BUFFER_E; /* not enough memory for structures */
|
||||
|
||||
if (*ctx && (*ctx)->heap == NULL) {
|
||||
(*ctx)->heap = (void*)hint;
|
||||
}
|
||||
heap = (WOLFSSL_HEAP*)buf;
|
||||
idx += sizeof(WOLFSSL_HEAP);
|
||||
if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) {
|
||||
return SSL_FAILURE;
|
||||
}
|
||||
hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
|
||||
idx += sizeof(WOLFSSL_HEAP_HINT);
|
||||
XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
|
||||
hint->memory = heap;
|
||||
(*ctx)->heap = (void*)hint;
|
||||
}
|
||||
else {
|
||||
#ifdef WOLFSSL_HEAP_TEST
|
||||
@@ -767,7 +789,7 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats)
|
||||
}
|
||||
}
|
||||
|
||||
return (ssl->heap)? 1 : 0;
|
||||
return (ssl->heap) ? 1 : 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -786,7 +808,7 @@ int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats)
|
||||
}
|
||||
}
|
||||
|
||||
return (ctx->heap)? 1 : 0;
|
||||
return (ctx->heap) ? 1 : 0;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_STATIC_MEMORY */
|
||||
@@ -1053,17 +1075,22 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
|
||||
#ifdef HAVE_ERRNO_H
|
||||
errno = 0;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls)
|
||||
if (ssl->options.dtls) {
|
||||
ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
|
||||
#ifdef WOLFSSL_SCTP
|
||||
if (ssl->options.dtlsSctp)
|
||||
ssl->dtls_expected_rx = max(ssl->dtls_expected_rx, ssl->dtlsMtuSz);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
sz = min(sz, OUTPUT_RECORD_SIZE);
|
||||
#ifdef HAVE_MAX_FRAGMENT
|
||||
ret = ReceiveData(ssl, (byte*)data,
|
||||
min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)),peek);
|
||||
#else
|
||||
ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
|
||||
sz = min(sz, ssl->max_fragment);
|
||||
#endif
|
||||
ret = ReceiveData(ssl, (byte*)data, sz, peek);
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_read_internal()", ret);
|
||||
|
||||
@@ -1090,10 +1117,10 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
|
||||
/* let's use cavium, SSL_SUCCESS on ok */
|
||||
int wolfSSL_UseCavium(WOLFSSL* ssl, int devId)
|
||||
/* let's use async hardware, SSL_SUCCESS on ok */
|
||||
int wolfSSL_UseAsync(WOLFSSL* ssl, int devId)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -1104,8 +1131,8 @@ int wolfSSL_UseCavium(WOLFSSL* ssl, int devId)
|
||||
}
|
||||
|
||||
|
||||
/* let's use cavium, SSL_SUCCESS on ok */
|
||||
int wolfSSL_CTX_UseCavium(WOLFSSL_CTX* ctx, int devId)
|
||||
/* let's use async hardware, SSL_SUCCESS on ok */
|
||||
int wolfSSL_CTX_UseAsync(WOLFSSL_CTX* ctx, int devId)
|
||||
{
|
||||
if (ctx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -1115,8 +1142,7 @@ int wolfSSL_CTX_UseCavium(WOLFSSL_CTX* ctx, int devId)
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
#ifdef HAVE_SNI
|
||||
|
||||
@@ -1723,6 +1749,35 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
|
||||
int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
if (ctx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
ctx->haveEMS = 0;
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
ssl->options.haveEMS = 0;
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef WOLFSSL_LEANPSK
|
||||
|
||||
int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags)
|
||||
@@ -4544,7 +4599,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
|
||||
|
||||
InitDecodedCert(cert, der, sz, NULL);
|
||||
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm)) != 0) {
|
||||
WOLFSSL_MSG("ParseCert failed");
|
||||
}
|
||||
else if ((ret = CheckCertOCSP(cm->ocsp, cert, NULL)) != 0) {
|
||||
@@ -5020,7 +5075,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
|
||||
|
||||
InitDecodedCert(cert, der, sz, NULL);
|
||||
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm)) != 0) {
|
||||
WOLFSSL_MSG("ParseCert failed");
|
||||
}
|
||||
else if ((ret = CheckCertCRL(cm->crl, cert)) != 0) {
|
||||
@@ -6787,6 +6842,21 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
}
|
||||
#endif
|
||||
|
||||
/* If SCTP is not enabled returns the state of the dtls option.
|
||||
* If SCTP is enabled returns dtls && !sctp. */
|
||||
static INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
|
||||
{
|
||||
int result = ssl->options.dtls;
|
||||
|
||||
if (result) {
|
||||
#ifdef WOLFSSL_SCTP
|
||||
result = !ssl->options.dtlsSctp;
|
||||
#endif
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/* please see note at top of README if you get an error from connect */
|
||||
int wolfSSL_connect(WOLFSSL* ssl)
|
||||
{
|
||||
@@ -6856,7 +6926,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
/* In DTLS, when resuming, we can go straight to FINISHED,
|
||||
* or do a cookie exchange and then skip to FINISHED, assume
|
||||
* we need the cookie exchange first. */
|
||||
if (ssl->options.dtls)
|
||||
if (IsDtlsNotSctpMode(ssl))
|
||||
neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
|
||||
#endif
|
||||
/* get response */
|
||||
@@ -6868,7 +6938,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
/* if resumption failed, reset needed state */
|
||||
else if (neededState == SERVER_FINISHED_COMPLETE)
|
||||
if (!ssl->options.resuming) {
|
||||
if (!ssl->options.dtls)
|
||||
if (!IsDtlsNotSctpMode(ssl))
|
||||
neededState = SERVER_HELLODONE_COMPLETE;
|
||||
else
|
||||
neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
|
||||
@@ -6883,7 +6953,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
return SSL_SUCCESS;
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
if (IsDtlsNotSctpMode(ssl)) {
|
||||
/* re-init hashes, exclude first hello and verify request */
|
||||
#ifndef NO_OLD_TLS
|
||||
wc_InitMd5(&ssl->hsHashes->hashMd5);
|
||||
@@ -6928,7 +6998,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
|
||||
case HELLO_AGAIN_REPLY :
|
||||
#ifdef WOLFSSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
if (IsDtlsNotSctpMode(ssl)) {
|
||||
neededState = ssl->options.resuming ?
|
||||
SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
|
||||
|
||||
@@ -7806,6 +7876,7 @@ int AddSession(WOLFSSL* ssl)
|
||||
|
||||
XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
|
||||
ssl->arrays->masterSecret, SECRET_LEN);
|
||||
SessionCache[row].Sessions[idx].haveEMS = ssl->options.haveEMS;
|
||||
XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID,
|
||||
ID_LEN);
|
||||
SessionCache[row].Sessions[idx].sessionIDSz = ssl->arrays->sessionIDSz;
|
||||
@@ -19016,118 +19087,38 @@ void* wolfSSL_get_jobject(WOLFSSL* ssl)
|
||||
|
||||
#endif /* WOLFSSL_JNI */
|
||||
|
||||
#ifdef HAVE_WOLF_EVENT
|
||||
static int _wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLFSSL* ssl, WOLF_EVENT* events,
|
||||
int maxEvents, unsigned char flags, int* eventCount)
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
|
||||
WOLF_EVENT_FLAG flags, int* eventCount)
|
||||
{
|
||||
WOLF_EVENT* event, *event_prev = NULL;
|
||||
int count = 0, ret = SSL_ERROR_NONE;
|
||||
|
||||
if (ctx == NULL || maxEvents <= 0) {
|
||||
if (ctx == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* Events arg can be NULL only if peek */
|
||||
if (events == NULL && !(flags & WOLF_POLL_FLAG_PEEK)) {
|
||||
return wolfAsync_EventQueuePoll(&ctx->event_queue, NULL,
|
||||
events, maxEvents, flags, eventCount);
|
||||
}
|
||||
|
||||
int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags)
|
||||
{
|
||||
int ret, eventCount = 0;
|
||||
WOLF_EVENT* events[1];
|
||||
|
||||
if (ssl == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
/* In single threaded mode "event_queue.lock" doesn't exist */
|
||||
if (LockMutex(&ctx->event_queue.lock) != 0) {
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Itterate event queue */
|
||||
for (event = ctx->event_queue.head; event != NULL; event = event->next)
|
||||
{
|
||||
byte removeEvent = 0;
|
||||
|
||||
/* Optionally filter by ssl object pointer */
|
||||
if (ssl == NULL || (ssl == event->ssl)) {
|
||||
if (flags & WOLF_POLL_FLAG_PEEK) {
|
||||
if (events) {
|
||||
/* Copy event data to provided buffer */
|
||||
XMEMCPY(&events[count], event, sizeof(WOLF_EVENT));
|
||||
}
|
||||
count++;
|
||||
}
|
||||
else {
|
||||
/* Check hardware */
|
||||
if (flags & WOLF_POLL_FLAG_CHECK_HW) {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST &&
|
||||
event->type <= WOLF_EVENT_TYPE_ASYNC_LAST)
|
||||
{
|
||||
ret = wolfSSL_async_poll(event, flags);
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
}
|
||||
|
||||
/* If event is done then return in 'events' argument */
|
||||
if (event->done) {
|
||||
/* Copy event data to provided buffer */
|
||||
XMEMCPY(&events[count], event, sizeof(WOLF_EVENT));
|
||||
count++;
|
||||
removeEvent = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (removeEvent) {
|
||||
/* Remove from queue list */
|
||||
if (event_prev == NULL) {
|
||||
ctx->event_queue.head = event->next;
|
||||
if (ctx->event_queue.head == NULL) {
|
||||
ctx->event_queue.tail = NULL;
|
||||
}
|
||||
}
|
||||
else {
|
||||
event_prev->next = event->next;
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* Leave in queue, save prev pointer */
|
||||
event_prev = event;
|
||||
}
|
||||
|
||||
/* Check to make sure our event list isn't full */
|
||||
if (events && count >= maxEvents) {
|
||||
break; /* Exit for */
|
||||
}
|
||||
|
||||
/* Check for error */
|
||||
if (ret < 0) {
|
||||
break; /* Exit for */
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
UnLockMutex(&ctx->event_queue.lock);
|
||||
#endif
|
||||
|
||||
/* Return number of properly populated events */
|
||||
if (eventCount) {
|
||||
*eventCount = count;
|
||||
/* not filtering on "ssl", since its the asyncDev */
|
||||
ret = wolfAsync_EventQueuePoll(&ssl->ctx->event_queue, NULL,
|
||||
events, sizeof(events)/sizeof(events), flags, &eventCount);
|
||||
if (ret == 0 && eventCount > 0) {
|
||||
ret = 1; /* Success */
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events,
|
||||
int maxEvents, unsigned char flags, int* eventCount)
|
||||
{
|
||||
return _wolfSSL_CTX_poll(ctx, NULL, events, maxEvents, flags, eventCount);
|
||||
}
|
||||
|
||||
int wolfSSL_poll(WOLFSSL* ssl, WOLF_EVENT* events,
|
||||
int maxEvents, unsigned char flags, int* eventCount)
|
||||
{
|
||||
return _wolfSSL_CTX_poll(ssl->ctx, ssl, events, maxEvents, flags,
|
||||
eventCount);
|
||||
}
|
||||
|
||||
#endif /* HAVE_WOLF_EVENT */
|
||||
|
||||
#endif /* WOLFCRYPT_ONLY */
|
||||
|
||||
@@ -341,21 +341,23 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
|
||||
#endif
|
||||
|
||||
|
||||
int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen)
|
||||
{
|
||||
const byte* side;
|
||||
byte handshake_hash[HSHASH_SZ];
|
||||
word32 hashSz = FINISHED_SZ;
|
||||
word32 hashSz = FINISHED_SZ;
|
||||
|
||||
if (ssl == NULL || hash == NULL || hashLen == NULL || *hashLen < HSHASH_SZ)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
wc_Md5GetHash(&ssl->hsHashes->hashMd5, handshake_hash);
|
||||
wc_ShaGetHash(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
|
||||
wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash);
|
||||
wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[MD5_DIGEST_SIZE]);
|
||||
#endif
|
||||
|
||||
if (IsAtLeastTLSv1_2(ssl)) {
|
||||
#ifndef NO_SHA256
|
||||
if (ssl->specs.mac_algorithm <= sha256_mac || ssl->specs.mac_algorithm == blake2b_mac) {
|
||||
int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash);
|
||||
if (ssl->specs.mac_algorithm <= sha256_mac ||
|
||||
ssl->specs.mac_algorithm == blake2b_mac) {
|
||||
int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash);
|
||||
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
@@ -365,7 +367,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
if (ssl->specs.mac_algorithm == sha384_mac) {
|
||||
int ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,handshake_hash);
|
||||
int ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash);
|
||||
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
@@ -375,6 +377,23 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
#endif
|
||||
}
|
||||
|
||||
*hashLen = hashSz;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
{
|
||||
int ret;
|
||||
const byte* side;
|
||||
byte handshake_hash[HSHASH_SZ];
|
||||
word32 hashSz = HSHASH_SZ;
|
||||
|
||||
ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
|
||||
side = tls_client;
|
||||
else
|
||||
@@ -420,6 +439,10 @@ ProtocolVersion MakeTLSv1_2(void)
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] =
|
||||
"extended master secret";
|
||||
#endif
|
||||
static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
|
||||
static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
|
||||
|
||||
@@ -490,10 +513,41 @@ int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
|
||||
/* External facing wrapper so user can call as well, 0 on success */
|
||||
int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
|
||||
const byte* pms, word32 pmsLen,
|
||||
const byte* sHash, word32 sHashLen,
|
||||
int tls1_2, int hash_type)
|
||||
{
|
||||
return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ,
|
||||
sHash, sHashLen, tls1_2, hash_type);
|
||||
}
|
||||
|
||||
#endif /* HAVE_EXTENDED_MASTER */
|
||||
|
||||
|
||||
int MakeTlsMasterSecret(WOLFSSL* ssl)
|
||||
{
|
||||
int ret;
|
||||
int ret;
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
byte handshake_hash[HSHASH_SZ];
|
||||
word32 hashSz = HSHASH_SZ;
|
||||
|
||||
if (ssl->options.haveEMS) {
|
||||
|
||||
ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
ret = wolfSSL_MakeTlsExtendedMasterSecret(
|
||||
ssl->arrays->masterSecret, SECRET_LEN,
|
||||
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
|
||||
handshake_hash, hashSz,
|
||||
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
|
||||
} else
|
||||
#endif
|
||||
ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
|
||||
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
|
||||
ssl->arrays->clientRandom, ssl->arrays->serverRandom,
|
||||
@@ -4434,7 +4488,13 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl)
|
||||
length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1);
|
||||
|
||||
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
|
||||
length += ssl->suites->hashSigAlgoSz + HELLO_EXT_LEN;
|
||||
length += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ
|
||||
+ ssl->suites->hashSigAlgoSz;
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
if (ssl->options.haveEMS)
|
||||
length += HELLO_EXT_SZ;
|
||||
#endif
|
||||
}
|
||||
|
||||
if (length)
|
||||
@@ -4465,15 +4525,15 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
|
||||
offset += TLSX_Write(ssl->ctx->extensions, output + offset,
|
||||
semaphore, 1);
|
||||
|
||||
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
|
||||
{
|
||||
if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) {
|
||||
int i;
|
||||
/* extension type */
|
||||
c16toa(HELLO_EXT_SIG_ALGO, output + offset);
|
||||
offset += HELLO_EXT_TYPE_SZ;
|
||||
|
||||
/* extension data length */
|
||||
c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, output + offset);
|
||||
c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz,
|
||||
output + offset);
|
||||
offset += OPAQUE16_LEN;
|
||||
|
||||
/* sig algos length */
|
||||
@@ -4485,6 +4545,15 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
|
||||
output[offset] = ssl->suites->hashSigAlgo[i];
|
||||
}
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
if (ssl->options.haveEMS) {
|
||||
c16toa(HELLO_EXT_EXTMS, output + offset);
|
||||
offset += HELLO_EXT_TYPE_SZ;
|
||||
c16toa(0, output + offset);
|
||||
offset += HELLO_EXT_SZ_SZ;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (offset > OPAQUE16_LEN)
|
||||
c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
|
||||
}
|
||||
@@ -4511,13 +4580,18 @@ word16 TLSX_GetResponseSize(WOLFSSL* ssl)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
if (ssl->options.haveEMS)
|
||||
length += HELLO_EXT_SZ;
|
||||
#endif
|
||||
|
||||
if (TLSX_SupportExtensions(ssl))
|
||||
length += TLSX_GetSize(ssl->extensions, semaphore, 0);
|
||||
|
||||
/* All the response data is set at the ssl object only, so no ctx here. */
|
||||
|
||||
if (length)
|
||||
length += OPAQUE16_LEN; /* for total length storage */
|
||||
length += OPAQUE16_LEN; /* for total length storage. */
|
||||
|
||||
return length;
|
||||
}
|
||||
@@ -4534,6 +4608,15 @@ word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output)
|
||||
|
||||
offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0);
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
if (ssl->options.haveEMS) {
|
||||
c16toa(HELLO_EXT_EXTMS, output + offset);
|
||||
offset += HELLO_EXT_TYPE_SZ;
|
||||
c16toa(0, output + offset);
|
||||
offset += HELLO_EXT_SZ_SZ;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (offset > OPAQUE16_LEN)
|
||||
c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
|
||||
}
|
||||
@@ -4549,6 +4632,9 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
|
||||
{
|
||||
int ret = 0;
|
||||
word16 offset = 0;
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
byte pendingEMS = 0;
|
||||
#endif
|
||||
|
||||
if (!ssl || !input || (isRequest && !suites))
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -4606,6 +4692,18 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
|
||||
ret = CSR2_PARSE(ssl, input + offset, size, isRequest);
|
||||
break;
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
case HELLO_EXT_EXTMS:
|
||||
WOLFSSL_MSG("Extended Master Secret extension received");
|
||||
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
if (isRequest)
|
||||
ssl->options.haveEMS = 1;
|
||||
#endif
|
||||
pendingEMS = 1;
|
||||
break;
|
||||
#endif
|
||||
|
||||
case TLSX_RENEGOTIATION_INFO:
|
||||
WOLFSSL_MSG("Secure Renegotiation extension received");
|
||||
|
||||
@@ -4655,6 +4753,11 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
|
||||
offset += size;
|
||||
}
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
if (!isRequest && ssl->options.haveEMS && !pendingEMS)
|
||||
ssl->options.haveEMS = 0;
|
||||
#endif
|
||||
|
||||
if (ret == 0)
|
||||
ret = SNI_VERIFY_PARSE(ssl, isRequest);
|
||||
|
||||
|
||||
+325
-26
@@ -29,6 +29,7 @@
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
#if defined(WOLFSSL_STATIC_MEMORY)
|
||||
#include <wolfssl/wolfcrypt/memory.h>
|
||||
#endif /* WOLFSSL_STATIC_MEMORY */
|
||||
@@ -101,6 +102,22 @@ static int test_wolfSSL_Cleanup(void)
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
/* Initialize the wolfCrypt state.
|
||||
* POST: 0 success.
|
||||
*/
|
||||
static int test_wolfCrypt_Init(void)
|
||||
{
|
||||
int result;
|
||||
|
||||
printf(testingFmt, "wolfCrypt_Init()");
|
||||
result = wolfCrypt_Init();
|
||||
printf(resultFmt, result == 0 ? passed : failed);
|
||||
|
||||
return result;
|
||||
|
||||
} /* END test_wolfCrypt_Init */
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| Method Allocators
|
||||
*----------------------------------------------------------------------------*/
|
||||
@@ -194,6 +211,32 @@ static void test_wolfSSL_CTX_use_certificate_file(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
|
||||
* context using buffer.
|
||||
* PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
|
||||
* --enable-testcert flag.
|
||||
*/
|
||||
static int test_wolfSSL_CTX_use_certificate_buffer(void)
|
||||
{
|
||||
#if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
|
||||
WOLFSSL_CTX* ctx;
|
||||
int ret;
|
||||
|
||||
printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()");
|
||||
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
|
||||
|
||||
ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
|
||||
sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1);
|
||||
|
||||
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
|
||||
return ret;
|
||||
#else
|
||||
return SSL_SUCCESS;
|
||||
#endif
|
||||
|
||||
} /*END test_wolfSSL_CTX_use_certificate_buffer*/
|
||||
|
||||
static void test_wolfSSL_CTX_use_PrivateKey_file(void)
|
||||
{
|
||||
@@ -486,6 +529,48 @@ static void test_wolfSSL_SetTmpDH_buffer(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
/* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
|
||||
* allowed.
|
||||
* POST: return 1 on success.
|
||||
*/
|
||||
static int test_wolfSSL_SetMinVersion(void)
|
||||
{
|
||||
WOLFSSL_CTX* ctx;
|
||||
WOLFSSL* ssl;
|
||||
int failFlag, itr;
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1,
|
||||
WOLFSSL_TLSV1_2};
|
||||
#else
|
||||
const int versions[] = { WOLFSSL_TLSV1_2 };
|
||||
#endif
|
||||
failFlag = SSL_SUCCESS;
|
||||
|
||||
AssertTrue(wolfSSL_Init());
|
||||
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
|
||||
ssl = wolfSSL_new(ctx);
|
||||
|
||||
printf(testingFmt, "wolfSSL_SetMinVersion()");
|
||||
|
||||
for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
|
||||
if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != SSL_SUCCESS){
|
||||
failFlag = SSL_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed);
|
||||
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
AssertTrue(wolfSSL_Cleanup());
|
||||
|
||||
return failFlag;
|
||||
|
||||
} /* END test_wolfSSL_SetMinVersion */
|
||||
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| IO
|
||||
*----------------------------------------------------------------------------*/
|
||||
@@ -537,6 +622,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
|
||||
char msg[] = "I hear you fa shizzle!";
|
||||
char input[1024];
|
||||
int idx;
|
||||
int ret, err = 0;
|
||||
|
||||
#ifdef WOLFSSL_TIRTOS
|
||||
fdOpenSession(Task_self());
|
||||
@@ -586,7 +672,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
|
||||
}
|
||||
|
||||
ssl = wolfSSL_new(ctx);
|
||||
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 1);
|
||||
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1);
|
||||
CloseSocket(sockfd);
|
||||
|
||||
if (wolfSSL_set_fd(ssl, clientfd) != SSL_SUCCESS) {
|
||||
@@ -602,9 +688,22 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if (wolfSSL_accept(ssl) != SSL_SUCCESS)
|
||||
{
|
||||
int err = wolfSSL_get_error(ssl, 0);
|
||||
do {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (err == WC_PENDING_E) {
|
||||
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
||||
if (ret < 0) { break; } else if (ret == 0) { continue; }
|
||||
}
|
||||
#endif
|
||||
|
||||
err = 0; /* Reset error */
|
||||
ret = wolfSSL_accept(ssl);
|
||||
if (ret != SSL_SUCCESS) {
|
||||
err = wolfSSL_get_error(ssl, 0);
|
||||
}
|
||||
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
|
||||
|
||||
if (ret != SSL_SUCCESS) {
|
||||
char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
|
||||
/*err_sys("SSL_accept failed");*/
|
||||
@@ -666,6 +765,7 @@ static void test_client_nofail(void* args)
|
||||
char reply[1024];
|
||||
int input;
|
||||
int msgSz = (int)XSTRLEN(msg);
|
||||
int ret, err = 0;
|
||||
|
||||
#ifdef WOLFSSL_TIRTOS
|
||||
fdOpenSession(Task_self());
|
||||
@@ -700,18 +800,32 @@ static void test_client_nofail(void* args)
|
||||
}
|
||||
|
||||
ssl = wolfSSL_new(ctx);
|
||||
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, ssl);
|
||||
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
|
||||
0, 0, ssl);
|
||||
if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
|
||||
/*err_sys("SSL_set_fd failed");*/
|
||||
goto done2;
|
||||
}
|
||||
|
||||
if (wolfSSL_connect(ssl) != SSL_SUCCESS)
|
||||
{
|
||||
int err = wolfSSL_get_error(ssl, 0);
|
||||
do {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (err == WC_PENDING_E) {
|
||||
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
||||
if (ret < 0) { break; } else if (ret == 0) { continue; }
|
||||
}
|
||||
#endif
|
||||
|
||||
err = 0; /* Reset error */
|
||||
ret = wolfSSL_connect(ssl);
|
||||
if (ret != SSL_SUCCESS) {
|
||||
err = wolfSSL_get_error(ssl, 0);
|
||||
}
|
||||
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
|
||||
|
||||
if (ret != SSL_SUCCESS) {
|
||||
char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
|
||||
/*printf("SSL_connect failed");*/
|
||||
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
|
||||
/*err_sys("SSL_connect failed");*/
|
||||
goto done2;
|
||||
}
|
||||
|
||||
@@ -759,6 +873,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
|
||||
int len = (int) XSTRLEN(msg);
|
||||
char input[1024];
|
||||
int idx;
|
||||
int ret, err = 0;
|
||||
|
||||
#ifdef WOLFSSL_TIRTOS
|
||||
fdOpenSession(Task_self());
|
||||
@@ -805,14 +920,14 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
|
||||
socklen_t cliLen;
|
||||
|
||||
cliLen = sizeof(cliAddr);
|
||||
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0);
|
||||
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0);
|
||||
idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK,
|
||||
(struct sockaddr*)&cliAddr, &cliLen);
|
||||
AssertIntGT(idx, 0);
|
||||
wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
|
||||
}
|
||||
else {
|
||||
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 1);
|
||||
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1);
|
||||
CloseSocket(sfd);
|
||||
}
|
||||
|
||||
@@ -829,13 +944,27 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
|
||||
if (callbacks->ssl_ready)
|
||||
callbacks->ssl_ready(ssl);
|
||||
|
||||
/* AssertIntEQ(SSL_SUCCESS, wolfSSL_accept(ssl)); */
|
||||
if (wolfSSL_accept(ssl) != SSL_SUCCESS) {
|
||||
int err = wolfSSL_get_error(ssl, 0);
|
||||
do {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (err == WC_PENDING_E) {
|
||||
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
||||
if (ret < 0) { break; } else if (ret == 0) { continue; }
|
||||
}
|
||||
#endif
|
||||
|
||||
err = 0; /* Reset error */
|
||||
ret = wolfSSL_accept(ssl);
|
||||
if (ret != SSL_SUCCESS) {
|
||||
err = wolfSSL_get_error(ssl, 0);
|
||||
}
|
||||
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
|
||||
|
||||
if (ret != SSL_SUCCESS) {
|
||||
char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
|
||||
|
||||
} else {
|
||||
/*err_sys("SSL_accept failed");*/
|
||||
}
|
||||
else {
|
||||
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
|
||||
input[idx] = 0;
|
||||
printf("Client message: %s\n", input);
|
||||
@@ -898,6 +1027,7 @@ static void run_wolfssl_client(void* args)
|
||||
int len = (int) XSTRLEN(msg);
|
||||
char input[1024];
|
||||
int idx;
|
||||
int ret, err = 0;
|
||||
|
||||
#ifdef WOLFSSL_TIRTOS
|
||||
fdOpenSession(Task_self());
|
||||
@@ -922,22 +1052,39 @@ static void run_wolfssl_client(void* args)
|
||||
|
||||
ssl = wolfSSL_new(ctx);
|
||||
if (wolfSSL_dtls(ssl)) {
|
||||
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 1, ssl);
|
||||
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
|
||||
1, 0, ssl);
|
||||
}
|
||||
else {
|
||||
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, ssl);
|
||||
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
|
||||
0, 0, ssl);
|
||||
}
|
||||
AssertIntEQ(SSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
|
||||
|
||||
if (callbacks->ssl_ready)
|
||||
callbacks->ssl_ready(ssl);
|
||||
|
||||
if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
|
||||
int err = wolfSSL_get_error(ssl, 0);
|
||||
do {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (err == WC_PENDING_E) {
|
||||
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
|
||||
if (ret < 0) { break; } else if (ret == 0) { continue; }
|
||||
}
|
||||
#endif
|
||||
|
||||
err = 0; /* Reset error */
|
||||
ret = wolfSSL_connect(ssl);
|
||||
if (ret != SSL_SUCCESS) {
|
||||
err = wolfSSL_get_error(ssl, 0);
|
||||
}
|
||||
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
|
||||
|
||||
if (ret != SSL_SUCCESS) {
|
||||
char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
|
||||
|
||||
} else {
|
||||
/*err_sys("SSL_connect failed");*/
|
||||
}
|
||||
else {
|
||||
AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
|
||||
|
||||
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
|
||||
@@ -1780,6 +1927,28 @@ static void test_wolfSSL_UseALPN(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
static void test_wolfSSL_DisableExtendedMasterSecret(void)
|
||||
{
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
|
||||
WOLFSSL *ssl = wolfSSL_new(ctx);
|
||||
|
||||
AssertNotNull(ctx);
|
||||
AssertNotNull(ssl);
|
||||
|
||||
/* error cases */
|
||||
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
|
||||
AssertIntNE(SSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));
|
||||
|
||||
/* success cases */
|
||||
AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
|
||||
AssertIntEQ(SSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));
|
||||
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
#endif
|
||||
}
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| X509 Tests
|
||||
*----------------------------------------------------------------------------*/
|
||||
@@ -1827,6 +1996,126 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
|
||||
#endif /* !NO_CERTS */
|
||||
}
|
||||
|
||||
/* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade
|
||||
* version allowed.
|
||||
* POST: 1 on success.
|
||||
*/
|
||||
static int test_wolfSSL_CTX_SetMinVersion(void)
|
||||
{
|
||||
WOLFSSL_CTX* ctx;
|
||||
int failFlag, itr;
|
||||
|
||||
#ifndef NO_OLD_TLS
|
||||
const int versions[] = { WOLFSSL_TLSV1, WOLFSSL_TLSV1_1,
|
||||
WOLFSSL_TLSV1_2 };
|
||||
#else
|
||||
const int versions[] = { WOLFSSL_TLSV1_2 };
|
||||
#endif
|
||||
|
||||
failFlag = SSL_SUCCESS;
|
||||
|
||||
AssertTrue(wolfSSL_Init());
|
||||
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
|
||||
|
||||
printf(testingFmt, "wolfSSL_CTX_SetMinVersion()");
|
||||
|
||||
for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
|
||||
if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != SSL_SUCCESS){
|
||||
failFlag = SSL_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
printf(resultFmt, failFlag == SSL_SUCCESS ? passed : failed);
|
||||
|
||||
wolfSSL_CTX_free(ctx);
|
||||
AssertTrue(wolfSSL_Cleanup());
|
||||
|
||||
return failFlag;
|
||||
|
||||
} /* END test_wolfSSL_CTX_SetMinVersion */
|
||||
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| OCSP Stapling
|
||||
*----------------------------------------------------------------------------*/
|
||||
|
||||
|
||||
/* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need
|
||||
* need to contact the CA, lowering the cost of cert revocation checking.
|
||||
* PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
|
||||
* POST: 1 returned for success.
|
||||
*/
|
||||
static int test_wolfSSL_UseOCSPStapling(void)
|
||||
{
|
||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP)
|
||||
int ret;
|
||||
WOLFSSL_CTX* ctx;
|
||||
WOLFSSL* ssl;
|
||||
|
||||
wolfSSL_Init();
|
||||
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
|
||||
ssl = wolfSSL_new(ctx);
|
||||
printf(testingFmt, "wolfSSL_UseOCSPStapling()");
|
||||
|
||||
ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
|
||||
WOLFSSL_CSR2_OCSP_USE_NONCE);
|
||||
|
||||
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
|
||||
|
||||
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
|
||||
if(ret != SSL_SUCCESS){
|
||||
wolfSSL_Cleanup();
|
||||
return SSL_FAILURE;
|
||||
}
|
||||
|
||||
return wolfSSL_Cleanup();
|
||||
#else
|
||||
return SSL_SUCCESS;
|
||||
#endif
|
||||
|
||||
} /*END test_wolfSSL_UseOCSPStapling */
|
||||
|
||||
|
||||
/* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 funciton. OCSP
|
||||
* stapling eliminates the need ot contact the CA and lowers cert revocation
|
||||
* check.
|
||||
* PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined.
|
||||
*/
|
||||
static int test_wolfSSL_UseOCSPStaplingV2(void)
|
||||
{
|
||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP)
|
||||
int ret;
|
||||
WOLFSSL_CTX* ctx;
|
||||
WOLFSSL* ssl;
|
||||
|
||||
wolfSSL_Init();
|
||||
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
|
||||
ssl = wolfSSL_new(ctx);
|
||||
printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()");
|
||||
|
||||
ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
|
||||
WOLFSSL_CSR2_OCSP_USE_NONCE );
|
||||
|
||||
printf(resultFmt, ret == SSL_SUCCESS ? passed : failed);
|
||||
|
||||
wolfSSL_free(ssl);
|
||||
wolfSSL_CTX_free(ctx);
|
||||
|
||||
if(ret != SSL_SUCCESS){
|
||||
wolfSSL_Cleanup();
|
||||
return SSL_FAILURE;
|
||||
}
|
||||
|
||||
return wolfSSL_Cleanup();
|
||||
#else
|
||||
return SSL_SUCCESS;
|
||||
#endif
|
||||
|
||||
} /*END test_wolfSSL_UseOCSPStaplingV2*/
|
||||
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| Main
|
||||
@@ -1835,11 +2124,13 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
|
||||
void ApiTest(void)
|
||||
{
|
||||
printf(" Begin API Tests\n");
|
||||
test_wolfSSL_Init();
|
||||
|
||||
AssertIntEQ(test_wolfSSL_Init(), SSL_SUCCESS);
|
||||
/* wolfcrypt initialization tests */
|
||||
AssertFalse(test_wolfCrypt_Init());
|
||||
test_wolfSSL_Method_Allocators();
|
||||
test_wolfSSL_CTX_new(wolfSSLv23_server_method());
|
||||
test_wolfSSL_CTX_use_certificate_file();
|
||||
AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), SSL_SUCCESS);
|
||||
test_wolfSSL_CTX_use_PrivateKey_file();
|
||||
test_wolfSSL_CTX_load_verify_locations();
|
||||
test_wolfSSL_CTX_trust_peer_cert();
|
||||
@@ -1851,6 +2142,8 @@ void ApiTest(void)
|
||||
test_wolfSSL_SetTmpDH_buffer();
|
||||
test_wolfSSL_read_write();
|
||||
test_wolfSSL_dtls_export();
|
||||
AssertIntEQ(test_wolfSSL_SetMinVersion(), SSL_SUCCESS);
|
||||
AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), SSL_SUCCESS);
|
||||
|
||||
/* TLS extensions tests */
|
||||
test_wolfSSL_UseSNI();
|
||||
@@ -1858,10 +2151,16 @@ void ApiTest(void)
|
||||
test_wolfSSL_UseTruncatedHMAC();
|
||||
test_wolfSSL_UseSupportedCurve();
|
||||
test_wolfSSL_UseALPN();
|
||||
test_wolfSSL_DisableExtendedMasterSecret();
|
||||
|
||||
/* X509 tests */
|
||||
test_wolfSSL_X509_NAME_get_entry();
|
||||
|
||||
test_wolfSSL_Cleanup();
|
||||
/*OCSP Stapling. */
|
||||
AssertIntEQ(test_wolfSSL_UseOCSPStapling(), SSL_SUCCESS);
|
||||
AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), SSL_SUCCESS);
|
||||
|
||||
AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS);
|
||||
printf(" End API Tests\n");
|
||||
|
||||
}
|
||||
|
||||
+43
-5
@@ -48,6 +48,7 @@
|
||||
static WOLFSSL_CTX* cipherSuiteCtx = NULL;
|
||||
static char nonblockFlag[] = "-N";
|
||||
static char noVerifyFlag[] = "-d";
|
||||
static char disableEMSFlag[] = "-n";
|
||||
static char flagSep[] = " ";
|
||||
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
|
||||
static char portFlag[] = "-p";
|
||||
@@ -153,7 +154,8 @@ static int IsValidCipherSuite(const char* line, char* suite)
|
||||
|
||||
static int execute_test_case(int svr_argc, char** svr_argv,
|
||||
int cli_argc, char** cli_argv,
|
||||
int addNoVerify, int addNonBlocking)
|
||||
int addNoVerify, int addNonBlocking,
|
||||
int addDisableEMS)
|
||||
{
|
||||
#ifdef WOLFSSL_TIRTOS
|
||||
func_args cliArgs = {0};
|
||||
@@ -270,6 +272,18 @@ static int execute_test_case(int svr_argc, char** svr_argv,
|
||||
cliArgs.argc = cli_argc;
|
||||
}
|
||||
}
|
||||
if (addDisableEMS) {
|
||||
printf("repeating test without extended master secret\n");
|
||||
added += 4; /* -n plus terminator */
|
||||
if (added >= MAX_COMMAND_SZ)
|
||||
printf("client command line too long\n");
|
||||
else {
|
||||
cli_argv[cli_argc++] = disableEMSFlag;
|
||||
strcat(commandLine, disableEMSFlag);
|
||||
strcat(commandLine, flagSep);
|
||||
cliArgs.argc = cli_argc;
|
||||
}
|
||||
}
|
||||
printf("trying client command line[%d]: %s\n", tests++, commandLine);
|
||||
|
||||
InitTcpReady(&ready);
|
||||
@@ -437,12 +451,26 @@ static void test_harness(void* vargs)
|
||||
}
|
||||
|
||||
if (do_it) {
|
||||
ret = execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs,0,0);
|
||||
ret = execute_test_case(svrArgsSz, svrArgs,
|
||||
cliArgsSz, cliArgs, 0, 0, 0);
|
||||
/* don't repeat if not supported in build */
|
||||
if (ret == 0) {
|
||||
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 0, 1);
|
||||
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 1, 0);
|
||||
execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 1, 1);
|
||||
execute_test_case(svrArgsSz, svrArgs,
|
||||
cliArgsSz, cliArgs, 0, 1, 0);
|
||||
execute_test_case(svrArgsSz, svrArgs,
|
||||
cliArgsSz, cliArgs, 1, 0, 0);
|
||||
execute_test_case(svrArgsSz, svrArgs,
|
||||
cliArgsSz, cliArgs, 1, 1, 0);
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
execute_test_case(svrArgsSz, svrArgs,
|
||||
cliArgsSz, cliArgs, 0, 0, 1);
|
||||
execute_test_case(svrArgsSz, svrArgs,
|
||||
cliArgsSz, cliArgs, 0, 1, 1);
|
||||
execute_test_case(svrArgsSz, svrArgs,
|
||||
cliArgsSz, cliArgs, 1, 0, 1);
|
||||
execute_test_case(svrArgsSz, svrArgs,
|
||||
cliArgsSz, cliArgs, 1, 1, 1);
|
||||
#endif
|
||||
}
|
||||
svrArgsSz = 1;
|
||||
cliArgsSz = 1;
|
||||
@@ -513,6 +541,16 @@ int SuiteTest(void)
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_SCTP
|
||||
/* add dtls-sctp extra suites */
|
||||
strcpy(argv0[1], "tests/test-sctp.conf");
|
||||
printf("starting dtls-sctp extra cipher suite tests\n");
|
||||
test_harness(&args);
|
||||
if (args.return_code != 0) {
|
||||
printf("error from script %d\n", args.return_code);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
#ifndef WC_STRICT_SIG
|
||||
#if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */
|
||||
/* add extra signature test suites */
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -54,11 +54,6 @@ int unit_test(int argc, char** argv)
|
||||
#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
|
||||
wolfSSL_Debugging_ON();
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
|
||||
if (ret != 0)
|
||||
err_sys("Cavium OpenNitroxDevice failed");
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
|
||||
@@ -85,10 +80,6 @@ int unit_test(int argc, char** argv)
|
||||
|
||||
SrpTest();
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
CspShutdown(CAVIUM_DEV_ID);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_FreeNetRandom() < 0)
|
||||
err_sys("Failed to free netRandom context");
|
||||
|
||||
@@ -84,12 +84,6 @@ int testsuite_test(int argc, char** argv)
|
||||
int num = 6;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
|
||||
if (ret != 0)
|
||||
err_sys("Cavium OpenNitroxDevice failed");
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0) {
|
||||
err_sys("Whitewood netRandom global config failed");
|
||||
@@ -204,10 +198,6 @@ int testsuite_test(int argc, char** argv)
|
||||
fdCloseSession(Task_self());
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
CspShutdown(CAVIUM_DEV_ID);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_FreeNetRandom() < 0)
|
||||
err_sys("Failed to free netRandom context");
|
||||
|
||||
+342
-90
@@ -32,6 +32,13 @@
|
||||
/* Macro to disable benchmark */
|
||||
#ifndef NO_CRYPT_BENCHMARK
|
||||
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
#include <wolfssl/wolfcrypt/memory.h>
|
||||
static WOLFSSL_HEAP_HINT* HEAP_HINT;
|
||||
#else
|
||||
#define HEAP_HINT NULL
|
||||
#endif /* WOLFSSL_STATIC_MEMORY */
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#ifdef FREESCALE_MQX
|
||||
@@ -77,15 +84,18 @@
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/dh.h>
|
||||
#ifdef HAVE_CAVIUM
|
||||
#include "cavium_sysdep.h"
|
||||
#include "cavium_common.h"
|
||||
#include "cavium_ioctl.h"
|
||||
#endif
|
||||
#ifdef HAVE_NTRU
|
||||
#include "libntruencrypt/ntru_crypto.h"
|
||||
#endif
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(HAVE_ECC)
|
||||
static int devId = INVALID_DEVID;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
const char* wnrConfigFile = "wnr-example.conf";
|
||||
@@ -100,11 +110,39 @@
|
||||
#define HAVE_GET_CYCLES
|
||||
static INLINE word64 get_intel_cycles(void);
|
||||
static word64 total_cycles;
|
||||
#define INIT_CYCLE_COUNTER
|
||||
#define BEGIN_INTEL_CYCLES total_cycles = get_intel_cycles();
|
||||
#define END_INTEL_CYCLES total_cycles = get_intel_cycles() - total_cycles;
|
||||
#define SHOW_INTEL_CYCLES printf(" Cycles per byte = %6.2f", \
|
||||
(float)total_cycles / (numBlocks*sizeof(plain)));
|
||||
#elif defined(LINUX_CYCLE_COUNT)
|
||||
#include <linux/perf_event.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#define HAVE_GET_CYCLES
|
||||
static word64 begin_cycles;
|
||||
static word64 total_cycles;
|
||||
static int cycles = -1;
|
||||
static struct perf_event_attr atr;
|
||||
|
||||
#define INIT_CYCLE_COUNTER do { \
|
||||
atr.type = PERF_TYPE_HARDWARE; \
|
||||
atr.config = PERF_COUNT_HW_CPU_CYCLES; \
|
||||
cycles = syscall(__NR_perf_event_open, &atr, 0, -1, -1, 0); \
|
||||
} while (0);
|
||||
|
||||
#define BEGIN_INTEL_CYCLES read(cycles, &begin_cycles, sizeof(begin_cycles));
|
||||
#define END_INTEL_CYCLES do { \
|
||||
read(cycles, &total_cycles, sizeof(total_cycles)); \
|
||||
total_cycles = total_cycles - begin_cycles; \
|
||||
} while (0);
|
||||
|
||||
#define SHOW_INTEL_CYCLES printf(" Cycles per byte = %6.2f", \
|
||||
(float)total_cycles / (numBlocks*sizeof(plain)));
|
||||
|
||||
#else
|
||||
#define INIT_CYCLE_COUNTER
|
||||
#define BEGIN_INTEL_CYCLES
|
||||
#define END_INTEL_CYCLES
|
||||
#define SHOW_INTEL_CYCLES
|
||||
@@ -161,6 +199,9 @@ void bench_ripemd(void);
|
||||
void bench_cmac(void);
|
||||
|
||||
void bench_rsa(void);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
void bench_rsa_async(void);
|
||||
#endif
|
||||
void bench_rsaKeyGen(void);
|
||||
void bench_dh(void);
|
||||
#ifdef HAVE_ECC
|
||||
@@ -189,29 +230,6 @@ void bench_rng(void);
|
||||
double current_time(int);
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
||||
static int OpenNitroxDevice(int dma_mode,int dev_id)
|
||||
{
|
||||
Csp1CoreAssignment core_assign;
|
||||
Uint32 device;
|
||||
|
||||
if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID))
|
||||
return -1;
|
||||
if (Csp1GetDevType(&device))
|
||||
return -1;
|
||||
if (device != NPX_DEVICE) {
|
||||
if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
|
||||
(Uint32 *)&core_assign)!= 0)
|
||||
return -1;
|
||||
}
|
||||
CspShutdown(CAVIUM_DEV_ID);
|
||||
|
||||
return CspInitialize(dma_mode, dev_id);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
|
||||
WOLFSSL_API int wolfSSL_Debugging_ON();
|
||||
#endif
|
||||
@@ -268,35 +286,49 @@ int benchmark_test(void *args)
|
||||
(void)args;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
#ifdef BENCH_EMBEDDED
|
||||
byte memory[50000];
|
||||
#else
|
||||
byte memory[400000];
|
||||
#endif
|
||||
|
||||
if (wc_LoadStaticMemory(&HEAP_HINT, memory, sizeof(memory),
|
||||
WOLFMEM_GENERAL, 1) != 0) {
|
||||
printf("unable to load static memory");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY)
|
||||
InitMemoryTracker();
|
||||
#endif
|
||||
|
||||
wolfCrypt_Init();
|
||||
INIT_CYCLE_COUNTER
|
||||
|
||||
#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
|
||||
wolfSSL_Debugging_ON();
|
||||
#endif
|
||||
#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
|
||||
wolfSSL_Debugging_ON();
|
||||
#endif
|
||||
|
||||
(void)plain;
|
||||
(void)cipher;
|
||||
(void)key;
|
||||
(void)iv;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
|
||||
if (ret != 0) {
|
||||
printf("Cavium OpenNitroxDevice failed\n");
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (wolfAsync_DevOpen(&devId) != 0) {
|
||||
printf("Async device open failed\n");
|
||||
exit(-1);
|
||||
}
|
||||
#endif /* HAVE_CAVIUM */
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) {
|
||||
printf("Whitewood netRandom config init failed\n");
|
||||
exit(-1);
|
||||
}
|
||||
#endif /* HAVE_WNR */
|
||||
#endif /* HAVE_WNR */
|
||||
|
||||
#if defined(HAVE_LOCAL_RNG)
|
||||
{
|
||||
@@ -384,16 +416,18 @@ int benchmark_test(void *args)
|
||||
|
||||
#ifndef NO_RSA
|
||||
bench_rsa();
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
bench_rsa_async();
|
||||
#endif
|
||||
#ifdef WOLFSSL_KEY_GEN
|
||||
bench_rsaKeyGen();
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef NO_DH
|
||||
bench_dh();
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
|
||||
bench_rsaKeyGen();
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NTRU
|
||||
bench_ntru();
|
||||
bench_ntruKeyGen();
|
||||
@@ -426,6 +460,10 @@ int benchmark_test(void *args)
|
||||
wc_FreeRng(&rng);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wolfAsync_DevClose(&devId);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
if (wc_FreeNetRandom() < 0) {
|
||||
printf("Failed to free netRandom context\n");
|
||||
@@ -452,9 +490,15 @@ static const char blockType[] = "kB"; /* used in printf output */
|
||||
#else
|
||||
enum BenchmarkBounds {
|
||||
numBlocks = 50, /* how many megs to test (en/de)cryption */
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
ntimes = 1000,
|
||||
genTimes = 1000,
|
||||
agreeTimes = 1000
|
||||
#else
|
||||
ntimes = 100,
|
||||
genTimes = 100,
|
||||
agreeTimes = 100
|
||||
#endif
|
||||
};
|
||||
static const char blockType[] = "megs"; /* used in printf output */
|
||||
#endif
|
||||
@@ -526,9 +570,9 @@ void bench_aes(int show)
|
||||
int i;
|
||||
int ret;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (wc_AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) {
|
||||
printf("aes init cavium failed\n");
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if ((ret = wc_AesAsyncInit(&enc, devId)) != 0) {
|
||||
printf("wc_AesAsyncInit failed, ret = %d\n", ret);
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
@@ -559,10 +603,10 @@ void bench_aes(int show)
|
||||
SHOW_INTEL_CYCLES
|
||||
printf("\n");
|
||||
}
|
||||
#ifdef HAVE_CAVIUM
|
||||
wc_AesFreeCavium(&enc);
|
||||
if (wc_AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) {
|
||||
printf("aes init cavium failed\n");
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wc_AesAsyncFree(&enc);
|
||||
if ((ret = wc_AesAsyncInit(&enc, devId)) != 0) {
|
||||
printf("wc_AesAsyncInit failed, ret = %d\n", ret);
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
@@ -593,8 +637,8 @@ void bench_aes(int show)
|
||||
SHOW_INTEL_CYCLES
|
||||
printf("\n");
|
||||
}
|
||||
#ifdef HAVE_CAVIUM
|
||||
wc_AesFreeCavium(&enc);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wc_AesAsyncFree(&enc);
|
||||
#endif
|
||||
}
|
||||
#endif /* HAVE_AES_CBC */
|
||||
@@ -805,9 +849,9 @@ void bench_des(void)
|
||||
double start, total, persec;
|
||||
int i, ret;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (wc_Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0)
|
||||
printf("des3 init cavium failed\n");
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (wc_Des3AsyncInit(&enc, devId) != 0)
|
||||
printf("des3 async init failed\n");
|
||||
#endif
|
||||
ret = wc_Des3_SetKey(&enc, key, iv, DES_ENCRYPTION);
|
||||
if (ret != 0) {
|
||||
@@ -833,8 +877,8 @@ void bench_des(void)
|
||||
blockType, total, persec);
|
||||
SHOW_INTEL_CYCLES
|
||||
printf("\n");
|
||||
#ifdef HAVE_CAVIUM
|
||||
wc_Des3_FreeCavium(&enc);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wc_Des3AsyncFree(&enc);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
@@ -882,9 +926,9 @@ void bench_arc4(void)
|
||||
double start, total, persec;
|
||||
int i;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (wc_Arc4InitCavium(&enc, CAVIUM_DEV_ID) != 0)
|
||||
printf("arc4 init cavium failed\n");
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (wc_Arc4AsyncInit(&enc, devId) != 0)
|
||||
printf("arc4 async init failed\n");
|
||||
#endif
|
||||
|
||||
wc_Arc4SetKey(&enc, key, 16);
|
||||
@@ -906,8 +950,8 @@ void bench_arc4(void)
|
||||
blockType, total, persec);
|
||||
SHOW_INTEL_CYCLES
|
||||
printf("\n");
|
||||
#ifdef HAVE_CAVIUM
|
||||
wc_Arc4FreeCavium(&enc);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
wc_Arc4AsyncFree(&enc);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
@@ -1395,7 +1439,7 @@ void bench_rsa(void)
|
||||
word32 idx = 0;
|
||||
const byte* tmp;
|
||||
|
||||
byte message[] = "Everyone gets Friday off.";
|
||||
const byte message[] = "Everyone gets Friday off.";
|
||||
byte enc[256]; /* for up to 2048 bit */
|
||||
const int len = (int)strlen((char*)message);
|
||||
double start, total, each, milliEach;
|
||||
@@ -1414,32 +1458,33 @@ void bench_rsa(void)
|
||||
#error "need a cert buffer size"
|
||||
#endif /* USE_CERT_BUFFERS */
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (wc_RsaInitCavium(&rsaKey, CAVIUM_DEV_ID) != 0)
|
||||
printf("RSA init cavium failed\n");
|
||||
#endif
|
||||
ret = wc_InitRsaKey(&rsaKey, 0);
|
||||
if (ret < 0) {
|
||||
printf("InitRsaKey failed\n");
|
||||
if ((ret = wc_InitRsaKey(&rsaKey, HEAP_HINT)) < 0) {
|
||||
printf("InitRsaKey failed! %d\n", ret);
|
||||
return;
|
||||
}
|
||||
|
||||
/* decode the private key */
|
||||
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes);
|
||||
|
||||
start = current_time(1);
|
||||
|
||||
for (i = 0; i < ntimes; i++)
|
||||
ret = wc_RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng);
|
||||
for (i = 0; i < ntimes; i++) {
|
||||
ret = wc_RsaPublicEncrypt(message, len, enc, sizeof(enc),
|
||||
&rsaKey, &rng);
|
||||
if (ret < 0) {
|
||||
break;
|
||||
}
|
||||
} /* for ntimes */
|
||||
|
||||
total = current_time(0) - start;
|
||||
each = total / ntimes; /* per second */
|
||||
milliEach = each * 1000; /* milliseconds */
|
||||
|
||||
printf("RSA %d encryption took %6.3f milliseconds, avg over %d"
|
||||
printf("RSA %d public %6.3f milliseconds, avg over %d"
|
||||
" iterations\n", rsaKeySz, milliEach, ntimes);
|
||||
|
||||
if (ret < 0) {
|
||||
printf("Rsa Public Encrypt failed\n");
|
||||
printf("Rsa Public Encrypt failed! %d\n", ret);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1448,24 +1493,231 @@ void bench_rsa(void)
|
||||
#endif
|
||||
start = current_time(1);
|
||||
|
||||
/* capture resulting encrypt length */
|
||||
idx = ret;
|
||||
|
||||
for (i = 0; i < ntimes; i++) {
|
||||
byte out[256]; /* for up to 2048 bit */
|
||||
wc_RsaPrivateDecrypt(enc, (word32)ret, out, sizeof(out), &rsaKey);
|
||||
}
|
||||
byte out[256]; /* for up to 2048 bit */
|
||||
|
||||
ret = wc_RsaPrivateDecrypt(enc, idx, out, sizeof(out), &rsaKey);
|
||||
if (ret < 0 && ret != WC_PENDING_E) {
|
||||
break;
|
||||
}
|
||||
} /* for ntimes */
|
||||
|
||||
total = current_time(0) - start;
|
||||
each = total / ntimes; /* per second */
|
||||
milliEach = each * 1000; /* milliseconds */
|
||||
|
||||
printf("RSA %d decryption took %6.3f milliseconds, avg over %d"
|
||||
printf("RSA %d private %6.3f milliseconds, avg over %d"
|
||||
" iterations\n", rsaKeySz, milliEach, ntimes);
|
||||
|
||||
wc_FreeRsaKey(&rsaKey);
|
||||
#ifdef HAVE_CAVIUM
|
||||
wc_RsaFreeCavium(&rsaKey);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
void bench_rsa_async(void)
|
||||
{
|
||||
int i;
|
||||
int ret;
|
||||
size_t bytes;
|
||||
word32 idx = 0;
|
||||
const byte* tmp;
|
||||
|
||||
const byte message[] = "Everyone gets Friday off.";
|
||||
byte enc[256]; /* for up to 2048 bit */
|
||||
const int len = (int)strlen((char*)message);
|
||||
double start, total, each, milliEach;
|
||||
|
||||
RsaKey rsaKey[WOLF_ASYNC_MAX_PENDING];
|
||||
int rsaKeySz = 2048; /* used in printf */
|
||||
|
||||
WOLF_EVENT events[WOLF_ASYNC_MAX_PENDING];
|
||||
WOLF_EVENT_QUEUE eventQueue;
|
||||
int evtNum, asyncDone, asyncPend;
|
||||
|
||||
#ifdef USE_CERT_BUFFERS_1024
|
||||
tmp = rsa_key_der_1024;
|
||||
bytes = sizeof_rsa_key_der_1024;
|
||||
rsaKeySz = 1024;
|
||||
#elif defined(USE_CERT_BUFFERS_2048)
|
||||
tmp = rsa_key_der_2048;
|
||||
bytes = sizeof_rsa_key_der_2048;
|
||||
#else
|
||||
#error "need a cert buffer size"
|
||||
#endif /* USE_CERT_BUFFERS */
|
||||
|
||||
/* init event queue */
|
||||
ret = wolfEventQueue_Init(&eventQueue);
|
||||
if (ret != 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* clear for done cleanup */
|
||||
XMEMSET(&events, 0, sizeof(events));
|
||||
XMEMSET(&rsaKey, 0, sizeof(rsaKey));
|
||||
|
||||
/* init events and keys */
|
||||
for (i = 0; i < WOLF_ASYNC_MAX_PENDING; i++) {
|
||||
/* setup an async context for each key */
|
||||
if ((ret = wc_InitRsaKey_ex(&rsaKey[i], HEAP_HINT, devId)) < 0) {
|
||||
goto done;
|
||||
}
|
||||
#ifdef WC_RSA_BLINDING
|
||||
wc_RsaSetRNG(&rsaKey[i], &rng);
|
||||
#endif
|
||||
if ((ret = wolfAsync_EventInit(&events[i],
|
||||
WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, &rsaKey[i].asyncDev)) != 0) {
|
||||
goto done;
|
||||
}
|
||||
events[i].pending = 0; /* Reset pending flag */
|
||||
|
||||
/* decode the private key */
|
||||
idx = 0;
|
||||
if ((ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsaKey[i],
|
||||
(word32)bytes)) != 0) {
|
||||
printf("wc_RsaPrivateKeyDecode failed! %d\n", ret);
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
/* begin public async RSA */
|
||||
start = current_time(1);
|
||||
|
||||
asyncPend = 0;
|
||||
for (i = 0; i < ntimes; ) {
|
||||
|
||||
/* while free pending slots in queue, submit RSA operations */
|
||||
for (evtNum = 0; evtNum < WOLF_ASYNC_MAX_PENDING; evtNum++) {
|
||||
if (events[evtNum].done || (events[evtNum].pending == 0 &&
|
||||
(i + asyncPend) < ntimes))
|
||||
{
|
||||
/* check for event error */
|
||||
if (events[evtNum].ret != WC_PENDING_E && events[evtNum].ret < 0) {
|
||||
printf("wc_RsaPublicEncrypt: Async event error: %d\n", events[evtNum].ret);
|
||||
goto done;
|
||||
}
|
||||
|
||||
ret = wc_RsaPublicEncrypt(message, len, enc, sizeof(enc),
|
||||
&rsaKey[evtNum], &rng);
|
||||
if (ret == WC_PENDING_E) {
|
||||
ret = wc_RsaAsyncHandle(&rsaKey[evtNum], &eventQueue,
|
||||
&events[evtNum]);
|
||||
if (ret != 0) goto done;
|
||||
asyncPend++;
|
||||
}
|
||||
else if (ret >= 0) {
|
||||
/* operation completed */
|
||||
i++;
|
||||
asyncPend--;
|
||||
events[evtNum].done = 0;
|
||||
}
|
||||
else {
|
||||
printf("wc_RsaPublicEncrypt failed: %d\n", ret);
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
} /* for evtNum */
|
||||
|
||||
/* poll until there are events done */
|
||||
if (asyncPend > 0) {
|
||||
do {
|
||||
ret = wolfAsync_EventQueuePoll(&eventQueue, NULL, NULL, 0,
|
||||
WOLF_POLL_FLAG_CHECK_HW, &asyncDone);
|
||||
if (ret != 0) goto done;
|
||||
} while (asyncDone == 0);
|
||||
}
|
||||
} /* for ntimes */
|
||||
|
||||
total = current_time(0) - start;
|
||||
each = total / ntimes; /* per second */
|
||||
milliEach = each * 1000; /* milliseconds */
|
||||
|
||||
printf("RSA %d public async %6.3f milliseconds, avg over %d"
|
||||
" iterations\n", rsaKeySz, milliEach, ntimes);
|
||||
|
||||
if (ret < 0) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
||||
/* begin private async RSA */
|
||||
start = current_time(1);
|
||||
|
||||
/* capture resulting encrypt length */
|
||||
idx = sizeof(enc); /* fixed at 2048 bit */
|
||||
|
||||
asyncPend = 0;
|
||||
for (i = 0; i < ntimes; ) {
|
||||
byte out[256]; /* for up to 2048 bit */
|
||||
|
||||
/* while free pending slots in queue, submit RSA operations */
|
||||
for (evtNum = 0; evtNum < WOLF_ASYNC_MAX_PENDING; evtNum++) {
|
||||
if (events[evtNum].done || (events[evtNum].pending == 0 &&
|
||||
(i + asyncPend) < ntimes))
|
||||
{
|
||||
/* check for event error */
|
||||
if (events[evtNum].ret != WC_PENDING_E && events[evtNum].ret < 0) {
|
||||
printf("wc_RsaPrivateDecrypt: Async event error: %d\n", events[evtNum].ret);
|
||||
goto done;
|
||||
}
|
||||
|
||||
ret = wc_RsaPrivateDecrypt(enc, idx, out, sizeof(out),
|
||||
&rsaKey[evtNum]);
|
||||
if (ret == WC_PENDING_E) {
|
||||
ret = wc_RsaAsyncHandle(&rsaKey[evtNum], &eventQueue,
|
||||
&events[evtNum]);
|
||||
if (ret != 0) goto done;
|
||||
asyncPend++;
|
||||
}
|
||||
else if (ret >= 0) {
|
||||
/* operation completed */
|
||||
i++;
|
||||
asyncPend--;
|
||||
events[evtNum].done = 0;
|
||||
}
|
||||
else {
|
||||
printf("wc_RsaPrivateDecrypt failed: %d\n", ret);
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
} /* for evtNum */
|
||||
|
||||
/* poll until there are events done */
|
||||
if (asyncPend > 0) {
|
||||
do {
|
||||
ret = wolfAsync_EventQueuePoll(&eventQueue, NULL, NULL, 0,
|
||||
WOLF_POLL_FLAG_CHECK_HW, &asyncDone);
|
||||
if (ret != 0) goto done;
|
||||
} while (asyncDone == 0);
|
||||
}
|
||||
} /* for ntimes */
|
||||
|
||||
total = current_time(0) - start;
|
||||
each = total / ntimes; /* per second */
|
||||
milliEach = each * 1000; /* milliseconds */
|
||||
|
||||
printf("RSA %d private async %6.3f milliseconds, avg over %d"
|
||||
" iterations\n", rsaKeySz, milliEach, ntimes);
|
||||
|
||||
done:
|
||||
|
||||
if (ret < 0) {
|
||||
printf("bench_rsa_async failed: %d\n", ret);
|
||||
}
|
||||
|
||||
/* cleanup */
|
||||
for (i = 0; i < WOLF_ASYNC_MAX_PENDING; i++) {
|
||||
wc_FreeRsaKey(&rsaKey[i]);
|
||||
}
|
||||
|
||||
/* free event queue */
|
||||
wolfEventQueue_Free(&eventQueue);
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
|
||||
#ifndef NO_DH
|
||||
@@ -1572,7 +1824,7 @@ void bench_rsaKeyGen(void)
|
||||
start = current_time(1);
|
||||
|
||||
for(i = 0; i < genTimes; i++) {
|
||||
wc_InitRsaKey(&genKey, 0);
|
||||
wc_InitRsaKey(&genKey, HEAP_HINT);
|
||||
wc_MakeRsaKey(&genKey, 1024, 65537, &rng);
|
||||
wc_FreeRsaKey(&genKey);
|
||||
}
|
||||
@@ -1588,7 +1840,7 @@ void bench_rsaKeyGen(void)
|
||||
start = current_time(1);
|
||||
|
||||
for(i = 0; i < genTimes; i++) {
|
||||
wc_InitRsaKey(&genKey, 0);
|
||||
wc_InitRsaKey(&genKey, HEAP_HINT);
|
||||
wc_MakeRsaKey(&genKey, 2048, 65537, &rng);
|
||||
wc_FreeRsaKey(&genKey);
|
||||
}
|
||||
@@ -1845,7 +2097,7 @@ void bench_eccKeyGen(void)
|
||||
start = current_time(1);
|
||||
|
||||
for(i = 0; i < genTimes; i++) {
|
||||
wc_ecc_init(&genKey);
|
||||
wc_ecc_init_ex(&genKey, HEAP_HINT, devId);
|
||||
wc_ecc_make_key(&rng, 32, &genKey);
|
||||
wc_ecc_free(&genKey);
|
||||
}
|
||||
@@ -1871,8 +2123,8 @@ void bench_eccKeyAgree(void)
|
||||
byte digest[32];
|
||||
word32 x = 0;
|
||||
|
||||
wc_ecc_init(&genKey);
|
||||
wc_ecc_init(&genKey2);
|
||||
wc_ecc_init_ex(&genKey, HEAP_HINT, devId);
|
||||
wc_ecc_init_ex(&genKey2, HEAP_HINT, devId);
|
||||
|
||||
ret = wc_ecc_make_key(&rng, 32, &genKey);
|
||||
if (ret != 0) {
|
||||
@@ -1958,8 +2210,8 @@ void bench_eccEncrypt(void)
|
||||
int ret, i;
|
||||
double start, total, each, milliEach;
|
||||
|
||||
wc_ecc_init(&userA);
|
||||
wc_ecc_init(&userB);
|
||||
wc_ecc_init_ex(&userA, HEAP_HINT, devId);
|
||||
wc_ecc_init_ex(&userB, HEAP_HINT, devId);
|
||||
|
||||
wc_ecc_make_key(&rng, 32, &userA);
|
||||
wc_ecc_make_key(&rng, 32, &userB);
|
||||
@@ -2249,7 +2501,7 @@ void bench_ed25519KeySign(void)
|
||||
}
|
||||
|
||||
#elif defined(WOLFSSL_EMBOS)
|
||||
|
||||
|
||||
#include "RTOS.h"
|
||||
|
||||
double current_time(int reset)
|
||||
|
||||
+655
-345
File diff suppressed because it is too large
Load Diff
+16
-70
@@ -28,23 +28,19 @@
|
||||
|
||||
#ifndef NO_RC4
|
||||
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
#include <wolfssl/wolfcrypt/arc4.h>
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
static void wc_Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length);
|
||||
static void wc_Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in,
|
||||
word32 length);
|
||||
#endif
|
||||
|
||||
|
||||
void wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
|
||||
{
|
||||
word32 i;
|
||||
word32 keyIndex = 0, stateIndex = 0;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (arc4->magic == WOLFSSL_ARC4_CAVIUM_MAGIC)
|
||||
return wc_Arc4CaviumSetKey(arc4, key, length);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) && !defined(HAVE_CAVIUM_V)
|
||||
if (arc4->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ARC4) {
|
||||
return NitroxArc4SetKey(arc4, key, length);
|
||||
}
|
||||
#endif
|
||||
|
||||
arc4->x = 1;
|
||||
@@ -85,9 +81,10 @@ void wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
|
||||
word32 x;
|
||||
word32 y;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (arc4->magic == WOLFSSL_ARC4_CAVIUM_MAGIC)
|
||||
return wc_Arc4CaviumProcess(arc4, out, in, length);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) && !defined(HAVE_CAVIUM_V)
|
||||
if (arc4->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ARC4) {
|
||||
return NitroxArc4Process(arc4, out, in, length);
|
||||
}
|
||||
#endif
|
||||
|
||||
x = arc4->x;
|
||||
@@ -101,79 +98,28 @@ void wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
||||
#include <wolfssl/wolfcrypt/logging.h>
|
||||
#include "cavium_common.h"
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
|
||||
/* Initialize Arc4 for use with Nitrox device */
|
||||
int wc_Arc4InitCavium(Arc4* arc4, int devId)
|
||||
int wc_Arc4AsyncInit(Arc4* arc4, int devId)
|
||||
{
|
||||
if (arc4 == NULL)
|
||||
return -1;
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (CspAllocContext(CONTEXT_SSL, &arc4->contextHandle, devId) != 0)
|
||||
return -1;
|
||||
|
||||
arc4->devId = devId;
|
||||
arc4->magic = WOLFSSL_ARC4_CAVIUM_MAGIC;
|
||||
|
||||
return 0;
|
||||
return wolfAsync_DevCtxInit(&arc4->asyncDev, WOLFSSL_ASYNC_MARKER_ARC4, devId);
|
||||
}
|
||||
|
||||
|
||||
/* Free Arc4 from use with Nitrox device */
|
||||
void wc_Arc4FreeCavium(Arc4* arc4)
|
||||
void wc_Arc4AsyncFree(Arc4* arc4)
|
||||
{
|
||||
if (arc4 == NULL)
|
||||
return;
|
||||
|
||||
if (arc4->magic != WOLFSSL_ARC4_CAVIUM_MAGIC)
|
||||
return;
|
||||
|
||||
CspFreeContext(CONTEXT_SSL, arc4->contextHandle, arc4->devId);
|
||||
arc4->magic = 0;
|
||||
wolfAsync_DevCtxFree(&arc4->asyncDev);
|
||||
}
|
||||
|
||||
|
||||
static void wc_Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length)
|
||||
{
|
||||
word32 requestId;
|
||||
|
||||
if (CspInitializeRc4(CAVIUM_BLOCKING, arc4->contextHandle, length,
|
||||
(byte*)key, &requestId, arc4->devId) != 0) {
|
||||
WOLFSSL_MSG("Bad Cavium Arc4 Init");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void wc_Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in,
|
||||
word32 length)
|
||||
{
|
||||
wolfssl_word offset = 0;
|
||||
word32 requestId;
|
||||
|
||||
while (length > WOLFSSL_MAX_16BIT) {
|
||||
word16 slen = (word16)WOLFSSL_MAX_16BIT;
|
||||
if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE,
|
||||
slen, (byte*)in + offset, out + offset, &requestId,
|
||||
arc4->devId) != 0) {
|
||||
WOLFSSL_MSG("Bad Cavium Arc4 Encrypt");
|
||||
}
|
||||
length -= WOLFSSL_MAX_16BIT;
|
||||
offset += WOLFSSL_MAX_16BIT;
|
||||
}
|
||||
if (length) {
|
||||
word16 slen = (word16)length;
|
||||
if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE,
|
||||
slen, (byte*)in + offset, out + offset, &requestId,
|
||||
arc4->devId) != 0) {
|
||||
WOLFSSL_MSG("Bad Cavium Arc4 Encrypt");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
#endif /* NO_RC4 */
|
||||
|
||||
|
||||
+112
-98
@@ -646,7 +646,7 @@ static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version)
|
||||
}
|
||||
#endif /* !NO_ASN_TIME */
|
||||
|
||||
WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
|
||||
int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
|
||||
word32 maxIdx)
|
||||
{
|
||||
word32 i = *inOutIdx;
|
||||
@@ -676,6 +676,65 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
|
||||
static int GetIntRsa(RsaKey* key, mp_int* mpi, const byte* input,
|
||||
word32* inOutIdx, word32 maxIdx)
|
||||
{
|
||||
word32 i = *inOutIdx;
|
||||
byte b = input[i++];
|
||||
int length;
|
||||
|
||||
(void)key;
|
||||
|
||||
if (b != ASN_INTEGER)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
if (GetLength(input, &i, &length, maxIdx) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
if (length > 0) {
|
||||
/* remove leading zero */
|
||||
if ( (b = input[i++]) == 0x00)
|
||||
length--;
|
||||
else
|
||||
i--;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
|
||||
XMEMSET(mpi, 0, sizeof(mp_int));
|
||||
mpi->used = length;
|
||||
#ifdef USE_FAST_MATH
|
||||
if (length > (FP_SIZE * (int)sizeof(fp_digit))) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
mpi->dpraw = (byte*)mpi->dp;
|
||||
#else
|
||||
mpi->dpraw = (byte*)XMALLOC(length, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
|
||||
#endif
|
||||
if (mpi->dpraw == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
XMEMCPY(mpi->dpraw, input + i, length);
|
||||
}
|
||||
else
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT && HAVE_CAVIUM */
|
||||
{
|
||||
if (mp_init(mpi) != MP_OKAY)
|
||||
return MP_INIT_E;
|
||||
|
||||
if (mp_read_unsigned_bin(mpi, (byte*)input + i, length) != 0) {
|
||||
mp_clear(mpi);
|
||||
return ASN_GETINT_E;
|
||||
}
|
||||
}
|
||||
|
||||
*inOutIdx = i + length;
|
||||
return 0;
|
||||
}
|
||||
#endif /* !NO_RSA && !HAVE_USER_RSA */
|
||||
|
||||
|
||||
/* hashType */
|
||||
static const byte hashMd2hOid[] = {42, 134, 72, 134, 247, 13, 2, 2};
|
||||
@@ -1297,78 +1356,11 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
|
||||
|
||||
#ifndef NO_RSA
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
||||
static int GetCaviumInt(byte** buff, word16* buffSz, const byte* input,
|
||||
word32* inOutIdx, word32 maxIdx, void* heap)
|
||||
{
|
||||
word32 i = *inOutIdx;
|
||||
byte b = input[i++];
|
||||
int length;
|
||||
|
||||
if (b != ASN_INTEGER)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
if (GetLength(input, &i, &length, maxIdx) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
if ( (b = input[i++]) == 0x00)
|
||||
length--;
|
||||
else
|
||||
i--;
|
||||
|
||||
*buffSz = (word16)length;
|
||||
*buff = XMALLOC(*buffSz, heap, DYNAMIC_TYPE_CAVIUM_RSA);
|
||||
if (*buff == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
XMEMCPY(*buff, input + i, *buffSz);
|
||||
|
||||
*inOutIdx = i + length;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int CaviumRsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
|
||||
RsaKey* key, word32 inSz)
|
||||
{
|
||||
int version, length;
|
||||
void* h = key->heap;
|
||||
|
||||
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
if (GetMyVersion(input, inOutIdx, &version) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
key->type = RSA_PRIVATE;
|
||||
|
||||
if (GetCaviumInt(&key->c_n, &key->c_nSz, input, inOutIdx, inSz, h) < 0 ||
|
||||
GetCaviumInt(&key->c_e, &key->c_eSz, input, inOutIdx, inSz, h) < 0 ||
|
||||
GetCaviumInt(&key->c_d, &key->c_dSz, input, inOutIdx, inSz, h) < 0 ||
|
||||
GetCaviumInt(&key->c_p, &key->c_pSz, input, inOutIdx, inSz, h) < 0 ||
|
||||
GetCaviumInt(&key->c_q, &key->c_qSz, input, inOutIdx, inSz, h) < 0 ||
|
||||
GetCaviumInt(&key->c_dP, &key->c_dP_Sz, input, inOutIdx, inSz, h) < 0 ||
|
||||
GetCaviumInt(&key->c_dQ, &key->c_dQ_Sz, input, inOutIdx, inSz, h) < 0 ||
|
||||
GetCaviumInt(&key->c_u, &key->c_uSz, input, inOutIdx, inSz, h) < 0 )
|
||||
return ASN_RSA_KEY_E;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
#ifndef HAVE_USER_RSA
|
||||
int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
|
||||
word32 inSz)
|
||||
{
|
||||
int version, length;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
|
||||
return CaviumRsaPrivateKeyDecode(input, inOutIdx, key, inSz);
|
||||
#endif
|
||||
int version, length;
|
||||
|
||||
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
@@ -1378,14 +1370,14 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
|
||||
|
||||
key->type = RSA_PRIVATE;
|
||||
|
||||
if (GetInt(&key->n, input, inOutIdx, inSz) < 0 ||
|
||||
GetInt(&key->e, input, inOutIdx, inSz) < 0 ||
|
||||
GetInt(&key->d, input, inOutIdx, inSz) < 0 ||
|
||||
GetInt(&key->p, input, inOutIdx, inSz) < 0 ||
|
||||
GetInt(&key->q, input, inOutIdx, inSz) < 0 ||
|
||||
GetInt(&key->dP, input, inOutIdx, inSz) < 0 ||
|
||||
GetInt(&key->dQ, input, inOutIdx, inSz) < 0 ||
|
||||
GetInt(&key->u, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E;
|
||||
if (GetIntRsa(key, &key->n, input, inOutIdx, inSz) < 0 ||
|
||||
GetIntRsa(key, &key->e, input, inOutIdx, inSz) < 0 ||
|
||||
GetIntRsa(key, &key->d, input, inOutIdx, inSz) < 0 ||
|
||||
GetIntRsa(key, &key->p, input, inOutIdx, inSz) < 0 ||
|
||||
GetIntRsa(key, &key->q, input, inOutIdx, inSz) < 0 ||
|
||||
GetIntRsa(key, &key->dP, input, inOutIdx, inSz) < 0 ||
|
||||
GetIntRsa(key, &key->dQ, input, inOutIdx, inSz) < 0 ||
|
||||
GetIntRsa(key, &key->u, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -3674,11 +3666,22 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
||||
else {
|
||||
XMEMCPY(plain, sig, sigSz);
|
||||
|
||||
if ((verifySz = wc_RsaSSL_VerifyInline(plain, sigSz, &out,
|
||||
pubKey)) < 0) {
|
||||
ret = 0;
|
||||
do {
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_RsaAsyncWait(ret, pubKey);
|
||||
#endif
|
||||
if (ret >= 0) {
|
||||
ret = wc_RsaSSL_VerifyInline(plain, sigSz, &out,
|
||||
pubKey);
|
||||
}
|
||||
} while (ret == WC_PENDING_E);
|
||||
|
||||
if (ret < 0) {
|
||||
WOLFSSL_MSG("Rsa SSL verify error");
|
||||
}
|
||||
else {
|
||||
verifySz = ret;
|
||||
/* make sure we're right justified */
|
||||
encodedSigSz =
|
||||
wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
|
||||
@@ -5071,7 +5074,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
||||
}
|
||||
#endif
|
||||
|
||||
if (verify && type != CA_TYPE && type != TRUSTED_PEER_TYPE) {
|
||||
if (verify != NO_VERIFY && type != CA_TYPE && type != TRUSTED_PEER_TYPE) {
|
||||
Signer* ca = NULL;
|
||||
#ifndef NO_SKID
|
||||
if (cert->extAuthKeyIdSet)
|
||||
@@ -5096,23 +5099,26 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
#endif /* HAVE_OCSP */
|
||||
/* try to confirm/verify signature */
|
||||
if (!ConfirmSignature(cert->source + cert->certBegin,
|
||||
cert->sigIndex - cert->certBegin,
|
||||
ca->publicKey, ca->pubKeySize, ca->keyOID,
|
||||
cert->signature, cert->sigLength, cert->signatureOID,
|
||||
cert->heap)) {
|
||||
WOLFSSL_MSG("Confirm signature failed");
|
||||
return ASN_SIG_CONFIRM_E;
|
||||
|
||||
if (verify == VERIFY) {
|
||||
/* try to confirm/verify signature */
|
||||
if (!ConfirmSignature(cert->source + cert->certBegin,
|
||||
cert->sigIndex - cert->certBegin,
|
||||
ca->publicKey, ca->pubKeySize, ca->keyOID,
|
||||
cert->signature, cert->sigLength, cert->signatureOID,
|
||||
cert->heap)) {
|
||||
WOLFSSL_MSG("Confirm signature failed");
|
||||
return ASN_SIG_CONFIRM_E;
|
||||
}
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
/* check that this cert's name is permitted by the signer's
|
||||
* name constraints */
|
||||
if (!ConfirmNameConstraints(ca, cert)) {
|
||||
WOLFSSL_MSG("Confirm name constraint failed");
|
||||
return ASN_NAME_INVALID_E;
|
||||
}
|
||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||
}
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
/* check that this cert's name is permitted by the signer's
|
||||
* name constraints */
|
||||
if (!ConfirmNameConstraints(ca, cert)) {
|
||||
WOLFSSL_MSG("Confirm name constraint failed");
|
||||
return ASN_NAME_INVALID_E;
|
||||
}
|
||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||
}
|
||||
else {
|
||||
/* no signer */
|
||||
@@ -5569,7 +5575,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
|
||||
n[0] = ASN_INTEGER;
|
||||
nSz = SetLength(rawLen, n + 1) + 1; /* int tag */
|
||||
|
||||
if ( (nSz + rawLen) < MAX_RSA_INT_SZ) {
|
||||
if ( (nSz + rawLen) <= MAX_RSA_INT_SZ) {
|
||||
if (leadingBit)
|
||||
n[nSz] = 0;
|
||||
#ifdef HAVE_USER_RSA
|
||||
@@ -7359,7 +7365,15 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
|
||||
if (rsaKey) {
|
||||
/* signature */
|
||||
encSigSz = wc_EncodeSignature(encSig, digest, digestSz, typeH);
|
||||
ret = wc_RsaSSL_Sign(encSig, encSigSz, sig, sigSz, rsaKey, rng);
|
||||
ret = 0;
|
||||
do {
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_RsaAsyncWait(ret, rsaKey);
|
||||
#endif
|
||||
if (ret >= 0) {
|
||||
ret = wc_RsaSSL_Sign(encSig, encSigSz, sig, sigSz, rsaKey, rng);
|
||||
}
|
||||
} while (ret == WC_PENDING_E);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
+27
-134
@@ -31,13 +31,6 @@
|
||||
#include <wolfssl/wolfcrypt/des3.h>
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
#ifdef HAVE_CAVIUM
|
||||
static int wc_Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv);
|
||||
static int wc_Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
|
||||
word32 length);
|
||||
static int wc_Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
|
||||
word32 length);
|
||||
#endif
|
||||
|
||||
int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
|
||||
{
|
||||
@@ -98,23 +91,24 @@ int wc_Des3_SetIV(Des3* des, const byte* iv)
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
|
||||
/* Initialize Des3 for use with Nitrox device */
|
||||
int wc_Des3_InitCavium(Des3* des3, int devId)
|
||||
int wc_Des3AsyncInit(Des3* des3, int devId)
|
||||
{
|
||||
return Des3_InitCavium(des3, devId);
|
||||
return Des3AsyncInit(des3, devId);
|
||||
}
|
||||
|
||||
|
||||
/* Free Des3 from use with Nitrox device */
|
||||
void wc_Des3_FreeCavium(Des3* des3)
|
||||
void wc_Des3AsyncFree(Des3* des3)
|
||||
{
|
||||
Des3_FreeCavium(des3);
|
||||
Des3AsyncFree(des3);
|
||||
}
|
||||
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
#else /* build without fips */
|
||||
|
||||
#if defined(WOLFSSL_TI_CRYPT)
|
||||
@@ -132,17 +126,6 @@ void wc_Des3_FreeCavium(Des3* des3)
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
static int wc_Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv);
|
||||
static int wc_Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
|
||||
word32 length);
|
||||
static int wc_Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
|
||||
word32 length);
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
|
||||
#ifdef STM32F2_CRYPTO
|
||||
/*
|
||||
* STM32F2 hardware DES/3DES support through the STM32F2 standard
|
||||
@@ -150,7 +133,7 @@ void wc_Des3_FreeCavium(Des3* des3)
|
||||
* Peripheral Library document (See note in README).
|
||||
*/
|
||||
#include "stm32f2xx.h"
|
||||
#include "stm32f2xx_cryp.h"
|
||||
#include "stm32f2xx_cryp.h"
|
||||
|
||||
int wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
|
||||
{
|
||||
@@ -1292,9 +1275,10 @@ int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
|
||||
{
|
||||
int ret;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC)
|
||||
return wc_Des3_CaviumSetKey(des, key, iv);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
if (des->asyncDev.marker == WOLFSSL_ASYNC_MARKER_3DES) {
|
||||
return NitroxDes3SetKey(des, key, iv);
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = DesSetKey(key + (dir == DES_ENCRYPTION ? 0:16), dir, des->key[0]);
|
||||
@@ -1433,9 +1417,10 @@ int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
|
||||
{
|
||||
word32 blocks;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC)
|
||||
return wc_Des3_CaviumCbcEncrypt(des, out, in, sz);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
if (des->asyncDev.marker == WOLFSSL_ASYNC_MARKER_3DES) {
|
||||
return NitroxDes3CbcEncrypt(des, out, in, sz);
|
||||
}
|
||||
#endif
|
||||
|
||||
blocks = sz / DES_BLOCK_SIZE;
|
||||
@@ -1455,9 +1440,10 @@ int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
|
||||
{
|
||||
word32 blocks;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (des->magic == WOLFSSL_3DES_CAVIUM_MAGIC)
|
||||
return wc_Des3_CaviumCbcDecrypt(des, out, in, sz);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
if (des->asyncDev.marker == WOLFSSL_ASYNC_MARKER_3DES) {
|
||||
return NitroxDes3CbcDecrypt(des, out, in, sz);
|
||||
}
|
||||
#endif
|
||||
|
||||
blocks = sz / DES_BLOCK_SIZE;
|
||||
@@ -1513,122 +1499,29 @@ int wc_Des3_SetIV(Des3* des, const byte* iv)
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
||||
#include "cavium_common.h"
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
|
||||
/* Initialize Des3 for use with Nitrox device */
|
||||
int wc_Des3_InitCavium(Des3* des3, int devId)
|
||||
int wc_Des3AsyncInit(Des3* des3, int devId)
|
||||
{
|
||||
if (des3 == NULL)
|
||||
return -1;
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (CspAllocContext(CONTEXT_SSL, &des3->contextHandle, devId) != 0)
|
||||
return -1;
|
||||
|
||||
des3->devId = devId;
|
||||
des3->magic = WOLFSSL_3DES_CAVIUM_MAGIC;
|
||||
|
||||
return 0;
|
||||
return wolfAsync_DevCtxInit(&des3->asyncDev, WOLFSSL_ASYNC_MARKER_3DES, devId);
|
||||
}
|
||||
|
||||
|
||||
/* Free Des3 from use with Nitrox device */
|
||||
void wc_Des3_FreeCavium(Des3* des3)
|
||||
void wc_Des3AsyncFree(Des3* des3)
|
||||
{
|
||||
if (des3 == NULL)
|
||||
return;
|
||||
|
||||
if (des3->magic != WOLFSSL_3DES_CAVIUM_MAGIC)
|
||||
return;
|
||||
|
||||
CspFreeContext(CONTEXT_SSL, des3->contextHandle, des3->devId);
|
||||
des3->magic = 0;
|
||||
wolfAsync_DevCtxFree(&des3->asyncDev);
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
static int wc_Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv)
|
||||
{
|
||||
if (des3 == NULL)
|
||||
return -1;
|
||||
|
||||
/* key[0] holds key, iv in reg */
|
||||
XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3);
|
||||
|
||||
return wc_Des3_SetIV(des3, iv);
|
||||
}
|
||||
|
||||
|
||||
static int wc_Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
|
||||
word32 length)
|
||||
{
|
||||
wolfssl_word offset = 0;
|
||||
word32 requestId;
|
||||
|
||||
while (length > WOLFSSL_MAX_16BIT) {
|
||||
word16 slen = (word16)WOLFSSL_MAX_16BIT;
|
||||
if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
|
||||
CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
|
||||
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
|
||||
&requestId, des3->devId) != 0) {
|
||||
WOLFSSL_MSG("Bad Cavium 3DES Cbc Encrypt");
|
||||
return -1;
|
||||
}
|
||||
length -= WOLFSSL_MAX_16BIT;
|
||||
offset += WOLFSSL_MAX_16BIT;
|
||||
XMEMCPY(des3->reg, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
|
||||
}
|
||||
if (length) {
|
||||
word16 slen = (word16)length;
|
||||
|
||||
if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
|
||||
CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
|
||||
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
|
||||
&requestId, des3->devId) != 0) {
|
||||
WOLFSSL_MSG("Bad Cavium 3DES Cbc Encrypt");
|
||||
return -1;
|
||||
}
|
||||
XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int wc_Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
|
||||
word32 length)
|
||||
{
|
||||
word32 requestId;
|
||||
wolfssl_word offset = 0;
|
||||
|
||||
while (length > WOLFSSL_MAX_16BIT) {
|
||||
word16 slen = (word16)WOLFSSL_MAX_16BIT;
|
||||
XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
|
||||
if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
|
||||
CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset,
|
||||
(byte*)des3->reg, (byte*)des3->key[0], &requestId,
|
||||
des3->devId) != 0) {
|
||||
WOLFSSL_MSG("Bad Cavium 3Des Decrypt");
|
||||
return -1;
|
||||
}
|
||||
length -= WOLFSSL_MAX_16BIT;
|
||||
offset += WOLFSSL_MAX_16BIT;
|
||||
XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
|
||||
}
|
||||
if (length) {
|
||||
word16 slen = (word16)length;
|
||||
XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE,DES_BLOCK_SIZE);
|
||||
if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
|
||||
CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset,
|
||||
(byte*)des3->reg, (byte*)des3->key[0], &requestId,
|
||||
des3->devId) != 0) {
|
||||
WOLFSSL_MSG("Bad Cavium 3Des Decrypt");
|
||||
return -1;
|
||||
}
|
||||
XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
#endif /* WOLFSSL_TI_CRYPT */
|
||||
#endif /* HAVE_FIPS */
|
||||
#endif /* NO_DES3 */
|
||||
|
||||
+245
-40
@@ -436,7 +436,7 @@ const ecc_set_type ecc_sets[] = {
|
||||
"9487239995A5EE76B55F9C2F098", /* Gx */
|
||||
"A89CE5AF8724C0A23E0E0FF77500", /* Gy */
|
||||
ecc_oid_secp112r1, /* oid/oidSz */
|
||||
sizeof(ecc_oid_secp112r1) / sizeof(ecc_oid_t),
|
||||
sizeof(ecc_oid_secp112r1) / sizeof(ecc_oid_t),
|
||||
ECC_SECP112R1_OID, /* oid sum */
|
||||
1, /* cofactor */
|
||||
},
|
||||
@@ -805,7 +805,7 @@ const ecc_set_type ecc_sets[] = {
|
||||
"8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
|
||||
"547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
|
||||
ecc_oid_brainpoolp256r1, /* oid/oidSz */
|
||||
sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t),
|
||||
sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t),
|
||||
ECC_BRAINPOOLP256R1_OID, /* oid sum */
|
||||
1, /* cofactor */
|
||||
},
|
||||
@@ -936,7 +936,7 @@ static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen);
|
||||
|
||||
static int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id)
|
||||
{
|
||||
if (keysize <=0 && curve_id <= 0) {
|
||||
if (keysize <= 0 && curve_id <= 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@@ -1037,12 +1037,12 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
|
||||
return ecc_projective_dbl_point(P, R, a, modulus, mp);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (err != MP_OKAY) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* If use ALT_ECC_SIZE we need to use local stack variable since
|
||||
/* If use ALT_ECC_SIZE we need to use local stack variable since
|
||||
ecc_point x,y,z is reduced size */
|
||||
#ifdef ALT_ECC_SIZE
|
||||
/* Use local stack variable */
|
||||
@@ -1312,7 +1312,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
|
||||
return err;
|
||||
}
|
||||
|
||||
/* If use ALT_ECC_SIZE we need to use local stack variable since
|
||||
/* If use ALT_ECC_SIZE we need to use local stack variable since
|
||||
ecc_point x,y,z is reduced size */
|
||||
#ifdef ALT_ECC_SIZE
|
||||
/* Use local stack variable */
|
||||
@@ -1571,7 +1571,7 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
|
||||
if ((err = mp_init_multi(x, y, z, NULL, NULL, NULL)) != MP_OKAY) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy(P->x, x);
|
||||
if (err == MP_OKAY)
|
||||
@@ -1871,11 +1871,34 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
|
||||
{
|
||||
return wc_ecc_mulmod_ex(k, G, R, a, modulus, map, NULL);
|
||||
}
|
||||
#endif /* ! FP_ECC */
|
||||
#endif /* !FP_ECC */
|
||||
#undef WINSIZE
|
||||
|
||||
#else /* ECC_TIMING_RESISTANT */
|
||||
|
||||
|
||||
#ifndef WC_NO_CACHE_RESISTANT
|
||||
#if defined(TFM_TIMING_RESISTANT) && defined(USE_FAST_MATH)
|
||||
/* let's use the one we already have */
|
||||
extern const wolfssl_word wc_off_on_addr[2];
|
||||
#else
|
||||
static const wolfssl_word wc_off_on_addr[2] =
|
||||
{
|
||||
#if defined(WC_64BIT_CPU)
|
||||
W64LIT(0x0000000000000000),
|
||||
W64LIT(0xffffffffffffffff)
|
||||
#elif defined(WC_16BIT_CPU)
|
||||
0x0000U,
|
||||
0xffffU
|
||||
#else
|
||||
/* 32 bit */
|
||||
0x00000000U,
|
||||
0xffffffffU
|
||||
#endif
|
||||
};
|
||||
#endif /* TFM_TIMING_RESISTANT && USE_FAST_MATH */
|
||||
#endif /* WC_NO_CACHE_RESISTANT */
|
||||
|
||||
/**
|
||||
Perform a point multiplication (timing resistant)
|
||||
k The scalar to multiply by
|
||||
@@ -1979,7 +2002,7 @@ int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
|
||||
break;
|
||||
}
|
||||
buf = get_digit(k, digidx);
|
||||
bitcnt = (int) DIGIT_BIT;
|
||||
bitcnt = (int)DIGIT_BIT;
|
||||
--digidx;
|
||||
}
|
||||
|
||||
@@ -2013,10 +2036,49 @@ int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
|
||||
if (err == MP_OKAY)
|
||||
err = ecc_projective_add_point(M[0], M[1], M[i^1], a, modulus,
|
||||
mp);
|
||||
#ifdef WC_NO_CACHE_RESISTANT
|
||||
if (err == MP_OKAY)
|
||||
err = ecc_projective_dbl_point(M[i], M[i], a, modulus, mp);
|
||||
#else
|
||||
/* instead of using M[i] for double, which leaks key bit to cache
|
||||
* monitor, use M[2] as temp, make sure address calc is constant,
|
||||
* keep &M[0] and &M[1] in cache */
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy((mp_int*)
|
||||
( ((wolfssl_word)&M[0]->x & wc_off_on_addr[i^1]) +
|
||||
((wolfssl_word)&M[1]->x & wc_off_on_addr[i])),
|
||||
M[2]->x);
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy((mp_int*)
|
||||
( ((wolfssl_word)&M[0]->y & wc_off_on_addr[i^1]) +
|
||||
((wolfssl_word)&M[1]->y & wc_off_on_addr[i])),
|
||||
M[2]->y);
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy((mp_int*)
|
||||
( ((wolfssl_word)&M[0]->z & wc_off_on_addr[i^1]) +
|
||||
((wolfssl_word)&M[1]->z & wc_off_on_addr[i])),
|
||||
M[2]->z);
|
||||
if (err == MP_OKAY)
|
||||
err = ecc_projective_dbl_point(M[2], M[2], a, modulus, mp);
|
||||
/* copy M[2] back to M[i] */
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy(M[2]->x,
|
||||
(mp_int*)
|
||||
( ((wolfssl_word)&M[0]->x & wc_off_on_addr[i^1]) +
|
||||
((wolfssl_word)&M[1]->x & wc_off_on_addr[i])) );
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy(M[2]->y,
|
||||
(mp_int*)
|
||||
( ((wolfssl_word)&M[0]->y & wc_off_on_addr[i^1]) +
|
||||
((wolfssl_word)&M[1]->y & wc_off_on_addr[i])) );
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy(M[2]->z,
|
||||
(mp_int*)
|
||||
( ((wolfssl_word)&M[0]->z & wc_off_on_addr[i^1]) +
|
||||
((wolfssl_word)&M[1]->z & wc_off_on_addr[i])) );
|
||||
if (err != MP_OKAY)
|
||||
break;
|
||||
#endif /* WC_NO_CACHE_RESISTANT */
|
||||
} /* end for */
|
||||
}
|
||||
|
||||
@@ -2223,8 +2285,9 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
int err;
|
||||
|
||||
if (private_key == NULL || public_key == NULL || out == NULL ||
|
||||
outlen == NULL)
|
||||
outlen == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* type valid? */
|
||||
if (private_key->type != ECC_PRIVATEKEY) {
|
||||
@@ -2242,6 +2305,24 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (private_key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
|
||||
#ifdef HAVE_CAVIUM
|
||||
/* TODO: Not implemented */
|
||||
#else
|
||||
AsyncCryptTestDev* testDev = &private_key->asyncDev.dev;
|
||||
if (testDev->type == ASYNC_TEST_NONE) {
|
||||
testDev->type = ASYNC_TEST_ECC_SHARED_SEC;
|
||||
testDev->eccSharedSec.private_key = private_key;
|
||||
testDev->eccSharedSec.public_key = public_key;
|
||||
testDev->eccSharedSec.out = out;
|
||||
testDev->eccSharedSec.outLen = outlen;
|
||||
return WC_PENDING_E;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
/* make new point */
|
||||
result = wc_ecc_new_point_h(private_key->heap);
|
||||
if (result == NULL) {
|
||||
@@ -2302,8 +2383,10 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
|
||||
mp_int a;
|
||||
int err;
|
||||
|
||||
if (private_key == NULL || point == NULL || out == NULL || outlen == NULL)
|
||||
if (private_key == NULL || point == NULL || out == NULL ||
|
||||
outlen == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* type valid? */
|
||||
if (private_key->type != ECC_PRIVATEKEY) {
|
||||
@@ -2391,6 +2474,24 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
|
||||
return err;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
|
||||
#ifdef HAVE_CAVIUM
|
||||
/* TODO: Not implemented */
|
||||
#else
|
||||
AsyncCryptTestDev* testDev = &key->asyncDev.dev;
|
||||
if (testDev->type == ASYNC_TEST_NONE) {
|
||||
testDev->type = ASYNC_TEST_ECC_MAKE;
|
||||
testDev->eccMake.rng = rng;
|
||||
testDev->eccMake.key = key;
|
||||
testDev->eccMake.size = keysize;
|
||||
testDev->eccMake.curve_id = curve_id;
|
||||
return WC_PENDING_E;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (buf == NULL)
|
||||
@@ -2567,13 +2668,18 @@ int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key)
|
||||
return wc_ecc_make_key_ex(rng, keysize, key, ECC_CURVE_DEF);
|
||||
}
|
||||
|
||||
/* Setup dynamic pointers is using normal math for proper freeing */
|
||||
int wc_ecc_init(ecc_key* key)
|
||||
|
||||
/* Setup dynamic pointers if using normal math for proper freeing */
|
||||
int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (key == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
(void)devId;
|
||||
|
||||
#ifdef ECC_DUMP_OID
|
||||
wc_ecc_dump_oids();
|
||||
#endif
|
||||
@@ -2590,8 +2696,9 @@ int wc_ecc_init(ecc_key* key)
|
||||
#endif
|
||||
|
||||
#ifdef ALT_ECC_SIZE
|
||||
if (mp_init(&key->k) != MP_OKAY)
|
||||
if (mp_init(&key->k) != MP_OKAY) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
|
||||
key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
|
||||
@@ -2604,26 +2711,26 @@ int wc_ecc_init(ecc_key* key)
|
||||
#ifdef WOLFSSL_HEAP_TEST
|
||||
key->heap = (void*)WOLFSSL_HEAP_TEST;
|
||||
#else
|
||||
key->heap = NULL;
|
||||
key->heap = heap;
|
||||
#endif
|
||||
|
||||
return MP_OKAY;
|
||||
}
|
||||
|
||||
|
||||
int wc_ecc_init_h(ecc_key* key, void* heap)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if ((ret = wc_ecc_init(key)) != MP_OKAY) {
|
||||
return ret;
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (devId != INVALID_DEVID) {
|
||||
/* handle as async */
|
||||
ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC,
|
||||
devId);
|
||||
}
|
||||
#endif
|
||||
|
||||
key->heap = heap;
|
||||
|
||||
return MP_OKAY;
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wc_ecc_init(ecc_key* key)
|
||||
{
|
||||
return wc_ecc_init_ex(key, NULL, INVALID_DEVID);
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_ECC_SIGN
|
||||
|
||||
#ifndef NO_ASN
|
||||
@@ -2644,16 +2751,40 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
|
||||
int err;
|
||||
|
||||
if (in == NULL || out == NULL || outlen == NULL ||
|
||||
key == NULL || rng == NULL)
|
||||
key == NULL || rng == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
|
||||
#ifdef HAVE_CAVIUM
|
||||
/* TODO: Not implemented */
|
||||
#else
|
||||
AsyncCryptTestDev* testDev = &key->asyncDev.dev;
|
||||
if (testDev->type == ASYNC_TEST_NONE) {
|
||||
testDev->type = ASYNC_TEST_ECC_SIGN;
|
||||
testDev->eccSign.in = in;
|
||||
testDev->eccSign.inSz = inlen;
|
||||
testDev->eccSign.out = out;
|
||||
testDev->eccSign.outSz = outlen;
|
||||
testDev->eccSign.rng = rng;
|
||||
testDev->eccSign.key = key;
|
||||
return WC_PENDING_E;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((err = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL)) != MP_OKAY) {
|
||||
return err;
|
||||
}
|
||||
|
||||
err = wc_ecc_sign_hash_ex(in, inlen, rng, key, &r, &s);
|
||||
if (err == MP_OKAY)
|
||||
if (err == MP_OKAY) {
|
||||
/* encoded with DSA header */
|
||||
err = StoreECC_DSA_Sig(out, outlen, &r, &s);
|
||||
}
|
||||
|
||||
#ifndef USE_FAST_MATH
|
||||
mp_clear(&r);
|
||||
@@ -2780,8 +2911,15 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
|
||||
*/
|
||||
void wc_ecc_free(ecc_key* key)
|
||||
{
|
||||
if (key == NULL)
|
||||
if (key == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
|
||||
wolfAsync_DevCtxFree(&key->asyncDev);
|
||||
}
|
||||
#endif
|
||||
|
||||
mp_clear(key->pubkey.x);
|
||||
mp_clear(key->pubkey.y);
|
||||
@@ -3048,12 +3186,33 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
|
||||
mp_int s;
|
||||
int err;
|
||||
|
||||
if (sig == NULL || hash == NULL || stat == NULL || key == NULL)
|
||||
if (sig == NULL || hash == NULL || stat == NULL || key == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
/* default to invalid signature */
|
||||
*stat = 0;
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
|
||||
#ifdef HAVE_CAVIUM
|
||||
/* TODO: Not implemented */
|
||||
#else
|
||||
AsyncCryptTestDev* testDev = &key->asyncDev.dev;
|
||||
if (testDev->type == ASYNC_TEST_NONE) {
|
||||
testDev->type = ASYNC_TEST_ECC_VERIFY;
|
||||
testDev->eccVerify.in = sig;
|
||||
testDev->eccVerify.inSz = siglen;
|
||||
testDev->eccVerify.out = hash;
|
||||
testDev->eccVerify.outSz = hashlen;
|
||||
testDev->eccVerify.stat = stat;
|
||||
testDev->eccVerify.key = key;
|
||||
return WC_PENDING_E;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
|
||||
* If either of those don't allocate correctly, none of
|
||||
* the rest of this function will execute, and everything
|
||||
@@ -3689,7 +3848,7 @@ static int ecc_check_pubkey_order(ecc_key* key, mp_int* a, mp_int* prime,
|
||||
if (inf == NULL)
|
||||
err = MEMORY_E;
|
||||
else {
|
||||
err = wc_ecc_mulmod_ex(order, &key->pubkey, inf, a, prime, 1,
|
||||
err = wc_ecc_mulmod_ex(order, &key->pubkey, inf, a, prime, 1,
|
||||
key->heap);
|
||||
if (err == MP_OKAY && !wc_ecc_point_is_at_infinity(inf))
|
||||
err = ECC_INF_E;
|
||||
@@ -5680,7 +5839,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
|
||||
ctx->cliSt = ecCLI_SALT_SET;
|
||||
else {
|
||||
ctx->cliSt = ecCLI_BAD_STATE;
|
||||
return BAD_ENC_STATE_E;
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
}
|
||||
else {
|
||||
@@ -5689,7 +5848,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
|
||||
ctx->srvSt = ecSRV_SALT_SET;
|
||||
else {
|
||||
ctx->srvSt = ecSRV_BAD_STATE;
|
||||
return BAD_ENC_STATE_E;
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5871,13 +6030,13 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
keysLen *= 2;
|
||||
|
||||
if (ctx->srvSt != ecSRV_RECV_REQ)
|
||||
return BAD_ENC_STATE_E;
|
||||
return BAD_STATE_E;
|
||||
|
||||
ctx->srvSt = ecSRV_BAD_STATE; /* we're done no more ops allowed */
|
||||
}
|
||||
else if (ctx->protocol == REQ_RESP_CLIENT) {
|
||||
if (ctx->cliSt != ecCLI_SALT_SET)
|
||||
return BAD_ENC_STATE_E;
|
||||
return BAD_STATE_E;
|
||||
|
||||
ctx->cliSt = ecCLI_SENT_REQ; /* only do this once */
|
||||
}
|
||||
@@ -6023,13 +6182,13 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
keysLen *= 2;
|
||||
|
||||
if (ctx->cliSt != ecCLI_SENT_REQ)
|
||||
return BAD_ENC_STATE_E;
|
||||
return BAD_STATE_E;
|
||||
|
||||
ctx->cliSt = ecSRV_BAD_STATE; /* we're done no more ops allowed */
|
||||
}
|
||||
else if (ctx->protocol == REQ_RESP_SERVER) {
|
||||
if (ctx->srvSt != ecSRV_SALT_SET)
|
||||
return BAD_ENC_STATE_E;
|
||||
return BAD_STATE_E;
|
||||
|
||||
ctx->srvSt = ecSRV_RECV_REQ; /* only do this once */
|
||||
}
|
||||
@@ -6518,7 +6677,7 @@ int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
key->idx = WOLFSSL_CUSTOM_CURVES;
|
||||
key->idx = ECC_CUSTOM_IDX;
|
||||
key->dp = dp;
|
||||
|
||||
return 0;
|
||||
@@ -6526,4 +6685,50 @@ int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp)
|
||||
#endif /* WOLFSSL_CUSTOM_CURVES */
|
||||
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
|
||||
int wc_ecc_async_handle(ecc_key* key, WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (key == NULL || queue == NULL || event == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* make sure this ECC context had "wc_EccAsyncInit" called on it */
|
||||
if (key->asyncDev.marker != WOLFSSL_ASYNC_MARKER_ECC) {
|
||||
return ASYNC_INIT_E;
|
||||
}
|
||||
|
||||
/* setup the event and push to queue */
|
||||
ret = wolfAsync_EventInit(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL, &key->asyncDev);
|
||||
if (ret == 0) {
|
||||
ret = wolfEventQueue_Push(queue, event);
|
||||
}
|
||||
|
||||
/* check for error (helps with debugging) */
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("wc_EccAsyncHandle failed");
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wc_ecc_async_wait(int ret, ecc_key* key)
|
||||
{
|
||||
if (ret == WC_PENDING_E) {
|
||||
WOLF_EVENT event;
|
||||
XMEMSET(&event, 0, sizeof(event));
|
||||
ret = wolfAsync_EventInit(&event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL, &key->asyncDev);
|
||||
if (ret == 0) {
|
||||
ret = wolfAsync_EventWait(&event);
|
||||
if (ret == 0 && event.ret >= 0) {
|
||||
ret = event.ret;
|
||||
}
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
+13
-7
@@ -62,6 +62,15 @@ const char* wc_GetErrorString(int error)
|
||||
case BAD_MUTEX_E :
|
||||
return "Bad mutex, operation failed";
|
||||
|
||||
case WC_TIMEOUT_E:
|
||||
return "Timeout error";
|
||||
|
||||
case WC_PENDING_E:
|
||||
return "wolfCrypt Operation Pending (would block / eagain) error";
|
||||
|
||||
case WC_NOT_PENDING_E:
|
||||
return "wolfCrypt operation not pending error";
|
||||
|
||||
case MP_INIT_E :
|
||||
return "mp_init error state";
|
||||
|
||||
@@ -227,8 +236,8 @@ const char* wc_GetErrorString(int error)
|
||||
case AES_CCM_AUTH_E:
|
||||
return "AES-CCM Authentication check fail";
|
||||
|
||||
case CAVIUM_INIT_E:
|
||||
return "Cavium Init type error";
|
||||
case ASYNC_INIT_E:
|
||||
return "Async Init error";
|
||||
|
||||
case COMPRESS_INIT_E:
|
||||
return "Compress Init error";
|
||||
@@ -257,8 +266,8 @@ const char* wc_GetErrorString(int error)
|
||||
case ASN_OCSP_CONFIRM_E :
|
||||
return "ASN OCSP sig error, confirm failure";
|
||||
|
||||
case BAD_ENC_STATE_E:
|
||||
return "Bad ecc encrypt state operation";
|
||||
case BAD_STATE_E:
|
||||
return "Bad state operation";
|
||||
|
||||
case BAD_PADDING_E:
|
||||
return "Bad padding, message wrong length";
|
||||
@@ -377,9 +386,6 @@ const char* wc_GetErrorString(int error)
|
||||
case HASH_TYPE_E:
|
||||
return "Hash type not enabled/available";
|
||||
|
||||
case WC_PENDING_E:
|
||||
return "wolfCrypt Operation Pending (would block / eagain) error";
|
||||
|
||||
case WC_KEY_SIZE_E:
|
||||
return "Key size error, either too small or large";
|
||||
|
||||
|
||||
+55
-13
@@ -34,42 +34,54 @@
|
||||
#include <wolfssl/wolfcrypt/hash.h>
|
||||
|
||||
|
||||
#ifndef NO_ASN
|
||||
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
|
||||
|
||||
#ifdef NO_ASN
|
||||
enum Hash_Sum {
|
||||
MD2h = 646,
|
||||
MD5h = 649,
|
||||
SHAh = 88,
|
||||
SHA256h = 414,
|
||||
SHA384h = 415,
|
||||
SHA512h = 416
|
||||
};
|
||||
#endif
|
||||
|
||||
int wc_HashGetOID(enum wc_HashType hash_type)
|
||||
{
|
||||
int oid = HASH_TYPE_E; /* Default to hash type error */
|
||||
switch(hash_type)
|
||||
{
|
||||
case WC_HASH_TYPE_MD2:
|
||||
#ifdef WOLFSSL_MD2
|
||||
#ifdef WOLFSSL_MD2
|
||||
oid = MD2h;
|
||||
#endif
|
||||
#endif
|
||||
break;
|
||||
case WC_HASH_TYPE_MD5_SHA:
|
||||
case WC_HASH_TYPE_MD5:
|
||||
#ifndef NO_MD5
|
||||
#ifndef NO_MD5
|
||||
oid = MD5h;
|
||||
#endif
|
||||
#endif
|
||||
break;
|
||||
case WC_HASH_TYPE_SHA:
|
||||
#ifndef NO_SHA
|
||||
#ifndef NO_SHA
|
||||
oid = SHAh;
|
||||
#endif
|
||||
#endif
|
||||
break;
|
||||
case WC_HASH_TYPE_SHA256:
|
||||
#ifndef NO_SHA256
|
||||
#ifndef NO_SHA256
|
||||
oid = SHA256h;
|
||||
#endif
|
||||
#endif
|
||||
break;
|
||||
case WC_HASH_TYPE_SHA384:
|
||||
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_SHA384)
|
||||
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_SHA384)
|
||||
oid = SHA384h;
|
||||
#endif
|
||||
#endif
|
||||
break;
|
||||
case WC_HASH_TYPE_SHA512:
|
||||
#ifdef WOLFSSL_SHA512
|
||||
#ifdef WOLFSSL_SHA512
|
||||
oid = SHA512h;
|
||||
#endif
|
||||
#endif
|
||||
break;
|
||||
|
||||
/* Not Supported */
|
||||
@@ -312,6 +324,21 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
|
||||
#endif /* !defined(WOLFSSL_TI_HASH) */
|
||||
|
||||
#if defined(WOLFSSL_SHA512)
|
||||
int wc_Sha512GetHash(Sha512* sha512, byte* hash)
|
||||
{
|
||||
int ret;
|
||||
Sha512 save;
|
||||
|
||||
if (sha512 == NULL || hash == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
save= *sha512;
|
||||
ret = wc_Sha512Final(sha512, hash);
|
||||
*sha512 = save;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -345,6 +372,21 @@ int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_SHA384)
|
||||
int wc_Sha384GetHash(Sha384* sha384, byte* hash)
|
||||
{
|
||||
int ret;
|
||||
Sha384 save;
|
||||
|
||||
if (sha384 == NULL || hash == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
save= *sha384;
|
||||
ret = wc_Sha384Final(sha384, hash);
|
||||
*sha384 = save;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
+83
-159
@@ -50,16 +50,16 @@ int wc_HmacFinal(Hmac* hmac, byte* out)
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
int wc_HmacInitCavium(Hmac* hmac, int i)
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
int wc_HmacAsyncInit(Hmac* hmac, int i)
|
||||
{
|
||||
return HmacInitCavium(hmac, i);
|
||||
return HmacAsyncInit(hmac, i);
|
||||
}
|
||||
|
||||
|
||||
void wc_HmacFreeCavium(Hmac* hmac)
|
||||
void wc_HmacAsyncFree(Hmac* hmac)
|
||||
{
|
||||
HmacFreeCavium(hmac);
|
||||
HmacAsyncFree(hmac);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -105,12 +105,48 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
static int HmacCaviumFinal(Hmac* hmac, byte* hash);
|
||||
static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length);
|
||||
static int HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
|
||||
word32 length);
|
||||
#endif
|
||||
int wc_HmacSizeByType(int type)
|
||||
{
|
||||
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
|
||||
|| type == SHA512 || type == BLAKE2B_ID)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
switch (type) {
|
||||
#ifndef NO_MD5
|
||||
case MD5:
|
||||
return MD5_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
#ifndef NO_SHA
|
||||
case SHA:
|
||||
return SHA_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
#ifndef NO_SHA256
|
||||
case SHA256:
|
||||
return SHA256_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case SHA384:
|
||||
return SHA384_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case SHA512:
|
||||
return SHA512_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_BLAKE2
|
||||
case BLAKE2B_ID:
|
||||
return BLAKE2B_OUTBYTES;
|
||||
#endif
|
||||
|
||||
default:
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
|
||||
static int InitHmac(Hmac* hmac, int type)
|
||||
{
|
||||
@@ -175,9 +211,10 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
|
||||
word32 i, hmac_block_size = 0;
|
||||
int ret;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
|
||||
return HmacCaviumSetKey(hmac, type, key, length);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
|
||||
return NitroxHmacSetKey(hmac, type, key, length);
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = InitHmac(hmac, type);
|
||||
@@ -391,9 +428,10 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
|
||||
{
|
||||
int ret;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
|
||||
return HmacCaviumUpdate(hmac, msg, length);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
|
||||
return NitroxHmacUpdate(hmac, msg, length);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!hmac->innerHashKeyed) {
|
||||
@@ -459,9 +497,10 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
|
||||
{
|
||||
int ret;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (hmac->magic == WOLFSSL_HMAC_CAVIUM_MAGIC)
|
||||
return HmacCaviumFinal(hmac, hash);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) {
|
||||
return NitroxHmacFinal(hmac, hash);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!hmac->innerHashKeyed) {
|
||||
@@ -606,129 +645,57 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
|
||||
/* Initialize Hmac for use with Nitrox device */
|
||||
int wc_HmacInitCavium(Hmac* hmac, int devId)
|
||||
int wc_HmacAsyncInit(Hmac* hmac, int devId)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (hmac == NULL)
|
||||
return -1;
|
||||
|
||||
if (CspAllocContext(CONTEXT_SSL, &hmac->contextHandle, devId) != 0)
|
||||
return -1;
|
||||
ret = wolfAsync_DevCtxInit(&hmac->asyncDev, WOLFSSL_ASYNC_MARKER_HMAC, devId);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
hmac->keyLen = 0;
|
||||
hmac->dataLen = 0;
|
||||
hmac->type = 0;
|
||||
hmac->devId = devId;
|
||||
hmac->magic = WOLFSSL_HMAC_CAVIUM_MAGIC;
|
||||
hmac->data = NULL; /* buffered input data */
|
||||
|
||||
hmac->innerHashKeyed = 0;
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
/* default to NULL heap hint or test value */
|
||||
#ifdef WOLFSSL_HEAP_TEST
|
||||
hmac->heap = (void)WOLFSSL_HEAP_TEST;
|
||||
#else
|
||||
hmac->heap = NULL;
|
||||
#endif
|
||||
#endif /* WOLFSSL_HEAP_TEST */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Free Hmac from use with Nitrox device */
|
||||
void wc_HmacFreeCavium(Hmac* hmac)
|
||||
void wc_HmacAsyncFree(Hmac* hmac)
|
||||
{
|
||||
if (hmac == NULL)
|
||||
return;
|
||||
|
||||
CspFreeContext(CONTEXT_SSL, hmac->contextHandle, hmac->devId);
|
||||
hmac->magic = 0;
|
||||
XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
|
||||
wolfAsync_DevCtxFree(&hmac->asyncDev);
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
XFREE(hmac->data, hmac->heap, DYNAMIC_TYPE_ASYNC_TMP);
|
||||
hmac->data = NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
static int HmacCaviumFinal(Hmac* hmac, byte* hash)
|
||||
{
|
||||
word32 requestId;
|
||||
|
||||
if (CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen,
|
||||
(byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId,
|
||||
hmac->devId) != 0) {
|
||||
WOLFSSL_MSG("Cavium Hmac failed");
|
||||
return -1;
|
||||
}
|
||||
hmac->innerHashKeyed = 0; /* tell update to start over if used again */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
|
||||
{
|
||||
word16 add = (word16)length;
|
||||
word32 total;
|
||||
byte* tmp;
|
||||
|
||||
if (length > WOLFSSL_MAX_16BIT) {
|
||||
WOLFSSL_MSG("Too big msg for cavium hmac");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (hmac->innerHashKeyed == 0) { /* starting new */
|
||||
hmac->dataLen = 0;
|
||||
hmac->innerHashKeyed = 1;
|
||||
}
|
||||
|
||||
total = add + hmac->dataLen;
|
||||
if (total > WOLFSSL_MAX_16BIT) {
|
||||
WOLFSSL_MSG("Too big msg for cavium hmac");
|
||||
return -1;
|
||||
}
|
||||
|
||||
tmp = XMALLOC(hmac->dataLen + add, hmac->heap ,DYNAMIC_TYPE_CAVIUM_TMP);
|
||||
if (tmp == NULL) {
|
||||
WOLFSSL_MSG("Out of memory for cavium update");
|
||||
return -1;
|
||||
}
|
||||
if (hmac->dataLen)
|
||||
XMEMCPY(tmp, hmac->data, hmac->dataLen);
|
||||
XMEMCPY(tmp + hmac->dataLen, msg, add);
|
||||
|
||||
hmac->dataLen += add;
|
||||
XFREE(hmac->data, hmac->heap, DYNAMIC_TYPE_CAVIUM_TMP);
|
||||
hmac->data = tmp;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int HmacCaviumSetKey(Hmac* hmac, int type, const byte* key,
|
||||
word32 length)
|
||||
{
|
||||
hmac->macType = (byte)type;
|
||||
if (type == MD5)
|
||||
hmac->type = MD5_TYPE;
|
||||
else if (type == SHA)
|
||||
hmac->type = SHA1_TYPE;
|
||||
else if (type == SHA256)
|
||||
hmac->type = SHA256_TYPE;
|
||||
else {
|
||||
WOLFSSL_MSG("unsupported cavium hmac type");
|
||||
}
|
||||
|
||||
hmac->innerHashKeyed = 0; /* should we key Startup flag */
|
||||
|
||||
hmac->keyLen = (word16)length;
|
||||
/* store key in ipad */
|
||||
XMEMCPY(hmac->ipad, key, length);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
int wolfSSL_GetHmacMaxSize(void)
|
||||
{
|
||||
@@ -748,49 +715,6 @@ int wolfSSL_GetHmacMaxSize(void)
|
||||
#endif /* WOLFSSL_HAVE_MIN */
|
||||
|
||||
|
||||
static INLINE int GetHashSizeByType(int type)
|
||||
{
|
||||
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
|
||||
|| type == SHA512 || type == BLAKE2B_ID))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
switch (type) {
|
||||
#ifndef NO_MD5
|
||||
case MD5:
|
||||
return MD5_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
#ifndef NO_SHA
|
||||
case SHA:
|
||||
return SHA_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
#ifndef NO_SHA256
|
||||
case SHA256:
|
||||
return SHA256_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case SHA384:
|
||||
return SHA384_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case SHA512:
|
||||
return SHA512_DIGEST_SIZE;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_BLAKE2
|
||||
case BLAKE2B_ID:
|
||||
return BLAKE2B_OUTBYTES;
|
||||
#endif
|
||||
|
||||
default:
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* HMAC-KDF with hash type, optional salt and info, return 0 on success */
|
||||
int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
||||
const byte* salt, word32 saltSz,
|
||||
@@ -806,7 +730,7 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
||||
byte prk[MAX_DIGEST_SIZE];
|
||||
#endif
|
||||
const byte* localSalt; /* either points to user input or tmp */
|
||||
int hashSz = GetHashSizeByType(type);
|
||||
int hashSz = wc_HmacSizeByType(type);
|
||||
word32 outIdx = 0;
|
||||
byte n = 0x1;
|
||||
int ret;
|
||||
@@ -815,13 +739,13 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (tmp == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (prk == NULL) {
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
@@ -873,8 +797,8 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(prk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, hmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(prk, hmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
|
||||
@@ -44,6 +44,11 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
|
||||
wolfcrypt/src/port/ti/ti-hash.c \
|
||||
wolfcrypt/src/port/ti/ti-ccm.c \
|
||||
wolfcrypt/src/port/pic32/pic32mz-hash.c \
|
||||
wolfcrypt/src/port/nrf51.c
|
||||
wolfcrypt/src/port/nrf51.c \
|
||||
wolfcrypt/src/port/arm/armv8-sha256.c
|
||||
|
||||
if BUILD_CAVIUM
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/cavium/cavium_nitrox.c
|
||||
|
||||
EXTRA_DIST += wolfcrypt/src/port/cavium/README.md
|
||||
endif
|
||||
|
||||
+117
-6
@@ -196,6 +196,92 @@ static int create_memory_buckets(byte* buffer, word32 bufSz,
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap)
|
||||
{
|
||||
word32 wc_MemSz[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS };
|
||||
word32 wc_Dist[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST };
|
||||
|
||||
if (heap == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
XMEMSET(heap, 0, sizeof(WOLFSSL_HEAP));
|
||||
|
||||
XMEMCPY(heap->sizeList, wc_MemSz, sizeof(wc_MemSz));
|
||||
XMEMCPY(heap->distList, wc_Dist, sizeof(wc_Dist));
|
||||
|
||||
if (InitMutex(&(heap->memory_mutex)) != 0) {
|
||||
WOLFSSL_MSG("Error creating heap memory mutex");
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
|
||||
unsigned char* buf, unsigned int sz, int flag, int max)
|
||||
{
|
||||
int ret;
|
||||
WOLFSSL_HEAP* heap;
|
||||
WOLFSSL_HEAP_HINT* hint;
|
||||
word32 idx = 0;
|
||||
|
||||
if (pHint == NULL || buf == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)) > sz - idx) {
|
||||
return BUFFER_E; /* not enough memory for structures */
|
||||
}
|
||||
|
||||
/* check if hint has already been assigned */
|
||||
if (*pHint == NULL) {
|
||||
heap = (WOLFSSL_HEAP*)buf;
|
||||
idx += sizeof(WOLFSSL_HEAP);
|
||||
hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
|
||||
idx += sizeof(WOLFSSL_HEAP_HINT);
|
||||
|
||||
ret = wolfSSL_init_memory_heap(heap);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
|
||||
hint->memory = heap;
|
||||
}
|
||||
else {
|
||||
#ifdef WOLFSSL_HEAP_TEST
|
||||
/* do not load in memory if test has been set */
|
||||
if (heap == (void*)WOLFSSL_HEAP_TEST) {
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
hint = (WOLFSSL_HEAP_HINT*)(*pHint);
|
||||
heap = hint->memory;
|
||||
}
|
||||
|
||||
ret = wolfSSL_load_static_memory(buf + idx, sz - idx, flag, heap);
|
||||
if (ret != 1) {
|
||||
WOLFSSL_MSG("Error partitioning memory");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* determine what max applies too */
|
||||
if ((flag & WOLFMEM_IO_POOL) || (flag & WOLFMEM_IO_POOL_FIXED)) {
|
||||
heap->maxIO = max;
|
||||
}
|
||||
else { /* general memory used in handshakes */
|
||||
heap->maxHa = max;
|
||||
}
|
||||
|
||||
heap->flag |= flag;
|
||||
*pHint = hint;
|
||||
|
||||
(void)max;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag,
|
||||
WOLFSSL_HEAP* heap)
|
||||
@@ -219,6 +305,10 @@ int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag,
|
||||
ava--;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
printf("Allocated %d bytes for static memory @ %p\n", ava, pt);
|
||||
#endif
|
||||
|
||||
/* devide into chunks of memory and add them to available list */
|
||||
while (ava >= (heap->sizeList[0] + padSz + memSz)) {
|
||||
int i;
|
||||
@@ -392,7 +482,11 @@ int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap, WOLFSSL_MEM_STATS* stats)
|
||||
}
|
||||
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
void* wolfSSL_Malloc(size_t size, void* heap, int type, const char* func, unsigned int line)
|
||||
#else
|
||||
void* wolfSSL_Malloc(size_t size, void* heap, int type)
|
||||
#endif
|
||||
{
|
||||
void* res = 0;
|
||||
wc_Memory* pt = NULL;
|
||||
@@ -473,6 +567,10 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
|
||||
mem->alloc += 1;
|
||||
res = pt->buffer;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
printf("Alloc: %p -> %u at %s:%d\n", pt->buffer, pt->sz, func, line);
|
||||
#endif
|
||||
|
||||
/* keep track of connection statistics if flag is set */
|
||||
if (mem->flag & WOLFMEM_TRACK_STATS) {
|
||||
WOLFSSL_MEM_CONN_STATS* stats = hint->stats;
|
||||
@@ -512,7 +610,11 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
|
||||
}
|
||||
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
void wolfSSL_Free(void *ptr, void* heap, int type, const char* func, unsigned int line)
|
||||
#else
|
||||
void wolfSSL_Free(void *ptr, void* heap, int type)
|
||||
#endif
|
||||
{
|
||||
int i;
|
||||
wc_Memory* pt;
|
||||
@@ -579,6 +681,10 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
|
||||
mem->inUse -= pt->sz;
|
||||
mem->frAlc += 1;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
printf("Free: %p -> %u at %s:%d\n", pt->buffer, pt->sz, func, line);
|
||||
#endif
|
||||
|
||||
/* keep track of connection statistics if flag is set */
|
||||
if (mem->flag & WOLFMEM_TRACK_STATS) {
|
||||
WOLFSSL_MEM_CONN_STATS* stats = hint->stats;
|
||||
@@ -606,8 +712,11 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
|
||||
(void)type;
|
||||
}
|
||||
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line)
|
||||
#else
|
||||
void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
|
||||
#endif
|
||||
{
|
||||
void* res = 0;
|
||||
wc_Memory* pt = NULL;
|
||||
@@ -678,7 +787,11 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
|
||||
|
||||
/* free memory that was previously being used */
|
||||
UnLockMutex(&(mem->memory_mutex));
|
||||
wolfSSL_Free(ptr, heap, type);
|
||||
wolfSSL_Free(ptr, heap, type
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
, func, line
|
||||
#endif
|
||||
);
|
||||
if (LockMutex(&(mem->memory_mutex)) != 0) {
|
||||
WOLFSSL_MSG("Bad memory_mutex lock");
|
||||
return NULL;
|
||||
@@ -719,7 +832,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
|
||||
|
||||
|
||||
/* allow simple per thread in and out pools */
|
||||
/* use 17k size sense max record size is 16k plus overhead */
|
||||
/* use 17k size since max record size is 16k plus overhead */
|
||||
static THREAD_LS_T byte pool_in[17*1024];
|
||||
static THREAD_LS_T byte pool_out[17*1024];
|
||||
|
||||
@@ -766,9 +879,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type)
|
||||
return realloc(p, n);
|
||||
}
|
||||
|
||||
|
||||
/* unit api calls, let's make sure visible with WOLFSSL_API */
|
||||
WOLFSSL_API void XFREE(void *p, void* heap, int type)
|
||||
void XFREE(void *p, void* heap, int type)
|
||||
{
|
||||
(void)heap;
|
||||
|
||||
|
||||
@@ -0,0 +1,666 @@
|
||||
/* armv8-sha256.c
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
#if !defined(NO_SHA256) && defined(WOLFSSL_ARMASM)
|
||||
#include <wolfssl/wolfcrypt/sha256.h>
|
||||
#include <wolfssl/wolfcrypt/logging.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
|
||||
#ifdef NO_INLINE
|
||||
#include <wolfssl/wolfcrypt/misc.h>
|
||||
#else
|
||||
#define WOLFSSL_MISC_INCLUDED
|
||||
#include <wolfcrypt/src/misc.c>
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_HAVE_MIN
|
||||
#define WOLFSSL_HAVE_MIN
|
||||
|
||||
static INLINE word32 min(word32 a, word32 b)
|
||||
{
|
||||
return a > b ? b : a;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_HAVE_MIN */
|
||||
|
||||
#if !defined (ALIGN32)
|
||||
#if defined (__GNUC__)
|
||||
#define ALIGN32 __attribute__ ( (aligned (32)))
|
||||
#elif defined(_MSC_VER)
|
||||
/* disable align warning, we want alignment ! */
|
||||
#pragma warning(disable: 4324)
|
||||
#define ALIGN32 __declspec (align (32))
|
||||
#else
|
||||
#define ALIGN32
|
||||
#endif
|
||||
#endif
|
||||
|
||||
static const ALIGN32 word32 K[64] = {
|
||||
0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
|
||||
0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
|
||||
0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
|
||||
0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL,
|
||||
0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L,
|
||||
0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L,
|
||||
0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL,
|
||||
0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L,
|
||||
0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L,
|
||||
0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L,
|
||||
0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL,
|
||||
0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L,
|
||||
0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
|
||||
};
|
||||
|
||||
int wc_InitSha256(Sha256* sha256)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
sha256->digest[0] = 0x6A09E667L;
|
||||
sha256->digest[1] = 0xBB67AE85L;
|
||||
sha256->digest[2] = 0x3C6EF372L;
|
||||
sha256->digest[3] = 0xA54FF53AL;
|
||||
sha256->digest[4] = 0x510E527FL;
|
||||
sha256->digest[5] = 0x9B05688CL;
|
||||
sha256->digest[6] = 0x1F83D9ABL;
|
||||
sha256->digest[7] = 0x5BE0CD19L;
|
||||
|
||||
sha256->buffLen = 0;
|
||||
sha256->loLen = 0;
|
||||
sha256->hiLen = 0;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
static INLINE void AddLength(Sha256* sha256, word32 len)
|
||||
{
|
||||
word32 tmp = sha256->loLen;
|
||||
if ( (sha256->loLen += len) < tmp)
|
||||
sha256->hiLen++; /* carry low to high */
|
||||
}
|
||||
|
||||
|
||||
/* ARMv8 hardware accleration */
|
||||
int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
|
||||
{
|
||||
word32 add;
|
||||
word32 numBlocks;
|
||||
|
||||
if (sha256 == NULL || (data == NULL && len != 0)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* fill leftover buffer with data */
|
||||
add = min(len, SHA256_BLOCK_SIZE - sha256->buffLen);
|
||||
XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add);
|
||||
sha256->buffLen += add;
|
||||
data += add;
|
||||
len -= add;
|
||||
|
||||
/* number of blocks in a row to complete */
|
||||
numBlocks = (len + sha256->buffLen)/SHA256_BLOCK_SIZE;
|
||||
|
||||
if (numBlocks > 0) {
|
||||
/* get leftover amount after blocks */
|
||||
add = (len + sha256->buffLen) - numBlocks * SHA256_BLOCK_SIZE;
|
||||
__asm__ volatile (
|
||||
"#load leftover data\n"
|
||||
"LD1 {v0.2d-v3.2d}, %[buffer] \n"
|
||||
|
||||
"#load current digest\n"
|
||||
"LD1 {v12.2d-v13.2d}, %[digest] \n"
|
||||
"MOV w8, %w[blocks] \n"
|
||||
"REV32 v0.16b, v0.16b \n"
|
||||
"REV32 v1.16b, v1.16b \n"
|
||||
"REV32 v2.16b, v2.16b \n"
|
||||
"REV32 v3.16b, v3.16b \n"
|
||||
|
||||
"#load K values in \n"
|
||||
"LD1 {v16.4s-v19.4s}, [%[k]], #64 \n"
|
||||
"LD1 {v20.4s-v23.4s}, [%[k]], #64 \n"
|
||||
"MOV v14.16b, v12.16b \n" /* store digest for add at the end */
|
||||
"MOV v15.16b, v13.16b \n"
|
||||
"LD1 {v24.4s-v27.4s}, [%[k]], #64 \n"
|
||||
"LD1 {v28.4s-v31.4s}, [%[k]], #64 \n"
|
||||
|
||||
/* begining of SHA256 block operation */
|
||||
"sha256Start:\n"
|
||||
"MOV v4.16b, v0.16b \n"
|
||||
"ADD v0.4s, v0.4s, v16.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"ADD v0.4s, v1.4s, v17.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"ADD v0.4s, v2.4s, v18.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v4.4s, v1.4s \n"
|
||||
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
|
||||
"ADD v0.4s, v3.4s, v19.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"MOV v5.16b, v1.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v5.4s, v2.4s \n"
|
||||
"SHA256SU1 v5.4s, v3.4s, v4.4s \n"
|
||||
"ADD v0.4s, v4.4s, v20.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"MOV v6.16b, v2.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v6.4s, v3.4s \n"
|
||||
"SHA256SU1 v6.4s, v4.4s, v5.4s \n"
|
||||
"ADD v0.4s, v5.4s, v21.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"MOV v7.16b, v3.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v7.4s, v4.4s \n"
|
||||
"SHA256SU1 v7.4s, v5.4s, v6.4s \n"
|
||||
"ADD v0.4s, v6.4s, v22.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"MOV v8.16b, v4.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v8.4s, v5.4s \n"
|
||||
"SHA256SU1 v8.4s, v6.4s, v7.4s \n"
|
||||
"ADD v0.4s, v7.4s, v23.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"MOV v9.16b, v5.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v9.4s, v6.4s \n"
|
||||
"SHA256SU1 v9.4s, v7.4s, v8.4s \n"
|
||||
"ADD v0.4s, v8.4s, v24.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"MOV v10.16b, v6.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v10.4s, v7.4s \n"
|
||||
"SHA256SU1 v10.4s, v8.4s, v9.4s \n"
|
||||
"ADD v0.4s, v9.4s, v25.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"ADD v0.4s, v10.4s, v26.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
/* Re-use of registers is needed in order to not overwrite
|
||||
* previous digest value. */
|
||||
"#move to lower register and handle last rounds 11-15 \n"
|
||||
"MOV v4.16b, v7.16b \n"
|
||||
"MOV v1.16b, v8.16b \n"
|
||||
"MOV v2.16b, v9.16b \n"
|
||||
"MOV v3.16b, v10.16b \n"
|
||||
"MOV v5.16b, v8.16b \n"
|
||||
|
||||
"SHA256SU0 v4.4s, v1.4s \n" /* 4 -> 11 */
|
||||
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
|
||||
"SHA256SU0 v5.4s, v2.4s \n"
|
||||
"SHA256SU1 v5.4s, v3.4s, v4.4s \n"
|
||||
"ADD v0.4s, v4.4s, v27.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"MOV v6.16b, v2.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v6.4s, v3.4s \n"
|
||||
"SHA256SU1 v6.4s, v4.4s, v5.4s \n"
|
||||
"ADD v0.4s, v5.4s, v28.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"MOV v7.16b, v3.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v7.4s, v4.4s \n"
|
||||
"SHA256SU1 v7.4s, v5.4s, v6.4s \n"
|
||||
"ADD v0.4s, v6.4s, v29.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"MOV v8.16b, v4.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v8.4s, v5.4s \n"
|
||||
"SHA256SU1 v8.4s, v6.4s, v7.4s \n"
|
||||
"ADD v0.4s, v7.4s, v30.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"ADD v0.4s, v8.4s, v31.4s \n"
|
||||
"MOV v11.16b, v12.16b \n"
|
||||
"SHA256H q12, q13, v0.4s \n"
|
||||
"SHA256H2 q13, q11, v0.4s \n"
|
||||
|
||||
"#Add working vars back into digest state \n"
|
||||
"ADD v12.4s, v12.4s, v14.4s \n"
|
||||
"ADD v13.4s, v13.4s, v15.4s \n"
|
||||
|
||||
"#check if more blocks should be done\n"
|
||||
"SUB w8, w8, #1 \n"
|
||||
"CBZ w8, sha256End \n"
|
||||
|
||||
"#load in message and schedual updates \n"
|
||||
"LD1 {v0.2d-v3.2d}, [%[dataIn]], #64 \n"
|
||||
"MOV v14.16b, v12.16b \n"
|
||||
"MOV v15.16b, v13.16b \n"
|
||||
"REV32 v0.16b, v0.16b \n"
|
||||
"REV32 v1.16b, v1.16b \n"
|
||||
"REV32 v2.16b, v2.16b \n"
|
||||
"REV32 v3.16b, v3.16b \n"
|
||||
"B sha256Start \n" /* do another block */
|
||||
|
||||
"sha256End:\n"
|
||||
"STP q12, q13, %[out] \n"
|
||||
|
||||
: [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks),
|
||||
"=r" (data)
|
||||
: [k] "r" (K), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer),
|
||||
[blocks] "2" (numBlocks), [dataIn] "3" (data)
|
||||
: "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
|
||||
"v8", "v9", "v10", "v11", "v12", "v13", "v14",
|
||||
"v15"
|
||||
);
|
||||
|
||||
AddLength(sha256, SHA256_BLOCK_SIZE * numBlocks);
|
||||
|
||||
/* copy over any remaining data leftover */
|
||||
XMEMCPY(sha256->buffer, data, add);
|
||||
sha256->buffLen = add;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int wc_Sha256Final(Sha256* sha256, byte* hash)
|
||||
{
|
||||
byte* local;
|
||||
|
||||
if (sha256 == NULL || hash == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
local = (byte*)sha256->buffer;
|
||||
AddLength(sha256, sha256->buffLen); /* before adding pads */
|
||||
|
||||
local[sha256->buffLen++] = 0x80; /* add 1 */
|
||||
|
||||
/* pad with zeros */
|
||||
if (sha256->buffLen > SHA256_PAD_SIZE) {
|
||||
|
||||
XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
|
||||
sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
|
||||
__asm__ volatile (
|
||||
"LD1 {v4.2d-v7.2d}, %[buffer] \n"
|
||||
"MOV v0.16b, v4.16b \n"
|
||||
"MOV v1.16b, v5.16b \n"
|
||||
"REV32 v0.16b, v0.16b \n"
|
||||
"REV32 v1.16b, v1.16b \n"
|
||||
"MOV v2.16b, v6.16b \n"
|
||||
"MOV v3.16b, v7.16b \n"
|
||||
"REV32 v2.16b, v2.16b \n"
|
||||
"REV32 v3.16b, v3.16b \n"
|
||||
"MOV v4.16b, v0.16b \n"
|
||||
"MOV v5.16b, v1.16b \n"
|
||||
"LD1 {v20.2d-v21.2d}, %[digest] \n"
|
||||
|
||||
"#SHA256 operation on updated message \n"
|
||||
"MOV v16.16b, v20.16b \n"
|
||||
"MOV v17.16b, v21.16b \n"
|
||||
|
||||
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
|
||||
"SHA256SU0 v4.4s, v1.4s \n"
|
||||
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
|
||||
"ADD v0.4s, v0.4s, v22.4s \n"
|
||||
"MOV v6.16b, v2.16b \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v0.4s \n"
|
||||
"SHA256H2 q17, q18, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v5.4s, v2.4s \n"
|
||||
"SHA256SU1 v5.4s, v3.4s, v4.4s \n"
|
||||
"ADD v1.4s, v1.4s, v23.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v7.16b, v3.16b \n"
|
||||
"SHA256H q16, q17, v1.4s \n"
|
||||
"SHA256H2 q17, q18, v1.4s \n"
|
||||
|
||||
"SHA256SU0 v6.4s, v3.4s \n"
|
||||
"SHA256SU1 v6.4s, v4.4s, v5.4s \n"
|
||||
"ADD v2.4s, v2.4s, v24.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v8.16b, v4.16b \n"
|
||||
"SHA256H q16, q17, v2.4s \n"
|
||||
"SHA256H2 q17, q18, v2.4s \n"
|
||||
|
||||
"SHA256SU0 v7.4s, v4.4s \n"
|
||||
"SHA256SU1 v7.4s, v5.4s, v6.4s \n"
|
||||
"ADD v3.4s, v3.4s, v25.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v9.16b, v5.16b \n"
|
||||
"SHA256H q16, q17, v3.4s \n"
|
||||
"SHA256H2 q17, q18, v3.4s \n"
|
||||
|
||||
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
|
||||
"SHA256SU0 v8.4s, v5.4s \n"
|
||||
"SHA256SU1 v8.4s, v6.4s, v7.4s \n"
|
||||
"ADD v4.4s, v4.4s, v22.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v10.16b, v6.16b \n"
|
||||
"SHA256H q16, q17, v4.4s \n"
|
||||
"SHA256H2 q17, q18, v4.4s \n"
|
||||
|
||||
"SHA256SU0 v9.4s, v6.4s \n"
|
||||
"SHA256SU1 v9.4s, v7.4s, v8.4s \n"
|
||||
"ADD v5.4s, v5.4s, v23.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v11.16b, v7.16b \n"
|
||||
"SHA256H q16, q17, v5.4s \n"
|
||||
"SHA256H2 q17, q18, v5.4s \n"
|
||||
|
||||
"SHA256SU0 v10.4s, v7.4s \n"
|
||||
"SHA256SU1 v10.4s, v8.4s, v9.4s \n"
|
||||
"ADD v6.4s, v6.4s, v24.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v12.16b, v8.16b \n"
|
||||
"SHA256H q16, q17, v6.4s \n"
|
||||
"SHA256H2 q17, q18, v6.4s \n"
|
||||
|
||||
"SHA256SU0 v11.4s, v8.4s \n"
|
||||
"SHA256SU1 v11.4s, v9.4s, v10.4s \n"
|
||||
"ADD v7.4s, v7.4s, v25.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v13.16b, v9.16b \n"
|
||||
"SHA256H q16, q17, v7.4s \n"
|
||||
"SHA256H2 q17, q18, v7.4s \n"
|
||||
|
||||
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
|
||||
"SHA256SU0 v12.4s, v9.4s \n"
|
||||
"SHA256SU1 v12.4s, v10.4s, v11.4s \n"
|
||||
"ADD v8.4s, v8.4s, v22.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v14.16b, v10.16b \n"
|
||||
"SHA256H q16, q17, v8.4s \n"
|
||||
"SHA256H2 q17, q18, v8.4s \n"
|
||||
|
||||
"SHA256SU0 v13.4s, v10.4s \n"
|
||||
"SHA256SU1 v13.4s, v11.4s, v12.4s \n"
|
||||
"ADD v9.4s, v9.4s, v23.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v15.16b, v11.16b \n"
|
||||
"SHA256H q16, q17, v9.4s \n"
|
||||
"SHA256H2 q17, q18, v9.4s \n"
|
||||
|
||||
"SHA256SU0 v14.4s, v11.4s \n"
|
||||
"SHA256SU1 v14.4s, v12.4s, v13.4s \n"
|
||||
"ADD v10.4s, v10.4s, v24.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v10.4s \n"
|
||||
"SHA256H2 q17, q18, v10.4s \n"
|
||||
|
||||
"SHA256SU0 v15.4s, v12.4s \n"
|
||||
"SHA256SU1 v15.4s, v13.4s, v14.4s \n"
|
||||
|
||||
"ADD v11.4s, v11.4s, v25.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v11.4s \n"
|
||||
"SHA256H2 q17, q18, v11.4s \n"
|
||||
|
||||
"LD1 {v22.16b-v25.16b}, [%[k]] \n"
|
||||
"ADD v12.4s, v12.4s, v22.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v12.4s \n"
|
||||
"SHA256H2 q17, q18, v12.4s \n"
|
||||
|
||||
"ADD v13.4s, v13.4s, v23.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v13.4s \n"
|
||||
"SHA256H2 q17, q18, v13.4s \n"
|
||||
|
||||
"ADD v14.4s, v14.4s, v24.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v14.4s \n"
|
||||
"SHA256H2 q17, q18, v14.4s \n"
|
||||
|
||||
"ADD v15.4s, v15.4s, v25.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v15.4s \n"
|
||||
"SHA256H2 q17, q18, v15.4s \n"
|
||||
|
||||
"#Add working vars back into digest state \n"
|
||||
"ADD v16.4s, v16.4s, v20.4s \n"
|
||||
"ADD v17.4s, v17.4s, v21.4s \n"
|
||||
"STP q16, q17, %[out] \n"
|
||||
: [out] "=m" (sha256->digest)
|
||||
: [k] "r" (K), [digest] "m" (sha256->digest),
|
||||
[buffer] "m" (sha256->buffer)
|
||||
: "cc", "memory", "v0", "v1", "v2", "v3", "v8", "v9", "v10", "v11"
|
||||
, "v12", "v13", "v14", "v15", "v16", "v17", "v18"
|
||||
);
|
||||
|
||||
sha256->buffLen = 0;
|
||||
}
|
||||
XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);
|
||||
|
||||
/* put lengths in bits */
|
||||
sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
|
||||
(sha256->hiLen << 3);
|
||||
sha256->loLen = sha256->loLen << 3;
|
||||
|
||||
/* store lengths */
|
||||
#if defined(LITTLE_ENDIAN_ORDER)
|
||||
__asm__ volatile (
|
||||
"LD1 {v0.2d-v3.2d}, %[in] \n"
|
||||
"REV32 v0.16b, v0.16b \n"
|
||||
"REV32 v1.16b, v1.16b \n"
|
||||
"REV32 v2.16b, v2.16b \n"
|
||||
"REV32 v3.16b, v3.16b \n"
|
||||
"ST1 {v0.2d-v3.2d}, %[out] \n"
|
||||
: [out] "=m" (sha256->buffer)
|
||||
: [in] "m" (sha256->buffer)
|
||||
: "cc", "memory"
|
||||
);
|
||||
#endif
|
||||
/* ! length ordering dependent on digest endian type ! */
|
||||
XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
|
||||
XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
|
||||
sizeof(word32));
|
||||
|
||||
__asm__ volatile (
|
||||
"#load in message and schedual updates \n"
|
||||
"LD1 {v4.2d-v7.2d}, %[buffer] \n"
|
||||
"MOV v0.16b, v4.16b \n"
|
||||
"MOV v1.16b, v5.16b \n"
|
||||
"MOV v2.16b, v6.16b \n"
|
||||
"MOV v3.16b, v7.16b \n"
|
||||
"LD1 {v20.2d-v21.2d}, %[digest] \n"
|
||||
|
||||
"MOV v16.16b, v20.16b \n"
|
||||
"MOV v17.16b, v21.16b \n"
|
||||
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
|
||||
"SHA256SU0 v4.4s, v1.4s \n"
|
||||
"SHA256SU1 v4.4s, v2.4s, v3.4s \n"
|
||||
"ADD v0.4s, v0.4s, v22.4s \n"
|
||||
"MOV v6.16b, v2.16b \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v0.4s \n"
|
||||
"SHA256H2 q17, q18, v0.4s \n"
|
||||
|
||||
"SHA256SU0 v5.4s, v2.4s \n"
|
||||
"SHA256SU1 v5.4s, v3.4s, v4.4s \n"
|
||||
"ADD v1.4s, v1.4s, v23.4s \n"
|
||||
"MOV v7.16b, v3.16b \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v1.4s \n"
|
||||
"SHA256H2 q17, q18, v1.4s \n"
|
||||
|
||||
"SHA256SU0 v6.4s, v3.4s \n"
|
||||
"SHA256SU1 v6.4s, v4.4s, v5.4s \n"
|
||||
"ADD v2.4s, v2.4s, v24.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v8.16b, v4.16b \n"
|
||||
"SHA256H q16, q17, v2.4s \n"
|
||||
"SHA256H2 q17, q18, v2.4s \n"
|
||||
|
||||
"SHA256SU0 v7.4s, v4.4s \n"
|
||||
"SHA256SU1 v7.4s, v5.4s, v6.4s \n"
|
||||
"ADD v3.4s, v3.4s, v25.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v9.16b, v5.16b \n"
|
||||
"SHA256H q16, q17, v3.4s \n"
|
||||
"SHA256H2 q17, q18, v3.4s \n"
|
||||
|
||||
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
|
||||
"SHA256SU0 v8.4s, v5.4s \n"
|
||||
"SHA256SU1 v8.4s, v6.4s, v7.4s \n"
|
||||
"ADD v4.4s, v4.4s, v22.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v10.16b, v6.16b \n"
|
||||
"SHA256H q16, q17, v4.4s \n"
|
||||
"SHA256H2 q17, q18, v4.4s \n"
|
||||
|
||||
"SHA256SU0 v9.4s, v6.4s \n"
|
||||
"SHA256SU1 v9.4s, v7.4s, v8.4s \n"
|
||||
"ADD v5.4s, v5.4s, v23.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v11.16b, v7.16b \n"
|
||||
"SHA256H q16, q17, v5.4s \n"
|
||||
"SHA256H2 q17, q18, v5.4s \n"
|
||||
|
||||
"SHA256SU0 v10.4s, v7.4s \n"
|
||||
"SHA256SU1 v10.4s, v8.4s, v9.4s \n"
|
||||
"ADD v6.4s, v6.4s, v24.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v12.16b, v8.16b \n"
|
||||
"SHA256H q16, q17, v6.4s \n"
|
||||
"SHA256H2 q17, q18, v6.4s \n"
|
||||
|
||||
"SHA256SU0 v11.4s, v8.4s \n"
|
||||
"SHA256SU1 v11.4s, v9.4s, v10.4s \n"
|
||||
"ADD v7.4s, v7.4s, v25.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v13.16b, v9.16b \n"
|
||||
"SHA256H q16, q17, v7.4s \n"
|
||||
"SHA256H2 q17, q18, v7.4s \n"
|
||||
|
||||
"LD1 {v22.16b-v25.16b}, [%[k]], #64 \n"
|
||||
"SHA256SU0 v12.4s, v9.4s \n"
|
||||
"SHA256SU1 v12.4s, v10.4s, v11.4s \n"
|
||||
"ADD v8.4s, v8.4s, v22.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v14.16b, v10.16b \n"
|
||||
"SHA256H q16, q17, v8.4s \n"
|
||||
"SHA256H2 q17, q18, v8.4s \n"
|
||||
|
||||
"SHA256SU0 v13.4s, v10.4s \n"
|
||||
"SHA256SU1 v13.4s, v11.4s, v12.4s \n"
|
||||
"ADD v9.4s, v9.4s, v23.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"MOV v15.16b, v11.16b \n"
|
||||
"SHA256H q16, q17, v9.4s \n"
|
||||
"SHA256H2 q17, q18, v9.4s \n"
|
||||
|
||||
"SHA256SU0 v14.4s, v11.4s \n"
|
||||
"SHA256SU1 v14.4s, v12.4s, v13.4s \n"
|
||||
"ADD v10.4s, v10.4s, v24.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v10.4s \n"
|
||||
"SHA256H2 q17, q18, v10.4s \n"
|
||||
|
||||
"SHA256SU0 v15.4s, v12.4s \n"
|
||||
"SHA256SU1 v15.4s, v13.4s, v14.4s \n"
|
||||
"ADD v11.4s, v11.4s, v25.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v11.4s \n"
|
||||
"SHA256H2 q17, q18, v11.4s \n"
|
||||
|
||||
"LD1 {v22.16b-v25.16b}, [%[k]] \n"
|
||||
"ADD v12.4s, v12.4s, v22.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v12.4s \n"
|
||||
"SHA256H2 q17, q18, v12.4s \n"
|
||||
|
||||
"ADD v13.4s, v13.4s, v23.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v13.4s \n"
|
||||
"SHA256H2 q17, q18, v13.4s \n"
|
||||
|
||||
"ADD v14.4s, v14.4s, v24.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v14.4s \n"
|
||||
"SHA256H2 q17, q18, v14.4s \n"
|
||||
|
||||
"ADD v15.4s, v15.4s, v25.4s \n"
|
||||
"MOV v18.16b, v16.16b \n"
|
||||
"SHA256H q16, q17, v15.4s \n"
|
||||
"SHA256H2 q17, q18, v15.4s \n"
|
||||
|
||||
"#Add working vars back into digest state \n"
|
||||
"ADD v16.4s, v16.4s, v20.4s \n"
|
||||
"ADD v17.4s, v17.4s, v21.4s \n"
|
||||
|
||||
"#Store value as hash output \n"
|
||||
#if defined(LITTLE_ENDIAN_ORDER)
|
||||
"REV32 v16.16b, v16.16b \n"
|
||||
#endif
|
||||
"ST1 {v16.16b}, [%[hashOut]], #16 \n"
|
||||
#if defined(LITTLE_ENDIAN_ORDER)
|
||||
"REV32 v17.16b, v17.16b \n"
|
||||
#endif
|
||||
"ST1 {v17.16b}, [%[hashOut]] \n"
|
||||
: [hashOut] "=r" (hash)
|
||||
: [k] "r" (K), [digest] "m" (sha256->digest),
|
||||
[buffer] "m" (sha256->buffer),
|
||||
"0" (hash)
|
||||
: "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
|
||||
"v8", "v9", "v10", "v11", "v12", "v13", "v14",
|
||||
"v15", "v16", "v17", "v18"
|
||||
);
|
||||
|
||||
return wc_InitSha256(sha256); /* reset state */
|
||||
}
|
||||
|
||||
#endif /* NO_SHA256 and WOLFSSL_ARMASM */
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
# Cavium Nitrox V Support
|
||||
|
||||
## Directory Structure:
|
||||
`/`
|
||||
`/CNN55XX-SDK`
|
||||
`/wolfssl`
|
||||
|
||||
## Cavium Driver
|
||||
|
||||
Tested again `CNN55XX-Driver-Linux-KVM-XEN-PF-SDK-0.2-04.tar`
|
||||
From inside `CNN55XX-SDK`:
|
||||
1. `make`
|
||||
Note: To resolve warnings in `CNN55XX-SDK/include/vf_defs.h`:
|
||||
a. Changed `vf_config_mode_str` to return `const char*` and modify `vf_mode_str` to be `const char*`.
|
||||
b. In `vf_config_mode_to_num_vfs` above `default:` add `case PF:`.
|
||||
|
||||
2. `sudo make load`
|
||||
|
||||
## wolfSSL
|
||||
|
||||
Currently the AES and DES3 benchmark tests causes the kernel to crash, so they are disabled for now, even though the wolfCrypt tests pass for those.
|
||||
|
||||
From inside `wolfssl`:
|
||||
1. `./configure --with-cavium-v=../CNN55XX-SDK --enable-asynccrypt --enable-aesni --enable-intelasm --disable-aes --disable-aesgcm --disable-des3`
|
||||
2. `make`
|
||||
|
||||
## Usage
|
||||
|
||||
Note: Must run applications with sudo to access device.
|
||||
|
||||
`sudo ./wolfcrypt/benchmark/benchmark`
|
||||
`sudo ./wolfcrypt/test/testwolfcrypt`
|
||||
@@ -0,0 +1,778 @@
|
||||
/* cavium-nitrox.c
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
#include <wolfssl/internal.h>
|
||||
#include <wolfssl/error-ssl.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
#ifndef NO_RSA
|
||||
#include <wolfssl/wolfcrypt/rsa.h>
|
||||
#endif
|
||||
#ifndef NO_AES
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
|
||||
#include <netinet/in.h> /* For ntohs */
|
||||
|
||||
static CspHandle mLastDevHandle = INVALID_DEVID;
|
||||
|
||||
int NitroxTranslateResponseCode(int ret)
|
||||
{
|
||||
switch (ret) {
|
||||
case EAGAIN:
|
||||
case ERR_REQ_PENDING:
|
||||
ret = WC_PENDING_E;
|
||||
break;
|
||||
case ERR_REQ_TIMEOUT:
|
||||
ret = WC_TIMEOUT_E;
|
||||
break;
|
||||
case 0:
|
||||
/* leave as-is */
|
||||
break;
|
||||
default:
|
||||
printf("NitroxTranslateResponseCode Unknown ret=%x\n", ret);
|
||||
ret = ASYNC_INIT_E;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
CspHandle NitroxGetDeviceHandle(void)
|
||||
{
|
||||
return mLastDevHandle;
|
||||
}
|
||||
|
||||
CspHandle NitroxOpenDevice(int dma_mode, int dev_id)
|
||||
{
|
||||
mLastDevHandle = INVALID_DEVID;
|
||||
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
(void)dma_mode;
|
||||
|
||||
if (CspInitialize(dev_id, &mLastDevHandle)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
#else
|
||||
Csp1CoreAssignment core_assign;
|
||||
Uint32 device;
|
||||
|
||||
if (CspInitialize(CAVIUM_DIRECT, CAVIUM_DEV_ID)) {
|
||||
return -1;
|
||||
}
|
||||
if (Csp1GetDevType(&device)) {
|
||||
return -1;
|
||||
}
|
||||
if (device != NPX_DEVICE) {
|
||||
if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
|
||||
(Uint32 *)&core_assign)!= 0) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
CspShutdown(CAVIUM_DEV_ID);
|
||||
|
||||
mLastDevHandle = CspInitialize(dma_mode, dev_id);
|
||||
if (mLastDevHandle == 0) {
|
||||
mLastDevHandle = dev_id;
|
||||
}
|
||||
|
||||
#endif /* HAVE_CAVIUM_V */
|
||||
|
||||
return mLastDevHandle;
|
||||
}
|
||||
|
||||
|
||||
int NitroxAllocContext(CaviumNitroxDev* nitrox, CspHandle devId,
|
||||
ContextType type)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (nitrox == NULL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* If invalid handle provided, use last open one */
|
||||
if (devId == INVALID_DEVID) {
|
||||
devId = NitroxGetDeviceHandle();
|
||||
}
|
||||
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspAllocContext(devId, type, &nitrox->contextHandle);
|
||||
#else
|
||||
ret = CspAllocContext(type, &nitrox->contextHandle, devId);
|
||||
#endif
|
||||
if (ret != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
nitrox->type = type;
|
||||
nitrox->devId = devId;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void NitroxFreeContext(CaviumNitroxDev* nitrox)
|
||||
{
|
||||
if (nitrox == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
CspFreeContext(nitrox->devId, nitrox->type, nitrox->contextHandle);
|
||||
#else
|
||||
CspFreeContext(nitrox->type, nitrox->contextHandle, nitrox->devId);
|
||||
#endif
|
||||
}
|
||||
|
||||
void NitroxCloseDevice(CspHandle devId)
|
||||
{
|
||||
if (devId >= 0) {
|
||||
CspShutdown(devId);
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
|
||||
int NitroxCheckRequest(CspHandle devId, CavReqId reqId)
|
||||
{
|
||||
int ret = CspCheckForCompletion(devId, reqId);
|
||||
return NitroxTranslateResponseCode(ret);
|
||||
}
|
||||
|
||||
int NitroxCheckRequests(CspHandle devId, CspMultiRequestStatusBuffer* req_stat_buf)
|
||||
{
|
||||
int ret = CspGetAllResults(req_stat_buf, devId);
|
||||
return NitroxTranslateResponseCode(ret);
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_RSA
|
||||
|
||||
int NitroxRsaExptMod(const byte* in, word32 inLen,
|
||||
byte* exponent, word32 expLen,
|
||||
byte* modulus, word32 modLen,
|
||||
byte* out, word32* outLen, RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (key == NULL || in == NULL || inLen == 0 || exponent == NULL ||
|
||||
modulus == NULL || out == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
(void)outLen;
|
||||
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspMe(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP,
|
||||
CAVIUM_DPORT, modLen, expLen, inLen,
|
||||
modulus, exponent, (Uint8*)in, out,
|
||||
&key->asyncDev.dev.reqId);
|
||||
#if 0
|
||||
/* TODO: Try MeCRT */
|
||||
ret = CspMeCRT();
|
||||
#endif
|
||||
#else
|
||||
/* Not implemented/supported */
|
||||
ret = NOT_COMPILED_IN;
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int NitroxRsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key)
|
||||
{
|
||||
word32 ret;
|
||||
|
||||
if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->n.used) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspPkcs1v15Enc(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
|
||||
BT2, key->n.used, key->e.used,
|
||||
(word16)inLen, key->n.dpraw, key->e.dpraw, (byte*)in, out,
|
||||
&key->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspPkcs1v15Enc(CAVIUM_REQ_MODE, BT2, key->n.used, key->e.used,
|
||||
(word16)inLen, key->n.dpraw, key->e.dpraw, (byte*)in, out,
|
||||
&key->asyncDev.dev.reqId, key->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
return key->n.used;
|
||||
}
|
||||
|
||||
|
||||
static INLINE void ato16(const byte* c, word16* u16)
|
||||
{
|
||||
*u16 = (c[0] << 8) | (c[1]);
|
||||
}
|
||||
|
||||
int NitroxRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key)
|
||||
{
|
||||
word32 ret;
|
||||
word16 outSz = (word16)outLen;
|
||||
|
||||
if (key == NULL || in == NULL || out == NULL ||
|
||||
inLen != (word32)key->n.used) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspPkcs1v15CrtDec(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
|
||||
BT2, key->n.used, key->q.dpraw,
|
||||
key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
|
||||
(byte*)in, &outSz, out, &key->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspPkcs1v15CrtDec(CAVIUM_REQ_MODE, BT2, key->n.used, key->q.dpraw,
|
||||
key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
|
||||
(byte*)in, &outSz, out, &key->asyncDev.dev.reqId,
|
||||
key->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
ato16((const byte*)&outSz, &outSz);
|
||||
|
||||
return outSz;
|
||||
}
|
||||
|
||||
|
||||
int NitroxRsaSSL_Sign(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key)
|
||||
{
|
||||
word32 ret;
|
||||
|
||||
if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen <
|
||||
(word32)key->n.used) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspPkcs1v15CrtEnc(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
|
||||
BT1, key->n.used, (word16)inLen,
|
||||
key->q.dpraw, key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
|
||||
(byte*)in, out, &key->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspPkcs1v15CrtEnc(CAVIUM_REQ_MODE, BT1, key->n.used, (word16)inLen,
|
||||
key->q.dpraw, key->dQ.dpraw, key->p.dpraw, key->dP.dpraw, key->u.dpraw,
|
||||
(byte*)in, out, &key->asyncDev.dev.reqId, key->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
return key->n.used;
|
||||
}
|
||||
|
||||
|
||||
int NitroxRsaSSL_Verify(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key)
|
||||
{
|
||||
word32 ret;
|
||||
word16 outSz = (word16)outLen;
|
||||
|
||||
if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->n.used) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspPkcs1v15Dec(key->asyncDev.dev.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, CAVIUM_DPORT,
|
||||
BT1, key->n.used, key->e.used,
|
||||
key->n.dpraw, key->e.dpraw, (byte*)in, &outSz, out,
|
||||
&key->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspPkcs1v15Dec(CAVIUM_REQ_MODE, BT1, key->n.used, key->e.used,
|
||||
key->n.dpraw, key->e.dpraw, (byte*)in, &outSz, out,
|
||||
&key->asyncDev.dev.reqId, key->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
outSz = ntohs(outSz);
|
||||
|
||||
return outSz;
|
||||
}
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
|
||||
#ifndef NO_AES
|
||||
int NitroxAesSetKey(Aes* aes, const byte* key, word32 length, const byte* iv)
|
||||
{
|
||||
if (aes == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
XMEMCPY(aes->key, key, length); /* key still holds key, iv still in reg */
|
||||
if (length == 16)
|
||||
aes->type = AES_128_BIT;
|
||||
else if (length == 24)
|
||||
aes->type = AES_192_BIT;
|
||||
else if (length == 32)
|
||||
aes->type = AES_256_BIT;
|
||||
|
||||
return wc_AesSetIV(aes, iv);
|
||||
}
|
||||
|
||||
#ifdef HAVE_AES_CBC
|
||||
int NitroxAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 length)
|
||||
{
|
||||
int ret;
|
||||
wolfssl_word offset = 0;
|
||||
|
||||
while (length > WOLFSSL_MAX_16BIT) {
|
||||
word16 slen = (word16)WOLFSSL_MAX_16BIT;
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspEncryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
|
||||
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
|
||||
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key,
|
||||
(byte*)aes->reg, 0, NULL, slen, (byte*)in + offset,
|
||||
out + offset, &aes->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspEncryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
|
||||
aes->type, slen, (byte*)in + offset, out + offset,
|
||||
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
|
||||
aes->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
length -= WOLFSSL_MAX_16BIT;
|
||||
offset += WOLFSSL_MAX_16BIT;
|
||||
XMEMCPY(aes->reg, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
|
||||
}
|
||||
if (length) {
|
||||
word16 slen = (word16)length;
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspEncryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
|
||||
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
|
||||
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key,
|
||||
(byte*)aes->reg, 0, NULL, slen, (byte*)in + offset,
|
||||
out + offset, &aes->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspEncryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
|
||||
aes->type, slen, (byte*)in + offset, out + offset,
|
||||
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
|
||||
aes->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
XMEMCPY(aes->reg, out + offset+length - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef HAVE_AES_DECRYPT
|
||||
int NitroxAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 length)
|
||||
{
|
||||
wolfssl_word offset = 0;
|
||||
int ret;
|
||||
|
||||
while (length > WOLFSSL_MAX_16BIT) {
|
||||
word16 slen = (word16)WOLFSSL_MAX_16BIT;
|
||||
XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspDecryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
|
||||
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
|
||||
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key, (byte*)aes->reg,
|
||||
0, NULL, slen, (byte*)in + offset, out + offset, &aes->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspDecryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
|
||||
aes->type, slen, (byte*)in + offset, out + offset,
|
||||
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
|
||||
aes->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
length -= WOLFSSL_MAX_16BIT;
|
||||
offset += WOLFSSL_MAX_16BIT;
|
||||
XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
|
||||
}
|
||||
if (length) {
|
||||
word16 slen = (word16)length;
|
||||
XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspDecryptAes(aes->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
|
||||
CAVIUM_SSL_GRP, CAVIUM_DPORT, aes->asyncDev.dev.contextHandle,
|
||||
FROM_DPTR, FROM_CTX, AES_CBC, aes->type, (byte*)aes->key, (byte*)aes->reg,
|
||||
0, NULL, slen, (byte*)in + offset, out + offset, &aes->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspDecryptAes(CAVIUM_BLOCKING, aes->asyncDev.dev.contextHandle, CAVIUM_NO_UPDATE,
|
||||
aes->type, slen, (byte*)in + offset, out + offset,
|
||||
(byte*)aes->reg, (byte*)aes->key, &aes->asyncDev.dev.reqId,
|
||||
aes->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_AES_DECRYPT */
|
||||
#endif /* HAVE_AES_CBC */
|
||||
#endif /* !NO_AES */
|
||||
|
||||
|
||||
#if !defined(NO_ARC4) && !defined(HAVE_CAVIUM_V)
|
||||
void NitroxArc4SetKey(Arc4* arc4, const byte* key, word32 length)
|
||||
{
|
||||
if (CspInitializeRc4(CAVIUM_BLOCKING, arc4->asyncDev.dev.contextHandle, length,
|
||||
(byte*)key, &arc4->asyncDev.dev.reqId, arc4->devId) != 0) {
|
||||
WOLFSSL_MSG("Bad Cavium Arc4 Init");
|
||||
}
|
||||
}
|
||||
|
||||
void NitroxArc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
|
||||
{
|
||||
int ret;
|
||||
wolfssl_word offset = 0;
|
||||
|
||||
while (length > WOLFSSL_MAX_16BIT) {
|
||||
word16 slen = (word16)WOLFSSL_MAX_16BIT;
|
||||
ret = CspEncryptRc4(CAVIUM_BLOCKING, arc4->asyncDev.dev.contextHandle,
|
||||
CAVIUM_UPDATE, slen, (byte*)in + offset, out + offset,
|
||||
&arc4->asyncDev.dev.reqId, arc4->devId);
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
length -= WOLFSSL_MAX_16BIT;
|
||||
offset += WOLFSSL_MAX_16BIT;
|
||||
}
|
||||
if (length) {
|
||||
word16 slen = (word16)length;
|
||||
ret = CspEncryptRc4(CAVIUM_BLOCKING, arc4->asyncDev.dev.contextHandle,
|
||||
CAVIUM_UPDATE, slen, (byte*)in + offset, out + offset,
|
||||
&arc4->asyncDev.dev.reqId, arc4->devId);
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* !NO_ARC4 && !HAVE_CAVIUM_V */
|
||||
|
||||
|
||||
#ifndef NO_DES3
|
||||
int NitroxDes3SetKey(Des3* des3, const byte* key, const byte* iv)
|
||||
{
|
||||
if (des3 == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* key[0] holds key, iv in reg */
|
||||
XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3);
|
||||
|
||||
return wc_Des3_SetIV(des3, iv);
|
||||
}
|
||||
|
||||
int NitroxDes3CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 length)
|
||||
{
|
||||
wolfssl_word offset = 0;
|
||||
int ret;
|
||||
|
||||
while (length > WOLFSSL_MAX_16BIT) {
|
||||
word16 slen = (word16)WOLFSSL_MAX_16BIT;
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspEncrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
|
||||
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
|
||||
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0],
|
||||
(byte*)des3->reg, slen, (byte*)in + offset,
|
||||
out + offset, &des3->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspEncrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
|
||||
CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
|
||||
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
|
||||
&des3->asyncDev.dev.reqId, des3->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
length -= WOLFSSL_MAX_16BIT;
|
||||
offset += WOLFSSL_MAX_16BIT;
|
||||
XMEMCPY(des3->reg, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
|
||||
}
|
||||
if (length) {
|
||||
word16 slen = (word16)length;
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspEncrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
|
||||
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
|
||||
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0], (byte*)des3->reg,
|
||||
slen, (byte*)in + offset, out + offset,
|
||||
&des3->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspEncrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
|
||||
CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
|
||||
out + offset, (byte*)des3->reg, (byte*)des3->key[0],
|
||||
&des3->asyncDev.dev.reqId, des3->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int NitroxDes3CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 length)
|
||||
{
|
||||
wolfssl_word offset = 0;
|
||||
int ret;
|
||||
|
||||
while (length > WOLFSSL_MAX_16BIT) {
|
||||
word16 slen = (word16)WOLFSSL_MAX_16BIT;
|
||||
XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspDecrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
|
||||
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
|
||||
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0], (byte*)des3->reg,
|
||||
slen, (byte*)in + offset, out + offset,
|
||||
&des3->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspDecrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
|
||||
CAVIUM_NO_UPDATE, slen, (byte*)in + offset, out + offset,
|
||||
(byte*)des3->reg, (byte*)des3->key[0], &des3->asyncDev.dev.reqId,
|
||||
des3->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
length -= WOLFSSL_MAX_16BIT;
|
||||
offset += WOLFSSL_MAX_16BIT;
|
||||
XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
|
||||
}
|
||||
if (length) {
|
||||
word16 slen = (word16)length;
|
||||
XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE,DES_BLOCK_SIZE);
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspDecrypt3Des(des3->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
|
||||
CAVIUM_SSL_GRP, CAVIUM_DPORT, des3->asyncDev.dev.contextHandle,
|
||||
FROM_DPTR, FROM_CTX, DES3_CBC, (byte*)des3->key[0], (byte*)des3->reg,
|
||||
slen, (byte*)in + offset, out + offset,
|
||||
&des3->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspDecrypt3Des(CAVIUM_BLOCKING, des3->asyncDev.dev.contextHandle,
|
||||
CAVIUM_NO_UPDATE, slen, (byte*)in + offset, out + offset,
|
||||
(byte*)des3->reg, (byte*)des3->key[0], &des3->asyncDev.dev.reqId,
|
||||
des3->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
#endif /* !NO_DES3 */
|
||||
|
||||
|
||||
#ifndef NO_HMAC
|
||||
int NitroxHmacFinal(Hmac* hmac, byte* hash)
|
||||
{
|
||||
int ret = -1;
|
||||
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
word16 hashLen = wc_HmacSizeByType(hmac->macType);
|
||||
ret = CspHmac(hmac->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
|
||||
CAVIUM_SSL_GRP, CAVIUM_DPORT, hmac->type, hmac->keyLen,
|
||||
(byte*)hmac->ipad, hmac->dataLen, hmac->data, hashLen,
|
||||
hash, &hmac->asyncDev.dev.reqId);
|
||||
#else
|
||||
ret = CspHmac(CAVIUM_BLOCKING, hmac->type, NULL, hmac->keyLen,
|
||||
(byte*)hmac->ipad, hmac->dataLen, hmac->data, hash,
|
||||
&hmac->asyncDev.dev.reqId, hmac->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
hmac->innerHashKeyed = 0; /* tell update to start over if used again */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int NitroxHmacUpdate(Hmac* hmac, const byte* msg, word32 length)
|
||||
{
|
||||
word16 add = (word16)length;
|
||||
word32 total;
|
||||
byte* tmp;
|
||||
|
||||
if (length > WOLFSSL_MAX_16BIT) {
|
||||
WOLFSSL_MSG("Too big msg for cavium hmac");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (hmac->innerHashKeyed == 0) { /* starting new */
|
||||
hmac->dataLen = 0;
|
||||
hmac->innerHashKeyed = 1;
|
||||
}
|
||||
|
||||
total = add + hmac->dataLen;
|
||||
if (total > WOLFSSL_MAX_16BIT) {
|
||||
WOLFSSL_MSG("Too big msg for cavium hmac");
|
||||
return -1;
|
||||
}
|
||||
|
||||
tmp = XMALLOC(hmac->dataLen + add, NULL, DYNAMIC_TYPE_ASYNC_TMP);
|
||||
if (tmp == NULL) {
|
||||
WOLFSSL_MSG("Out of memory for cavium update");
|
||||
return -1;
|
||||
}
|
||||
if (hmac->dataLen)
|
||||
XMEMCPY(tmp, hmac->data, hmac->dataLen);
|
||||
XMEMCPY(tmp + hmac->dataLen, msg, add);
|
||||
|
||||
hmac->dataLen += add;
|
||||
XFREE(hmac->data, NULL, DYNAMIC_TYPE_ASYNC_TMP);
|
||||
hmac->data = tmp;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int NitroxHmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
|
||||
{
|
||||
hmac->macType = (byte)type;
|
||||
|
||||
/* Determine Cavium HashType */
|
||||
switch(type) {
|
||||
#ifndef NO_MD5
|
||||
case MD5:
|
||||
hmac->type = MD5_TYPE;
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
case SHA:
|
||||
hmac->type = SHA1_TYPE;
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
case SHA256:
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
hmac->type = SHA2_SHA256;
|
||||
#else
|
||||
hmac->type = SHA256_TYPE;
|
||||
#endif
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
#ifndef WOLFSSL_SHA512
|
||||
case SHA512:
|
||||
hmac->type = SHA2_SHA512;
|
||||
break;
|
||||
#endif
|
||||
#ifndef WOLFSSL_SHA384
|
||||
case SHA384:
|
||||
hmac->type = SHA2_SHA384;
|
||||
break;
|
||||
#endif
|
||||
#endif /* HAVE_CAVIUM_V */
|
||||
default:
|
||||
WOLFSSL_MSG("unsupported cavium hmac type");
|
||||
break;
|
||||
}
|
||||
|
||||
hmac->innerHashKeyed = 0; /* should we key Startup flag */
|
||||
|
||||
hmac->keyLen = (word16)length;
|
||||
/* store key in ipad */
|
||||
XMEMCPY(hmac->ipad, key, length);
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* !NO_HMAC */
|
||||
|
||||
|
||||
#if !defined(HAVE_HASHDRBG) && !defined(NO_RC4)
|
||||
void NitroxRngGenerateBlock(WC_RNG* rng, byte* output, word32 sz)
|
||||
{
|
||||
wolfssl_word offset = 0;
|
||||
word32 requestId;
|
||||
|
||||
while (sz > WOLFSSL_MAX_16BIT) {
|
||||
word16 slen = (word16)WOLFSSL_MAX_16BIT;
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspTrueRandom(rng->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
|
||||
CAVIUM_SSL_GRP, CAVIUM_DPORT, slen, output + offset, &requestId);
|
||||
#else
|
||||
ret = CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
|
||||
rng->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
sz -= WOLFSSL_MAX_16BIT;
|
||||
offset += WOLFSSL_MAX_16BIT;
|
||||
}
|
||||
if (sz) {
|
||||
word16 slen = (word16)sz;
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
ret = CspTrueRandom(rng->asyncDev.dev.devId, CAVIUM_BLOCKING, DMA_DIRECT_DIRECT,
|
||||
CAVIUM_SSL_GRP, CAVIUM_DPORT, slen, output + offset, &requestId);
|
||||
#else
|
||||
ret = CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
|
||||
rng->asyncDev.dev.devId);
|
||||
#endif
|
||||
ret = NitroxTranslateResponseCode(ret);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* !defined(HAVE_HASHDRBG) && !defined(NO_RC4) */
|
||||
|
||||
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
+15
-63
@@ -47,14 +47,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
|
||||
return GenerateSeed(os, seed, sz);
|
||||
}
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
int wc_InitRngCavium(WC_RNG* rng, int i)
|
||||
{
|
||||
return InitRngCavium(rng, i);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
int wc_InitRng(WC_RNG* rng)
|
||||
{
|
||||
return InitRng_fips(rng);
|
||||
@@ -178,6 +170,7 @@ int wc_FreeRng(WC_RNG* rng)
|
||||
#define IS_INTEL_RDSEED (cpuid_flags&CPUID_RDSEED)
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
|
||||
|
||||
/* Start NIST DRBG code */
|
||||
@@ -811,12 +804,13 @@ int wc_InitRng(WC_RNG* rng)
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_INTEL_RDGEN
|
||||
wc_InitRng_IntelRD() ;
|
||||
if(IS_INTEL_RDRAND)return 0 ;
|
||||
wc_InitRng_IntelRD();
|
||||
if(IS_INTEL_RDRAND) return 0;
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC)
|
||||
return 0;
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG, INVALID_DEVID);
|
||||
if (ret != 0) return ret;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
@@ -847,10 +841,6 @@ int wc_InitRng(WC_RNG* rng)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz);
|
||||
#endif
|
||||
|
||||
/* place a generated block in output */
|
||||
int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
|
||||
{
|
||||
@@ -858,9 +848,10 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
|
||||
if(IS_INTEL_RDRAND)
|
||||
return wc_GenerateRand_IntelRD(NULL, output, sz) ;
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC)
|
||||
return CaviumRNG_GenerateBlock(rng, output, sz);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
|
||||
return NitroxRngGenerateBlock(rng, output, sz);
|
||||
}
|
||||
#endif
|
||||
XMEMSET(output, 0, sz);
|
||||
wc_Arc4Process(&rng->cipher, output, output, sz);
|
||||
@@ -878,53 +869,14 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
|
||||
int wc_FreeRng(WC_RNG* rng)
|
||||
{
|
||||
(void)rng;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
||||
#include <wolfssl/ctaocrypt/logging.h>
|
||||
#include "cavium_common.h"
|
||||
|
||||
/* Initialize RNG for use with Nitrox device */
|
||||
int wc_InitRngCavium(WC_RNG* rng, int devId)
|
||||
{
|
||||
if (rng == NULL)
|
||||
return -1;
|
||||
|
||||
rng->devId = devId;
|
||||
rng->magic = WOLFSSL_RNG_CAVIUM_MAGIC;
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
wolfAsync_DevCtxFree(&rng->asyncDev);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
|
||||
{
|
||||
wolfssl_word offset = 0;
|
||||
word32 requestId;
|
||||
|
||||
while (sz > WOLFSSL_MAX_16BIT) {
|
||||
word16 slen = (word16)WOLFSSL_MAX_16BIT;
|
||||
if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
|
||||
rng->devId) != 0) {
|
||||
WOLFSSL_MSG("Cavium RNG failed");
|
||||
}
|
||||
sz -= WOLFSSL_MAX_16BIT;
|
||||
offset += WOLFSSL_MAX_16BIT;
|
||||
}
|
||||
if (sz) {
|
||||
word16 slen = (word16)sz;
|
||||
if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
|
||||
rng->devId) != 0) {
|
||||
WOLFSSL_MSG("Cavium RNG failed");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
#endif /* HAVE_HASHDRBG || NO_RC4 */
|
||||
|
||||
|
||||
@@ -1127,7 +1079,7 @@ static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#else
|
||||
#else /* HAVE_HASHDRBG || NO_RC4 */
|
||||
|
||||
/* return 0 on success */
|
||||
static INLINE int IntelRDrand32(unsigned int *rnd)
|
||||
|
||||
+750
-689
File diff suppressed because it is too large
Load Diff
@@ -209,7 +209,7 @@ int wc_SignatureVerify(
|
||||
if (plain_len < sig_len) {
|
||||
plain_len = sig_len;
|
||||
}
|
||||
plain_data = (byte*)XMALLOC(hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
plain_data = (byte*)XMALLOC(plain_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (plain_data) {
|
||||
/* Perform verification of signature using provided RSA key */
|
||||
ret = wc_RsaSSL_Verify(sig, sig_len, plain_data, plain_len,
|
||||
|
||||
@@ -1035,13 +1035,37 @@ int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
|
||||
|
||||
#ifdef TFM_TIMING_RESISTANT
|
||||
|
||||
#ifndef WC_NO_CACHE_RESISTANT
|
||||
/* all off / all on pointer addresses for constant calculations */
|
||||
/* ecc.c uses same table */
|
||||
const wolfssl_word wc_off_on_addr[2] =
|
||||
{
|
||||
#if defined(WC_64BIT_CPU)
|
||||
W64LIT(0x0000000000000000),
|
||||
W64LIT(0xffffffffffffffff)
|
||||
#elif defined(WC_16BIT_CPU)
|
||||
0x0000U,
|
||||
0xffffU
|
||||
#else
|
||||
/* 32 bit */
|
||||
0x00000000U,
|
||||
0xffffffffU
|
||||
#endif
|
||||
};
|
||||
|
||||
#endif /* WC_NO_CACHE_RESISTANT */
|
||||
|
||||
/* timing resistant montgomery ladder based exptmod
|
||||
Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder",
|
||||
Cryptographic Hardware and Embedded Systems, CHES 2002
|
||||
*/
|
||||
static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
|
||||
{
|
||||
#ifdef WC_NO_CACHE_RESISTANT
|
||||
fp_int R[2];
|
||||
#else
|
||||
fp_int R[3]; /* need a temp for cache resistance */
|
||||
#endif
|
||||
fp_digit buf, mp;
|
||||
int err, bitcnt, digidx, y;
|
||||
|
||||
@@ -1052,6 +1076,9 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
|
||||
|
||||
fp_init(&R[0]);
|
||||
fp_init(&R[1]);
|
||||
#ifndef WC_NO_CACHE_RESISTANT
|
||||
fp_init(&R[2]);
|
||||
#endif
|
||||
|
||||
/* now we need R mod m */
|
||||
fp_montgomery_calc_normalization (&R[0], P);
|
||||
@@ -1092,7 +1119,21 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
|
||||
|
||||
/* do ops */
|
||||
fp_mul(&R[0], &R[1], &R[y^1]); fp_montgomery_reduce(&R[y^1], P, mp);
|
||||
|
||||
#ifdef WC_NO_CACHE_RESISTANT
|
||||
fp_sqr(&R[y], &R[y]); fp_montgomery_reduce(&R[y], P, mp);
|
||||
#else
|
||||
/* instead of using R[y] for sqr, which leaks key bit to cache monitor,
|
||||
* use R[2] as temp, make sure address calc is constant, keep
|
||||
* &R[0] and &R[1] in cache */
|
||||
fp_copy((fp_int*) ( ((wolfssl_word)&R[0] & wc_off_on_addr[y^1]) +
|
||||
((wolfssl_word)&R[1] & wc_off_on_addr[y]) ),
|
||||
&R[2]);
|
||||
fp_sqr(&R[2], &R[2]); fp_montgomery_reduce(&R[2], P, mp);
|
||||
fp_copy(&R[2],
|
||||
(fp_int*) ( ((wolfssl_word)&R[0] & wc_off_on_addr[y^1]) +
|
||||
((wolfssl_word)&R[1] & wc_off_on_addr[y]) ) );
|
||||
#endif /* WC_NO_CACHE_RESISTANT */
|
||||
}
|
||||
|
||||
fp_montgomery_reduce(&R[0], P, mp);
|
||||
|
||||
@@ -0,0 +1,274 @@
|
||||
/* wolfevent.c
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
|
||||
#ifdef HAVE_WOLF_EVENT
|
||||
|
||||
#include <wolfssl/internal.h>
|
||||
#include <wolfssl/error-ssl.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
|
||||
#include <wolfssl/wolfcrypt/wolfevent.h>
|
||||
|
||||
|
||||
int wolfEvent_Init(WOLF_EVENT* event, WOLF_EVENT_TYPE type, void* context)
|
||||
{
|
||||
if (event == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (event->pending) {
|
||||
WOLFSSL_MSG("event already pending!");
|
||||
return BAD_COND_E;
|
||||
}
|
||||
|
||||
XMEMSET(event, 0, sizeof(WOLF_EVENT));
|
||||
event->type = type;
|
||||
event->context = context;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int wolfEvent_Poll(WOLF_EVENT* event, WOLF_EVENT_FLAG flags)
|
||||
{
|
||||
int ret = BAD_COND_E;
|
||||
|
||||
/* Check hardware */
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST &&
|
||||
event->type <= WOLF_EVENT_TYPE_ASYNC_LAST)
|
||||
{
|
||||
ret = wolfAsync_EventPoll(event, flags);
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wolfEventQueue_Init(WOLF_EVENT_QUEUE* queue)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (queue == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
XMEMSET(queue, 0, sizeof(WOLF_EVENT_QUEUE));
|
||||
#ifndef SINGLE_THREADED
|
||||
ret = InitMutex(&queue->lock);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int wolfEventQueue_Push(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (queue == NULL || event == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
if ((ret = LockMutex(&queue->lock)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Setup event */
|
||||
event->next = NULL;
|
||||
event->pending = 1;
|
||||
|
||||
if (queue->tail == NULL) {
|
||||
queue->head = event;
|
||||
}
|
||||
else {
|
||||
queue->tail->next = event;
|
||||
event->prev = queue->tail;
|
||||
}
|
||||
queue->tail = event; /* add to the end either way */
|
||||
queue->count++;
|
||||
ret = 0;
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
UnLockMutex(&queue->lock);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wolfEventQueue_Pop(WOLF_EVENT_QUEUE* queue, WOLF_EVENT** event)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (queue == NULL || event == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
/* In single threaded mode "event_queue.lock" doesn't exist */
|
||||
if ((ret = LockMutex(&queue->lock)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Pop first item off queue */
|
||||
*event = queue->head;
|
||||
ret = wolfEventQueue_Remove(queue, *event);
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
UnLockMutex(&queue->lock);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* assumes queue is locked by caller */
|
||||
int wolfEventQueue_Remove(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (queue == NULL || event == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (event == queue->head && event == queue->tail) {
|
||||
queue->head = NULL;
|
||||
queue->tail = NULL;
|
||||
}
|
||||
else if (event == queue->head) {
|
||||
queue->head = event->next;
|
||||
queue->head->prev = NULL;
|
||||
}
|
||||
else if (event == queue->tail) {
|
||||
queue->tail = event->prev;
|
||||
queue->tail->next = NULL;
|
||||
}
|
||||
else {
|
||||
WOLF_EVENT* next = event->next;
|
||||
WOLF_EVENT* prev = event->prev;
|
||||
next->prev = prev;
|
||||
prev->next = next;
|
||||
}
|
||||
queue->count--;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wolfEventQueue_Poll(WOLF_EVENT_QUEUE* queue, void* context_filter,
|
||||
WOLF_EVENT** events, int maxEvents, WOLF_EVENT_FLAG flags, int* eventCount)
|
||||
{
|
||||
WOLF_EVENT* event;
|
||||
int ret = 0, count = 0;
|
||||
|
||||
if (queue == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
/* In single threaded mode "event_queue.lock" doesn't exist */
|
||||
if ((ret = LockMutex(&queue->lock)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* itterate event queue */
|
||||
for (event = queue->head; event != NULL; event = event->next)
|
||||
{
|
||||
/* optional filter based on context */
|
||||
if (context_filter == NULL || event->context == context_filter) {
|
||||
|
||||
/* poll event */
|
||||
ret = wolfEvent_Poll(event, flags);
|
||||
if (ret < 0) break; /* exit for */
|
||||
|
||||
/* If event is done then process */
|
||||
if (event->done) {
|
||||
/* remove from queue */
|
||||
ret = wolfEventQueue_Remove(queue, event);
|
||||
if (ret < 0) break; /* exit for */
|
||||
|
||||
/* return pointer in 'events' arg */
|
||||
if (events) {
|
||||
events[count] = event; /* return pointer */
|
||||
}
|
||||
count++;
|
||||
|
||||
/* check to make sure our event list isn't full */
|
||||
if (events && count >= maxEvents) {
|
||||
break; /* exit for */
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
UnLockMutex(&queue->lock);
|
||||
#endif
|
||||
|
||||
/* return number of properly populated events */
|
||||
if (eventCount) {
|
||||
*eventCount = count;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wolfEventQueue_Count(WOLF_EVENT_QUEUE* queue)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (queue == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
/* In single threaded mode "event_queue.lock" doesn't exist */
|
||||
if ((ret = LockMutex(&queue->lock)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = queue->count;
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
UnLockMutex(&queue->lock);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void wolfEventQueue_Free(WOLF_EVENT_QUEUE* queue)
|
||||
{
|
||||
if (queue) {
|
||||
#ifndef SINGLE_THREADED
|
||||
FreeMutex(&queue->lock);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* HAVE_WOLF_EVENT */
|
||||
+744
-588
File diff suppressed because it is too large
Load Diff
@@ -76,6 +76,7 @@ typedef struct RsaKey {
|
||||
} RsaKey;
|
||||
|
||||
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void*);
|
||||
WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
|
||||
WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
|
||||
|
||||
WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
|
||||
|
||||
@@ -74,7 +74,7 @@ enum {
|
||||
};
|
||||
|
||||
|
||||
int wc_InitRsaKey(RsaKey* key, void* heap)
|
||||
int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
|
||||
{
|
||||
|
||||
USER_DEBUG(("Entering wc_InitRsaKey\n"));
|
||||
@@ -87,10 +87,16 @@ int wc_InitRsaKey(RsaKey* key, void* heap)
|
||||
|
||||
USER_DEBUG(("\tExit wc_InitRsaKey\n"));
|
||||
|
||||
(void)devId;
|
||||
(void)heap;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int wc_InitRsaKey(RsaKey* key, void* heap)
|
||||
{
|
||||
return wc_InitRsaKey_ex(key, heap, INVALID_DEVID);
|
||||
}
|
||||
|
||||
|
||||
/* three functions needed for cert and key gen */
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)
|
||||
|
||||
@@ -322,6 +322,10 @@
|
||||
RelativePath=".\wolfcrypt\src\wc_encrypt.c"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\wolfcrypt\src\wolfevent.c"
|
||||
>
|
||||
</File>
|
||||
</Filter>
|
||||
<Filter
|
||||
Name="Header Files"
|
||||
|
||||
@@ -315,6 +315,10 @@
|
||||
RelativePath=".\wolfcrypt\src\wc_encrypt.c"
|
||||
>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\wolfcrypt\src\wolfevent.c"
|
||||
>
|
||||
</File>
|
||||
</Filter>
|
||||
<Filter
|
||||
Name="Header Files"
|
||||
|
||||
@@ -317,6 +317,7 @@
|
||||
<ClCompile Include="wolfcrypt\src\signature.c" />
|
||||
<ClCompile Include="wolfcrypt\src\wc_encrypt.c" />
|
||||
<ClCompile Include="wolfcrypt\src\wc_port.c" />
|
||||
<ClCompile Include="wolfcrypt\src\wolfevent.c" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<CustomBuild Include="wolfcrypt\src\aes_asm.asm">
|
||||
|
||||
+3
-2
@@ -142,7 +142,6 @@ enum wolfSSL_ErrorCodes {
|
||||
UNKNOWN_ALPN_PROTOCOL_NAME_E = -405, /* Unrecognized protocol name Error*/
|
||||
BAD_CERTIFICATE_STATUS_ERROR = -406, /* Bad certificate status message */
|
||||
OCSP_INVALID_STATUS = -407, /* Invalid OCSP Status */
|
||||
ASYNC_NOT_PENDING = -408, /* Async operation not pending */
|
||||
|
||||
RSA_KEY_SIZE_E = -409, /* RSA key too small */
|
||||
ECC_KEY_SIZE_E = -410, /* ECC key too small */
|
||||
@@ -150,11 +149,13 @@ enum wolfSSL_ErrorCodes {
|
||||
DTLS_EXPORT_VER_E = -411, /* export version error */
|
||||
INPUT_SIZE_E = -412, /* input size too big error */
|
||||
CTX_INIT_MUTEX_E = -413, /* initialize ctx mutex error */
|
||||
EXT_MASTER_SECRET_NEEDED_E = -414, /* need EMS enabled to resume */
|
||||
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
|
||||
|
||||
/* begin negotiation parameter errors */
|
||||
UNSUPPORTED_SUITE = -500, /* unsupported cipher suite */
|
||||
MATCH_SUITE_ERROR = -501 /* can't match cipher suite */
|
||||
MATCH_SUITE_ERROR = -501, /* can't match cipher suite */
|
||||
COMPRESSION_ERROR = -502 /* compression mismatch */
|
||||
/* end negotiation parameter errors only 10 for now */
|
||||
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
|
||||
|
||||
|
||||
+32
-37
@@ -155,7 +155,7 @@
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/async.h>
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
#ifdef _MSC_VER
|
||||
@@ -878,6 +878,7 @@ enum Misc {
|
||||
NO_COMPRESSION = 0,
|
||||
ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
|
||||
HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
|
||||
HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
|
||||
SECRET_LEN = 48, /* pre RSA and all master */
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE)
|
||||
ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */
|
||||
@@ -939,10 +940,10 @@ enum Misc {
|
||||
REQ_HEADER_SZ = 2, /* cert request header sz */
|
||||
HINT_LEN_SZ = 2, /* length of hint size field */
|
||||
TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
|
||||
HELLO_EXT_SZ = 4, /* base length of a hello extension */
|
||||
HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
|
||||
HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */
|
||||
HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */
|
||||
HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */
|
||||
HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
|
||||
HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
|
||||
HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
|
||||
|
||||
DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
|
||||
@@ -963,6 +964,7 @@ enum Misc {
|
||||
MAX_EXPORT_BUFFER = 500, /* max size of buffer for exporting */
|
||||
FINISHED_LABEL_SZ = 15, /* TLS finished label size */
|
||||
TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
|
||||
EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
|
||||
MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
|
||||
KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
|
||||
MAX_PRF_HALF = 256, /* Maximum half secret len */
|
||||
@@ -1059,8 +1061,6 @@ enum Misc {
|
||||
|
||||
HASH_SIG_SIZE = 2, /* default SHA1 RSA */
|
||||
|
||||
NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */
|
||||
|
||||
NO_COPY = 0, /* should we copy static buffer for write */
|
||||
COPY = 1 /* should we copy static buffer for write */
|
||||
};
|
||||
@@ -1899,24 +1899,6 @@ WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
|
||||
#endif /* HAVE_QSH */
|
||||
|
||||
|
||||
#ifdef HAVE_WOLF_EVENT
|
||||
typedef struct {
|
||||
WOLF_EVENT* head; /* head of queue */
|
||||
WOLF_EVENT* tail; /* tail of queue */
|
||||
#ifndef SINGLE_THREADED
|
||||
wolfSSL_Mutex lock; /* queue lock */
|
||||
#endif
|
||||
} WOLF_EVENT_QUEUE;
|
||||
|
||||
WOLFSSL_LOCAL int wolfSSL_EventInit(WOLFSSL* ssl, WOLF_EVENT_TYPE type);
|
||||
|
||||
WOLFSSL_LOCAL int wolfSSL_CTX_EventPush(WOLFSSL_CTX* ctx, WOLF_EVENT* event);
|
||||
#endif /* HAVE_WOLF_EVENT */
|
||||
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
WOLFSSL_LOCAL int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap);
|
||||
#endif
|
||||
|
||||
/* wolfSSL context type */
|
||||
struct WOLFSSL_CTX {
|
||||
WOLFSSL_METHOD* method;
|
||||
@@ -1956,6 +1938,11 @@ struct WOLFSSL_CTX {
|
||||
byte quietShutdown; /* don't send close notify */
|
||||
byte groupMessages; /* group handshake messages before sending */
|
||||
byte minDowngrade; /* minimum downgrade version */
|
||||
byte haveEMS; /* have extended master secret extension */
|
||||
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
|
||||
byte dtlsSctp; /* DTLS-over-SCTP mode */
|
||||
word16 dtlsMtuSz; /* DTLS MTU size */
|
||||
#endif
|
||||
#ifndef NO_DH
|
||||
word16 minDhKeySz; /* minimum DH key size */
|
||||
#endif
|
||||
@@ -2002,9 +1989,7 @@ struct WOLFSSL_CTX {
|
||||
#ifdef HAVE_OCSP
|
||||
WOLFSSL_OCSP ocsp;
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
int devId; /* cavium device id to use */
|
||||
#endif
|
||||
int devId; /* async device id to use */
|
||||
#ifdef HAVE_TLS_EXTENSIONS
|
||||
TLSX* extensions; /* RFC 6066 TLS Extensions data */
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
@@ -2243,6 +2228,7 @@ struct WOLFSSL_SESSION {
|
||||
byte sessionID[ID_LEN]; /* id for protocol */
|
||||
byte sessionIDSz;
|
||||
byte masterSecret[SECRET_LEN]; /* stored secret */
|
||||
word16 haveEMS; /* ext master secret flag */
|
||||
#ifdef SESSION_CERTS
|
||||
WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
|
||||
ProtocolVersion version; /* which version was used */
|
||||
@@ -2314,6 +2300,7 @@ enum AcceptState {
|
||||
enum KeyShareState {
|
||||
KEYSHARE_BEGIN = 0,
|
||||
KEYSHARE_BUILD,
|
||||
KEYSHARE_DO,
|
||||
KEYSHARE_VERIFY,
|
||||
KEYSHARE_FINALIZE,
|
||||
KEYSHARE_END
|
||||
@@ -2326,6 +2313,7 @@ typedef struct Buffers {
|
||||
buffer domainName; /* for client check */
|
||||
buffer clearOutputBuffer;
|
||||
buffer sig; /* signature data */
|
||||
buffer digest; /* digest data */
|
||||
int prevSent; /* previous plain text bytes sent
|
||||
when got WANT_WRITE */
|
||||
int plainSz; /* plain text bytes in buffer to send
|
||||
@@ -2421,7 +2409,11 @@ typedef struct Options {
|
||||
#endif
|
||||
#ifdef WOLFSSL_DTLS
|
||||
word16 dtlsHsRetain:1; /* DTLS retaining HS data */
|
||||
#ifdef WOLFSSL_SCTP
|
||||
word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
|
||||
#endif
|
||||
#endif
|
||||
word16 haveEMS:1; /* using extended master secret */
|
||||
|
||||
/* need full byte values for this section */
|
||||
byte processReply; /* nonblocking resume */
|
||||
@@ -2683,7 +2675,8 @@ struct WOLFSSL {
|
||||
void* hsDoneCtx; /* user handshake cb context */
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
AsyncCrypt async;
|
||||
AsyncCryptSSLState async;
|
||||
AsyncCryptDev asyncDev;
|
||||
#endif
|
||||
void* sigKey; /* RsaKey or ecc_key allocated from heap */
|
||||
word32 sigType; /* Type of sigKey */
|
||||
@@ -2759,6 +2752,9 @@ struct WOLFSSL {
|
||||
void* IOCB_CookieCtx; /* gen cookie ctx */
|
||||
word32 dtls_expected_rx;
|
||||
wc_dtls_export dtls_export; /* export function for session */
|
||||
#ifdef WOLFSSL_SCTP
|
||||
word16 dtlsMtuSz;
|
||||
#endif /* WOLFSSL_SCTP */
|
||||
#endif
|
||||
#ifdef WOLFSSL_CALLBACKS
|
||||
HandShakeInfo handShakeInfo; /* info saved during handshake */
|
||||
@@ -2782,9 +2778,7 @@ struct WOLFSSL {
|
||||
#if defined(FORTRESS) || defined(HAVE_STUNNEL)
|
||||
void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
int devId; /* cavium device id to use */
|
||||
#endif
|
||||
int devId; /* async device id to use */
|
||||
#ifdef HAVE_ONE_TIME_AUTH
|
||||
OneTimeAuth auth;
|
||||
#endif
|
||||
@@ -2846,9 +2840,6 @@ struct WOLFSSL {
|
||||
#ifdef HAVE_WOLF_EVENT
|
||||
WOLF_EVENT event;
|
||||
#endif /* HAVE_WOLF_EVENT */
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT_TEST
|
||||
AsyncCryptTests asyncCryptTest;
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT_TEST */
|
||||
};
|
||||
|
||||
|
||||
@@ -3001,7 +2992,7 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
|
||||
#ifndef NO_CERTS
|
||||
#ifndef NO_RSA
|
||||
WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl,
|
||||
const byte* sig, word32 sigSz,
|
||||
byte* verifySig, word32 sigSz,
|
||||
const byte* plain, word32 plainSz,
|
||||
RsaKey* key);
|
||||
WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
|
||||
@@ -3010,6 +3001,8 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
|
||||
byte** out, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
|
||||
WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
|
||||
word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
|
||||
WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
|
||||
word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
@@ -3017,7 +3010,7 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
|
||||
byte* out, word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz,
|
||||
void* ctx);
|
||||
WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
|
||||
byte* out, word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
|
||||
const byte* out, word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
|
||||
void* ctx);
|
||||
WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
|
||||
ecc_key* pub_key, byte* out, word32* outSz);
|
||||
@@ -3040,6 +3033,8 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
|
||||
#endif
|
||||
#endif /* !NO_CERTS */
|
||||
WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
|
||||
word32* hashLen);
|
||||
WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
|
||||
const byte* sender);
|
||||
WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
|
||||
@@ -3132,7 +3127,7 @@ WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
WOLFSSL_LOCAL int EccMakeTempKey(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
|
||||
#endif
|
||||
|
||||
WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
|
||||
|
||||
@@ -117,6 +117,7 @@
|
||||
#define CLEAR_ACK_FAULT 80
|
||||
|
||||
#define BAD_DECRYPT_SIZE 81
|
||||
#define EXTENDED_MASTER_HASH_STR 82
|
||||
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
|
||||
|
||||
|
||||
|
||||
@@ -98,5 +98,6 @@ STRINGTABLE
|
||||
80, "Clear ACK Fault"
|
||||
|
||||
81, "Bad Decrypt Size"
|
||||
82, "Extended Master Secret Hash Error"
|
||||
}
|
||||
|
||||
|
||||
+28
-36
@@ -31,6 +31,10 @@
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
#include <wolfssl/version.h>
|
||||
|
||||
#ifdef HAVE_WOLF_EVENT
|
||||
#include <wolfssl/wolfcrypt/wolfevent.h>
|
||||
#endif
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
|
||||
#if MQX_USE_IO_OLD
|
||||
@@ -405,6 +409,11 @@ WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl);
|
||||
WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
|
||||
WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
|
||||
|
||||
WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX*);
|
||||
WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short);
|
||||
WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short);
|
||||
|
||||
WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err);
|
||||
WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
|
||||
WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
|
||||
@@ -1416,9 +1425,9 @@ WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
|
||||
WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
|
||||
|
||||
|
||||
/* cavium additions */
|
||||
WOLFSSL_API int wolfSSL_UseCavium(WOLFSSL*, int devId);
|
||||
WOLFSSL_API int wolfSSL_CTX_UseCavium(WOLFSSL_CTX*, int devId);
|
||||
/* async additions */
|
||||
WOLFSSL_API int wolfSSL_UseAsync(WOLFSSL*, int devId);
|
||||
WOLFSSL_API int wolfSSL_CTX_UseAsync(WOLFSSL_CTX*, int devId);
|
||||
|
||||
/* TLS Extensions */
|
||||
|
||||
@@ -1695,6 +1704,11 @@ WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* TLS Extended Master Secret Extension */
|
||||
WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl);
|
||||
WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx);
|
||||
|
||||
|
||||
#define WOLFSSL_CRL_MONITOR 0x01 /* monitor this dir flag */
|
||||
#define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */
|
||||
|
||||
@@ -1716,6 +1730,12 @@ int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, unsigned int msLen,
|
||||
const unsigned char* cr, const unsigned char* sr,
|
||||
int tls1_2, int hash_type);
|
||||
|
||||
WOLFSSL_API
|
||||
int wolfSSL_MakeTlsExtendedMasterSecret(unsigned char* ms, unsigned int msLen,
|
||||
const unsigned char* pms, unsigned int pmsLen,
|
||||
const unsigned char* sHash, unsigned int sHashLen,
|
||||
int tls1_2, int hash_type);
|
||||
|
||||
WOLFSSL_API
|
||||
int wolfSSL_DeriveTlsKeys(unsigned char* key_data, unsigned int keyLen,
|
||||
const unsigned char* ms, unsigned int msLen,
|
||||
@@ -1909,41 +1929,13 @@ WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr);
|
||||
WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl);
|
||||
#endif /* WOLFSSL_JNI */
|
||||
|
||||
#ifdef HAVE_WOLF_EVENT
|
||||
typedef enum WOLF_EVENT_TYPE {
|
||||
WOLF_EVENT_TYPE_NONE,
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WOLF_EVENT_TYPE_ASYNC_ACCEPT,
|
||||
WOLF_EVENT_TYPE_ASYNC_CONNECT,
|
||||
WOLF_EVENT_TYPE_ASYNC_READ,
|
||||
WOLF_EVENT_TYPE_ASYNC_WRITE,
|
||||
WOLF_EVENT_TYPE_ASYNC_FIRST = WOLF_EVENT_TYPE_ASYNC_ACCEPT,
|
||||
WOLF_EVENT_TYPE_ASYNC_LAST = WOLF_EVENT_TYPE_ASYNC_WRITE,
|
||||
#endif
|
||||
} WOLF_EVENT_TYPE;
|
||||
|
||||
typedef struct WOLF_EVENT WOLF_EVENT;
|
||||
struct WOLF_EVENT {
|
||||
WOLF_EVENT* next; /* To support event linked list */
|
||||
WOLFSSL* ssl; /* Reference back to SSL object */
|
||||
int ret; /* Async return code */
|
||||
WOLF_EVENT_TYPE type;
|
||||
unsigned short pending:1;
|
||||
unsigned short done:1;
|
||||
/* Future event flags can go here */
|
||||
};
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WOLFSSL_API int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags);
|
||||
WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
|
||||
WOLF_EVENT_FLAG flags, int* eventCount);
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
enum WOLF_POLL_FLAGS {
|
||||
WOLF_POLL_FLAG_CHECK_HW = 0x01,
|
||||
WOLF_POLL_FLAG_PEEK = 0x02,
|
||||
};
|
||||
|
||||
WOLFSSL_API int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events,
|
||||
int maxEvents, unsigned char flags, int* eventCount);
|
||||
WOLFSSL_API int wolfSSL_poll(WOLFSSL* ssl, WOLF_EVENT* events,
|
||||
int maxEvents, unsigned char flags, int* eventCount);
|
||||
|
||||
#endif /* HAVE_WOLF_EVENT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
||||
+53
-63
@@ -107,10 +107,11 @@
|
||||
#define SNPRINTF snprintf
|
||||
#endif /* USE_WINDOWS_API */
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
#include "cavium_sysdep.h"
|
||||
#include "cavium_common.h"
|
||||
#include "cavium_ioctl.h"
|
||||
#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
|
||||
#endif
|
||||
|
||||
#ifdef _MSC_VER
|
||||
@@ -354,11 +355,29 @@ void join_thread(THREAD_TYPE);
|
||||
#endif
|
||||
static const word16 wolfSSLPort = 11111;
|
||||
|
||||
static INLINE void err_sys(const char* msg)
|
||||
|
||||
#if defined(__GNUC__)
|
||||
#define WC_NORETURN __attribute__((noreturn))
|
||||
#else
|
||||
#define WC_NORETURN
|
||||
#endif
|
||||
|
||||
static INLINE WC_NORETURN void err_sys(const char* msg)
|
||||
{
|
||||
printf("wolfSSL error: %s\n", msg);
|
||||
|
||||
#if !defined(__GNUC__)
|
||||
/* scan-build (which pretends to be gnuc) can get confused and think the
|
||||
* msg pointer can be null even when hardcoded and then it won't exit,
|
||||
* making null pointer checks above the err_sys() call useless.
|
||||
* We could just always exit() but some compilers will complain about no
|
||||
* possible return, with gcc we know the attribute to handle that with
|
||||
* WC_NORETURN. */
|
||||
if (msg)
|
||||
#endif
|
||||
{
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -545,11 +564,12 @@ static INLINE void showPeer(WOLFSSL* ssl)
|
||||
|
||||
|
||||
static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
|
||||
word16 port, int udp)
|
||||
word16 port, int udp, int sctp)
|
||||
{
|
||||
int useLookup = 0;
|
||||
(void)useLookup;
|
||||
(void)udp;
|
||||
(void)sctp;
|
||||
|
||||
if (addr == NULL)
|
||||
err_sys("invalid argument to build_addr, addr is NULL");
|
||||
@@ -609,8 +629,17 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
|
||||
hints.ai_family = AF_INET_V;
|
||||
hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
|
||||
hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP;
|
||||
if (udp) {
|
||||
hints.ai_socktype = SOCK_DGRAM;
|
||||
hints.ai_protocol = IPPROTO_UDP;
|
||||
} else if (sctp) {
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
hints.ai_protocol = IPPROTO_SCTP;
|
||||
}
|
||||
else {
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
hints.ai_protocol = IPPROTO_TCP;
|
||||
}
|
||||
|
||||
SNPRINTF(strPort, sizeof(strPort), "%d", port);
|
||||
strPort[79] = '\0';
|
||||
@@ -630,12 +659,14 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
|
||||
}
|
||||
|
||||
|
||||
static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
|
||||
static INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
|
||||
{
|
||||
if (udp)
|
||||
*sockfd = socket(AF_INET_V, SOCK_DGRAM, 0);
|
||||
*sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP);
|
||||
else if (sctp)
|
||||
*sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_SCTP);
|
||||
else
|
||||
*sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
|
||||
*sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_TCP);
|
||||
|
||||
if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) {
|
||||
err_sys("socket failed\n");
|
||||
@@ -658,7 +689,7 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
|
||||
#endif /* S_NOSIGPIPE */
|
||||
|
||||
#if defined(TCP_NODELAY)
|
||||
if (!udp)
|
||||
if (!udp && !sctp)
|
||||
{
|
||||
int on = 1;
|
||||
socklen_t len = sizeof(on);
|
||||
@@ -671,14 +702,14 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
|
||||
}
|
||||
|
||||
static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
|
||||
int udp, WOLFSSL* ssl)
|
||||
int udp, int sctp, WOLFSSL* ssl)
|
||||
{
|
||||
SOCKADDR_IN_T addr;
|
||||
build_addr(&addr, ip, port, udp);
|
||||
if(udp) {
|
||||
build_addr(&addr, ip, port, udp, sctp);
|
||||
if (udp) {
|
||||
wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
|
||||
}
|
||||
tcp_socket(sockfd, udp);
|
||||
tcp_socket(sockfd, udp, sctp);
|
||||
|
||||
if (!udp) {
|
||||
if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
|
||||
@@ -738,14 +769,14 @@ static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
|
||||
|
||||
|
||||
static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
|
||||
int udp)
|
||||
int udp, int sctp)
|
||||
{
|
||||
SOCKADDR_IN_T addr;
|
||||
|
||||
/* don't use INADDR_ANY by default, firewall may block, make user switch
|
||||
on */
|
||||
build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp);
|
||||
tcp_socket(sockfd, udp);
|
||||
build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp, sctp);
|
||||
tcp_socket(sockfd, udp, sctp);
|
||||
|
||||
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
|
||||
&& !defined(WOLFSSL_KEIL_TCP_NET)
|
||||
@@ -807,8 +838,8 @@ static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
|
||||
SOCKADDR_IN_T addr;
|
||||
|
||||
(void)args;
|
||||
build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1);
|
||||
tcp_socket(sockfd, 1);
|
||||
build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1, 0);
|
||||
tcp_socket(sockfd, 1, 0);
|
||||
|
||||
|
||||
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \
|
||||
@@ -860,7 +891,7 @@ static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
|
||||
|
||||
static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
|
||||
func_args* args, word16 port, int useAnyAddr,
|
||||
int udp, int ready_file, int do_listen)
|
||||
int udp, int sctp, int ready_file, int do_listen)
|
||||
{
|
||||
SOCKADDR_IN_T client;
|
||||
socklen_t client_len = sizeof(client);
|
||||
@@ -874,7 +905,7 @@ static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
|
||||
}
|
||||
|
||||
if(do_listen) {
|
||||
tcp_listen(sockfd, &port, useAnyAddr, udp);
|
||||
tcp_listen(sockfd, &port, useAnyAddr, udp, sctp);
|
||||
|
||||
#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
|
||||
/* signal ready to tcp_accept */
|
||||
@@ -1218,29 +1249,6 @@ static INLINE void CaCb(unsigned char* der, int sz, int type)
|
||||
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
||||
static INLINE int OpenNitroxDevice(int dma_mode,int dev_id)
|
||||
{
|
||||
Csp1CoreAssignment core_assign;
|
||||
Uint32 device;
|
||||
|
||||
if (CspInitialize(CAVIUM_DIRECT,CAVIUM_DEV_ID))
|
||||
return -1;
|
||||
if (Csp1GetDevType(&device))
|
||||
return -1;
|
||||
if (device != NPX_DEVICE) {
|
||||
if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT,
|
||||
(Uint32 *)&core_assign)!= 0)
|
||||
return -1;
|
||||
}
|
||||
CspShutdown(CAVIUM_DEV_ID);
|
||||
|
||||
return CspInitialize(dma_mode, dev_id);
|
||||
}
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
|
||||
/* Wolf Root Directory Helper */
|
||||
/* KEIL-RL File System does not support relative directory */
|
||||
@@ -1974,24 +1982,6 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
|
||||
|
||||
#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
static INLINE int AsyncCryptPoll(WOLFSSL* ssl)
|
||||
{
|
||||
int ret, eventCount = 0;
|
||||
WOLF_EVENT events[1];
|
||||
|
||||
printf("Connect/Accept got WC_PENDING_E\n");
|
||||
|
||||
ret = wolfSSL_poll(ssl, events, sizeof(events)/sizeof(WOLF_EVENT),
|
||||
WOLF_POLL_FLAG_CHECK_HW, &eventCount);
|
||||
if (ret == 0 && eventCount > 0) {
|
||||
ret = 1; /* Success */
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
static INLINE word16 GetRandomPort(void)
|
||||
{
|
||||
word16 port = 0;
|
||||
|
||||
+13
-29
@@ -39,10 +39,6 @@
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_FIPS /* to avoid redefinition of macros */
|
||||
#ifdef HAVE_CAVIUM
|
||||
#include <wolfssl/wolfcrypt/logging.h>
|
||||
#include "cavium_common.h"
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_AESNI
|
||||
|
||||
@@ -50,23 +46,8 @@
|
||||
#include <emmintrin.h>
|
||||
#include <smmintrin.h>
|
||||
|
||||
#if !defined (ALIGN16)
|
||||
#if defined (__GNUC__)
|
||||
#define ALIGN16 __attribute__ ( (aligned (16)))
|
||||
#elif defined(_MSC_VER)
|
||||
/* disable align warning, we want alignment ! */
|
||||
#pragma warning(disable: 4324)
|
||||
#define ALIGN16 __declspec (align (16))
|
||||
#else
|
||||
#define ALIGN16
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_AESNI */
|
||||
|
||||
#if !defined (ALIGN16)
|
||||
#define ALIGN16
|
||||
#endif
|
||||
#endif /* HAVE_FIPS */
|
||||
|
||||
#ifdef __cplusplus
|
||||
@@ -74,7 +55,10 @@
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_FIPS /* to avoid redefinition of structures */
|
||||
#define WOLFSSL_AES_CAVIUM_MAGIC 0xBEEF0002
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
enum {
|
||||
AES_ENC_TYPE = 1, /* cipher unique type */
|
||||
@@ -102,12 +86,12 @@ typedef struct Aes {
|
||||
#ifdef WOLFSSL_AESNI
|
||||
byte use_aesni;
|
||||
#endif /* WOLFSSL_AESNI */
|
||||
#ifdef HAVE_CAVIUM
|
||||
AesType type; /* aes key type */
|
||||
int devId; /* nitrox device id */
|
||||
word32 magic; /* using cavium magic */
|
||||
word64 contextHandle; /* nitrox context memory handle */
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
AsyncCryptDev asyncDev;
|
||||
#ifdef HAVE_CAVIUM
|
||||
AesType type; /* aes key type */
|
||||
#endif
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
#ifdef WOLFSSL_AES_COUNTER
|
||||
word32 left; /* unused bytes left from last call */
|
||||
#endif
|
||||
@@ -183,9 +167,9 @@ WOLFSSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out,
|
||||
const byte* authIn, word32 authInSz);
|
||||
#endif /* HAVE_AESCCM */
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
WOLFSSL_API int wc_AesInitCavium(Aes*, int);
|
||||
WOLFSSL_API void wc_AesFreeCavium(Aes*);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WOLFSSL_API int wc_AesAsyncInit(Aes*, int);
|
||||
WOLFSSL_API void wc_AesAsyncFree(Aes*);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
@@ -30,7 +30,9 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define WOLFSSL_ARC4_CAVIUM_MAGIC 0xBEEF0001
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
enum {
|
||||
ARC4_ENC_TYPE = 4, /* cipher unique type */
|
||||
@@ -42,19 +44,17 @@ typedef struct Arc4 {
|
||||
byte x;
|
||||
byte y;
|
||||
byte state[ARC4_STATE_SIZE];
|
||||
#ifdef HAVE_CAVIUM
|
||||
int devId; /* nitrox device id */
|
||||
word32 magic; /* using cavium magic */
|
||||
word64 contextHandle; /* nitrox context memory handle */
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
AsyncCryptDev asyncDev;
|
||||
#endif
|
||||
} Arc4;
|
||||
|
||||
WOLFSSL_API void wc_Arc4Process(Arc4*, byte*, const byte*, word32);
|
||||
WOLFSSL_API void wc_Arc4SetKey(Arc4*, const byte*, word32);
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
WOLFSSL_API int wc_Arc4InitCavium(Arc4*, int);
|
||||
WOLFSSL_API void wc_Arc4FreeCavium(Arc4*);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WOLFSSL_API int wc_Arc4AsyncInit(Arc4*, int);
|
||||
WOLFSSL_API void wc_Arc4AsyncFree(Arc4*);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
@@ -312,8 +312,10 @@ enum ExtKeyUsage_Sum { /* From RFC 5280 */
|
||||
|
||||
|
||||
enum VerifyType {
|
||||
NO_VERIFY = 0,
|
||||
VERIFY = 1
|
||||
NO_VERIFY = 0,
|
||||
VERIFY = 1,
|
||||
VERIFY_CRL = 2,
|
||||
VERIFY_OCSP = 3
|
||||
};
|
||||
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
|
||||
@@ -37,7 +37,10 @@
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_FIPS /* to avoid redefinition of macros */
|
||||
#define WOLFSSL_3DES_CAVIUM_MAGIC 0xBEEF0003
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
enum {
|
||||
DES_ENC_TYPE = 2, /* cipher unique type */
|
||||
@@ -76,10 +79,8 @@ typedef struct Des3 {
|
||||
word32 key[3][DES_KS_SIZE];
|
||||
word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */
|
||||
word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */
|
||||
#ifdef HAVE_CAVIUM
|
||||
int devId; /* nitrox device id */
|
||||
word32 magic; /* using cavium magic */
|
||||
word64 contextHandle; /* nitrox context memory handle */
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
AsyncCryptDev asyncDev;
|
||||
#endif
|
||||
} Des3;
|
||||
#endif /* HAVE_FIPS */
|
||||
@@ -102,9 +103,9 @@ WOLFSSL_API int wc_Des3_CbcEncrypt(Des3* des, byte* out,
|
||||
WOLFSSL_API int wc_Des3_CbcDecrypt(Des3* des, byte* out,
|
||||
const byte* in,word32 sz);
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
WOLFSSL_API int wc_Des3_InitCavium(Des3*, int);
|
||||
WOLFSSL_API void wc_Des3_FreeCavium(Des3*);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WOLFSSL_API int wc_Des3AsyncInit(Des3*, int);
|
||||
WOLFSSL_API void wc_Des3AsyncFree(Des3*);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
+15
-1
@@ -30,6 +30,10 @@
|
||||
#include <wolfssl/wolfcrypt/integer.h>
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
@@ -230,6 +234,10 @@ typedef struct {
|
||||
ecc_point pubkey; /* public key */
|
||||
mp_int k; /* private key */
|
||||
void* heap; /* heap hint */
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
AsyncCryptDev asyncDev;
|
||||
#endif
|
||||
} ecc_key;
|
||||
|
||||
|
||||
@@ -275,7 +283,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
|
||||
WOLFSSL_API
|
||||
int wc_ecc_init(ecc_key* key);
|
||||
WOLFSSL_API
|
||||
int wc_ecc_init_h(ecc_key* key, void* heap);
|
||||
int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
|
||||
WOLFSSL_API
|
||||
void wc_ecc_free(ecc_key* key);
|
||||
WOLFSSL_API
|
||||
@@ -421,6 +429,12 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
|
||||
#endif /* HAVE_ECC_ENCRYPT */
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WOLFSSL_API int wc_ecc_async_handle(ecc_key* key,
|
||||
WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event);
|
||||
WOLFSSL_API int wc_ecc_async_wait(int ret, ecc_key* key);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
@@ -44,6 +44,9 @@ enum {
|
||||
CRYPTGEN_E = -104, /* windows crypt generation error */
|
||||
RAN_BLOCK_E = -105, /* reading random device would block */
|
||||
BAD_MUTEX_E = -106, /* Bad mutex operation */
|
||||
WC_TIMEOUT_E = -107, /* timeout error */
|
||||
WC_PENDING_E = -108, /* wolfCrypt operation pending (would block) */
|
||||
WC_NOT_PENDING_E = -109, /* wolfCrypt operation not pending */
|
||||
|
||||
MP_INIT_E = -110, /* mp_init error state */
|
||||
MP_READ_E = -111, /* mp_read error state */
|
||||
@@ -61,7 +64,6 @@ enum {
|
||||
MEMORY_E = -125, /* out of memory error */
|
||||
VAR_STATE_CHANGE_E = -126, /* var state modified by different thread */
|
||||
|
||||
|
||||
RSA_WRONG_TYPE_E = -130, /* RSA wrong block type for RSA function */
|
||||
RSA_BUFFER_E = -131, /* RSA buffer error, output too small or
|
||||
input too large */
|
||||
@@ -108,7 +110,7 @@ enum {
|
||||
AES_GCM_AUTH_E = -180, /* AES-GCM Authentication check failure */
|
||||
AES_CCM_AUTH_E = -181, /* AES-CCM Authentication check failure */
|
||||
|
||||
CAVIUM_INIT_E = -182, /* Cavium Init type error */
|
||||
ASYNC_INIT_E = -182, /* Async Init type error */
|
||||
|
||||
COMPRESS_INIT_E = -183, /* Compress init error */
|
||||
COMPRESS_E = -184, /* Compress error */
|
||||
@@ -121,7 +123,7 @@ enum {
|
||||
ASN_CRL_NO_SIGNER_E = -190, /* ASN CRL no signer to confirm failure */
|
||||
ASN_OCSP_CONFIRM_E = -191, /* ASN OCSP signature confirm failure */
|
||||
|
||||
BAD_ENC_STATE_E = -192, /* Bad ecc enc state operation */
|
||||
BAD_STATE_E = -192, /* Bad state operation */
|
||||
BAD_PADDING_E = -193, /* Bad padding, msg not correct length */
|
||||
|
||||
REQ_ATTRIBUTE_E = -194, /* setting cert request attributes error */
|
||||
@@ -169,7 +171,6 @@ enum {
|
||||
BAD_COND_E = -230, /* Bad condition variable operation */
|
||||
SIG_TYPE_E = -231, /* Signature Type not enabled/available */
|
||||
HASH_TYPE_E = -232, /* Hash Type not enabled/available */
|
||||
WC_PENDING_E = -233, /* wolfCrypt operation pending (would block) */
|
||||
|
||||
WC_KEY_SIZE_E = -234, /* Key size error, either too small or large */
|
||||
ASN_COUNTRY_SIZE_E = -235, /* ASN Cert Gen, invalid country code size */
|
||||
|
||||
@@ -58,7 +58,7 @@ enum wc_HashType {
|
||||
#define WC_MAX_DIGEST_SIZE 64 /* default to max size of 64 */
|
||||
#endif
|
||||
|
||||
#ifndef NO_ASN
|
||||
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
|
||||
WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type);
|
||||
#endif
|
||||
|
||||
@@ -105,10 +105,12 @@ WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
#include <wolfssl/wolfcrypt/sha512.h>
|
||||
WOLFSSL_API int wc_Sha512GetHash(Sha512*, byte*);
|
||||
WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
|
||||
#define wc_Sha512Free(d)
|
||||
|
||||
#if defined(WOLFSSL_SHA384)
|
||||
WOLFSSL_API int wc_Sha384GetHash(Sha384*, byte*);
|
||||
WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
|
||||
#define wc_Sha384Free(d)
|
||||
#endif /* defined(WOLFSSL_SHA384) */
|
||||
|
||||
+22
-22
@@ -53,17 +53,15 @@
|
||||
#include <cyassl/ctaocrypt/hmac.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
#include <wolfssl/wolfcrypt/logging.h>
|
||||
#include "cavium_common.h"
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
#ifndef HAVE_FIPS
|
||||
#define WOLFSSL_HMAC_CAVIUM_MAGIC 0xBEEF0005
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
enum {
|
||||
HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */
|
||||
@@ -144,18 +142,18 @@ typedef struct Hmac {
|
||||
word32 ipad[HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
|
||||
word32 opad[HMAC_BLOCK_SIZE / sizeof(word32)];
|
||||
word32 innerHash[MAX_DIGEST_SIZE / sizeof(word32)];
|
||||
#ifdef HAVE_CAVIUM
|
||||
word64 contextHandle; /* nitrox context memory handle */
|
||||
HashType type; /* hmac key type */
|
||||
word32 magic; /* using cavium magic */
|
||||
int devId; /* nitrox device id */
|
||||
void* heap /* heap hint , currently only used with cavium */
|
||||
byte* data; /* buffered input data for one call */
|
||||
word16 keyLen; /* hmac key length */
|
||||
word16 dataLen;
|
||||
#endif
|
||||
byte macType; /* md5 sha or sha256 */
|
||||
byte innerHashKeyed; /* keyed flag */
|
||||
void* heap; /* heap hint */
|
||||
byte macType; /* md5 sha or sha256 */
|
||||
byte innerHashKeyed; /* keyed flag */
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
AsyncCryptDev asyncDev;
|
||||
#ifdef HAVE_CAVIUM
|
||||
word16 keyLen; /* hmac key length */
|
||||
word16 dataLen;
|
||||
HashType type; /* hmac key type */
|
||||
byte* data; /* buffered input data for one call */
|
||||
#endif /* HAVE_CAVIUM */
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
} Hmac;
|
||||
|
||||
#endif /* HAVE_FIPS */
|
||||
@@ -164,12 +162,14 @@ typedef struct Hmac {
|
||||
WOLFSSL_API int wc_HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
|
||||
WOLFSSL_API int wc_HmacUpdate(Hmac*, const byte*, word32);
|
||||
WOLFSSL_API int wc_HmacFinal(Hmac*, byte*);
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
WOLFSSL_API int wc_HmacInitCavium(Hmac*, int);
|
||||
WOLFSSL_API void wc_HmacFreeCavium(Hmac*);
|
||||
WOLFSSL_API int wc_HmacSizeByType(int type);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WOLFSSL_API int wc_HmacAsyncInit(Hmac*, int);
|
||||
WOLFSSL_API void wc_HmacAsyncFree(Hmac*);
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
|
||||
|
||||
|
||||
|
||||
@@ -56,10 +56,15 @@ nobase_include_HEADERS+= \
|
||||
wolfssl/wolfcrypt/memory.h \
|
||||
wolfssl/wolfcrypt/mpi_class.h \
|
||||
wolfssl/wolfcrypt/mpi_superclass.h \
|
||||
wolfssl/wolfcrypt/mem_track.h
|
||||
wolfssl/wolfcrypt/mem_track.h \
|
||||
wolfssl/wolfcrypt/wolfevent.h
|
||||
|
||||
noinst_HEADERS+= \
|
||||
wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \
|
||||
wolfssl/wolfcrypt/port/ti/ti-hash.h \
|
||||
wolfssl/wolfcrypt/port/ti/ti-ccm.h \
|
||||
wolfssl/wolfcrypt/port/nrf51.h
|
||||
|
||||
if BUILD_CAVIUM
|
||||
noinst_HEADERS+= wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h
|
||||
endif
|
||||
|
||||
@@ -96,6 +96,7 @@ extern "C" {
|
||||
#elif defined(MP_16BIT) || defined(NO_64BIT)
|
||||
typedef unsigned short mp_digit;
|
||||
typedef unsigned int mp_word;
|
||||
#define DIGIT_BIT 12
|
||||
#elif defined(MP_64BIT)
|
||||
/* for GCC only on supported platforms */
|
||||
typedef unsigned long long mp_digit; /* 64 bit type, 128 uses mode(TI) */
|
||||
@@ -181,6 +182,9 @@ typedef int mp_err;
|
||||
typedef struct {
|
||||
int used, alloc, sign;
|
||||
mp_digit *dp;
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
byte* dpraw; /* Used for hardware crypto */
|
||||
#endif
|
||||
} mp_int;
|
||||
|
||||
/* callback for mp_prime_random, should fill dst with random bytes and return
|
||||
|
||||
+38
-29
@@ -33,36 +33,42 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
typedef void *(*wolfSSL_Malloc_cb)(size_t size, const char* func, unsigned int line);
|
||||
typedef void (*wolfSSL_Free_cb)(void *ptr, const char* func, unsigned int line);
|
||||
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, const char* func, unsigned int line);
|
||||
|
||||
/* Public in case user app wants to use XMALLOC/XFREE */
|
||||
WOLFSSL_API void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line);
|
||||
WOLFSSL_API void wolfSSL_Free(void *ptr, const char* func, unsigned int line);
|
||||
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, const char* func, unsigned int line);
|
||||
|
||||
#else
|
||||
#if defined(WOLFSSL_STATIC_MEMORY)
|
||||
typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type);
|
||||
typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type);
|
||||
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size,
|
||||
void* heap, int type);
|
||||
WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type);
|
||||
WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type);
|
||||
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size,
|
||||
void* heap, int type);
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type, const char* func, unsigned int line);
|
||||
typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type, const char* func, unsigned int line);
|
||||
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line);
|
||||
WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type, const char* func, unsigned int line);
|
||||
WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type, const char* func, unsigned int line);
|
||||
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type, const char* func, unsigned int line);
|
||||
#else
|
||||
typedef void *(*wolfSSL_Malloc_cb)(size_t size);
|
||||
typedef void (*wolfSSL_Free_cb)(void *ptr);
|
||||
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size);
|
||||
/* Public in case user app wants to use XMALLOC/XFREE */
|
||||
WOLFSSL_API void* wolfSSL_Malloc(size_t size);
|
||||
WOLFSSL_API void wolfSSL_Free(void *ptr);
|
||||
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size);
|
||||
#endif
|
||||
#endif
|
||||
typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type);
|
||||
typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type);
|
||||
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, void* heap, int type);
|
||||
WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type);
|
||||
WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type);
|
||||
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type);
|
||||
#endif /* WOLFSSL_DEBUG_MEMORY */
|
||||
#else
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
typedef void *(*wolfSSL_Malloc_cb)(size_t size, const char* func, unsigned int line);
|
||||
typedef void (*wolfSSL_Free_cb)(void *ptr, const char* func, unsigned int line);
|
||||
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, const char* func, unsigned int line);
|
||||
|
||||
/* Public in case user app wants to use XMALLOC/XFREE */
|
||||
WOLFSSL_API void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line);
|
||||
WOLFSSL_API void wolfSSL_Free(void *ptr, const char* func, unsigned int line);
|
||||
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, const char* func, unsigned int line);
|
||||
#else
|
||||
typedef void *(*wolfSSL_Malloc_cb)(size_t size);
|
||||
typedef void (*wolfSSL_Free_cb)(void *ptr);
|
||||
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size);
|
||||
/* Public in case user app wants to use XMALLOC/XFREE */
|
||||
WOLFSSL_API void* wolfSSL_Malloc(size_t size);
|
||||
WOLFSSL_API void wolfSSL_Free(void *ptr);
|
||||
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size);
|
||||
#endif /* WOLFSSL_DEBUG_MEMORY */
|
||||
#endif /* WOLFSSL_STATIC_MEMORY */
|
||||
|
||||
/* Public set function */
|
||||
WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function,
|
||||
@@ -156,7 +162,10 @@ WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function,
|
||||
byte haFlag; /* flag used for checking handshake count */
|
||||
} WOLFSSL_HEAP_HINT;
|
||||
|
||||
WOLFSSL_API int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint,
|
||||
unsigned char* buf, unsigned int sz, int flag, int max);
|
||||
|
||||
WOLFSSL_LOCAL int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap);
|
||||
WOLFSSL_LOCAL int wolfSSL_load_static_memory(byte* buffer, word32 sz,
|
||||
int flag, WOLFSSL_HEAP* heap);
|
||||
WOLFSSL_LOCAL int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap,
|
||||
|
||||
@@ -0,0 +1,165 @@
|
||||
/* cavium-nitrox.h
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
|
||||
#ifndef _CAVIUM_NITROX_H_
|
||||
#define _CAVIUM_NITROX_H_
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
||||
#include <wolfssl/wolfcrypt/logging.h>
|
||||
|
||||
#ifndef HAVE_CAVIUM_V
|
||||
#include "cavium_sysdep.h"
|
||||
#endif
|
||||
#include "cavium_common.h"
|
||||
#ifndef HAVE_CAVIUM_V
|
||||
#include "cavium_ioctl.h"
|
||||
#else
|
||||
#include "cavium_sym_crypto.h"
|
||||
#include "cavium_asym_crypto.h"
|
||||
#endif
|
||||
#include <errno.h>
|
||||
|
||||
#define CAVIUM_SSL_GRP 0
|
||||
#define CAVIUM_DPORT 256
|
||||
|
||||
/* Compatibility with older Cavium SDK's */
|
||||
#ifndef HAVE_CAVIUM_V
|
||||
typedef int CspHandle;
|
||||
typedef word32 CavReqId;
|
||||
|
||||
#define AES_128 AES_128_BIT
|
||||
#define AES_192 AES_192_BIT
|
||||
#define AES_256 AES_256_BIT
|
||||
#else
|
||||
#define CAVIUM_DEV_ID 0
|
||||
#define CAVIUM_BLOCKING BLOCKING
|
||||
#define CAVIUM_NON_BLOCKING NON_BLOCKING
|
||||
#define CAVIUM_DIRECT DMA_DIRECT_DIRECT
|
||||
typedef Uint64 CavReqId;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#define CAVIUM_REQ_MODE CAVIUM_NON_BLOCKING
|
||||
#else
|
||||
#define CAVIUM_REQ_MODE CAVIUM_BLOCKING
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#define CAVIUM_MAX_PENDING 90
|
||||
#define CAVIUM_MAX_POLL MAX_TO_POLL
|
||||
#endif
|
||||
|
||||
|
||||
typedef struct CaviumNitroxDev {
|
||||
CspHandle devId; /* nitrox device id */
|
||||
ContextType type; /* Typically CONTEXT_SSL, but also ECC types */
|
||||
Uint64 contextHandle; /* nitrox context memory handle */
|
||||
CavReqId reqId; /* Current requestId */
|
||||
} CaviumNitroxDev;
|
||||
|
||||
struct WOLF_EVENT;
|
||||
|
||||
|
||||
/* Wrapper API's */
|
||||
WOLFSSL_LOCAL int NitroxTranslateResponseCode(int ret);
|
||||
WOLFSSL_LOCAL CspHandle NitroxGetDeviceHandle(void);
|
||||
WOLFSSL_LOCAL CspHandle NitroxOpenDevice(int dma_mode, int dev_id);
|
||||
WOLFSSL_LOCAL int NitroxAllocContext(CaviumNitroxDev* nitrox, CspHandle devId,
|
||||
ContextType type);
|
||||
WOLFSSL_LOCAL void NitroxFreeContext(CaviumNitroxDev* nitrox);
|
||||
WOLFSSL_LOCAL void NitroxCloseDevice(CspHandle devId);
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
WOLFSSL_LOCAL int NitroxCheckRequest(CspHandle devId, CavReqId reqId);
|
||||
WOLFSSL_LOCAL int NitroxCheckRequests(CspHandle devId,
|
||||
CspMultiRequestStatusBuffer* req_stat_buf);
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
|
||||
/* Crypto wrappers */
|
||||
#ifndef NO_RSA
|
||||
struct RsaKey;
|
||||
WOLFSSL_LOCAL int NitroxRsaExptMod(
|
||||
const byte* in, word32 inLen,
|
||||
byte* exponent, word32 expLen,
|
||||
byte* modulus, word32 modLen,
|
||||
byte* out, word32* outLen, struct RsaKey* key);
|
||||
WOLFSSL_LOCAL int NitroxRsaPublicEncrypt(const byte* in, word32 inLen,
|
||||
byte* out, word32 outLen, struct RsaKey* key);
|
||||
WOLFSSL_LOCAL int NitroxRsaPrivateDecrypt(const byte* in, word32 inLen,
|
||||
byte* out, word32 outLen, struct RsaKey* key);
|
||||
WOLFSSL_LOCAL int NitroxRsaSSL_Sign(const byte* in, word32 inLen,
|
||||
byte* out, word32 outLen, struct RsaKey* key);
|
||||
WOLFSSL_LOCAL int NitroxRsaSSL_Verify(const byte* in, word32 inLen,
|
||||
byte* out, word32 outLen, struct RsaKey* key);
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
#ifndef NO_AES
|
||||
struct Aes;
|
||||
WOLFSSL_LOCAL int NitroxAesSetKey(struct Aes* aes, const byte* key,
|
||||
word32 length, const byte* iv);
|
||||
#ifdef HAVE_AES_CBC
|
||||
WOLFSSL_LOCAL int NitroxAesCbcEncrypt(struct Aes* aes, byte* out,
|
||||
const byte* in, word32 length);
|
||||
#ifdef HAVE_AES_DECRYPT
|
||||
WOLFSSL_LOCAL int NitroxAesCbcDecrypt(struct Aes* aes, byte* out,
|
||||
const byte* in, word32 length);
|
||||
#endif /* HAVE_AES_DECRYPT */
|
||||
#endif /* HAVE_AES_CBC */
|
||||
#endif /* !NO_AES */
|
||||
|
||||
#ifndef NO_RC4
|
||||
struct Arc4;
|
||||
WOLFSSL_LOCAL void NitroxArc4SetKey(struct Arc4* arc4, const byte* key,
|
||||
word32 length);
|
||||
WOLFSSL_LOCAL void NitroxArc4Process(struct Arc4* arc4, byte* out,
|
||||
const byte* in, word32 length);
|
||||
#endif /* !NO_RC4 */
|
||||
|
||||
#ifndef NO_DES3
|
||||
struct Des3;
|
||||
WOLFSSL_LOCAL int NitroxDes3SetKey(struct Des3* des3, const byte* key,
|
||||
const byte* iv);
|
||||
WOLFSSL_LOCAL int NitroxDes3CbcEncrypt(struct Des3* des3, byte* out,
|
||||
const byte* in, word32 length);
|
||||
WOLFSSL_LOCAL int NitroxDes3CbcDecrypt(struct Des3* des3, byte* out,
|
||||
const byte* in, word32 length);
|
||||
#endif /* !NO_DES3 */
|
||||
|
||||
#ifndef NO_HMAC
|
||||
struct Hmac;
|
||||
WOLFSSL_LOCAL int NitroxHmacFinal(struct Hmac* hmac, byte* hash);
|
||||
WOLFSSL_LOCAL int NitroxHmacUpdate(struct Hmac* hmac, const byte* msg,
|
||||
word32 length);
|
||||
WOLFSSL_LOCAL int NitroxHmacSetKey(struct Hmac* hmac, int type,
|
||||
const byte* key, word32 length);
|
||||
#endif /* NO_HMAC */
|
||||
|
||||
#if !defined(HAVE_HASHDRBG) && !defined(NO_RC4)
|
||||
WOLFSSL_API void NitroxRngGenerateBlock(WC_RNG* rng, byte* output, word32 sz);
|
||||
#endif
|
||||
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
#endif /* _CAVIUM_NITROX_H_ */
|
||||
+25
-14
@@ -39,18 +39,35 @@
|
||||
#define RNG_MAX_BLOCK_LEN (0x10000)
|
||||
|
||||
#ifndef HAVE_FIPS /* avoid redefining structs and macros */
|
||||
|
||||
#if defined(WOLFSSL_FORCE_RC4_DRBG) && defined(NO_RC4)
|
||||
#error Cannot have WOLFSSL_FORCE_RC4_DRBG and NO_RC4 defined.
|
||||
#endif /* WOLFSSL_FORCE_RC4_DRBG && NO_RC4 */
|
||||
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
|
||||
|
||||
|
||||
/* RNG supports the following sources (in order):
|
||||
* 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and
|
||||
* bypasses the P-RNG.
|
||||
* 2. HAVE_HASHDRBG && !NO_SHA256 (SHA256 enabled): Uses SHA256 based P-RNG
|
||||
* seeded via wc_GenerateSeed. This is the default source.
|
||||
* 3. !NO_RC4 (RC4 enabled): Uses RC4
|
||||
*/
|
||||
|
||||
#if defined(CUSTOM_RAND_GENERATE_BLOCK)
|
||||
/* To use define the following:
|
||||
* #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
|
||||
* extern int myRngFunc(byte* output, word32 sz);
|
||||
*/
|
||||
#elif (defined(HAVE_HASHDRBG) || defined(NO_RC4))
|
||||
#ifdef NO_SHA256
|
||||
#error "Hash DRBG requires SHA-256."
|
||||
#endif /* NO_SHA256 */
|
||||
|
||||
#include <wolfssl/wolfcrypt/sha256.h>
|
||||
#else /* HAVE_HASHDRBG || NO_RC4 */
|
||||
#else
|
||||
#include <wolfssl/wolfcrypt/arc4.h>
|
||||
#endif /* HAVE_HASHDRBG || NO_RC4 */
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
#include <wnr.h>
|
||||
@@ -101,7 +118,9 @@ struct WC_RNG {
|
||||
|
||||
#else /* (HAVE_HASHDRBG || NO_RC4) && !CUSTOM_RAND_GENERATE_BLOCK */
|
||||
|
||||
#define WOLFSSL_RNG_CAVIUM_MAGIC 0xBEEF0004
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
/* secure Random Number Generator */
|
||||
|
||||
@@ -111,9 +130,8 @@ struct WC_RNG {
|
||||
#ifndef NO_RC4
|
||||
Arc4 cipher;
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
int devId; /* nitrox device id */
|
||||
word32 magic; /* using cavium magic */
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
AsyncCryptDev asyncDev;
|
||||
#endif
|
||||
};
|
||||
|
||||
@@ -131,13 +149,6 @@ struct WC_RNG {
|
||||
WOLFSSL_LOCAL
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
|
||||
|
||||
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
WOLFSSL_API int wc_InitRngCavium(WC_RNG*, int);
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_HASH_DRBG || NO_RC4 */
|
||||
|
||||
#ifdef HAVE_WNR
|
||||
/* Whitewood netRandom client library */
|
||||
|
||||
+36
-20
@@ -52,42 +52,55 @@
|
||||
|
||||
/* avoid redefinition of structs */
|
||||
#if !defined(HAVE_FIPS)
|
||||
#define WOLFSSL_RSA_CAVIUM_MAGIC 0xBEEF0006
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
enum {
|
||||
RSA_PUBLIC = 0,
|
||||
RSA_PRIVATE = 1,
|
||||
};
|
||||
|
||||
RSA_TYPE_UNKNOWN = -1,
|
||||
RSA_PUBLIC_ENCRYPT = 0,
|
||||
RSA_PUBLIC_DECRYPT = 1,
|
||||
RSA_PRIVATE_ENCRYPT = 2,
|
||||
RSA_PRIVATE_DECRYPT = 3,
|
||||
|
||||
RSA_BLOCK_TYPE_1 = 1,
|
||||
RSA_BLOCK_TYPE_2 = 2,
|
||||
|
||||
RSA_MIN_SIZE = 512,
|
||||
RSA_MAX_SIZE = 4096,
|
||||
|
||||
RSA_MIN_PAD_SZ = 11 /* separator + 0 + pad value + 8 pads */
|
||||
};
|
||||
|
||||
/* RSA */
|
||||
typedef struct RsaKey {
|
||||
mp_int n, e, d, p, q, dP, dQ, u;
|
||||
int type; /* public or private */
|
||||
void* heap; /* for user memory overrides */
|
||||
int state;
|
||||
byte* tmp; /* temp buffer for async RSA */
|
||||
word32 tmpLen;
|
||||
byte tmpIsAlloc;
|
||||
#ifdef WC_RSA_BLINDING
|
||||
WC_RNG* rng; /* for PrivateDecrypt blinding */
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
int devId; /* nitrox device id */
|
||||
word32 magic; /* using cavium magic */
|
||||
word64 contextHandle; /* nitrox context memory handle */
|
||||
byte* c_n; /* cavium byte buffers for key parts */
|
||||
byte* c_e;
|
||||
byte* c_d;
|
||||
byte* c_p;
|
||||
byte* c_q;
|
||||
byte* c_dP;
|
||||
byte* c_dQ;
|
||||
byte* c_u; /* sizes in bytes */
|
||||
word16 c_nSz, c_eSz, c_dSz, c_pSz, c_qSz, c_dP_Sz, c_dQ_Sz, c_uSz;
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
AsyncCryptDev asyncDev;
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
} RsaKey;
|
||||
#endif /*HAVE_FIPS */
|
||||
|
||||
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void*);
|
||||
WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap);
|
||||
WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
|
||||
WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
|
||||
|
||||
WOLFSSL_LOCAL int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
|
||||
word32* outLen, int type, RsaKey* key, WC_RNG* rng);
|
||||
|
||||
WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key, WC_RNG* rng);
|
||||
WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
|
||||
@@ -120,6 +133,7 @@ WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
|
||||
*/
|
||||
|
||||
/* Mask Generation Function Identifiers */
|
||||
#define WC_MGF1NONE 0
|
||||
#define WC_MGF1SHA1 26
|
||||
#define WC_MGF1SHA256 1
|
||||
#define WC_MGF1SHA384 2
|
||||
@@ -147,11 +161,13 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
|
||||
WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
WOLFSSL_API int wc_RsaInitCavium(RsaKey*, int);
|
||||
WOLFSSL_API void wc_RsaFreeCavium(RsaKey*);
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WOLFSSL_API int wc_RsaAsyncHandle(RsaKey* key, WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event);
|
||||
WOLFSSL_API int wc_RsaAsyncWait(int ret, RsaKey* key);
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_USER_RSA */
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
@@ -134,7 +134,9 @@
|
||||
/* #define WOLFSSL_STATIC_RSA */
|
||||
|
||||
/* Uncomment next line if building for ARDUINO */
|
||||
/* Uncomment both lines if building for ARDUINO on INTEL_GALILEO */
|
||||
/* #define WOLFSSL_ARDUINO */
|
||||
/* #define INTEL_GALILEO */
|
||||
|
||||
/* Uncomment next line to enable asynchronous crypto WC_PENDING_E */
|
||||
/* #define WOLFSSL_ASYNC_CRYPT */
|
||||
@@ -1235,9 +1237,10 @@ static char *fgets(char *buff, int sz, FILE *fp)
|
||||
/* Make sure wolf events are enabled */
|
||||
#undef HAVE_WOLF_EVENT
|
||||
#define HAVE_WOLF_EVENT
|
||||
#else
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT_TEST
|
||||
#error Must have WOLFSSL_ASYNC_CRYPT enabled with WOLFSSL_ASYNC_CRYPT_TEST
|
||||
|
||||
#if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \
|
||||
!defined(WOLFSSL_ASYNC_CRYPT_TEST)
|
||||
#error No async hardware defined with WOLFSSL_ASYNC_CRYPT!
|
||||
#endif
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
@@ -1250,6 +1253,9 @@ static char *fgets(char *buff, int sz, FILE *fp)
|
||||
|
||||
/* restriction with static memory */
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
#if defined(HAVE_IO_POOL) || defined(XMALLOC_USER) || defined(NO_WOLFSSL_MEMORY)
|
||||
#error static memory cannot be used with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY
|
||||
#endif
|
||||
#ifndef USE_FAST_MATH
|
||||
#error static memory requires fast math please define USE_FAST_MATH
|
||||
#endif
|
||||
@@ -1257,6 +1263,8 @@ static char *fgets(char *buff, int sz, FILE *fp)
|
||||
#error static memory does not support small stack please undefine
|
||||
#endif
|
||||
#endif /* WOLFSSL_STATIC_MEMORY */
|
||||
|
||||
|
||||
/* Place any other flags or defines here */
|
||||
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) && defined(_WIN32) \
|
||||
|
||||
@@ -59,8 +59,8 @@ typedef struct Sha256 {
|
||||
word32 buffLen; /* in bytes */
|
||||
word32 loLen; /* length in bytes */
|
||||
word32 hiLen; /* length in bytes */
|
||||
word32 digest[SHA256_DIGEST_SIZE / sizeof(word32)];
|
||||
word32 buffer[SHA256_BLOCK_SIZE / sizeof(word32)];
|
||||
ALIGN16 word32 digest[SHA256_DIGEST_SIZE / sizeof(word32)];
|
||||
ALIGN16 word32 buffer[SHA256_BLOCK_SIZE / sizeof(word32)];
|
||||
#ifdef WOLFSSL_PIC32MZ_HASH
|
||||
pic32mz_desc desc ; /* Crypt Engine descriptor */
|
||||
#endif
|
||||
|
||||
@@ -289,6 +289,9 @@ typedef struct {
|
||||
int size;
|
||||
#endif
|
||||
fp_digit dp[FP_SIZE];
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
byte *dpraw; /* Used for hardware crypto */
|
||||
#endif
|
||||
} fp_int;
|
||||
|
||||
/* externally define this symbol to ignore the default settings, useful for changing the build from the make process */
|
||||
|
||||
+52
-22
@@ -91,6 +91,7 @@
|
||||
defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \
|
||||
defined(__aarch64__)
|
||||
typedef word64 wolfssl_word;
|
||||
#define WC_64BIT_CPU
|
||||
#else
|
||||
typedef word32 wolfssl_word;
|
||||
#ifdef WORD64_AVAILABLE
|
||||
@@ -171,24 +172,22 @@
|
||||
/* default to libc stuff */
|
||||
/* XREALLOC is used once in normal math lib, not in fast math lib */
|
||||
/* XFREE on some embeded systems doesn't like free(0) so test */
|
||||
#if defined(XMALLOC_USER)
|
||||
#if defined(HAVE_IO_POOL)
|
||||
WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type);
|
||||
WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type);
|
||||
WOLFSSL_API void XFREE(void *p, void* heap, int type);
|
||||
#elif defined(XMALLOC_USER)
|
||||
/* prototypes for user heap override functions */
|
||||
#include <stddef.h> /* for size_t */
|
||||
extern void *XMALLOC(size_t n, void* heap, int type);
|
||||
extern void *XREALLOC(void *p, size_t n, void* heap, int type);
|
||||
extern void XFREE(void *p, void* heap, int type);
|
||||
#ifdef WOLFSSL_STATIC_MEMORY /* don't use wolfSSL static memory either*/
|
||||
#undef WOLFSSL_STATIC_MEMORY
|
||||
#endif
|
||||
#elif defined(NO_WOLFSSL_MEMORY)
|
||||
/* just use plain C stdlib stuff if desired */
|
||||
#include <stdlib.h>
|
||||
#define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s)))
|
||||
#define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));}
|
||||
#define XREALLOC(p, n, h, t) realloc((p), (n))
|
||||
#ifdef WOLFSSL_STATIC_MEMORY /* don't use wolfSSL static memory either*/
|
||||
#undef WOLFSSL_STATIC_MEMORY
|
||||
#endif
|
||||
#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
|
||||
&& !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
|
||||
&& !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \
|
||||
@@ -196,19 +195,27 @@
|
||||
&& !defined(WOLFSSL_uITRON4) && !defined(WOLFSSL_uTKERNEL2)
|
||||
/* default C runtime, can install different routines at runtime via cbs */
|
||||
#include <wolfssl/wolfcrypt/memory.h>
|
||||
#if defined(WOLFSSL_DEBUG_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
|
||||
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__))
|
||||
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);}
|
||||
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__)
|
||||
#elif defined(WOLFSSL_STATIC_MEMORY)
|
||||
#define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t))
|
||||
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));}
|
||||
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
|
||||
#else
|
||||
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s)))
|
||||
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));}
|
||||
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
|
||||
#endif
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
#define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__)
|
||||
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);}
|
||||
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__)
|
||||
#else
|
||||
#define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t))
|
||||
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));}
|
||||
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
|
||||
#endif /* WOLFSSL_DEBUG_MEMORY */
|
||||
#else
|
||||
#ifdef WOLFSSL_DEBUG_MEMORY
|
||||
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__))
|
||||
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);}
|
||||
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__)
|
||||
#else
|
||||
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s)))
|
||||
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));}
|
||||
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
|
||||
#endif /* WOLFSSL_DEBUG_MEMORY */
|
||||
#endif /* WOLFSSL_STATIC_MEMORY */
|
||||
#endif
|
||||
|
||||
|
||||
@@ -312,8 +319,8 @@
|
||||
DYNAMIC_TYPE_ECC = 37,
|
||||
DYNAMIC_TYPE_TMP_BUFFER = 38,
|
||||
DYNAMIC_TYPE_DTLS_MSG = 39,
|
||||
DYNAMIC_TYPE_CAVIUM_TMP = 40,
|
||||
DYNAMIC_TYPE_CAVIUM_RSA = 41,
|
||||
DYNAMIC_TYPE_ASYNC_TMP = 40,
|
||||
DYNAMIC_TYPE_ASYNC_RSA = 41,
|
||||
DYNAMIC_TYPE_X509 = 42,
|
||||
DYNAMIC_TYPE_TLSX = 43,
|
||||
DYNAMIC_TYPE_OCSP = 44,
|
||||
@@ -376,6 +383,29 @@
|
||||
return 1 if a match otherwise 0 */
|
||||
#define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings())
|
||||
|
||||
/* invalid device id */
|
||||
#define INVALID_DEVID -2
|
||||
|
||||
|
||||
/* AESNI requires alignment and ARMASM gains some performance from it */
|
||||
#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM)
|
||||
#if !defined (ALIGN16)
|
||||
#if defined (__GNUC__)
|
||||
#define ALIGN16 __attribute__ ( (aligned (16)))
|
||||
#elif defined(_MSC_VER)
|
||||
/* disable align warning, we want alignment ! */
|
||||
#pragma warning(disable: 4324)
|
||||
#define ALIGN16 __declspec (align (16))
|
||||
#else
|
||||
#define ALIGN16
|
||||
#endif
|
||||
#endif
|
||||
#else
|
||||
#ifndef ALIGN16
|
||||
#define ALIGN16
|
||||
#endif
|
||||
#endif /* WOLFSSL_AESNI or WOLFSSL_ARMASM */
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
||||
@@ -0,0 +1,103 @@
|
||||
/* wolfevent.h
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#ifndef _WOLF_EVENT_H_
|
||||
#define _WOLF_EVENT_H_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#ifndef SINGLE_THREADED
|
||||
#include <wolfssl/wolfcrypt/wc_port.h>
|
||||
#endif
|
||||
|
||||
typedef struct WOLFSSL WOLFSSL;
|
||||
typedef struct WOLF_EVENT WOLF_EVENT;
|
||||
typedef struct WOLFSSL_CTX WOLFSSL_CTX;
|
||||
|
||||
typedef unsigned short WOLF_EVENT_FLAG;
|
||||
|
||||
typedef enum WOLF_EVENT_TYPE {
|
||||
WOLF_EVENT_TYPE_NONE,
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
WOLF_EVENT_TYPE_ASYNC_ANY,
|
||||
WOLF_EVENT_TYPE_ASYNC_WOLFSSL,
|
||||
WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT,
|
||||
WOLF_EVENT_TYPE_ASYNC_FIRST = WOLF_EVENT_TYPE_ASYNC_WOLFSSL,
|
||||
WOLF_EVENT_TYPE_ASYNC_LAST = WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT,
|
||||
#endif
|
||||
} WOLF_EVENT_TYPE;
|
||||
|
||||
struct WOLF_EVENT {
|
||||
/* double linked list */
|
||||
WOLF_EVENT* next;
|
||||
WOLF_EVENT* prev;
|
||||
|
||||
void* context;
|
||||
#ifdef HAVE_CAVIUM
|
||||
word64 reqId;
|
||||
#endif
|
||||
int ret; /* Async return code */
|
||||
WOLF_EVENT_TYPE type;
|
||||
WOLF_EVENT_FLAG pending:1;
|
||||
WOLF_EVENT_FLAG done:1;
|
||||
/* Future event flags can go here */
|
||||
};
|
||||
|
||||
enum WOLF_POLL_FLAGS {
|
||||
WOLF_POLL_FLAG_CHECK_HW = 0x01,
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
WOLF_EVENT* head; /* head of queue */
|
||||
WOLF_EVENT* tail; /* tail of queue */
|
||||
#ifndef SINGLE_THREADED
|
||||
wolfSSL_Mutex lock; /* queue lock */
|
||||
#endif
|
||||
int count;
|
||||
} WOLF_EVENT_QUEUE;
|
||||
|
||||
|
||||
#ifdef HAVE_WOLF_EVENT
|
||||
|
||||
/* Event */
|
||||
WOLFSSL_API int wolfEvent_Init(WOLF_EVENT* event, WOLF_EVENT_TYPE type, void* context);
|
||||
WOLFSSL_API int wolfEvent_Poll(WOLF_EVENT* event, WOLF_EVENT_FLAG flags);
|
||||
|
||||
/* Event Queue */
|
||||
WOLFSSL_API int wolfEventQueue_Init(WOLF_EVENT_QUEUE* queue);
|
||||
WOLFSSL_API int wolfEventQueue_Push(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event);
|
||||
WOLFSSL_API int wolfEventQueue_Pop(WOLF_EVENT_QUEUE* queue, WOLF_EVENT** event);
|
||||
WOLFSSL_API int wolfEventQueue_Remove(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event);
|
||||
WOLFSSL_API int wolfEventQueue_Poll(WOLF_EVENT_QUEUE* queue, void* context_filter,
|
||||
WOLF_EVENT** events, int maxEvents, WOLF_EVENT_FLAG flags, int* eventCount);
|
||||
WOLFSSL_API int wolfEventQueue_Count(WOLF_EVENT_QUEUE* queue);
|
||||
WOLFSSL_API void wolfEventQueue_Free(WOLF_EVENT_QUEUE* queue);
|
||||
|
||||
#endif /* HAVE_WOLF_EVENT */
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
#endif /* _WOLF_EVENT_H_ */
|
||||
Reference in New Issue
Block a user